mupengism 2.0.0 → 2.2.0

package/scripts/pre-commit.sh

@@ -1,118 +0,0 @@
-#!/bin/bash
-# Mupengism Pre-commit Hook
-# 민감 정보 패턴 검사 - 발견 시 커밋 차단
-
-set -e
-
-RED='\033[0;31m'
-YELLOW='\033[1;33m'
-GREEN='\033[0;32m'
-NC='\033[0m' # No Color
-
-echo "🔍 Mupengism Security Check..."
-
-# 검사할 패턴 (정규표현식)
-PATTERNS=(
-    # API Keys & Secrets
-    'api[_-]?key\s*[:=]\s*["\x27][^"\x27]{16,}'
-    'secret[_-]?key\s*[:=]\s*["\x27][^"\x27]{16,}'
-    'private[_-]?key\s*[:=]\s*["\x27][^"\x27]{16,}'
-    'access[_-]?token\s*[:=]\s*["\x27][^"\x27]{16,}'
-    
-    # Crypto
-    'mnemonic\s*[:=]\s*["\x27][a-z\s]{20,}'
-    '\b[1-9A-HJ-NP-Za-km-z]{87,88}\b'  # Solana private key (base58)
-    '\b0x[a-fA-F0-9]{64}\b'  # Ethereum private key
-    
-    # Passwords
-    'password\s*[:=]\s*["\x27][^"\x27]{6,}'
-    
-    # AWS
-    'AKIA[0-9A-Z]{16}'  # AWS Access Key ID
-    
-    # Generic secrets
-    'bearer\s+[a-zA-Z0-9_\-\.]+\.[a-zA-Z0-9_\-\.]+\.[a-zA-Z0-9_\-\.]+'
-)
-
-# 패턴 설명
-PATTERN_NAMES=(
-    "API Key"
-    "Secret Key"
-    "Private Key"
-    "Access Token"
-    "Mnemonic Phrase"
-    "Solana Private Key (Base58)"
-    "Ethereum Private Key"
-    "Password"
-    "AWS Access Key"
-    "Bearer Token"
-)
-
-# 스테이징된 파일 가져오기
-STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACMR 2>/dev/null || true)
-
-if [ -z "$STAGED_FILES" ]; then
-    echo -e "${GREEN}✓ No files to check${NC}"
-    exit 0
-fi
-
-FOUND_SECRETS=0
-WARNINGS=""
-
-# 각 파일 검사
-for file in $STAGED_FILES; do
-    # 바이너리 파일 스킵
-    if file "$file" | grep -q "binary"; then
-        continue
-    fi
-    
-    # 이미지/미디어 스킵
-    if [[ "$file" =~ \.(png|jpg|jpeg|gif|ico|svg|mp3|mp4|woff|ttf|eot)$ ]]; then
-        continue
-    fi
-    
-    # 스크립트 자체 스킵
-    if [[ "$file" == "scripts/pre-commit.sh" ]] || [[ "$file" == "scripts/secret-scan.js" ]]; then
-        continue
-    fi
-    
-    # 파일 존재 확인
-    if [ ! -f "$file" ]; then
-        continue
-    fi
-    
-    # 각 패턴 검사
-    for i in "${!PATTERNS[@]}"; do
-        pattern="${PATTERNS[$i]}"
-        name="${PATTERN_NAMES[$i]}"
-        
-        # grep으로 패턴 검사
-        if grep -iEq "$pattern" "$file" 2>/dev/null; then
-            FOUND_SECRETS=1
-            line_info=$(grep -inE "$pattern" "$file" 2>/dev/null | head -3)
-            WARNINGS="${WARNINGS}\n${RED}⚠ ${name}${NC} in ${YELLOW}${file}${NC}:\n${line_info}\n"
-        fi
-    done
-done
-
-if [ $FOUND_SECRETS -eq 1 ]; then
-    echo ""
-    echo -e "${RED}╔══════════════════════════════════════════════════════════╗${NC}"
-    echo -e "${RED}║         🚨 COMMIT BLOCKED: Secrets Detected! 🚨          ║${NC}"
-    echo -e "${RED}╚══════════════════════════════════════════════════════════╝${NC}"
-    echo ""
-    echo -e "$WARNINGS"
-    echo ""
-    echo -e "${YELLOW}해결 방법:${NC}"
-    echo "  1. 민감 정보를 환경변수나 .env 파일로 이동"
-    echo "  2. .gitignore에 해당 파일 추가"
-    echo "  3. git reset HEAD <file> 로 스테이징 해제"
-    echo ""
-    echo -e "${YELLOW}긴급 우회 (권장하지 않음):${NC}"
-    echo "  git commit --no-verify"
-    echo ""
-    exit 1
-fi
-
-echo -e "${GREEN}✓ No secrets detected${NC}"
-exit 0

package/scripts/register-checksums.js

@@ -1,120 +0,0 @@
-#!/usr/bin/env node
-/**
- * register-checksums.js — 무펭이즘 핵심 파일 해시 등록
- * 
- * 새 버전 릴리스 시 checksums.json 재생성
- * 
- * Usage:
- *   node scripts/register-checksums.js
