fix(gateway): harden node metadata policy classification

2026-03-21 16:41:56 +00:00 · 2026-03-02 00:15:21 +00:00
parent 84d0a794ec
commit 0eac494db7
4 changed files with 47 additions and 3 deletions
--- a/src/gateway/gateway-misc.test.ts
+++ b/src/gateway/gateway-misc.test.ts
@@ -365,6 +365,34 @@ describe("resolveNodeCommandAllowlist", () => {
    expect(allow.has("screen.record")).toBe(true);
    expect(allow.has("camera.clip")).toBe(false);
  });
+
+  it("treats unknown/confusable metadata as fail-safe for system.run defaults", () => {
+    const allow = resolveNodeCommandAllowlist(
+      {},
+      {
+        platform: "iPhοne",
+        deviceFamily: "iPhοne",
+      },
+    );
+
+    expect(allow.has("system.run")).toBe(false);
+    expect(allow.has("system.which")).toBe(false);
+    expect(allow.has("system.notify")).toBe(true);
+  });
+
+  it("normalizes dotted-I platform values to iOS classification", () => {
+    const allow = resolveNodeCommandAllowlist(
+      {},
+      {
+        platform: "İOS",
+        deviceFamily: "iPhone",
+      },
+    );
+
+    expect(allow.has("system.run")).toBe(false);
+    expect(allow.has("system.which")).toBe(false);
+    expect(allow.has("device.info")).toBe(true);
+  });
 });

 describe("normalizeVoiceWakeTriggers", () => {
--- a/src/gateway/node-command-policy.ts
+++ b/src/gateway/node-command-policy.ts
@@ -52,6 +52,12 @@ const SYSTEM_COMMANDS = [
  NODE_SYSTEM_NOTIFY_COMMAND,
  NODE_BROWSER_PROXY_COMMAND,
 ];
+const UNKNOWN_PLATFORM_COMMANDS = [
+  ...CANVAS_COMMANDS,
+  ...CAMERA_COMMANDS,
+  ...LOCATION_COMMANDS,
+  NODE_SYSTEM_NOTIFY_COMMAND,
+];

 // "High risk" node commands. These can be enabled by explicitly adding them to
 // `gateway.nodes.allowCommands` (and ensuring they're not blocked by denyCommands).
@@ -104,11 +110,19 @@ const PLATFORM_DEFAULTS: Record<string, string[]> = {
  ],
  linux: [...SYSTEM_COMMANDS],
  windows: [...SYSTEM_COMMANDS],
-  unknown: [...CANVAS_COMMANDS, ...CAMERA_COMMANDS, ...LOCATION_COMMANDS, ...SYSTEM_COMMANDS],
+  // Fail-safe: unknown metadata should not receive host exec defaults.
+  unknown: [...UNKNOWN_PLATFORM_COMMANDS],
 };

+function normalizePlatformToken(value?: string): string {
+  if (typeof value !== "string") {
+    return "";
+  }
+  return value.trim().normalize("NFKD").replace(/\p{M}/gu, "").toLowerCase();
+}
+
 function normalizePlatformId(platform?: string, deviceFamily?: string): string {
-  const raw = (platform ?? "").trim().toLowerCase();
+  const raw = normalizePlatformToken(platform);
  if (raw.startsWith("ios")) {
    return "ios";
  }
@@ -127,7 +141,7 @@ function normalizePlatformId(platform?: string, deviceFamily?: string): string {
  if (raw.startsWith("linux")) {
    return "linux";
  }
-  const family = (deviceFamily ?? "").trim().toLowerCase();
+  const family = normalizePlatformToken(deviceFamily);
  if (family.includes("iphone") || family.includes("ipad") || family.includes("ios")) {
    return "ios";
  }