tweek 0.1.0__py3-none-any.whl

tweek/plugins/screening/llm_reviewer.py

@@ -0,0 +1,149 @@
+#!/usr/bin/env python3
+"""
+Tweek LLM Reviewer Screening Plugin
+
+Semantic analysis using LLM for risky/dangerous operations:
+- Sensitive path access detection
+- Data exfiltration potential
+- System configuration changes
+- Prompt injection indicators
+- Privilege escalation attempts
+
+Free and open source. Requires ANTHROPIC_API_KEY (BYOK).
+"""
+
+from typing import Optional, Dict, Any, List
+from tweek.plugins.base import (
+    ScreeningPlugin,
+    ScreeningResult,
+    Finding,
+    Severity,
+    ActionType,
+)
+
+
+class LLMReviewerPlugin(ScreeningPlugin):
+    """
+    LLM-based security reviewer plugin.
+
+    Uses a fast, cheap LLM (Claude Haiku) to analyze commands
+    that pass regex screening but may still be malicious.
+
+    Free and open source. Requires ANTHROPIC_API_KEY (BYOK).
+    """
+
+    VERSION = "1.0.0"
+    DESCRIPTION = "Semantic security analysis using LLM"
+    AUTHOR = "Tweek"
+    REQUIRES_LICENSE = "free"
+    TAGS = ["screening", "llm", "semantic-analysis"]
+
+    def __init__(self, config: Optional[Dict[str, Any]] = None):
+        super().__init__(config)
+        self._reviewer = None
+
+    @property
+    def name(self) -> str:
+        return "llm_reviewer"
+
+    def _get_reviewer(self):
+        """Lazy initialization of LLM reviewer."""
+        if self._reviewer is None:
+            try:
+                from tweek.security.llm_reviewer import LLMReviewer
+
+                self._reviewer = LLMReviewer(
+                    model=self._config.get("model", "claude-3-5-haiku-latest"),
+                    api_key=self._config.get("api_key"),
+                    timeout=self._config.get("timeout", 5.0),
+                    enabled=self._config.get("enabled", True),
+                )
+            except ImportError:
+                pass
+
+        return self._reviewer
+
+    def screen(
+        self,
+        tool_name: str,
+        content: str,
+        context: Dict[str, Any]
+    ) -> ScreeningResult:
+        """
+        Screen content using LLM semantic analysis.
+
+        Args:
+            tool_name: Name of the tool being invoked
+            content: Command or content to analyze
+            context: Should include 'tier', optionally 'tool_input', 'session_id'
+
+        Returns:
+            ScreeningResult with LLM analysis
+        """
+        reviewer = self._get_reviewer()
+        if reviewer is None or not reviewer.enabled:
+            return ScreeningResult(
+                allowed=True,
+                plugin_name=self.name,
+                reason="LLM reviewer not available or disabled",
+            )
+
+        tier = context.get("tier", "default")
+        tool_input = context.get("tool_input")
+        session_id = context.get("session_id")
+
+        result = reviewer.review(
+            command=content,
+            tool=tool_name,
+            tier=tier,
+            tool_input=tool_input,
+            session_context=f"session:{session_id}" if session_id else None,
+        )
+
+        # Convert RiskLevel to severity
+        from tweek.security.llm_reviewer import RiskLevel
+
+        risk_severity_map = {
+            RiskLevel.SAFE: Severity.LOW,
+            RiskLevel.SUSPICIOUS: Severity.MEDIUM,
+            RiskLevel.DANGEROUS: Severity.HIGH,
+        }
+
+        risk_level_map = {
+            RiskLevel.SAFE: "safe",
+            RiskLevel.SUSPICIOUS: "suspicious",
+            RiskLevel.DANGEROUS: "dangerous",
+        }
+
+        severity = risk_severity_map.get(result.risk_level, Severity.MEDIUM)
+        risk_level = risk_level_map.get(result.risk_level, "suspicious")
+
+        findings = []
+        if result.is_suspicious:
+            findings.append(Finding(
+                pattern_name="llm_review",
+                matched_text=content[:100],
+                severity=severity,
+                description=result.reason,
+                recommended_action=ActionType.ASK if result.should_prompt else ActionType.WARN,
+                metadata={
+                    "confidence": result.confidence,
+                    "model": self._config.get("model", "claude-3-5-haiku-latest"),
+                }
+            ))
+
+        return ScreeningResult(
+            allowed=not result.is_dangerous,
+            plugin_name=self.name,
+            reason=result.reason,
+            risk_level=risk_level,
+            confidence=result.confidence,
+            should_prompt=result.should_prompt,
+            findings=findings,
+            details=result.details,
+        )
+
+    def is_available(self) -> bool:
+        """Check if LLM reviewer is available and configured."""
