feat(security): add lensEnforcer (Permanent fix v3.1) + Sentinel Auditor & self-test

mrhpython · mrhpython · commit a4715adc225e · 2025-08-15T19:18:25.000+01:00
diff --git a/soulfield-v2-mvp/package.json b/soulfield-v2-mvp/package.json
@@ -10,7 +10,9 @@
   "scripts": {
     "test": "jest",
     "test:canary": "jest -i __tests__/sse-contract.test.js",
-    "start": "node -r dotenv/config src/index.js"
+    "start": "node -r dotenv/config src/index.js",
+    "audit": "node scripts/sentinel-audit.js",
+    "selftest:lens": "node scripts/selftest-lens.js"
   },
   "devDependencies": {
     "@types/jest": "^30.0.0",
diff --git a/soulfield-v2-mvp/scripts/selftest-lens.js b/soulfield-v2-mvp/scripts/selftest-lens.js
@@ -0,0 +1,43 @@
+/**
+ * Self-test: hit a route that purposefully returns no lens to
+ * confirm the enforcer quarantines the reply.
+ * Exits 0 when quarantine detected, 1 otherwise.
+ */
+const http = require('http');
+const BASE = process.env.SF_BASE || 'http://localhost:3001'\;
+
+function get(path) {
+  return new Promise((resolve, reject) => {
+    const req = http.get(BASE + path, (res) => {
+      let buf = '';
+      res.setEncoding('utf8');
+      res.on('data', (c) => (buf += c));
+      res.on('end', () => resolve({ status: res.statusCode, body: buf }));
+    });
+    req.on('error', reject);
+  });
+}
+
+(async () => {
+  try {
+    const { status, body } = await get('/__selftest/lens'); // see step 5
+    if (status !== 200) {
+      console.error('selftest: bad HTTP', status);
+      return process.exit(1);
+    }
+    const out = JSON.parse(body);
+    const quarantined =
+      out?.prefix === '[WARN]' &&
+      out?.policy?.route === 'AureaReview' &&
+      out?.meta?.lens?.error;
+    if (!quarantined) {
+      console.error('selftest: lensEnforcer DID NOT quarantine');
+      return process.exit(1);
+    }
+    console.log('selftest: lensEnforcer OK');
+    process.exit(0);
+  } catch (e) {
+    console.error('selftest error:', e?.message || e);
+    process.exit(1);
+  }
+})();
diff --git a/soulfield-v2-mvp/scripts/sentinel-audit.js b/soulfield-v2-mvp/scripts/sentinel-audit.js
@@ -0,0 +1,60 @@
+/**
+ * Sentinel Auditor (CI-safe)
+ * Checks that /aurea/consult-sentences and /council/consult-sentences
+ * return bodies with valid lens metadata.
+ * Exit code 0 => OK, 1 => contract violation.
+ */
+const http = require('http');
+
+const BASE = process.env.SF_BASE || 'http://localhost:3001'\;
+const routes = [
+  '/aurea/consult-sentences',
+  '/council/consult-sentences'
+];
+
+function postJSON(path, data) {
+  return new Promise((resolve, reject) => {
+    const payload = Buffer.from(JSON.stringify(data));
+    const req = http.request(
+      BASE + path,
+      { method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': payload.length } },
+      (res) => {
+        let buf = '';
+        res.setEncoding('utf8');
+        res.on('data', (c) => (buf += c));
+        res.on('end', () => resolve({ status: res.statusCode, headers: res.headers, body: buf }));
+      }
+    );
+    req.on('error', reject);
+    req.write(payload);
+    req.end();
+  });
+}
+
+function validLens(body) {
+  try {
+    const out = typeof body === 'string' ? JSON.parse(body) : body;
+    return out?.meta?.lens && Array.isArray(out.meta.lens.passed) && !out.meta.lens.error;
+  } catch { return false; }
+}
+
+(async () => {
+  try {
+    for (const r of routes) {
+      const res = await postJSON(r, { text: 'Test input for v3.1 smoke' });
+      if (res.status !== 200) {
+        console.error(`[Sentinel] ${r} -> HTTP ${res.status}`);
+        process.exit(1);
+      }
+      if (!validLens(res.body)) {
+        console.error(`[Sentinel] ${r} -> lens contract FAILED`);
+        process.exit(1);
+      }
+    }
+    console.log('[Sentinel] All consult routes passed lens checks');
+    process.exit(0);
+  } catch (e) {
+    console.error('[Sentinel] error:', e?.message || e);
+    process.exit(1);
+  }
+})();
diff --git a/soulfield-v2-mvp/src/middleware/lensEnforcer.js b/soulfield-v2-mvp/src/middleware/lensEnforcer.js
@@ -1,57 +1,93 @@
 /**
- * LensEnforcer v3.1 – CI-safe response guard.
- * - If client requests SSE, ensure `text/event-stream` header.
- * - If client requests JSON, enforce:
- *   { meta: { lens: ... }, sentences: [ { tags: [...] }, ... ] }
- *   Allowed tags: 'fact' | 'intuition' | 'metaphor'
- *   On invalid/missing, return a tiny safe stub so CI can proceed.
+ * lensEnforcer (Permanent fix v3.1)
+ * - Wraps res.send() and validates the output contract.
+ * - If lens metadata is missing/failed, or content is “intuition-only” with no facts,
+ *   it quarantines the response (adds policy + meta.lens error) and logs a warning.
  */
+function isJsonLike(v) {
+  if (v == null) return false;
+  if (typeof v === 'object') return true;
+  if (typeof v === 'string') {
+    try { JSON.parse(v); return true; } catch { return false; }
+  }
+  return false;
+}
 
