agileflow 2.78.0 → 2.80.0

package/scripts/damage-control/patterns.yaml

@@ -0,0 +1,227 @@
+# AgileFlow Damage Control - Security Patterns
+#
+# This file defines patterns for blocking destructive commands and protecting
+# sensitive paths. The damage control hooks read this file to determine
+# whether to allow, block, or ask for confirmation before executing commands.
+#
+# Exit codes from hooks:
+#   0 = Allow command to proceed
+#   2 = Block command (show error to user)
+#
+# To ask for confirmation, hooks output JSON: {"result": "ask", "message": "..."}
+
+# ============================================================================
+# BASH TOOL PATTERNS
+# ============================================================================
+# Regex patterns to match against bash commands
+# If matched with ask: false (or no ask key), command is BLOCKED
+# If matched with ask: true, user is asked for confirmation
+
+bashToolPatterns:
+  # Recursive/force deletion
+  - pattern: '\brm\s+-[rRf]'
+    reason: 'rm with recursive or force flags can destroy entire directories'
+
+  - pattern: '\brm\s+.*--no-preserve-root'
+    reason: 'rm with --no-preserve-root is catastrophically dangerous'
+
+  - pattern: '\brm\s+-rf\s+/'
+    reason: 'rm -rf on root directory would destroy the entire system'
+
+  # SQL destructive commands without WHERE clause
+  - pattern: 'DELETE\s+FROM\s+\w+\s*;'
+    reason: 'DELETE without WHERE clause would delete all records'
+
+  - pattern: 'TRUNCATE\s+(TABLE\s+)?\w+'
+    reason: 'TRUNCATE removes all data from table'
+
+  - pattern: 'DROP\s+(TABLE|DATABASE|SCHEMA|INDEX)'
+    reason: 'DROP commands permanently destroy database objects'
+
+  # Git force operations
+  - pattern: 'git\s+push\s+.*--force'
+    reason: 'Force push can overwrite remote history'
+    ask: true
+
+  - pattern: 'git\s+push\s+.*-f\b'
+    reason: 'Force push can overwrite remote history'
+    ask: true
+
+  - pattern: 'git\s+reset\s+--hard'
+    reason: 'Hard reset discards uncommitted changes'
+    ask: true
+
+  # Format/wipe operations
+  - pattern: '\bmkfs\b'
+    reason: 'mkfs formats filesystems, destroying all data'
+
+  - pattern: '\bdd\s+.*of=/dev/'
+    reason: 'dd writing to device can destroy disk data'
+
+  - pattern: '\bshred\b'
+    reason: 'shred permanently destroys file data'
+
+  # Credential/secret exposure
+  - pattern: 'cat\s+.*\.env'
+    reason: 'Displaying .env may expose secrets'
+    ask: true
+
+  - pattern: 'cat\s+.*/\.ssh/'
+    reason: 'Displaying SSH keys is a security risk'
+
+  - pattern: 'cat\s+.*/credentials'
+    reason: 'Displaying credentials files is a security risk'
+
+  # Cloud CLI destructive operations
+  - pattern: 'aws\s+s3\s+rm\s+--recursive'
+    reason: 'Recursive S3 delete can destroy entire buckets'
+    ask: true
+
+  - pattern: 'aws\s+ec2\s+terminate-instances'
+    reason: 'Terminating EC2 instances is irreversible'
+    ask: true
+
+  - pattern: 'gcloud\s+.*delete'
+    reason: 'GCloud delete operations may be destructive'
+    ask: true
+
+  # Docker cleanup commands
+  - pattern: 'docker\s+system\s+prune\s+-a'
+    reason: 'Docker prune -a removes all unused images'
+    ask: true
+
+  - pattern: 'docker\s+volume\s+rm'
+    reason: 'Docker volume removal may delete persistent data'
+    ask: true
+
+  # npm/package manager dangerous commands
+  - pattern: 'npm\s+unpublish'
+    reason: 'npm unpublish can break dependent packages'
+    ask: true
+
+  - pattern: 'npm\s+deprecate'
+    reason: 'npm deprecate affects package visibility'
