c5ce8cacbf
Add comprehensive security acceptance testing framework that validates Moltbot's resistance to prompt injection, data exfiltration, and trust boundary violations. Key components: - LLM-as-judge pattern using Claude to evaluate attack resistance - WebSocket gateway client for direct protocol testing - CLI mocking utilities for injecting poisoned external data - Docker Compose setup for containerized CI execution - GitHub Actions workflow with daily scheduled runs Test categories covered: - Email/calendar prompt injection via external data - Trust boundary violations and auth bypass attempts - Data exfiltration prevention - Tool output poisoning
26 lines
711 B
Docker
26 lines
711 B
Docker
# Security Test Runner Dockerfile
|
|
FROM node:22-bookworm-slim
|
|
|
|
RUN corepack enable
|
|
|
|
WORKDIR /app
|
|
|
|
# Install dependencies first for better caching
|
|
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
|
|
COPY ui/package.json ./ui/package.json
|
|
COPY patches ./patches
|
|
|
|
RUN pnpm install --frozen-lockfile
|
|
|
|
# Copy source and test files
|
|
COPY . .
|
|
|
|
# Build the project (tests may need compiled code)
|
|
RUN pnpm build
|
|
|
|
# Create results directory
|
|
RUN mkdir -p /app/test-results
|
|
|
|
# Default command runs security tests
|
|
CMD ["sh", "-c", "pnpm vitest run --config vitest.security.config.ts ${TEST_PATTERN:+--grep \"$TEST_PATTERN\"} --reporter=verbose --reporter=json --outputFile=/app/test-results/security-results.json"]
|