npm - @tjamescouch/agentchat - Versions diffs - 0.20.0 → 0.22.0 - Mend

@tjamescouch/agentchat 0.20.0 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/bin/agentchat.js CHANGED Viewed

@@ -52,6 +52,7 @@ import {
   ServerDirectory,
   DEFAULT_DIRECTORY_PATH
 } from '../lib/server-directory.js';
+import { enforceDirectorySafety, checkDirectorySafety } from '../lib/security.js';
 program
   .name('agentchat')
@@ -620,6 +621,12 @@ program
       const instanceName = options.name;
       const paths = getDaemonPaths(instanceName);
+      // Security check for operations that create files (not for status/list/stop)
+      const needsSafetyCheck = !options.list && !options.status && !options.stop && !options.stopAll;
+      if (needsSafetyCheck) {
+        enforceDirectorySafety(process.cwd(), { allowWarnings: true, silent: false });
+      }
       // List all daemons
       if (options.list) {
         const instances = await listDaemons();
@@ -1546,6 +1553,17 @@ const firstArg = process.argv[2];
 if (!firstArg || !subcommands.includes(firstArg)) {
   // Launcher mode
+  // Security check: prevent running in root/system directories
+  const safetyCheck = checkDirectorySafety(process.cwd());
+  if (safetyCheck.level === 'error') {
+    console.error(`\n❌ ERROR: ${safetyCheck.error}`);
+    process.exit(1);
+  }
+  if (safetyCheck.level === 'warning') {
+    console.error(`\n⚠️  WARNING: ${safetyCheck.warning}`);
+  }
   import('child_process').then(({ execSync, spawn }) => {
     const name = firstArg; // May be undefined (anonymous) or a name

package/lib/client.js CHANGED Viewed

@@ -816,3 +816,6 @@ export async function listen(server, name, channels, callback, identityPath = nu
   return client;
 }
+// Re-export security utilities
+export { checkDirectorySafety, enforceDirectorySafety } from './security.js';

package/lib/daemon.js CHANGED Viewed

@@ -11,6 +11,7 @@ import os from 'os';
 import { AgentChatClient } from './client.js';
 import { Identity, DEFAULT_IDENTITY_PATH } from './identity.js';
 import { appendReceipt, shouldStoreReceipt, DEFAULT_RECEIPTS_PATH } from './receipts.js';
+import { enforceDirectorySafety } from './security.js';
 // Base directory (cwd-relative for project-local storage)
 const AGENTCHAT_DIR = path.join(process.cwd(), '.agentchat');
@@ -341,6 +342,9 @@ export class AgentChatDaemon {
   }
   async start() {
+    // Security check: prevent running in root/system directories
+    enforceDirectorySafety(process.cwd(), { allowWarnings: true, silent: false });
     this.running = true;
     // Ensure instance directory exists

package/lib/protocol.js CHANGED Viewed

@@ -92,7 +92,8 @@ export const PresenceStatus = {
   ONLINE: 'online',
   AWAY: 'away',
   BUSY: 'busy',
-  OFFLINE: 'offline'
+  OFFLINE: 'offline',
+  LISTENING: 'listening'
 };
 // Proposal status
@@ -366,7 +367,7 @@ export function validateClientMessage(raw) {
     case ClientMessageType.SET_PRESENCE:
       // Set presence requires: status (online, away, busy, offline)
-      const validStatuses = ['online', 'away', 'busy', 'offline'];
+      const validStatuses = ['online', 'away', 'busy', 'offline', 'listening'];
       if (!msg.status || !validStatuses.includes(msg.status)) {
         return { valid: false, error: `Invalid presence status. Must be one of: ${validStatuses.join(', ')}` };
       }

