ai-space/goose
3
0
Fork 0
mirror of https://github.com/aaif-goose/goose.git synced 2026-06-01 22:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Automate OpenRouter API Key Distribution for External Recipe Contributors (#3198)

Browse Source 
Co-authored-by: w. ian douglas <ian.douglas@iandouglas.com>
This commit is contained in:
Ebony Louis
2025-08-28 18:37:09 -04:00
committed by GitHub
parent 1d0c08b3d3
commit 69bc978d00
15 changed files with 2557 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/pull_request_template.md
+8
View File
@@ -0,0 +1,8 @@
## Pull Request Description
<!-- Describe your changes here -->
---
<!-- For Recipe Cookbook Submissions ONLY: Include your email below to receive $10 OpenRouter credits once approved & merged -->
**Email**:
.github/scripts/send_key.py
+228
View File
@@ -0,0 +1,228 @@
import os
import requests
import re
import email_validator
from sendgrid import SendGridAPIClient
from sendgrid.helpers.mail import Mail
from python_http_client.exceptions import HTTPError
def fetch_pr_body(pr_url, github_token):
print("🔍 Fetching PR body...")
try:
pr_resp = requests.get(
pr_url,
headers={"Authorization": f"Bearer {github_token}"}
)
pr_resp.raise_for_status()
except requests.exceptions.RequestException as e:
print("❌ Failed to fetch PR body:", str(e))
raise
return pr_resp.json()
def extract_email_from_text(text):
"""Extract email from text using various patterns"""
# Try PR template format: "**Email**: email@example.com"
email_match = re.search(r"\*\*Email\*\*:\s*([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})", text)
if email_match:
return email_match.group(1)
# Try other common email patterns
email_match = re.search(r"[Ee]mail:\s*([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})", text)
if email_match:
return email_match.group(1)
# Try general email pattern
email_match = re.search(r"\b([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})\b", text)
if email_match:
return email_match.group(1)
return None
def fetch_pr_comments(pr_url, github_token):
"""Fetch all comments on the PR"""
# Convert PR URL to comments URL
comments_url = pr_url.replace("/pulls/", "/issues/") + "/comments"
try:
comments_resp = requests.get(
comments_url,
headers={"Authorization": f"Bearer {github_token}"}
)
comments_resp.raise_for_status()
return comments_resp.json()
except requests.exceptions.RequestException as e:
print(f"⚠️ Failed to fetch PR comments: {e}")
return []
def validate_email_address(email):
"""Validate email address format and deliverability"""
try:
# Validate and get normalized email
valid_email = email_validator.validate_email(email)
normalized_email = valid_email.email
print(f"✅ Email validation passed: {normalized_email}")
return normalized_email
except email_validator.EmailNotValidError as e:
print(f"❌ Email validation failed: {e}")
return None
def extract_email(pr_body, pr_url, github_token):
"""Extract and validate email from PR body and comments"""
print("🔍 Searching for email in PR body...")
# First check PR body
email = extract_email_from_text(pr_body)
if email:
print(f"📧 Found email in PR body: {email}")
validated_email = validate_email_address(email)
if validated_email:
return validated_email
else:
print("⚠️ Email in PR body is invalid, checking comments...")
print("🔍 No valid email found in PR body, checking comments...")
# Check PR comments
comments = fetch_pr_comments(pr_url, github_token)
for comment in comments:
comment_body = comment.get("body", "")
email = extract_email_from_text(comment_body)
if email:
print(f"📧 Found email in comment by {comment.get('user', {}).get('login', 'unknown')}: {email}")
validated_email = validate_email_address(email)
if validated_email:
return validated_email
else:
print("⚠️ Email in comment is invalid, continuing search...")
# No valid email found anywhere
print("❌ No valid email found in PR body or comments. Skipping key issuance.")
exit(0)
def provision_api_key(provisioning_api_key):
print("🔐 Creating OpenRouter key...")
try:
key_resp = requests.post(
"https://openrouter.ai/api/v1/keys/",
headers={
"Authorization": f"Bearer {provisioning_api_key}",
"Content-Type": "application/json"
},
json={
"name": "Goose Contributor",
"label": "goose-cookbook",
"limit": 10.0
}
)
key_resp.raise_for_status()
except requests.exceptions.RequestException as e:
print("❌ Failed to provision API key:", str(e))
raise
return key_resp.json()["key"]
def send_email(email, api_key, sendgrid_api_key):
print("📤 Sending email via SendGrid...")
try:
sg = SendGridAPIClient(sendgrid_api_key)
from_email = "Goose Team <goose@opensource.block.xyz>"
subject = "🎉 Your Goose Contributor API Key"
html_content = f"""
<p>Thanks for contributing to the Goose Recipe Cookbook!</p>
<p>Here's your <strong>$10 OpenRouter API key</strong>:</p>
<p><code>{api_key}</code></p>
<p>Happy vibe-coding!<br> The Goose Team 🪿</p>
"""
message = Mail(
from_email=from_email,
to_emails=email,
subject=subject,
html_content=html_content
)
response = sg.send(message)
print(f"✅ Email sent successfully! Status code: {response.status_code}")
# Check for potential issues even on "success"
if response.status_code >= 300:
print(f"⚠️ Warning: Unexpected status code {response.status_code}")
print(f"Response body: {response.body}")
return False
return True
except HTTPError as e:
# Specific SendGrid HTTP errors
status_code = e.status_code
error_body = e.body
if status_code == 401:
print("❌ SendGrid authentication failed - invalid API key")
elif status_code == 403:
print("❌ SendGrid authorization failed - API key lacks permissions")
elif status_code == 429:
print("❌ SendGrid rate limit exceeded - too many requests")
elif status_code == 400:
print(f"❌ SendGrid bad request - invalid email data: {error_body}")
elif status_code >= 500:
print(f"❌ SendGrid server error ({status_code}) - try again later")
else:
print(f"❌ SendGrid HTTP error {status_code}: {error_body}")
print(f"Full error details: {e}")
return False
except ValueError as e:
print(f"❌ Invalid email format or API key: {e}")
return False
except Exception as e:
print(f"❌ Unexpected error sending email: {type(e).__name__}: {e}")
return False
def comment_on_pr(github_token, repo_full_name, pr_number, email):
print("💬 Commenting on PR...")
comment_url = f"https://api.github.com/repos/{repo_full_name}/issues/{pr_number}/comments"
try:
comment_resp = requests.post(
comment_url,
headers={
"Authorization": f"Bearer {github_token}",
"Accept": "application/vnd.github+json"
},
json={
"body": f"✅ $10 OpenRouter API key sent to `{email}`. Thanks for your contribution to the Goose Cookbook!"
}
)
comment_resp.raise_for_status()
print("✅ Confirmation comment added to PR.")
except requests.exceptions.RequestException as e:
print("❌ Failed to comment on PR:", str(e))
raise
def main():
# Load environment variables
GITHUB_TOKEN = os.environ["GITHUB_TOKEN"]
PR_URL = os.environ["GITHUB_API_URL"]
PROVISIONING_API_KEY = os.environ["PROVISIONING_API_KEY"]
SENDGRID_API_KEY = os.environ["EMAIL_API_KEY"]
pr_data = fetch_pr_body(PR_URL, GITHUB_TOKEN)
pr_body = pr_data.get("body", "")
pr_number = pr_data["number"]
repo_full_name = pr_data["base"]["repo"]["full_name"]
email = extract_email(pr_body, PR_URL, GITHUB_TOKEN)
print(f"📬 Found email: {email}")
try:
api_key = provision_api_key(PROVISIONING_API_KEY)
print("✅ API key generated!")
if send_email(email, api_key, SENDGRID_API_KEY):
comment_on_pr(GITHUB_TOKEN, repo_full_name, pr_number, email)
except Exception as err:
print(f"❌ An error occurred: {err}")
if __name__ == "__main__":
main()
.github/workflows/create-recipe-pr.yml
-136
View File
@@ -1,136 +0,0 @@
name: Handle Recipe Submissions
on:
issues:
types: [opened, labeled]
permissions:
contents: write
issues: write
pull-requests: write
jobs:
create-recipe-pr:
if: ${{ github.event.label.name == 'recipe submission' || contains(github.event.issue.labels.*.name, 'recipe submission') }}
runs-on: ubuntu-latest
env:
PROVIDER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '20'
- name: Install and Configure Goose
run: |
mkdir -p /home/runner/.local/bin
curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh \
| CONFIGURE=false INSTALL_PATH=/home/runner/.local/bin bash
echo "/home/runner/.local/bin" >> $GITHUB_PATH
mkdir -p ~/.config/goose
cat <<EOF > ~/.config/goose/config.yaml
GOOSE_PROVIDER: openrouter
GOOSE_MODEL: "anthropic/claude-3.5-sonnet"
keyring: false
EOF
- name: Extract recipe YAML from issue
id: parse
run: |
ISSUE_BODY=$(jq -r .issue.body "$GITHUB_EVENT_PATH")
RECIPE_YAML=$(echo "$ISSUE_BODY" | awk '/```/,/```/' | sed '1d;$d')
echo "$RECIPE_YAML" > recipe.yaml
AUTHOR="${{ github.event.issue.user.login }}"
if ! grep -q "^author:" recipe.yaml; then
echo -e "\nauthor:\n contact: $AUTHOR" >> recipe.yaml
fi
TITLE=$(yq '.title' recipe.yaml | tr '[:upper:]' '[:lower:]' | tr -cs 'a-z0-9' '-')
echo "branch_name=add-recipe-${TITLE}" >> $GITHUB_OUTPUT
echo "recipe_title=${TITLE}" >> $GITHUB_OUTPUT
- name: Validate recipe.yaml with Goose
id: validate
continue-on-error: true
run: |
OUTPUT=$(goose recipe validate recipe.yaml 2>&1)
echo "$OUTPUT"
{
echo "validation_output<<EOF"
echo "$OUTPUT"
echo "EOF"
} >> "$GITHUB_OUTPUT"
- name: Post validation result to issue
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
VALIDATION_B64: ${{ steps.validate.outputs.validation_output }}
run: |
if [ "${{ steps.validate.outcome }}" == "failure" ]; then
OUTPUT=$(echo "$VALIDATION_B64" | base64 --decode)
COMMENT="❌ Recipe validation failed:\n\n\`\`\`\n$OUTPUT\n\`\`\`\nPlease fix the above issues and resubmit."
echo -e "$COMMENT" | gh issue comment "$ISSUE_NUMBER"
gh issue close "$ISSUE_NUMBER"
exit 1
else
gh issue comment "$ISSUE_NUMBER" --body "✅ Recipe validated successfully!"
fi
- name: Generate recipeUrl and save updated recipe
run: |
BASE64_ENCODED=$(cat recipe.yaml | base64 | tr -d '\n')
echo "" >> recipe.yaml
echo "recipeUrl: goose://recipe?config=${BASE64_ENCODED}" >> recipe.yaml
- name: Create branch and add file
env:
BRANCH_NAME: ${{ steps.parse.outputs.branch_name }}
run: |
git checkout -b "$BRANCH_NAME"
DEST_DIR="documentation/src/pages/recipes/data/recipes"
mkdir -p "$DEST_DIR"
ID=$(yq '.id' recipe.yaml)
if [ -f "$DEST_DIR/${ID}.yaml" ]; then
echo "❌ Recipe with ID '$ID' already exists. Aborting."
exit 1
fi
cp recipe.yaml "$DEST_DIR/${ID}.yaml"
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add "$DEST_DIR/${ID}.yaml"
git commit -m "Add recipe: ${ID}"
git push origin "$BRANCH_NAME"
- name: Create pull request
id: cpr
uses: peter-evans/create-pull-request@5e5b2916f4b4c9420e5e9b0dc4a6d292d30165d7
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.parse.outputs.branch_name }}
title: "Add recipe: ${{ steps.parse.outputs.recipe_title }}"
body: "This PR adds a new Goose recipe submitted via issue #${{ github.event.issue.number }}."
reviewers: |
EbonyLouis
angiejones
blackgirlbytes
- name: Comment and close issue
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
PR_URL: ${{ steps.cpr.outputs.pull-request-url }}
run: |
gh issue comment "$ISSUE_NUMBER" --body "🎉 Thanks for submitting your recipe! We've created a [PR]($PR_URL) to add it to the Cookbook."
gh issue close "$ISSUE_NUMBER"
.github/workflows/recipe-security-scanner.yml
+394
View File
@@ -0,0 +1,394 @@
name: Recipe Security Scan
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- 'documentation/src/pages/recipes/data/recipes/**'
concurrency:
group: scanner-${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: write
statuses: write
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
with:
egress-policy: audit
- name: Checkout PR
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Check if recipe files changed in this push
id: recipe_changes
run: |
set -e
echo "🔍 Checking if recipe files were modified in this push..."
