@kaitranntt/ccs 7.78.0 → 7.78.1-dev.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/channels/official-channels-runtime.d.ts.map +1 -1
- package/dist/channels/official-channels-runtime.js +11 -0
- package/dist/channels/official-channels-runtime.js.map +1 -1
- package/dist/cliproxy/auth/oauth-handler.d.ts.map +1 -1
- package/dist/cliproxy/auth/oauth-handler.js +21 -0
- package/dist/cliproxy/auth/oauth-handler.js.map +1 -1
- package/dist/cliproxy/auth/oauth-start-failure-guidance.d.ts +22 -0
- package/dist/cliproxy/auth/oauth-start-failure-guidance.d.ts.map +1 -0
- package/dist/cliproxy/auth/oauth-start-failure-guidance.js +82 -0
- package/dist/cliproxy/auth/oauth-start-failure-guidance.js.map +1 -0
- package/dist/cliproxy/executor/claude-launcher.d.ts.map +1 -1
- package/dist/cliproxy/executor/claude-launcher.js +15 -6
- package/dist/cliproxy/executor/claude-launcher.js.map +1 -1
- package/dist/commands/config-command-options.d.ts.map +1 -1
- package/dist/commands/config-command-options.js +4 -2
- package/dist/commands/config-command-options.js.map +1 -1
- package/dist/commands/config-command.js +1 -1
- package/dist/commands/config-command.js.map +1 -1
- package/dist/commands/config-dashboard-host.d.ts +1 -0
- package/dist/commands/config-dashboard-host.d.ts.map +1 -1
- package/dist/commands/config-dashboard-host.js +2 -1
- package/dist/commands/config-dashboard-host.js.map +1 -1
- package/dist/dispatcher/flows/settings-flow.d.ts.map +1 -1
- package/dist/dispatcher/flows/settings-flow.js +17 -10
- package/dist/dispatcher/flows/settings-flow.js.map +1 -1
- package/dist/ui/assets/{accounts-CW9bbE4S.js → accounts-D_ROBWJW.js} +1 -1
- package/dist/ui/assets/{alert-dialog-ClPYGzV3.js → alert-dialog-CdBSeTf8.js} +1 -1
- package/dist/ui/assets/{api-BjpAFHdA.js → api-DZp9XoZ3.js} +1 -1
- package/dist/ui/assets/{auth-section-wl4-fzwD.js → auth-section-CBHPWh8P.js} +1 -1
- package/dist/ui/assets/{backups-section-CRfyOhtX.js → backups-section-BEfeEYNu.js} +1 -1
- package/dist/ui/assets/{channels-DH0HkSGX.js → channels-yd4p8uGF.js} +1 -1
- package/dist/ui/assets/{checkbox-CTpEjpTH.js → checkbox-O4MS4m31.js} +1 -1
- package/dist/ui/assets/{claude-extension-BQOBO5Au.js → claude-extension-RX6pi5Dq.js} +1 -1
- package/dist/ui/assets/{cliproxy-qUbiZjec.js → cliproxy-CCPBZ2hk.js} +3 -2
- package/dist/ui/assets/{cliproxy-ai-providers-DoUPKyI5.js → cliproxy-ai-providers-CFaY0exX.js} +1 -1
- package/dist/ui/assets/{cliproxy-control-panel-CvjXdHw9.js → cliproxy-control-panel-Co84wmaz.js} +1 -1
- package/dist/ui/assets/{codex-BeeazJpw.js → codex-BndwF_Uy.js} +2 -2
- package/dist/ui/assets/{confirm-dialog-CYj_LLWN.js → confirm-dialog-CuqXEw3c.js} +1 -1
- package/dist/ui/assets/{copilot-ZCJeM_Zk.js → copilot-DwVnqcwy.js} +1 -1
- package/dist/ui/assets/{cursor-CtBjQ1_j.js → cursor-DMk7oeR8.js} +1 -1
- package/dist/ui/assets/{droid-BLmzMBtN.js → droid-BNzpeb07.js} +1 -1
- package/dist/ui/assets/{globalenv-section-0ENDeVbM.js → globalenv-section-BDlzpym6.js} +1 -1
- package/dist/ui/assets/{health-BEnDHk-j.js → health-BQ7Tv1rQ.js} +1 -1
- package/dist/ui/assets/{index-C04Kst21.js → index-B5Fvdc9D.js} +1 -1
- package/dist/ui/assets/{index-Cip18A41.js → index-BQO1Car5.js} +1 -1
- package/dist/ui/assets/index-C-pkmHvH.css +1 -0
- package/dist/ui/assets/{index-DrCrZ7r1.js → index-C1oiTZ4n.js} +1 -1
- package/dist/ui/assets/{index-Bs28kNJN.js → index-CHRUhYJD.js} +22 -22
- package/dist/ui/assets/{index-ClMz157R.js → index-DTFmb_cl.js} +1 -1
- package/dist/ui/assets/{index-B3xma6R0.js → index-DgTEmJwC.js} +1 -1
- package/dist/ui/assets/{index-O9Qq-UJq.js → index-dIME7UaU.js} +1 -1
- package/dist/ui/assets/{logs-DQxVdsHm.js → logs-BTE4BziS.js} +1 -1
- package/dist/ui/assets/{masked-input-eN6tFUjN.js → masked-input-FdlUBXx1.js} +1 -1
- package/dist/ui/assets/{proxy-status-widget-50UIM6S8.js → proxy-status-widget-BHCYqiYU.js} +1 -1
- package/dist/ui/assets/raw-json-settings-editor-panel-BWEzkHEh.js +1 -0
- package/dist/ui/assets/{searchable-select-JO0gngYE.js → searchable-select-DuJbJ_tt.js} +1 -1
- package/dist/ui/assets/{separator-AoncAA6l.js → separator-ohkxsfxk.js} +1 -1
- package/dist/ui/assets/{shared-BTv96-3y.js → shared-1ZnvRlC8.js} +1 -1
- package/dist/ui/assets/{table-BM_YK49c.js → table-BXnQYMP2.js} +1 -1
- package/dist/ui/assets/{updates-eo4H4NOg.js → updates-Cp9b84A6.js} +1 -1
- package/dist/ui/assets/{use-accounts-ELLatpzU.js → use-accounts-C88lVWLw.js} +1 -1
- package/dist/ui/index.html +2 -2
- package/dist/utils/browser/claude-tool-args.d.ts.map +1 -1
- package/dist/utils/browser/claude-tool-args.js +4 -0
- package/dist/utils/browser/claude-tool-args.js.map +1 -1
- package/dist/utils/claude-subcommand-detector.d.ts +43 -0
- package/dist/utils/claude-subcommand-detector.d.ts.map +1 -0
- package/dist/utils/claude-subcommand-detector.js +146 -0
- package/dist/utils/claude-subcommand-detector.js.map +1 -0
- package/dist/utils/image-analysis/claude-tool-args.d.ts.map +1 -1
- package/dist/utils/image-analysis/claude-tool-args.js +4 -0
- package/dist/utils/image-analysis/claude-tool-args.js.map +1 -1
- package/dist/utils/shell-executor.d.ts.map +1 -1
- package/dist/utils/shell-executor.js +9 -1
- package/dist/utils/shell-executor.js.map +1 -1
- package/dist/utils/websearch/claude-tool-args.d.ts.map +1 -1
- package/dist/utils/websearch/claude-tool-args.js +5 -0
- package/dist/utils/websearch/claude-tool-args.js.map +1 -1
- package/dist/web-server/index.d.ts.map +1 -1
- package/dist/web-server/index.js +80 -20
- package/dist/web-server/index.js.map +1 -1
- package/dist/web-server/middleware/auth-middleware.d.ts +5 -0
- package/dist/web-server/middleware/auth-middleware.d.ts.map +1 -1
- package/dist/web-server/middleware/auth-middleware.js +73 -1
- package/dist/web-server/middleware/auth-middleware.js.map +1 -1
- package/dist/web-server/routes/cliproxy-auth-routes.d.ts.map +1 -1
- package/dist/web-server/routes/cliproxy-auth-routes.js +30 -3
- package/dist/web-server/routes/cliproxy-auth-routes.js.map +1 -1
- package/dist/web-server/routes/codex-routes.d.ts.map +1 -1
- package/dist/web-server/routes/codex-routes.js +7 -0
- package/dist/web-server/routes/codex-routes.js.map +1 -1
- package/lib/mcp/ccs-browser-server.cjs +153 -6
- package/package.json +1 -1
- package/dist/ui/assets/index-D2_yb3d2.css +0 -1
- package/dist/ui/assets/raw-json-settings-editor-panel-DqKmVWL-.js +0 -1
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Claude subcommand detection.
