registry  /  @orcha-ai/runtime-bridge  /  0.1.4

@orcha-ai/runtime-bridge@0.1.4

Local Orcha runtime bridge for ACP-compatible agent runtimes.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

User-invoked runtime bridge exposes local agent runtimes to Orcha over HTTP/WebSocket and can spawn configured CLI/ACP targets. It may read matching Codex transcript artifacts and send runtime updates, but this is aligned with the documented bridge function and is not install-triggered.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs orcha-runtime-bridge, npm start, or orcha-runtime-bridge start.
Impact
Remote Orcha requests can create agents, dispatch prompts, cancel sessions, and respond to permissions for configured local runtimes while the bridge is running.
Mechanism
agent runtime bridge with configured child process execution and WebSocket/HTTP RPC relay
Rationale
Static inspection confirms dangerous agent-facing bridge capability, child process spawning, and transcript/artifact collection, but all are user-invoked and documented for the Orcha runtime bridge. No lifecycle hijack, hidden exfiltration, destructive behavior, or unconsented foreign agent configuration mutation was found.
Evidence
package.jsonbin/orcha-runtime-bridge.jsREADME.md.env.example.env.orcha-runtime-bridge.pid.orcha-runtime-bridge.logCODEX_HOME/sessions~/.codex/sessions
Network endpoints3
ORCHA_RUNTIME_ORCHA_URL/api/agent-runtime-bridge/wsorcha.tansuo.cloudorcha.example.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/orcha-runtime-bridge.js spawns configured runtime commands and relays prompt/update data over HTTP/WebSocket bridge paths.
  • CLI can run detached via user-invoked start, writing .orcha-runtime-bridge.pid and .orcha-runtime-bridge.log.
  • Codex CLI support reads CODEX_HOME or ~/.codex/sessions transcripts to collect matching runtime output/artifacts.
  • Reads ORCHA_RUNTIME_* env/.env values including node token, bridge token, target command JSON, pid/log paths.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; activation is bin or npm start.
  • No package code writes Claude/Codex/Cursor/MCP control-surface configs or shell/VCS persistence files during install.
  • Network endpoint is package-aligned Orcha runtime bridge WebSocket derived from ORCHA_RUNTIME_ORCHA_URL.
  • Command execution is explicit runtime target behavior configured by ORCHA_RUNTIME_TARGETS_JSON, not hidden payload execution.
  • Logs redact keys matching token/secret/password/authorization before JSON logging.
Behavioral surface
Source
EnvironmentVars
Supply chain
Minified
Manifest
NoLicense
scanned 1 file(s), 49.1 KB of source

Source & flagged code

2 flagged · loading source
bin/orcha-runtime-bridge.jsView file
1#!/usr/bin/env node L2: import{spawn as rn}from"node:child_process";import{closeSync as nn,existsSync as Te,mkdirSync as sn,openSync as on,readFileSync as Rt,rmSync as an,statSync as pe,writeFileSync as w... L3: `):""}var G=class{constructor(t){this.agent=t,this.sessionCounter=0}async sessionNew(){return this.sessionCounter+=1,{sessionId:`echo-${this.agent.agentId}-${this.sessionCounter}`}... ... L14: `?1:0)).trim()}function Hr(e){let t=String(e||"").trim();if(!t.endsWith("}"))return"";for(let r=t.lastIndexOf("{");r>=0;r=t.lastIndexOf("{",r-1)){let n=t.slice(r);try{let s=JSON.pa... L15: `)}];return this.prompt({...t,agentId:n,sessionId:c,prompt:l},r)}async requestPermission({agent:t,runtimeSessionId:r,request:n,emitUpdate:s}){let i=Z(),a=this.runtimeSessionIndex.g... L16: `).replaceAll("\\r","\r").replaceAll("\\t"," ").replaceAll('\\"','"').replaceAll("\\\\","\\")}function tn(e){let t=!1,r=!1;for(let n=0;n<e.length;n+=1){let s=e[n],i=e[n-1];if(s==="...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/orcha-runtime-bridge.jsView on unpkg · L1
1#!/usr/bin/env node L2: import{spawn as rn}from"node:child_process";import{closeSync as nn,existsSync as Te,mkdirSync as sn,openSync as on,readFileSync as Rt,rmSync as an,statSync as pe,writeFileSync as w... L3: `):""}var G=class{constructor(t){this.agent=t,this.sessionCounter=0}async sessionNew(){return this.sessionCounter+=1,{sessionId:`echo-${this.agent.agentId}-${this.sessionCounter}`}... L4: \r ... L14: `?1:0)).trim()}function Hr(e){let t=String(e||"").trim();if(!t.endsWith("}"))return"";for(let r=t.lastIndexOf("{");r>=0;r=t.lastIndexOf("{",r-1)){let n=t.slice(r);try{let s=JSON.pa... L15: `)}];return this.prompt({...t,agentId:n,sessionId:c,prompt:l},r)}async requestPermission({agent:t,runtimeSessionId:r,request:n,emitUpdate:s}){let i=Z(),a=this.runtimeSessionIndex.g... L16: `).replaceAll("\\r","\r").replaceAll("\\t"," ").replaceAll('\\"','"').replaceAll("\\\\","\\")}function tn(e){let t=!1,r=!1;for(let n=0;n<e.length;n+=1){let s=e[n],i=e[n-1];if(s==="...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/orcha-runtime-bridge.jsView on unpkg · L1

Findings

2 High1 Medium2 Low
HighSame File Env Network Executionbin/orcha-runtime-bridge.js
HighCommand Output Exfiltrationbin/orcha-runtime-bridge.js
MediumEnvironment Vars
LowScripts Present
LowNo License