rird 1.0.200

package/src/session/sensitive-filter.ts

@@ -0,0 +1,466 @@
+/**
+ * Sensitive Data Filter for RIRD Browser Agent
+ *
+ * Prevents sensitive user data from being sent to LLM APIs by detecting
+ * and redacting patterns like credit cards, SSNs, passwords, API keys, etc.
+ *
+ * The filter maintains a local mapping so responses can be de-redacted
+ * for the user if needed.
+ */
+
+import { Log } from "@/util/log"
+
+export namespace SensitiveFilter {
+  const log = Log.create({ service: "sensitive-filter" })
+
+  // Types for redaction
+  export type RedactionType =
+    | "CREDIT_CARD"
+    | "SSN"
+    | "PASSWORD"
+    | "API_KEY"
+    | "BEARER_TOKEN"
+    | "EMAIL"
+
+  export interface RedactionEntry {
+    type: RedactionType
+    original: string
+    placeholder: string
+    timestamp: number
+  }
+
+  export interface FilterResult {
+    text: string
+    redactions: RedactionEntry[]
+  }
+
+  // Session-scoped redaction mappings (in-memory for security - not persisted)
+  const redactionMappings = new Map<string, Map<string, RedactionEntry>>()
+
+  // Counter for unique placeholders per session
+  const placeholderCounters = new Map<string, Map<RedactionType, number>>()
+
+  /**
+   * Luhn algorithm to validate credit card numbers
+   */
+  function isValidLuhn(num: string): boolean {
+    const digits = num.replace(/\D/g, "")
+    if (digits.length < 13 || digits.length > 19) return false
+
+    let sum = 0
+    let isEven = false
+
+    for (let i = digits.length - 1; i >= 0; i--) {
+      let digit = parseInt(digits[i], 10)
+
+      if (isEven) {
+        digit *= 2
+        if (digit > 9) {
+          digit -= 9
+        }
+      }
+
+      sum += digit
+      isEven = !isEven
+    }
+
+    return sum % 10 === 0
+  }
+
+  /**
+   * Get or create a unique placeholder for a redaction
+   */
+  function getPlaceholder(sessionID: string, type: RedactionType): string {
+    if (!placeholderCounters.has(sessionID)) {
+      placeholderCounters.set(sessionID, new Map())
+    }
+    const counters = placeholderCounters.get(sessionID)!
+
+    const count = (counters.get(type) || 0) + 1
+    counters.set(type, count)
+
+    return `[REDACTED-${type}${count > 1 ? `-${count}` : ""}]`
+  }
+
+  /**
+   * Detect and redact credit card numbers (13-19 digits, Luhn valid)
+   * Handles formats: 1234567890123456, 1234-5678-9012-3456, 1234 5678 9012 3456
+   */
+  function redactCreditCards(
+    text: string,
+    sessionID: string,
+    redactions: RedactionEntry[]
+  ): string {
+    // Match sequences that look like credit card numbers
+    // Supports: plain digits, dash-separated, space-separated
+    const ccPattern = /\b(?:\d{4}[-\s]?){3}\d{4}\b|\b\d{13,19}\b/g
+
+    return text.replace(ccPattern, (match) => {
+      const digitsOnly = match.replace(/\D/g, "")
+
+      // Must be 13-19 digits and pass Luhn check
+      if (digitsOnly.length >= 13 && digitsOnly.length <= 19 && isValidLuhn(digitsOnly)) {
+        const placeholder = getPlaceholder(sessionID, "CREDIT_CARD")
+        const entry: RedactionEntry = {
+          type: "CREDIT_CARD",
+          original: match,
+          placeholder,
+          timestamp: Date.now(),
+        }
+        redactions.push(entry)
+        storeRedaction(sessionID, entry)
+        log.info("redacted credit card", { sessionID, placeholder })
+        return placeholder
+      }
+      return match
+    })
+  }
+
+  /**
+   * Detect and redact SSN (XXX-XX-XXXX pattern)
+   */
+  function redactSSN(
+    text: string,
+    sessionID: string,
+    redactions: RedactionEntry[]
+  ): string {
+    // SSN pattern: 3 digits, dash, 2 digits, dash, 4 digits
+    // Also match without dashes but with proper grouping context
+    const ssnPattern = /\b\d{3}-\d{2}-\d{4}\b/g
+
+    return text.replace(ssnPattern, (match) => {
+      const placeholder = getPlaceholder(sessionID, "SSN")
+      const entry: RedactionEntry = {
+        type: "SSN",
+        original: match,
+        placeholder,
+        timestamp: Date.now(),
+      }
+      redactions.push(entry)
+      storeRedaction(sessionID, entry)
+      log.info("redacted SSN", { sessionID, placeholder })
+      return placeholder
+    })
+  }
+
+  /**
+   * Detect and redact passwords in common patterns
+   * Matches: password: X, pwd: X, pass: X, passwd: X (case insensitive)
+   */
+  function redactPasswords(
+    text: string,
+    sessionID: string,
+    redactions: RedactionEntry[]
+  ): string {
+    // Match password patterns with various delimiters and quote styles
+    // password: value, password=value, password="value", etc.
