@evomap/evolver 1.85.2 → 1.86.0

package/src/gep/paths.js

@@ -1,5 +1,6 @@
 const path = require('path');
 const fs = require('fs');
+const os = require('os');
 
 let _cachedRepoRoot = null;
 
@@ -42,34 +43,73 @@ function getRepoRoot() {
   const legacyFlag = process.env.EVOLVER_USE_PARENT_GIT;
   const legacyOptOut = typeof legacyFlag === 'string' && legacyFlag.toLowerCase() === 'false';
 
-  // Walk upward from process.cwd() — the project the user is standing in.
-  if (!noParent && !legacyOptOut) {
-    let cwd = process.cwd();
-    while (cwd !== path.dirname(cwd)) {
-      if (fs.existsSync(path.join(cwd, '.git'))) {
-        if (!process.env.EVOLVER_QUIET_PARENT_GIT) {
-          console.log('[evolver] Using host git repository at:', cwd);
-        }
-        _cachedRepoRoot = cwd;
-        return _cachedRepoRoot;
-      }
-      cwd = path.dirname(cwd);
-    }
+  // Both upward walks below must stop at the parent of the nearest
+  // `node_modules` ancestor — never escape into whatever `.git` happens
+  // to live above it (issue #541). On macOS with Homebrew, the global
+  // install lives at `/opt/homebrew/lib/node_modules/@evomap/evolver`
+  // and `/opt/homebrew` is itself a git repo; an unbounded walk
+  // therefore resolves repoRoot to `/opt/homebrew`, sending
+  // workspaceRoot / memoryDir / evolutionDir to a directory that
+  // doesn't belong to the user and silently producing evolution
+  // proposals for the wrong codebase.
+  //
+  // Boundary semantics: returns the parent of the nearest `node_modules`
+  // ancestor (inclusive — a `.git` at that parent IS still picked up),
+  // or null if `dir` is not inside any `node_modules` (dev clone /
+  // user project root). Callers stop AFTER checking the boundary path
+  // itself.
+  //
+  // For a local install (`<project>/node_modules/@evomap/evolver`), the
+  // parent of node_modules IS the user's project, so the boundary
+  // includes `<project>` and `<project>/.git` is still picked up
+  // correctly. For a dev clone, the boundary is null and the walk is
+  // unbounded as before.
+  function _nodeModulesBoundary(dir) {
+    const segments = dir.split(path.sep);
+    const nmIdx = segments.lastIndexOf('node_modules');
+    if (nmIdx <= 0) return null;
+    return segments.slice(0, nmIdx).join(path.sep) || path.sep;
   }
 
-  // Walk upward from ownDir's parent (local install inside node_modules).
-  if (!noParent && !legacyOptOut) {
-    let dir = path.dirname(ownDir);
+  function _walkForGit(start) {
+    const stopAt = _nodeModulesBoundary(start);
+    let dir = start;
     while (dir !== path.dirname(dir)) {
       if (fs.existsSync(path.join(dir, '.git'))) {
         if (!process.env.EVOLVER_QUIET_PARENT_GIT) {
           console.log('[evolver] Using host git repository at:', dir);
         }
-        _cachedRepoRoot = dir;
-        return _cachedRepoRoot;
+        return dir;
       }
+      if (stopAt !== null && dir === stopAt) break;
       dir = path.dirname(dir);
     }
+    return null;
+  }
+
+  // Walk upward from process.cwd() — the project the user is standing in.
+  // Bounded the same way as the ownDir walk: a user who `cd`s into the
+  // global install (e.g. `cd /opt/homebrew/lib/node_modules/@evomap/evolver`
+  // to debug) would otherwise hit `/opt/homebrew/.git` here BEFORE the
+  // ownDir walk runs, defeating its boundary. The boundary still
+  // includes the parent of node_modules, so a user `cd`'d into
+  // `<their-project>/node_modules/lodash` still has `<their-project>/.git`
+  // picked correctly.
+  if (!noParent && !legacyOptOut) {
+    const hit = _walkForGit(process.cwd());
+    if (hit) {
+      _cachedRepoRoot = hit;
+      return _cachedRepoRoot;
+    }
+  }
+
+  // Walk upward from ownDir's parent (local install inside node_modules).
+  if (!noParent && !legacyOptOut) {
+    const hit = _walkForGit(path.dirname(ownDir));
+    if (hit) {
+      _cachedRepoRoot = hit;
+      return _cachedRepoRoot;
+    }
   }
 
   // Fallback: evolver's own directory (dev mode or isolated install).
@@ -224,6 +264,27 @@ function getEvolverInstallRoot() {
   return path.resolve(__dirname, '..', '..');
 }
 
