Skip to content

feat: add security scanner for .rules.ts files#145

Merged
rhuanbarreto merged 4 commits into
mainfrom
feat/rule-sandbox-scanner
Mar 23, 2026
Merged

feat: add security scanner for .rules.ts files#145
rhuanbarreto merged 4 commits into
mainfrom
feat/rule-sandbox-scanner

Conversation

@rhuanbarreto

Copy link
Copy Markdown
Contributor

Summary

Adds a pre-execution AST scanner that blocks dangerous patterns in .rules.ts files before they are dynamically imported. This is the static analysis security gate described in the rule sandbox plan.

  • Scanner (src/engine/rule-scanner.ts) — Uses Bun.Transpiler + meriyah (1.5MB, zero deps, pure JS) to parse rule files into an ESTree AST and walk every node checking for banned patterns
  • Loader integration (src/engine/loader.ts) — Scans each .rules.ts file before import(). If any violation is found, the file is not imported or executed and archgate check exits with an error
  • Performance — ~170us per file, ~5ms for 26 rule files (27x faster than shelling out to oxlint)

Blocked patterns

Pattern Detection
Dangerous imports (node:fs, child_process, net, http, vm, etc.) ImportDeclaration source matching
Bun APIs (Bun.spawn, Bun.write, Bun.file, Bun.$) MemberExpression property check
fetch() CallExpression callee check
eval(), new Function() CallExpression / NewExpression check
Computed property access (Bun[x], globalThis[x]) MemberExpression computed flag
Dynamic import(variable) ImportExpression non-literal source
Global mutation (globalThis.x = ..., process.env = ...) AssignmentExpression left-hand check

Safe modules allowed: node:path, node:url, node:util, node:crypto

New dependency justification

meriyah (7.1.0) — ESTree-compliant JavaScript parser. Added as devDependency (bundled into compiled binary via bun build --compile). Zero transitive dependencies, 1.5MB. Required because: Bun has no built-in JavaScript AST parser API; oxlint has no embeddable library API; oxc-parser's NAPI bridge is slower for small files (268us vs 167us).

Test plan

  • 45 unit tests for scanRuleSource() covering all banned patterns, safe modules, TypeScript syntax, multiple violations, and location reporting
  • 6 integration tests for loader security verifying that malicious rules are blocked and clean rules pass
  • bun run validate passes (lint + typecheck + format + 544 tests + 22 ADR checks + build)
  • Security docs updated (EN + pt-BR)

rhuanbarreto and others added 2 commits March 23, 2026 02:27
Implement a pre-execution AST scanner that blocks dangerous patterns
in rule files before they are dynamically imported. Uses Bun.Transpiler
to strip TypeScript + meriyah to parse the JS AST + a custom walker
to detect banned patterns (~170us per file, 5ms for 26 rules).

Blocked patterns:
- Dangerous imports: node:fs, child_process, net, http, vm, etc.
- Bun APIs: Bun.spawn, Bun.write, Bun.file, Bun.$
- Network: fetch()
- Code generation: eval(), new Function()
- Obfuscation: Bun[variable], globalThis[variable], import(variable)
- Global mutation: globalThis.x = ..., process.env = ...

Safe modules allowed: node:path, node:url, node:util, node:crypto.

Integration: scanner runs in loader.ts before import(), blocks with
logError() per violation and throws on any match. archgate check
exits with error if any rule file fails scanning.

Includes 45 unit tests for the scanner and 6 integration tests for
loader security. Updates security docs (EN + pt-BR) with the new
trust model.
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Mar 23, 2026

Copy link
Copy Markdown

Deploying archgate-cli with  Cloudflare Pages  Cloudflare Pages

Latest commit: e960004
Status: ✅  Deploy successful!
Preview URL: https://13e89c16.archgate-cli.pages.dev
Branch Preview URL: https://feat-rule-sandbox-scanner.archgate-cli.pages.dev

View logs

archgatebot Bot and others added 2 commits March 23, 2026 01:28
Fix all missing Portuguese diacritical marks in the pt-BR security
documentation (segurança, não, código, você, funções, etc.).

Update GEN-002 (Documentation Internationalization) ADR to enforce
correct diacritical marks in Portuguese translations as a Do/Don't
rule, preventing this from recurring.
@rhuanbarreto rhuanbarreto merged commit 1148af6 into main Mar 23, 2026
10 checks passed
@rhuanbarreto rhuanbarreto deleted the feat/rule-sandbox-scanner branch March 23, 2026 01:36
@github-actions github-actions Bot mentioned this pull request Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant