@babylen/legion 0.1.4 → 0.1.5

package/dist/index.js

@@ -27,7 +27,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var import_child_process = require("child_process");
 
 // package.json
-var version = "0.1.4";
+var version = "0.1.5";
 
 // src/index.ts
 var import_socket = require("socket.io-client");
@@ -43,7 +43,9 @@ var ConfigSchema = import_zod.z.object({
   // Token ID from database (for faster lookup)
   token: import_zod.z.string(),
   // Secret token (lg_xxx format)
-  serverUrl: import_zod.z.string().url()
+  serverUrl: import_zod.z.string().url(),
+  allowedPaths: import_zod.z.array(import_zod.z.string()).optional()
+  // Whitelist paths for file system access
 });
 var HOME_DIR = import_os.default.homedir();
 var CONFIG_DIR = import_path.default.join(HOME_DIR, ".tanuki");
@@ -96,8 +98,17 @@ async function getConfig() {
   if (id) {
     config2.id = id;
   }
+  if (fileConfig?.allowedPaths) {
+    config2.allowedPaths = fileConfig.allowedPaths;
+  }
   return config2;
 }
+function getAllowedPaths(config2) {
+  if (config2.allowedPaths && config2.allowedPaths.length > 0) {
+    return config2.allowedPaths.map((p) => import_path.default.resolve(p));
+  }
+  return [HOME_DIR];
+}
 async function updateConfig(updates) {
   const currentConfig = await loadConfig();
   if (!currentConfig) {
@@ -326,6 +337,389 @@ async function getSystemFingerprint() {
   return cachedFingerprint;
 }
 
+// src/file/legion-bridge.ts
+var import_promises4 = __toESM(require("fs/promises"));
+var import_path4 = __toESM(require("path"));
+var log = Log.create({ service: "file.legion-bridge" });
+async function listFiles(targetPath, depth = 1) {
+  const resolved = import_path4.default.resolve(targetPath);
+  const exclude = [".git", ".DS_Store", ".tanuki"];
+  const nodes = [];
+  try {
+    const entries = await import_promises4.default.readdir(resolved, { withFileTypes: true });
+    for (const entry of entries) {
+      if (exclude.includes(entry.name)) continue;
+      const fullPath = import_path4.default.join(resolved, entry.name);
+      const isDirectory = entry.isDirectory();
+      const node = {
+        name: entry.name,
+        path: fullPath,
+        type: isDirectory ? "directory" : "file"
+      };
+      if (!isDirectory) {
+        try {
+          const stats = await import_promises4.default.stat(fullPath);
+          node.size = stats.size;
+        } catch {
+        }
+      }
+      nodes.push(node);
+    }
+  } catch (error) {
+    log.error("Failed to list directory", { error, targetPath });
+    throw error;
+  }
+  return nodes.sort((a, b) => {
+    if (a.type !== b.type) {
+      return a.type === "directory" ? -1 : 1;
+    }
+    return a.name.localeCompare(b.name);
+  });
+}
+async function shouldEncode(file) {
+  const type = file.type?.toLowerCase();
+  if (!type) return false;
+  if (type.startsWith("text/")) return false;
+  if (type.includes("charset=")) return false;
+  const parts = type.split("/", 2);
+  const top = parts[0];
+  const rest = parts[1] ?? "";
+  const sub = rest.split(";", 1)[0];
+  const tops = ["image", "audio", "video", "font", "model", "multipart"];
+  if (tops.includes(top)) return true;
+  const bins = [
+    "zip",
+    "gzip",
+    "bzip",
+    "compressed",
+    "binary",
+    "pdf",
+    "msword",
+    "vnd.ms",
+    "octet-stream"
+  ];
+  if (bins.includes(sub)) return true;
+  try {
+    const buffer = await file.arrayBuffer();
+    if (buffer.byteLength === 0) return false;
+    const view = new Uint8Array(buffer.slice(0, 512));
+    return view.some((byte) => byte === 0);
+  } catch {
+    return false;
+  }
+}
+async function readFile(filePath, maxSize = 1024 * 1024) {
+  const resolved = import_path4.default.resolve(filePath);
+  const bunFile = Bun.file(resolved);
+  if (!await bunFile.exists()) {
+    throw new Error(`File not found: ${filePath}`);
+  }
+  let stats;
+  try {
+    stats = await import_promises4.default.stat(resolved);
+  } catch (error) {
+    throw new Error(`Failed to stat file: ${filePath}`);
