@vibecheckai/cli 3.2.0 → 3.2.1

package/mcp-server/agent-firewall-interceptor.js

@@ -0,0 +1,164 @@
+/**
+ * Agent Firewall Interceptor - MCP Tool
+ * 
+ * Intercepts file write/patch tool calls from AI agents.
+ * Validates changes against truthpack and policy before allowing writes.
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const { interceptFileWrite, interceptMultiFileWrite } = require("../../bin/runners/lib/agent-firewall/interceptor/base");
+
+/**
+ * MCP Tool Definition
+ */
+const AGENT_FIREWALL_TOOL = {
+  name: "vibecheck_agent_firewall_intercept",
+  description: `🛡️ Agent Firewall - Intercepts AI code changes and validates against repo truth.
+
+This tool MUST be called before any file write/patch operations.
+It validates changes against truthpack and policy rules.
+
+Returns: { allowed, verdict, violations, unblockPlan }`,
+  inputSchema: {
+    type: "object",
+    required: ["agentId", "filePath", "content"],
+    properties: {
+      agentId: {
+        type: "string",
+        description: "Agent identifier (e.g., 'cursor', 'windsurf', 'copilot')"
+      },
+      filePath: {
+        type: "string",
+        description: "File path relative to project root"
+      },
+      content: {
+        type: "string",
+        description: "New file content"
+      },
+      oldContent: {
+        type: "string",
+        description: "Old file content (optional, for diff generation)"
+      },
+      intent: {
+        type: "string",
+        description: "Agent's stated intent for this change"
+      },
+      projectRoot: {
+        type: "string",
+        default: ".",
+        description: "Project root directory"
+      }
+    }
+  }
+};
+
+/**
+ * Handle MCP tool call
+ * @param {string} name - Tool name (unused, for consistency)
+ * @param {object} args - Tool arguments
+ * @returns {object} MCP tool response
+ */
+async function handleAgentFirewallIntercept(name, args) {
+  const projectRoot = path.resolve(args.projectRoot || ".");
+  const agentId = args.agentId || "unknown";
+  const filePath = args.filePath;
+  const content = args.content;
+  const oldContent = args.oldContent || null;
+  const intent = args.intent || "No intent provided";
+  
+  // Validate file path is within project root
+  const fileAbs = path.resolve(projectRoot, filePath);
+  if (!fileAbs.startsWith(projectRoot + path.sep) && fileAbs !== projectRoot) {
+    return {
+      content: [{
+        type: "text",
+        text: `❌ BLOCKED: File path outside project root: ${filePath}`
+      }],
+      isError: true
+    };
+  }
+  
+  try {
+    // Read old content if not provided
+    let actualOldContent = oldContent;
+    if (!actualOldContent && fs.existsSync(fileAbs)) {
+      actualOldContent = fs.readFileSync(fileAbs, "utf8");
+    }
+    
+    // Intercept the write
+    const result = await interceptFileWrite({
+      projectRoot,
+      agentId,
+      intent,
+      filePath,
+      content,
+      oldContent: actualOldContent
+    });
+    
+    // Check policy mode (already loaded in interceptFileWrite, but we need it for mode check)
+    const { loadPolicy } = require("../../bin/runners/lib/agent-firewall/policy/loader");
+    const policy = loadPolicy(projectRoot);
+    
+    if (policy.mode === "observe") {
+      // Observe mode - log but don't block
+      return {
+        content: [{
+          type: "text",
+          text: `📊 OBSERVE MODE: ${result.verdict}\n\n${result.message}\n\nPacket ID: ${result.packetId}`
+        }]
+      };
+    }
+    
+    // Enforce mode - block if not allowed
+    if (!result.allowed) {
+      let message = `❌ BLOCKED: ${result.message}\n\n`;
+      
+      if (result.violations && result.violations.length > 0) {
+        message += "Violations:\n";
+        for (const violation of result.violations) {
+          message += `  - ${violation.rule}: ${violation.message}\n`;
+        }
+      }
+      
+      if (result.unblockPlan && result.unblockPlan.steps.length > 0) {
+        message += "\nTo unblock:\n";
+        for (const step of result.unblockPlan.steps) {
+          message += `  ${step.action === "create" ? "Create" : "Modify"} ${step.file || "file"}: ${step.description}\n`;
+        }
+      }
+      
+      return {
+        content: [{
+          type: "text",
+          text: message
+        }],
+        isError: true
+      };
+    }
+    
+    // Allowed
+    return {
+      content: [{
+        type: "text",
+        text: `✅ ALLOWED: ${result.message}\n\nPacket ID: ${result.packetId}`
+      }]
+    };
+    
+  } catch (error) {
+    return {
+      content: [{
+        type: "text",
+        text: `❌ Error intercepting write: ${error.message}\n\n${error.stack}`
+      }],
+      isError: true
+    };
+  }
+}
+
+module.exports = {
+  AGENT_FIREWALL_TOOL,
+  handleAgentFirewallIntercept
+};