opencode-pair-autonomy 1.0.0

package/vendor/mcp/sudo-mcp/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "sudo-mcp-server",
+  "version": "1.0.0",
+  "description": "Two-step approval MCP server for local sudo command execution",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "sudo-mcp": "./src/index.js"
+  },
+  "scripts": {
+    "start": "node src/index.js",
+    "check": "node --check src/index.js && node --check src/config.js && node --check src/runner.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "zod": "^3.24.2"
+  }
+}

package/vendor/mcp/sudo-mcp/src/config.js

@@ -0,0 +1,57 @@
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { z } from "zod";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+const configSchema = z.object({
+  approval_ttl_seconds: z.coerce.number().int().min(15).max(3600).default(300),
+  default_timeout_seconds: z.coerce.number().int().min(1).max(600).default(60),
+  max_timeout_seconds: z.coerce.number().int().min(1).max(3600).default(300),
+  max_output_bytes: z.coerce.number().int().min(1024).max(10_000_000).default(131072),
+  require_non_interactive_sudo: z.boolean().default(true),
+  require_allowlist: z.boolean().default(false),
+  allow_patterns: z.array(z.string().min(1)).default([]),
+  deny_patterns: z.array(z.string().min(1)).default([]),
+});
+
+function loadRawConfig() {
+  const candidates = [
+    process.env.SUDO_MCP_CONFIG_PATH,
+    join(__dirname, "../config.json"),
+    join(process.cwd(), "config.json"),
+  ].filter(Boolean);
+
+  for (const configPath of candidates) {
+    if (!existsSync(configPath)) continue;
+
+    try {
+      return {
+        configPath,
+        raw: JSON.parse(readFileSync(configPath, "utf8")),
+      };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(`Failed to read sudo-mcp config '${configPath}': ${message}`);
+    }
+  }
+
+  throw new Error(
+    "sudo-mcp config not found. Set SUDO_MCP_CONFIG_PATH or create config.json next to this server."
+  );
+}
+
+export function loadConfig() {
+  const { configPath, raw } = loadRawConfig();
+  const parsed = configSchema.parse(raw);
+
+  if (parsed.default_timeout_seconds > parsed.max_timeout_seconds) {
+    throw new Error("default_timeout_seconds cannot be greater than max_timeout_seconds.");
+  }
+
+  return {
+    configPath,
+    ...parsed,
+  };
+}

