openclacky 1.0.0 → 1.0.2

data/lib/clacky/tools/security.rb

@@ -22,16 +22,23 @@ module Clacky
     #   1. Block hard-dangerous commands:       sudo, pkill clacky, eval, exec,
     #                                           `...`, $(...), | sh, | bash,
     #                                           redirect to /etc /usr /bin.
-    #   2. Rewrite `rm` → `mv <file> <trash>`   so the file is recoverable.
-    #   3. Rewrite `curl ... | bash` → save     script to a file for manual
+    #   2. Rewrite `curl ... | bash` → save     script to a file for manual
     #                                           review instead of exec.
-    #   4. Protect credential/secret files:     .env, .ssh/, .aws/ — block
+    #   3. Protect credential/secret files:     .env, .ssh/, .aws/ — block
     #                                           writes to these only. Other
     #                                           "project" files (Gemfile,
     #                                           README.md, package.json, …)
     #                                           are NOT protected — editing
     #                                           them is a normal dev task.
     #
+    # Note on `rm`:
+    #   `rm` is NOT rewritten here — it's intercepted at runtime by a shell
+    #   function installed in each PTY session (see Terminal::SAFE_RM_BASH
+    #   and Terminal#install_marker). This lets the shell's own parser
+    #   handle heredocs / multi-line / globs / variables correctly. A
+    #   static Ruby-side rewrite cannot — it would mis-parse heredoc
+    #   bodies and destroy legitimate commands.
+    #
     # Notes:
     #   - `cp`, `mv`, `mkdir`, `touch`, `echo` are allowed to touch ANY path
     #     (including outside the project root). The source of a `cp` is
@@ -96,7 +103,6 @@ module Clacky
           @project_root = File.expand_path(project_root)
 
           trash_directory = Clacky::TrashDirectory.new(@project_root)
-          @trash_dir  = trash_directory.trash_dir
           @backup_dir = trash_directory.backup_dir
 
           @project_hash = trash_directory.generate_project_hash(@project_root)
@@ -114,12 +120,16 @@ module Clacky
           @safe_check_command = Clacky::Utils::Encoding.safe_check(command)
 
           case @safe_check_command
-          when /pkill.*clacky|killall.*clacky|kill\s+.*\bclacky\b/i
-            raise SecurityError, "Killing the clacky server process is not allowed. To restart, use: kill -USR1 $CLACKY_MASTER_PID"
-          when /clacky\s+server/
-            raise SecurityError, "Managing the clacky server from within a session is not allowed. To restart, use: kill -USR1 $CLACKY_MASTER_PID"
-          when /^rm\s+/
-            replace_rm_command(command)
+          # Block attempts to terminate the clacky server process.
+          # IMPORTANT: each verb is anchored with \b so substrings like
+          # "Skill" (contains "kill") or "Bill Killalina" don't trigger
+          # false positives. We also require `clacky` to appear as a whole
+          # word AND within a reasonable distance (same logical command,
+          # not hundreds of chars later in an unrelated echo string).
+          when /\bpkill\b[^\n;|&]{0,80}\bclacky\b|\bkillall\b[^\n;|&]{0,80}\bclacky\b|\bkill\s+(?:-\S+\s+)*[^\n;|&]{0,40}\bclacky\b/i
+            raise SecurityError, "Killing the clacky server process is not allowed. To restart, use: #{restart_hint}"
+          when /\bclacky\s+server\b/
+            raise SecurityError, "Managing the clacky server from within a session is not allowed. To restart, use: #{restart_hint}"
           when /^chmod\s+x/
             replace_chmod_command(command)
           when /^curl.*\|\s*(sh|bash)/
@@ -136,27 +146,6 @@ module Clacky
           end
         end
 
-        def replace_rm_command(command)
-          files = parse_rm_files(command)
-          raise SecurityError, "No files specified for deletion" if files.empty?
-
-          commands = files.map do |file|
-            validate_file_path(file)
-
-            timestamp = Time.now.strftime("%Y%m%d_%H%M%S_%N")
-            safe_name = "#{File.basename(file)}_deleted_#{timestamp}"
-            trash_path = File.join(@trash_dir, safe_name)
-
-            create_delete_metadata(file, trash_path) if File.exist?(file)
-
-            "mv #{Shellwords.escape(file)} #{Shellwords.escape(trash_path)}"
-          end
-
-          result = commands.join(' && ')
-          log_replacement("rm", result, "Files moved to trash instead of permanent deletion")
-          result
-        end
-
         def replace_chmod_command(command)
           begin
             parts = Shellwords.split(command)
@@ -194,6 +183,22 @@ module Clacky
           command
         end
 