|
|
4
|
+
*
|
|
5
|
+
* Claude Code's CLI accepts both an interactive session form (`claude [prompt]`,
|
|
6
|
+
* possibly with `--print`) and explicit subcommands (`claude agents`,
|
|
7
|
+
* `claude doctor`, `claude mcp`, ...). Subcommand parsers reject most top-level
|
|
8
|
+
* session flags — e.g. `claude agents --append-system-prompt foo` exits with
|
|
9
|
+
* `error: unknown option '--append-system-prompt'`.
|
|
10
|
+
*
|
|
11
|
+
* CCS injects WebSearch / image-analysis / browser steering args
|
|
12
|
+
* (`--append-system-prompt`, `--disallowedTools`) for interactive sessions.
|
|
13
|
+
* Those flags must be skipped when the user is actually invoking a Claude
|
|
14
|
+
* subcommand, otherwise the subcommand fails or falls back to non-interactive
|
|
15
|
+
* mode (e.g. `claude agents` printing the list instead of opening the agent
|
|
16
|
+
* view — see issue #1218).
|
|
17
|
+
*
|
|
18
|
+
* Detection walks args left-to-right, skipping known value-taking top-level
|
|
19
|
+
* flags, and reports whether the first positional token matches a known
|
|
20
|
+
* Claude subcommand.
|
|
21
|
+
*/
|
|
22
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
23
|
+
exports.stripSubcommandBlockingEnv = exports.isClaudeSubcommandInvocation = void 0;
|
|
24
|
+
/**
|
|
25
|
+
* Known Claude CLI subcommands. Sourced from `claude --help` (v2.1.139).
|
|
26
|
+
* Keep in sync with upstream — additions are safe (over-skipping injection
|
|
27
|
+
* for an unknown command is acceptable; under-skipping is the bug).
|
|
28
|
+
*/
|
|
29
|
+
const CLAUDE_SUBCOMMANDS = new Set([
|
|
30
|
+
'agents',
|
|
31
|
+
'auth',
|
|
32
|
+
'auto-mode',
|
|
33
|
+
'doctor',
|
|
34
|
+
'install',
|
|
35
|
+
'mcp',
|
|
36
|
+
'plugin',
|
|
37
|
+
'plugins',
|
|
38
|
+
'project',
|
|
39
|
+
'setup-token',
|
|
40
|
+
'ultrareview',
|
|
41
|
+
'update',
|
|
42
|
+
'upgrade',
|
|
43
|
+
]);
|
|
44
|
+
/**
|
|
45
|
+
* Top-level Claude flags that consume the next argv token as their value.
|
|
46
|
+
* Used so the detector doesn't mistake a flag value (e.g. `--name auth`) for
|
|
47
|
+
* a subcommand. Boolean flags are intentionally absent.
|
|
48
|
+
*
|
|
49
|
+
* Variadic flags (`--add-dir`, `--mcp-config`, etc.) only consume their
|
|
50
|
+
* immediate next token here; Commander.js' real variadic parsing isn't worth
|
|
51
|
+
* replicating since the goal is just to skip past one obvious value safely.
|
|
52
|
+
*/
|
|
53
|
+
const VALUE_TAKING_FLAGS = new Set([
|
|
54
|
+
'--add-dir',
|
|
55
|
+
'--agent',
|
|
56
|
+
'--agents',
|
|
57
|
+
'--allowedTools',
|
|
58
|
+
'--allowed-tools',
|
|
59
|
+
'--append-system-prompt',
|
|
60
|
+
'--betas',
|
|
61
|
+
'--channels',
|
|
62
|
+
'--debug-file',
|
|
63
|
+
'--disallowedTools',
|
|
64
|
+
'--disallowed-tools',
|
|
65
|
+
'--effort',
|
|
66
|
+
'--fallback-model',
|
|
67
|
+
'--file',
|
|
68
|
+
'--input-format',
|
|
69
|
+
'--json-schema',
|
|
70
|
+
'--max-budget-usd',
|
|
71
|
+
'--mcp-config',
|
|
72
|
+
'--model',
|
|
73
|
+
'--name',
|
|
74
|
+
'-n',
|
|
75
|
+
'--output-format',
|
|
76
|
+
'--permission-mode',
|
|
77
|
+
'--plugin-dir',
|
|
78
|
+
'--plugin-url',
|
|
79
|
+
'--remote-control-session-name-prefix',
|
|
80
|
+
'--session-id',
|
|
81
|
+
'--setting-sources',
|
|
82
|
+
'--settings',
|
|
83
|
+
'--system-prompt',
|
|
84
|
+
'--tools',
|
|
85
|
+
]);
|
|
86
|
+
/**
|
|
87
|
+
* Returns true when `args` look like a Claude subcommand invocation.
|
|
88
|
+
*
|
|
89
|
+
* Heuristic:
|
|
90
|
+
* 1. Walk args until the `--` terminator or end.
|
|
91
|
+
* 2. Skip known value-taking flags together with their next token.
|
|
92
|
+
* 3. Skip unknown `--flag=value` forms and bare `--flag` / `-x` tokens.
|
|
93
|
+
* 4. The first remaining positional token is the candidate.
|
|
94
|
+
* 5. Match against CLAUDE_SUBCOMMANDS.
|
|
95
|
+
*
|
|
96
|
+
* Anything after the candidate is irrelevant — once a subcommand is in play,
|
|
97
|
+
* the rest of the line belongs to that subcommand.
|
|
98
|
+
*/
|
|
99
|
+
function isClaudeSubcommandInvocation(args) {
|
|
100
|
+
for (let i = 0; i < args.length; i += 1) {
|
|
101
|
+
const arg = args[i];
|
|
102
|
+
if (arg === '--')
|
|
103
|
+
return false;
|
|
104
|
+
if (arg.startsWith('-')) {
|
|
105
|
+
if (VALUE_TAKING_FLAGS.has(arg)) {
|
|
106
|
+
// Skip the next token as the flag's value (when present and not another flag).
|
|
107
|
+
const next = args[i + 1];
|
|
108
|
+
if (next !== undefined && !next.startsWith('-')) {
|
|
109
|
+
i += 1;
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
// `--flag=value`, bare boolean flags, and unknown short/long flags fall through.
|
|
113
|
+
continue;
|
|
114
|
+
}
|
|
115
|
+
return CLAUDE_SUBCOMMANDS.has(arg);
|
|
116
|
+
}
|
|
117
|
+
return false;
|
|
118
|
+
}
|
|
119
|
+
exports.isClaudeSubcommandInvocation = isClaudeSubcommandInvocation;
|
|
120
|
+
/**
|
|
121
|
+
* Claude env vars that disable interactive subcommand TUIs (e.g. the new
|
|
122
|
+
* `claude agents` agent view) when set. CCS injects these as defaults to
|
|
123
|
+
* silence telemetry/bug-report prompts in normal sessions, but they trip
|
|
124
|
+
* subcommands into non-interactive list mode. Issue #1218.
|
|
125
|
+
*
|
|
126
|
+
* Strip only for confirmed Claude subcommand invocations — keep the user's
|
|
127
|
+
* telemetry preference intact for everything else.
|
|
128
|
+
*/
|
|
129
|
+
const SUBCOMMAND_BLOCKING_ENV_KEYS = ['DISABLE_TELEMETRY'];
|
|
130
|
+
/**
|
|
131
|
+
* Return a shallow copy of `env` with subcommand-blocking telemetry vars
|
|
132
|
+
* removed. Caller is responsible for only invoking this when args are a
|
|
133
|
+
* Claude subcommand invocation.