package/vendor/mcp/sudo-mcp/src/index.js

@@ -0,0 +1,267 @@
+#!/usr/bin/env node
+
+import { randomUUID } from "node:crypto";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprotocol/sdk/types.js";
+import { z } from "zod";
+import { loadConfig } from "./config.js";
+import { evaluateCommandPolicy, runSudoCommand } from "./runner.js";
+
+const config = loadConfig();
+const pendingApprovals = new Map();
+
+const requestSchema = z.object({
+  command: z.string().min(1),
+  timeout_seconds: z.coerce.number().int().min(1).max(3600).optional(),
+  reason: z.string().max(300).optional(),
+});
+
+const approveSchema = z.object({
+  request_id: z.string().uuid(),
+  approval_code: z.string().regex(/^[A-Z0-9]{8}$/),
+  approval_text: z.string().min(1),
+});
+
+const idSchema = z.object({
+  request_id: z.string().uuid(),
+});
+
+function ok(payload) {
+  const text = typeof payload === "string" ? payload : JSON.stringify(payload, null, 2);
+  return { content: [{ type: "text", text }] };
+}
+
+function fail(message) {
+  return { content: [{ type: "text", text: message }], isError: true };
+}
+
+function makeApprovalCode() {
+  return randomUUID().replace(/-/g, "").slice(0, 8).toUpperCase();
+}
+
+function nowIso() {
+  return new Date().toISOString();
+}
+
+function expiresAtIso(ttlSeconds) {
+  return new Date(Date.now() + ttlSeconds * 1000).toISOString();
+}
+
+function cleanupExpiredRequests() {
+  const now = Date.now();
+  for (const [requestId, value] of pendingApprovals.entries()) {
+    if (value.expiresAtMs <= now) {
+      pendingApprovals.delete(requestId);
+    }
+  }
+}
+
+function getPendingRequest(requestId) {
+  cleanupExpiredRequests();
+  return pendingApprovals.get(requestId);
+}
+
+function buildExpectedApprovalPhrase(requestId, approvalCode) {
+  return `APPROVE_SUDO ${requestId} ${approvalCode}`;
+}
+
+const server = new Server(
+  { name: "sudo-mcp-server", version: "1.0.0" },
+  { capabilities: { tools: {} } }
+);
+
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+  tools: [
+    {
+      name: "get_sudo_policy",
+      description: "Show sudo policy and execution limits",
+      inputSchema: {
+        type: "object",
+        properties: {},
+      },
+    },
+    {
+      name: "request_sudo_execution",
+      description: "Create a pending sudo execution request and approval code",
+      inputSchema: {
+        type: "object",
+        properties: {
+          command: { type: "string" },
+          timeout_seconds: { type: "number", minimum: 1, maximum: 3600 },
+          reason: { type: "string" },
+        },
+        required: ["command"],
+      },
+    },
+    {
+      name: "run_approved_sudo",
+      description: "Execute a previously requested sudo command with user approval",
+      inputSchema: {
+        type: "object",
+        properties: {
+          request_id: { type: "string" },
+          approval_code: { type: "string" },
+          approval_text: { type: "string" },
+        },
+        required: ["request_id", "approval_code", "approval_text"],
+      },
+    },
+    {
+      name: "list_pending_sudo_requests",
+      description: "List all not-yet-executed sudo requests",
+      inputSchema: {
+        type: "object",
+        properties: {},
+      },
+    },
+    {
+      name: "cancel_pending_sudo_request",
+      description: "Cancel one pending sudo execution request",
+      inputSchema: {
+        type: "object",
+        properties: {
+          request_id: { type: "string" },
+        },
+        required: ["request_id"],
+      },
+    },
+  ],
+}));
+
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  const { name, arguments: args } = request.params;
+
+  try {
+    switch (name) {
+      case "get_sudo_policy": {
+        return ok({
+          config_path: config.configPath,
+          approval_ttl_seconds: config.approval_ttl_seconds,
+          default_timeout_seconds: config.default_timeout_seconds,
+          max_timeout_seconds: config.max_timeout_seconds,
+          max_output_bytes: config.max_output_bytes,
