sinapse-ai 9.4.0 → 9.5.0

package/.claude/hooks/sql-governance.py

@@ -1,183 +1,183 @@
-#!/usr/bin/env python3
-"""
-Hook: SQL Governance
-
-REGRA: Comandos SQL que criam/alteram/deletam objetos de banco DEVEM ser aprovados.
-
-Este hook intercepta comandos Bash que contêm SQL perigoso e bloqueia
-operações não autorizadas em banco de dados.
-
-Exit Codes:
-- 0: Permitido
-- 2: Bloqueado (SQL perigoso detectado)
-"""
-
-import json
-import sys
-import os
-import re
-
-# =============================================================================
-# CONFIGURAÇÃO: Patterns SQL que requerem aprovação
-# =============================================================================
-
-DANGEROUS_PATTERNS = [
-    # DDL - Criação
-    (r"\bCREATE\s+TABLE\b", "CREATE TABLE"),
-    (r"\bCREATE\s+VIEW\b", "CREATE VIEW"),
-    (r"\bCREATE\s+MATERIALIZED\s+VIEW\b", "CREATE MATERIALIZED VIEW"),
-    (r"\bCREATE\s+FUNCTION\b", "CREATE FUNCTION"),
-    (r"\bCREATE\s+TRIGGER\b", "CREATE TRIGGER"),
-    (r"\bCREATE\s+INDEX\b", "CREATE INDEX"),
-    (r"\bCREATE\s+TYPE\b", "CREATE TYPE"),
-    (r"\bCREATE\s+SCHEMA\b", "CREATE SCHEMA"),
-    (r"\bCREATE\s+EXTENSION\b", "CREATE EXTENSION"),
-    (r"\bCREATE\s+POLICY\b", "CREATE POLICY"),
-
-    # DDL - Alteração
-    (r"\bALTER\s+TABLE\b", "ALTER TABLE"),
-    (r"\bALTER\s+VIEW\b", "ALTER VIEW"),
-    (r"\bALTER\s+FUNCTION\b", "ALTER FUNCTION"),
-
-    # DDL - Deleção
-    (r"\bDROP\s+TABLE\b", "DROP TABLE"),
-    (r"\bDROP\s+VIEW\b", "DROP VIEW"),
-    (r"\bDROP\s+FUNCTION\b", "DROP FUNCTION"),
-    (r"\bDROP\s+TRIGGER\b", "DROP TRIGGER"),
-    (r"\bDROP\s+INDEX\b", "DROP INDEX"),
-    (r"\bDROP\s+SCHEMA\b", "DROP SCHEMA"),
-    (r"\bDROP\s+POLICY\b", "DROP POLICY"),
-
-    # DML Perigoso
-    (r"\bTRUNCATE\b", "TRUNCATE"),
-    (r"\bDELETE\s+FROM\b(?!.*\bWHERE\b)", "DELETE without WHERE"),
-
-    # Backup proibido (criar tabela como cópia)
-    (r"\bCREATE\s+TABLE\b.*\bAS\s+SELECT\b", "CREATE TABLE AS SELECT (backup proibido)"),
-
-    # Storage
-    (r"\bINSERT\s+INTO\s+storage\.buckets\b", "INSERT INTO storage.buckets"),
-]
-
-# Patterns que indicam contexto seguro (não bloquear)
-SAFE_CONTEXTS = [
-    r"--.*$",                          # Comentário SQL
-    r"SELECT\s+.*\bFROM\b",            # Query de leitura
-    r"information_schema",             # Query de metadata
-    r"pg_catalog",                     # Query de sistema
-    r"\bEXPLAIN\b",                    # Explain plan
-]
-
-# Comandos que são sempre permitidos
-ALLOWED_COMMANDS = [
-    "supabase migration",              # CLI de migration
-    "supabase db push",                # Push de migrations
-    "supabase db pull",                # Pull de schema
-    "pg_dump",                         # Backup (exportar)
-    "psql.*-f.*migrations",            # Aplicar migration file
-]
-
-# =============================================================================
-# LÓGICA DO HOOK
-# =============================================================================
-
-def extract_sql_from_command(command: str) -> str:
-    """Extrai possível SQL de um comando bash."""
-    # Remover aspas externas se houver
-    sql = command
-
-    # Detectar SQL inline em psql -c
-    psql_match = re.search(r'psql.*-c\s+["\'](.+?)["\']', command, re.DOTALL)
-    if psql_match:
-        sql = psql_match.group(1)
-
-    # Detectar heredoc
-    heredoc_match = re.search(r'<<["\']?(\w+)["\']?\s*\n(.+?)\n\1', command, re.DOTALL)
-    if heredoc_match:
-        sql = heredoc_match.group(2)
-
-    return sql.upper()
-
-def is_safe_context(command: str) -> bool:
-    """Verifica se o comando está em contexto seguro."""
