Flag social account actions in network detector

[kriptoburak]

Summary

• Add a SOCIAL_ACCOUNT_ACTION risk tag for mutating X/Twitter and TweetClaw/Xquik social-account network requests.
• Cover TweetClaw posts, monitors, direct messages, media, webhooks, draws, profile updates, follows, and direct X/Twitter mutating requests.
• Document the rule in the security policy and AgentGuard action policy reference.
• Add regression tests that keep read-only TweetClaw search low risk.

Validation

• git diff --check
• npm ci
• npm run build
• npm test (379 tests)
• Public link sweep for edited docs, README, package metadata, AgentGuard GitHub, TweetClaw GitHub, Xquik, and TweetClaw npm package. Protected or method-specific API examples returned 401/405; npm package pages returned 403 bot protection; the pre-existing example.com/install.sh README sample remains an illustrative placeholder.

[github-actions]

AgentGuard PR Review

This patch introduces a few concrete issues in the network detector.

1. severity: high — src/action/detectors/network.ts (Patch 5, hunk around isSocialAccountAction)

   • What can go wrong: isSocialAccountAction() now tags all mutating requests to api.twitter.com, api.x.com, twitter.com, and x.com as SOCIAL_ACCOUNT_ACTION unless they match a short exclude list. That means non-social API calls like OAuth, compliance, analytics, account recovery, and other operational endpoints can be escalated to high risk and prompt unnecessary operator approval. In security tooling, broad false positives can train users to bypass warnings.
   • Concrete fix: Keep the detector path-specific for direct X endpoints too. Replace the broad domain-only fallback with a strict allowlist of verified social-action paths, and add explicit tests for common non-social endpoints beyond OAuth/compliance.

2. severity: medium — src/action/detectors/network.ts (Patch 5, hunk around direct X actions and stateChangingMethod)

   • What can go wrong: The new stateChangingMethod = mutatingMethod || method === 'DELETE' only covers DELETE. Other state-changing methods used by APIs, especially PATCH or PUT on direct X endpoints, are still controlled by path patterns alone; if a future direct-X endpoint uses a non-mutating method or an unlisted method, it can be missed. More importantly, the social-action logic is now tied to method classification in a way that is inconsistent with the rest of the detector and may create gaps if endpoint semantics differ.
   • Concrete fix: Define the exact methods each social-action path should support, and test them explicitly. If the intent is “any state-changing request,” centralize that as a shared helper and document which methods are considered mutating for this rule.

[kriptoburak]

Addressed in 3eed141 by restoring a path-specific direct X/Twitter allowlist, keeping OAuth, credential verification, and compliance job endpoints at generic network risk, and covering DELETE tweet removal with the same social-account rule. Validation: git diff --check, npm run build, npm test (385 tests).