defense-mcp-server 0.9.0 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +319 -55
- package/build/core/auto-installer.d.ts.map +1 -1
- package/build/core/auto-installer.js +0 -3
- package/build/core/backup-manager.d.ts.map +1 -1
- package/build/core/backup-manager.js +44 -33
- package/build/core/command-allowlist.d.ts.map +1 -1
- package/build/core/command-allowlist.js +14 -1
- package/build/core/config.d.ts +16 -0
- package/build/core/config.d.ts.map +1 -1
- package/build/core/config.js +6 -0
- package/build/core/dependency-validator.d.ts.map +1 -1
- package/build/core/distro-adapter.d.ts.map +1 -1
- package/build/core/distro.js +2 -2
- package/build/core/executor.d.ts.map +1 -1
- package/build/core/executor.js +13 -0
- package/build/core/installer.d.ts.map +1 -1
- package/build/core/logger.d.ts.map +1 -1
- package/build/core/logger.js +7 -3
- package/build/core/output-redactor.d.ts +26 -0
- package/build/core/output-redactor.d.ts.map +1 -0
- package/build/core/output-redactor.js +96 -0
- package/build/core/pam-utils.d.ts.map +1 -1
- package/build/core/preflight.d.ts.map +1 -1
- package/build/core/safeguards.d.ts.map +1 -1
- package/build/core/safeguards.js +4 -3
- package/build/core/sanitizer.d.ts +1 -1
- package/build/core/sanitizer.d.ts.map +1 -1
- package/build/core/sanitizer.js +1 -1
- package/build/core/sudo-guard.d.ts +5 -0
- package/build/core/sudo-guard.d.ts.map +1 -1
- package/build/core/sudo-guard.js +0 -11
- package/build/core/third-party-installer.js +1 -1
- package/build/core/tool-annotations.d.ts +13 -0
- package/build/core/tool-annotations.d.ts.map +1 -0
- package/build/core/tool-annotations.js +49 -0
- package/build/core/tool-wrapper.d.ts.map +1 -1
- package/build/core/tool-wrapper.js +18 -0
- package/build/index.js +134 -7
- package/build/tools/access-control.d.ts.map +1 -1
- package/build/tools/access-control.js +22 -24
- package/build/tools/compliance.d.ts.map +1 -1
- package/build/tools/container-security.js +1 -1
- package/build/tools/deception.d.ts.map +1 -1
- package/build/tools/deception.js +3 -2
- package/build/tools/dns-security.d.ts.map +1 -1
- package/build/tools/ebpf-security.d.ts.map +1 -1
- package/build/tools/encryption.d.ts.map +1 -1
- package/build/tools/encryption.js +0 -18
- package/build/tools/firewall.d.ts.map +1 -1
- package/build/tools/firewall.js +0 -11
- package/build/tools/hardening.d.ts.map +1 -1
- package/build/tools/integrity.js +1 -1
- package/build/tools/logging.d.ts.map +1 -1
- package/build/tools/malware.d.ts.map +1 -1
- package/build/tools/malware.js +17 -7
- package/build/tools/meta.d.ts.map +1 -1
- package/build/tools/meta.js +146 -12
- package/build/tools/network-defense.d.ts.map +1 -1
- package/build/tools/network-defense.js +1 -30
- package/build/tools/sudo-management.js +12 -18
- package/build/tools/supply-chain-security.d.ts.map +1 -1
- package/build/tools/supply-chain-security.js +0 -20
- package/build/tools/threat-intel.d.ts.map +1 -1
- package/build/tools/threat-intel.js +0 -2
- package/build/tools/waf.js +1 -1
- package/build/tools/wireless-security.js +1 -1
- package/build/tools/zero-trust-network.d.ts.map +1 -1
- package/build/tools/zero-trust-network.js +0 -8
- package/package.json +4 -4
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"command-allowlist.d.ts","sourceRoot":"","sources":["../../src/core/command-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAeH,MAAM,WAAW,cAAc;IAC7B,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,2EAA2E;IAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+EAA+E;IAC/E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,uEAAuE;IACvE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,sDAAsD;AACtD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB;AAsXD;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAwD1C;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"command-allowlist.d.ts","sourceRoot":"","sources":["../../src/core/command-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAeH,MAAM,WAAW,cAAc;IAC7B,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,2EAA2E;IAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+EAA+E;IAC/E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,uEAAuE;IACvE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,sDAAsD;AACtD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB;AAsXD;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAwD1C;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAiEtD;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CActD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB,CA6CA;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAE7E;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED;;GAEG;AACH,wBAAgB,gCAAgC,IAAI,OAAO,CAE1D;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAEjE;AA4DD;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAE9E;AAeD;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,GACvB,wBAAwB,CA6G1B;AAiHD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC,CA6C7E"}
|
|
@@ -444,10 +444,23 @@ export function resolveCommand(command) {
|
|
|
444
444
|
// Lazy resolution: if initializeAllowlist() hasn't run or if the binary
|
|
445
445
|
// was installed after startup, try resolving now
|
|
446
446
|
for (const candidate of entry.candidates) {
|
|
447
|
-
|
|
447
|
+
try {
|
|
448
|
+
// Use lstatSync directly to avoid TOCTOU between existsSync and resolve
|
|
449
|
+
const lstats = lstatSync(candidate);
|
|
448
450
|
entry.resolvedPath = candidate;
|
|
451
|
+
// SECURITY (CORE-007): Record inode during lazy resolution too
|
|
452
|
+
if (lstats.isSymbolicLink()) {
|
|
453
|
+
const realStats = statSync(realpathSync(candidate));
|
|
454
|
+
entry.resolvedInode = realStats.ino;
|
|
455
|
+
}
|
|
456
|
+
else {
|
|
457
|
+
entry.resolvedInode = lstats.ino;
|
|
458
|
+
}
|
|
449
459
|
return candidate;
|
|
450
460
|
}
|
|
461
|
+
catch {
|
|
462
|
+
// Candidate doesn't exist — try next
|
|
463
|
+
}
|
|
451
464
|
}
|
|
452
465
|
throw new Error(`Allowlisted command '${command}' not found on this system. ` +
|
|
453
466
|
`Checked paths: ${entry.candidates.join(", ")}`);
|
package/build/core/config.d.ts
CHANGED
|
@@ -59,6 +59,22 @@ export interface DefenseConfig {
|
|
|
59
59
|
commandTimeout: number;
|
|
60
60
|
/** Network operation timeout in ms (default: 30s; env: DEFENSE_MCP_NETWORK_TIMEOUT) */
|
|
61
61
|
networkTimeout: number;
|
|
62
|
+
/**
|
|
63
|
+
* SECURITY: Redact sensitive data (passwords, tokens, keys) from command
|
|
64
|
+
* output before returning to the LLM. Defaults to `true`.
