defense-mcp-server 0.6.0

package/build/core/rollback.d.ts

@@ -0,0 +1,73 @@
+/**
+ * RollbackManager — singleton that tracks system changes and provides
+ * rollback capability for file, sysctl, service, and firewall modifications.
+ */
+export type ChangeType = "file" | "sysctl" | "service" | "firewall";
+/**
+ * Structured rollback command — stores the command and args as separate fields
+ * to avoid reconstructing them from a string (which is an injection risk).
+ */
+export interface RollbackCommand {
+    command: string;
+    args: string[];
+}
+export interface ChangeRecord {
+    id: string;
+    operationId: string;
+    sessionId: string;
+    type: ChangeType;
+    target: string;
+    originalValue: string;
+    timestamp: string;
+    rolledBack: boolean;
+    /** Optional reference to a changelog entry ID for cross-referencing */
+    changelogRef?: string;
+    /**
+     * Structured rollback command for firewall-type changes.
+     * Preferred over parsing originalValue via string splitting.
+     * When present, this is used instead of originalValue for rollback execution.
+     */
+    rollbackCommand?: RollbackCommand;
+}
+/**
+ * Versioned rollback state file format.
+ * Old files stored a bare array; new files use this envelope.
+ */
+export interface RollbackState {
+    version: 1;
+    changes: ChangeRecord[];
+}
+export declare class RollbackManager {
+    private static instance;
+    private readonly storePath;
+    private readonly sessionId;
+    private changes;
+    private constructor();
+    /** Get the singleton instance. */
+    static getInstance(): RollbackManager;
+    /** Persist state to disk in versioned format. */
+    private save;
+    /**
+     * Track a change for later rollback.
+     * @param changelogRef Optional reference to a changelog entry ID
+     * @param rollbackCmd Optional structured rollback command (preferred for firewall changes)
+     */
+    trackChange(operationId: string, type: ChangeType, target: string, originalValue: string, changelogRef?: string, rollbackCmd?: RollbackCommand): void;
+    /**
+     * Rollback a single operation by its operation ID.
+     */
+    rollback(operationId: string): Promise<void>;
+    /**
+     * Rollback all changes from the current session.
+     */
+    rollbackSession(sessionId: string): Promise<void>;
+    /**
+     * List all tracked changes.
+     */
+    listChanges(): ChangeRecord[];
+    /** Get the current session ID. */
+    getSessionId(): string;
+    /** Rollback a single change record. */
+    private rollbackRecord;
+}
+//# sourceMappingURL=rollback.d.ts.map

package/build/core/rollback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rollback.d.ts","sourceRoot":"","sources":["../../src/core/rollback.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA+EH,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC;AAEpE;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,uEAAuE;IACvE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,YAAY,EAAE,CAAC;CACzB;AAID,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAgC;IACvD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,OAAO,CAAsB;IAErC,OAAO;IAwBP,kCAAkC;IAClC,MAAM,CAAC,WAAW,IAAI,eAAe;IAOrC,iDAAiD;IACjD,OAAO,CAAC,IAAI;IAYZ;;;;OAIG;IACH,WAAW,CACT,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,EACrB,YAAY,CAAC,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,eAAe,GAC5B,IAAI;IAmBP;;OAEG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBlD;;OAEG;IACG,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBvD;;OAEG;IACH,WAAW,IAAI,YAAY,EAAE;IAM7B,kCAAkC;IAClC,YAAY,IAAI,MAAM;IAItB,uCAAuC;YACzB,cAAc;CA2G7B"}

