@yail259/overnight 0.1.0 → 0.2.0

package/src/security.ts

@@ -0,0 +1,162 @@
+import { appendFileSync } from "fs";
+import { resolve, relative, isAbsolute } from "path";
+import { type SecurityConfig, DEFAULT_DENY_PATTERNS } from "./types.js";
+
+// Simple glob pattern matching (supports * and **)
+function matchesPattern(filePath: string, pattern: string): boolean {
+  // Normalize path
+  const normalizedPath = filePath.replace(/\\/g, "/");
+
+  // Convert glob to regex
+  let regex = pattern
+    .replace(/\./g, "\\.")           // Escape dots
+    .replace(/\*\*/g, "{{GLOBSTAR}}")  // Placeholder for **
+    .replace(/\*/g, "[^/]*")         // * matches anything except /
+    .replace(/{{GLOBSTAR}}/g, ".*"); // ** matches anything including /
+
+  // Match anywhere in path if pattern doesn't start with /
+  if (!pattern.startsWith("/")) {
+    regex = `(^|/)${regex}`;
+  }
+
+  return new RegExp(regex + "$").test(normalizedPath);
+}
+
+function isPathWithinSandbox(filePath: string, sandboxDir: string): boolean {
+  const absolutePath = isAbsolute(filePath) ? filePath : resolve(process.cwd(), filePath);
+  const absoluteSandbox = isAbsolute(sandboxDir) ? sandboxDir : resolve(process.cwd(), sandboxDir);
+
+  const relativePath = relative(absoluteSandbox, absolutePath);
+
+  // If relative path starts with .. or is absolute, it's outside sandbox
+  return !relativePath.startsWith("..") && !isAbsolute(relativePath);
+}
+
+function isPathDenied(filePath: string, denyPatterns: string[]): string | null {
+  for (const pattern of denyPatterns) {
+    if (matchesPattern(filePath, pattern)) {
+      return pattern;
+    }
+  }
+  return null;
+}
+
+export function createSecurityHooks(config: SecurityConfig) {
+  const sandboxDir = config.sandbox_dir;
+  const denyPatterns = config.deny_patterns ?? DEFAULT_DENY_PATTERNS;
+  const auditLog = config.audit_log;
+
+  // PreToolUse hook for path validation
+  const preToolUseHook = async (
+    input: Record<string, unknown>,
+    _toolUseId: string | null,
+    _context: { signal?: AbortSignal }
+  ) => {
+    const hookEventName = input.hook_event_name as string;
+    if (hookEventName !== "PreToolUse") return {};
+
+    const toolName = input.tool_name as string;
+    const toolInput = input.tool_input as Record<string, unknown>;
+
+    // Extract file path based on tool
+    let filePath: string | undefined;
+    if (toolName === "Read" || toolName === "Write" || toolName === "Edit") {
+      filePath = toolInput.file_path as string;
+    } else if (toolName === "Glob" || toolName === "Grep") {
+      filePath = toolInput.path as string;
+    } else if (toolName === "Bash") {
+      // For Bash, we can't easily validate paths, but we can log
+      const command = toolInput.command as string;
+      if (auditLog) {
+        const timestamp = new Date().toISOString();
+        appendFileSync(auditLog, `${timestamp} [BASH] ${command}\n`);
+      }
+      return {};
+    }
+
+    if (!filePath) return {};
+
+    // Check sandbox
+    if (sandboxDir && !isPathWithinSandbox(filePath, sandboxDir)) {
+      return {
+        hookSpecificOutput: {
+          hookEventName,
+          permissionDecision: "deny",
+          permissionDecisionReason: `Path "${filePath}" is outside sandbox directory "${sandboxDir}"`,
+        },
+      };
+    }
+
+    // Check deny patterns
+    const matchedPattern = isPathDenied(filePath, denyPatterns);
+    if (matchedPattern) {
+      return {
+        hookSpecificOutput: {
+          hookEventName,
+          permissionDecision: "deny",
+          permissionDecisionReason: `Path "${filePath}" matches deny pattern "${matchedPattern}"`,
+        },
+      };
+    }
+
+    return {};
+  };
+
+  // PostToolUse hook for audit logging
+  const postToolUseHook = async (
+    input: Record<string, unknown>,
+    _toolUseId: string | null,
+    _context: { signal?: AbortSignal }
+  ) => {
+    if (!auditLog) return {};
+
+    const hookEventName = input.hook_event_name as string;
+    if (hookEventName !== "PostToolUse") return {};
+
+    const toolName = input.tool_name as string;
+    const toolInput = input.tool_input as Record<string, unknown>;
+    const timestamp = new Date().toISOString();
+
+    let logEntry = `${timestamp} [${toolName}]`;
+
+    if (toolName === "Read" || toolName === "Write" || toolName === "Edit") {
+      logEntry += ` ${toolInput.file_path}`;
+    } else if (toolName === "Glob") {
+      logEntry += ` pattern=${toolInput.pattern} path=${toolInput.path ?? "."}`;
+    } else if (toolName === "Grep") {
+      logEntry += ` pattern=${toolInput.pattern}`;
+    }
+
+    appendFileSync(auditLog, logEntry + "\n");
+    return {};
+  };
+
+  return {
+    PreToolUse: [
+      { matcher: "Read|Write|Edit|Glob|Grep|Bash", hooks: [preToolUseHook] },
+    ],
+    PostToolUse: [
+      { matcher: "Read|Write|Edit|Glob|Grep|Bash", hooks: [postToolUseHook] },
+    ],
+  };
+}
+
+export function validateSecurityConfig(config: SecurityConfig): void {
+  if (config.sandbox_dir) {
+    const resolved = isAbsolute(config.sandbox_dir)
+      ? config.sandbox_dir
+      : resolve(process.cwd(), config.sandbox_dir);
+    console.log(`  Sandbox: ${resolved}`);
+  }
+
+  const denyPatterns = config.deny_patterns ?? DEFAULT_DENY_PATTERNS;
+  console.log(`  Deny patterns: ${denyPatterns.length} patterns`);
+
+  if (config.max_turns) {
+    console.log(`  Max turns: ${config.max_turns}`);
+  }
+
+  if (config.audit_log) {
+    console.log(`  Audit log: ${config.audit_log}`);
+  }
+}