+        reviewer = self._get_reviewer()
+        return reviewer is not None and reviewer.enabled

tweek/plugins/screening/pattern_matcher.py

@@ -0,0 +1,273 @@
+#!/usr/bin/env python3
+"""
+Tweek Pattern Matcher Screening Plugin
+
+Regex-based pattern matching for known attack vectors:
+- Credential access patterns
+- Data exfiltration patterns
+- Prompt injection patterns
+- Privilege escalation patterns
+
+FREE feature - available to all users.
+"""
+
+import re
+from pathlib import Path
+from typing import Optional, Dict, Any, List
+
+import yaml
+
+from tweek.plugins.base import (
+    ScreeningPlugin,
+    ScreeningResult,
+    Finding,
+    Severity,
+    ActionType,
+)
+
+
+class PatternMatcherPlugin(ScreeningPlugin):
+    """
+    Pattern matcher screening plugin.
+
+    Matches content against known attack patterns using regex.
+    Patterns are loaded from YAML configuration files.
+
+    FREE feature - all patterns available to all users.
+    """
+
+    VERSION = "1.0.0"
+    DESCRIPTION = "Regex-based pattern matching for known attack vectors"
+    AUTHOR = "Tweek"
+    REQUIRES_LICENSE = "free"
+    TAGS = ["screening", "pattern-matching", "regex"]
+
+    def __init__(self, config: Optional[Dict[str, Any]] = None):
+        super().__init__(config)
+        self._patterns: Optional[List[Dict]] = None
+        self._compiled: Dict[str, re.Pattern] = {}
+
+    @property
+    def name(self) -> str:
+        return "pattern_matcher"
+
+    def _load_patterns(self) -> List[Dict]:
+        """Load patterns from configuration files."""
+        if self._patterns is not None:
+            return self._patterns
+
+        self._patterns = []
+
+        # Try user patterns first
+        user_patterns = Path.home() / ".tweek" / "patterns" / "patterns.yaml"
+        bundled_patterns = Path(__file__).parent.parent.parent / "config" / "patterns.yaml"
+
+        patterns_path = None
+        if self._config.get("patterns_path"):
+            patterns_path = Path(self._config["patterns_path"])
+        elif user_patterns.exists():
+            patterns_path = user_patterns
+        elif bundled_patterns.exists():
+            patterns_path = bundled_patterns
+
+        if patterns_path and patterns_path.exists():
+            try:
+                with open(patterns_path) as f:
+                    data = yaml.safe_load(f) or {}
+                    self._patterns = data.get("patterns", [])
+            except (yaml.YAMLError, IOError):
+                pass
+
+        return self._patterns
+
+    def _get_compiled(self, pattern: str) -> Optional[re.Pattern]:
+        """Get or compile a regex pattern."""
+        if pattern not in self._compiled:
+            try:
+                self._compiled[pattern] = re.compile(pattern, re.IGNORECASE)
+            except re.error:
+                self._compiled[pattern] = None
+        return self._compiled[pattern]
+
+    def screen(
+        self,
+        tool_name: str,
+        content: str,
+        context: Dict[str, Any]
+    ) -> ScreeningResult:
+        """
+        Screen content against known attack patterns.
+
+        Args:
+            tool_name: Name of the tool being invoked
+            content: Command or content to screen
+            context: Additional context (unused for pattern matching)
+
+        Returns:
+            ScreeningResult with pattern match findings
+        """
+        patterns = self._load_patterns()
+        findings = []
+
+        for pattern_def in patterns:
+            regex = pattern_def.get("regex", "")
+            if not regex:
+                continue
+
+            compiled = self._get_compiled(regex)
+            if compiled is None:
+                continue
+
+            match = compiled.search(content)
+            if match:
+                severity_map = {
+                    "critical": Severity.CRITICAL,
+                    "high": Severity.HIGH,
+                    "medium": Severity.MEDIUM,
+                    "low": Severity.LOW,
+                }
+
+                action_map = {
+                    "block": ActionType.BLOCK,
+                    "warn": ActionType.WARN,
+                    "ask": ActionType.ASK,
+                    "allow": ActionType.ALLOW,
+                }
+
+                severity = severity_map.get(
+                    pattern_def.get("severity", "medium"),
+                    Severity.MEDIUM
+                )
+
+                action = action_map.get(
+                    pattern_def.get("action", "ask"),
+                    ActionType.ASK
+                )
+
+                findings.append(Finding(
+                    pattern_name=pattern_def.get("name", "unknown"),
+                    matched_text=match.group()[:100],  # Truncate
+                    severity=severity,
+                    description=pattern_def.get("description", ""),
+                    context=self._get_context(content, match.start()),
+                    recommended_action=action,
