moflo 4.8.16 → 4.8.19

package/src/@claude-flow/guidance/dist/gates.js

@@ -0,0 +1,302 @@
+/**
+ * Hook-based Enforcement Gates
+ *
+ * Uses Claude Flow hooks to enforce non-negotiable rules.
+ * The model can forget. The hook does not.
+ *
+ * Gates:
+ * 1. Destructive ops gate - requires confirmation + rollback plan
+ * 2. Tool allowlist gate - blocks non-allowlisted tools
+ * 3. Diff size gate - requires plan + staged commits for large diffs
+ * 4. Secrets gate - redacts and warns on secret patterns
+ *
+ * @module @claude-flow/guidance/gates
+ */
+// ============================================================================
+// Default Configuration
+// ============================================================================
+const DEFAULT_GATE_CONFIG = {
+    destructiveOps: true,
+    toolAllowlist: false,
+    diffSize: true,
+    secrets: true,
+    diffSizeThreshold: 300,
+    allowedTools: [],
+    secretPatterns: [
+        /(?:api[_-]?key|apikey)\s*[:=]\s*['"][^'"]{8,}['"]/gi,
+        /(?:secret|password|passwd|pwd)\s*[:=]\s*['"][^'"]{4,}['"]/gi,
+        /(?:token|bearer)\s*[:=]\s*['"][^'"]{10,}['"]/gi,
+        /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/g,
+        /sk-[a-zA-Z0-9]{20,}/g,
+        /ghp_[a-zA-Z0-9]{36}/g,
+        /npm_[a-zA-Z0-9]{36}/g,
+        /AKIA[0-9A-Z]{16}/g,
+    ],
+    destructivePatterns: [
+        /\brm\s+-rf?\b/i,
+        /\bdrop\s+(database|table|schema|index)\b/i,
+        /\btruncate\s+table\b/i,
+        /\bgit\s+push\s+.*--force\b/i,
+        /\bgit\s+reset\s+--hard\b/i,
+        /\bgit\s+clean\s+-fd?\b/i,
+        /\bformat\s+[a-z]:/i,
+        /\bdel\s+\/[sf]\b/i,
+        /\b(?:kubectl|helm)\s+delete\s+(?:--all|namespace)\b/i,
+        /\bDROP\s+(?:DATABASE|TABLE|SCHEMA)\b/i,
+        /\bDELETE\s+FROM\s+\w+\s*$/i,
+        /\bALTER\s+TABLE\s+\w+\s+DROP\b/i,
+    ],
+};
+/** Severity ranking for gate decisions (module-level constant to avoid per-call allocation). */
+const GATE_DECISION_SEVERITY = {
+    'block': 3,
+    'require-confirmation': 2,
+    'warn': 1,
+    'allow': 0,
+};
+// ============================================================================
+// Enforcement Gates
+// ============================================================================
+export class EnforcementGates {
+    config;
+    activeRules = [];
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_GATE_CONFIG, ...config };
+    }
+    /**
+     * Update active rules from retrieval
+     */
+    setActiveRules(rules) {
+        this.activeRules = rules;
+    }
+    /**
+     * Update configuration
+     */
+    updateConfig(config) {
+        this.config = { ...this.config, ...config };
+    }
+    /**
+     * Evaluate all gates for a command
+     */
+    evaluateCommand(command) {
+        const results = [];
+        if (this.config.destructiveOps) {
+            const result = this.evaluateDestructiveOps(command);
+            if (result)
+                results.push(result);
+        }
+        if (this.config.secrets) {
+            const result = this.evaluateSecrets(command);
+            if (result)
+                results.push(result);
+        }
+        return results;
+    }
+    /**
+     * Evaluate all gates for a tool use
+     */
+    evaluateToolUse(toolName, params) {
+        const results = [];
+        if (this.config.toolAllowlist && this.config.allowedTools.length > 0) {
+            const result = this.evaluateToolAllowlist(toolName);
+            if (result)
+                results.push(result);
+        }
+        // Check tool params for secrets
+        if (this.config.secrets) {
+            const serialized = JSON.stringify(params);
+            const result = this.evaluateSecrets(serialized);
+            if (result)
+                results.push(result);
+        }
+        return results;
+    }
+    /**
+     * Evaluate all gates for a file edit
+     */
+    evaluateEdit(filePath, content, diffLines) {
+        const results = [];
+        if (this.config.diffSize) {
+            const result = this.evaluateDiffSize(filePath, diffLines);
+            if (result)
+                results.push(result);
+        }
+        if (this.config.secrets) {
+            const result = this.evaluateSecrets(content);
+            if (result)
+                results.push(result);
+        }
+        return results;
+    }
+    // ===== Individual Gate Implementations =====
+    /**
+     * Gate 1: Destructive Operations
+     *
+     * If command includes delete, drop, rm, force, migration,
+     * require explicit confirmation and a rollback plan.
