@qiaolei81/copilot-session-viewer 0.1.9 → 0.2.0

package/src/controllers/uploadController.js

@@ -11,14 +11,17 @@ class UploadController {
   constructor() {
     this.SESSION_DIR = process.env.SESSION_DIR || path.join(os.homedir(), '.copilot', 'session-state');
     this.uploadDir = path.join(os.tmpdir(), 'copilot-session-uploads');
-    this.initializeUploadDir();
-    this.upload = this.createMulterInstance();
-  }
 
-  initializeUploadDir() {
-    if (!fs.existsSync(this.uploadDir)) {
-      fs.mkdirSync(this.uploadDir, { recursive: true });
-    }
+    // Multi-format session directories
+    this.SESSION_DIRS = {
+      copilot: this.SESSION_DIR,
+      claude: path.join(os.homedir(), '.claude', 'projects'),
+      'pi-mono': path.join(os.homedir(), '.pi', 'agent', 'sessions')
+    };
+
+    // Don't create uploadDir here - multer's DiskStorage will handle it
+    // This avoids EEXIST errors when multiple tests run in parallel
+    this.upload = this.createMulterInstance();
   }
 
   createMulterInstance() {
@@ -99,6 +102,80 @@ class UploadController {
 
       await fs.promises.mkdir(extractDir, { recursive: true });
 
+      // ZIP bomb protection: Check compressed file size first
+      const MAX_COMPRESSED_SIZE = 50 * 1024 * 1024; // 50MB (already enforced by multer)
+      const MAX_UNCOMPRESSED_SIZE = 200 * 1024 * 1024; // 200MB
+      const MAX_FILE_COUNT = 1000; // Maximum number of files
+      const MAX_DEPTH = 5; // Maximum directory nesting depth
+
+      const stats = await fs.promises.stat(zipPath);
+      if (stats.size > MAX_COMPRESSED_SIZE) {
+        await fs.promises.unlink(zipPath);
+        return res.status(400).json({ error: 'Compressed file too large (max 50MB)' });
+      }
+
+      // First pass: List zip contents without extracting to check for bombs
+      const listProcess = spawn('unzip', ['-l', zipPath]);
+      let listOutput = '';
+      
+      listProcess.stdout.on('data', (data) => {
+        listOutput += data.toString();
+      });
+
+      await new Promise((resolve, reject) => {
+        listProcess.on('close', (code) => {
+          if (code !== 0) {
+            reject(new Error('Failed to list zip contents'));
+          } else {
+            resolve();
+          }
+        });
+        listProcess.on('error', reject);
+      });
+
+      // Parse unzip output to check total size and file count
+      const lines = listOutput.split('\n');
+      let totalUncompressedSize = 0;
+      let fileCount = 0;
+      let maxDepth = 0;
+
+      for (const line of lines) {
+        const match = line.trim().match(/^\s*(\d+)\s+\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}\s+(.+)$/);
+        if (match) {
+          const size = parseInt(match[1]);
+          const filename = match[2];
+          totalUncompressedSize += size;
+          fileCount++;
+
+          // Check directory depth
+          const depth = (filename.match(/\//g) || []).length;
+          maxDepth = Math.max(maxDepth, depth);
+        }
+      }
+
+      // Validate against ZIP bomb thresholds
+      if (totalUncompressedSize > MAX_UNCOMPRESSED_SIZE) {
+        await fs.promises.unlink(zipPath);
+        return res.status(400).json({ 
+          error: `Uncompressed size too large (${Math.round(totalUncompressedSize / 1024 / 1024)}MB > ${MAX_UNCOMPRESSED_SIZE / 1024 / 1024}MB)` 
+        });
+      }
+
+      if (fileCount > MAX_FILE_COUNT) {
+        await fs.promises.unlink(zipPath);
+        return res.status(400).json({ 
+          error: `Too many files in archive (${fileCount} > ${MAX_FILE_COUNT})` 
+        });
+      }
+
+      if (maxDepth > MAX_DEPTH) {
+        await fs.promises.unlink(zipPath);
+        return res.status(400).json({ 
+          error: `Directory nesting too deep (${maxDepth} > ${MAX_DEPTH})` 
+        });
+      }
+
+      // If all checks pass, proceed with extraction
       const unzipProcess = spawn('unzip', ['-q', zipPath, '-d', extractDir]);
 