|
|
134
|
+
*/
|
|
135
|
+
function stripSubcommandBlockingEnv(env) {
|
|
136
|
+
const out = {};
|
|
137
|
+
for (const [key, value] of Object.entries(env)) {
|
|
138
|
+
if (SUBCOMMAND_BLOCKING_ENV_KEYS.includes(key)) {
|
|
139
|
+
continue;
|
|
140
|
+
}
|
|
141
|
+
out[key] = value;
|
|
142
|
+
}
|
|
143
|
+
return out;
|
|
144
|
+
}
|
|
145
|
+
exports.stripSubcommandBlockingEnv = stripSubcommandBlockingEnv;
|
|
146
|
+
//# sourceMappingURL=claude-subcommand-detector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"claude-subcommand-detector.js","sourceRoot":"","sources":["../../src/utils/claude-subcommand-detector.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;AAEH;;;;GAIG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IACzC,QAAQ;IACR,MAAM;IACN,WAAW;IACX,QAAQ;IACR,SAAS;IACT,KAAK;IACL,QAAQ;IACR,SAAS;IACT,SAAS;IACT,aAAa;IACb,aAAa;IACb,QAAQ;IACR,SAAS;CACV,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IACzC,WAAW;IACX,SAAS;IACT,UAAU;IACV,gBAAgB;IAChB,iBAAiB;IACjB,wBAAwB;IACxB,SAAS;IACT,YAAY;IACZ,cAAc;IACd,mBAAmB;IACnB,oBAAoB;IACpB,UAAU;IACV,kBAAkB;IAClB,QAAQ;IACR,gBAAgB;IAChB,eAAe;IACf,kBAAkB;IAClB,cAAc;IACd,SAAS;IACT,QAAQ;IACR,IAAI;IACJ,iBAAiB;IACjB,mBAAmB;IACnB,cAAc;IACd,cAAc;IACd,sCAAsC;IACtC,cAAc;IACd,mBAAmB;IACnB,YAAY;IACZ,iBAAiB;IACjB,SAAS;CACV,CAAC,CAAC;AAEH;;;;;;;;;;;;GAYG;AACH,SAAgB,4BAA4B,CAAC,IAAuB;IAClE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QAE/B,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChC,+EAA+E;gBAC/E,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACzB,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChD,CAAC,IAAI,CAAC,CAAC;gBACT,CAAC;YACH,CAAC;YACD,iFAAiF;YACjF,SAAS;QACX,CAAC;QAED,OAAO,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AArBD,oEAqBC;AAED;;;;;;;;GAQG;AACH,MAAM,4BAA4B,GAAG,CAAC,mBAAmB,CAAU,CAAC;AAEpE;;;;GAIG;AACH,SAAgB,0BAA0B,CAAC,GAAsB;IAC/D,MAAM,GAAG,GAAsB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IACE,4BAA4B,CAAC,QAAQ,CAAC,GAAoD,CAAC,EAC3F,CAAC;YACD,SAAS;QACX,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACnB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAXD,gEAWC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-tool-args.d.ts","sourceRoot":"","sources":["../../../src/utils/image-analysis/claude-tool-args.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"claude-tool-args.d.ts","sourceRoot":"","sources":["../../../src/utils/image-analysis/claude-tool-args.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA2CH,wBAAgB,qCAAqC,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAI9E;AAED,wBAAgB,8BAA8B,IAAI,MAAM,CAEvD"}
|
|
@@ -9,6 +9,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
9
9
|
exports.getImageAnalysisSteeringPrompt = exports.appendThirdPartyImageAnalysisToolArgs = void 0;
|
|
10
10
|
const claude_tool_args_1 = require("../claude-tool-args");
|
|
11
11
|
const prompt_injection_strategy_1 = require("../prompt-injection-strategy");
|
|
12
|
+
const claude_subcommand_detector_1 = require("../claude-subcommand-detector");
|
|
12
13
|
const IMAGE_ANALYSIS_STEERING_PROMPT = {
|
|
13
14
|
name: 'ccs-prompt-image-analysis-tool',
|
|
14
15
|
content: 'For local image or PDF files, prefer the CCS MCP tool ImageAnalysis instead of Read. Use Read for text, code, and other plain files. If the user asks a specific question about the visual, pass that question as the focus field when useful. If ImageAnalysis is unavailable or fails, you may fall back to Read.',
|
|
@@ -29,6 +30,9 @@ function ensureImageAnalysisSteeringPrompt(args) {
|
|
|
29
30
|
return [...optionArgs, ...steeringArg, ...trailingArgs];
|
|
30
31
|
}
|
|
31
32
|
function appendThirdPartyImageAnalysisToolArgs(args) {
|
|
33
|
+
// Subcommands reject session-only prompt flags. Issue #1218.
|
|
34
|
+
if ((0, claude_subcommand_detector_1.isClaudeSubcommandInvocation)(args))
|
|
35
|
+
return args;
|
|
32
36
|
return ensureImageAnalysisSteeringPrompt(args);
|
|
33
37
|
}
|
|
34
38
|
exports.appendThirdPartyImageAnalysisToolArgs = appendThirdPartyImageAnalysisToolArgs;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-tool-args.js","sourceRoot":"","sources":["../../../src/utils/image-analysis/claude-tool-args.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,0DAG6B;AAC7B,4EAIsC;
|
|
1
|
+
{"version":3,"file":"claude-tool-args.js","sourceRoot":"","sources":["../../../src/utils/image-analysis/claude-tool-args.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,0DAG6B;AAC7B,4EAIsC;AACtC,8EAA6E;AAE7E,MAAM,8BAA8B,GAAG;IACrC,IAAI,EAAE,gCAAgC;IACtC,OAAO,EACL,qTAAqT;CACxT,CAAC;AAEF,SAAS,iCAAiC,CAAC,IAAc;IACvD,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,IAAA,wCAA2B,EAAC,IAAI,CAAC,CAAC;IAEvE,IACE,IAAA,oCAAuB,EAAC,UAAU,EAAE,8CAAkB,EAAE,8BAA8B,CAAC,OAAO,CAAC,EAC/F,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IACE,IAAA,mDAAuB,EAAC,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,8BAA8B,CAAC,IAAI,EAAE,CAAC,EAC9F,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAA,4CAAgB,EAAC;QACnC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,8BAA8B,CAAC,IAAI;QAC/C,aAAa,EAAE,8BAA8B,CAAC,OAAO;KACtD,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,UAAU,EAAE,GAAG,WAAW,EAAE,GAAG,YAAY,CAAC,CAAC;AAC1D,CAAC;AAED,SAAgB,qCAAqC,CAAC,IAAc;IAClE,6DAA6D;IAC7D,IAAI,IAAA,yDAA4B,EAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,iCAAiC,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC;AAJD,sFAIC;AAED,SAAgB,8BAA8B;IAC5C,OAAO,8BAA8B,CAAC,OAAO,CAAC;AAChD,CAAC;AAFD,wEAEC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shell-executor.d.ts","sourceRoot":"","sources":["../../src/utils/shell-executor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;;;;AAEH,OAAO,EAAkC,KAAK,YAAY,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"shell-executor.d.ts","sourceRoot":"","sources":["../../src/utils/shell-executor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;;;;AAEH,OAAO,EAAkC,KAAK,YAAY,EAAE,MAAM,eAAe,CAAC;AAYlF;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAQ3E;AAyBD;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,CAAC,UAAU,EACtB,YAAY,CAAC,EAAE,MAAM,CAAC,UAAU,GAC/B,MAAM,CAAC,UAAU,CAkBnB;AA4BD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAQzE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAQ5E;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAW9E;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,IAAI,MAAM,CAAC,UAAU,CAU/D;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAqBlD;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,IAAI,YAAY,CAAC,OAAO,CAAC,CAMrE;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE,MAAM,CAAC,UAAU,GAAG,IAAW,EACxC,aAAa,CAAC,EAAE,MAAM,IAAI,GACzB,IAAI,CAmHN"}
|
|
@@ -13,6 +13,7 @@ const child_process_1 = require("child_process");
|
|
|
13
13
|
const error_manager_1 = require("./error-manager");
|
|
14
14
|
const websearch_manager_1 = require("./websearch-manager");
|
|
15
15
|
const signal_forwarder_1 = require("./signal-forwarder");
|
|
16
|
+
const claude_subcommand_detector_1 = require("./claude-subcommand-detector");
|
|
16
17
|
const shared_manager_1 = __importDefault(require("../management/shared-manager"));
|
|
17
18
|
const config_loader_facade_1 = require("../config/config-loader-facade");
|
|
18
19
|
/**
|
|
@@ -247,7 +248,14 @@ function execClaude(claudeCli, args, envVars = null, onExitCleanup) {
|
|
|
247
248
|
: mergedEnv;
|
|
248
249
|
// Strip Claude Code nested session guard env var to allow CCS delegation
|
|
249
250
|
// (Claude Code v2.1.39+ sets CLAUDECODE to detect nested sessions)
|
|
250
|
-
|
|
251
|
+
let env = stripClaudeCodeEnv(effectiveMergedEnv);
|
|
252
|
+
// For Claude subcommand invocations (`agents`, `mcp`, `doctor`, ...) strip
|
|
253
|
+
// telemetry-disable env vars that cause upstream Claude Code to fall back
|
|
254
|
+
// to non-interactive list mode instead of opening the subcommand TUI.
