@siftd/connect-agent 0.2.31 → 0.2.33

package/dist/core/asset-api.d.ts

@@ -8,7 +8,7 @@
  * - asset.group - Get assets by group
  * - view.get - Get ViewSpec
  */
-import { AssetManifest, AssetPreview, ViewSpec } from './assets.js';
+import { AssetManifest, AssetPreview, ViewSpec, ClientAssetManifest } from './assets.js';
 export interface AssetRequest {
     type: 'asset.list' | 'asset.get' | 'asset.preview' | 'asset.group' | 'view.get' | 'view.list';
     requestId: string;
@@ -19,7 +19,7 @@ export interface AssetRequest {
 export interface AssetListResponse {
     type: 'asset.list';
     requestId: string;
-    assets: AssetManifest[];
+    assets: ClientAssetManifest[];
 }
 export interface AssetGetResponse {
     type: 'asset.get';
@@ -33,14 +33,14 @@ export interface AssetPreviewResponse {
     type: 'asset.preview';
     requestId: string;
     assetId: string;
-    manifest: AssetManifest;
+    manifest: ClientAssetManifest;
     preview: AssetPreview | null;
 }
 export interface AssetGroupResponse {
     type: 'asset.group';
     requestId: string;
     groupId: string;
-    assets: AssetManifest[];
+    assets: ClientAssetManifest[];
     previews: (AssetPreview | null)[];
 }
 export interface ViewGetResponse {
@@ -79,11 +79,11 @@ export interface GalleryState {
 export declare function buildGalleryState(): GalleryState;
 /**
  * Convert gallery state to WebSocket message format
- * Compatible with existing gallery_workers message
+ * Strips absolute paths from assets for client safety
  */
 export declare function galleryStateToMessage(state: GalleryState): {
     type: 'gallery_state';
-    assets: AssetManifest[];
+    assets: ClientAssetManifest[];
     previews: {
         [key: string]: AssetPreview;
     };

package/dist/core/asset-api.js

@@ -9,7 +9,25 @@
  * - view.get - Get ViewSpec
  */
 import { readFileSync, existsSync, statSync } from 'fs';
+import { toClientManifest, isPathWithinRoot, } from './assets.js';
 import { getAsset, getPreview, getAllAssets, getAssetsByGroup, getAssetRegistry, } from './preview-worker.js';
+import { getSharedOutputPath } from './hub.js';
+// Allowed roots for asset access (security)
+function getAllowedRoots() {
+    const home = process.env.HOME || '/tmp';
+    return [
+        getSharedOutputPath(),
+        `${home}/Lia-Hub`,
+        '/tmp',
+    ];
+}
+/**
+ * Validate that a path is within allowed roots (uses realpath to prevent traversal/symlink escapes)
+ */
+function isPathAllowed(filePath) {
+    const allowedRoots = getAllowedRoots();
+    return allowedRoots.some(root => isPathWithinRoot(filePath, root));
+}
 // ============================================================================
 // VIEW REGISTRY
 // ============================================================================
@@ -64,7 +82,7 @@ function handleAssetList(request) {
     return {
         type: 'asset.list',
         requestId: request.requestId,
-        assets: getAllAssets(),
+        assets: getAllAssets().map(toClientManifest),
     };
 }
 function handleAssetGet(request) {
@@ -76,8 +94,12 @@ function handleAssetGet(request) {
     if (!manifest) {
         return { type: 'asset.error', requestId, error: `Asset not found: ${assetId}` };
     }
+    // Security: validate path is within allowed roots
+    if (!isPathAllowed(manifest.path)) {
+        return { type: 'asset.error', requestId, error: 'Access denied' };
+    }
     if (!existsSync(manifest.path)) {
-        return { type: 'asset.error', requestId, error: `File not found: ${manifest.path}` };
+        return { type: 'asset.error', requestId, error: 'File not found' };
     }
     // Read file and encode as base64
     const data = readFileSync(manifest.path);
@@ -105,7 +127,7 @@ function handleAssetPreview(request) {
         type: 'asset.preview',
         requestId,
         assetId,
-        manifest,
+        manifest: toClientManifest(manifest),
         preview,
     };
 }
@@ -120,7 +142,7 @@ function handleAssetGroup(request) {
         type: 'asset.group',
         requestId,
         groupId,
-        assets,
+        assets: assets.map(toClientManifest),
         previews,
     };
 }
@@ -161,7 +183,7 @@ export function buildGalleryState() {
 }
 /**
  * Convert gallery state to WebSocket message format
- * Compatible with existing gallery_workers message
+ * Strips absolute paths from assets for client safety
  */
 export function galleryStateToMessage(state) {
     const previews = {};
@@ -174,7 +196,7 @@ export function galleryStateToMessage(state) {
     }
     return {
         type: 'gallery_state',
-        assets: state.assets,
+        assets: state.assets.map(toClientManifest),
         previews,
         groups,
         views: state.views,

