avorelo 0.1.0

package/scripts/lib/agent-security/file-write-adapter.js

@@ -0,0 +1,183 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { classifyFilesystemWriteTarget } = require("./file-write-rules");
+
+const FILE_WRITE_ADAPTER_ID = "file-write-v1";
+
+function previewText(value) {
+  return String(value || "").slice(0, 240);
+}
+
+function isLimitedWriteAllowed(profile, decision, limitPlan) {
+  if (decision !== "let_wuz_limit") return false;
+  if (!profile.insideProject || profile.pathTraversal || profile.broadWrite) return false;
+  if (profile.sensitive || profile.workflow) return false;
+  if (limitPlan?.recommendedMode !== "limited") return false;
+  const allowedPaths = Array.isArray(limitPlan?.scope?.allowedPaths) ? limitPlan.scope.allowedPaths : [];
+  return allowedPaths.includes(profile.normalizedTarget);
+}
+
+function writeFile(action, context, targetPath) {
+  if (typeof context?.executor === "function") {
+    return context.executor({
+      targetPath,
+      content: typeof action?.content === "string" ? action.content : "",
+      cwd: context.cwd,
+      action,
+    });
+  }
+
+  fs.mkdirSync(path.dirname(targetPath), { recursive: true });
+  fs.writeFileSync(targetPath, typeof action?.content === "string" ? action.content : "", "utf8");
+  return {
+    exitCode: 0,
+    stdout: `Wrote ${path.basename(targetPath)}`,
+    stderr: "",
+  };
+}
+
+function enforceFileWrite(action, decisionRecord, limitPlan, context = {}) {
+  const decision = String(decisionRecord?.decision || "");
+  const execute = context.execute === true;
+  const timestamp = context.timestamp;
+  const profile = classifyFilesystemWriteTarget(context.cwd, action?.target || "");
+
+  if (!profile.insideProject || profile.pathTraversal) {
+    return {
+      actionId: action?.actionId || null,
+      componentId: action?.componentId || null,
+      componentType: action?.componentType || null,
+      actionType: action?.actionType || "filesystem.write",
+      decision,
+      adapterId: FILE_WRITE_ADAPTER_ID,
+      enforcementAvailable: true,
+      effectiveBehavior: "blocked",
+      executed: false,
+      exitCode: null,
+      stdoutPreview: "",
+      stderrPreview: "",
+      reason: "Writes outside the current project root are not allowed.",
+      timestamp,
+    };
+  }
+
+  if (profile.broadWrite) {
+    return {
+      actionId: action?.actionId || null,
+      componentId: action?.componentId || null,
+      componentType: action?.componentType || null,
+      actionType: action?.actionType || "filesystem.write",
+      decision,
+      adapterId: FILE_WRITE_ADAPTER_ID,
+      enforcementAvailable: true,
+      effectiveBehavior: "blocked",
+      executed: false,
+      exitCode: null,
+      stdoutPreview: "",
+      stderrPreview: "",
+      reason: "Broad or wildcard file writes are not allowed.",
+      timestamp,
+    };
+  }
+
+  if (decision === "deny") {
+    return {
+      actionId: action?.actionId || null,
+      componentId: action?.componentId || null,
+      componentType: action?.componentType || null,
+      actionType: action?.actionType || "filesystem.write",
+      decision,
+      adapterId: FILE_WRITE_ADAPTER_ID,
+      enforcementAvailable: true,
+      effectiveBehavior: "blocked",
+      executed: false,
+      exitCode: null,
+      stdoutPreview: "",
+      stderrPreview: "",
+      reason: "User denied this file write.",
+      timestamp,
+    };
+  }
+
+  if (decision === "let_wuz_limit" && !isLimitedWriteAllowed(profile, decision, limitPlan)) {
+    return {
+      actionId: action?.actionId || null,
+      componentId: action?.componentId || null,
+      componentType: action?.componentType || null,
+      actionType: action?.actionType || "filesystem.write",
+      decision,
+      adapterId: FILE_WRITE_ADAPTER_ID,
+      enforcementAvailable: true,
+      effectiveBehavior: "blocked",
+      executed: false,
+      exitCode: null,
+      stdoutPreview: "",
+      stderrPreview: "",
+      reason: limitPlan?.reason || (
+        profile.sensitive
+          ? "Sensitive file writes are not allowed by the limited plan."
+          : profile.workflow
+            ? "Workflow file writes are not allowed by the limited plan."
+            : "No safe limited version found. Recommended: deny."