+                    metadata={
+                        "pattern_id": pattern_def.get("id"),
+                        "category": pattern_def.get("category"),
+                        "tags": pattern_def.get("tags", []),
+                    }
+                ))
+
+        if not findings:
+            return ScreeningResult(
+                allowed=True,
+                plugin_name=self.name,
+                risk_level="safe",
+            )
+
+        # Determine overall action
+        action_priority = [
+            ActionType.ALLOW,
+            ActionType.WARN,
+            ActionType.ASK,
+            ActionType.REDACT,
+            ActionType.BLOCK,
+        ]
+
+        max_action = ActionType.ALLOW
+        max_severity = Severity.LOW
+
+        for finding in findings:
+            if action_priority.index(finding.recommended_action) > action_priority.index(max_action):
+                max_action = finding.recommended_action
+            if list(Severity).index(finding.severity) > list(Severity).index(max_severity):
+                max_severity = finding.severity
+
+        # Determine risk level
+        risk_level = "safe"
+        if max_severity in (Severity.HIGH, Severity.CRITICAL):
+            risk_level = "dangerous"
+        elif max_severity == Severity.MEDIUM:
+            risk_level = "suspicious"
+
+        # Should prompt if action is ASK or BLOCK
+        should_prompt = max_action in (ActionType.ASK, ActionType.BLOCK)
+
+        return ScreeningResult(
+            allowed=max_action not in (ActionType.BLOCK,),
+            plugin_name=self.name,
+            reason=f"Matched {len(findings)} pattern(s): {', '.join(f.pattern_name for f in findings[:3])}",
+            risk_level=risk_level,
+            should_prompt=should_prompt,
+            findings=findings,
+            details={
+                "pattern_count": len(findings),
+                "max_severity": max_severity.value,
+            }
+        )
+
+    def _get_context(self, content: str, position: int, chars: int = 40) -> str:
+        """Get surrounding context for a match."""
+        start = max(0, position - chars)
+        end = min(len(content), position + chars)
+
+        prefix = "..." if start > 0 else ""
+        suffix = "..." if end < len(content) else ""
+
+        return f"{prefix}{content[start:end]}{suffix}"
+
+    def check(self, content: str) -> Optional[Dict]:
+        """
+        Simple check returning first matching pattern.
+
+        For compatibility with existing code.
+        """
+        patterns = self._load_patterns()
+
+        for pattern_def in patterns:
+            regex = pattern_def.get("regex", "")
+            if not regex:
+                continue
+
+            compiled = self._get_compiled(regex)
+            if compiled and compiled.search(content):
+                return pattern_def
+
+        return None
+
+    def check_all(self, content: str) -> List[Dict]:
+        """
+        Check content against all patterns, returning all matches.
+
+        For compatibility with existing code.
+        """
+        patterns = self._load_patterns()
+        matches = []
+
+        for pattern_def in patterns:
+            regex = pattern_def.get("regex", "")
+            if not regex:
+                continue
+
+            compiled = self._get_compiled(regex)
+            if compiled and compiled.search(content):
+                matches.append(pattern_def)
+
+        return matches
+
+    def get_pattern_count(self) -> int:
+        """Get total number of loaded patterns."""
+        return len(self._load_patterns())
+
+    def get_patterns_by_category(self) -> Dict[str, List[Dict]]:
+        """Get patterns grouped by category."""
+        patterns = self._load_patterns()
+        by_category: Dict[str, List[Dict]] = {}
+
+        for pattern in patterns:
+            category = pattern.get("category", "uncategorized")
+            if category not in by_category:
+                by_category[category] = []
+            by_category[category].append(pattern)
+
+        return by_category

tweek/plugins/screening/rate_limiter.py

@@ -0,0 +1,174 @@
+#!/usr/bin/env python3
+"""
+Tweek Rate Limiter Screening Plugin
+
+Wraps the rate limiter security module as a screening plugin.
+Detects resource theft attacks and abuse patterns:
+- Burst detection
+- Repeated command detection
+- Velocity anomalies
+- Circuit breaker pattern
+"""
+
+from typing import Optional, Dict, Any, List
+from tweek.plugins.base import (
+    ScreeningPlugin,
+    ScreeningResult,
+    Finding,
+    Severity,
+    ActionType,
+)
+
+
+class RateLimiterPlugin(ScreeningPlugin):
+    """
+    Rate limiter screening plugin.
+
+    Detects patterns indicating resource theft or automated abuse:
+    - Burst patterns (many commands in short window)
+    - Repeated identical commands
+    - Unusual velocity changes
+    - Dangerous tier spikes
+
+    Free and open source.
