@vibecheckai/cli 3.2.6 → 3.3.0

package/bin/runners/lib/agent-firewall/policy/loader.js

@@ -1,7 +1,11 @@
 /**
  * Policy Loader
  * 
- * Loads and validates agent firewall policy from .vibecheck/policy.json
+ * Loads and validates agent firewall policy from:
+ * - .vibecheck/policy.json (JSON policy)
+ * - .vibecheck/rules.yaml (YAML rule DSL)
+ * - .vibecheckrc (legacy)
+ * 
  * Falls back to default policy if not found.
  */
 
@@ -11,6 +15,14 @@ const fs = require("fs");
 const path = require("path");
 const Ajv = require("ajv").default || require("ajv");
 
+// Try to load YAML parser
+let yaml = null;
+try {
+  yaml = require("js-yaml");
+} catch {
+  // js-yaml not available, YAML support disabled
+}
+
 // Load schema
 const schemaPath = path.join(__dirname, "schema.json");
 const schema = JSON.parse(fs.readFileSync(schemaPath, "utf8"));
@@ -19,6 +31,94 @@ const schema = JSON.parse(fs.readFileSync(schemaPath, "utf8"));
 const defaultPolicyPath = path.join(__dirname, "default-policy.json");
 const defaultPolicy = JSON.parse(fs.readFileSync(defaultPolicyPath, "utf8"));
 
+/**
+ * Load YAML rules file
+ * @param {string} rulesPath - Path to rules.yaml
+ * @returns {Array} Parsed rules array
+ */
+function loadYamlRules(rulesPath) {
+  if (!yaml) {
+    console.warn("js-yaml not installed, YAML rules not loaded");
+    return [];
+  }
+  
+  try {
+    const content = fs.readFileSync(rulesPath, "utf8");
+    const parsed = yaml.load(content);
+    
+    if (!parsed || !parsed.rules) {
+      return [];
+    }
+    
+    return normalizeYamlRules(parsed.rules);
+  } catch (error) {
+    console.warn(`Failed to load YAML rules: ${error.message}`);
+    return [];
+  }
+}
+
+/**
+ * Normalize YAML rules to policy format
+ * @param {Array} rules - Raw YAML rules
+ * @returns {Array} Normalized rules
+ */
+function normalizeYamlRules(rules) {
+  return rules.map(rule => {
+    // Map YAML DSL actions to policy severity
+    const severityMap = {
+      block: "block",
+      warn: "warn",
+      allow: "allow",
+      require_confirmation: "warn",
+    };
+    
+    return {
+      id: rule.id,
+      description: rule.description || "",
+      severity: severityMap[rule.action] || "warn",
+      enabled: rule.enabled !== false,
+      match: rule.match || {},
+      action: rule.action || "warn",
+      message: rule.message || rule.description || "",
+      // Custom rule evaluator info
+      custom: rule.custom || null,
+      block_if_domain: rule.block_if_domain || [],
+    };
+  });
+}
+
+/**
+ * Merge YAML rules into policy
+ * @param {object} policy - Policy object
+ * @param {Array} yamlRules - Normalized YAML rules
+ * @returns {object} Policy with merged rules
+ */
+function mergeYamlRulesIntoPolicy(policy, yamlRules) {
+  if (!yamlRules || yamlRules.length === 0) {
+    return policy;
+  }
+  
+  const merged = { ...policy };
+  merged.rules = merged.rules || {};
+  merged.customRules = merged.customRules || [];
+  
+  for (const rule of yamlRules) {
+    // Add to custom rules array
+    merged.customRules.push(rule);
+    
+    // Also add to rules object for backward compatibility
+    if (rule.id) {
+      merged.rules[rule.id] = {
+        severity: rule.severity,
+        enabled: rule.enabled,
+        block_if_domain: rule.block_if_domain,
+      };
+    }
+  }
+  
+  return merged;
+}
+
 /**
  * Load policy from project root
  * @param {string} projectRoot - Project root directory
@@ -27,28 +127,52 @@ const defaultPolicy = JSON.parse(fs.readFileSync(defaultPolicyPath, "utf8"));
  */
 function loadPolicy(projectRoot, overrides = {}) {
   const policyPath = path.join(projectRoot, ".vibecheck", "policy.json");
+  const yamlRulesPath = path.join(projectRoot, ".vibecheck", "rules.yaml");
+  const legacyRcPath = path.join(projectRoot, ".vibecheckrc");
   
   let policy;
   
