@monoes/monomindcli 1.11.14 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/generated/channel-intelligence-director.md +87 -0
- package/.claude/agents/generated/chief-growth-officer.md +88 -0
- package/.claude/agents/generated/content-seo-strategist.md +90 -0
- package/.claude/agents/generated/developer-community-strategist.md +91 -0
- package/.claude/agents/generated/outreach-partnership-strategist.md +90 -0
- package/.claude/agents/generated/social-media-strategist.md +91 -0
- package/.claude/agents/generated/video-visual-strategist.md +90 -0
- package/.claude/commands/mastermind/master.md +1 -1
- package/.claude/helpers/auto-memory-hook.mjs +13 -4
- package/.claude/helpers/control-start.cjs +5 -0
- package/.claude/helpers/event-logger.cjs +114 -0
- package/.claude/helpers/handlers/adr-draft-handler.cjs +19 -5
- package/.claude/helpers/handlers/agent-start-handler.cjs +13 -4
- package/.claude/helpers/handlers/compact-handler.cjs +2 -0
- package/.claude/helpers/handlers/edit-handler.cjs +1 -1
- package/.claude/helpers/handlers/gates-handler.cjs +3 -0
- package/.claude/helpers/handlers/graph-status-handler.cjs +14 -8
- package/.claude/helpers/handlers/loops-status-handler.cjs +5 -2
- package/.claude/helpers/handlers/route-handler.cjs +13 -6
- package/.claude/helpers/handlers/session-handler.cjs +11 -4
- package/.claude/helpers/handlers/session-restore-handler.cjs +21 -11
- package/.claude/helpers/handlers/task-handler.cjs +13 -5
- package/.claude/helpers/intelligence.cjs +7 -2
- package/.claude/helpers/loop-tracker.cjs +15 -3
- package/.claude/helpers/memory.cjs +6 -1
- package/.claude/helpers/router.cjs +5 -2
- package/.claude/helpers/session.cjs +2 -0
- package/.claude/helpers/statusline.cjs +10 -2
- package/.claude/helpers/utils/micro-agents.cjs +20 -4
- package/.claude/skills/mastermind/_protocol.md +25 -15
- package/.claude/skills/mastermind/architect.md +3 -3
- package/.claude/skills/mastermind/autodev.md +4 -2
- package/.claude/skills/mastermind/idea.md +10 -0
- package/.claude/skills/mastermind/ops.md +3 -3
- package/.claude/skills/mastermind/runorg.md +153 -86
- package/dist/src/agents/registry-builder.d.ts.map +1 -1
- package/dist/src/agents/registry-builder.js +2 -0
- package/dist/src/agents/registry-builder.js.map +1 -1
- package/dist/src/autopilot-state.d.ts.map +1 -1
- package/dist/src/autopilot-state.js +10 -5
- package/dist/src/autopilot-state.js.map +1 -1
- package/dist/src/benchmarks/benchmark-runner.d.ts.map +1 -1
- package/dist/src/benchmarks/benchmark-runner.js +13 -0
- package/dist/src/benchmarks/benchmark-runner.js.map +1 -1
- package/dist/src/benchmarks/metric-evaluators.d.ts.map +1 -1
- package/dist/src/benchmarks/metric-evaluators.js +20 -9
- package/dist/src/benchmarks/metric-evaluators.js.map +1 -1
- package/dist/src/browser/actions.d.ts.map +1 -1
- package/dist/src/browser/actions.js +10 -3
- package/dist/src/browser/actions.js.map +1 -1
- package/dist/src/browser/browser.d.ts.map +1 -1
- package/dist/src/browser/browser.js +12 -2
- package/dist/src/browser/browser.js.map +1 -1
- package/dist/src/browser/cdp.d.ts.map +1 -1
- package/dist/src/browser/cdp.js +21 -3
- package/dist/src/browser/cdp.js.map +1 -1
- package/dist/src/browser/har.d.ts.map +1 -1
- package/dist/src/browser/har.js +27 -5
- package/dist/src/browser/har.js.map +1 -1
- package/dist/src/commands/agent.d.ts.map +1 -1
- package/dist/src/commands/agent.js +11 -8
- package/dist/src/commands/agent.js.map +1 -1
- package/dist/src/commands/analyze.d.ts.map +1 -1
- package/dist/src/commands/analyze.js +36 -21
- package/dist/src/commands/analyze.js.map +1 -1
- package/dist/src/commands/autopilot.d.ts.map +1 -1
- package/dist/src/commands/autopilot.js +12 -4
- package/dist/src/commands/autopilot.js.map +1 -1
- package/dist/src/commands/benchmark.d.ts.map +1 -1
- package/dist/src/commands/benchmark.js +51 -8
- package/dist/src/commands/benchmark.js.map +1 -1
- package/dist/src/commands/browse.d.ts.map +1 -1
- package/dist/src/commands/browse.js +5 -2
- package/dist/src/commands/browse.js.map +1 -1
- package/dist/src/commands/claims.d.ts.map +1 -1
- package/dist/src/commands/claims.js +29 -11
- package/dist/src/commands/claims.js.map +1 -1
- package/dist/src/commands/cleanup.d.ts.map +1 -1
- package/dist/src/commands/cleanup.js +25 -5
- package/dist/src/commands/cleanup.js.map +1 -1
- package/dist/src/commands/config.d.ts.map +1 -1
- package/dist/src/commands/config.js +15 -7
- package/dist/src/commands/config.js.map +1 -1
- package/dist/src/commands/daemon.d.ts.map +1 -1
- package/dist/src/commands/daemon.js +6 -0
- package/dist/src/commands/daemon.js.map +1 -1
- package/dist/src/commands/deployment.d.ts.map +1 -1
- package/dist/src/commands/deployment.js +34 -19
- package/dist/src/commands/deployment.js.map +1 -1
- package/dist/src/commands/doctor.d.ts.map +1 -1
- package/dist/src/commands/doctor.js +38 -12
- package/dist/src/commands/doctor.js.map +1 -1
- package/dist/src/commands/guidance.d.ts.map +1 -1
- package/dist/src/commands/guidance.js +15 -2
- package/dist/src/commands/guidance.js.map +1 -1
- package/dist/src/commands/hive-mind.d.ts.map +1 -1
- package/dist/src/commands/hive-mind.js +37 -14
- package/dist/src/commands/hive-mind.js.map +1 -1
- package/dist/src/commands/hooks.d.ts.map +1 -1
- package/dist/src/commands/hooks.js +42 -25
- package/dist/src/commands/hooks.js.map +1 -1
- package/dist/src/commands/init.d.ts.map +1 -1
- package/dist/src/commands/init.js +9 -4
- package/dist/src/commands/init.js.map +1 -1
- package/dist/src/commands/issues.d.ts.map +1 -1
- package/dist/src/commands/issues.js +29 -26
- package/dist/src/commands/issues.js.map +1 -1
- package/dist/src/commands/mcp.d.ts.map +1 -1
- package/dist/src/commands/mcp.js +11 -5
- package/dist/src/commands/mcp.js.map +1 -1
- package/dist/src/commands/memory.d.ts.map +1 -1
- package/dist/src/commands/memory.js +10 -0
- package/dist/src/commands/memory.js.map +1 -1
- package/dist/src/commands/migrate.js +5 -5
- package/dist/src/commands/migrate.js.map +1 -1
- package/dist/src/commands/monograph.d.ts.map +1 -1
- package/dist/src/commands/monograph.js +18 -5
- package/dist/src/commands/monograph.js.map +1 -1
- package/dist/src/commands/monovector/backup.d.ts.map +1 -1
- package/dist/src/commands/monovector/backup.js +8 -2
- package/dist/src/commands/monovector/backup.js.map +1 -1
- package/dist/src/commands/monovector/benchmark.d.ts.map +1 -1
- package/dist/src/commands/monovector/benchmark.js +20 -7
- package/dist/src/commands/monovector/benchmark.js.map +1 -1
- package/dist/src/commands/monovector/import.d.ts.map +1 -1
- package/dist/src/commands/monovector/import.js +15 -0
- package/dist/src/commands/monovector/import.js.map +1 -1
- package/dist/src/commands/monovector/migrate.d.ts.map +1 -1
- package/dist/src/commands/monovector/migrate.js +4 -1
- package/dist/src/commands/monovector/migrate.js.map +1 -1
- package/dist/src/commands/monovector/optimize.d.ts.map +1 -1
- package/dist/src/commands/monovector/optimize.js +11 -0
- package/dist/src/commands/monovector/optimize.js.map +1 -1
- package/dist/src/commands/monovector/setup.d.ts.map +1 -1
- package/dist/src/commands/monovector/setup.js +11 -1
- package/dist/src/commands/monovector/setup.js.map +1 -1
- package/dist/src/commands/neural.js +1 -1
- package/dist/src/commands/neural.js.map +1 -1
- package/dist/src/commands/performance.d.ts.map +1 -1
- package/dist/src/commands/performance.js +20 -7
- package/dist/src/commands/performance.js.map +1 -1
- package/dist/src/commands/platforms.d.ts.map +1 -1
- package/dist/src/commands/platforms.js +90 -8
- package/dist/src/commands/platforms.js.map +1 -1
- package/dist/src/commands/plugins.d.ts.map +1 -1
- package/dist/src/commands/plugins.js +12 -5
- package/dist/src/commands/plugins.js.map +1 -1
- package/dist/src/commands/process.d.ts.map +1 -1
- package/dist/src/commands/process.js +33 -10
- package/dist/src/commands/process.js.map +1 -1
- package/dist/src/commands/progress.d.ts.map +1 -1
- package/dist/src/commands/progress.js +5 -3
- package/dist/src/commands/progress.js.map +1 -1
- package/dist/src/commands/providers.js +5 -5
- package/dist/src/commands/providers.js.map +1 -1
- package/dist/src/commands/replay.d.ts.map +1 -1
- package/dist/src/commands/replay.js +8 -2
- package/dist/src/commands/replay.js.map +1 -1
- package/dist/src/commands/route.d.ts.map +1 -1
- package/dist/src/commands/route.js +27 -7
- package/dist/src/commands/route.js.map +1 -1
- package/dist/src/commands/security.d.ts.map +1 -1
- package/dist/src/commands/security.js +4 -0
- package/dist/src/commands/security.js.map +1 -1
- package/dist/src/commands/session.d.ts.map +1 -1
- package/dist/src/commands/session.js +12 -1
- package/dist/src/commands/session.js.map +1 -1
- package/dist/src/commands/start.d.ts.map +1 -1
- package/dist/src/commands/start.js +11 -4
