npm - @staff0rd/assist - Versions diffs - 0.205.1 → 0.206.1 - Mend

@staff0rd/assist 0.205.1 → 0.206.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -117,7 +117,7 @@ After installation, the `assist` command will be available globally. You can als
 - `assist config list` - List all config values
 - `assist verify` - Run all verify:* commands in parallel (from run configs in assist.yml and scripts in package.json)
 - `assist verify all` - Run all checks, ignoring diff-based filters
-- `assist verify init` - Add verify scripts to a project
+- `assist verify init` - Add verify scripts to a project (writes to `assist.yml` by default; pass `--package-json` to write to `package.json` scripts instead)
 - `assist verify hardcoded-colors` - Check for hardcoded hex colors in src/ (supports `hardcodedColors.ignore` globs in config)
 - `assist lint [-f, --fix]` - Run lint checks for conventions not enforced by biomejs (use `-f` to auto-fix)
 - `assist lint init` - Initialize Biome with standard linter config

package/dist/index.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { Command } from "commander";
 // package.json
 var package_default = {
   name: "@staff0rd/assist",
-  version: "0.205.1",
+  version: "0.206.1",
   type: "module",
   main: "dist/index.js",
   bin: {
@@ -3192,10 +3192,7 @@ function detectExistingSetup(pkg) {
     ...buildToolStatuses(pkg, configScriptNames),
     hasVite: hasDep(pkg, "vite"),
     hasTypescript: !!pkg.devDependencies?.typescript,
-    hasOpenColor: hasDep(pkg, "open-color"),
-    hasConfigScripts: [...configScriptNames].some(
-      (n) => n.startsWith("verify:")
-    )
+    hasOpenColor: hasDep(pkg, "open-color")
   };
 }
@@ -3326,12 +3323,12 @@ async function promptForScripts(availableOptions) {
   }
   return selected;
 }
-async function init2() {
+async function init2(options2 = {}) {
   const { packageJsonPath, pkg } = requirePackageJson();
   const setup2 = detectExistingSetup(pkg);
   const selected = await promptForScripts(getAvailableOptions(setup2));
   if (!selected) return;
-  const writer = setup2.hasConfigScripts ? setupVerifyRunEntry : (name, cmd) => setupVerifyScript(packageJsonPath, name, cmd);
+  const writer = options2.packageJson ? (name, cmd) => setupVerifyScript(packageJsonPath, name, cmd) : setupVerifyRunEntry;
   const handlers2 = getSetupHandlers(
     setup2.hasVite,
     setup2.hasTypescript,
@@ -5466,6 +5463,86 @@ import { basename as basename4 } from "path";
 // src/shared/splitCompound.ts
 import { parse } from "shell-quote";
+// src/shared/consumeRedirect.ts
+import { tmpdir as tmpdir2 } from "os";
+// src/shared/isRedirectTargetAllowed.ts
+function isRedirectTargetAllowed(target, tmp) {
+  if (/^[A-Za-z]:[\\/]/.test(tmp)) return isUnderWindowsTmp(target, tmp);
+  return isUnderPosixTmp(target, tmp);
+}
+function isUnderWindowsTmp(target, tmp) {
+  if (!/^[A-Za-z]:[\\/]/.test(target)) return false;
+  const nTmp = normalizeWindowsPath(tmp);
+  const nTarget = normalizeWindowsPath(target);
+  return nTarget === nTmp || nTarget.startsWith(`${nTmp}\\`);
+}
+function normalizeWindowsPath(p) {
+  return p.replace(/\//g, "\\").toLowerCase().replace(/\\+$/, "");
+}
+function isUnderPosixTmp(target, tmp) {
+  if (!target.startsWith("/")) return false;
+  const nTmp = tmp.replace(/\/+$/, "");
+  return target === nTmp || target.startsWith(`${nTmp}/`);
+}