+     */
+    evaluateDestructiveOps(command) {
+        for (const pattern of this.config.destructivePatterns) {
+            // Reset lastIndex for global regex
+            pattern.lastIndex = 0;
+            const match = pattern.exec(command);
+            if (match) {
+                const triggeredRules = this.findTriggeredRules('security', 'critical');
+                return {
+                    decision: 'require-confirmation',
+                    gateName: 'destructive-ops',
+                    reason: `Destructive operation detected: "${match[0]}". Requires explicit confirmation and a rollback plan before proceeding.`,
+                    triggeredRules: triggeredRules.map(r => r.id),
+                    remediation: [
+                        '1. Confirm this operation is intentional',
+                        '2. Document the rollback plan (e.g., git ref, backup, undo command)',
+                        '3. If this is a migration, ensure it has a down/rollback step',
+                    ].join('\n'),
+                    metadata: {
+                        matchedPattern: match[0],
+                        fullCommand: command,
+                    },
+                };
+            }
+        }
+        return null;
+    }
+    /**
+     * Gate 2: Tool Allowlist
+     *
+     * If tool not in allowlist, block and ask for permission.
+     */
+    evaluateToolAllowlist(toolName) {
+        if (this.config.allowedTools.length === 0)
+            return null;
+        const allowed = this.config.allowedTools.some(t => t === toolName || t === '*' || (t.endsWith('*') && toolName.startsWith(t.slice(0, -1))));
+        if (!allowed) {
+            return {
+                decision: 'block',
+                gateName: 'tool-allowlist',
+                reason: `Tool "${toolName}" is not in the allowlist. Request permission before using this tool.`,
+                triggeredRules: this.findTriggeredRules('security').map(r => r.id),
+                remediation: `Add "${toolName}" to the tool allowlist in gate configuration, or get explicit user approval.`,
+                metadata: {
+                    blockedTool: toolName,
+                    allowedTools: this.config.allowedTools,
+                },
+            };
+        }
+        return null;
+    }
+    /**
+     * Gate 3: Diff Size
+     *
+     * If patch exceeds threshold, require a plan and staged commits.
+     */
+    evaluateDiffSize(filePath, diffLines) {
+        if (diffLines <= this.config.diffSizeThreshold)
+            return null;
+        return {
+            decision: 'warn',
+            gateName: 'diff-size',
+            reason: `Diff for "${filePath}" is ${diffLines} lines (threshold: ${this.config.diffSizeThreshold}). Large changes should be planned and staged.`,
+            triggeredRules: this.findTriggeredRules('architecture').map(r => r.id),
+            remediation: [
+                '1. Create a plan breaking this change into logical commits',
+                '2. Stage changes incrementally (one concern per commit)',
+                '3. Run tests after each staged commit',
+                '4. Consider if this change should be split into multiple PRs',
+            ].join('\n'),
+            metadata: {
+                filePath,
+                diffLines,
+                threshold: this.config.diffSizeThreshold,
+            },
+        };
+    }
+    /**
+     * Gate 4: Secrets Detection
+     *
+     * If output matches secret patterns, redact and warn.