|
|
65
|
+
* Env: DEFENSE_MCP_REDACT_OUTPUT (set to "false" to disable)
|
|
66
|
+
*/
|
|
67
|
+
redactOutput: boolean;
|
|
68
|
+
/**
|
|
69
|
+
* When true, only register tools with readOnlyHint: true annotations.
|
|
70
|
+
* Env: DEFENSE_MCP_READ_ONLY (default: false)
|
|
71
|
+
*/
|
|
72
|
+
readOnly: boolean;
|
|
73
|
+
/**
|
|
74
|
+
* Comma-separated list of tool names to register. Empty means all tools.
|
|
75
|
+
* Env: DEFENSE_MCP_ALLOWED_TOOLS (default: "")
|
|
76
|
+
*/
|
|
77
|
+
allowedTools: string[];
|
|
62
78
|
}
|
|
63
79
|
/**
|
|
64
80
|
* Returns the current configuration by reading environment variables.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,eAAO,MAAM,WAAW,iKAed,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC;AAErD;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,8CAA8C;IAC9C,cAAc,EAAE,MAAM,CAAC;IACvB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,oBAAoB;IACpB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C;;;;;OAKG;IACH,MAAM,EAAE,OAAO,CAAC;IAChB,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB;;;;;OAKG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,WAAW,EAAE,OAAO,CAAC;IACrB,wCAAwC;IACxC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB;;;;;;OAMG;IACH,mBAAmB,EAAE,OAAO,CAAC;IAC7B,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,iDAAiD;IACjD,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD,iEAAiE;IACjE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,uGAAuG;IACvG,cAAc,EAAE,MAAM,CAAC;IACvB,uFAAuF;IACvF,cAAc,EAAE,MAAM,CAAC;CACxB;AAmGD;;;;GAIG;AACH,wBAAgB,SAAS,IAAI,aAAa,CAQzC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,eAAO,MAAM,WAAW,iKAed,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC;AAErD;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,8CAA8C;IAC9C,cAAc,EAAE,MAAM,CAAC;IACvB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,oBAAoB;IACpB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C;;;;;OAKG;IACH,MAAM,EAAE,OAAO,CAAC;IAChB,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB;;;;;OAKG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,WAAW,EAAE,OAAO,CAAC;IACrB,wCAAwC;IACxC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB;;;;;;OAMG;IACH,mBAAmB,EAAE,OAAO,CAAC;IAC7B,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,iDAAiD;IACjD,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD,iEAAiE;IACjE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,uGAAuG;IACvG,cAAc,EAAE,MAAM,CAAC;IACvB,uFAAuF;IACvF,cAAc,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,YAAY,EAAE,OAAO,CAAC;IACtB;;;OAGG;IACH,QAAQ,EAAE,OAAO,CAAC;IAClB;;;OAGG;IACH,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAmGD;;;;GAIG;AACH,wBAAgB,SAAS,IAAI,aAAa,CAQzC;AA8FD;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAG5C;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,CAIR;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,CAkBR"}
|
package/build/core/config.js
CHANGED
|
@@ -168,6 +168,12 @@ function buildConfigFromEnv() {
|
|
|
168
168
|
const sec = parseInt(process.env.DEFENSE_MCP_NETWORK_TIMEOUT ?? "30", 10);
|
|
169
169
|
return isNaN(sec) || sec <= 0 ? 30_000 : sec * 1000;
|
|
170
170
|
})(),
|
|
171
|
+
redactOutput: process.env.DEFENSE_MCP_REDACT_OUTPUT !== "false",
|
|
172
|
+
readOnly: process.env.DEFENSE_MCP_READ_ONLY === "true",
|
|
173
|
+
allowedTools: (() => {
|
|
174
|
+
const raw = process.env.DEFENSE_MCP_ALLOWED_TOOLS ?? "";
|
|
175
|
+
return raw.split(",").map(s => s.trim()).filter(s => s.length > 0);
|
|
176
|
+
})(),
|
|
171
177
|
};
|
|
172
178
|
// Warn when dry-run is active so operators know no changes will be applied
|
|
173
179
|
if (config.dryRun) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency-validator.d.ts","sourceRoot":"","sources":["../../src/core/dependency-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;
|
|
1
|
+
{"version":3,"file":"dependency-validator.d.ts","sourceRoot":"","sources":["../../src/core/dependency-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AA6BH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oCAAoC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gCAAgC;IAChC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,wCAAwC;IACxC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,sCAAsC;IACtC,aAAa,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxD,+CAA+C;IAC/C,eAAe,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACxE,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,kBAAkB,EAAE,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,sDAAsD;IACtD,SAAS,EAAE,OAAO,CAAC;IACnB,qDAAqD;IACrD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gCAAgC;IAChC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,0DAA0D;IAC1D,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,wCAAwC;IACxC,aAAa,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACzD;AAsCD;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C;AA+CD;;;;;;;;;;GAUG;AACH,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAsJzE;AAID;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC,CA0EvB;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAIxE;AAID;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAmDvE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"distro-adapter.d.ts","sourceRoot":"","sources":["../../src/core/distro-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAKL,KAAK,UAAU,
|
|
1
|
+
