codebot-ai 1.4.3 → 1.6.0

package/dist/security.js

@@ -0,0 +1,167 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPathSafe = isPathSafe;
+exports.isCwdSafe = isCwdSafe;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+/**
+ * Path safety module for CodeBot.
+ *
+ * Prevents tools from reading/writing system-critical files and directories.
+ * Resolves symlinks to prevent bypass attacks.
+ */
+/** System-critical absolute paths that should NEVER be written to */
+const BLOCKED_ABSOLUTE_PATHS = [
+    '/etc', '/usr', '/bin', '/sbin', '/boot', '/dev', '/proc', '/sys',
+    '/var/log', '/var/run', '/lib', '/lib64',
+    // macOS system directories
+    '/System', '/Library',
+    // Windows system directories
+    'C:\\Windows', 'C:\\Program Files', 'C:\\Program Files (x86)',
+];
+/** Home-relative sensitive directories/files that should NEVER be written to */
+const BLOCKED_HOME_RELATIVE = [
+    '.ssh',
+    '.gnupg',
+    '.aws/credentials',
+    '.config/gcloud',
+    '.bashrc',
+    '.bash_profile',
+    '.zshrc',
+    '.profile',
+    '.gitconfig',
+    '.npmrc',
+];
+/**
+ * Check if a file path is safe for write/edit operations.
+ *
+ * Resolves symlinks, checks against blocked system paths,
+ * and verifies the path is within the project or user home.
+ */
+function isPathSafe(targetPath, projectRoot) {
+    try {
+        const resolved = path.resolve(targetPath);
+        // Resolve symlinks — for new files, resolve the parent directory
+        let realPath;
+        try {
+            realPath = fs.realpathSync(resolved);
+        }
+        catch {
+            // File doesn't exist yet — resolve the parent
+            const parentDir = path.dirname(resolved);
+            try {
+                const realParent = fs.realpathSync(parentDir);
+                realPath = path.join(realParent, path.basename(resolved));
+            }
+            catch {
+                // Parent doesn't exist either — use the resolved path as-is
+                realPath = resolved;
+            }
+        }
+        // Check against blocked absolute paths
+        const normalizedPath = realPath.replace(/\\/g, '/').toLowerCase();
+        for (const blocked of BLOCKED_ABSOLUTE_PATHS) {
+            const normalizedBlocked = blocked.replace(/\\/g, '/').toLowerCase();
+            if (normalizedPath === normalizedBlocked || normalizedPath.startsWith(normalizedBlocked + '/')) {
+                return { safe: false, reason: `Blocked: "${realPath}" is inside system directory "${blocked}"` };
+            }
+        }
+        // Check against home-relative sensitive paths
+        const home = os.homedir();
+        for (const relative of BLOCKED_HOME_RELATIVE) {
+            const blockedPath = path.join(home, relative);
+            const normalizedBlockedHome = blockedPath.replace(/\\/g, '/').toLowerCase();
+            if (normalizedPath === normalizedBlockedHome || normalizedPath.startsWith(normalizedBlockedHome + '/')) {
+                return { safe: false, reason: `Blocked: "${realPath}" is a sensitive file/directory (~/${relative})` };
+            }
+        }
+        // Verify path is under project root or user home
+        const normalizedProject = path.resolve(projectRoot).replace(/\\/g, '/').toLowerCase();
+        const normalizedHome = home.replace(/\\/g, '/').toLowerCase();
+        const isUnderProject = normalizedPath.startsWith(normalizedProject + '/') || normalizedPath === normalizedProject;
+        const isUnderHome = normalizedPath.startsWith(normalizedHome + '/') || normalizedPath === normalizedHome;
+        if (!isUnderProject && !isUnderHome) {
+            return { safe: false, reason: `Blocked: "${realPath}" is outside both project root and user home directory` };
+        }
+        return { safe: true };
+    }
+    catch (err) {
+        return { safe: false, reason: `Path validation error: ${err instanceof Error ? err.message : String(err)}` };
+    }
+}
+/**
+ * Check if a working directory is safe for command execution.
+ *
+ * Ensures the CWD exists, is a directory, and is under the project root.
+ */
+function isCwdSafe(cwd, projectRoot) {
+    try {
+        const resolved = path.resolve(cwd);
+        // Check it exists and is a directory
+        try {
+            const stat = fs.statSync(resolved);
+            if (!stat.isDirectory()) {
+                return { safe: false, reason: `"${resolved}" is not a directory` };
+            }
+        }
+        catch {
+            return { safe: false, reason: `Directory does not exist: "${resolved}"` };
+        }
+        // Resolve symlinks
+        let realPath;
+        try {
+            realPath = fs.realpathSync(resolved);
+        }
+        catch {
+            realPath = resolved;
+        }
+        // Verify it's under project root or user home
+        const normalizedPath = realPath.replace(/\\/g, '/').toLowerCase();
+        const normalizedProject = path.resolve(projectRoot).replace(/\\/g, '/').toLowerCase();
+        const normalizedHome = os.homedir().replace(/\\/g, '/').toLowerCase();
+        const isUnderProject = normalizedPath.startsWith(normalizedProject + '/') || normalizedPath === normalizedProject;
+        const isUnderHome = normalizedPath.startsWith(normalizedHome + '/') || normalizedPath === normalizedHome;
+        if (!isUnderProject && !isUnderHome) {
+            return { safe: false, reason: `CWD "${realPath}" is outside project root and user home directory` };
+        }
+        return { safe: true };
+    }
+    catch (err) {
+        return { safe: false, reason: `CWD validation error: ${err instanceof Error ? err.message : String(err)}` };
+    }
+}
+//# sourceMappingURL=security.js.map

