hackmyagent 0.9.6 → 0.9.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/cli.js +25 -8
  2. package/dist/cli.js.map +1 -1
  3. package/dist/hardening/scanner.d.ts +3 -0
  4. package/dist/hardening/scanner.d.ts.map +1 -1
  5. package/dist/hardening/scanner.js +16 -12
  6. package/dist/hardening/scanner.js.map +1 -1
  7. package/dist/index.d.ts +1 -1
  8. package/dist/index.js +1 -1
  9. package/dist/registry/client.d.ts.map +1 -1
  10. package/dist/registry/client.js +25 -2
  11. package/dist/registry/client.js.map +1 -1
  12. package/package.json +1 -1
package/dist/hardening/scanner.js CHANGED
@@ -203,6 +203,9 @@ const SEVERITY_WEIGHTS = {
203
203
  const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10MB max file size to prevent memory exhaustion
204
204
  const MAX_LINE_LENGTH = 10000; // 10KB max line length for regex safety
205
205
  class HardeningScanner {
206
+ constructor() {
207
+ this.cliName = 'hackmyagent';
208
+ }
206
209
  /**
207
210
  * Validate that a file path is within the target directory (no path traversal)
208
211
  */
@@ -212,7 +215,8 @@ class HardeningScanner {
212
215
  return normalizedFile.startsWith(normalizedDir + path.sep) || normalizedFile === normalizedDir;
213
216
  }
214
217
  async scan(options) {
215
- const { targetDir, autoFix = false, dryRun = false, ignore = [] } = options;
218
+ const { targetDir, autoFix = false, dryRun = false, ignore = [], cliName = 'hackmyagent' } = options;
219
+ this.cliName = cliName;
216
220
  // Normalize ignore list to uppercase for case-insensitive matching
217
221
  const ignoredChecks = new Set(ignore.map((id) => id.toUpperCase()));
218
222
  // In dry-run mode, we detect what would be fixed but don't modify anything
@@ -663,7 +667,7 @@ class HardeningScanner {
663
667
  line: firstLine,
664
668
  fixable: true,
665
669
  fixed: fileModified,
666
- fix: `Run \`hackmyagent secure --fix\` to replace the hardcoded credential with a \${ENV_VAR} reference, then store the actual value in your .env file`,
670
+ fix: `Run \`${this.cliName} secure --fix\` to replace the hardcoded credential with a \${ENV_VAR} reference, then store the actual value in your .env file`,
667
671
  });
668
672
  }
669
673
  }
@@ -781,7 +785,7 @@ class HardeningScanner {
781
785
  file: 'mcp.json',
782
786
  fixable: true,
783
787
  fixed: mcp001Fixed,
784
- fix: 'Run `hackmyagent secure --fix` to restrict filesystem access from / or ~ to project-relative paths (./data or ./)',
788
+ fix: `Run \`${this.cliName} secure --fix\` to restrict filesystem access from / or ~ to project-relative paths (./data or ./)`,
785
789
  });
786
790
  }
787
791
  if (hasUnrestrictedShell) {
@@ -900,7 +904,7 @@ dist/
900
904
  file: '.gitignore',
901
905
  fixable: true,
902
906
  fixed: git001Fixed,
903
- fix: 'Run `hackmyagent secure --fix` to create a .gitignore with security patterns (.env, secrets.json, *.pem, *.key) to prevent accidental commits',
907
+ fix: `Run \`${this.cliName} secure --fix\` to create a .gitignore with security patterns (.env, secrets.json, *.pem, *.key) to prevent accidental commits`,
904
908
  });
905
909
  }
906
910
  // GIT-002: Check for missing sensitive patterns in .gitignore
@@ -931,7 +935,7 @@ dist/
931
935
  file: '.gitignore',
932
936
  fixable: true,
933
937
  fixed: git002Fixed,
934
- fix: `Run \`hackmyagent secure --fix\` to add ${missingPatterns.join(', ')} to .gitignore so sensitive files won't be accidentally committed`,
938
+ fix: `Run \`${this.cliName} secure --fix\` to add ${missingPatterns.join(', ')} to .gitignore so sensitive files won't be accidentally committed`,
935
939
  });
936
940
  }
937
941
  // GIT-003: Check if .env exists but not in .gitignore
