@vibecheckai/cli 3.9.0 → 4.0.0

package/mcp-server/src/services/firewall-service.ts

@@ -0,0 +1,662 @@
+/**
+ * Enhanced Firewall Service for MCP Server
+ * Provides agent-aware firewall with intent tracking, claim verification, and action gating
+ */
+
+import { CliService } from './cli-service.js';
+import type {
+  FirewallMode,
+  FirewallStatus,
+  FirewallVerdict,
+  Intent,
+  IntentTemplate,
+  ShieldCheckResult,
+  ClaimVerificationRequest,
+  ClaimVerificationResult,
+  ClaimEvidence,
+} from '../types.js';
+
+// Pre-defined intent templates for common tasks
+const INTENT_TEMPLATES: IntentTemplate[] = [
+  {
+    name: 'Add Auth',
+    summary: 'Add authentication feature',
+    constraints: ['Use existing auth middleware', 'No new environment variables', 'Do not change billing code'],
+    description: 'Safe for adding authentication without touching sensitive areas',
+  },
+  {
+    name: 'Add Route',
+    summary: 'Add new API route',
+    constraints: ['No new env vars unless declared', 'No auth changes', 'Follow existing route patterns'],
+    description: 'For adding new API endpoints with existing patterns',
+  },
+  {
+    name: 'Bug Fix',
+    summary: 'Fix a specific bug',
+    constraints: ['Minimal code changes', 'No new dependencies', 'No refactoring unrelated code'],
+    description: 'Tightly scoped bug fixes only',
+  },
+  {
+    name: 'Refactor',
+    summary: 'Refactor existing code',
+    constraints: ['No behavior changes', 'Preserve all tests', 'No new features'],
+    description: 'Code quality improvements without behavior changes',
+  },
+  {
+    name: 'Add Feature',
+    summary: 'Add new feature',
+    constraints: ['Use existing patterns', 'Add tests for new code', 'Update documentation'],
+    description: 'Feature additions with proper testing',
+  },
+  {
+    name: 'Payment Flow',
+    summary: 'Modify payment/billing code',
+    constraints: ['No auth changes', 'Preserve existing integrations', 'Add audit logging'],
+    description: 'Sensitive payment code changes with audit trail',
+  },
+  {
+    name: 'Database Migration',
+    summary: 'Modify database schema',
+    constraints: ['Create rollback migration', 'No data deletion', 'Test in staging first'],
+    description: 'Safe database schema changes',
+  },
+  {
+    name: 'Dependency Update',
+    summary: 'Update project dependencies',
+    constraints: ['Update one major version at a time', 'Run full test suite', 'Check for breaking changes'],
+    description: 'Controlled dependency updates',
+  },
+];
+
+// Action categories for gating
+type ActionCategory = 'read' | 'write' | 'execute' | 'network' | 'sensitive';
+
+interface ActionGateResult {
+  allowed: boolean;
+  reason: string;
+  requiresIntent: boolean;
+  suggestedIntent?: IntentTemplate;
+}
+
+export class FirewallService {
+  private cliService: CliService;
+  private mode: FirewallMode = 'off';
+  private currentIntent: Intent | null = null;
+  private violationCount: number = 0;
+  private blockedCount: number = 0;
+  private sessionId: string;
+  private actionLog: ActionLogEntry[] = [];
+
+  constructor(cliService: CliService) {
+    this.cliService = cliService;
+    this.sessionId = this.generateSessionId();
+    this.initialize();
+  }
+
+  private async initialize(): Promise<void> {
+    const status = await this.getStatus();
+    this.mode = status.mode;
+    if (status.currentIntent) {
+      this.currentIntent = status.currentIntent;
+    }
+  }
+
+  private generateSessionId(): string {
+    return `mcp_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+  }
+
+  // ═══════════════════════════════════════════════════════════════════════════════
+  // Status & Mode Management
+  // ═══════════════════════════════════════════════════════════════════════════════
+
+  /**
+   * Get firewall status
+   */
+  async getStatus(): Promise<FirewallStatus> {
+    const result = await this.cliService.shieldStatus();
+
+    if (result.success && result.data) {
+      const data = result.data as Record<string, unknown>;
+      this.mode = (data.mode as FirewallMode) || 'off';