package/dist/tools/batch-edit.js

@@ -36,6 +36,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BatchEditTool = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const security_1 = require("../security");
+const secrets_1 = require("../secrets");
 class BatchEditTool {
     name = 'batch_edit';
     description = 'Apply multiple find-and-replace edits across one or more files atomically. All edits are validated before any are applied. Useful for renaming, refactoring, and coordinated multi-file changes.';
@@ -64,8 +66,10 @@ class BatchEditTool {
         if (!edits || !Array.isArray(edits) || edits.length === 0) {
             return 'Error: edits array is required and must not be empty';
         }
+        const projectRoot = process.cwd();
         // Phase 1: Validate all edits before applying any
         const errors = [];
+        const warnings = [];
         const validated = [];
         // Group edits by file so we can chain them
         const byFile = new Map();
@@ -75,6 +79,12 @@ class BatchEditTool {
                 continue;
             }
             const filePath = path.resolve(edit.path);
+            // Security: path safety check
+            const safety = (0, security_1.isPathSafe)(filePath, projectRoot);
+            if (!safety.safe) {
+                errors.push(`${safety.reason}`);
+                continue;
+            }
             if (!byFile.has(filePath))
                 byFile.set(filePath, []);
             byFile.get(filePath).push(edit);
@@ -98,6 +108,11 @@ class BatchEditTool {
                     errors.push(`String found ${count} times in ${filePath} (must be unique): "${oldStr.substring(0, 60)}${oldStr.length > 60 ? '...' : ''}"`);
                     continue;
                 }
+                // Security: secret detection on new content
+                const secrets = (0, secrets_1.scanForSecrets)(newStr);
+                if (secrets.length > 0) {
+                    warnings.push(`Secrets detected in edit for ${filePath}: ${secrets.map(s => `${s.type} (${s.snippet})`).join(', ')}`);
+                }
                 content = content.replace(oldStr, newStr);
             }
             if (content !== originalContent) {
@@ -115,7 +130,11 @@ class BatchEditTool {
         }
         const fileCount = validated.length;
         const editCount = edits.length;
-        return `Applied ${editCount} edit${editCount > 1 ? 's' : ''} across ${fileCount} file${fileCount > 1 ? 's' : ''}:\n${results.map(f => `  ✓ ${f}`).join('\n')}`;
+        let output = `Applied ${editCount} edit${editCount > 1 ? 's' : ''} across ${fileCount} file${fileCount > 1 ? 's' : ''}:\n${results.map(f => `  ✓ ${f}`).join('\n')}`;
+        if (warnings.length > 0) {
+            output += `\n\n⚠️  Security warnings:\n${warnings.map(w => `  - ${w}`).join('\n')}`;
+        }
+        return output;
     }
 }
 exports.BatchEditTool = BatchEditTool;