+    const pwdPattern =
+      /\b(password|passwd|pwd|pass|secret)[\s]*[:=][\s]*(['"]?)([^\s'"}\]>,]+)\2/gi
+
+    return text.replace(pwdPattern, (match, label, quote, value) => {
+      // Don't redact placeholder-like values or very short values
+      if (value.length < 4 || value.startsWith("[REDACTED")) {
+        return match
+      }
+
+      const placeholder = getPlaceholder(sessionID, "PASSWORD")
+      const entry: RedactionEntry = {
+        type: "PASSWORD",
+        original: value,
+        placeholder,
+        timestamp: Date.now(),
+      }
+      redactions.push(entry)
+      storeRedaction(sessionID, entry)
+      log.info("redacted password", { sessionID, placeholder })
+
+      // Preserve the label and delimiter, only replace the value
+      return `${label}${match.includes("=") ? "=" : ":"}${quote}${placeholder}${quote}`
+    })
+  }
+
+  /**
+   * Detect and redact API keys in common patterns
+   * Matches: sk-*, api_key=*, apikey=*, api-key:*, etc.
+   */
+  function redactAPIKeys(
+    text: string,
+    sessionID: string,
+    redactions: RedactionEntry[]
+  ): string {
+    // Common API key patterns
+    const patterns = [
+      // sk-* (OpenAI style)
+      /\bsk-[a-zA-Z0-9_-]{20,}\b/g,
+      // xoxb-*, xoxp-* (Slack style)
+      /\bxox[bp]-[a-zA-Z0-9-]{20,}\b/g,
+      // ghp_*, gho_*, ghu_*, ghs_*, ghr_* (GitHub tokens)
+      /\bgh[pousr]_[a-zA-Z0-9]{36,}\b/g,
+      // AKIA* (AWS access keys)
+      /\bAKIA[A-Z0-9]{16}\b/g,
+      // Generic api_key=, apikey=, api-key: patterns
+      /\b(api[_-]?key|apikey|access[_-]?key|secret[_-]?key)[\s]*[:=][\s]*(['"]?)([a-zA-Z0-9_-]{16,})\2/gi,
+      // Generic *_API_KEY or *_SECRET patterns in env var style
+      /\b[A-Z_]+_(API_KEY|SECRET|TOKEN)[\s]*[:=][\s]*(['"]?)([a-zA-Z0-9_-]{16,})\2/g,
+    ]
+
+    let result = text
+
+    for (const pattern of patterns) {
+      result = result.replace(pattern, (match, ...args) => {
+        // Don't redact already redacted values
+        if (match.includes("[REDACTED")) {
+          return match
+        }
+
+        // For patterns with capture groups (api_key=value), only redact the value
+        if (typeof args[0] === "string" && args[2] && typeof args[2] === "string") {
+          const label = args[0]
+          const quote = args[1] || ""
+          const value = args[2]
+
+          const placeholder = getPlaceholder(sessionID, "API_KEY")
+          const entry: RedactionEntry = {
+            type: "API_KEY",
+            original: value,
+            placeholder,
+            timestamp: Date.now(),
+          }
+          redactions.push(entry)
+          storeRedaction(sessionID, entry)
+          log.info("redacted API key", { sessionID, placeholder })
+
+          return `${label}${match.includes("=") ? "=" : ":"}${quote}${placeholder}${quote}`
+        }
+
+        // For standalone patterns (sk-*, ghp_*, etc.)
