terramend 0.2.0

package/src/utils/runStartupLog.ts

@@ -0,0 +1,60 @@
+/**
+ * Startup log formatting for the resolver pipeline. Computes the
+ * "model / agent / push / shell / timeout" block that main.ts prints
+ * after resolving the agent + model + payload.
+ */
+
+import { log } from "#app/utils/cli";
+import type { ResolvedPayload } from "#app/utils/payload";
+import { TIMEOUT_DISABLED } from "#app/utils/time";
+
+function resolveTimeoutForLog(timeout: string | undefined): string {
+  if (!timeout) return "1h (default)";
+  if (timeout === TIMEOUT_DISABLED) return "none (disabled)";
+  return timeout;
+}
+
+function resolveModelForLog(ctx: {
+  payload: ResolvedPayload;
+  resolvedModel: string | undefined;
+}): string {
+  const envModel = process.env.TERRAMEND_MODEL?.trim();
+  if (envModel) return `${envModel} (override via TERRAMEND_MODEL)`;
+  if (ctx.resolvedModel && ctx.payload.model && ctx.payload.model !== ctx.resolvedModel) {
+    return `${ctx.resolvedModel} (resolved from ${ctx.payload.model})`;
+  }
+  if (ctx.resolvedModel) return ctx.resolvedModel;
+  if (ctx.payload.model) return `${ctx.payload.model} (unresolved)`;
+  return "auto";
+}
+
+function resolveAgentForLog(ctx: { agentName: string; resolvedModel: string | undefined }): string {
+  const envAgent = process.env.TERRAMEND_AGENT?.trim();
+  if (envAgent && envAgent === ctx.agentName) {
+    return `${ctx.agentName} (override via TERRAMEND_AGENT)`;
+  }
+  if (ctx.agentName === "claude" && ctx.resolvedModel) {
+    return `${ctx.agentName} (auto-selected for ${ctx.resolvedModel})`;
+  }
+  return ctx.agentName;
+}
+
+/**
+ * Emit the startup block ("» model / agent / push / shell / timeout") after
+ * the agent and model are resolved. Single side-effect; no return.
+ */
+export function logRunStartup(ctx: {
+  payload: ResolvedPayload;
+  resolvedModel: string | undefined;
+  agentName: string;
+}): void {
+  log.info(
+    `» model:   ${resolveModelForLog({ payload: ctx.payload, resolvedModel: ctx.resolvedModel })}`,
+  );
+  log.info(
+    `» agent:   ${resolveAgentForLog({ agentName: ctx.agentName, resolvedModel: ctx.resolvedModel })}`,
+  );
+  log.info(`» push:    ${ctx.payload.push}`);
+  log.info(`» shell:   ${ctx.payload.shell}`);
+  log.info(`» timeout: ${resolveTimeoutForLog(ctx.payload.timeout)}`);
+}

package/src/utils/secrets.test.ts

@@ -0,0 +1,103 @@
+import { afterEach, describe, expect, it } from "vitest";
+import { filterEnv, isSensitiveEnvName, resolveEnv, setEnvAllowlist } from "#app/utils/secrets";
+
+// keys this suite injects into process.env — cleaned up after each test so we
+// don't leak state into other tests sharing the worker.