+        # Build a copy-pasteable "how to restart clacky server" hint.
+        # When running inside a clacky server worker, `CLACKY_MASTER_PID` is
+        # injected by ServerMaster (see server_master.rb). We keep the
+        # variable name in the hint (so the AI / user learns the standard
+        # convention) AND append the resolved PID in parentheses so it's
+        # immediately actionable. When the variable isn't set (e.g. one-shot
+        # CLI invocation), we just show the variable name.
+        def restart_hint
+          pid = ENV["CLACKY_MASTER_PID"].to_s
+          if pid =~ /\A\d+\z/
+            "kill -USR1 $CLACKY_MASTER_PID  (current master PID: #{pid})"
+          else
+            "kill -USR1 $CLACKY_MASTER_PID"
+          end
+        end
+
         # Relaxed validator for mv / cp / mkdir / touch / echo.
         #
         # Historical behavior was to forbid any path outside @project_root,
@@ -258,16 +263,6 @@ module Clacky
           command
         end
 
-        def parse_rm_files(command)
-          begin
-            parts = Shellwords.split(command)
-          rescue ArgumentError
-            parts = command.split(/\s+/)
-          end
-
-          parts.drop(1).reject { |part| part.start_with?('-') }
-        end
-
         # Block writes that would clobber credentials / secrets.
         # These are the only paths truly dangerous to write to by accident:
         #   - ~/.ssh/*          (SSH private keys)
@@ -298,30 +293,12 @@ module Clacky
           end
         end
 
-        # Kept for `rm` handler — which rewrites rm → mv-to-trash. We still
-        # want to prevent accidentally trashing a secret file.
+        # Alias retained for readability — chmod handler validates that
+        # the target is not a credential/secret file.
         def validate_file_path(path)
           validate_secret_write(path)
         end
 
-        def create_delete_metadata(original_path, trash_path)
-          metadata = {
-            original_path: File.expand_path(original_path),
-            project_root: @project_root,
-            trash_directory: File.dirname(trash_path),
-            deleted_at: Time.now.iso8601,
-            deleted_by: 'AI_Terminal',
-            file_size: File.size(original_path),
-            file_type: File.extname(original_path),
-            file_mode: File.stat(original_path).mode.to_s(8)
-          }
-
-          metadata_file = "#{trash_path}.metadata.json"
-          File.write(metadata_file, JSON.pretty_generate(metadata))
-        rescue StandardError => e
-          log_warning("Failed to create metadata for #{original_path}: #{e.message}")
-        end
-
         def log_replacement(original, replacement, reason)
           write_log(
             action: 'command_replacement',
@@ -342,12 +319,13 @@ module Clacky
           # Logging must never break main functionality.
         end
 
-        private :replace_rm_command, :replace_chmod_command,
+        private :replace_chmod_command,
                 :replace_curl_pipe_command, :block_sudo_command,
                 :allow_dev_null_redirect, :validate_and_allow,
-                :validate_general_command, :parse_rm_files,
+                :validate_general_command,
                 :validate_file_path, :validate_secret_write,
-                :create_delete_metadata, :log_replacement,
+                :restart_hint,
+                :log_replacement,
                 :log_warning, :write_log
       end
     end

data/lib/clacky/tools/terminal/persistent_session.rb

@@ -125,15 +125,16 @@ module Clacky
         end
 
         # Put a session back into the persistent slot after a successful
-        # command. If the slot is already filled (concurrent call built
-        # another one), we just discard the extra to avoid leaks.
+        # command. Returns true if stored (caller keeps the session),
+        # false if the slot was already filled or the session is unhealthy
+        # (caller MUST clean up the session — fds and process — itself).
         def release(session)
           @mutex.synchronize do
             if @session.nil? && session_healthy?(session)
               @session = session
+              true
             else
-              # Either we already have one, or this one looks unhealthy.
-              # Let the caller's cleanup_session path handle teardown.
+              false
             end
           end
         end
@@ -156,6 +157,7 @@ module Clacky
             rescue StandardError
               # ignore
             end
+            close_fds(sess)
           end
         end
 
@@ -168,11 +170,20 @@ module Clacky
           rescue StandardError
             # ignore
           end
+          close_fds(sess)
           SessionManager.forget(sess.id)
         end
 
         private :drop_locked
 
+        # Close all open file descriptors on a session struct. Safe to call
+        # multiple times (all closes are rescue-wrapped).
+        private def close_fds(session)
+          session.log_io&.close rescue nil
+          session.writer&.close rescue nil
+          session.reader&.close rescue nil
+        end
+
         def session_healthy?(session)
           return false unless session
           return false if %w[exited killed].include?(session.status.to_s)

