@vibecheckai/cli 3.7.0 → 3.8.0

package/bin/runners/lib/agent-firewall/interception/fs-interceptor.js

@@ -0,0 +1,502 @@
+/**
+ * Real-Time File System Interceptor
+ * 
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * AGENT FIREWALL™ - FS INTERCEPTION LAYER
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * 
+ * Intercepts file system writes in REAL-TIME and blocks them if they violate
+ * the declared intent. This is the "write-time blocking" capability.
+ * 
+ * HOW IT WORKS:
+ * 1. Monkey-patches fs.writeFile, fs.writeFileSync, etc.
+ * 2. Before any write, checks the content against the enforcement gateway
+ * 3. If BLOCKED, throws an error BEFORE the file is written
+ * 4. If PASSED, allows the write to proceed
+ * 
+ * IMPORTANT: This should only be activated in IDE mode or when explicitly enabled.
+ * In CI/CLI, use the gateway directly instead of patching fs.
+ * 
+ * @module interception/fs-interceptor
+ * @version 1.0.0
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+// Store original functions
+const originalWriteFile = fs.writeFile;
+const originalWriteFileSync = fs.writeFileSync;
+const originalAppendFile = fs.appendFile;
+const originalAppendFileSync = fs.appendFileSync;
+const originalCopyFile = fs.copyFile;
+const originalCopyFileSync = fs.copyFileSync;
+const originalRename = fs.rename;
+const originalRenameSync = fs.renameSync;
+const originalUnlink = fs.unlink;
+const originalUnlinkSync = fs.unlinkSync;
+
+// Interceptor state
+let isActive = false;
+let projectRoot = process.cwd();
+let gateway = null;
+let agentId = "unknown";
+let onBlock = null; // Callback when write is blocked
+
+// File patterns to always allow (system files, temp files, etc.)
+const ALWAYS_ALLOW_PATTERNS = [
+  /node_modules/,
+  /\.vibecheck\//,
+  /\.git\//,
+  /\.DS_Store/,
+  /Thumbs\.db/,
+  /\.swp$/,
+  /\.swo$/,
+  /~$/,
+  /\.tmp$/,
+  /\.temp$/,
+  /\.cache/,
+  /\.log$/,
+  /package-lock\.json$/,
+  /pnpm-lock\.yaml$/,
+  /yarn\.lock$/,
+];
+
+// File patterns that should trigger blocking (source code)
+const SOURCE_FILE_PATTERNS = [
+  /\.[jt]sx?$/,         // JavaScript/TypeScript
+  /\.vue$/,             // Vue
+  /\.svelte$/,          // Svelte
+  /\.py$/,              // Python
+  /\.go$/,              // Go
+  /\.rs$/,              // Rust
+  /\.rb$/,              // Ruby
+  /\.php$/,             // PHP
+  /\.java$/,            // Java
+  /\.cs$/,              // C#
+  /\.sql$/,             // SQL
+  /\.prisma$/,          // Prisma
+  /\.graphql$/,         // GraphQL
+  /\.json$/,            // JSON (configs)
+  /\.ya?ml$/,           // YAML
+  /\.env/,              // Env files
+  /\.md$/,              // Markdown (docs)
+];
+
+/**
+ * Check if a file path should be intercepted
+ */
+function shouldIntercept(filePath) {
+  // Normalize path
+  const normalizedPath = path.resolve(filePath);
+  
+  // Must be within project root
+  if (!normalizedPath.startsWith(projectRoot)) {
+    return false;
+  }
+  
+  // Check always-allow patterns
+  for (const pattern of ALWAYS_ALLOW_PATTERNS) {
+    if (pattern.test(normalizedPath)) {
+      return false;
+    }
+  }
+  
+  // Check if it's a source file
+  for (const pattern of SOURCE_FILE_PATTERNS) {
+    if (pattern.test(normalizedPath)) {
+      return true;
+    }
+  }
+  
+  return false;
+}
+
+/**
+ * Create a BlockedWriteError
+ */
+class BlockedWriteError extends Error {
+  constructor(verdict) {
+    super(`BLOCKED_BY_AGENT_FIREWALL: ${verdict.summary}`);
+    this.name = "BlockedWriteError";
+    this.code = "EBLOCKED";
+    this.verdict = verdict;
+    this.violations = verdict.violations;
+  }
+}
+
+/**
+ * Intercept a file write operation
+ */
+async function interceptWrite(filePath, content, operation = "write") {
+  if (!gateway) {
+    console.warn("[FS Interceptor] No gateway configured - allowing write");
+    return { allowed: true };
+  }
+  
+  // Build change event
+  const changeType = operation === "append" ? "file_write" : 
+                     operation === "delete" ? "file_delete" :
+                     operation === "rename" ? "file_rename" : "file_write";
+  
+  // Get old content if file exists
+  let oldContent = null;
+  try {
+    if (fs.existsSync(filePath)) {
+      oldContent = originalReadFileSync(filePath, "utf-8");
+    }
+  } catch {
+    // Ignore read errors
+  }
+  
+  const rawChange = {
+    type: changeType,
+    path: path.relative(projectRoot, filePath),
+    content: typeof content === "string" ? content : content?.toString(),
+    diff: oldContent ? {
+      before: oldContent,