package/lib/security.js ADDED Viewed

@@ -0,0 +1,183 @@
+/**
+ * Security utilities for AgentChat
+ * Prevents running agents in dangerous directories
+ */
+import path from 'path';
+import os from 'os';
+// Directories that are absolutely forbidden (system roots)
+const FORBIDDEN_DIRECTORIES = new Set([
+  '/',
+  '/root',
+  '/home',
+  '/Users',
+  '/var',
+  '/etc',
+  '/usr',
+  '/bin',
+  '/sbin',
+  '/lib',
+  '/opt',
+  '/tmp',
+  '/System',
+  '/Applications',
+  '/Library',
+  '/private',
+  '/private/var',
+  '/private/tmp',
+  'C:\\',
+  'C:\\Windows',
+  'C:\\Program Files',
+  'C:\\Program Files (x86)',
+  'C:\\Users',
+]);
+// Minimum depth from root required for a "project" directory
+// e.g., /Users/name/projects/myproject = depth 4 (minimum required)
+const MIN_SAFE_DEPTH = 3;
+/**
+ * Get the depth of a path from root
+ * @param {string} dirPath - Directory path to check
+ * @returns {number} - Number of directory levels from root
+ */
+function getPathDepth(dirPath) {
+  const normalized = path.normalize(dirPath);
+  const parts = normalized.split(path.sep).filter(p => p && p !== '.');
+  return parts.length;
+}
+/**
+ * Check if directory is a user's home directory
+ * @param {string} dirPath - Directory path to check
+ * @returns {boolean}
+ */
+function isHomeDirectory(dirPath) {
+  const normalized = path.normalize(dirPath);
+  const homeDir = os.homedir();
+  // Check exact match with home directory
+  if (normalized === homeDir || normalized === homeDir + path.sep) {
+    return true;
+  }
+  // Check common home directory patterns
+  const homePatterns = [
+    /^\/Users\/[^/]+$/,           // macOS: /Users/username
+    /^\/home\/[^/]+$/,            // Linux: /home/username
+    /^C:\\Users\\[^\\]+$/i,       // Windows: C:\Users\username
+  ];
+  return homePatterns.some(pattern => pattern.test(normalized));
+}
+/**
+ * Check if a directory is safe for running agentchat
+ * @param {string} dirPath - Directory path to check (defaults to cwd)
+ * @returns {{safe: boolean, error?: string, warning?: string, level: 'error'|'warning'|'ok'}}
+ */
+export function checkDirectorySafety(dirPath = process.cwd()) {
+  const normalized = path.normalize(path.resolve(dirPath));
+  // Check forbidden directories
+  if (FORBIDDEN_DIRECTORIES.has(normalized)) {
+    return {
+      safe: false,
+      level: 'error',
+      error: `Cannot run agentchat in system directory: ${normalized}\n` +
+             `Please run from a project directory instead.`
+    };
+  }
+  // Check if it's a home directory BEFORE depth check
+  // Home directories are allowed but warn (they're at depth 2 which would fail depth check)
+  if (isHomeDirectory(normalized)) {
+    return {
+      safe: true,
+      level: 'warning',
+      warning: `Running agentchat in home directory: ${normalized}\n` +
+               `Consider running from a specific project directory instead.`
+    };
+  }
+  // Check path depth (too shallow = too close to root)
+  const depth = getPathDepth(normalized);
+  if (depth < MIN_SAFE_DEPTH) {
+    return {
+      safe: false,
+      level: 'error',
+      error: `Cannot run agentchat in root-level directory: ${normalized}\n` +
+             `This directory is too close to the filesystem root.\n` +
+             `Please run from a project directory (at least ${MIN_SAFE_DEPTH} levels deep).`
+    };
+  }
+  // All checks passed
+  return {
+    safe: true,
+    level: 'ok'
+  };
+}
+/**
+ * Enforce directory safety check - throws if unsafe
+ * @param {string} dirPath - Directory path to check (defaults to cwd)
+ * @param {object} options - Options
+ * @param {boolean} options.allowWarnings - If true, don't throw on warnings (default: true)
+ * @param {boolean} options.silent - If true, don't print warnings (default: false)
+ * @throws {Error} If directory is not safe
+ */
+export function enforceDirectorySafety(dirPath = process.cwd(), options = {}) {
+  const { allowWarnings = true, silent = false } = options;
+  const result = checkDirectorySafety(dirPath);
+  if (result.level === 'error') {
+    throw new Error(result.error);
+  }
+  if (result.level === 'warning') {
+    if (!silent) {
+      console.error(`\n⚠️  WARNING: ${result.warning}\n`);
+    }
+    if (!allowWarnings) {
+      throw new Error(result.warning);
+    }
+  }
+  return result;
+}
+/**
+ * Check if running in a project directory (has common project indicators)
+ * @param {string} dirPath - Directory path to check
+ * @returns {boolean}
+ */
+export function looksLikeProjectDirectory(dirPath = process.cwd()) {
+  const projectIndicators = [
+    'package.json',
+    'Cargo.toml',
+    'go.mod',
+    'pyproject.toml',
+    'setup.py',
+    'requirements.txt',
+    'Gemfile',
+    'pom.xml',
+    'build.gradle',
+    'Makefile',
+    'CMakeLists.txt',
+    '.git',
+    '.gitignore',
+    'README.md',
+    'README',
+  ];
+  // This is a heuristic check - doesn't actually verify files exist
+  // Just checks if the path looks reasonable
+  const normalized = path.normalize(path.resolve(dirPath));
+  const depth = getPathDepth(normalized);
+  // If it's deep enough and not a system directory, it probably looks like a project
+  return depth >= MIN_SAFE_DEPTH && !FORBIDDEN_DIRECTORIES.has(normalized);
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tjamescouch/agentchat",
-  "version": "0.20.0",
+  "version": "0.22.0",
   "description": "Real-time IRC-like communication protocol for AI agents",
   "main": "lib/client.js",
   "files": [
@@ -14,9 +14,10 @@
   },
   "scripts": {
     "start": "node bin/agentchat.js serve",
-    "test": "node --test test/identity.test.js test/deploy.test.js test/daemon.test.js test/receipts.test.js test/reputation.test.js test/jitter.test.js",
+    "test": "node --test 'test/*.test.js'",
     "test:integration": "node --test test/*.integration.test.js",
-    "test:all": "node --test test/*.test.js"
+    "test:all": "node --test test/*.test.js",
+    "knip": "knip"
   },
   "keywords": [
     "ai",
@@ -48,5 +49,8 @@
   "bugs": {
     "url": "https://github.com/tjamescouch/agentchat/issues"
   },
-  "type": "module"
+  "type": "module",
+  "devDependencies": {
+    "knip": "^5.83.0"
+  }
 }