{"version":3,"file":"distro-adapter.d.ts","sourceRoot":"","sources":["../../src/core/distro-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAKL,KAAK,UAAU,EACf,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC7B,MAAM,aAAa,CAAC;AAIrB,mDAAmD;AACnD,MAAM,WAAW,WAAW;IAC1B,0BAA0B;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,+BAA+B;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,+BAA+B;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,uCAAuC;IACvC,yBAAyB,EAAE,MAAM,CAAC;IAClC,gCAAgC;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,mCAAmC;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,6CAA6C;AAC7C,MAAM,WAAW,oBAAoB;IACnC,8CAA8C;IAC9C,SAAS,EAAE,OAAO,CAAC;IACnB,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,8CAA8C;IAC9C,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IAC3C,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,uCAAuC;AACvC,MAAM,WAAW,gBAAgB;IAC/B,wDAAwD;IACxD,SAAS,EAAE,OAAO,CAAC;IACnB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,yCAAyC;AACzC,MAAM,WAAW,oBAAoB;IACnC,kCAAkC;IAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,sDAAsD;IACtD,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IAC3C,8BAA8B;IAC9B,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gCAAgC;IAChC,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,iCAAiC;IACjC,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,6BAA6B;IAC7B,YAAY,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IACxC,+BAA+B;IAC/B,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IACrC,+CAA+C;IAC/C,cAAc,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IAC1C,qCAAqC;IACrC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wCAAwC;IACxC,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,qCAAqC;AACrC,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,8CAA8C;IAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,iCAAiC;IACjC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,yBAAyB;IACzB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;CACvB;AAID,qBAAa,aAAa;IACxB,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,GAAG,EAAE,sBAAsB,CAAC;IACrC,QAAQ,CAAC,GAAG,EAAE,sBAAsB,CAAC;IACrC,QAAQ,CAAC,EAAE,EAAE,uBAAuB,CAAC;IACrC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,oBAAoB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;IACxC,QAAQ,CAAC,aAAa,EAAE,yBAAyB,CAAC;gBAGhD,MAAM,EAAE,UAAU,EAClB,GAAG,EAAE,sBAAsB,EAC3B,GAAG,EAAE,sBAAsB,EAC3B,EAAE,EAAE,uBAAuB;IAa7B,0DAA0D;IAC1D,IAAI,OAAO,IAAI,MAAM,CAMpB;IAED,iDAAiD;IACjD,IAAI,QAAQ,IAAI,OAAO,CAA4C;IAEnE,+CAA+C;IAC/C,IAAI,MAAM,IAAI,OAAO,CAA0C;IAE/D,+CAA+C;IAC/C,IAAI,MAAM,IAAI,OAAO,CAA0C;IAE/D,+CAA+C;IAC/C,IAAI,MAAM,IAAI,OAAO,CAA0C;IAE/D,2CAA2C;IAC3C,IAAI,QAAQ,IAAI,OAAO,CAA4C;IAEnE,oFAAoF;IACpF,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE;IAK5D,mFAAmF;IACnF,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE;CAI5D;AA0ZD;;;;GAIG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,aAAa,CAAC,CAa/D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,GAAG,IAAI,CAE3D"}
|
package/build/core/distro.js
CHANGED
|
@@ -364,8 +364,8 @@ function buildFirewallBackend(fbName) {
|
|
|
364
364
|
};
|
|
365
365
|
case "pf": return {
|
|
366
366
|
name: fbName,
|
|
367
|
-
allowCmd: (
|
|
368
|
-
denyCmd: (
|
|
367
|
+
allowCmd: (_port, _proto = "tcp") => ["pfctl", "-e", "-f", "-"],
|
|
368
|
+
denyCmd: (_port, _proto = "tcp") => ["pfctl", "-e", "-f", "-"],
|
|
369
369
|
listCmd: () => ["pfctl", "-sr"],
|
|
370
370
|
flushCmd: () => ["pfctl", "-F", "all"],
|
|
371
371
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../src/core/executor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../src/core/executor.ts"],"names":[],"mappings":"AAmFA;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,uCAAuC;IACvC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uCAAuC;IACvC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,iFAAiF;IACjF,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,iEAAiE;IACjE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,QAAQ,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AA0FD;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,aAAa,CAAC,CAoPxB"}
|
package/build/core/executor.js
CHANGED
|
@@ -6,6 +6,7 @@ import { getConfig, getToolTimeout } from "./config.js";
|
|
|
6
6
|
import { SudoSession } from "./sudo-session.js";
|
|
7
7
|
import { SudoGuard } from "./sudo-guard.js";
|
|
8
8
|
import { resolveCommand, resolveSudoCommand } from "./command-allowlist.js";
|
|
9
|
+
import { redactOutput } from "./output-redactor.js";
|
|
9
10
|
// ── Askpass helper detection ─────────────────────────────────────────────────
|
|
10
11
|
/**
|
|
11
12
|
* Ordered list of known graphical sudo/SSH askpass helpers.
|
|
@@ -328,6 +329,18 @@ export async function executeCommand(options) {
|
|
|
328
329
|
const exitCode = timedOut ? 124 : (code ?? 1);
|
|
329
330
|
let stdout = Buffer.concat(stdoutChunks).toString("utf-8");
|
|
330
331
|
let stderr = Buffer.concat(stderrChunks).toString("utf-8");
|
|
332
|
+
// ── Output sanitization: redact credentials before returning to LLM ──
|
|
333
|
+
if (getConfig().redactOutput) {
|
|
334
|
+
const stdoutR = redactOutput(stdout);
|
|
335
|
+
const stderrR = redactOutput(stderr);
|
|
336
|
+
stdout = stdoutR.text;
|
|
337
|
+
stderr = stderrR.text;
|
|
338
|
+
const total = stdoutR.redactionCount + stderrR.redactionCount;
|
|
339
|
+
if (total > 0) {
|
|
340
|
+
const patterns = [...new Set([...stdoutR.matchedPatterns, ...stderrR.matchedPatterns])];
|
|
341
|
+
console.error(`[output-redactor] Redacted ${total} sensitive pattern(s) from '${options.toolName}': ${patterns.join(", ")}`);
|
|
342
|
+
}
|
|
343
|
+
}
|
|
331
344
|
if (stdoutCapped) {
|
|
332
345
|
stdout += "\n[OUTPUT TRUNCATED - exceeded max buffer]";
|
|
333
346