+// src/shared/consumeRedirect.ts
+function consumeRedirect(tokens, opIndex, current) {
+  const target = tokens[opIndex + 1];
+  if (typeof target !== "string") {
+    return { ok: false, error: "unable to parse" };
+  }
+  if (!isRedirectTargetAllowed(target, tmpdir2())) {
+    return {
+      ok: false,
+      error: `redirect target '${target}' is outside the OS temp directory`
+    };
+  }
+  if (current.length > 0 && /^\d$/.test(current[current.length - 1])) {
+    current.pop();
+  }
+  return { ok: true, nextIndex: opIndex + 1 };
+}
+// src/shared/groupByOperator.ts
+var SEPARATOR_OPS = /* @__PURE__ */ new Set(["|", "&&", "||", ";"]);
+var OUTPUT_REDIRECT_OPS = /* @__PURE__ */ new Set([">", ">>"]);
+var UNPARSEABLE = { ok: false, error: "unable to parse" };
+function groupByOperator(tokens) {
+  const groups = [[]];
+  for (let i = 0; i < tokens.length; i++) {
+    const step = handleToken(tokens, i, groups);
+    if (!step.ok) return step;
+    i = step.nextIndex;
+  }
+  return { ok: true, groups };
+}
+function handleToken(tokens, i, groups) {
+  const token = tokens[i];
+  const op = getOp(token);
+  if (op === void 0) return appendWord(token, groups, i);
+  if (op === "glob") {
+    groups[groups.length - 1].push(token.pattern);
+    return { ok: true, nextIndex: i };
+  }
+  if (SEPARATOR_OPS.has(op)) {
+    groups.push([]);
+    return { ok: true, nextIndex: i };
+  }
+  if (OUTPUT_REDIRECT_OPS.has(op)) {
+    return consumeRedirect(tokens, i, groups[groups.length - 1]);
+  }
+  return UNPARSEABLE;
+}
+function appendWord(token, groups, i) {
+  if (typeof token !== "string") return UNPARSEABLE;
+  groups[groups.length - 1].push(token);
+  return { ok: true, nextIndex: i };
+}
+function getOp(token) {
+  return typeof token === "object" && token !== null && "op" in token ? token.op : void 0;
+}
 // src/shared/hasUnquotedBackticks.ts
 var QUOTED_OR_BACKTICK_RE = /\\.|'[^']*'|"[^"]*"|(`)/g;
 function hasUnquotedBackticks(command) {
@@ -5477,17 +5554,17 @@ function hasUnquotedBackticks(command) {
 }
 // src/shared/splitCompound.ts
-var SEPARATOR_OPS = /* @__PURE__ */ new Set(["|", "&&", "||", ";"]);
-var UNSAFE_OPS = /* @__PURE__ */ new Set(["(", ")", ">", ">>", "<", "<&", "|&", ">&"]);
 var FD_REDIRECT_RE = /\d+>&\d+/g;
 var FD_DEVNULL_RE = /\d*>(?:\/dev\/null|\$null)/g;
+var UNPARSEABLE2 = { ok: false, error: "unable to parse" };
 function splitCompound(command) {
   const tokens = tokenizeCommand(command);
-  if (!tokens) return void 0;
-  const groups = groupByOperator(tokens);
-  if (!groups) return void 0;
-  const result = groups.map((parts) => stripEnvPrefix(parts).join(" ")).filter((cmd) => cmd !== "");
-  return result.length > 0 ? result : void 0;
+  if (!tokens) return UNPARSEABLE2;
+  const grouped = groupByOperator(tokens);
+  if (!grouped.ok) return grouped;
+  const parts = grouped.groups.map((g) => stripEnvPrefix(g).join(" ")).filter((cmd) => cmd !== "");
+  if (parts.length === 0) return UNPARSEABLE2;
+  return { ok: true, parts };
 }
 function tokenizeCommand(command) {
   const trimmed = command.trim().replace(FD_DEVNULL_RE, "").replace(FD_REDIRECT_RE, "");
@@ -5499,28 +5576,6 @@ function tokenizeCommand(command) {
     return void 0;
   }
 }
-function getOp(token) {
-  return typeof token === "object" && token !== null && "op" in token ? token.op : void 0;
-}
-function groupByOperator(tokens) {
-  const groups = [[]];