- package/dist/src/commands/start.js.map +1 -1
- package/dist/src/commands/status.d.ts.map +1 -1
- package/dist/src/commands/status.js +7 -4
- package/dist/src/commands/status.js.map +1 -1
- package/dist/src/commands/swarm.d.ts.map +1 -1
- package/dist/src/commands/swarm.js +27 -13
- package/dist/src/commands/swarm.js.map +1 -1
- package/dist/src/commands/task.d.ts.map +1 -1
- package/dist/src/commands/task.js +26 -11
- package/dist/src/commands/task.js.map +1 -1
- package/dist/src/commands/tokens.d.ts.map +1 -1
- package/dist/src/commands/tokens.js +7 -2
- package/dist/src/commands/tokens.js.map +1 -1
- package/dist/src/commands/transfer-store.d.ts.map +1 -1
- package/dist/src/commands/transfer-store.js +36 -22
- package/dist/src/commands/transfer-store.js.map +1 -1
- package/dist/src/commands/update.d.ts.map +1 -1
- package/dist/src/commands/update.js +15 -3
- package/dist/src/commands/update.js.map +1 -1
- package/dist/src/commands/workflow.d.ts.map +1 -1
- package/dist/src/commands/workflow.js +39 -6
- package/dist/src/commands/workflow.js.map +1 -1
- package/dist/src/consensus/audit-writer.d.ts.map +1 -1
- package/dist/src/consensus/audit-writer.js +18 -7
- package/dist/src/consensus/audit-writer.js.map +1 -1
- package/dist/src/consensus/vote-signer.d.ts.map +1 -1
- package/dist/src/consensus/vote-signer.js +25 -8
- package/dist/src/consensus/vote-signer.js.map +1 -1
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +7 -3
- package/dist/src/index.js.map +1 -1
- package/dist/src/init/executor.d.ts.map +1 -1
- package/dist/src/init/executor.js +14 -11
- package/dist/src/init/executor.js.map +1 -1
- package/dist/src/init/shared-instructions-generator.d.ts.map +1 -1
- package/dist/src/init/shared-instructions-generator.js +20 -4
- package/dist/src/init/shared-instructions-generator.js.map +1 -1
- package/dist/src/init/statusline-generator.d.ts.map +1 -1
- package/dist/src/init/statusline-generator.js +36 -15
- package/dist/src/init/statusline-generator.js.map +1 -1
- package/dist/src/mcp-tools/a2a-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/a2a-tools.js +98 -13
- package/dist/src/mcp-tools/a2a-tools.js.map +1 -1
- package/dist/src/mcp-tools/agent-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/agent-tools.js +16 -3
- package/dist/src/mcp-tools/agent-tools.js.map +1 -1
- package/dist/src/mcp-tools/analyze-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/analyze-tools.js +80 -17
- package/dist/src/mcp-tools/analyze-tools.js.map +1 -1
- package/dist/src/mcp-tools/browser-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/browser-tools.js +84 -22
- package/dist/src/mcp-tools/browser-tools.js.map +1 -1
- package/dist/src/mcp-tools/claims-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/claims-tools.js +35 -7
- package/dist/src/mcp-tools/claims-tools.js.map +1 -1
- package/dist/src/mcp-tools/config-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/config-tools.js +82 -17
- package/dist/src/mcp-tools/config-tools.js.map +1 -1
- package/dist/src/mcp-tools/coordination-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/coordination-tools.js +37 -4
- package/dist/src/mcp-tools/coordination-tools.js.map +1 -1
- package/dist/src/mcp-tools/daa-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/daa-tools.js +49 -7
- package/dist/src/mcp-tools/daa-tools.js.map +1 -1
- package/dist/src/mcp-tools/embeddings-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/embeddings-tools.js +45 -18
- package/dist/src/mcp-tools/embeddings-tools.js.map +1 -1
- package/dist/src/mcp-tools/github-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/github-tools.js +75 -25
- package/dist/src/mcp-tools/github-tools.js.map +1 -1
- package/dist/src/mcp-tools/guidance-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/guidance-tools.js +32 -10
- package/dist/src/mcp-tools/guidance-tools.js.map +1 -1
- package/dist/src/mcp-tools/hive-mind-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/hive-mind-tools.js +91 -20
- package/dist/src/mcp-tools/hive-mind-tools.js.map +1 -1
- package/dist/src/mcp-tools/hooks-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/hooks-tools.js +188 -29
- package/dist/src/mcp-tools/hooks-tools.js.map +1 -1
- package/dist/src/mcp-tools/memory-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/memory-tools.js +25 -7
- package/dist/src/mcp-tools/memory-tools.js.map +1 -1
- package/dist/src/mcp-tools/monograph-compat.d.ts.map +1 -1
- package/dist/src/mcp-tools/monograph-compat.js +11 -2
- package/dist/src/mcp-tools/monograph-compat.js.map +1 -1
- package/dist/src/mcp-tools/monograph-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/monograph-tools.js +148 -26
- package/dist/src/mcp-tools/monograph-tools.js.map +1 -1
- package/dist/src/mcp-tools/neural-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/neural-tools.js +44 -9
- package/dist/src/mcp-tools/neural-tools.js.map +1 -1
- package/dist/src/mcp-tools/performance-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/performance-tools.js +45 -10
- package/dist/src/mcp-tools/performance-tools.js.map +1 -1
- package/dist/src/mcp-tools/progress-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/progress-tools.js +7 -4
- package/dist/src/mcp-tools/progress-tools.js.map +1 -1
- package/dist/src/mcp-tools/request-tracker.d.ts.map +1 -1
- package/dist/src/mcp-tools/request-tracker.js +15 -1
- package/dist/src/mcp-tools/request-tracker.js.map +1 -1
- package/dist/src/mcp-tools/security-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/security-tools.js +61 -9
- package/dist/src/mcp-tools/security-tools.js.map +1 -1
- package/dist/src/mcp-tools/session-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/session-tools.js +45 -14
- package/dist/src/mcp-tools/session-tools.js.map +1 -1
- package/dist/src/mcp-tools/swarm-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/swarm-tools.js +15 -3
- package/dist/src/mcp-tools/swarm-tools.js.map +1 -1
- package/dist/src/mcp-tools/system-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/system-tools.js +14 -7
- package/dist/src/mcp-tools/system-tools.js.map +1 -1
- package/dist/src/mcp-tools/task-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/task-tools.js +52 -10
- package/dist/src/mcp-tools/task-tools.js.map +1 -1
- package/dist/src/mcp-tools/terminal-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/terminal-tools.js +40 -6
- package/dist/src/mcp-tools/terminal-tools.js.map +1 -1
- package/dist/src/mcp-tools/transfer-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/transfer-tools.js +37 -4
- package/dist/src/mcp-tools/transfer-tools.js.map +1 -1
- package/dist/src/mcp-tools/workflow-tools.d.ts.map +1 -1
- package/dist/src/mcp-tools/workflow-tools.js +29 -6
- package/dist/src/mcp-tools/workflow-tools.js.map +1 -1
- package/dist/src/memory/ewc-consolidation.d.ts.map +1 -1
- package/dist/src/memory/ewc-consolidation.js +26 -10
- package/dist/src/memory/ewc-consolidation.js.map +1 -1
- package/dist/src/memory/intelligence.d.ts.map +1 -1
- package/dist/src/memory/intelligence.js +80 -19
- package/dist/src/memory/intelligence.js.map +1 -1
- package/dist/src/memory/memory-bridge.d.ts.map +1 -1
- package/dist/src/memory/memory-bridge.js +21 -2
- package/dist/src/memory/memory-bridge.js.map +1 -1
- package/dist/src/memory/memory-initializer.d.ts.map +1 -1
- package/dist/src/memory/memory-initializer.js +67 -3
- package/dist/src/memory/memory-initializer.js.map +1 -1
- package/dist/src/memory/sona-optimizer.d.ts.map +1 -1
- package/dist/src/memory/sona-optimizer.js +14 -4
- package/dist/src/memory/sona-optimizer.js.map +1 -1
- package/dist/src/monovector/command-outcomes.d.ts.map +1 -1
- package/dist/src/monovector/command-outcomes.js +43 -7
- package/dist/src/monovector/command-outcomes.js.map +1 -1
- package/dist/src/monovector/coverage-router.d.ts.map +1 -1
- package/dist/src/monovector/coverage-router.js +8 -4
- package/dist/src/monovector/coverage-router.js.map +1 -1
- package/dist/src/monovector/coverage-tools.d.ts.map +1 -1
- package/dist/src/monovector/coverage-tools.js +6 -3
- package/dist/src/monovector/coverage-tools.js.map +1 -1
- package/dist/src/monovector/diff-classifier.d.ts.map +1 -1
- package/dist/src/monovector/diff-classifier.js +13 -0
- package/dist/src/monovector/diff-classifier.js.map +1 -1
- package/dist/src/monovector/route-outcomes.d.ts +2 -1
- package/dist/src/monovector/route-outcomes.d.ts.map +1 -1
- package/dist/src/monovector/route-outcomes.js +46 -4
- package/dist/src/monovector/route-outcomes.js.map +1 -1
- package/dist/src/plugins/manager.d.ts.map +1 -1
- package/dist/src/plugins/manager.js +8 -3
- package/dist/src/plugins/manager.js.map +1 -1
- package/dist/src/plugins/store/discovery.d.ts.map +1 -1
- package/dist/src/plugins/store/discovery.js +46 -2
- package/dist/src/plugins/store/discovery.js.map +1 -1