       processManager.register(unzipProcess, { name: 'unzip-import' });
@@ -172,6 +249,369 @@ class UploadController {
   getUploadMiddleware() {
     return this.upload.single('zipFile');
   }
+
+  /**
+   * Detect the format of a session from extracted directory
+   * @param {string} extractDir - Directory containing extracted session files
+   * @returns {Promise<Object|null>} Format information or null if unknown
+   */
+  async _detectFormat(extractDir) {
+    try {
+      const entries = await fs.promises.readdir(extractDir);
+
+      if (entries.length === 0) {
+        return null;
+      }
+
+      // Check for Pi-Mono format: timestamped filename pattern YYYY-MM-DDTHH-MM-SS-SSSZ_sessionId.jsonl
+      const piMonoPattern = /^\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-\d{3}Z_([a-zA-Z0-9_-]+)\.jsonl$/;
+      for (const entry of entries) {
+        const match = entry.match(piMonoPattern);
+        if (match) {
+          return {
+            format: 'pi-mono',
+            sessionId: match[1],
+            fileName: entry,
+            extractDir
+          };
+        }
+      }
+
+      // Check for Copilot format: directory with events.jsonl
+      for (const entry of entries) {
+        const entryPath = path.join(extractDir, entry);
+        const stat = await fs.promises.stat(entryPath);
+        if (stat.isDirectory()) {
+          const eventsFile = path.join(entryPath, 'events.jsonl');
+          if (fs.existsSync(eventsFile)) {
+            return {
+              format: 'copilot',
+              sessionId: entry,
+              directoryName: entry,
+              extractDir
+            };
+          }
+        }
+      }
+
+      // Check for Claude format: uuid.jsonl file
+      const claudePattern = /^([a-zA-Z0-9_-]+)\.jsonl$/;
+      for (const entry of entries) {
+        const entryPath = path.join(extractDir, entry);
+        const stat = await fs.promises.stat(entryPath);
+
+        if (stat.isFile()) {
+          const match = entry.match(claudePattern);
+          if (match) {
+            const sessionId = match[1];
+            // Check if there's an optional directory with the same name
+            const sessionDir = path.join(extractDir, sessionId);
+            const hasDirectory = fs.existsSync(sessionDir);
+
+            return {
+              format: 'claude',
+              sessionId,
+              fileName: entry,
+              hasDirectory,
+              directoryName: hasDirectory ? sessionId : undefined,
+              extractDir
+            };
+          }
+        }
+      }
+
+      return null;
+    } catch (err) {
+      console.error('Error detecting format:', err);
+      return null;
+    }
+  }
+
+  /**
+   * Import Copilot format session
+   * @param {Object} formatInfo - Format detection result
+   * @param {string} extractDir - Extraction directory
+   * @returns {Promise<Object>} Import result
+   */
+  async _importCopilotSession(formatInfo, extractDir) {
+    try {
+      const { sessionId, directoryName } = formatInfo;
+
+      // Validate session ID
+      if (!isValidSessionId(sessionId)) {
+        return {
+          success: false,
+          error: 'Invalid session ID',
+          statusCode: 400
+        };
+      }
+
+      const sessionPath = path.join(extractDir, directoryName);
+      const targetPath = path.join(this.SESSION_DIRS.copilot, sessionId);
+
+      // Check for events.jsonl
+      const eventsFile = path.join(sessionPath, 'events.jsonl');
+      if (!fs.existsSync(eventsFile)) {
+        return {
+          success: false,
+          error: 'Invalid session structure (no events.jsonl)',
+          statusCode: 400
+        };
+      }
+
+      // Check if session already exists
+      if (fs.existsSync(targetPath)) {
+        return {
+          success: false,
+          error: 'Session already exists',
+          statusCode: 409
+        };
+      }
+
+      // Move session directory
+      await fs.promises.rename(sessionPath, targetPath);
