docguard-cli 0.21.0 → 0.21.1

package/cli/commands/init.mjs

@@ -15,7 +15,7 @@ import { fileURLToPath } from 'node:url';
 import { createInterface } from 'node:readline';
 import { execSync } from 'node:child_process';
 import { c, PROFILES } from '../shared.mjs';
-import { ensureSkills, detectAgentMode, detectAIAgent, isSpecKitAvailable, isSpecKitInitialized, getDetectedAgent } from '../ensure-skills.mjs';
+import { ensureSkills, detectAgentMode, detectAIAgent, isSpecKitAvailable, isSpecKitInitialized, getDetectedAgent, safeSpawnSpecify } from '../ensure-skills.mjs';
 
 // v0.20: scaffolder names that can be passed via `init --with <name>` and
 // dispatched to the corresponding standalone runner. Each name maps to its
@@ -378,17 +378,22 @@ poetry.lock
   } else if (specKitAvailable && !specKitInitialized) {
     console.log(`\n  ${c.bold}🌱 Spec Kit Integration${c.reset}`);
 
-    // Detect which AI agent is in use (matches spec-kit's --ai flag)
+    // Detect which AI agent is in use (matches spec-kit's --ai flag).
+    // v0.21.1 (issue #190): the returned value is allowlist-validated inside
+    // getDetectedAgent, so an attacker-controlled `.specify/init-options.json`
+    // can no longer inject shell metacharacters here.
     const detectedAgent = detectAIAgent(projectDir);
-    const aiFlag = detectedAgent
-      ? `--ai ${detectedAgent}`
-      : '--ai generic --ai-commands-dir .agent/commands/';
+    const aiArgs = detectedAgent
+      ? ['--ai', detectedAgent]
+      : ['--ai', 'generic', '--ai-commands-dir', '.agent/commands/'];
 
     console.log(`  ${c.dim}Running specify init (agent: ${detectedAgent || 'generic'})...${c.reset}`);
     try {
-      const scriptFlag = process.platform === 'win32' ? '--script ps' : '--script sh';
-      execSync(
-        `specify init --here --force ${aiFlag} --ai-skills --ignore-agent-tools --no-git ${scriptFlag}`,
+      // v0.21.1 (issue #190): execFileSync via safeSpawnSpecify — args pass
+      // through as an array, no shell interpolation.
+      const scriptArgs = process.platform === 'win32' ? ['--script', 'ps'] : ['--script', 'sh'];
+      safeSpawnSpecify(
+        ['init', '--here', '--force', ...aiArgs, '--ai-skills', '--ignore-agent-tools', '--no-git', ...scriptArgs],
         { cwd: projectDir, encoding: 'utf-8', stdio: 'pipe', timeout: 30000 }
       );
       console.log(`  ${c.green}✅${c.reset} Spec Kit initialized ${c.dim}(.specify/, spec-kit skills, agent: ${detectedAgent || 'generic'})${c.reset}`);

package/cli/ensure-skills.mjs

@@ -13,9 +13,32 @@
 import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync } from 'node:fs';
 import { resolve, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
-import { execSync } from 'node:child_process';
+import { execSync, execFileSync } from 'node:child_process';
 import { c } from './shared.mjs';
 