# Get the list of changed files in this specific push
if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.action }}" = "synchronize" ]; then
# For synchronize events, check files changed since the previous commit
echo "📝 Synchronize event - checking files changed since previous commit"
CHANGED_FILES=$(git diff --name-only ${{ github.event.before }}..${{ github.event.after }})
else
# For opened/reopened, check all files in the PR
echo "📝 PR opened/reopened - checking all files in PR"
CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD)
fi
echo "Changed files in this push:"
echo "$CHANGED_FILES"
echo ""
# Check if any recipe files were changed
if echo "$CHANGED_FILES" | grep -q "^documentation/src/pages/recipes/data/recipes/"; then
echo "recipe_files_changed=true" >> "$GITHUB_OUTPUT"
echo "✅ Recipe files were modified in this push - proceeding with scan"
else
echo "recipe_files_changed=false" >> "$GITHUB_OUTPUT"
echo "️ No recipe files were modified in this push - skipping scan"
fi
- name: Ensure jq available
if: steps.recipe_changes.outputs.recipe_files_changed == 'true'
run: sudo apt-get update && sudo apt-get install -y jq
- name: Find recipe files in PR
id: find_recipes
if: steps.recipe_changes.outputs.recipe_files_changed == 'true'
run: |
set -e
echo "Looking for recipe files in PR..."
# Find all .yaml/.yml files in the recipes directory
RECIPE_FILES=$(find documentation/src/pages/recipes/data/recipes/ -name "*.yaml" -o -name "*.yml" 2>/dev/null || true)
if [ -z "$RECIPE_FILES" ]; then
echo "No recipe files found in PR"
echo "has_recipes=false" >> "$GITHUB_OUTPUT"
echo "recipe_count=0" >> "$GITHUB_OUTPUT"
else
echo "Found recipe files:"
echo "$RECIPE_FILES"
RECIPE_COUNT=$(echo "$RECIPE_FILES" | wc -l)
echo "has_recipes=true" >> "$GITHUB_OUTPUT"
echo "recipe_count=$RECIPE_COUNT" >> "$GITHUB_OUTPUT"
# Save recipe file paths for later steps
echo "$RECIPE_FILES" > "$RUNNER_TEMP/recipe_files.txt"
fi
- name: Set up Docker Buildx
if: steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
uses: docker/setup-buildx-action@1583c0f09d26c58c59d25b0eef29792b7ce99d9a
- name: Prune Docker caches
if: steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
run: |
docker buildx prune -af || true
docker system prune -af || true
- name: Build scanner image (no cache)
if: steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
env:
DOCKER_BUILDKIT: 1
IMAGE_TAG: ${{ github.sha }}
run: |
docker buildx build \
--pull \
--no-cache \
--load \
--platform linux/amd64 \
-t "recipe-scanner:${IMAGE_TAG}" \
-f recipe-scanner/Dockerfile \
recipe-scanner/
- name: Scan all recipe files
if: steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
TRAINING_DATA_LOW: ${{ secrets.TRAINING_DATA_LOW }}
TRAINING_DATA_MEDIUM: ${{ secrets.TRAINING_DATA_MEDIUM }}
TRAINING_DATA_EXTREME: ${{ secrets.TRAINING_DATA_EXTREME }}
IMAGE_TAG: ${{ github.sha }}
run: |
set -e
OUT="$RUNNER_TEMP/security-scan"
mkdir -p "$OUT"
# Set permissions for Docker container (scanner user is UID 1000)
sudo chmod -R 777 "$OUT" || true
# Initialize overall scan results
echo '{"scanned_recipes": [], "overall_status": "UNKNOWN", "failed_scans": 0}' > "$OUT/pr_scan_summary.json"
RECIPE_NUM=1
FAILED_SCANS=0
BLOCKED_RECIPES=0
# Scan each recipe file
while IFS= read -r RECIPE_FILE; do
if [ -f "$RECIPE_FILE" ]; then
echo "🔍 Scanning recipe $RECIPE_NUM: $RECIPE_FILE"
# Create output directory for this recipe
RECIPE_OUT="$OUT/recipe-$RECIPE_NUM"
mkdir -p "$RECIPE_OUT"
sudo chmod -R 777 "$RECIPE_OUT" || true
# Run scanner on this recipe with training data
if docker run --rm \
-e OPENAI_API_KEY="$OPENAI_API_KEY" \
-e TRAINING_DATA_LOW="$TRAINING_DATA_LOW" \
-e TRAINING_DATA_MEDIUM="$TRAINING_DATA_MEDIUM" \
-e TRAINING_DATA_EXTREME="$TRAINING_DATA_EXTREME" \
-v "$PWD/$RECIPE_FILE:/input/recipe.yaml:ro" \
-v "$RECIPE_OUT:/output" \
"recipe-scanner:${IMAGE_TAG}" 2>&1 | tee "$RECIPE_OUT/scan-log.txt"; then
echo "✅ Scan completed for recipe $RECIPE_NUM"
# Check scan result
if [ -f "$RECIPE_OUT/scan_status.json" ]; then
STATUS=$(jq -r .status "$RECIPE_OUT/scan_status.json" || echo "UNKNOWN")
RISK_LEVEL=$(jq -r .risk_level "$RECIPE_OUT/scan_status.json" || echo "UNKNOWN")
if [ "$STATUS" = "BLOCKED" ]; then
BLOCKED_RECIPES=$((BLOCKED_RECIPES + 1))
fi
# Check if risk level requires blocking (MEDIUM, HIGH, CRITICAL)
if [ "$RISK_LEVEL" = "MEDIUM" ] || [ "$RISK_LEVEL" = "HIGH" ] || [ "$RISK_LEVEL" = "CRITICAL" ]; then
BLOCKED_RECIPES=$((BLOCKED_RECIPES + 1))
echo "⚠️ Recipe $RECIPE_NUM blocked due to $RISK_LEVEL risk level"
fi
else
echo "⚠️ No scan_status.json found for recipe $RECIPE_NUM"
FAILED_SCANS=$((FAILED_SCANS + 1))
fi
else
echo "❌ Scan failed for recipe $RECIPE_NUM"
FAILED_SCANS=$((FAILED_SCANS + 1))
fi
RECIPE_NUM=$((RECIPE_NUM + 1))
fi
done < "$RUNNER_TEMP/recipe_files.txt"
# Determine overall status
if [ $FAILED_SCANS -gt 0 ]; then
OVERALL_STATUS="SCAN_FAILED"
elif [ $BLOCKED_RECIPES -gt 0 ]; then
OVERALL_STATUS="BLOCKED"
else
OVERALL_STATUS="APPROVED"
fi
# Update summary
jq --arg status "$OVERALL_STATUS" --argjson failed "$FAILED_SCANS" --argjson blocked "$BLOCKED_RECIPES" \
'.overall_status = $status | .failed_scans = $failed | .blocked_recipes = $blocked' \
"$OUT/pr_scan_summary.json" > "$OUT/pr_scan_summary_tmp.json" && \
mv "$OUT/pr_scan_summary_tmp.json" "$OUT/pr_scan_summary.json"
echo "📊 Scan Summary:"
echo "- Total recipes: $((RECIPE_NUM - 1))"
echo "- Failed scans: $FAILED_SCANS"
echo "- Blocked recipes: $BLOCKED_RECIPES"
echo "- Overall status: $OVERALL_STATUS"
- name: Upload scan artifacts
if: always() && steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
uses: actions/upload-artifact@v4
with:
name: security-scan
path: ${{ runner.temp }}/security-scan/**
if-no-files-found: warn
retention-days: 10
- name: Post scan results to PR
if: always() && steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
uses: actions/github-script@v7
env:
WORKSPACE: ${{ github.workspace }}
RUNNER_TEMP: ${{ runner.temp }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const path = require('path');
const tempDir = process.env.RUNNER_TEMP;
const outDir = path.join(tempDir, 'security-scan');
// Read PR scan summary
const summaryPath = path.join(outDir, 'pr_scan_summary.json');
let summary = { overall_status: 'UNKNOWN', failed_scans: 0, blocked_recipes: 0 };
try {
if (fs.existsSync(summaryPath)) {
summary = JSON.parse(fs.readFileSync(summaryPath, 'utf8'));
}
} catch (e) {
console.log('Could not read PR scan summary:', e.message);
}
// Build comment based on overall results
let commentLines = ['🔍 **Recipe Security Scan Results**', ''];
if (summary.overall_status === 'APPROVED') {
commentLines.push('✅ **Status: APPROVED** - All recipes passed security scan');
} else if (summary.overall_status === 'BLOCKED') {
commentLines.push('❌ **Status: BLOCKED** - One or more recipes have MEDIUM risk or higher');
commentLines.push('');
commentLines.push('⚠️ **Merge Protection**: This PR cannot be merged until security concerns are addressed.');
commentLines.push('Repository maintainers can override this decision if needed.');
} else if (summary.overall_status === 'SCAN_FAILED') {
commentLines.push('⚠️ **Status: SCAN FAILED** - Technical issues during scanning');
} else {
commentLines.push('❓ **Status: UNKNOWN** - Could not determine scan results');
}
commentLines.push('');
// Add summary stats
const recipeFiles = fs.readdirSync(outDir).filter(name => name.startsWith('recipe-'));
commentLines.push(`📊 **Scan Summary:**`);
commentLines.push(`- Total recipes scanned: ${recipeFiles.length}`);
if (summary.blocked_recipes > 0) {
commentLines.push(`- Blocked recipes: ${summary.blocked_recipes}`);
}
if (summary.failed_scans > 0) {
commentLines.push(`- Failed scans: ${summary.failed_scans}`);
}
// Add individual recipe results
if (recipeFiles.length > 0) {
commentLines.push('', '📋 **Individual Recipe Results:**');
recipeFiles.forEach((recipeDir, index) => {
const recipePath = path.join(outDir, recipeDir);
const statusPath = path.join(recipePath, 'scan_status.json');
let status = 'UNKNOWN';
let risk = 'UNKNOWN';
try {
if (fs.existsSync(statusPath)) {
const statusData = JSON.parse(fs.readFileSync(statusPath, 'utf8'));
status = statusData.status || 'UNKNOWN';
risk = statusData.risk_level || 'UNKNOWN';
}
} catch (e) {
status = 'SCAN_ERROR';
}
const statusEmoji = status === 'APPROVED' ? '✅' :
status === 'BLOCKED' ? '❌' :
status === 'ALLOWED_WITH_WARNINGS' ? '⚠️' : '❓';
commentLines.push(`${statusEmoji} Recipe ${index + 1}: ${status} (${risk} risk)`);
});
}
commentLines.push('', `🔗 **View detailed scan results in the [workflow artifacts](https://github.com/${context.repo.owner}/${context.repo.repo}/actions).**`);
const comment = commentLines.join('\n');
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body: comment
});
- name: Set GitHub status check
if: always() && steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
uses: actions/github-script@v7
env:
RUNNER_TEMP: ${{ runner.temp }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const path = require('path');
const tempDir = process.env.RUNNER_TEMP;
const outDir = path.join(tempDir, 'security-scan');
// Read PR scan summary
const summaryPath = path.join(outDir, 'pr_scan_summary.json');
let summary = { overall_status: 'UNKNOWN' };
try {
if (fs.existsSync(summaryPath)) {
summary = JSON.parse(fs.readFileSync(summaryPath, 'utf8'));
}
} catch (e) {
console.log('Could not read PR scan summary:', e.message);
}
// Determine GitHub status
let state, description;
if (summary.overall_status === 'APPROVED') {
state = 'success';
description = 'All recipes passed security scan';
} else if (summary.overall_status === 'BLOCKED') {
state = 'failure';
description = 'One or more recipes failed security scan';
} else if (summary.overall_status === 'SCAN_FAILED') {
state = 'error';
description = 'Technical issues during security scan';
} else {
state = 'error';
description = 'Could not determine scan results';
}
// Set status check
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: context.payload.pull_request.head.sha,
state: state,
target_url: `${context.payload.pull_request.html_url}/checks`,
description: description,
context: 'security-scan/recipe-scanner'
});
- name: Final scan result
if: always()
run: |
# Check if recipe files were changed in this push
if [ "${{ steps.recipe_changes.outputs.recipe_files_changed }}" = "false" ]; then
# No recipe files were modified in this push - scan skipped
exit 0
fi
OUT="$RUNNER_TEMP/security-scan"
SUMMARY_FILE="$OUT/pr_scan_summary.json"
if [ -f "$SUMMARY_FILE" ]; then
OVERALL_STATUS=$(jq -r .overall_status "$SUMMARY_FILE")
echo "📊 Final scan result: $OVERALL_STATUS"
if [ "$OVERALL_STATUS" = "BLOCKED" ]; then
echo "::error::One or more recipes have MEDIUM risk or higher - PR merge blocked"
echo "Repository maintainers can override this decision if needed"
exit 1
elif [ "$OVERALL_STATUS" = "APPROVED" ]; then
echo "::notice::All recipes APPROVED by security scan"
else
echo "::error::Scan did not complete successfully - check artifacts for details"
exit 1
fi
else
echo "::error::No scan summary found - scan may have failed completely"
exit 1
fi
.github/workflows/reply-to-recipe.yml
-30
View File
@@ -1,30 +0,0 @@
name: Auto-reply to Recipe Submissions
on:
issues:
types: [opened]
jobs:
thank-you-comment:
if: contains(github.event.issue.title, '[Recipe]')
runs-on: ubuntu-latest
steps:
- name: Add thank-you comment
uses: actions/github-script@v7
with:
script: |
const commentBody = [
"🎉 Thanks for submitting your Goose recipe to the Cookbook!",
"",
"We appreciate you sharing your workflow with the community — our team will review your submission soon.",
"If accepted, itll be added to the [Goose Recipes Cookbook](https://block.github.io/goose/recipes) and youll receive LLM credits as a thank-you!",
"",
"Stay tuned — and keep those recipes coming 🧑‍🍳🔥"
].join('\n');
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
.github/workflows/send-api-key.yml
+32
View File
@@ -0,0 +1,32 @@
name: Send API Key on PR Merge
on:
pull_request:
types: [closed]
paths:
- 'documentation/src/pages/recipes/data/recipes/**'
jobs:
send-api-key:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install dependencies and run email script
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_API_URL: ${{ github.event.pull_request.url }}
PROVISIONING_API_KEY: ${{ secrets.PROVISIONING_API_KEY }}
EMAIL_API_KEY: ${{ secrets.SENDGRID_API_KEY }}
run: |
pip install requests sendgrid email-validator
python .github/scripts/send_key.py
.github/workflows/validate-recipe-pr.yml
+200
View File
@@ -0,0 +1,200 @@
name: Validate Recipe PR
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- 'documentation/src/pages/recipes/data/recipes/**'
permissions:
contents: read
pull-requests: write
jobs:
validate-recipe:
runs-on: ubuntu-latest
env:
PROVIDER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
steps:
- name: Checkout PR
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '20'
- name: Install and Configure Goose
run: |
mkdir -p /home/runner/.local/bin
curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh \
| CONFIGURE=false INSTALL_PATH=/home/runner/.local/bin bash
echo "/home/runner/.local/bin" >> $GITHUB_PATH
mkdir -p ~/.config/goose
cat <<EOF > ~/.config/goose/config.yaml
GOOSE_PROVIDER: openrouter
GOOSE_MODEL: "anthropic/claude-3.5-sonnet"
keyring: false
EOF
- name: Find and validate recipe files
id: validate
run: |
echo "🔍 Looking for recipe files..."
RECIPE_FILES=$(find documentation/src/pages/recipes/data/recipes/ -name "*.yaml" -o -name "*.yml" 2>/dev/null || true)
if [ -z "$RECIPE_FILES" ]; then
echo "❌ No recipe files found in the correct location!"
echo "📁 Please add your recipe to: documentation/src/pages/recipes/data/recipes/"
echo "validation_status=no_files" >> $GITHUB_OUTPUT
exit 1
fi
echo "Found recipe files:"
echo "$RECIPE_FILES"
ALL_VALID=true
VALIDATION_OUTPUT=""
# First pass: Basic YAML validation
while IFS= read -r RECIPE_FILE; do
if [ -f "$RECIPE_FILE" ]; then
echo "🔍 Validating: $RECIPE_FILE"
if OUTPUT=$(goose recipe validate "$RECIPE_FILE" 2>&1); then
echo "✅ Valid: $RECIPE_FILE"
VALIDATION_OUTPUT="${VALIDATION_OUTPUT}✅ $RECIPE_FILE: VALID\n"
else
echo "❌ Invalid: $RECIPE_FILE"
echo "$OUTPUT"
VALIDATION_OUTPUT="${VALIDATION_OUTPUT}❌ $RECIPE_FILE: INVALID\n\`\`\`\n$OUTPUT\n\`\`\`\n"
ALL_VALID=false
fi
fi
done <<< "$RECIPE_FILES"
# Second pass: Check for duplicate filenames
if [ "$ALL_VALID" = true ]; then
echo "🔍 Checking for duplicate filenames..."
# Check for duplicate filenames first
SEEN_FILENAMES=""
while IFS= read -r RECIPE_FILE; do
if [ -f "$RECIPE_FILE" ]; then
FILENAME=$(basename "$RECIPE_FILE" .yaml)
FILENAME=$(basename "$FILENAME" .yml)
echo "📋 Checking filename: '$FILENAME'"
# Check if we've seen this filename before in this PR
if echo "$SEEN_FILENAMES" | grep -q "^$FILENAME$"; then
echo "❌ Duplicate filename '$FILENAME' found in this PR"
VALIDATION_OUTPUT="${VALIDATION_OUTPUT}❌ Duplicate filename '$FILENAME' found in this PR\n"
ALL_VALID=false
else
SEEN_FILENAMES="$SEEN_FILENAMES\n$FILENAME"
fi
# Check if this is a new file or an update to existing file
# Get list of changed files in this PR compared to base branch
CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD | grep "^$RECIPE_FILE$" || true)
EXISTING_FILES=$(find documentation/src/pages/recipes/data/recipes/ -name "$FILENAME.yaml" -o -name "$FILENAME.yml" | grep -v "^$RECIPE_FILE$" || true)
if [ -n "$EXISTING_FILES" ] && [ -z "$CHANGED_FILES" ]; then
# File exists in repo but is not being modified - this is a new duplicate
echo "❌ Recipe filename '$FILENAME' already exists:"
echo "$EXISTING_FILES"
VALIDATION_OUTPUT="${VALIDATION_OUTPUT}❌ $RECIPE_FILE: Filename '$FILENAME' already exists in: $EXISTING_FILES\n"
ALL_VALID=false
elif [ -n "$EXISTING_FILES" ] && [ -n "$CHANGED_FILES" ]; then
# File exists and is being modified - this is an update
echo "✅ Updating existing recipe: '$FILENAME'"
else
# File doesn't exist - this is a new recipe
echo "✅ New recipe filename '$FILENAME' is unique"
fi
echo "✅ Filename '$FILENAME' validation complete"
fi
done <<< "$RECIPE_FILES"
fi
# Save validation output for use in comment
echo "$VALIDATION_OUTPUT" > /tmp/validation_output.txt
if [ "$ALL_VALID" = true ]; then
echo "validation_status=valid" >> $GITHUB_OUTPUT
else
echo "validation_status=invalid" >> $GITHUB_OUTPUT
fi
- name: Comment validation results
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const status = '${{ steps.validate.outputs.validation_status }}';
let comment;
if (status === 'no_files') {
comment = `❌ **Recipe Validation Failed**
No recipe files found in the correct location!
📁 **Please add your recipe to**: \`documentation/src/pages/recipes/data/recipes/your-recipe-id.yaml\`
**Example**: If your recipe ID is \`web-scraper\`, create:
\`documentation/src/pages/recipes/data/recipes/web-scraper.yaml\``;
} else if (status === 'valid') {
comment = `✅ **Recipe Validation Passed**
Your recipe(s) are valid and ready for review!
🔍 **Next Steps**:
1. Our team will review your recipe
2. If approved, we'll run a security scan
3. Once merged, you'll receive $10 in OpenRouter credits (if email provided)
Thanks for contributing to the Goose Recipe Cookbook! 🎉`;
} else {
// Read validation details from file
let validationDetails = '';
try {
validationDetails = fs.readFileSync('/tmp/validation_output.txt', 'utf8');
} catch (e) {
validationDetails = 'See workflow logs for details.';
}
comment = `❌ **Recipe Validation Failed**
Please fix the validation errors and push your changes:
${validationDetails}
📚 Check our [Recipe Guide](https://block.github.io/goose/recipes) for help with the correct format.`;
}
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body: comment
});
- name: Set validation status
if: always()
env:
VALIDATION_STATUS: ${{ steps.validate.outputs.validation_status }}
run: |
if [ "$VALIDATION_STATUS" = "valid" ]; then
echo "✅ All recipes are valid"
exit 0
else
echo "❌ Recipe validation failed"
exit 1
fi
CONTRIBUTING_RECIPES.md
+147
View File
@@ -0,0 +1,147 @@
# 🍳 Contributing Recipes to Goose Cookbook
Thank you for your interest in contributing to the Goose Recipe Cookbook! This guide will walk you through the process of submitting your own recipe.
## 💰 Get Rewarded
**Approved recipe submissions receive $10 in OpenRouter LLM credits!** 🎉
## 🚀 Quick Start
1. [Fork this repository](https://github.com/block/goose/fork)
2. Add your recipe file here: `documentation/src/pages/recipes/data/recipes/`
3. Create a pull request
4. Include your email, in the PR description for credits
5. Get paid when approved & merged! 💸
## 📋 Step-by-Step Guide
### Step 1: Fork the Repository
Click the **"Fork"** button at the top of this repository to create your own copy.
### Step 2: Create Your Recipe File
1. **Navigate to**: `documentation/src/pages/recipes/data/recipes/`
2. **Create a new file**: `your-recipe-name.yaml`
3. **Important**: Choose a unique filename that describes your recipe
**Example**: For a web scraping recipe, create `web-scraper.yaml`
### Step 3: Write Your Recipe
Use this template structure:
```yaml
# Required fields
version: 1.0.0
title: "Your Recipe Name" # Should match your filename
description: "Brief description of what your recipe does"
instructions: "Detailed instructions for what the recipe should accomplish"
author:
contact: "your-github-username"
extensions:
- type: builtin
name: developer
activities:
- "Main activity 1"
- "Main activity 2"
- "Main activity 3"
prompt: |
Detailed prompt describing the task step by step.
Use {{ parameter_name }} to reference parameters.
Be specific and clear about what should be done.
# Optional fields
parameters:
- key: parameter_name
input_type: string
requirement: required
description: "Description of this parameter"
value: "default_value"
- key: optional_param
input_type: string
requirement: optional
description: "Description of optional parameter"
default: "default_value"
```
📚 **Need help with the format?** Check out the [Recipe Reference Guide](https://block.github.io/goose/docs/guides/recipes/recipe-reference) or [existing recipes](documentation/src/pages/recipes/data/recipes/) for examples.
### Step 4: Create a Pull Request
1. **Commit your changes** in your forked repository
2. **Go to the original repository** and click "New Pull Request"
3. **Fill out the PR template** - especially include your email for credits!
**Important**: Make sure to include your email in the PR description:
```markdown
**Email**: your.email@example.com
```
### Step 5: Wait for Review
Our team will:
1. ✅ **Validate** your recipe automatically
2. 👀 **Review** for quality and usefulness
3. 🔒 **Security scan** (if approved for review)
4. 🎉 **Merge** and send you $10 credits!
## ✅ Recipe Requirements
Your recipe should:
- [ ] **Work correctly** - Test it before submitting
- [ ] **Be useful** - Solve a real problem or demonstrate a valuable workflow
- [ ] **Follow the format** - Refer to the [Recipe Reference Guide](https://block.github.io/goose/docs/guides/recipes/recipe-reference)
- [ ] **Have a unique filename** - No conflicts with existing recipe files
### 📝 **Naming Guidelines:**
- **Filename**: Choose a descriptive, unique filename (e.g., `web-scraper.yaml`)
- **Title**: Should match your filename (e.g., `"Web Scraper"`)
## 🔍 Recipe Validation
Your recipe will be automatically validated for:
- ✅ **Correct YAML syntax**
- ✅ **Required fields present**
- ✅ **Proper structure**
- ✅ **Security compliance**
If validation fails, you'll get helpful feedback in the PR comments.
## 🎯 Recipe Ideas
Need inspiration? Consider recipes for:
- **Web scraping** workflows
- **Data processing** pipelines
- **API integration** tasks
- **File management** automation
- **Code generation** helpers
- **Testing** and validation
- **Deployment** processes
## 🆘 Need Help?
- 📖 **Browse existing recipes** for examples
- 💬 **Ask questions** in your PR
- 🐛 **Report issues** if something isn't working
- 📚 **Check the docs** at [block.github.io/goose](https://block.github.io/goose/docs/guides/recipes/)
## 🤝 Community Guidelines
- Be respectful and helpful
- Follow our code of conduct
- Keep recipes focused and practical
- Share knowledge and learn from others
---
**Ready to contribute?** [Fork the repo](https://github.com/block/goose/fork) and start creating!
*Questions? Ask in your PR or hop into [discord](https://discord.gg/block-opensource) - we're here to help!* 💙
documentation/src/pages/recipes/data/recipes/readme-bot.yaml
+2 -1
View File
@@ -32,4 +32,5 @@ prompt: |
6. If you are on main or master, create a new branch
7. If the only chance at this point is the modification to the the
README.md, create a new commit
8. Clean up after yourself, delete the README.tmp.md after use.
8. Clean up after yourself, delete the README.tmp.md after use.
documentation/src/pages/recipes/index.tsx
+1 -1
View File
@@ -95,7 +95,7 @@ export default function RecipePage() {
Recipes Cookbook
</h1>
<Button
onClick={() => window.open('https://github.com/block/goose/issues/new?template=submit-recipe.yml', '_blank')}
onClick={() => window.open('https://github.com/block/goose/blob/main/CONTRIBUTING_RECIPES.md', '_blank')}
className="bg-purple-600 hover:bg-purple-700 text-white flex items-center gap-2 cursor-pointer"
>
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
recipe-scanner/Dockerfile
+101
View File
@@ -0,0 +1,101 @@
FROM debian:bookworm-slim
# Install essential tools for monitoring and security scanning
# Also install X11 libraries needed by Goose CLI
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
bash \
coreutils \
iproute2 \
net-tools \
procps \
tcpdump \
strace \
inotify-tools \
clamav \
clamav-freshclam \
jq \
ripgrep \
sudo \
python3 \
bzip2 \
tar \
gnupg \
git \
libxcb1 \
libxcb-render0 \
libxcb-shape0 \
libxcb-xfixes0 \
libxkbcommon0 \
libgl1-mesa-glx \
&& rm -rf /var/lib/apt/lists/*
# Install Node.js (LTS) and npm/npx via NodeSource
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
apt-get update && apt-get install -y --no-install-recommends nodejs && \
npm --version && node --version && npx --version && \
rm -rf /var/lib/apt/lists/*
# Install Astral uv (provides 'uv' and 'uvx')
RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \
cp -f /root/.local/bin/uv /usr/local/bin/uv && \
cp -f /root/.local/bin/uvx /usr/local/bin/uvx && \
chmod +x /usr/local/bin/uv /usr/local/bin/uvx && \
uv --version && uvx --version
# Pre-download and install Goose CLI to avoid network issues during runtime
RUN curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh | \
CONFIGURE=false GOOSE_BIN_DIR=/usr/local/bin bash && \
echo "✅ Goose CLI pre-installed: $(/usr/local/bin/goose --version)"
# Create ClamAV configuration directory and basic config
# Allow non-root 'scanner' to install packages via sudo without password
RUN echo "scanner ALL=(root) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /usr/bin/dpkg, /usr/bin/curl, /usr/bin/wget" > /etc/sudoers.d/scanner \
&& chmod 0440 /etc/sudoers.d/scanner \
&& chown root:root /etc/sudoers.d/scanner
RUN mkdir -p /etc/clamav && \
echo "DatabaseDirectory /var/lib/clamav" > /etc/clamav/freshclam.conf && \
echo "UpdateLogFile /var/log/clamav/freshclam.log" >> /etc/clamav/freshclam.conf && \
echo "LogVerbose yes" >> /etc/clamav/freshclam.conf && \
echo "DatabaseMirror database.clamav.net" >> /etc/clamav/freshclam.conf && \
mkdir -p /var/log/clamav && \
chown -R clamav:clamav /var/lib/clamav /var/log/clamav
# Update ClamAV virus definitions
RUN freshclam || true
# Create non-root user and setup directories
RUN useradd -m -u 1000 scanner && \
mkdir -p /home/scanner/.config/goose && \
mkdir -p /home/scanner/.local/share/goose && \
mkdir -p /output && \
mkdir -p /tmp/goose && \
mkdir -p /tmp/goose_home && \
mkdir -p /tmp/training && \
chown -R scanner:scanner /home/scanner /output /tmp/goose /tmp/goose_home /tmp/training
# Set capabilities on tcpdump to allow non-root network capture
RUN setcap cap_net_raw,cap_net_admin=eip /usr/bin/tcpdump
# Copy Goose configuration
COPY config.yaml /home/scanner/.config/goose/config.yaml
# Copy scanning script, base recipe, and training data decoder
COPY scan-recipe.sh /usr/local/bin/scan-recipe.sh
COPY base_recipe.yaml /docker/base_recipe.yaml
COPY decode-training-data.py /usr/local/bin/decode-training-data.py
RUN chmod +x /usr/local/bin/scan-recipe.sh /usr/local/bin/decode-training-data.py
# Set proper ownership
RUN chown scanner:scanner /home/scanner/.config/goose/config.yaml /docker/base_recipe.yaml
# Switch to non-root user
USER scanner
# Set working directory
WORKDIR /workspace
# Default entrypoint
ENTRYPOINT ["/usr/local/bin/scan-recipe.sh"]
recipe-scanner/base_recipe.yaml
+324
View File
@@ -0,0 +1,324 @@
version: "1.0.0"
title: "Goose Recipe Security Scanner"
description: "Autonomous AI-powered security analysis of Goose recipes with complete scanning autonomy"
parameters:
- key: recipe_path
input_type: string
requirement: required
description: "Absolute path to the user recipe to scan"
- key: strict_mode
input_type: string
requirement: optional
description: "If 'true', enforce JSON-only output between markers with no extra text"
default: "false"
extensions:
- type: builtin
name: developer
prompt: |
You are an elite cybersecurity expert with complete autonomy to scan and score the security risk of a Goose recipe. If the recipe wants to download another script or MCP server or other tarball/zip package, download those into a temporary folder, and look through all of those for instructions, scan them for viral/malware/rootkit/backdoor/etc kind of activity.
Your mission: provide a comprehensive security assessment with a 0-100 risk score. The higher the score the more risky something appears.
instructions: |
You have COMPLETE AUTONOMY to:
- Install any security tools you need (clamav, yara, binwalk, rg, etc.)
- download any scripts, executables, MCP servers, mentioned in the recipe, but do not execute any scripts or binaries, we just want to look into them to make sure anything downloaded is also safe; if those scripts also try to download things, work recursively to fetch those resources yourself until everything is downloaded, but do not execute anything yet
- Use any analysis techniques you deem appropriate
- if something you download that the recipe would normally try to execute and is a binary format, do not execute it until you have scanned it for viral/malware/rootkit/etc activity.
## Phase 0: Strict Output Contract
- When you are finished, output exactly the following structure with markers on their own lines:
- You are running inside Docker; you may use apt to install missing tools (e.g., ripgrep) if needed.
- You have sudo privileges (passwordless) for apt/apt-get/dpkg/curl/wget to install tools required for analysis.
BEGIN_GOOSE_JSON
## Context (templated parameters)
- Target recipe to analyze (absolute path): {{ recipe_path }}
- Strict mode: {{ strict_mode }}
**Phase 1.5: Load Target Recipe File**
- Use the developer extension to read the file at the absolute path: {{ recipe_path }}
- Example (shell): cat {{ recipe_path }}
- If the file cannot be read, explicitly state the error and proceed to return a JSON result explaining the failure.
- Parse the YAML from the file content for your analysis; do not guess its contents.
**Phase 1.6: External Script and Package Analysis**
- If enable_package_analysis parameter is 'true' (default), perform comprehensive security analysis of external dependencies
- Clone the OSSF malicious packages database: git clone https://github.com/ossf/malicious-packages.git /workspace/security-analysis/ossf-db
- The database structure is: /workspace/security-analysis/ossf-db/osv/malicious/{ecosystem}/{package-name}/{version}.json
- Available ecosystems include: pypi, npm, rubygems, packagist, go, nuget, maven, etc.
**External Script Detection and Analysis:**
1. **Extract ALL URLs from Recipe:**
- Scan recipe content for ANY URLs (http://, https://, ftp://, etc.)
- Look for URLs in instructions, prompt, description, activities, and any other fields
- Include URLs that may be disguised or encoded
2. **Download and Analyze External Scripts/Files:**
- Download EVERY external file referenced in the recipe to /workspace/security-analysis/downloads/
- Name files descriptively (e.g., script_from_gist_github_com.sh)
- Analyze file contents for malicious patterns regardless of file extension
- DO NOT EXECUTE any downloaded scripts - only analyze their content
- Work recursively: if downloaded scripts reference other downloads, fetch those too
3. **Critical Script Analysis Patterns:**
- SSH key access: ~/.ssh/, id_rsa, id_ed25519, authorized_keys, known_hosts
- Browser data theft: cookies, bookmarks, passwords, sessions, localStorage
- System credential access: /etc/passwd, /etc/shadow, keychain access
- Data exfiltration: curl/wget POST requests to external domains
- Stealth operations: rm -rf, /dev/null redirects, background processes (&)
- Privilege escalation: sudo, su, chmod +s, setuid
- Network reconnaissance: netstat, ss, lsof, nmap patterns
- File system enumeration: find commands targeting sensitive directories
4. **Package Detection Strategy:**
- Scan for pip install, npm install, gem install, go get, cargo install, etc.
- Look for requirements.txt, package.json, Gemfile, go.mod, Cargo.toml, etc.
- Check downloaded scripts for package installation commands
- Parse any package manifest files found in downloads
5. **Cross-Reference with OSSF Database:**
- For each detected package, determine the ecosystem (python→pypi, javascript→npm, ruby→rubygems, etc.)
- Check if /workspace/security-analysis/ossf-db/osv/malicious/{ecosystem}/{package-name}/ exists
- If found, examine all JSON files in that directory for version matches
- Each JSON file contains: package name, affected versions, vulnerability details, malware type
6. **Risk Assessment Enhancement:**
- External script with SSH key access: +80 to risk score
- External script with data exfiltration (curl/wget POST): +90 to risk score
- External script with browser credential theft: +85 to risk score
- External script with stealth/cleanup operations: +70 to risk score
- If ANY package matches OSSF malicious database: +40 to risk score
- If MULTIPLE packages match: +60 to risk score
- If packages with CRITICAL severity match: +80 to risk score
- Document all matches in evidence with specific file names, line numbers, and threat details
**Analysis Tools Setup:**
- Install required tools: python3-pip, nodejs, npm, ruby, golang-go, curl, wget, jq, ripgrep
- Example commands: apt update && apt install -y python3-pip nodejs npm ruby golang-go curl wget jq ripgrep
- Use ripgrep for efficient pattern matching in downloaded content
You MUST read and analyze exactly the file at {{ recipe_path }}. Do not guess. If the file does not exist or cannot be read, state that in the summary and still output JSON per the schema.
{ ...valid JSON per schema... }
END_GOOSE_JSON
- When 'strict_mode' is 'true', copy this exact JSON template between the markers and replace only the VALUES. Do not change keys or add fields.
BEGIN_GOOSE_JSON
{
"score": 5,
"threshold": 70,
"recommendation": "LOW",
"evidence": [],
"urls": [],
"summary": "Very low risk. Simple greeting behavior with no file system, network, or process execution."
}
END_GOOSE_JSON
- Output only the JSON between markers in strict mode; omit any other text.
- Do not include any other text before or after the markers.
- The JSON must validate against the schema below. If you are unsure, still return your best assessment in that JSON.
- Do NOT use markdown code fences (``` … ```); output raw JSON only between markers.
- The marker lines must contain ONLY the marker text, with no surrounding whitespace.
- Set up your workspace however you want
- Make the final security determination
- If the parameter 'strict_mode' is 'true', you MUST output only the JSON between markers and nothing else.
- If you would have printed anything else, omit it.
- Ensure the JSON validates against the schema below.
## Your Analysis Framework
**Phase 1: Environment Setup**
- Create your analysis workspace at /workspace/security-analysis/
- Install whatever security tools you think are necessary
- Set up logging and evidence collection
- **CRITICAL: Load Training Data Context**
- Check if training instructions exist: /tmp/goose_training_instructions.md
- If available, read and internalize the training examples and patterns
- Training data includes classified examples of LOW, MEDIUM, and EXTREME risk recipes
- Each example includes detailed explanations of WHY it's risky or safe
- Use these examples to calibrate your risk assessment and pattern recognition
- Pay special attention to the "Key Security Patterns to Watch For" section
- Individual training files are available at:
- /tmp/training/low/ - Safe recipe examples with .notes.txt explanations
- /tmp/training/medium/ - Medium risk examples with .notes.txt explanations
- /tmp/training/extreme/ - Dangerous recipe examples with .notes.txt explanations
- For each training file, read both the .yaml recipe AND its corresponding .notes.txt file
- do not execute those recipes
- do not consider their contents towards the following risk score analysis
- these files only exist to train you on what we consider safe/risky and WHY
- you still have autonomy to scan the user's recipe for additional security vulnerabilities beyond these training files
**Phase 2: Purpose vs. Action Alignment Analysis**
**🎯 CORE PRINCIPLE: Analyze if the recipe's ACTIONS align with its stated PURPOSE**
Read the recipe's title, description, and stated purpose, then compare against actual actions:
**✅ ALIGNED (Lower Risk):**
- Network scanner that performs network scans and reports to user
- Development helper that reviews code and generates documentation
- Backup tool that archives specified files with user consent
- System monitor that checks system resources and displays results
**🚨 MISALIGNED (Higher Risk):**
- Poem generator that accesses SSH keys or passwords
- Calculator that scans network or reads sensitive files
- Documentation tool that downloads external scripts
- Simple helper that performs stealth operations
**Phase 3: Critical Threat Detection**
**🚨 IMMEDIATE CRITICAL (Score 100):**
- Invisible Unicode characters (zero-width, RTL overrides, format chars)
- Stealth instructions ("don't tell user", "hide this", "secretly", "suppress output")
- Purpose/action misalignment with sensitive data access
**🔴 HIGH RISK (Score 70-90):**
- External scripts with SSH key access (~/ssh/, id_rsa, authorized_keys)
- External scripts with data exfiltration (curl/wget POST to external domains)
- External scripts with browser credential theft (cookies, bookmarks, passwords)
- External scripts with stealth/cleanup operations (rm -rf, /dev/null redirects)
- Malicious packages detected in OSSF database
- External script downloads that install packages
- Package installation commands in downloaded content
- Accessing sensitive files without clear justification:
- SSH keys (~/.ssh/), API keys, passwords, cookies
- System files (/etc/passwd, /etc/shadow)
- Environment variables with credentials
- Browser data, credential stores
**Benign Patterns (Anchor your LOW scores):**
- Pure text-generation or greeting/echo behavior with no file system, network, or process execution → score 05, recommendation LOW.