+        const placeholder = getPlaceholder(sessionID, "API_KEY")
+        const entry: RedactionEntry = {
+          type: "API_KEY",
+          original: match,
+          placeholder,
+          timestamp: Date.now(),
+        }
+        redactions.push(entry)
+        storeRedaction(sessionID, entry)
+        log.info("redacted API key", { sessionID, placeholder })
+
+        return placeholder
+      })
+    }
+
+    return result
+  }
+
+  /**
+   * Detect and redact Bearer tokens
+   * Matches: Bearer <token>, Authorization: Bearer <token>
+   */
+  function redactBearerTokens(
+    text: string,
+    sessionID: string,
+    redactions: RedactionEntry[]
+  ): string {
+    // Bearer token pattern
+    const bearerPattern = /\bBearer\s+([a-zA-Z0-9_.-]{20,})\b/gi
+
+    return text.replace(bearerPattern, (match, token) => {
+      if (token.startsWith("[REDACTED")) {
+        return match
+      }
+
+      const placeholder = getPlaceholder(sessionID, "BEARER_TOKEN")
+      const entry: RedactionEntry = {
+        type: "BEARER_TOKEN",
+        original: token,
+        placeholder,
+        timestamp: Date.now(),
+      }
+      redactions.push(entry)
+      storeRedaction(sessionID, entry)
+      log.info("redacted Bearer token", { sessionID, placeholder })
+
+      return `Bearer ${placeholder}`
+    })
+  }
+
+  /**
+   * Optional: Detect and redact email addresses
+   * Disabled by default as emails are often needed for tasks
+   */
+  function redactEmails(
+    text: string,
+    sessionID: string,
+    redactions: RedactionEntry[],
+    enabled: boolean = false
+  ): string {
+    if (!enabled) return text
+
+    // Basic email pattern
+    const emailPattern = /\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/g
+
+    return text.replace(emailPattern, (match) => {
+      const placeholder = getPlaceholder(sessionID, "EMAIL")
+      const entry: RedactionEntry = {
+        type: "EMAIL",
+        original: match,
+        placeholder,
+        timestamp: Date.now(),
+      }
+      redactions.push(entry)
+      storeRedaction(sessionID, entry)
+      log.info("redacted email", { sessionID, placeholder })
+      return placeholder
+    })
+  }
+
+  /**
+   * Store a redaction entry in the session mapping
+   */
+  function storeRedaction(sessionID: string, entry: RedactionEntry): void {
+    if (!redactionMappings.has(sessionID)) {
+      redactionMappings.set(sessionID, new Map())
+    }
+    redactionMappings.get(sessionID)!.set(entry.placeholder, entry)
+  }
+
+  /**
+   * Filter options
+   */
+  export interface FilterOptions {
+    /** Whether to redact email addresses (default: false) */
+    redactEmails?: boolean
+    /** Session ID for tracking redactions */
+    sessionID: string
+  }
+
+  /**
+   * Filter sensitive data from text before sending to LLM
+   *
+   * @param text The text to filter
+   * @param options Filter options including sessionID
+   * @returns FilterResult with filtered text and list of redactions made
+   */
+  export function filter(text: string, options: FilterOptions): FilterResult {
+    const redactions: RedactionEntry[] = []
+    let filtered = text
+
+    // Apply all redaction functions in order
+    // Order matters - more specific patterns should run first
+    filtered = redactCreditCards(filtered, options.sessionID, redactions)
+    filtered = redactSSN(filtered, options.sessionID, redactions)
+    filtered = redactBearerTokens(filtered, options.sessionID, redactions)
+    filtered = redactAPIKeys(filtered, options.sessionID, redactions)
+    filtered = redactPasswords(filtered, options.sessionID, redactions)
+    filtered = redactEmails(filtered, options.sessionID, redactions, options.redactEmails)
+
+    if (redactions.length > 0) {
+      log.info("filtered sensitive data", {
+        sessionID: options.sessionID,
+        redactionCount: redactions.length,
+        types: Array.from(new Set(redactions.map((r) => r.type))),
+      })
+    }
+
+    return {
+      text: filtered,
+      redactions,
+    }
+  }
+
+  /**
+   * Restore redacted values in text (for displaying to user)
+   *
+   * @param text Text containing redaction placeholders
+   * @param sessionID Session ID to look up redactions
+   * @returns Text with placeholders replaced by original values