+/**
+ * v0.21.1 (security): cross-platform safe spawn for the `specify` CLI.
+ *
+ * On POSIX, runs the `specify` binary directly with argv passed as an array
+ * — no shell interpolation possible. On Windows, the equivalent is via
+ * `cmd.exe /c specify.cmd ...` since `specify` is shipped as a .cmd shim by
+ * `pip install`. Args are still passed as an array so cmd.exe doesn't
+ * re-parse them.
+ *
+ * Replaces the pre-v0.21.1 pattern of `execSync(\`specify init ... \${flag} ...\`)`
+ * which was shell-interpolated and vulnerable to command injection via
+ * `.specify/init-options.json`'s `ai` field (issue #190).
+ */
+export function safeSpawnSpecify(args, opts) {
+  if (!Array.isArray(args)) {
+    throw new TypeError('safeSpawnSpecify(args, opts): args must be an array');
+  }
+  if (process.platform === 'win32') {
+    return execFileSync('cmd.exe', ['/c', 'specify.cmd', ...args], opts);
+  }
+  return execFileSync('specify', args, opts);
+}
+
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 
@@ -77,12 +100,27 @@ export function detectAgentMode(projectDir) {
  * @param {string} projectDir - The project root directory
  * @returns {string | null}
  */
+// v0.21.1 (security): allowlist for the spec-kit --ai flag value. Source
+// values come from `.specify/init-options.json` which is attacker-writable
+// in any compromised project. Without this filter, a value like
+// `"claude; touch /tmp/pwned;"` would shell-execute on every `docguard init`.
+//
+// Set conservatively from spec-kit's published agent list. New agents
+// require a code change to be accepted — by design.
+const VALID_AI_AGENT = /^[a-zA-Z0-9_-]{1,32}$/;
+
 export function getDetectedAgent(projectDir) {
   const initOptions = resolve(projectDir, '.specify', 'init-options.json');
   if (existsSync(initOptions)) {
     try {
       const opts = JSON.parse(readFileSync(initOptions, 'utf-8'));
-      return opts.ai || null;
+      const ai = opts.ai;
+      if (typeof ai !== 'string') return null;
+      // v0.21.1 (issue #190): reject anything outside the allowlist. Without
+      // this, a malicious `.specify/init-options.json` could inject shell
+      // metacharacters through to the `specify init` exec call.
+      if (!VALID_AI_AGENT.test(ai)) return null;
+      return ai;
     } catch { /* ignore */ }
   }
   return null;
@@ -193,13 +231,17 @@ export function ensureSpecKit(projectDir, flags = {}) {
       console.log(`  ${c.cyan}🌱 Spec Kit detected — auto-initializing SDD workflow...${c.reset}`);
     }
     try {
+      // v0.21.1 (issue #190): switched from shell-interpolated execSync to
+      // execFileSync via safeSpawnSpecify. detectAIAgent now also enforces
+      // the [a-zA-Z0-9_-]{1,32} allowlist on values read from .specify/
+      // init-options.json — defense in depth.
       const detectedAgent = detectAIAgent(projectDir);
-      const aiFlag = detectedAgent
-        ? `--ai ${detectedAgent}`
-        : '--ai generic --ai-commands-dir .agent/commands/';
-      const scriptFlag = process.platform === 'win32' ? '--script ps' : '--script sh';
-      execSync(
-        `specify init --here --force ${aiFlag} --ai-skills --ignore-agent-tools --no-git ${scriptFlag}`,
+      const aiArgs = detectedAgent
+        ? ['--ai', detectedAgent]
+        : ['--ai', 'generic', '--ai-commands-dir', '.agent/commands/'];
+      const scriptArgs = process.platform === 'win32' ? ['--script', 'ps'] : ['--script', 'sh'];
+      safeSpawnSpecify(
+        ['init', '--here', '--force', ...aiArgs, '--ai-skills', '--ignore-agent-tools', '--no-git', ...scriptArgs],
         { cwd: projectDir, encoding: 'utf-8', stdio: 'pipe', timeout: 30000 }
       );
       if (!silent) {

package/extensions/spec-kit-docguard/extension.yml

@@ -3,7 +3,7 @@ schema_version: "1.0"
 extension:
   id: "docguard"
   name: "DocGuard — CDD Enforcement"
-  version: "0.21.0"
+  version: "0.21.1"
   description: "Canonical-Driven Development enforcement as a true spec-kit extension. LLM-first design with 19 automated validators, 4 AI behavior skills, spec-kit skill chaining, and workflow hooks. Zero NPM runtime dependencies."
   author: "Ricardo Accioly"
   repository: "https://github.com/raccioly/docguard"

package/extensions/spec-kit-docguard/skills/docguard-fix/SKILL.md

@@ -6,10 +6,10 @@ description: AI-driven documentation repair with structured research workflow, t
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.21.0
+  version: 0.21.1
   source: extensions/spec-kit-docguard/skills/docguard-fix
 ---
-<!-- docguard:version: 0.21.0 -->
+<!-- docguard:version: 0.21.1 -->
 
 # DocGuard Fix Skill
 

package/extensions/spec-kit-docguard/skills/docguard-guard/SKILL.md

@@ -7,10 +7,10 @@ description: Run DocGuard guard validation against Canonical-Driven Development
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.21.0
+  version: 0.21.1
   source: extensions/spec-kit-docguard/skills/docguard-guard
 ---
-<!-- docguard:version: 0.21.0 -->
+<!-- docguard:version: 0.21.1 -->
 
 # DocGuard Guard Skill
 

package/extensions/spec-kit-docguard/skills/docguard-review/SKILL.md

@@ -6,10 +6,10 @@ description: Cross-document consistency analysis and quality assessment. Perform
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.21.0
+  version: 0.21.1
   source: extensions/spec-kit-docguard/skills/docguard-review
 ---
-<!-- docguard:version: 0.21.0 -->
+<!-- docguard:version: 0.21.1 -->
 
 # DocGuard Review Skill
 

package/extensions/spec-kit-docguard/skills/docguard-score/SKILL.md

@@ -6,10 +6,10 @@ description: CDD maturity assessment with category-aware improvement roadmap. Ru
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.21.0
+  version: 0.21.1
   source: extensions/spec-kit-docguard/skills/docguard-score
 ---
-<!-- docguard:version: 0.21.0 -->
+<!-- docguard:version: 0.21.1 -->
 
 # DocGuard Score Skill
 

package/extensions/spec-kit-docguard/skills/docguard-sync/SKILL.md

@@ -4,7 +4,7 @@ description: Keep canonical documentation ALWAYS UP TO DATE. Refreshes code-trut
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.21.0
+  version: 0.21.1
   source: extensions/spec-kit-docguard/skills/docguard-sync
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "docguard-cli",
-  "version": "0.21.0",
+  "version": "0.21.1",
   "description": "The enforcement tool for Canonical-Driven Development (CDD). Audit, generate, and guard your project documentation.",
   "type": "module",
   "bin": {