@poolzin/pool-bot 2026.2.17 → 2026.2.18

package/dist/infra/archive.js

@@ -1,22 +1,41 @@
+import { createWriteStream } from "node:fs";
 import fs from "node:fs/promises";
 import path from "node:path";
-import * as tar from "tar";
+import { Readable, Transform } from "node:stream";
+import { pipeline } from "node:stream/promises";
 import JSZip from "jszip";
+import * as tar from "tar";
+import { resolveSafeBaseDir } from "./path-safety.js";
+/** @internal */
+export const DEFAULT_MAX_ARCHIVE_BYTES_ZIP = 256 * 1024 * 1024;
+/** @internal */
+export const DEFAULT_MAX_ENTRIES = 50_000;
+/** @internal */
+export const DEFAULT_MAX_EXTRACTED_BYTES = 512 * 1024 * 1024;
+/** @internal */
+export const DEFAULT_MAX_ENTRY_BYTES = 256 * 1024 * 1024;
+const ERROR_ARCHIVE_SIZE_EXCEEDS_LIMIT = "archive size exceeds limit";
+const ERROR_ARCHIVE_ENTRY_COUNT_EXCEEDS_LIMIT = "archive entry count exceeds limit";
+const ERROR_ARCHIVE_ENTRY_EXTRACTED_SIZE_EXCEEDS_LIMIT = "archive entry extracted size exceeds limit";
+const ERROR_ARCHIVE_EXTRACTED_SIZE_EXCEEDS_LIMIT = "archive extracted size exceeds limit";
 const TAR_SUFFIXES = [".tgz", ".tar.gz", ".tar"];
 export function resolveArchiveKind(filePath) {
     const lower = filePath.toLowerCase();
-    if (lower.endsWith(".zip"))
+    if (lower.endsWith(".zip")) {
         return "zip";
-    if (TAR_SUFFIXES.some((suffix) => lower.endsWith(suffix)))
+    }
+    if (TAR_SUFFIXES.some((suffix) => lower.endsWith(suffix))) {
         return "tar";
+    }
     return null;
 }
 export async function resolvePackedRootDir(extractDir) {
     const direct = path.join(extractDir, "package");
     try {
         const stat = await fs.stat(direct);
-        if (stat.isDirectory())
+        if (stat.isDirectory()) {
             return direct;
+        }
     }
     catch {
         // ignore
@@ -43,44 +62,249 @@ export async function withTimeout(promise, timeoutMs, label) {
         ]);
     }
     finally {
-        if (timeoutId)
+        if (timeoutId) {
             clearTimeout(timeoutId);
+        }
+    }
+}
+// Path hygiene.
+function normalizeArchivePath(raw) {
+    // Archives may contain Windows separators; treat them as separators.
+    return raw.replaceAll("\\", "/");
+}
+function isWindowsDrivePath(p) {
+    return /^[a-zA-Z]:[\\/]/.test(p);
+}
+function validateArchiveEntryPath(entryPath) {
+    if (!entryPath || entryPath === "." || entryPath === "./") {
+        return;
+    }
+    if (isWindowsDrivePath(entryPath)) {
+        throw new Error(`archive entry uses a drive path: ${entryPath}`);
+    }
+    const normalized = path.posix.normalize(normalizeArchivePath(entryPath));
+    if (normalized === ".." || normalized.startsWith("../")) {
+        throw new Error(`archive entry escapes destination: ${entryPath}`);
+    }
+    if (path.posix.isAbsolute(normalized) || normalized.startsWith("//")) {
+        throw new Error(`archive entry is absolute: ${entryPath}`);
+    }
+}
+function stripArchivePath(entryPath, stripComponents) {
+    const raw = normalizeArchivePath(entryPath);
+    if (!raw || raw === "." || raw === "./") {
+        return null;
+    }
+    // Important: mimic tar --strip-components semantics (raw segments before
+    // normalization) so strip-induced escapes like "a/../b" are not hidden.
+    const parts = raw.split("/").filter((part) => part.length > 0 && part !== ".");
+    const strip = Math.max(0, Math.floor(stripComponents));
+    const stripped = strip === 0 ? parts.join("/") : parts.slice(strip).join("/");
+    const result = path.posix.normalize(stripped);
+    if (!result || result === "." || result === "./") {
+        return null;
+    }
+    return result;
+}
+function resolveCheckedOutPath(destDir, relPath, original) {
+    const safeBase = resolveSafeBaseDir(destDir);
+    const outPath = path.resolve(destDir, relPath);
+    if (!outPath.startsWith(safeBase)) {
+        throw new Error(`archive entry escapes destination: ${original}`);
+    }
+    return outPath;
+}
+function clampLimit(value) {
+    if (typeof value !== "number" || !Number.isFinite(value)) {
+        return undefined;
     }
+    const v = Math.floor(value);
+    return v > 0 ? v : undefined;
+}
+function resolveExtractLimits(limits) {
+    // Defaults: defensive, but should not break normal installs.
