opc-agent 1.3.2 → 1.4.0

package/src/core/sandbox.ts

@@ -1,101 +1,101 @@
-import type { TrustLevelType } from '../schema/oad';
-import * as path from 'path';
-
-export interface SandboxConfig {
-  trustLevel: TrustLevelType;
-  agentDir: string;
-  networkAllowlist?: string[];
-  shellAllowed?: boolean;
-}
-
-export interface SandboxRestrictions {
-  fileSystem: { read: string[]; write: string[] };
-  network: { allowed: string[] };
-  shell: boolean;
-}
-
-const TRUST_RESTRICTIONS: Record<string, SandboxRestrictions> = {
-  sandbox: {
-    fileSystem: { read: ['.'], write: ['.'] },
-    network: { allowed: [] },
-    shell: false,
-  },
-  verified: {
-    fileSystem: { read: ['.', '..'], write: ['.'] },
-    network: { allowed: ['*.deepleaper.com', 'api.openai.com', 'api.deepseek.com'] },
-    shell: false,
-  },
-  certified: {
-    fileSystem: { read: ['*'], write: ['.', '..'] },
-    network: { allowed: ['*'] },
-    shell: true,
-  },
-  listed: {
-    fileSystem: { read: ['*'], write: ['*'] },
-    network: { allowed: ['*'] },
-    shell: true,
-  },
-};
-
-export class Sandbox {
-  private config: SandboxConfig;
-  private restrictions: SandboxRestrictions;
-
-  constructor(config: SandboxConfig) {
-    this.config = config;
-    this.restrictions = {
-      ...TRUST_RESTRICTIONS[config.trustLevel] ?? TRUST_RESTRICTIONS.sandbox,
-    };
-    if (config.networkAllowlist) {
-      this.restrictions.network.allowed = config.networkAllowlist;
-    }
-    if (config.shellAllowed !== undefined) {
-      this.restrictions.shell = config.shellAllowed;
-    }
-  }
-
-  get trustLevel(): TrustLevelType {
-    return this.config.trustLevel;
-  }
-
-  getRestrictions(): SandboxRestrictions {
-    return { ...this.restrictions };
-  }
-
-  checkFileAccess(filePath: string, mode: 'read' | 'write'): boolean {
-    const resolved = path.resolve(filePath);
-    const agentDir = path.resolve(this.config.agentDir);
-    const allowedPaths = mode === 'read' ? this.restrictions.fileSystem.read : this.restrictions.fileSystem.write;
-
-    if (allowedPaths.includes('*')) return true;
-
-    for (const allowed of allowedPaths) {
-      const allowedResolved = path.resolve(this.config.agentDir, allowed);
-      if (resolved.startsWith(allowedResolved)) return true;
-    }
-
-    // Always allow access within agent's own directory
-    return resolved.startsWith(agentDir);
-  }
-
-  checkNetworkAccess(url: string): boolean {
-    if (this.restrictions.network.allowed.includes('*')) return true;
-    if (this.restrictions.network.allowed.length === 0) return false;
-
-    try {
-      const hostname = new URL(url).hostname;
-      return this.restrictions.network.allowed.some((pattern) => {
-        if (pattern.startsWith('*.')) {
-          return hostname.endsWith(pattern.slice(1));
-        }
-        return hostname === pattern;
-      });
-    } catch {
-      return false;
-    }
-  }
-
-  checkShellAccess(): boolean {
-    return this.restrictions.shell;
-  }
-}
+import type { TrustLevelType } from '../schema/oad';
