npm - @agfpd/iapeer-memory-core - Versions diffs - 0.2.5 → 0.2.6 - Mend

@agfpd/iapeer-memory-core 0.2.5 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agfpd/iapeer-memory-core",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "description": "iapeer-memory core — host-neutral TypeScript memory primitive: vault schema/taxonomy config, search engine, memoryd, context renderer, role contracts. Consumed by the @agfpd/iapeer-memory facade; version kept in lockstep by its release flow (docs/10-distribution.md).",
   "license": "MIT",
   "type": "module",

package/src/fs-guard.ts CHANGED Viewed

@@ -21,6 +21,10 @@
  *
  * Deliberately NOT guarded in v1: `mkdirSync` (creates empty dirs — no data
  * loss / no content leak; the write that would fill them refuses) and reads.
+ * v2 (boris GO 11.06 evening) narrows both exceptions where they fed the
+ * residual lane: the segment rule refuses writes into harness trees outside
+ * the sandbox roots, and `sandboxBlocksProdRead` gates the prod reads that
+ * NAME live cwds (fleet.json, the provider slot).
  */
 import fs from "node:fs";
@@ -56,7 +60,70 @@ export function isUnderProdAnchor(filePath: string): boolean {
   );
 }
-/** Throws under an armed sandbox env when the path targets a prod anchor.
+/**
+ * v2 segment rule (accepted by boris 11.06 evening — residual lane of the
+ * incident-№4 class): a `.iapeer`, `.claude` or `.codex` directory ANYWHERE
+ * on disk is a session surface of some peer — peer cwds live in
+ * `~/Projects/*`, `~/Peers/*`, OUTSIDE every prod anchor (probe 11.06:
+ * 24/29 fleet cwds; a fragments/surfaces write into a live tree passed the
+ * v1 anchor belt). Under the sandbox, a write that crosses a harness
+ * segment must sit inside a sandbox root: tmp, or an EXPLICIT
+ * IAPEER_ROOT / IAPEER_MEMORY_*_DIR override (an explicit override IS the
+ * authorisation — same semantics as the egress hub's `--iapeer-bin`
+ * allowance).
+ */
+const HARNESS_SEGMENTS = new Set([".iapeer", ".claude", ".codex"]);
+function realpathOrSelf(p: string): string {
+  try {
+    return fs.realpathSync(p);
+  } catch {
+    return p;
+  }
+}
+/** Roots a sandboxed test may legitimately write harness trees under.
+ *  `/tmp` is listed besides os.tmpdir(): on macOS os.tmpdir() is the
+ *  per-process $TMPDIR (/var/folders/…) while fixtures commonly use a
+ *  literal /tmp; the realpath twins cover the /var → /private/var symlink. */
+function sandboxRoots(): string[] {
+  const roots = [os.tmpdir(), realpathOrSelf(os.tmpdir()), "/tmp", realpathOrSelf("/tmp")];
+  for (const key of [
+    "IAPEER_ROOT",
+    "IAPEER_MEMORY_STATE_DIR",
+    "IAPEER_MEMORY_CACHE_DIR",
+    "IAPEER_MEMORY_LOGS_DIR",
+  ]) {
+    const v = process.env[key];
+    if (v) roots.push(v);
+  }
+  const cfg = process.env.IAPEER_MEMORY_CONFIG_FILE;
+  if (cfg) roots.push(path.dirname(path.resolve(cfg)));
+  return roots.map((r) => path.resolve(r));
+}
+/** True when the path crosses a harness-surface segment OUTSIDE every
+ *  sandbox root. Exported for tests (predicate-level, no write armed). */
+export function isHarnessTreeOutsideSandbox(filePath: string): boolean {
+  const resolved = path.resolve(filePath);
+  if (!resolved.split(path.sep).some((seg) => HARNESS_SEGMENTS.has(seg))) return false;
+  const roots = sandboxRoots();
+  return !roots.some((r) => resolved === r || resolved.startsWith(r + path.sep));
+}
+/**
+ * Read-as-egress parity for prod STATE (the И4 precedent — live config.env
+ * skip in cli.ts): data that NAMES live peer cwds (fleet.json, the
+ * memory-provider slot) must not flow into a sandboxed process from the
+ * prod store — it is the SOURCE feeding the residual write lane above.
+ * Callers treat a blocked read as «file absent» and report honestly.
+ */
+export function sandboxBlocksProdRead(filePath: string): boolean {
+  return sandboxEnvArmed() && isUnderProdAnchor(filePath);
+}
+/** Throws under an armed sandbox env when the path targets a prod anchor
+ *  (v1) or a harness tree outside the sandbox roots (v2 segment rule).
  *  The op name makes the refusal teach: WHICH write was stopped. */
 export function assertSandboxWritablePath(filePath: string, op: string): void {
   if (!sandboxEnvArmed()) return;
@@ -67,6 +134,14 @@ export function assertSandboxWritablePath(filePath: string, op: string): void {
         "inside its own tmp root; if the path came from the env ladder, the ladder drifted.",
     );
   }
+  if (isHarnessTreeOutsideSandbox(filePath)) {
+    throw new Error(
+      `fs-guard: ${op} refused under the test sandbox — "${filePath}" crosses a .iapeer/.claude/.codex ` +
+        "segment OUTSIDE the sandbox roots (tmp, IAPEER_ROOT, IAPEER_MEMORY_*_DIR). Harness surfaces " +
+        "of live peers live in arbitrary cwds — a test may only touch such trees inside its own sandbox; " +
+        "if the cwd came from fleet.json/the registry, the sandbox read-gate drifted.",
+    );
+  }
 }
 export function guardedWriteFileSync(

