a9e377570c
Adds entropy section to DEFAULT_POLICY and wires it into entropy-scanner.
Users can now tune false-positive tradeoffs without forking the scanner.
Policy shape (.llm-security/policy.json):
entropy:
thresholds.{critical,high,medium}.{entropy,minLen} — numeric overrides
suppress_extensions[] — additive ext skip
suppress_line_patterns[] — additional regex
suppress_paths[] — relPath substrings
Wiring: entropy-scanner calls loadPolicy(targetPath) at scan entry (not
orchestrator-passed — avoids signature churn across 10 scanners). Module-
level state is reset per scan invocation. Scanner envelope now includes
calibration.{policy_source, thresholds, files_skipped_by_*} for
synthesizer transparency (Commit 5).
Malformed user regex silently skipped. Missing policy.json → built-in
defaults (backwards-compatible).
entropy.test.mjs: 9/9 still green.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
163 lines
4.4 KiB
JavaScript
163 lines
4.4 KiB
JavaScript
// policy-loader.mjs — Central policy file reader for distributable hook configuration
|
|
// Reads .llm-security/policy.json from project root. Falls back to defaults
|
|
// matching existing hardcoded behavior when no policy file exists.
|
|
// Zero external dependencies.
|
|
|
|
import { readFileSync } from 'node:fs';
|
|
import { join } from 'node:path';
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Default policy — matches all existing hardcoded values exactly
|
|
// ---------------------------------------------------------------------------
|
|
|
|
const DEFAULT_POLICY = Object.freeze({
|
|
version: '1.0',
|
|
injection: {
|
|
mode: 'block',
|
|
medium_advisory: true,
|
|
custom_patterns: [],
|
|
},
|
|
trifecta: {
|
|
mode: 'warn',
|
|
window_size: 20,
|
|
long_horizon_window: 100,
|
|
},
|
|
secrets: {
|
|
additional_patterns: [],
|
|
allowed_paths: [],
|
|
},
|
|
destructive: {
|
|
additional_blocked: [],
|
|
allowed_commands: [],
|
|
},
|
|
pathguard: {
|
|
additional_protected: [],
|
|
allowed_paths: [],
|
|
},
|
|
supply_chain: {
|
|
additional_blocked_packages: [],
|
|
trusted_registries: [],
|
|
},
|
|
mcp: {
|
|
trusted_servers: [],
|
|
volume_threshold_bytes: 100_000,
|
|
},
|
|
audit: {
|
|
log_path: null,
|
|
events: ['trifecta', 'injection', 'secrets', 'destructive'],
|
|
},
|
|
ci: {
|
|
failOn: null,
|
|
compact: false,
|
|
},
|
|
entropy: {
|
|
thresholds: {
|
|
critical: { entropy: 5.4, minLen: 128 },
|
|
high: { entropy: 5.1, minLen: 64 },
|
|
medium: { entropy: 4.7, minLen: 40 },
|
|
},
|
|
// User-extensible extension skip list — merged with built-in defaults.
|
|
suppress_extensions: [],
|
|
// Additional line-level regex sources (string or array of strings compiled at load).
|
|
suppress_line_patterns: [],
|
|
// Substring matches against relative path — plain contains, no glob.
|
|
suppress_paths: [],
|
|
},
|
|
});
|
|
|
|
// Cache loaded policy per project root
|
|
const cache = new Map();
|
|
|
|
/**
|
|
* Resolve project root from env or cwd.
|
|
* @param {string} [explicitRoot]
|
|
* @returns {string}
|
|
*/
|
|
function resolveRoot(explicitRoot) {
|
|
return explicitRoot || process.env.CLAUDE_PROJECT_ROOT || process.cwd();
|
|
}
|
|
|
|
/**
|
|
* Deep merge two objects (source overrides target).
|
|
* @param {object} target
|
|
* @param {object} source
|
|
* @returns {object}
|
|
*/
|
|
function deepMerge(target, source) {
|
|
const result = { ...target };
|
|
for (const key of Object.keys(source)) {
|
|
if (
|
|
source[key] !== null &&
|
|
typeof source[key] === 'object' &&
|
|
!Array.isArray(source[key]) &&
|
|
typeof target[key] === 'object' &&
|
|
!Array.isArray(target[key])
|
|
) {
|
|
result[key] = deepMerge(target[key], source[key]);
|
|
} else {
|
|
result[key] = source[key];
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* Load policy from .llm-security/policy.json.
|
|
* Returns defaults if no policy file exists or if parsing fails.
|
|
* Cached per project root (per process).
|
|
*
|
|
* @param {string} [projectRoot] - Explicit root, or derived from env/cwd
|
|
* @returns {object} Merged policy with defaults
|
|
*/
|
|
export function loadPolicy(projectRoot) {
|
|
const root = resolveRoot(projectRoot);
|
|
|
|
if (cache.has(root)) return cache.get(root);
|
|
|
|
const policyPath = join(root, '.llm-security', 'policy.json');
|
|
let policy;
|
|
|
|
try {
|
|
const raw = readFileSync(policyPath, 'utf-8');
|
|
const parsed = JSON.parse(raw);
|
|
policy = deepMerge(DEFAULT_POLICY, parsed);
|
|
} catch {
|
|
// No policy file or invalid JSON — use defaults
|
|
policy = { ...DEFAULT_POLICY };
|
|
}
|
|
|
|
cache.set(root, policy);
|
|
return policy;
|
|
}
|
|
|
|
/**
|
|
* Get a specific policy value with fallback.
|
|
* Environment variables ALWAYS take precedence over policy file values.
|
|
*
|
|
* @param {string} section - Policy section (e.g. 'injection', 'trifecta')
|
|
* @param {string} key - Key within section (e.g. 'mode', 'window_size')
|
|
* @param {*} defaultValue - Fallback if neither policy nor default has the value
|
|
* @param {string} [projectRoot] - Explicit root
|
|
* @returns {*}
|
|
*/
|
|
export function getPolicyValue(section, key, defaultValue, projectRoot) {
|
|
const policy = loadPolicy(projectRoot);
|
|
const sectionObj = policy[section];
|
|
if (sectionObj && key in sectionObj) return sectionObj[key];
|
|
return defaultValue;
|
|
}
|
|
|
|
/**
|
|
* Get the full default policy (for documentation/example generation).
|
|
* @returns {object}
|
|
*/
|
|
export function getDefaultPolicy() {
|
|
return JSON.parse(JSON.stringify(DEFAULT_POLICY));
|
|
}
|
|
|
|
/**
|
|
* Reset cache (for testing only).
|
|
*/
|
|
export function _resetCacheForTest() {
|
|
cache.clear();
|
|
}
|