package/build/core/rollback.js

@@ -0,0 +1,278 @@
+/**
+ * RollbackManager — singleton that tracks system changes and provides
+ * rollback capability for file, sysctl, service, and firewall modifications.
+ */
+import { existsSync, readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { homedir } from "node:os";
+import { secureWriteFileSync, secureMkdirSync, secureCopyFileSync } from "./secure-fs.js";
+import { randomUUID } from "node:crypto";
+import { executeCommand } from "./executor.js";
+import { isAllowlisted } from "./command-allowlist.js";
+// ── Validation Constants ─────────────────────────────────────────────────────
+/** Control characters regex — matches dangerous non-printable characters */
+const CONTROL_CHAR_RE = /[\x00-\x08\x0e-\x1f\x7f]/;
+/**
+ * Safe pattern for service names (systemd unit names).
+ * Allows alphanumeric, @, dots, underscores, hyphens, colons.
+ */
+const SAFE_SERVICE_NAME_RE = /^[a-zA-Z0-9@._:-]+$/;
+/**
+ * Allowed commands for firewall rollback.
+ * Only specific firewall binaries are permitted — never shell interpreters.
+ * This is defense-in-depth on top of the general command allowlist.
+ */
+const ALLOWED_FIREWALL_COMMANDS = new Set([
+    "iptables", "ip6tables", "iptables-restore", "ip6tables-restore",
+    "iptables-save", "ip6tables-save", "nft", "ufw", "netfilter-persistent",
+]);
+/**
+ * Validate a rollback argument for injection safety.
+ * Rejects null bytes, control characters, and excessively long values.
+ *
+ * @param arg The argument string to validate
+ * @param index The argument index (for error messages)
+ * @param label Human-readable label (e.g., "Firewall rollback")
+ * @throws {Error} If validation fails
+ */
+function validateRollbackArg(arg, index, label) {
+    if (typeof arg !== "string") {
+        throw new Error(`[rollback] ${label} argument at index ${index} is not a string`);
+    }
+    if (arg.length > 512) {
+        throw new Error(`[rollback] ${label} argument at index ${index} is too long (${arg.length} chars, max 512)`);
+    }
+    if (arg.includes("\0")) {
+        throw new Error(`[rollback] ${label} argument at index ${index} contains null bytes`);
+    }
+    if (CONTROL_CHAR_RE.test(arg)) {
+        throw new Error(`[rollback] ${label} argument at index ${index} contains control characters`);
+    }
+}
+/**
+ * Validate that a command is a recognized firewall tool.
+ * Extracts the bare binary name from an absolute path if needed.
+ *
+ * @param command The command (bare name or absolute path)
+ * @throws {Error} If the command is not a recognized firewall tool
+ */
+function validateFirewallCommand(command) {
+    const bareCommand = command.startsWith("/")
+        ? (command.split("/").pop() ?? command)
+        : command;
+    if (!ALLOWED_FIREWALL_COMMANDS.has(bareCommand)) {
+        throw new Error(`[rollback] '${command}' is not a recognized firewall command for rollback`);
+    }
+}
+// ── RollbackManager ──────────────────────────────────────────────────────────
+export class RollbackManager {
+    static instance = null;
+    storePath;
+    sessionId;
+    changes = [];
+    constructor() {
+        this.sessionId = randomUUID();
+        const storeDir = join(homedir(), ".kali-defense");
+        this.storePath = join(storeDir, "rollback-state.json");
+        // Load existing state (with migration from old bare-array format)
+        try {
+            if (existsSync(this.storePath)) {
+                const raw = readFileSync(this.storePath, "utf-8");
+                const parsed = JSON.parse(raw);
+                // Handle old format (bare array)
+                if (Array.isArray(parsed)) {
+                    this.changes = parsed;
+                }
+                // Handle versioned format
+                else if (parsed && typeof parsed === "object" && Array.isArray(parsed.changes)) {
+                    this.changes = parsed.changes;
+                }
+            }
+        }
+        catch {
+            this.changes = [];
+        }
+    }
+    /** Get the singleton instance. */
+    static getInstance() {
+        if (!RollbackManager.instance) {
+            RollbackManager.instance = new RollbackManager();
+        }
+        return RollbackManager.instance;
+    }
+    /** Persist state to disk in versioned format. */
+    save() {
+        try {
+            const state = {
+                version: 1,
+                changes: this.changes,
+            };
+            secureWriteFileSync(this.storePath, JSON.stringify(state, null, 2), "utf-8");
+        }
+        catch (err) {
+            console.error(`[rollback] Failed to save state: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    /**
+     * Track a change for later rollback.
+     * @param changelogRef Optional reference to a changelog entry ID
+     * @param rollbackCmd Optional structured rollback command (preferred for firewall changes)
+     */
+    trackChange(operationId, type, target, originalValue, changelogRef, rollbackCmd) {
+        const record = {
+            id: randomUUID(),
+            operationId,
+            sessionId: this.sessionId,
+            type,
+            target,
+            originalValue,
+            timestamp: new Date().toISOString(),
+            rolledBack: false,
+            ...(changelogRef !== undefined ? { changelogRef } : {}),
+            ...(rollbackCmd !== undefined ? { rollbackCommand: rollbackCmd } : {}),
+        };
+        this.changes.push(record);
+        this.save();
+        console.error(`[rollback] Tracked ${type} change on ${target} (op: ${operationId})`);
+    }
+    /**
+     * Rollback a single operation by its operation ID.
+     */
+    async rollback(operationId) {
+        const records = this.changes.filter((c) => c.operationId === operationId && !c.rolledBack);
+        if (records.length === 0) {
+            throw new Error(`No pending changes found for operation: ${operationId}`);
+        }
+        // Rollback in reverse order
+        for (const record of records.reverse()) {
+            await this.rollbackRecord(record);
+        }
+        this.save();
+    }
+    /**
+     * Rollback all changes from the current session.
+     */
+    async rollbackSession(sessionId) {