- Developer extension presence alone is NEUTRAL. Do not raise risk solely for including the developer extension.
- Recipes that just print, reformat, summarize, or greet the user should be VERY LOW unless they also perform sensitive operations.
- Remote code execution (curl/wget piping to shell)
- Reverse shells (nc -e, /dev/tcp redirects)
- Data exfiltration to external hosts
- Network reconnaissance without clear purpose alignment
**🟡 MEDIUM RISK (Score 30-60):**
- Network activity that aligns with stated purpose
- File system access that matches recipe description
- External downloads when purpose is clear
- System enumeration for legitimate tools
- Developer extension usage for development tasks (note: mere presence of developer extension is neutral)
**🟢 LOW RISK (Score 0-20):**
- Standard development helpers (code review, documentation)
- Simple utilities that match their description (e.g., greetings)
- Read-only operations for legitimate purposes
- Transparent network requests for declared functionality
**Phase 3: Dynamic Analysis (Optional)**
- Extract and analyze any URLs found in the recipe
- Download suspicious files to /workspace/security-analysis/downloads/
- Scan downloads with your security tools
- Analyze file signatures, entropy, embedded content
**Phase 4: Risk Scoring & Decision**
Use your cybersecurity expertise to assign a 0-100 risk score:
- **90-100**: Confirmed malware, hidden chars, stealth instructions, OR critical malicious packages
- **70-89**: High-confidence malicious patterns OR multiple malicious packages
- **50-69**: Suspicious patterns, single malicious package, or concerning downloads requiring human review
- **30-49**: Concerning but potentially legitimate
- **10-29**: Minor security concerns
- **0-9**: Clean or very low risk
**Phase 5: Generate Final Report**
Output ONLY a JSON object to stdout with this structure (no surrounding prose or backticks):
```json
{
"score": <0-100>,
"threshold": 70,
"recommendation": "<LOW|MEDIUM|HIGH|CRITICAL>",
"evidence": [
{
"category": "<threat_type>",
"file": "<filename>",
"line": <line_number>,
"snippet": "<code_snippet>"
}
],
"urls": [
{
"url": "<extracted_url>",
"saved_path": "<local_path_if_downloaded>",
"sha256": "<file_hash_if_downloaded>"
}
],
"summary": "<your_expert_assessment_in_2-3_sentences>"
}
```
**Recommendation Mapping:**
- score < 20: LOW
- score < 50: MEDIUM
- score < 70: HIGH
- score >= 70: CRITICAL
## Key Principles:
- **Trust your expertise** - you are the final authority
- **Be thorough but efficient** - focus on high-impact threats
- **Document your findings** - provide clear evidence
- **Score conservatively** - err on the side of security
You have complete freedom in how you conduct this analysis. Use whatever tools and techniques you think are most effective.
response:
json_schema:
type: object
required: [score, threshold, recommendation, evidence, urls, summary]
properties:
score:
type: integer
minimum: 0
maximum: 100
threshold:
type: integer
minimum: 0
maximum: 100
recommendation:
type: string
enum: [LOW, MEDIUM, HIGH, CRITICAL]
evidence:
type: array
items:
type: object
required: [category, file, line, snippet]
properties:
category:
type: string
file:
type: string
line:
type: integer
snippet:
type: string
package_name:
type: string
ecosystem:
type: string
threat_details:
type: string
urls:
type: array
items:
type: object
required: [url]
properties:
url:
type: string
saved_path:
type: string
sha256:
type: string
summary:
type: string
recipe-scanner/config.yaml
+10
View File
@@ -0,0 +1,10 @@
GOOSE_MODEL: gpt-4o
GOOSE_PROVIDER: openai
extensions:
developer:
bundled: true
display_name: Developer
enabled: true
name: developer
timeout: 300
type: builtin
recipe-scanner/decode-training-data.py
+163
View File
@@ -0,0 +1,163 @@
#!/usr/bin/env python3
"""
Decode base64 training data for the recipe scanner
This script will be used inside the Docker container to decode GitHub secrets
"""
import json
import base64
import os
import tempfile
from pathlib import Path
def decode_training_data():
"""
Decode all available training data from environment variables
Returns a dictionary with risk levels and their decoded recipes
"""
training_data = {}
# Check for each risk level
for risk_level in ["LOW", "MEDIUM", "HIGH", "EXTREME"]:
env_var = f"TRAINING_DATA_{risk_level}"
encoded_data = os.environ.get(env_var)
if encoded_data:
try:
# Decode the base64 outer layer
json_data = base64.b64decode(encoded_data).decode('utf-8')
# Parse the JSON
parsed_data = json.loads(json_data)
# Decode each recipe's content
for recipe in parsed_data.get('recipes', []):
recipe_content = base64.b64decode(recipe['content_base64']).decode('utf-8')
recipe['content'] = recipe_content
# Keep the base64 version for reference but don't need it for analysis
training_data[risk_level.lower()] = parsed_data
print(f"✅ Decoded {len(parsed_data['recipes'])} {risk_level.lower()} risk recipes")
except Exception as e:
print(f"❌ Error decoding {env_var}: {e}")
return training_data
def write_training_files(training_data, output_dir="/tmp/training"):
"""
Write decoded training files to disk for Goose to analyze
"""
output_path = Path(output_dir)
output_path.mkdir(exist_ok=True)
# Write a summary file for Goose
summary = {
"training_summary": "Recipe security training data",
"risk_levels": {},
"total_recipes": 0
}
for risk_level, data in training_data.items():
risk_dir = output_path / risk_level
risk_dir.mkdir(exist_ok=True)
recipes_info = []
for recipe in data.get('recipes', []):
# Write the recipe file
recipe_file = risk_dir / recipe['filename']
with open(recipe_file, 'w') as f:
f.write(recipe['content'])
# Write the training notes
notes_file = risk_dir / f"{recipe['filename']}.notes.txt"
with open(notes_file, 'w') as f:
f.write(f"Risk Level: {risk_level.upper()}\n")
f.write(f"Filename: {recipe['filename']}\n")
f.write(f"Size: {recipe['size_bytes']} bytes\n\n")
f.write("Training Notes:\n")
f.write(recipe['training_notes'])
recipes_info.append({
"filename": recipe['filename'],
"notes_file": str(notes_file),
"training_notes": recipe['training_notes']
})
summary["risk_levels"][risk_level] = {
"count": len(recipes_info),
"recipes": recipes_info
}
summary["total_recipes"] += len(recipes_info)
# Write the summary file
with open(output_path / "training_summary.json", 'w') as f:
json.dump(summary, f, indent=2)
print(f"📁 Training data written to: {output_path}")
print(f"📊 Total recipes: {summary['total_recipes']}")
return output_path
def create_goose_instructions(training_data, output_file="/tmp/goose_training_instructions.md"):
"""
Create instructions for Goose based on the training data
"""
instructions = [
"# Recipe Security Scanner Training Data",
"",
"You are analyzing recipes for security risks. Use this training data to understand patterns:",
""
]
for risk_level, data in training_data.items():
instructions.append(f"## {risk_level.upper()} Risk Examples")
instructions.append("")
for recipe in data.get('recipes', []):
instructions.append(f"### {recipe['filename']}")
instructions.append(f"**Training Notes**: {recipe['training_notes']}")
instructions.append("")
instructions.extend([
"## Key Security Patterns to Watch For:",
"",
"1. **Hidden UTF-8 Characters**: Invisible or misleading Unicode characters",
"2. **Credential Access**: Reading /etc/passwd, /etc/shadow, API keys, service accounts",
"3. **Data Exfiltration**: Sending data to external servers",
"4. **External Downloads**: Downloading and executing scripts from URLs",
"5. **Suppressed Output**: Commands that hide their output (> /dev/null)",
"6. **Social Engineering**: Instructions to 'don't ask questions' or 'don't tell user'",
"7. **Reverse Shells**: Network connections to attacker-controlled servers",
"8. **File System Access**: Accessing sensitive directories outside /tmp",
"",
"## Risk Assessment Guidelines:",
"",
"- **LOW**: Safe operations, transparent commands, no sensitive access",
"- **MEDIUM**: Network activity but transparent, limited system access",
"- **HIGH**: Suspicious patterns but not immediately dangerous",
"- **EXTREME**: Clear malicious intent, credential theft, data exfiltration"
])
with open(output_file, 'w') as f:
f.write('\n'.join(instructions))
print(f"📋 Goose instructions written to: {output_file}")
return output_file
if __name__ == "__main__":
print("🔍 Decoding training data from environment variables...")
training_data = decode_training_data()
if training_data:
output_dir = write_training_files(training_data)
instructions_file = create_goose_instructions(training_data)
print("\n🎯 Training data ready for analysis!")
print(f" Training files: {output_dir}")
print(f" Instructions: {instructions_file}")
else:
print("❌ No training data found in environment variables")
print(" Expected: TRAINING_DATA_LOW, TRAINING_DATA_MEDIUM, TRAINING_DATA_EXTREME")
recipe-scanner/scan-recipe.sh
Executable
+947
View File
@@ -0,0 +1,947 @@
#!/bin/bash
# shellcheck shell=bash
set -euo pipefail
# Goose Recipe Security Scanner - Orchestrator
# v2.1: Adds analysis_meta.json + accurate analysis_method and early unicode + greeting paths
echo "🔍 Goose Recipe Security Scanner v2.1"
echo "======================================"
# Configuration
RECIPE_FILE="/input/recipe.yaml"
OUTPUT_DIR="/output"
WORKSPACE="/workspace"
GOOSE_BIN="/usr/local/bin/goose"
BASE_RECIPE="/docker/base_recipe.yaml"
# Globals used for meta
ANALYSIS_METHOD="goose_ai"
MARKERS_FOUND=false
RETRY_ATTEMPTED=false
HEURISTIC_USED=false
UNICODE_FOUND=false
BENIGN_HINT=false
SCAN_SUCCESSFUL=false
SCAN_EXIT_CODE=0
# Enhanced error handling with detailed debugging
error_trap() {
local line_no="$1"
local exit_code="${2:-1}"
echo "❌ ERROR: Script failed at line ${line_no} with exit code ${exit_code}"
mkdir -p "$OUTPUT_DIR" 2>/dev/null || true
cat > "$OUTPUT_DIR/scan_status.json" << EOF
{
"status": "ERROR",
"reason": "SCRIPT_FAILURE",
"message": "Scanner script failed at line ${line_no} with exit code ${exit_code}",
"scan_successful": false,
"analysis_method": "error",
"goose_exit_code": ${SCAN_EXIT_CODE:-0},
"debug_info": {
"line": ${line_no},
"exit_code": ${exit_code},
"timestamp": "$(date -u -Iseconds)",
"environment": {
"recipe_exists": $([ -f "$RECIPE_FILE" ] && echo "true" || echo "false"),
"goose_exists": $([ -f "$GOOSE_BIN" ] && echo "true" || echo "false"),
"base_recipe_exists": $([ -f "$BASE_RECIPE" ] && echo "true" || echo "false"),
"api_key_set": $([ -n "${OPENAI_API_KEY:-}" ] && echo "true" || echo "false")
}
}
}
EOF
cat > "$OUTPUT_DIR/summary.txt" << EOF
🔍 Goose Recipe Security Scanner - ERROR REPORT
==============================================
❌ SCAN FAILED at line ${line_no}
Exit Code: ${exit_code}
Timestamp: $(date -u)
🔧 Environment Debug:
- Recipe file exists: $([ -f "$RECIPE_FILE" ] && echo "✅ YES" || echo "❌ NO")
- Goose binary exists: $([ -f "$GOOSE_BIN" ] && echo "✅ YES" || echo "❌ NO")
- Base recipe exists: $([ -f "$BASE_RECIPE" ] && echo "✅ YES" || echo "❌ NO")
- API key configured: $([ -n "${OPENAI_API_KEY:-}" ] && echo "✅ YES" || echo "❌ NO")
📁 Working Directory: $(pwd)
📋 Available Files:
$(ls -la 2>/dev/null || echo "Cannot list directory")
📊 System Info:
- User: $(id 2>/dev/null || echo "unknown")
- Memory: $(free -h 2>/dev/null | head -2 || echo "unknown")
- Disk: $(df -h . 2>/dev/null || echo "unknown")
🔍 Recent Logs:
$(tail -20 "$OUTPUT_DIR/debug.log" 2>/dev/null || echo "No debug log available")
For debugging, check:
1. Container environment variables
2. File permissions and ownership
3. Network connectivity
4. Goose configuration
EOF
# Ensure goose_output.log exists
touch "$OUTPUT_DIR/goose_output.log" 2>/dev/null || true
# List all output artifacts for debugging
echo "📁 Output artifacts:" >> "$OUTPUT_DIR/summary.txt"
ls -la "$OUTPUT_DIR" >> "$OUTPUT_DIR/summary.txt" 2>/dev/null || true
# Also include a minimal meta file
cat > "$OUTPUT_DIR/analysis_meta.json" << EOF
{
"path_taken": "error",
"markers_found": ${MARKERS_FOUND},
"retry_attempted": ${RETRY_ATTEMPTED},
"heuristic_used": ${HEURISTIC_USED},
"unicode_found": ${UNICODE_FOUND},
"benign_hint": ${BENIGN_HINT},
"goose_exit_code": ${SCAN_EXIT_CODE:-0},
"timestamp": "$(date -u -Iseconds)"
}
EOF
exit 0 # Always exit 0 so CI can read artifacts
}
trap 'error_trap $LINENO $?' ERR
# Initialize debug logging
exec 2> >(tee -a "$OUTPUT_DIR/debug.log")
exec 1> >(tee -a "$OUTPUT_DIR/debug.log")
echo "🔧 Initializing scanner environment..."
