@remnic/core 9.3.619 → 9.3.621
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access-cli.js +6 -6
- package/dist/access-http.js +5 -5
- package/dist/access-mcp.js +4 -4
- package/dist/access-schema.d.ts +34 -34
- package/dist/access-service.js +3 -3
- package/dist/active-recall.js +1 -1
- package/dist/{chunk-KGLPJROV.js → chunk-4EWRLK3C.js} +9 -9
- package/dist/{chunk-T7N6KQGS.js → chunk-5GOMXHLC.js} +6 -1
- package/dist/chunk-5GOMXHLC.js.map +1 -0
- package/dist/{chunk-UEY3VB6W.js → chunk-6HMYUWXR.js} +13 -3
- package/dist/chunk-6HMYUWXR.js.map +1 -0
- package/dist/{chunk-JQDZQ4TB.js → chunk-BMFZLLNI.js} +2 -2
- package/dist/{chunk-ZK32E74R.js → chunk-F4QTFIB4.js} +3 -3
- package/dist/{chunk-X4QQB7O6.js → chunk-FH3PPO42.js} +3 -3
- package/dist/{chunk-TNOWU6RP.js → chunk-HA5SI4GK.js} +3 -3
- package/dist/{chunk-EXUAP5LH.js → chunk-O3U5BPUP.js} +3 -3
- package/dist/{chunk-NM5NQYJE.js → chunk-THTIZJZA.js} +3 -3
- package/dist/{chunk-5OHHEORR.js → chunk-TIPYPLLQ.js} +2 -2
- package/dist/{chunk-VMGLYN42.js → chunk-XQNPGNKK.js} +11 -6
- package/dist/chunk-XQNPGNKK.js.map +1 -0
- package/dist/{chunk-OBIRVF36.js → chunk-YEEAADCI.js} +2 -2
- package/dist/cli.js +11 -11
- package/dist/config.js +1 -1
- package/dist/index.js +12 -12
- package/dist/namespaces/migrate.js +2 -2
- package/dist/namespaces/storage.js +1 -1
- package/dist/objective-state-writers.js +2 -2
- package/dist/objective-state.js +1 -1
- package/dist/operator-toolkit.js +4 -4
- package/dist/orchestrator.js +3 -3
- package/dist/resume-bundles.js +3 -3
- package/dist/schemas.d.ts +64 -64
- package/dist/shared-context/manager.d.ts +2 -2
- package/dist/transfer/types.d.ts +12 -12
- package/package.json +1 -1
- package/src/config.ts +5 -0
- package/src/namespaces/storage.ts +30 -5
- package/src/objective-state.ts +17 -2
- package/dist/chunk-T7N6KQGS.js.map +0 -1
- package/dist/chunk-UEY3VB6W.js.map +0 -1
- package/dist/chunk-VMGLYN42.js.map +0 -1
- /package/dist/{chunk-KGLPJROV.js.map → chunk-4EWRLK3C.js.map} +0 -0
- /package/dist/{chunk-JQDZQ4TB.js.map → chunk-BMFZLLNI.js.map} +0 -0
- /package/dist/{chunk-ZK32E74R.js.map → chunk-F4QTFIB4.js.map} +0 -0
- /package/dist/{chunk-X4QQB7O6.js.map → chunk-FH3PPO42.js.map} +0 -0
- /package/dist/{chunk-TNOWU6RP.js.map → chunk-HA5SI4GK.js.map} +0 -0
- /package/dist/{chunk-EXUAP5LH.js.map → chunk-O3U5BPUP.js.map} +0 -0
- /package/dist/{chunk-NM5NQYJE.js.map → chunk-THTIZJZA.js.map} +0 -0
- /package/dist/{chunk-5OHHEORR.js.map → chunk-TIPYPLLQ.js.map} +0 -0
- /package/dist/{chunk-OBIRVF36.js.map → chunk-YEEAADCI.js.map} +0 -0
package/dist/transfer/types.d.ts
CHANGED
|
@@ -313,13 +313,13 @@ declare const CapsuleBlockSchema: z.ZodObject<{
|
|
|
313
313
|
peerProfiles: boolean;
|
|
314
314
|
}>;
|
|
315
315
|
}, "strip", z.ZodTypeAny, {
|
|
316
|
+
schemaVersion: string;
|
|
316
317
|
includes: {
|
|
317
318
|
procedural: boolean;
|
|
318
319
|
taxonomy: boolean;
|
|
319
320
|
identityAnchors: boolean;
|
|
320
321
|
peerProfiles: boolean;
|
|
321
322
|
};
|
|
322
|
-
schemaVersion: string;
|
|
323
323
|
id: string;
|
|
324
324
|
description: string;
|
|
325
325
|
version: string;
|
|
@@ -334,13 +334,13 @@ declare const CapsuleBlockSchema: z.ZodObject<{
