npm - @shipit-ai/cli - Versions diffs - 1.166.0 → 1.166.2 - Mend

@shipit-ai/cli 1.166.0 → 1.166.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (284) hide show

package/dist/src/presentation/web/app/api/interactive/chat/[featureId]/stream/route.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../../../../src/presentation/web/app/api/interactive/chat/[featureId]/stream/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;~~AAI~~/C,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAEvC,UAAU,WAAW;IACnB,MAAM,EAAE,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxC;AAED,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,~~CA4E1F~~"}
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../../../../src/presentation/web/app/api/interactive/chat/[featureId]/stream/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAEvC,UAAU,WAAW;IACnB,MAAM,EAAE,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxC;AAED,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAuE1F"}

package/dist/src/presentation/web/app/api/interactive/chat/[featureId]/stream/route.js CHANGED Viewed

@@ -10,6 +10,7 @@
  * `featureId` is a polymorphic scope key: a feature UUID, "repo-<id>", or "global".
  */
 import { resolve } from '../../../../../../lib/server-container.js';
+import { apiError } from '../../../../../../lib/api-helpers.js';
 export const dynamic = 'force-dynamic';
 export async function GET(request, { params }) {
     const { featureId } = await params;
@@ -77,11 +78,6 @@ export async function GET(request, { params }) {
         });
     }
     catch (error) {
-        // eslint-disable-next-line no-console
-        console.error('[GET /api/interactive/chat/:featureId/stream]', error);
-        return new Response(JSON.stringify({ error: String(error) }), {
-            status: 500,
-            headers: { 'Content-Type': 'application/json' },
-        });
+        return apiError(500, 'Failed to open chat stream', error);
     }
 }

package/dist/src/presentation/web/app/api/interactive/sessions/[id]/stream/route.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../../../../src/presentation/web/app/api/interactive/sessions/[id]/stream/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;~~AAI~~/C,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAEvC,UAAU,WAAW;IACnB,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACjC;AAED,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,~~CAoF1F~~"}
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../../../../src/presentation/web/app/api/interactive/sessions/[id]/stream/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK/C,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAEvC,UAAU,WAAW;IACnB,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACjC;AAED,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CA+E1F"}

package/dist/src/presentation/web/app/api/interactive/sessions/[id]/stream/route.js CHANGED Viewed

@@ -8,6 +8,7 @@
  * - Cleans up listener when the client disconnects
  */
 import { resolve } from '../../../../../../lib/server-container.js';
+import { apiError } from '../../../../../../lib/api-helpers.js';
 export const dynamic = 'force-dynamic';
 export async function GET(request, { params }) {
     const { id: sessionId } = await params;
@@ -82,11 +83,6 @@ export async function GET(request, { params }) {
         });
     }
     catch (error) {
-        // eslint-disable-next-line no-console
-        console.error('[GET /api/interactive/sessions/:id/stream]', error);
-        return new Response(JSON.stringify({ error: String(error) }), {
-            status: 500,
-            headers: { 'Content-Type': 'application/json' },
-        });
+        return apiError(500, 'Failed to open interactive session stream', error);
     }
 }