+import * as path from 'path';
+
+export interface SandboxConfig {
+  trustLevel: TrustLevelType;
+  agentDir: string;
+  networkAllowlist?: string[];
+  shellAllowed?: boolean;
+}
+
+export interface SandboxRestrictions {
+  fileSystem: { read: string[]; write: string[] };
+  network: { allowed: string[] };
+  shell: boolean;
+}
+
+const TRUST_RESTRICTIONS: Record<string, SandboxRestrictions> = {
+  sandbox: {
+    fileSystem: { read: ['.'], write: ['.'] },
+    network: { allowed: [] },
+    shell: false,
+  },
+  verified: {
+    fileSystem: { read: ['.', '..'], write: ['.'] },
+    network: { allowed: ['*.deepleaper.com', 'api.openai.com', 'api.deepseek.com'] },
+    shell: false,
+  },
+  certified: {
+    fileSystem: { read: ['*'], write: ['.', '..'] },
+    network: { allowed: ['*'] },
+    shell: true,
+  },
+  listed: {
+    fileSystem: { read: ['*'], write: ['*'] },
+    network: { allowed: ['*'] },
+    shell: true,
+  },
+};
+
+export class Sandbox {
+  private config: SandboxConfig;
+  private restrictions: SandboxRestrictions;
+
+  constructor(config: SandboxConfig) {
+    this.config = config;
+    this.restrictions = {
+      ...TRUST_RESTRICTIONS[config.trustLevel] ?? TRUST_RESTRICTIONS.sandbox,
+    };
+    if (config.networkAllowlist) {
+      this.restrictions.network.allowed = config.networkAllowlist;
+    }
+    if (config.shellAllowed !== undefined) {
+      this.restrictions.shell = config.shellAllowed;
+    }
+  }
+
+  get trustLevel(): TrustLevelType {
+    return this.config.trustLevel;
+  }
+
+  getRestrictions(): SandboxRestrictions {
+    return { ...this.restrictions };
+  }
+
+  checkFileAccess(filePath: string, mode: 'read' | 'write'): boolean {
+    const resolved = path.resolve(filePath);
+    const agentDir = path.resolve(this.config.agentDir);
+    const allowedPaths = mode === 'read' ? this.restrictions.fileSystem.read : this.restrictions.fileSystem.write;
+
+    if (allowedPaths.includes('*')) return true;
+
+    for (const allowed of allowedPaths) {
+      const allowedResolved = path.resolve(this.config.agentDir, allowed);
+      if (resolved.startsWith(allowedResolved)) return true;
+    }
+
+    // Always allow access within agent's own directory
+    return resolved.startsWith(agentDir);
+  }
+
+  checkNetworkAccess(url: string): boolean {
+    if (this.restrictions.network.allowed.includes('*')) return true;
+    if (this.restrictions.network.allowed.length === 0) return false;
+
+    try {
+      const hostname = new URL(url).hostname;
+      return this.restrictions.network.allowed.some((pattern) => {
+        if (pattern.startsWith('*.')) {
+          return hostname.endsWith(pattern.slice(1));
+        }
+        return hostname === pattern;
+      });
+    } catch {
+      return false;
+    }
+  }
+
+  checkShellAccess(): boolean {
+    return this.restrictions.shell;
+  }
+}

package/src/core/security.ts

@@ -1,171 +1,171 @@
-/**
- * Security Hardening Module - v1.0.0
- * Input sanitization, CORS, security headers, API key rotation.
