npm - sinapse-ai - Versions diffs - 9.3.0 → 9.5.0 - Mend

sinapse-ai 9.3.0 → 9.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (432) hide show

package/.claude/hooks/sql-governance.py CHANGED Viewed

@@ -1,183 +1,183 @@
-#!/usr/bin/env python3
-"""
-Hook: SQL Governance
-REGRA: Comandos SQL que criam/alteram/deletam objetos de banco DEVEM ser aprovados.
-Este hook intercepta comandos Bash que contêm SQL perigoso e bloqueia
-operações não autorizadas em banco de dados.
-Exit Codes:
-- 0: Permitido
-- 2: Bloqueado (SQL perigoso detectado)
-"""
-import json
-import sys
-import os
-import re
-# =============================================================================
-# CONFIGURAÇÃO: Patterns SQL que requerem aprovação
-# =============================================================================
-DANGEROUS_PATTERNS = [
-    # DDL - Criação
-    (r"\bCREATE\s+TABLE\b", "CREATE TABLE"),
-    (r"\bCREATE\s+VIEW\b", "CREATE VIEW"),
-    (r"\bCREATE\s+MATERIALIZED\s+VIEW\b", "CREATE MATERIALIZED VIEW"),
-    (r"\bCREATE\s+FUNCTION\b", "CREATE FUNCTION"),
-    (r"\bCREATE\s+TRIGGER\b", "CREATE TRIGGER"),
-    (r"\bCREATE\s+INDEX\b", "CREATE INDEX"),
-    (r"\bCREATE\s+TYPE\b", "CREATE TYPE"),
-    (r"\bCREATE\s+SCHEMA\b", "CREATE SCHEMA"),
-    (r"\bCREATE\s+EXTENSION\b", "CREATE EXTENSION"),
-    (r"\bCREATE\s+POLICY\b", "CREATE POLICY"),
-    # DDL - Alteração
-    (r"\bALTER\s+TABLE\b", "ALTER TABLE"),
-    (r"\bALTER\s+VIEW\b", "ALTER VIEW"),
-    (r"\bALTER\s+FUNCTION\b", "ALTER FUNCTION"),
-    # DDL - Deleção
-    (r"\bDROP\s+TABLE\b", "DROP TABLE"),
-    (r"\bDROP\s+VIEW\b", "DROP VIEW"),
-    (r"\bDROP\s+FUNCTION\b", "DROP FUNCTION"),
-    (r"\bDROP\s+TRIGGER\b", "DROP TRIGGER"),
-    (r"\bDROP\s+INDEX\b", "DROP INDEX"),
-    (r"\bDROP\s+SCHEMA\b", "DROP SCHEMA"),
-    (r"\bDROP\s+POLICY\b", "DROP POLICY"),
-    # DML Perigoso
-    (r"\bTRUNCATE\b", "TRUNCATE"),
-    (r"\bDELETE\s+FROM\b(?!.*\bWHERE\b)", "DELETE without WHERE"),
-    # Backup proibido (criar tabela como cópia)
-    (r"\bCREATE\s+TABLE\b.*\bAS\s+SELECT\b", "CREATE TABLE AS SELECT (backup proibido)"),
-    # Storage
-    (r"\bINSERT\s+INTO\s+storage\.buckets\b", "INSERT INTO storage.buckets"),
-]
-# Patterns que indicam contexto seguro (não bloquear)
-SAFE_CONTEXTS = [
-    r"--.*$",                          # Comentário SQL
-    r"SELECT\s+.*\bFROM\b",            # Query de leitura
-    r"information_schema",             # Query de metadata
-    r"pg_catalog",                     # Query de sistema
-    r"\bEXPLAIN\b",                    # Explain plan
-]
-# Comandos que são sempre permitidos
-ALLOWED_COMMANDS = [
-    "supabase migration",              # CLI de migration
-    "supabase db push",                # Push de migrations
-    "supabase db pull",                # Pull de schema
-    "pg_dump",                         # Backup (exportar)
-    "psql.*-f.*migrations",            # Aplicar migration file
-]
-# =============================================================================
-# LÓGICA DO HOOK
-# =============================================================================
-def extract_sql_from_command(command: str) -> str:
-    """Extrai possível SQL de um comando bash."""
-    # Remover aspas externas se houver
-    sql = command
-    # Detectar SQL inline em psql -c
-    psql_match = re.search(r'psql.*-c\s+["\'](.+?)["\']', command, re.DOTALL)
-    if psql_match:
-        sql = psql_match.group(1)
-    # Detectar heredoc
-    heredoc_match = re.search(r'<<["\']?(\w+)["\']?\s*\n(.+?)\n\1', command, re.DOTALL)
-    if heredoc_match:
-        sql = heredoc_match.group(2)
-    return sql.upper()
-def is_safe_context(command: str) -> bool:
-    """Verifica se o comando está em contexto seguro."""