package/dist/tools/browser.js

@@ -42,6 +42,7 @@ const fs = __importStar(require("fs"));
 // Shared browser instance across tool calls
 let client = null;
 let debugPort = 9222;
+let connectingPromise = null;
 const CHROME_DATA_DIR = path.join(os.homedir(), '.codebot', 'chrome-profile');
 /** Kill any Chrome using our debug port or data dir (but NEVER kill ourselves) */
 function killExistingChrome() {
@@ -71,8 +72,21 @@ function killExistingChrome() {
     }
 }
 async function ensureConnected() {
+    // Fast path: already connected
     if (client?.isConnected())
         return client;
+    // Mutex: if another call is already connecting, reuse that promise
+    if (connectingPromise)
+        return connectingPromise;
+    connectingPromise = doConnect();
+    try {
+        return await connectingPromise;
+    }
+    finally {
+        connectingPromise = null;
+    }
+}
+async function doConnect() {
     // Try connecting to existing Chrome with debug port
     try {
         const wsUrl = await (0, cdp_1.getDebuggerUrl)(debugPort);
@@ -172,10 +186,11 @@ async function ensureConnected() {
             'Or on macOS:\n' +
             `  /Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --remote-debugging-port=${debugPort}`);
     }
-    // Wait for Chrome to start
-    for (let i = 0; i < 10; i++) {
+    // Wait for Chrome to start — exponential backoff: 500ms, 1s, 2s, 4s
+    const backoffDelays = [500, 1000, 2000, 4000, 4000, 4000];
+    for (let i = 0; i < backoffDelays.length; i++) {
         try {
-            await new Promise(r => setTimeout(r, 500));
+            await new Promise(r => setTimeout(r, backoffDelays[i]));
             const wsUrl = await (0, cdp_1.getDebuggerUrl)(debugPort);
             client = new cdp_1.CDPClient();
             await client.connect(wsUrl);

package/dist/tools/code-analysis.d.ts

@@ -3,6 +3,7 @@ export declare class CodeAnalysisTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/code-analysis.js

@@ -40,6 +40,7 @@ class CodeAnalysisTool {
     name = 'code_analysis';
     description = 'Analyze code structure. Actions: symbols (list classes/functions/exports), imports (list imports), outline (file structure), references (find where a symbol is used).';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/code-review.d.ts

@@ -3,6 +3,7 @@ export declare class CodeReviewTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/code-review.js

@@ -52,6 +52,7 @@ class CodeReviewTool {
     name = 'code_review';
     description = 'Review code for security issues, complexity, and code smells. Actions: security, complexity, review (full).';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/edit.js

@@ -37,6 +37,8 @@ exports.EditFileTool = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
+const security_1 = require("../security");
+const secrets_1 = require("../secrets");
 // Undo snapshot directory
 const UNDO_DIR = path.join(os.homedir(), '.codebot', 'undo');
 const MAX_UNDO = 50;
@@ -66,10 +68,32 @@ class EditFileTool {
         const filePath = path.resolve(args.path);
         const oldStr = String(args.old_string);
         const newStr = String(args.new_string);
-        if (!fs.existsSync(filePath)) {
+        // Security: path safety check
+        const projectRoot = process.cwd();
+        const safety = (0, security_1.isPathSafe)(filePath, projectRoot);
+        if (!safety.safe) {
+            return `Error: ${safety.reason}`;
+        }
+        // Security: resolve symlinks before reading
+        let realPath;
+        try {
+            realPath = fs.realpathSync(filePath);
+        }
+        catch {
             throw new Error(`File not found: ${filePath}`);
         }
-        const content = fs.readFileSync(filePath, 'utf-8');
+        if (!fs.existsSync(realPath)) {
+            throw new Error(`File not found: ${filePath}`);
+        }
+        // Security: secret detection on new content (warn but don't block)
+        const secrets = (0, secrets_1.scanForSecrets)(newStr);
+        let warning = '';
+        if (secrets.length > 0) {
+            warning = `\n\n⚠️  WARNING: ${secrets.length} potential secret(s) in new content:\n` +
+                secrets.map(s => `  ${s.type} — ${s.snippet}`).join('\n') +
+                '\nConsider using environment variables instead of hardcoding secrets.';
+        }
+        const content = fs.readFileSync(realPath, 'utf-8');
         const count = content.split(oldStr).length - 1;
         if (count === 0) {
             throw new Error(`String not found in ${filePath}. Make sure old_string matches exactly (including whitespace).`);
@@ -78,12 +102,12 @@ class EditFileTool {
             throw new Error(`String found ${count} times in ${filePath}. Provide more surrounding context to make it unique.`);
         }
         // Save undo snapshot
-        this.saveSnapshot(filePath, content);
+        this.saveSnapshot(realPath, content);
         const updated = content.replace(oldStr, newStr);
-        fs.writeFileSync(filePath, updated, 'utf-8');
+        fs.writeFileSync(realPath, updated, 'utf-8');
         // Generate diff preview
         const diff = this.generateDiff(oldStr, newStr, content, filePath);
-        return diff;
+        return diff + warning;
     }
     generateDiff(oldStr, newStr, content, filePath) {
         const lines = content.split('\n');