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"installer.d.ts","sourceRoot":"","sources":["../../src/core/installer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"installer.d.ts","sourceRoot":"","sources":["../../src/core/installer.ts"],"names":[],"mappings":"AAUA;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,WAAW,GACX,UAAU,GACV,YAAY,GACZ,YAAY,GACZ,SAAS,GACT,QAAQ,GACR,gBAAgB,GAChB,YAAY,GACZ,WAAW,GACX,SAAS,GACT,WAAW,GACX,WAAW,GACX,YAAY,GACZ,SAAS,GACT,cAAc,CAAC;AAEnB;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,QAAQ,EAAE,YAAY,CAAC;IACvB,2BAA2B;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,iDAAiD;IACjD,QAAQ,EAAE,OAAO,CAAC;IAClB,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;OAIG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,gFAAgF;IAChF,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,4BAA4B;IAC5B,IAAI,EAAE,eAAe,CAAC;IACtB,oCAAoC;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oCAAoC;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,IAAI,EAAE,eAAe,CAAC;IACtB,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,2BAA2B;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,eAAe,EAo9B5C,CAAC;AAYF;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAgDlE;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,QAAQ,CAAC,EAAE,YAAY,GACtB,OAAO,CAAC,eAAe,EAAE,CAAC,CAkB5B;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,eAAe,GACpB,OAAO,CAAC,aAAa,CAAC,CA0DxB;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,QAAQ,CAAC,EAAE,YAAY,EACvB,MAAM,CAAC,EAAE,OAAO,GACf,OAAO,CAAC,aAAa,EAAE,CAAC,CAgC1B;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQlF;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,CAYnE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/core/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAOH,qEAAqE;AACrE,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,CAAC;AAYxE,wDAAwD;AACxD,MAAM,WAAW,QAAQ;IACvB,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,KAAK,EAAE,QAAQ,CAAC;IAChB,gFAAgF;IAChF,SAAS,EAAE,MAAM,CAAC;IAClB,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AA6CD;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,MAAM;IACjB,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAS;gBAEb,QAAQ,CAAC,EAAE,QAAQ;IAmB/B;;;OAGG;IACH,OAAO,CAAC,aAAa;IAQrB,4DAA4D;IAC5D,OAAO,CAAC,SAAS;IAIjB;;;OAGG;IACH,OAAO,CAAC,WAAW;
|
|
1
|
+
{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/core/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAOH,qEAAqE;AACrE,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,CAAC;AAYxE,wDAAwD;AACxD,MAAM,WAAW,QAAQ;IACvB,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,KAAK,EAAE,QAAQ,CAAC;IAChB,gFAAgF;IAChF,SAAS,EAAE,MAAM,CAAC;IAClB,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AA6CD;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,MAAM;IACjB,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAS;gBAEb,QAAQ,CAAC,EAAE,QAAQ;IAmB/B;;;OAGG;IACH,OAAO,CAAC,aAAa;IAQrB,4DAA4D;IAC5D,OAAO,CAAC,SAAS;IAIjB;;;OAGG;IACH,OAAO,CAAC,WAAW;IAqBnB;;;;;;;;OAQG;IACH,GAAG,CACD,KAAK,EAAE,QAAQ,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,IAAI;IAoBP,iCAAiC;IACjC,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,IAAI;IAIP,iCAAiC;IACjC,IAAI,CACF,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,IAAI;IAIP,mCAAmC;IACnC,IAAI,CACF,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,IAAI;IAIP,kCAAkC;IAClC,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,IAAI;IAIP;;;;;;;;;;OAUG;IACH,QAAQ,CACN,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,IAAI;IAIP;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAI/B,yCAAyC;IACzC,QAAQ,IAAI,QAAQ;CAGrB;AAID;;;;;;;;GAQG;AACH,eAAO,MAAM,MAAM,QAAe,CAAC"}
|
package/build/core/logger.js
CHANGED
|
@@ -127,14 +127,18 @@ export class Logger {
|
|
|
127
127
|
if (!this.logFile)
|
|
128
128
|
return;
|
|
129
129
|
try {
|
|
130
|
-
//
|
|
131
|
-
|
|
130
|
+
// Attempt rotation first, then append — both are best-effort.
|
|
131
|
+
// The append itself is atomic enough for structured log lines.
|
|
132
|
+
try {
|
|
132
133
|
const stats = statSync(this.logFile);
|
|
133
134
|
if (stats.size >= this.maxFileSize) {
|
|
134
135
|
rotateLogFile(this.logFile, this.maxFiles);
|
|
135
136
|
}
|
|
136
137
|
}
|
|
137
|
-
|
|
138
|
+
catch {
|
|
139
|
+
// File may not exist yet — appendFileSync will create it
|
|
140
|
+
}
|
|
141
|
+
appendFileSync(this.logFile, line, { encoding: "utf-8", mode: 0o600 });
|
|
138
142
|
}
|
|
139
143
|
catch {
|
|
140
144
|
// Best-effort — don't crash the server on write failure
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* output-redactor.ts — Post-execution output sanitization.
|
|
3
|
+
*
|
|
4
|
+
* Scans command stdout/stderr for sensitive data patterns and replaces
|
|
5
|
+
* them with [REDACTED] before returning results to the LLM.
|
|
6
|
+
*
|
|
7
|
+
* SECURITY: Over-redacting is preferred to under-redacting.
|
|
8
|
+
*
|
|
9
|
+
* @module output-redactor
|
|
10
|
+
*/
|
|
11
|
+
export interface RedactionResult {
|
|
12
|
+
/** The sanitized text */
|
|
13
|
+
text: string;
|
|
14
|
+
/** Number of redactions applied */
|
|
15
|
+
redactionCount: number;
|
|
16
|
+
/** Labels of patterns that matched */
|
|
17
|
+
matchedPatterns: string[];
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Redact sensitive data from command output.
|
|
21
|
+
*
|
|
22
|
+
* @param text - Raw stdout or stderr text
|
|
23
|
+
* @returns Sanitized text with redaction metadata
|
|
24
|
+
*/
|
|
25
|
+
export declare function redactOutput(text: string): RedactionResult;
|
|
26
|
+
//# sourceMappingURL=output-redactor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"output-redactor.d.ts","sourceRoot":"","sources":["../../src/core/output-redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAmFH,MAAM,WAAW,eAAe;IAC9B,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,sCAAsC;IACtC,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAmB1D"}
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* output-redactor.ts — Post-execution output sanitization.
|
|
3
|
+
*
|
|
4
|
+
* Scans command stdout/stderr for sensitive data patterns and replaces
|
|
5
|
+
* them with [REDACTED] before returning results to the LLM.
|
|
6
|
+
*
|
|
7
|
+
* SECURITY: Over-redacting is preferred to under-redacting.
|
|
8
|
+
*
|
|
9
|
+
* @module output-redactor
|
|
10
|
+
*/
|
|
11
|
+
const REDACTION_PATTERNS = [
|
|
12
|
+
// Private key blocks (PEM format)
|
|
13
|
+
{
|
|
14
|
+
pattern: /-----BEGIN\s[\w\s]*PRIVATE KEY-----[\s\S]*?-----END\s[\w\s]*PRIVATE KEY-----/g,
|
|
15
|
+
replacement: "[REDACTED: private key block]",
|
|
16
|
+
label: "private-key",
|
|
17
|
+
},
|
|
18
|
+
// AWS access key IDs (AKIA...)