+      ),
+      timestamp,
+    };
+  }
+
+  if (execute !== true) {
+    return {
+      actionId: action?.actionId || null,
+      componentId: action?.componentId || null,
+      componentType: action?.componentType || null,
+      actionType: action?.actionType || "filesystem.write",
+      decision,
+      adapterId: FILE_WRITE_ADAPTER_ID,
+      enforcementAvailable: true,
+      effectiveBehavior: decision === "let_wuz_limit" ? "limited" : "dry_run_only",
+      executed: false,
+      exitCode: null,
+      stdoutPreview: "",
+      stderrPreview: "",
+      reason: decision === "let_wuz_limit"
+        ? (limitPlan?.reason || "Wuz limited this action to the current task.")
+        : "Approved once for this exact file write.",
+      timestamp,
+    };
+  }
+
+  const result = writeFile(action, context, profile.absoluteTarget);
+  return {
+    actionId: action?.actionId || null,
+    componentId: action?.componentId || null,
+    componentType: action?.componentType || null,
+    actionType: action?.actionType || "filesystem.write",
+    decision,
+    adapterId: FILE_WRITE_ADAPTER_ID,
+    enforcementAvailable: true,
+    effectiveBehavior: decision === "let_wuz_limit" ? "limited" : "allowed",
+    executed: true,
+    exitCode: Number.isFinite(Number(result?.exitCode)) ? Number(result.exitCode) : 0,
+    stdoutPreview: previewText(result?.stdout || "Requested file write completed."),
+    stderrPreview: previewText(result?.stderr || ""),
+    reason: decision === "let_wuz_limit"
+      ? (limitPlan?.reason || "Wuz limited this action to the current task.")
+      : "Approved once for this exact file write.",
+    timestamp,
+  };
+}
+
+const FILE_WRITE_ADAPTER = {
+  adapterId: FILE_WRITE_ADAPTER_ID,
+  canEvaluate: true,
+  canEnforce: true,
+  supportedActionTypes: ["filesystem.write"],
+  enforce: enforceFileWrite,
+};
+
+module.exports = {
+  FILE_WRITE_ADAPTER_ID,
+  FILE_WRITE_ADAPTER,
+  enforceFileWrite,
+};

package/scripts/lib/agent-security/file-write-rules.js

@@ -0,0 +1,178 @@
+"use strict";
+
+const crypto = require("crypto");
+const path = require("path");
+
+function sha256(value) {
+  return crypto.createHash("sha256").update(String(value || "")).digest("hex");
+}
+
+function normalizePath(value) {
+  return String(value || "").replace(/\\/g, "/");
+}
+
+function normalizeTargetPath(value) {
+  return normalizePath(String(value || "").trim()).replace(/^\.\//, "");
+}
+
+function contentHashFromAction(action) {
+  if (action?.contentHash) return String(action.contentHash);
+  if (typeof action?.content === "string") return sha256(action.content);
+  return null;
+}
+
+function targetHashFromAction(action) {
+  const normalizedTarget = normalizeTargetPath(action?.target || "");
+  return normalizedTarget ? sha256(normalizedTarget.toLowerCase()) : null;
+}
+
+function hasPathTraversal(target) {
+  return normalizeTargetPath(target)
+    .split("/")
+    .filter(Boolean)
+    .includes("..");
+}
+
+function resolveProjectTarget(cwd, target) {
+  const rawTarget = String(target || "");
+  const normalizedTarget = normalizeTargetPath(rawTarget);
+  const absoluteTarget = path.resolve(cwd, rawTarget || ".");
+  const relativeFromRoot = normalizePath(path.relative(cwd, absoluteTarget));
+  const insideProject = relativeFromRoot === ""
+    ? true
+    : !relativeFromRoot.startsWith("..") && !path.isAbsolute(relativeFromRoot);
+
+  return {
+    rawTarget,
+    normalizedTarget,
+    absoluteTarget,
+    relativeFromRoot,
+    insideProject,
+    pathTraversal: hasPathTraversal(rawTarget) || !insideProject,
+  };
+}
+
+function isBroadWriteTarget(target) {
+  const normalized = normalizeTargetPath(target);
+  return !normalized || /[*?]/.test(normalized) || /\/$/.test(normalized);
+}
+
+function isSensitiveWriteTarget(target) {
+  return /(?:^|\/)(?:\.env(?:\..+)?|\.ssh|\.aws|\.gcp|\.azure)(?:\/|$)|\b(secret|secrets|token|tokens|private[_ -]?key|private-key|id_rsa|id_dsa|id_ed25519|credential|credentials)\b/i.test(