+     */
+    evaluateSecrets(content) {
+        const detectedSecrets = [];
+        for (const pattern of this.config.secretPatterns) {
+            // Reset lastIndex for global regex
+            pattern.lastIndex = 0;
+            const matches = content.match(pattern);
+            if (matches) {
+                for (const match of matches) {
+                    // Redact the secret (show first 4 and last 4 chars)
+                    const redacted = match.length > 12
+                        ? `${match.slice(0, 4)}${'*'.repeat(match.length - 8)}${match.slice(-4)}`
+                        : '*'.repeat(match.length);
+                    detectedSecrets.push(redacted);
+                }
+            }
+        }
+        if (detectedSecrets.length === 0)
+            return null;
+        return {
+            decision: 'block',
+            gateName: 'secrets',
+            reason: `Detected ${detectedSecrets.length} potential secret(s) in content. Secrets must not be committed or exposed.`,
+            triggeredRules: this.findTriggeredRules('security', 'critical').map(r => r.id),
+            remediation: [
+                '1. Move secrets to environment variables',
+                '2. Use .env files (ensure they are in .gitignore)',
+                '3. Use a secret management service for production',
+                `Detected patterns: ${detectedSecrets.join(', ')}`,
+            ].join('\n'),
+            metadata: {
+                secretCount: detectedSecrets.length,
+                redactedSecrets: detectedSecrets,
+            },
+        };
+    }
+    // ===== Aggregate Evaluation =====
+    /**
+     * Get the most restrictive decision from multiple gate results
+     */
+    aggregateDecision(results) {
+        if (results.length === 0)
+            return 'allow';
+        let maxSeverity = 0;
+        let worstDecision = 'allow';
+        for (const result of results) {
+            const s = GATE_DECISION_SEVERITY[result.decision];
+            if (s > maxSeverity) {
+                maxSeverity = s;
+                worstDecision = result.decision;
+            }
+        }
+        return worstDecision;
+    }
+    /**
+     * Get gate statistics
+     */
+    getActiveGateCount() {
+        let count = 0;
+        if (this.config.destructiveOps)
+            count++;
+        if (this.config.toolAllowlist && this.config.allowedTools.length > 0)
+            count++;
+        if (this.config.diffSize)
+            count++;
+        if (this.config.secrets)
+            count++;
+        return count;
+    }
+    // ===== Helpers =====
+    findTriggeredRules(domain, riskClass) {
+        return this.activeRules.filter(r => {
+            const domainMatch = r.domains.includes(domain);
+            const riskMatch = !riskClass || r.riskClass === riskClass;
+            return domainMatch && riskMatch;
+        });
+    }
+}
+/**
+ * Create enforcement gates
+ */
+export function createGates(config) {
+    return new EnforcementGates(config);
+}
+//# sourceMappingURL=gates.js.map

package/src/@claude-flow/guidance/dist/gateway.d.ts

@@ -0,0 +1,206 @@
+/**
+ * Deterministic Tool Gateway
+ *
+ * Extends EnforcementGates with idempotency, schema validation,
+ * and budget metering. Every tool call passes through a deterministic
+ * pipeline: idempotency check -> schema validation -> budget check ->
+ * enforcement gates -> allow/deny.
+ *
+ * @module @claude-flow/guidance/gateway
+ */
+import { EnforcementGates } from './gates.js';
+import type { GateConfig } from './types.js';
+/**
+ * Schema definition for a tool's parameters
+ */
+export interface ToolSchema {
+    /** Tool name this schema applies to */
+    toolName: string;
+    /** Parameters that must be present */
+    requiredParams: string[];
+    /** Parameters that may be present */
+    optionalParams: string[];
+    /** Expected type for each parameter */
+    paramTypes: Record<string, 'string' | 'number' | 'boolean' | 'object' | 'array'>;
+    /** Maximum total serialized size of all parameters in bytes */
+    maxParamSize: number;
+    /** Optional whitelist of allowed values per parameter */
+    allowedValues?: Record<string, unknown[]>;
+}
+/**
+ * Multi-dimensional budget tracking
+ */
+export interface Budget {
+    tokenBudget: {
+        used: number;
+        limit: number;
+    };
+    toolCallBudget: {
+        used: number;
+        limit: number;
+    };
+    storageBudget: {
+        usedBytes: number;
+        limitBytes: number;
+    };
+    timeBudget: {
+        usedMs: number;
+        limitMs: number;
+    };
+    costBudget: {
+        usedUsd: number;
+        limitUsd: number;
+    };
+}
+/**
+ * Record of a previous tool call for idempotency
+ */
+export interface IdempotencyRecord {
+    /** SHA-256 of tool name + sorted params */
+    key: string;
+    /** Tool that was called */