+      return {
+        mode: this.mode,
+        enabled: this.mode !== 'off',
+        violationCount: (data.violationCount as number) || this.violationCount,
+        blockedCount: (data.blockedCount as number) || this.blockedCount,
+        lastCheck: data.lastCheck as string | undefined,
+        currentIntent: this.currentIntent || undefined,
+      };
+    }
+
+    return {
+      mode: this.mode,
+      enabled: this.mode !== 'off',
+      violationCount: this.violationCount,
+      blockedCount: this.blockedCount,
+      currentIntent: this.currentIntent || undefined,
+    };
+  }
+
+  /**
+   * Set firewall mode
+   */
+  async setMode(mode: FirewallMode): Promise<boolean> {
+    const result = await this.cliService.shieldSetMode(mode);
+    if (result.success) {
+      this.mode = mode;
+      return true;
+    }
+    return false;
+  }
+
+  /**
+   * Get current mode
+   */
+  getMode(): FirewallMode {
+    return this.mode;
+  }
+
+  /**
+   * Check if firewall is enabled
+   */
+  isEnabled(): boolean {
+    return this.mode !== 'off';
+  }
+
+  // ═══════════════════════════════════════════════════════════════════════════════
+  // Intent Management (Enhanced for MCP)
+  // ═══════════════════════════════════════════════════════════════════════════════
+
+  /**
+   * Get current intent
+   */
+  async getIntent(): Promise<Intent | null> {
+    const result = await this.cliService.intentShow();
+
+    if (result.success && result.data) {
+      const data = result.data as Record<string, unknown>;
+      const intent: Intent = {
+        summary: (data.summary as string) || (data.intent as string) || '',
+        constraints: (data.constraints as string[]) || [],
+        timestamp: data.timestamp as string | undefined,
+        sessionId: data.sessionId as string | undefined,
+        hash: data.hash as string | undefined,
+      };
+
+      if (intent.summary) {
+        this.currentIntent = intent;
+        return intent;
+      }
+    }
+
+    // Try parsing non-JSON output
+    if (result.output && result.output.includes('Intent:')) {
+      const summaryMatch = result.output.match(/Intent:\s*(.+)/);
+      if (summaryMatch) {
+        const intent: Intent = {
+          summary: summaryMatch[1].trim(),
+          constraints: [],
+        };
+        this.currentIntent = intent;
+        return intent;
+      }
+    }
+
+    this.currentIntent = null;
+    return null;
+  }
+
+  /**
+   * Set intent with summary and constraints
+   */
+  async setIntent(summary: string, constraints: string[] = []): Promise<boolean> {
+    const result = await this.cliService.intentSet(summary, constraints);
+
+    if (result.success) {
+      this.currentIntent = {
+        summary,
+        constraints,
+        timestamp: new Date().toISOString(),
+        sessionId: this.sessionId,
+      };
+
+      // Auto-enable observe mode if off
+      if (this.mode === 'off') {
+        await this.setMode('observe');
+      }
+
+      this.logAction('intent_set', { summary, constraints });
+      return true;
+    }
+
+    return false;
+  }
+
+  /**
+   * Set intent from a template
+   */
+  async setIntentFromTemplate(templateName: string, customSummary?: string): Promise<boolean> {
+    const template = INTENT_TEMPLATES.find(t =>
+      t.name.toLowerCase() === templateName.toLowerCase()
+    );
+
+    if (!template) {
+      return false;
+    }
+
+    const summary = customSummary || template.summary;
+    return this.setIntent(summary, template.constraints);
+  }
+
+  /**
+   * Clear current intent
+   */
+  async clearIntent(): Promise<boolean> {
+    const result = await this.cliService.intentClear();
+
+    if (result.success) {
+      this.currentIntent = null;
+      this.logAction('intent_cleared', {});
+      return true;
+    }
+
+    return false;
+  }
+
+  /**
+   * Get cached intent (no CLI call)
+   */
+  getCurrentIntent(): Intent | null {
+    return this.currentIntent;
+  }
+
+  /**
+   * Check if intent is set
+   */
+  hasIntent(): boolean {
+    return this.currentIntent !== null && this.currentIntent.summary.length > 0;