package/dist/core/assets.d.ts

@@ -5,9 +5,9 @@
  * The preview-worker generates thumbnails/metadata WITHOUT using the LLM.
  */
 export interface AssetManifest {
-    /** Unique asset ID */
+    /** Unique asset ID (content-addressed) */
     id: string;
-    /** Absolute path to the file */
+    /** Absolute path to the file (INTERNAL ONLY - never send to client) */
     path: string;
     /** Filename */
     name: string;
@@ -28,6 +28,29 @@ export interface AssetManifest {
     /** For kind=view, the ViewSpec */
     viewSpec?: ViewSpec;
 }
+/**
+ * Client-safe asset manifest - no absolute paths exposed
+ */
+export interface ClientAssetManifest {
+    id: string;
+    name: string;
+    mime: string;
+    sha256: string;
+    size: number;
+    createdAt: number;
+    groupId?: string;
+    label?: 'old' | 'new' | 'diff' | 'output' | 'source';
+    kind: 'file' | 'view';
+    viewSpec?: ViewSpec;
+}
+/**
+ * Convert internal manifest to client-safe version (strips path)
+ */
+export declare function toClientManifest(manifest: AssetManifest): ClientAssetManifest;
+/**
+ * Validate that a resolved path is within an allowed root (prevents traversal/symlink escapes)
+ */
+export declare function isPathWithinRoot(filePath: string, rootDir: string): boolean;
 export interface AssetPreview {
     /** Reference to the asset */
     assetId: string;
@@ -124,15 +147,18 @@ export declare function hashFile(filePath: string): string;
  */
 export declare function getMimeType(filePath: string): string;
 /**
- * Generate unique asset ID
+ * Generate deterministic asset ID from content hash + relative path
+ * Content-addressed: same file always gets same ID
  */
-export declare function generateAssetId(): string;
+export declare function generateAssetId(sha256: string, relativePath?: string): string;
 /**
  * Create asset manifest for a file
+ * @param rootDir - Root directory for computing relative path (for ID stability)
  */
 export declare function createAssetManifest(filePath: string, options?: {
     groupId?: string;
     label?: AssetManifest['label'];
+    rootDir?: string;
 }): AssetManifest;
 /**
  * Write asset manifest alongside the file
@@ -148,6 +174,7 @@ export declare function readAssetManifest(filePath: string): AssetManifest | nul
 export declare function getPreviewCacheDir(): string;
 /**
  * Generate cache key for preview
+ * Uses canonical stringify for stable key generation regardless of key order
  */
 export declare function getPreviewCacheKey(sha256: string, params?: ViewerParams): string;
 /**

package/dist/core/assets.js

@@ -5,8 +5,28 @@
  * The preview-worker generates thumbnails/metadata WITHOUT using the LLM.
  */
 import { createHash } from 'crypto';
-import { readFileSync, writeFileSync, existsSync, mkdirSync, statSync } from 'fs';
-import { basename, extname, join } from 'path';
+import { readFileSync, writeFileSync, existsSync, mkdirSync, statSync, realpathSync } from 'fs';
+import { basename, extname, join, relative, sep } from 'path';
+/**
+ * Convert internal manifest to client-safe version (strips path)
+ */
+export function toClientManifest(manifest) {
+    const { path, ...clientSafe } = manifest;
+    return clientSafe;
+}
+/**
+ * Validate that a resolved path is within an allowed root (prevents traversal/symlink escapes)
+ */
+export function isPathWithinRoot(filePath, rootDir) {
+    try {
+        const resolvedPath = realpathSync(filePath);
+        const resolvedRoot = realpathSync(rootDir);
+        return resolvedPath.startsWith(resolvedRoot + sep);
+    }
+    catch {
+        return false;
+    }
+}
 // ============================================================================
 // UTILITY FUNCTIONS
 // ============================================================================
@@ -63,24 +83,35 @@ export function getMimeType(filePath) {
     return mimeMap[ext] || 'application/octet-stream';
 }
 /**
- * Generate unique asset ID
+ * Generate deterministic asset ID from content hash + relative path
+ * Content-addressed: same file always gets same ID
  */
-export function generateAssetId() {
-    const timestamp = Date.now().toString(36);
-    const random = Math.random().toString(36).substring(2, 8);
-    return `asset_${timestamp}_${random}`;
+export function generateAssetId(sha256, relativePath) {
+    // Use first 12 chars of sha256 + path hash for uniqueness
+    const prefix = sha256.substring(0, 12);
+    if (relativePath) {
+        const pathHash = createHash('sha256').update(relativePath).digest('hex').substring(0, 6);
+        return `asset_${prefix}_${pathHash}`;
+    }
+    return `asset_${prefix}`;
 }
 /**
  * Create asset manifest for a file
+ * @param rootDir - Root directory for computing relative path (for ID stability)
  */
 export function createAssetManifest(filePath, options = {}) {
     const stats = statSync(filePath);
+    const sha256 = hashFile(filePath);
+    // Compute relative path using path.relative() for stable IDs
+    const relativePath = options.rootDir
+        ? relative(options.rootDir, filePath)
+        : basename(filePath);
     return {
-        id: generateAssetId(),
+        id: generateAssetId(sha256, relativePath),
         path: filePath,
         name: basename(filePath),
         mime: getMimeType(filePath),
-        sha256: hashFile(filePath),
+        sha256,
         size: stats.size,
         createdAt: Date.now(),
         groupId: options.groupId,
@@ -120,11 +151,26 @@ export function getPreviewCacheDir() {
     }
     return cacheDir;
 }
+/**
+ * Canonical JSON stringify - sorts keys recursively for stable hashing
+ */
+function canonicalStringify(obj) {
+    if (obj === null || typeof obj !== 'object') {
+        return JSON.stringify(obj);
+    }
+    if (Array.isArray(obj)) {
+        return '[' + obj.map(canonicalStringify).join(',') + ']';
+    }
+    const sortedKeys = Object.keys(obj).sort();
+    const pairs = sortedKeys.map(key => JSON.stringify(key) + ':' + canonicalStringify(obj[key]));
+    return '{' + pairs.join(',') + '}';
+}
 /**
  * Generate cache key for preview
+ * Uses canonical stringify for stable key generation regardless of key order
  */
 export function getPreviewCacheKey(sha256, params) {
-    const paramsStr = params ? JSON.stringify(params) : '';
+    const paramsStr = params ? canonicalStringify(params) : '';
     return createHash('sha256').update(sha256 + paramsStr).digest('hex').substring(0, 16);
 }
 /**