-    command_lower = command.lower()
-    for allowed in ALLOWED_COMMANDS:
-        if re.search(allowed, command_lower):
-            return True
-    return False
-def detect_dangerous_sql(command: str) -> list[tuple[str, str]]:
-    """Detecta patterns SQL perigosos no comando."""
-    sql = extract_sql_from_command(command)
-    detected = []
-    for pattern, description in DANGEROUS_PATTERNS:
-        if re.search(pattern, sql, re.IGNORECASE):
-            detected.append((pattern, description))
-    return detected
-def main():
-    # Ler input do stdin
-    try:
-        input_data = json.load(sys.stdin)
-    except json.JSONDecodeError:
-        # Se não conseguir parsear, permitir (fail-open)
-        sys.exit(0)
-    tool_name = input_data.get("tool_name", "")
-    tool_input = input_data.get("tool_input", {})
-    # Só processar Bash
-    if tool_name != "Bash":
-        sys.exit(0)
-    command = tool_input.get("command", "")
-    if not command:
-        sys.exit(0)
-    # Verificar se é contexto seguro
-    if is_safe_context(command):
-        sys.exit(0)
-    # Detectar SQL perigoso
-    dangerous = detect_dangerous_sql(command)
-    if not dangerous:
-        sys.exit(0)
-    # BLOQUEAR: SQL perigoso detectado
-    detected_list = "\n".join([f"║    • {desc:<64} ║" for _, desc in dangerous[:5]])
-    error_message = f"""
-╔══════════════════════════════════════════════════════════════════════════════╗
-║  🛑 SQL GOVERNANCE: Operação de banco requer aprovação                       ║
-╠══════════════════════════════════════════════════════════════════════════════╣
-║                                                                              ║
-║  Operações detectadas:                                                       ║
-{detected_list}
-║                                                                              ║
-║  REGRA: Comandos que criam/alteram/deletam objetos de banco DEVEM:           ║
-║                                                                              ║
-║    1. Ser propostos ao usuário ANTES de executar                             ║
-║    2. Incluir justificativa e análise de impacto                             ║
-║    3. Aguardar aprovação explícita                                           ║
-║                                                                              ║
-║  EXCEÇÕES PERMITIDAS:                                                        ║
-║    • supabase migration (CLI oficial)                                        ║
-║    • pg_dump (backup/export)                                                 ║
-║    • Aplicar migrations existentes em supabase/migrations/                   ║
-║                                                                              ║
-║  AÇÃO: Proponha as mudanças ao usuário e aguarde aprovação.                  ║
-║        Use o formato: Schema/SQL + Justificativa + Impacto                   ║
-║                                                                              ║
-╚══════════════════════════════════════════════════════════════════════════════╝
-"""
-    print(error_message, file=sys.stderr)
-    sys.exit(2)
-if __name__ == "__main__":
-    main()
+#!/usr/bin/env python3
+"""
+Hook: SQL Governance
+REGRA: Comandos SQL que criam/alteram/deletam objetos de banco DEVEM ser aprovados.
+Este hook intercepta comandos Bash que contêm SQL perigoso e bloqueia
+operações não autorizadas em banco de dados.