|
|
|
334
334
|
directAnswerEnabled: boolean;
|
|
335
335
|
};
|
|
336
336
|
}, {
|
|
337
|
+
schemaVersion: string;
|
|
337
338
|
includes: {
|
|
338
339
|
procedural: boolean;
|
|
339
340
|
taxonomy: boolean;
|
|
340
341
|
identityAnchors: boolean;
|
|
341
342
|
peerProfiles: boolean;
|
|
342
343
|
};
|
|
343
|
-
schemaVersion: string;
|
|
344
344
|
id: string;
|
|
345
345
|
description: string;
|
|
346
346
|
version: string;
|
|
@@ -464,13 +464,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
|
|
|
464
464
|
peerProfiles: boolean;
|
|
465
465
|
}>;
|
|
466
466
|
}, "strip", z.ZodTypeAny, {
|
|
467
|
+
schemaVersion: string;
|
|
467
468
|
includes: {
|
|
468
469
|
procedural: boolean;
|
|
469
470
|
taxonomy: boolean;
|
|
470
471
|
identityAnchors: boolean;
|
|
471
472
|
peerProfiles: boolean;
|
|
472
473
|
};
|
|
473
|
-
schemaVersion: string;
|
|
474
474
|
id: string;
|
|
475
475
|
description: string;
|
|
476
476
|
version: string;
|
|
@@ -485,13 +485,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
|
|
|
485
485
|
directAnswerEnabled: boolean;
|
|
486
486
|
};
|
|
487
487
|
}, {
|
|
488
|
+
schemaVersion: string;
|
|
488
489
|
includes: {
|
|
489
490
|
procedural: boolean;
|
|
490
491
|
taxonomy: boolean;
|
|
491
492
|
identityAnchors: boolean;
|
|
492
493
|
peerProfiles: boolean;
|
|
493
494
|
};
|
|
494
|
-
schemaVersion: string;
|
|
495
495
|
id: string;
|
|
496
496
|
description: string;
|
|
497
497
|
version: string;
|
|
@@ -518,13 +518,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
|
|
|
518
518
|
pluginVersion: string;
|
|
519
519
|
includesTranscripts: boolean;
|
|
520
520
|
capsule: {
|
|
521
|
+
schemaVersion: string;
|
|
521
522
|
includes: {
|
|
522
523
|
procedural: boolean;
|
|
523
524
|
taxonomy: boolean;
|
|
524
525
|
identityAnchors: boolean;
|
|
525
526
|
peerProfiles: boolean;
|
|
526
527
|
};
|
|
527
|
-
schemaVersion: string;
|
|
528
528
|
id: string;
|
|
529
529
|
description: string;
|
|
530
530
|
version: string;
|
|
@@ -551,13 +551,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
|
|
|
551
551
|
pluginVersion: string;
|
|
552
552
|
includesTranscripts: boolean;
|
|
553
553
|
capsule: {
|
|
554
|
+
schemaVersion: string;
|
|
554
555
|
includes: {
|
|
555
556
|
procedural: boolean;
|
|
556
557
|
taxonomy: boolean;
|
|
557
558
|
identityAnchors: boolean;
|
|
558
559
|
peerProfiles: boolean;
|
|
559
560
|
};
|
|
560
|
-
schemaVersion: string;
|
|
561
561
|
id: string;
|
|
562
562
|
description: string;
|
|
563
563
|
version: string;
|
|
@@ -683,13 +683,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
|
|
|
683
683
|
peerProfiles: boolean;
|
|
684
684
|
}>;
|
|
685
685
|
}, "strip", z.ZodTypeAny, {
|
|
686
|
+
schemaVersion: string;
|
|
686
687
|
includes: {
|
|
687
688
|
procedural: boolean;
|
|
688
689
|
taxonomy: boolean;
|
|
689
690
|
identityAnchors: boolean;
|
|
690
691
|
peerProfiles: boolean;
|
|
691
692
|
};
|
|
692
|
-
schemaVersion: string;
|
|
693
693
|
id: string;
|
|
694
694
|
description: string;
|
|
695
695
|
version: string;
|
|
@@ -704,13 +704,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
|
|
|
704
704
|
directAnswerEnabled: boolean;
|
|
705
705
|
};