+
+      // Mark as imported
+      await fs.promises.writeFile(path.join(targetPath, '.imported'), '');
+
+      return {
+        success: true,
+        sessionId,
+        format: 'copilot'
+      };
+    } catch (err) {
+      console.error('Error importing Copilot session:', err);
+      return {
+        success: false,
+        error: `Error importing Copilot session: ${err.message}`,
+        statusCode: 500
+      };
+    }
+  }
+
+  /**
+   * Import Claude format session
+   * @param {Object} formatInfo - Format detection result
+   * @param {string} extractDir - Extraction directory
+   * @param {Object} req - Express request object
+   * @returns {Promise<Object>} Import result
+   */
+  async _importClaudeSession(formatInfo, extractDir, req) {
+    try {
+      const { sessionId, fileName, hasDirectory, directoryName } = formatInfo;
+
+      // Validate session ID
+      if (!isValidSessionId(sessionId)) {
+        return {
+          success: false,
+          error: 'Invalid session ID',
+          statusCode: 400
+        };
+      }
+
+      // Get project from query or use default
+      const project = req.query.project || 'imported-sessions';
+
+      // Create project directory
+      const projectPath = path.join(this.SESSION_DIRS.claude, project);
+      await fs.promises.mkdir(projectPath, { recursive: true });
+
+      // Move the .jsonl file
+      const sourceFile = path.join(extractDir, fileName);
+      const targetFile = path.join(projectPath, fileName);
+      await fs.promises.rename(sourceFile, targetFile);
+
+      // If there's a directory, move it too
+      if (hasDirectory && directoryName) {
+        const sourceDir = path.join(extractDir, directoryName);
+        const targetDir = path.join(projectPath, directoryName);
+        await fs.promises.rename(sourceDir, targetDir);
+      }
+
+      return {
+        success: true,
+        sessionId,
+        format: 'claude',
+        project
+      };
+    } catch (err) {
+      console.error('Error importing Claude session:', err);
+      return {
+        success: false,
+        error: `Error importing Claude session: ${err.message}`,
+        statusCode: 500
+      };
+    }
+  }
+
+  /**
+   * Import Pi-Mono format session
+   * @param {Object} formatInfo - Format detection result
+   * @param {string} extractDir - Extraction directory
+   * @param {Object} req - Express request object
+   * @returns {Promise<Object>} Import result
+   */
+  async _importPiMonoSession(formatInfo, extractDir, req) {
+    try {
+      const { sessionId, fileName } = formatInfo;
+
+      // Validate session ID
+      if (!isValidSessionId(sessionId)) {
+        return {
+          success: false,
+          error: 'Invalid session ID',
+          statusCode: 400
+        };
+      }
+
+      // Get project from query or use default
+      const project = req.query.project || 'imported-sessions';
+
+      // Create project directory
+      const projectPath = path.join(this.SESSION_DIRS['pi-mono'], project);
+      await fs.promises.mkdir(projectPath, { recursive: true });
+
+      // Move the .jsonl file
+      const sourceFile = path.join(extractDir, fileName);
+      const targetFile = path.join(projectPath, fileName);
+      await fs.promises.rename(sourceFile, targetFile);
+
+      return {
+        success: true,
+        sessionId,
+        format: 'pi-mono',
+        project
+      };
+    } catch (err) {
+      console.error('Error importing Pi-Mono session:', err);
+      return {
+        success: false,
+        error: `Error importing Pi-Mono session: ${err.message}`,
+        statusCode: 500
+      };
+    }
+  }
+
+  /**
+   * Import session by detected format
+   * @param {Object} formatInfo - Format detection result
+   * @param {string} extractDir - Extraction directory
+   * @param {Object} req - Express request object
+   * @returns {Promise<Object>} Import result
+   */
+  async _importByFormat(formatInfo, extractDir, req) {
+    // Validate session ID