+Exit Codes:
+- 0: Permitido
+- 2: Bloqueado (SQL perigoso detectado)
+"""
+import json
+import sys
+import os
+import re
+# =============================================================================
+# CONFIGURAÇÃO: Patterns SQL que requerem aprovação
+# =============================================================================
+DANGEROUS_PATTERNS = [
+    # DDL - Criação
+    (r"\bCREATE\s+TABLE\b", "CREATE TABLE"),
+    (r"\bCREATE\s+VIEW\b", "CREATE VIEW"),
+    (r"\bCREATE\s+MATERIALIZED\s+VIEW\b", "CREATE MATERIALIZED VIEW"),
+    (r"\bCREATE\s+FUNCTION\b", "CREATE FUNCTION"),
+    (r"\bCREATE\s+TRIGGER\b", "CREATE TRIGGER"),
+    (r"\bCREATE\s+INDEX\b", "CREATE INDEX"),
+    (r"\bCREATE\s+TYPE\b", "CREATE TYPE"),
+    (r"\bCREATE\s+SCHEMA\b", "CREATE SCHEMA"),
+    (r"\bCREATE\s+EXTENSION\b", "CREATE EXTENSION"),
+    (r"\bCREATE\s+POLICY\b", "CREATE POLICY"),
+    # DDL - Alteração
+    (r"\bALTER\s+TABLE\b", "ALTER TABLE"),
+    (r"\bALTER\s+VIEW\b", "ALTER VIEW"),
+    (r"\bALTER\s+FUNCTION\b", "ALTER FUNCTION"),
+    # DDL - Deleção
+    (r"\bDROP\s+TABLE\b", "DROP TABLE"),
+    (r"\bDROP\s+VIEW\b", "DROP VIEW"),
+    (r"\bDROP\s+FUNCTION\b", "DROP FUNCTION"),
+    (r"\bDROP\s+TRIGGER\b", "DROP TRIGGER"),
+    (r"\bDROP\s+INDEX\b", "DROP INDEX"),
+    (r"\bDROP\s+SCHEMA\b", "DROP SCHEMA"),
+    (r"\bDROP\s+POLICY\b", "DROP POLICY"),
+    # DML Perigoso
+    (r"\bTRUNCATE\b", "TRUNCATE"),
+    (r"\bDELETE\s+FROM\b(?!.*\bWHERE\b)", "DELETE without WHERE"),
+    # Backup proibido (criar tabela como cópia)
+    (r"\bCREATE\s+TABLE\b.*\bAS\s+SELECT\b", "CREATE TABLE AS SELECT (backup proibido)"),
+    # Storage
+    (r"\bINSERT\s+INTO\s+storage\.buckets\b", "INSERT INTO storage.buckets"),
+]
+# Patterns que indicam contexto seguro (não bloquear)
+SAFE_CONTEXTS = [
+    r"--.*$",                          # Comentário SQL
+    r"SELECT\s+.*\bFROM\b",            # Query de leitura
+    r"information_schema",             # Query de metadata
+    r"pg_catalog",                     # Query de sistema
+    r"\bEXPLAIN\b",                    # Explain plan
+]
+# Comandos que são sempre permitidos
+ALLOWED_COMMANDS = [
+    "supabase migration",              # CLI de migration
+    "supabase db push",                # Push de migrations
+    "supabase db pull",                # Pull de schema
+    "pg_dump",                         # Backup (exportar)
+    "psql.*-f.*migrations",            # Aplicar migration file
+]
+# =============================================================================
+# LÓGICA DO HOOK
+# =============================================================================
+def extract_sql_from_command(command: str) -> str:
+    """Extrai possível SQL de um comando bash."""
+    # Remover aspas externas se houver
+    sql = command
+    # Detectar SQL inline em psql -c
+    psql_match = re.search(r'psql.*-c\s+["\'](.+?)["\']', command, re.DOTALL)
+    if psql_match:
+        sql = psql_match.group(1)
+    # Detectar heredoc
+    heredoc_match = re.search(r'<<["\']?(\w+)["\']?\s*\n(.+?)\n\1', command, re.DOTALL)
+    if heredoc_match:
+        sql = heredoc_match.group(2)
+    return sql.upper()
+def is_safe_context(command: str) -> bool:
+    """Verifica se o comando está em contexto seguro."""
+    command_lower = command.lower()
+    for allowed in ALLOWED_COMMANDS:
+        if re.search(allowed, command_lower):
+            return True
+    return False
+def detect_dangerous_sql(command: str) -> list[tuple[str, str]]:
+    """Detecta patterns SQL perigosos no comando."""
