@exaudeus/workrail 0.16.0 → 1.0.0

package/dist/di/container.js

@@ -179,8 +179,11 @@ async function registerV2Services() {
     const { NodeCryptoV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/crypto/index.js')));
     const { NodeHmacSha256V2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/hmac-sha256/index.js')));
     const { NodeBase64UrlV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/base64url/index.js')));
+    const { Base32AdapterV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/base32/index.js')));
+    const { Bech32mAdapterV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/bech32m/index.js')));
     const { NodeRandomEntropyV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/random-entropy/index.js')));
     const { NodeTimeClockV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/time-clock/index.js')));
+    const { IdFactoryV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/id-factory/index.js')));
     tsyringe_1.container.register(tokens_js_1.DI.V2.DataDir, {
         useFactory: (0, tsyringe_1.instanceCachingFactory)(() => new LocalDataDirV2(process.env)),
     });
@@ -199,12 +202,24 @@ async function registerV2Services() {
     tsyringe_1.container.register(tokens_js_1.DI.V2.Base64Url, {
         useFactory: (0, tsyringe_1.instanceCachingFactory)(() => new NodeBase64UrlV2()),
     });
+    tsyringe_1.container.register(tokens_js_1.DI.V2.Base32, {
+        useFactory: (0, tsyringe_1.instanceCachingFactory)(() => new Base32AdapterV2()),
+    });
+    tsyringe_1.container.register(tokens_js_1.DI.V2.Bech32m, {
+        useFactory: (0, tsyringe_1.instanceCachingFactory)(() => new Bech32mAdapterV2()),
+    });
     tsyringe_1.container.register(tokens_js_1.DI.V2.RandomEntropy, {
         useFactory: (0, tsyringe_1.instanceCachingFactory)(() => new NodeRandomEntropyV2()),
     });
     tsyringe_1.container.register(tokens_js_1.DI.V2.TimeClock, {
         useFactory: (0, tsyringe_1.instanceCachingFactory)(() => new NodeTimeClockV2()),
     });
+    tsyringe_1.container.register(tokens_js_1.DI.V2.IdFactory, {
+        useFactory: (0, tsyringe_1.instanceCachingFactory)((c) => {
+            const entropy = c.resolve(tokens_js_1.DI.V2.RandomEntropy);
+            return new IdFactoryV2(entropy);
+        }),
+    });
     const { LocalKeyringV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/keyring/index.js')));
     const { LocalSessionEventLogStoreV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/session-store/index.js')));
     const { LocalSnapshotStoreV2 } = await Promise.resolve().then(() => __importStar(require('../v2/infra/local/snapshot-store/index.js')));

package/dist/di/tokens.d.ts

@@ -28,8 +28,11 @@ export declare const DI: {
         readonly Crypto: symbol;
         readonly HmacSha256: symbol;
         readonly Base64Url: symbol;
+        readonly Base32: symbol;
+        readonly Bech32m: symbol;
         readonly RandomEntropy: symbol;
         readonly TimeClock: symbol;
+        readonly IdFactory: symbol;
         readonly Keyring: symbol;
         readonly SessionStore: symbol;
         readonly SnapshotStore: symbol;

package/dist/di/tokens.js

@@ -31,8 +31,11 @@ exports.DI = {
         Crypto: Symbol('V2.Crypto'),
         HmacSha256: Symbol('V2.HmacSha256'),
         Base64Url: Symbol('V2.Base64Url'),
+        Base32: Symbol('V2.Base32'),
+        Bech32m: Symbol('V2.Bech32m'),
         RandomEntropy: Symbol('V2.RandomEntropy'),
         TimeClock: Symbol('V2.TimeClock'),
+        IdFactory: Symbol('V2.IdFactory'),
         Keyring: Symbol('V2.Keyring'),
         SessionStore: Symbol('V2.SessionStore'),
         SnapshotStore: Symbol('V2.SnapshotStore'),

package/dist/infrastructure/session/HttpServer.d.ts

@@ -16,6 +16,7 @@ export interface ServerConfig {
     port?: number;
     browserBehavior?: BrowserBehavior;
     dashboardMode?: DashboardMode;
+    lockFilePath?: string;
 }
 export declare class HttpServer {
     private sessionManager;
@@ -30,7 +31,7 @@ export declare class HttpServer {
     private baseUrl;
     private isPrimary;
     private lockFile;
-    private readonly heartbeat;
+    private heartbeat;
     constructor(sessionManager: SessionManager, processLifecyclePolicy: ProcessLifecyclePolicy, processSignals: ProcessSignals, shutdownEvents: ShutdownEvents, dashboardMode: DashboardMode, browserBehavior: BrowserBehavior);
     private config;
     setConfig(config: ServerConfig): this;