+    if (!isValidSessionId(formatInfo.sessionId)) {
+      return {
+        success: false,
+        error: 'Invalid session ID',
+        statusCode: 400
+      };
+    }
+
+    switch (formatInfo.format) {
+      case 'copilot':
+        return await this._importCopilotSession(formatInfo, extractDir);
+      case 'claude':
+        return await this._importClaudeSession(formatInfo, extractDir, req);
+      case 'pi-mono':
+        return await this._importPiMonoSession(formatInfo, extractDir, req);
+      default:
+        return {
+          success: false,
+          error: `Unsupported format: ${formatInfo.format}`,
+          statusCode: 400
+        };
+    }
+  }
+
+  /**
+   * Find session location across all session directories
+   * @param {string} sessionId - Session identifier
+   * @param {string} preferredSource - Preferred source to search first
+   * @returns {Promise<Object|null>} Session location info or null
+   */
+  async _findSessionLocation(sessionId, preferredSource = null) {
+    try {
+      // Define search order based on preference
+      const sources = preferredSource
+        ? [preferredSource, ...Object.keys(this.SESSION_DIRS).filter(s => s !== preferredSource)]
+        : Object.keys(this.SESSION_DIRS);
+
+      for (const source of sources) {
+        const baseDir = this.SESSION_DIRS[source];
+
+        if (source === 'copilot') {
+          // For Copilot, sessions are directly in SESSION_DIR
+          const sessionPath = path.join(baseDir, sessionId);
+          if (fs.existsSync(sessionPath)) {
+            const eventsFile = path.join(sessionPath, 'events.jsonl');
+            if (fs.existsSync(eventsFile)) {
+              return {
+                source: 'copilot',
+                sessionId,
+                sessionPath,
+                baseDir
+              };
+            }
+          }
+        } else if (source === 'claude') {
+          // For Claude, search in all project directories
+          if (fs.existsSync(baseDir)) {
+            const projects = await fs.promises.readdir(baseDir);
+            for (const project of projects) {
+              const projectPath = path.join(baseDir, project);
+              const stat = await fs.promises.stat(projectPath);
+              if (stat.isDirectory()) {
+                const sessionFile = path.join(projectPath, `${sessionId}.jsonl`);
+                if (fs.existsSync(sessionFile)) {
+                  return {
+                    source: 'claude',
+                    sessionId,
+                    sessionFile,
+                    projectPath,
+                    project,
+                    baseDir
+                  };
+                }
+              }
+            }
+          }
+        } else if (source === 'pi-mono') {
+          // For Pi-Mono, search in all project directories for timestamped files
+          if (fs.existsSync(baseDir)) {
+            const projects = await fs.promises.readdir(baseDir);
+            for (const project of projects) {
+              const projectPath = path.join(baseDir, project);
+              const stat = await fs.promises.stat(projectPath);
+              if (stat.isDirectory()) {
+                const files = await fs.promises.readdir(projectPath);
+                const piMonoPattern = new RegExp(`^\\d{4}-\\d{2}-\\d{2}T\\d{2}-\\d{2}-\\d{2}-\\d{3}Z_${sessionId}\\.jsonl$`);
+                for (const file of files) {
+                  if (piMonoPattern.test(file)) {
+                    return {
+                      source: 'pi-mono',
+                      sessionId,
+                      fileName: file,
+                      sessionFile: path.join(projectPath, file),
+                      projectPath,
+                      project,
+                      baseDir
+                    };
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+
+      return null;
+    } catch (err) {
+      console.error('Error finding session location:', err);
+      return null;
+    }
+  }
 }
 