+  }
+
+  /**
+   * Get all intent templates
+   */
+  getTemplates(): IntentTemplate[] {
+    return INTENT_TEMPLATES;
+  }
+
+  /**
+   * Get a specific template by name
+   */
+  getTemplate(name: string): IntentTemplate | undefined {
+    return INTENT_TEMPLATES.find(t =>
+      t.name.toLowerCase() === name.toLowerCase()
+    );
+  }
+
+  // ═══════════════════════════════════════════════════════════════════════════════
+  // Shield Check & Verification
+  // ═══════════════════════════════════════════════════════════════════════════════
+
+  /**
+   * Run comprehensive shield check
+   */
+  async check(): Promise<ShieldCheckResult | null> {
+    const result = await this.cliService.shieldCheck();
+
+    if (result.success && result.data) {
+      const data = result.data as Record<string, unknown>;
+      const checkResult: ShieldCheckResult = {
+        passed: (data.passed as boolean) ?? data.verdict === 'SHIP',
+        score: (data.score as number) || 0,
+        verdict: (data.verdict as 'SHIP' | 'WARN' | 'BLOCK') || 'WARN',
+        findings: (data.findings as ShieldCheckResult['findings']) || [],
+        truthpack: data.truthpack as ShieldCheckResult['truthpack'],
+      };
+
+      this.logAction('shield_check', { verdict: checkResult.verdict, score: checkResult.score });
+      return checkResult;
+    }
+
+    return null;
+  }
+
+  /**
+   * Verify AI claims against current state
+   */
+  async verify(claims?: string): Promise<FirewallVerdict | null> {
+    const result = await this.cliService.shieldVerify(claims);
+
+    if (result.success && result.data) {
+      const data = result.data as Record<string, unknown>;
+      const verdict: FirewallVerdict = {
+        allowed: (data.allowed as boolean) ?? true,
+        verdict: (data.verdict as 'ALLOW' | 'WARN' | 'BLOCK') || 'ALLOW',
+        violations: (data.violations as FirewallVerdict['violations']) || [],
+        unblockPlan: data.unblockPlan as FirewallVerdict['unblockPlan'],
+      };
+
+      if (!verdict.allowed) {
+        this.violationCount++;
+        if (verdict.verdict === 'BLOCK') {
+          this.blockedCount++;
+        }
+      }
+
+      this.logAction('verify', { verdict: verdict.verdict, allowed: verdict.allowed });
+      return verdict;
+    }
+
+    return null;
+  }
+
+  // ═══════════════════════════════════════════════════════════════════════════════
+  // Enhanced MCP-Specific Features
+  // ═══════════════════════════════════════════════════════════════════════════════
+
+  /**
+   * Verify a specific claim made by an AI agent
+   * This is an enhanced verification that analyzes the claim semantically
+   */
+  async verifyClaim(request: ClaimVerificationRequest): Promise<ClaimVerificationResult> {
+    // First, check if we have an intent set
+    if (this.mode === 'enforce' && !this.hasIntent()) {
+      return {
+        verified: false,
+        confidence: 0,
+        verdict: 'REJECTED',
+        reasons: ['No intent is set. In enforce mode, all actions require an intent.'],
+      };
+    }
+
+    // Run shield verification
+    const shieldResult = await this.verify(request.claim);
+
+    // Build evidence array
+    const evidence: ClaimEvidence[] = [];
+
+    // Check claim against intent constraints
+    const constraintViolations: string[] = [];
+    if (this.currentIntent) {
+      for (const constraint of this.currentIntent.constraints) {
+        // Simple heuristic check for constraint violations
+        const claimLower = request.claim.toLowerCase();
+        const constraintLower = constraint.toLowerCase();
+
+        // Check for obvious violations
+        if (constraintLower.includes('no new') && claimLower.includes('add')) {
+          if (constraintLower.includes('env') && claimLower.includes('env')) {
+            constraintViolations.push(`Constraint violation: "${constraint}"`);
+          }
+          if (constraintLower.includes('dependencies') && claimLower.includes('install')) {
+            constraintViolations.push(`Constraint violation: "${constraint}"`);