|
|
255
|
+
// Issue #1218.
|
|
256
|
+
if ((0, claude_subcommand_detector_1.isClaudeSubcommandInvocation)(args)) {
|
|
257
|
+
env = (0, claude_subcommand_detector_1.stripSubcommandBlockingEnv)(env);
|
|
258
|
+
}
|
|
251
259
|
if (profileType !== 'account') {
|
|
252
260
|
try {
|
|
253
261
|
new shared_manager_1.default().normalizeSharedPluginMetadataPathsLocked(env.CLAUDE_CONFIG_DIR);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shell-executor.js","sourceRoot":"","sources":["../../src/utils/shell-executor.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;AAEH,iDAAkF;AAClF,mDAA+C;AAC/C,2DAA0D;AAC1D,yDAA6D;
|
|
1
|
+
{"version":3,"file":"shell-executor.js","sourceRoot":"","sources":["../../src/utils/shell-executor.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;AAEH,iDAAkF;AAClF,mDAA+C;AAC/C,2DAA0D;AAC1D,yDAA6D;AAC7D,6EAGsC;AAEtC,kFAAyD;AACzD,yEAA2E;AAE3E;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,GAAsB;IACtD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AARD,8CAQC;AAED,MAAM,0BAA0B,GAAG;IACjC,oBAAoB;IACpB,sBAAsB;IACtB,mBAAmB;CACpB,CAAC;AACF,MAAM,6BAA6B,GAAG,IAAI,GAAG,CAAC,0BAA0B,CAAC,CAAC;AAC1E,MAAM,wBAAwB,GAAG;IAC/B,iBAAiB;IACjB,8BAA8B;IAC9B,gCAAgC;IAChC,+BAA+B;IAC/B,4BAA4B;CAC7B,CAAC;AACF,MAAM,kBAAkB,GAAG;IACzB,mBAAmB;IACnB,kBAAkB;IAClB,oBAAoB;IACpB,mCAAmC;IACnC,+BAA+B;IAC/B,GAAG,wBAAwB;IAC3B,GAAG,0BAA0B;CAC9B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,SAAgB,wBAAwB,CACtC,GAAsB,EACtB,YAAgC;IAEhC,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC1D,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,MAAM,GAAG,IAAI,0BAA0B,EAAE,CAAC;YAC7C,IACE,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC;gBACvD,YAAY,CAAC,GAAG,CAAC,KAAK,SAAS,EAC/B,CAAC;gBACD,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AArBD,4DAqBC;AAED,SAAS,wBAAwB,CAAC,GAAsB,EAAE,WAA+B;IACvF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IAED,MAAM,gBAAgB,GACpB,WAAW,KAAK,SAAS,IAAI,WAAW,KAAK,SAAS;QACpD,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC;QACxB,CAAC,CAAC,WAAW,KAAK,UAAU;YAC1B,CAAC,CAAC,wBAAwB,CAAC,GAAG,CAAC;YAC/B,CAAC,CAAC,GAAG,CAAC;IAEZ,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,IAAA,yBAAS,EAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YACjE,CAAC;iBAAM,CAAC;gBACN,IAAA,yBAAS,EAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gEAAgE;QAClE,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,GAAsB;IACpD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAClD,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AARD,0CAQC;AAED;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,GAAsB;IACvD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,YAAY,EAAE,CAAC;YACvC,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AARD,gDAQC;AAED;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,GAAsB;IACzD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,sBAAsB,EAAE,iBAAiB,CAAC,CAAC,CAAC;IACrF,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAXD,oDAWC;AAED;;;GAGG;AACH,SAAgB,2BAA2B;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,gDAAyB,GAAE,CAAC;QAC3C,IAAI,MAAM,CAAC,WAAW,EAAE,WAAW,KAAK,KAAK,EAAE,CAAC;YAC9C,OAAO,EAAE,mBAAmB,EAAE,GAAG,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAVD,kEAUC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,GAAW;IACxC,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;IAE/C,IAAI,SAAS,EAAE,CAAC;QACd,0EAA0E;QAC1E,qEAAqE;QACrE,qDAAqD;QACrD,OAAO,CACL,GAAG;YACH,MAAM,CAAC,GAAG,CAAC;iBACR,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,mCAAmC;iBAC7D,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,uBAAuB;iBAC3C,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,gBAAgB;iBACrC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,+CAA+C;iBACpE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,gBAAgB;YACzC,GAAG,CACJ,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,sDAAsD;QACtD,OAAO,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC;IACtD,CAAC;AACH,CAAC;AArBD,wCAqBC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B;IAC3C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC;AACjE,CAAC;AAND,sEAMC;AAED;;GAEG;AACH,SAAgB,UAAU,CACxB,SAAiB,EACjB,IAAc,EACd,UAAoC,IAAI,EACxC,aAA0B;IAE1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;IAC/C,MAAM,kBAAkB,GAAG,SAAS,IAAI,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,SAAS,IAAI,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEhE,qCAAqC;IACrC,MAAM,YAAY,GAAG,IAAA,uCAAmB,GAAE,CAAC;IAC3C,MAAM,eAAe,GAAG,2BAA2B,EAAE,CAAC;IAEtD,+EAA+E;IAC/E,0EAA0E;IAC1E,8EAA8E;IAC9E,2EAA2E;IAC3E,wDAAwD;IACxD,MAAM,WAAW,GAAG,OAAO,EAAE,gBAAgB,CAAC;IAC9C,MAAM,0BAA0B,GAAG,WAAW,KAAK,SAAS,IAAI,WAAW,KAAK,SAAS,CAAC;IAC1F,MAAM,iCAAiC,GAAG,OAAO,EAAE,iCAAiC,KAAK,GAAG,CAAC;IAC7F,MAAM,YAAY,GAAG,0BAA0B;QAC7C,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;QAChC,CAAC,CAAC,iCAAiC;YACjC,CAAC,CAAC,wBAAwB,CAAC,OAAO,CAAC,GAAG,CAAC;YACvC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAClB,MAAM,OAAO,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAE9C,gEAAgE;IAChE,MAAM,SAAS,GAAG,OAAO;QACvB,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,eAAe,EAAE,GAAG,OAAO,EAAE,GAAG,YAAY,EAAE;QACjE,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,eAAe,EAAE,GAAG,YAAY,EAAE,CAAC;IACxD,MAAM,kBAAkB,GAAG,iCAAiC;QAC1D,CAAC,CAAC,wBAAwB,CAAC,SAAS,EAAE,OAAO,IAAI,SAAS,CAAC;QAC3D,CAAC,CAAC,SAAS,CAAC;IAEd,yEAAyE;IACzE,mEAAmE;IACnE,IAAI,GAAG,GAAG,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;IAEjD,2EAA2E;IAC3E,0EAA0E;IAC1E,sEAAsE;IACtE,eAAe;IACf,IAAI,IAAA,yDAA4B,EAAC,IAAI,CAAC,EAAE,CAAC;QACvC,GAAG,GAAG,IAAA,uDAA0B,EAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,IAAI,wBAAa,EAAE,CAAC,wCAAwC,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACtF,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;QAChE,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,4DAA4D;IAC5D,wBAAwB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAE3C,IAAI,KAAmB,CAAC;IACxB,IAAI,kBAAkB,EAAE,CAAC;QACvB,KAAK,GAAG,IAAA,qBAAK,EACX,gBAAgB,EAChB,CAAC,YAAY,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,EACzE;YACE,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,IAAI;YACjB,GAAG;SACJ,CACF,CAAC;IACJ,CAAC;SAAM,IAAI,UAAU,EAAE,CAAC;QACtB,sEAAsE;QACtE,MAAM,SAAS,GAAG,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrE,KAAK,GAAG,IAAA,qBAAK,EAAC,SAAS,EAAE;YACvB,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,6BAA6B,EAAE;YACtC,GAAG;SACJ,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,mEAAmE;QACnE,KAAK,GAAG,IAAA,qBAAK,EAAC,SAAS,EAAE,IAAI,EAAE;YAC7B,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,IAAI;YACjB,GAAG;SACJ,CAAC,CAAC;IACL,CAAC;IAED,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,MAAM,cAAc,GAAG,GAAS,EAAE;QAChC,IAAI,SAAS,EAAE,CAAC;YACd,OAAO;QACT,CAAC;QACD,SAAS,GAAG,IAAI,CAAC;QACjB,aAAa,EAAE,EAAE,CAAC;IACpB,CAAC,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAEpC,IAAA,0CAAuB,EAAC,KAAK,EAAE,KAAK,EAAE,GAA0B,EAAE,EAAE;QAClE,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,qCAAqC,SAAS,EAAE,CAAC,CAAC;YAChE,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,OAAO,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;gBACzF,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACnE,CAAC;iBAAM,IAAI,UAAU,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;gBAChF,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACN,MAAM,4BAAY,CAAC,kBAAkB,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mCAAmC,SAAS,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAxHD,gCAwHC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-tool-args.d.ts","sourceRoot":"","sources":["../../../src/utils/websearch/claude-tool-args.