+        const records = this.changes.filter((c) => c.sessionId === sessionId && !c.rolledBack);
+        if (records.length === 0) {
+            throw new Error(`No pending changes found for session: ${sessionId}`);
+        }
+        for (const record of records.reverse()) {
+            await this.rollbackRecord(record);
+        }
+        this.save();
+    }
+    /**
+     * List all tracked changes.
+     */
+    listChanges() {
+        return [...this.changes].sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+    }
+    /** Get the current session ID. */
+    getSessionId() {
+        return this.sessionId;
+    }
+    /** Rollback a single change record. */
+    async rollbackRecord(record) {
+        try {
+            switch (record.type) {
+                case "file": {
+                    // originalValue is the backup path
+                    if (existsSync(record.originalValue)) {
+                        secureMkdirSync(dirname(record.target));
+                        secureCopyFileSync(record.originalValue, record.target);
+                    }
+                    else {
+                        console.error(`[rollback] Backup file missing: ${record.originalValue}`);
+                    }
+                    break;
+                }
+                case "sysctl": {
+                    // Validate that sysctl is in the allowlist before executing
+                    if (!isAllowlisted("sysctl")) {
+                        throw new Error("[rollback] sysctl is not in the command allowlist — refusing to execute");
+                    }
+                    // Validate sysctl key: must be dotted identifiers (e.g. net.ipv4.ip_forward)
+                    if (!/^[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)+$/.test(record.target)) {
+                        throw new Error(`[rollback] Invalid sysctl key: ${record.target}`);
+                    }
+                    // Validate sysctl value: must not contain shell metacharacters
+                    if (/[;&|`$(){}[\]\\<>!#~]/.test(record.originalValue)) {
+                        throw new Error(`[rollback] Invalid sysctl value (contains shell metacharacters): ${record.originalValue}`);
+                    }
+                    await executeCommand({
+                        command: "sysctl",
+                        args: ["-w", `${record.target}=${record.originalValue}`],
+                        timeout: 10000,
+                    });
+                    break;
+                }
+                case "service": {
+                    // Validate service name against safe pattern
+                    if (!SAFE_SERVICE_NAME_RE.test(record.target)) {
+                        throw new Error(`[rollback] Invalid service name: ${record.target}`);
+                    }
+                    // originalValue is the previous state (e.g., "active", "inactive")
+                    const action = record.originalValue === "active" ? "start" : "stop";
+                    await executeCommand({
+                        command: "systemctl",
+                        args: [action, record.target],
+                        timeout: 30000,
+                    });
+                    break;
+                }
+                case "firewall": {
+                    // Prefer structured rollbackCommand if available (CORE-003 remediation)
+                    if (record.rollbackCommand) {
+                        const { command, args } = record.rollbackCommand;
+                        // Validate command is in the general allowlist
+                        if (!isAllowlisted(command)) {
+                            throw new Error(`[rollback] Firewall rollback command '${command}' is not in the command allowlist — refusing to execute`);
+                        }
+                        // Defense-in-depth: only allow known firewall commands
+                        validateFirewallCommand(command);
+                        // Validate each argument for injection safety
+                        for (let i = 0; i < args.length; i++) {
+                            validateRollbackArg(args[i], i, "Firewall rollback");
+                        }
+                        await executeCommand({
+                            command,
+                            args,
+                            timeout: 10000,
+                        });
+                    }
+                    else {
+                        // Legacy fallback: reconstruct from originalValue string splitting
+                        // Validate the command against the allowlist before executing
+                        const parts = record.originalValue.split(/\s+/).filter(Boolean);
+                        if (parts.length < 2) {
+                            throw new Error(`[rollback] Firewall rollback command too short: '${record.originalValue}'`);
+                        }
+                        const command = parts[0];
+                        if (!isAllowlisted(command)) {
+                            throw new Error(`[rollback] Firewall rollback command '${command}' is not in the command allowlist — refusing to execute`);
+                        }
+                        // Defense-in-depth: only allow known firewall commands
+                        validateFirewallCommand(command);
+                        // Validate each argument for injection safety
+                        const args = parts.slice(1);
+                        for (let i = 0; i < args.length; i++) {
+                            validateRollbackArg(args[i], i, "Firewall rollback (legacy)");
+                        }
+                        await executeCommand({
+                            command,
+                            args,
+                            timeout: 10000,
+                        });
+                    }
+                    break;
+                }
+            }
+            record.rolledBack = true;
+            console.error(`[rollback] Rolled back ${record.type} change on ${record.target}`);
+        }
+        catch (err) {
+            console.error(`[rollback] Failed to rollback ${record.type} on ${record.target}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+}