|
|
706
706
|
}, {
|
|
707
|
+
schemaVersion: string;
|
|
707
708
|
includes: {
|
|
708
709
|
procedural: boolean;
|
|
709
710
|
taxonomy: boolean;
|
|
710
711
|
identityAnchors: boolean;
|
|
711
712
|
peerProfiles: boolean;
|
|
712
713
|
};
|
|
713
|
-
schemaVersion: string;
|
|
714
714
|
id: string;
|
|
715
715
|
description: string;
|
|
716
716
|
version: string;
|
|
@@ -737,13 +737,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
|
|
|
737
737
|
pluginVersion: string;
|
|
738
738
|
includesTranscripts: boolean;
|
|
739
739
|
capsule: {
|
|
740
|
+
schemaVersion: string;
|
|
740
741
|
includes: {
|
|
741
742
|
procedural: boolean;
|
|
742
743
|
taxonomy: boolean;
|
|
743
744
|
identityAnchors: boolean;
|
|
744
745
|
peerProfiles: boolean;
|
|
745
746
|
};
|
|
746
|
-
schemaVersion: string;
|
|
747
747
|
id: string;
|
|
748
748
|
description: string;
|
|
749
749
|
version: string;
|
|
@@ -770,13 +770,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
|
|
|
770
770
|
pluginVersion: string;
|
|
771
771
|
includesTranscripts: boolean;
|
|
772
772
|
capsule: {
|
|
773
|
+
schemaVersion: string;
|
|
773
774
|
includes: {
|
|
774
775
|
procedural: boolean;
|
|
775
776
|
taxonomy: boolean;
|
|
776
777
|
identityAnchors: boolean;
|
|
777
778
|
peerProfiles: boolean;
|
|
778
779
|
};
|
|
779
|
-
schemaVersion: string;
|
|
780
780
|
id: string;
|
|
781
781
|
description: string;
|
|
782
782
|
version: string;
|
|
@@ -815,13 +815,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
|
|
|
815
815
|
pluginVersion: string;
|
|
816
816
|
includesTranscripts: boolean;
|
|
817
817
|
capsule: {
|
|
818
|
+
schemaVersion: string;
|
|
818
819
|
includes: {
|
|
819
820
|
procedural: boolean;
|
|
820
821
|
taxonomy: boolean;
|
|
821
822
|
identityAnchors: boolean;
|
|
822
823
|
peerProfiles: boolean;
|
|
823
824
|
};
|
|
824
|
-
schemaVersion: string;
|
|
825
825
|
id: string;
|
|
826
826
|
description: string;
|
|
827
827
|
version: string;
|
|
@@ -854,13 +854,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
|
|
|
854
854
|
pluginVersion: string;
|
|
855
855
|
includesTranscripts: boolean;
|
|
856
856
|
capsule: {
|
|
857
|
+
schemaVersion: string;
|
|
857
858
|
includes: {
|
|
858
859
|
procedural: boolean;
|
|
859
860
|
taxonomy: boolean;
|
|
860
861
|
identityAnchors: boolean;
|
|
861
862
|
peerProfiles: boolean;
|
|
862
863
|
};
|
|
863
|
-
schemaVersion: string;
|
|
864
864
|
id: string;
|
|
865
865
|
description: string;
|
|
866
866
|
version: string;
|
package/package.json
CHANGED
package/src/config.ts
CHANGED
|
@@ -2537,6 +2537,11 @@ export function parseConfig(raw: unknown): PluginConfig {
|
|
|
2537
2537
|
|
|
2538
2538
|
// v3.0 namespaces (default off)
|
|
2539
2539
|
namespacesEnabled: cfg.namespacesEnabled === true,
|
|
2540
|
+
// NOTE: namespace identifiers are intentionally NOT sanitized here — the
|
|
2541
|
+
// codebase rejects unsafe namespaces at the point of use (see
|
|
2542
|
+
// codex-materialize-runner and NamespaceStorageRouter / resolveNamespaceDir),
|
|
2543
|
+
// so a "../x" value is surfaced as an explicit error rather than silently
|
|
2544
|
+
// rewritten. Containment is enforced at the filesystem sinks.