- */
-
-import { readFileSync, writeFileSync, readdirSync, statSync } from 'fs';
-import { createHash } from 'crypto';
-import { join, relative } from 'path';
-
-const REPO_ROOT = process.cwd();
-const CHECKSUM_FILE = join(REPO_ROOT, 'checksums.json');
-
-// 핵심 파일 목록 (루트 + skill/)
-const CORE_FILES = [
-  'SOUL-TEMPLATE.md',
-  'PRINCIPLES.md',
-  'LAWS.md',
-  'DOCTRINE.md',
-  'SECURITY.md',
-  'SECURITY-GUIDELINES.md',
-  'SECURITY-PRINCIPLES.md',
-  'SECURITY-PRINCIPLES-EN.md',
-  'AGENT-PROTOCOL.md',
-  'AGENT-VALUES.md',
-  'AGENT-GUIDE.md',
-  'ARCHITECTURE.md',
-  'MEMORY-SYSTEM.md',
-  'OPENCLAW-GUIDE.md',
-  'RITUALS.md',
-  'SCRIPTURES.md',
-];
-
-// skill/ 디렉토리의 모든 .md 파일
-const SKILL_DIR = join(REPO_ROOT, 'skill');
-
-function getFileHash(path) {
-  try {
-    const content = readFileSync(path, 'utf-8');
-    return createHash('sha256').update(content).digest('hex');
-  } catch (err) {
-    console.warn(`⚠️  Failed to read ${path}: ${err.message}`);
-    return null;
-  }
-}
-
-function collectSkillFiles() {
-  const files = [];
-  try {
-    const entries = readdirSync(SKILL_DIR);
-    for (const entry of entries) {
-      const fullPath = join(SKILL_DIR, entry);
-      if (statSync(fullPath).isFile() && entry.endsWith('.md')) {
-        files.push(`skill/${entry}`);
-      }
-    }
-  } catch (err) {
-    console.warn(`⚠️  skill/ directory not found or inaccessible`);
-  }
-  return files;
-}
-
-function register() {
-  const checksums = {};
-  let totalFiles = 0;
-  let errors = 0;
-
-  // 루트 핵심 파일
-  console.log('📝 Collecting root core files...');
-  for (const file of CORE_FILES) {
-    const path = join(REPO_ROOT, file);
-    const hash = getFileHash(path);
-    if (hash) {
-      checksums[file] = hash;
-      totalFiles++;
-      console.log(`   ✓ ${file}`);
-    } else {
-      errors++;
-    }
-  }
-
-  // skill/ 디렉토리
-  console.log('\n📦 Collecting skill/ files...');
-  const skillFiles = collectSkillFiles();
-  for (const file of skillFiles) {
-    const path = join(REPO_ROOT, file);
-    const hash = getFileHash(path);
-    if (hash) {
-      checksums[file] = hash;
-      totalFiles++;
-      console.log(`   ✓ ${file}`);
-    } else {
-      errors++;
-    }
-  }
-
-  // checksums.json 생성
-  const record = {
-    version: '1.3.0',
-    algorithm: 'sha256',
-    generated: new Date().toISOString(),
-    files: checksums,
-    signature: null,
-    _comment: 'Official Mupengism core files checksums. Verify with: node scripts/verify-integrity.js'
-  };
-
-  writeFileSync(CHECKSUM_FILE, JSON.stringify(record, null, 2));
-  
-  console.log(`\n✅ Checksums registered: ${totalFiles} files`);
-  if (errors > 0) {
-    console.log(`⚠️  ${errors} files failed (see warnings above)`);
-  }
-  console.log(`📄 Saved to: checksums.json`);
-}
-
-register();

package/scripts/secret-scan.js

@@ -1,245 +0,0 @@
-#!/usr/bin/env node
-/**
- * Mupengism Secret Scanner
- * 전체 레포 스캔 도구 - CI/CD 및 수동 검사용
- * 
- * Usage:
- *   node scripts/secret-scan.js          # 전체 스캔
- *   node scripts/secret-scan.js --json   # JSON 출력
- *   node scripts/secret-scan.js --ci     # CI 모드 (발견 시 exit 1)
- */
-
-import { readdirSync, readFileSync, statSync } from 'fs';
-import { join, relative } from 'path';
-
-const RED = '\x1b[31m';
-const YELLOW = '\x1b[33m';