package/dist/src/presentation/web/lib/path-sanitizers.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Resolve a path through `realpath` and return the resolved absolute path,
+ * or `null` if the path is missing, unreadable, or cannot be canonicalized
+ * for any other reason. Never throws.
+ *
+ * CodeQL recognizes `realpathSync` output as a sanitizer for
+ * `js/path-injection`, so the returned value is safe to flow into `stat`,
+ * `readFile`, `readdir`, `spawn`, and other filesystem sinks.
+ */
+export declare function realpathOrNull(p: string): string | null;
+/**
+ * Pure string containment check: does `resolvedCandidate` live at or
+ * beneath `resolvedRoot`? BOTH arguments are expected to already be
+ * realpath-resolved absolute paths — this helper does NOT resolve them.
+ * Separate the resolve step from the containment check so the caller can
+ * resolve once and validate many times without redundant syscalls or
+ * TOCTOU windows.
+ *
+ * Uses forward-slash normalization on both sides before comparing, which
+ * is lossless on POSIX (separator is already `/`) and lossless on Windows
+ * (where `/` cannot appear inside a path component). This makes the
+ * helper safe to use across all three platforms.
+ */
+export declare function isWithinRoot(resolvedCandidate: string, resolvedRoot: string): boolean;
+/**
+ * Resolve `candidate` through realpath and assert the result lives under
+ * at least one of the provided `allowedRoots`. Returns the resolved
+ * candidate path on success, or `null` if the candidate cannot be resolved
+ * or does not fall under any allowed root.
+ *
+ * The roots are resolved once, up-front, with graceful fallback to the
+ * unresolved form on failure (so a root that does not yet exist on disk
+ * is still honored as a literal prefix — this matches the existing
+ * behavior of the upload and directory-list routes). If the caller wants
+ * strict resolution of the roots too, pre-resolve them with
+ * `realpathOrNull` and filter out `null`s before calling this helper.
+ */
+export declare function realpathWithinAllowedRoots(candidate: string, allowedRoots: readonly string[]): string | null;
+/**
+ * Async variant of `realpathOrNull`. See the sync version for semantics.
+ */
+export declare function realpathOrNullAsync(p: string): Promise<string | null>;
+/**
+ * Async variant of `realpathWithinAllowedRoots`. See the sync version for
+ * semantics. Resolves the candidate and each root concurrently via
+ * `Promise.all` so the worst-case wall-clock time is a single realpath,
+ * not N of them serialized.
+ */
+export declare function realpathWithinAllowedRootsAsync(candidate: string, allowedRoots: readonly string[]): Promise<string | null>;
+//# sourceMappingURL=path-sanitizers.d.ts.map

package/dist/src/presentation/web/lib/path-sanitizers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"path-sanitizers.d.ts","sourceRoot":"","sources":["../../../../../src/presentation/web/lib/path-sanitizers.ts"],"names":[],"mappings":"AAsCA;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAMvD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAAC,iBAAiB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAIrF;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,0BAA0B,CACxC,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,SAAS,MAAM,EAAE,GAC9B,MAAM,GAAG,IAAI,CAWf;AAUD;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAM3E;AAED;;;;;GAKG;AACH,wBAAsB,+BAA+B,CACnD,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,SAAS,MAAM,EAAE,GAC9B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAcxB"}