|
|
2540
2545
|
defaultNamespace:
|
|
2541
2546
|
typeof cfg.defaultNamespace === "string" && cfg.defaultNamespace.length > 0 ? cfg.defaultNamespace : "default",
|
|
2542
2547
|
sharedNamespace:
|
|
@@ -32,6 +32,28 @@ async function hasStoredEntries(p: string): Promise<boolean> {
|
|
|
32
32
|
}
|
|
33
33
|
}
|
|
34
34
|
|
|
35
|
+
// Build a per-namespace directory under `<memoryDir>/namespaces` and assert the
|
|
36
|
+
// resolved path stays inside that base. Namespace identifiers can originate from
|
|
37
|
+
// operator config (config.defaultNamespace) and request-derived routing, so this
|
|
38
|
+
// containment check prevents directory traversal (CodeQL js/path-injection).
|
|
39
|
+
// For safe segments this returns exactly `path.join(base, segment)`, so there is
|
|
40
|
+
// no behavioral change for valid namespaces.
|
|
41
|
+
function resolveNamespaceDir(memoryDir: string, segment: string): string {
|
|
42
|
+
// Mirror isSafeRouteNamespace's separator/parent-ref rejection (without its
|
|
43
|
+
// 64-char cap, so identity tokens still pass). Rejecting separators and ".."
|
|
44
|
+
// up front keeps the value a single contained child of <memoryDir>/namespaces.
|
|
45
|
+
if (
|
|
46
|
+
segment.length === 0 ||
|
|
47
|
+
segment.includes("/") ||
|
|
48
|
+
segment.includes("\\") ||
|
|
49
|
+
segment.includes("..") ||
|
|
50
|
+
path.isAbsolute(segment)
|
|
51
|
+
) {
|
|
52
|
+
throw new Error(`unsafe namespace path segment: ${segment}`);
|
|
53
|
+
}
|
|
54
|
+
return path.join(memoryDir, "namespaces", segment);
|
|
55
|
+
}
|
|
56
|
+
|
|
35
57
|
const LEGACY_NAMESPACE_CONTENT_CHILDREN = [
|
|
36
58
|
...ALL_CATEGORY_DIRS,
|
|
37
59
|
"entities",
|
|
@@ -94,10 +116,9 @@ export class NamespaceStorageRouter {
|
|
|
94
116
|
return this.defaultNsRootResolved;
|
|
95
117
|
}
|
|
96
118
|
|
|
97
|
-
const legacyNsDir =
|
|
98
|
-
const tokenizedNsDir =
|
|
119
|
+
const legacyNsDir = resolveNamespaceDir(this.config.memoryDir, this.config.defaultNamespace);
|
|
120
|
+
const tokenizedNsDir = resolveNamespaceDir(
|
|
99
121
|
this.config.memoryDir,
|
|
100
|
-
"namespaces",
|
|
101
122
|
namespaceIdentityToken(this.config.defaultNamespace),
|
|
102
123
|
);
|
|
103
124
|
const tokenizedHasData =
|
|
@@ -118,8 +139,8 @@ export class NamespaceStorageRouter {
|
|
|
118
139
|
if (namespace === this.config.defaultNamespace) {
|
|
119
140
|
return this.defaultNsRootResolved ?? this.config.memoryDir;
|
|
120
141
|
}
|
|
121
|
-
const legacyRoot =
|
|
122
|
-
const tokenizedRoot =
|
|
142
|
+
const legacyRoot = resolveNamespaceDir(this.config.memoryDir, namespace);
|
|
143
|
+
const tokenizedRoot = resolveNamespaceDir(this.config.memoryDir, namespaceIdentityToken(namespace));
|
|
123
144
|
if ((await exists(tokenizedRoot)) && (await hasAnyNamespaceStorageMarker(tokenizedRoot, { includeRuntimeState: true }))) {
