@indigoai-us/hq-cloud 6.11.10 → 6.11.12

package/src/cli/share.ts

@@ -46,7 +46,11 @@ import {
   fetchCompanyTombstones,
   type CompanyTombstone,
 } from "./tombstones.js";
-import { isCoveredByAny, isDirInScope } from "../prefix-coalesce.js";
+import {
+  isCoveredByAny,
+  isDirInScope,
+  type ScopePrefixInput,
+} from "../prefix-coalesce.js";
 import {
   buildConflictId,
   buildConflictPath,
@@ -637,7 +641,7 @@ export interface ShareOptions {
    * filter — full access. An empty array means "no granted prefixes" → every
    * path is out of scope (mirrors the pull side's `isCoveredByAny([])`).
    */
-  prefixSet?: string[];
+  prefixSet?: ScopePrefixInput[];
   /**
    * Pre-fetched FILE_TOMBSTONE map (POSIX key → tombstone) for the push-side
    * delete-resync consult. When omitted, share() fetches it itself via
@@ -778,7 +782,7 @@ function isPreconditionFailed(err: unknown): boolean {
 function wrapFilterWithScope(
   underlying: (absPath: string, isDir?: boolean) => boolean,
   syncRoot: string,
-  prefixSet: readonly string[],
+  prefixSet: readonly ScopePrefixInput[],
   onScopeExcluded: (rel: string) => void,
 ): (absPath: string, isDir?: boolean) => boolean {
   return (absPath: string, isDir?: boolean) => {
@@ -1279,13 +1283,15 @@ export async function share(options: ShareOptions): Promise<ShareResult> {
 
       let isFreshCollision = false;
       let multipartConverged = false;
-      if (!journalEntry && item.kind === "file") {
+      if (!journalEntry && item.kind === "symlink") {
+        // A HEAD on an existing object does not expose the symlink target.
+        // On a first sync, treat the existing remote as a fresh collision
+        // instead of replacing it with the local link record.
+        isFreshCollision = true;
+      } else if (!journalEntry && item.kind === "file") {
         // Single-part S3 PUT etag is MD5 of the body. Multipart uploads
-        // produce \`<md5>-<partCount>\`. Symlink records (\`kind: "symlink"\`)
-        // skip the check entirely — the wire body shape (\`hq-symlink:\`
-        // prefix + target) isn't a pure byte mirror and would mis-
-        // classify; symlink overwrites are rare and an audit pass after
-        // the broader bug-cleanup wave can extend coverage if needed.
+        // produce `<md5>-<partCount>`. Symlink records cannot be classified
+        // from HEAD alone, so the branch above fails closed.
         const remoteEtagNormalized = normalizeEtag(remoteMeta.etag);
         const isMultipart = /-\d+$/.test(remoteEtagNormalized);
         if (!isMultipart) {
@@ -1392,17 +1398,25 @@ export async function share(options: ShareOptions): Promise<ShareResult> {
                 machineId,
               );
               const conflictAbs = path.join(hqRoot, conflictRelative);
-              await downloadFile(ctx, relativePath, conflictAbs);
-              appendConflictEntry(hqRoot, {
-                id: buildConflictId(originalRelative, detectedAt),
-                originalPath: originalRelative,
-                conflictPath: conflictRelative,
-                detectedAt,
-                side: "push",
-                machineId,
-                localHash,
-                remoteHash: normalizeEtag(remoteMeta.etag),
-              });
+              if (!isMaterializationPathStillContained(syncRoot, conflictAbs)) {
+                emit({
+                  type: "error",
+                  path: relativePath,
+                  message: "conflict mirror skipped: local parent escaped the sync root",
+                });
+              } else {
+                await downloadFile(ctx, relativePath, conflictAbs);
+                appendConflictEntry(hqRoot, {
+                  id: buildConflictId(originalRelative, detectedAt),
+                  originalPath: originalRelative,
+                  conflictPath: conflictRelative,
+                  detectedAt,
+                  side: "push",
+                  machineId,
+                  localHash,
+                  remoteHash: normalizeEtag(remoteMeta.etag),
+                });
+              }
             } catch (mirrorErr) {
               emit({
                 type: "error",
@@ -1539,20 +1553,28 @@ export async function share(options: ShareOptions): Promise<ShareResult> {
             machineId,
           );
           const conflictAbs = path.join(hqRoot, conflictRelative);
-          await downloadFile(ctx, relativePath, conflictAbs);
-          appendConflictEntry(hqRoot, {
-            id: buildConflictId(originalRelative, detectedAt),
-            originalPath: originalRelative,
-            conflictPath: conflictRelative,
-            detectedAt,
-            side: "push",
-            machineId,
-            localHash,
-            // remoteMeta (if any) predates the racing write that fired the
-            // fence — record what we knew ("" when the key was believed
-            // absent); the mirror file carries the authoritative remote bytes.
-            remoteHash: remoteMeta ? normalizeEtag(remoteMeta.etag) : "",
-          });
+          if (!isMaterializationPathStillContained(syncRoot, conflictAbs)) {
+            emit({
+              type: "error",
+              path: relativePath,
+              message: "conflict mirror skipped: local parent escaped the sync root",
+            });
+          } else {
+            await downloadFile(ctx, relativePath, conflictAbs);
+            appendConflictEntry(hqRoot, {
+              id: buildConflictId(originalRelative, detectedAt),
+              originalPath: originalRelative,
+              conflictPath: conflictRelative,
+              detectedAt,
+              side: "push",
+              machineId,
+              localHash,
+              // remoteMeta (if any) predates the racing write that fired the
+              // fence — record what we knew ("" when the key was believed
+              // absent); the mirror file carries the authoritative remote bytes.
+              remoteHash: remoteMeta ? normalizeEtag(remoteMeta.etag) : "",
+            });
+          }
         } catch (mirrorErr) {
           emit({
             type: "error",
@@ -2082,6 +2104,11 @@ function isWithin(parent: string, child: string): boolean {
   return rel === "" || (!rel.startsWith("..") && !path.isAbsolute(rel));
 }
 