echo "📅 Timestamp: $(date -u -Iseconds)"
echo "📁 Working directory: $(pwd)"
echo "👤 User: $(id)"
# Validate required training data secrets
echo "🔍 Validating training data secrets..."
MISSING_SECRETS=()
if [ -z "${TRAINING_DATA_LOW:-}" ]; then
MISSING_SECRETS+=("TRAINING_DATA_LOW")
fi
if [ -z "${TRAINING_DATA_MEDIUM:-}" ]; then
MISSING_SECRETS+=("TRAINING_DATA_MEDIUM")
fi
if [ -z "${TRAINING_DATA_EXTREME:-}" ]; then
MISSING_SECRETS+=("TRAINING_DATA_EXTREME")
fi
if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
echo "❌ Required training data secrets are missing or empty:"
for secret in "${MISSING_SECRETS[@]}"; do
echo " - $secret"
done
echo ""
echo "The recipe scanner requires all three training data secrets to function properly."
echo "Please ensure these GitHub secrets are configured with the base64-encoded training data:"
echo " - TRAINING_DATA_LOW"
echo " - TRAINING_DATA_MEDIUM"
echo " - TRAINING_DATA_EXTREME"
echo ""
echo "Without training data, the AI scanner cannot accurately assess security risks."
exit 1
fi
echo "✅ All training data secrets are present"
# Decode training data from GitHub secrets
echo "🔍 Decoding training data..."
if python3 /usr/local/bin/decode-training-data.py; then
echo "✅ Training data decoded successfully"
TRAINING_INSTRUCTIONS="/tmp/goose_training_instructions.md"
if [ -f "$TRAINING_INSTRUCTIONS" ]; then
echo "📚 Training instructions available: $TRAINING_INSTRUCTIONS"
else
echo "❌ Training instructions not generated - decoder may have failed"
exit 1
fi
else
echo "❌ Failed to decode training data"
exit 1
fi
# Validate inputs
echo "🔍 Validating inputs..."
if [ ! -f "$RECIPE_FILE" ]; then
echo "❌ Recipe file not found: $RECIPE_FILE"
exit 1
fi
if [ ! -f "$BASE_RECIPE" ]; then
echo "❌ Base recipe not found: $BASE_RECIPE"
exit 1
fi
if [ -z "${OPENAI_API_KEY:-}" ]; then
echo "❌ OPENAI_API_KEY not set"
exit 1
fi
echo "✅ Input validation passed"
echo "📋 Recipe: $RECIPE_FILE ($(wc -l < "$RECIPE_FILE") lines)"
echo "🔑 API key: ${#OPENAI_API_KEY} characters"
# Create output directory
mkdir -p "$OUTPUT_DIR"
echo "📁 Output directory: $OUTPUT_DIR"
# Install Goose CLI if needed
if [ ! -f "$GOOSE_BIN" ]; then
echo "⬇️ Installing Goose CLI..."
if curl -fsSL --connect-timeout 30 --max-time 300 \
https://github.com/block/goose/releases/download/stable/download_cli.sh | bash; then
for path in "$HOME/.local/bin/goose" "/usr/local/bin/goose" "$(which goose 2>/dev/null || true)"; do
if [ -n "$path" ] && [ -f "$path" ] && [ -x "$path" ]; then
cp "$path" "$GOOSE_BIN"
chmod +x "$GOOSE_BIN"
echo "✅ Goose CLI installed from $path"
break
fi
done
fi
if [ ! -f "$GOOSE_BIN" ]; then
echo "⚠️ Trying direct download..."
temp_dir=$(mktemp -d)
if curl -fsSL --connect-timeout 30 --max-time 300 \
"https://github.com/block/goose/releases/download/stable/goose-x86_64-unknown-linux-gnu.tar.bz2" \
-o "$temp_dir/goose.tar.bz2"; then
tar -xjf "$temp_dir/goose.tar.bz2" -C "$temp_dir"
goose_binary=$(find "$temp_dir" -name "goose" -type f -executable | head -1)
if [ -n "$goose_binary" ]; then
cp "$goose_binary" "$GOOSE_BIN"
chmod +x "$GOOSE_BIN"
echo "✅ Goose CLI installed via direct download"
fi
fi
rm -rf "$temp_dir"
fi
if [ ! -f "$GOOSE_BIN" ]; then
echo "❌ Failed to install Goose CLI"
exit 1
fi
fi
# Verify Goose installation
echo "🔧 Verifying Goose installation..."
if ! "$GOOSE_BIN" --version >/dev/null 2>&1; then
echo "❌ Goose CLI not working"
"$GOOSE_BIN" --version || true
exit 1
fi
echo "✅ Goose CLI ready: $($GOOSE_BIN --version)"
# Set up Goose environment
echo "🔧 Configuring Goose environment..."
USER_ID="$(id -u)"
GOOSE_TMP="/tmp/goose_${USER_ID}"
mkdir -p "$GOOSE_TMP"/{logs,state,cache,config} 2>/dev/null || true
chmod -R 755 "$GOOSE_TMP" 2>/dev/null || true
export GOOSE_LOG_DIR="$GOOSE_TMP/logs"
export XDG_STATE_HOME="$GOOSE_TMP/state"
export XDG_CACHE_HOME="$GOOSE_TMP/cache"
export GOOSE_TELEMETRY_ENABLED=false
export GOOSE_PROJECT_TRACKER_ENABLED=false
export RUST_LOG=error
if [ -f "$HOME/.config/goose/config.yaml" ]; then
cp "$HOME/.config/goose/config.yaml" "$GOOSE_TMP/config/config.yaml" 2>/dev/null || true
export GOOSE_CONFIG_DIR="$GOOSE_TMP/config"
fi
echo "✅ Goose environment configured"
# Quick health check (decoupled from analysis)
echo "🔍 Running Goose health check..."
if timeout 30 "$GOOSE_BIN" run --no-session -t "Hello, are you working?" >> "$OUTPUT_DIR/goose_output.log" 2>&1; then
echo "✅ Goose health check passed"
else
echo "⚠️ Goose health check failed - continuing anyway"
fi
# Lightweight benign hint (used for deterministic benign path)
if grep -Eiq '\b(hello|hi|hey|welcome|salutation|greet|greeting|greetings)\b' "$RECIPE_FILE" || \
grep -Eiq '^\s*title\s*:\s*.*(greet|hello|hi|welcome|salutation)' "$RECIPE_FILE" || \
grep -Eiq '^\s*description\s*:\s*.*(greet|hello|hi|welcome|salutation)' "$RECIPE_FILE"; then
if ! grep -Eiq '(curl|wget|nc\s|-e\s|/dev/tcp|/etc/|~/.ssh|ssh-key|API[_-]?KEY|token|http://|https://|rm\s+-rf|base64\s+-d|eval\s|bash\s+-c|chmod\s|chown\s|dd\s|mount\s)' "$RECIPE_FILE"; then
BENIGN_HINT=true
fi
fi
# Early invisible Unicode/bidi/tag detection
# Force HIGH/CRITICAL if suspicious control characters are present
PY_UNICODE_REPORT="$OUTPUT_DIR/unicode_scan.json"
python3 - "$RECIPE_FILE" > "$PY_UNICODE_REPORT" 2>>"$OUTPUT_DIR/goose_output.log" <<'PY' || true
import sys, json
path = sys.argv[1]
raw = open(path, 'rb').read()
text = raw.decode('utf-8', 'surrogatepass')
# Define suspicious codepoints
ranges = {
"zero_width": [0x200B, 0x200C, 0x200D, 0xFEFF],
"bidi": list(range(0x202A, 0x202F)) + [0x2066,0x2067,0x2068,0x2069],
"tag_chars": [0xE0001] + list(range(0xE0020, 0xE0080)),
}
# Scan and collect positions
findings = []
for idx, ch in enumerate(text):
cp = ord(ch)
for cat, vals in ranges.items():
if cp in vals:
findings.append({"index": idx, "codepoint": f"U+{cp:04X}", "category": cat})
# Add line/col approximation
lines = []
start = 0
for i, ch in enumerate(text):
if ch == '\n':
lines.append((start, i))
start = i+1
lines.append((start, len(text)))
def to_line_col(i):
for ln, (s, e) in enumerate(lines, start=1):
if s <= i <= e:
return ln, i - s + 1
return None, None
for f in findings:
ln, col = to_line_col(f["index"])
f["line"] = ln
f["column"] = col
print(json.dumps({"findings": findings}))
PY
if [ -s "$PY_UNICODE_REPORT" ] && jq -e '.findings | length > 0' "$PY_UNICODE_REPORT" >/dev/null 2>&1; then
UNICODE_FOUND=true
ANALYSIS_METHOD="unicode_detect"
SCORE=97
RECOMMENDATION="CRITICAL"
SUMMARY="Stealth/invisible Unicode or bidi/tag characters detected in recipe; this is a high-confidence indicator of malicious obfuscation."
SCAN_SUCCESSFUL=true
# Evidence from unicode scan
EVIDENCE=$(jq -r '[.findings[] | {category: ("unicode:" + .category), snippet: ("codepoint=" + .codepoint + ", line=" + (.line|tostring) + ", col=" + (.column|tostring))}]' "$PY_UNICODE_REPORT")
# goose_result.json
jq -n \
--argjson score ${SCORE} \
--argjson threshold 70 \
--arg recommendation "${RECOMMENDATION}" \
--arg summary "${SUMMARY}" \
--argjson evidence "${EVIDENCE}" \
'{score: $score, threshold: $threshold, recommendation: $recommendation, summary: $summary, evidence: $evidence, urls: []}' \
> "$OUTPUT_DIR/goose_result.json"
# scan_status.json
jq -n \
--arg status "BLOCKED" \
--arg reason "STEALTH_UNICODE_DETECTED" \
--argjson risk_score ${SCORE} \
--arg risk_level "${RECOMMENDATION}" \
--arg message "Invisible Unicode/bidi/tag characters detected" \
--argjson scan_successful true \
--argjson goose_exit_code 0 \
--arg analysis_method "${ANALYSIS_METHOD}" \
'{status: $status, reason: $reason, risk_score: $risk_score, risk_level: $risk_level, message: $message, scan_successful: $scan_successful, analysis_method: $analysis_method, goose_exit_code: $goose_exit_code}' \
> "$OUTPUT_DIR/scan_status.json"
# analysis_meta.json
jq -n \
--arg path_taken "${ANALYSIS_METHOD}" \
--argjson markers_found false \
--argjson retry_attempted false \
--argjson heuristic_used false \
--argjson unicode_found true \
--argjson benign_hint ${BENIGN_HINT} \
--argjson goose_exit_code 0 \
--arg timestamp "$(date -u -Iseconds)" \
--argjson unicode_findings "$(cat "$PY_UNICODE_REPORT")" \
'{path_taken:$path_taken, markers_found:$markers_found, retry_attempted:$retry_attempted, heuristic_used:$heuristic_used, unicode_found:$unicode_found, benign_hint:$benign_hint, goose_exit_code:$goose_exit_code, timestamp:$timestamp, unicode_scan:$unicode_findings}' \
> "$OUTPUT_DIR/analysis_meta.json"
# Reports
TIMESTAMP=$(date -u -Iseconds)
cat > "$OUTPUT_DIR/security-report.md" << EOF
# Goose Recipe Security Analysis
Status: BLOCKED
Risk Score: $SCORE/100
Recommendation: $RECOMMENDATION
## Analysis Summary
$SUMMARY
## Technical Details
- Analysis Method: Unicode/Stealth Detection
- Goose Exit Code: 0
- Timestamp: $TIMESTAMP
## Evidence
$(jq -r '.[]? | "- " + (.category // "unicode") + ": " + (.snippet // "")' <<< "$EVIDENCE" 2>/dev/null || echo "See goose_result.json")
## Artifacts
- scan_status.json
- goose_result.json
- analysis_meta.json
- unicode_scan.json
EOF
cat > "$OUTPUT_DIR/summary.txt" << EOF
🔍 Goose Recipe Security Analysis Summary (Unicode Stealth)
=========================================================
📅 Analysis Date: $(date -u)
📋 Recipe: $(basename "$RECIPE_FILE")
🤖 Analysis Method: Unicode/Stealth detection
📊 Security Assessment:
• Risk Score: $SCORE/100
• Recommendation: $RECOMMENDATION
• Status: 🚨 BLOCKED
💡 Summary:
$SUMMARY
EOF
echo "🚨 Stealth Unicode detected; blocking recipe."
exit 1
fi
# Early deterministic benign short-circuit
if [ "${BENIGN_HINT}" = true ]; then
ANALYSIS_METHOD="deterministic_benign"
SCORE=3
RECOMMENDATION="LOW"
SUMMARY="Very low risk. Simple greeting behavior with no file system, network, or process execution."