- package/dist/src/plugins/store/search.d.ts.map +1 -1
- package/dist/src/plugins/store/search.js +5 -4
- package/dist/src/plugins/store/search.js.map +1 -1
- package/dist/src/production/circuit-breaker.d.ts.map +1 -1
- package/dist/src/production/circuit-breaker.js +17 -3
- package/dist/src/production/circuit-breaker.js.map +1 -1
- package/dist/src/production/error-handler.d.ts.map +1 -1
- package/dist/src/production/error-handler.js +3 -0
- package/dist/src/production/error-handler.js.map +1 -1
- package/dist/src/production/monitoring.d.ts.map +1 -1
- package/dist/src/production/monitoring.js +20 -3
- package/dist/src/production/monitoring.js.map +1 -1
- package/dist/src/production/rate-limiter.d.ts.map +1 -1
- package/dist/src/production/rate-limiter.js +13 -4
- package/dist/src/production/rate-limiter.js.map +1 -1
- package/dist/src/production/retry.d.ts.map +1 -1
- package/dist/src/production/retry.js +17 -9
- package/dist/src/production/retry.js.map +1 -1
- package/dist/src/routing/embed-worker.js +6 -2
- package/dist/src/routing/embed-worker.js.map +1 -1
- package/dist/src/routing/embedder.d.ts.map +1 -1
- package/dist/src/routing/embedder.js +0 -0
- package/dist/src/routing/embedder.js.map +1 -1
- package/dist/src/routing/llm-caller.d.ts.map +1 -1
- package/dist/src/routing/llm-caller.js +13 -2
- package/dist/src/routing/llm-caller.js.map +1 -1
- package/dist/src/routing/route-layer-factory.d.ts.map +1 -1
- package/dist/src/routing/route-layer-factory.js +18 -3
- package/dist/src/routing/route-layer-factory.js.map +1 -1
- package/dist/src/services/claim-service.d.ts +1 -0
- package/dist/src/services/claim-service.d.ts.map +1 -1
- package/dist/src/services/claim-service.js +8 -0
- package/dist/src/services/claim-service.js.map +1 -1
- package/dist/src/services/config-file-manager.d.ts.map +1 -1
- package/dist/src/services/config-file-manager.js +14 -2
- package/dist/src/services/config-file-manager.js.map +1 -1
- package/dist/src/services/headless-worker-executor.d.ts.map +1 -1
- package/dist/src/services/headless-worker-executor.js +18 -2
- package/dist/src/services/headless-worker-executor.js.map +1 -1
- package/dist/src/services/worker-daemon.d.ts.map +1 -1
- package/dist/src/services/worker-daemon.js +53 -12
- package/dist/src/services/worker-daemon.js.map +1 -1
- package/dist/src/transfer/anonymization/index.d.ts +0 -3
- package/dist/src/transfer/anonymization/index.d.ts.map +1 -1
- package/dist/src/transfer/anonymization/index.js +16 -1
- package/dist/src/transfer/anonymization/index.js.map +1 -1
- package/dist/src/transfer/export.d.ts.map +1 -1
- package/dist/src/transfer/export.js +8 -0
- package/dist/src/transfer/export.js.map +1 -1
- package/dist/src/transfer/ipfs/upload.d.ts.map +1 -1
- package/dist/src/transfer/ipfs/upload.js +33 -3
- package/dist/src/transfer/ipfs/upload.js.map +1 -1
- package/dist/src/transfer/serialization/cfp.d.ts.map +1 -1
- package/dist/src/transfer/serialization/cfp.js +9 -3
- package/dist/src/transfer/serialization/cfp.js.map +1 -1
- package/dist/src/transfer/storage/gcs.d.ts.map +1 -1
- package/dist/src/transfer/storage/gcs.js +37 -3
- package/dist/src/transfer/storage/gcs.js.map +1 -1
- package/dist/src/transfer/store/discovery.d.ts.map +1 -1
- package/dist/src/transfer/store/discovery.js +45 -3
- package/dist/src/transfer/store/discovery.js.map +1 -1
- package/dist/src/transfer/store/download.d.ts.map +1 -1
- package/dist/src/transfer/store/download.js +5 -0
- package/dist/src/transfer/store/download.js.map +1 -1
- package/dist/src/transfer/store/publish.d.ts.map +1 -1
- package/dist/src/transfer/store/publish.js +13 -1
- package/dist/src/transfer/store/publish.js.map +1 -1
- package/dist/src/transfer/store/registry.d.ts +8 -0
- package/dist/src/transfer/store/registry.d.ts.map +1 -1
- package/dist/src/transfer/store/registry.js +30 -5
- package/dist/src/transfer/store/registry.js.map +1 -1
- package/dist/src/transfer/store/search.d.ts.map +1 -1
- package/dist/src/transfer/store/search.js +20 -5
- package/dist/src/transfer/store/search.js.map +1 -1
- package/dist/src/ui/collector.mjs +39 -5
- package/dist/src/ui/dashboard.html +934 -1282
- package/dist/src/ui/orgs.html +722 -12
- package/dist/src/ui/server.mjs +573 -134
- package/dist/src/update/checker.d.ts.map +1 -1
- package/dist/src/update/checker.js +59 -7
- package/dist/src/update/checker.js.map +1 -1
- package/dist/src/update/executor.d.ts.map +1 -1
- package/dist/src/update/executor.js +50 -3
- package/dist/src/update/executor.js.map +1 -1
- package/dist/src/update/index.d.ts.map +1 -1
- package/dist/src/update/index.js +18 -1
- package/dist/src/update/index.js.map +1 -1
- package/dist/src/update/rate-limiter.d.ts +6 -0
- package/dist/src/update/rate-limiter.d.ts.map +1 -1
- package/dist/src/update/rate-limiter.js +79 -7
- package/dist/src/update/rate-limiter.js.map +1 -1
- package/dist/src/update/validator.d.ts.map +1 -1
- package/dist/src/update/validator.js +52 -1
- package/dist/src/update/validator.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +2 -3
- package/dist/src/ui/data/mastermind-events.jsonl +0 -59
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"checker.d.ts","sourceRoot":"","sources":["../../../src/update/checker.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"checker.d.ts","sourceRoot":"","sources":["../../../src/update/checker.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAqBH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,MAAM,CAAC;IACjD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE;QACV,KAAK,EAAE,OAAO,CAAC;QACf,KAAK,EAAE,OAAO,CAAC;QACf,KAAK,EAAE,OAAO,CAAC;KAChB,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC,CAAC;IACjE,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,QAAA,MAAM,cAAc,EAAE,YAiBrB,CAAC;AAsIF,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAqCtE;AAED,wBAAsB,eAAe,CACnC,MAAM,GAAE,YAA6B,GACpC,OAAO,CAAC;IAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAyE9E;AAED,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,MAAM,GAAE,YAA6B,GACpC,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CA4BnC;AAED,OAAO,EAAE,cAAc,EAAE,CAAC"}
|
|
@@ -4,7 +4,19 @@
|
|
|
4
4
|
*/
|
|
5
5
|
import { createRequire } from 'module';
|
|
6
6
|
import { execFileSync } from 'child_process';
|
|
7
|
-
|
|
7
|
+
// Inline semver shim — avoids external dependency
|
|
8
|
+
const semver = {
|
|
9
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
10
|
+
eq: (a, b) => a === b,
|
|
11
|
+
major: (v) => parseInt((v || '0').split('.')[0], 10),
|
|
12
|
+
minor: (v) => parseInt((v || '0').split('.')[1] || '0', 10),
|
|
13
|
+
patch: (v) => parseInt(((v || '0').split('.')[2] || '0').replace(/[^0-9].*/, ''), 10),
|
|
14
|
+
gt: (a, b) => {
|
|
15
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
16
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
17
|
+
return aMaj !== bMaj ? aMaj > bMaj : aMin !== bMin ? aMin > bMin : aPat > bPat;
|
|
18
|
+
},
|
|
19
|
+
};
|
|
8
20
|
import { reserveCheck, recordCheck, getCachedVersions } from './rate-limiter.js';
|
|
9
21
|
const require = createRequire(import.meta.url);
|
|
10
22
|
const DEFAULT_CONFIG = {
|
|
@@ -45,6 +57,13 @@ const NPM_NAME_RE = /^(@[a-z0-9-~][a-z0-9-._~]*\/)?[a-z0-9-~][a-z0-9-._~]*$/i;
|
|
|
45
57
|
function isValidNpmName(name) {
|
|
46
58
|
return NPM_NAME_RE.test(name) && !name.includes('..') && name.length <= 214;
|
|
47
59
|
}
|
|
60
|
+
// Cap registry response at 5 MB. The full npm registry payload for a package
|
|
61
|
+
// can include the entire `versions` object (dozens of version entries with
|
|
62
|
+
// dist/scripts/dependencies for each). A spoofed or compromised registry
|
|
63
|
+
// endpoint could stream an arbitrarily large body; AbortSignal.timeout(5000)
|
|
64
|
+
// only enforces a wall-clock deadline and does NOT cap bytes. Without this
|
|
65
|
+
// cap, fetchPackageInfo will buffer an unbounded body into memory (OOM).
|
|
66
|
+
const MAX_REGISTRY_RESPONSE_BYTES = 5 * 1024 * 1024; // 5 MB
|
|
48
67
|
async function fetchPackageInfo(packageName) {
|
|
49
68
|
if (!isValidNpmName(packageName))
|
|
50
69
|
return null;
|
|
@@ -56,7 +75,42 @@ async function fetchPackageInfo(packageName) {
|
|
|
56
75
|
if (!response.ok) {
|
|
57
76
|
return null;
|
|
58
77
|
}
|
|
59
|
-
|
|
78
|
+
// Reject immediately if Content-Length header exceeds cap
|
|
79
|
+
const contentLength = response.headers.get('content-length');
|
|
80
|
+
if (contentLength) {
|
|
81
|
+
const declared = parseInt(contentLength, 10);
|
|
82
|
+
if (Number.isFinite(declared) && declared > MAX_REGISTRY_RESPONSE_BYTES) {
|
|
83
|
+
return null;
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// Stream body and enforce byte cap — prevents OOM if the server streams
|
|
87
|
+
// a large body that evades the Content-Length check (missing/wrong header).
