keystone-cli 0.4.3 → 0.5.0

package/src/utils/redactor.ts

@@ -6,40 +6,81 @@
  */
 
 export class Redactor {
-  private secrets: string[];
+  private patterns: RegExp[] = [];
 
   constructor(secrets: Record<string, string>) {
-    // Extract all secret values (not keys) and sort by length descending
-    // to ensure longer secrets are matched first.
-    // Filter out very short secrets (length < 3) to avoid redacting common words/numbers.
-    this.secrets = Object.values(secrets)
-      .filter((value) => value && value.length >= 3)
-      .sort((a, b) => b.length - a.length);
+    // Keys that indicate high sensitivity - always redact their values regardless of length
+    const sensitiveKeys = new Set([
+      'api_key',
+      'apikey',
+      'token',
+      'secret',
+      'password',
+      'pswd',
+      'passwd',
+      'pwd',
+      'auth',
+      'credential',
+      'access_key',
+      'private_key',
+    ]);
+
+    // Extract all secret values
+    // We filter based on:
+    // 1. Value must be a string and not empty
+    // 2. Either the key indicates high sensitivity OR length >= 3
+    const secretsToRedact = new Set<string>();
+
+    for (const [key, value] of Object.entries(secrets)) {
+      if (!value) continue;
+
+      const lowerKey = key.toLowerCase();
+      // Check if key contains any sensitive term
+      const isSensitiveKey = Array.from(sensitiveKeys).some((k) => lowerKey.includes(k));
+
+      if (isSensitiveKey || value.length >= 3) {
+        secretsToRedact.add(value);
+      }
+    }
+
+    const uniqueSecrets = Array.from(secretsToRedact).sort((a, b) => b.length - a.length);
+
+    for (const secret of uniqueSecrets) {
+      // Escape special regex characters in the secret
+      const escaped = secret.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+
+      // Use word boundaries if the secret starts/ends with an alphanumeric character
+      // to avoid partial matches (e.g. redacting 'mark' in 'marketplace')
+      // BUT only if length is small (< 5), otherwise matching inside strings is desirable
+      let pattern: RegExp;
+      if (secret.length < 5) {
+        const startBoundary = /^\w/.test(secret) ? '\\b' : '';
+        const endBoundary = /\w$/.test(secret) ? '\\b' : '';
+        pattern = new RegExp(`${startBoundary}${escaped}${endBoundary}`, 'g');
+      } else {
+        pattern = new RegExp(escaped, 'g');
+      }
+
+      this.patterns.push(pattern);
+    }
+
+    // Capture the maximum length for buffering purposes
+    this.maxSecretLength = uniqueSecrets.reduce((max, s) => Math.max(max, s.length), 0);
   }
 
+  public readonly maxSecretLength: number;
+
   /**
    * Redact all secrets from a string
    */
   redact(text: string): string {
-    if (!text || typeof text !== 'string') {
+    if (!text || typeof text !== 'string' || text.length < 3) {
       return text;
     }
 