-    command_lower = command.lower()
-
-    for allowed in ALLOWED_COMMANDS:
-        if re.search(allowed, command_lower):
-            return True
-
-    return False
-
-def detect_dangerous_sql(command: str) -> list[tuple[str, str]]:
-    """Detecta patterns SQL perigosos no comando."""
-    sql = extract_sql_from_command(command)
-    detected = []
-
-    for pattern, description in DANGEROUS_PATTERNS:
-        if re.search(pattern, sql, re.IGNORECASE):
-            detected.append((pattern, description))
-
-    return detected
-
-def main():
-    # Ler input do stdin
-    try:
-        input_data = json.load(sys.stdin)
-    except json.JSONDecodeError:
-        # Se não conseguir parsear, permitir (fail-open)
-        sys.exit(0)
-
-    tool_name = input_data.get("tool_name", "")
-    tool_input = input_data.get("tool_input", {})
-
-    # Só processar Bash
-    if tool_name != "Bash":
-        sys.exit(0)
-
-    command = tool_input.get("command", "")
-    if not command:
-        sys.exit(0)
-
-    # Verificar se é contexto seguro
-    if is_safe_context(command):
-        sys.exit(0)
-
-    # Detectar SQL perigoso
-    dangerous = detect_dangerous_sql(command)
-
-    if not dangerous:
-        sys.exit(0)
-
-    # BLOQUEAR: SQL perigoso detectado
-    detected_list = "\n".join([f"║    • {desc:<64} ║" for _, desc in dangerous[:5]])
-
-    error_message = f"""
-╔══════════════════════════════════════════════════════════════════════════════╗
-║  🛑 SQL GOVERNANCE: Operação de banco requer aprovação                       ║
-╠══════════════════════════════════════════════════════════════════════════════╣
-║                                                                              ║
-║  Operações detectadas:                                                       ║
-{detected_list}
-║                                                                              ║
-║  REGRA: Comandos que criam/alteram/deletam objetos de banco DEVEM:           ║
-║                                                                              ║
-║    1. Ser propostos ao usuário ANTES de executar                             ║
-║    2. Incluir justificativa e análise de impacto                             ║
-║    3. Aguardar aprovação explícita                                           ║
-║                                                                              ║
-║  EXCEÇÕES PERMITIDAS:                                                        ║
-║    • supabase migration (CLI oficial)                                        ║
-║    • pg_dump (backup/export)                                                 ║
-║    • Aplicar migrations existentes em supabase/migrations/                   ║
-║                                                                              ║
-║  AÇÃO: Proponha as mudanças ao usuário e aguarde aprovação.                  ║
-║        Use o formato: Schema/SQL + Justificativa + Impacto                   ║
-║                                                                              ║
-╚══════════════════════════════════════════════════════════════════════════════╝
-"""
-    print(error_message, file=sys.stderr)
-    sys.exit(2)
-
-if __name__ == "__main__":
-    main()
-
+#!/usr/bin/env python3
+"""
+Hook: SQL Governance
+
+REGRA: Comandos SQL que criam/alteram/deletam objetos de banco DEVEM ser aprovados.
+
+Este hook intercepta comandos Bash que contêm SQL perigoso e bloqueia
+operações não autorizadas em banco de dados.
