@taewooopark/agent-blackbox 0.46.1 → 0.46.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/cli.js +11 -1
  2. package/package.json +1 -1
package/dist/cli.js CHANGED
@@ -1858,6 +1858,13 @@ async function handleRequest(request, response, eventsFile, clients, suggestConf
1858
1858
  sendEmpty(response, 204);
1859
1859
  return;
1860
1860
  }
1861
+ if (request.method === "POST") {
1862
+ const origin = request.headers.origin;
1863
+ if (typeof origin === "string" && !isLoopbackOrigin(origin)) {
1864
+ sendJson(response, 403, { ok: false, error: { message: "cross-site request blocked" } });
1865
+ return;
1866
+ }
1867
+ }
1861
1868
  const replay = parseReplayQuery(url);
1862
1869
  if (request.method === "GET" && url.pathname === "/health") {
1863
1870
  sendJson(response, 200, { ok: true, data: { status: "ok", eventsFile } });
@@ -2351,7 +2358,10 @@ function openInBrowser(url) {
2351
2358
  const command = platform === "darwin" ? "open" : platform === "win32" ? "cmd" : "xdg-open";
2352
2359
  const args2 = platform === "win32" ? ["/c", "start", "", url] : [url];
2353
2360
  try {
2354
- spawn2(command, args2, { stdio: "ignore", detached: true }).unref();
2361
+ const child = spawn2(command, args2, { stdio: "ignore", detached: true });
2362
+ child.on("error", () => {
2363
+ });
2364
+ child.unref();
2355
2365
  } catch {
2356
2366
  }
2357
2367
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@taewooopark/agent-blackbox",
3
- "version": "0.46.1",
3
+ "version": "0.46.2",
4
4
  "description": "Local-first flight recorder + context-efficiency profiler for coding agents (OpenCode). Run with npx.",
5
5
  "type": "module",
6
6
  "license": "MIT",