@cdoing/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/coordinator.d.ts +114 -0
- package/dist/agents/coordinator.d.ts.map +1 -0
- package/dist/agents/coordinator.js +158 -0
- package/dist/agents/coordinator.js.map +1 -0
- package/dist/context-providers/clipboard.d.ts +13 -0
- package/dist/context-providers/clipboard.d.ts.map +1 -0
- package/dist/context-providers/clipboard.js +53 -0
- package/dist/context-providers/clipboard.js.map +1 -0
- package/dist/context-providers/codebase.d.ts +46 -0
- package/dist/context-providers/codebase.d.ts.map +1 -0
- package/dist/context-providers/codebase.js +273 -0
- package/dist/context-providers/codebase.js.map +1 -0
- package/dist/context-providers/diff.d.ts +18 -0
- package/dist/context-providers/diff.d.ts.map +1 -0
- package/dist/context-providers/diff.js +63 -0
- package/dist/context-providers/diff.js.map +1 -0
- package/dist/context-providers/docs.d.ts +21 -0
- package/dist/context-providers/docs.d.ts.map +1 -0
- package/dist/context-providers/docs.js +180 -0
- package/dist/context-providers/docs.js.map +1 -0
- package/dist/context-providers/file-include.d.ts +13 -0
- package/dist/context-providers/file-include.d.ts.map +1 -0
- package/dist/context-providers/file-include.js +82 -0
- package/dist/context-providers/file-include.js.map +1 -0
- package/dist/context-providers/folder.d.ts +19 -0
- package/dist/context-providers/folder.d.ts.map +1 -0
- package/dist/context-providers/folder.js +130 -0
- package/dist/context-providers/folder.js.map +1 -0
- package/dist/context-providers/git.d.ts +19 -0
- package/dist/context-providers/git.d.ts.map +1 -0
- package/dist/context-providers/git.js +74 -0
- package/dist/context-providers/git.js.map +1 -0
- package/dist/context-providers/index.d.ts +26 -0
- package/dist/context-providers/index.d.ts.map +1 -0
- package/dist/context-providers/index.js +37 -0
- package/dist/context-providers/index.js.map +1 -0
- package/dist/context-providers/open-files.d.ts +25 -0
- package/dist/context-providers/open-files.d.ts.map +1 -0
- package/dist/context-providers/open-files.js +134 -0
- package/dist/context-providers/open-files.js.map +1 -0
- package/dist/context-providers/problems.d.ts +24 -0
- package/dist/context-providers/problems.d.ts.map +1 -0
- package/dist/context-providers/problems.js +97 -0
- package/dist/context-providers/problems.js.map +1 -0
- package/dist/context-providers/registry.d.ts +61 -0
- package/dist/context-providers/registry.d.ts.map +1 -0
- package/dist/context-providers/registry.js +92 -0
- package/dist/context-providers/registry.js.map +1 -0
- package/dist/context-providers/terminal.d.ts +25 -0
- package/dist/context-providers/terminal.d.ts.map +1 -0
- package/dist/context-providers/terminal.js +55 -0
- package/dist/context-providers/terminal.js.map +1 -0
- package/dist/context-providers/tree.d.ts +29 -0
- package/dist/context-providers/tree.d.ts.map +1 -0
- package/dist/context-providers/tree.js +172 -0
- package/dist/context-providers/tree.js.map +1 -0
- package/dist/context-providers/types.d.ts +72 -0
- package/dist/context-providers/types.d.ts.map +1 -0
- package/dist/context-providers/types.js +10 -0
- package/dist/context-providers/types.js.map +1 -0
- package/dist/context-providers/url.d.ts +27 -0
- package/dist/context-providers/url.d.ts.map +1 -0
- package/dist/context-providers/url.js +131 -0
- package/dist/context-providers/url.js.map +1 -0
- package/dist/effort/index.d.ts +78 -0
- package/dist/effort/index.d.ts.map +1 -0
- package/dist/effort/index.js +146 -0
- package/dist/effort/index.js.map +1 -0
- package/dist/hooks/index.d.ts +47 -0
- package/dist/hooks/index.d.ts.map +1 -0
- package/dist/hooks/index.js +151 -0
- package/dist/hooks/index.js.map +1 -0
- package/dist/index.d.ts +75 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +152 -0
- package/dist/index.js.map +1 -0
- package/dist/indexing/chunker.d.ts +25 -0
- package/dist/indexing/chunker.d.ts.map +1 -0
- package/dist/indexing/chunker.js +217 -0
- package/dist/indexing/chunker.js.map +1 -0
- package/dist/indexing/database.d.ts +49 -0
- package/dist/indexing/database.d.ts.map +1 -0
- package/dist/indexing/database.js +287 -0
- package/dist/indexing/database.js.map +1 -0
- package/dist/indexing/index.d.ts +9 -0
- package/dist/indexing/index.d.ts.map +1 -0
- package/dist/indexing/index.js +13 -0
- package/dist/indexing/index.js.map +1 -0
- package/dist/indexing/indexer.d.ts +63 -0
- package/dist/indexing/indexer.d.ts.map +1 -0
- package/dist/indexing/indexer.js +352 -0
- package/dist/indexing/indexer.js.map +1 -0
- package/dist/indexing/recent-edits-cache.d.ts +77 -0
- package/dist/indexing/recent-edits-cache.d.ts.map +1 -0
- package/dist/indexing/recent-edits-cache.js +123 -0
- package/dist/indexing/recent-edits-cache.js.map +1 -0
- package/dist/indexing/types.d.ts +39 -0
- package/dist/indexing/types.d.ts.map +1 -0
- package/dist/indexing/types.js +6 -0
- package/dist/indexing/types.js.map +1 -0
- package/dist/mcp/index.d.ts +33 -0
- package/dist/mcp/index.d.ts.map +1 -0
- package/dist/mcp/index.js +37 -0
- package/dist/mcp/index.js.map +1 -0
- package/dist/mcp/manager.d.ts +123 -0
- package/dist/mcp/manager.d.ts.map +1 -0
- package/dist/mcp/manager.js +331 -0
- package/dist/mcp/manager.js.map +1 -0
- package/dist/oauth.d.ts +33 -0
- package/dist/oauth.d.ts.map +1 -0
- package/dist/oauth.js +312 -0
- package/dist/oauth.js.map +1 -0
- package/dist/permissions/index.d.ts +216 -0
- package/dist/permissions/index.d.ts.map +1 -0
- package/dist/permissions/index.js +938 -0
- package/dist/permissions/index.js.map +1 -0
- package/dist/plan/index.d.ts +20 -0
- package/dist/plan/index.d.ts.map +1 -0
- package/dist/plan/index.js +24 -0