+  }
+  if (stats.size > maxSize) {
+    return {
+      type: "blob",
+      size: stats.size,
+      error: "too_large"
+    };
+  }
+  const encode = await shouldEncode(bunFile);
+  if (encode) {
+    const buffer = await bunFile.arrayBuffer();
+    const content2 = Buffer.from(buffer).toString("base64");
+    const mimeType = bunFile.type || "application/octet-stream";
+    return {
+      type: "blob",
+      content: content2,
+      encoding: "base64",
+      mimeType,
+      size: stats.size
+    };
+  }
+  const content = await bunFile.text().catch(() => "");
+  return {
+    type: "text",
+    content,
+    encoding: "utf-8",
+    size: stats.size
+  };
+}
+
+// src/core/path-validator.ts
+var import_path6 = __toESM(require("path"));
+var import_fs3 = require("fs");
+
+// src/util/filesystem.ts
+var import_fs2 = require("fs");
+var import_path5 = require("path");
+var Filesystem;
+((Filesystem2) => {
+  Filesystem2.exists = (p) => Bun.file(p).stat().then(() => true).catch(() => false);
+  Filesystem2.isDir = (p) => Bun.file(p).stat().then((s) => s.isDirectory()).catch(() => false);
+  function normalizePath(p) {
+    if (process.platform !== "win32") return p;
+    try {
+      return import_fs2.realpathSync.native(p);
+    } catch {
+      return p;
+    }
+  }
+  Filesystem2.normalizePath = normalizePath;
+  function overlaps(a, b) {
+    const relA = (0, import_path5.relative)(a, b);
+    const relB = (0, import_path5.relative)(b, a);
+    return !relA || !relA.startsWith("..") || !relB || !relB.startsWith("..");
+  }
+  Filesystem2.overlaps = overlaps;
+  function contains(parent, child) {
+    return !(0, import_path5.relative)(parent, child).startsWith("..");
+  }
+  Filesystem2.contains = contains;
+  async function findUp(target, start, stop) {
+    let current = start;
+    const result = [];
+    while (true) {
+      const search = (0, import_path5.join)(current, target);
+      if (await (0, Filesystem2.exists)(search)) result.push(search);
+      if (stop === current) break;
+      const parent = (0, import_path5.dirname)(current);
+      if (parent === current) break;
+      current = parent;
+    }
+    return result;
+  }
+  Filesystem2.findUp = findUp;
+  async function* up(options) {
+    const { targets, start, stop } = options;
+    let current = start;
+    while (true) {
+      for (const target of targets) {
+        const search = (0, import_path5.join)(current, target);
+        if (await (0, Filesystem2.exists)(search)) yield search;
+      }
+      if (stop === current) break;
+      const parent = (0, import_path5.dirname)(current);
+      if (parent === current) break;
+      current = parent;
+    }
+  }
+  Filesystem2.up = up;
+  async function globUp(pattern, start, stop) {
+    let current = start;
+    const result = [];
+    while (true) {
+      try {
+        const glob = new Bun.Glob(pattern);
+        for await (const match of glob.scan({
+          cwd: current,
+          absolute: true,
+          onlyFiles: true,
+          followSymlinks: true,
+          dot: true
+        })) {
+          result.push(match);
+        }
+      } catch {
+      }
+      if (stop === current) break;
+      const parent = (0, import_path5.dirname)(current);
+      if (parent === current) break;
+      current = parent;
+    }
+    return result;
+  }
+  Filesystem2.globUp = globUp;
+})(Filesystem || (Filesystem = {}));
+
+// src/core/path-validator.ts
+var log2 = Log.create({ service: "path-validator" });
+function isPathAllowed(requestedPath, allowedPaths) {
+  try {
+    const normalized = import_path6.default.resolve(requestedPath);
+    let realPath;
+    try {
+      realPath = (0, import_fs3.realpathSync)(normalized);
+    } catch {
+      realPath = normalized;
+    }
+    for (const allowed of allowedPaths) {
+      const allowedResolved = import_path6.default.resolve(allowed);
+      if (Filesystem.contains(allowedResolved, realPath)) {
+        return true;
+      }
+    }
+    log2.warn("Path access denied", { requestedPath, realPath, allowedPaths });