package/dist/src/presentation/web/lib/path-sanitizers.js ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * Path sanitization helpers for the web presentation layer.
+ *
+ * Provides the small set of primitives used by every route and server
+ * action that touches a user-influenced filesystem path. Each helper
+ * does one thing, is recognized by CodeQL's js/path-injection taint
+ * analysis as a sanitizer, and is portable across macOS/Linux/Windows.
+ *
+ * Design principles:
+ *
+ *   - `realpathOrNull(p)` resolves a path through `realpath` and returns
+ *     `null` on any error (missing file, permission denied, broken symlink).
+ *     Callers never have to care about the thrown error variants.
+ *
+ *   - `isWithinRoot(candidate, root)` is a pure string containment check
+ *     that expects both arguments to already be realpath-resolved. It
+ *     normalizes backslash separators to forward slashes before comparing,
+ *     so Windows realpath output matches the forward-slash roots that
+ *     shipit uses throughout the codebase for persistence and comparison.
+ *
+ *   - `realpathWithinAllowedRoots(candidate, roots)` combines the two:
+ *     resolves the candidate once, resolves each root once (with graceful
+ *     fallback to the unresolved form for the roots), then checks
+ *     containment. Returns the resolved candidate on success, `null` on
+ *     failure. Use this when a value must live under one of several
+ *     permitted directories (e.g. cwd OR home-dir for the uploads API).
+ *
+ * These helpers intentionally do NOT compose realpath with the
+ * containment check into a single `realpathWithinRoot(candidate, root)`
+ * function, because that composition re-resolves an already-resolved
+ * root on every nested call and opens a TOCTOU window where filesystem
+ * state can change between the resolve and the containment check. Keep
+ * realpath and containment separate so the caller can resolve once and
+ * validate many.
+ */
+import { realpathSync } from 'node:fs';
+import { realpath } from 'node:fs/promises';
+/**
+ * Resolve a path through `realpath` and return the resolved absolute path,
+ * or `null` if the path is missing, unreadable, or cannot be canonicalized
+ * for any other reason. Never throws.
+ *
+ * CodeQL recognizes `realpathSync` output as a sanitizer for
+ * `js/path-injection`, so the returned value is safe to flow into `stat`,
+ * `readFile`, `readdir`, `spawn`, and other filesystem sinks.
+ */
+export function realpathOrNull(p) {
+    try {
+        return realpathSync(p);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Pure string containment check: does `resolvedCandidate` live at or
+ * beneath `resolvedRoot`? BOTH arguments are expected to already be
+ * realpath-resolved absolute paths — this helper does NOT resolve them.
+ * Separate the resolve step from the containment check so the caller can
+ * resolve once and validate many times without redundant syscalls or
+ * TOCTOU windows.
+ *
+ * Uses forward-slash normalization on both sides before comparing, which
+ * is lossless on POSIX (separator is already `/`) and lossless on Windows
+ * (where `/` cannot appear inside a path component). This makes the
+ * helper safe to use across all three platforms.
+ */
+export function isWithinRoot(resolvedCandidate, resolvedRoot) {
+    const normRoot = resolvedRoot.replace(/\\/g, '/');
+    const normCandidate = resolvedCandidate.replace(/\\/g, '/');
+    return normCandidate === normRoot || normCandidate.startsWith(`${normRoot}/`);
+}
+/**
+ * Resolve `candidate` through realpath and assert the result lives under
+ * at least one of the provided `allowedRoots`. Returns the resolved
+ * candidate path on success, or `null` if the candidate cannot be resolved
+ * or does not fall under any allowed root.
+ *
+ * The roots are resolved once, up-front, with graceful fallback to the
+ * unresolved form on failure (so a root that does not yet exist on disk
+ * is still honored as a literal prefix — this matches the existing
+ * behavior of the upload and directory-list routes). If the caller wants
+ * strict resolution of the roots too, pre-resolve them with
+ * `realpathOrNull` and filter out `null`s before calling this helper.
+ */
+export function realpathWithinAllowedRoots(candidate, allowedRoots) {
+    const resolvedCandidate = realpathOrNull(candidate);
+    if (!resolvedCandidate)
+        return null;
+    for (const root of allowedRoots) {
+        const resolvedRoot = realpathOrNull(root) ?? root;
+        if (isWithinRoot(resolvedCandidate, resolvedRoot)) {
+            return resolvedCandidate;
+        }
+    }
+    return null;
+}
+// ─── Async variants ─────────────────────────────────────────────────────
+//
+// Route handlers that already use async fs APIs should use these rather
+// than the sync variants so they don't block the event loop under
+// concurrent load. The async helpers mirror the sync ones exactly in
+// semantics — same null-on-error contract, same normalization, same
+// containment rules.
+/**
+ * Async variant of `realpathOrNull`. See the sync version for semantics.
+ */
+export async function realpathOrNullAsync(p) {
+    try {
+        return await realpath(p);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Async variant of `realpathWithinAllowedRoots`. See the sync version for
+ * semantics. Resolves the candidate and each root concurrently via
+ * `Promise.all` so the worst-case wall-clock time is a single realpath,
+ * not N of them serialized.
+ */
+export async function realpathWithinAllowedRootsAsync(candidate, allowedRoots) {
+    const [resolvedCandidate, ...resolvedRoots] = await Promise.all([
+        realpathOrNullAsync(candidate),
+        ...allowedRoots.map((r) => realpathOrNullAsync(r)),
+    ]);
+    if (!resolvedCandidate)
+        return null;
+    for (let i = 0; i < resolvedRoots.length; i++) {
+        const resolvedRoot = resolvedRoots[i] ?? allowedRoots[i];
+        if (isWithinRoot(resolvedCandidate, resolvedRoot)) {
+            return resolvedCandidate;
+        }
+    }
+    return null;
+}