+    return {
+        maxArchiveBytes: clampLimit(limits?.maxArchiveBytes) ?? DEFAULT_MAX_ARCHIVE_BYTES_ZIP,
+        maxEntries: clampLimit(limits?.maxEntries) ?? DEFAULT_MAX_ENTRIES,
+        maxExtractedBytes: clampLimit(limits?.maxExtractedBytes) ?? DEFAULT_MAX_EXTRACTED_BYTES,
+        maxEntryBytes: clampLimit(limits?.maxEntryBytes) ?? DEFAULT_MAX_ENTRY_BYTES,
+    };
+}
+function assertArchiveEntryCountWithinLimit(entryCount, limits) {
+    if (entryCount > limits.maxEntries) {
+        throw new Error(ERROR_ARCHIVE_ENTRY_COUNT_EXCEEDS_LIMIT);
+    }
+}
+function createByteBudgetTracker(limits) {
+    let entryBytes = 0;
+    let extractedBytes = 0;
+    const addBytes = (bytes) => {
+        const b = Math.max(0, Math.floor(bytes));
+        if (b === 0) {
+            return;
+        }
+        entryBytes += b;
+        if (entryBytes > limits.maxEntryBytes) {
+            throw new Error(ERROR_ARCHIVE_ENTRY_EXTRACTED_SIZE_EXCEEDS_LIMIT);
+        }
+        extractedBytes += b;
+        if (extractedBytes > limits.maxExtractedBytes) {
+            throw new Error(ERROR_ARCHIVE_EXTRACTED_SIZE_EXCEEDS_LIMIT);
+        }
+    };
+    return {
+        startEntry() {
+            entryBytes = 0;
+        },
+        addBytes,
+        addEntrySize(size) {
+            const s = Math.max(0, Math.floor(size));
+            if (s > limits.maxEntryBytes) {
+                throw new Error(ERROR_ARCHIVE_ENTRY_EXTRACTED_SIZE_EXCEEDS_LIMIT);
+            }
+            // Note: tar budgets are based on the header-declared size.
+            addBytes(s);
+        },
+    };
+}
+function createExtractBudgetTransform(params) {
+    return new Transform({
+        transform(chunk, _encoding, callback) {
+            try {
+                const buf = chunk instanceof Buffer ? chunk : Buffer.from(chunk);
+                params.onChunkBytes(buf.byteLength);
+                callback(null, buf);
+            }
+            catch (err) {
+                callback(err instanceof Error ? err : new Error(String(err)));
+            }
+        },
+    });
+}
+async function readZipEntryStream(entry) {
+    if (typeof entry.nodeStream === "function") {
+        return entry.nodeStream();
+    }
+    // Old JSZip: fall back to buffering, but still extract via a stream.
+    const buf = await entry.async("nodebuffer");
+    return Readable.from(buf);
 }
 async function extractZip(params) {
+    const limits = resolveExtractLimits(params.limits);
+    const stat = await fs.stat(params.archivePath);
+    if (stat.size > limits.maxArchiveBytes) {
+        throw new Error(ERROR_ARCHIVE_SIZE_EXCEEDS_LIMIT);
+    }
     const buffer = await fs.readFile(params.archivePath);
     const zip = await JSZip.loadAsync(buffer);
     const entries = Object.values(zip.files);
+    const strip = Math.max(0, Math.floor(params.stripComponents ?? 0));
+    assertArchiveEntryCountWithinLimit(entries.length, limits);
+    const budget = createByteBudgetTracker(limits);
     for (const entry of entries) {
-        const entryPath = entry.name.replaceAll("\\", "/");
-        if (!entryPath || entryPath.endsWith("/")) {
-            const dirPath = path.resolve(params.destDir, entryPath);
-            if (!dirPath.startsWith(params.destDir)) {
-                throw new Error(`zip entry escapes destination: ${entry.name}`);
-            }
-            await fs.mkdir(dirPath, { recursive: true });
+        validateArchiveEntryPath(entry.name);
+        const relPath = stripArchivePath(entry.name, strip);
+        if (!relPath) {
             continue;
         }
-        const outPath = path.resolve(params.destDir, entryPath);
-        if (!outPath.startsWith(params.destDir)) {
-            throw new Error(`zip entry escapes destination: ${entry.name}`);
+        validateArchiveEntryPath(relPath);
+        const outPath = resolveCheckedOutPath(params.destDir, relPath, entry.name);
+        if (entry.dir) {
+            await fs.mkdir(outPath, { recursive: true });
+            continue;
         }
         await fs.mkdir(path.dirname(outPath), { recursive: true });
-        const data = await entry.async("nodebuffer");
-        await fs.writeFile(outPath, data);
+        budget.startEntry();
+        const readable = await readZipEntryStream(entry);
+        try {
+            await pipeline(readable, createExtractBudgetTransform({ onChunkBytes: budget.addBytes }), createWriteStream(outPath));
+        }
+        catch (err) {
+            await fs.unlink(outPath).catch(() => undefined);
+            throw err;
+        }
+        // Best-effort permission restore for zip entries created on unix.