+function isPathWithin(parent: string, child: string): boolean {
+  const rel = path.relative(parent, child);
+  return rel === "" || (!rel.startsWith("..") && !path.isAbsolute(rel));
+}
+
 function realpathSafe(p: string): string {
   try {
     return fs.realpathSync.native(p);
@@ -2090,6 +2117,48 @@ function realpathSafe(p: string): string {
   }
 }
 
+function deepestExistingAncestor(start: string): string | null {
+  let current = start;
+  for (;;) {
+    try {
+      fs.lstatSync(current);
+      return current;
+    } catch (err: unknown) {
+      const code =
+        err && typeof err === "object" && "code" in err
+          ? (err as { code?: string }).code
+          : undefined;
+      if (code !== "ENOENT" && code !== "ENOTDIR") return null;
+    }
+
+    const parent = path.dirname(current);
+    if (parent === current) return null;
+    current = parent;
+  }
+}
+
+function isMaterializationPathStillContained(root: string, localPath: string): boolean {
+  const resolvedRoot = path.resolve(root);
+  const resolvedLocal = path.resolve(localPath);
+  if (!isPathWithin(resolvedRoot, resolvedLocal)) return false;
+
+  let realRoot: string;
+  try {
+    realRoot = fs.realpathSync.native(resolvedRoot);
+  } catch {
+    return false;
+  }
+
+  const existingAncestor = deepestExistingAncestor(path.dirname(resolvedLocal));
+  if (existingAncestor === null) return false;
+  try {
+    const realAncestor = fs.realpathSync.native(existingAncestor);
+    return isPathWithin(realRoot, realAncestor);
+  } catch {
+    return false;
+  }
+}
+
 /**
  * Containment check tailored for symlinks. Canonicalizes the link's
  * PARENT DIR (which is a real dir, not the link), then compares the