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"claude-tool-args.d.ts","sourceRoot":"","sources":["../../../src/utils/websearch/claude-tool-args.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAgBH,eAAO,MAAM,qCAAqC;;;CAIjD,CAAC;AAgHF,wBAAgB,iCAAiC,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAK1E"}
|
|
@@ -9,6 +9,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
9
9
|
exports.appendThirdPartyWebSearchToolArgs = exports.THIRD_PARTY_WEBSEARCH_STEERING_PROMPT = void 0;
|
|
10
10
|
const claude_tool_args_1 = require("../claude-tool-args");
|
|
11
11
|
const prompt_injection_strategy_1 = require("../prompt-injection-strategy");
|
|
12
|
+
const claude_subcommand_detector_1 = require("../claude-subcommand-detector");
|
|
12
13
|
const NATIVE_WEBSEARCH_TOOL = 'WebSearch';
|
|
13
14
|
const DISALLOWED_TOOLS_FLAG = '--disallowedTools';
|
|
14
15
|
exports.THIRD_PARTY_WEBSEARCH_STEERING_PROMPT = {
|
|
@@ -96,6 +97,10 @@ function ensureWebSearchSteeringPrompt(args) {
|
|
|
96
97
|
return [...optionArgs, ...steeringArgs, ...trailingArgs];
|
|
97
98
|
}
|
|
98
99
|
function appendThirdPartyWebSearchToolArgs(args) {
|
|
100
|
+
// Claude subcommands (agents, doctor, mcp, ...) reject top-level session flags
|
|
101
|
+
// like `--append-system-prompt` and `--disallowedTools`. Issue #1218.
|
|
102
|
+
if ((0, claude_subcommand_detector_1.isClaudeSubcommandInvocation)(args))
|
|
103
|
+
return args;
|
|
99
104
|
return ensureWebSearchSteeringPrompt(ensureDisallowedNativeWebSearchTool(args));
|
|
100
105
|
}
|
|
101
106
|
exports.appendThirdPartyWebSearchToolArgs = appendThirdPartyWebSearchToolArgs;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-tool-args.js","sourceRoot":"","sources":["../../../src/utils/websearch/claude-tool-args.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,0DAI6B;AAC7B,4EAIsC;
|
|
1
|
+
{"version":3,"file":"claude-tool-args.js","sourceRoot":"","sources":["../../../src/utils/websearch/claude-tool-args.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,0DAI6B;AAC7B,4EAIsC;AACtC,8EAA6E;AAE7E,MAAM,qBAAqB,GAAG,WAAW,CAAC;AAC1C,MAAM,qBAAqB,GAAG,mBAAmB,CAAC;AACrC,QAAA,qCAAqC,GAAG;IACnD,IAAI,EAAE,2BAA2B;IACjC,OAAO,EACL,kPAAkP;CACrP,CAAC;AAEF,SAAS,cAAc,CAAC,QAAgB;IACtC,OAAO,QAAQ;SACZ,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,SAAmB,EAAE,QAAgB;IAC5D,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,IAAc,EAAE,IAAY,EAAE,QAAgB;IACnE,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAExB,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,IAAA,wCAAqB,EAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACjD,IAAI,KAAK,IAAI,cAAc,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC5C,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,mCAAmC,CAAC,IAAc;IACzD,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,IAAA,wCAA2B,EAAC,IAAI,CAAC,CAAC;IAEvE,IAAI,aAAa,CAAC,UAAU,EAAE,qBAAqB,EAAE,qBAAqB,CAAC,EAAE,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAE9B,IAAI,GAAG,KAAK,qBAAqB,EAAE,CAAC;YAClC,MAAM,YAAY,GAAG,IAAA,wCAAqB,EAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAC9D,MAAM,WAAW,GAAG,eAAe,CACjC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,EAClC,qBAAqB,CACtB,CAAC;YAEF,OAAO;gBACL,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC;gBACjC,WAAW;gBACX,GAAG,UAAU,CAAC,KAAK,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;gBAClE,GAAG,YAAY;aAChB,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,qBAAqB,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC7D,OAAO;gBACL,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC;gBAC7B,GAAG,qBAAqB,IAAI,eAAe,CAAC,CAAC,QAAQ,CAAC,EAAE,qBAAqB,CAAC,EAAE;gBAChF,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;gBAC9B,GAAG,YAAY;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,UAAU,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,GAAG,YAAY,CAAC,CAAC;AACxF,CAAC;AAED,SAAS,6BAA6B,CAAC,IAAc;IACnD,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,IAAA,wCAA2B,EAAC,IAAI,CAAC,CAAC;IAEvE,IACE,IAAA,oCAAuB,EACrB,UAAU,EACV,8CAAkB,EAClB,6CAAqC,CAAC,OAAO,CAC9C,EACD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IACE,IAAA,mDAAuB,EAAC;QACtB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,6CAAqC,CAAC,IAAI;KACvD,CAAC,EACF,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,4CAAgB,EAAC;QACpC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,6CAAqC,CAAC,IAAI;QACtD,aAAa,EAAE,6CAAqC,CAAC,OAAO;KAC7D,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;AAC3D,CAAC;AAED,SAAgB,iCAAiC,CAAC,IAAc;IAC9D,+EAA+E;IAC/E,sEAAsE;IACtE,IAAI,IAAA,yDAA4B,EAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,6BAA6B,CAAC,mCAAmC,CAAC,IAAI,CAAC,CAAC,CAAC;AAClF,CAAC;AALD,8EAKC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;AAGH,OAAO,IAAI,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;AAGH,OAAO,IAAI,MAAM,MAAM,CAAC;AAGxB,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAC;AAgBrC,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;IACpB,GAAG,EAAE,eAAe,CAAC;IACrB,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB;AAQD;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAyLjF"}
|
package/dist/web-server/index.js
CHANGED
|
@@ -46,6 +46,10 @@ const proxy_target_resolver_1 = require("../cliproxy/proxy/proxy-target-resolver
|
|
|
46
46
|
const sync_1 = require("../cliproxy/sync");
|
|
47
47
|
const aggregator_1 = require("./usage/aggregator");
|
|
48
48
|
const logging_1 = require("../services/logging");
|
|
49
|
+
const config_dashboard_host_1 = require("../commands/config-dashboard-host");
|
|
50
|
+
function getListenHost(options) {
|
|
51
|
+
return options.host || config_dashboard_host_1.DEFAULT_DASHBOARD_HOST;
