@orchagent/cli 0.3.118 → 0.3.120

package/dist/lib/sanitize.js

@@ -0,0 +1,99 @@
+"use strict";
+/**
+ * Input hardening utilities (DX-29).
+ *
+ * Central sanitization for:
+ *   4a — Control character rejection
+ *   4b — Path traversal bounds checking
+ *   4c — Resource ID validation (no query-param chars, no double-encoding)
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rejectControlChars = rejectControlChars;
+exports.rejectResourceIdChars = rejectResourceIdChars;
+exports.ensurePathInBounds = ensurePathInBounds;
+exports.rejectPathTraversal = rejectPathTraversal;
+exports.sanitizeSecretValue = sanitizeSecretValue;
+const path_1 = __importDefault(require("path"));
+const errors_1 = require("./errors");
+// ASCII control chars (0x00-0x1F) minus allowed whitespace (\t=0x09, \n=0x0A, \r=0x0D).
+// Also includes DEL (0x7F).
+// eslint-disable-next-line no-control-regex
+const DANGEROUS_CONTROL_RE = /[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/;
+// Characters that must never appear in resource identifiers (agent names, org names, versions).
+// These could inject query params, fragments, or URL-encoded path traversals.
+const RESOURCE_ID_UNSAFE_RE = /[?#%&=]/;
+/**
+ * Reject ASCII control characters in a string (except \n, \r, \t).
+ * Throws CliError with INVALID_INPUT if found.
+ */
+function rejectControlChars(value, fieldName) {
+    if (DANGEROUS_CONTROL_RE.test(value)) {
+        const err = new errors_1.CliError(`${fieldName} contains an invalid control character. ` +
+            'Remove non-printable characters and try again.', errors_1.ExitCodes.INVALID_INPUT);
+        err.code = errors_1.ErrorCodes.INVALID_INPUT;
+        throw err;
+    }
+}
+/**
+ * Reject characters that could inject query params, fragments, or URL encoding
+ * into resource identifiers (agent names, org names, version strings).
+ *
+ * Blocked: ? # % & =
+ * Also delegates to rejectControlChars.
+ */
+function rejectResourceIdChars(value, fieldName) {
+    rejectControlChars(value, fieldName);
+    const match = value.match(RESOURCE_ID_UNSAFE_RE);
+    if (match) {
+        const err = new errors_1.CliError(`${fieldName} contains '${match[0]}' which is not allowed. ` +
+            'Resource identifiers must not contain ?, #, %, &, or = characters.', errors_1.ExitCodes.INVALID_INPUT);
+        err.code = errors_1.ErrorCodes.INVALID_INPUT;
+        throw err;
+    }
+}
+/**
+ * Verify that a resolved (absolute) path stays within an allowed base directory.
+ * Both paths must be absolute. The resolved path is checked after normalization.
+ */
+function ensurePathInBounds(resolvedPath, basePath) {
+    const normalizedBase = path_1.default.resolve(basePath) + path_1.default.sep;
+    const normalizedTarget = path_1.default.resolve(resolvedPath);
+    // Allow exact match (target IS the base) or target is inside base
+    if (normalizedTarget !== path_1.default.resolve(basePath) && !normalizedTarget.startsWith(normalizedBase)) {
+        const err = new errors_1.CliError(`Path '${resolvedPath}' is outside the allowed directory '${basePath}'. ` +
+            'File references must not escape the project root.', errors_1.ExitCodes.INVALID_INPUT);
+        err.code = errors_1.ErrorCodes.INVALID_INPUT;
+        throw err;
+    }
+}
+/**
+ * Reject path traversal sequences in a raw file path argument.
+ *
+ * Blocks `../` (and `..\` on Windows) in the raw input string. Absolute paths
+ * are allowed — the user explicitly chose them. This catches accidental or
+ * malicious relative traversal while still permitting `/home/user/file.json`.
+ */
+function rejectPathTraversal(rawPath, fieldName) {
+    // Normalize to forward slashes for cross-platform check
+    const normalized = rawPath.replace(/\\/g, '/');
+    if (normalized.includes('../') || normalized === '..' || normalized.endsWith('/..')) {
+        const err = new errors_1.CliError(`${fieldName} contains a path traversal sequence ('../'). ` +
+            'Use a direct path instead.', errors_1.ExitCodes.INVALID_INPUT);
+        err.code = errors_1.ErrorCodes.INVALID_INPUT;
+        throw err;
+    }
+}
+/**
+ * Sanitize a secret value: strip dangerous control chars but keep \n, \r, \t
+ * (which appear in PEM keys, multi-line tokens, etc.).
+ *
+ * Returns the cleaned value. Does NOT throw — secrets may legitimately contain
+ * special characters, so we strip silently per the DX-29 spec.
+ */
+function sanitizeSecretValue(value) {
+    // eslint-disable-next-line no-control-regex
+    return value.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, '');
+}

package/dist/lib/validate.js

@@ -19,6 +19,8 @@ const path_1 = __importDefault(require("path"));
 const yaml_1 = __importDefault(require("yaml"));
 const publish_1 = require("../commands/publish");
 const bundle_1 = require("./bundle");
+const llm_1 = require("./llm");
+const sanitize_1 = require("./sanitize");
 // ── Helpers ────────────────────────────────────────────────────────────
 function canonicalizeManifestType(typeValue) {
     const rawType = (typeValue || 'agent').trim().toLowerCase();
@@ -54,6 +56,14 @@ function inferExecutionEngine(manifest, rawType) {
     return { engine: 'direct_llm', conflict: false };
 }
 function validateNameFormat(name, issues, file) {
+    // DX-29: reject control chars in agent names
+    try {
+        (0, sanitize_1.rejectControlChars)(name, 'agent name');
+    }
+    catch (err) {
+        issues.push({ level: 'error', message: err.message, file });
+        return; // no point checking format if control chars present
+    }
     const nameRegex = /^[a-z0-9][a-z0-9-]*[a-z0-9]$/;
     if (name.length < 2 || name.length > 50) {
         issues.push({ level: 'error', message: 'Agent name must be 2-50 characters', file });
@@ -175,6 +185,13 @@ async function validateManifest(projectDir, manifest, issues, metadata, options)
             file: 'orchagent.json',
         });
     }
+    // ── Model ID validation (DX-17) ──
+    if (manifest.default_models && typeof manifest.default_models === 'object') {
+        const modelWarnings = (0, llm_1.validateModelIds)(manifest.default_models);
+        for (const w of modelWarnings) {
+            issues.push({ level: 'warning', message: w.message, file: 'orchagent.json' });
+        }
+    }
     // ── Misplaced manifest fields ──
     const manifestFields = ['manifest_version', 'dependencies', 'max_hops', 'timeout_ms', 'per_call_downstream_cap'];
     const misplacedFields = manifestFields.filter(f => f in manifest && !manifest.manifest);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@orchagent/cli",
-  "version": "0.3.118",
+  "version": "0.3.120",
   "description": "Command-line interface for orchagent — deploy and run AI agents for your team",
   "license": "MIT",
   "author": "orchagent <hello@orchagent.io>",
@@ -30,7 +30,8 @@
   },
   "files": [
     "dist",
-    "src/resources"
+    "src/resources",
+    "AGENT_GUIDE.md"
   ],
   "scripts": {
     "build": "tsc -p tsconfig.json",