|
|
19
|
+
{
|
|
20
|
+
pattern: /\bAKIA[0-9A-Z]{16}\b/g,
|
|
21
|
+
replacement: "[REDACTED: AWS access key]",
|
|
22
|
+
label: "aws-key",
|
|
23
|
+
},
|
|
24
|
+
// AWS secret access key after known labels
|
|
25
|
+
{
|
|
26
|
+
pattern: /(?:aws_secret_access_key|secret[_-]?access[_-]?key)\s*[=:]\s*[A-Za-z0-9/+=]{40}/gi,
|
|
27
|
+
replacement: "[REDACTED: AWS secret key]",
|
|
28
|
+
label: "aws-secret",
|
|
29
|
+
},
|
|
30
|
+
// Generic password patterns
|
|
31
|
+
{
|
|
32
|
+
pattern: /(?:password|passwd|pass|pwd)\s*[=:]\s*\S+/gi,
|
|
33
|
+
replacement: "[REDACTED: password]",
|
|
34
|
+
label: "password",
|
|
35
|
+
},
|
|
36
|
+
// Authorization / Bearer / Basic auth headers
|
|
37
|
+
{
|
|
38
|
+
pattern: /(?:Authorization|Bearer|Basic)\s*[:=]\s*\S+/gi,
|
|
39
|
+
replacement: "[REDACTED: auth token]",
|
|
40
|
+
label: "auth-header",
|
|
41
|
+
},
|
|
42
|
+
// API keys and tokens
|
|
43
|
+
{
|
|
44
|
+
pattern: /(?:api[_-]?key|api[_-]?token|access[_-]?token|auth[_-]?token|secret[_-]?key)\s*[=:]\s*\S+/gi,
|
|
45
|
+
replacement: "[REDACTED: api key/token]",
|
|
46
|
+
label: "api-key",
|
|
47
|
+
},
|
|
48
|
+
// Connection strings with embedded credentials
|
|
49
|
+
{
|
|
50
|
+
pattern: /(?:mysql|postgres(?:ql)?|mongodb(?:\+srv)?|redis|amqp|mssql):\/\/[^:]+:[^@]+@/gi,
|
|
51
|
+
replacement: "[REDACTED: connection string]://",
|
|
52
|
+
label: "connection-string",
|
|
53
|
+
},
|
|
54
|
+
// /etc/shadow password hashes (user:$hash:...)
|
|
55
|
+
{
|
|
56
|
+
pattern: /^([^:]+):\$[0-9a-z]+\$[^:]+:/gm,
|
|
57
|
+
replacement: "$1:[REDACTED: password hash]:",
|
|
58
|
+
label: "shadow-hash",
|
|
59
|
+
},
|
|
60
|
+
// GitHub / GitLab personal access tokens
|
|
61
|
+
{
|
|
62
|
+
pattern: /\b(?:ghp|gho|ghu|ghs|ghr|glpat)-[A-Za-z0-9_]{20,}\b/g,
|
|
63
|
+
replacement: "[REDACTED: git token]",
|
|
64
|
+
label: "git-token",
|
|
65
|
+
},
|
|
66
|
+
// Generic hex tokens (32+ chars after token/secret/key labels)
|
|
67
|
+
{
|
|
68
|
+
pattern: /(?:token|secret|key)\s*[=:]\s*[0-9a-f]{32,}/gi,
|
|
69
|
+
replacement: "[REDACTED: hex token]",
|
|
70
|
+
label: "hex-token",
|
|
71
|
+
},
|
|
72
|
+
];
|
|
73
|
+
/**
|
|
74
|
+
* Redact sensitive data from command output.
|
|
75
|
+
*
|
|
76
|
+
* @param text - Raw stdout or stderr text
|
|
77
|
+
* @returns Sanitized text with redaction metadata
|
|
78
|
+
*/
|
|
79
|
+
export function redactOutput(text) {
|
|
80
|
+
if (!text)
|
|
81
|
+
return { text, redactionCount: 0, matchedPatterns: [] };
|
|
82
|
+
let result = text;
|
|
83
|
+
let redactionCount = 0;
|
|
84
|
+
const matchedPatterns = [];
|
|
85
|
+
for (const { pattern, replacement, label } of REDACTION_PATTERNS) {
|
|
86
|
+
// Reset lastIndex for global regexes
|
|
87
|
+
pattern.lastIndex = 0;
|
|
88
|
+
const matches = result.match(pattern);
|
|
89
|
+
if (matches && matches.length > 0) {
|
|
90
|
+
redactionCount += matches.length;
|
|
91
|
+
matchedPatterns.push(label);
|
|
92
|
+
result = result.replace(pattern, replacement);
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
return { text: result, redactionCount, matchedPatterns };
|
|
96
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pam-utils.d.ts","sourceRoot":"","sources":["../../src/core/pam-utils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;
|
|
1
|
+
{"version":3,"file":"pam-utils.d.ts","sourceRoot":"","sources":["../../src/core/pam-utils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,EAAiB,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAKtE,qDAAqD;AACrD,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,OAAO,EAAE,MAAM,CAAC;IAChB,qFAAqF;IACrF,OAAO,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,6DAA6D;IAC7D,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,sCAAsC;AACtC,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,0BAA0B;AAC1B,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,CAAC;CACf;AAED,6BAA6B;AAC7B,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,SAAS,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,mCAAmC;AACnC,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,GAAG,UAAU,CAAC;AAInE,+CAA+C;AAC/C,qBAAa,kBAAmB,SAAQ,KAAK;aAEzB,MAAM,EAAE,MAAM,EAAE;aAChB,QAAQ,CAAC,EAAE,MAAM;gBADjB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,CAAC,EAAE,MAAM,YAAA;CAOpC;AAED,uEAAuE;AACvE,qBAAa,aAAc,SAAQ,KAAK;aAGpB,QAAQ,EAAE,MAAM;aAChB,QAAQ,CAAC,EAAE,MAAM;gBAFjC,OAAO,EAAE,MAAM,EACC,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,YAAA;CAKpC;AA+BD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CA2CzD;AAqDD;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,CAyB3D;AAID;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,OAAO,EAAE,GACf;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CA0FtC;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,MAAM,GACd;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAGtC;AAID;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EAAE,GACb,OAAO,CAWT;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,OAAO,EAAE,EAChB,UAAU,EAAE,MAAM,GACjB,OAAO,EAAE,CAIX;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,OAAO,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,EAAE,CAgBX;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,OAAO,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,EAAE,CAgBX;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,OAAO,EAAE,EAChB,UAAU,EAAE,MAAM,GACjB,OAAO,EAAE,CAKX;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CA2D5D;AAID;;;;;;GAMG;AACH,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAcnE;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAqDf;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,WAAW,CAAC,CAyCtB;AAED;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,WAAW,GACvB,OAAO,CAAC,IAAI,CAAC,CAqDf;AAID,0DAA0D;AAC1D,MAAM,WAAW,gBAAgB;IAC/B,gFAAgF;IAChF,QAAQ,EAAE,SAAS,GAAG,UAAU,CAAC;IACjC,0CAA0C;IAC1C,MAAM,EAAE,iBAAiB,GAAG,kBAAkB,GAAG,SAAS,CAAC;IAC3D,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,8CAA8C;AAC9C,MAAM,WAAW,eAAe;IAC9B,yCAAyC;IACzC,IAAI,EAAE,OAAO,CAAC;IACd,oDAAoD;IACpD,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,0CAA0C;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB;AAID;;;;GAIG;AACH,eAAO,MAAM,qBAAqB;;QAE9B,0EAA0E;;QAE1E,iEAAiE;;QAEjE,iEAAiE;;QAEjE,yEAAyE;;;;QAIzE,0DAA0D;;QAE1D,8DAA8D;;QAE9D,4DAA4D;;QAE5D,+EAA+E;;;CAGzE,CAAC;AAIX;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,gBAAgB,EAAE,CAgErB;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,gBAAgB,EAAE,CA2ErB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,gBAAgB,EAAE,CAoE5E;AAID;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE;IAC/C,2CAA2C;IAC3C,MAAM,CAAC,EAAE,UAAU,GAAG,WAAW,CAAC;IAClC,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,sDAAsD;IACtD,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC;CACnB,GAAG,eAAe,CAmDlB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"preflight.d.ts","sourceRoot":"","sources":["../../src/core/preflight.