|
|
52
|
+
}
|
|
49
53
|
const logger = (0, logging_1.createLogger)('web-server');
|
|
50
54
|
/**
|
|
51
55
|
* Start Express server with WebSocket support
|
|
@@ -54,8 +58,7 @@ async function startServer(options) {
|
|
|
54
58
|
const app = (0, express_1.default)();
|
|
55
59
|
const server = http_1.default.createServer(app);
|
|
56
60
|
const wss = new ws_1.WebSocketServer({
|
|
57
|
-
|
|
58
|
-
path: '/ws',
|
|
61
|
+
noServer: true,
|
|
59
62
|
maxPayload: 1024 * 1024, // 1MB hard limit to prevent DoS
|
|
60
63
|
perMessageDeflate: false, // Prevent zip bomb attacks
|
|
61
64
|
});
|
|
@@ -70,7 +73,8 @@ async function startServer(options) {
|
|
|
70
73
|
});
|
|
71
74
|
app.use(request_logging_middleware_1.requestLoggingMiddleware);
|
|
72
75
|
// Session middleware (for dashboard auth)
|
|
73
|
-
|
|
76
|
+
const sessionMiddleware = (0, auth_middleware_1.createSessionMiddleware)();
|
|
77
|
+
app.use(sessionMiddleware);
|
|
74
78
|
// Auth middleware (protects API routes when enabled)
|
|
75
79
|
app.use(auth_middleware_1.authMiddleware);
|
|
76
80
|
// CLIProxy local reverse proxy (avoids cross-origin issues in Docker)
|
|
@@ -111,6 +115,33 @@ async function startServer(options) {
|
|
|
111
115
|
res.sendFile(path_1.default.join(staticDir, 'index.html'));
|
|
112
116
|
});
|
|
113
117
|
}
|
|
118
|
+
server.on('upgrade', (request, socket, head) => {
|
|
119
|
+
const pathname = getUpgradePathname(request.url);
|
|
120
|
+
if (!pathname) {
|
|
121
|
+
rejectWebSocketUpgrade(socket, 400, 'Invalid WebSocket upgrade request');
|
|
122
|
+
return;
|
|
123
|
+
}
|
|
124
|
+
if (pathname !== '/ws') {
|
|
125
|
+
if (!options.dev) {
|
|
126
|
+
rejectWebSocketUpgrade(socket, 404, 'WebSocket endpoint not found');
|
|
127
|
+
}
|
|
128
|
+
return;
|
|
129
|
+
}
|
|
130
|
+
const response = new http_1.default.ServerResponse(request);
|
|
131
|
+
sessionMiddleware(request, response, (error) => {
|
|
132
|
+
if (error) {
|
|
133
|
+
rejectWebSocketUpgrade(socket, 500, 'WebSocket session validation failed');
|
|
134
|
+
return;
|
|
135
|
+
}
|
|
136
|
+
if (!(0, auth_middleware_1.isDashboardWebSocketUpgradeAllowed)(request)) {
|
|
137
|
+
rejectWebSocketUpgrade(socket, (0, auth_middleware_1.getDashboardWebSocketRejectionStatus)(request), 'WebSocket access denied');
|
|
138
|
+
return;
|
|
139
|
+
}
|
|
140
|
+
wss.handleUpgrade(request, socket, head, (ws) => {
|
|
141
|
+
wss.emit('connection', ws, request);
|
|
142
|
+
});
|
|
143
|
+
});
|
|
144
|
+
});
|
|
114
145
|
// WebSocket connection handler + file watcher
|
|
115
146
|
const { cleanup: wsCleanup } = (0, websocket_1.setupWebSocket)(wss);
|
|
116
147
|
// Start auto-sync watcher (if enabled in config)
|
|
@@ -130,11 +161,12 @@ async function startServer(options) {
|
|
|
130
161
|
};
|
|
131
162
|
// Start listening
|
|
132
163
|
return new Promise((resolve, reject) => {
|
|
164
|
+
const listenHost = getListenHost(options);
|
|
133
165
|
const onError = (error) => {
|
|
134
166
|
logger.error('server.listen_failed', 'Dashboard server failed to start', {
|
|
135
167
|
code: error.code || 'unknown',
|
|
136
168
|
message: error.message,
|
|
137
|
-
host:
|
|
169
|
+
host: listenHost,
|
|
138
170
|
port: options.port,
|
|
139
171
|
});
|
|
140
172
|
cleanup();
|
|
@@ -143,8 +175,18 @@ async function startServer(options) {
|
|
|
143
175
|
server.once('error', onError);
|
|
144
176
|
const onListening = () => {
|
|
145
177
|
server.off('error', onError);
|
|
178
|
+
try {
|
|
179
|
+
assertSafeDashboardBind(options, server.address());
|
|
180
|
+
}
|
|
181
|
+
catch (error) {
|
|
182
|
+
cleanup();
|
|
183
|
+
server.close(() => {
|
|
184
|
+
reject(error instanceof Error ? error : new Error(String(error)));
|
|
185
|
+
});
|
|
186
|
+
return;
|
|
187
|
+
}
|
|
146
188
|
logger.info('server.listening', 'Dashboard server listening', {
|
|
147
|
-
host:
|
|
189
|
+
host: listenHost,
|
|
148
190
|
port: options.port,
|
|
149
191
|
dev: Boolean(options.dev),
|
|
150
192
|
});
|
|
@@ -153,11 +195,7 @@ async function startServer(options) {
|
|
|
153
195
|
resolve({ server, wss, cleanup });
|
|
154
196
|
};
|
|
155
197
|
try {
|
|
156
|
-
|
|
157
|
-
server.listen(options.port, options.host, onListening);
|
|
158
|
-
return;
|
|
159
|
-
}
|
|
160
|
-
server.listen(options.port, onListening);
|
|
198
|
+
server.listen(options.port, listenHost, onListening);
|
|
161
199
|
}
|
|
162
200
|
catch (error) {
|
|
163
201
|
server.off('error', onError);
|
|
@@ -167,22 +205,44 @@ async function startServer(options) {
|
|
|
167
205
|
});
|
|
168
206
|
}
|
|
169
207
|
exports.startServer = startServer;
|
|
170
|
-
function
|
|
171
|
-
|
|
172
|
-
return
|
|
208
|
+
function getUpgradePathname(requestUrl) {
|
|
209
|
+
try {
|
|
210
|
+
return new URL(requestUrl ?? '/', 'http://localhost').pathname;
|
|
211
|
+
}
|
|
212
|
+
catch {
|
|
213
|
+
return null;
|
|
173
214
|
}
|
|
215
|
+
}
|
|
216
|
+
function rejectWebSocketUpgrade(socket, statusCode, message) {
|
|
217
|
+
socket.write(`HTTP/1.1 ${statusCode} ${message}\r\n` +
|
|
218
|
+
'Connection: close\r\n' +
|
|
219
|
+
'Content-Type: text/plain; charset=utf-8\r\n' +
|
|
220
|
+
`Content-Length: ${Buffer.byteLength(message)}\r\n` +
|
|
221
|
+
'\r\n' +
|
|
222
|
+
message);
|
|
223
|
+
socket.destroy();
|
|
224
|
+
}
|
|
225
|
+
function assertSafeDashboardBind(options, address) {
|
|
226
|
+
const listenHost = getListenHost(options);
|
|
227
|
+
if (!(0, config_dashboard_host_1.isLoopbackHost)(listenHost) || typeof address === 'string' || !address) {
|
|
228
|
+
return;
|
|
229
|
+
}
|
|
230
|
+
if ((0, config_dashboard_host_1.isLoopbackHost)(address.address)) {
|
|
231
|
+
return;
|
|
232
|
+
}
|
|
233
|
+
throw new Error(`Dashboard host ${listenHost} resolved to non-loopback address ${address.address}; pass --host explicitly to allow network exposure.`);
|
|
234
|
+
}
|
|
235
|
+
function formatListenError(error, options) {
|
|
236
|
+
const listenHost = getListenHost(options);
|
|
174
237
|
if (error.code === 'EADDRINUSE') {
|
|
175
|
-
return `
|
|
238
|
+
return `Unable to bind ${listenHost}:${options.port}; the address may be unavailable or the port may already be in use`;
|
|
176
239
|
}
|
|
177
|
-
if (error.code === 'EADDRNOTAVAIL'
|
|
178
|
-
return `Cannot bind to ${
|
|
240
|
+
if (error.code === 'EADDRNOTAVAIL') {
|
|
241
|
+
return `Cannot bind to ${listenHost}:${options.port} on this machine`;
|
|
179
242
|
}
|
|
180
243
|
if (error.code === 'EACCES') {
|
|
181
244
|
return `Permission denied while binding to port ${options.port}`;
|
|
182
245
|
}
|
|
183
|
-
|
|
184
|
-
