Add AST-based security middleware and enforcement wiring
This commit is contained in:
@@ -45,4 +45,13 @@ Node payloads are persisted under the state root. Nodes do not inherit in-memory
|
||||
|
||||
## Security note
|
||||
|
||||
Tool clearance allowlists/banlists are currently data-model stubs. Enforcement must be implemented in the tool execution boundary before relying on these policies for hard guarantees.
|
||||
Security enforcement now lives in `src/security`:
|
||||
|
||||
- `bash-parser` AST parsing for shell command tokenization (`Command`/`Word` nodes).
|
||||
- Zod-validated shell/tool policy schemas.
|
||||
- `SecurityRulesEngine` for binary allowlists, path traversal checks, worktree boundaries, and tool clearance checks.
|
||||
- `SecureCommandExecutor` for controlled `child_process` execution with timeout + explicit env policy.
|
||||
|
||||
`PipelineExecutor` treats `SecurityViolationError` via configurable policy:
|
||||
- `hard_abort` (default): immediate pipeline termination.
|
||||
- `validation_fail`: maps to retry-unrolled remediation.
|
||||
|
||||
Reference in New Issue
Block a user