+      after: content?.toString() || "",
+    } : null,
+  };
+  
+  try {
+    const verdict = await gateway.intercept(rawChange, {
+      agentId,
+      interceptionPoint: "fs_hook",
+    });
+    
+    if (verdict.decision === "BLOCK") {
+      // Call block callback if provided
+      if (onBlock) {
+        onBlock(filePath, verdict);
+      }
+      
+      return { allowed: false, verdict };
+    }
+    
+    return { allowed: true, verdict };
+  } catch (err) {
+    // On error, default to allow (fail-open for fs operations)
+    console.warn(`[FS Interceptor] Error during interception: ${err.message}`);
+    return { allowed: true, error: err };
+  }
+}
+
+/**
+ * Synchronous intercept (blocking)
+ */
+function interceptWriteSync(filePath, content, operation = "write") {
+  if (!gateway) {
+    return { allowed: true };
+  }
+  
+  // For sync operations, we do a quick check instead of full intercept
+  const rawChange = {
+    type: operation === "delete" ? "file_delete" : "file_write",
+    path: path.relative(projectRoot, filePath),
+    content: typeof content === "string" ? content : content?.toString(),
+  };
+  
+  try {
+    const result = gateway.quickCheck(rawChange);
+    
+    if (!result.allowed) {
+      if (onBlock) {
+        onBlock(filePath, { violations: result.violations });
+      }
+      
+      return { allowed: false, violations: result.violations };
+    }
+    
+    return { allowed: true };
+  } catch (err) {
+    // Fail-open
+    return { allowed: true, error: err };
+  }
+}
+
+// Store original readFileSync for internal use
+const originalReadFileSync = fs.readFileSync;
+
+/**
+ * Create patched writeFile
+ */
+function patchedWriteFile(filePath, data, options, callback) {
+  // Handle overloads
+  if (typeof options === "function") {
+    callback = options;
+    options = {};
+  }
+  
+  const resolvedPath = path.resolve(filePath);
+  
+  if (!shouldIntercept(resolvedPath)) {
+    return originalWriteFile.call(fs, filePath, data, options, callback);
+  }
+  
+  // Intercept asynchronously
+  interceptWrite(resolvedPath, data, "write")
+    .then(result => {
+      if (!result.allowed) {
+        const error = new BlockedWriteError(result.verdict);
+        if (callback) callback(error);
+        return;
+      }
+      
+      originalWriteFile.call(fs, filePath, data, options, callback);
+    })
+    .catch(err => {
+      // On error, proceed with write (fail-open)
+      originalWriteFile.call(fs, filePath, data, options, callback);
+    });
+}
+
+/**
+ * Create patched writeFileSync
+ */
+function patchedWriteFileSync(filePath, data, options) {
+  const resolvedPath = path.resolve(filePath);
+  
+  if (!shouldIntercept(resolvedPath)) {
+    return originalWriteFileSync.call(fs, filePath, data, options);
+  }
+  
+  const result = interceptWriteSync(resolvedPath, data, "write");
+  
+  if (!result.allowed) {
+    throw new BlockedWriteError({ 
+      summary: "Write blocked by Agent Firewall",
+      violations: result.violations 
+    });
+  }
+  
+  return originalWriteFileSync.call(fs, filePath, data, options);
+}
+
+/**
+ * Create patched appendFile
+ */
+function patchedAppendFile(filePath, data, options, callback) {
+  if (typeof options === "function") {
+    callback = options;
+    options = {};
+  }
+  
+  const resolvedPath = path.resolve(filePath);
+  
+  if (!shouldIntercept(resolvedPath)) {
+    return originalAppendFile.call(fs, filePath, data, options, callback);
+  }
+  
+  interceptWrite(resolvedPath, data, "append")
+    .then(result => {
+      if (!result.allowed) {
+        const error = new BlockedWriteError(result.verdict);
+        if (callback) callback(error);
+        return;
+      }
+      
+      originalAppendFile.call(fs, filePath, data, options, callback);
+    })
+    .catch(() => {
+      originalAppendFile.call(fs, filePath, data, options, callback);
+    });
+}
+
+/**
+ * Create patched appendFileSync
+ */
+function patchedAppendFileSync(filePath, data, options) {
+  const resolvedPath = path.resolve(filePath);
+  
+  if (!shouldIntercept(resolvedPath)) {
+    return originalAppendFileSync.call(fs, filePath, data, options);
+  }
+  
+  const result = interceptWriteSync(resolvedPath, data, "append");
+  
+  if (!result.allowed) {
+    throw new BlockedWriteError({
+      summary: "Append blocked by Agent Firewall",
+      violations: result.violations
+    });
+  }
+  
+  return originalAppendFileSync.call(fs, filePath, data, options);
+}
+
+/**
+ * Create patched unlink (delete)
+ */