package/dist/tools/execute.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ExecuteTool = void 0;
 const child_process_1 = require("child_process");
+const security_1 = require("../security");
 const BLOCKED_PATTERNS = [
     // Destructive filesystem operations
     /rm\s+-rf\s+\//,
@@ -39,6 +40,44 @@ const BLOCKED_PATTERNS = [
     /insmod\b/,
     /rmmod\b/,
     /modprobe\s+-r/,
+    // ── v1.6.0 security hardening: evasion-resistant patterns ──
+    // Base64 decode pipes (obfuscated command execution)
+    /base64\s+(-d|--decode)\s*\|/,
+    // Hex escape sequences (obfuscation)
+    /\\x[0-9a-fA-F]{2}.*\\x[0-9a-fA-F]{2}/,
+    // Variable-based obfuscation
+    /\$\{[^}]*rm\s/,
+    /eval\s+.*\$/,
+    // Backtick-based command injection
+    /`[^`]*rm\s+-rf/,
+    // Process substitution with dangerous commands
+    /<\(.*curl/,
+    /<\(.*wget/,
+    // Python/perl inline execution of destructive commands
+    /python[23]?\s+-c\s+.*import\s+os.*remove/,
+    /perl\s+-e\s+.*unlink/,
+    // Encoded shell commands
+    /echo\s+.*\|\s*base64\s+(-d|--decode)\s*\|\s*(ba)?sh/,
+    // Crontab manipulation
+    /crontab\s+-r/,
+    // Systemctl destructive operations
+    /systemctl\s+(disable|mask|stop)\s+(sshd|firewalld|iptables)/,
+];
+/** Sensitive environment variables to strip before passing to child process */
+const FILTERED_ENV_VARS = [
+    'AWS_SECRET_ACCESS_KEY',
+    'AWS_SESSION_TOKEN',
+    'GITHUB_TOKEN',
+    'GH_TOKEN',
+    'NPM_TOKEN',
+    'DATABASE_URL',
+    'OPENAI_API_KEY',
+    'ANTHROPIC_API_KEY',
+    'GOOGLE_API_KEY',
+    'STRIPE_SECRET_KEY',
+    'SENDGRID_API_KEY',
+    'SLACK_TOKEN',
+    'SLACK_BOT_TOKEN',
 ];
 class ExecuteTool {
     name = 'execute';
@@ -63,13 +102,26 @@ class ExecuteTool {
                 throw new Error(`Blocked: "${cmd}" matches a dangerous command pattern.`);
             }
         }
+        // Security: validate CWD
+        const cwd = args.cwd || process.cwd();
+        const projectRoot = process.cwd();
+        const cwdSafety = (0, security_1.isCwdSafe)(cwd, projectRoot);
+        if (!cwdSafety.safe) {
+            return `Error: ${cwdSafety.reason}`;
+        }
+        // Security: filter sensitive env vars
+        const safeEnv = { ...process.env };
+        for (const key of FILTERED_ENV_VARS) {
+            delete safeEnv[key];
+        }
         try {
             const output = (0, child_process_1.execSync)(cmd, {
-                cwd: args.cwd || process.cwd(),
+                cwd,
                 timeout: args.timeout || 30000,
                 maxBuffer: 1024 * 1024,
                 encoding: 'utf-8',
                 stdio: ['pipe', 'pipe', 'pipe'],
+                env: safeEnv,
             });
             return output || '(no output)';
         }

package/dist/tools/glob.d.ts

@@ -3,6 +3,7 @@ export declare class GlobTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/glob.js