+const INJECTED = [
+  "GITHUB_WORKSPACE",
+  "GITHUB_REPOSITORY",
+  "GITHUB_TOKEN",
+  "GITHUB_FUTURE_UNKNOWN_VAR",
+  "RUNNER_TEMP",
+  "ANTHROPIC_API_KEY",
+  "MY_CUSTOM_VALUE",
+];
+
+afterEach(() => {
+  for (const k of INJECTED) delete process.env[k];
+  // reset any user allowlist set during a test
+  setEnvAllowlist("");
+});
+
+describe("isSensitiveEnvName", () => {
+  it("flags _KEY/_SECRET/_TOKEN/_PASSWORD/_CREDENTIAL suffixes", () => {
+    expect(isSensitiveEnvName("ANTHROPIC_API_KEY")).toBe(true);
+    expect(isSensitiveEnvName("GITHUB_TOKEN")).toBe(true);
+    expect(isSensitiveEnvName("VERCEL_AUTOMATION_BYPASS_SECRET")).toBe(true);
+    expect(isSensitiveEnvName("GITHUB_WORKSPACE")).toBe(false);
+  });
+});
+
+describe("filterEnv GITHUB_* exact allowlist (fail-closed)", () => {
+  it("passes through known runner context vars", () => {
+    process.env.GITHUB_WORKSPACE = "/work";
+    process.env.GITHUB_REPOSITORY = "terramend/terramend";
+    process.env.RUNNER_TEMP = "/tmp/runner";
+    const env = filterEnv();
+    expect(env.GITHUB_WORKSPACE).toBe("/work");
+    expect(env.GITHUB_REPOSITORY).toBe("terramend/terramend");
+    expect(env.RUNNER_TEMP).toBe("/tmp/runner");
+  });
+
+  it("drops an unknown GITHUB_* var that is not in the exact allowlist", () => {
+    process.env.GITHUB_FUTURE_UNKNOWN_VAR = "leak-me";
+    expect(filterEnv().GITHUB_FUTURE_UNKNOWN_VAR).toBeUndefined();
+  });
+
+  it("drops GITHUB_TOKEN even though it shares the GITHUB_ prefix", () => {
+    process.env.GITHUB_TOKEN = "ghs_secret";
+    expect(filterEnv().GITHUB_TOKEN).toBeUndefined();
+  });
+
+  it("drops obviously sensitive vars", () => {
+    process.env.ANTHROPIC_API_KEY = "sk-ant-xxx";
+    expect(filterEnv().ANTHROPIC_API_KEY).toBeUndefined();
+  });
+
+  it("drops arbitrary non-allowlisted vars by default", () => {
+    process.env.MY_CUSTOM_VALUE = "x";
+    expect(filterEnv().MY_CUSTOM_VALUE).toBeUndefined();
+  });
+
+  it("honors an explicit user allowlist opt-in", () => {
+    process.env.MY_CUSTOM_VALUE = "x";
+    process.env.GITHUB_FUTURE_UNKNOWN_VAR = "y";
+    setEnvAllowlist("MY_CUSTOM_VALUE\nGITHUB_FUTURE_UNKNOWN_VAR");
+    const env = filterEnv();
+    expect(env.MY_CUSTOM_VALUE).toBe("x");
+    expect(env.GITHUB_FUTURE_UNKNOWN_VAR).toBe("y");
+  });
+
+  it("lets the user allowlist opt a sensitive-named var back in", () => {
+    process.env.ANTHROPIC_API_KEY = "sk-ant-xxx";
+    setEnvAllowlist("ANTHROPIC_API_KEY");
+    expect(filterEnv().ANTHROPIC_API_KEY).toBe("sk-ant-xxx");
+  });
+
+  it("passes through safe prefixes (RUNNER_*, JAVA_HOME_*)", () => {
+    process.env.RUNNER_TEMP = "/tmp/runner";
+    const env = filterEnv();
+    expect(env.RUNNER_TEMP).toBe("/tmp/runner");
+  });
+});
+
+describe("resolveEnv", () => {
+  it("returns the full process env for 'inherit'", () => {
+    expect(resolveEnv("inherit")).toBe(process.env);
+  });
+
+  it("filters for 'restricted' and for the undefined default", () => {
+    process.env.ANTHROPIC_API_KEY = "sk-ant-xxx";
+    expect(resolveEnv("restricted").ANTHROPIC_API_KEY).toBeUndefined();
+    expect(resolveEnv(undefined).ANTHROPIC_API_KEY).toBeUndefined();
+  });
+
+  it("merges a custom env object over the restricted base", () => {
+    process.env.ANTHROPIC_API_KEY = "sk-ant-xxx";
+    process.env.GITHUB_WORKSPACE = "/work";
+    const env = resolveEnv({ EXTRA_VAR: "1" });
+    expect(env.EXTRA_VAR).toBe("1");
+    expect(env.GITHUB_WORKSPACE).toBe("/work"); // restricted base survives
+    expect(env.ANTHROPIC_API_KEY).toBeUndefined(); // secrets still filtered
+  });
+});

package/src/utils/secrets.ts

@@ -0,0 +1,177 @@
+/**
+ * Secret detection and env filtering utilities
+ *
+ * subprocess env filtering: default-deny allowlist model.