+        if (typeof entry.unixPermissions === "number") {
+            const mode = entry.unixPermissions & 0o777;
+            if (mode !== 0) {
+                await fs.chmod(outPath, mode).catch(() => undefined);
+            }
+        }
     }
 }
+function readTarEntryInfo(entry) {
+    const p = typeof entry === "object" && entry !== null && "path" in entry
+        ? String(entry.path)
+        : "";
+    const t = typeof entry === "object" && entry !== null && "type" in entry
+        ? String(entry.type)
+        : "";
+    const s = typeof entry === "object" &&
+        entry !== null &&
+        "size" in entry &&
+        typeof entry.size === "number" &&
+        Number.isFinite(entry.size)
+        ? Math.max(0, Math.floor(entry.size))
+        : 0;
+    return { path: p, type: t, size: s };
+}
 export async function extractArchive(params) {
-    const kind = resolveArchiveKind(params.archivePath);
+    const kind = params.kind ?? resolveArchiveKind(params.archivePath);
     if (!kind) {
         throw new Error(`unsupported archive: ${params.archivePath}`);
     }
     const label = kind === "zip" ? "extract zip" : "extract tar";
     if (kind === "tar") {
-        await withTimeout(tar.x({ file: params.archivePath, cwd: params.destDir }), params.timeoutMs, label);
+        const strip = Math.max(0, Math.floor(params.stripComponents ?? 0));
+        const limits = resolveExtractLimits(params.limits);
+        let entryCount = 0;
+        const budget = createByteBudgetTracker(limits);
+        await withTimeout(tar.x({
+            file: params.archivePath,
+            cwd: params.destDir,
+            strip,
+            gzip: params.tarGzip,
+            preservePaths: false,
+            strict: true,
+            onReadEntry(entry) {
+                const info = readTarEntryInfo(entry);
+                try {
+                    validateArchiveEntryPath(info.path);
+                    const relPath = stripArchivePath(info.path, strip);
+                    if (!relPath) {
+                        return;
+                    }
+                    validateArchiveEntryPath(relPath);
+                    resolveCheckedOutPath(params.destDir, relPath, info.path);
+                    if (info.type === "SymbolicLink" ||
+                        info.type === "Link" ||
+                        info.type === "BlockDevice" ||
+                        info.type === "CharacterDevice" ||
+                        info.type === "FIFO" ||
+                        info.type === "Socket") {
+                        throw new Error(`tar entry is a link: ${info.path}`);
+                    }
+                    entryCount += 1;
+                    assertArchiveEntryCountWithinLimit(entryCount, limits);
+                    budget.addEntrySize(info.size);
+                }
+                catch (err) {
+                    const error = err instanceof Error ? err : new Error(String(err));
+                    // Node's EventEmitter calls listeners with `this` bound to the
+                    // emitter (tar.Unpack), which exposes Parser.abort().