- package/dist/plan/index.js.map +1 -0
- package/dist/plan/manager.d.ts +101 -0
- package/dist/plan/manager.d.ts.map +1 -0
- package/dist/plan/manager.js +170 -0
- package/dist/plan/manager.js.map +1 -0
- package/dist/rules/index.d.ts +28 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +31 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/manager.d.ts +77 -0
- package/dist/rules/manager.d.ts.map +1 -0
- package/dist/rules/manager.js +279 -0
- package/dist/rules/manager.js.map +1 -0
- package/dist/rules/types.d.ts +34 -0
- package/dist/rules/types.d.ts.map +1 -0
- package/dist/rules/types.js +9 -0
- package/dist/rules/types.js.map +1 -0
- package/dist/sandbox/filesystem.d.ts +20 -0
- package/dist/sandbox/filesystem.d.ts.map +1 -0
- package/dist/sandbox/filesystem.js +141 -0
- package/dist/sandbox/filesystem.js.map +1 -0
- package/dist/sandbox/index.d.ts +4 -0
- package/dist/sandbox/index.d.ts.map +1 -0
- package/dist/sandbox/index.js +8 -0
- package/dist/sandbox/index.js.map +1 -0
- package/dist/sandbox/manager.d.ts +47 -0
- package/dist/sandbox/manager.d.ts.map +1 -0
- package/dist/sandbox/manager.js +220 -0
- package/dist/sandbox/manager.js.map +1 -0
- package/dist/sandbox/network.d.ts +14 -0
- package/dist/sandbox/network.d.ts.map +1 -0
- package/dist/sandbox/network.js +87 -0
- package/dist/sandbox/network.js.map +1 -0
- package/dist/sandbox/types.d.ts +42 -0
- package/dist/sandbox/types.d.ts.map +1 -0
- package/dist/sandbox/types.js +25 -0
- package/dist/sandbox/types.js.map +1 -0
- package/dist/tools/ast-edit.d.ts +57 -0
- package/dist/tools/ast-edit.d.ts.map +1 -0
- package/dist/tools/ast-edit.js +443 -0
- package/dist/tools/ast-edit.js.map +1 -0
- package/dist/tools/code-verify.d.ts +8 -0
- package/dist/tools/code-verify.d.ts.map +1 -0
- package/dist/tools/code-verify.js +159 -0
- package/dist/tools/code-verify.js.map +1 -0
- package/dist/tools/codebase-search.d.ts +17 -0
- package/dist/tools/codebase-search.d.ts.map +1 -0
- package/dist/tools/codebase-search.js +104 -0
- package/dist/tools/codebase-search.js.map +1 -0
- package/dist/tools/file-delete.d.ts +26 -0
- package/dist/tools/file-delete.d.ts.map +1 -0
- package/dist/tools/file-delete.js +179 -0
- package/dist/tools/file-delete.js.map +1 -0
- package/dist/tools/file-edit.d.ts +10 -0
- package/dist/tools/file-edit.d.ts.map +1 -0
- package/dist/tools/file-edit.js +138 -0
- package/dist/tools/file-edit.js.map +1 -0
- package/dist/tools/file-read.d.ts +12 -0
- package/dist/tools/file-read.d.ts.map +1 -0
- package/dist/tools/file-read.js +211 -0
- package/dist/tools/file-read.js.map +1 -0
- package/dist/tools/file-run.d.ts +10 -0
- package/dist/tools/file-run.d.ts.map +1 -0
- package/dist/tools/file-run.js +179 -0
- package/dist/tools/file-run.js.map +1 -0
- package/dist/tools/file-write.d.ts +10 -0
- package/dist/tools/file-write.d.ts.map +1 -0
- package/dist/tools/file-write.js +134 -0
- package/dist/tools/file-write.js.map +1 -0
- package/dist/tools/glob-search.d.ts +8 -0
- package/dist/tools/glob-search.d.ts.map +1 -0
- package/dist/tools/glob-search.js +108 -0
- package/dist/tools/glob-search.js.map +1 -0
- package/dist/tools/grep-search.d.ts +8 -0
- package/dist/tools/grep-search.d.ts.map +1 -0
- package/dist/tools/grep-search.js +139 -0
- package/dist/tools/grep-search.js.map +1 -0
- package/dist/tools/list-dir.d.ts +16 -0
- package/dist/tools/list-dir.d.ts.map +1 -0
- package/dist/tools/list-dir.js +183 -0
- package/dist/tools/list-dir.js.map +1 -0
- package/dist/tools/multi-edit.d.ts +16 -0
- package/dist/tools/multi-edit.d.ts.map +1 -0
- package/dist/tools/multi-edit.js +163 -0
- package/dist/tools/multi-edit.js.map +1 -0
- package/dist/tools/notebook-edit.d.ts +31 -0
- package/dist/tools/notebook-edit.d.ts.map +1 -0
- package/dist/tools/notebook-edit.js +321 -0
- package/dist/tools/notebook-edit.js.map +1 -0
- package/dist/tools/registry.d.ts +16 -0
- package/dist/tools/registry.d.ts.map +1 -0
- package/dist/tools/registry.js +41 -0
- package/dist/tools/registry.js.map +1 -0
- package/dist/tools/shell-exec.d.ts +12 -0
- package/dist/tools/shell-exec.d.ts.map +1 -0
- package/dist/tools/shell-exec.js +261 -0
- package/dist/tools/shell-exec.js.map +1 -0
- package/dist/tools/sub-agent-manager.d.ts +57 -0
- package/dist/tools/sub-agent-manager.d.ts.map +1 -0
- package/dist/tools/sub-agent-manager.js +153 -0
- package/dist/tools/sub-agent-manager.js.map +1 -0
- package/dist/tools/sub-agent-status.d.ts +12 -0
- package/dist/tools/sub-agent-status.d.ts.map +1 -0
- package/dist/tools/sub-agent-status.js +59 -0
- package/dist/tools/sub-agent-status.js.map +1 -0
- package/dist/tools/sub-agent-terminate.d.ts +12 -0
- package/dist/tools/sub-agent-terminate.d.ts.map +1 -0
- package/dist/tools/sub-agent-terminate.js +55 -0
- package/dist/tools/sub-agent-terminate.js.map +1 -0
- package/dist/tools/sub-agent.d.ts +34 -0
- package/dist/tools/sub-agent.d.ts.map +1 -0
- package/dist/tools/sub-agent.js +140 -0
- package/dist/tools/sub-agent.js.map +1 -0
- package/dist/tools/system-info.d.ts +24 -0
- package/dist/tools/system-info.d.ts.map +1 -0
- package/dist/tools/system-info.js +220 -0
- package/dist/tools/system-info.js.map +1 -0
- package/dist/tools/todo.d.ts +16 -0
- package/dist/tools/todo.d.ts.map +1 -0
- package/dist/tools/todo.js +144 -0
- package/dist/tools/todo.js.map +1 -0
- package/dist/tools/types.d.ts +20 -0
- package/dist/tools/types.d.ts.map +1 -0
- package/dist/tools/types.js +3 -0
- package/dist/tools/types.js.map +1 -0
- package/dist/tools/view-diff.d.ts +11 -0
- package/dist/tools/view-diff.d.ts.map +1 -0
- package/dist/tools/view-diff.js +88 -0
- package/dist/tools/view-diff.js.map +1 -0
- package/dist/tools/view-repo-map.d.ts +18 -0