|
|
88
|
+
if (!response.body)
|
|
89
|
+
return null;
|
|
90
|
+
const reader = response.body.getReader();
|
|
91
|
+
const chunks = [];
|
|
92
|
+
let totalBytes = 0;
|
|
93
|
+
while (true) {
|
|
94
|
+
const { done, value } = await reader.read();
|
|
95
|
+
if (done)
|
|
96
|
+
break;
|
|
97
|
+
if (value) {
|
|
98
|
+
totalBytes += value.byteLength;
|
|
99
|
+
if (totalBytes > MAX_REGISTRY_RESPONSE_BYTES) {
|
|
100
|
+
await reader.cancel();
|
|
101
|
+
return null;
|
|
102
|
+
}
|
|
103
|
+
chunks.push(value);
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
const buf = new Uint8Array(totalBytes);
|
|
107
|
+
let offset = 0;
|
|
108
|
+
for (const chunk of chunks) {
|
|
109
|
+
buf.set(chunk, offset);
|
|
110
|
+
offset += chunk.byteLength;
|
|
111
|
+
}
|
|
112
|
+
const text = new TextDecoder('utf-8').decode(buf);
|
|
113
|
+
return JSON.parse(text);
|
|
60
114
|
}
|
|
61
115
|
catch {
|
|
62
116
|
return null;
|
|
@@ -66,7 +120,8 @@ function getUpdateType(current, latest) {
|
|
|
66
120
|
if (!semver.valid(current) || !semver.valid(latest)) {
|
|
67
121
|
return 'none';
|
|
68
122
|
}
|
|
69
|
-
|
|
123
|
+
// Not an upgrade (equal or downgrade)
|
|
124
|
+
if (!semver.gt(latest, current)) {
|
|
70
125
|
return 'none';
|
|
71
126
|
}
|
|
72
127
|
if (semver.major(latest) > semver.major(current)) {
|
|
@@ -75,10 +130,7 @@ function getUpdateType(current, latest) {
|
|
|
75
130
|
if (semver.minor(latest) > semver.minor(current)) {
|
|
76
131
|
return 'minor';
|
|
77
132
|
}
|
|
78
|
-
|
|
79
|
-
return 'patch';
|
|
80
|
-
}
|
|
81
|
-
return 'none';
|
|
133
|
+
return 'patch';
|
|
82
134
|
}
|
|
83
135
|
function shouldAutoUpdate(updateType, priority, config) {
|
|
84
136
|
if (updateType === 'none')
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"checker.js","sourceRoot":"","sources":["../../../src/update/checker.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,
|
|
1
|
+
{"version":3,"file":"checker.js","sourceRoot":"","sources":["../../../src/update/checker.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,kDAAkD;AAClD,MAAM,MAAM,GAAG;IACb,KAAK,EAAE,CAAC,CAA4B,EAAiB,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI;IAClG,EAAE,EAAE,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE,CAAC,CAAC,KAAK,CAAC;IAC9C,KAAK,EAAE,CAAC,CAAS,EAAU,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACpE,KAAK,EAAE,CAAC,CAAS,EAAU,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;IAC3E,KAAK,EAAE,CAAC,CAAS,EAAU,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;IACrG,EAAE,EAAE,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE;QACpC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,OAAO,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC;IACjF,CAAC;CACF,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEjF,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAwB/C,MAAM,cAAc,GAAiB;IACnC,OAAO,EAAE,IAAI;IACb,kBAAkB,EAAE,EAAE;IACtB,UAAU,EAAE;QACV,KAAK,EAAE,IAAI;QACX,KAAK,EAAE,IAAI;QACX,KAAK,EAAE,KAAK;KACb;IACD,QAAQ,EAAE;QACR,cAAc,EAAE,UAAU;QAC1B,qBAAqB,EAAE,MAAM;QAC7B,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,QAAQ;QAC7B,gBAAgB,EAAE,QAAQ;QAC1B,oBAAoB,EAAE,KAAK;KAC5B;IACD,OAAO,EAAE,EAAE;CACZ,CAAC;AAEF,wDAAwD;AACxD,2FAA2F;AAC3F,MAAM,iBAAiB,GAAG;IACxB,UAAU;IACV,qBAAqB;IACrB,cAAc;IACd,mBAAmB;IACnB,gBAAgB;IAChB,oBAAoB;IACpB,oBAAoB;IACpB,iBAAiB;IACjB,eAAe;IACf,mBAAmB;CACpB,CAAC;AAEF,qEAAqE;AACrE,+DAA+D;AAC/D,MAAM,WAAW,GAAG,yDAAyD,CAAC;AAE9E,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC;AAC9E,CAAC;AAOD,6EAA6E;AAC7E,2EAA2E;AAC3E,yEAAyE;AACzE,6EAA6E;AAC7E,2EAA2E;AAC3E,yEAAyE;AACzE,MAAM,2BAA2B,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAE5D,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IACjD,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,8BAA8B,kBAAkB,CAAC,WAAW,CAAC,EAAE,EAC/D;YACE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;YACvC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CACF,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC7D,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAC7C,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,2BAA2B,EAAE,CAAC;gBACxE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,4EAA4E;QAC5E,IAAI,CAAC,QAAQ,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAChC,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QACzC,MAAM,MAAM,GAAiB,EAAE,CAAC;QAChC,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI;gBAAE,MAAM;YAChB,IAAI,KAAK,EAAE,CAAC;gBACV,UAAU,IAAI,KAAK,CAAC,UAAU,CAAC;gBAC/B,IAAI,UAAU,GAAG,2BAA2B,EAAE,CAAC;oBAC7C,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAAC,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAAC,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC;QAAC,CAAC;QACnF,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,OAAe,EACf,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sCAAsC;IACtC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CACvB,UAAgD,EAChD,QAAgD,EAChD,MAAoB;IAEpB,IAAI,UAAU,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAExC,mEAAmE;IACnE,IAAI,QAAQ,KAAK,UAAU,IAAI,CAAC,UAAU,KAAK,OAAO,IAAI,UAAU,KAAK,OAAO,CAAC,EAAE,CAAC;QAClF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe;IACf,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;IAC3D,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;IAC3D,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;IAE3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,WAAmB;IACrD,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,CAAC;QACH,sFAAsF;QACtF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,WAAW,eAAe,CAAC,CAAC;YAChE,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC9B,IAAI,GAAG,CAAC,OAAO;gBAAE,OAAO,GAAG,CAAC,OAAO,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QAEtC,8DAA8D;QAC9D,MAAM,QAAQ,GAAG;YACf,GAAG,WAAW,eAAe;YAC7B,sBAAsB,WAAW,eAAe;YAChD,yBAAyB,WAAW,eAAe;SACpD,CAAC;QACF,KAAK,MAAM,UAAU,IAAI,QAAQ,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBACzE,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC9B,IAAI,GAAG,CAAC,OAAO;oBAAE,OAAO,GAAG,CAAC,OAAO,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBAAC,SAAS;YAAC,CAAC;QACvB,CAAC;QAED,4DAA4D;QAC5D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACjG,MAAM,SAAS,GAAG,OAAO,CACvB,OAAO,CAAC,OAAO,CAAC,GAAG,WAAW,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,GAAG,MAAM,mBAAmB,CAAC,EAAE,CAAC,CAC1F,CAAC;YACF,IAAI,SAAS,CAAC,OAAO;gBAAE,OAAO,SAAS,CAAC,OAAO,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC,CAAC,0CAA0C,CAAC,CAAC;QAEtD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,SAAuB,cAAc;IAErC,0DAA0D;IAC1D,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAC1D,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QACvB,qCAAqC;QACrC,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACnC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,SAAS,CAAC,MAAM;aACzB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC;IAClE,CAAC;IAED,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,YAAY,GAA2B,EAAE,CAAC;IAEhD,qBAAqB;IACrB,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAC9C,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CACvC,CAAC;IAEF,oCAAoC;IACpC,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAClE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;QAC1C,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;QAC1C,OAAO,aAAa,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,GAAG,CACf,eAAe,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE;QACxC,MAAM,cAAc,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACxD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,8BAA8B;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAChD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QAED,YAAY,CAAC,WAAW,CAAC,GAAG,aAAa,CAAC;QAE1C,MAAM,UAAU,GAAG,aAAa,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;QAChE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC;QAE1D,OAAO,CAAC,IAAI,CAAC;YACX,OAAO,EAAE,WAAW;YACpB,cAAc;YACd,aAAa;YACb,UAAU;YACV,QAAQ;YACR,gBAAgB,EAAE,gBAAgB,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC;SACjE,CAAC,CAAC;IACL,CAAC,CAAC,CACH,CAAC;IAEF,oBAAoB;IACpB,WAAW,CAAC,YAAY,CAAC,CAAC;IAE1B,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,MAAM,CAAC,CAAC;IAE/D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,WAAmB,EACnB,SAAuB,cAAc;IAErC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,MAAM,cAAc,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAChD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,aAAa,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC;IAE1D,OAAO;QACL,OAAO,EAAE,WAAW;QACpB,cAAc;QACd,aAAa;QACb,UAAU;QACV,QAAQ;QACR,gBAAgB,EAAE,gBAAgB,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC;KACjE,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../../src/update/executor.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../../src/update/executor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAkB,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAgClE,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,gBAAgB,CAAC;CAC9B;AAYD,wBAAgB,WAAW,IAAI,kBAAkB,EAAE,CA0BlD;AAiBD,wBAAsB,aAAa,CACjC,MAAM,EAAE,iBAAiB,EACzB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACzC,MAAM,UAAQ,GACb,OAAO,CAAC,qBAAqB,CAAC,CAgFhC;AAED,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,iBAAiB,EAAE,EAC5B,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACzC,MAAM,UAAQ,GACb,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAoBlC;AAED,wBAAsB,cAAc,CAClC,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAoDhD;AAED,wBAAgB,gBAAgB,CAAC,KAAK,SAAK,GAAG,kBAAkB,EAAE,CAGjE;AAED,wBAAgB,YAAY,IAAI,IAAI,CAInC"}
|
|
@@ -6,11 +6,32 @@ import { execFile } from 'child_process';
|
|
|
6
6
|
import * as fs from 'fs';
|
|
7
7
|
import * as path from 'path';
|
|
8
8
|
import * as os from 'os';
|
|
9
|
-
import
|
|
9
|
+
import { validateUpdate } from './validator.js';
|
|
10
|
+
// Inline semver shim — avoids external dependency (semver is not in package.json)
|
|
11
|
+
const semver = {
|
|
12
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
13
|
+
};
|
|
14
|
+
/**
|
|
15
|
+
* Validate a npm package name.