+          require_non_interactive_sudo: config.require_non_interactive_sudo,
+          require_allowlist: config.require_allowlist,
+          allow_patterns: config.allow_patterns,
+          deny_patterns: config.deny_patterns,
+          pending_request_count: pendingApprovals.size,
+        });
+      }
+
+      case "request_sudo_execution": {
+        const parsed = requestSchema.parse(args || {});
+        const policy = evaluateCommandPolicy(parsed.command, config);
+        if (!policy.allowed) {
+          return fail(policy.reason);
+        }
+
+        const requestId = randomUUID();
+        const approvalCode = makeApprovalCode();
+        const createdAt = nowIso();
+        const expiresAt = expiresAtIso(config.approval_ttl_seconds);
+        const expiresAtMs = Date.parse(expiresAt);
+
+        pendingApprovals.set(requestId, {
+          requestId,
+          command: parsed.command.trim(),
+          timeoutSeconds: parsed.timeout_seconds ?? config.default_timeout_seconds,
+          reason: parsed.reason || "",
+          createdAt,
+          expiresAt,
+          expiresAtMs,
+          approvalCode,
+        });
+
+        const expectedApprovalPhrase = buildExpectedApprovalPhrase(requestId, approvalCode);
+
+        return ok({
+          status: "pending_approval",
+          request_id: requestId,
+          command: parsed.command.trim(),
+          reason: parsed.reason || "",
+          policy_result: policy.reason,
+          created_at: createdAt,
+          expires_at: expiresAt,
+          approval_code: approvalCode,
+          expected_user_phrase: expectedApprovalPhrase,
+        });
+      }
+
+      case "run_approved_sudo": {
+        const parsed = approveSchema.parse(args || {});
+        const requestEntry = getPendingRequest(parsed.request_id);
+        if (!requestEntry) {
+          return fail("Request not found or already expired/cancelled.");
+        }
+
+        if (requestEntry.approvalCode !== parsed.approval_code) {
+          return fail("Invalid approval_code for this request.");
+        }
+
+        const expectedPhrase = buildExpectedApprovalPhrase(
+          requestEntry.requestId,
+          requestEntry.approvalCode
+        );
+
+        if (!parsed.approval_text.toUpperCase().includes(expectedPhrase.toUpperCase())) {
+          return fail(
+            `approval_text must include exact phrase: ${expectedPhrase}`
+          );
+        }
+
+        pendingApprovals.delete(parsed.request_id);
+        const result = await runSudoCommand(requestEntry.command, requestEntry.timeoutSeconds, config);
+
+        return ok({
+          approval: {
+            request_id: requestEntry.requestId,
+            approved_at: nowIso(),
+          },
+          execution: result,
+        });
+      }
+
+      case "list_pending_sudo_requests": {
+        cleanupExpiredRequests();
+        const list = [...pendingApprovals.values()].map((entry) => ({
+          request_id: entry.requestId,
+          command: entry.command,
+          reason: entry.reason,
+          created_at: entry.createdAt,
+          expires_at: entry.expiresAt,
+        }));
+        return ok({
+          pending_count: list.length,
+          requests: list,
+        });
+      }
+
+      case "cancel_pending_sudo_request": {
+        const parsed = idSchema.parse(args || {});
+        const deleted = pendingApprovals.delete(parsed.request_id);
+        if (!deleted) return fail("Request not found.");
+        return ok({
+          status: "cancelled",
+          request_id: parsed.request_id,
+        });
+      }
+
+      default:
+        return fail(`Unknown tool: ${name}`);
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return fail(message);
+  }
+});
+
+async function main() {
+  await server.connect(new StdioServerTransport());
+}
+
+main().catch((error) => {
+  const message = error instanceof Error ? error.message : String(error);
+  console.error(`Failed to start sudo-mcp-server: ${message}`);
+  process.exit(1);
+});