+    normalizeTargetPath(target),
+  );
+}
+
+function isWorkflowWriteTarget(target) {
+  return /(?:^|\/)\.github\/workflows\/.+/i.test(normalizeTargetPath(target));
+}
+
+function isPackageFileTarget(target) {
+  return /(?:^|\/)(?:package\.json|package-lock\.json|pnpm-lock\.ya?ml|yarn\.lock)$/i.test(normalizeTargetPath(target));
+}
+
+function isDockerFileTarget(target) {
+  return /(?:^|\/)(?:dockerfile(?:\..+)?|(?:docker-)?compose(?:\..+)?\.(?:ya?ml))$/i.test(normalizeTargetPath(target));
+}
+
+function isConfigFileTarget(target) {
+  return /(?:^|\/)(?:tsconfig\.json|jsconfig\.json|\.eslintrc(?:\..+)?|\.prettierrc(?:\..+)?|\.npmrc|\.yarnrc(?:\.yml)?|\.editorconfig|vite\.config\.[a-z]+|webpack\.config\.[a-z]+)$/i.test(
+    normalizeTargetPath(target),
+  );
+}
+
+function isScriptFileTarget(target) {
+  return /(?:^|\/)scripts\/.+/i.test(normalizeTargetPath(target));
+}
+
+function isSourceFileTarget(target) {
+  return /(?:^|\/)src\/.+/i.test(normalizeTargetPath(target));
+}
+
+function isTestFileTarget(target) {
+  return /(?:^|\/)(?:test|tests)\/.+/i.test(normalizeTargetPath(target));
+}
+
+function isDocsFileTarget(target) {
+  return /(?:^|\/)(?:docs\/.+|readme(?:\..+)?)$/i.test(normalizeTargetPath(target));
+}
+
+function classifyFilesystemWriteTarget(cwd, target) {
+  const resolved = resolveProjectTarget(cwd, target);
+  const broadWrite = isBroadWriteTarget(resolved.normalizedTarget);
+  const sensitive = isSensitiveWriteTarget(resolved.normalizedTarget);
+  const workflow = isWorkflowWriteTarget(resolved.normalizedTarget);
+  const packageFile = isPackageFileTarget(resolved.normalizedTarget);
+  const dockerFile = isDockerFileTarget(resolved.normalizedTarget);
+  const configFile = isConfigFileTarget(resolved.normalizedTarget);
+  const scriptFile = isScriptFileTarget(resolved.normalizedTarget);
+  const sourceFile = isSourceFileTarget(resolved.normalizedTarget);
+  const testFile = isTestFileTarget(resolved.normalizedTarget);
+  const docsFile = isDocsFileTarget(resolved.normalizedTarget);
+  const reasons = [];
+  let riskLevel = "low";
+  let safeLimited = false;
+
+  if (!resolved.insideProject || resolved.pathTraversal) {
+    reasons.push("Path traversal or outside-project write was requested.");
+    riskLevel = "high";
+  } else if (broadWrite) {
+    reasons.push("Broad or wildcard file writes are not allowed.");
+    riskLevel = "high";
+  } else if (sensitive) {
+    reasons.push("Sensitive file writes are not allowed.");
+    riskLevel = "high";
+  } else if (workflow) {
+    reasons.push("Workflow file writes can change CI or supply-chain behavior.");
+    riskLevel = "high";
+  } else if (packageFile) {
+    reasons.push("Package file writes can expand install or runtime behavior.");
+    riskLevel = "medium";
+  } else if (dockerFile || configFile || scriptFile) {
+    reasons.push("Config, script, or Docker-related writes need review.");
+    riskLevel = "medium";
+  } else if (sourceFile || testFile || docsFile) {
+    reasons.push("Scoped project file write stays within a normal working area.");
+    riskLevel = "low";
+    safeLimited = true;
+  } else {
+    reasons.push("Project write access is requested.");
+    riskLevel = "medium";
+  }
+
+  return {
+    ...resolved,
+    broadWrite,
+    sensitive,
+    workflow,
+    packageFile,
+    dockerFile,
+    configFile,
+    scriptFile,
+    sourceFile,
+    testFile,
+    docsFile,
+    safeLimited,
+    riskLevel,
+    reasons,
+  };
+}
+
+module.exports = {
+  normalizePath,
+  normalizeTargetPath,
+  contentHashFromAction,
+  targetHashFromAction,
+  resolveProjectTarget,
+  isSensitiveWriteTarget,
+  isWorkflowWriteTarget,
+  isPackageFileTarget,
+  isDockerFileTarget,
+  isConfigFileTarget,
+  isScriptFileTarget,
+  isSourceFileTarget,
+  isTestFileTarget,
+  isDocsFileTarget,
+  isBroadWriteTarget,
+  classifyFilesystemWriteTarget,
+};