+                    const emitter = this;
+                    emitter.abort?.(error);
+                }
+            },
+        }), params.timeoutMs, label);
         return;
     }
-    await withTimeout(extractZip(params), params.timeoutMs, label);
+    await withTimeout(extractZip({
+        archivePath: params.archivePath,
+        destDir: params.destDir,
+        stripComponents: params.stripComponents,
+        limits: params.limits,
+    }), params.timeoutMs, label);
 }
 export async function fileExists(filePath) {
     try {

package/dist/infra/detect-package-manager.js

@@ -0,0 +1,26 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+export async function detectPackageManager(root) {
+    try {
+        const raw = await fs.readFile(path.join(root, "package.json"), "utf-8");
+        const parsed = JSON.parse(raw);
+        const pm = parsed?.packageManager?.split("@")[0]?.trim();
+        if (pm === "pnpm" || pm === "bun" || pm === "npm") {
+            return pm;
+        }
+    }
+    catch {
+        // ignore
+    }
+    const files = await fs.readdir(root).catch(() => []);
+    if (files.includes("pnpm-lock.yaml")) {
+        return "pnpm";
+    }
+    if (files.includes("bun.lockb")) {
+        return "bun";
+    }
+    if (files.includes("package-lock.json")) {
+        return "npm";
+    }
+    return null;
+}

package/dist/infra/exec-approvals-allowlist.js

@@ -0,0 +1,257 @@
+import fs from "node:fs";
+import path from "node:path";
+import { DEFAULT_SAFE_BINS, analyzeShellCommand, isWindowsPlatform, matchAllowlist, resolveAllowlistCandidatePath, splitCommandChain, } from "./exec-approvals-analysis.js";
+function isPathLikeToken(value) {
+    const trimmed = value.trim();
+    if (!trimmed) {
+        return false;
+    }
+    if (trimmed === "-") {
+        return false;
+    }
+    if (trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~")) {
+        return true;
+    }
+    if (trimmed.startsWith("/")) {
+        return true;
+    }
+    return /^[A-Za-z]:[\\/]/.test(trimmed);
+}
+function defaultFileExists(filePath) {
+    try {
+        return fs.existsSync(filePath);
+    }
+    catch {
+        return false;
+    }
+}
+export function normalizeSafeBins(entries) {
+    if (!Array.isArray(entries)) {
+        return new Set();
+    }
+    const normalized = entries
+        .map((entry) => entry.trim().toLowerCase())
+        .filter((entry) => entry.length > 0);
+    return new Set(normalized);
+}
+export function resolveSafeBins(entries) {
+    if (entries === undefined) {
+        return normalizeSafeBins(DEFAULT_SAFE_BINS);
+    }
+    return normalizeSafeBins(entries ?? []);
+}
+function hasGlobToken(value) {
+    // Safe bins are stdin-only; globbing is both surprising and a historical bypass vector.
+    // Note: we still harden execution-time expansion separately.
+    return /[*?[\]]/.test(value);
+}
+export function isSafeBinUsage(params) {
+    // Windows host exec uses PowerShell, which has different parsing/expansion rules.
+    // Keep safeBins conservative there (require explicit allowlist entries).
+    if (isWindowsPlatform(process.platform)) {
+        return false;
+    }
+    if (params.safeBins.size === 0) {
+        return false;
+    }
+    const resolution = params.resolution;
+    const execName = resolution?.executableName?.toLowerCase();
+    if (!execName) {
+        return false;
+    }
+    const matchesSafeBin = params.safeBins.has(execName) ||
+        (process.platform === "win32" && params.safeBins.has(path.parse(execName).name));
+    if (!matchesSafeBin) {
+        return false;
+    }
+    if (!resolution?.resolvedPath) {
+        return false;
+    }
+    const cwd = params.cwd ?? process.cwd();
+    const exists = params.fileExists ?? defaultFileExists;
+    const argv = params.argv.slice(1);
+    for (let i = 0; i < argv.length; i += 1) {
+        const token = argv[i];
+        if (!token) {
+            continue;
+        }
+        if (token === "-") {
+            continue;
+        }
+        if (token.startsWith("-")) {
+            const eqIndex = token.indexOf("=");
+            if (eqIndex > 0) {
+                const value = token.slice(eqIndex + 1);
+                if (value && hasGlobToken(value)) {
+                    return false;
+                }
+                if (value && (isPathLikeToken(value) || exists(path.resolve(cwd, value)))) {
+                    return false;
+                }
+            }
+            continue;
+        }
+        if (hasGlobToken(token)) {
+            return false;
+        }
+        if (isPathLikeToken(token)) {
+            return false;
+        }
+        if (exists(path.resolve(cwd, token))) {
+            return false;
+        }
+    }
+    return true;
+}
+function evaluateSegments(segments, params) {
+    const matches = [];
+    const allowSkills = params.autoAllowSkills === true && (params.skillBins?.size ?? 0) > 0;
+    const segmentSatisfiedBy = [];
+    const satisfied = segments.every((segment) => {
+        const candidatePath = resolveAllowlistCandidatePath(segment.resolution, params.cwd);
+        const candidateResolution = candidatePath && segment.resolution
