avorelo 0.1.0 → 0.3.0

package/scripts/lib/agent-security/file-write-adapter.js

@@ -1,183 +0,0 @@
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-const { classifyFilesystemWriteTarget } = require("./file-write-rules");
-
-const FILE_WRITE_ADAPTER_ID = "file-write-v1";
-
-function previewText(value) {
-  return String(value || "").slice(0, 240);
-}
-
-function isLimitedWriteAllowed(profile, decision, limitPlan) {
-  if (decision !== "let_wuz_limit") return false;
-  if (!profile.insideProject || profile.pathTraversal || profile.broadWrite) return false;
-  if (profile.sensitive || profile.workflow) return false;
-  if (limitPlan?.recommendedMode !== "limited") return false;
-  const allowedPaths = Array.isArray(limitPlan?.scope?.allowedPaths) ? limitPlan.scope.allowedPaths : [];
-  return allowedPaths.includes(profile.normalizedTarget);
-}
-
-function writeFile(action, context, targetPath) {
-  if (typeof context?.executor === "function") {
-    return context.executor({
-      targetPath,
-      content: typeof action?.content === "string" ? action.content : "",
-      cwd: context.cwd,
-      action,
-    });
-  }
-
-  fs.mkdirSync(path.dirname(targetPath), { recursive: true });
-  fs.writeFileSync(targetPath, typeof action?.content === "string" ? action.content : "", "utf8");
-  return {
-    exitCode: 0,
-    stdout: `Wrote ${path.basename(targetPath)}`,
-    stderr: "",
-  };
-}
-
-function enforceFileWrite(action, decisionRecord, limitPlan, context = {}) {
-  const decision = String(decisionRecord?.decision || "");
-  const execute = context.execute === true;
-  const timestamp = context.timestamp;
-  const profile = classifyFilesystemWriteTarget(context.cwd, action?.target || "");
-
-  if (!profile.insideProject || profile.pathTraversal) {
-    return {
-      actionId: action?.actionId || null,
-      componentId: action?.componentId || null,
-      componentType: action?.componentType || null,
-      actionType: action?.actionType || "filesystem.write",
-      decision,
-      adapterId: FILE_WRITE_ADAPTER_ID,
-      enforcementAvailable: true,
-      effectiveBehavior: "blocked",
-      executed: false,
-      exitCode: null,
-      stdoutPreview: "",
-      stderrPreview: "",
-      reason: "Writes outside the current project root are not allowed.",
-      timestamp,
-    };
-  }
-
-  if (profile.broadWrite) {
-    return {
-      actionId: action?.actionId || null,
-      componentId: action?.componentId || null,
-      componentType: action?.componentType || null,
-      actionType: action?.actionType || "filesystem.write",
-      decision,
-      adapterId: FILE_WRITE_ADAPTER_ID,
-      enforcementAvailable: true,
-      effectiveBehavior: "blocked",
-      executed: false,
-      exitCode: null,
-      stdoutPreview: "",
-      stderrPreview: "",
-      reason: "Broad or wildcard file writes are not allowed.",
-      timestamp,
-    };
-  }
-
-  if (decision === "deny") {
-    return {
-      actionId: action?.actionId || null,
-      componentId: action?.componentId || null,
-      componentType: action?.componentType || null,
-      actionType: action?.actionType || "filesystem.write",
-      decision,
-      adapterId: FILE_WRITE_ADAPTER_ID,
-      enforcementAvailable: true,
-      effectiveBehavior: "blocked",
-      executed: false,
-      exitCode: null,
-      stdoutPreview: "",
-      stderrPreview: "",
-      reason: "User denied this file write.",
-      timestamp,
-    };
-  }
-
-  if (decision === "let_wuz_limit" && !isLimitedWriteAllowed(profile, decision, limitPlan)) {
-    return {
-      actionId: action?.actionId || null,
-      componentId: action?.componentId || null,
-      componentType: action?.componentType || null,
-      actionType: action?.actionType || "filesystem.write",
-      decision,
-      adapterId: FILE_WRITE_ADAPTER_ID,
-      enforcementAvailable: true,
-      effectiveBehavior: "blocked",
-      executed: false,
-      exitCode: null,
-      stdoutPreview: "",
-      stderrPreview: "",
-      reason: limitPlan?.reason || (
-        profile.sensitive
-          ? "Sensitive file writes are not allowed by the limited plan."
-          : profile.workflow
-            ? "Workflow file writes are not allowed by the limited plan."
-            : "No safe limited version found. Recommended: deny."
