avorelo 0.1.0 → 0.2.0

package/scripts/lib/agent-security/package-action-adapter.js

@@ -1,175 +0,0 @@
-"use strict";
-
-const { spawnSync } = require("child_process");
-const { classifyPackageAction } = require("./package-action-rules");
-
-const PACKAGE_ACTION_ADAPTER_ID = "package-action-v1";
-const PREVIEW_LIMIT = 400;
-
-function truncatePreview(value) {
-  const text = String(value || "");
-  if (text.length <= PREVIEW_LIMIT) return text;
-  return `${text.slice(0, PREVIEW_LIMIT)}...`;
-}
-
-function redactPreview(value) {
-  return truncatePreview(String(value || "").replace(
-    /((?:secret|token|password|api[_-]?key)[^=\n]{0,20}=)[^\s\n]+/ig,
-    "$1[redacted]",
-  ));
-}
-
-function buildPackageAdapterResult(base, overrides = {}) {
-  return {
-    actionId: base.actionId,
-    componentId: base.componentId || null,
-    componentType: base.componentType || null,
-    actionType: base.actionType,
-    decision: base.decision || null,
-    adapterId: PACKAGE_ACTION_ADAPTER_ID,
-    enforcementAvailable: true,
-    effectiveBehavior: "recommended_only",
-    executed: false,
-    exitCode: null,
-    stdoutPreview: "",
-    stderrPreview: "",
-    reason: "",
-    timestamp: base.timestamp,
-    ...overrides,
-  };
-}
-
-function enforcePackageAction(action, context = {}) {
-  const decisionRecord = context.decisionRecord || null;
-  const limitPlan = context.limitPlan || null;
-  const execute = context.execute === true;
-  const cwd = context.cwd;
-  const command = String(action?.command || "");
-  const executor = typeof context.executor === "function" ? context.executor : null;
-  const profile = classifyPackageAction(action);
-  const base = {
-    actionId: action.actionId,
-    componentId: action.componentId,
-    componentType: action.componentType,
-    actionType: action.actionType,
-    decision: decisionRecord?.decision || null,
-    timestamp: context.timestamp,
-  };
-
-  if (
-    profile.remoteScript ||
-    profile.destructiveChain ||
-    profile.globalInstall ||
-    profile.unsafeFlags ||
-    profile.installFromUrlOrPath ||
-    profile.sensitiveTarget ||
-    profile.workflowTarget
-  ) {
-    return buildPackageAdapterResult(base, {
-      effectiveBehavior: "blocked",
-      reason: profile.reasons[0] || "This package action is not allowed.",
-    });
-  }
-
-  if (profile.lifecycleRisk && decisionRecord?.decision !== "approve_once") {
-    return buildPackageAdapterResult(base, {
-      effectiveBehavior: "blocked",
-      reason: profile.reasons[0] || "Lifecycle scripts require explicit approval.",
-    });
-  }
-
-  if (decisionRecord?.decision === "deny") {
-    return buildPackageAdapterResult(base, {
-      effectiveBehavior: "blocked",
-      reason: "User denied this package action.",
-    });
-  }
-
-  if (decisionRecord?.decision === "let_wuz_limit" && limitPlan?.recommendedMode === "deny") {
-    return buildPackageAdapterResult(base, {
-      effectiveBehavior: "blocked",
-      reason: limitPlan.reason || "No safe limited version found. Recommended: deny.",
-    });
-  }
-
-  if (decisionRecord?.decision === "let_wuz_limit" && limitPlan?.recommendedMode !== "limited") {
-    return buildPackageAdapterResult(base, {
-      effectiveBehavior: "blocked",
-      reason: limitPlan?.reason || "The limited plan could not safely allow this package action.",
-    });
-  }
-
-  if (
-    decisionRecord?.decision === "let_wuz_limit" &&
-    Array.isArray(limitPlan?.scope?.allowedCommands) &&
-    limitPlan.scope.allowedCommands.length > 0 &&
-    !limitPlan.scope.allowedCommands.includes(command)
-  ) {
-    return buildPackageAdapterResult(base, {
-      effectiveBehavior: "blocked",
-      reason: "The limited plan only allows the exact evaluated package command.",
-    });
-  }
-
-  if (!execute) {
-    return buildPackageAdapterResult(base, {
-      effectiveBehavior: decisionRecord?.decision === "let_wuz_limit" ? "limited" : "dry_run_only",
-      reason: decisionRecord?.decision === "let_wuz_limit"
-        ? (limitPlan?.reason || "Wuz limited this action to the current task.")