|
|
16
|
+
* Allows scoped (@scope/name) and unscoped names; rejects path-traversal,
|
|
17
|
+
* shell metacharacters, and names that are too long to be legitimate.
|
|
18
|
+
* See https://docs.npmjs.com/cli/v9/configuring-npm/package-json#name
|
|
19
|
+
*/
|
|
20
|
+
function isValidPackageName(name) {
|
|
21
|
+
if (typeof name !== 'string' || name.length === 0 || name.length > 214)
|
|
22
|
+
return false;
|
|
23
|
+
// Scoped: @scope/name — both parts: lowercase alnum + hyphens + underscores + dots
|
|
24
|
+
if (name.startsWith('@')) {
|
|
25
|
+
return /^@[a-z0-9][a-z0-9_.-]*\/[a-z0-9][a-z0-9_.-]*$/.test(name);
|
|
26
|
+
}
|
|
27
|
+
// Unscoped: must not start with . or _ (legacy rule)
|
|
28
|
+
return /^[a-z0-9][a-z0-9_.-]*$/.test(name);
|
|
29
|
+
}
|
|
30
|
+
/** Max bytes we will read from the on-disk update history file. */
|
|
31
|
+
const MAX_HISTORY_FILE_BYTES = 1 * 1024 * 1024; // 1 MB
|
|
10
32
|
function execFileAsync(cmd, args) {
|
|
11
33
|
return new Promise((resolve, reject) => execFile(cmd, args, (err) => (err ? reject(err) : resolve())));
|
|
12
34
|
}
|
|
13
|
-
import { validateUpdate } from './validator.js';
|
|
14
35
|
const HISTORY_FILE = path.join(os.homedir(), '.monomind', 'update-history.json');
|
|
15
36
|
const MAX_HISTORY_ENTRIES = 100;
|
|
16
37
|
function ensureDir() {
|
|
@@ -22,8 +43,29 @@ function ensureDir() {
|
|
|
22
43
|
export function loadHistory() {
|
|
23
44
|
try {
|
|
24
45
|
if (fs.existsSync(HISTORY_FILE)) {
|
|
46
|
+
// Guard against a bloated or attacker-crafted history file causing OOM.
|
|
47
|
+
const stat = fs.statSync(HISTORY_FILE);
|
|
48
|
+
if (stat.size > MAX_HISTORY_FILE_BYTES) {
|
|
49
|
+
return [];
|
|
50
|
+
}
|
|
25
51
|
const content = fs.readFileSync(HISTORY_FILE, 'utf-8');
|
|
26
|
-
|
|
52
|
+
const raw = JSON.parse(content);
|
|
53
|
+
if (!Array.isArray(raw))
|
|
54
|
+
return [];
|
|
55
|
+
// Sanitize each entry: reject any entry whose package name or version
|
|
56
|
+
// fails validation so that a tampered history file cannot inject
|
|
57
|
+
// arbitrary arguments into a subsequent npm install via rollbackUpdate().
|
|
58
|
+
return raw.filter((e) => {
|
|
59
|
+
if (typeof e !== 'object' || e === null)
|
|
60
|
+
return false;
|
|
61
|
+
if (typeof e.package !== 'string' || !isValidPackageName(e.package))
|
|
62
|
+
return false;
|
|
63
|
+
if (typeof e.fromVersion !== 'string' || !semver.valid(e.fromVersion))
|
|
64
|
+
return false;
|
|
65
|
+
if (typeof e.toVersion !== 'string' || !semver.valid(e.toVersion))
|
|
66
|
+
return false;
|
|
67
|
+
return true;
|
|
68
|
+
});
|
|
27
69
|
}
|
|
28
70
|
}
|
|
29
71
|
catch {
|
|
@@ -68,6 +110,11 @@ export async function executeUpdate(update, installedPackages, dryRun = false) {
|
|
|
68
110
|
// Execute npm install — use execFile to avoid shell injection
|
|
69
111
|
const pkg = update.package;
|
|
70
112
|
const version = update.latestVersion;
|
|
113
|
+
// Validate both package name and version before constructing the npm arg
|
|
114
|
+
// to prevent argument injection via a crafted UpdateCheckResult.
|
|
115
|
+
if (!isValidPackageName(pkg)) {
|
|
116
|
+
throw new Error(`Invalid package name: ${pkg}`);
|
|
117
|
+
}
|
|
71
118
|
if (!semver.valid(version)) {
|
|
72
119
|
throw new Error(`Invalid version: ${version}`);
|
|
73
120
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../../../src/update/executor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../../../src/update/executor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AAEzB,OAAO,EAAE,cAAc,EAAoB,MAAM,gBAAgB,CAAC;AAElE,kFAAkF;AAClF,MAAM,MAAM,GAAG;IACb,KAAK,EAAE,CAAC,CAA4B,EAAiB,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI;CACnG,CAAC;AAEF;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,KAAK,CAAC;IACrF,mFAAmF;IACnF,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpE,CAAC;IACD,qDAAqD;IACrD,OAAO,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED,mEAAmE;AACnE,MAAM,sBAAsB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAEvD,SAAS,aAAa,CAAC,GAAW,EAAE,IAAc;IAChD,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CAC3C,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAC9D,CAAC;AACJ,CAAC;AAoBD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;AACjF,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,wEAAwE;YACxE,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YACvC,IAAI,IAAI,CAAC,IAAI,GAAG,sBAAsB,EAAE,CAAC;gBACvC,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;gBAAE,OAAO,EAAE,CAAC;YACnC,sEAAsE;YACtE,iEAAiE;YACjE,0EAA0E;YAC1E,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAA2B,EAAE;gBAC/C,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;oBAAE,OAAO,KAAK,CAAC;gBACtD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC;oBAAE,OAAO,KAAK,CAAC;gBAClF,IAAI,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACpF,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;oBAAE,OAAO,KAAK,CAAC;gBAChF,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,OAA6B;IAChD,SAAS,EAAE,CAAC;IACZ,2BAA2B;IAC3B,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,mBAAmB,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,YAAY,GAAG,MAAM,CAAC;IAClC,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxD,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,YAAY,CAAC,KAAyB;IAC7C,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAC9B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,WAAW,CAAC,OAAO,CAAC,CAAC;AACvB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAyB,EACzB,iBAAyC,EACzC,MAAM,GAAG,KAAK;IAEd,iBAAiB;IACjB,MAAM,UAAU,GAAG,cAAc,CAC/B,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,cAAc,EACrB,MAAM,CAAC,aAAa,EACpB,iBAAiB,CAClB,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACtB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,aAAa;YAC7B,KAAK,EAAE,sBAAsB,UAAU,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACtE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,aAAa;YAC7B,UAAU;SACX,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,8DAA8D;QAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC;QAC3B,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,CAAC;QACrC,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,GAAG,GAAG,IAAI,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;QAE7E,2BAA2B;QAC3B,YAAY,CAAC;YACX,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,WAAW,EAAE,MAAM,CAAC,cAAc;YAClC,SAAS,EAAE,MAAM,CAAC,aAAa;YAC/B,OAAO,EAAE,IAAI;YACb,iBAAiB,EAAE,IAAI;SACxB,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,aAAa;YAC7B,UAAU;SACX,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAAc,CAAC;QAE3B,uBAAuB;QACvB,YAAY,CAAC;YACX,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,WAAW,EAAE,MAAM,CAAC,cAAc;YAClC,SAAS,EAAE,MAAM,CAAC,aAAa;YAC/B,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,GAAG,CAAC,OAAO;YAClB,iBAAiB,EAAE,KAAK;SACzB,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,aAAa;YAC7B,KAAK,EAAE,GAAG,CAAC,OAAO;YAClB,UAAU;SACX,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAA4B,EAC5B,iBAAyC,EACzC,MAAM,GAAG,KAAK;IAEd,MAAM,OAAO,GAA4B,EAAE,CAAC;IAE5C,kDAAkD;IAClD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;QACtE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAErB,gDAAgD;QAChD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC;QAC3D,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;YACtD,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAoB;IAEpB,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAE9B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpE,CAAC;IAED,6EAA6E;IAC7E,MAAM,QAAQ,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,UAAU,GAAG,WAAW;QAC5B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,iBAAiB,CAAC;QACrF,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAE3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,WAAW;gBAClB,CAAC,CAAC,6BAA6B,WAAW,EAAE;gBAC5C,CAAC,CAAC,uBAAuB;SAC5B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,uEAAuE;QACvE,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC;QAC/B,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,GAAG,GAAG,IAAI,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;QAE7E,sBAAsB;QACtB,YAAY,CAAC;YACX,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,WAAW,EAAE,UAAU,CAAC,SAAS;YACjC,SAAS,EAAE,UAAU,CAAC,WAAW;YACjC,OAAO,EAAE,IAAI;YACb,iBAAiB,EAAE,KAAK,EAAE,4BAA4B;SACvD,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,eAAe,UAAU,CAAC,OAAO,SAAS,UAAU,CAAC,SAAS,OAAO,UAAU,CAAC,WAAW,EAAE;SACvG,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAAc,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,oBAAoB,GAAG,CAAC,OAAO,EAAE;SAC3C,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAK,GAAG,EAAE;IACzC,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAC9B,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/update/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,GACf,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEpE,OAAO,EACL,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAExD,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpE,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,WAAW,GACZ,MAAM,eAAe,CAAC;AAEvB,YAAY,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAI/E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/update/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,GACf,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEpE,OAAO,EACL,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAExD,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpE,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,WAAW,GACZ,MAAM,eAAe,CAAC;AAEvB,YAAY,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAI/E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAoBtD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAY/D;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,IAAI,CAAC;CAC7C,GAAG,OAAO,CAAC;IACV,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;IACtC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC,CAqDD"}
|
package/dist/src/update/index.js
CHANGED
|
@@ -16,7 +16,24 @@ export { executeUpdate, executeMultipleUpdates, rollbackUpdate, getUpdateHistory
|
|
|
16
16
|
import { checkForUpdates, DEFAULT_CONFIG, getInstalledVersion } from './checker.js';
|
|
17
17
|
import { executeMultipleUpdates } from './executor.js';
|
|
18
18
|
import { getCachedVersions } from './rate-limiter.js';
|
|
19
|
-
|
|
19
|
+
// Inline semver shim — avoids external dependency (semver is not listed in package.json)
|
|
20
|
+
const semver = {
|
|
21
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
22
|
+
gt: (a, b) => {
|
|
23
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
24
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
25
|
+
return aMaj !== bMaj ? aMaj > bMaj : aMin !== bMin ? aMin > bMin : aPat > bPat;
|
|
26
|
+
},
|
|
27
|
+
lte: (a, b) => {
|
|
28
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
29
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
30
|
+
if (aMaj !== bMaj)
|
|
31
|
+
return aMaj < bMaj;
|
|
32
|
+
if (aMin !== bMin)
|
|
33
|
+
return aMin < bMin;
|
|
34
|
+
return aPat <= bPat;
|
|
35
|
+
},
|
|
36
|
+
};
|
|
20
37
|
/**
|
|
21
38
|
* Synchronous — reads cached state from last check.