+
+Exit Codes:
+- 0: Permitido
+- 2: Bloqueado (SQL perigoso detectado)
+"""
+
+import json
+import sys
+import os
+import re
+
+# =============================================================================
+# CONFIGURAÇÃO: Patterns SQL que requerem aprovação
+# =============================================================================
+
+DANGEROUS_PATTERNS = [
+    # DDL - Criação
+    (r"\bCREATE\s+TABLE\b", "CREATE TABLE"),
+    (r"\bCREATE\s+VIEW\b", "CREATE VIEW"),
+    (r"\bCREATE\s+MATERIALIZED\s+VIEW\b", "CREATE MATERIALIZED VIEW"),
+    (r"\bCREATE\s+FUNCTION\b", "CREATE FUNCTION"),
+    (r"\bCREATE\s+TRIGGER\b", "CREATE TRIGGER"),
+    (r"\bCREATE\s+INDEX\b", "CREATE INDEX"),
+    (r"\bCREATE\s+TYPE\b", "CREATE TYPE"),
+    (r"\bCREATE\s+SCHEMA\b", "CREATE SCHEMA"),
+    (r"\bCREATE\s+EXTENSION\b", "CREATE EXTENSION"),
+    (r"\bCREATE\s+POLICY\b", "CREATE POLICY"),
+
+    # DDL - Alteração
+    (r"\bALTER\s+TABLE\b", "ALTER TABLE"),
+    (r"\bALTER\s+VIEW\b", "ALTER VIEW"),
+    (r"\bALTER\s+FUNCTION\b", "ALTER FUNCTION"),
+
+    # DDL - Deleção
+    (r"\bDROP\s+TABLE\b", "DROP TABLE"),
+    (r"\bDROP\s+VIEW\b", "DROP VIEW"),
+    (r"\bDROP\s+FUNCTION\b", "DROP FUNCTION"),
+    (r"\bDROP\s+TRIGGER\b", "DROP TRIGGER"),
+    (r"\bDROP\s+INDEX\b", "DROP INDEX"),
+    (r"\bDROP\s+SCHEMA\b", "DROP SCHEMA"),
+    (r"\bDROP\s+POLICY\b", "DROP POLICY"),
+
+    # DML Perigoso
+    (r"\bTRUNCATE\b", "TRUNCATE"),
+    (r"\bDELETE\s+FROM\b(?!.*\bWHERE\b)", "DELETE without WHERE"),
+
+    # Backup proibido (criar tabela como cópia)
+    (r"\bCREATE\s+TABLE\b.*\bAS\s+SELECT\b", "CREATE TABLE AS SELECT (backup proibido)"),
+
+    # Storage
+    (r"\bINSERT\s+INTO\s+storage\.buckets\b", "INSERT INTO storage.buckets"),
+]
+
+# Patterns que indicam contexto seguro (não bloquear)
+SAFE_CONTEXTS = [
+    r"--.*$",                          # Comentário SQL
+    r"SELECT\s+.*\bFROM\b",            # Query de leitura
+    r"information_schema",             # Query de metadata
+    r"pg_catalog",                     # Query de sistema
+    r"\bEXPLAIN\b",                    # Explain plan
+]
+
+# Comandos que são sempre permitidos
+ALLOWED_COMMANDS = [
+    "supabase migration",              # CLI de migration
+    "supabase db push",                # Push de migrations
+    "supabase db pull",                # Pull de schema
+    "pg_dump",                         # Backup (exportar)
+    "psql.*-f.*migrations",            # Aplicar migration file
+]
+
+# =============================================================================
+# LÓGICA DO HOOK
+# =============================================================================
+
+def extract_sql_from_command(command: str) -> str:
+    """Extrai possível SQL de um comando bash."""
+    # Remover aspas externas se houver
+    sql = command
+
+    # Detectar SQL inline em psql -c
+    psql_match = re.search(r'psql.*-c\s+["\'](.+?)["\']', command, re.DOTALL)
+    if psql_match:
+        sql = psql_match.group(1)
+
+    # Detectar heredoc
+    heredoc_match = re.search(r'<<["\']?(\w+)["\']?\s*\n(.+?)\n\1', command, re.DOTALL)
+    if heredoc_match:
+        sql = heredoc_match.group(2)
+
+    return sql.upper()
+
+def is_safe_context(command: str) -> bool:
+    """Verifica se o comando está em contexto seguro."""
+    command_lower = command.lower()
+
+    for allowed in ALLOWED_COMMANDS:
+        if re.search(allowed, command_lower):
+            return True
+
+    return False
+
+def detect_dangerous_sql(command: str) -> list[tuple[str, str]]:
+    """Detecta patterns SQL perigosos no comando."""
