agentsys 5.0.3 → 5.1.0

package/plugins/debate/lib/enhance/security-patterns.js

@@ -0,0 +1,284 @@
+/**
+ * Security Patterns
+ * Detection patterns for security vulnerabilities in plugins
+ *
+ * @author Avi Fenesh
+ * @license MIT
+ */
+
+/**
+ * Security patterns with certainty levels
+ */
+const securityPatterns = {
+  /**
+   * Unrestricted Bash tool access
+   * HIGH certainty - security risk
+   */
+  unrestricted_bash: {
+    id: 'unrestricted_bash',
+    category: 'security',
+    certainty: 'HIGH',
+    autoFix: false,
+    description: 'Agent has unrestricted Bash tool access',
+    pattern: /^tools:\s*.*\bBash\b(?!\s*\()/m,
+    check: (content, filePath) => {
+      // Check for Bash without restrictions in agent frontmatter
+      const frontmatterMatch = content.match(/^---\n([\s\S]*?)\n---/);
+      if (!frontmatterMatch) return null;
+
+      const frontmatter = frontmatterMatch[1];
+      const toolsMatch = frontmatter.match(/^tools:[ \t]*(\S.*)?$/m);
+      if (!toolsMatch) return null;
+
+      const tools = toolsMatch[1];
+      // Bash without parentheses means unrestricted
+      if (/\bBash\b(?!\s*\()/.test(tools)) {
+        return {
+          issue: 'Unrestricted Bash access',
+          fix: 'Add restrictions like Bash(git:*) or Bash(npm:*)',
+          line: content.substring(0, frontmatterMatch.index + frontmatterMatch[0].indexOf(toolsMatch[0])).split('\n').length
+        };
+      }
+      return null;
+    }
+  },
+
+  /**
+   * Command injection via string interpolation
+   * HIGH certainty - dangerous pattern
+   */
+  command_injection: {
+    id: 'command_injection',
+    category: 'security',
+    certainty: 'HIGH',
+    autoFix: false,
+    description: 'Potential command injection via string interpolation',
+    pattern: /\$\{[^}]*\}/,
+    check: (content, filePath) => {
+      const issues = [];
+      const lines = content.split('\n');
+
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Look for shell commands with interpolation (string checks avoid ReDoS)
+        if (/\b(?:exec|spawn|system|shell)\b|`|Bash/i.test(line) && /[(`]/.test(line) && line.includes('${')) {
+          issues.push({
+            issue: 'Command injection risk via string interpolation',
+            fix: 'Validate and escape user input before shell execution',
+            line: i + 1
+          });
+        }
+      }
+
+      return issues.length > 0 ? issues : null;
+    }
+  },
+
+  /**
+   * Path traversal patterns
+   * HIGH certainty - security risk
+   */
+  path_traversal: {
+    id: 'path_traversal',
+    category: 'security',
+    certainty: 'HIGH',
+    autoFix: false,
+    description: 'Potential path traversal vulnerability',
+    pattern: /\.\.\//,
+    check: (content, filePath) => {
+      const issues = [];
+      const lines = content.split('\n');
+
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Look for user-controlled paths with ../ (string checks avoid ReDoS)
+        if (/\b(?:path|file|dir)\b/i.test(line) && line.includes('$') && line.includes('../')) {
+          issues.push({
+            issue: 'Path traversal risk - user input may contain ../',
+            fix: 'Validate paths and use path.resolve() with base directory check',
+            line: i + 1
+          });
+        }
+      }
+
+      return issues.length > 0 ? issues : null;
+    }
+  },
+
+  /**
+   * Hardcoded secrets in agent files
+   * HIGH certainty - critical
+   */
+  hardcoded_secrets: {
+    id: 'hardcoded_secrets',
+    category: 'security',
+    certainty: 'HIGH',
+    autoFix: false,
+    description: 'Potential hardcoded secrets',
+    pattern: /(api[_-]?key|secret|token|password|credential)\s*[:=]\s*["'`][^"'`\s]{8,}["'`]/i,
+    check: (content, filePath) => {
+      const issues = [];
+      const lines = content.split('\n');
+      const secretPattern = /(api[_-]?key|secret|token|password|credential)\s*[:=]\s*["'`](?!\$\{)(?!\{\{)[^"'`\s]{8,}["'`]/i;
+
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (secretPattern.test(line)) {
+          issues.push({
+            issue: 'Potential hardcoded secret',
+            fix: 'Use environment variables instead',
+            line: i + 1
+          });
+        }
+      }
+
+      return issues.length > 0 ? issues : null;
+    }
+  },
+
+  /**
+   * Missing input validation
+   * MEDIUM certainty - may be intentional
+   */
+  missing_input_validation: {
+    id: 'missing_input_validation',
+    category: 'security',
+    certainty: 'MEDIUM',