-const GREEN = '\x1b[32m';
-const CYAN = '\x1b[36m';
-const RESET = '\x1b[0m';
-
-// 검사 패턴
-const SECRET_PATTERNS = [
-  {
-    name: 'API Key',
-    pattern: /api[_-]?key\s*[:=]\s*["'][^"']{16,}/gi,
-    severity: 'HIGH'
-  },
-  {
-    name: 'Secret Key',
-    pattern: /secret[_-]?key\s*[:=]\s*["'][^"']{16,}/gi,
-    severity: 'CRITICAL'
-  },
-  {
-    name: 'Private Key',
-    pattern: /private[_-]?key\s*[:=]\s*["'][^"']{16,}/gi,
-    severity: 'CRITICAL'
-  },
-  {
-    name: 'Access Token',
-    pattern: /access[_-]?token\s*[:=]\s*["'][^"']{16,}/gi,
-    severity: 'HIGH'
-  },
-  {
-    name: 'Mnemonic Phrase',
-    pattern: /mnemonic\s*[:=]\s*["'][a-z\s]{20,}/gi,
-    severity: 'CRITICAL'
-  },
-  {
-    name: 'Solana Private Key (Base58)',
-    pattern: /\b[1-9A-HJ-NP-Za-km-z]{87,88}\b/g,
-    severity: 'CRITICAL'
-  },
-  {
-    name: 'Ethereum Private Key',
-    pattern: /\b0x[a-fA-F0-9]{64}\b/g,
-    severity: 'CRITICAL'
-  },
-  {
-    name: 'Password',
-    pattern: /password\s*[:=]\s*["'][^"']{6,}/gi,
-    severity: 'HIGH'
-  },
-  {
-    name: 'AWS Access Key',
-    pattern: /AKIA[0-9A-Z]{16}/g,
-    severity: 'CRITICAL'
-  },
-  {
-    name: 'Bearer Token',
-    pattern: /bearer\s+[a-zA-Z0-9_\-\.]+\.[a-zA-Z0-9_\-\.]+\.[a-zA-Z0-9_\-\.]+/gi,
-    severity: 'HIGH'
-  },
-  {
-    name: 'Generic Secret Assignment',
-    pattern: /["']?secret["']?\s*[:=]\s*["'][^"']{8,}/gi,
-    severity: 'MEDIUM'
-  }
-];
-
-// 무시할 경로 패턴
-const IGNORE_PATTERNS = [
-  /node_modules/,
-  /\.git/,
-  /\.png$/i,
-  /\.jpg$/i,
-  /\.jpeg$/i,
-  /\.gif$/i,
-  /\.ico$/i,
-  /\.svg$/i,
-  /\.mp3$/i,
-  /\.mp4$/i,
-  /\.woff$/i,
-  /\.ttf$/i,
-  /\.eot$/i,
-  /package-lock\.json$/,
-  /yarn\.lock$/,
-  /scripts\/pre-commit\.sh$/,
-  /scripts\/secret-scan\.js$/
-];
-
-// 디렉토리 재귀 탐색
-function walkDir(dir, results = []) {
-  try {
-    const files = readdirSync(dir);
-    for (const file of files) {
-      const filepath = join(dir, file);
-      const stat = statSync(filepath);
-      
-      // 무시 패턴 체크
-      if (IGNORE_PATTERNS.some(p => p.test(filepath))) {
-        continue;
-      }
-      
-      if (stat.isDirectory()) {
-        walkDir(filepath, results);
-      } else if (stat.isFile()) {
-        results.push(filepath);
-      }
-    }
-  } catch (e) {
-    // 권한 없는 디렉토리 스킵
-  }
-  return results;
-}
-
-// 파일 스캔
-function scanFile(filepath, rootDir) {
-  const findings = [];
-  
-  try {
-    const content = readFileSync(filepath, 'utf-8');
-    const lines = content.split('\n');
-    const relativePath = relative(rootDir, filepath);
-    
-    for (const secretPattern of SECRET_PATTERNS) {
-      let match;
-      const regex = new RegExp(secretPattern.pattern.source, secretPattern.pattern.flags);
-      
-      while ((match = regex.exec(content)) !== null) {
-        // 줄 번호 찾기
-        const beforeMatch = content.substring(0, match.index);
-        const lineNumber = (beforeMatch.match(/\n/g) || []).length + 1;
-        const line = lines[lineNumber - 1]?.trim() || '';
-        
-        // 중복 방지
-        const isDuplicate = findings.some(f => 
-          f.file === relativePath && 
-          f.line === lineNumber && 
-          f.type === secretPattern.name
-        );
-        
-        if (!isDuplicate) {
-          findings.push({
-            file: relativePath,