package/dist/infrastructure/session/HttpServer.js

@@ -53,6 +53,10 @@ let HttpServer = class HttpServer {
         if (config.port) {
             this.port = config.port;
         }
+        if (config.lockFilePath) {
+            this.lockFile = config.lockFilePath;
+            this.heartbeat = new DashboardHeartbeat_js_1.DashboardHeartbeat(this.lockFile, () => this.isPrimary);
+        }
         return this;
     }
     setupMiddleware() {
@@ -350,7 +354,7 @@ let HttpServer = class HttpServer {
             }
             catch (error) {
                 if (error.code === 'EADDRINUSE') {
-                    console.error('[Dashboard] Port 3456 busy despite lock, falling back to legacy mode');
+                    console.error(`[Dashboard] Port ${this.port} busy despite lock, falling back to legacy mode`);
                     await promises_1.default.unlink(this.lockFile).catch(() => { });
                     return await this.startLegacyMode();
                 }
@@ -358,7 +362,7 @@ let HttpServer = class HttpServer {
             }
         }
         else {
-            console.error('[Dashboard] ✅ Unified dashboard at http://localhost:3456');
+            console.error(`[Dashboard] ✅ Unified dashboard at http://localhost:${this.port}`);
             return null;
         }
     }
@@ -367,7 +371,7 @@ let HttpServer = class HttpServer {
             await promises_1.default.mkdir(path_1.default.dirname(this.lockFile), { recursive: true });
             const lockData = {
                 pid: process.pid,
-                port: 3456,
+                port: this.port,
                 startedAt: new Date().toISOString(),
                 lastHeartbeat: new Date().toISOString(),
                 projectId: this.sessionManager.getProjectId(),
@@ -435,7 +439,7 @@ let HttpServer = class HttpServer {
             const tempPath = `${this.lockFile}.${process.pid}.${Date.now()}`;
             const newLockData = {
                 pid: process.pid,
-                port: 3456,
+                port: this.port,
                 startedAt: new Date().toISOString(),
                 lastHeartbeat: new Date().toISOString(),
                 projectId: this.sessionManager.getProjectId(),
@@ -443,7 +447,22 @@ let HttpServer = class HttpServer {
             };
             try {
                 await promises_1.default.writeFile(tempPath, JSON.stringify(newLockData, null, 2));
-                await promises_1.default.rename(tempPath, this.lockFile);
+                let retries = 3;
+                let renamed = false;
+                while (retries > 0 && !renamed) {
+                    try {
+                        await promises_1.default.rename(tempPath, this.lockFile);
+                        renamed = true;
+                    }
+                    catch (err) {
+                        if (err.code === 'EPERM' && process.platform === 'win32' && retries > 1) {
+                            await new Promise(resolve => setTimeout(resolve, 10));
+                            retries--;
+                            continue;
+                        }
+                        throw err;
+                    }
+                }
                 console.error('[Dashboard] Lock reclaimed successfully');
                 this.isPrimary = true;
                 this.setupPrimaryCleanup();
@@ -532,9 +551,9 @@ let HttpServer = class HttpServer {
             this.server.on('error', (error) => {
                 reject(error);
             });
-            this.server.listen(3456, () => {
-                this.port = 3456;
-                this.baseUrl = 'http://localhost:3456';
+            const listenPort = this.port;
+            this.server.listen(listenPort, () => {
+                this.baseUrl = `http://localhost:${listenPort}`;
                 this.printBanner();
                 resolve();
             });
@@ -688,12 +707,17 @@ let HttpServer = class HttpServer {
                     return [];
                 return output.split('\n').filter(Boolean).map(line => {
                     const parts = line.trim().split(/\s+/);
+                    const state = parts[3] || '';
                     const address = parts[1] || '';
                     const pid = parseInt(parts[4]);
                     const portMatch = address.match(/:(\d+)$/);
                     const port = portMatch ? parseInt(portMatch[1]) : 0;
-                    return { port, pid };
-                }).filter(item => item.port >= 3456 && item.port < 3500 && !isNaN(item.pid));
+                    return { port, pid, state };
+                }).filter(item => item.state === 'LISTENING' &&
+                    item.port >= 3456 &&
+                    item.port < 3500 &&
+                    !isNaN(item.pid) &&
+                    item.pid > 0).map(({ port, pid }) => ({ port, pid }));
             }
             return [];
         }