+    autoFix: false,
+    description: 'User input used without validation',
+    check: (content, filePath) => {
+      const issues = [];
+      const lines = content.split('\n');
+
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Look for direct use of ARGUMENTS without validation
+        if (/\$ARGUMENTS/.test(line) && !/validate|check|verify|sanitize/.test(lines.slice(Math.max(0, i - 5), i + 1).join('\n').toLowerCase())) {
+          issues.push({
+            issue: 'User input ($ARGUMENTS) used without apparent validation',
+            fix: 'Add input validation before using user-provided arguments',
+            line: i + 1
+          });
+        }
+      }
+
+      return issues.length > 0 ? issues : null;
+    }
+  },
+
+  /**
+   * Broad file access patterns
+   * MEDIUM certainty - may be required
+   */
+  broad_file_access: {
+    id: 'broad_file_access',
+    category: 'security',
+    certainty: 'MEDIUM',
+    autoFix: false,
+    description: 'Agent requests broad file system access',
+    check: (content, filePath) => {
+      const frontmatterMatch = content.match(/^---\n([\s\S]*?)\n---/);
+      if (!frontmatterMatch) return null;
+
+      const frontmatter = frontmatterMatch[1];
+      const toolsMatch = frontmatter.match(/^tools:[ \t]*(\S.*)?$/m);
+      if (!toolsMatch) return null;
+
+      const tools = toolsMatch[1];
+      // Check for Write or Edit without restrictions
+      if (/\b(Write|Edit)\b(?!\s*\()/.test(tools)) {
+        return {
+          issue: 'Broad file write access',
+          fix: 'Consider restricting to specific directories',
+          line: content.substring(0, frontmatterMatch.index + frontmatterMatch[0].indexOf(toolsMatch[0])).split('\n').length
+        };
+      }
+      return null;
+    }
+  },
+
+  /**
+   * Unsafe eval patterns
+   * HIGH certainty - dangerous
+   */
+  unsafe_eval: {
+    id: 'unsafe_eval',
+    category: 'security',
+    certainty: 'HIGH',
+    autoFix: false,
+    description: 'Unsafe eval() or Function() usage',
+    pattern: /\b(?:eval|Function)\s*\(/,
+    check: (content, filePath) => {
+      const issues = [];
+      const lines = content.split('\n');
+
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (/\b(?:eval|Function)\s*\(/.test(line)) {
+          issues.push({
+            issue: 'Unsafe eval() or Function() usage',
+            fix: 'Avoid dynamic code execution - use safer alternatives',
+            line: i + 1
+          });
+        }
+      }
+
+      return issues.length > 0 ? issues : null;
+    }
+  }
+};
+
+/**
+ * Get all security patterns
+ * @returns {Object} All security patterns
+ */
+function getAllPatterns() {
+  return securityPatterns;
+}
+
+/**
+ * Get patterns by certainty level
+ * @param {string} certainty - HIGH, MEDIUM, or LOW
+ * @returns {Object} Filtered patterns
+ */
+function getPatternsByCertainty(certainty) {
+  const result = {};
+  for (const [name, pattern] of Object.entries(securityPatterns)) {
+    if (pattern.certainty === certainty) {
+      result[name] = pattern;
+    }
+  }
+  return result;
+}
+
+/**
+ * Run all security checks on content
+ * @param {string} content - File content
+ * @param {string} filePath - File path
+ * @returns {Array} Array of issues found
+ */
+function checkSecurity(content, filePath) {
+  const issues = [];
+
+  for (const [name, pattern] of Object.entries(securityPatterns)) {
+    if (pattern.check) {
+      const result = pattern.check(content, filePath);
+      if (result) {
+        if (Array.isArray(result)) {
+          issues.push(...result.map(r => ({ ...r, patternId: pattern.id, certainty: pattern.certainty })));
+        } else {
+          issues.push({ ...result, patternId: pattern.id, certainty: pattern.certainty });
+        }
+      }
+    }
+  }
+
+  return issues;
+}
+
+module.exports = {
+  securityPatterns,
+  getAllPatterns,
+  getPatternsByCertainty,
+  checkSecurity
+};

package/plugins/debate/lib/enhance/skill-analyzer.js

@@ -0,0 +1,182 @@
+/**
+ * Skill analyzer for /enhance.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { skillPatterns } = require('./skill-patterns');
+const { parseMarkdownFrontmatter } = require('./agent-analyzer');
+
+function analyzeSkill(skillPath) {
+  const results = {
+    skillName: path.basename(path.dirname(skillPath)),
+    skillPath,
+    structureIssues: [],
+    triggerIssues: []
+  };
+
+  if (!fs.existsSync(skillPath)) {
+    results.structureIssues.push({
+      issue: 'File not found',