|
|
22
39
|
* Returns a short inline string for the CLI version tagline, e.g.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/update/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,GACf,MAAM,cAAc,CAAC;AAItB,OAAO,EACL,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,SAAS,GACV,MAAM,mBAAmB,CAAC;AAI3B,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAIpE,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,WAAW,GACZ,MAAM,eAAe,CAAC;AAIvB,+CAA+C;AAC/C,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAEpF,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/update/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,GACf,MAAM,cAAc,CAAC;AAItB,OAAO,EACL,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,SAAS,GACV,MAAM,mBAAmB,CAAC;AAI3B,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAIpE,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,WAAW,GACZ,MAAM,eAAe,CAAC;AAIvB,+CAA+C;AAC/C,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAEpF,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,yFAAyF;AACzF,MAAM,MAAM,GAAG;IACb,KAAK,EAAE,CAAC,CAA4B,EAAiB,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI;IAClG,EAAE,EAAE,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE;QACpC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,OAAO,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC;IACjF,CAAC;IACD,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE;QACrC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,GAAG,IAAI,CAAC;QACtC,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,GAAG,IAAI,CAAC;QACtC,OAAO,IAAI,IAAI,IAAI,CAAC;IACtB,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,cAAsB;IACrD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACnC,iFAAiF;QACjF,2EAA2E;QAC3E,MAAM,MAAM,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC;YAAE,OAAO,EAAE,CAAC;QACjF,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC;YAAE,OAAO,gBAAgB,CAAC;QAChE,OAAO,QAAQ,MAAM,YAAY,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,OAI3C;IAMC,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,KAAK;QACd,gBAAgB,EAAE,EAAyB;QAC3C,cAAc,EAAE,EAAc;QAC9B,aAAa,EAAE,SAA+B;KAC/C,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,CAAC;QAE3E,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC;YAC9B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,MAAM,CAAC,gBAAgB,GAAG,OAAO,CAAC;QAElC,yBAAyB;QACzB,IAAI,OAAO,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;YACjC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;YAEjE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,2CAA2C;gBAC3C,OAAO,CAAC,YAAY,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;gBAEnF,iCAAiC;gBACjC,MAAM,iBAAiB,GAA2B,EAAE,CAAC;gBACrD,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;oBACpC,MAAM,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;oBACpD,IAAI,OAAO,EAAE,CAAC;wBACZ,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;oBAC9C,CAAC;gBACH,CAAC;gBAED,kBAAkB;gBAClB,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAChD,cAAc,EACd,iBAAiB,CAClB,CAAC;gBAEF,MAAM,CAAC,cAAc,GAAG,aAAa;qBAClC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;qBACxB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;QACnD,OAAO,MAAM,CAAC;IAChB,CAAC;AACH,CAAC"}
|
|
@@ -20,6 +20,12 @@ export declare function shouldCheckForUpdates(intervalHours?: number): {
|
|
|
20
20
|
* only after a successful reserveCheck, so that limit enforcement and
|
|
21
21
|
* increment happen in the same synchronous turn (no await gap between
|
|
22
22
|
* them), preventing two concurrent callers both seeing "allowed".
|
|
23
|
+
*
|
|
24
|
+
* IMPORTANT: performs a single loadState() → check → increment → saveState()
|
|
25
|
+
* cycle to eliminate the TOCTOU window that existed when this function
|
|
26
|
+
* delegated to shouldCheckForUpdates() (which called loadState() itself)
|
|
27
|
+
* and then called loadState() a second time to increment. Two callers
|
|
28
|
+
* sharing that gap could both see allowed=true and both increment.
|
|
23
29
|
*/
|
|
24
30
|
export declare function reserveCheck(intervalHours?: number): {
|
|
25
31
|
allowed: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../../src/update/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzC;
|
|
1
|
+
{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../../src/update/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzC;AA4BD,wBAAgB,SAAS,IAAI,cAAc,CA4C1C;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,cAAc,GAAG,IAAI,CAKrD;AAED,wBAAgB,qBAAqB,CACnC,aAAa,GAAE,MAA+B,GAC7C;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAuCvC;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAC1B,aAAa,GAAE,MAA+B,GAC7C;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAqCvC;AAED,wBAAgB,WAAW,CAAC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAazE;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAE1D;AAED,wBAAgB,UAAU,IAAI,IAAI,CAIjC"}
|
|
@@ -8,6 +8,12 @@ import * as os from 'os';
|
|
|
8
8
|
const STATE_FILE = path.join(os.homedir(), '.monomind', 'update-state.json');
|
|
9
9
|
const DEFAULT_INTERVAL_HOURS = 24;
|
|
10
10
|
const MAX_CHECKS_PER_DAY = 10;
|
|
11
|
+
// Hard cap on how many package version entries we persist. Prevents an
|
|
12
|
+
// attacker who can write to the state file from inflating it unboundedly,
|
|
13
|
+
// and protects recordCheck() from DoS via a huge incoming packageVersions map.
|
|
14
|
+
const MAX_PACKAGE_VERSIONS = 100;
|
|
15
|
+
// Hard cap on the state file size we are willing to read into memory.
|
|
16
|
+
const MAX_STATE_FILE_BYTES = 1 * 1024 * 1024; // 1 MB
|
|
11
17
|
function ensureDir() {
|
|
12
18
|
const dir = path.dirname(STATE_FILE);
|
|
13
19
|
if (!fs.existsSync(dir)) {
|
|
@@ -25,8 +31,36 @@ function getDefaultState() {
|
|
|
25
31
|
export function loadState() {
|
|
26
32
|
try {
|
|
27
33
|
if (fs.existsSync(STATE_FILE)) {
|
|
34
|
+
// Guard against oversized state files (DoS / OOM) before reading
|
|
35
|
+
const stat = fs.statSync(STATE_FILE);
|
|
36
|
+
if (stat.size > MAX_STATE_FILE_BYTES) {
|
|
37
|
+
// State file is unreasonably large — discard and start fresh
|
|
38
|
+
try {
|
|
39
|
+
fs.unlinkSync(STATE_FILE);
|
|
40
|
+
}
|
|
41
|
+
catch { /* ignore */ }
|
|
42
|
+
return getDefaultState();
|
|
43
|
+
}
|
|
28
44
|
const content = fs.readFileSync(STATE_FILE, 'utf-8');
|
|
29
|
-
|
|
45
|
+
// Block prototype pollution via JSON.parse reviver
|
|
46
|
+
const state = JSON.parse(content, (key, value) => {
|
|
47
|
+
if (key === '__proto__' || key === 'constructor' || key === 'prototype')
|
|
48
|
+
return undefined;
|
|
49
|
+
return value;
|
|
50
|
+
});
|
|
51
|
+
// Validate that packageVersions is a plain object (not an array/primitive)
|
|
52
|
+
if (!state.packageVersions || typeof state.packageVersions !== 'object' || Array.isArray(state.packageVersions)) {
|
|
53
|
+
state.packageVersions = {};
|
|
54
|
+
}
|
|
55
|
+
// Cap the number of package version entries to prevent bloat
|
|
56
|
+
const versionKeys = Object.keys(state.packageVersions);
|
|
57
|
+
if (versionKeys.length > MAX_PACKAGE_VERSIONS) {
|
|
58
|
+
const capped = {};
|
|
59
|
+
for (const k of versionKeys.slice(0, MAX_PACKAGE_VERSIONS)) {
|
|
60
|
+
capped[k] = state.packageVersions[k];
|
|
61
|
+
}
|
|
62
|
+
state.packageVersions = capped;
|
|
63
|
+
}
|
|
30
64
|
// Reset counter if new day
|
|
31
65
|
const today = new Date().toISOString().split('T')[0];
|
|
32
66
|
if (state.date !== today) {
|
|
@@ -86,14 +120,41 @@ export function shouldCheckForUpdates(intervalHours = DEFAULT_INTERVAL_HOURS) {
|
|
|
86
120
|
* only after a successful reserveCheck, so that limit enforcement and
|
|
87
121
|
* increment happen in the same synchronous turn (no await gap between
|
|
88
122
|
* them), preventing two concurrent callers both seeing "allowed".