+// Resolve the per-user `~/.evomap` directory, with `EVOLVER_HOME` env var
+// override. Lazy (function call, not a module-level `const`) so tests can
+// flip `EVOLVER_HOME` per case without monkey-patching `os.homedir`.
+//
+// Existing call sites used to duplicate `path.join(os.homedir(), '.evomap')`
+// across ~9 modules; about two thirds silently ignored `EVOLVER_HOME` (it
+// worked for stake bootstrap and claim nudge but not for node-id, device-id,
+// feature flags, etc.). #114 consolidates onto this helper so the override
+// is uniform and tests don't need to monkey-patch the global homedir
+// function (which doesn't compose with `node --test` parallel execution).
+function getEvomapDir() {
+  return process.env.EVOLVER_HOME || path.join(os.homedir(), '.evomap');
+}
+
+// Join sub-segments under `~/.evomap`. Just a convenience wrapper so call
+// sites don't have to `path.join(getEvomapDir(), 'mailbox', 'state.json')`
+// in two pieces.
+function getEvomapPath(...segments) {
+  return path.join(getEvomapDir(), ...segments);
+}
+
 // Per-workspace random secret used to attest that a memory_graph.jsonl
 // entry was written by the same workspace that's now reading it. Stored
 // at <workspace>/.evolver/workspace-id with mode 0600 and lazily created
@@ -238,32 +299,51 @@ function getEvolverInstallRoot() {
 // claim a different workspace. workspace-id replaces that self-report
 // with a secret that only the legitimate workspace's evolver knows
 // (Bugbot PR #108 round-3 Agentic Security Review MEDIUM).
-function getWorkspaceId() {
-  if (process.env.EVOLVER_WORKSPACE_ID) return String(process.env.EVOLVER_WORKSPACE_ID);
-  const dir = path.join(getWorkspaceRoot(), '.evolver');
-  const file = path.join(dir, 'workspace-id');
+//
+// Issue #111 Phase 1: optionally backs the secret with the OS keychain
+// (`@napi-rs/keyring` optional dep) to close the same-uid readability
+// gap. Mode is controlled by `EVOLVER_WORKSPACE_KEYCHAIN` (auto/force/
+// off, default `auto`). FS file is RETAINED on successful keychain
+// migration so bun-compiled binaries (which can't `require()` the
+// addon yet — Phase 2) still see the same id when handing off to a
+// node-CLI session in the same workspace.
 
-  // Refuse to follow symlinks at either the directory or file level.
-  // A malicious repo can pre-place `.evolver` or `.evolver/workspace-id`
-  // as a symlink to an attacker-chosen path outside the workspace, and
-  // mkdirSync({recursive:true}) / writeFileSync would silently follow
-  // it — clobbering the linked file with the secret payload (Bugbot PR
-  // #109 round-2 HIGH, Agentic Security Review).
+// Read the FS-backed workspace-id at <workspace>/.evolver/workspace-id.
+// Returns the id on a clean read, null on any error or missing file.
+// Symlink rejection matches the pre-keychain hardening from PR #109.
+function _readWorkspaceIdFromFs(file) {
+  const dir = path.dirname(file);
   try {
     const dirStat = fs.lstatSync(dir, { throwIfNoEntry: false });
     if (dirStat && dirStat.isSymbolicLink()) return null;
     const fileStat = fs.lstatSync(file, { throwIfNoEntry: false });
-    if (fileStat) {
-      if (fileStat.isSymbolicLink() || !fileStat.isFile()) return null;
-      try {
-        const raw = fs.readFileSync(file, 'utf8').trim();
-        if (raw && /^[a-f0-9]{32,}$/i.test(raw)) return raw;
-      } catch { /* unreadable — fall through to recreate */ }
-    }
-  } catch { /* fall through to create */ }
+    if (!fileStat) return null;
+    if (fileStat.isSymbolicLink() || !fileStat.isFile()) return null;
+    const raw = fs.readFileSync(file, 'utf8').trim();
+    if (raw && /^[a-f0-9]{32,}$/i.test(raw)) return raw;
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+// Atomically create <workspace>/.evolver/workspace-id with the given id
+// (or generate one if `id` is null). Returns the id that ended up on
+// disk, or null on any unrecoverable error. EEXIST races re-read.
+function _writeWorkspaceIdToFs(file, id) {
+  const dir = path.dirname(file);
   try {
+    // Refuse to write if `.evolver` is a symlink. mkdirSync({recursive:true})
+    // happily traverses an existing symlinked directory and the subsequent
+    // open() lands the secret file in the attacker-controlled target —
+    // O_NOFOLLOW only guards the FINAL path component, not intermediate
+    // directories. The pre-refactor monolithic getWorkspaceId() returned
+    // null on a symlinked dir before reaching the write; preserve that
+    // here (Bugbot PR #121 round-1 HIGH; original guard PR #109 round-2 HIGH).
+    const dirStat = fs.lstatSync(dir, { throwIfNoEntry: false });
+    if (dirStat && dirStat.isSymbolicLink()) return null;
     fs.mkdirSync(dir, { recursive: true });
-    const id = require('crypto').randomBytes(16).toString('hex');
+    const payload = id || require('crypto').randomBytes(16).toString('hex');
     // Atomic create-and-fail-if-exists so we never overwrite an
     // attacker-pre-placed file (TOCTOU between lstat and writeFileSync
     // could otherwise race a symlink in). O_NOFOLLOW also refuses to
@@ -276,32 +356,106 @@ function getWorkspaceId() {
     try {
       fd = fs.openSync(file, flags, 0o600);
     } catch (e) {
-      // EEXIST means another process beat us to it — re-read with the
-      // same symlink guards as above.
       if (e && e.code === 'EEXIST') {
-        const fileStat = fs.lstatSync(file, { throwIfNoEntry: false });
-        if (!fileStat || fileStat.isSymbolicLink() || !fileStat.isFile()) return null;
-        try {
-          const raw = fs.readFileSync(file, 'utf8').trim();
-          if (raw && /^[a-f0-9]{32,}$/i.test(raw)) return raw;
-        } catch { /* unreadable */ }
-        return null;
+        // Another process beat us — re-read with the same symlink guards.
+        return _readWorkspaceIdFromFs(file);
       }
       // ELOOP / EMLINK from O_NOFOLLOW hitting a symlink — refuse.
       return null;
     }
     try {
-      fs.writeSync(fd, id + '\n', 0, 'utf8');
+      fs.writeSync(fd, payload + '\n', 0, 'utf8');
     } finally {
       fs.closeSync(fd);
     }
     try { fs.chmodSync(file, 0o600); } catch { /* best-effort */ }
-    return id;
+    return payload;
   } catch {
     return null;
   }
 }
 
