nexus-agents 2.34.0 → 2.41.0

package/dist/{chunk-QOULVKG6.js → chunk-7FZV43MB.js}

@@ -4,7 +4,7 @@ import {
 import {
   VERSION,
   initDataDirectories
-} from "./chunk-YW5QDPGU.js";
+} from "./chunk-CNQ5WLHD.js";
 import {
   CLI_SUBPROCESS_TIMEOUTS,
   createLogger,
@@ -1580,4 +1580,4 @@ export {
   setupCommand,
   setupCommandAsync
 };
-//# sourceMappingURL=chunk-QOULVKG6.js.map
+//# sourceMappingURL=chunk-7FZV43MB.js.map

package/dist/{chunk-YW5QDPGU.js → chunk-CNQ5WLHD.js}

@@ -24,7 +24,7 @@ import {
 } from "./chunk-CLYZ7FWP.js";
 
 // src/version.ts
-var VERSION = true ? "2.34.0" : "dev";
+var VERSION = true ? "2.41.0" : "dev";
 
 // src/cli/setup-data-dir.ts
 import { mkdirSync, existsSync as existsSync2 } from "fs";
@@ -758,7 +758,7 @@ async function runDoctorFix(result) {
   writeLine2("\u2500".repeat(40));
   let fixCount = 0;
   if (!result.dataDirectory.rootExists || result.dataDirectory.subdirectories.some((d) => !d.exists || !d.writable)) {
-    const { runSetup } = await import("./setup-command-N6MTXKV3.js");
+    const { runSetup } = await import("./setup-command-BJEGQZ33.js");
     const setupResult = runSetup({
       skipMcp: true,
       skipRules: true,
@@ -836,4 +836,4 @@ export {
   startStdioServer,
   closeServer
 };
-//# sourceMappingURL=chunk-YW5QDPGU.js.map
+//# sourceMappingURL=chunk-CNQ5WLHD.js.map