-  // Try to load project policy
+  // Try to load project policy (JSON)
   if (fs.existsSync(policyPath)) {
     try {
       policy = JSON.parse(fs.readFileSync(policyPath, "utf8"));
     } catch (error) {
       throw new Error(`Failed to parse policy file: ${error.message}`);
     }
+  } else if (fs.existsSync(legacyRcPath)) {
+    // Try legacy .vibecheckrc
+    try {
+      policy = JSON.parse(fs.readFileSync(legacyRcPath, "utf8"));
+    } catch (error) {
+      // Might be YAML format
+      if (yaml) {
+        try {
+          policy = yaml.load(fs.readFileSync(legacyRcPath, "utf8"));
+        } catch {
+          throw new Error(`Failed to parse .vibecheckrc: ${error.message}`);
+        }
+      } else {
+        throw new Error(`Failed to parse .vibecheckrc: ${error.message}`);
+      }
+    }
   } else {
     // Use default policy
     policy = JSON.parse(JSON.stringify(defaultPolicy));
   }
   
+  // Load and merge YAML rules if present
+  if (fs.existsSync(yamlRulesPath)) {
+    const yamlRules = loadYamlRules(yamlRulesPath);
+    policy = mergeYamlRulesIntoPolicy(policy, yamlRules);
+  }
+  
   // Apply overrides (deep merge)
   if (Object.keys(overrides).length > 0) {
     policy = deepMerge(policy, overrides);
   }
   
   // Validate against schema
-  const ajv = new Ajv({ allErrors: true });
+  const ajv = new Ajv({ allErrors: true, strict: false });
   const validate = ajv.compile(schema);
   const valid = validate(policy);
   
@@ -120,7 +244,7 @@ function savePolicy(projectRoot, policy) {
   }
   
   // Validate before saving
-  const ajv = new Ajv({ allErrors: true });
+  const ajv = new Ajv({ allErrors: true, strict: false });
   const validate = ajv.compile(schema);
   const valid = validate(policy);
   
@@ -134,10 +258,194 @@ function savePolicy(projectRoot, policy) {
   fs.writeFileSync(policyPath, JSON.stringify(policy, null, 2));
 }
 