- package/dist/tools/view-repo-map.d.ts.map +1 -0
- package/dist/tools/view-repo-map.js +245 -0
- package/dist/tools/view-repo-map.js.map +1 -0
- package/dist/tools/web-fetch.d.ts +13 -0
- package/dist/tools/web-fetch.d.ts.map +1 -0
- package/dist/tools/web-fetch.js +106 -0
- package/dist/tools/web-fetch.js.map +1 -0
- package/dist/tools/web-search.d.ts +10 -0
- package/dist/tools/web-search.d.ts.map +1 -0
- package/dist/tools/web-search.js +106 -0
- package/dist/tools/web-search.js.map +1 -0
- package/dist/utils/gitignore.d.ts +10 -0
- package/dist/utils/gitignore.d.ts.map +1 -0
- package/dist/utils/gitignore.js +104 -0
- package/dist/utils/gitignore.js.map +1 -0
- package/dist/utils/lazy-apply.d.ts +45 -0
- package/dist/utils/lazy-apply.d.ts.map +1 -0
- package/dist/utils/lazy-apply.js +164 -0
- package/dist/utils/lazy-apply.js.map +1 -0
- package/dist/utils/memory.d.ts +36 -0
- package/dist/utils/memory.d.ts.map +1 -0
- package/dist/utils/memory.js +136 -0
- package/dist/utils/memory.js.map +1 -0
- package/dist/utils/path-matching.d.ts +24 -0
- package/dist/utils/path-matching.d.ts.map +1 -0
- package/dist/utils/path-matching.js +116 -0
- package/dist/utils/path-matching.js.map +1 -0
- package/dist/utils/path-safety.d.ts +13 -0
- package/dist/utils/path-safety.d.ts.map +1 -0
- package/dist/utils/path-safety.js +54 -0
- package/dist/utils/path-safety.js.map +1 -0
- package/dist/utils/project-config.d.ts +18 -0
- package/dist/utils/project-config.d.ts.map +1 -0
- package/dist/utils/project-config.js +76 -0
- package/dist/utils/project-config.js.map +1 -0
- package/dist/utils/search-match.d.ts +63 -0
- package/dist/utils/search-match.d.ts.map +1 -0
- package/dist/utils/search-match.js +426 -0
- package/dist/utils/search-match.js.map +1 -0
- package/dist/utils/shell-paths.d.ts +17 -0
- package/dist/utils/shell-paths.d.ts.map +1 -0
- package/dist/utils/shell-paths.js +107 -0
- package/dist/utils/shell-paths.js.map +1 -0
- package/dist/utils/streaming-diff.d.ts +45 -0
- package/dist/utils/streaming-diff.d.ts.map +1 -0
- package/dist/utils/streaming-diff.js +230 -0
- package/dist/utils/streaming-diff.js.map +1 -0
- package/dist/utils/todo.d.ts +47 -0
- package/dist/utils/todo.d.ts.map +1 -0
- package/dist/utils/todo.js +102 -0
- package/dist/utils/todo.js.map +1 -0
- package/package.json +23 -0
- package/src/agents/coordinator.ts +240 -0
- package/src/context-providers/clipboard.ts +48 -0
- package/src/context-providers/codebase.ts +274 -0
- package/src/context-providers/diff.ts +66 -0
- package/src/context-providers/docs.ts +160 -0
- package/src/context-providers/file-include.ts +54 -0
- package/src/context-providers/folder.ts +106 -0
- package/src/context-providers/git.ts +72 -0
- package/src/context-providers/index.ts +26 -0
- package/src/context-providers/open-files.ts +113 -0
- package/src/context-providers/problems.ts +100 -0
- package/src/context-providers/registry.ts +99 -0
- package/src/context-providers/terminal.ts +58 -0
- package/src/context-providers/tree.ts +161 -0
- package/src/context-providers/types.ts +84 -0
- package/src/context-providers/url.ts +138 -0
- package/src/effort/index.ts +177 -0
- package/src/hooks/index.ts +148 -0
- package/src/index.ts +114 -0
- package/src/indexing/README.md +267 -0
- package/src/indexing/chunker.ts +206 -0
- package/src/indexing/database.ts +299 -0
- package/src/indexing/index.ts +15 -0
- package/src/indexing/indexer.ts +383 -0
- package/src/indexing/recent-edits-cache.ts +150 -0
- package/src/indexing/types.ts +44 -0
- package/src/mcp/index.ts +33 -0
- package/src/mcp/manager.ts +385 -0
- package/src/oauth.ts +330 -0
- package/src/permissions/index.ts +1011 -0
- package/src/plan/index.ts +20 -0
- package/src/plan/manager.ts +233 -0
- package/src/rules/index.ts +28 -0
- package/src/rules/manager.ts +276 -0
- package/src/rules/types.ts +40 -0
- package/src/sandbox/filesystem.ts +135 -0
- package/src/sandbox/index.ts +9 -0
- package/src/sandbox/manager.ts +213 -0
- package/src/sandbox/network.ts +101 -0
- package/src/sandbox/types.ts +63 -0
- package/src/tools/ast-edit.ts +493 -0
- package/src/tools/code-verify.ts +143 -0
- package/src/tools/codebase-search.ts +117 -0
- package/src/tools/file-delete.ts +155 -0
- package/src/tools/file-edit.ts +115 -0
- package/src/tools/file-read.ts +195 -0
- package/src/tools/file-run.ts +158 -0
- package/src/tools/file-write.ts +104 -0
- package/src/tools/glob-search.ts +80 -0
- package/src/tools/grep-search.ts +120 -0
- package/src/tools/list-dir.ts +172 -0
- package/src/tools/multi-edit.ts +138 -0
- package/src/tools/notebook-edit.ts +342 -0
- package/src/tools/registry.ts +43 -0
- package/src/tools/shell-exec.ts +251 -0
- package/src/tools/sub-agent-manager.ts +183 -0
- package/src/tools/sub-agent-status.ts +67 -0
- package/src/tools/sub-agent-terminate.ts +62 -0
- package/src/tools/sub-agent.ts +162 -0
- package/src/tools/system-info.ts +248 -0
- package/src/tools/todo.ts +149 -0
- package/src/tools/types.ts +21 -0
- package/src/tools/view-diff.ts +99 -0
- package/src/tools/view-repo-map.ts +249 -0
- package/src/tools/web-fetch.ts +118 -0
- package/src/tools/web-search.ts +129 -0
- package/src/utils/gitignore.ts +73 -0
- package/src/utils/lazy-apply.ts +189 -0
- package/src/utils/memory.ts +124 -0
- package/src/utils/path-matching.ts +84 -0
- package/src/utils/path-safety.ts +19 -0
- package/src/utils/project-config.ts +41 -0
- package/src/utils/search-match.ts +495 -0
- package/src/utils/shell-paths.ts +79 -0
- package/src/utils/streaming-diff.ts +260 -0
- package/src/utils/todo.ts +115 -0
- package/tsconfig.json +18 -0
|
@@ -0,0 +1,279 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Rules Manager — Loads, caches, and resolves project rules.
