nubos-pilot 1.2.0 → 1.2.1

package/lib/security/scan.test.cjs

@@ -0,0 +1,137 @@
+'use strict';
+
+const { test } = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+
+const { scanContent, loadCustomRules, _globToRegExp, _looksCatastrophic } = require('./scan.cjs');
+
+function cats(findings) {
+  return new Set(findings.map((f) => f.category));
+}
+
+test('SCAN-1 each built-in category triggers on representative content', () => {
+  const samples = {
+    'dynamic-exec': 'const r = eval(userInput);',
+    'unsafe-deserialization': 'data = pickle.loads(blob)',
+    'dom-injection': 'el.innerHTML = userInput;',
+    'hardcoded-secret': 'const key = "-----BEGIN PRIVATE KEY-----";',
+  };
+  for (const [category, content] of Object.entries(samples)) {
+    const { findings } = scanContent({ filePath: 'src/x.js', content });
+    assert.ok(cats(findings).has(category), category + ' should trigger; got ' + [...cats(findings)].join(','));
+  }
+});
+
+test('SCAN-2 workflow-file is path-only and fires regardless of content', () => {
+  const { findings } = scanContent({ filePath: '.github/workflows/deploy.yml', content: 'name: ci' });
+  assert.ok(findings.some((f) => f.category === 'workflow-file'));
+});
+
+test('SCAN-3 clean code produces no findings (no false positives)', () => {
+  const content = [
+    'function add(a, b) {',
+    '  return a + b;',
+    '}',
+    'const greeting = "hello world";',
+    'el.textContent = greeting;',
+  ].join('\n');
+  const { findings } = scanContent({ filePath: 'src/util.js', content });
+  assert.deepEqual(findings, []);
+});
+
+test('SCAN-4 finding carries the first matching line number', () => {
+  const content = 'line one\nline two\nconst r = eval(x);\n';
+  const { findings } = scanContent({ filePath: 'a.js', content });
+  const evalFinding = findings.find((f) => f.rule_name === 'eval_call');
+  assert.equal(evalFinding.line, 3);
+});
+
+test('SCAN-5 custom rules augment built-ins (both present)', () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'sec-scan-'));
+  const rulesFile = path.join(dir, 'rules.json');
+  fs.writeFileSync(rulesFile, JSON.stringify({
+    patterns: [{
+      rule_name: 'tenant_unfiltered_query',
+      category: 'multi-tenant',
+      severity: 'risk',
+      regex: '\\.objects\\.all\\(\\)',
+      reminder: 'Filter by org_id.',
+    }],
+  }));
+  try {
+    const content = 'q = Model.objects.all()\nr = eval(z)';
+    const { findings } = scanContent({ filePath: 'src/tenants/x.py', content, customRulesPath: rulesFile });
+    assert.ok(findings.some((f) => f.rule_name === 'tenant_unfiltered_query'), 'custom rule fires');
+    assert.ok(findings.some((f) => f.rule_name === 'eval_call'), 'built-in still fires');
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('SCAN-6 custom rule paths scope limits where it applies', () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'sec-scan-'));
+  const rulesFile = path.join(dir, 'rules.json');
+  fs.writeFileSync(rulesFile, JSON.stringify({
+    patterns: [{
+      rule_name: 'tenant_unfiltered_query',
+      regex: '\\.objects\\.all\\(\\)',
+      paths: ['**/src/tenants/**'],
+      reminder: 'scoped',
+    }],
+  }));
+  try {
+    const content = 'q = Model.objects.all()';
+    const inScope = scanContent({ filePath: 'src/tenants/a.py', content, customRulesPath: rulesFile });
+    const outScope = scanContent({ filePath: 'src/public/a.py', content, customRulesPath: rulesFile });
+    assert.ok(inScope.findings.some((f) => f.rule_name === 'tenant_unfiltered_query'));
+    assert.ok(!outScope.findings.some((f) => f.rule_name === 'tenant_unfiltered_query'));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('SCAN-7 catastrophic regex in custom rule is skipped, not loaded', () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'sec-scan-'));
+  const rulesFile = path.join(dir, 'rules.json');
+  fs.writeFileSync(rulesFile, JSON.stringify({
+    patterns: [{ rule_name: 'evil', regex: '(a+)+$', reminder: 'x' }],
+  }));
+  try {
+    const { rules, skipped } = loadCustomRules(rulesFile);
+    assert.equal(rules.length, 0);
+    assert.ok(skipped.some((s) => s.reason === 'catastrophic-regex'));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('SCAN-8 custom rule cap at 50 enforced with diagnostic', () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'sec-scan-'));
+  const rulesFile = path.join(dir, 'rules.json');
+  const many = [];
+  for (let i = 0; i < 60; i++) many.push({ rule_name: 'r' + i, substrings: ['ZZZ' + i], reminder: 'x' });
+  fs.writeFileSync(rulesFile, JSON.stringify({ patterns: many }));
+  try {
+    const { rules, skipped } = loadCustomRules(rulesFile);
+    assert.equal(rules.length, 50);
+    assert.ok(skipped.some((s) => s.reason === 'rule-cap-exceeded'));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('SCAN-9 missing custom rules path is a no-op (additive, resilient)', () => {
+  const { rules, skipped } = loadCustomRules(null);
+  assert.deepEqual(rules, []);
+  assert.deepEqual(skipped, []);
+});
+
+test('SCAN-10 glob and catastrophic helpers behave', () => {
+  assert.ok(_globToRegExp('**/src/tenants/**').test('app/src/tenants/x.py'));
+  assert.ok(!_globToRegExp('**/src/tenants/**').test('app/src/public/x.py'));
+  assert.ok(_looksCatastrophic('(.*)*'));
+  assert.ok(!_looksCatastrophic('\\beval\\s*\\('));
+});