return `Cannot bind to ${options.host}:${options.port}: ${error.message}`;
|
|
185
|
-
}
|
|
186
|
-
return error.message;
|
|
246
|
+
return `Cannot bind to ${listenHost}:${options.port}: ${error.message}`;
|
|
187
247
|
}
|
|
188
248
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,sDAA8B;AAC9B,gDAAwB;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/web-server/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,sDAA8B;AAC9B,gDAAwB;AAExB,gDAAwB;AACxB,2BAAqC;AACrC,2CAA6C;AAC7C,kEAKsC;AACtC,wFAAmF;AACnF,4FAA6F;AAC7F,mFAAyE;AACzE,2CAA6E;AAC7E,mDAA6D;AAC7D,iDAAmD;AACnD,6EAA2F;AAe3F,SAAS,aAAa,CAAC,OAAsB;IAC3C,OAAO,OAAO,CAAC,IAAI,IAAI,8CAAsB,CAAC;AAChD,CAAC;AAED,MAAM,MAAM,GAAG,IAAA,sBAAY,EAAC,YAAY,CAAC,CAAC;AAE1C;;GAEG;AACI,KAAK,UAAU,WAAW,CAAC,OAAsB;IACtD,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IACtB,MAAM,MAAM,GAAG,cAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,oBAAe,CAAC;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,IAAI,GAAG,IAAI,EAAE,gCAAgC;QACzD,iBAAiB,EAAE,KAAK,EAAE,2BAA2B;KACtD,CAAC,CAAC;IAEH,0DAA0D;IAC1D,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACxB,GAAG,CAAC,GAAG,CACL,CACE,GAA+C,EAC/C,IAAqB,EACrB,GAAqB,EACrB,IAA0B,EAC1B,EAAE;QACF,IAAI,GAAG,YAAY,WAAW,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACtE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC,CACF,CAAC;IACF,GAAG,CAAC,GAAG,CAAC,qDAAwB,CAAC,CAAC;IAElC,0CAA0C;IAC1C,MAAM,iBAAiB,GAAG,IAAA,yCAAuB,GAAE,CAAC;IACpD,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAE3B,qDAAqD;IACrD,GAAG,CAAC,GAAG,CAAC,gCAAc,CAAC,CAAC;IAExB,sEAAsE;IACtE,MAAM,kBAAkB,GAAG,CAAC,wDAAa,+BAA+B,GAAC,CAAC,CAAC,OAAO,CAAC;IACnF,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;IAEnD,gCAAgC;IAChC,MAAM,EAAE,SAAS,EAAE,GAAG,wDAAa,gBAAgB,GAAC,CAAC;IACrD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAE3B,gCAAgC;IAChC,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,iBAAiB,GAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAErC,6BAA6B;IAC7B,MAAM,EAAE,cAAc,EAAE,GAAG,wDAAa,mBAAmB,GAAC,CAAC;IAC7D,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;IAEzC,yBAAyB;IACzB,MAAM,EAAE,WAAW,EAAE,GAAG,wDAAa,gBAAgB,GAAC,CAAC;IACvD,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAEnC,wCAAwC;IACxC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,GAAG,wDAAa,MAAM,GAAC,CAAC;QAChE,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC;YAClC,IAAI,EAAE,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;YACtC,MAAM,EAAE;gBACN,cAAc,EAAE,IAAI;gBACpB,8DAA8D;gBAC9D,GAAG,EAAE,EAAE,MAAM,EAAE;aAChB;YACD,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,+CAA+C;QAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACrE,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAEnC,0DAA0D;QAC1D,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YACzB,GAAG,CAAC,QAAQ,CAAC,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;QAC7C,MAAM,QAAQ,GAAG,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,mCAAmC,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;YACvB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACjB,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAC;YACtE,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,cAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,iBAAiB,CACf,OAA0B,EAC1B,QAA4B,EAC5B,CAAC,KAAe,EAAE,EAAE;YAClB,IAAI,KAAK,EAAE,CAAC;gBACV,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,qCAAqC,CAAC,CAAC;gBAC3E,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAA,oDAAkC,EAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,sBAAsB,CACpB,MAAM,EACN,IAAA,sDAAoC,EAAC,OAAO,CAAC,EAC7C,yBAAyB,CAC1B,CAAC;gBACF,OAAO;YACT,CAAC;YAED,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;gBAC9C,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,8CAA8C;IAC9C,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,0BAAc,EAAC,GAAG,CAAC,CAAC;IAEnD,iDAAiD;IACjD,IAAA,2BAAoB,GAAE,CAAC;IAEvB,IAAI,CAAC,IAAA,sCAAc,GAAE,CAAC,QAAQ,EAAE,CAAC;QAC/B,KAAK,IAAA,mDAA0B,GAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChD,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,oCAAoC,EAAE;gBAC/E,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,SAAS,EAAE,CAAC;QACZ,IAAA,0BAAmB,GAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACtC,IAAA,oCAAuB,GAAE,CAAC;IAC5B,CAAC,CAAC;IAEF,kBAAkB;IAClB,OAAO,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrD,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,CAAC,KAA4B,EAAE,EAAE;YAC/C,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,kCAAkC,EAAE;gBACvE,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,SAAS;gBAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE9B,MAAM,WAAW,GAAG,GAAG,EAAE;YACvB,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7B,IAAI,CAAC;gBACH,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;oBAChB,MAAM,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACpE,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,4BAA4B,EAAE;gBAC5D,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;aAC1B,CAAC,CAAC;YACH,6DAA6D;YAC7D,uEAAuE;YACvE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7B,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,KAA8B,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QAChF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAzLD,kCAyLC;AAED,SAAS,kBAAkB,CAAC,UAA8B;IACxD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,MAAuD,EACvD,UAAuC,EACvC,OAAe;IAEf,MAAM,CAAC,KAAK,CACV,YAAY,UAAU,IAAI,OAAO,MAAM;QACrC,uBAAuB;QACvB,6CAA6C;QAC7C,mBAAmB,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM;QACnD,MAAM;QACN,OAAO,CACV,CAAC;IACF,MAAM,CAAC,OAAO,EAAE,CAAC;AACnB,CAAC;AAED,SAAS,uBAAuB,CAC9B,OAAsB,EACtB,OAAoC;IAEpC,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAE1C,IAAI,CAAC,IAAA,sCAAc,EAAC,UAAU,CAAC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,IAAI,IAAA,sCAAc,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,OAAO;IACT,CAAC;IAED,MAAM,IAAI,KAAK,CACb,kBAAkB,UAAU,qCAAqC,OAAO,CAAC,OAAO,qDAAqD,CACtI,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAA4B,EAAE,OAAsB;IAC7E,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAE1C,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAChC,OAAO,kBAAkB,UAAU,IAAI,OAAO,CAAC,IAAI,oEAAoE,CAAC;IAC1H,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACnC,OAAO,kBAAkB,UAAU,IAAI,OAAO,CAAC,IAAI,kBAAkB,CAAC;IACxE,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,2CAA2C,OAAO,CAAC,IAAI,EAAE,CAAC;IACnE,CAAC;IAED,OAAO,kBAAkB,UAAU,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;AAC1E,CAAC"}
|
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
* Dashboard Authentication Middleware
|
|
3
3
|
* Session-based auth with httpOnly cookies for CCS dashboard.
