UNPKG

magicrune-cli

Version:

Complete security framework for safe execution of AI-generated and external code with risk analysis, signature verification, and sandbox isolation

github.com/NishizukaKoichi/magicrune

NishizukaKoichi/magicrune

110 lines (90 loc) 2.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
const { spawn } = require('child_process'); const path = require('path'); const os = require('os'); const ext = os.platform() === 'win32' ? '.exe' : ''; const binaryPath = path.join(__dirname, 'bin', `magicrune${ext}`); /** * Execute MagicRune command programmatically * @param {string} command - Command to execute * @param {Object} options - Execution options * @returns {Promise<{success: boolean, output: string, verdict: string}>} */ async function run(command, options = {}) { return new Promise((resolve, reject) => { const args = ['run', command]; if (options.signature) { args.push('--signature', options.signature); } if (options.forceSandbox) { args.push('--force-sandbox'); } const child = spawn(binaryPath, args, { env: process.env, cwd: options.cwd || process.cwd(), }); let stdout = ''; let stderr = ''; child.stdout.on('data', (data) => { stdout += data.toString(); }); child.stderr.on('data', (data) => { stderr += data.toString(); }); child.on('error', (err) => { reject(err); }); child.on('exit', (code) => { const output = stdout + stderr; // Parse verdict from output let verdict = 'Unknown'; if (output.includes('(Green)')) verdict = 'Green'; else if (output.includes('(Yellow)')) verdict = 'Yellow'; else if (output.includes('(Red)')) verdict = 'Red'; resolve({ success: code === 0, output: output, verdict: verdict, exitCode: code, }); }); }); } /** * Analyze command for external sources * @param {string} command - Command to analyze * @returns {Promise<{isExternal: boolean, detections: Array}>} */ async function analyze(command) { return new Promise((resolve, reject) => { const child = spawn(binaryPath, ['dryrun', command], { env: process.env, }); let stdout = ''; child.stdout.on('data', (data) => { stdout += data.toString(); }); child.on('error', (err) => { reject(err); }); child.on('exit', (code) => { const isExternal = stdout.includes('External source detected'); // Parse detections from output const detections = []; const lines = stdout.split('\n'); for (const line of lines) { if (line.includes('- ')) { detections.push(line.trim().substring(2)); } } resolve({ isExternal, detections, }); }); }); } module.exports = { run, analyze, binaryPath, };