sovr-mcp-proxy 6.0.1 → 7.0.0

package/dist/whitelistEngine.js

@@ -0,0 +1,435 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/whitelistEngine.ts
+var whitelistEngine_exports = {};
+__export(whitelistEngine_exports, {
+  PRESETS: () => PRESETS,
+  PRESET_DEVELOPER: () => PRESET_DEVELOPER,
+  PRESET_PRODUCTION: () => PRESET_PRODUCTION,
+  PRESET_READONLY: () => PRESET_READONLY,
+  WhitelistEngine: () => WhitelistEngine,
+  autoLoadPolicy: () => autoLoadPolicy,
+  generatePolicyFile: () => generatePolicyFile,
+  loadPolicy: () => loadPolicy
+});
+module.exports = __toCommonJS(whitelistEngine_exports);
+var import_node_fs = require("fs");
+var import_node_path = require("path");
+var PRESET_READONLY = {
+  version: "1.0",
+  mode: "whitelist",
+  rules: [
+    { pattern: "ls *", allow: true, description: "List directory" },
+    { pattern: "cat *", allow: true, description: "Read file" },
+    { pattern: "head *", allow: true, description: "Read file head" },
+    { pattern: "tail *", allow: true, description: "Read file tail" },
+    { pattern: "find *", allow: true, description: "Find files", max_args: 10 },
+    { pattern: "grep *", allow: true, description: "Search in files" },
+    { pattern: "wc *", allow: true, description: "Word count" },
+    { pattern: "file *", allow: true, description: "File type" },
+    { pattern: "pwd", allow: true, description: "Print working directory" },
+    { pattern: "whoami", allow: true, description: "Current user" },
+    { pattern: "date", allow: true, description: "Current date" },
+    { pattern: "echo *", allow: true, description: "Echo text" }
+  ],
+  settings: {
+    max_command_length: 500,
+    allow_env_expansion: false,
+    allow_subshell: false,
+    allow_pipes: true,
+    allow_chains: false,
+    allow_redirects: false
+  }
+};
+var PRESET_DEVELOPER = {
+  version: "1.0",
+  mode: "whitelist",
+  rules: [
+    // Read operations
+    ...PRESET_READONLY.rules,
+    // Git (safe operations)
+    { pattern: "git status", allow: true, description: "Git status" },
+    { pattern: "git diff *", allow: true, description: "Git diff" },
+    { pattern: "git log *", allow: true, description: "Git log" },
+    { pattern: "git branch *", allow: true, description: "Git branch" },
+    { pattern: "git add *", allow: true, description: "Git add" },
+    { pattern: "git commit *", allow: true, description: "Git commit" },
+    { pattern: "git push *", allow: true, require_approval: true, description: "Git push (requires approval)" },
+    { pattern: "git pull *", allow: true, description: "Git pull" },
+    { pattern: "git checkout *", allow: true, description: "Git checkout" },
+    { pattern: "git stash *", allow: true, description: "Git stash" },
+    // Node.js / npm
+    { pattern: "node *", allow: true, description: "Run Node.js" },
+    { pattern: "npm run *", allow: true, description: "Run npm script" },
+    { pattern: "npm test", allow: true, description: "Run tests" },
+    { pattern: "npm install *", allow: true, description: "Install packages" },
+    { pattern: "npx *", allow: true, description: "Run npx" },
+    { pattern: "pnpm *", allow: true, description: "Run pnpm" },
+    { pattern: "yarn *", allow: true, description: "Run yarn" },
+    // Python
+    { pattern: "python3 *", allow: true, description: "Run Python", max_args: 20 },
+    { pattern: "pip install *", allow: true, description: "Install Python packages" },
+    { pattern: "pip3 install *", allow: true, description: "Install Python packages" },
+    // Build tools
+    { pattern: "make *", allow: true, description: "Run make" },
+    { pattern: "cargo *", allow: true, description: "Run cargo" },
+    // File operations (limited)
+    { pattern: "mkdir *", allow: true, description: "Create directory" },
+    { pattern: "cp *", allow: true, description: "Copy files" },
+    { pattern: "mv *", allow: true, description: "Move files" },
+    { pattern: "touch *", allow: true, description: "Create empty file" },
+    // Dangerous operations — require approval
+    { pattern: "rm *", allow: true, require_approval: true, description: "Delete files (requires approval)" },
+    { pattern: "npm publish *", allow: true, require_approval: true, description: "Publish package (requires approval)" },
+    { pattern: "docker *", allow: true, require_approval: true, description: "Docker operations (requires approval)" }
+  ],
+  settings: {
+    max_command_length: 2e3,
+    allow_env_expansion: true,
+    allow_subshell: false,
+    allow_pipes: true,
+    allow_chains: true,
+    allow_redirects: true
+  }
+};
+var PRESET_PRODUCTION = {
+  version: "1.0",
+  mode: "whitelist",
+  rules: [
+    { pattern: "echo *", allow: true, description: "Echo" },
+    { pattern: "date", allow: true, description: "Date" },
+    { pattern: "uptime", allow: true, description: "Uptime" },
+    { pattern: "df *", allow: true, description: "Disk usage" },
+    { pattern: "free *", allow: true, description: "Memory usage" },
+    { pattern: "ps *", allow: true, description: "Process list" },
+    { pattern: "curl *", allow: true, require_approval: true, description: "HTTP request (requires approval)" }
+  ],
+  default_action: "deny",
+  settings: {
+    max_command_length: 500,
+    allow_env_expansion: false,
+    allow_subshell: false,
+    allow_pipes: false,
+    allow_chains: false,
+    allow_redirects: false
+  }
+};
+var PRESETS = {
+  readonly: PRESET_READONLY,
+  developer: PRESET_DEVELOPER,
+  production: PRESET_PRODUCTION
+};
+var WhitelistEngine = class {
+  policy;
+  constructor(policy) {
+    this.policy = policy;
+    this.policy.rules.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+  }
+  /**
+   * Evaluate a command against the whitelist policy.