-      ),
-      timestamp,
-    };
-  }
-
-  if (execute !== true) {
-    return {
-      actionId: action?.actionId || null,
-      componentId: action?.componentId || null,
-      componentType: action?.componentType || null,
-      actionType: action?.actionType || "filesystem.write",
-      decision,
-      adapterId: FILE_WRITE_ADAPTER_ID,
-      enforcementAvailable: true,
-      effectiveBehavior: decision === "let_wuz_limit" ? "limited" : "dry_run_only",
-      executed: false,
-      exitCode: null,
-      stdoutPreview: "",
-      stderrPreview: "",
-      reason: decision === "let_wuz_limit"
-        ? (limitPlan?.reason || "Wuz limited this action to the current task.")
-        : "Approved once for this exact file write.",
-      timestamp,
-    };
-  }
-
-  const result = writeFile(action, context, profile.absoluteTarget);
-  return {
-    actionId: action?.actionId || null,
-    componentId: action?.componentId || null,
-    componentType: action?.componentType || null,
-    actionType: action?.actionType || "filesystem.write",
-    decision,
-    adapterId: FILE_WRITE_ADAPTER_ID,
-    enforcementAvailable: true,
-    effectiveBehavior: decision === "let_wuz_limit" ? "limited" : "allowed",
-    executed: true,
-    exitCode: Number.isFinite(Number(result?.exitCode)) ? Number(result.exitCode) : 0,
-    stdoutPreview: previewText(result?.stdout || "Requested file write completed."),
-    stderrPreview: previewText(result?.stderr || ""),
-    reason: decision === "let_wuz_limit"
-      ? (limitPlan?.reason || "Wuz limited this action to the current task.")
-      : "Approved once for this exact file write.",
-    timestamp,
-  };
-}
-
-const FILE_WRITE_ADAPTER = {
-  adapterId: FILE_WRITE_ADAPTER_ID,
-  canEvaluate: true,
-  canEnforce: true,
-  supportedActionTypes: ["filesystem.write"],
-  enforce: enforceFileWrite,
-};
-
-module.exports = {
-  FILE_WRITE_ADAPTER_ID,
-  FILE_WRITE_ADAPTER,
-  enforceFileWrite,
-};

package/scripts/lib/agent-security/file-write-rules.js

@@ -1,178 +0,0 @@
-"use strict";
-
-const crypto = require("crypto");
-const path = require("path");
-
-function sha256(value) {
-  return crypto.createHash("sha256").update(String(value || "")).digest("hex");
-}
-
-function normalizePath(value) {
-  return String(value || "").replace(/\\/g, "/");
-}
-
-function normalizeTargetPath(value) {
-  return normalizePath(String(value || "").trim()).replace(/^\.\//, "");
-}
-
-function contentHashFromAction(action) {
-  if (action?.contentHash) return String(action.contentHash);
-  if (typeof action?.content === "string") return sha256(action.content);
-  return null;
-}
-
-function targetHashFromAction(action) {
-  const normalizedTarget = normalizeTargetPath(action?.target || "");
-  return normalizedTarget ? sha256(normalizedTarget.toLowerCase()) : null;
-}
-
-function hasPathTraversal(target) {
-  return normalizeTargetPath(target)
-    .split("/")
-    .filter(Boolean)
-    .includes("..");
-}
-
-function resolveProjectTarget(cwd, target) {
-  const rawTarget = String(target || "");
-  const normalizedTarget = normalizeTargetPath(rawTarget);
-  const absoluteTarget = path.resolve(cwd, rawTarget || ".");
-  const relativeFromRoot = normalizePath(path.relative(cwd, absoluteTarget));
-  const insideProject = relativeFromRoot === ""
-    ? true
-    : !relativeFromRoot.startsWith("..") && !path.isAbsolute(relativeFromRoot);
-
-  return {
-    rawTarget,
-    normalizedTarget,
-    absoluteTarget,
-    relativeFromRoot,
-    insideProject,
-    pathTraversal: hasPathTraversal(rawTarget) || !insideProject,
-  };
-}
-
-function isBroadWriteTarget(target) {
-  const normalized = normalizeTargetPath(target);
-  return !normalized || /[*?]/.test(normalized) || /\/$/.test(normalized);
-}
-
-function isSensitiveWriteTarget(target) {
-  return /(?:^|\/)(?:\.env(?:\..+)?|\.ssh|\.aws|\.gcp|\.azure)(?:\/|$)|\b(secret|secrets|token|tokens|private[_ -]?key|private-key|id_rsa|id_dsa|id_ed25519|credential|credentials)\b/i.test(