package/dist/core/preview-worker.d.ts

@@ -8,6 +8,10 @@
  *
  * NO LLM involvement - pure local, deterministic processing.
  * Targets sub-second response for most assets.
+ *
+ * Uses chokidar for reliable cross-platform file watching with:
+ * - awaitWriteFinish to handle half-written files
+ * - Ignore patterns to avoid loops (*.asset.json, thumbs, etc.)
  */
 import { AssetManifest, AssetPreview } from './assets.js';
 export interface PreviewWorkerOptions {
@@ -23,25 +27,27 @@ export interface PreviewWorkerOptions {
     verbose?: boolean;
 }
 export declare class PreviewWorker {
-    private watchers;
+    private watcher;
     private queue;
     private processing;
+    private debounceTimers;
     private concurrency;
     private options;
     private running;
+    private rootDir;
     constructor(options?: PreviewWorkerOptions);
     /**
      * Start watching directories
      */
     start(): void;
     /**
-     * Stop watching
+     * Handle file add/change with debouncing
      */
-    stop(): void;
+    private handleFile;
     /**
-     * Scan directory for existing files
+     * Stop watching
      */
-    private scanDirectory;
+    stop(): void;
     /**
      * Add file to processing queue
      */

package/dist/core/preview-worker.js

@@ -8,23 +8,41 @@
  *
  * NO LLM involvement - pure local, deterministic processing.
  * Targets sub-second response for most assets.
+ *
+ * Uses chokidar for reliable cross-platform file watching with:
+ * - awaitWriteFinish to handle half-written files
+ * - Ignore patterns to avoid loops (*.asset.json, thumbs, etc.)
  */
-import { watch } from 'fs';
-import { readFileSync, existsSync, readdirSync, statSync, mkdirSync } from 'fs';
+import chokidar from 'chokidar';
+import { readFileSync, existsSync, mkdirSync } from 'fs';
 import { join, basename } from 'path';
 import { execSync } from 'child_process';
 import { createAssetManifest, writeAssetManifest, readAssetManifest, getPreviewCacheDir, getPreviewCacheKey, getPreviewFromCache, savePreviewToCache, } from './assets.js';
 import { getSharedOutputPath } from './hub.js';
+// Files to ignore when watching (prevents watcher loops)
+const IGNORE_PATTERNS = [
+    '**/*.asset.json',
+    '**/*.preview.json',
+    '**/.thumbs/**',
+    '**/thumbs/**',
+    '**/*.tmp',
+    '**/.DS_Store',
+    '**/node_modules/**',
+    '**/.git/**',
+];
 export class PreviewWorker {
-    watchers = [];
+    watcher = null;
     queue = [];
     processing = new Set();
+    debounceTimers = new Map();
     concurrency;
     options;
     running = false;
+    rootDir;
     constructor(options = {}) {
         this.options = options;
         this.concurrency = options.concurrency || 4;
+        this.rootDir = getSharedOutputPath();
     }
     /**
      * Start watching directories
@@ -33,65 +51,59 @@ export class PreviewWorker {
         if (this.running)
             return;
         this.running = true;
-        const dirs = this.options.watchDirs || [getSharedOutputPath()];
+        const dirs = this.options.watchDirs || [this.rootDir];
         for (const dir of dirs) {
             if (!existsSync(dir)) {
                 mkdirSync(dir, { recursive: true });
             }
-            this.log(`Watching: ${dir}`);
-            // Initial scan
-            this.scanDirectory(dir);
-            // Watch for changes
-            const watcher = watch(dir, { recursive: true }, (event, filename) => {
-                if (!filename)
-                    return;
-                const filePath = join(dir, filename);
-                // Skip manifest files and hidden files
-                if (filename.endsWith('.asset.json') || filename.startsWith('.'))
-                    return;
-                // Skip directories
-                try {
-                    if (statSync(filePath).isDirectory())
-                        return;
-                }
-                catch {
-                    return; // File may have been deleted
-                }