+ * only vars in the safe set or user allowlist are passed to child processes.
+ *
+ * log redaction: SENSITIVE_PATTERNS are used to identify secret values
+ * for redaction in logs and GHA masking (independent of subprocess filtering).
+ */
+
+// --- log redaction (unchanged, independent of subprocess filtering) ---
+
+// patterns for sensitive env var names (used by normalizeEnv)
+export const SENSITIVE_PATTERNS = [
+  /_KEY$/i,
+  /_SECRET$/i,
+  /_TOKEN$/i,
+  /_PASSWORD$/i,
+  /_CREDENTIAL$/i,
+];
+
+export function isSensitiveEnvName(key: string): boolean {
+  return SENSITIVE_PATTERNS.some((p) => p.test(key));
+}
+
+// --- subprocess env filtering ---
+
+// prefixes whose vars are safe to pass through (runner metadata, toolchain).
+const SAFE_ENV_PREFIXES = ["RUNNER_", "JAVA_HOME_", "GOROOT_"];
+
+// GITHUB_* is an EXACT allowlist rather than a prefix: the set of context vars
+// the runner injects is well-known and closed, so listing them explicitly fails
+// closed on any unknown/future GITHUB_* var (e.g. a sensitive one that doesn't
+// end in _TOKEN/_KEY/_SECRET and would otherwise slip through the prefix).
+// GITHUB_TOKEN/GH_TOKEN are intentionally absent; isSensitiveEnvName() also
+// catches them via the _TOKEN suffix. Users can opt any var in via the allowlist.
+const SAFE_GITHUB_ENV_NAMES = new Set([
+  "GITHUB_ACTION",
+  "GITHUB_ACTION_PATH",
+  "GITHUB_ACTION_REPOSITORY",
+  "GITHUB_ACTIONS",
+  "GITHUB_ACTOR",
+  "GITHUB_ACTOR_ID",
+  "GITHUB_API_URL",
+  "GITHUB_BASE_REF",
+  "GITHUB_ENV",
+  "GITHUB_EVENT_NAME",
+  "GITHUB_EVENT_PATH",
+  "GITHUB_GRAPHQL_URL",
+  "GITHUB_HEAD_REF",
+  "GITHUB_JOB",
+  "GITHUB_OUTPUT",
+  "GITHUB_PATH",
+  "GITHUB_REF",
+  "GITHUB_REF_NAME",
+  "GITHUB_REF_PROTECTED",
+  "GITHUB_REF_TYPE",
+  "GITHUB_REPOSITORY",
+  "GITHUB_REPOSITORY_ID",
+  "GITHUB_REPOSITORY_OWNER",
+  "GITHUB_REPOSITORY_OWNER_ID",
+  "GITHUB_RETENTION_DAYS",
+  "GITHUB_RUN_ATTEMPT",
+  "GITHUB_RUN_ID",
+  "GITHUB_RUN_NUMBER",
+  "GITHUB_SERVER_URL",
+  "GITHUB_SHA",
+  "GITHUB_STEP_SUMMARY",
+  "GITHUB_TRIGGERING_ACTOR",
+  "GITHUB_WORKFLOW",
+  "GITHUB_WORKFLOW_REF",
+  "GITHUB_WORKFLOW_SHA",
+  "GITHUB_WORKSPACE",
+]);
+
+// exact var names safe to pass through (system + runner image toolchain)
+const SAFE_ENV_NAMES = new Set([
+  // system
+  "CI",
+  "HOME",
+  "LANG",
+  "LOGNAME",
+  "PATH",
+  "SHELL",
+  "SHLVL",
+  "TERM",
+  "TMPDIR",
+  "TZ",
+  "USER",
+  "XDG_CONFIG_HOME",
