agent-fleet 0.1.0

Autonomous OSS-repo health for solo maintainers (Rust port of @p-vbordei/agent-fleet)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

//! gh-only sandbox (SPEC ยง6, S3+S4, C4).

use once_cell_compat::Lazy;
use regex::Regex;

// Lightweight Lazy without pulling once_cell.
mod once_cell_compat {
    use std::cell::UnsafeCell;
    use std::sync::Once;

    pub struct Lazy<T, F = fn() -> T> {
        once: Once,
        cell: UnsafeCell<Option<T>>,
        init: UnsafeCell<Option<F>>,
    }

    unsafe impl<T: Send + Sync, F: Send> Sync for Lazy<T, F> {}

    impl<T, F: FnOnce() -> T> Lazy<T, F> {
        pub const fn new(init: F) -> Self {
            Self {
                once: Once::new(),
                cell: UnsafeCell::new(None),
                init: UnsafeCell::new(Some(init)),
            }
        }

        pub fn get(&self) -> &T {
            self.once.call_once(|| {
                // Safety: only ever called once.
                let init = unsafe { (*self.init.get()).take().expect("init present") };
                unsafe {
                    *self.cell.get() = Some(init());
                }
            });
            unsafe { (*self.cell.get()).as_ref().expect("initialised") }
        }
    }
}

/// gh subcommand prefixes forbidden because they mutate code/PRs/existing issues.
pub const FORBIDDEN_GH_PREFIXES: &[&str] = &[
    "gh pr create",
    "gh pr close",
    "gh pr merge",
    "gh pr review",
    "gh pr edit",
    "gh issue close",
    "gh issue comment",
    "gh issue edit",
    "gh issue reopen",
    "gh issue delete",
    "gh release create",
    "gh release edit",
    "gh release delete",
    "gh release upload",
    "gh repo edit",
    "gh repo delete",
    "gh repo archive",
    "gh repo clone",
    "gh repo create",
    "gh repo fork",
    "gh repo rename",
    "gh repo sync",
    "gh workflow run",
    "gh workflow disable",
    "gh workflow enable",
    "gh secret set",
    "gh secret delete",
    "gh variable set",
    "gh variable delete",
    "gh label create",
    "gh label edit",
    "gh label delete",
];

static MUTATING_API_FLAGS: Lazy<Regex> =
    Lazy::new(|| Regex::new(r"-X\s+(POST|PUT|PATCH|DELETE)\b").unwrap());
static SHELL_METACHARS: Lazy<Regex> = Lazy::new(|| Regex::new(r"[|&;`$<>(){}\\]").unwrap());
static API_PATH_RE: Lazy<Regex> =
    Lazy::new(|| Regex::new(r"gh api(?:\s+-X\s+\w+)?\s+(\S+)").unwrap());
static ALLOWED_API_POST_PREFIXES: Lazy<Vec<Regex>> = Lazy::new(|| {
    vec![Regex::new(r"^/?repos/[^/]+/[^/]+/issues(\?|$)").unwrap()]
});

#[derive(Debug, Clone, PartialEq, Eq)]
pub enum AllowResult {
    Allowed,
    Denied(String),
}

impl AllowResult {
    pub fn allowed(&self) -> bool {
        matches!(self, AllowResult::Allowed)
    }
    pub fn reason(&self) -> Option<&str> {
        match self {
            AllowResult::Allowed => None,
            AllowResult::Denied(s) => Some(s.as_str()),
        }
    }
}

pub fn is_allowed_command(cmd: &str) -> AllowResult {
    let trimmed = cmd.trim();
    if trimmed.is_empty() {
        return AllowResult::Denied("empty command".into());
    }
    if SHELL_METACHARS.get().is_match(trimmed) {
        return AllowResult::Denied("shell metacharacters not permitted".into());
    }
    if !(trimmed.starts_with("gh ") || trimmed == "gh") {
        return AllowResult::Denied("non-gh command rejected".into());
    }
    for prefix in FORBIDDEN_GH_PREFIXES {
        if trimmed == *prefix || trimmed.starts_with(&format!("{} ", prefix)) {
            return AllowResult::Denied(format!("forbidden gh subcommand: {}", prefix));
        }
    }
    if trimmed.starts_with("gh api") && MUTATING_API_FLAGS.get().is_match(trimmed) {
        let path = API_PATH_RE
            .get()
            .captures(trimmed)
            .and_then(|c| c.get(1).map(|m| m.as_str().to_string()))
            .unwrap_or_default();
        let ok = ALLOWED_API_POST_PREFIXES
            .get()
            .iter()
            .any(|re| re.is_match(&path));
        if !ok {
            return AllowResult::Denied(format!("forbidden mutating gh api path: {}", path));
        }
    }
    AllowResult::Allowed
}