npm - ship-safe - Versions diffs - 9.1.2 → 9.2.1 - Mend

ship-safe 9.1.2 → 9.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/cli/agents/llm-redteam.js +24 -2
package/cli/bin/ship-safe.js +55 -9
package/cli/commands/agent-fix.js +960 -0
package/cli/commands/audit.js +22 -6
package/cli/commands/shell.js +506 -0
package/cli/commands/undo.js +143 -0
package/cli/providers/llm-provider.js +113 -16
package/package.json +1 -1

package/cli/agents/llm-redteam.js CHANGED Viewed

@@ -142,6 +142,11 @@ const PATTERNS = [
     confidence: 'medium',
     description: 'System prompt hardcoded in code. If client-side, users can extract it.',
     fix: 'Keep system prompts server-side only. Load from environment variables or config.',
+    // Skip clearly server-side files where defining a system prompt is correct.
+    // The rule is only meaningful for code that ships to a browser/client.
+    skipFile: (f) => /(?:^|\/)(?:cli|server|backend|api|lib|services|workers|jobs|scripts)\//.test(f.replace(/\\/g, '/'))
+                  || /\.(?:server|api)\.(?:js|ts|mjs|cjs|tsx)$/.test(f)
+                  || /\/api\//.test(f.replace(/\\/g, '/')),
   },
   // ── LLM10: Unbounded Consumption ───────────────────────────────────────────
@@ -219,12 +224,24 @@ const PATTERNS = [
   {
     rule: 'PROMPT_INJECTION_PATTERN',
     title: 'Known Prompt Injection Pattern',
-    regex: /(?:ignore\s+(?:all\s+)?previous\s+instructions|disregard\s+(?:all\s+)?(?:previous|prior)|you\s+are\s+now\s+DAN|system\s*prompt|jailbreak|bypass\s+(?:your|the)\s+(?:rules|instructions|guidelines))/gi,
+    // The phrase "system prompt" is *not* an injection attack — it's how every
+    // LLM developer talks about prompts. Match the actual jailbreak verbs instead.
+    regex: /(?:ignore\s+(?:all\s+)?previous\s+instructions|disregard\s+(?:all\s+)?(?:previous|prior)|you\s+are\s+now\s+DAN|jailbreak\s+(?:the|this)|bypass\s+(?:your|the)\s+(?:rules|instructions|guidelines)|reveal\s+your\s+system\s+prompt)/gi,
     severity: 'high',
     cwe: 'CWE-77',
     owasp: 'LLM01',
     description: 'Known prompt injection pattern detected in code. Ensure this is for testing only.',
     fix: 'If in test data, add # ship-safe-ignore. If in user-facing code, add input filtering.',
+    // Skip files where the pattern appears intentionally: tests, red-team rules,
+    // detection-rule definitions, and security tool source code.
+    skipFile: (f) => {
+      const p = f.replace(/\\/g, '/');
+      return /__tests__\//.test(p)
+          || /\.(?:test|spec)\.(?:js|ts|mjs|cjs|tsx|jsx)$/.test(p)
+          || /(?:^|\/)(?:red-?team|llm-?redteam|prompt-?injection|memory-?poisoning|jailbreak)/.test(p)
+          || /\/agents\/[^/]*(?:redteam|injection|llm)/i.test(p)
+          || /(?:scan-playbook|threat-intel|patterns)\.(?:js|ts)$/.test(p);
+    },
   },
 ];
@@ -242,7 +259,12 @@ export class LLMRedTeam extends BaseAgent {
     let findings = [];
     for (const file of codeFiles) {
-      findings = findings.concat(this.scanFileWithPatterns(file, PATTERNS));
+      // Honor per-pattern skipFile predicates so rules that are clearly false
+      // positives in known contexts (server-side prompts, redteam test data)
+      // never get sent to the agent for "fixing".
+      const applicable = PATTERNS.filter(p => !p.skipFile || !p.skipFile(file));
+      if (applicable.length === 0) continue;
+      findings = findings.concat(this.scanFileWithPatterns(file, applicable));
     }
     return findings;
   }

