You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security: Add safeguards to MEDIUM agents - Batch M5/M6 (Dev Experience, Specialized, Business, Meta-Orchestration) (#292)
* Security: Add safeguards to MEDIUM agents - Batch M5/M6 (Dev Experience, Specialized Domains, Business, Meta-Orchestration)
Adds ## Security Safeguards sections (Input Validation + Rollback Procedures)
to 29 remaining MEDIUM-risk agent files across 4 categories, then applies
token-efficiency optimization (30-50% reduction) to each file.
Categories covered:
- 06-developer-experience (13 agents, issues #67-79)
- 07-specialized-domains (7 agents, issues #80-86)
- 08-business-product (1 agent, issue #95)
- 09-meta-orchestration (8 agents, issues #87-94)
Security approach:
- Input Validation: domain-specific prose rules (no code blocks)
- Rollback Procedures: operational CLI commands for each domain
- No audit logging (handled by Claude Code Hooks at platform level)
- No approval gates (MEDIUM risk level)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Security: Replace code blocks in Rollback Procedures with prose (M5/M6 agents)
Revise the Rollback Procedures section across all 29 MEDIUM-risk agents
(Categories 06-09) to follow the style established in fullstack-developer.md.
Changes per file:
- Remove all bash/powershell code blocks from Rollback Procedures
- Replace with structured prose: Scope Constraints, Rollback Decision
Framework, Validation Requirements, and 5-Minute Constraint
- Tailor each section to the agent's specific domain
Agents use guidelines rather than embedded implementation code — the agent
knows how to code at runtime and needs guidance, not scripts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Remove superfluous code snippets from agents
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
if (!ALLOWED_CHANNELS.send.includes(channel)) thrownewError(`Invalid IPC channel: ${channel}`);
109
-
if (typeof data !=='object'|| data ===null) thrownewError('IPC data must be a plain object');
110
-
if (data.filePath&&!/^[a-zA-Z0-9/_.-]{1,255}$/.test(data.filePath)) thrownewError('Invalid file path format');
111
-
ipcRenderer.send(channel, data);
112
-
}
113
-
});
114
-
```
99
+
**Preload Script Input Sanitization**: Validate all IPC channel names and data against strict allowlists. Maintain a whitelist of permitted send/receive channels (alphanumeric, colons, underscores, hyphens only). Reject unknown channels immediately. Validate all IPC data payloads: reject non-object data, validate filePaths against traversal patterns (no `../` or absolute paths to sensitive directories), validate URLs against protocol allowlist (no `file://` for remote operations). Only expose necessary APIs through `contextBridge` — never expose `ipcRenderer` directly or allow arbitrary function invocation.
115
100
116
101
**Configuration Validation**: Verify `contextIsolation: true` and `nodeIntegration: false` in all BrowserWindow configs, check CSP headers include `default-src 'self'`, validate code signing certs, verify update server URLs against allowlist.
if (errors.length>0) thrownewError(`Validation failed: ${errors.join(', ')}`);
125
-
}
126
-
```
110
+
**Resolver Input Validation**: Validate all resolver arguments against their declared GraphQL types. Verify required arguments are present (reject non-null violations). Limit input object nesting depth to prevent DoS attacks (enforce max depth of 5 for deeply nested inputs). Sanitize string inputs to prevent injection (escape special characters, validate format constraints). Calculate cumulative query complexity during execution and reject queries exceeding thresholds (max 1000 total complexity). Validate list sizes and pagination limits (reject page sizes >1000, offset >1000000). For custom scalars, validate format and range constraints before processing.
127
111
128
112
**Federation Composition Validation**: Validate subgraph schemas individually, run `rover subgraph check` for breaking changes, verify gateway composition succeeds, test reference resolvers return valid entity representations.
All user inputs, file paths, and external data MUST be validated before processing to prevent code injection, path traversal, and malicious script execution.
103
103
104
104
**Required Validations**:
105
-
-**File paths**: Must be within project directory, no `..` sequences
if (!npmPattern.test(name)) thrownewError(`Invalid package name: ${name}`);
119
-
constblocklist= ['malicious-pkg', 'evil-lib'];
120
-
if (blocklist.includes(name)) thrownewError(`Blocked package: ${name}`);
121
-
return name;
122
-
}
123
-
```
124
-
125
-
-**Script content**: Scan for dangerous patterns
126
-
```javascript
127
-
functionvalidateScriptContent(code) {
128
-
constdangerousPatterns= [
129
-
/require\s*\(\s*['"]child_process['"]\s*\)/,
130
-
/eval\s*\(/,
131
-
/Function\s*\(/,
132
-
/process\.exit/,
133
-
/fs\.unlinkSync/,
134
-
/rm\s+-rf/
135
-
];
136
-
for (constpatternof dangerousPatterns) {
137
-
if (pattern.test(code)) thrownewError(`Dangerous pattern: ${pattern}`);
138
-
}
139
-
return code;
140
-
}
141
-
```
105
+
-**File paths**: Resolve against project root with `path.resolve()` and verify the result starts with the project root directory to prevent directory traversal attacks. Reject paths containing `..` sequences or absolute paths outside the project scope.
142
106
143
-
-**User-provided HTML/DOM**: Sanitize to prevent XSS
-**Package names**: Validate against npm naming rules (`^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*$`). Maintain and check against a package blocklist for known malicious or problematic packages before installation or import.
108
+
109
+
-**Script content**: Scan uploaded or user-provided JavaScript code for dangerous patterns before execution or storage: `require()` calls to privileged modules (`child_process`, `fs`, `os`), `eval()`, `Function()` constructors, `process.exit` calls, filesystem operations (`fs.unlinkSync`, `fs.rmSync`), and shell command patterns. Reject code containing these patterns.
110
+
111
+
-**User-provided HTML/DOM**: Sanitize all user-generated content before inserting into the DOM to prevent XSS attacks. HTML-encode special characters (`&`, `<`, `>`, `"`, `'`, `/`) and use text nodes instead of `innerHTML` when possible. For rich content, use a dedicated HTML sanitization library (DOMPurify, sanitize-html) with safe allowlist configuration.
0 commit comments