package/dist/infrastructure/session/SessionManager.js

@@ -345,7 +345,25 @@ let SessionManager = class SessionManager extends events_1.EventEmitter {
         const tempPath = `${filePath}.tmp.${Date.now()}`;
         try {
             await promises_1.default.writeFile(tempPath, JSON.stringify(data, null, 2), 'utf-8');
-            await promises_1.default.rename(tempPath, filePath);
+            let retries = 3;
+            while (retries > 0) {
+                try {
+                    await promises_1.default.rename(tempPath, filePath);
+                    return;
+                }
+                catch (error) {
+                    if (error.code === 'EPERM' && process.platform === 'win32' && retries > 1) {
+                        await new Promise(resolve => setTimeout(resolve, 10));
+                        retries--;
+                        continue;
+                    }
+                    try {
+                        await promises_1.default.unlink(tempPath);
+                    }
+                    catch { }
+                    throw error;
+                }
+            }
         }
         catch (error) {
             try {

package/dist/infrastructure/storage/enhanced-multi-source-workflow-storage.js

@@ -8,6 +8,7 @@ exports.createEnhancedMultiSourceWorkflowStorage = createEnhancedMultiSourceWork
 const fs_1 = require("fs");
 const path_1 = __importDefault(require("path"));
 const os_1 = __importDefault(require("os"));
+const url_1 = require("url");
 const workflow_1 = require("../../types/workflow");
 const file_workflow_storage_1 = require("./file-workflow-storage");
 const git_workflow_storage_1 = require("./git-workflow-storage");
@@ -319,8 +320,16 @@ function createEnhancedMultiSourceWorkflowStorage(overrides = {}, featureFlagPro
         const urls = gitReposJson.split(',').map(url => url.trim());
         const localFileUrls = [];
         const actualGitUrls = [];
+        const isWindowsAbsolutePath = (p) => {
+            if (/^[a-zA-Z]:[\\/]/.test(p))
+                return true;
+            if (p.startsWith('\\\\'))
+                return true;
+            return false;
+        };
         for (const url of urls) {
-            if (url.startsWith('file://') || (!url.includes('://') && url.startsWith('/'))) {
+            const isLocalPath = !url.includes('://') && (url.startsWith('/') || isWindowsAbsolutePath(url));
+            if (url.startsWith('file://') || isLocalPath) {
                 localFileUrls.push(url);
             }
             else {
@@ -330,7 +339,22 @@ function createEnhancedMultiSourceWorkflowStorage(overrides = {}, featureFlagPro
         if (localFileUrls.length > 0) {
             config.customPaths = config.customPaths || [];
             for (const url of localFileUrls) {
-                const localPath = url.startsWith('file://') ? url.substring(7) : url;
+                const localPath = (() => {
+                    if (!url.startsWith('file://'))
+                        return url;
+                    try {
+                        const decoded = decodeURIComponent(url);
+                        return (0, url_1.fileURLToPath)(new URL(decoded));
+                    }
+                    catch {
+                        try {
+                            return (0, url_1.fileURLToPath)(new URL(url));
+                        }
+                        catch {
+                            return url.substring('file://'.length);
+                        }
+                    }
+                })();
                 config.customPaths.push(localPath);
                 logger.info('Using direct file access for local repository', { localPath });
             }

package/dist/infrastructure/storage/file-workflow-storage.js

@@ -11,6 +11,7 @@ const path_1 = __importDefault(require("path"));
 const workflow_1 = require("../../types/workflow");
 const error_handler_1 = require("../../core/error-handler");
 const workflow_id_policy_1 = require("../../domain/workflow-id-policy");
+const storage_security_1 = require("../../utils/storage-security");
 function sanitizeId(id) {
     if (id.includes('\u0000')) {
         throw new error_handler_1.SecurityError('Null byte detected in identifier', 'sanitizeId');
@@ -23,9 +24,7 @@ function sanitizeId(id) {
     return normalised;
 }
 function assertWithinBase(resolvedPath, baseDir) {
-    if (!resolvedPath.startsWith(baseDir + path_1.default.sep) && resolvedPath !== baseDir) {
-        throw new error_handler_1.SecurityError('Path escapes storage sandbox', 'file-access');
-    }
+    (0, storage_security_1.assertWithinBase)(resolvedPath, baseDir);
 }
 class FileWorkflowStorage {
     constructor(directory, source, featureFlagProvider, options = {}) {
@@ -69,7 +68,8 @@ class FileWorkflowStorage {
         for (const file of relativeFiles) {
             try {
                 if (!this.featureFlags.isEnabled('agenticRoutines')) {
-                    if (file.includes('routines/') || path_1.default.basename(file).startsWith('routine-')) {
+                    const normalizedFile = file.replace(/\\/g, '/');
+                    if (normalizedFile.includes('routines/') || path_1.default.basename(file).startsWith('routine-')) {
                         continue;
                     }
                 }