-    normalizeTargetPath(target),
-  );
-}
-
-function isWorkflowWriteTarget(target) {
-  return /(?:^|\/)\.github\/workflows\/.+/i.test(normalizeTargetPath(target));
-}
-
-function isPackageFileTarget(target) {
-  return /(?:^|\/)(?:package\.json|package-lock\.json|pnpm-lock\.ya?ml|yarn\.lock)$/i.test(normalizeTargetPath(target));
-}
-
-function isDockerFileTarget(target) {
-  return /(?:^|\/)(?:dockerfile(?:\..+)?|(?:docker-)?compose(?:\..+)?\.(?:ya?ml))$/i.test(normalizeTargetPath(target));
-}
-
-function isConfigFileTarget(target) {
-  return /(?:^|\/)(?:tsconfig\.json|jsconfig\.json|\.eslintrc(?:\..+)?|\.prettierrc(?:\..+)?|\.npmrc|\.yarnrc(?:\.yml)?|\.editorconfig|vite\.config\.[a-z]+|webpack\.config\.[a-z]+)$/i.test(
-    normalizeTargetPath(target),
-  );
-}
-
-function isScriptFileTarget(target) {
-  return /(?:^|\/)scripts\/.+/i.test(normalizeTargetPath(target));
-}
-
-function isSourceFileTarget(target) {
-  return /(?:^|\/)src\/.+/i.test(normalizeTargetPath(target));
-}
-
-function isTestFileTarget(target) {
-  return /(?:^|\/)(?:test|tests)\/.+/i.test(normalizeTargetPath(target));
-}
-
-function isDocsFileTarget(target) {
-  return /(?:^|\/)(?:docs\/.+|readme(?:\..+)?)$/i.test(normalizeTargetPath(target));
-}
-
-function classifyFilesystemWriteTarget(cwd, target) {
-  const resolved = resolveProjectTarget(cwd, target);
-  const broadWrite = isBroadWriteTarget(resolved.normalizedTarget);
-  const sensitive = isSensitiveWriteTarget(resolved.normalizedTarget);
-  const workflow = isWorkflowWriteTarget(resolved.normalizedTarget);
-  const packageFile = isPackageFileTarget(resolved.normalizedTarget);
-  const dockerFile = isDockerFileTarget(resolved.normalizedTarget);
-  const configFile = isConfigFileTarget(resolved.normalizedTarget);
-  const scriptFile = isScriptFileTarget(resolved.normalizedTarget);
-  const sourceFile = isSourceFileTarget(resolved.normalizedTarget);
-  const testFile = isTestFileTarget(resolved.normalizedTarget);
-  const docsFile = isDocsFileTarget(resolved.normalizedTarget);
-  const reasons = [];
-  let riskLevel = "low";
-  let safeLimited = false;
-
-  if (!resolved.insideProject || resolved.pathTraversal) {
-    reasons.push("Path traversal or outside-project write was requested.");
-    riskLevel = "high";
-  } else if (broadWrite) {
-    reasons.push("Broad or wildcard file writes are not allowed.");
-    riskLevel = "high";
-  } else if (sensitive) {
-    reasons.push("Sensitive file writes are not allowed.");
-    riskLevel = "high";
-  } else if (workflow) {
-    reasons.push("Workflow file writes can change CI or supply-chain behavior.");
-    riskLevel = "high";
-  } else if (packageFile) {
-    reasons.push("Package file writes can expand install or runtime behavior.");
-    riskLevel = "medium";
-  } else if (dockerFile || configFile || scriptFile) {
-    reasons.push("Config, script, or Docker-related writes need review.");
-    riskLevel = "medium";
-  } else if (sourceFile || testFile || docsFile) {
-    reasons.push("Scoped project file write stays within a normal working area.");
-    riskLevel = "low";
-    safeLimited = true;
-  } else {
-    reasons.push("Project write access is requested.");
-    riskLevel = "medium";
-  }
-
-  return {
-    ...resolved,
-    broadWrite,
-    sensitive,
-    workflow,
-    packageFile,
-    dockerFile,
-    configFile,
-    scriptFile,
-    sourceFile,
-    testFile,
-    docsFile,
-    safeLimited,
-    riskLevel,
-    reasons,
-  };
-}
-
-module.exports = {
-  normalizePath,
-  normalizeTargetPath,
-  contentHashFromAction,
-  targetHashFromAction,
-  resolveProjectTarget,
-  isSensitiveWriteTarget,
-  isWorkflowWriteTarget,
-  isPackageFileTarget,
-  isDockerFileTarget,
-  isConfigFileTarget,
-  isScriptFileTarget,
-  isSourceFileTarget,
-  isTestFileTarget,
-  isDocsFileTarget,
-  isBroadWriteTarget,
-  classifyFilesystemWriteTarget,
-};