package/cli/bin/ship-safe.js CHANGED Viewed

@@ -29,6 +29,9 @@ import { mcpCommand } from '../commands/mcp.js';
 import { remediateCommand } from '../commands/remediate.js';
 import { rotateCommand } from '../commands/rotate.js';
 import { agentCommand } from '../commands/agent.js';
+import { agentFixCommand } from '../commands/agent-fix.js';
+import { undoCommand } from '../commands/undo.js';
+import { shellCommand } from '../commands/shell.js';
 import { depsCommand } from '../commands/deps.js';
 import { scoreCommand } from '../commands/score.js';
 import { redTeamCommand } from '../commands/red-team.js';
@@ -184,10 +187,46 @@ program
 // -----------------------------------------------------------------------------
 program
   .command('agent [path]')
-  .description('AI-powered security audit: scan, classify with Claude, auto-remediate confirmed secrets')
-  .option('--dry-run', 'Show classification and plan without writing any files')
-  .option('--model <model>', `Claude model to use (default: ${DEFAULT_MODEL})`)
-  .action(agentCommand);
+  .description('Interactive security agent: scan, plan each fix, ask before changing, verify the fix worked')
+  .option('--plan-only', 'Generate plans for review but never write changes')
+  .option('--severity <level>', 'Minimum severity to fix (critical|high|medium|low)', 'low')
+  .option('--provider <name>', 'LLM provider: deepseek-flash | deepseek | openai | kimi | anthropic')
+  .option('--model <model>', 'Specific model name to use')
+  .option('--think', 'Enable extended thinking (GPT-5.5 reasoning_effort:high, Claude extended thinking)')
+  .option('--allow-dirty', 'Allow running with uncommitted changes in the working tree')
+  .option('--branch [name]', 'Create a branch and commit one fix per file (default name: ship-safe/fixes-<timestamp>)')
+  .option('--pr', 'After fixing, push the branch and open a pull request via gh CLI (requires --branch)')
+  .option('--yolo', 'Auto-accept every plan without prompting (use with caution; pairs well with --branch)')
+  .option('--auto-low', 'Auto-accept plans marked risk:low; prompt for medium/high')
+  .option('--sandbox', 'Verify each fix in a Docker sandbox (not yet implemented)')
+  .option('--legacy', 'Use the legacy non-interactive Claude-only agent')
+  .action((targetPath, options) => {
+    if (options.legacy) {
+      return agentCommand(targetPath, options);
+    }
+    return agentFixCommand(targetPath, options);
+  });
+// -----------------------------------------------------------------------------
+// UNDO COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('undo [path]')
+  .description('Revert the last fix applied by `ship-safe agent` (or all fixes with --all)')
+  .option('--all', 'Revert every fix in the log instead of just the last one')
+  .option('--dry-run', 'Show what would be reverted without writing anything')
+  .action(undoCommand);
+// -----------------------------------------------------------------------------
+// SHELL COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('shell [path]')
+  .description('Interactive REPL: scan, fix, ask questions — all in one session')
+  .option('--provider <name>', 'LLM provider: deepseek-flash | deepseek | openai | kimi | anthropic')
+  .option('--model <model>', 'Specific model name to use')
+  .option('--think', 'Enable extended thinking mode')
+  .action(shellCommand);
 // -----------------------------------------------------------------------------
 // DEPS COMMAND
@@ -226,6 +265,7 @@ program
   .option('--baseline', 'Only show findings not in the baseline')
   .option('--pdf [file]', 'Generate PDF report (requires Chrome/Chromium)')
   .option('--deep', 'LLM-powered taint analysis for critical/high findings')
+  .option('--think', 'Enable extended thinking mode (GPT-5.5 reasoning_effort:high, Claude extended thinking)')
   .option('--local', 'Use local Ollama model for deep analysis (default: llama3.2)')
   .option('--model <model>', 'LLM model to use for deep/AI analysis')
   .option('--provider <name>', 'LLM provider: anthropic, openai, google, ollama, groq, together, mistral, cohere, deepseek, xai, kimi, lmstudio')
@@ -266,7 +306,8 @@ program
   .option('--no-deps', 'Skip dependency audit')
   .option('--no-ai', 'Skip AI classification')
   .option('--deep', 'LLM-powered taint analysis for critical/high findings')
-  .option('--swarm', 'Use Kimi K2.6 native 300-agent swarm instead of local agent execution (requires MOONSHOT_API_KEY)')
+  .option('--swarm', 'Use AI swarm mode — 23 parallel agents via DeepSeek V4 Flash or Kimi K2.6 (requires DEEPSEEK_API_KEY or MOONSHOT_API_KEY)')
+  .option('--think', 'Enable extended thinking mode (GPT-5.5 reasoning_effort:high, Claude extended thinking)')
   .option('--local', 'Use local Ollama model for deep analysis (default: llama3.2)')
   .option('--model <model>', 'LLM model for deep analysis')
   .option('--provider <name>', 'LLM provider: anthropic, openai, google, ollama, groq, together, mistral, cohere, deepseek, xai, kimi, lmstudio')
@@ -619,8 +660,13 @@ How it works:
 // PARSE AND RUN
 // -----------------------------------------------------------------------------
-// Show help if no command provided
-if (process.argv.length === 2) {
+// No command + interactive TTY → drop into the REPL.
+// Help banner is still available via `--help` and shown when stdin is piped.
+if (process.argv.length === 2 && process.stdin.isTTY) {
+  // Await shell before exiting; do NOT fall through to program.parse() or it
+  // will print the help banner concurrently with the REPL banner.
+  shellCommand('.', {}).then(() => process.exit(0)).catch(() => process.exit(1));
+} else if (process.argv.length === 2) {
   console.log(banner);
   console.log(chalk.yellow('\nQuick start:\n'));
   console.log(chalk.cyan.bold('  v9.0 — Agent Studio, Teams & Findings'));
@@ -663,6 +709,6 @@ if (process.argv.length === 2) {
   console.log(chalk.white('\n  npx ship-safe --help        ') + chalk.gray('# Show all options'));
   console.log();
   process.exit(0);
+} else {
+  program.parse();
 }
-program.parse();