package/src/index.ts CHANGED Viewed

@@ -74,6 +74,8 @@ export { makeLogger, type Logger } from "./log.js";
 export {
   sandboxEnvArmed,
   isUnderProdAnchor,
+  isHarnessTreeOutsideSandbox,
+  sandboxBlocksProdRead,
   assertSandboxWritablePath,
   guardedWriteFileSync,
   guardedUnlinkSync,

package/src/memoryd.ts CHANGED Viewed

@@ -58,7 +58,7 @@ import {
   type RenderContext,
 } from "./index-render.js";
 import { renderPeerFragment, type FragmentEnv } from "./context-render.js";
-import { guardedWriteFileSync, guardedUnlinkSync } from "./fs-guard.js";
+import { guardedWriteFileSync, guardedUnlinkSync, sandboxBlocksProdRead } from "./fs-guard.js";
 import {
   isSilentEdit,
   readStampRecord,
@@ -659,11 +659,23 @@ export async function startMemoryd(opts: MemorydOptions): Promise<MemorydHandle>
   // ── per-peer fragments (docs/05: свежесть за секунды от FS-изменений) ──
   const fragments = opts.fragments ?? null;
   let fleetCache: { mtimeMs: number; peers: FleetPeer[] } | null = null;
+  let warnedFleetReadBlocked = false;
   /** Fail-open fleet map reader with an mtime cache: missing/malformed file
    *  → empty fleet (rendering quietly off), never throws. */
   function readFleetMap(): FleetPeer[] {
     if (!fragments) return [];
+    // Read-as-egress (И4 parity): the prod fleet map NAMES live cwds — a
+    // sandboxed process must not learn them. Empty fleet = rendering off.
+    if (sandboxBlocksProdRead(fragments.fleetMapPath)) {
+      if (!warnedFleetReadBlocked) {
+        warnedFleetReadBlocked = true;
+        logger.warn(
+          `fragments: live fleet map skipped under the test sandbox (${fragments.fleetMapPath}) — set IAPEER_MEMORY_STATE_DIR/IAPEER_ROOT`,
+        );
+      }
+      return [];
+    }
     try {
       const st = fs.statSync(fragments.fleetMapPath);
       if (fleetCache && fleetCache.mtimeMs === st.mtimeMs) return fleetCache.peers;