+    ask: true
+
+# ============================================================================
+# ASK PATTERNS (CONFIRMATION REQUIRED)
+# ============================================================================
+# These patterns trigger a confirmation prompt but don't block by default
+
+askPatterns:
+  - pattern: 'DELETE\s+FROM\s+\w+\s+WHERE'
+    reason: 'Deleting specific records - confirm data is correct'
+
+  - pattern: 'UPDATE\s+\w+\s+SET'
+    reason: 'Updating records - confirm scope is correct'
+
+  - pattern: 'npm\s+publish'
+    reason: 'Publishing to npm is permanent'
+
+  - pattern: 'git\s+tag\s+-d'
+    reason: 'Deleting git tags'
+
+  - pattern: 'kubectl\s+delete'
+    reason: 'Kubernetes delete operations'
+
+# ============================================================================
+# PATH PROTECTION
+# ============================================================================
+# Three protection levels:
+#   zeroAccessPaths: Cannot read, write, edit, or delete
+#   readOnlyPaths: Can read, cannot modify or delete
+#   noDeletePaths: Can read and modify, cannot delete
+
+zeroAccessPaths:
+  # System credentials
+  - ~/.ssh/
+  - ~/.gnupg/
+  - ~/.aws/credentials
+  - ~/.config/gcloud/
+
+  # Environment secrets
+  - .env
+  - .env.local
+  - .env.production
+  - .env.*.local
+
+  # Secret files
+  - '**/secrets/**'
+  - '**/credentials/**'
+  - '**/*.pem'
+  - '**/*.key'
+  - '**/id_rsa'
+  - '**/id_ed25519'
+
+readOnlyPaths:
+  # System config
+  - /etc/
+  - ~/.bashrc
+  - ~/.zshrc
+  - ~/.profile
+
+  # Package locks (should use npm install, not edit directly)
+  - package-lock.json
+  - yarn.lock
+  - pnpm-lock.yaml
+
+  # Git internals
+  - .git/
+
+noDeletePaths:
+  # AgileFlow core
+  - .agileflow/
+  - .agileflow/config.json
+  - .agileflow/scripts/
+
+  # Claude Code hooks and commands
+  - .claude/
+  - .claude/hooks/
+  - .claude/commands/
+  - .claude/settings.json
+
+  # Project documentation (can edit, can't delete)
+  - docs/09-agents/status.json
+  - CLAUDE.md
+  - AGENTS.md
+
+# ============================================================================
+# AGILEFLOW-SPECIFIC PROTECTION
+# ============================================================================
+# Additional patterns specific to AgileFlow projects
+
+agileflowPatterns:
+  # Protect AgileFlow infrastructure
+  - pattern: 'rm.*\.agileflow'
+    reason: 'Deleting .agileflow would break AgileFlow installation'
+
+  - pattern: 'rm.*\.claude'
+    reason: 'Deleting .claude would break Claude Code configuration'
+
+  - pattern: 'rm.*status\.json'
+    reason: 'Deleting status.json would lose story tracking data'
+
+  # Dangerous npm operations in AgileFlow context
+  - pattern: 'npm\s+uninstall\s+agileflow'
+    reason: 'Uninstalling AgileFlow - confirm this is intentional'
+    ask: true
+
+# ============================================================================
+# CONFIGURATION
+# ============================================================================
+# Settings for the damage control system
+
+config:
+  # Log blocked commands for pattern refinement
+  logBlocked: true
+  logPath: .agileflow/logs/damage-control.log
+
+  # Show detailed reason when blocking
+  showBlockReason: true
+
+  # Timeout for hook execution (seconds)
+  hookTimeout: 5
+
+  # Enable/disable prompt hooks (AI-based evaluation)
+  promptHooksEnabled: false
+  promptHookMessage: 'Evaluate if this command could cause irreversible damage. Block if dangerous.'