+    return false;
+  } catch (error) {
+    log2.error("Path validation error", { error, requestedPath });
+    return false;
+  }
+}
+
+// src/socket/handlers/fs-list.ts
+async function handleFsList(req, socket) {
+  const { path: requestedPath, depth = 1 } = req;
+  const targetPath = requestedPath || process.cwd();
+  const config2 = socket.legionConfig;
+  const allowedPaths = getAllowedPaths(config2);
+  if (!isPathAllowed(targetPath, allowedPaths)) {
+    return {
+      id: req.id,
+      status: "error",
+      error: "Access denied: path not in whitelist"
+    };
+  }
+  try {
+    const files = await listFiles(targetPath, depth);
+    return {
+      id: req.id,
+      status: "ok",
+      data: files
+    };
+  } catch (error) {
+    return {
+      id: req.id,
+      status: "error",
+      error: error instanceof Error ? error.message : "Unknown error"
+    };
+  }
+}
+
+// src/socket/handlers/fs-read.ts
+async function handleFsRead(req, socket) {
+  const { path: requestedPath, maxSize } = req;
+  if (!requestedPath) {
+    return {
+      id: req.id,
+      status: "error",
+      error: "Path is required"
+    };
+  }
+  const config2 = socket.legionConfig;
+  const allowedPaths = getAllowedPaths(config2);
+  if (!isPathAllowed(requestedPath, allowedPaths)) {
+    return {
+      id: req.id,
+      status: "error",
+      error: "Access denied: path not in whitelist"
+    };
+  }
+  try {
+    const content = await readFile(requestedPath, maxSize || 1024 * 1024);
+    return {
+      id: req.id,
+      status: "ok",
+      data: content
+    };
+  } catch (error) {
+    return {
+      id: req.id,
+      status: "error",
+      error: error instanceof Error ? error.message : "Unknown error"
+    };
+  }
+}
+
+// src/project/binding.ts
+var import_promises5 = __toESM(require("fs/promises"));
+var import_path7 = __toESM(require("path"));
+var log3 = Log.create({ service: "project.binding" });
+async function bindProject(targetPath, projectId, projectName) {
+  const resolved = import_path7.default.resolve(targetPath);
+  const tanukiDir = import_path7.default.join(resolved, ".tanuki");
+  const projectFile = import_path7.default.join(tanukiDir, "project.json");
+  await import_promises5.default.mkdir(tanukiDir, { recursive: true });
+  const config2 = {
+    id: projectId,
+    name: projectName || import_path7.default.basename(resolved)
+  };
+  await import_promises5.default.writeFile(projectFile, JSON.stringify(config2, null, 2), "utf-8");
+  const gitignorePath = import_path7.default.join(resolved, ".gitignore");
+  try {
+    let gitignoreContent = await import_promises5.default.readFile(gitignorePath, "utf-8");
+    if (!gitignoreContent.includes(".tanuki")) {
+      gitignoreContent += "\n.tanuki\n";
+      await import_promises5.default.writeFile(gitignorePath, gitignoreContent, "utf-8");
+    }
+  } catch {
+    await import_promises5.default.writeFile(gitignorePath, ".tanuki\n", "utf-8");
+  }
+  log3.info("Project bound", { path: resolved, projectId });
+  return projectFile;
+}
+
+// src/socket/handlers/project-bind.ts
+async function handleProjectBind(req, socket) {
+  const { path: requestedPath, projectId, projectName } = req;
+  if (!requestedPath) {
+    return {
+      id: req.id,
+      status: "error",
+      error: "Path is required"
+    };
+  }
+  if (!projectId) {
+    return {
+      id: req.id,
+      status: "error",
+      error: "projectId is required"
+    };
+  }
+  const config2 = socket.legionConfig;
+  const allowedPaths = getAllowedPaths(config2);
+  if (!isPathAllowed(requestedPath, allowedPaths)) {
+    return {
+      id: req.id,
+      status: "error",
+      error: "Access denied: path not in whitelist"
+    };
+  }
+  try {
+    const configPath = await bindProject(requestedPath, projectId, projectName);
+    return {
+      id: req.id,
+      status: "ok",
+      data: { configPath }
+    };
+  } catch (error) {
+    return {
+      id: req.id,
+      status: "error",