+      file: skillPath,
+      certainty: 'HIGH',
+      patternId: 'file_not_found'
+    });
+    return results;
+  }
+
+  let content = '';
+  try {
+    content = fs.readFileSync(skillPath, 'utf8');
+  } catch (err) {
+    results.structureIssues.push({
+      issue: `Failed to read file: ${err.message}`,
+      file: skillPath,
+      certainty: 'HIGH',
+      patternId: 'read_error'
+    });
+    return results;
+  }
+
+  const missingFm = skillPatterns.missing_frontmatter.check(content);
+  if (missingFm) {
+    results.structureIssues.push({
+      ...missingFm,
+      file: skillPath,
+      certainty: skillPatterns.missing_frontmatter.certainty,
+      patternId: skillPatterns.missing_frontmatter.id
+    });
+  }
+
+  const { frontmatter } = parseMarkdownFrontmatter(content);
+  const missingName = skillPatterns.missing_name.check(frontmatter);
+  if (missingName) {
+    results.structureIssues.push({
+      ...missingName,
+      file: skillPath,
+      certainty: skillPatterns.missing_name.certainty,
+      patternId: skillPatterns.missing_name.id
+    });
+  }
+
+  const missingDescription = skillPatterns.missing_description.check(frontmatter);
+  if (missingDescription) {
+    results.structureIssues.push({
+      ...missingDescription,
+      file: skillPath,
+      certainty: skillPatterns.missing_description.certainty,
+      patternId: skillPatterns.missing_description.id
+    });
+  }
+
+  const missingTrigger = skillPatterns.missing_trigger_phrase.check(frontmatter);
+  if (missingTrigger) {
+    results.triggerIssues.push({
+      ...missingTrigger,
+      file: skillPath,
+      certainty: skillPatterns.missing_trigger_phrase.certainty,
+      patternId: skillPatterns.missing_trigger_phrase.id,
+      autoFix: skillPatterns.missing_trigger_phrase.autoFix
+    });
+  }
+
+  // Check new patterns from Claude Code Best Practices
+  if (skillPatterns.side_effect_without_disable) {
+    const sideEffect = skillPatterns.side_effect_without_disable.check(frontmatter, content);
+    if (sideEffect) {
+      results.structureIssues.push({
+        ...sideEffect,
+        file: skillPath,
+        certainty: skillPatterns.side_effect_without_disable.certainty,
+        patternId: skillPatterns.side_effect_without_disable.id
+      });
+    }
+  }
+
+  if (skillPatterns.missing_context_fork) {
+    const missingFork = skillPatterns.missing_context_fork.check(frontmatter, content);
+    if (missingFork) {
+      results.structureIssues.push({
+        ...missingFork,
+        file: skillPath,
+        certainty: skillPatterns.missing_context_fork.certainty,
+        patternId: skillPatterns.missing_context_fork.id
+      });
+    }
+  }
+
+  if (skillPatterns.missing_allowed_tools) {
+    const missingTools = skillPatterns.missing_allowed_tools.check(frontmatter);
+    if (missingTools) {
+      results.structureIssues.push({
+        ...missingTools,
+        file: skillPath,
+        certainty: skillPatterns.missing_allowed_tools.certainty,
+        patternId: skillPatterns.missing_allowed_tools.id
+      });
+    }
+  }
+
+  return results;
+}
+
+function analyzeAllSkills(skillsDir) {
+  const results = [];
+  if (!fs.existsSync(skillsDir)) return results;
+
+  const skillFiles = [];
+  const skipDirs = new Set(['node_modules', '.git', 'dist', 'build', 'out', 'target']);
+
+  function walk(dir) {
+    let entries;
+    try {
+      entries = fs.readdirSync(dir, { withFileTypes: true });
+    } catch (err) {
+      return;
+    }
+
+    for (const entry of entries) {
+      const fullPath = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        if (!skipDirs.has(entry.name)) {
+          walk(fullPath);
+        }
+        continue;
+      }
+
+      if (entry.isFile() && entry.name === 'SKILL.md') {
+        skillFiles.push(fullPath);
+      }
+    }
+  }
+
+  walk(skillsDir);
+
+  for (const skillPath of skillFiles) {
+    results.push(analyzeSkill(skillPath));
+  }
+
+  return results;
+}
+
+function analyze(options = {}) {
+  const {
+    skill,
+    skillsDir = 'plugins/enhance/skills'
+  } = options;
+
+  if (skill) {
+    const skillPath = skill.endsWith('SKILL.md')
+      ? skill
+      : path.join(skillsDir, skill, 'SKILL.md');
+    return analyzeSkill(skillPath);
+  }
+
+  return analyzeAllSkills(skillsDir);
+}
+
+module.exports = {
+  analyzeSkill,
+  analyzeAllSkills,
+  analyze
+};

package/plugins/debate/lib/enhance/skill-patterns.js

@@ -0,0 +1,147 @@
+/**
+ * Skill patterns for /enhance.