|
|
4
4
|
*/
|
|
5
|
+
/// <reference types="node" />
|
|
6
|
+
import type { IncomingMessage } from 'http';
|
|
5
7
|
import type { NextFunction, Request, Response } from 'express';
|
|
6
8
|
declare module 'express-session' {
|
|
7
9
|
interface SessionData {
|
|
@@ -24,5 +26,8 @@ export declare function createSessionMiddleware(): (req: Request, res: Response,
|
|
|
24
26
|
*/
|
|
25
27
|
export declare function authMiddleware(req: Request, res: Response, next: NextFunction): void;
|
|
26
28
|
export declare function isLoopbackRemoteAddress(value: string | undefined): boolean;
|
|
29
|
+
export declare function isDashboardWebSocketOriginAllowed(req: IncomingMessage): boolean;
|
|
30
|
+
export declare function isDashboardWebSocketUpgradeAllowed(req: IncomingMessage): boolean;
|
|
31
|
+
export declare function getDashboardWebSocketRejectionStatus(req?: IncomingMessage): 401 | 403;
|
|
27
32
|
export declare function requireLocalAccessWhenAuthDisabled(req: Request, res: Response, error?: string): boolean;
|
|
28
33
|
//# sourceMappingURL=auth-middleware.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/web-server/middleware/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG
|
|
1
|
+
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/web-server/middleware/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG;;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAc/D,OAAO,QAAQ,iBAAiB,CAAC;IAC/B,UAAU,WAAW;QACnB,aAAa,EAAE,OAAO,CAAC;QACvB,QAAQ,EAAE,MAAM,CAAC;KAClB;CACF;AAkDD;;;GAGG;AACH,eAAO,MAAM,gBAAgB,sDAO3B,CAAC;AAEH;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,CACzC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,KACf,IAAI,CAeR;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAwBpF;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAU1E;AAiCD,wBAAgB,iCAAiC,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CA6B/E;AAED,wBAAgB,kCAAkC,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAUhF;AAED,wBAAgB,oCAAoC,CAAC,GAAG,CAAC,EAAE,eAAe,GAAG,GAAG,GAAG,GAAG,CAQrF;AAED,wBAAgB,kCAAkC,CAChD,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,KAAK,SAA6E,GACjF,OAAO,CAWT"}
|
|
@@ -7,7 +7,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
7
7
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
8
8
|
};
|
|
9
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
-
exports.requireLocalAccessWhenAuthDisabled = exports.isLoopbackRemoteAddress = exports.authMiddleware = exports.createSessionMiddleware = exports.loginRateLimiter = void 0;
|
|
10
|
+
exports.requireLocalAccessWhenAuthDisabled = exports.getDashboardWebSocketRejectionStatus = exports.isDashboardWebSocketUpgradeAllowed = exports.isDashboardWebSocketOriginAllowed = exports.isLoopbackRemoteAddress = exports.authMiddleware = exports.createSessionMiddleware = exports.loginRateLimiter = void 0;
|
|
11
11
|
const express_session_1 = __importDefault(require("express-session"));
|
|
12
12
|
const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
|
|
13
13
|
const crypto_1 = __importDefault(require("crypto"));
|
|
@@ -125,6 +125,78 @@ function isLoopbackRemoteAddress(value) {
|
|
|
125
125
|
normalized.startsWith('::ffff:127.'));
|
|
126
126
|
}
|
|
127
127
|
exports.isLoopbackRemoteAddress = isLoopbackRemoteAddress;
|
|
128
|
+
function isLoopbackHostname(value) {
|
|
129
|
+
if (!value)
|
|
130
|
+
return false;
|
|
131
|
+
const normalized = value
|
|
132
|
+
.trim()
|
|
133
|
+
.toLowerCase()
|
|
134
|
+
.replace(/^\[|\]$/g, '');
|
|
135
|
+
return (normalized === 'localhost' ||
|
|
136
|
+
normalized.endsWith('.localhost') ||
|
|
137
|
+
isLoopbackRemoteAddress(normalized));
|
|
138
|
+
}
|
|
139
|
+
function getSingleHeader(value) {
|
|
140
|
+
return Array.isArray(value) ? value[0] : value;
|
|
141
|
+
}
|
|
142
|
+
function parseHostHeader(value) {
|
|
143
|
+
if (!value)
|
|
144
|
+
return null;
|
|
145
|
+
try {
|
|
146
|
+
return new URL(`http://${value}`);
|
|
147
|
+
}
|
|
148
|
+
catch {
|
|
149
|
+
return null;
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
function isHttpOrigin(origin) {
|
|
153
|
+
return origin.protocol === 'http:' || origin.protocol === 'https:';
|
|
154
|
+
}
|
|
155
|
+
function isDashboardWebSocketOriginAllowed(req) {
|
|
156
|
+
const originHeader = getSingleHeader(req.headers.origin);
|
|
157
|
+
if (!originHeader)
|
|
158
|
+
return true;
|
|
159
|
+
let origin;
|
|
160
|
+
try {
|
|
161
|
+
origin = new URL(originHeader);
|
|
162
|
+
}
|
|
163
|
+
catch {
|
|
164
|
+
return false;
|
|
165
|
+
}
|
|
166
|
+
if (!isHttpOrigin(origin)) {
|
|
167
|
+
return false;
|
|
168
|
+
}
|
|
169
|
+
const host = parseHostHeader(getSingleHeader(req.headers.host));
|
|
170
|
+
if (!host) {
|
|
171
|
+
return false;
|
|
172
|
+
}
|
|
173
|
+
if (origin.host.toLowerCase() === host.host.toLowerCase()) {
|
|
174
|
+
return true;
|
|
175
|
+
}
|
|
176
|
+
return (isLoopbackHostname(origin.hostname) &&
|
|
177
|
+
isLoopbackHostname(host.hostname) &&
|
|
178
|
+
origin.port === host.port);
|
|
179
|
+
}
|
|
180
|
+
exports.isDashboardWebSocketOriginAllowed = isDashboardWebSocketOriginAllowed;
|
|
181
|
+
function isDashboardWebSocketUpgradeAllowed(req) {
|
|
182
|
+
if (!isDashboardWebSocketOriginAllowed(req)) {
|
|
183
|
+
return false;
|
|
184
|
+
}
|
|
185
|
+
if (!(0, config_loader_facade_1.isDashboardAuthEnabled)()) {
|
|
186
|
+
return isLoopbackRemoteAddress(req.socket.remoteAddress);
|
|
187
|
+
}
|
|
188
|
+
return Boolean(req.session?.authenticated);
|
|
189
|
+
}
|
|
190
|
+
exports.isDashboardWebSocketUpgradeAllowed = isDashboardWebSocketUpgradeAllowed;
|
|
191
|
+
function getDashboardWebSocketRejectionStatus(req) {
|
|
192
|
+
if (req && !isDashboardWebSocketOriginAllowed(req)) {
|
|
193
|
+
return 403;
|
|
194
|
+
}
|
|
195
|
+
if (!(0, config_loader_facade_1.isDashboardAuthEnabled)())
|
|
196
|
+
return 403;
|
|
197
|
+
return 401;
|
|
198
|
+
}
|
|
199
|
+
exports.getDashboardWebSocketRejectionStatus = getDashboardWebSocketRejectionStatus;
|
|
128
200
|
function requireLocalAccessWhenAuthDisabled(req, res, error = 'This endpoint requires localhost access when dashboard auth is disabled.') {
|
|
129
201
|
if ((0, config_loader_facade_1.isDashboardAuthEnabled)()) {
|
|
130
202
|
return true;
|