@scotthamilton77/sidekick 0.1.10 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/bin.js +11 -15
  2. package/dist/daemon.js +10 -14
  3. package/package.json +1 -1
package/dist/bin.js CHANGED
@@ -58164,24 +58164,20 @@ var require_staging_paths = __commonJS({
58164
58164
  function getReminderPath(stateDir, sessionId, hookName, reminderName) {
58165
58165
  return (0, node_path_1.join)(getHookDir(stateDir, sessionId, hookName), `${reminderName}.json`);
58166
58166
  }
58167
- function isValidPathSegment(segment) {
58168
- if (!segment)
58167
+ function isValidPathSegment(s) {
58168
+ if (s === "")
58169
58169
  return false;
58170
- if (segment.includes("..") || segment.includes("/") || segment.includes("\\"))
58170
+ if (s === "." || s === "..")
58171
58171
  return false;
58172
- if (segment.startsWith("."))
58172
+ if (s.includes("/") || s.includes("\\"))
58173
58173
  return false;
58174
- return true;
58174
+ if ((0, node_path_1.basename)(s) !== s)
58175
+ return false;
58176
+ return /^[a-zA-Z0-9._-]+$/.test(s);
58175
58177
  }
58176
58178
  function validatePathSegment(segment, name) {
58177
- if (!segment) {
58178
- throw new Error(`${name} cannot be empty`);
58179
- }
58180
- if (segment.includes("..") || segment.includes("/") || segment.includes("\\")) {
58181
- throw new Error(`Invalid ${name}: path traversal characters not allowed`);
58182
- }
58183
- if (segment.startsWith(".")) {
58184
- throw new Error(`Invalid ${name}: cannot start with '.'`);
58179
+ if (!isValidPathSegment(segment)) {
58180
+ throw new Error(`Invalid ${name}: must be a non-empty alphanumeric string without path separators`);
58185
58181
  }
58186
58182
  }
58187
58183
  exports2.CONSUMED_FILE_PATTERN = /\.\d+\.json$/;
@@ -58287,7 +58283,7 @@ var require_staging_service = __commonJS({
58287
58283
  persistent: data.persistent,
58288
58284
  ...enrichment
58289
58285
  }, { stagingPath: reminderPath });
58290
- (0, structured_logging_1.logEvent)(this.options.logger, event);
58286
+ (0, structured_logging_1.logEvent)(this.options.logger.child({ context: { sessionId } }), event);
58291
58287
  }
58292
58288
  /**
58293
58289
  * Read a staged reminder.
@@ -83739,7 +83735,7 @@ var require_cli = __commonJS({
83739
83735
  var promises_12 = require("node:fs/promises");
83740
83736
  var node_stream_1 = require("node:stream");
83741
83737
  var yargs_parser_1 = __importDefault2(require_build());
83742
- var VERSION = true ? "0.1.10" : "dev";
83738
+ var VERSION = true ? "0.1.11" : "dev";
83743
83739
  var SANDBOX_ERROR_MESSAGE = `Error: Daemon commands cannot run in sandbox mode.
83744
83740
 
83745
83741
  Claude Code's sandbox blocks Unix socket operations required for daemon IPC.
package/dist/daemon.js CHANGED
@@ -57188,24 +57188,20 @@ var require_staging_paths = __commonJS({
57188
57188
  function getReminderPath(stateDir, sessionId, hookName, reminderName) {
57189
57189
  return (0, node_path_1.join)(getHookDir(stateDir, sessionId, hookName), `${reminderName}.json`);
57190
57190
  }
57191
- function isValidPathSegment(segment) {
57192
- if (!segment)
57191
+ function isValidPathSegment(s) {
57192
+ if (s === "")
57193
57193
  return false;
57194
- if (segment.includes("..") || segment.includes("/") || segment.includes("\\"))
57194
+ if (s === "." || s === "..")
57195
57195
  return false;
57196
- if (segment.startsWith("."))
57196
+ if (s.includes("/") || s.includes("\\"))
57197
57197
  return false;
57198
- return true;
57198
+ if ((0, node_path_1.basename)(s) !== s)
57199
+ return false;
57200
+ return /^[a-zA-Z0-9._-]+$/.test(s);
57199
57201
  }
57200
57202
  function validatePathSegment(segment, name) {
57201
- if (!segment) {
57202
- throw new Error(`${name} cannot be empty`);
57203
- }
57204
- if (segment.includes("..") || segment.includes("/") || segment.includes("\\")) {
57205
- throw new Error(`Invalid ${name}: path traversal characters not allowed`);
57206
- }
57207
- if (segment.startsWith(".")) {
57208
- throw new Error(`Invalid ${name}: cannot start with '.'`);
57203
+ if (!isValidPathSegment(segment)) {
57204
+ throw new Error(`Invalid ${name}: must be a non-empty alphanumeric string without path separators`);
57209
57205
  }
57210
57206
  }
57211
57207
  exports2.CONSUMED_FILE_PATTERN = /\.\d+\.json$/;
@@ -57311,7 +57307,7 @@ var require_staging_service = __commonJS({
57311
57307
  persistent: data.persistent,
57312
57308
  ...enrichment
57313
57309
  }, { stagingPath: reminderPath });
57314
- (0, structured_logging_1.logEvent)(this.options.logger, event);
57310
+ (0, structured_logging_1.logEvent)(this.options.logger.child({ context: { sessionId } }), event);
57315
57311
  }
57316
57312
  /**
57317
57313
  * Read a staged reminder.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@scotthamilton77/sidekick",
3
- "version": "0.1.10",
3
+ "version": "0.1.11",
4
4
  "description": "AI pair programming assistant with personas, session tracking, and contextual nudges",
5
5
  "bin": {
6
6
  "sidekick": "dist/bin.js"