npm - @beastmode-develeap/beastmode - Versions diffs - 0.1.360 → 0.1.362 - Mend

@beastmode-develeap/beastmode 0.1.360 → 0.1.362

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js CHANGED Viewed

@@ -5282,33 +5282,51 @@ var init_chat_handler = __esm({
 // src/cli/ui/board-api-routes.ts
 import { readFileSync as readFileSync14, writeFileSync as writeFileSync13, existsSync as existsSync16, readdirSync as readdirSync8, unlinkSync as unlinkSync4, mkdirSync as mkdirSync12, statSync as statSync6, rmSync as rmSync3 } from "fs";
-import { join as join15, basename as basename5, resolve as resolve4, dirname as dirname6, sep } from "path";
+import { join as join15, basename as basename5, resolve as resolve4, dirname as dirname6, sep, delimiter } from "path";
 import { homedir } from "os";
 import { randomUUID as randomUUID2 } from "crypto";
 import { execSync as execSync3, spawnSync } from "child_process";
 import http2 from "http";
+function _beastmodeRoot() {
+  return process.env.BEASTMODE_ROOT && process.env.BEASTMODE_ROOT.length > 0 ? process.env.BEASTMODE_ROOT : "/app";
+}
 function _getAllowedRoots() {
-  const roots = [];
+  const candidates = [];
+  const allowlistEnv = process.env.BEASTMODE_FS_ALLOWLIST;
+  if (allowlistEnv && allowlistEnv.length > 0) {
+    for (const entry of allowlistEnv.split(delimiter)) {
+      if (entry && entry.length > 0) candidates.push(entry);
+    }
+  }
+  const root = _beastmodeRoot();
+  candidates.push(join15(root, "project"));
+  candidates.push(root);
   const homeRaw = process.env.HOME && process.env.HOME.length > 0 ? process.env.HOME : homedir();
-  roots.push(resolve4(homeRaw));
+  candidates.push(homeRaw);
   const projectDir = process.env.PROJECT_DIR;
-  if (projectDir && projectDir.length > 0) {
-    roots.push(resolve4(projectDir));
-  }
+  if (projectDir && projectDir.length > 0) candidates.push(projectDir);
   const cloneDir = process.env.BEASTMODE_CLONE_DIR;
-  if (cloneDir && cloneDir.length > 0) {
-    roots.push(resolve4(cloneDir));
-  }
+  if (cloneDir && cloneDir.length > 0) candidates.push(cloneDir);
   const seen = /* @__PURE__ */ new Set();
   const deduped = [];
-  for (const r of roots) {
-    if (!seen.has(r)) {
-      seen.add(r);
-      deduped.push(r);
-    }
+  for (const c of candidates) {
+    const r = resolve4(c);
+    if (!existsSync16(r)) continue;
+    if (seen.has(r)) continue;
+    seen.add(r);
+    deduped.push(r);
   }
   return deduped;
 }
+function _pickDefaultRoot(roots) {
+  const root = _beastmodeRoot();
+  const preferred = [resolve4(join15(root, "project")), resolve4(root)];
+  for (const p of preferred) {
+    if (roots.includes(p)) return p;
+  }
+  if (roots.length > 0) return roots[0];
+  return resolve4(homedir());
+}
 function _isPathAllowed(targetPath, roots) {
   if (roots.length === 0) return false;
   const target = resolve4(targetPath);
@@ -6354,10 +6372,15 @@ function getBoardRoutes(factoryDir) {
     {
       // Filesystem browser for the Add Project picker.
       //
-      // POST body: { path?: string } — absolute directory to list (default: $HOME)
+      // POST body: { path?: string } — absolute directory to list. An omitted
+      // or empty path opens at a known-good default root (the mounted project
+      // root, e.g. /app/project), never an empty $HOME (#969 FR-3).
       //
-      // Returns { path, parent, entries: [{name, path, is_dir, has_git}] }.
+      // Returns { path, parent, entries: [{name, path, is_dir, has_git}], roots }
+      // where `roots` is the existence-gated allowlist for the picker chips.
       // Only directories are returned (the picker only selects dirs).
+      // User-input errors (disallowed/missing/not-a-dir) return 4xx via
+      // HttpError, never 500 (#969 FR-2).
       // This is behind the board's password auth, so it trusts the caller
       // with full filesystem read access — the daemon's trust boundary
       // already allows cloning arbitrary repos and reading arbitrary code.
@@ -6365,17 +6388,21 @@ function getBoardRoutes(factoryDir) {
       pattern: "/api/filesystem/browse",
       handler: (body) => {
         const { path: queryPath } = body || {};
-        const startPath = queryPath || homedir();
-        const target = resolve4(startPath);
         const allowedRoots = _getAllowedRoots();
+        const startPath = queryPath && queryPath.length > 0 ? queryPath : _pickDefaultRoot(allowedRoots);
+        const target = resolve4(startPath);
         if (!_isPathAllowed(target, allowedRoots)) {
-          throw new Error(
-            `Path not allowed: ${target} is outside the configured allowlist`
-          );
+          throw new HttpError(400, {
+            error: `Path not allowed: ${target} is outside the configured allowlist`
+          });
+        }
+        if (!existsSync16(target)) {
+          throw new HttpError(404, { error: `Path not found: ${target}` });
         }
-        if (!existsSync16(target)) throw new Error(`Path not found: ${target}`);
         const st = statSync6(target);
-        if (!st.isDirectory()) throw new Error(`Not a directory: ${target}`);
+        if (!st.isDirectory()) {
+          throw new HttpError(400, { error: `Not a directory: ${target}` });
+        }
         let entries = [];
         try {
           entries = readdirSync8(target, { withFileTypes: true }).filter((d) => d.isDirectory() && !d.name.startsWith(".")).map((d) => {
@@ -6394,7 +6421,10 @@ function getBoardRoutes(factoryDir) {
         return {
           path: target,
           parent: parent !== target ? parent : null,
-          entries
+          entries,
+          // FR-3: surface the allowed roots so the picker can render them as
+          // clickable navigation chips.
+          roots: allowedRoots
         };
       }
     },