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"preflight.d.ts","sourceRoot":"","sources":["../../src/core/preflight.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,wBAAwB,CAAC;AAchC,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IAGjB,YAAY,EAAE;QACZ,kCAAkC;QAClC,OAAO,EAAE,eAAe,EAAE,CAAC;QAC3B,2CAA2C;QAC3C,OAAO,EAAE,eAAe,EAAE,CAAC;QAC3B,kCAAkC;QAClC,SAAS,EAAE,eAAe,EAAE,CAAC;QAC7B,kCAAkC;QAClC,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;IAGF,UAAU,EAAE;QACV,SAAS,EAAE,OAAO,CAAC;QACnB,MAAM,EAAE,cAAc,EAAE,CAAC;QACzB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;IAGF,UAAU,CAAC,EAAE;QACX,oCAAoC;QACpC,IAAI,EAAE,OAAO,CAAC;QACd,iDAAiD;QACjD,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,mCAAmC;QACnC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,6CAA6C;QAC7C,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IAEF,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,QAAQ,GAAG,eAAe,GAAG,aAAa,GAAG,SAAS,GAAG,MAAM,CAAC;IACtE,wCAAwC;IACxC,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AA6ID;;;;;;;;GAQG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,aAAa,CAAgB;IAErC;;;;OAIG;IACH,OAAO,CAAC,WAAW,CAA2D;IAC9E,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAU;IAE3C,OAAO,CAAC,MAAM,CAAC,SAAS,CAAgC;IAExD,OAAO;IAOP,4CAA4C;IAC5C,MAAM,CAAC,QAAQ,IAAI,eAAe;IASlC;;;;;;;;;;OAUG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,eAAe,CAAC;IAmM3B;;;;;;OAMG;IACG,iBAAiB,CACrB,QAAQ,EAAE,YAAY,GACrB,OAAO,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;IA0J3C;;;OAGG;IACG,eAAe,CACnB,QAAQ,EAAE,YAAY,GACrB,OAAO,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAWzC;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,aAAa,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM;IAoG9C;;;;;;OAMG;IACH,mBAAmB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM;IAiCpD;;;;OAIG;IACH,UAAU,IAAI,IAAI;IAMlB,4CAA4C;IAC5C,OAAO,CAAC,WAAW;CAMpB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"safeguards.d.ts","sourceRoot":"","sources":["../../src/core/safeguards.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;
|
|
1
|
+
{"version":3,"file":"safeguards.d.ts","sourceRoot":"","sources":["../../src/core/safeguards.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAeH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,OAAO,CAAC;CACtB;AA+DD,gDAAgD;AAChD,wBAAgB,YAAY,IAAI,OAAO,CAEtC;AAED,sEAAsE;AACtE,wBAAgB,iBAAiB,IAAI,OAAO,CAS3C;AA0BD,qBAAa,iBAAiB;IAC5B,+EAA+E;IAC/E,OAAO,CAAC,cAAc,CAGa;IAEnC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAU;IAE9C,OAAO;IAEP,kCAAkC;IAClC,MAAM,CAAC,WAAW,IAAI,iBAAiB;IAOvC,sCAAsC;IAChC,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC;IA0C1C,mDAAmD;IAC7C,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC;IAmC1C,qCAAqC;IAC/B,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;IA2C9C,6CAA6C;IACvC,eAAe,IAAI,OAAO,CAAC,WAAW,CAAC;IA0B7C,mCAAmC;IAC7B,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;IAmB9C;;;OAGG;IACG,WAAW,CACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,OAAO,CAAC,YAAY,CAAC;IAsMxB,kEAAkE;IAC5D,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC;CA2BlD"}
|
package/build/core/safeguards.js
CHANGED
|
@@ -17,7 +17,6 @@ import { z } from "zod";
|
|
|
17
17
|
import { executeCommand } from "./executor.js";
|
|
18
18
|
// ── Zod schemas ──────────────────────────────────────────────────────────────
|
|
19
19
|
const OperationSchema = z.string().min(1).max(256);
|
|
20
|
-
const ParamsSchema = z.record(z.string(), z.unknown());
|
|
21
20
|
// ── Operations that affect specific domains ──────────────────────────────────
|
|
22
21
|
const DOCKER_OPERATIONS = [
|
|
23
22
|
"container", "docker", "apparmor", "seccomp", "namespace",
|
|
@@ -202,7 +201,7 @@ export class SafeguardRegistry {
|
|
|
202
201
|
try {
|
|
203
202
|
// SECURITY (CORE-010): Use environment-aware path instead of hardcoded /home/robert/...
|
|
204
203
|
const mcpConfigPath = path.join(os.homedir(), "defense-mcp-workspace", ".mcp.json");
|
|
205
|
-
|
|
204
|
+
try {
|
|
206
205
|
const raw = fs.readFileSync(mcpConfigPath, "utf-8");
|
|
207
206
|
const config = JSON.parse(raw);
|
|
208
207
|
const servers = config.mcpServers ?? config.servers ?? {};
|
|
@@ -212,6 +211,9 @@ export class SafeguardRegistry {
|
|
|
212
211
|
detected = true;
|
|
213
212
|
}
|
|
214
213
|
}
|
|
214
|
+
catch {
|
|
215
|
+
// File doesn't exist or isn't readable — skip
|
|
216
|
+
}
|
|
215
217
|
// Check for node processes
|
|
216
218
|
const r = await executeCommand({
|
|
217
219
|
toolName: "_internal",
|
|
@@ -306,7 +308,6 @@ export class SafeguardRegistry {
|
|
|
306
308
|
]);
|
|
307
309
|
this.detectionCache = { result: { vscode, docker, mcp, dbs, web }, timestamp: now };
|
|
308
310
|
}
|
|
309
|
-
const detections = [vscode, docker, mcp, dbs, web];
|
|
310
311
|
// Check Docker impact
|
|
311
312
|
if (docker.detected && matchesAny(operation, DOCKER_OPERATIONS)) {
|
|
312
313
|
warnings.push(`Docker is active (${docker.detail}) — operation may affect containers`);
|
|
@@ -3,7 +3,7 @@ import { type DefenseConfig } from "./config.js";
|
|
|
3
3
|
* Validates a target string as hostname, IPv4, IPv6, or CIDR notation.