-  for (const token of tokens) {
-    const op = getOp(token);
-    if (op === void 0) {
-      if (typeof token !== "string") return void 0;
-      groups[groups.length - 1].push(token);
-    } else if (op === "glob") {
-      groups[groups.length - 1].push(token.pattern);
-    } else if (SEPARATOR_OPS.has(op)) {
-      groups.push([]);
-    } else if (UNSAFE_OPS.has(op)) {
-      return void 0;
-    } else {
-      return void 0;
-    }
-  }
-  return groups;
-}
 function stripEnvPrefix(parts) {
   let i = 0;
   while (i < parts.length && /^[A-Za-z_]\w*=/.test(parts[i])) i++;
@@ -5898,8 +5953,8 @@ function tryParseInput(raw) {
   }
 }
 function decide(toolName, rawCommand) {
-  const parts = splitCompound(rawCommand);
-  if (parts) return resolvePermission(toolName, parts);
+  const result = splitCompound(rawCommand);
+  if (result.ok) return resolvePermission(toolName, result.parts);
   return findDeny(toolName, [rawCommand]);
 }
 async function cliHook() {
@@ -5929,12 +5984,13 @@ async function cliHook() {
 // src/commands/cliHook/cliHookCheck.ts
 function cliHookCheck(command, toolName = "Bash") {
   const trimmed = command.trim();
-  const parts = splitCompound(trimmed);
-  if (!parts) {
-    console.log("not approved (unable to parse)");
+  const result = splitCompound(trimmed);
+  if (!result.ok) {
+    console.log(`not approved (${result.error})`);
     process.exitCode = 1;
     return;
   }
+  const parts = result.parts;
   for (const part of parts) {
     const configDeny = matchesConfigDeny(part);
     if (configDeny) {
@@ -8063,7 +8119,7 @@ function parseInspectReport(json) {
 // src/commands/dotnet/runInspectCode.ts
 import { execSync as execSync22 } from "child_process";
 import { existsSync as existsSync28, readFileSync as readFileSync25, unlinkSync as unlinkSync5 } from "fs";
-import { tmpdir as tmpdir2 } from "os";
+import { tmpdir as tmpdir3 } from "os";
 import path29 from "path";
 import chalk91 from "chalk";
 function assertJbInstalled() {
@@ -8078,7 +8134,7 @@ function assertJbInstalled() {
   }
 }
 function runInspectCode(slnPath, include, swea) {
-  const reportPath = path29.join(tmpdir2(), `inspect-${Date.now()}.xml`);
+  const reportPath = path29.join(tmpdir3(), `inspect-${Date.now()}.xml`);
   const includeFlag = include ? ` --include="${include}"` : "";
   const sweaFlag = swea ? " --swea" : "";
   try {
@@ -8718,7 +8774,7 @@ function registerPrompts(program2) {
 // src/commands/prs/comment.ts
 import { spawnSync as spawnSync2 } from "child_process";
 import { unlinkSync as unlinkSync6, writeFileSync as writeFileSync21 } from "fs";
-import { tmpdir as tmpdir3 } from "os";
+import { tmpdir as tmpdir4 } from "os";
 import { join as join29 } from "path";
 // src/commands/prs/shared.ts
@@ -8791,7 +8847,7 @@ function comment2(path53, line, body) {
   validateLine(line);
   try {
     const prId = getCurrentPrNodeId();
-    const queryFile = join29(tmpdir3(), `gh-query-${Date.now()}.graphql`);
+    const queryFile = join29(tmpdir4(), `gh-query-${Date.now()}.graphql`);
     writeFileSync21(queryFile, MUTATION);
     try {
       const result = spawnSync2(
@@ -8835,7 +8891,7 @@ import { execSync as execSync28 } from "child_process";
 // src/commands/prs/resolveCommentWithReply.ts
 import { execSync as execSync27 } from "child_process";
 import { unlinkSync as unlinkSync8, writeFileSync as writeFileSync22 } from "fs";