+    toolName: string;
+    /** Hash of the parameters */
+    paramsHash: string;
+    /** Cached result from the call */
+    result: unknown;
+    /** When the call was recorded */
+    timestamp: number;
+    /** Time-to-live in milliseconds */
+    ttlMs: number;
+}
+/**
+ * Decision returned by the gateway for each tool call evaluation
+ */
+export interface GatewayDecision {
+    /** Whether the call is allowed */
+    allowed: boolean;
+    /** Human-readable reason for the decision */
+    reason: string;
+    /** Which gate produced the decision (or 'none' if allowed) */
+    gate: string;
+    /** Evidence of what was checked */
+    evidence: Record<string, unknown>;
+    /** Whether an idempotency cache hit occurred */
+    idempotencyHit: boolean;
+    /** Cached result if idempotency hit */
+    cachedResult?: unknown;
+    /** Remaining budget after this decision */
+    budgetRemaining?: Budget;
+}
+export interface ToolGatewayConfig {
+    /** Tool schemas for validation */
+    schemas?: ToolSchema[];
+    /** Budget limits (partial; defaults to Infinity for unset dimensions) */
+    budget?: Partial<Budget>;
+    /** Default TTL for idempotency records in milliseconds */
+    idempotencyTtlMs?: number;
+    /** Maximum idempotency cache entries (default 10000) */
+    maxCacheSize?: number;
+    /** If true, evidence must be non-empty for allow decisions */
+    requireEvidence?: boolean;
+    /** Gate configuration passed through to EnforcementGates */
+    gateConfig?: Partial<GateConfig>;
+}
+export declare class DeterministicToolGateway {
+    private readonly gates;
+    private readonly schemas;
+    private budget;
+    private readonly idempotencyTtlMs;
+    private readonly maxCacheSize;
+    private readonly requireEvidence;
+    private readonly idempotencyCache;
+    private lastCleanupTime;
+    private static readonly CLEANUP_INTERVAL_MS;
+    constructor(config?: ToolGatewayConfig);
+    /**
+     * Evaluate whether a tool call should be allowed.
+     *
+     * Pipeline:
+     * 1. Check idempotency cache
+     * 2. Validate params against schema
+     * 3. Check budget
+     * 4. Run EnforcementGates checks
+     * 5. Return decision with remaining budget
+     */
+    evaluate(toolName: string, params: Record<string, unknown>, context?: Record<string, unknown>): GatewayDecision;
+    /**
+     * Record a completed tool call.
+     * Updates budgets and stores the result in the idempotency cache.
+     */
+    recordCall(toolName: string, params: Record<string, unknown>, result: unknown, durationMs: number, tokenCount?: number): void;
+    /**
+     * Validate tool parameters against the registered schema.
+     * Returns valid:true if no schema is registered for the tool.
+     */
+    validateSchema(toolName: string, params: Record<string, unknown>): {
+        valid: boolean;
+        errors: string[];
+    };
+    /**
+     * Check whether all budget dimensions are within limits.
+     */
+    checkBudget(): {
+        withinBudget: boolean;
+        budgetStatus: Budget;
+    };
+    /**
+     * Compute a deterministic idempotency key from tool name and params.
+     * Uses SHA-256 of `toolName:sortedParamsJSON`.
+     */
+    getIdempotencyKey(toolName: string, params: Record<string, unknown>): string;
+    /**
+     * Reset all budget counters to zero.
+     */
+    resetBudget(): void;
+    /**
+     * Get a snapshot of the current budget.
+     */
+    getBudget(): Budget;
+    /**
+     * Get all idempotency records (including expired ones not yet cleaned).
+     */
+    getCallHistory(): IdempotencyRecord[];
+    /**
+     * Access the underlying EnforcementGates instance.
+     */
+    getGates(): EnforcementGates;
+    /**
+     * Remove expired idempotency records (batched on interval to avoid per-call overhead).
+     */
+    private maybeCleanExpiredIdempotency;
+    /**
+     * Compute a deterministic SHA-256 key from tool name and sorted params.
+     */
+    private computeIdempotencyKey;
+    /**
+     * Compute a SHA-256 hash of params only (for the IdempotencyRecord).
+     */
+    private computeParamsHash;
+    /**
+     * Recursively sort object keys for deterministic serialization.
+     */
+    private sortObject;
+    /**
+     * Determine the type string for a parameter value.
+     */
+    private getParamType;
+    /**
+     * Create a deep clone of the current budget.
+     */
+    private cloneBudget;
+    /**
+     * Merge a partial budget config with defaults.
+     */
+    private mergeBudget;
+    private cloneDefaultBudget;
+    /**
+     * Find which budget dimensions have been exceeded.
+     */
+    private findExceededBudgets;
+}
+/**
+ * Create a DeterministicToolGateway instance
+ */
+export declare function createToolGateway(config?: ToolGatewayConfig): DeterministicToolGateway;
+//# sourceMappingURL=gateway.d.ts.map