|
|
4
|
+
*
|
|
5
|
+
* Scans rule directories in priority order and returns rules
|
|
6
|
+
* that match the current file context.
|
|
7
|
+
*
|
|
8
|
+
* Learning note: The manager uses lazy loading — rules are only
|
|
9
|
+
* read from disk when first needed, then cached until the file
|
|
10
|
+
* system changes. This prevents slow startup on large projects.
|
|
11
|
+
*/
|
|
12
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
13
|
+
if (k2 === undefined) k2 = k;
|
|
14
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
15
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
16
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
17
|
+
}
|
|
18
|
+
Object.defineProperty(o, k2, desc);
|
|
19
|
+
}) : (function(o, m, k, k2) {
|
|
20
|
+
if (k2 === undefined) k2 = k;
|
|
21
|
+
o[k2] = m[k];
|
|
22
|
+
}));
|
|
23
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
24
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
25
|
+
}) : function(o, v) {
|
|
26
|
+
o["default"] = v;
|
|
27
|
+
});
|
|
28
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
29
|
+
var ownKeys = function(o) {
|
|
30
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
31
|
+
var ar = [];
|
|
32
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
33
|
+
return ar;
|
|
34
|
+
};
|
|
35
|
+
return ownKeys(o);
|
|
36
|
+
};
|
|
37
|
+
return function (mod) {
|
|
38
|
+
if (mod && mod.__esModule) return mod;
|
|
39
|
+
var result = {};
|
|
40
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
41
|
+
__setModuleDefault(result, mod);
|
|
42
|
+
return result;
|
|
43
|
+
};
|
|
44
|
+
})();
|
|
45
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
+
exports.RulesManager = void 0;
|
|
47
|
+
const fs = __importStar(require("fs"));
|
|
48
|
+
const path = __importStar(require("path"));
|
|
49
|
+
const os = __importStar(require("os"));
|
|
50
|
+
const minimatch_1 = require("minimatch");
|
|
51
|
+
class RulesManager {
|
|
52
|
+
/** Cached rules, indexed by source directory */
|
|
53
|
+
cache = new Map();
|
|
54
|
+
/** Working directory (project root) */
|
|
55
|
+
workingDir;
|
|
56
|
+
constructor(workingDir) {
|
|
57
|
+
this.workingDir = workingDir;
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Get all rules that apply to a given file path.
|
|
61
|
+
* Rules are returned in priority order (most specific first).
|
|
62
|
+
*
|
|
63
|
+
* @param filePath - The file being edited/created (for glob matching)
|
|
64
|
+
* @returns Array of matching rules
|
|
65
|
+
*/
|
|
66
|
+
getRulesForFile(filePath) {
|
|
67
|
+
const allRules = this.loadAllRules();
|
|
68
|
+
if (!filePath) {
|
|
69
|
+
// No file context — return all rules without glob restrictions
|
|
70
|
+
return allRules.filter((r) => r.globs.length === 0);
|
|
71
|
+
}
|
|
72
|
+
// Resolve to relative path for glob matching
|
|
73
|
+
const relativePath = path.isAbsolute(filePath)
|
|
74
|
+
? path.relative(this.workingDir, filePath)
|
|
75
|
+
: filePath;
|
|
76
|
+
return allRules.filter((rule) => {
|
|
77
|
+
// Rules without globs apply to everything
|
|
78
|
+
if (rule.globs.length === 0)
|
|
79
|
+
return true;
|
|
80
|
+
// Check if any glob pattern matches the file
|
|
81
|
+
return rule.globs.some((glob) => this.matchGlob(relativePath, glob));
|
|
82
|
+
});
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Get all rules formatted as a single string for the system prompt.
|
|
86
|
+
*
|
|
87
|
+
* @param filePath - Optional file context for filtering
|
|
88
|
+
* @returns Formatted rules text, or empty string if no rules
|
|
89
|
+
*/
|
|
90
|
+
formatForPrompt(filePath) {
|
|
91
|
+
const rules = this.getRulesForFile(filePath);
|
|
92
|
+
if (rules.length === 0)
|
|
93
|
+
return "";
|
|
94
|
+
const sections = rules.map((rule) => {
|
|
95
|
+
const header = rule.description
|
|
96
|
+
? `### ${rule.description}`
|
|
97
|
+
: `### Rule from ${path.basename(rule.filePath)}`;
|
|
98
|
+
const scope = rule.globs.length > 0
|
|
99
|
+
? `_Applies to: ${rule.globs.join(", ")}_\n`
|
|
100
|
+
: "";
|
|
101
|
+
return `${header}\n${scope}\n${rule.content}`;
|
|
102
|
+
});
|
|
103
|
+
return `# Project Rules\n\n${sections.join("\n\n---\n\n")}`;
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Load all rules from all sources.
|
|
107
|
+
* Results are cached — call invalidateCache() to refresh.
|
|
108
|
+
*/
|
|
109
|
+
loadAllRules() {
|
|
110
|
+
const rules = [];
|
|
111
|
+
// 1. Global rules (~/.cdoing/rules/)
|
|
112
|
+
const globalDir = path.join(os.homedir(), ".cdoing", "rules");
|
|
113
|
+
rules.push(...this.loadRulesFromDir(globalDir, "global"));
|
|
114
|
+
// 2. Project rules (.cdoing/rules/)
|
|
115
|
+
const projectDir = path.join(this.workingDir, ".cdoing", "rules");
|
|
116
|
+
rules.push(...this.loadRulesFromDir(projectDir, "path-specific"));
|
|
117
|
+
return rules;
|
|
118
|
+
}
|
|
119
|
+
/**
|
|
120
|
+
* Load rules from a directory of markdown files.
|
|
121
|
+
*
|
|
122
|
+
* Learning note: Each .md file in the rules directory becomes a rule.
|
|
123
|
+
* YAML frontmatter is parsed for glob patterns and descriptions.
|
|
124
|
+
*/
|
|
125
|
+
loadRulesFromDir(dir, source) {
|
|
126
|
+
// Check cache
|
|
127
|
+
const cached = this.cache.get(dir);
|
|
128
|
+
if (cached)
|
|
129
|
+
return cached;
|
|
130
|
+
const rules = [];
|
|
131
|
+
if (!fs.existsSync(dir)) {
|
|
132
|
+
this.cache.set(dir, rules);
|
|
133
|
+
return rules;
|
|
134
|
+
}
|
|
135
|
+
let entries;
|
|
136
|
+
try {
|
|
137
|
+
entries = fs.readdirSync(dir).filter((f) => f.endsWith(".md"));
|
|
138
|
+
}
|
|
139
|
+
catch {
|
|
140
|
+
this.cache.set(dir, rules);
|
|
141
|
+
return rules;
|
|
142
|
+
}
|
|
143
|
+
for (const file of entries) {
|
|
144
|
+
const filePath = path.join(dir, file);
|
|
145
|
+
try {
|
|
146
|
+
const content = fs.readFileSync(filePath, "utf-8");
|
|
147
|
+
const parsed = this.parseRuleFile(content);
|
|
148
|
+
rules.push({
|
|
149
|
+
source,
|
|
150
|
+
filePath,
|
|
151
|
+
globs: parsed.globs,
|
|
152
|
+
description: parsed.description || file.replace(/\.md$/, ""),
|
|
153
|
+
content: parsed.content,
|
|
154
|
+
});
|
|
155
|
+
}
|
|
156
|
+
catch {
|
|
157
|
+
// Skip unreadable files
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
this.cache.set(dir, rules);
|
|
161
|
+
return rules;
|
|
162
|
+
}
|
|
163
|
+
/**
|
|
164
|
+
* Parse a rule markdown file, extracting frontmatter and content.
