feat: initial open marketplace with llm-security, config-audit, ultraplan-local

plugins/llm-security/hooks/scripts/pre-write-pathguard.mjs

@@ -0,0 +1,181 @@
+#!/usr/bin/env node
+// Hook: pre-write-pathguard.mjs
+// Event: PreToolUse (Write)
+// Purpose: Block writes to sensitive paths (.env, .ssh/, .aws/, credentials, etc.)
+//
+// Protocol:
+//   - Read JSON from stdin: { tool_name, tool_input }
+//   - tool_input.file_path — destination path
+//   - Block: stderr + exit 2
+//   - Allow: exit 0
+
+import { readFileSync } from 'node:fs';
+import { basename, normalize, resolve } from 'node:path';
+
+// ---------------------------------------------------------------------------
+// Sensitive path patterns — 8 categories
+// ---------------------------------------------------------------------------
+
+/** Category 1: Environment files */
+const ENV_PATTERNS = [
+  /[\\/]\.env$/,
+  /[\\/]\.env\.[a-z]+$/,          // .env.local, .env.production, etc.
+  /[\\/]\.env\.local$/,
+];
+
+/** Category 2: SSH directory */
+const SSH_PATTERNS = [
+  /[\\/]\.ssh[\\/]/,
+];
+
+/** Category 3: AWS credentials */
+const AWS_PATTERNS = [
+  /[\\/]\.aws[\\/]/,
+];
+
+/** Category 4: GPG directory */
+const GPG_PATTERNS = [
+  /[\\/]\.gnupg[\\/]/,
+];
+
+/** Category 5: Credential files */
+const CREDENTIAL_FILES = [
+  '.npmrc',
+  '.pypirc',
+  '.netrc',
+  '.docker/config.json',
+  'credentials.json',
+  'service-account.json',
+  'keyfile.json',
+];
+
+/** Category 6: Hook scripts (prevent hook tampering) */
+const HOOK_PATTERNS = [
+  /[\\/]\.claude[\\/].*hooks.*\.json$/,
+  /[\\/]hooks[\\/]scripts[\\/].*\.mjs$/,
+];
+
+/** Category 7: System directories */
+const SYSTEM_PATTERNS = [
+  /^\/etc[\\/]/,
+  /^\/usr[\\/]/,
+  /^\/var[\\/]/,
+];
+
+/** Category 8: Settings files */
+const SETTINGS_FILES = [
+  'settings.json',
+  'settings.local.json',
+];
+
+// ---------------------------------------------------------------------------
+// Path classification
+// ---------------------------------------------------------------------------
+
+/**
+ * Check if a file path targets a sensitive location.
+ * @param {string} filePath - The path to check
+ * @returns {{ blocked: boolean, category: string, reason: string }}
+ */
+function classifyPath(filePath) {
+  if (!filePath) return { blocked: false, category: '', reason: '' };
+
+  const norm = normalize(resolve(filePath));
+  const base = basename(norm);
+
+  // Category 1: Environment files
+  for (const pat of ENV_PATTERNS) {
+    if (pat.test(norm)) {
+      return { blocked: true, category: 'env', reason: `Environment file: ${base}` };
+    }
+  }
+
+  // Category 2: SSH
+  for (const pat of SSH_PATTERNS) {
+    if (pat.test(norm)) {
+      return { blocked: true, category: 'ssh', reason: `SSH directory: ${norm}` };
+    }
+  }
+
+  // Category 3: AWS
+  for (const pat of AWS_PATTERNS) {
+    if (pat.test(norm)) {
+      return { blocked: true, category: 'aws', reason: `AWS credentials directory: ${norm}` };
+    }
+  }
+
+  // Category 4: GPG
+  for (const pat of GPG_PATTERNS) {
+    if (pat.test(norm)) {
+      return { blocked: true, category: 'gnupg', reason: `GPG directory: ${norm}` };
+    }
+  }
+
+  // Category 5: Credential files
+  for (const name of CREDENTIAL_FILES) {
+    if (norm.endsWith(name) || base === name) {
+      return { blocked: true, category: 'credentials', reason: `Credential file: ${base}` };
+    }
+  }
+
+  // Category 6: Hook scripts
+  for (const pat of HOOK_PATTERNS) {
+    if (pat.test(norm)) {
+      return { blocked: true, category: 'hooks', reason: `Hook configuration: ${base}` };
+    }
+  }
+
+  // Category 7: System directories
+  for (const pat of SYSTEM_PATTERNS) {
+    if (pat.test(norm)) {
+      return { blocked: true, category: 'system', reason: `System directory: ${norm}` };
+    }
+  }
+
+  // Category 8: Settings files
+  for (const name of SETTINGS_FILES) {
+    if (base === name) {
+      // Only block settings.json in .claude/ directories
+      if (/[\\/]\.claude[\\/]/.test(norm) || /[\\/]\.vscode[\\/]/.test(norm)) {
+        return { blocked: true, category: 'settings', reason: `Settings file: ${norm}` };
+      }
+    }
+  }
+
+  return { blocked: false, category: '', reason: '' };
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+let input;
+try {
+  const raw = readFileSync(0, 'utf-8');
+  input = JSON.parse(raw);
+} catch {
+  process.exit(0);
+}
+
+const toolInput = input?.tool_input ?? {};
+const filePath = toolInput.file_path ?? '';
+
+if (!filePath) {
+  process.exit(0);
+}
+
+const result = classifyPath(filePath);
+
+if (result.blocked) {
+  process.stderr.write(
+    `\n[llm-security] PATH GUARD: Write blocked\n` +
+    `  Category: ${result.category}\n` +
+    `  Reason: ${result.reason}\n` +
+    `  Path: ${filePath}\n\n` +
+    `This path is protected. If this write is intentional, ` +
+    `ask the user to perform it manually.\n`
+  );
+  process.exit(2);
+}
+
+process.exit(0);