+   */
+  export function restore(text: string, sessionID: string): string {
+    const mapping = redactionMappings.get(sessionID)
+    if (!mapping) return text
+
+    let restored = text
+    for (const [placeholder, entry] of Array.from(mapping.entries())) {
+      restored = restored.replace(new RegExp(escapeRegex(placeholder), "g"), entry.original)
+    }
+
+    return restored
+  }
+
+  /**
+   * Get all redactions for a session
+   */
+  export function getRedactions(sessionID: string): RedactionEntry[] {
+    const mapping = redactionMappings.get(sessionID)
+    if (!mapping) return []
+    return Array.from(mapping.values())
+  }
+
+  /**
+   * Clear redaction mappings for a session (call when session ends)
+   */
+  export function clearSession(sessionID: string): void {
+    redactionMappings.delete(sessionID)
+    placeholderCounters.delete(sessionID)
+    log.info("cleared sensitive data mappings", { sessionID })
+  }
+
+  /**
+   * Check if text contains any sensitive patterns (without redacting)
+   * Useful for warnings or UI indicators
+   */
+  export function containsSensitive(text: string): { hasSensitive: boolean; types: RedactionType[] } {
+    const types: RedactionType[] = []
+
+    // Check for credit card patterns
+    const ccPattern = /\b(?:\d{4}[-\s]?){3}\d{4}\b|\b\d{13,19}\b/g
+    const ccMatches = text.match(ccPattern)
+    if (ccMatches) {
+      for (const match of ccMatches) {
+        const digits = match.replace(/\D/g, "")
+        if (digits.length >= 13 && digits.length <= 19 && isValidLuhn(digits)) {
+          types.push("CREDIT_CARD")
+          break
+        }
+      }
+    }
+
+    // Check for SSN pattern
+    if (/\b\d{3}-\d{2}-\d{4}\b/.test(text)) {
+      types.push("SSN")
+    }
+
+    // Check for password patterns
+    if (/\b(password|passwd|pwd|pass|secret)[\s]*[:=]/i.test(text)) {
+      types.push("PASSWORD")
+    }
+
+    // Check for API key patterns
+    if (
+      /\bsk-[a-zA-Z0-9_-]{20,}\b/.test(text) ||
+      /\bxox[bp]-[a-zA-Z0-9-]{20,}\b/.test(text) ||
+      /\bgh[pousr]_[a-zA-Z0-9]{36,}\b/.test(text) ||
+      /\bAKIA[A-Z0-9]{16}\b/.test(text) ||
+      /\b(api[_-]?key|apikey|access[_-]?key|secret[_-]?key)[\s]*[:=]/i.test(text)
+    ) {
+      types.push("API_KEY")
+    }
+
+    // Check for Bearer tokens
+    if (/\bBearer\s+[a-zA-Z0-9_.-]{20,}\b/i.test(text)) {
+      types.push("BEARER_TOKEN")
+    }
+
+    return {
+      hasSensitive: types.length > 0,
+      types: Array.from(new Set(types)),
+    }
+  }
+
+  /**
+   * Helper to escape special regex characters
+   */
+  function escapeRegex(str: string): string {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")
+  }
+}

package/src/session/status.ts

@@ -0,0 +1,76 @@
+import { BusEvent } from "@/bus/bus-event"
+import { Bus } from "@/bus"
+import { Instance } from "@/project/instance"
+import z from "zod"
+
+export namespace SessionStatus {
+  export const Info = z
+    .union([
+      z.object({
+        type: z.literal("idle"),
+      }),
+      z.object({
+        type: z.literal("retry"),
+        attempt: z.number(),
+        message: z.string(),
+        next: z.number(),
+      }),
+      z.object({
+        type: z.literal("busy"),
+      }),
+    ])
+    .meta({
+      ref: "SessionStatus",
+    })
+  export type Info = z.infer<typeof Info>
+
+  export const Event = {
+    Status: BusEvent.define(
+      "session.status",
+      z.object({
+        sessionID: z.string(),
+        status: Info,
+      }),
+    ),
+    // deprecated
+    Idle: BusEvent.define(
+      "session.idle",
+      z.object({
+        sessionID: z.string(),
+      }),
+    ),
+  }
+
+  const state = Instance.state(() => {
+    const data: Record<string, Info> = {}
+    return data
+  })
+
+  export function get(sessionID: string) {
+    return (
+      state()[sessionID] ?? {
+        type: "idle",
+      }
+    )
+  }
+
+  export function list() {
+    return state()
+  }
+
+  export function set(sessionID: string, status: Info) {
+    Bus.publish(Event.Status, {
+      sessionID,
+      status,
+    })
+    if (status.type === "idle") {
+      // deprecated
+      Bus.publish(Event.Idle, {
+        sessionID,
+      })
+      delete state()[sessionID]
+      return
+    }
+    state()[sessionID] = status
+  }
+}