 module.exports = UploadController;

package/src/middleware/rateLimiting.js

@@ -1,13 +1,19 @@
 const rateLimit = require('express-rate-limit');
 
+// Disable rate limiting in E2E tests (when NODE_ENV is test or when running via Playwright)
+const isTestEnvironment = process.env.NODE_ENV === 'test' || process.env.PLAYWRIGHT === '1';
+
 // Global rate limiting for all routes
 const globalLimiter = rateLimit({
   windowMs: 15 * 60 * 1000, // 15 minutes
-  max: 100, // 100 requests per window
+  max: isTestEnvironment ? 10000 : 100, // Much higher limit for tests
   message: { error: 'Too many requests. Please try again later.' },
   standardHeaders: true,
   legacyHeaders: false,
   skip: (req) => {
+    // Skip rate limiting entirely in test environment
+    if (isTestEnvironment) return true;
+
     // Skip static files
     if (req.path.startsWith('/public')) return true;
 

package/src/models/Session.js

@@ -1,3 +1,5 @@
+const path = require('path');
+
 /**
  * Session domain model
  */
@@ -5,6 +7,8 @@ class Session {
   constructor(id, type, options = {}) {
     this.id = id;
     this.type = type; // 'directory' or 'file'
+    this.source = options.source || 'copilot'; // 'copilot' or 'claude'
+    this.directory = options.directory || null; // Full path to session directory
     this.workspace = options.workspace || {};
     this.createdAt = options.createdAt;
     this.updatedAt = options.updatedAt;
@@ -36,6 +40,7 @@ class Session {
    */
   static fromDirectory(dirPath, id, stats, workspace, eventCount, duration, isImported, hasInsight, copilotVersion, selectedModel, sessionStatus) {
     return new Session(id, 'directory', {
+      directory: dirPath, // Add directory path
       workspace: workspace,
       createdAt: workspace?.created_at || stats.birthtime,
       updatedAt: workspace?.updated_at || stats.mtime,
@@ -66,6 +71,7 @@ class Session {
    */
   static fromFile(filePath, id, stats, eventCount, summary, duration, copilotVersion, selectedModel, sessionStatus) {
     return new Session(id, 'file', {
+      directory: path.dirname(filePath), // Directory containing the file
       createdAt: stats.birthtime,
       updatedAt: stats.mtime,
       summary: summary || 'Legacy session',
@@ -85,9 +91,16 @@ class Session {
    * @returns {object}
    */
   toJSON() {
+    // Generate display-ready source metadata (Violation #3 & #5 fix)
+    const sourceMetadata = this._getSourceDisplayMetadata(this.source);
+    
     return {
       id: this.id,
       type: this.type,
+      source: this.source,
+      sourceName: sourceMetadata.name,
+      sourceBadgeClass: sourceMetadata.badgeClass,
+      directory: this.directory, // Include directory path
       workspace: this.workspace,
       createdAt: this.createdAt,
       updatedAt: this.updatedAt,
@@ -102,6 +115,19 @@ class Session {
       sessionStatus: this.sessionStatus
     };
   }
+
+  /**
+   * Get display metadata for source
+   * @private
+   */
+  _getSourceDisplayMetadata(source) {
+    const metadata = {
+      'copilot': { name: 'Copilot', badgeClass: 'source-copilot' },
+      'claude': { name: 'Claude', badgeClass: 'source-claude' },
+      'pi-mono': { name: 'Pi', badgeClass: 'source-pi-mono' }
+    };
+    return metadata[source] || { name: source, badgeClass: 'source-unknown' };
+  }
 }
 
 module.exports = Session;

package/src/schemas/event.schema.js

@@ -0,0 +1,73 @@
+const { z } = require('zod');
+
+/**
+ * Unified Event Schema for Copilot Session Viewer
+ * 
+ * This schema defines the standardized event format that the API returns to the frontend.
+ * Both Copilot and Claude events are normalized to match this schema.
+ */
+
+// Tool call schema (unified format for both Copilot and Claude)
+const ToolSchema = z.object({
+  type: z.literal('tool_use'),
+  id: z.string(),
+  name: z.string(),
+  input: z.record(z.any()),
+  result: z.any().optional(), // Tool execution result (when matched)
+  status: z.enum(['success', 'error', 'running']).optional(),
+  error: z.string().optional(),
+  _matched: z.boolean().optional() // Internal flag: whether result was matched
+});
+
+// Subagent metadata (for events belonging to a subagent)
+const SubagentMetadataSchema = z.object({
+  id: z.string(),
+  name: z.string()
+}).optional();
+
+// Event data schema (standardized data field)
+const EventDataSchema = z.object({
+  // Message content (text)
+  message: z.string().optional(),
+  text: z.string().optional(), // Alternative field name (legacy)
+  
+  // Tool calls (unified format)
+  tools: z.array(ToolSchema).optional(),
+  
+  // Original fields preserved for reference
+  // (Copilot-specific fields)
+  messageId: z.string().optional(),
+  content: z.string().optional(), // Original Copilot content field
+  toolRequests: z.array(z.any()).optional(), // Original Copilot toolRequests
+  
+  // (Claude-specific fields)
+  // ... other fields as needed
+}).passthrough(); // Allow additional fields
+
+// Base event schema
+const EventSchema = z.object({
+  // Core fields
+  type: z.string(),
+  id: z.string().optional(),
+  timestamp: z.string(),
+  parentId: z.string().nullable().optional(),
+  
+  // Standardized data
+  data: EventDataSchema.optional(),
+  
+  // Metadata
+  _subagent: SubagentMetadataSchema,
+  _fileIndex: z.number().optional(),
+  
+  // Virtual fields (computed by frontend)
+  stableId: z.string().optional(),
+  virtualIndex: z.number().optional()
+}).passthrough(); // Allow additional fields for flexibility
+
+// Export schemas
+module.exports = {
+  EventSchema,
+  EventDataSchema,
+  ToolSchema,
+  SubagentMetadataSchema
+};