package/np-tools.cjs

@@ -103,6 +103,7 @@ const topLevelCommands = {
   'loop-stuck':          require('./bin/np-tools/loop-stuck.cjs'),
   'loop-metrics':       require('./bin/np-tools/loop-metrics.cjs'),
   'spawn-headless':     require('./bin/np-tools/spawn-headless.cjs'),
+  'security':           require('./bin/np-tools/security.cjs'),
   'learning-log':      require('./bin/np-tools/learning-log.cjs'),
   'learning-match':    require('./bin/np-tools/learning-match.cjs'),
   'learning-list':     require('./bin/np-tools/learning-list.cjs'),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nubos-pilot",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "Self-hosted AI pilot for any codebase. Researcher and critic agents plan, execute and verify each change.",
   "homepage": "https://pilot.nubos.cloud",
   "repository": {

package/templates/claude/payload/hooks/np-security-hook.cjs

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const cp = require('node:child_process');
+
+const ALLOWED_VERBS = new Set(['session-start', 'baseline', 'scan', 'review', 'commit']);
+
+function resolveNpTools() {
+  const candidates = [
+    path.join(process.cwd(), '.nubos-pilot', 'bin', 'np-tools.cjs'),
+    path.join(__dirname, '..', '..', '..', '.nubos-pilot', 'bin', 'np-tools.cjs'),
+  ];
+  for (const c of candidates) {
+    try { if (fs.statSync(c).isFile()) return c; } catch {}
+  }
+  return null;
+}
+
+function readStdin() {
+  return new Promise((resolve) => {
+    if (process.stdin.isTTY) return resolve('');
+    let buf = '';
+    process.stdin.setEncoding('utf-8');
+    const timer = setTimeout(() => { try { process.stdin.removeAllListeners(); } catch {} resolve(buf); }, 800);
+    process.stdin.on('data', (c) => { buf += c; });
+    process.stdin.on('end', () => { clearTimeout(timer); resolve(buf); });
+    process.stdin.on('error', () => { clearTimeout(timer); resolve(buf); });
+  });
+}
+
+(async () => {
+  const verb = process.argv[2];
+  if (!ALLOWED_VERBS.has(verb)) { process.exit(0); return; }
+  const npTools = resolveNpTools();
+  if (!npTools) { process.exit(0); return; }
+  const input = await readStdin();
+  try {
+    const r = cp.spawnSync(process.execPath, [npTools, 'security', verb, '--stdin'], {
+      input,
+      encoding: 'utf-8',
+      timeout: 20000,
+      maxBuffer: 8 * 1024 * 1024,
+      cwd: process.cwd(),
+    });
+    if (r && typeof r.stdout === 'string' && r.stdout.length) process.stdout.write(r.stdout);
+  } catch { /* never let a security hook break the session */ }
+  process.exit(0);
+})().catch(() => { process.exit(0); });