package/vendor/mcp/sudo-mcp/src/runner.js

@@ -0,0 +1,168 @@
+import { spawn } from "node:child_process";
+
+function wildcardToRegex(pattern) {
+  const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+  return new RegExp(`^${escaped}$`);
+}
+
+function matchesPattern(command, pattern) {
+  return wildcardToRegex(pattern).test(command);
+}
+
+function validateCommandSyntax(command) {
+  const normalized = command.trim();
+  if (!normalized) return "Command must not be empty.";
+  if (normalized.includes("\n") || normalized.includes("\r")) {
+    return "Multiline commands are not allowed.";
+  }
+
+  return null;
+}
+
+export function evaluateCommandPolicy(command, config) {
+  const syntaxError = validateCommandSyntax(command);
+  if (syntaxError) {
+    return {
+      allowed: false,
+      reason: syntaxError,
+    };
+  }
+
+  const normalized = command.trim();
+  const deniedBy = config.deny_patterns.find((pattern) => matchesPattern(normalized, pattern));
+  if (deniedBy) {
+    return {
+      allowed: false,
+      reason: `Command blocked by deny pattern '${deniedBy}'.`,
+    };
+  }
+
+  if (config.require_allowlist && config.allow_patterns.length === 0) {
+    return {
+      allowed: false,
+      reason: "No allow patterns configured. Add allow_patterns in sudo-mcp config.",
+    };
+  }
+
+  if (config.require_allowlist) {
+    const allowedBy = config.allow_patterns.find((pattern) => matchesPattern(normalized, pattern));
+    if (!allowedBy) {
+      return {
+        allowed: false,
+        reason: "Command does not match allow_patterns.",
+      };
+    }
+
+    return {
+      allowed: true,
+      reason: `Command matched allow pattern '${allowedBy}'.`,
+    };
+  }
+
+  return {
+    allowed: true,
+    reason: "Allowlist not required by policy.",
+  };
+}
+
+function clampTimeout(requested, config) {
+  const parsed = Number(requested);
+  const fallback = config.default_timeout_seconds;
+  const value = Number.isFinite(parsed) && parsed > 0 ? Math.floor(parsed) : fallback;
+  return Math.min(value, config.max_timeout_seconds);
+}
+
+function appendChunk(buffer, chunk, maxBytes) {
+  if (buffer.length >= maxBytes) {
+    return { text: buffer, full: false };
+  }
+
+  const remaining = maxBytes - buffer.length;
+  const slice = chunk.length > remaining ? chunk.slice(0, remaining) : chunk;
+  return {
+    text: buffer + slice,
+    full: chunk.length <= remaining,
+  };
+}
+
+export async function runSudoCommand(command, requestedTimeoutSeconds, config) {
+  const policy = evaluateCommandPolicy(command, config);
+  if (!policy.allowed) {
+    throw new Error(policy.reason);
+  }
+
+  const timeoutSeconds = clampTimeout(requestedTimeoutSeconds, config);
+
+  return await new Promise((resolve) => {
+    const args = [];
+    if (config.require_non_interactive_sudo) args.push("-n");
+    args.push("bash", "-lc", command);
+
+    const start = Date.now();
+    const proc = spawn("sudo", args, {
+      env: process.env,
+    });
+
+    let stdout = "";
+    let stderr = "";
+    let timedOut = false;
+    let outputTruncated = false;
+    let killedByOutputLimit = false;
+
+    const finish = (code, errorMessage) => {
+      const durationMs = Date.now() - start;
+      const ok = code === 0 && !timedOut && !killedByOutputLimit && !errorMessage;
+
+      resolve({
+        ok,
+        command,
+        timeout_seconds: timeoutSeconds,
+        non_interactive_sudo: config.require_non_interactive_sudo,
+        exit_code: code,
+        duration_ms: durationMs,
+        timed_out: timedOut,
+        output_truncated: outputTruncated,
+        stdout,
+        stderr: errorMessage ? `${stderr}\n${errorMessage}`.trim() : stderr,
+      });
+    };
+
+    const timer = setTimeout(() => {
+      timedOut = true;
+      proc.kill("SIGKILL");
+    }, timeoutSeconds * 1000);
+
+    proc.stdout.on("data", (chunk) => {
+      const result = appendChunk(stdout, chunk.toString(), config.max_output_bytes);
+      stdout = result.text;
+      if (!result.full) {
+        outputTruncated = true;
+        killedByOutputLimit = true;
+        proc.kill("SIGKILL");
+      }
+    });
+
+    proc.stderr.on("data", (chunk) => {
+      const result = appendChunk(stderr, chunk.toString(), config.max_output_bytes);
+      stderr = result.text;
+      if (!result.full) {
+        outputTruncated = true;
+        killedByOutputLimit = true;
+        proc.kill("SIGKILL");
+      }
+    });
+
+    proc.on("error", (error) => {
+      clearTimeout(timer);
+      finish(null, error.message);
+    });
+
+    proc.on("close", (code) => {
+      clearTimeout(timer);
+      if (killedByOutputLimit && !stderr.includes("output exceeded")) {
+        stderr = `${stderr}\nProcess terminated because output exceeded max_output_bytes.`.trim();
+      }
+      finish(code, null);
+    });
+  });
+}