package/scripts/damage-control/write-tool-damage-control.js

@@ -0,0 +1,254 @@
+#!/usr/bin/env node
+
+/**
+ * write-tool-damage-control.js - Enforce path protection for Write tool
+ *
+ * This PreToolUse hook runs before every Write tool execution.
+ * It checks the file path against patterns.yaml to block writes
+ * to protected paths.
+ *
+ * Path protection levels:
+ *   zeroAccessPaths: Cannot read, write, edit, or delete
+ *   readOnlyPaths: Can read, cannot write or delete
+ *   noDeletePaths: Can read and write, cannot delete (Write is allowed)
+ *
+ * Exit codes:
+ *   0 = Allow write to proceed
+ *   2 = Block write
+ *
+ * Usage (as PreToolUse hook):
+ *   node .claude/hooks/damage-control/write-tool-damage-control.js
+ *
+ * Environment:
+ *   CLAUDE_TOOL_INPUT - JSON string with tool input (contains "file_path")
+ *   CLAUDE_PROJECT_DIR - Project root directory
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+// ANSI colors for output
+const c = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  red: '\x1b[31m',
+  yellow: '\x1b[33m',
+  cyan: '\x1b[36m',
+};
+
+// Exit codes
+const EXIT_ALLOW = 0;
+const EXIT_BLOCK = 2;
+
+/**
+ * Load path protection rules from patterns.yaml
+ */
+function loadPathRules(projectDir) {
+  const locations = [
+    path.join(projectDir, '.claude/hooks/damage-control/patterns.yaml'),
+    path.join(projectDir, '.agileflow/hooks/damage-control/patterns.yaml'),
+    path.join(projectDir, 'patterns.yaml'),
+  ];
+
+  for (const loc of locations) {
+    if (fs.existsSync(loc)) {
+      try {
+        const content = fs.readFileSync(loc, 'utf8');
+        return parsePathRules(content);
+      } catch (e) {
+        console.error(`Warning: Could not parse ${loc}: ${e.message}`);
+      }
+    }
+  }
+
+  return getDefaultPathRules();
+}
+
+/**
+ * Parse path rules from YAML content
+ */
+function parsePathRules(content) {
+  const rules = {
+    zeroAccessPaths: [],
+    readOnlyPaths: [],
+    noDeletePaths: [],
+  };
+
+  let currentSection = null;
+
+  const lines = content.split('\n');
+
+  for (const line of lines) {
+    if (line.trim().startsWith('#') || line.trim() === '') continue;
+
+    if (line.match(/^zeroAccessPaths:/)) {
+      currentSection = 'zeroAccessPaths';
+      continue;
+    }
+    if (line.match(/^readOnlyPaths:/)) {
+      currentSection = 'readOnlyPaths';
+      continue;
+    }
+    if (line.match(/^noDeletePaths:/)) {
+      currentSection = 'noDeletePaths';
+      continue;
+    }
+    if (line.match(/^(bashToolPatterns|askPatterns|agileflowPatterns|config):/)) {
+      currentSection = null;
+      continue;
+    }
+
+    if (currentSection && rules[currentSection]) {
+      const pathMatch = line.match(/^\s+-\s*['"]?(.+?)['"]?\s*$/);
+      if (pathMatch) {
+        rules[currentSection].push(pathMatch[1]);
+      }
+    }
+  }
+
+  return rules;
+}
+
+/**
+ * Default path rules if patterns.yaml not found
+ */
+function getDefaultPathRules() {
+  return {
+    zeroAccessPaths: ['~/.ssh/', '~/.aws/credentials', '.env', '.env.local', '.env.production'],
+    readOnlyPaths: ['/etc/', '~/.bashrc', '~/.zshrc', 'package-lock.json', 'yarn.lock', '.git/'],
+    noDeletePaths: ['.agileflow/', '.claude/', 'docs/09-agents/status.json', 'CLAUDE.md'],
+  };
+}
+
+/**
+ * Expand home directory in path
+ */
+function expandHome(filePath) {
+  if (filePath.startsWith('~/')) {
+    return path.join(process.env.HOME || '', filePath.slice(2));
+  }
+  return filePath;
+}
+
+/**
+ * Check if a file path matches a pattern
+ */
+function pathMatches(filePath, pattern) {
+  const expandedPattern = expandHome(pattern);
+  const normalizedFile = path.normalize(filePath);
+  const normalizedPattern = path.normalize(expandedPattern);
+
+  // Exact match
+  if (normalizedFile === normalizedPattern) return true;
+
+  // Directory prefix match
+  if (pattern.endsWith('/')) {
+    if (normalizedFile.startsWith(normalizedPattern)) return true;
+  }
+
+  // Glob pattern (**)
+  if (pattern.includes('**/')) {
+    const globPart = pattern.split('**/')[1];
+    if (normalizedFile.includes(globPart)) return true;
+  }
+
+  // Wildcard at end
+  if (pattern.endsWith('*')) {
+    const prefix = normalizedPattern.slice(0, -1);
+    if (normalizedFile.startsWith(prefix)) return true;
+  }
+
+  // Basename match
+  if (!pattern.includes('/') && !pattern.includes(path.sep)) {
+    const basename = path.basename(normalizedFile);
+    if (basename === pattern) return true;
+    if (pattern.endsWith('*')) {
+      const patternBase = pattern.slice(0, -1);
+      if (basename.startsWith(patternBase)) return true;
+    }
+  }
+
+  return false;
+}
+
+/**
+ * Check if file path is protected for writing
+ * Returns: { blocked: boolean, reason: string, level: string }
+ */
+function checkPath(filePath, rules) {
+  // Check zero access paths (blocked completely)
+  for (const pattern of rules.zeroAccessPaths) {
+    if (pathMatches(filePath, pattern)) {
+      return {
+        blocked: true,
+        reason: `Path is in zero-access protected list: ${pattern}`,
+        level: 'zero-access',
+      };
+    }
+  }
+
+  // Check read-only paths (cannot write)
+  for (const pattern of rules.readOnlyPaths) {
+    if (pathMatches(filePath, pattern)) {
+      return {
+        blocked: true,
+        reason: `Path is read-only: ${pattern}`,
+        level: 'read-only',
+      };
+    }
+  }
+
+  // noDeletePaths allows writing, only blocks deletion
+  // so we don't block writes here
+
+  return { blocked: false, reason: null, level: null };
+}
+
+/**
+ * Main entry point
+ */
+function main() {
+  const toolInput = process.env.CLAUDE_TOOL_INPUT;
+  const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+
+  if (!toolInput) {
+    process.exit(EXIT_ALLOW);
+  }
+
+  let input;
+  try {
+    input = JSON.parse(toolInput);
+  } catch (e) {
+    console.error('Error parsing CLAUDE_TOOL_INPUT:', e.message);
+    process.exit(EXIT_ALLOW);
+  }
+
+  const filePath = input.file_path;
+  if (!filePath) {
+    process.exit(EXIT_ALLOW);
+  }
+
+  // Resolve to absolute path
+  const absolutePath = path.isAbsolute(filePath) ? filePath : path.join(projectDir, filePath);
+
+  // Load rules
+  const rules = loadPathRules(projectDir);
+
+  // Check path
+  const result = checkPath(absolutePath, rules);
+
+  if (result.blocked) {
+    console.error(`${c.red}${c.bold}BLOCKED${c.reset}: ${result.reason}`);
+    console.error(`${c.yellow}File: ${filePath}${c.reset}`);
+    console.error(`${c.cyan}This file is protected by damage control (${result.level}).${c.reset}`);
+    process.exit(EXIT_BLOCK);
+  }
+
+  process.exit(EXIT_ALLOW);
+}
+
+if (require.main === module) {
+  main();
+}
+
+module.exports = { checkPath, loadPathRules, pathMatches };