+      error: error instanceof Error ? error.message : "Unknown error"
+    };
+  }
+}
+
+// src/socket/dispatcher.ts
+var handlers = {
+  "legion:fs:list": handleFsList,
+  "legion:fs:read": handleFsRead,
+  "legion:project:bind": handleProjectBind
+};
+function setupDispatcher(socket, log4, config2) {
+  socket.legionConfig = config2;
+  for (const [event, handler] of Object.entries(handlers)) {
+    socket.on(event, async (request) => {
+      try {
+        const response = await handler(request, socket);
+        socket.emit(`${event}:response`, response);
+      } catch (error) {
+        log4.error(`Handler error for ${event}`, { error, request });
+        socket.emit(`${event}:response`, {
+          id: request.id,
+          status: "error",
+          error: error instanceof Error ? error.message : "Unknown error"
+        });
+      }
+    });
+  }
+  log4.info("Socket dispatcher initialized", { events: Object.keys(handlers) });
+}
+
 // src/index.ts
 if (process.argv.includes("--version") || process.argv.includes("-v")) {
   console.log(version);
@@ -350,7 +744,7 @@ function parseArgs() {
   }
   return parsed;
 }
-async function handleDeviceLogin(log, serverUrl = "https://tanuki.sabw.ru") {
+async function handleDeviceLogin(log4, serverUrl = "https://tanuki.sabw.ru") {
   const codeEndpoint = `${serverUrl}/api/v1/legion/device/code`;
   const tokenEndpoint = `${serverUrl}/api/v1/legion/device/token`;
   const codeResponse = await fetch(codeEndpoint, {
@@ -380,7 +774,7 @@ async function handleDeviceLogin(log, serverUrl = "https://tanuki.sabw.ru") {
         id: token_id,
         serverUrl: existingConfig?.serverUrl || "wss://tanuki.sabw.ru"
       });
-      log.info("\u2705 Device activated successfully");
+      log4.info("\u2705 Device activated successfully");
       return;
     } else if (tokenResponse.status === 202) {
       continue;
@@ -411,20 +805,20 @@ function checkForUpdates() {
     }
   }, 100);
 }
-async function enterHibernationMode(log, configFile, onConfigChanged) {
-  log.warn("\u26D4 Auth failed. Entering hibernation mode. Waiting for config update...");
-  const fs4 = await import("fs");
+async function enterHibernationMode(log4, configFile, onConfigChanged) {
+  log4.warn("\u26D4 Auth failed. Entering hibernation mode. Waiting for config update...");
+  const fs6 = await import("fs");
   return new Promise((resolve) => {
-    const watchHandle = fs4.watch(configFile, async (eventType) => {
+    const watchHandle = fs6.watch(configFile, async (eventType) => {
       if (eventType === "change") {
-        log.info("\u{1F4DD} Config file changed. Attempting reconnection...");
+        log4.info("\u{1F4DD} Config file changed. Attempting reconnection...");
         try {
           await new Promise((resolve2) => setTimeout(resolve2, 100));
           await onConfigChanged();
           watchHandle.close();
           resolve();
         } catch (error) {
-          log.error("\u274C Reconnection failed", { error });
+          log4.error("\u274C Reconnection failed", { error });
         }
       }
     });
@@ -446,9 +840,9 @@ function createSocket(config2) {
     reconnectionAttempts: Infinity
   });
 }
-function setupSocketHandlers(socket, log, fingerprint, version2, onTokenRotation, onReconnect) {
+function setupSocketHandlers(socket, log4, fingerprint, version2, onTokenRotation, onReconnect) {
   socket.on("connect", () => {
-    log.info("\u2705 Connected to server", { socketId: socket.id });
+    log4.info("\u2705 Connected to server", { socketId: socket.id });
     const handshakeData = {
       fingerprint,
       version: version2,
@@ -458,98 +852,102 @@ function setupSocketHandlers(socket, log, fingerprint, version2, onTokenRotation
       cwd: process.cwd()
     };
     socket.emit("legion:handshake", handshakeData);
-    log.debug("\u{1F4E4} Sent handshake", handshakeData);
+    log4.debug("\u{1F4E4} Sent handshake", handshakeData);
+    const socketConfig = socket.legionConfig;
+    if (socketConfig) {