|
|
124
145
|
return tokenizedRoot;
|
|
125
146
|
}
|
|
@@ -131,6 +152,10 @@ export class NamespaceStorageRouter {
|
|
|
131
152
|
if (ns !== this.config.defaultNamespace && !isSafeRouteNamespace(ns)) {
|
|
132
153
|
throw new Error(`unsafe namespace: ${ns}`);
|
|
133
154
|
}
|
|
155
|
+
// Even when the default namespace is exempt from the check above, every
|
|
156
|
+
// on-disk path is built through resolveNamespaceDir(), which rejects
|
|
157
|
+
// traversal segments — so an unsafe configured default still cannot escape
|
|
158
|
+
// <memoryDir>/namespaces (CodeQL js/path-injection).
|
|
134
159
|
|
|
135
160
|
let root: string;
|
|
136
161
|
if (ns === this.config.defaultNamespace) {
|
package/src/objective-state.ts
CHANGED
|
@@ -86,6 +86,20 @@ function validateMetadata(raw: unknown): Record<string, string> | undefined {
|
|
|
86
86
|
return validateStringRecord(raw, "metadata");
|
|
87
87
|
}
|
|
88
88
|
|
|
89
|
+
// Assert that a built path stays inside the expected base directory before it is
|
|
90
|
+
// used in a filesystem write. snapshotId/recordedAt are already validated by
|
|
91
|
+
// validateObjectiveStateSnapshot, so for valid data this is a defense-in-depth
|
|
92
|
+
// barrier (and makes the containment provable to CodeQL js/path-injection).
|
|
93
|
+
function assertWithinDir(baseDir: string, candidate: string): string {
|
|
94
|
+
const resolvedBase = path.resolve(baseDir);
|
|
95
|
+
const resolved = path.resolve(candidate);
|
|
96
|
+
const rel = path.relative(resolvedBase, resolved);
|
|
97
|
+
if (rel === ".." || rel.startsWith(`..${path.sep}`) || path.isAbsolute(rel)) {
|
|
98
|
+
throw new Error("objective-state path escapes the snapshots directory");
|
|
99
|
+
}
|
|
100
|
+
return resolved;
|
|
101
|
+
}
|
|
102
|
+
|
|
89
103
|
export function resolveObjectiveStateStoreDir(memoryDir: string, overrideDir?: string): string {
|
|
90
104
|
if (typeof overrideDir === "string" && overrideDir.trim().length > 0) {
|
|
91
105
|
return overrideDir.trim();
|
|
@@ -163,8 +177,9 @@ export async function recordObjectiveStateSnapshot(options: {
|
|
|
163
177
|
const rootDir = resolveObjectiveStateStoreDir(options.memoryDir, options.objectiveStateStoreDir);
|
|
164
178
|
const validated = validateObjectiveStateSnapshot(options.snapshot);
|
|
165
179
|
const day = recordStoreDay(validated.recordedAt);
|
|
166
|
-
const
|
|
167
|
-
const
|
|
180
|
+
const snapshotsRoot = path.join(rootDir, "snapshots");
|
|
181
|
+
const snapshotsDir = assertWithinDir(snapshotsRoot, path.join(snapshotsRoot, day));
|
|
182
|
+
const filePath = assertWithinDir(snapshotsDir, path.join(snapshotsDir, `${validated.snapshotId}.json`));
|
|
168
183
|
await mkdir(snapshotsDir, { recursive: true });
|
|
169
184
|
await writeFile(filePath, JSON.stringify(validated, null, 2), "utf8");
|
|
170
185
|
return filePath;
|