- */
-
-import type { Request, Response, NextFunction } from 'express';
-
-// ── Input Sanitization ──────────────────────────────────────
-
-const XSS_PATTERNS = [
-  /<script\b[^>]*>[\s\S]*?<\/script>/gi,
-  /javascript:/gi,
-  /on\w+\s*=/gi,
-  /<iframe\b/gi,
-  /<object\b/gi,
-  /<embed\b/gi,
-  /<form\b/gi,
-];
-
-const SQL_PATTERNS = [
-  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|ALTER|CREATE|EXEC)\b.*\b(FROM|INTO|TABLE|SET|WHERE|ALL)\b)/gi,
-  /(--|;)\s*(DROP|ALTER|DELETE)/gi,
-];
-
-export function sanitizeInput(input: string): string {
-  let clean = input;
-  for (const pattern of XSS_PATTERNS) {
-    clean = clean.replace(pattern, '');
-  }
-  // Encode dangerous HTML entities
-  clean = clean.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
-  return clean;
-}
-
-export function detectInjection(input: string): { safe: boolean; threats: string[] } {
-  const threats: string[] = [];
-  for (const pattern of XSS_PATTERNS) {
-    if (pattern.test(input)) threats.push('xss');
-    pattern.lastIndex = 0;
-  }
-  for (const pattern of SQL_PATTERNS) {
-    if (pattern.test(input)) threats.push('sql_injection');
-    pattern.lastIndex = 0;
-  }
-  return { safe: threats.length === 0, threats: [...new Set(threats)] };
-}
-
-// ── Security Headers (Helmet-style) ────────────────────────
-
-export interface SecurityHeadersConfig {
-  contentSecurityPolicy?: string;
-  enableHSTS?: boolean;
-  frameDeny?: boolean;
-  xssProtection?: boolean;
-  noSniff?: boolean;
-  referrerPolicy?: string;
-}
-
-export function securityHeaders(config?: SecurityHeadersConfig) {
-  const csp = config?.contentSecurityPolicy ?? "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'";
-  return (_req: Request, res: Response, next: NextFunction): void => {
-    res.setHeader('Content-Security-Policy', csp);
-    res.setHeader('X-Content-Type-Options', 'nosniff');
-    res.setHeader('X-Frame-Options', config?.frameDeny !== false ? 'DENY' : 'SAMEORIGIN');
-    res.setHeader('X-XSS-Protection', '1; mode=block');
-    res.setHeader('Referrer-Policy', config?.referrerPolicy ?? 'strict-origin-when-cross-origin');
-    if (config?.enableHSTS !== false) {
-      res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
-    }
-    res.removeHeader('X-Powered-By');
-    next();
-  };
-}
-
-// ── CORS Configuration ──────────────────────────────────────
-
-export interface CORSConfig {
-  origins?: string[];
-  methods?: string[];
-  allowHeaders?: string[];
-  credentials?: boolean;
-  maxAge?: number;
-}
-
-export function corsMiddleware(config?: CORSConfig) {
-  const origins = config?.origins ?? ['*'];
-  const methods = config?.methods ?? ['GET', 'POST', 'OPTIONS'];
-  const headers = config?.allowHeaders ?? ['Content-Type', 'Authorization'];
-
-  return (req: Request, res: Response, next: NextFunction): void => {
-    const origin = req.headers.origin ?? '';
-    if (origins.includes('*') || origins.includes(origin)) {
-      res.setHeader('Access-Control-Allow-Origin', origins.includes('*') ? '*' : origin);
-    }
-    res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
-    res.setHeader('Access-Control-Allow-Headers', headers.join(', '));
-    if (config?.credentials) res.setHeader('Access-Control-Allow-Credentials', 'true');
-    if (config?.maxAge) res.setHeader('Access-Control-Max-Age', String(config.maxAge));
-    if (req.method === 'OPTIONS') { res.status(204).end(); return; }
-    next();
-  };
-}
-
-// ── API Key Rotation ────────────────────────────────────────
-
-export interface APIKeyEntry {
-  key: string;
-  label?: string;
-  createdAt: number;
-  expiresAt?: number;
-  active: boolean;
-}
-
-export class APIKeyManager {
-  private keys: APIKeyEntry[] = [];
-
-  addKey(key: string, opts?: { label?: string; expiresAt?: number }): void {