|
|
123
|
+
*
|
|
124
|
+
* IMPORTANT: performs a single loadState() → check → increment → saveState()
|
|
125
|
+
* cycle to eliminate the TOCTOU window that existed when this function
|
|
126
|
+
* delegated to shouldCheckForUpdates() (which called loadState() itself)
|
|
127
|
+
* and then called loadState() a second time to increment. Two callers
|
|
128
|
+
* sharing that gap could both see allowed=true and both increment.
|
|
89
129
|
*/
|
|
90
130
|
export function reserveCheck(intervalHours = DEFAULT_INTERVAL_HOURS) {
|
|
91
|
-
|
|
92
|
-
if (
|
|
93
|
-
return
|
|
94
|
-
|
|
95
|
-
|
|
131
|
+
// Fast-path: environment gates that don't need file I/O
|
|
132
|
+
if (process.env.CI === 'true' || process.env.CONTINUOUS_INTEGRATION === 'true') {
|
|
133
|
+
return { allowed: false, reason: 'CI environment detected' };
|
|
134
|
+
}
|
|
135
|
+
if (process.env.MONOMIND_AUTO_UPDATE === 'false') {
|
|
136
|
+
return { allowed: false, reason: 'Auto-update disabled via environment' };
|
|
137
|
+
}
|
|
138
|
+
// Single load — check and increment in one synchronous cycle
|
|
96
139
|
const state = loadState();
|
|
140
|
+
if (process.env.MONOMIND_FORCE_UPDATE !== 'true') {
|
|
141
|
+
// Daily limit
|
|
142
|
+
if (state.checksToday >= MAX_CHECKS_PER_DAY) {
|
|
143
|
+
return { allowed: false, reason: `Daily check limit (${MAX_CHECKS_PER_DAY}) reached` };
|
|
144
|
+
}
|
|
145
|
+
// Time interval
|
|
146
|
+
if (state.lastCheck) {
|
|
147
|
+
const hoursSinceLastCheck = (Date.now() - new Date(state.lastCheck).getTime()) / (1000 * 60 * 60);
|
|
148
|
+
if (hoursSinceLastCheck < intervalHours) {
|
|
149
|
+
const nextCheck = Math.ceil(intervalHours - hoursSinceLastCheck);
|
|
150
|
+
return {
|
|
151
|
+
allowed: false,
|
|
152
|
+
reason: `Last check was ${Math.floor(hoursSinceLastCheck)}h ago (next check in ~${nextCheck}h)`,
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
// Reserve the slot: increment and persist before any async work begins
|
|
97
158
|
state.checksToday += 1;
|
|
98
159
|
state.lastCheck = new Date().toISOString();
|
|
99
160
|
saveState(state);
|
|
@@ -102,7 +163,18 @@ export function reserveCheck(intervalHours = DEFAULT_INTERVAL_HOURS) {
|
|
|
102
163
|
export function recordCheck(packageVersions) {
|
|
103
164
|
// Update only package versions; count/timestamp already incremented by reserveCheck
|
|
104
165
|
const state = loadState();
|
|
105
|
-
|
|
166
|
+
// Merge only string-valued keys to block prototype pollution and type confusion.
|
|
167
|
+
// Also enforce the total cap so a large incoming map cannot bloat the state file.
|
|
168
|
+
const FORBIDDEN = new Set(['__proto__', 'constructor', 'prototype']);
|
|
169
|
+
for (const [k, v] of Object.entries(packageVersions)) {
|
|
170
|
+
if (FORBIDDEN.has(k))
|
|
171
|
+
continue;
|
|
172
|
+
if (typeof k !== 'string' || typeof v !== 'string')
|
|
173
|
+
continue;
|
|
174
|
+
if (Object.keys(state.packageVersions).length >= MAX_PACKAGE_VERSIONS)
|
|
175
|
+
break;
|
|
176
|
+
state.packageVersions[k] = v;
|
|
177
|
+
}
|
|
106
178
|
saveState(state);
|
|
107
179
|
}
|
|
108
180
|
export function getCachedVersions() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../../src/update/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AASzB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,mBAAmB,CAAC,CAAC;AAC7E,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAClC,MAAM,kBAAkB,GAAG,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../../src/update/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AASzB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,mBAAmB,CAAC,CAAC;AAC7E,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAClC,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAC9B,uEAAuE;AACvE,0EAA0E;AAC1E,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,sEAAsE;AACtE,MAAM,oBAAoB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAErD,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,SAAS,eAAe;IACtB,OAAO;QACL,SAAS,EAAE,EAAE;QACb,WAAW,EAAE,CAAC;QACd,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5C,eAAe,EAAE,EAAE;KACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,iEAAiE;YACjE,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACrC,IAAI,IAAI,CAAC,IAAI,GAAG,oBAAoB,EAAE,CAAC;gBACrC,6DAA6D;gBAC7D,IAAI,CAAC;oBAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBACzD,OAAO,eAAe,EAAE,CAAC;YAC3B,CAAC;YACD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACrD,mDAAmD;YACnD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAC/C,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,WAAW;oBAAE,OAAO,SAAS,CAAC;gBAC1F,OAAO,KAAK,CAAC;YACf,CAAC,CAAmB,CAAC;YAErB,2EAA2E;YAC3E,IAAI,CAAC,KAAK,CAAC,eAAe,IAAI,OAAO,KAAK,CAAC,eAAe,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;gBAChH,KAAK,CAAC,eAAe,GAAG,EAAE,CAAC;YAC7B,CAAC;YACD,6DAA6D;YAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACvD,IAAI,WAAW,CAAC,MAAM,GAAG,oBAAoB,EAAE,CAAC;gBAC9C,MAAM,MAAM,GAA2B,EAAE,CAAC;gBAC1C,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,EAAE,CAAC;oBAC3D,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBACvC,CAAC;gBACD,KAAK,CAAC,eAAe,GAAG,MAAM,CAAC;YACjC,CAAC;YAED,2BAA2B;YAC3B,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;gBACzB,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC;gBACnB,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC;YACxB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IACD,OAAO,eAAe,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAqB;IAC7C,SAAS,EAAE,CAAC;IACZ,MAAM,GAAG,GAAG,UAAU,GAAG,MAAM,CAAC;IAChC,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACtD,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,gBAAwB,sBAAsB;IAE9C,0BAA0B;IAC1B,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM,EAAE,CAAC;QAC/E,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC/D,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,OAAO,EAAE,CAAC;QACjD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;IAC5E,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;QACjD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAE1B,oBAAoB;IACpB,IAAI,KAAK,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC;QAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,kBAAkB,WAAW,EAAE,CAAC;IACzF,CAAC;IAED,sBAAsB;IACtB,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,mBAAmB,GAAG,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QAErE,IAAI,mBAAmB,GAAG,aAAa,EAAE,CAAC;YACxC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,GAAG,mBAAmB,CAAC,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,kBAAkB,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,yBAAyB,SAAS,IAAI;aAChG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,YAAY,CAC1B,gBAAwB,sBAAsB;IAE9C,wDAAwD;IACxD,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM,EAAE,CAAC;QAC/E,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,OAAO,EAAE,CAAC;QACjD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;IAC5E,CAAC;IAED,6DAA6D;IAC7D,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;QACjD,cAAc;QACd,IAAI,KAAK,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,kBAAkB,WAAW,EAAE,CAAC;QACzF,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,mBAAmB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YAClG,IAAI,mBAAmB,GAAG,aAAa,EAAE,CAAC;gBACxC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,GAAG,mBAAmB,CAAC,CAAC;gBACjE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,kBAAkB,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,yBAAyB,SAAS,IAAI;iBAChG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,WAAW,IAAI,CAAC,CAAC;IACvB,KAAK,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,SAAS,CAAC,KAAK,CAAC,CAAC;IAEjB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,eAAuC;IACjE,oFAAoF;IACpF,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,iFAAiF;IACjF,kFAAkF;IAClF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IACrE,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QACrD,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAS;QAC/B,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,SAAS;QAC7D,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,MAAM,IAAI,oBAAoB;YAAE,MAAM;QAC7E,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IACD,SAAS,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,SAAS,EAAE,CAAC,eAAe,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../../src/update/validator.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../../src/update/validator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAkBH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,mBAAmB,EAAE,MAAM,EAAE,CAAC;CAC/B;AA0DD,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACxC,gBAAgB,CA0FlB;AAED,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC,EAC7D,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACtC,gBAAgB,CA+ClB"}
|
|
@@ -2,9 +2,42 @@
|
|
|
2
2
|
* Package validator for update compatibility
|
|
3
3
|
* Ensures updates don't break the ecosystem
|
|
4
4
|
*/
|
|
5
|
-
|
|
5
|
+
// Inline semver shim — avoids external dependency (semver is not listed in package.json)
|
|
6
|
+
const semver = {
|
|
7
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
8
|
+
major: (v) => parseInt((v || '0').split('.')[0], 10),
|
|
9
|
+
gt: (a, b) => {
|
|
10
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
11
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
12
|
+
return aMaj !== bMaj ? aMaj > bMaj : aMin !== bMin ? aMin > bMin : aPat > bPat;
|
|
13
|
+
},
|
|
14
|
+
lt: (a, b) => {
|
|
15
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
16
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
17
|
+
return aMaj !== bMaj ? aMaj < bMaj : aMin !== bMin ? aMin < bMin : aPat < bPat;
|
|
18
|
+
},
|
|
19
|
+
};
|
|
20
|
+
// Maximum number of updates accepted in a single validateBulkUpdate call.