|
|
4
4
|
* Throws on invalid input.
|
|
5
5
|
*/
|
|
6
|
-
export declare function validateTarget(target: string,
|
|
6
|
+
export declare function validateTarget(target: string, _config?: DefenseConfig): string;
|
|
7
7
|
/**
|
|
8
8
|
* Validates a single port number (1-65535).
|
|
9
9
|
* Throws on invalid input.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../../src/core/sanitizer.ts"],"names":[],"mappings":"AAEA,OAAO,EAAa,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAmB5D;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../../src/core/sanitizer.ts"],"names":[],"mappings":"AAEA,OAAO,EAAa,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAmB5D;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,MAAM,CAkD9E;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAM1D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAwCvD;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,CAsFR;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAuBrD;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAcxD;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAcrD;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAcrD;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAcxD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAe3D;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAoBvD;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAkBrD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CA8BrD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAqCrD;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAczD;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAcrD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAC9B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EAAE,EACrB,KAAK,SAAS,GACb,MAAM,CA0CR;AAgBD;;;;;;;;;;GAUG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAuBxD"}
|
package/build/core/sanitizer.js
CHANGED
|
@@ -19,7 +19,7 @@ const PATH_TRAVERSAL_RE = /(^|[\/\\])\.\.([\/\\]|$)/;
|
|
|
19
19
|
* Validates a target string as hostname, IPv4, IPv6, or CIDR notation.
|
|
20
20
|
* Throws on invalid input.
|
|
21
21
|
*/
|
|
22
|
-
export function validateTarget(target,
|
|
22
|
+
export function validateTarget(target, _config) {
|
|
23
23
|
if (!target || typeof target !== "string") {
|
|
24
24
|
throw new Error("Target must be a non-empty string");
|
|
25
25
|
}
|
|
@@ -33,6 +33,11 @@
|
|
|
33
33
|
*
|
|
34
34
|
* @module sudo-guard
|
|
35
35
|
*/
|
|
36
|
+
/**
|
|
37
|
+
* Exit codes that commonly indicate permission failures.
|
|
38
|
+
* Note: exit code alone is not sufficient — must be combined with pattern
|
|
39
|
+
* matching for reliable detection.
|
|
40
|
+
*/
|
|
36
41
|
/**
|
|
37
42
|
* Structured MCP response content for an elevation prompt.
|
|
38
43
|
* Returned when a tool cannot proceed without sudo privileges.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sudo-guard.d.ts","sourceRoot":"","sources":["../../src/core/sudo-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;
|
|
1
|
+
{"version":3,"file":"sudo-guard.d.ts","sourceRoot":"","sources":["../../src/core/sudo-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAwEH;;;;GAIG;AAGH;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,CAAC;IACd,KAAK,EAAE;QACL,qDAAqD;QACrD,iBAAiB,EAAE,IAAI,CAAC;QACxB;;;;WAIG;QACH,YAAY,EAAE,IAAI,CAAC;QACnB,2BAA2B;QAC3B,UAAU,EAAE,MAAM,CAAC;QACnB,8BAA8B;QAC9B,MAAM,EAAE,MAAM,CAAC;QACf,qCAAqC;QACrC,aAAa,EAAE,cAAc,CAAC;KAC/B,CAAC;CACH;AAID;;;GAGG;AACH,qBAAa,SAAS;IACpB;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,0BAA0B,IAAI;QAAE,gBAAgB,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE;IA2CrF;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO;IAqBpE;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,qBAAqB,CAC1B,QAAQ,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM,EACf,aAAa,CAAC,EAAE,MAAM,GACrB,uBAAuB;IAsD1B;;;;;;;;;OASG;IACH,MAAM,CAAC,yBAAyB,CAC9B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAC5C,OAAO;IA4BV;;;OAGG;IACH,MAAM,CAAC,mBAAmB,CACxB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAC5C,MAAM,GAAG,SAAS;IAoBrB;;;OAGG;IACH,MAAM,CAAC,gBAAgB,IAAI,OAAO;IAIlC;;;;;;;;;OASG;IACH,MAAM,CAAC,eAAe,IAAI;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAU7D;;;;;;;;;;OAUG;IACH,MAAM,CAAC,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;CAiDrF"}
|
package/build/core/sudo-guard.js
CHANGED
|
@@ -92,17 +92,6 @@ const PERMISSION_ERROR_PATTERNS = [
|
|
|
92
92
|
/cannot write.*permission denied/i,
|
|
93
93
|
/read-only file system/i,
|
|
94
94
|
];
|
|
95
|
-
/**
|
|
96
|
-
* Exit codes that commonly indicate permission failures.
|
|
97
|
-
* Note: exit code alone is not sufficient — must be combined with pattern
|
|
98
|
-
* matching for reliable detection.
|
|
99
|
-
*/
|
|
100
|
-
const PERMISSION_EXIT_CODES = new Set([
|
|
101
|
-
1, // General error (common for sudo failures)
|
|
102
|
-
126, // Command invoked cannot execute (permission issue)
|
|
103
|
-
4, // iptables: resource problem (often permission)
|
|
104
|
-
77, // BSD/systemd: noperm
|
|
105
|
-
]);
|
|
106
95
|
// ── SudoGuard ────────────────────────────────────────────────────────────────
|
|
107
96
|
/**
|
|
108
97
|
* Static utility class for permission error detection and elevation prompt
|
|
@@ -563,7 +563,7 @@ async function installAptRepo(entry) {
|
|
|
563
563
|
const tempSourcePath = join(tempDir, `${entry.binary}.list`);
|
|
564
564
|
try {
|
|
565
565
|
const { writeFileSync } = await import("node:fs");
|
|
566
|
-
writeFileSync(tempSourcePath, entry.aptRepoLine + "\n", { mode:
|
|
566
|
+
writeFileSync(tempSourcePath, entry.aptRepoLine + "\n", { mode: 0o600 });
|
|
567
567
|
const copyResult = execWithSudo(["cp", tempSourcePath, aptSourcePath], { timeoutMs: 5_000 });
|
|
568
568
|
if (!copyResult.success) {
|
|
569
569
|
return {
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* tool-annotations.ts — Centralized MCP ToolAnnotations for all tools.