+   */
+  evaluate(command) {
+    const violations = [];
+    const structuralCheck = this.checkStructural(command);
+    violations.push(...structuralCheck.violations);
+    if (structuralCheck.blocked) {
+      return {
+        allowed: false,
+        require_approval: false,
+        reason: `Structural violation: ${violations.join(", ")}`,
+        risk: "critical",
+        violations
+      };
+    }
+    const enabledRules = this.policy.rules.filter((r) => r.enabled !== false);
+    for (const rule of enabledRules) {
+      if (matchPattern(command, rule.pattern)) {
+        if (rule.max_args !== void 0) {
+          const argCount = command.split(/\s+/).length - 1;
+          if (argCount > rule.max_args) {
+            violations.push(`Too many arguments: ${argCount} > ${rule.max_args}`);
+            return {
+              allowed: false,
+              require_approval: false,
+              matched_rule: rule,
+              reason: `Argument limit exceeded for pattern "${rule.pattern}"`,
+              risk: "high",
+              violations
+            };
+          }
+        }
+        if (rule.allow) {
+          return {
+            allowed: true,
+            require_approval: rule.require_approval ?? false,
+            matched_rule: rule,
+            reason: rule.description || `Matched whitelist pattern: ${rule.pattern}`,
+            risk: rule.require_approval ? "medium" : "low",
+            violations
+          };
+        } else {
+          return {
+            allowed: false,
+            require_approval: false,
+            matched_rule: rule,
+            reason: rule.description || `Matched blacklist pattern: ${rule.pattern}`,
+            risk: "high",
+            violations
+          };
+        }
+      }
+    }
+    switch (this.policy.mode) {
+      case "whitelist":
+        return {
+          allowed: false,
+          require_approval: false,
+          reason: `No whitelist rule matches command. In whitelist mode, unlisted commands are DENIED.`,
+          risk: "high",
+          violations
+        };
+      case "blacklist":
+        return {
+          allowed: true,
+          require_approval: false,
+          reason: "No blacklist rule matches. Command allowed by default.",
+          risk: "medium",
+          violations
+        };
+      case "hybrid": {
+        const defaultAction = this.policy.default_action || "deny";
+        return {
+          allowed: defaultAction === "allow",
+          require_approval: defaultAction === "escalate",
+          reason: `No rule matches. Hybrid mode default: ${defaultAction}`,
+          risk: defaultAction === "allow" ? "medium" : "high",
+          violations
+        };
+      }
+    }
+  }
+  /**
+   * Check structural constraints (pipes, chains, subshells, etc.)
+   */
+  checkStructural(command) {
+    const violations = [];
+    const settings = this.policy.settings || {};
+    if (settings.max_command_length && command.length > settings.max_command_length) {
+      violations.push(`Command too long: ${command.length} > ${settings.max_command_length}`);
+    }
+    if (settings.allow_subshell === false) {
+      if (/\$\(/.test(command) || /`[^`]+`/.test(command)) {
+        violations.push("Subshell execution not allowed");
+      }
+    }
+    if (settings.allow_pipes === false) {
+      if (/\|(?!\|)/.test(command)) {
+        violations.push("Pipe chains not allowed");
+      }
+    }
+    if (settings.allow_chains === false) {
+      if (/[;&]|&&|\|\|/.test(command)) {
+        violations.push("Command chaining not allowed");
+      }
+    }
+    if (settings.allow_redirects === false) {
+      if (/[<>]|>>/.test(command)) {
+        violations.push("Output redirection not allowed");
+      }
+    }
+    if (settings.allow_env_expansion === false) {
+      if (/\$[A-Za-z_]/.test(command) || /\$\{/.test(command)) {
+        violations.push("Environment variable expansion not allowed");
+      }
+    }
+    return {
+      blocked: violations.length > 0,
+      violations
+    };
+  }
+  /**
+   * Get the current policy.
+   */
+  getPolicy() {
+    return { ...this.policy };
+  }
+  /**
+   * Add a rule dynamically.
+   */
+  addRule(rule) {
+    this.policy.rules.push(rule);
+    this.policy.rules.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+  }
+  /**
+   * Remove a rule by pattern.