     let redacted = text;
-    for (const secret of this.secrets) {
-      // Use a global replace to handle multiple occurrences
-      // Escape special regex characters in the secret
-      const escaped = secret.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-
-      // Use word boundaries if the secret starts/ends with an alphanumeric character
-      // to avoid partial matches (e.g. redacting 'mark' in 'marketplace')
-      const startBoundary = /^\w/.test(secret) ? '\\b' : '';
-      const endBoundary = /\w$/.test(secret) ? '\\b' : '';
-
-      redacted = redacted.replace(
-        new RegExp(`${startBoundary}${escaped}${endBoundary}`, 'g'),
-        '***REDACTED***'
-      );
+    for (const pattern of this.patterns) {
+      redacted = redacted.replace(pattern, '***REDACTED***');
     }
     return redacted;
   }
@@ -67,3 +108,55 @@ export class Redactor {
     return value;
   }
 }
+
+/**
+ * Buffer for streaming redaction
+ * Ensures secrets split across chunks are properly masked
+ */
+export class RedactionBuffer {
+  private buffer = '';
+  private redactor: Redactor;
+
+  constructor(redactor: Redactor) {
+    this.redactor = redactor;
+  }
+
+  /**
+   * Process a chunk of text and return the safe-to-print portion
+   */
+  process(chunk: string): string {
+    // Append new chunk to buffer
+    this.buffer += chunk;
+
+    // Redact the entire buffer
+    // This allows us to catch secrets that were completed by the new chunk
+    const redactedBuffer = this.redactor.redact(this.buffer);
+
+    // If buffer is smaller than max secret length, we can't be sure it's safe to output yet
+    // (it might be the start of a secret)
+    if (redactedBuffer.length < this.redactor.maxSecretLength) {
+      this.buffer = redactedBuffer;
+      return '';
+    }
+
+    // Keep the tail of the buffer (max secret length) to handle potential split secrets
+    // Output everything before the tail
+    const safeLength = redactedBuffer.length - this.redactor.maxSecretLength;
+    const output = redactedBuffer.substring(0, safeLength);
+
+    // Update buffer to just the tail
+    this.buffer = redactedBuffer.substring(safeLength);
+
+    return output;
+  }
+
+  /**
+   * Flush any remaining content in the buffer
+   * Call this when the stream ends
+   */
+  flush(): string {
+    const final = this.redactor.redact(this.buffer);
+    this.buffer = '';
+    return final;
+  }
+}

package/src/utils/sandbox.test.ts

@@ -1,32 +1,28 @@
-import { describe, expect, it } from 'bun:test';
+import { afterEach, describe, expect, it } from 'bun:test';
 import { SafeSandbox } from './sandbox';
 
 describe('SafeSandbox', () => {
+  afterEach(() => {
+    SafeSandbox.resetWarning();
+  });
+
   it('should execute basic arithmetic', async () => {
-    const result = await SafeSandbox.execute('1 + 2', {}, { allowInsecureFallback: true });
+    const result = await SafeSandbox.execute('1 + 2', {});
     expect(result).toBe(3);
   });
 
   it('should have access to context variables', async () => {
-    const result = await SafeSandbox.execute(
-      'a + b',
-      { a: 10, b: 20 },
-      { allowInsecureFallback: true }
-    );
+    const result = await SafeSandbox.execute('a + b', { a: 10, b: 20 });
     expect(result).toBe(30);
   });
 
   it('should not have access to Node.js globals', async () => {
-    const result = await SafeSandbox.execute('typeof process', {}, { allowInsecureFallback: true });
+    const result = await SafeSandbox.execute('typeof process', {});
     expect(result).toBe('undefined');
   });
 
   it('should handle object results', async () => {
-    const result = await SafeSandbox.execute(
-      '({ x: 1, y: 2 })',
-      {},
-      { allowInsecureFallback: true }
-    );
+    const result = await SafeSandbox.execute('({ x: 1, y: 2 })', {});
     expect(result).toEqual({ x: 1, y: 2 });
   });
 

package/src/utils/sandbox.ts

@@ -1,71 +1,53 @@
+/**
+ * Sandbox for executing untrusted script code.
+ *
+ * ⚠️ IMPORTANT: Bun Runtime Compatibility
+ *
+ * This project runs on Bun, which uses JavaScriptCore (JSC), NOT V8.
+ * The `isolated-vm` package binds to V8's C++ API and CANNOT work with Bun.
+ *
+ * As a result, we use Node.js's built-in `vm` module (which Bun implements
+ * via a compatibility layer). This provides basic sandboxing but is NOT
+ * secure against determined attackers.
+ *
+ * SECURITY IMPLICATIONS:
+ * - The `vm` module does NOT provide true isolation
+ * - Malicious code could potentially escape the sandbox
+ * - Only run workflows/scripts from TRUSTED sources
+ *
+ * For production use with untrusted code, consider:
+ * 1. Running in a separate subprocess with OS-level isolation
+ * 2. Using containers or VMs for full isolation
+ * 3. Running on Node.js with isolated-vm instead of Bun
+ */
+
 import * as vm from 'node:vm';
 