+      setupDispatcher(socket, log4, socketConfig);
+    }
   });
   socket.on("connect_error", (err) => {
-    log.error("\u274C Connection error", {
+    log4.error("\u274C Connection error", {
       message: err.message,
       type: err.type
     });
     if (err.message.includes("auth") || err.message.includes("token")) {
-      log.error("\u{1F510} Authentication failed. Please check your token.");
-      log.error("\u{1F4A1} Re-authenticate by updating ~/.tanuki/config.json or LEGION_TOKEN env var");
-      enterHibernationMode(log, CONFIG_FILE, onReconnect).catch((error) => {
-        log.error("\u274C Hibernation mode failed", { error });
+      log4.error("\u{1F510} Authentication failed. Please check your token.");
+      log4.error("\u{1F4A1} Re-authenticate by updating ~/.tanuki/config.json or LEGION_TOKEN env var");
+      enterHibernationMode(log4, CONFIG_FILE, onReconnect).catch((error) => {
+        log4.error("\u274C Hibernation mode failed", { error });
         process.exit(1);
       });
     }
   });
   socket.on("disconnect", (reason) => {
-    log.warn("\u26A0\uFE0F  Disconnected from server", { reason });
+    log4.warn("\u26A0\uFE0F  Disconnected from server", { reason });
     if (reason === "io server disconnect") {
-      log.error("\u{1F6AB} Server disconnected this client. Please check your token.");
-      enterHibernationMode(log, CONFIG_FILE, onReconnect).catch((error) => {
-        log.error("\u274C Hibernation mode failed", { error });
+      log4.error("\u{1F6AB} Server disconnected this client. Please check your token.");
+      enterHibernationMode(log4, CONFIG_FILE, onReconnect).catch((error) => {
+        log4.error("\u274C Hibernation mode failed", { error });
         process.exit(1);
       });
     }
   });
   socket.on("legion:update_token", async (data2) => {
     try {
-      log.info("\u{1F504} Received permanent credentials. Persisting...");
+      log4.info("\u{1F504} Received permanent credentials. Persisting...");
       await updateConfig({
         token: data2.secret,
         // secret -> token
         id: data2.token_id
         // token_id -> id
       });
-      log.info("\u2705 Config updated successfully. Reconnecting with new token...");
+      log4.info("\u2705 Config updated successfully. Reconnecting with new token...");
       await onTokenRotation();
     } catch (error) {
-      log.error("\u274C Failed to update config", { error });
+      log4.error("\u274C Failed to update config", { error });
     }
   });
   socket.on("server:ping", (data2) => {
-    log.debug("\u{1F4E9} Ping from server", data2);
+    log4.debug("\u{1F4E9} Ping from server", data2);
     socket.emit("legion:pong", { ts: Date.now() });
   });
   socket.on("reconnect", (attemptNumber) => {
-    log.info("\u{1F504} Reconnected to server", { attempt: attemptNumber });
+    log4.info("\u{1F504} Reconnected to server", { attempt: attemptNumber });
   });
   socket.on("reconnect_attempt", (attemptNumber) => {
-    log.debug("\u{1F504} Reconnection attempt", { attempt: attemptNumber });
+    log4.debug("\u{1F504} Reconnection attempt", { attempt: attemptNumber });
   });
   socket.on("reconnect_error", (error) => {
-    log.error("\u{1F504} Reconnection error", { message: error.message });
+    log4.error("\u{1F504} Reconnection error", { message: error.message });
   });
   socket.on("reconnect_failed", () => {
-    log.error("\u{1F504} Reconnection failed after all attempts");
+    log4.error("\u{1F504} Reconnection failed after all attempts");
     process.exit(1);
   });
 }
 async function main() {
-  let log = null;
+  let log4 = null;
   const safeLog = {
     info: (message, extra) => {
-      if (log) log.info(message, extra);
+      if (log4) log4.info(message, extra);
       else console.log(message, extra);
     },
     error: (message, extra) => {
-      if (log) log.error(message, extra);
+      if (log4) log4.error(message, extra);
       else console.error(message, extra);
     },
     warn: (message, extra) => {
-      if (log) log.warn(message, extra);