+function patchedUnlink(filePath, callback) {
+  const resolvedPath = path.resolve(filePath);
+  
+  if (!shouldIntercept(resolvedPath)) {
+    return originalUnlink.call(fs, filePath, callback);
+  }
+  
+  interceptWrite(resolvedPath, null, "delete")
+    .then(result => {
+      if (!result.allowed) {
+        const error = new BlockedWriteError(result.verdict);
+        if (callback) callback(error);
+        return;
+      }
+      
+      originalUnlink.call(fs, filePath, callback);
+    })
+    .catch(() => {
+      originalUnlink.call(fs, filePath, callback);
+    });
+}
+
+/**
+ * Create patched unlinkSync
+ */
+function patchedUnlinkSync(filePath) {
+  const resolvedPath = path.resolve(filePath);
+  
+  if (!shouldIntercept(resolvedPath)) {
+    return originalUnlinkSync.call(fs, filePath);
+  }
+  
+  const result = interceptWriteSync(resolvedPath, null, "delete");
+  
+  if (!result.allowed) {
+    throw new BlockedWriteError({
+      summary: "Delete blocked by Agent Firewall",
+      violations: result.violations
+    });
+  }
+  
+  return originalUnlinkSync.call(fs, filePath);
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// PUBLIC API
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Activate file system interception
+ * 
+ * @param {Object} options
+ * @param {string} options.projectRoot - Project root directory
+ * @param {Object} options.gateway - EnforcementGateway instance
+ * @param {string} options.agentId - Agent identifier
+ * @param {Function} options.onBlock - Callback when write is blocked
+ */
+function activate(options = {}) {
+  if (isActive) {
+    console.warn("[FS Interceptor] Already active");
+    return;
+  }
+  
+  projectRoot = options.projectRoot || process.cwd();
+  gateway = options.gateway || null;
+  agentId = options.agentId || "unknown";
+  onBlock = options.onBlock || null;
+  
+  // Patch fs module
+  fs.writeFile = patchedWriteFile;
+  fs.writeFileSync = patchedWriteFileSync;
+  fs.appendFile = patchedAppendFile;
+  fs.appendFileSync = patchedAppendFileSync;
+  fs.unlink = patchedUnlink;
+  fs.unlinkSync = patchedUnlinkSync;
+  
+  isActive = true;
+  
+  console.log(`[FS Interceptor] Activated for ${projectRoot}`);
+}
+
+/**
+ * Deactivate file system interception
+ */
+function deactivate() {
+  if (!isActive) return;
+  
+  // Restore original functions
+  fs.writeFile = originalWriteFile;
+  fs.writeFileSync = originalWriteFileSync;
+  fs.appendFile = originalAppendFile;
+  fs.appendFileSync = originalAppendFileSync;
+  fs.unlink = originalUnlink;
+  fs.unlinkSync = originalUnlinkSync;
+  
+  isActive = false;
+  gateway = null;
+  
+  console.log("[FS Interceptor] Deactivated");
+}
+
+/**
+ * Check if interceptor is active
+ */
+function isActivated() {
+  return isActive;
+}
+
+/**
+ * Update gateway instance
+ */
+function setGateway(newGateway) {
+  gateway = newGateway;
+}
+
+/**
+ * Update agent ID
+ */
+function setAgentId(newAgentId) {
+  agentId = newAgentId;
+}
+
+/**
+ * Add pattern to always-allow list
+ */
+function addAllowPattern(pattern) {
+  if (pattern instanceof RegExp) {
+    ALWAYS_ALLOW_PATTERNS.push(pattern);
+  } else {
+    ALWAYS_ALLOW_PATTERNS.push(new RegExp(pattern));
+  }
+}
+
+/**
+ * Get interception stats
+ */
+function getStats() {
+  return {
+    isActive,
+    projectRoot,
+    agentId,
+    allowPatterns: ALWAYS_ALLOW_PATTERNS.length,
+    sourcePatterns: SOURCE_FILE_PATTERNS.length,
+  };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  activate,
+  deactivate,
+  isActivated,
+  setGateway,
+  setAgentId,
+  addAllowPattern,
+  getStats,
+  BlockedWriteError,
+  shouldIntercept,
+  // Expose originals for testing
+  _originals: {
+    writeFile: originalWriteFile,
+    writeFileSync: originalWriteFileSync,
+    appendFile: originalAppendFile,
+    appendFileSync: originalAppendFileSync,
+    unlink: originalUnlink,
+    unlinkSync: originalUnlinkSync,
+  },
+};

package/bin/runners/lib/agent-firewall/interception/index.js

@@ -0,0 +1,23 @@
+/**
+ * Interception Layer Index
+ * 
+ * Exports all interception mechanisms for the Agent Firewall.
+ * 
+ * @module interception
+ */
+
+"use strict";
+
+const fsInterceptor = require("./fs-interceptor");
+
+module.exports = {
+  // FS Interceptor
+  activateFsInterceptor: fsInterceptor.activate,
+  deactivateFsInterceptor: fsInterceptor.deactivate,
+  isFsInterceptorActive: fsInterceptor.isActivated,
+  setFsGateway: fsInterceptor.setGateway,
+  BlockedWriteError: fsInterceptor.BlockedWriteError,
+  
+  // Re-export full module for advanced use
+  fsInterceptor,
+};