data/lib/clacky/tools/terminal/safe_rm.sh

@@ -0,0 +1,106 @@
+# Safe rm shell function — sourced by Clacky::Tools::Terminal at the top
+# of every interactive PTY session. See terminal.rb (SAFE_RM_PATH /
+# install_marker) for rationale.
+#
+# Defines a `rm` function that moves files to $CLACKY_TRASH_DIR instead
+# of deleting them, so deletions can be recovered via `trash_manager`.
+# The metadata sidecar schema matches
+# Clacky::Tools::Security::Replacer#create_delete_metadata so
+# `trash_manager list/restore` keeps working unchanged.
+#
+# Covers: direct `rm ...` calls in the interactive shell, including
+#   multi-line commands, heredocs (heredoc bodies no longer trigger
+#   the rewriter), and shell glob expansion.
+# Does NOT cover: `command rm`, `/bin/rm` (absolute path), `xargs rm`,
+#   `find -exec rm`, and child scripts — these bypass shell functions
+#   by design. This is the same coverage the old static Ruby rewriter
+#   had; it could not see inside those either.
+
+rm() {
+  # Parse args: respect `--`, collect flag-like and path-like args.
+  local __dd=0
+  local -a __paths=() __flags=()
+  local __a
+  for __a in "$@"; do
+    if [ "$__dd" = "1" ]; then
+      __paths+=("$__a")
+    elif [ "$__a" = "--" ]; then
+      __dd=1
+    elif [ "${__a:0:1}" = "-" ] && [ -n "${__a:1}" ]; then
+      __flags+=("$__a")
+    else
+      __paths+=("$__a")
+    fi
+  done
+
+  # Trash dir is provisioned by the Ruby side via env.
+  local __trash="${CLACKY_TRASH_DIR:-}"
+  if [ -z "$__trash" ]; then
+    echo "[clacky-rm] CLACKY_TRASH_DIR not set; refusing to rm" >&2
+    return 1
+  fi
+  mkdir -p "$__trash" 2>/dev/null || true
+
+  # Safety: refuse catastrophic targets (pre-expansion by the shell).
+  local __p __norm
+  for __p in ${__paths[@]+"${__paths[@]}"}; do
+    __norm="${__p%/}"
+    [ -z "$__norm" ] && __norm="/"
+    case "$__norm" in
+      /|/root|/etc|/usr|/bin|/sbin|/var)
+        echo "[clacky-rm] refused dangerous target: $__p" >&2
+        return 1
+        ;;
+    esac
+    if [ "$__norm" = "$HOME" ] || [ "$__p" = "~" ]; then
+      echo "[clacky-rm] refused dangerous target: $__p" >&2
+      return 1
+    fi
+  done
+
+  # `-f` semantics: suppress "no such file" errors.
+  local __has_f=0 __f
+  for __f in ${__flags[@]+"${__flags[@]}"}; do
+    case "$__f" in *f*) __has_f=1 ;; esac
+  done
+
+  local __rc=0 __base __ts __dest __abs __size __mode __ext __now
+  for __p in ${__paths[@]+"${__paths[@]}"}; do
+    if [ ! -e "$__p" ] && [ ! -L "$__p" ]; then
+      if [ "$__has_f" = "0" ]; then
+        echo "rm: $__p: No such file or directory" >&2
+        __rc=1
+      fi
+      continue
+    fi
+    __base="$(basename -- "$__p")"
+    __ts="$(date +%Y%m%d_%H%M%S_%N 2>/dev/null || date +%Y%m%d_%H%M%S)"
+    __dest="$__trash/${__base}_deleted_${__ts}"
+    # Resolve absolute path for metadata BEFORE mv (path won't exist after).
+    if [ -d "$__p" ]; then
+      __abs="$(cd "$__p" 2>/dev/null && pwd)" || __abs="$__p"
+    else
+      __abs="$(cd "$(dirname -- "$__p")" 2>/dev/null && pwd)/$(basename -- "$__p")" || __abs="$__p"
+    fi
+    # Size / mode best-effort; ignore for dirs or on failure.
+    __size="$(stat -f%z "$__p" 2>/dev/null || stat -c%s "$__p" 2>/dev/null || echo 0)"
+    __mode="$(stat -f%Lp "$__p" 2>/dev/null || stat -c%a "$__p" 2>/dev/null || echo 644)"
+    case "$__base" in
+      *.*) __ext=".${__base##*.}" ;;
+      *)   __ext="" ;;
+    esac
+    __now="$(date -u +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date +%s)"
+    if command mv -- "$__p" "$__dest" 2>/dev/null; then
+      # Metadata sidecar — schema matches
+      # Clacky::Tools::Security::Replacer#create_delete_metadata so
+      # `trash_manager list/restore` continue to work.
+      printf '{"original_path":"%s","trash_directory":"%s","deleted_at":"%s","deleted_by":"clacky_rm_shell","file_size":%s,"file_type":"%s","file_mode":"%s"}\n' \
+        "$__abs" "$__trash" "$__now" "${__size:-0}" "$__ext" "${__mode:-644}" \
+        > "$__dest.metadata.json" 2>/dev/null || true
+    else
+      echo "rm: failed to move $__p to trash" >&2
+      __rc=1
+    fi
+  done
+  return $__rc
+}

data/lib/clacky/tools/terminal/session_manager.rb

@@ -175,12 +175,17 @@ module Clacky
             end
           end
 
-          # Kill every live session. Called from at_exit.
+          # Kill every live session and close any open fds. Called from at_exit.
           def kill_all!
             (@sessions.values rescue []).each do |s|
-              next if s.status == "exited" || s.status == "killed"
-              Process.kill("KILL", s.pid) rescue nil
+              begin
+                Process.kill("KILL", s.pid) unless %w[exited killed].include?(s.status.to_s)
+              rescue StandardError
+                # ignore
+              end
               s.log_io&.close rescue nil
+              s.writer&.close rescue nil
+              s.reader&.close rescue nil
             end
           end