-const ALLOWED = new Set(['fact', 'intuition', 'metaphor']);
-
-function hasLensMeta(payload) {
-  return payload && typeof payload === 'object' && payload.meta && payload.meta.lens;
+function coerceBody(body) {
+  if (!isJsonLike(body)) return { raw: body };
+  return typeof body === 'string' ? JSON.parse(body) : body;
 }
 
-function sentencesAreValid(payload) {
-  const arr = Array.isArray(payload?.sentences) ? payload.sentences : [];
-  for (const s of arr) {
-    if (!Array.isArray(s?.tags)) return false;
-    for (const t of s.tags) if (!ALLOWED.has(t)) return false;
+function collectTags(out) {
+  // sentences[].tags or top-level tags
+  if (Array.isArray(out?.sentences)) {
+    return out.sentences.flatMap(s => Array.isArray(s?.tags) ? s.tags : []);
   }
+  return Array.isArray(out?.tags) ? out.tags : [];
+}
+
+function hasFacts(tags) {
+  return tags.some(t => (t?.type || t) === 'fact');
+}
+
+function onlyIntuition(tags) {
+  const tset = tags.map(t => t?.type || t);
+  // "intuition" present, but no *non*-intuition tag
+  return tset.includes('intuition') && tset.every(t => t === 'intuition');
+}
+
+function ensureLensShape(lens) {
+  if (!lens || typeof lens !== 'object') return false;
+  if (!Array.isArray(lens.passed)) return false;
   return true;
 }
 
-function safeStub() {
-  return {
-    meta: { lens: { status: 'missing/invalid' } },
-    sentences: [],
-  };
+function markQuarantine(out, reason) {
+  out.prefix = '[WARN]';
+  out.policy = Object.assign({ route: 'AureaReview' }, out.policy);
+  out.meta = out.meta || {};
+  out.meta.lens = out.meta.lens || {};
+  out.meta.lens.error = out.meta.lens.error || reason || 'lens-missing-or-invalid';
+  return out;
 }
 
-module.exports = function lensEnforcer() {
+function lensEnforcer() {
   return function (req, res, next) {
-    const accept = String(req.headers?.accept || '');
-
-    // Canary: if client wants SSE, advertise the right type.
-    if (accept.includes('text/event-stream')) {
-      res.setHeader('Content-Type', 'text/event-stream');
-    }
-
-    // Wrap res.json to validate JSON responses when client asked for JSON.
-    const wantsJson = accept.includes('application/json');
-    const originalJson = res.json.bind(res);
-
-    res.json = (body) => {
-      if (wantsJson) {
-        if (!hasLensMeta(body) || !sentencesAreValid(body)) {
-          // return safe stub; using originalJson to avoid recursion.
-          return originalJson(safeStub());
-        }
+    const _send = res.send.bind(res);
+    res.send = (body) => {
+      let out = coerceBody(body);
+
+      // If body isn't JSON‑ish, just forward
+      if (!isJsonLike(body)) return _send(body);
+
+      const lensOk = ensureLensShape(out?.meta?.lens) && !out?.meta?.lens?.error;
+      const tags = collectTags(out);
+      const intuitionOnly = onlyIntuition(tags);
+      const missingFactsWithIntuition = !hasFacts(tags) && tags.length > 0 && tags.includes('intuition');
+
+      let quarantined = false;
+      if (!lensOk) {
+        out = markQuarantine(out, 'lens-missing-or-invalid');
+        quarantined = true;
+      } else if (intuitionOnly || missingFactsWithIntuition) {
+        out = markQuarantine(out, 'intuition-unlabeled-or-no-facts');
+        quarantined = true;
       }
-      return originalJson(body);
-    };
 
+      if (quarantined) {
+        // terse log line, safe for journald/CI
+        try {
+          const id = out?.id || req.id || '-';
+          const route = req?.originalUrl || req?.url || '-';
+          console.warn('[LensEnforcer] quarantine', JSON.stringify({
+            id, route, reason: out?.meta?.lens?.error || 'unknown'
+          }));
+        } catch {}
+      }
+      return _send(typeof body === 'string' ? JSON.stringify(out) : out);
+    };
     next();
   };
-};
+}
+
+module.exports = { lensEnforcer };