@@ -40,6 +40,7 @@ class GlobTool {
     name = 'glob';
     description = 'Find files matching a glob pattern. Returns matching file paths relative to the search directory.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/grep.d.ts

@@ -3,6 +3,7 @@ export declare class GrepTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/grep.js

@@ -40,6 +40,7 @@ class GrepTool {
     name = 'grep';
     description = 'Search file contents for a regex pattern. Returns matching lines with file paths and line numbers.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/image-info.d.ts

@@ -3,6 +3,7 @@ export declare class ImageInfoTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/image-info.js

@@ -40,6 +40,7 @@ class ImageInfoTool {
     name = 'image_info';
     description = 'Get image file information — dimensions, format, file size. Supports PNG, JPEG, GIF, BMP, SVG.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/package-manager.js

@@ -63,6 +63,34 @@ const MANAGERS = {
         remove: 'go mod tidy', list: 'go list -m all', outdated: 'go list -m -u all', audit: 'govulncheck ./...',
     },
 };
+/**
+ * Package name validation patterns by ecosystem.
+ * Rejects names containing shell metacharacters or injection attempts.
+ */
+const SAFE_PKG_PATTERNS = {
+    // npm: @scope/pkg@version or pkg@version
+    npm: /^(@[a-z0-9\-~][a-z0-9\-._~]*\/)?[a-z0-9\-~][a-z0-9\-._~]*(@[a-z0-9^~>=<.*\-]+)?$/,
+    yarn: /^(@[a-z0-9\-~][a-z0-9\-._~]*\/)?[a-z0-9\-~][a-z0-9\-._~]*(@[a-z0-9^~>=<.*\-]+)?$/,
+    pnpm: /^(@[a-z0-9\-~][a-z0-9\-._~]*\/)?[a-z0-9\-~][a-z0-9\-._~]*(@[a-z0-9^~>=<.*\-]+)?$/,
+    // pip: allows hyphens, underscores, dots, optional version spec
+    pip: /^[a-zA-Z0-9][a-zA-Z0-9._\-]*(\[[a-zA-Z0-9,._\-]+\])?(([>=<!=~]+)[a-zA-Z0-9.*]+)?$/,
+    // cargo: lowercase alphanumeric + hyphens + underscores
+    cargo: /^[a-zA-Z][a-zA-Z0-9_\-]*(@[a-zA-Z0-9.^~>=<*\-]+)?$/,
+    // go: module paths
+    go: /^[a-zA-Z0-9][a-zA-Z0-9._\-/]*(@[a-zA-Z0-9.^~>=<*\-]+)?$/,
+};
+function isPackageNameSafe(pkgName, manager) {
+    // Split by spaces to handle multiple package args
+    const packages = pkgName.trim().split(/\s+/);
+    const pattern = SAFE_PKG_PATTERNS[manager];
+    if (!pattern)
+        return false;
+    for (const pkg of packages) {
+        if (!pattern.test(pkg))
+            return false;
+    }
+    return true;
+}
 class PackageManagerTool {
     name = 'package_manager';
     description = 'Manage dependencies. Auto-detects npm/yarn/pnpm/pip/cargo/go. Actions: install, add, remove, list, outdated, audit, detect.';
@@ -98,6 +126,10 @@ class PackageManagerTool {
                 const pkg = args.package;
                 if (!pkg)
                     return 'Error: package name is required for add';
+                // Security: validate package name
+                if (!isPackageNameSafe(pkg, mgr.name)) {
+                    return `Error: invalid package name "${pkg}". Package names must be alphanumeric with hyphens/underscores/dots only. Shell metacharacters are not allowed.`;
+                }
                 cmd = `${mgr.add} ${pkg}`;
                 break;
             }
@@ -105,6 +137,10 @@ class PackageManagerTool {
                 const pkg = args.package;
                 if (!pkg)
                     return 'Error: package name is required for remove';
+                // Security: validate package name
+                if (!isPackageNameSafe(pkg, mgr.name)) {
+                    return `Error: invalid package name "${pkg}". Package names must be alphanumeric with hyphens/underscores/dots only. Shell metacharacters are not allowed.`;
+                }
                 cmd = `${mgr.remove} ${pkg}`;
                 break;
             }