+ */
+
+const skillPatterns = {
+  missing_frontmatter: {
+    id: 'missing_frontmatter',
+    certainty: 'HIGH',
+    check(content) {
+      if (!content || !content.trim().startsWith('---')) {
+        return { issue: 'Missing YAML frontmatter in SKILL.md' };
+      }
+      return null;
+    }
+  },
+  missing_name: {
+    id: 'missing_name',
+    certainty: 'HIGH',
+    check(frontmatter) {
+      if (!frontmatter || !frontmatter.name) {
+        return { issue: 'Missing name in SKILL.md frontmatter' };
+      }
+      return null;
+    }
+  },
+  missing_description: {
+    id: 'missing_description',
+    certainty: 'HIGH',
+    check(frontmatter) {
+      if (!frontmatter || !frontmatter.description) {
+        return { issue: 'Missing description in SKILL.md frontmatter' };
+      }
+      return null;
+    }
+  },
+  missing_trigger_phrase: {
+    id: 'missing_trigger_phrase',
+    certainty: 'MEDIUM',
+    autoFix: true,
+    check(frontmatter) {
+      if (!frontmatter || !frontmatter.description) return null;
+      if (!/use when user asks/i.test(frontmatter.description)) {
+        return { issue: 'Description missing "Use when user asks" trigger phrase' };
+      }
+      return null;
+    }
+  },
+
+  // ============================================
+  // PATTERNS FROM CLAUDE CODE BEST PRACTICES
+  // Source: https://code.claude.com/docs/en/best-practices
+  // ============================================
+
+  /**
+   * Side-effect skill without disable-model-invocation
+   * HIGH certainty - skills with side effects should be manual-only
+   */
+  side_effect_without_disable: {
+    id: 'side_effect_without_disable',
+    certainty: 'HIGH',
+    check(frontmatter, content) {
+      if (!frontmatter) return null;
+
+      // Check if skill has side effects indicators
+      const sideEffectPatterns = [
+        /\b(?:deploy|ship|push|merge|commit|delete|remove|publish)\b/i,
+        /\bgit\s+(?:push|commit|reset)\b/i,
+        /\bcreate\s+(?:PR|pull\s+request|issue)\b/i,
+        /\bsend\s+(?:email|notification|message)\b/i,
+        /\brun\s+(?:migration|deploy)\b/i
+      ];
+
+      const hasSideEffects = sideEffectPatterns.some(p => {
+        return p.test(frontmatter.name || '') ||
+               p.test(frontmatter.description || '') ||
+               (content && p.test(content));
+      });
+
+      if (hasSideEffects && frontmatter['disable-model-invocation'] !== true) {
+        return {
+          issue: 'Skill with side effects should have disable-model-invocation: true',
+          fix: 'Add "disable-model-invocation: true" to frontmatter for manual-only invocation'
+        };
+      }
+      return null;
+    }
+  },
+
+  /**
+   * Missing context: fork for isolated execution
+   * MEDIUM certainty - skills that read many files should fork context
+   */
+  missing_context_fork: {
+    id: 'missing_context_fork',
+    certainty: 'MEDIUM',
+    check(frontmatter, content) {
+      if (!frontmatter) return null;
+
+      // Check if skill does extensive exploration
+      const explorationPatterns = [
+        /\b(?:search|explore|analyze|scan)\s+(?:the\s+)?(?:codebase|repo|project)\b/i,
+        /\bread\s+(?:all|many|multiple)\s+files\b/i,
+        /\b(?:deep|thorough)\s+(?:analysis|review|investigation)\b/i
+      ];
+
+      const doesExploration = explorationPatterns.some(p => {
+        return p.test(frontmatter.description || '') ||
+               (content && p.test(content));
+      });
+
+      if (doesExploration && frontmatter.context !== 'fork') {
+        return {
+          issue: 'Exploration skill should use context: fork to keep main context clean',
+          fix: 'Add "context: fork" to run in isolated subagent context'
+        };
+      }
+      return null;
+    }
+  },
+
+  /**
+   * Missing allowed-tools restriction
+   * MEDIUM certainty - skills should specify allowed tools
+   */
+  missing_allowed_tools: {
+    id: 'missing_allowed_tools',
+    certainty: 'MEDIUM',
+    check(frontmatter) {
+      if (!frontmatter) return null;
+
+      // Only flag if skill has context: fork (subagent execution)
+      if (frontmatter.context !== 'fork') return null;
+
+      if (!frontmatter['allowed-tools']) {
+        return {
+          issue: 'Forked skill missing allowed-tools restriction',
+          fix: 'Add "allowed-tools: Read, Grep, Glob" to scope subagent capabilities'
+        };
+      }
+      return null;
+    }
+  }
+};
+
+module.exports = {
+  skillPatterns
+};