+    """
+
+    VERSION = "1.0.0"
+    DESCRIPTION = "Detect resource theft and abuse patterns via rate limiting"
+    AUTHOR = "Tweek"
+    REQUIRES_LICENSE = "free"
+    TAGS = ["screening", "rate-limiting", "abuse-detection"]
+
+    def __init__(self, config: Optional[Dict[str, Any]] = None):
+        super().__init__(config)
+        self._rate_limiter = None
+
+    @property
+    def name(self) -> str:
+        return "rate_limiter"
+
+    def _get_rate_limiter(self):
+        """Lazy initialization of rate limiter."""
+        if self._rate_limiter is None:
+            try:
+                from tweek.security.rate_limiter import (
+                    RateLimiter,
+                    RateLimitConfig,
+                    CircuitBreakerConfig,
+                )
+
+                # Build config from plugin config
+                rate_config = RateLimitConfig(
+                    burst_window=self._config.get("burst_window", 5),
+                    burst_threshold=self._config.get("burst_threshold", 15),
+                    max_per_minute=self._config.get("max_per_minute", 60),
+                    max_dangerous_per_minute=self._config.get("max_dangerous_per_minute", 10),
+                    max_same_command=self._config.get("max_same_command", 5),
+                    velocity_multiplier=self._config.get("velocity_multiplier", 3.0),
+                )
+
+                circuit_config = CircuitBreakerConfig(
+                    failure_threshold=self._config.get("circuit_failure_threshold", 5),
+                    open_timeout=self._config.get("circuit_open_timeout", 60),
+                )
+
+                self._rate_limiter = RateLimiter(
+                    config=rate_config,
+                    circuit_config=circuit_config,
+                )
+
+            except ImportError:
+                pass
+
+        return self._rate_limiter
+
+    def screen(
+        self,
+        tool_name: str,
+        content: str,
+        context: Dict[str, Any]
+    ) -> ScreeningResult:
+        """
+        Screen for rate limit violations.
+
+        Args:
+            tool_name: Name of the tool being invoked
+            content: Command or content
+            context: Must include 'session_id', optionally 'tier'
+
+        Returns:
+            ScreeningResult with rate limit decision
+        """
+        rate_limiter = self._get_rate_limiter()
+        if rate_limiter is None:
+            return ScreeningResult(
+                allowed=True,
+                plugin_name=self.name,
+                reason="Rate limiter not available",
+            )
+
+        session_id = context.get("session_id")
+        tier = context.get("tier")
+
+        # Only pass command for Bash tool
+        command = content if tool_name == "Bash" else None
+
+        result = rate_limiter.check(
+            tool_name=tool_name,
+            command=command,
+            session_id=session_id,
+            tier=tier,
+        )
+
+        if result.allowed:
+            return ScreeningResult(
+                allowed=True,
+                plugin_name=self.name,
+                risk_level="safe",
+                details=result.details,
+            )
+
+        # Convert violations to findings
+        findings = []
+        from tweek.security.rate_limiter import RateLimitViolation
+
+        violation_severity = {
+            RateLimitViolation.BURST: Severity.HIGH,
+            RateLimitViolation.REPEATED_COMMAND: Severity.MEDIUM,
+            RateLimitViolation.HIGH_VOLUME: Severity.MEDIUM,
+            RateLimitViolation.DANGEROUS_SPIKE: Severity.HIGH,
+            RateLimitViolation.VELOCITY_ANOMALY: Severity.MEDIUM,
+            RateLimitViolation.CIRCUIT_OPEN: Severity.CRITICAL,
+        }
+
+        for violation in result.violations:
+            findings.append(Finding(
+                pattern_name=f"rate_limit_{violation.value}",
+                matched_text=f"{tool_name}: {content[:50]}...",
+                severity=violation_severity.get(violation, Severity.MEDIUM),
+                description=f"Rate limit violation: {violation.value}",
+                recommended_action=ActionType.ASK,
+            ))
+
+        return ScreeningResult(
+            allowed=False,
+            plugin_name=self.name,
+            reason=result.message,
+            risk_level="dangerous" if result.is_circuit_open else "suspicious",
+            should_prompt=True,
+            details=result.details,
+            findings=findings,
+        )
+
+    def get_session_stats(self, session_id: str) -> Dict[str, Any]:
+        """Get statistics for a session."""
+        rate_limiter = self._get_rate_limiter()
+        if rate_limiter:
+            return rate_limiter.get_session_stats(session_id)
+        return {}
+
+    def reset_circuit(self, session_id: str) -> None:
+        """Reset circuit breaker for a session."""
+        rate_limiter = self._get_rate_limiter()
+        if rate_limiter:
+            rate_limiter.reset_circuit(session_id)