@exaudeus/workrail 0.6.1-beta.4 → 0.6.1-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/infrastructure/storage/enhanced-multi-source-workflow-storage.js +1 -1
  2. package/dist/infrastructure/storage/git-workflow-storage.js +7 -2
  3. package/package.json +1 -1
package/dist/infrastructure/storage/enhanced-multi-source-workflow-storage.js CHANGED
@@ -269,7 +269,7 @@ function createEnhancedMultiSourceWorkflowStorage(overrides = {}) {
269
269
  }
270
270
  else if (gitReposJson) {
271
271
  const cacheBaseDir = process.env['WORKRAIL_CACHE_DIR'] ||
272
- path_1.default.join(process.cwd(), '.workrail-cache');
272
+ path_1.default.join(os_1.default.homedir(), '.workrail', 'cache');
273
273
  config.gitRepositories = gitReposJson.split(',').map((url, index) => {
274
274
  const trimmedUrl = url.trim();
275
275
  const repoName = trimmedUrl.split('/').pop()?.replace(/\.git$/, '') || `repo-${index}`;
package/dist/infrastructure/storage/git-workflow-storage.js CHANGED
@@ -9,6 +9,7 @@ const util_1 = require("util");
9
9
  const path_1 = __importDefault(require("path"));
10
10
  const promises_1 = __importDefault(require("fs/promises"));
11
11
  const fs_1 = require("fs");
12
+ const os_1 = __importDefault(require("os"));
12
13
  const storage_security_1 = require("../../utils/storage-security");
13
14
  const error_handler_1 = require("../../core/error-handler");
14
15
  const execAsync = (0, util_1.promisify)(child_process_1.exec);
@@ -29,11 +30,15 @@ class GitWorkflowStorage {
29
30
  const securityOptions = (0, storage_security_1.validateSecurityOptions)({
30
31
  maxFileSizeBytes: config.maxFileSize || 1024 * 1024
31
32
  });
33
+ const defaultCacheDir = path_1.default.join(os_1.default.homedir(), '.workrail', 'cache');
32
34
  const localPath = config.localPath ||
33
- path_1.default.join(process.cwd(), '.workrail-cache', 'community-workflows');
35
+ path_1.default.join(defaultCacheDir, 'community-workflows');
34
36
  if (!config.skipSandboxCheck) {
35
37
  try {
36
- (0, storage_security_1.assertWithinBase)(localPath, process.cwd());
38
+ const safeBaseDir = config.localPath
39
+ ? path_1.default.dirname(path_1.default.dirname(config.localPath))
40
+ : path_1.default.join(os_1.default.homedir(), '.workrail');
41
+ (0, storage_security_1.assertWithinBase)(localPath, safeBaseDir);
37
42
  }
38
43
  catch (error) {
39
44
  throw new error_handler_1.SecurityError(`Local path outside safe boundaries: ${error.message}`);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@exaudeus/workrail",
3
- "version": "0.6.1-beta.4",
3
+ "version": "0.6.1-beta.5",
4
4
  "description": "MCP server for structured workflow orchestration and step-by-step task guidance",
5
5
  "license": "MIT",
6
6
  "bin": {