+            ? { ...segment.resolution, resolvedPath: candidatePath }
+            : segment.resolution;
+        const match = matchAllowlist(params.allowlist, candidateResolution);
+        if (match) {
+            matches.push(match);
+        }
+        const safe = isSafeBinUsage({
+            argv: segment.argv,
+            resolution: segment.resolution,
+            safeBins: params.safeBins,
+            cwd: params.cwd,
+        });
+        const skillAllow = allowSkills && segment.resolution?.executableName
+            ? params.skillBins?.has(segment.resolution.executableName)
+            : false;
+        const by = match
+            ? "allowlist"
+            : safe
+                ? "safeBins"
+                : skillAllow
+                    ? "skills"
+                    : null;
+        segmentSatisfiedBy.push(by);
+        return Boolean(by);
+    });
+    return { satisfied, matches, segmentSatisfiedBy };
+}
+export function evaluateExecAllowlist(params) {
+    const allowlistMatches = [];
+    const segmentSatisfiedBy = [];
+    if (!params.analysis.ok || params.analysis.segments.length === 0) {
+        return { allowlistSatisfied: false, allowlistMatches, segmentSatisfiedBy };
+    }
+    // If the analysis contains chains, evaluate each chain part separately
+    if (params.analysis.chains) {
+        for (const chainSegments of params.analysis.chains) {
+            const result = evaluateSegments(chainSegments, {
+                allowlist: params.allowlist,
+                safeBins: params.safeBins,
+                cwd: params.cwd,
+                skillBins: params.skillBins,
+                autoAllowSkills: params.autoAllowSkills,
+            });
+            if (!result.satisfied) {
+                return { allowlistSatisfied: false, allowlistMatches: [], segmentSatisfiedBy: [] };
+            }
+            allowlistMatches.push(...result.matches);
+            segmentSatisfiedBy.push(...result.segmentSatisfiedBy);
+        }
+        return { allowlistSatisfied: true, allowlistMatches, segmentSatisfiedBy };
+    }
+    // No chains, evaluate all segments together
+    const result = evaluateSegments(params.analysis.segments, {
+        allowlist: params.allowlist,
+        safeBins: params.safeBins,
+        cwd: params.cwd,
+        skillBins: params.skillBins,
+        autoAllowSkills: params.autoAllowSkills,
+    });
+    return {
+        allowlistSatisfied: result.satisfied,
+        allowlistMatches: result.matches,
+        segmentSatisfiedBy: result.segmentSatisfiedBy,
+    };
+}
+/**
+ * Evaluates allowlist for shell commands (including &&, ||, ;) and returns analysis metadata.
+ */
+export function evaluateShellAllowlist(params) {
+    const analysisFailure = () => ({
+        analysisOk: false,
+        allowlistSatisfied: false,
+        allowlistMatches: [],
+        segments: [],
+        segmentSatisfiedBy: [],
+    });
+    const chainParts = isWindowsPlatform(params.platform) ? null : splitCommandChain(params.command);
+    if (!chainParts) {
+        const analysis = analyzeShellCommand({
+            command: params.command,
+            cwd: params.cwd,
+            env: params.env,
+            platform: params.platform,
+        });
+        if (!analysis.ok) {
+            return analysisFailure();
+        }
+        const evaluation = evaluateExecAllowlist({
+            analysis,
+            allowlist: params.allowlist,
+            safeBins: params.safeBins,
+            cwd: params.cwd,
+            skillBins: params.skillBins,
+            autoAllowSkills: params.autoAllowSkills,
+        });
+        return {
+            analysisOk: true,
+            allowlistSatisfied: evaluation.allowlistSatisfied,
+            allowlistMatches: evaluation.allowlistMatches,
+            segments: analysis.segments,
+            segmentSatisfiedBy: evaluation.segmentSatisfiedBy,
+        };
+    }
+    const allowlistMatches = [];
+    const segments = [];
+    const segmentSatisfiedBy = [];
+    for (const part of chainParts) {
+        const analysis = analyzeShellCommand({
+            command: part,
+            cwd: params.cwd,
+            env: params.env,
+            platform: params.platform,
+        });
+        if (!analysis.ok) {
+            return analysisFailure();
+        }
+        segments.push(...analysis.segments);
+        const evaluation = evaluateExecAllowlist({
+            analysis,
+            allowlist: params.allowlist,
+            safeBins: params.safeBins,
+            cwd: params.cwd,
+            skillBins: params.skillBins,
+            autoAllowSkills: params.autoAllowSkills,
+        });
+        allowlistMatches.push(...evaluation.allowlistMatches);
+        segmentSatisfiedBy.push(...evaluation.segmentSatisfiedBy);
+        if (!evaluation.allowlistSatisfied) {
+            return {
+                analysisOk: true,
+                allowlistSatisfied: false,
+                allowlistMatches,
+                segments,
+                segmentSatisfiedBy,
+            };
+        }
+    }
+    return {
+        analysisOk: true,
+        allowlistSatisfied: true,
+        allowlistMatches,
+        segments,
+        segmentSatisfiedBy,
+    };
+}