-        : "Execution stayed in dry-run mode.",
-    });
-  }
-
-  const child = executor
-    ? executor({ command, cwd, action, decisionRecord, limitPlan })
-    : spawnSync(command, {
-      cwd,
-      shell: true,
-      windowsHide: true,
-      encoding: "utf8",
-      timeout: 30000,
-    });
-
-  const stdoutPreview = redactPreview(child?.stdout || "");
-  const stderrPreview = redactPreview(child?.stderr || child?.error?.message || "");
-  const exitCode = typeof child?.status === "number"
-    ? child.status
-    : typeof child?.exitCode === "number"
-      ? child.exitCode
-      : child?.error
-        ? 1
-        : 1;
-
-  return buildPackageAdapterResult(base, {
-    effectiveBehavior: decisionRecord?.decision === "let_wuz_limit" ? "limited" : "allowed",
-    executed: true,
-    exitCode,
-    stdoutPreview,
-    stderrPreview,
-    reason: exitCode === 0
-      ? (decisionRecord?.decision === "let_wuz_limit"
-        ? "Package action executed within the limited project scope."
-        : "Approved package action executed once.")
-      : "Package action executed but exited with a non-zero status.",
-  });
-}
-
-const PACKAGE_ACTION_ADAPTER = {
-  adapterId: PACKAGE_ACTION_ADAPTER_ID,
-  canEvaluate: true,
-  canEnforce: true,
-  supportedActionTypes: ["package.install", "package.run", "package.script"],
-  enforce(action, decisionRecord, limitPlan, options = {}) {
-    return enforcePackageAction(action, {
-      ...options,
-      decisionRecord,
-      limitPlan,
-    });
-  },
-};
-
-module.exports = {
-  PACKAGE_ACTION_ADAPTER_ID,
-  PACKAGE_ACTION_ADAPTER,
-  enforcePackageAction,
-};

package/scripts/lib/agent-security/package-action-rules.js

@@ -1,233 +0,0 @@
-"use strict";
-
-const {
-  isSensitiveWriteTarget,
-  isWorkflowWriteTarget,
-  normalizePath,
-} = require("./file-write-rules");
-
-function normalizeCommand(value) {
-  return String(value || "").trim();
-}
-
-function normalizePackageManager(explicitValue, command) {
-  const explicit = String(explicitValue || "").trim().toLowerCase();
-  if (["npm", "pnpm", "yarn", "bun"].includes(explicit)) return explicit;
-  const normalized = normalizeCommand(command).toLowerCase();
-  if (/^npm\b/.test(normalized)) return "npm";
-  if (/^pnpm\b/.test(normalized)) return "pnpm";
-  if (/^yarn\b/.test(normalized)) return "yarn";
-  if (/^bun\b/.test(normalized)) return "bun";
-  return "unknown";
-}
-
-function hasRemoteScriptExecution(command) {
-  return /\b(curl|wget)\b[^\n]*\|\s*(bash|sh|pwsh|powershell)\b|\b(invoke-webrequest|invoke-restmethod|downloadstring)\b/i.test(
-    normalizeCommand(command),
-  );
-}
-
-function hasDestructiveChaining(command) {
-  return /(?:&&|;|\|\|)\s*(?:rm\s+-rf\b|del\s+\/[qs]\b|remove-item\b)/i.test(normalizeCommand(command));
-}
-
-function hasGlobalInstall(command) {
-  const normalized = normalizeCommand(command).toLowerCase();
-  return /\bnpm\s+(?:install|i)\b[^\n]*\s-g\b|\bpnpm\s+add\b[^\n]*\s-g\b|\byarn\s+global\s+add\b|\bbun\s+add\b[^\n]*\s-g\b/i.test(normalized);
-}
-
-function hasUnsafeFlags(command) {
-  return /\s--force\b|\s--unsafe-perm\b|\s--ignore-scripts=false\b/i.test(normalizeCommand(command));
-}
-
-function hasInstallFromUrlOrPath(command) {
-  const normalized = normalizeCommand(command);
-  return /\b(?:https?:\/\/|git\+|github:|file:|ssh:\/\/|git@)[^\s]+/i.test(normalized) ||
-    /(?:^|\s)(?:\.\.?[\\/]|[A-Za-z]:[\\/]|\/)[^\s]+/i.test(normalized) ||
-    /\b[^\s]+\.tgz\b/i.test(normalized);
-}
-
-function inferScriptName(command, explicitValue) {
-  const explicit = String(explicitValue || "").trim();
-  if (explicit) return explicit;
-  const normalized = normalizeCommand(command);
-  const runMatch = normalized.match(/^(?:npm|pnpm)\s+run\s+([a-z0-9:_-]+)/i);
-  if (runMatch) return runMatch[1];
-  const yarnRunMatch = normalized.match(/^yarn\s+(?!add\b|install\b|global\b)([a-z0-9:_-]+)/i);
-  if (yarnRunMatch) return yarnRunMatch[1];
-  const bunRunMatch = normalized.match(/^bun\s+run\s+([a-z0-9:_-]+)/i);
-  if (bunRunMatch) return bunRunMatch[1];
-  const testMatch = normalized.match(/^(?:npm|pnpm|yarn|bun)\s+(test|lint|build)\b/i);
-  if (testMatch) return testMatch[1];
-  return "unknown";
-}
-
-function inferPackageName(command, explicitValue) {
-  const explicit = String(explicitValue || "").trim();
-  if (explicit) return explicit;
-  const normalized = normalizeCommand(command);
-  const installPatterns = [
-    /^(?:npm\s+(?:install|i)|pnpm\s+add|yarn\s+add|bun\s+add)\s+([^\s-][^\s]*)/i,
-  ];
-  for (const pattern of installPatterns) {