+    sql = extract_sql_from_command(command)
+    detected = []
+    for pattern, description in DANGEROUS_PATTERNS:
+        if re.search(pattern, sql, re.IGNORECASE):
+            detected.append((pattern, description))
+    return detected
+def main():
+    # Ler input do stdin
+    try:
+        input_data = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        # Se não conseguir parsear, permitir (fail-open)
+        sys.exit(0)
+    tool_name = input_data.get("tool_name", "")
+    tool_input = input_data.get("tool_input", {})
+    # Só processar Bash
+    if tool_name != "Bash":
+        sys.exit(0)
+    command = tool_input.get("command", "")
+    if not command:
+        sys.exit(0)
+    # Verificar se é contexto seguro
+    if is_safe_context(command):
+        sys.exit(0)
+    # Detectar SQL perigoso
+    dangerous = detect_dangerous_sql(command)
+    if not dangerous:
+        sys.exit(0)
+    # BLOQUEAR: SQL perigoso detectado
+    detected_list = "\n".join([f"║    • {desc:<64} ║" for _, desc in dangerous[:5]])
+    error_message = f"""
+╔══════════════════════════════════════════════════════════════════════════════╗
+║  🛑 SQL GOVERNANCE: Operação de banco requer aprovação                       ║
+╠══════════════════════════════════════════════════════════════════════════════╣
+║                                                                              ║
+║  Operações detectadas:                                                       ║
+{detected_list}
+║                                                                              ║
+║  REGRA: Comandos que criam/alteram/deletam objetos de banco DEVEM:           ║
+║                                                                              ║
+║    1. Ser propostos ao usuário ANTES de executar                             ║
+║    2. Incluir justificativa e análise de impacto                             ║
+║    3. Aguardar aprovação explícita                                           ║
+║                                                                              ║
+║  EXCEÇÕES PERMITIDAS:                                                        ║
+║    • supabase migration (CLI oficial)                                        ║
+║    • pg_dump (backup/export)                                                 ║
+║    • Aplicar migrations existentes em supabase/migrations/                   ║
+║                                                                              ║
+║  AÇÃO: Proponha as mudanças ao usuário e aguarde aprovação.                  ║
+║        Use o formato: Schema/SQL + Justificativa + Impacto                   ║
+║                                                                              ║
+╚══════════════════════════════════════════════════════════════════════════════╝
+"""
+    print(error_message, file=sys.stderr)
+    sys.exit(2)
+if __name__ == "__main__":
+    main()

package/.claude/hooks/verify-packages.cjs ADDED Viewed

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+/**
+ * verify-packages.cjs — Slopsquatting Prevention Hook
+ *
+ * Blocks `npm install`/`npm add` commands that reference packages
+ * not found on the npm registry. Prevents installation of hallucinated
+ * (fabricated) packages that attackers may register with malicious code.
+ *
+ * Research: 19.7% of packages recommended by LLMs are fabricated.
+ * Source: arXiv study, 576K samples across 16 models.
+ *
+ * Hook type: PreToolUse (Bash)
+ * Exit 0 = allow, Exit 2 = block
+ */
+'use strict';
+const { execSync } = require('child_process');
+let input = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', (d) => { input += d; });
+process.stdin.on('end', () => {
+  try {
+    const data = JSON.parse(input);
+    const command = (data.tool_input && data.tool_input.command) || '';
+    // Only check direct npm install/add commands (not text in PR bodies, etc.)
+    // Skip if command is gh, curl, echo, or other non-npm commands
+    const trimmed = command.trim();
+    if (trimmed.startsWith('gh ') || trimmed.startsWith('curl ') || trimmed.startsWith('echo ')) process.exit(0);
+    const installMatch = trimmed.match(/^npm\s+(install|add|i)\s+(.+)/m);
+    if (!installMatch) process.exit(0);
+    const argsStr = installMatch[2];
+    // Extract package names, skipping flags (--save-dev, -D, etc.)
+    const tokens = argsStr.split(/\s+/).filter(t => !t.startsWith('-'));
+    if (tokens.length === 0) process.exit(0);
+    const failed = [];
+    for (const token of tokens) {
+      // Strip version specifier: pkg@1.0.0 -> pkg, @org/pkg@^2 -> @org/pkg
+      let pkgName;
+      if (token.startsWith('@')) {
+        // Scoped package: @org/pkg@version
+        const slashIdx = token.indexOf('/');
+        if (slashIdx === -1) continue; // malformed, skip
+        const afterSlash = token.substring(slashIdx + 1);
+        const atIdx = afterSlash.indexOf('@');
+        pkgName = atIdx > 0
+          ? token.substring(0, slashIdx + 1 + atIdx)
+          : token;
+      } else {
+        const atIdx = token.indexOf('@');
+        pkgName = atIdx > 0 ? token.substring(0, atIdx) : token;
+      }
+      // Skip if it looks like a local path or URL
+      if (pkgName.startsWith('.') || pkgName.startsWith('/') || pkgName.includes('://')) continue;
+      if (pkgName.endsWith('.tgz') || pkgName.endsWith('.tar.gz')) continue;
+      try {
+        execSync(`npm view "${pkgName}" name`, { timeout: 8000, stdio: 'pipe' });
+      } catch {
+        failed.push(pkgName);
+      }
+    }
+    if (failed.length > 0) {
+      const names = failed.map(n => `'${n}'`).join(', ');
+      const msg = failed.length === 1
+        ? `BLOCKED: Package ${names} not found on npm. This may be a hallucinated package (slopsquatting).`
+        : `BLOCKED: Packages ${names} not found on npm. These may be hallucinated packages (slopsquatting).`;
+      process.stderr.write(msg + '\n');
+      process.exit(2);
+    }
+    process.exit(0);
+  } catch {
+    // Fail-open: if hook crashes, allow the operation
+    process.exit(0);
+  }
+});