 export interface SandboxOptions {
   timeout?: number;
-  memoryLimit?: number;
-  allowInsecureFallback?: boolean;
+  memoryLimit?: number; // Note: memoryLimit is not enforced by node:vm
 }
 
 export class SafeSandbox {
+  private static warned = false;
+
   /**
-   * Execute a script in a secure sandbox
+   * Execute a script in a sandbox.
+   *
+   * Note: On Bun, this uses node:vm which provides basic isolation but
+   * is not secure against malicious code. Only run trusted scripts.
    */
   static async execute(
     code: string,
     context: Record<string, unknown> = {},
     options: SandboxOptions = {}
   ): Promise<unknown> {
-    try {
-      // Try to use isolated-vm if available (dynamic import)
-      // Note: This will likely fail on Bun as it expects V8 host symbols
-      const ivm = await import('isolated-vm').then((m) => m.default || m).catch(() => null);
-
-      if (ivm && typeof ivm.Isolate === 'function') {
-        const isolate = new ivm.Isolate({ memoryLimit: options.memoryLimit || 128 });
-        try {
-          const contextInstance = await isolate.createContext();
-          const jail = contextInstance.global;
-
-          // Set up global context
-          await jail.set('global', jail.derefInto());
-
-          // Inject context variables
-          for (const [key, value] of Object.entries(context)) {
-            // Only copy non-undefined values
-            if (value !== undefined) {
-              await jail.set(key, new ivm.ExternalCopy(value).copyInto());
-            }
-          }
-
-          const script = await isolate.compileScript(code);
-          const result = await script.run(contextInstance, { timeout: options.timeout || 5000 });
-
-          if (result && typeof result === 'object' && result instanceof ivm.Reference) {
-            return await result.copy();
-          }
-          return result;
-        } finally {
-          isolate.dispose();
-        }
-      }
-    } catch (e) {
-      // If isolated-vm failed during execution (not just loading), log it if we're debugging
-    }
-
-    // Fallback implementation using node:vm (built-in)
-    // ONLY allowed if explicitly opted in via options
-    if (!options.allowInsecureFallback) {
-      throw new Error(
-        'Execution in secure sandbox failed (isolated-vm not available) and insecure fallback is disabled.\n' +
-          'To allow insecure execution, set allowInsecureFallback: true in sandbox options.\n' +
-          'Note: Insecure execution is NOT recommended for untrusted code.'
-      );
-    }
-
+    // Show warning once per process
     if (!SafeSandbox.warned) {
-      const isBun = typeof Bun !== 'undefined';
       console.warn(
-        `\n⚠️  SECURITY WARNING: Using ${isBun ? 'Bun' : 'Node.js'} built-in VM for script execution.\n   This sandbox is NOT secure against malicious code.\n   Only run workflows from trusted sources.\n`
+        '\n⚠️  SECURITY WARNING: Using Bun/Node.js built-in VM for script execution.\n' +
+          '   This sandbox is NOT secure against malicious code.\n' +
+          '   Only run workflows from trusted sources.\n'
       );
       SafeSandbox.warned = true;
     }
@@ -77,5 +59,10 @@ export class SafeSandbox {
     });
   }
 
-  private static warned = false;
+  /**
+   * Reset the warning state (useful for testing)
+   */
+  static resetWarning(): void {
+    SafeSandbox.warned = false;
+  }
 }

package/src/utils/workflow-registry.test.ts

@@ -15,13 +15,17 @@ describe('WorkflowRegistry', () => {
   beforeAll(() => {
     try {
       mkdirSync(tempWorkflowsDir, { recursive: true });
-    } catch (e) {}
+    } catch (e) {
+      // Ignore cleanup error
+    }
   });
 
   afterAll(() => {
     try {
       rmSync(tempWorkflowsDir, { recursive: true, force: true });
-    } catch (e) {}
+    } catch (e) {
+      // Ignore cleanup error
+    }
   });
 
   it('should list workflows in the workflows directory', () => {