+/**
+ * Save YAML rules to project root
+ * @param {string} projectRoot - Project root directory
+ * @param {Array} rules - Rules array
+ */
+function saveYamlRules(projectRoot, rules) {
+  if (!yaml) {
+    throw new Error("js-yaml not installed, cannot save YAML rules");
+  }
+  
+  const vibecheckDir = path.join(projectRoot, ".vibecheck");
+  const rulesPath = path.join(vibecheckDir, "rules.yaml");
+  
+  // Ensure .vibecheck directory exists
+  if (!fs.existsSync(vibecheckDir)) {
+    fs.mkdirSync(vibecheckDir, { recursive: true });
+  }
+  
+  const content = yaml.dump({ rules }, {
+    lineWidth: 120,
+    quotingType: '"',
+    forceQuotes: false,
+  });
+  
+  fs.writeFileSync(rulesPath, content);
+}
+
+/**
+ * Create default YAML rules file
+ * @param {string} projectRoot - Project root directory
+ */
+function createDefaultYamlRules(projectRoot) {
+  const defaultRules = [
+    {
+      id: "no-phantom-env",
+      description: "Block undeclared environment variables",
+      match: { type: "env", exists: false },
+      action: "block",
+      message: "Env vars must be declared before use",
+    },
+    {
+      id: "no-ghost-routes",
+      description: "Block routes that reference unregistered paths",
+      match: { type: "route", registered: false },
+      action: "block",
+      message: "Routes must be registered in the router",
+    },
+    {
+      id: "core-folder-protection",
+      description: "Require confirmation for changes to core code",
+      match: { path: "^src/core/" },
+      action: "require_confirmation",
+      message: "Changes to core require explicit confirmation",
+    },
+    {
+      id: "no-silent-deletes",
+      description: "Require confirmation for file deletions",
+      match: { operation: "delete" },
+      action: "require_confirmation",
+      message: "File deletions require explicit confirmation",
+    },
+    {
+      id: "auth-changes-high-risk",
+      description: "Flag authentication changes as high risk",
+      match: { tags: ["auth", "security"] },
+      action: "warn",
+      block_if_domain: ["payments"],
+      message: "Auth changes require careful review",
+    },
+    {
+      id: "max-files-per-change",
+      description: "Limit number of files in a single change",
+      match: { files_count: { gt: 10 } },
+      action: "require_confirmation",
+      message: "Large changes (>10 files) require confirmation",
+    },
+  ];
+  
+  saveYamlRules(projectRoot, defaultRules);
+}
+
+/**
+ * Get custom rules from policy
+ * @param {object} policy - Policy object
+ * @returns {Array} Custom rules
+ */
+function getCustomRules(policy) {
+  return policy.customRules || [];
+}
+
+/**
+ * Evaluate a custom YAML rule against a change
+ * @param {object} rule - Rule definition
+ * @param {object} context - Change context
+ * @returns {object|null} Violation if rule triggered, null otherwise
+ */
+function evaluateCustomRule(rule, context) {
+  if (!rule.enabled) return null;
+  
+  const match = rule.match || {};
+  let triggered = false;
+  
+  // Match by type
+  if (match.type) {
+    const claims = context.claims || [];
+    const typeClaims = claims.filter(c => c.type === match.type);
+    
+    if (typeClaims.length > 0) {
+      if (match.exists === false) {
+        // Check if any claim doesn't exist
+        triggered = typeClaims.some(c => !c.exists);
+      } else if (match.registered === false) {
+        triggered = typeClaims.some(c => !c.registered);
+      } else {
+        triggered = true;
+      }
+    }
+  }
+  
+  // Match by path pattern
+  if (match.path) {
+    const files = context.files || [];
+    const regex = new RegExp(match.path);
+    triggered = triggered || files.some(f => regex.test(f.path || f));
+  }
+  
+  // Match by operation
+  if (match.operation) {
+    const operations = context.operations || [];
+    triggered = triggered || operations.some(op => op.type === match.operation);
+  }
+  
+  // Match by file count
+  if (match.files_count) {
+    const fileCount = (context.files || []).length;
+    if (match.files_count.gt && fileCount > match.files_count.gt) {
+      triggered = true;
+    }
+    if (match.files_count.lt && fileCount < match.files_count.lt) {
+      triggered = true;
+    }
+  }
+  
+  // Match by tags
+  if (match.tags && Array.isArray(match.tags)) {
+    const domains = context.domains || [];
+    triggered = triggered || match.tags.some(tag => domains.includes(tag));
+  }
+  
+  if (!triggered) return null;
+  
+  // Check block_if_domain upgrade
+  let severity = rule.severity || rule.action;
+  if (rule.block_if_domain && rule.block_if_domain.length > 0) {
+    const domains = context.domains || [];
+    if (rule.block_if_domain.some(d => domains.includes(d))) {
+      severity = "block";
+    }
+  }
+  
+  return {
+    rule: rule.id,
+    type: "custom_rule",
+    severity,
+    message: rule.message || rule.description || `Rule ${rule.id} triggered`,
+  };
+}
+
+/**
+ * Check if YAML support is available
+ * @returns {boolean} YAML support available
+ */
+function hasYamlSupport() {
+  return yaml !== null;
+}
+
 module.exports = {
   loadPolicy,
   getDefaultPolicy,
   savePolicy,
+  loadYamlRules,
+  saveYamlRules,
+  createDefaultYamlRules,
+  getCustomRules,
+  evaluateCustomRule,
+  mergeYamlRulesIntoPolicy,
+  normalizeYamlRules,
+  hasYamlSupport,
   schema,
   defaultPolicy
 };

package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js

@@ -2,12 +2,97 @@
  * Ghost Env Rule
  * 
  * Blocks if process.env.X used but not declared.
+ * Includes smart whitelisting to reduce false positives.
  */
 
 "use strict";
 
 const { CLAIM_TYPES } = require("../../claims/claim-types");
 