|
|
165
|
+
*
|
|
166
|
+
* Frontmatter format:
|
|
167
|
+
* ---
|
|
168
|
+
* globs: ["*.ts", "src/**"]
|
|
169
|
+
* description: TypeScript coding rules
|
|
170
|
+
* ---
|
|
171
|
+
*
|
|
172
|
+
* Learning note: We use a simple regex-based parser instead of
|
|
173
|
+
* a YAML library to avoid adding dependencies. This handles
|
|
174
|
+
* the common cases well enough.
|
|
175
|
+
*/
|
|
176
|
+
parseRuleFile(raw) {
|
|
177
|
+
const frontmatterMatch = raw.match(/^---\s*\n([\s\S]*?)\n---\s*\n([\s\S]*)$/);
|
|
178
|
+
if (!frontmatterMatch) {
|
|
179
|
+
// No frontmatter — entire file is content
|
|
180
|
+
return { globs: [], description: "", content: raw.trim() };
|
|
181
|
+
}
|
|
182
|
+
const [, frontmatterStr, content] = frontmatterMatch;
|
|
183
|
+
// Simple key-value parsing for frontmatter
|
|
184
|
+
let globs = [];
|
|
185
|
+
let description = "";
|
|
186
|
+
for (const line of frontmatterStr.split("\n")) {
|
|
187
|
+
const globMatch = line.match(/^globs:\s*\[(.+)\]$/);
|
|
188
|
+
if (globMatch) {
|
|
189
|
+
// Parse glob array: ["*.ts", "src/**"]
|
|
190
|
+
globs = globMatch[1]
|
|
191
|
+
.split(",")
|
|
192
|
+
.map((g) => g.trim().replace(/^["']|["']$/g, ""))
|
|
193
|
+
.filter(Boolean);
|
|
194
|
+
}
|
|
195
|
+
const globSingle = line.match(/^globs:\s*["'](.+)["']$/);
|
|
196
|
+
if (globSingle) {
|
|
197
|
+
globs = [globSingle[1]];
|
|
198
|
+
}
|
|
199
|
+
const descMatch = line.match(/^description:\s*(.+)$/);
|
|
200
|
+
if (descMatch) {
|
|
201
|
+
description = descMatch[1].trim().replace(/^["']|["']$/g, "");
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
return { globs, description, content: content.trim() };
|
|
205
|
+
}
|
|
206
|
+
/**
|
|
207
|
+
* Check if a file path matches a glob pattern.
|
|
208
|
+
* Uses minimatch for proper glob matching.
|
|
209
|
+
*/
|
|
210
|
+
matchGlob(filePath, pattern) {
|
|
211
|
+
try {
|
|
212
|
+
return (0, minimatch_1.minimatch)(filePath, pattern, { matchBase: true });
|
|
213
|
+
}
|
|
214
|
+
catch {
|
|
215
|
+
// If minimatch isn't available, fall back to simple extension matching
|
|
216
|
+
if (pattern.startsWith("*.")) {
|
|
217
|
+
const ext = pattern.slice(1); // e.g., ".ts"
|
|
218
|
+
return filePath.endsWith(ext);
|
|
219
|
+
}
|
|
220
|
+
return filePath.includes(pattern);
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
/**
|
|
224
|
+
* Format rules for CLI display, showing file paths and sources.
|
|
225
|
+
*/
|
|
226
|
+
formatForDisplay() {
|
|
227
|
+
const allRules = this.loadAllRules();
|
|
228
|
+
if (allRules.length === 0)
|
|
229
|
+
return "No rules defined.";
|
|
230
|
+
const globalDir = path.join(os.homedir(), ".cdoing", "rules");
|
|
231
|
+
const projectDir = path.join(this.workingDir, ".cdoing", "rules");
|
|
232
|
+
const lines = ["# Rules\n"];
|
|
233
|
+
// Group by source
|
|
234
|
+
const globalRules = allRules.filter((r) => r.source === "global");
|
|
235
|
+
const projectRules = allRules.filter((r) => r.source === "path-specific");
|
|
236
|
+
if (globalRules.length > 0) {
|
|
237
|
+
lines.push(`## Global rules (${globalDir}/)`);
|
|
238
|
+
for (const rule of globalRules) {
|
|
239
|
+
const globs = rule.globs.length > 0 ? ` [${rule.globs.join(", ")}]` : "";
|
|
240
|
+
lines.push(` - ${rule.filePath}${globs}`);
|
|
241
|
+
}
|
|
242
|
+
lines.push("");
|
|
243
|
+
}
|
|
244
|
+
else {
|
|
245
|
+
lines.push(`## Global rules — none found`);
|
|
246
|
+
lines.push(` Directory: ${globalDir}/`);
|
|
247
|
+
lines.push("");
|
|
248
|
+
}
|
|
249
|
+
if (projectRules.length > 0) {
|
|
250
|
+
lines.push(`## Project rules (${projectDir}/)`);
|
|
251
|
+
for (const rule of projectRules) {
|
|
252
|
+
const globs = rule.globs.length > 0 ? ` [${rule.globs.join(", ")}]` : "";
|
|
253
|
+
lines.push(` - ${rule.filePath}${globs}`);
|
|
254
|
+
}
|
|
255
|
+
lines.push("");
|
|
256
|
+
}
|
|
257
|
+
else {
|
|
258
|
+
lines.push(`## Project rules — none found`);
|
|
259
|
+
lines.push(` Directory: ${projectDir}/`);
|
|
260
|
+
lines.push("");
|
|
261
|
+
}
|
|
262
|
+
return lines.join("\n");
|
|
263
|
+
}
|
|
264
|
+
/**
|
|
265
|
+
* Clear the rule cache (call after file changes).
|
|
266
|
+
*/
|
|
267
|
+
invalidateCache() {
|
|
268
|
+
this.cache.clear();
|
|
269
|
+
}
|
|
270
|
+
/**
|
|
271
|
+
* Update the working directory.