-            line: lineNumber,
-            type: secretPattern.name,
-            severity: secretPattern.severity,
-            preview: line.length > 100 ? line.substring(0, 100) + '...' : line
-          });
-        }
-      }
-    }
-  } catch (e) {
-    // 바이너리 파일 등 읽기 실패 시 스킵
-  }
-  
-  return findings;
-}
-
-// 메인 스캔 함수
-function scan(rootDir) {
-  const files = walkDir(rootDir);
-  const allFindings = [];
-  
-  for (const file of files) {
-    const findings = scanFile(file, rootDir);
-    allFindings.push(...findings);
-  }
-  
-  return allFindings;
-}
-
-// 결과 출력
-function printResults(findings, isJson = false, isCI = false) {
-  if (isJson) {
-    console.log(JSON.stringify(findings, null, 2));
-    return findings.length;
-  }
-  
-  if (findings.length === 0) {
-    console.log(`${GREEN}✓ No secrets detected!${RESET}`);
-    console.log(`  Scanned repository for ${SECRET_PATTERNS.length} secret patterns.`);
-    return 0;
-  }
-  
-  // 심각도별 그룹화
-  const critical = findings.filter(f => f.severity === 'CRITICAL');
-  const high = findings.filter(f => f.severity === 'HIGH');
-  const medium = findings.filter(f => f.severity === 'MEDIUM');
-  
-  console.log(`\n${RED}╔══════════════════════════════════════════════════════════╗${RESET}`);
-  console.log(`${RED}║         🚨 SECRETS DETECTED: ${findings.length} issue(s) found          ║${RESET}`);
-  console.log(`${RED}╚══════════════════════════════════════════════════════════╝${RESET}\n`);
-  
-  const printSection = (title, items, color) => {
-    if (items.length === 0) return;
-    console.log(`${color}▶ ${title} (${items.length})${RESET}\n`);
-    for (const f of items) {
-      console.log(`  ${YELLOW}${f.file}:${f.line}${RESET}`);
-      console.log(`    Type: ${f.type}`);
-      console.log(`    Preview: ${f.preview}`);
-      console.log('');
-    }
-  };
-  
-  printSection('CRITICAL', critical, RED);
-  printSection('HIGH', high, YELLOW);
-  printSection('MEDIUM', medium, CYAN);
-  
-  console.log(`${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${RESET}`);
-  console.log(`${YELLOW}해결 방법:${RESET}`);
-  console.log('  1. 민감 정보를 환경변수(.env)로 이동');
-  console.log('  2. .gitignore에 해당 파일 추가');
-  console.log('  3. git history에서 제거: git filter-branch 또는 BFG');
-  console.log('');
-  
-  return findings.length;
-}
-
-// CLI 실행
-const args = process.argv.slice(2);
-const isJson = args.includes('--json');
-const isCI = args.includes('--ci');
-const rootDir = process.cwd();
-
-console.log(`${CYAN}🔍 Mupengism Secret Scanner${RESET}`);
-console.log(`   Scanning: ${rootDir}\n`);
-
-const findings = scan(rootDir);
-const count = printResults(findings, isJson, isCI);
-
-// CI 모드에서는 발견 시 exit 1
-if (isCI && count > 0) {
-  process.exit(1);
-}

package/scripts/verify-integrity.js

@@ -1,134 +0,0 @@
-#!/usr/bin/env node
-/**
- * verify-integrity.js — 무펭이즘 핵심 파일 무결성 검증
- * 
- * checksums.json 기반으로 모든 핵심 파일의 SHA-256 해시 검증
- * - 불일치 시 어떤 파일이 변조됐는지 출력
- * - SOUL 관련 파일 변조 시 exit 1 (커널 패닉)
- * 
- * Usage:
- *   node scripts/verify-integrity.js
- * 
- * Exit 0 = 모든 파일 정상
- * Exit 1 = 변조 감지 (커널 패닉)
- */
-
-import { readFileSync, existsSync, writeFileSync } from 'fs';
-import { createHash } from 'crypto';
-import { join } from 'path';
-
-const REPO_ROOT = process.cwd();
-const CHECKSUM_FILE = join(REPO_ROOT, 'checksums.json');