+/**
+ * Common environment variables that are safe to use without explicit declaration.
+ * These are well-known Node.js, Next.js, and common deployment platform vars.
+ */
+const SAFE_ENV_VARS = new Set([
+  // Node.js core
+  "NODE_ENV",
+  "NODE_OPTIONS",
+  "NODE_PATH",
+  "NODE_DEBUG",
+  
+  // Next.js / React
+  "NEXT_PUBLIC_",      // Prefix pattern
+  "REACT_APP_",        // Prefix pattern
+  "VERCEL",
+  "VERCEL_ENV",
+  "VERCEL_URL",
+  "NEXT_RUNTIME",
+  
+  // Common deployment
+  "PORT",
+  "HOST",
+  "HOSTNAME",
+  "CI",
+  "DEBUG",
+  "LOG_LEVEL",
+  "TZ",
+  "LANG",
+  "HOME",
+  "USER",
+  "PATH",
+  "PWD",
+  "SHELL",
+  "TERM",
+  
+  // Testing
+  "TEST",
+  "JEST_WORKER_ID",
+  "VITEST",
+  
+  // Build tools
+  "npm_package_name",
+  "npm_package_version",
+  "npm_lifecycle_event",
+]);
+
+/**
+ * Prefix patterns that are safe
+ */
+const SAFE_ENV_PREFIXES = [
+  "NEXT_PUBLIC_",
+  "REACT_APP_",
+  "VITE_",
+  "npm_",
+  "GITHUB_",
+  "CI_",
+  "VERCEL_",
+  "RAILWAY_",
+  "RENDER_",
+  "HEROKU_",
+  "AWS_",
+];
+
+/**
+ * Check if an env var is in the safe list
+ * @param {string} varName - Environment variable name
+ * @returns {boolean} Is safe
+ */
+function isSafeEnvVar(varName) {
+  if (!varName || typeof varName !== 'string') return false;
+  
+  const normalized = varName.toUpperCase();
+  
+  // Direct match
+  if (SAFE_ENV_VARS.has(normalized)) return true;
+  
+  // Prefix match
+  for (const prefix of SAFE_ENV_PREFIXES) {
+    if (normalized.startsWith(prefix)) return true;
+  }
+  
+  return false;
+}
+
 /**
  * Evaluate ghost env rule
  * @param {object} params
@@ -23,6 +108,9 @@ function evaluate({ claims, evidence, policy }) {
     return null;
   }
   
+  // Get custom whitelist from policy
+  const customWhitelist = new Set(ruleConfig.whitelist || []);
+  
   // Find env claims with UNPROVEN evidence
   for (let i = 0; i < claims.length; i++) {
     const claim = claims[i];
@@ -31,10 +119,34 @@ function evaluate({ claims, evidence, policy }) {
       const ev = evidence.find(e => e.claimId === `claim_${i}`);
       
       if (ev && ev.result === "UNPROVEN") {
+        const envVar = String(claim.value || claim.key || "");
+        
+        // Skip if it's a known safe env var
+        if (isSafeEnvVar(envVar)) {
+          continue;
+        }
+        
+        // Skip if in custom whitelist
+        if (customWhitelist.has(envVar)) {
+          continue;
+        }
+        
+        // Skip if it's a fallback pattern (e.g., process.env.X || 'default')
+        if (claim.hasFallback) {
+          // Downgrade to warning instead of block
+          return {
+            rule: "ghost_env",
+            severity: "warn",
+            message: `Env var ${envVar} is used with fallback but not declared`,
+            claimId: `claim_${i}`,
+            claim
+          };
+        }
+        
         return {
           rule: "ghost_env",
           severity: ruleConfig.severity || "block",
-          message: `Ghost env var: ${claim.value} is used but not declared`,
+          message: `Ghost env var: ${envVar} is used but not declared`,
           claimId: `claim_${i}`,
           claim
         };

package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js

@@ -2,12 +2,120 @@
  * Ghost Route Rule
  * 
  * Blocks if UI references route not registered in truthpack.
+ * Includes smart detection of external APIs and common patterns.
  */
 
 "use strict";
 
 const { CLAIM_TYPES } = require("../../claims/claim-types");
 
