ace-prompt-prep 0.25.6 → 0.25.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/ace/prompt_prep/molecules/bundle_loader.rb +29 -7
- data/lib/ace/prompt_prep/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9bee1d36cf1dc194defba79f0106cd45b9914cebcd8ff7df548966a3cc60c048
|
|
4
|
+
data.tar.gz: dfa6b8109ccdf9690ebdae87d155190be2c239c73dc299cb68d4937399b66341
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 89b54e6d74589f0e2131e812cea28375fd6c54a09f0189239a207c01bf506c113a9fba88f1de50a7bbf73a94937bf2e7e437292a4c837310c95bb22ba416a7dc
|
|
7
|
+
data.tar.gz: f40d948adbf19b1efbfc4726287469233f233774ce6db6c18ac3e59e30a455466618f2819e3d0ecd3e919492a02f51e25fe579476385fc116edecde85807c715
|
data/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [0.25.7] - 2026-06-30
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
- Hardened prompt-file root-boundary checks by canonicalizing symlinked paths and missing descendants before rejecting files outside the project.
|
|
14
|
+
|
|
10
15
|
## [0.25.6] - 2026-04-19
|
|
11
16
|
|
|
12
17
|
### Technical
|
|
@@ -44,15 +44,10 @@ module Ace
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
# Resolve symlinks and validate project boundaries
|
|
47
|
-
real_path = begin
|
|
48
|
-
File.realpath(prompt_path)
|
|
49
|
-
rescue
|
|
50
|
-
prompt_path
|
|
51
|
-
end
|
|
52
47
|
project_root = Ace::Support::Fs::Molecules::ProjectRootFinder.find_or_current
|
|
53
48
|
|
|
54
|
-
unless
|
|
55
|
-
warn "Error: File path resolves outside project: #{
|
|
49
|
+
unless path_within_root?(prompt_path, project_root)
|
|
50
|
+
warn "Error: File path resolves outside project: #{canonical_path(prompt_path)}"
|
|
56
51
|
return ""
|
|
57
52
|
end
|
|
58
53
|
|
|
@@ -172,6 +167,33 @@ module Ace
|
|
|
172
167
|
|
|
173
168
|
true
|
|
174
169
|
end
|
|
170
|
+
|
|
171
|
+
def self.path_within_root?(path, root)
|
|
172
|
+
canonical = canonical_path(path)
|
|
173
|
+
canonical_root = canonical_path(root)
|
|
174
|
+
canonical == canonical_root || canonical.start_with?("#{canonical_root}#{File::SEPARATOR}")
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
def self.canonical_path(path)
|
|
178
|
+
expanded = File.expand_path(path)
|
|
179
|
+
return File.realpath(expanded) if File.exist?(expanded)
|
|
180
|
+
|
|
181
|
+
canonical_missing_path(expanded)
|
|
182
|
+
rescue
|
|
183
|
+
File.expand_path(path)
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
def self.canonical_missing_path(path)
|
|
187
|
+
parent = path
|
|
188
|
+
suffix = []
|
|
189
|
+
until File.exist?(parent) || parent == File.dirname(parent)
|
|
190
|
+
suffix.unshift(File.basename(parent))
|
|
191
|
+
parent = File.dirname(parent)
|
|
192
|
+
end
|
|
193
|
+
return path unless File.exist?(parent)
|
|
194
|
+
|
|
195
|
+
File.join(File.realpath(parent), *suffix)
|
|
196
|
+
end
|
|
175
197
|
end
|
|
176
198
|
end
|
|
177
199
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ace-prompt-prep
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.25.
|
|
4
|
+
version: 0.25.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michal Czyz
|
|
8
8
|
bindir: exe
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2026-
|
|
10
|
+
date: 2026-06-30 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: ace-support-config
|