package/src/types.ts

@@ -1,4 +1,13 @@
+export interface SecurityConfig {
+  sandbox_dir?: string;        // All paths must be under this directory
+  deny_patterns?: string[];    // Block files matching these glob patterns
+  max_turns?: number;          // Max agent iterations (prevents runaway)
+  audit_log?: string;          // Path to audit log file
+}
+
 export interface JobConfig {
+  id?: string;                // Stable task identifier for dependency references
+  depends_on?: string[];      // IDs of tasks that must complete before this one
   prompt: string;
   working_dir?: string;
   timeout_seconds?: number;
@@ -8,6 +17,7 @@ export interface JobConfig {
   allowed_tools?: string[];
   retry_count?: number;
   retry_delay?: number;
+  security?: SecurityConfig;
 }
 
 export interface JobResult {
@@ -20,11 +30,17 @@ export interface JobResult {
   retries: number;
 }
 
+export interface InProgressTask {
+  hash: string;
+  prompt: string;
+  sessionId?: string;  // SDK session ID for resumption
+  startedAt: string;
+}
+
 export interface RunState {
-  completed_indices: number[];
-  results: JobResult[];
+  completed: Record<string, JobResult>; // keyed by task hash
+  inProgress?: InProgressTask;          // currently running task
   timestamp: string;
-  total_jobs: number;
 }
 
 export interface TasksFile {
@@ -34,6 +50,7 @@ export interface TasksFile {
     verify?: boolean;
     verify_prompt?: string;
     allowed_tools?: string[];
+    security?: SecurityConfig;
   };
   tasks: (string | JobConfig)[];
 }
@@ -43,6 +60,22 @@ export const DEFAULT_TIMEOUT = 300;
 export const DEFAULT_STALL_TIMEOUT = 120;
 export const DEFAULT_RETRY_COUNT = 3;
 export const DEFAULT_RETRY_DELAY = 5;
-export const DEFAULT_VERIFY_PROMPT = "Verify this is complete and correct. If there are issues, list them.";
+export const DEFAULT_VERIFY_PROMPT = "Review what you just implemented. Check for correctness, completeness, and compile errors. Fix any issues you find.";
 export const DEFAULT_STATE_FILE = ".overnight-state.json";
 export const DEFAULT_NTFY_TOPIC = "overnight";
+export const DEFAULT_MAX_TURNS = 100;
+export const DEFAULT_DENY_PATTERNS = [
+  "**/.env",
+  "**/.env.*",
+  "**/.git/config",
+  "**/credentials*",
+  "**/*.key",
+  "**/*.pem",
+  "**/*.p12",
+  "**/id_rsa*",
+  "**/id_ed25519*",
+  "**/.ssh/*",
+  "**/.aws/*",
+  "**/.npmrc",
+  "**/.netrc",
+];