+/**
+ * Patterns that indicate an external API (not a local route)
+ */
+const EXTERNAL_API_PATTERNS = [
+  // Full URLs
+  /^https?:\/\//i,
+  /^\/\/[a-z]/i,
+  
+  // Common external API domains
+  /api\.github\.com/i,
+  /api\.stripe\.com/i,
+  /api\.openai\.com/i,
+  /api\.anthropic\.com/i,
+  /api\.twilio\.com/i,
+  /api\.sendgrid\.com/i,
+  /graph\.facebook\.com/i,
+  /api\.twitter\.com/i,
+  /googleapis\.com/i,
+  /aws\.amazon\.com/i,
+  /cloudflare\.com/i,
+  /api\.clerk\.dev/i,
+  /api\.auth0\.com/i,
+  /api\.supabase\.co/i,
+  /api\.vercel\.app/i,
+  
+  // GraphQL endpoints
+  /graphql/i,
+  
+  // Webhook patterns
+  /webhook/i,
+  /hook\//i,
+];
+
+/**
+ * Path patterns that are safe to skip (dynamic or template)
+ */
+const SAFE_ROUTE_PATTERNS = [
+  // Dynamic segments
+  /\$\{/,                    // Template literals
+  /\[.*\]/,                  // Dynamic route segments [id]
+  /:\w+/,                    // URL params :id
+  /\{\{.*\}\}/,              // Template syntax
+  
+  // Hash-only routes
+  /^#/,
+  
+  // Query-only
+  /^\?/,
+  
+  // Empty or undefined
+  /^undefined$/i,
+  /^null$/i,
+];
+
+/**
+ * Check if a route is external
+ * @param {string} route - Route path
+ * @returns {boolean} Is external
+ */
+function isExternalRoute(route) {
+  if (!route || typeof route !== 'string') return true;
+  
+  const trimmed = route.trim();
+  
+  // Check external patterns
+  for (const pattern of EXTERNAL_API_PATTERNS) {
+    if (pattern.test(trimmed)) return true;
+  }
+  
+  return false;
+}
+
+/**
+ * Check if a route should be skipped
+ * @param {string} route - Route path
+ * @returns {boolean} Should skip
+ */
+function shouldSkipRoute(route) {
+  if (!route || typeof route !== 'string') return true;
+  
+  const trimmed = route.trim();
+  
+  // Skip empty routes
+  if (trimmed.length === 0) return true;
+  
+  // Check safe patterns
+  for (const pattern of SAFE_ROUTE_PATTERNS) {
+    if (pattern.test(trimmed)) return true;
+  }
+  
+  return false;
+}
+
+/**
+ * Check if route is a local API route
+ * @param {string} route - Route path
+ * @returns {boolean} Is local API
+ */
+function isLocalApiRoute(route) {
+  if (!route || typeof route !== 'string') return false;
+  
+  const trimmed = route.trim().toLowerCase();
+  
+  // Must start with /api/ to be a local Next.js API route
+  return trimmed.startsWith('/api/');
+}
+
 /**
  * Evaluate ghost route rule
  * @param {object} params
@@ -23,6 +131,9 @@ function evaluate({ claims, evidence, policy }) {
     return null;
   }
   
+  // Get custom whitelist from policy
+  const customWhitelist = new Set(ruleConfig.whitelist || []);
+  
   // Find route claims with UNPROVEN evidence
   for (let i = 0; i < claims.length; i++) {
     const claim = claims[i];
@@ -30,23 +141,39 @@ function evaluate({ claims, evidence, policy }) {
     if (claim.type === CLAIM_TYPES.ROUTE || claim.type === CLAIM_TYPES.HTTP_CALL) {
       const ev = evidence.find(e => e.claimId === `claim_${i}`);
       
-      // Skip if evidence shows it's an external API call or ignored file
-      if (ev && (ev.result === "PROVEN" && (ev.reason?.includes("external API") || ev.reason?.includes("ignored file")))) {
+      // Skip if evidence shows it's already proven
+      if (ev && ev.result === "PROVEN") {
         continue;
       }
       
       if (ev && ev.result === "UNPROVEN") {
-        // Double-check: skip external API calls (routes not starting with /api/)
         const routePath = String(claim.value || "").trim();
-        if (!routePath.startsWith('/api/')) {
-          // This is an external API call, not a Next.js route - skip
+        
+        // Skip dynamic or template routes
+        if (shouldSkipRoute(routePath)) {
+          continue;
+        }
+        
+        // Skip external API calls
+        if (isExternalRoute(routePath)) {
+          continue;
+        }
+        
+        // Only flag local API routes
+        if (!isLocalApiRoute(routePath)) {
+          // Not a local API route - could be page navigation, skip
+          continue;
+        }
+        
+        // Skip if in custom whitelist
+        if (customWhitelist.has(routePath)) {
           continue;
         }
         
         return {
           rule: "ghost_route",
           severity: ruleConfig.severity || "block",
-          message: `Ghost route: ${claim.value} is referenced but not registered in truthpack`,
+          message: `Ghost route: ${routePath} is referenced but not registered in truthpack`,
           claimId: `claim_${i}`,
           claim
         };