|
|
3
|
+
*
|
|
4
|
+
* Annotations are auto-injected by the tool-wrapper proxy at registration
|
|
5
|
+
* time, so individual tool files do not need modification.
|
|
6
|
+
*
|
|
7
|
+
* @module tool-annotations
|
|
8
|
+
*/
|
|
9
|
+
import type { ToolAnnotations } from "@modelcontextprotocol/sdk/types.js";
|
|
10
|
+
export declare const TOOL_ANNOTATIONS: Record<string, ToolAnnotations>;
|
|
11
|
+
export declare function getToolAnnotations(toolName: string): ToolAnnotations | undefined;
|
|
12
|
+
export declare function isReadOnlyTool(toolName: string): boolean;
|
|
13
|
+
//# sourceMappingURL=tool-annotations.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-annotations.d.ts","sourceRoot":"","sources":["../../src/core/tool-annotations.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AAE1E,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAmC5D,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAEhF;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAExD"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* tool-annotations.ts — Centralized MCP ToolAnnotations for all tools.
|
|
3
|
+
*
|
|
4
|
+
* Annotations are auto-injected by the tool-wrapper proxy at registration
|
|
5
|
+
* time, so individual tool files do not need modification.
|
|
6
|
+
*
|
|
7
|
+
* @module tool-annotations
|
|
8
|
+
*/
|
|
9
|
+
export const TOOL_ANNOTATIONS = {
|
|
10
|
+
// Read-only tools (ALL actions are non-modifying)
|
|
11
|
+
secrets: { readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: false },
|
|
12
|
+
cloud_security: { readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true },
|
|
13
|
+
process_security: { readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: false },
|
|
14
|
+
api_security: { readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true },
|
|
15
|
+
// Destructive tools (at least one state-modifying action)
|
|
16
|
+
firewall: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
17
|
+
harden_kernel: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
18
|
+
harden_host: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
19
|
+
access_control: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
20
|
+
compliance: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
21
|
+
integrity: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
22
|
+
log_management: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
23
|
+
malware: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
24
|
+
container_docker: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
25
|
+
container_isolation: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
26
|
+
ebpf: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
27
|
+
crypto: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
28
|
+
network_defense: { readOnlyHint: false, destructiveHint: false, idempotentHint: true, openWorldHint: false },
|
|
29
|
+
patch: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
30
|
+
incident_response: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
31
|
+
defense_mgmt: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
32
|
+
sudo_session: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
33
|
+
backup: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
34
|
+
supply_chain: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
35
|
+
zero_trust: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
36
|
+
honeypot_manage: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
37
|
+
dns_security: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
38
|
+
threat_intel: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
39
|
+
vuln_manage: { readOnlyHint: false, destructiveHint: false, idempotentHint: true, openWorldHint: true },
|
|
40
|
+
waf_manage: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
41
|
+
wireless_security: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
42
|
+
app_harden: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false },
|
|
43
|
+
};
|
|
44
|
+
export function getToolAnnotations(toolName) {
|
|
45
|
+
return TOOL_ANNOTATIONS[toolName];
|
|
46
|
+
}
|
|
47
|
+
export function isReadOnlyTool(toolName) {
|
|
48
|
+
return TOOL_ANNOTATIONS[toolName]?.readOnlyHint === true;
|
|
49
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-wrapper.d.ts","sourceRoot":"","sources":["../../src/core/tool-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;
|
|
1
|
+
{"version":3,"file":"tool-wrapper.d.ts","sourceRoot":"","sources":["../../src/core/tool-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAsBzE,0CAA0C;AAC1C,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;OAIG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAeD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,SAAS,EACjB,OAAO,GAAE,cAAmB,GAC3B,SAAS,CAkDX;AAED;;;;;;;;;GASG;AACH,wBAAgB,yBAAyB,IAAI,IAAI,CAGhD"}
|
|
@@ -27,6 +27,8 @@ import { PrivilegeManager } from "./privilege-manager.js";
|
|
|
27
27
|
import { SudoGuard } from "./sudo-guard.js";
|
|
28
28
|
import { SudoSession } from "./sudo-session.js";
|
|
29
29
|
import { RateLimiter } from "./rate-limiter.js";
|
|
30
|
+
import { getConfig } from "./config.js";
|
|
31
|
+
import { getToolAnnotations, isReadOnlyTool } from "./tool-annotations.js";
|
|
30
32
|
// ── Constants ────────────────────────────────────────────────────────────────
|
|
31
33
|
/**
|
|
32
34
|
* Tools that always skip pre-flight because they manage the sudo session
|
|
@@ -131,6 +133,16 @@ function createWrappedToolMethod(server, ctx) {
|
|
|
131
133
|
return originalTool(...args);
|
|
132
134
|
}
|
|
133
135
|
const toolName = args[0];
|
|
136
|
+
// ── Tool filtering (read-only mode & allowlisting) ──────────────
|
|
137
|
+
const config = getConfig();
|
|
138
|
+
if (config.allowedTools.length > 0 && !config.allowedTools.includes(toolName)) {
|
|
139
|
+
console.error(`[tool-filter] Skipping '${toolName}' — not in DEFENSE_MCP_ALLOWED_TOOLS`);
|
|
140
|
+
return undefined;
|
|
141
|
+
}
|
|
142
|
+
if (config.readOnly && !isReadOnlyTool(toolName)) {
|
|
143
|
+
console.error(`[tool-filter] Skipping destructive tool '${toolName}' — read-only mode`);
|
|
144
|
+
return undefined;
|
|
145
|
+
}
|
|
134
146
|
// ── Bypass check ─────────────────────────────────────────────────
|
|
135
147
|
if (shouldBypassPreflight(toolName, ctx)) {
|
|
136
148
|
return originalTool(...args);
|
|
@@ -141,6 +153,12 @@ function createWrappedToolMethod(server, ctx) {
|
|
|
141
153
|
// Reconstruct args with the wrapped handler in the last position
|
|
142
154
|
const wrappedArgs = [...args];
|
|
143
155
|
wrappedArgs[wrappedArgs.length - 1] = wrappedHandler;
|
|
156
|
+
// ── Auto-inject tool annotations ────────────────────────────────
|
|
157
|
+
const annotations = getToolAnnotations(toolName);
|
|
158
|
+
if (annotations) {
|
|
159
|
+
// Insert annotations before the handler (last position)
|
|
160
|
+
wrappedArgs.splice(wrappedArgs.length - 1, 0, annotations);
|
|
161
|
+
}
|
|
144
162
|
return originalTool(...wrappedArgs);
|
|
145
163
|
};
|
|
146
164
|
}
|