-    this.keys.push({ key, label: opts?.label, createdAt: Date.now(), expiresAt: opts?.expiresAt, active: true });
-  }
-
-  revokeKey(key: string): boolean {
-    const entry = this.keys.find(k => k.key === key);
-    if (entry) { entry.active = false; return true; }
-    return false;
-  }
-
-  isValid(key: string): boolean {
-    const entry = this.keys.find(k => k.key === key);
-    if (!entry || !entry.active) return false;
-    if (entry.expiresAt && Date.now() > entry.expiresAt) { entry.active = false; return false; }
-    return true;
-  }
-
-  rotateKey(oldKey: string, newKey: string): boolean {
-    const entry = this.keys.find(k => k.key === oldKey && k.active);
-    if (!entry) return false;
-    entry.active = false;
-    this.addKey(newKey, { label: entry.label });
-    return true;
-  }
-
-  listActive(): APIKeyEntry[] {
-    return this.keys.filter(k => k.active && (!k.expiresAt || Date.now() <= k.expiresAt));
-  }
-
-  cleanup(): number {
-    const before = this.keys.length;
-    this.keys = this.keys.filter(k => k.active && (!k.expiresAt || Date.now() <= k.expiresAt));
-    return before - this.keys.length;
-  }
-}
-
-// ── Input Validation Middleware ──────────────────────────────
-
-export function inputValidation() {
-  return (req: Request, res: Response, next: NextFunction): void => {
-    if (req.body?.message && typeof req.body.message === 'string') {
-      const check = detectInjection(req.body.message);
-      if (!check.safe) {
-        res.status(400).json({ error: 'Input contains potentially unsafe content', threats: check.threats });
-        return;
-      }
-      // Limit message size
-      if (req.body.message.length > 100_000) {
-        res.status(413).json({ error: 'Message too large (max 100KB)' });
-        return;
-      }
-    }
-    next();
-  };
-}
+/**
+ * Security Hardening Module - v1.0.0
+ * Input sanitization, CORS, security headers, API key rotation.
+ */
+
+import type { Request, Response, NextFunction } from 'express';
+
+// ── Input Sanitization ──────────────────────────────────────
+
+const XSS_PATTERNS = [
+  /<script\b[^>]*>[\s\S]*?<\/script>/gi,
+  /javascript:/gi,
+  /on\w+\s*=/gi,
+  /<iframe\b/gi,
+  /<object\b/gi,
+  /<embed\b/gi,
+  /<form\b/gi,
+];
+
+const SQL_PATTERNS = [
+  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|ALTER|CREATE|EXEC)\b.*\b(FROM|INTO|TABLE|SET|WHERE|ALL)\b)/gi,
+  /(--|;)\s*(DROP|ALTER|DELETE)/gi,
+];
+
+export function sanitizeInput(input: string): string {
+  let clean = input;
+  for (const pattern of XSS_PATTERNS) {
+    clean = clean.replace(pattern, '');
+  }
+  // Encode dangerous HTML entities
+  clean = clean.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+  return clean;
+}
+
+export function detectInjection(input: string): { safe: boolean; threats: string[] } {
+  const threats: string[] = [];
+  for (const pattern of XSS_PATTERNS) {
+    if (pattern.test(input)) threats.push('xss');
+    pattern.lastIndex = 0;
+  }
+  for (const pattern of SQL_PATTERNS) {
+    if (pattern.test(input)) threats.push('sql_injection');
+    pattern.lastIndex = 0;
+  }
+  return { safe: threats.length === 0, threats: [...new Set(threats)] };
+}
+
+// ── Security Headers (Helmet-style) ────────────────────────
+
+export interface SecurityHeadersConfig {
+  contentSecurityPolicy?: string;
+  enableHSTS?: boolean;
+  frameDeny?: boolean;
+  xssProtection?: boolean;
+  noSniff?: boolean;
+  referrerPolicy?: string;
+}
+
+export function securityHeaders(config?: SecurityHeadersConfig) {
+  const csp = config?.contentSecurityPolicy ?? "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'";
+  return (_req: Request, res: Response, next: NextFunction): void => {
+    res.setHeader('Content-Security-Policy', csp);