package/dist/{chunk-A6Q2NRXT.js → chunk-SYS7LUWC.js}

@@ -795,6 +795,160 @@ function contextForLogging(ctx) {
   };
 }
 
+// src/security/access-constraint-deriver/denylist.ts
+var UNBYPASSABLE_PATH_PATTERNS = [
+  // Environment files
+  ".env",
+  ".env.*",
+  "**/.env",
+  "**/.env.*",
+  // SSH credentials
+  "~/.ssh/**",
+  "**/ssh/id_*",
+  "**/*_rsa",
+  "**/*_ed25519",
+  "**/*.pem",
+  // Cloud credentials
+  "~/.aws/**",
+  "~/.azure/**",
+  "~/.gcp/**",
+  "~/.config/gcloud/**",
+  "~/.kube/config",
+  // Unix secret files
+  "/etc/shadow",
+  "/etc/sudoers",
+  "/etc/sudoers.d/**",
+  // Common secret file patterns
+  "**/secrets.*",
+  "**/credentials.*",
+  "**/private_key.*",
+  "**/id_rsa*"
+];
+var UNBYPASSABLE_TOOL_NAMES = [
+  // Destructive git operations
+  "git_push_force",
+  "git_reset_hard",
+  "git_branch_delete_force",
+  "git_clean_force",
+  // Destructive filesystem
+  "rm_recursive_force",
+  "chmod_recursive",
+  // Identity / auth mutations
+  "ssh_add_key",
+  "gpg_add_key",
+  "npm_publish_force",
+  // Remote destruction
+  "github_repo_delete",
+  "github_org_transfer",
+  "aws_account_close"
+];
+function compileGlobToRegex(pattern) {
+  const pat = pattern.toLowerCase();
+  const escaped = pat.replace(/[\\.+^$()|[\]{}]/g, "\\$&").replace(/\*\*/g, "__DOUBLESTAR__").replace(/\*/g, "[^/]*").replace(/__DOUBLESTAR__/g, ".*");
+  const anchored = escaped.startsWith("~/") ? `(^|/)${escaped.slice(2)}$` : escaped.startsWith("/") ? `^${escaped}$` : `(^|/)${escaped}$`;
+  return new RegExp(anchored);
+}
+var COMPILED_PATH_PATTERNS = UNBYPASSABLE_PATH_PATTERNS.map((pattern) => ({
+  pattern,
+  regex: compileGlobToRegex(pattern)
+}));
+function isPathDenied(path4) {
+  const normalized = path4.toLowerCase();
+  return COMPILED_PATH_PATTERNS.some((c) => c.regex.test(normalized));
+}
+function isToolDenied(toolName) {
+  return UNBYPASSABLE_TOOL_NAMES.includes(toolName);
+}
+
+// src/security/access-constraint-deriver/enforcer.ts
+function checkAccess(toolName, policy, args) {
+  if (isToolDenied(toolName)) {
+    return {
+      decision: "deny",
+      reason: `tool "${toolName}" is on the unbypassable deny-tool list`,
+      matchedRule: "unbypassable:tool"
+    };
+  }
+  if (typeof args?.path === "string" && args.path.length > 0 && isPathDenied(args.path)) {
+    return {
+      decision: "deny",
+      reason: `path "${args.path}" is on the unbypassable deny-path list`,
+      matchedRule: "unbypassable:path"
+    };
+  }
+  if (policy.allowedTools === "*") return { decision: "allow" };
+  if (policy.allowedTools.includes(toolName)) return { decision: "allow" };
+  if (policy.mode === "audit") {
+    return {
+      decision: "log-and-allow",
+      warning: `tool "${toolName}" not in derived policy (audit mode)`
+    };
+  }
+  return {
+    decision: "deny",
+    reason: `tool "${toolName}" not in derived policy`,
+    matchedRule: "allowedTools"
+  };
+}
+
+// src/security/access-constraint-deriver/mcp-guard.ts
+import { AsyncLocalStorage as AsyncLocalStorage2 } from "async_hooks";
+var accessPolicyStorage = new AsyncLocalStorage2();
+function withAccessPolicy(policy, fn) {
+  return accessPolicyStorage.run(policy, fn);
+}
+function getActivePolicy() {
+  return accessPolicyStorage.getStore();
+}
+function denyToToolResult(decision, requestId) {
+  return {
+    isError: true,
+    content: [
+      {
+        type: "text",
+        text: `access denied: ${decision.reason} (rule: ${decision.matchedRule}, request: ${requestId})`
+      }
+    ]
+  };
+}
+
+// src/security/access-constraint-deriver/chain-adapter.ts
+function toGuardArgs(args) {
+  if (typeof args !== "object" || args === null) return void 0;
+  const path4 = args["path"];
+  return typeof path4 === "string" && path4.length > 0 ? { path: path4 } : void 0;
+}
+function createAccessPolicyChainMiddleware(toolName) {
+  return async (args, ctx, next) => {
+    const policy = getActivePolicy();
+    if (policy === void 0 || policy.mode === "off") {
+      return next(args, ctx);
+    }
+    const decision = checkAccess(toolName, policy, toGuardArgs(args));
+    if (decision.decision === "allow") {
+      return next(args, ctx);
+    }
+    if (decision.decision === "log-and-allow") {
+      ctx.logger.warn("access-policy: audit violation", {
+        tool: toolName,
+        warning: decision.warning,
+        policySource: policy.source,
+        requestId: ctx.requestContext.requestId
+      });
+      return next(args, ctx);
+    }
+    ctx.logger.info("access-policy: tool call denied", {
+      tool: toolName,
+      reason: decision.reason,
+      matchedRule: decision.matchedRule,
+      policySource: policy.source,
+      mode: policy.mode,
+      requestId: ctx.requestContext.requestId
+    });
+    return denyToToolResult(decision, ctx.requestContext.requestId);
+  };
+}
+
 // src/mcp/middleware/middleware-chain.ts
 function errorResult(message, requestId) {
   return {
@@ -939,6 +1093,11 @@ function addTimeoutMiddleware(middlewares, config, skip2) {
     middlewares.push(createTimeoutMiddleware(guard, config.toolName));
   }
 }
+function addAccessPolicyMiddleware(middlewares, config, skip2) {
+  if (skip2.accessPolicy !== true) {
+    middlewares.push(createAccessPolicyChainMiddleware(config.toolName));
+  }
+}
 function buildMiddlewareStack(config) {
   const skip2 = config.skip ?? {};
   const middlewares = [];
@@ -947,6 +1106,7 @@ function buildMiddlewareStack(config) {
   addRateLimitMiddleware(middlewares, config, skip2);
   addValidationMiddleware(middlewares, config, skip2);
   addPolicyMiddleware(middlewares, config, skip2);
+  addAccessPolicyMiddleware(middlewares, config, skip2);
   addTimeoutMiddleware(middlewares, config, skip2);
   return middlewares;
 }
@@ -12639,6 +12799,7 @@ export {
   createMcpNotifier,
   NOOP_NOTIFIER,
   withProgressHeartbeat,
+  withAccessPolicy,
   getToolTimeout,
   wrapToolWithTimeout,
   toSdkCallback,
@@ -12718,4 +12879,4 @@ export {
   CONSENSUS_VOTE_OUTPUT_SCHEMA,
   registerConsensusVoteTool
 };
-//# sourceMappingURL=chunk-A6Q2NRXT.js.map
+//# sourceMappingURL=chunk-SYS7LUWC.js.map