nexus-agents 2.34.0 → 2.40.0

package/dist/{chunk-A6Q2NRXT.js → chunk-6PLFRWIP.js}

@@ -795,6 +795,157 @@ function contextForLogging(ctx) {
   };
 }
 
+// src/security/access-constraint-deriver/denylist.ts
+var UNBYPASSABLE_PATH_PATTERNS = [
+  // Environment files
+  ".env",
+  ".env.*",
+  "**/.env",
+  "**/.env.*",
+  // SSH credentials
+  "~/.ssh/**",
+  "**/ssh/id_*",
+  "**/*_rsa",
+  "**/*_ed25519",
+  "**/*.pem",
+  // Cloud credentials
+  "~/.aws/**",
+  "~/.azure/**",
+  "~/.gcp/**",
+  "~/.config/gcloud/**",
+  "~/.kube/config",
+  // Unix secret files
+  "/etc/shadow",
+  "/etc/sudoers",
+  "/etc/sudoers.d/**",
+  // Common secret file patterns
+  "**/secrets.*",
+  "**/credentials.*",
+  "**/private_key.*",
+  "**/id_rsa*"
+];
+var UNBYPASSABLE_TOOL_NAMES = [
+  // Destructive git operations
+  "git_push_force",
+  "git_reset_hard",
+  "git_branch_delete_force",
+  "git_clean_force",
+  // Destructive filesystem
+  "rm_recursive_force",
+  "chmod_recursive",
+  // Identity / auth mutations
+  "ssh_add_key",
+  "gpg_add_key",
+  "npm_publish_force",
+  // Remote destruction
+  "github_repo_delete",
+  "github_org_transfer",
+  "aws_account_close"
+];
+function compileGlobToRegex(pattern) {
+  const pat = pattern.toLowerCase();
+  const escaped = pat.replace(/[\\.+^$()|[\]{}]/g, "\\$&").replace(/\*\*/g, "__DOUBLESTAR__").replace(/\*/g, "[^/]*").replace(/__DOUBLESTAR__/g, ".*");
+  const anchored = escaped.startsWith("~/") ? `(^|/)${escaped.slice(2)}$` : escaped.startsWith("/") ? `^${escaped}$` : `(^|/)${escaped}$`;
+  return new RegExp(anchored);
+}
+var COMPILED_PATH_PATTERNS = UNBYPASSABLE_PATH_PATTERNS.map((pattern) => ({
+  pattern,
+  regex: compileGlobToRegex(pattern)
+}));
+function isPathDenied(path4) {
+  const normalized = path4.toLowerCase();
+  return COMPILED_PATH_PATTERNS.some((c) => c.regex.test(normalized));
+}
+function isToolDenied(toolName) {
+  return UNBYPASSABLE_TOOL_NAMES.includes(toolName);
+}
+
+// src/security/access-constraint-deriver/enforcer.ts
+function checkAccess(toolName, policy, args) {
+  if (isToolDenied(toolName)) {
+    return {
+      decision: "deny",
+      reason: `tool "${toolName}" is on the unbypassable deny-tool list`,
+      matchedRule: "unbypassable:tool"
+    };
+  }
+  if (typeof args?.path === "string" && args.path.length > 0 && isPathDenied(args.path)) {
+    return {
+      decision: "deny",
+      reason: `path "${args.path}" is on the unbypassable deny-path list`,
+      matchedRule: "unbypassable:path"
+    };
+  }
+  if (policy.allowedTools === "*") return { decision: "allow" };
+  if (policy.allowedTools.includes(toolName)) return { decision: "allow" };
+  if (policy.mode === "audit") {
+    return {
+      decision: "log-and-allow",
+      warning: `tool "${toolName}" not in derived policy (audit mode)`
+    };
+  }
+  return {
+    decision: "deny",
+    reason: `tool "${toolName}" not in derived policy`,
+    matchedRule: "allowedTools"
+  };
+}
+
+// src/security/access-constraint-deriver/mcp-guard.ts
+import { AsyncLocalStorage as AsyncLocalStorage2 } from "async_hooks";
+var accessPolicyStorage = new AsyncLocalStorage2();
+function getActivePolicy() {
+  return accessPolicyStorage.getStore();
+}
+function denyToToolResult(decision, requestId) {
+  return {
+    isError: true,
+    content: [
+      {
+        type: "text",
+        text: `access denied: ${decision.reason} (rule: ${decision.matchedRule}, request: ${requestId})`
+      }
+    ]
+  };
+}
+
+// src/security/access-constraint-deriver/chain-adapter.ts
+function toGuardArgs(args) {
+  if (typeof args !== "object" || args === null) return void 0;
+  const path4 = args["path"];
+  return typeof path4 === "string" && path4.length > 0 ? { path: path4 } : void 0;
+}
+function createAccessPolicyChainMiddleware(toolName) {
+  return async (args, ctx, next) => {
+    const policy = getActivePolicy();
+    if (policy === void 0 || policy.mode === "off") {
+      return next(args, ctx);
+    }
+    const decision = checkAccess(toolName, policy, toGuardArgs(args));
+    if (decision.decision === "allow") {
+      return next(args, ctx);
+    }
+    if (decision.decision === "log-and-allow") {
+      ctx.logger.warn("access-policy: audit violation", {
+        tool: toolName,
+        warning: decision.warning,
+        policySource: policy.source,
+        requestId: ctx.requestContext.requestId
+      });
+      return next(args, ctx);
+    }
+    ctx.logger.info("access-policy: tool call denied", {
+      tool: toolName,
+      reason: decision.reason,
+      matchedRule: decision.matchedRule,
+      policySource: policy.source,
+      mode: policy.mode,
+      requestId: ctx.requestContext.requestId
+    });
+    return denyToToolResult(decision, ctx.requestContext.requestId);
+  };
+}
+
 // src/mcp/middleware/middleware-chain.ts
 function errorResult(message, requestId) {
   return {
@@ -939,6 +1090,11 @@ function addTimeoutMiddleware(middlewares, config, skip2) {
     middlewares.push(createTimeoutMiddleware(guard, config.toolName));
   }
 }
+function addAccessPolicyMiddleware(middlewares, config, skip2) {
+  if (skip2.accessPolicy !== true) {
+    middlewares.push(createAccessPolicyChainMiddleware(config.toolName));
+  }
+}
 function buildMiddlewareStack(config) {
   const skip2 = config.skip ?? {};
   const middlewares = [];
@@ -947,6 +1103,7 @@ function buildMiddlewareStack(config) {
   addRateLimitMiddleware(middlewares, config, skip2);
   addValidationMiddleware(middlewares, config, skip2);
   addPolicyMiddleware(middlewares, config, skip2);
+  addAccessPolicyMiddleware(middlewares, config, skip2);
   addTimeoutMiddleware(middlewares, config, skip2);
   return middlewares;
 }
@@ -12718,4 +12875,4 @@ export {
   CONSENSUS_VOTE_OUTPUT_SCHEMA,
   registerConsensusVoteTool
 };
-//# sourceMappingURL=chunk-A6Q2NRXT.js.map
+//# sourceMappingURL=chunk-6PLFRWIP.js.map