-                this.enqueue(filePath);
-            });
-            this.watchers.push(watcher);
         }
-        // Start processing queue
-        this.processQueue();
+        this.log(`Watching: ${dirs.join(', ')}`);
+        // Use chokidar for reliable watching with:
+        // - awaitWriteFinish: wait until file size is stable (handles half-written files)
+        // - ignored: prevent watcher loops
+        this.watcher = chokidar.watch(dirs, {
+            ignoreInitial: false, // Process existing files on startup
+            persistent: true,
+            awaitWriteFinish: {
+                stabilityThreshold: 400, // Wait 400ms for file size to stabilize
+                pollInterval: 100,
+            },
+            ignored: IGNORE_PATTERNS,
+            depth: 10,
+        });
+        this.watcher.on('add', (filePath) => this.handleFile(filePath));
+        this.watcher.on('change', (filePath) => this.handleFile(filePath));
+        this.watcher.on('error', (error) => this.log(`Watcher error: ${error}`));
     }
     /**
-     * Stop watching
+     * Handle file add/change with debouncing
      */
-    stop() {
-        this.running = false;
-        for (const watcher of this.watchers) {
-            watcher.close();
+    handleFile(filePath) {
+        // Clear existing debounce timer for this file
+        const existingTimer = this.debounceTimers.get(filePath);
+        if (existingTimer) {
+            clearTimeout(existingTimer);
         }
-        this.watchers = [];
+        // Debounce: wait 100ms before processing to batch rapid changes
+        const timer = setTimeout(() => {
+            this.debounceTimers.delete(filePath);
+            this.enqueue(filePath);
+        }, 100);
+        this.debounceTimers.set(filePath, timer);
     }
     /**
-     * Scan directory for existing files
+     * Stop watching
      */
-    scanDirectory(dir) {
-        try {
-            const entries = readdirSync(dir, { withFileTypes: true });
-            for (const entry of entries) {
-                const fullPath = join(dir, entry.name);
-                if (entry.isDirectory()) {
-                    this.scanDirectory(fullPath);
-                }
-                else if (!entry.name.endsWith('.asset.json') && !entry.name.startsWith('.')) {
-                    this.enqueue(fullPath);
-                }
-            }
+    stop() {
+        this.running = false;
+        // Clear all debounce timers
+        for (const timer of this.debounceTimers.values()) {
+            clearTimeout(timer);
         }
-        catch (error) {
-            this.log(`Scan error: ${error}`);
+        this.debounceTimers.clear();
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = null;
         }
     }
     /**
@@ -132,9 +144,10 @@ export class PreviewWorker {
         // Check for existing manifest
         let manifest = readAssetManifest(filePath);
         if (!manifest) {
-            // Create new manifest
+            // Create new manifest with rootDir for stable IDs
             manifest = createAssetManifest(filePath, {
                 groupId: this.extractGroupId(filePath),
+                rootDir: this.rootDir,
             });
             writeAssetManifest(manifest);
             this.log(`Created manifest: ${manifest.name} (${manifest.id})`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@siftd/connect-agent",
-  "version": "0.2.31",
+  "version": "0.2.33",
   "description": "Master orchestrator agent - control Claude Code remotely via web",
   "type": "module",
   "main": "dist/index.js",
@@ -39,6 +39,7 @@
   "dependencies": {
     "@anthropic-ai/sdk": "^0.39.0",
     "better-sqlite3": "^11.7.0",
+    "chokidar": "^5.0.0",
     "commander": "^12.1.0",
     "conf": "^13.0.1",
     "node-cron": "^3.0.3",
@@ -49,6 +50,7 @@
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.12",
+    "@types/chokidar": "^1.7.5",
     "@types/node": "^22.10.2",
     "@types/node-cron": "^3.0.11",
     "@types/pg": "^8.11.10",