|
|
272
|
+
*/
|
|
273
|
+
setWorkingDir(dir) {
|
|
274
|
+
this.workingDir = dir;
|
|
275
|
+
this.invalidateCache();
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
exports.RulesManager = RulesManager;
|
|
279
|
+
//# sourceMappingURL=manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/rules/manager.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,yCAAsC;AAGtC,MAAa,YAAY;IACvB,gDAAgD;IACxC,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE1C,uCAAuC;IAC/B,UAAU,CAAS;IAE3B,YAAY,UAAkB;QAC5B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;;;;;OAMG;IACH,eAAe,CAAC,QAAiB;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAErC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,+DAA+D;YAC/D,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;QACtD,CAAC;QAED,6CAA6C;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC;YAC1C,CAAC,CAAC,QAAQ,CAAC;QAEb,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;YAC9B,0CAA0C;YAC1C,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAEzC,6CAA6C;YAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,QAAiB;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAElC,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW;gBAC7B,CAAC,CAAC,OAAO,IAAI,CAAC,WAAW,EAAE;gBAC3B,CAAC,CAAC,iBAAiB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAEpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,CAAC,gBAAgB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;gBAC5C,CAAC,CAAC,EAAE,CAAC;YAEP,OAAO,GAAG,MAAM,KAAK,KAAK,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,OAAO,sBAAsB,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;IAC9D,CAAC;IAED;;;OAGG;IACK,YAAY;QAClB,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,qCAAqC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9D,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;QAE1D,oCAAoC;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;QAElE,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;OAKG;IACK,gBAAgB,CAAC,GAAW,EAAE,MAAkB;QACtD,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACnD,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBAE3C,KAAK,CAAC,IAAI,CAAC;oBACT,MAAM;oBACN,QAAQ;oBACR,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC5D,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;;;;;OAYG;IACK,aAAa,CAAC,GAAW;QAC/B,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAE9E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,0CAA0C;YAC1C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7D,CAAC;QAED,MAAM,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,GAAG,gBAAgB,CAAC;QAErD,2CAA2C;QAC3C,IAAI,KAAK,GAAa,EAAE,CAAC;QACzB,IAAI,WAAW,GAAG,EAAE,CAAC;QAErB,KAAK,MAAM,IAAI,IAAI,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACpD,IAAI,SAAS,EAAE,CAAC;gBACd,uCAAuC;gBACvC,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC;qBACjB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;qBAChD,MAAM,CAAC,OAAO,CAAC,CAAC;YACrB,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;YACzD,IAAI,UAAU,EAAE,CAAC;gBACf,KAAK,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1B,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACtD,IAAI,SAAS,EAAE,CAAC;gBACd,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACzD,CAAC;IAED;;;OAGG;IACK,SAAS,CAAC,QAAgB,EAAE,OAAe;QACjD,IAAI,CAAC;YACH,OAAO,IAAA,qBAAS,EAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,uEAAuE;YACvE,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc;gBAC5C,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAChC,CAAC;YACD,OAAO,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,mBAAmB,CAAC;QAEtD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAElE,MAAM,KAAK,GAAa,CAAC,WAAW,CAAC,CAAC;QAEtC,kBAAkB;QAClB,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC;QAE1E,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,SAAS,IAAI,CAAC,CAAC;YAC9C,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAC3C,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,GAAG,CAAC,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,qBAAqB,UAAU,IAAI,CAAC,CAAC;YAChD,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;gBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC5C,KAAK,CAAC,IAAI,CAAC,gBAAgB,UAAU,GAAG,CAAC,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,GAAW;QACvB,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;QACtB,IAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC;CACF;AAlQD,oCAkQC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Rule Types — Shared type definitions for the rules system.
|
|
3
|
+
*
|
|
4
|
+
* Learning note: Separating types from implementation keeps
|
|
5
|
+
* the codebase clean and prevents circular imports.
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* A single rule definition loaded from a .md file.
|
|
9
|
+
*/
|
|
10
|
+
export interface Rule {
|
|
11
|
+
/** Where the rule was loaded from */
|
|
12
|
+
source: RuleSource;
|
|
13
|
+
/** Absolute path to the rule file */
|
|
14
|
+
filePath: string;
|
|
15
|
+
/** Glob patterns this rule applies to (empty = applies to all files) */
|
|
16
|
+
globs: string[];
|
|
17
|
+
/** Human-readable description of what the rule enforces */
|
|
18
|
+
description: string;
|
|
19
|
+
/** The actual rule content (markdown text) */
|
|
20
|
+
content: string;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Where a rule was loaded from — determines priority.
|
|
24
|
+
* path-specific > project > global
|
|
25
|
+
*/
|
|
26
|
+
export type RuleSource = "global" | "project" | "path-specific";
|
|
27
|
+
/**
|
|
28
|
+
* Frontmatter parsed from a rule markdown file.
|
|
29
|
+
*/
|
|
30
|
+
export interface RuleFrontmatter {
|
|
31
|
+
globs?: string | string[];
|
|
32
|
+
description?: string;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/rules/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,qCAAqC;IACrC,MAAM,EAAE,UAAU,CAAC;IAEnB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IAEjB,wEAAwE;IACxE,KAAK,EAAE,MAAM,EAAE,CAAC;IAEhB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IAEpB,8CAA8C;IAC9C,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,eAAe,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Rule Types — Shared type definitions for the rules system.
|
|
4
|
+
*
|
|
5
|
+
* Learning note: Separating types from implementation keeps
|
|
6
|
+
* the codebase clean and prevents circular imports.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/rules/types.ts"],"names":[],"mappings":";AAAA;;;;;GAKG"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sandbox Filesystem — checks read/write access against sandbox rules.
|
|
3
|
+
*/
|
|
4
|
+
import type { SandboxConfig, SandboxCheckResult } from "./types";
|
|
5
|
+
/**
|
|
6
|
+
* Check whether reading a file is allowed by sandbox rules.
|
|
7
|
+
* Only blocks paths listed in denyRead.
|
|
8
|
+
*/
|
|
9
|
+
export declare function checkReadAccess(filePath: string, config: SandboxConfig, workingDir: string, projectDir: string): SandboxCheckResult;
|
|
10
|
+
/**
|
|
11
|
+
* Check whether writing to a file is allowed by sandbox rules.
|
|
12
|
+
* DenyWrite takes priority, then path must be within workingDir or allowWrite paths.
|
|
13
|
+
*/
|
|
14
|
+
export declare function checkWriteAccess(filePath: string, config: SandboxConfig, workingDir: string, projectDir: string): SandboxCheckResult;
|
|
15
|
+
/**
|
|
16
|
+
* Best-effort heuristic: parse a shell command to detect read/write targets.
|
|
17
|
+
* Returns denied if any detected target violates sandbox rules.
|
|
18
|
+
*/
|
|
19
|
+
export declare function checkShellCommandPaths(command: string, config: SandboxConfig, workingDir: string, projectDir: string): SandboxCheckResult;
|
|
20
|
+
//# sourceMappingURL=filesystem.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem.d.ts","sourceRoot":"","sources":["../../src/sandbox/filesystem.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAEjE;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,aAAa,EACrB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,kBAAkB,CAYpB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,aAAa,EACrB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,kBAAkB,CA0BpB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,aAAa,EACrB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,kBAAkB,CAoBpB"}
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Sandbox Filesystem — checks read/write access against sandbox rules.