+  "XDG_RUNTIME_DIR",
+  "DEBIAN_FRONTEND",
+  // runner image toolchain
+  "ACCEPT_EULA",
+  "AGENT_TOOLSDIRECTORY",
+  "ANDROID_HOME",
+  "ANDROID_NDK",
+  "ANDROID_NDK_HOME",
+  "ANDROID_NDK_LATEST_HOME",
+  "ANDROID_NDK_ROOT",
+  "ANDROID_SDK_ROOT",
+  "ANT_HOME",
+  "AZURE_EXTENSION_DIR",
+  "BOOTSTRAP_HASKELL_NONINTERACTIVE",
+  "CHROME_BIN",
+  "CHROMEWEBDRIVER",
+  "CONDA",
+  "DOTNET_MULTILEVEL_LOOKUP",
+  "DOTNET_NOLOGO",
+  "DOTNET_SKIP_FIRST_TIME_EXPERIENCE",
+  "EDGEWEBDRIVER",
+  "GECKOWEBDRIVER",
+  "GHCUP_INSTALL_BASE_PREFIX",
+  "GRADLE_HOME",
+  "JAVA_HOME",
+  "HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS",
+  "HOMEBREW_NO_AUTO_UPDATE",
+  "ImageOS",
+  "ImageVersion",
+  "NVM_DIR",
+  "PIPX_BIN_DIR",
+  "PIPX_HOME",
+  "PSModulePath",
+  "SELENIUM_JAR_PATH",
+  "SGX_AESM_ADDR",
+  "SWIFT_PATH",
+  "VCPKG_INSTALLATION_ROOT",
+]);
+
+let _userAllowlist: Set<string> | null = null;
+
+export function setEnvAllowlist(raw: string): void {
+  const names = raw
+    .split("\n")
+    .map((line) => line.trim())
+    .filter(Boolean);
+  _userAllowlist = new Set(names);
+}
+
+function isSafeEnvVar(key: string): boolean {
+  if (SAFE_ENV_NAMES.has(key)) return true;
+  if (SAFE_GITHUB_ENV_NAMES.has(key)) return true;
+  return SAFE_ENV_PREFIXES.some((p) => key.startsWith(p));
+}
+
+/** filter env vars using default-deny allowlist: safe set + user allowlist */
+export function filterEnv(): Record<string, string> {
+  const filtered: Record<string, string> = {};
+  for (const [key, value] of Object.entries(process.env)) {
+    if (value === undefined) continue;
+    const userAllowed = _userAllowlist?.has(key) ?? false;
+    if (isSensitiveEnvName(key) && !userAllowed) continue;
+    if (isSafeEnvVar(key) || userAllowed) {
+      filtered[key] = value;
+    }
+  }
+  return filtered;
+}
+
+export type EnvMode = "restricted" | "inherit" | Record<string, string>;
+
+/**
+ * resolve env mode to actual env object
+ * - "restricted" (default): filterEnv() — only safe set + user allowlist
+ * - "inherit": full process.env
+ * - object: custom env merged with restricted base
+ */
+export function resolveEnv(mode: EnvMode | undefined): Record<string, string | undefined> {
+  if (mode === "inherit") {
+    return process.env;
+  }
+  if (mode === "restricted" || mode === undefined) {
+    return filterEnv();
+  }
+  // custom env object - merge with restricted base
+  return { ...filterEnv(), ...mode };
+}