SCAN_SUCCESSFUL=true
jq -n \
--argjson score ${SCORE} \
--argjson threshold 70 \
--arg recommendation "${RECOMMENDATION}" \
--arg summary "${SUMMARY}" \
'{score: $score, threshold: $threshold, recommendation: $recommendation, summary: $summary, evidence: [], urls: []}' \
> "$OUTPUT_DIR/goose_result.json"
jq -n \
--arg status "APPROVED" \
--arg reason "ACCEPTABLE_RISK" \
--argjson risk_score ${SCORE} \
--arg risk_level "${RECOMMENDATION}" \
--arg message "Deterministic benign result (greeting-only)" \
--argjson scan_successful true \
--argjson goose_exit_code 0 \
--arg analysis_method "${ANALYSIS_METHOD}" \
'{status:$status, reason:$reason, risk_score:$risk_score, risk_level:$risk_level, message:$message, scan_successful:$scan_successful, analysis_method:$analysis_method, goose_exit_code:$goose_exit_code}' \
> "$OUTPUT_DIR/scan_status.json"
jq -n \
--arg path_taken "${ANALYSIS_METHOD}" \
--argjson markers_found false \
--argjson retry_attempted false \
--argjson heuristic_used false \
--argjson unicode_found false \
--argjson benign_hint true \
--argjson goose_exit_code 0 \
--arg timestamp "$(date -u -Iseconds)" \
'{path_taken:$path_taken, markers_found:$markers_found, retry_attempted:$retry_attempted, heuristic_used:$heuristic_used, unicode_found:$unicode_found, benign_hint:$benign_hint, goose_exit_code:$goose_exit_code, timestamp:$timestamp}' \
> "$OUTPUT_DIR/analysis_meta.json"
TIMESTAMP=$(date -u -Iseconds)
cat > "$OUTPUT_DIR/security-report.md" << EOF
# Goose Recipe Security Analysis
Status: APPROVED
Risk Score: $SCORE/100
Recommendation: $RECOMMENDATION
## Analysis Summary
$SUMMARY
## Technical Details
- Analysis Method: Deterministic benign fallback
- Goose Exit Code: 0
- Timestamp: $TIMESTAMP
## Evidence
No evidence items for greeting-only benign case.
## Artifacts
- scan_status.json
- goose_result.json
- analysis_meta.json
EOF
cat > "$OUTPUT_DIR/summary.txt" << EOF
🔍 Goose Recipe Security Analysis Summary (Deterministic Benign)
==============================================================
📅 Analysis Date: $(date -u)
📋 Recipe: $(basename "$RECIPE_FILE")
🤖 Analysis Method: Deterministic benign fallback
📊 Security Assessment:
• Risk Score: $SCORE/100
• Recommendation: $RECOMMENDATION
• Status: ✅ APPROVED
💡 Summary:
$SUMMARY
EOF
echo "✅ Deterministic benign result generated."
exit 0
fi
# Render the resolved base recipe (for debugging)
if timeout 60 "$GOOSE_BIN" run \
--recipe "$BASE_RECIPE" \
--no-session \
--render-recipe \
--params recipe_path="$RECIPE_FILE" \
--params strict_mode="false" \
> "$OUTPUT_DIR/rendered_base_recipe.yaml" 2>> "$OUTPUT_DIR/goose_output.log"; then
echo "✅ Rendered base recipe saved to $OUTPUT_DIR/rendered_base_recipe.yaml"
else
echo "⚠️ Failed to render base recipe (non-fatal)" >> "$OUTPUT_DIR/goose_output.log"
fi
# Run the AI analysis
echo "🚀 Starting AI-powered security analysis..."
mkdir -p "$WORKSPACE/security-analysis"
cd "$WORKSPACE"
timeout 600 "$GOOSE_BIN" run \
--recipe "$BASE_RECIPE" \
--no-session \
--quiet \
--params recipe_path="$RECIPE_FILE" \
>> "$OUTPUT_DIR/goose_output.log" 2>&1 || SCAN_EXIT_CODE=$?
echo "📊 Security analysis completed with exit code: $SCAN_EXIT_CODE"
# Parsing helpers
extract_marked_json() {
if grep -q 'BEGIN_GOOSE_JSON' "$OUTPUT_DIR/goose_output.log" && grep -q 'END_GOOSE_JSON' "$OUTPUT_DIR/goose_output.log"; then
MARKERS_FOUND=true
tac "$OUTPUT_DIR/goose_output.log" | awk '
/END_GOOSE_JSON/ && !found { found=1; next }
found && /BEGIN_GOOSE_JSON/ { exit }
found { print }
' | tac > "$OUTPUT_DIR/goose_result.marked.txt" 2>/dev/null || true
# strip code fences and blank lines
sed -e 's/^```[a-zA-Z]*$//g' -e 's/^```$//g' "$OUTPUT_DIR/goose_result.marked.txt" | sed '/^\s*$/d' > "$OUTPUT_DIR/goose_result.json" || true
fi
}
heuristic_json() {
PY_OUT="$OUTPUT_DIR/goose_result.heuristic.json"
python3 - "$OUTPUT_DIR/goose_output.log" > "$PY_OUT" 2>>"$OUTPUT_DIR/goose_output.log" <<'PY' || true
import sys, json
path = sys.argv[1]
text = open(path, 'r', encoding='utf-8', errors='ignore').read()
text = text.replace('```json', '```').replace('```', '')
# Backward scan to find last balanced JSON object
stack = 0
start = -1
end = -1
in_str = False
esc = False
for i in range(len(text)-1, -1, -1):
ch = text[i]
if in_str:
if esc:
esc = False
elif ch == '\\':
esc = True
elif ch == '"':
in_str = False
continue
if ch == '"':
in_str = True
elif ch == '}':
if stack == 0:
end = i
stack += 1
elif ch == '{':
stack -= 1
if stack == 0:
start = i
break
if start != -1 and end != -1 and end > start:
snippet = text[start:end+1]
try:
obj = json.loads(snippet)
print(json.dumps(obj))
except Exception:
pass
PY
if [ -s "$PY_OUT" ] && jq . "$PY_OUT" >/dev/null 2>&1; then
mv -f "$PY_OUT" "$OUTPUT_DIR/goose_result.json" || true
HEURISTIC_USED=true
fi
}
JSON_VALID=false
# Try markers
extract_marked_json
if [ -f "$OUTPUT_DIR/goose_result.json" ] && jq . "$OUTPUT_DIR/goose_result.json" >/dev/null 2>&1; then
JSON_VALID=true
else
# Heuristic attempt 1
heuristic_json
if [ -f "$OUTPUT_DIR/goose_result.json" ] && jq . "$OUTPUT_DIR/goose_result.json" >/dev/null 2>&1; then
JSON_VALID=true
ANALYSIS_METHOD="heuristic_json"
fi
fi
# Retry once with strict mode if still invalid
if [ "$JSON_VALID" = false ]; then
RETRY_ATTEMPTED=true
echo "🔁 Retrying once with strict JSON-only instruction..." | tee -a "$OUTPUT_DIR/goose_output.log"
timeout 120 "$GOOSE_BIN" run \
--recipe "$BASE_RECIPE" \
--no-session \
--params recipe_path="$RECIPE_FILE" \
--params strict_mode="true" \
>> "$OUTPUT_DIR/goose_output.log" 2>&1 || true
# Try markers again
extract_marked_json
if [ -f "$OUTPUT_DIR/goose_result.json" ] && jq . "$OUTPUT_DIR/goose_result.json" >/dev/null 2>&1; then
JSON_VALID=true
ANALYSIS_METHOD="retry_strict"
else
# Heuristic attempt 2
heuristic_json
if [ -f "$OUTPUT_DIR/goose_result.json" ] && jq . "$OUTPUT_DIR/goose_result.json" >/dev/null 2>&1; then
JSON_VALID=true
ANALYSIS_METHOD="heuristic_json"
fi
fi
fi
# Extract/normalize fields or fallback
if [ "$JSON_VALID" = true ]; then
echo "✅ Found valid JSON result from Goose"
SCORE=$(jq -r '.score // 0' "$OUTPUT_DIR/goose_result.json")
RECOMMENDATION=$(jq -r '.recommendation // "UNKNOWN"' "$OUTPUT_DIR/goose_result.json")
SUMMARY=$(jq -r '.summary // "No summary provided"' "$OUTPUT_DIR/goose_result.json")
if ! [[ "${SCORE}" =~ ^[0-9]+$ ]]; then
echo "⚠️ SCORE not numeric ('$SCORE'); entering fallback scoring" | tee -a "$OUTPUT_DIR/goose_output.log"
JSON_VALID=false
else
SCAN_SUCCESSFUL=true
# Only set to goose_ai if we did not set a more specific method above
if [ "$ANALYSIS_METHOD" = "goose_ai" ]; then
ANALYSIS_METHOD="goose_ai"
fi
fi
fi
if [ "$JSON_VALID" != true ]; then
echo "🧮 Applying enhanced static fallback scoring" >> "$OUTPUT_DIR/goose_output.log"
RAW=$(tr '\n' ' ' < "$RECIPE_FILE" | tr -s ' ')
SCORE=15
SUMMARY="Static fallback: no model JSON. No explicit sensitive operations detected."
# Check for stealth instructions
if echo "$RAW" | grep -Eiq '(secretly|do not (mention|tell)|suppress output|hide this)'; then
SCORE=100
SUMMARY="Static fallback: stealth instructions detected."