package/build/core/safeguards.d.ts

@@ -0,0 +1,58 @@
+/**
+ * SafeguardRegistry — singleton that detects running applications and
+ * environmental state so defensive operations can be evaluated for safety.
+ *
+ * Detection domains:
+ *   - VS Code (editor process, config dir, IPC sockets)
+ *   - Docker (daemon socket, running containers)
+ *   - MCP servers (workspace config + node processes)
+ *   - Databases (TCP port probing: PostgreSQL, MySQL, MongoDB, Redis)
+ *   - Web servers (nginx, apache2, httpd process detection)
+ */
+export interface SafetyResult {
+    safe: boolean;
+    warnings: string[];
+    blockers: string[];
+    impactedApps: string[];
+}
+export interface DetectedApp {
+    category: string;
+    detected: boolean;
+    detail: string;
+}
+export interface SafeguardReport {
+    timestamp: string;
+    detectedApps: DetectedApp[];
+    summary: string;
+    overallSafe: boolean;
+}
+/** Check if the current session is over SSH. */
+export declare function isSSHSession(): boolean;
+/** Check if the current user has a non-empty authorized_keys file. */
+export declare function hasAuthorizedKeys(): boolean;
+export declare class SafeguardRegistry {
+    /** Cached detection results with TTL to avoid re-running on every tool call */
+    private detectionCache;
+    private readonly DETECTION_CACHE_TTL;
+    private constructor();
+    /** Get the singleton instance. */
+    static getInstance(): SafeguardRegistry;
+    /** Detect VS Code editor presence. */
+    detectVSCode(): Promise<DetectedApp>;
+    /** Detect Docker daemon and running containers. */
+    detectDocker(): Promise<DetectedApp>;
+    /** Detect configured MCP servers. */
+    detectMCPServers(): Promise<DetectedApp>;
+    /** Detect databases via TCP port probing. */
+    detectDatabases(): Promise<DetectedApp>;
+    /** Detect web server processes. */
+    detectWebServers(): Promise<DetectedApp>;
+    /**
+     * Check whether an operation is safe given current system state.
+     * Returns warnings (non-blocking) and blockers (operation should not proceed).
+     */
+    checkSafety(operation: string, params: Record<string, unknown>): Promise<SafetyResult>;
+    /** Generate a full safety report of all detected applications. */
+    appSafetyReport(): Promise<SafeguardReport>;
+}
+//# sourceMappingURL=safeguards.d.ts.map

package/build/core/safeguards.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safeguards.d.ts","sourceRoot":"","sources":["../../src/core/safeguards.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAgBH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,OAAO,CAAC;CACtB;AA0DD,gDAAgD;AAChD,wBAAgB,YAAY,IAAI,OAAO,CAEtC;AAED,sEAAsE;AACtE,wBAAgB,iBAAiB,IAAI,OAAO,CAS3C;AA0BD,qBAAa,iBAAiB;IAC5B,+EAA+E;IAC/E,OAAO,CAAC,cAAc,CAGa;IAEnC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAU;IAE9C,OAAO;IAEP,kCAAkC;IAClC,MAAM,CAAC,WAAW,IAAI,iBAAiB;IAOvC,sCAAsC;IAChC,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC;IA0C1C,mDAAmD;IAC7C,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC;IAkC1C,qCAAqC;IAC/B,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;IAwC9C,6CAA6C;IACvC,eAAe,IAAI,OAAO,CAAC,WAAW,CAAC;IA0B7C,mCAAmC;IAC7B,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;IAmB9C;;;OAGG;IACG,WAAW,CACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,OAAO,CAAC,YAAY,CAAC;IAuLxB,kEAAkE;IAC5D,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC;CA2BlD"}