+          }
+        }
+        if (constraintLower.includes('no auth') && claimLower.includes('auth')) {
+          constraintViolations.push(`Constraint violation: "${constraint}"`);
+        }
+        if (constraintLower.includes('no behavior') && claimLower.includes('change')) {
+          constraintViolations.push(`Constraint violation: "${constraint}"`);
+        }
+      }
+    }
+
+    // Calculate confidence based on findings
+    let confidence = 100;
+    const reasons: string[] = [];
+
+    if (shieldResult) {
+      if (!shieldResult.allowed) {
+        confidence -= 50;
+        reasons.push('Shield verification failed');
+      }
+      for (const violation of shieldResult.violations || []) {
+        confidence -= 10;
+        reasons.push(violation.message);
+        evidence.push({
+          type: 'behavior',
+          content: violation.message,
+          relevance: 0.8,
+        });
+      }
+    }
+
+    for (const violation of constraintViolations) {
+      confidence -= 20;
+      reasons.push(violation);
+    }
+
+    // Determine verdict
+    let verdict: 'VERIFIED' | 'SUSPICIOUS' | 'REJECTED';
+    if (confidence >= 80) {
+      verdict = 'VERIFIED';
+    } else if (confidence >= 50) {
+      verdict = 'SUSPICIOUS';
+    } else {
+      verdict = 'REJECTED';
+    }
+
+    const result: ClaimVerificationResult = {
+      verified: confidence >= 80,
+      confidence: Math.max(0, confidence),
+      verdict,
+      reasons: reasons.length > 0 ? reasons : ['Claim appears valid'],
+      evidence: evidence.length > 0 ? evidence : undefined,
+    };
+
+    this.logAction('claim_verification', {
+      claim: request.claim.substring(0, 100),
+      verdict,
+      confidence,
+    });
+
+    return result;
+  }
+
+  /**
+   * Gate an action based on current firewall state and intent
+   */
+  gateAction(action: string, category: ActionCategory): ActionGateResult {
+    // If firewall is off, allow everything
+    if (this.mode === 'off') {
+      return {
+        allowed: true,
+        reason: 'Firewall is disabled',
+        requiresIntent: false,
+      };
+    }
+
+    // Check if intent is required for this action category
+    const sensitiveCategories: ActionCategory[] = ['write', 'execute', 'sensitive'];
+    const requiresIntent = sensitiveCategories.includes(category);
+
+    // In observe mode, allow but warn
+    if (this.mode === 'observe') {
+      if (requiresIntent && !this.hasIntent()) {
+        return {
+          allowed: true,
+          reason: 'Action allowed (observe mode) but intent is recommended',
+          requiresIntent: true,
+          suggestedIntent: this.suggestIntentForAction(action),
+        };
+      }
+      return {
+        allowed: true,
+        reason: 'Action allowed (observe mode)',
+        requiresIntent: false,
+      };
+    }
+
+    // In enforce mode, block sensitive actions without intent
+    if (this.mode === 'enforce') {
+      if (requiresIntent && !this.hasIntent()) {
+        this.blockedCount++;
+        return {
+          allowed: false,
+          reason: 'Intent required for this action in enforce mode',
+          requiresIntent: true,
+          suggestedIntent: this.suggestIntentForAction(action),
+        };
+      }
+
+      // Check if action matches intent
+      if (this.currentIntent) {
+        const matchResult = this.matchActionToIntent(action);
+        if (!matchResult.matches) {
+          this.violationCount++;
+          return {
+            allowed: false,
+            reason: `Action does not match current intent: ${matchResult.reason}`,
+            requiresIntent: true,
+          };
+        }
+      }
+
+      return {
+        allowed: true,
+        reason: 'Action allowed (matches intent)',
+        requiresIntent: false,
+      };
+    }
+
+    return {
+      allowed: true,
+      reason: 'Action allowed',
+      requiresIntent: false,
+    };
+  }
+
+  /**
+   * Suggest an intent template based on the action
+   */
+  private suggestIntentForAction(action: string): IntentTemplate | undefined {