-    const match = normalized.match(pattern);
-    if (match) return match[1];
-  }
-  return "";
-}
-
-function hasLifecycleScriptRisk(actionType, scriptName, command) {
-  const normalizedScript = String(scriptName || "").toLowerCase();
-  if (["postinstall", "preinstall", "prepare"].includes(normalizedScript)) return true;
-  if (actionType === "package.script" && /\b(postinstall|preinstall|prepare)\b/i.test(normalizeCommand(command))) return true;
-  return false;
-}
-
-function isSafeTestOrLintCommand(command, scriptName) {
-  const normalized = normalizeCommand(command).toLowerCase();
-  if (!normalized || /[|;&><]/.test(normalized)) return false;
-  if (["test", "lint"].includes(String(scriptName || "").toLowerCase())) {
-    return /^(?:npm|pnpm|yarn|bun)\s+(?:run\s+)?(?:test|lint)\b/i.test(normalized);
-  }
-  return /^(?:npm|pnpm|yarn|bun)\s+(?:run\s+)?(?:test|lint)\b/i.test(normalized);
-}
-
-function isSpecificPackageInstall(command, packageManager, packageName) {
-  const normalized = normalizeCommand(command);
-  const normalizedPackage = String(packageName || "").trim();
-  if (!normalizedPackage) return false;
-  if (!["npm", "pnpm", "yarn", "bun"].includes(packageManager)) return false;
-  if (hasGlobalInstall(normalized) || hasInstallFromUrlOrPath(normalized)) return false;
-  if (/\s-[^\s]/.test(normalized.replace(/\s--ignore-scripts\b/ig, ""))) return false;
-  return /^(?:npm\s+(?:install|i)|pnpm\s+add|yarn\s+add|bun\s+add)\s+[^\s]+(?:\s+--ignore-scripts)?\s*$/i.test(normalized);
-}
-
-function commandHasIgnoreScripts(command) {
-  return /\s--ignore-scripts\b/i.test(normalizeCommand(command));
-}
-
-function classifyPackageAction(action = {}) {
-  const actionType = String(action?.actionType || "");
-  const command = normalizeCommand(action?.command || "");
-  const target = normalizePath(action?.target || "");
-  const packageManager = normalizePackageManager(action?.packageManager, command);
-  const scriptName = inferScriptName(command, action?.scriptName);
-  const packageName = inferPackageName(command, action?.packageName);
-  const remoteScript = hasRemoteScriptExecution(command);
-  const destructiveChain = hasDestructiveChaining(command);
-  const globalInstall = hasGlobalInstall(command);
-  const unsafeFlags = hasUnsafeFlags(command);
-  const installFromUrlOrPath = hasInstallFromUrlOrPath(command);
-  const lifecycleRisk = hasLifecycleScriptRisk(actionType, scriptName, command);
-  const safeTestOrLint = isSafeTestOrLintCommand(command, scriptName);
-  const specificPackageInstall = actionType === "package.install" && isSpecificPackageInstall(command, packageManager, packageName);
-  const ignoreScripts = commandHasIgnoreScripts(command);
-  const sensitiveTarget = isSensitiveWriteTarget(`${target}\n${command}`);
-  const workflowTarget = isWorkflowWriteTarget(`${target}\n${command}`);
-  const unknownManager = packageManager === "unknown";
-  const reasons = [];
-  let riskLevel = "medium";
-  let recommendedDecision = "limit";
-  let safeLimited = false;
-
-  if (remoteScript) {
-    reasons.push("Remote script execution was detected.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (destructiveChain) {
-    reasons.push("Destructive chained command behavior was detected.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (globalInstall) {
-    reasons.push("Global package installs are outside the current project scope.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (unsafeFlags) {
-    reasons.push("Unsafe package-manager flags were detected.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (installFromUrlOrPath) {
-    reasons.push("Install from URL, git source, tarball, or outside-project path was detected.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (lifecycleRisk) {
-    reasons.push("Lifecycle scripts like preinstall, postinstall, or prepare require explicit approval.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (sensitiveTarget) {
-    reasons.push("Sensitive files or credentials are involved.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (workflowTarget) {
-    reasons.push("Workflow modification through a package action requires explicit approval.");
-    riskLevel = "high";
-    recommendedDecision = "deny";
-  } else if (safeTestOrLint) {
-    reasons.push("Known local test or lint package command.");
-    riskLevel = "low";
-    recommendedDecision = "limit";
-    safeLimited = true;
-  } else if (specificPackageInstall) {
-    reasons.push(ignoreScripts
-      ? "Specific dependency install is scoped and scripts are disabled."