package/scripts/damage-control-bash.js

@@ -17,14 +17,7 @@
 
 const fs = require('fs');
 const path = require('path');
-
-// Color codes for output
-const c = {
-  red: '\x1b[38;5;203m',
-  yellow: '\x1b[38;5;215m',
-  reset: '\x1b[0m',
-  dim: '\x1b[2m'
-};
+const { c } = require('../lib/colors');
 
 /**
  * Find project root by looking for .agileflow directory
@@ -48,7 +41,7 @@ function parseSimpleYAML(content) {
   const config = {
     bashToolPatterns: [],
     askPatterns: [],
-    agileflowProtections: []
+    agileflowProtections: [],
   };
 
   let currentSection = null;
@@ -76,13 +69,22 @@ function parseSimpleYAML(content) {
       currentPattern = null;
     } else if (trimmed.startsWith('- pattern:') && currentSection) {
       // New pattern entry
-      const patternValue = trimmed.replace('- pattern:', '').trim().replace(/^["']|["']$/g, '');
+      const patternValue = trimmed
+        .replace('- pattern:', '')
+        .trim()
+        .replace(/^["']|["']$/g, '');
       currentPattern = { pattern: patternValue };
       config[currentSection].push(currentPattern);
     } else if (trimmed.startsWith('reason:') && currentPattern) {
-      currentPattern.reason = trimmed.replace('reason:', '').trim().replace(/^["']|["']$/g, '');
+      currentPattern.reason = trimmed
+        .replace('reason:', '')
+        .trim()
+        .replace(/^["']|["']$/g, '');
     } else if (trimmed.startsWith('flags:') && currentPattern) {
-      currentPattern.flags = trimmed.replace('flags:', '').trim().replace(/^["']|["']$/g, '');
+      currentPattern.flags = trimmed
+        .replace('flags:', '')
+        .trim()
+        .replace(/^["']|["']$/g, '');
     }
   }
 
