@cluesmith/codev 2.0.0-rc.53 → 2.0.0-rc.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/agent-farm/utils/server-utils.d.ts +4 -5
  2. package/dist/agent-farm/utils/server-utils.d.ts.map +1 -1
  3. package/dist/agent-farm/utils/server-utils.js +4 -20
  4. package/dist/agent-farm/utils/server-utils.js.map +1 -1
  5. package/package.json +1 -1
package/dist/agent-farm/utils/server-utils.d.ts CHANGED
@@ -15,11 +15,10 @@ export declare function escapeHtml(str: string): string;
15
15
  */
16
16
  export declare function parseJsonBody(req: http.IncomingMessage, maxSize?: number): Promise<Record<string, unknown>>;
17
17
  /**
18
- * Security: Validate request origin to prevent CSRF and DNS rebinding attacks
19
- * Allows only localhost and 127.0.0.1 by default.
20
- * Set CODEV_WEB_INSECURE=1 to allow any host (for tunnel access).
18
+ * Security: Validate request origin
19
+ * Currently allows all requests - security is handled by the server binding to localhost only.
21
20
  * @param req - HTTP incoming message
22
- * @returns true if request should be allowed
21
+ * @returns true (always allowed)
23
22
  */
24
- export declare function isRequestAllowed(req: http.IncomingMessage): boolean;
23
+ export declare function isRequestAllowed(_req: http.IncomingMessage): boolean;
25
24
  //# sourceMappingURL=server-utils.d.ts.map
package/dist/agent-farm/utils/server-utils.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server-utils.d.ts","sourceRoot":"","sources":["../../../src/agent-farm/utils/server-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,KAAK,IAAI,MAAM,WAAW,CAAC;AAEvC;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAO9C;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,EAAE,OAAO,SAAc,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyBhH;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAqBnE"}
1
+ {"version":3,"file":"server-utils.d.ts","sourceRoot":"","sources":["../../../src/agent-farm/utils/server-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,KAAK,IAAI,MAAM,WAAW,CAAC;AAEvC;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAO9C;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,EAAE,OAAO,SAAc,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyBhH;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAEpE"}
package/dist/agent-farm/utils/server-utils.js CHANGED
@@ -44,28 +44,12 @@ export function parseJsonBody(req, maxSize = 1024 * 1024) {
44
44
  });
45
45
  }
46
46
  /**
47
- * Security: Validate request origin to prevent CSRF and DNS rebinding attacks
48
- * Allows only localhost and 127.0.0.1 by default.
49
- * Set CODEV_WEB_INSECURE=1 to allow any host (for tunnel access).
47
+ * Security: Validate request origin
48
+ * Currently allows all requests - security is handled by the server binding to localhost only.
50
49
  * @param req - HTTP incoming message
51
- * @returns true if request should be allowed
50
+ * @returns true (always allowed)
52
51
  */
53
- export function isRequestAllowed(req) {
54
- // INSECURE MODE: Skip all checks (for tunnel access)
55
- if (process.env.CODEV_WEB_INSECURE === '1') {
56
- return true;
57
- }
58
- const host = req.headers.host;
59
- const origin = req.headers.origin;
60
- // Host check (prevent DNS rebinding attacks)
61
- if (host && !host.startsWith('localhost') && !host.startsWith('127.0.0.1')) {
62
- return false;
63
- }
64
- // Origin check (prevent CSRF from external sites)
65
- // Note: CLI tools/curl might not send Origin, so we only block if Origin is present and invalid
66
- if (origin && !origin.startsWith('http://localhost') && !origin.startsWith('http://127.0.0.1')) {
67
- return false;
68
- }
52
+ export function isRequestAllowed(_req) {
69
53
  return true;
70
54
  }
71
55
  //# sourceMappingURL=server-utils.js.map
package/dist/agent-farm/utils/server-utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server-utils.js","sourceRoot":"","sources":["../../../src/agent-farm/utils/server-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,GAAG;SACP,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,GAAyB,EAAE,OAAO,GAAG,IAAI,GAAG,IAAI;IAC5E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,IAAI,GAAG,CAAC,CAAC;QAEb,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC;YACrB,IAAI,IAAI,GAAG,OAAO,EAAE,CAAC;gBACnB,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC5C,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,OAAO;YACT,CAAC;YACD,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;YACpC,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAyB;IACxD,qDAAqD;IACrD,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;IAElC,6CAA6C;IAC7C,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kDAAkD;IAClD,gGAAgG;IAChG,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC/F,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
1
+ {"version":3,"file":"server-utils.js","sourceRoot":"","sources":["../../../src/agent-farm/utils/server-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,GAAG;SACP,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,GAAyB,EAAE,OAAO,GAAG,IAAI,GAAG,IAAI;IAC5E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,IAAI,GAAG,CAAC,CAAC;QAEb,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC;YACrB,IAAI,IAAI,GAAG,OAAO,EAAE,CAAC;gBACnB,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC5C,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,OAAO;YACT,CAAC;YACD,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;YACpC,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAA0B;IACzD,OAAO,IAAI,CAAC;AACd,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cluesmith/codev",
3
- "version": "2.0.0-rc.53",
3
+ "version": "2.0.0-rc.54",
4
4
  "description": "Codev CLI - AI-assisted software development framework",
5
5
  "type": "module",
6
6
  "bin": {