package/dist/infrastructure/storage/git-workflow-storage.d.ts

@@ -35,5 +35,4 @@ export declare class GitWorkflowStorage implements IWorkflowStorage {
     private cloneRepository;
     private pullRepository;
     private gitCommitAndPush;
-    private escapeShellArg;
 }

package/dist/infrastructure/storage/git-workflow-storage.js

@@ -11,10 +11,12 @@ const path_1 = __importDefault(require("path"));
 const promises_1 = __importDefault(require("fs/promises"));
 const fs_1 = require("fs");
 const os_1 = __importDefault(require("os"));
+const url_1 = require("url");
 const storage_security_1 = require("../../utils/storage-security");
 const error_handler_1 = require("../../core/error-handler");
 const logger_1 = require("../../utils/logger");
 const execAsync = (0, util_1.promisify)(child_process_1.exec);
+const execFileAsync = (0, util_1.promisify)(child_process_1.execFile);
 const logger = (0, logger_1.createLogger)('GitWorkflowStorage');
 class GitWorkflowStorage {
     constructor(config, source) {
@@ -64,6 +66,8 @@ class GitWorkflowStorage {
         };
     }
     isValidGitUrl(url) {
+        if (/^[a-zA-Z]:[\\/]/.test(url) || url.startsWith('\\\\'))
+            return true;
         const sshPattern = /^git@[\w.-]+:[\w\/-]+\.git$/;
         if (sshPattern.test(url))
             return true;
@@ -226,27 +230,35 @@ class GitWorkflowStorage {
         const parentDir = path_1.default.dirname(this.localPath);
         await promises_1.default.mkdir(parentDir, { recursive: true });
         let cloneUrl = this.config.repositoryUrl;
-        if (cloneUrl.startsWith('/')) {
-            cloneUrl = `file://${cloneUrl}`;
+        if (!cloneUrl.includes('://')) {
+            const abs = path_1.default.resolve(cloneUrl);
+            cloneUrl = (0, url_1.pathToFileURL)(abs).href;
+        }
+        else if (cloneUrl.startsWith('file://') && process.platform === 'win32') {
+            try {
+                const raw = cloneUrl.substring('file://'.length);
+                if (/^[a-zA-Z]:[\\/]/.test(raw)) {
+                    cloneUrl = (0, url_1.pathToFileURL)(path_1.default.resolve(raw)).href;
+                }
+            }
+            catch {
+            }
         }
         if (!this.isSshUrl(this.config.repositoryUrl) && this.config.authToken && cloneUrl.startsWith('https://')) {
             cloneUrl = cloneUrl.replace('https://', `https://${this.config.authToken}@`);
         }
-        const escapedUrl = this.escapeShellArg(cloneUrl);
-        const escapedBranch = this.escapeShellArg(this.config.branch);
-        const escapedPath = this.escapeShellArg(this.localPath);
-        let command = `git clone --branch ${escapedBranch} ${escapedUrl} ${escapedPath}`;
         try {
-            await execAsync(command, { timeout: 60000 });
+            const dest = process.platform === 'win32' ? this.localPath.replace(/\\/g, '/') : this.localPath;
+            await execFileAsync('git', ['clone', '--branch', this.config.branch, cloneUrl, dest], { timeout: 60000 });
             logger.info('Successfully cloned repository', { branch: this.config.branch });
         }
         catch (error) {
             const errorMsg = error.message;
             if (errorMsg.includes('Remote branch') && errorMsg.includes('not found')) {
-                command = `git clone ${escapedUrl} ${escapedPath}`;
                 try {
-                    await execAsync(command, { timeout: 60000 });
-                    const { stdout } = await execAsync('git rev-parse --abbrev-ref HEAD', { cwd: this.localPath });
+                    const dest = process.platform === 'win32' ? this.localPath.replace(/\\/g, '/') : this.localPath;
+                    await execFileAsync('git', ['clone', cloneUrl, dest], { timeout: 60000 });
+                    const { stdout } = await execFileAsync('git', ['rev-parse', '--abbrev-ref', 'HEAD'], { cwd: this.localPath });
                     this.config.branch = stdout.trim();
                 }
                 catch (fallbackError) {
@@ -259,15 +271,13 @@ class GitWorkflowStorage {
         }
     }
     async pullRepository() {
-        const escapedPath = this.escapeShellArg(this.localPath);
-        const escapedBranch = this.escapeShellArg(this.config.branch);
         try {
-            await execAsync(`cd ${escapedPath} && git fetch origin ${escapedBranch}`, { timeout: 30000 });
-            await execAsync(`cd ${escapedPath} && git reset --hard origin/${escapedBranch}`, { timeout: 30000 });
+            await execFileAsync('git', ['fetch', 'origin', this.config.branch], { cwd: this.localPath, timeout: 30000 });
+            await execFileAsync('git', ['reset', '--hard', `origin/${this.config.branch}`], { cwd: this.localPath, timeout: 30000 });
         }
         catch {
             try {
-                await execAsync(`cd ${escapedPath} && git pull origin ${escapedBranch}`, { timeout: 30000 });
+                await execFileAsync('git', ['pull', 'origin', this.config.branch], { cwd: this.localPath, timeout: 30000 });
             }
             catch (pullError) {
                 logger.warn('Git pull failed, using cached version', pullError);
@@ -275,25 +285,14 @@ class GitWorkflowStorage {
         }
     }
     async gitCommitAndPush(definition) {
-        const escapedPath = this.escapeShellArg(this.localPath);
-        const escapedFilename = this.escapeShellArg(`workflows/${definition.id}.json`);
-        const escapedMessage = this.escapeShellArg(`Add/update workflow: ${definition.name}`);
-        const escapedBranch = this.escapeShellArg(this.config.branch);
-        const command = [
-            `cd ${escapedPath}`,
-            `git add ${escapedFilename}`,
-            `git commit -m ${escapedMessage}`,
-            `git push origin ${escapedBranch}`
-        ].join(' && ');
         try {
-            await execAsync(command, { timeout: 60000 });
+            await execFileAsync('git', ['add', `workflows/${definition.id}.json`], { cwd: this.localPath, timeout: 60000 });
+            await execFileAsync('git', ['commit', '-m', `Add/update workflow: ${definition.name}`], { cwd: this.localPath, timeout: 60000 });
+            await execFileAsync('git', ['push', 'origin', this.config.branch], { cwd: this.localPath, timeout: 60000 });
         }
         catch (error) {
             throw new error_handler_1.StorageError(`Failed to push workflow to repository: ${error.message}`);
         }
     }
-    escapeShellArg(arg) {
-        return `'${arg.replace(/'/g, "'\"'\"'")}'`;
-    }
 }
 exports.GitWorkflowStorage = GitWorkflowStorage;