+    sql = extract_sql_from_command(command)
+    detected = []
+
+    for pattern, description in DANGEROUS_PATTERNS:
+        if re.search(pattern, sql, re.IGNORECASE):
+            detected.append((pattern, description))
+
+    return detected
+
+def main():
+    # Ler input do stdin
+    try:
+        input_data = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        # Se não conseguir parsear, permitir (fail-open)
+        sys.exit(0)
+
+    tool_name = input_data.get("tool_name", "")
+    tool_input = input_data.get("tool_input", {})
+
+    # Só processar Bash
+    if tool_name != "Bash":
+        sys.exit(0)
+
+    command = tool_input.get("command", "")
+    if not command:
+        sys.exit(0)
+
+    # Verificar se é contexto seguro
+    if is_safe_context(command):
+        sys.exit(0)
+
+    # Detectar SQL perigoso
+    dangerous = detect_dangerous_sql(command)
+
+    if not dangerous:
+        sys.exit(0)
+
+    # BLOQUEAR: SQL perigoso detectado
+    detected_list = "\n".join([f"║    • {desc:<64} ║" for _, desc in dangerous[:5]])
+
+    error_message = f"""
+╔══════════════════════════════════════════════════════════════════════════════╗
+║  🛑 SQL GOVERNANCE: Operação de banco requer aprovação                       ║
+╠══════════════════════════════════════════════════════════════════════════════╣
+║                                                                              ║
+║  Operações detectadas:                                                       ║
+{detected_list}
+║                                                                              ║
+║  REGRA: Comandos que criam/alteram/deletam objetos de banco DEVEM:           ║
+║                                                                              ║
+║    1. Ser propostos ao usuário ANTES de executar                             ║
+║    2. Incluir justificativa e análise de impacto                             ║
+║    3. Aguardar aprovação explícita                                           ║
+║                                                                              ║
+║  EXCEÇÕES PERMITIDAS:                                                        ║
+║    • supabase migration (CLI oficial)                                        ║
+║    • pg_dump (backup/export)                                                 ║
+║    • Aplicar migrations existentes em supabase/migrations/                   ║
+║                                                                              ║
+║  AÇÃO: Proponha as mudanças ao usuário e aguarde aprovação.                  ║
+║        Use o formato: Schema/SQL + Justificativa + Impacto                   ║
+║                                                                              ║
+╚══════════════════════════════════════════════════════════════════════════════╝
+"""
+    print(error_message, file=sys.stderr)
+    sys.exit(2)
+
+if __name__ == "__main__":
+    main()
+

package/.claude/hooks/verify-packages.cjs

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+/**
+ * verify-packages.cjs — Slopsquatting Prevention Hook
+ *
+ * Blocks `npm install`/`npm add` commands that reference packages
+ * not found on the npm registry. Prevents installation of hallucinated
+ * (fabricated) packages that attackers may register with malicious code.
+ *
+ * Research: 19.7% of packages recommended by LLMs are fabricated.
+ * Source: arXiv study, 576K samples across 16 models.
+ *
+ * Hook type: PreToolUse (Bash)
+ * Exit 0 = allow, Exit 2 = block
+ */
+'use strict';
+
+const { execSync } = require('child_process');
+
+let input = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', (d) => { input += d; });
+process.stdin.on('end', () => {
+  try {
+    const data = JSON.parse(input);
+    const command = (data.tool_input && data.tool_input.command) || '';
+
+    // Only check direct npm install/add commands (not text in PR bodies, etc.)
+    // Skip if command is gh, curl, echo, or other non-npm commands
+    const trimmed = command.trim();
+    if (trimmed.startsWith('gh ') || trimmed.startsWith('curl ') || trimmed.startsWith('echo ')) process.exit(0);
+    const installMatch = trimmed.match(/^npm\s+(install|add|i)\s+(.+)/m);
+    if (!installMatch) process.exit(0);
+
+    const argsStr = installMatch[2];
+
+    // Extract package names, skipping flags (--save-dev, -D, etc.)
+    const tokens = argsStr.split(/\s+/).filter(t => !t.startsWith('-'));
+    if (tokens.length === 0) process.exit(0);
+
+    const failed = [];
+    for (const token of tokens) {
+      // Strip version specifier: pkg@1.0.0 -> pkg, @org/pkg@^2 -> @org/pkg
+      let pkgName;
+      if (token.startsWith('@')) {
+        // Scoped package: @org/pkg@version
+        const slashIdx = token.indexOf('/');
+        if (slashIdx === -1) continue; // malformed, skip
+        const afterSlash = token.substring(slashIdx + 1);
+        const atIdx = afterSlash.indexOf('@');
+        pkgName = atIdx > 0
+          ? token.substring(0, slashIdx + 1 + atIdx)
+          : token;
+      } else {
+        const atIdx = token.indexOf('@');
+        pkgName = atIdx > 0 ? token.substring(0, atIdx) : token;
+      }
+
+      // Skip if it looks like a local path or URL
+      if (pkgName.startsWith('.') || pkgName.startsWith('/') || pkgName.includes('://')) continue;
+      if (pkgName.endsWith('.tgz') || pkgName.endsWith('.tar.gz')) continue;
+
+      try {
+        execSync(`npm view "${pkgName}" name`, { timeout: 8000, stdio: 'pipe' });
+      } catch {
+        failed.push(pkgName);
+      }
+    }
+
+    if (failed.length > 0) {
+      const names = failed.map(n => `'${n}'`).join(', ');
+      const msg = failed.length === 1
+        ? `BLOCKED: Package ${names} not found on npm. This may be a hallucinated package (slopsquatting).`
+        : `BLOCKED: Packages ${names} not found on npm. These may be hallucinated packages (slopsquatting).`;
+      process.stderr.write(msg + '\n');
+      process.exit(2);
+    }
+
+    process.exit(0);
+  } catch {
+    // Fail-open: if hook crashes, allow the operation
+    process.exit(0);
+  }
+});