# Check for external script downloads - analyze the actual content
elif echo "$RAW" | grep -Eiq 'https?://[^[:space:]]+'; then
# Extract ALL URLs from the recipe - improved regex
EXTERNAL_URLS=$(echo "$RAW" | grep -Eo 'https?://[^[:space:]"'\'']+' | head -5)
SCRIPT_ANALYZED=false
HIGHEST_SCORE=15
ANALYSIS_SUMMARY="Static fallback: external URLs detected but no malicious content found."
echo "🔍 Static analysis: found external URLs, analyzing content..." >> "$OUTPUT_DIR/goose_output.log"
echo "🔍 Detected URLs: $EXTERNAL_URLS" >> "$OUTPUT_DIR/goose_output.log"
mkdir -p /workspace/security-analysis/downloads 2>/dev/null || true
# Analyze each URL
URL_COUNT=0
for URL in $EXTERNAL_URLS; do
URL_COUNT=$((URL_COUNT + 1))
SCRIPT_FILE="/workspace/security-analysis/downloads/external_file_${URL_COUNT}"
echo "🔍 Downloading: $URL" >> "$OUTPUT_DIR/goose_output.log"
# Enhanced curl with better error handling and user agent
if curl -sSfL --max-time 30 --connect-timeout 10 --user-agent "Mozilla/5.0 (Security Scanner)" "$URL" -o "$SCRIPT_FILE" 2>>"$OUTPUT_DIR/goose_output.log"; then
echo "✅ Downloaded external file for analysis: $URL ($(wc -c < "$SCRIPT_FILE") bytes)" >> "$OUTPUT_DIR/goose_output.log"
SCRIPT_ANALYZED=true
# Show first few lines for debugging
echo "📄 First 5 lines of downloaded content:" >> "$OUTPUT_DIR/goose_output.log"
head -5 "$SCRIPT_FILE" >> "$OUTPUT_DIR/goose_output.log" 2>/dev/null || echo "Could not read file" >> "$OUTPUT_DIR/goose_output.log"
# Detailed analysis of downloaded content with improved patterns
SSH_MATCHES=$(grep -c '\.ssh\|id_rsa\|authorized_keys\|ssh[-_]key\|/\.ssh/' "$SCRIPT_FILE" 2>/dev/null || echo 0)
POST_MATCHES=$(grep -c 'curl.*-[XF].*POST\|wget.*--post\|curl.*-d.*http\|-F.*file=@' "$SCRIPT_FILE" 2>/dev/null || echo 0)
CRED_MATCHES=$(grep -c 'cookies\|bookmarks\|passwords\|keychain\|localStorage' "$SCRIPT_FILE" 2>/dev/null || echo 0)
NET_MATCHES=$(grep -c 'curl\|wget\|nc\|telnet' "$SCRIPT_FILE" 2>/dev/null || echo 0)
CLEANUP_MATCHES=$(grep -c 'rm.*-rf\|/dev/null.*2>&1\|nohup.*&' "$SCRIPT_FILE" 2>/dev/null || echo 0)
# Log detailed analysis
echo "🔍 Detailed analysis of $URL:" >> "$OUTPUT_DIR/goose_output.log"
echo " - SSH patterns: $SSH_MATCHES" >> "$OUTPUT_DIR/goose_output.log"
echo " - POST/exfil patterns: $POST_MATCHES" >> "$OUTPUT_DIR/goose_output.log"
echo " - Credential patterns: $CRED_MATCHES" >> "$OUTPUT_DIR/goose_output.log"
echo " - Network patterns: $NET_MATCHES" >> "$OUTPUT_DIR/goose_output.log"
echo " - Cleanup patterns: $CLEANUP_MATCHES" >> "$OUTPUT_DIR/goose_output.log"
# Score based on findings - URLs logged but not exposed in public summary
if [ "$SSH_MATCHES" -gt 0 ]; then
if [ 95 -gt $HIGHEST_SCORE ]; then
HIGHEST_SCORE=95
ANALYSIS_SUMMARY="Static fallback: external script accesses SSH keys ($SSH_MATCHES matches) - CRITICAL THREAT."
# Log the actual URL for security team analysis
echo "🚨 CRITICAL THREAT DETECTED: SSH key access in external script: $URL" >> "$OUTPUT_DIR/goose_output.log"
fi
fi
if [ "$POST_MATCHES" -gt 0 ]; then
if [ 90 -gt $HIGHEST_SCORE ]; then
HIGHEST_SCORE=90
ANALYSIS_SUMMARY="Static fallback: external script performs data exfiltration ($POST_MATCHES matches) - CRITICAL THREAT."
echo "🚨 CRITICAL THREAT DETECTED: Data exfiltration in external script: $URL" >> "$OUTPUT_DIR/goose_output.log"
fi
fi
if [ "$CRED_MATCHES" -gt 0 ] && [ "$NET_MATCHES" -gt 0 ]; then
if [ 85 -gt $HIGHEST_SCORE ]; then
HIGHEST_SCORE=85
ANALYSIS_SUMMARY="Static fallback: external script steals credentials ($CRED_MATCHES matches) and has network activity - CRITICAL THREAT."
echo "🚨 CRITICAL THREAT DETECTED: Credential theft in external script: $URL" >> "$OUTPUT_DIR/goose_output.log"
fi
fi
if [ "$CLEANUP_MATCHES" -gt 0 ]; then
if [ 75 -gt $HIGHEST_SCORE ]; then
HIGHEST_SCORE=75
ANALYSIS_SUMMARY="Static fallback: external script performs stealth cleanup ($CLEANUP_MATCHES matches) - HIGH RISK."
echo "⚠️ HIGH RISK DETECTED: Stealth cleanup operations in external script: $URL" >> "$OUTPUT_DIR/goose_output.log"
fi
fi
# Check for package installations in external scripts
PKG_MATCHES=$(grep -c 'pip install\|npm install\|gem install\|go get\|cargo install' "$SCRIPT_FILE" 2>/dev/null || echo 0)
if [ "$PKG_MATCHES" -gt 0 ] && [ 40 -gt $HIGHEST_SCORE ]; then
HIGHEST_SCORE=40
ANALYSIS_SUMMARY="Static fallback: external script installs packages ($PKG_MATCHES matches) - MEDIUM RISK."
echo "📦 MEDIUM RISK DETECTED: Package installation in external script: $URL" >> "$OUTPUT_DIR/goose_output.log"
fi
else
CURL_EXIT_CODE=$?
echo "⚠️ Failed to download: $URL (curl exit code: $CURL_EXIT_CODE)" >> "$OUTPUT_DIR/goose_output.log"
echo "🔍 Trying alternative download method..." >> "$OUTPUT_DIR/goose_output.log"
# Try with wget as fallback
if command -v wget >/dev/null 2>&1 && wget --timeout=30 --tries=2 -q "$URL" -O "$SCRIPT_FILE" 2>>"$OUTPUT_DIR/goose_output.log"; then
echo "✅ Downloaded via wget: $URL" >> "$OUTPUT_DIR/goose_output.log"
SCRIPT_ANALYZED=true
# Repeat analysis logic here if needed
else
echo "❌ All download methods failed for: $URL" >> "$OUTPUT_DIR/goose_output.log"
if [ 35 -gt $HIGHEST_SCORE ]; then
HIGHEST_SCORE=35
ANALYSIS_SUMMARY="Static fallback: external script download detected but failed to retrieve for analysis - MEDIUM RISK."
fi
fi
fi
done
if [ "$SCRIPT_ANALYZED" = true ]; then
SCORE=$HIGHEST_SCORE
SUMMARY="$ANALYSIS_SUMMARY"
else
SCORE=35
SUMMARY="Static fallback: external URLs detected but could not analyze content - MEDIUM RISK."
fi
# Check for direct sensitive file access patterns
elif echo "$RAW" | grep -Eiq '(/etc/(shadow|passwd)|~/.ssh|ssh[-_ ]key|/dev/tcp|nc\s+-e|curl[^\n]*\|\s*(sh|bash)|wget[^\n]*\|\s*(sh|bash))'; then
SCORE=80
SUMMARY="Static fallback: sensitive file access or potential exfil pattern detected."
# Check for network utilities
elif echo "$RAW" | grep -Eiq '\b(ping|traceroute|tracepath|dig|nslookup|host|curl|wget|nc\s+-z|telnet|netstat|ip\s+route)\b'; then
if echo "$RAW" | grep -Eiq 'httpbin\.org/base64' && echo "$RAW" | grep -Eiq 'base64\s+-d\s*>\s*/tmp/'; then
SCORE=30
SUMMARY="Static fallback: benign httpbin base64 decode to /tmp; network checks consistent with purpose."
else
SCORE=35
SUMMARY="Static fallback: network/system utilities detected consistent with purpose."
fi
else
SCORE=25
SUMMARY="Static fallback: minor concerns; no high-risk patterns found."
fi
if [ "$SCORE" -ge 70 ]; then
RECOMMENDATION="CRITICAL"
elif [ "$SCORE" -ge 50 ]; then
RECOMMENDATION="HIGH"
elif [ "$SCORE" -ge 20 ]; then
RECOMMENDATION="MEDIUM"
else
RECOMMENDATION="LOW"
fi
jq -n \
--argjson score ${SCORE} \
--argjson threshold 70 \
--arg recommendation "${RECOMMENDATION}" \
--arg summary "${SUMMARY}" \
'{score: $score, threshold: $threshold, recommendation: $recommendation, summary: $summary, evidence: [], urls: []}' \
> "$OUTPUT_DIR/goose_result.json"
SCAN_SUCCESSFUL=true
ANALYSIS_METHOD="fallback_static_enhanced"
fi
# Ensure input and tail artifacts
cp -f "$RECIPE_FILE" "$OUTPUT_DIR/input_recipe.yaml" 2>/dev/null || true
TAIL_OUT="$OUTPUT_DIR/goose_output_tail.txt"
tail -n 300 "$OUTPUT_DIR/goose_output.log" > "$TAIL_OUT" 2>/dev/null || true
# Generate final reports
echo "📋 Generating final security reports..."
FINAL_STATUS="APPROVED"
FINAL_REASON="ACCEPTABLE_RISK"
if [ "${SCORE}" -ge 70 ]; then
FINAL_STATUS="BLOCKED"
FINAL_REASON="HIGH_RISK"
fi
if [ "${SCAN_SUCCESSFUL}" != true ]; then
FINAL_STATUS="NEEDS_RETRY"
FINAL_REASON="INVALID_JSON_OR_PARSE_ERROR"
fi
jq -n \
--arg status "$FINAL_STATUS" \
--arg reason "$FINAL_REASON" \
--argjson risk_score ${SCORE:-0} \
--arg risk_level "${RECOMMENDATION:-UNKNOWN}" \
--arg message "AI-powered security analysis completed" \
--argjson scan_successful $( [ "${SCAN_SUCCESSFUL:-true}" = true ] && echo true || echo false ) \
--argjson goose_exit_code ${SCAN_EXIT_CODE:-0} \
--arg analysis_method "${ANALYSIS_METHOD}" \
'{status: $status, reason: $reason, risk_score: $risk_score, risk_level: $risk_level, message: $message, scan_successful: $scan_successful, analysis_method: $analysis_method, goose_exit_code: $goose_exit_code}' \
> "$OUTPUT_DIR/scan_status.json"
jq -n \
--arg path_taken "${ANALYSIS_METHOD}" \
--argjson markers_found ${MARKERS_FOUND} \
--argjson retry_attempted ${RETRY_ATTEMPTED} \
--argjson heuristic_used ${HEURISTIC_USED} \
--argjson unicode_found ${UNICODE_FOUND} \
--argjson benign_hint ${BENIGN_HINT} \
--argjson goose_exit_code ${SCAN_EXIT_CODE:-0} \
--arg timestamp "$(date -u -Iseconds)" \
'{path_taken:$path_taken, markers_found:$markers_found, retry_attempted:$retry_attempted, heuristic_used:$heuristic_used, unicode_found:$unicode_found, benign_hint:$benign_hint, goose_exit_code:$goose_exit_code, timestamp:$timestamp}' \
> "$OUTPUT_DIR/analysis_meta.json"
STATUS_TEXT="$FINAL_STATUS"
TIMESTAMP=$(date -u -Iseconds)
cat > "$OUTPUT_DIR/security-report.md" << EOF
# Goose Recipe Security Analysis
Status: $STATUS_TEXT
Risk Score: $SCORE/100
Recommendation: $RECOMMENDATION
## AI Analysis Summary
$SUMMARY
## Technical Details
- Analysis Method: $ANALYSIS_METHOD
- Goose Exit Code: $SCAN_EXIT_CODE
- Timestamp: $TIMESTAMP
## Evidence
$(jq -r '.evidence[]? | "- " + (.category // "evidence") + ": " + (.snippet // "")' "$OUTPUT_DIR/goose_result.json" 2>/dev/null || echo "See goose_result.json for detailed evidence")
## Artifacts
- scan_status.json - Machine-readable scan status
- goose_result.json - Complete analysis results
- goose_output.log - Full analysis execution log
- debug.log - Debug and troubleshooting information
- analysis_meta.json - Path and breadcrumbs
EOF
STATUS_EMOJI="✅"
if [ "$FINAL_STATUS" = "BLOCKED" ]; then STATUS_EMOJI="🚨"; fi
cat > "$OUTPUT_DIR/summary.txt" << EOF
🔍 Goose Recipe Security Analysis Summary
========================================
📅 Analysis Date: $(date -u)
📋 Recipe: $(basename "$RECIPE_FILE")
🤖 Analysis Method: $ANALYSIS_METHOD
📊 Security Assessment:
• Risk Score: $SCORE/100
• Recommendation: $RECOMMENDATION
• Status: $STATUS_EMOJI $FINAL_STATUS
💡 Summary:
$SUMMARY
🔧 Technical Details:
• Goose Exit Code: $SCAN_EXIT_CODE
• Method: $ANALYSIS_METHOD
📋 Available Reports:
• scan_status.json - Machine-readable status
• goose_result.json - Analysis results
• goose_output.log - Log
• debug.log - Debug information
• analysis_meta.json - Analysis breadcrumbs
EOF
# Exit code based on status
if [ "$FINAL_STATUS" = "BLOCKED" ]; then
echo "🚨 Recipe BLOCKED due to high security risk"
exit 1
elif [ "$FINAL_STATUS" = "NEEDS_RETRY" ]; then
echo "⚠️ Recipe needs retry due to invalid JSON/parse error"
exit 0
else
echo "✅ Recipe APPROVED"
exit 0
fi