package/dist/tools/read.d.ts

@@ -3,6 +3,7 @@ export declare class ReadFileTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/read.js

@@ -40,6 +40,7 @@ class ReadFileTool {
     name = 'read_file';
     description = 'Read the contents of a file. Returns file content with line numbers.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/web-fetch.js

@@ -31,17 +31,19 @@ class WebFetchTool {
         // Block requests to private/internal IPs
         const hostname = parsed.hostname.toLowerCase();
         // Block localhost variants
-        if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1' || hostname === '0.0.0.0') {
+        if (hostname === 'localhost' || hostname === '::1' || hostname === '0.0.0.0') {
             return 'Blocked: requests to localhost are not allowed';
         }
         // Block cloud metadata endpoints
         if (hostname === '169.254.169.254' || hostname === 'metadata.google.internal') {
             return 'Blocked: requests to cloud metadata endpoints are not allowed';
         }
-        // Block private IP ranges (10.x, 172.16-31.x, 192.168.x)
+        // Block private IPv4 ranges
         const ipMatch = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
         if (ipMatch) {
             const [, a, b] = ipMatch.map(Number);
+            if (a === 127)
+                return 'Blocked: loopback IP range (127.x.x.x)'; // Full 127.0.0.0/8
             if (a === 10)
                 return 'Blocked: private IP range (10.x.x.x)';
             if (a === 172 && b >= 16 && b <= 31)
@@ -50,6 +52,44 @@ class WebFetchTool {
                 return 'Blocked: private IP range (192.168.x.x)';
             if (a === 0)
                 return 'Blocked: invalid IP (0.x.x.x)';
+            if (a === 169 && b === 254)
+                return 'Blocked: link-local IP (169.254.x.x)';
+        }
+        // ── v1.6.0 security hardening: IPv6 private range blocking ──
+        // Remove brackets for IPv6 addresses
+        const bare = hostname.replace(/^\[/, '').replace(/\]$/, '').toLowerCase();
+        // IPv6 loopback
+        if (bare === '::1' || bare === '0:0:0:0:0:0:0:1') {
+            return 'Blocked: IPv6 loopback (::1)';
+        }
+        // IPv6 link-local (fe80::/10)
+        if (/^fe[89ab][0-9a-f]:/i.test(bare)) {
+            return 'Blocked: IPv6 link-local address (fe80::/10)';
+        }
+        // IPv6 unique local address (fc00::/7 — includes fd00::/8)
+        if (/^f[cd][0-9a-f]{2}:/i.test(bare)) {
+            return 'Blocked: IPv6 unique local address (fc00::/7)';
+        }
+        // IPv6 multicast (ff00::/8)
+        if (/^ff[0-9a-f]{2}:/i.test(bare)) {
+            return 'Blocked: IPv6 multicast address (ff00::/8)';
+        }
+        // IPv6-mapped IPv4 addresses (::ffff:x.x.x.x)
+        const mappedMatch = bare.match(/^::ffff:(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+        if (mappedMatch) {
+            const [, a, b] = mappedMatch.map(Number);
+            if (a === 127)
+                return 'Blocked: IPv4-mapped loopback';
+            if (a === 10)
+                return 'Blocked: IPv4-mapped private IP';
+            if (a === 172 && b >= 16 && b <= 31)
+                return 'Blocked: IPv4-mapped private IP';
+            if (a === 192 && b === 168)
+                return 'Blocked: IPv4-mapped private IP';
+            if (a === 0)
+                return 'Blocked: IPv4-mapped invalid IP';
+            if (a === 169 && b === 254)
+                return 'Blocked: IPv4-mapped link-local';
         }
         return null; // URL is safe
     }