@every-env/cli/dist/utils/security.js

Multi-agent orchestrator for AI-powered development workflows

import { resolve } from 'path';
import { logger } from './logger.js';
/**
 * List of allowed commands for agent execution
 */
export const ALLOWED_COMMANDS = [
    'claude',
    'node',
    'npm',
    'yarn',
    'pnpm',
    'python',
    'python3',
    'pip',
    'pip3',
    'ruby',
    'bundle',
    'git',
    'gh',
];
/**
 * Validates that a file path is within the allowed base directory
 * @param filePath - The file path to validate
 * @param basePath - The base directory that the file must be within
 * @returns The normalized absolute path
 * @throws Error if path traversal is detected
 */
export function validatePath(filePath, basePath) {
    const normalizedBase = resolve(basePath);
    const normalizedPath = resolve(normalizedBase, filePath);
    if (!normalizedPath.startsWith(normalizedBase)) {
        throw new Error(`Path traversal attempt detected: ${filePath}`);
    }
    return normalizedPath;
}
/**
 * Validates that a command is in the allowed list
 * @param command - The command to validate
 * @throws Error if command is not allowed
 */
export function validateCommand(command) {
    // Check if it's a local claude installation
    if (command.endsWith('/.claude/local/claude')) {
        return;
    }
    // Extract just the command name from full paths
    const commandName = command.split('/').pop() || command;
    if (!ALLOWED_COMMANDS.includes(commandName)) {
        throw new Error(`Command '${command}' not allowed for security reasons. ` +
            `Allowed commands: ${ALLOWED_COMMANDS.join(', ')}`);
    }
}
/**
 * Sanitizes command arguments to prevent injection attacks
 * @param args - The arguments to sanitize
 * @returns Filtered array of safe arguments
 */
export function sanitizeArgs(args) {
    const dangerous = /[;&|`$()<>]/;
    return args.filter(arg => {
        if (dangerous.test(arg)) {
            logger.warn(`Filtered dangerous argument: ${arg}`);
            return false;
        }
        return true;
    });
}
/**
 * Creates a safe environment for child processes
 * @param env - The original environment variables
 * @returns Filtered environment variables
 */
export function createSafeEnvironment(env) {
    const safeEnv = {
        // Essential environment variables
        PATH: process.env.PATH || '',
        HOME: process.env.HOME || '',
        USER: process.env.USER || '',
        LANG: process.env.LANG || 'en_US.UTF-8',
        NODE_ENV: process.env.NODE_ENV || 'production',
    };
    // Add specific allowed variables from the provided env
    if (env) {
        const allowedKeys = [
            'CLAUDE_API_KEY',
            'OPENAI_API_KEY',
            'GITHUB_TOKEN',
            'NPM_TOKEN',
            'NODE_OPTIONS',
        ];
        for (const key of allowedKeys) {
            if (env[key]) {
                safeEnv[key] = env[key];
            }
        }
    }
    return safeEnv;
}
/**
 * Resource limits for process execution
 */
export const RESOURCE_LIMITS = {
    MAX_OUTPUT_SIZE: 10 * 1024 * 1024, // 10MB
    PROCESS_TIMEOUT: process.env.EVERY_ENV_TIMEOUT ? parseInt(process.env.EVERY_ENV_TIMEOUT) : 2 * 60 * 60 * 1000, // 2 hours default, can be overridden
    MAX_MEMORY: 512 * 1024 * 1024, // 512MB
};
//# sourceMappingURL=security.js.map