package/dist/infrastructure/storage/plugin-workflow-storage.js

@@ -28,7 +28,8 @@ class PluginWorkflowStorage {
         for (const pluginPath of pluginPaths) {
             try {
                 if (path_1.default.isAbsolute(pluginPath)) {
-                    (0, storage_security_1.assertWithinBase)(pluginPath, '/');
+                    const baseCheck = process.platform === 'win32' ? path_1.default.parse(pluginPath).root : '/';
+                    (0, storage_security_1.assertWithinBase)(pluginPath, baseCheck);
                 }
             }
             catch (error) {
@@ -46,10 +47,15 @@ class PluginWorkflowStorage {
     getDefaultPluginPaths() {
         const paths = [];
         try {
-            const globalPath = require.resolve('npm').replace(/\/npm\/.*$/, '');
-            const globalNodeModules = path_1.default.join(globalPath, 'node_modules');
-            if ((0, fs_1.existsSync)(globalNodeModules)) {
-                paths.push(globalNodeModules);
+            const npmPath = require.resolve('npm');
+            const npmSegments = npmPath.split(path_1.default.sep);
+            const npmIdx = npmSegments.findIndex((s) => s === 'npm');
+            if (npmIdx > 0) {
+                const globalPath = npmSegments.slice(0, npmIdx).join(path_1.default.sep);
+                const globalNodeModules = path_1.default.join(globalPath, 'node_modules');
+                if ((0, fs_1.existsSync)(globalNodeModules)) {
+                    paths.push(globalNodeModules);
+                }
             }
         }
         catch {