|
|
4
|
+
*/
|
|
5
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
6
|
+
if (k2 === undefined) k2 = k;
|
|
7
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
8
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
9
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
10
|
+
}
|
|
11
|
+
Object.defineProperty(o, k2, desc);
|
|
12
|
+
}) : (function(o, m, k, k2) {
|
|
13
|
+
if (k2 === undefined) k2 = k;
|
|
14
|
+
o[k2] = m[k];
|
|
15
|
+
}));
|
|
16
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
17
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
18
|
+
}) : function(o, v) {
|
|
19
|
+
o["default"] = v;
|
|
20
|
+
});
|
|
21
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
22
|
+
var ownKeys = function(o) {
|
|
23
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
24
|
+
var ar = [];
|
|
25
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
26
|
+
return ar;
|
|
27
|
+
};
|
|
28
|
+
return ownKeys(o);
|
|
29
|
+
};
|
|
30
|
+
return function (mod) {
|
|
31
|
+
if (mod && mod.__esModule) return mod;
|
|
32
|
+
var result = {};
|
|
33
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
34
|
+
__setModuleDefault(result, mod);
|
|
35
|
+
return result;
|
|
36
|
+
};
|
|
37
|
+
})();
|
|
38
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
+
exports.checkReadAccess = checkReadAccess;
|
|
40
|
+
exports.checkWriteAccess = checkWriteAccess;
|
|
41
|
+
exports.checkShellCommandPaths = checkShellCommandPaths;
|
|
42
|
+
const path = __importStar(require("path"));
|
|
43
|
+
const path_matching_1 = require("../utils/path-matching");
|
|
44
|
+
/**
|
|
45
|
+
* Check whether reading a file is allowed by sandbox rules.
|
|
46
|
+
* Only blocks paths listed in denyRead.
|
|
47
|
+
*/
|
|
48
|
+
function checkReadAccess(filePath, config, workingDir, projectDir) {
|
|
49
|
+
if (!config.enabled)
|
|
50
|
+
return { allowed: true };
|
|
51
|
+
const resolved = path.resolve(filePath);
|
|
52
|
+
for (const deny of config.filesystem.denyRead) {
|
|
53
|
+
if ((0, path_matching_1.matchPath)(resolved, deny, projectDir, workingDir)) {
|
|
54
|
+
return { allowed: false, reason: `Sandbox: read access denied for ${resolved} (matches denyRead rule "${deny}")` };
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
return { allowed: true };
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Check whether writing to a file is allowed by sandbox rules.
|
|
61
|
+
* DenyWrite takes priority, then path must be within workingDir or allowWrite paths.
|
|
62
|
+
*/
|
|
63
|
+
function checkWriteAccess(filePath, config, workingDir, projectDir) {
|
|
64
|
+
if (!config.enabled)
|
|
65
|
+
return { allowed: true };
|
|
66
|
+
const resolved = path.resolve(filePath);
|
|
67
|
+
const normalizedWorkingDir = path.resolve(workingDir);
|
|
68
|
+
// Check denyWrite first (deny always wins)
|
|
69
|
+
for (const deny of config.filesystem.denyWrite) {
|
|
70
|
+
if ((0, path_matching_1.matchPath)(resolved, deny, projectDir, workingDir)) {
|
|
71
|
+
return { allowed: false, reason: `Sandbox: write access denied for ${resolved} (matches denyWrite rule "${deny}")` };
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
// Allow writes within workingDir
|
|
75
|
+
if (resolved === normalizedWorkingDir || resolved.startsWith(normalizedWorkingDir + path.sep)) {
|
|
76
|
+
return { allowed: true };
|
|
77
|
+
}
|
|
78
|
+
// Check allowWrite paths
|
|
79
|
+
for (const allow of config.filesystem.allowWrite) {
|
|
80
|
+
if ((0, path_matching_1.matchPath)(resolved, allow, projectDir, workingDir)) {
|
|
81
|
+
return { allowed: true };
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
return { allowed: false, reason: `Sandbox: write access denied for ${resolved} (outside working directory and not in allowWrite)` };
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Best-effort heuristic: parse a shell command to detect read/write targets.
|
|
88
|
+
* Returns denied if any detected target violates sandbox rules.
|
|
89
|
+
*/
|
|
90
|
+
function checkShellCommandPaths(command, config, workingDir, projectDir) {
|
|
91
|
+
if (!config.enabled)
|
|
92
|
+
return { allowed: true };
|
|
93
|
+
// Detect write targets: >, >>, tee
|
|
94
|
+
const writeTargets = extractWriteTargets(command);
|
|
95
|
+
for (const target of writeTargets) {
|
|
96
|
+
const resolved = path.isAbsolute(target) ? target : path.resolve(workingDir, target);
|
|
97
|
+
const check = checkWriteAccess(resolved, config, workingDir, projectDir);
|
|
98
|
+
if (!check.allowed)
|
|
99
|
+
return check;
|
|
100
|
+
}
|
|
101
|
+
// Detect read targets: cat, less, head, tail, more
|
|
102
|
+
const readTargets = extractReadTargets(command);
|
|
103
|
+
for (const target of readTargets) {
|
|
104
|
+
const resolved = path.isAbsolute(target) ? target : path.resolve(workingDir, target);
|
|
105
|
+
const check = checkReadAccess(resolved, config, workingDir, projectDir);
|
|
106
|
+
if (!check.allowed)
|
|
107
|
+
return check;
|
|
108
|
+
}
|
|
109
|
+
return { allowed: true };
|
|
110
|
+
}
|
|
111
|
+
/** Extract file paths that appear as write targets in a shell command */
|
|
112
|
+
function extractWriteTargets(command) {
|
|
113
|
+
const targets = [];
|
|
114
|
+
// Match >> or > followed by optional space and a file path
|
|
115
|
+
const redirectRegex = />{1,2}\s*([^\s;|&]+)/g;
|
|
116
|
+
let match;
|
|
117
|
+
while ((match = redirectRegex.exec(command)) !== null) {
|
|
118
|
+
targets.push(match[1]);
|
|
119
|
+
}
|
|
120
|
+
// Match tee followed by optional flags and file path
|
|
121
|
+
const teeRegex = /\btee\s+(?:-[a-zA-Z]\s+)*([^\s;|&]+)/g;
|
|
122
|
+
while ((match = teeRegex.exec(command)) !== null) {
|
|
123
|
+
targets.push(match[1]);
|
|
124
|
+
}
|
|
125
|
+
return targets;
|
|
126
|
+
}
|
|
127
|
+
/** Extract file paths that appear as read targets in a shell command */
|
|
128
|
+
function extractReadTargets(command) {
|
|
129
|
+
const targets = [];
|
|
130
|
+
// Match cat, less, head, tail, more followed by optional flags and file path
|
|
131
|
+
const readRegex = /\b(?:cat|less|head|tail|more)\s+(?:-[a-zA-Z0-9]+\s+)*([^\s;|&]+)/g;
|
|
132
|
+
let match;
|
|
133
|
+
while ((match = readRegex.exec(command)) !== null) {
|
|
134
|
+
// Skip if it looks like a flag
|
|
135
|
+
if (!match[1].startsWith("-")) {
|
|
136
|
+
targets.push(match[1]);
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
return targets;
|
|
140
|
+
}
|
|
141
|
+
