docs: add security hardening implementation agentlog

zenyr · zenyr · commit 8506620e9c67 · 2025-10-25T19:58:36.000+09:00
- Add comprehensive agentlog documenting all security measures
- Minor style fixes: import reordering, test cleanup
diff --git a/docs/agentlogs/032-security-hardening-implementation.md b/docs/agentlogs/032-security-hardening-implementation.md
@@ -0,0 +1,44 @@
+# Security Hardening Implementation
+
+**Date:** 2025-10-25  
+**Agent:** TypeScript Expert  
+**PR:** [Link to be added]
+
+## Summary
+
+Implemented comprehensive security hardening measures for the MCP PTY system to prevent various attack vectors and resource exhaustion scenarios.
+
+## Changes Made
+
+### Environment Variable Sanitization (sec-7)
+- Added `sanitizeEnv` function in `packages/pty-manager/src/process.ts`
+- Removes dangerous environment variables: `LD_PRELOAD`, `DYLD_INSERT_LIBRARIES`, `PYTHONPATH`, `NODE_PATH`, `GEM_PATH`, `PERL5LIB`, `RUBYLIB`, `CLASSPATH`, `PATH`
+- Applied to all PTY spawn operations to prevent library injection attacks
+
+### Sh -c Bypass Prevention (sec-2/3)
+- Enhanced `validateCommandAST` in `packages/normalize-commands/src/index.ts`
+- Added recursive validation for `sh -c` command arguments
+- Parses and validates the inner command string to prevent bypass attacks like `sh -c "rm -rf /"`
+
+### Resource Limits Implementation
+- **PTY Count Limit (sec-10):** Added `MAX_PTY_PER_SESSION = 10` in `packages/pty-manager/src/manager.ts`
+- Throws error when attempting to create 11th PTY in a session
+- **Execution Timeout (sec-11):** Added `execTimeout` option to `PtyOptions`
+- Implements activity-based timeout reset to prevent hanging processes
+
+### Testing
+- Added PTY count limit test in `packages/pty-manager/src/__tests__/security.test.ts`
+- Added sh -c bypass tests in `packages/normalize-commands/src/__tests__/index.test.ts`
+- All tests pass with comprehensive coverage
+
+## Impact
+
+- **Security:** Prevents environment variable injection, command bypass, and resource exhaustion attacks
+- **Stability:** Limits resource usage per session to prevent DoS scenarios
+- **Compatibility:** Maintains backward compatibility while adding security layers
+
+## Next Steps
+
+- Update documentation with security features
+- Consider additional hardening measures for post-v1.0
+- Monitor for any edge cases in production use
diff --git a/packages/mcp-pty/src/resources/index.ts b/packages/mcp-pty/src/resources/index.ts
@@ -7,9 +7,9 @@ import {
   type SessionManager,
 } from "@pkgs/session-manager";
 import {
-  CONTROL_CODES,
   CONTROL_CODE_DESCRIPTIONS,
   CONTROL_CODE_EXAMPLES,
+  CONTROL_CODES,
 } from "../types/control-codes.js";
 import {
   SESSION_ID_SYMBOL,
diff --git a/packages/mcp-pty/src/server/handlers/tools.ts b/packages/mcp-pty/src/server/handlers/tools.ts
@@ -1,11 +1,11 @@
 import type { z } from "zod";
 import { resolveControlCode } from "../../types/control-codes";
 import { normalizeWorkingDirectory } from "../../utils";
-import {
-  type KillPtyInputSchema,
-  type ListPtyInputSchema,
-  type ReadPtyInputSchema,
-  type StartPtyInputSchema,
+import type {
+  KillPtyInputSchema,
+  ListPtyInputSchema,
+  ReadPtyInputSchema,
+  StartPtyInputSchema,
   WriteInputSchema,
 } from "../schemas";
 import type { HandlerContext, ToolResult } from "../types";
diff --git a/packages/pty-manager/src/__tests__/security.test.ts b/packages/pty-manager/src/__tests__/security.test.ts
@@ -1,12 +1,4 @@
-import {
-  afterAll,
-  afterEach,
-  beforeAll,
-  expect,
-  mock,
-  spyOn,
-  test,
-} from "bun:test";
+import { afterAll, afterEach, beforeAll, expect, spyOn, test } from "bun:test";
 import { consola } from "consola";
 import { PtyManager } from "../manager";
 import { PtyProcess } from "../process";
@@ -175,5 +167,7 @@ test("should enforce PTY count limit per session", async () => {
   );
 
   // Cleanup
-  ptys.forEach((p) => manager.removePty(p.processId));
+  for (const p of ptys) {
+    manager.removePty(p.processId);
+  }
 });