-      : "Specific dependency install is scoped but can still change package state.");
-    riskLevel = "medium";
-    recommendedDecision = "limit";
-    safeLimited = ignoreScripts === true;
-  } else if (actionType === "package.run" || actionType === "package.script") {
-    reasons.push("Package script execution can run local shell behavior.");
-    riskLevel = "medium";
-    recommendedDecision = "limit";
-  } else if (actionType === "package.install" || actionType === "package.lockfile.modify") {
-    reasons.push("Package install or lockfile changes can modify project dependencies.");
-    riskLevel = "medium";
-    recommendedDecision = "limit";
-  } else if (unknownManager) {
-    reasons.push("Unknown package manager command needs review.");
-    riskLevel = "medium";
-    recommendedDecision = "limit";
-  } else {
-    reasons.push("Package action needs review.");
-  }
-
-  return {
-    actionType,
-    command,
-    target,
-    packageManager,
-    scriptName,
-    packageName,
-    remoteScript,
-    destructiveChain,
-    globalInstall,
-    unsafeFlags,
-    installFromUrlOrPath,
-    lifecycleRisk,
-    safeTestOrLint,
-    specificPackageInstall,
-    ignoreScripts,
-    sensitiveTarget,
-    workflowTarget,
-    unknownManager,
-    safeLimited,
-    riskLevel,
-    recommendedDecision,
-    reasons,
-  };
-}
-
-module.exports = {
-  normalizePackageManager,
-  inferScriptName,
-  inferPackageName,
-  hasRemoteScriptExecution,
-  hasDestructiveChaining,
-  hasGlobalInstall,
-  hasUnsafeFlags,
-  hasInstallFromUrlOrPath,
-  hasLifecycleScriptRisk,
-  isSafeTestOrLintCommand,
-  isSpecificPackageInstall,
-  commandHasIgnoreScripts,
-  classifyPackageAction,
-};

package/scripts/lib/agent-security/performance.js

@@ -1,148 +0,0 @@
-"use strict";
-
-const { safeReadJson, safeWriteJson, nowIso } = require("../fsx");
-
-const PERFORMANCE_SUMMARY_REL_PATH = ".claude/cco/security/performance-summary.json";
-
-const PERFORMANCE_GUARDRAILS = {
-  statusSummaryTargetMs: 150,
-  dashboardSummaryTargetMs: 400,
-  productSummaryTargetMs: 100,
-  guardedActionEvaluationTargetMs: 75,
-  autoPolicyDecisionTargetMs: 50,
-  basicCheckTargetMs: 1500,
-  visibilityScanTargetMs: 4000,
-  scanMaxFiles: 300,
-  scanMaxFileBytes: 256000,
-  scanMaxTotalBytes: 1500000,
-  scanMaxDepth: 10,
-  scanMaxSourceBytesPerItem: 64000,
-  scanMaxDurationMs: 5000,
-};
-
-function targetForOperation(operation) {
-  switch (operation) {
-    case "agent_security_basic_check":
-      return PERFORMANCE_GUARDRAILS.basicCheckTargetMs;
-    case "agent_security_visibility_scan":
-      return PERFORMANCE_GUARDRAILS.visibilityScanTargetMs;
-    case "agent_security_guarded_action":
-    case "agent_security_preflight":
-      return PERFORMANCE_GUARDRAILS.guardedActionEvaluationTargetMs;
-    case "agent_security_auto_policy":
-      return PERFORMANCE_GUARDRAILS.autoPolicyDecisionTargetMs;
-    case "status_summary":
-      return PERFORMANCE_GUARDRAILS.statusSummaryTargetMs;
-    case "dashboard_summary":
-      return PERFORMANCE_GUARDRAILS.dashboardSummaryTargetMs;
-    default:
-      return PERFORMANCE_GUARDRAILS.productSummaryTargetMs;
-  }
-}
-
-function createPerformanceTracker(operation, extras = {}) {
-  const startedAt = Date.now();
-  const tracker = {
-    operation,
-    startedAt,
-    filesScanned: 0,
-    bytesScanned: 0,