+   */
+  removeRule(pattern) {
+    const idx = this.policy.rules.findIndex((r) => r.pattern === pattern);
+    if (idx >= 0) {
+      this.policy.rules.splice(idx, 1);
+      return true;
+    }
+    return false;
+  }
+  /**
+   * List all rules.
+   */
+  listRules() {
+    return [...this.policy.rules];
+  }
+};
+function matchPattern(command, pattern) {
+  const normalizedCmd = command.trim().replace(/\s+/g, " ");
+  const normalizedPattern = pattern.trim().replace(/\s+/g, " ");
+  const regexStr = "^" + normalizedPattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".") + "$";
+  try {
+    return new RegExp(regexStr).test(normalizedCmd);
+  } catch {
+    return false;
+  }
+}
+function loadPolicy(filePath) {
+  if (!(0, import_node_fs.existsSync)(filePath)) {
+    throw new Error(`Policy file not found: ${filePath}`);
+  }
+  const raw = (0, import_node_fs.readFileSync)(filePath, "utf-8");
+  try {
+    return JSON.parse(raw);
+  } catch {
+  }
+  return parseSimpleYaml(raw);
+}
+function autoLoadPolicy(projectDir) {
+  const candidates = [
+    (0, import_node_path.join)(projectDir, ".sovr", "policy.json"),
+    (0, import_node_path.join)(projectDir, ".sovr", "policy.yaml"),
+    (0, import_node_path.join)(projectDir, ".sovr", "policy.yml"),
+    (0, import_node_path.join)(projectDir, "sovr.policy.json")
+  ];
+  for (const candidate of candidates) {
+    if ((0, import_node_fs.existsSync)(candidate)) {
+      return loadPolicy(candidate);
+    }
+  }
+  return null;
+}
+function parseSimpleYaml(raw) {
+  const lines = raw.split("\n");
+  const policy = {
+    version: "1.0",
+    mode: "whitelist",
+    rules: []
+  };
+  let currentRule = null;
+  let inRules = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    if (trimmed.startsWith("version:")) {
+      policy.version = trimmed.split(":").slice(1).join(":").trim().replace(/['"]/g, "");
+    } else if (trimmed.startsWith("mode:")) {
+      policy.mode = trimmed.split(":").slice(1).join(":").trim().replace(/['"]/g, "");
+    } else if (trimmed === "rules:") {
+      inRules = true;
+    } else if (inRules && trimmed.startsWith("- pattern:")) {
+      if (currentRule?.pattern) {
+        policy.rules.push(currentRule);
+      }
+      currentRule = {
+        pattern: trimmed.replace("- pattern:", "").trim().replace(/['"]/g, ""),
+        allow: true,
+        enabled: true
+      };
+    } else if (inRules && currentRule) {
+      if (trimmed.startsWith("allow:")) {
+        currentRule.allow = trimmed.includes("true");
+      } else if (trimmed.startsWith("description:")) {
+        currentRule.description = trimmed.split(":").slice(1).join(":").trim().replace(/['"]/g, "");
+      } else if (trimmed.startsWith("require_approval:")) {
+        currentRule.require_approval = trimmed.includes("true");
+      } else if (trimmed.startsWith("max_args:")) {
+        currentRule.max_args = parseInt(trimmed.split(":")[1].trim());
+      } else if (trimmed.startsWith("priority:")) {
+        currentRule.priority = parseInt(trimmed.split(":")[1].trim());
+      }
+    }
+  }
+  if (currentRule?.pattern) {
+    policy.rules.push(currentRule);
+  }
+  return policy;
+}
+function generatePolicyFile(preset, format = "yaml") {
+  const policy = PRESETS[preset];
+  if (!policy) {
+    throw new Error(`Unknown preset: ${preset}. Available: ${Object.keys(PRESETS).join(", ")}`);
+  }
+  if (format === "json") {
+    return JSON.stringify(policy, null, 2);
+  }
+  let yaml = `# SOVR Whitelist Policy
+`;
+  yaml += `# Preset: ${preset}
+`;
+  yaml += `# Generated: ${(/* @__PURE__ */ new Date()).toISOString()}
+
+`;
+  yaml += `version: "${policy.version}"
+`;
+  yaml += `mode: ${policy.mode}
+
+`;
+  yaml += `rules:
+`;
+  for (const rule of policy.rules) {
+    yaml += `  - pattern: "${rule.pattern}"
+`;
+    yaml += `    allow: ${rule.allow}
+`;
+    if (rule.description) yaml += `    description: "${rule.description}"
+`;
+    if (rule.require_approval) yaml += `    require_approval: true
+`;
+    if (rule.max_args !== void 0) yaml += `    max_args: ${rule.max_args}
+`;
+    yaml += `
+`;
+  }
+  if (policy.settings) {
+    yaml += `settings:
+`;
+    for (const [key, value] of Object.entries(policy.settings)) {
+      yaml += `  ${key}: ${value}
+`;
+    }
+  }
+  return yaml;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PRESETS,
+  PRESET_DEVELOPER,
+  PRESET_PRODUCTION,
+  PRESET_READONLY,
+  WhitelistEngine,
+  autoLoadPolicy,
+  generatePolicyFile,
+  loadPolicy
+});