|
|
21
|
+
// Without this cap a caller can DoS the validator by passing thousands of
|
|
22
|
+
// update entries — each entry triggers validateUpdate which iterates over
|
|
23
|
+
// COMPATIBILITY_MATRIX and BREAKING_CHANGES.
|
|
24
|
+
const MAX_BULK_UPDATES = 50;
|
|
25
|
+
// Version strings must look like semver (major.minor.patch with optional pre-release)
|
|
26
|
+
// before we use them in string interpolation or comparisons.
|
|
27
|
+
const SEMVER_RE = /^\d+\.\d+\.\d+(-[\w.]+)?(\+[\w.]+)?$/;
|
|
28
|
+
// Package names: scoped (@scope/name) or plain, no shell-special chars.
|
|
29
|
+
const PKG_NAME_RE = /^(@[a-zA-Z0-9][a-zA-Z0-9_.-]*\/)?[a-zA-Z0-9][a-zA-Z0-9_.-]*$/;
|
|
30
|
+
function isSafeVersion(v) {
|
|
31
|
+
return typeof v === 'string' && v.length <= 64 && SEMVER_RE.test(v);
|
|
32
|
+
}
|
|
33
|
+
function isSafePackageName(p) {
|
|
34
|
+
return typeof p === 'string' && p.length <= 200 && PKG_NAME_RE.test(p);
|
|
35
|
+
}
|
|
6
36
|
// Known compatibility matrix between monomind packages
|
|
7
37
|
const COMPATIBILITY_MATRIX = {
|
|
38
|
+
'@monomind/cli': {
|
|
39
|
+
'@monomind/security': { minVersion: '3.0.0-alpha.1' },
|
|
40
|
+
},
|
|
8
41
|
'@monoes/monomindcli': {
|
|
9
42
|
'monofence-ai': { minVersion: '1.0.0' },
|
|
10
43
|
},
|
|
@@ -35,6 +68,18 @@ export function validateUpdate(packageName, fromVersion, toVersion, installedPac
|
|
|
35
68
|
warnings: [],
|
|
36
69
|
requiredPeerUpdates: [],
|
|
37
70
|
};
|
|
71
|
+
// Guard inputs: reject untrusted or malformed strings before they flow into
|
|
72
|
+
// error messages or semver comparisons (which assume well-formed input).
|
|
73
|
+
if (!isSafePackageName(packageName)) {
|
|
74
|
+
result.valid = false;
|
|
75
|
+
result.incompatibilities.push('Invalid package name');
|
|
76
|
+
return result;
|
|
77
|
+
}
|
|
78
|
+
if (!isSafeVersion(fromVersion) || !isSafeVersion(toVersion)) {
|
|
79
|
+
result.valid = false;
|
|
80
|
+
result.incompatibilities.push('Invalid version string(s)');
|
|
81
|
+
return result;
|
|
82
|
+
}
|
|
38
83
|
// Check if this is a major version bump
|
|
39
84
|
if (semver.valid(fromVersion) && semver.valid(toVersion)) {
|
|
40
85
|
const fromMajor = semver.major(fromVersion);
|
|
@@ -93,6 +138,12 @@ export function validateBulkUpdate(updates, currentPackages) {
|
|
|
93
138
|
warnings: [],
|
|
94
139
|
requiredPeerUpdates: [],
|
|
95
140
|
};
|
|
141
|
+
// Cap the number of updates to prevent DoS via large arrays
|
|
142
|
+
if (!Array.isArray(updates) || updates.length > MAX_BULK_UPDATES) {
|
|
143
|
+
combinedResult.valid = false;
|
|
144
|
+
combinedResult.incompatibilities.push(`Too many updates: max ${MAX_BULK_UPDATES} allowed per call`);
|
|
145
|
+
return combinedResult;
|
|
146
|
+
}
|
|
96
147
|
// Create a simulated state after all updates
|
|
97
148
|
const simulatedPackages = { ...currentPackages };
|
|
98
149
|
for (const update of updates) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../../src/update/validator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../../src/update/validator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,yFAAyF;AACzF,MAAM,MAAM,GAAG;IACb,KAAK,EAAE,CAAC,CAA4B,EAAiB,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI;IAClG,KAAK,EAAE,CAAC,CAAS,EAAU,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACpE,EAAE,EAAE,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE;QACpC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,OAAO,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC;IACjF,CAAC;IACD,EAAE,EAAE,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE;QACpC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,OAAO,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC;IACjF,CAAC;CACF,CAAC;AAeF,0EAA0E;AAC1E,0EAA0E;AAC1E,0EAA0E;AAC1E,6CAA6C;AAC7C,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAE5B,sFAAsF;AACtF,6DAA6D;AAC7D,MAAM,SAAS,GAAG,sCAAsC,CAAC;AACzD,wEAAwE;AACxE,MAAM,WAAW,GAAG,8DAA8D,CAAC;AAEnF,SAAS,aAAa,CAAC,CAAU;IAC/B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAU;IACnC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzE,CAAC;AAED,uDAAuD;AACvD,MAAM,oBAAoB,GAAyD;IACjF,eAAe,EAAE;QACf,oBAAoB,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE;KACtD;IACD,qBAAqB,EAAE;QACrB,cAAc,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE;KACxC;IACD,UAAU,EAAE;QACV,qBAAqB,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE;KAChD;CACF,CAAC;AAEF,oCAAoC;AACpC,MAAM,gBAAgB,GAA6C;IACjE,UAAU,EAAE;QACV,OAAO,EAAE;YACP,sDAAsD;YACtD,mDAAmD;YACnD,4CAA4C;SAC7C;KACF;IACD,qBAAqB,EAAE;QACrB,OAAO,EAAE;YACP,4CAA4C;YAC5C,gCAAgC;SACjC;KACF;CACF,CAAC;AAEF,MAAM,UAAU,cAAc,CAC5B,WAAmB,EACnB,WAAmB,EACnB,SAAiB,EACjB,iBAAyC;IAEzC,MAAM,MAAM,GAAqB;QAC/B,KAAK,EAAE,IAAI;QACX,iBAAiB,EAAE,EAAE;QACrB,QAAQ,EAAE,EAAE;QACZ,mBAAmB,EAAE,EAAE;KACxB,CAAC;IAEF,4EAA4E;IAC5E,yEAAyE;IACzE,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,EAAE,CAAC;QACpC,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACtD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7D,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC3D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QACzD,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAExC,IAAI,OAAO,GAAG,SAAS,EAAE,CAAC;YACxB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,yBAAyB,SAAS,MAAM,OAAO,gCAAgC,CAChF,CAAC;YAEF,mCAAmC;YACnC,MAAM,OAAO,GAAG,gBAAgB,CAAC,WAAW,CAAC,EAAE,CAAC,GAAG,OAAO,MAAM,CAAC,CAAC;YAClE,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,8BAA8B,OAAO,GAAG,CAAC,CAAC;gBAC/D,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,MAAM,EAAE,CAAC,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,MAAM,aAAa,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACxD,IAAI,aAAa,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC9D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAEpD,IAAI,gBAAgB,EAAE,CAAC;gBACrB,wBAAwB;gBACxB,IACE,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC;oBAC9B,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,EAC9C,CAAC;oBACD,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAC3B,GAAG,WAAW,IAAI,SAAS,aAAa,OAAO,OAAO,MAAM,CAAC,UAAU,gBAAgB,gBAAgB,GAAG,CAC3G,CAAC;oBACF,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,GAAG,OAAO,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;oBACrE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;gBACvB,CAAC;gBAED,wBAAwB;gBACxB,IACE,MAAM,CAAC,UAAU;oBACjB,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC;oBAC9B,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,EAC9C,CAAC;oBACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAClB,GAAG,WAAW,IAAI,SAAS,+BAA+B,OAAO,IAAI,gBAAgB,UAAU,MAAM,CAAC,UAAU,GAAG,CACpH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACnE,IAAI,OAAO,KAAK,WAAW;YAAE,SAAS;QAEtC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;QAClC,IAAI,OAAO,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1C,kEAAkE;YAClE,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxE,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAC3B,GAAG,OAAO,IAAI,iBAAiB,CAAC,OAAO,CAAC,aAAa,WAAW,OAAO,OAAO,CAAC,UAAU,EAAE,CAC5F,CAAC;gBACF,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,OAA6D,EAC7D,eAAuC;IAEvC,MAAM,cAAc,GAAqB;QACvC,KAAK,EAAE,IAAI;QACX,iBAAiB,EAAE,EAAE;QACrB,QAAQ,EAAE,EAAE;QACZ,mBAAmB,EAAE,EAAE;KACxB,CAAC;IAEF,4DAA4D;IAC5D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QACjE,cAAc,CAAC,KAAK,GAAG,KAAK,CAAC;QAC7B,cAAc,CAAC,iBAAiB,CAAC,IAAI,CACnC,yBAAyB,gBAAgB,mBAAmB,CAC7D,CAAC;QACF,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,6CAA6C;IAC7C,MAAM,iBAAiB,GAAG,EAAE,GAAG,eAAe,EAAE,CAAC;IACjD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,EAAE,CAAC;IAChD,CAAC;IAED,+CAA+C;IAC/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,cAAc,CAC3B,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,EAAE,EACT,iBAAiB,CAClB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,cAAc,CAAC,KAAK,GAAG,KAAK,CAAC;QAC/B,CAAC;QAED,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACnE,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;QACjD,cAAc,CAAC,mBAAmB,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACzE,CAAC;IAED,cAAc;IACd,cAAc,CAAC,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAClF,cAAc,CAAC,QAAQ,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IAChE,cAAc,CAAC,mBAAmB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAEtF,OAAO,cAAc,CAAC;AACxB,CAAC"}
|