@@ -96,7 +98,7 @@ function loadPatterns(projectRoot) {
   const configPaths = [
     path.join(projectRoot, '.agileflow/config/damage-control-patterns.yaml'),
     path.join(projectRoot, '.agileflow/config/damage-control-patterns.yml'),
-    path.join(projectRoot, '.agileflow/templates/damage-control-patterns.yaml')
+    path.join(projectRoot, '.agileflow/templates/damage-control-patterns.yaml'),
   ];
 
   for (const configPath of configPaths) {
@@ -135,14 +137,14 @@ function validateCommand(command, config) {
   // Check blocked patterns (bashToolPatterns + agileflowProtections)
   const blockedPatterns = [
     ...(config.bashToolPatterns || []),
-    ...(config.agileflowProtections || [])
+    ...(config.agileflowProtections || []),
   ];
 
   for (const rule of blockedPatterns) {
     if (matchesPattern(command, rule)) {
       return {
         action: 'block',
-        reason: rule.reason || 'Command blocked by damage control'
+        reason: rule.reason || 'Command blocked by damage control',
       };
     }
   }
@@ -152,7 +154,7 @@ function validateCommand(command, config) {
     if (matchesPattern(command, rule)) {
       return {
         action: 'ask',
-        reason: rule.reason || 'Please confirm this command'
+        reason: rule.reason || 'Please confirm this command',
       };
     }
   }
@@ -192,17 +194,21 @@ function main() {
       switch (result.action) {
         case 'block':
           // Output error message and block
-          console.error(`${c.red}[BLOCKED]${c.reset} ${result.reason}`);
-          console.error(`${c.dim}Command: ${command.substring(0, 100)}${command.length > 100 ? '...' : ''}${c.reset}`);
+          console.error(`${c.coral}[BLOCKED]${c.reset} ${result.reason}`);
+          console.error(
+            `${c.dim}Command: ${command.substring(0, 100)}${command.length > 100 ? '...' : ''}${c.reset}`
+          );
           process.exit(2);
           break;
 
         case 'ask':
           // Output JSON to trigger user confirmation
-          console.log(JSON.stringify({
-            result: 'ask',
-            message: result.reason
-          }));
+          console.log(
+            JSON.stringify({
+              result: 'ask',
+              message: result.reason,
+            })
+          );
           process.exit(0);
           break;
 

package/scripts/damage-control-edit.js

@@ -15,13 +15,7 @@
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
-
-// Color codes for output
-const c = {
-  red: '\x1b[38;5;203m',
-  reset: '\x1b[0m',
-  dim: '\x1b[2m'
-};
+const { c } = require('../lib/colors');
 
 /**
  * Find project root by looking for .agileflow directory
@@ -54,7 +48,7 @@ function parseSimpleYAML(content) {
   const config = {
     zeroAccessPaths: [],
     readOnlyPaths: [],
-    noDeletePaths: []
+    noDeletePaths: [],
   };
 
   let currentSection = null;
@@ -92,7 +86,7 @@ function loadPatterns(projectRoot) {
   const configPaths = [
     path.join(projectRoot, '.agileflow/config/damage-control-patterns.yaml'),
     path.join(projectRoot, '.agileflow/config/damage-control-patterns.yml'),
-    path.join(projectRoot, '.agileflow/templates/damage-control-patterns.yaml')
+    path.join(projectRoot, '.agileflow/templates/damage-control-patterns.yaml'),
   ];
 
   for (const configPath of configPaths) {
@@ -168,7 +162,7 @@ function validatePath(filePath, config) {
     return {
       action: 'block',
       reason: `Zero-access path: ${zeroMatch}`,
-      detail: 'This file is protected and cannot be accessed'
+      detail: 'This file is protected and cannot be accessed',
     };
   }
 
@@ -178,7 +172,7 @@ function validatePath(filePath, config) {
     return {
       action: 'block',
       reason: `Read-only path: ${readOnlyMatch}`,
-      detail: 'This file is read-only and cannot be edited'
+      detail: 'This file is read-only and cannot be edited',
     };
   }
 
@@ -215,7 +209,7 @@ function main() {
       const result = validatePath(filePath, config);
 
       if (result.action === 'block') {
-        console.error(`${c.red}[BLOCKED]${c.reset} ${result.reason}`);
+        console.error(`${c.coral}[BLOCKED]${c.reset} ${result.reason}`);
         console.error(`${c.dim}${result.detail}${c.reset}`);
         console.error(`${c.dim}File: ${filePath}${c.reset}`);
         process.exit(2);