+function getWorkspaceId() {
+  if (process.env.EVOLVER_WORKSPACE_ID) return String(process.env.EVOLVER_WORKSPACE_ID);
+  const workspaceRoot = getWorkspaceRoot();
+  const dir = path.join(workspaceRoot, '.evolver');
+  const file = path.join(dir, 'workspace-id');
+
+  let mode = 'off';
+  let keychain = null;
+  try {
+    keychain = require('./workspaceKeychain');
+    mode = keychain.getMode();
+  } catch {
+    // workspaceKeychain.js missing — degrade silently to FS-only.
+    mode = 'off';
+  }
+
+  if (mode !== 'off' && keychain) {
+    const addonAvailable = keychain.loadAddon() !== null;
+    if (mode === 'force' && !addonAvailable) {
+      throw new Error(
+        'EVOLVER_WORKSPACE_KEYCHAIN=force but @napi-rs/keyring is not installed. ' +
+        'Install it (`npm i @napi-rs/keyring`) or set EVOLVER_WORKSPACE_KEYCHAIN=auto/off.'
+      );
+    }
+    if (addonAvailable) {
+      const hit = keychain.readFromKeychain(workspaceRoot);
+      if (hit.available && hit.id) return hit.id;
+
+      // `force` must NEVER fall back to FS read/write — that would
+      // silently re-introduce same-uid plaintext exposure of the
+      // workspace secret, which is exactly what `force` exists to
+      // prevent (Bugbot PR #121 round-2 MEDIUM Agentic Security).
+      // Generate a fresh id and write it ONLY to the keychain; if
+      // that write fails, throw rather than mirror to FS.
+      if (mode === 'force') {
+        if (hit.available) {
+          // Keychain reachable but empty — mint and write keychain-only.
+          const newId = require('crypto').randomBytes(16).toString('hex');
+          if (!keychain.writeToKeychain(workspaceRoot, newId)) {
+            throw new Error(
+              'EVOLVER_WORKSPACE_KEYCHAIN=force: keychain write failed; ' +
+              'refusing to fall back to filesystem secret.'
+            );
+          }
+          return newId;
+        }
+        // Addon loaded but read claims unavailable (e.g. locked
+        // keyring on Linux, no D-Bus session). Refuse rather than
+        // silently degrade.
+        throw new Error(
+          'EVOLVER_WORKSPACE_KEYCHAIN=force: keychain reports unavailable ' +
+          '(locked keyring / no session?); refusing to fall back to filesystem.'
+        );
+      }
+
+      // mode === 'auto', keychain miss — try to migrate an existing
+      // FS secret in.
+      const fsId = _readWorkspaceIdFromFs(file);
+      if (fsId) {
+        keychain.writeToKeychain(workspaceRoot, fsId); // best-effort
+        return fsId;
+      }
+
+      // No secret anywhere — generate, write FS atomically, then
+      // mirror to keychain. FS write is the source of truth for the
+      // value (race-resistant via O_EXCL); keychain is the upgrade.
+      const newId = _writeWorkspaceIdToFs(file, null);
+      if (!newId) return null;
+      keychain.writeToKeychain(workspaceRoot, newId); // best-effort
+      return newId;
+    }
+    // mode === 'auto' && addon unavailable → fall through to FS.
+  }
+
+  // FS-only path (mode === 'off' or auto-fallback). Identical to the
+  // pre-#111 implementation in observable behavior.
+  const existing = _readWorkspaceIdFromFs(file);
+  if (existing) return existing;
+  return _writeWorkspaceIdToFs(file, null);
+}
+
 module.exports = {
   getRepoRoot,
   getEvolverInstallRoot,
@@ -319,4 +473,6 @@ module.exports = {
   getNarrativePath,
   getEvolutionPrinciplesPath,
   getReflectionLogPath,
+  getEvomapDir,
+  getEvomapPath,
 };