-import { tmpdir as tmpdir4 } from "os";
+import { tmpdir as tmpdir5 } from "os";
 import { join as join31 } from "path";
 // src/commands/prs/loadCommentsCache.ts
@@ -8870,7 +8926,7 @@ function replyToComment(org, repo, prNumber, commentId, message) {
 }
 function resolveThread(threadId) {
   const mutation = `mutation($threadId: ID!) { resolveReviewThread(input: {threadId: $threadId}) { thread { isResolved } } }`;
-  const queryFile = join31(tmpdir4(), `gh-mutation-${Date.now()}.graphql`);
+  const queryFile = join31(tmpdir5(), `gh-mutation-${Date.now()}.graphql`);
   writeFileSync22(queryFile, mutation);
   try {
     execSync27(
@@ -8959,11 +9015,11 @@ import { stringify } from "yaml";
 // src/commands/prs/fetchThreadIds.ts
 import { execSync as execSync29 } from "child_process";
 import { unlinkSync as unlinkSync9, writeFileSync as writeFileSync23 } from "fs";
-import { tmpdir as tmpdir5 } from "os";
+import { tmpdir as tmpdir6 } from "os";
 import { join as join32 } from "path";
 var THREAD_QUERY = `query($owner: String!, $repo: String!, $prNumber: Int!) { repository(owner: $owner, name: $repo) { pullRequest(number: $prNumber) { reviewThreads(first: 100) { nodes { id isResolved comments(first: 100) { nodes { databaseId } } } } } } }`;
 function fetchThreadIds(org, repo, prNumber) {
-  const queryFile = join32(tmpdir5(), `gh-query-${Date.now()}.graphql`);
+  const queryFile = join32(tmpdir6(), `gh-query-${Date.now()}.graphql`);
   writeFileSync23(queryFile, THREAD_QUERY);
   try {
     const result = execSync29(
@@ -12210,7 +12266,10 @@ function registerVerify(program2) {
     run2({ ...options2, all: scope === "all" });
   });
   verifyCommand.command("list").description("List configured verify commands").action(list);
-  verifyCommand.command("init").description("Add verify scripts to a project").action(init2);
+  verifyCommand.command("init").description("Add verify scripts to a project").option(
+    "--package-json",
+    "Write scripts to package.json instead of assist.yml"
+  ).action(init2);
   verifyCommand.command("hardcoded-colors").description("Check for hardcoded hex colors in src/").action(hardcodedColors);
   verifyCommand.command("no-venv").description("Check that no venv folders exist in the repo").action(noVenv);
 }
@@ -13067,7 +13126,7 @@ function registerRun(program2) {
 // src/commands/screenshot/index.ts
 import { execSync as execSync39 } from "child_process";
 import { existsSync as existsSync43, mkdirSync as mkdirSync15, unlinkSync as unlinkSync12, writeFileSync as writeFileSync29 } from "fs";
-import { tmpdir as tmpdir6 } from "os";
+import { tmpdir as tmpdir7 } from "os";
 import { join as join49, resolve as resolve11 } from "path";
 import chalk133 from "chalk";
@@ -13205,7 +13264,7 @@ function buildOutputPath(outputDir, processName) {
   return resolve11(outputDir, `${processName}-${timestamp}.png`);
 }
 function runPowerShellScript(processName, outputPath) {
-  const scriptPath = join49(tmpdir6(), `assist-screenshot-${Date.now()}.ps1`);
+  const scriptPath = join49(tmpdir7(), `assist-screenshot-${Date.now()}.ps1`);
   writeFileSync29(scriptPath, captureWindowPs1, "utf-8");
   try {
     execSync39(

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@staff0rd/assist",
-	"version": "0.205.1",
+	"version": "0.206.1",
 	"type": "module",
 	"main": "dist/index.js",
 	"bin": {