//# sourceMappingURL=filesystem.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem.js","sourceRoot":"","sources":["../../src/sandbox/filesystem.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUH,0CAiBC;AAMD,4CA+BC;AAMD,wDAyBC;AA7FD,2CAA6B;AAC7B,0DAAmD;AAGnD;;;GAGG;AACH,SAAgB,eAAe,CAC7B,QAAgB,EAChB,MAAqB,EACrB,UAAkB,EAClB,UAAkB;IAElB,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAE9C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAExC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC9C,IAAI,IAAA,yBAAS,EAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;YACtD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mCAAmC,QAAQ,4BAA4B,IAAI,IAAI,EAAE,CAAC;QACrH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAC9B,QAAgB,EAChB,MAAqB,EACrB,UAAkB,EAClB,UAAkB;IAElB,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAE9C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAEtD,2CAA2C;IAC3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;QAC/C,IAAI,IAAA,yBAAS,EAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;YACtD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,QAAQ,6BAA6B,IAAI,IAAI,EAAE,CAAC;QACvH,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,IAAI,QAAQ,KAAK,oBAAoB,IAAI,QAAQ,CAAC,UAAU,CAAC,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9F,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,yBAAyB;IACzB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QACjD,IAAI,IAAA,yBAAS,EAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;YACvD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,QAAQ,oDAAoD,EAAE,CAAC;AACtI,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CACpC,OAAe,EACf,MAAqB,EACrB,UAAkB,EAClB,UAAkB;IAElB,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAE9C,mCAAmC;IACnC,MAAM,YAAY,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAClD,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACrF,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QACzE,IAAI,CAAC,KAAK,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;IACnC,CAAC;IAED,mDAAmD;IACnD,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAChD,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACrF,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QACxE,IAAI,CAAC,KAAK,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;IACnC,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,yEAAyE;AACzE,SAAS,mBAAmB,CAAC,OAAe;IAC1C,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,2DAA2D;IAC3D,MAAM,aAAa,GAAG,uBAAuB,CAAC;IAC9C,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,qDAAqD;IACrD,MAAM,QAAQ,GAAG,uCAAuC,CAAC;IACzD,OAAO,CAAC,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,wEAAwE;AACxE,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,6EAA6E;IAC7E,MAAM,SAAS,GAAG,mEAAmE,CAAC;IACtF,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,+BAA+B;QAC/B,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,YAAY,EACV,aAAa,EACb,WAAW,EACX,uBAAuB,EACvB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.defaultSandboxConfig = exports.SandboxManager = void 0;
|
|
4
|
+
var manager_1 = require("./manager");
|
|
5
|
+
Object.defineProperty(exports, "SandboxManager", { enumerable: true, get: function () { return manager_1.SandboxManager; } });
|
|
6
|
+
var types_1 = require("./types");
|
|
7
|
+
Object.defineProperty(exports, "defaultSandboxConfig", { enumerable: true, get: function () { return types_1.defaultSandboxConfig; } });
|
|
8
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":";;;AAAA,qCAA2C;AAAlC,yGAAA,cAAc,OAAA;AAQvB,iCAA+C;AAAtC,6GAAA,oBAAoB,OAAA"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sandbox Manager — orchestrates filesystem and network sandbox enforcement.
|
|
3
|
+
*
|
|
4
|
+
* Loads sandbox configuration from .claude/settings.json files using the
|
|
5
|
+
* same hierarchy as the permission system (local → shared → user).
|
|
6
|
+
*/
|
|
7
|
+
import type { SandboxConfig, SandboxCheckResult, SandboxMode } from "./types";
|
|
8
|
+
export declare class SandboxManager {
|
|
9
|
+
private config;
|
|
10
|
+
private workingDir;
|
|
11
|
+
private projectDir;
|
|
12
|
+
private sessionApprovedDomains;
|
|
13
|
+
private domainPromptFn;
|
|
14
|
+
constructor(workingDir: string, projectDir?: string);
|
|
15
|
+
/**
|
|
16
|
+
* Load and merge sandbox config from settings files.
|
|
17
|
+
* Precedence: local project → shared project → user (highest to lowest).
|
|
18
|
+
* Arrays are merged (not replaced) across scopes.
|
|
19
|
+
*/
|
|
20
|
+
loadConfig(): void;
|
|
21
|
+
getConfig(): Readonly<SandboxConfig>;
|
|
22
|
+
isEnabled(): boolean;
|
|
23
|
+
getMode(): SandboxMode;
|
|
24
|
+
setDomainPromptFn(fn: (domain: string) => Promise<boolean>): void;
|
|
25
|
+
approveDomain(domain: string): void;
|
|
26
|
+
checkFileRead(filePath: string): SandboxCheckResult;
|
|
27
|
+
checkFileWrite(filePath: string): SandboxCheckResult;
|
|
28
|
+
/**
|
|
29
|
+
* Check if a shell command is allowed by sandbox rules.
|
|
30
|
+
* Returns denied if dangerouslyDisableSandbox is used but not allowed.
|
|
31
|
+
*/
|
|
32
|
+
checkShellCommand(command: string, dangerouslyDisableSandbox?: boolean): SandboxCheckResult;
|
|
33
|
+
/**
|
|
34
|
+
* Check if network access to a URL is allowed.
|
|
35
|
+
* If the domain needs user approval, triggers the domain prompt.
|
|
36
|
+
*/
|
|
37
|
+
checkNetworkAccess(url: string): Promise<SandboxCheckResult>;
|
|
38
|
+
/**
|
|
39
|
+
* Check if a command prefix matches any excluded command.
|
|
40
|
+
*/
|
|
41
|
+
isExcludedCommand(command: string): boolean;
|
|
42
|
+
/**
|
|
43
|
+
* Get a sandboxed environment for shell command execution.
|
|
44
|
+
*/
|
|
45
|
+
getShellEnv(): NodeJS.ProcessEnv;
|
|
46
|
+
}
|
|
47
|
+
//# sourceMappingURL=manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/sandbox/manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAQ9E,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,sBAAsB,CAAqB;IACnD,OAAO,CAAC,cAAc,CAAuD;gBAEjE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM;IASnD;;;;OAIG;IACH,UAAU,IAAI,IAAI;IA0ElB,SAAS,IAAI,QAAQ,CAAC,aAAa,CAAC;IAIpC,SAAS,IAAI,OAAO;IAIpB,OAAO,IAAI,WAAW;IAItB,iBAAiB,CAAC,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI;IAIjE,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAMnC,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,kBAAkB;IAInD,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,kBAAkB;IAIpD;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,yBAAyB,CAAC,EAAE,OAAO,GAAG,kBAAkB;IAwB3F;;;OAGG;IACG,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAkBlE;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAU3C;;OAEG;IACH,WAAW,IAAI,MAAM,CAAC,UAAU;CAGjC"}
|