@@ -967,7 +971,7 @@ dist/
967
971
  file: '.env',
968
972
  fixable: true,
969
973
  fixed: git003Fixed,
970
- fix: 'Run `hackmyagent secure --fix` to add .env to .gitignore so your environment variables won\'t be accidentally committed',
974
+ fix: `Run \`${this.cliName} secure --fix\` to add .env to .gitignore so your environment variables won't be accidentally committed`,
971
975
  });
972
976
  }
973
977
  return findings;
@@ -1012,7 +1016,7 @@ dist/
1012
1016
  file: 'mcp.json',
1013
1017
  fixable: true,
1014
1018
  fixed: net001Fixed,
1015
- fix: 'Run `hackmyagent secure --fix` to change 0.0.0.0 to 127.0.0.1 so the server only accepts local connections instead of being exposed to the network',
1019
+ fix: `Run \`${this.cliName} secure --fix\` to change 0.0.0.0 to 127.0.0.1 so the server only accepts local connections instead of being exposed to the network`,
1016
1020
  });
1017
1021
  }
1018
1022
  // NET-002: Check for remote MCP servers without TLS
@@ -1105,7 +1109,7 @@ dist/
1105
1109
  file: 'mcp.json',
1106
1110
  fixable: true,
1107
1111
  fixed: mcp003Fixed,
1108
- fix: 'Run `hackmyagent secure --fix` to replace hardcoded API keys with ${ENV_VAR} references, then store actual values in .env file',
1112
+ fix: `Run \`${this.cliName} secure --fix\` to replace hardcoded API keys with \${ENV_VAR} references, then store actual values in .env file`,
1109
1113
  });
1110
1114
  }
1111
1115
  // MCP-004: Check for default credentials
@@ -4420,7 +4424,7 @@ dist/
4420
4424
  fixable: true,
4421
4425
  fixed: gateway001Fixed,
4422
4426
  fixMessage: gateway001Fixed ? 'Changed gateway.host from 0.0.0.0 to 127.0.0.1' : undefined,
4423
- fix: 'Run `hackmyagent secure-openclaw --fix` to bind gateway to 127.0.0.1 for local-only access',
4427
+ fix: `Run \`${this.cliName} secure-openclaw --fix\` to bind gateway to 127.0.0.1 for local-only access`,
4424
4428
  });
4425
4429
  }
4426
4430
  // GATEWAY-002: Missing WebSocket Origin Validation (not auto-fixable - requires user to specify allowed origins)
@@ -4476,7 +4480,7 @@ dist/
4476
4480
  fixable: true,
4477
4481
  fixed: gateway003Fixed,
4478
4482
  fixMessage: gateway003Fixed ? 'Replaced plaintext token with ${OPENCLAW_AUTH_TOKEN} env var reference. Set OPENCLAW_AUTH_TOKEN in your environment.' : undefined,
4479
- fix: 'Run `hackmyagent secure-openclaw --fix` to replace plaintext token with ${OPENCLAW_AUTH_TOKEN} env var reference',
4483
+ fix: `Run \`${this.cliName} secure-openclaw --fix\` to replace plaintext token with \${OPENCLAW_AUTH_TOKEN} env var reference`,
4480
4484
  });
4481
4485
  }
4482
4486
  // GATEWAY-004: Approval Confirmations Disabled
@@ -4523,7 +4527,7 @@ dist/
4523
4527
  fixable: true,
4524
4528
  fixed: gateway004Fixed,
4525
4529
  fixMessage: gateway004Fixed ? 'Enabled approval confirmations for command execution' : undefined,
4526
- fix: 'Run `hackmyagent secure-openclaw --fix` to enable approval confirmations for safer command execution',
4530
+ fix: `Run \`${this.cliName} secure-openclaw --fix\` to enable approval confirmations for safer command execution`,
4527
4531
  });
4528
4532
  }
4529
4533
  // GATEWAY-005: Sandbox Disabled
@@ -4552,7 +4556,7 @@ dist/
4552
4556
  fixable: true,
4553
4557
  fixed: gateway005Fixed,
4554
4558
  fixMessage: gateway005Fixed ? 'Enabled sandbox mode for isolated code execution' : undefined,
4555
- fix: 'Run `hackmyagent secure-openclaw --fix` to enable sandbox mode for safer code execution',
4559
+ fix: `Run \`${this.cliName} secure-openclaw --fix\` to enable sandbox mode for safer code execution`,
4556
4560
  });
4557
4561
  }
4558
4562
  // GATEWAY-006: Container Escape Risk (not auto-fixable - requires manual review of mount points)