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('X-Frame-Options', config?.frameDeny !== false ? 'DENY' : 'SAMEORIGIN');
+    res.setHeader('X-XSS-Protection', '1; mode=block');
+    res.setHeader('Referrer-Policy', config?.referrerPolicy ?? 'strict-origin-when-cross-origin');
+    if (config?.enableHSTS !== false) {
+      res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+    }
+    res.removeHeader('X-Powered-By');
+    next();
+  };
+}
+
+// ── CORS Configuration ──────────────────────────────────────
+
+export interface CORSConfig {
+  origins?: string[];
+  methods?: string[];
+  allowHeaders?: string[];
+  credentials?: boolean;
+  maxAge?: number;
+}
+
+export function corsMiddleware(config?: CORSConfig) {
+  const origins = config?.origins ?? ['*'];
+  const methods = config?.methods ?? ['GET', 'POST', 'OPTIONS'];
+  const headers = config?.allowHeaders ?? ['Content-Type', 'Authorization'];
+
+  return (req: Request, res: Response, next: NextFunction): void => {
+    const origin = req.headers.origin ?? '';
+    if (origins.includes('*') || origins.includes(origin)) {
+      res.setHeader('Access-Control-Allow-Origin', origins.includes('*') ? '*' : origin);
+    }
+    res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
+    res.setHeader('Access-Control-Allow-Headers', headers.join(', '));
+    if (config?.credentials) res.setHeader('Access-Control-Allow-Credentials', 'true');
+    if (config?.maxAge) res.setHeader('Access-Control-Max-Age', String(config.maxAge));
+    if (req.method === 'OPTIONS') { res.status(204).end(); return; }
+    next();
+  };
+}
+
+// ── API Key Rotation ────────────────────────────────────────
+
+export interface APIKeyEntry {
+  key: string;
+  label?: string;
+  createdAt: number;
+  expiresAt?: number;
+  active: boolean;
+}
+
+export class APIKeyManager {
+  private keys: APIKeyEntry[] = [];
+
+  addKey(key: string, opts?: { label?: string; expiresAt?: number }): void {
+    this.keys.push({ key, label: opts?.label, createdAt: Date.now(), expiresAt: opts?.expiresAt, active: true });
+  }
+
+  revokeKey(key: string): boolean {
+    const entry = this.keys.find(k => k.key === key);
+    if (entry) { entry.active = false; return true; }
+    return false;
+  }
+
+  isValid(key: string): boolean {
+    const entry = this.keys.find(k => k.key === key);
+    if (!entry || !entry.active) return false;
+    if (entry.expiresAt && Date.now() > entry.expiresAt) { entry.active = false; return false; }
+    return true;
+  }
+
+  rotateKey(oldKey: string, newKey: string): boolean {
+    const entry = this.keys.find(k => k.key === oldKey && k.active);
+    if (!entry) return false;
+    entry.active = false;
+    this.addKey(newKey, { label: entry.label });
+    return true;
+  }
+
+  listActive(): APIKeyEntry[] {
+    return this.keys.filter(k => k.active && (!k.expiresAt || Date.now() <= k.expiresAt));
+  }
+
+  cleanup(): number {
+    const before = this.keys.length;
+    this.keys = this.keys.filter(k => k.active && (!k.expiresAt || Date.now() <= k.expiresAt));
+    return before - this.keys.length;
+  }
+}
+
+// ── Input Validation Middleware ──────────────────────────────
+
+export function inputValidation() {
+  return (req: Request, res: Response, next: NextFunction): void => {
+    if (req.body?.message && typeof req.body.message === 'string') {
+      const check = detectInjection(req.body.message);
+      if (!check.safe) {
+        res.status(400).json({ error: 'Input contains potentially unsafe content', threats: check.threats });
+        return;
+      }
+      // Limit message size
+      if (req.body.message.length > 100_000) {
+        res.status(413).json({ error: 'Message too large (max 100KB)' });
+        return;
+      }
+    }
+    next();
+  };
+}