-    cacheHits: 0,
-    cacheMisses: 0,
-    skippedLargeFiles: 0,
-    ignoredDirectories: new Set(),
-    ignoredDirectoryCount: 0,
-    slowSteps: [],
-    timeoutHit: false,
-    maxFilesHit: false,
-    maxBytesHit: false,
-    maxDepthHit: false,
-    ...extras,
-  };
-  tracker.noteFile = (bytes = 0) => {
-    tracker.filesScanned += 1;
-    tracker.bytesScanned += Math.max(0, Number(bytes || 0));
-  };
-  tracker.noteCacheHit = () => { tracker.cacheHits += 1; };
-  tracker.noteCacheMiss = () => { tracker.cacheMisses += 1; };
-  tracker.noteSkippedLargeFile = () => { tracker.skippedLargeFiles += 1; };
-  tracker.noteIgnoredDirectory = (name) => {
-    if (name) tracker.ignoredDirectories.add(String(name));
-    tracker.ignoredDirectoryCount += 1;
-  };
-  tracker.noteSlowStep = (step, durationMs) => {
-    tracker.slowSteps.push({ step, durationMs: Math.max(0, Number(durationMs || 0)) });
-  };
-  tracker.finish = (more = {}) => {
-    const durationMs = Date.now() - startedAt;
-    const targetMs = targetForOperation(operation);
-    return {
-      operation,
-      durationMs,
-      filesScanned: tracker.filesScanned,
-      bytesScanned: tracker.bytesScanned,
-      cacheHits: tracker.cacheHits,
-      cacheMisses: tracker.cacheMisses,
-      skippedLargeFiles: tracker.skippedLargeFiles,
-      ignoredDirectories: Array.from(tracker.ignoredDirectories).sort(),
-      ignoredDirectoryCount: tracker.ignoredDirectoryCount,
-      timeoutHit: tracker.timeoutHit === true,
-      maxFilesHit: tracker.maxFilesHit === true,
-      maxBytesHit: tracker.maxBytesHit === true,
-      maxDepthHit: tracker.maxDepthHit === true,
-      slow: durationMs > targetMs,
-      targetMs,
-      slowSteps: tracker.slowSteps.slice(0, 8),
-      generatedAt: nowIso(),
-      ...more,
-    };
-  };
-  return tracker;
-}
-
-function loadPerformanceSummary(cwd) {
-  return safeReadJson(cwd, PERFORMANCE_SUMMARY_REL_PATH, {
-    generatedAt: null,
-    operations: [],
-  });
-}
-
-function recordPerformanceSummary(cwd, operationEntry) {
-  const current = loadPerformanceSummary(cwd);
-  const operations = [...(Array.isArray(current.operations) ? current.operations : []), operationEntry].slice(-50);
-  const next = {
-    generatedAt: nowIso(),
-    operations,
-  };
-  safeWriteJson(cwd, PERFORMANCE_SUMMARY_REL_PATH, next);
-  return next;
-}
-
-function latestOperationForKind(cwd, predicate) {
-  const summary = loadPerformanceSummary(cwd);
-  const operations = Array.isArray(summary.operations) ? summary.operations : [];
-  for (let index = operations.length - 1; index >= 0; index -= 1) {
-    if (predicate(operations[index])) return operations[index];
-  }
-  return null;
-}
-
-function buildCompactPerformanceSummary(cwd, operationNames) {
-  const names = new Set(Array.isArray(operationNames) ? operationNames : [operationNames]);
-  const latest = latestOperationForKind(cwd, (entry) => names.has(entry.operation));
-  if (!latest) return { lastOperationMs: null, slow: false };
-  return {
-    lastOperationMs: Number(latest.durationMs || 0),
-    slow: latest.slow === true,
-  };
-}
-
-module.exports = {
-  PERFORMANCE_SUMMARY_REL_PATH,
-  PERFORMANCE_GUARDRAILS,
-  createPerformanceTracker,
-  loadPerformanceSummary,
-  recordPerformanceSummary,
-  latestOperationForKind,
-  buildCompactPerformanceSummary,
-};