+      if (log4) log4.warn(message, extra);
       else console.warn(message, extra);
     },
     debug: (message, extra) => {
-      if (log) log.debug(message, extra);
+      if (log4) log4.debug(message, extra);
     }
   };
   try {
-    log = Log.create({ service: "legion" });
+    log4 = Log.create({ service: "legion" });
     const args = parseArgs();
     if (args.command === "login") {
       try {
-        await handleDeviceLogin(log);
+        await handleDeviceLogin(log4);
         process.exit(0);
       } catch (error) {
-        log.error("\u274C Device login failed", { error });
+        log4.error("\u274C Device login failed", { error });
         process.exit(1);
       }
     }
     if (args.token) {
-      log.info("\u{1F511} Saving token from command line...");
+      log4.info("\u{1F511} Saving token from command line...");
       try {
         const defaultServerUrl = process.env.TANUKI_SERVER_URL || "wss://tanuki.sabw.ru";
         const existingConfig = await loadConfig();
@@ -558,18 +956,18 @@ async function main() {
           serverUrl: existingConfig?.serverUrl || defaultServerUrl,
           ...existingConfig?.id ? { id: existingConfig.id } : {}
         });
-        log.info("\u2705 Token saved successfully");
+        log4.info("\u2705 Token saved successfully");
       } catch (error) {
-        log.error("\u274C Failed to save token", { error });
+        log4.error("\u274C Failed to save token", { error });
         process.exit(1);
       }
     }
     checkForUpdates();
     await Global.init();
     const fingerprint = await getSystemFingerprint();
-    log.info(`\u{1F6E1}\uFE0F  Legion v${version} starting...`);
+    log4.info(`\u{1F6E1}\uFE0F  Legion v${version} starting...`);
     let config2 = await getConfig();
-    log.info("\u{1F517} Connecting to server", { serverUrl: config2.serverUrl });
+    log4.info("\u{1F517} Connecting to server", { serverUrl: config2.serverUrl });
     let currentSocket;
     let isTokenRotation = false;
     let handleTokenRotation;
@@ -582,9 +980,10 @@ async function main() {
         await new Promise((resolve) => setTimeout(resolve, 500));
       }
       const newConfig = await getConfig();
-      log.info("\u{1F504} Reconnecting...");
+      log4.info("\u{1F504} Reconnecting...");
       currentSocket = createSocket(newConfig);
-      setupSocketHandlers(currentSocket, log, fingerprint, version, handleTokenRotation, handleReconnect);
+      currentSocket.legionConfig = newConfig;
+      setupSocketHandlers(currentSocket, log4, fingerprint, version, handleTokenRotation, handleReconnect);
       config2 = newConfig;
     };
     handleTokenRotation = async () => {
@@ -593,20 +992,21 @@ async function main() {
       isTokenRotation = false;
     };
     currentSocket = createSocket(config2);
-    setupSocketHandlers(currentSocket, log, fingerprint, version, handleTokenRotation, handleReconnect);
+    currentSocket.legionConfig = config2;
+    setupSocketHandlers(currentSocket, log4, fingerprint, version, handleTokenRotation, handleReconnect);
     process.stdin.resume();
     const shutdown = () => {
-      log.info("\u{1F6D1} Shutting down...");
+      log4.info("\u{1F6D1} Shutting down...");
       currentSocket.disconnect();
       process.exit(0);
     };
     process.on("SIGINT", shutdown);
     process.on("SIGTERM", shutdown);
     process.on("unhandledRejection", (reason) => {
-      log.error("Unhandled rejection", { reason });
+      log4.error("Unhandled rejection", { reason });
     });
     process.on("uncaughtException", (error) => {
-      log.error("Uncaught exception", { error: error.message, stack: error.stack });
+      log4.error("Uncaught exception", { error: error.message, stack: error.stack });
       shutdown();
     });
   } catch (error) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@babylen/legion",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "Legion agent for connecting devices to Tanuki Cloud",
   "main": "./dist/index.js",
   "keywords": [