Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .clusterfuzzlite/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# ClusterFuzzLite build image — OpenSSF Scorecard detects fuzzing via this file.
# Uses the OSS-Fuzz JavaScript base builder (Jazzer.js), which provides
# `compile_javascript_fuzzer`. See build.sh for the fuzz targets.
# Base pinned by digest (Scorecard Pinned-Dependencies). OSS-Fuzz rolls this
# image, so bump the digest periodically if the weekly fuzz build breaks.
FROM gcr.io/oss-fuzz-base/base-builder-javascript@sha256:717f88cd72ee85ab295debf1272eed85590621d6ba9d70d6c59133a61f3f3acf
COPY . $SRC/agent-security-stack
WORKDIR $SRC/agent-security-stack
COPY .clusterfuzzlite/build.sh $SRC/build.sh
35 changes: 35 additions & 0 deletions .clusterfuzzlite/build.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/bin/bash -eu
# Build the Jazzer.js fuzz targets for ClusterFuzzLite / OSS-Fuzz.
#
# Unlike the individual tools (redstamp/truecopy/strongroom are zero-dependency),
# this repo is the COMPOSITION layer: the fuzz targets import the composed gate,
# which pulls the three @askalf/* packages (git-hosted, pinned) plus the MCP SDK.
# So the fuzz build installs the project's own runtime deps first, then merges the
# fuzz-only Jazzer.js on top — Jazzer is never added to the project manifest.
#
# The invariants under test (see fuzz/*.fuzz.js): the composed gate sits in the
# agent's hot path and must NEVER throw into the agent on arbitrary input, and
# must FAIL CLOSED — it proceeds only when redstamp itself would allow the action.
cd "$SRC/agent-security-stack"

# The root lockfile resolves the @askalf/* deps to git+ssh://git@github.com URLs.
# GitHub-hosted CI runners can clone those, but this OSS-Fuzz build container has
# no SSH key — so rewrite ssh -> anonymous https (these repos are public) at clone
# time, without touching the shared lockfile.
git config --global --add url."https://github.com/".insteadOf "ssh://git@github.com/"
git config --global --add url."https://github.com/".insteadOf "git@github.com:"

# 1. project runtime deps — npm ci verifies every integrity hash in the committed
# root lockfile (the @askalf/* deps are git-pinned there; the MCP SDK is on npm).
npm ci --no-audit --no-fund

# 2. fuzz-only Jazzer.js, hash-pinned by .clusterfuzzlite/package-lock.json, merged
# into the project's node_modules without touching the project's package.json.
(cd .clusterfuzzlite && npm ci --no-audit --no-fund)
cp -a .clusterfuzzlite/node_modules/. node_modules/

# compile_javascript_fuzzer executes node_modules/@jazzer.js/core/dist/cli.js
# relative to the project root, so the merge above puts it where it expects.
for target in composed_gate egress_host; do
compile_javascript_fuzzer agent-security-stack "fuzz/${target}.fuzz.js" --sync
done
Loading