package/workflows/execute-phase.md

@@ -168,6 +168,10 @@ AUTO_LOG_LEARNING=$(node .nubos-pilot/bin/np-tools.cjs config-get auto_log_learn
 SPAWN_HEADLESS_ENABLED=$(node .nubos-pilot/bin/np-tools.cjs config-get spawn.headless.enabled 2>/dev/null || echo false)
 SPAWN_HEADLESS_AGENTS=$(node .nubos-pilot/bin/np-tools.cjs config-get spawn.headless.agents 2>/dev/null || echo '["np-critic","np-researcher"]')
 SPAWN_HEADLESS_FALLBACK=$(node .nubos-pilot/bin/np-tools.cjs config-get spawn.headless.fallback_on_error 2>/dev/null || echo true)
+CONF_INJECT_CRITERIA=$(node .nubos-pilot/bin/np-tools.cjs config-get conformance.inject_criteria 2>/dev/null || echo true)
+# Milestone success_criteria as the executor's acceptance target (rendered once from the INIT payload).
+# Intent-level only (ADR-0019): these describe what "done right" means, NOT how to build it.
+SUCCESS_CRITERIA_BLOCK=$(echo "$INIT" | node -e 'process.stdin.on("data",d=>{try{const c=JSON.parse(d).success_criteria||[];console.log(c.map(x=>"- "+(x.id?x.id+": ":"")+(x.text||x)).join("\n"))}catch(e){console.log("")}})')
 ```
 
 ## Spawn dispatch — agent-tool vs. headless subprocess (ADR-0010 §L6)
@@ -336,11 +340,17 @@ for WAVE_INDEX in 0 1 2 ...; do
       #     Prompt fields:
       #       <files_to_read>: task plan, slice plan, prior slice SUMMARYs, CONTEXT.md
       #       <consensus_pattern>: $CONSENSUS_PATTERN (with [VERIFIED]/[PROVISIONAL]/[CACHED])
+      #       <success_criteria>: when $CONF_INJECT_CRITERIA = true, include the milestone
+      #         acceptance target — $SUCCESS_CRITERIA_BLOCK plus the slice UAT path
+      #         (.nubos-pilot/milestones/M<NNN>/slices/S<NNN>/S<NNN>-UAT.md). Frame it as
+      #         "what done-right means (intent, ADR-0019) — NOT a build spec, NOT a scope
+      #         expansion". Omit the field entirely when the flag is false.
       #       <prior_findings>: critic findings JSON   (R≥2 only)
       #       <verify_excerpt>: tail of $VERIFY_LOG    (R≥2 only)
       #       <lang_directive>: $LANG_DIRECTIVE
       #       <skills>: $AGENT_SKILLS_EXECUTOR
-      #     RULES — Agent MUST: edit ONLY paths in files_modified (D-04 scope guard),
+      #     RULES — Agent MUST: edit ONLY paths in files_modified (D-04 scope guard) —
+      #     success_criteria are the acceptance target, NEVER a licence to touch other files,
       #     run `node np-tools.cjs knowledge-search "<q>" --task $TASK_ID` via Bash
       #     ≥1× (Rule 9 — the --task flag writes the audit evidence ledger),
       #     NOT call commit-task. Capture tool_use stream for audit (group (3) below).