-
-// SOUL 관련 파일 (변조 시 커널 패닉 트리거)
-const CRITICAL_FILES = [
-  'SOUL-TEMPLATE.md',
-  'PRINCIPLES.md',
-  'LAWS.md',
-  'DOCTRINE.md',
-  'SECURITY-PRINCIPLES.md',
-  'skill/SOUL-TEMPLATE.md',
-  'skill/PRINCIPLES.md',
-  'skill/SECURITY-PRINCIPLES.md',
-];
-
-function getFileHash(path) {
-  try {
-    const content = readFileSync(path, 'utf-8');
-    return createHash('sha256').update(content).digest('hex');
-  } catch (err) {
-    return null;
-  }
-}
-
-function verify() {
-  // checksums.json 존재 확인
-  if (!existsSync(CHECKSUM_FILE)) {
-    console.error('❌ checksums.json not found. Run: node scripts/register-checksums.js');
-    process.exit(1);
-  }
-
-  const record = JSON.parse(readFileSync(CHECKSUM_FILE, 'utf-8'));
-  const files = record.files || {};
-  
-  let totalFiles = 0;
-  let validFiles = 0;
-  let missingFiles = 0;
-  let tamperedFiles = [];
-  let criticalTampered = false;
-
-  console.log('🔍 Verifying file integrity...\n');
-
-  // 각 파일 검증
-  for (const [file, expectedHash] of Object.entries(files)) {
-    totalFiles++;
-    const path = join(REPO_ROOT, file);
-    
-    if (!existsSync(path)) {
-      console.error(`❌ MISSING: ${file}`);
-      missingFiles++;
-      tamperedFiles.push(file);
-      if (CRITICAL_FILES.includes(file)) {
-        criticalTampered = true;
-      }
-      continue;
-    }
-
-    const currentHash = getFileHash(path);
-    
-    if (currentHash === expectedHash) {
-      console.log(`✓ ${file}`);
-      validFiles++;
-    } else {
-      console.error(`🚨 TAMPERED: ${file}`);
-      console.error(`   Expected: ${expectedHash.slice(0, 16)}...`);
-      console.error(`   Current:  ${currentHash ? currentHash.slice(0, 16) + '...' : 'UNREADABLE'}`);
-      tamperedFiles.push(file);
-      if (CRITICAL_FILES.includes(file)) {
-        criticalTampered = true;
-      }
-    }
-  }
-
-  // 결과 출력
-  console.log('\n' + '='.repeat(60));
-  console.log(`Total files: ${totalFiles}`);
-  console.log(`Valid: ${validFiles}`);
-  console.log(`Missing: ${missingFiles}`);
-  console.log(`Tampered: ${tamperedFiles.length - missingFiles}`);
-
-  if (tamperedFiles.length > 0) {
-    console.error('\n🚨 INTEGRITY BREACH DETECTED');
-    console.error('\nTampered/Missing files:');
-    tamperedFiles.forEach(f => console.error(`  - ${f}`));
-    
-    // 변조 기록 저장
-    const logFile = join(REPO_ROOT, `memory/integrity-breach-${Date.now()}.json`);
-    try {
-      writeFileSync(logFile, JSON.stringify({
-        timestamp: new Date().toISOString(),
-        checksumVersion: record.version,
-        tamperedFiles,
-        criticalTampered,
-      }, null, 2));
-      console.error(`\n📝 Breach log saved: ${logFile}`);
-    } catch {}
-
-    if (criticalTampered) {
-      console.error('\n💀 KERNEL PANIC: Critical file(s) tampered!');
-      console.error('   Core identity files have been modified.');
-      console.error('   System integrity compromised.\n');
-      process.exit(1);
-    } else {
-      console.error('\n⚠️  Non-critical files tampered. Review recommended.\n');
-      process.exit(1);
-    }
-  }
-
-  console.log('\n✅ All files intact. Kernel integrity verified.');
-  console.log(`   Checksum version: ${record.version}`);
-  console.log(`   Generated: ${record.generated}\n`);
-  process.exit(0);
-}
-
-verify();