+    const actionLower = action.toLowerCase();
+
+    if (actionLower.includes('auth') || actionLower.includes('login')) {
+      return this.getTemplate('Add Auth');
+    }
+    if (actionLower.includes('route') || actionLower.includes('api') || actionLower.includes('endpoint')) {
+      return this.getTemplate('Add Route');
+    }
+    if (actionLower.includes('fix') || actionLower.includes('bug')) {
+      return this.getTemplate('Bug Fix');
+    }
+    if (actionLower.includes('refactor') || actionLower.includes('clean')) {
+      return this.getTemplate('Refactor');
+    }
+    if (actionLower.includes('payment') || actionLower.includes('billing') || actionLower.includes('stripe')) {
+      return this.getTemplate('Payment Flow');
+    }
+    if (actionLower.includes('database') || actionLower.includes('migration') || actionLower.includes('schema')) {
+      return this.getTemplate('Database Migration');
+    }
+    if (actionLower.includes('update') || actionLower.includes('upgrade') || actionLower.includes('dependency')) {
+      return this.getTemplate('Dependency Update');
+    }
+
+    return this.getTemplate('Add Feature');
+  }
+
+  /**
+   * Check if an action matches the current intent
+   */
+  private matchActionToIntent(action: string): { matches: boolean; reason: string } {
+    if (!this.currentIntent) {
+      return { matches: false, reason: 'No intent set' };
+    }
+
+    const actionLower = action.toLowerCase();
+    const intentLower = this.currentIntent.summary.toLowerCase();
+
+    // Check constraints
+    for (const constraint of this.currentIntent.constraints) {
+      const constraintLower = constraint.toLowerCase();
+
+      // "No new X" constraints
+      if (constraintLower.startsWith('no new') || constraintLower.startsWith('no ')) {
+        const forbidden = constraintLower.replace(/^no (new )?/, '').trim();
+        if (actionLower.includes(forbidden)) {
+          return { matches: false, reason: `Violates constraint: ${constraint}` };
+        }
+      }
+
+      // "Do not X" constraints
+      if (constraintLower.startsWith('do not')) {
+        const forbidden = constraintLower.replace('do not', '').trim();
+        if (actionLower.includes(forbidden)) {
+          return { matches: false, reason: `Violates constraint: ${constraint}` };
+        }
+      }
+    }
+
+    return { matches: true, reason: 'Action matches intent constraints' };
+  }
+
+  // ═══════════════════════════════════════════════════════════════════════════════
+  // Action Logging (Audit Trail for MCP)
+  // ═══════════════════════════════════════════════════════════════════════════════
+
+  private logAction(action: string, details: Record<string, unknown>): void {
+    this.actionLog.push({
+      timestamp: new Date().toISOString(),
+      sessionId: this.sessionId,
+      action,
+      details,
+      mode: this.mode,
+      hasIntent: this.hasIntent(),
+    });
+
+    // Keep only last 1000 entries
+    if (this.actionLog.length > 1000) {
+      this.actionLog = this.actionLog.slice(-1000);
+    }
+  }
+
+  /**
+   * Get action log
+   */
+  getActionLog(limit?: number): ActionLogEntry[] {
+    const entries = limit ? this.actionLog.slice(-limit) : this.actionLog;
+    return entries;
+  }
+
+  /**
+   * Get session ID
+   */
+  getSessionId(): string {
+    return this.sessionId;
+  }
+
+  /**
+   * Get statistics
+   */
+  getStats(): FirewallStats {
+    return {
+      sessionId: this.sessionId,
+      mode: this.mode,
+      violationCount: this.violationCount,
+      blockedCount: this.blockedCount,
+      actionLogSize: this.actionLog.length,
+      hasIntent: this.hasIntent(),
+      currentIntent: this.currentIntent?.summary,
+    };
+  }
+}
+
+interface ActionLogEntry {
+  timestamp: string;
+  sessionId: string;
+  action: string;
+  details: Record<string, unknown>;
+  mode: FirewallMode;
+  hasIntent: boolean;
+}
+
+interface FirewallStats {
+  sessionId: string;
+  mode: FirewallMode;
+  violationCount: number;
+  blockedCount: number;
+  actionLogSize: number;
+  hasIntent: boolean;
+  currentIntent?: string;
+}