@teambit/workspace 1.0.974 → 1.0.976

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@teambit/workspace",
-  "version": "1.0.974",
+  "version": "1.0.976",
   "homepage": "https://bit.cloud/teambit/workspace/workspace",
   "main": "dist/index.js",
   "componentId": {
     "scope": "teambit.workspace",
     "name": "workspace",
-    "version": "1.0.974"
+    "version": "1.0.976"
   },
   "dependencies": {
     "lodash": "4.17.21",
@@ -23,46 +23,29 @@
     "p-map": "4.0.0",
     "detect-indent": "5.0.0",
     "detect-newline": "3.1.0",
+    "enquirer": "2.4.1",
     "@react-hook/latest": "1.0.3",
     "classnames": "^2.5.1",
     "pluralize": "8.0.0",
     "reset-css": "5.0.1",
     "@teambit/component-id": "1.2.4",
     "@teambit/harmony": "0.4.7",
-    "@teambit/legacy.extension-data": "0.0.113",
-    "@teambit/legacy.scope": "0.0.111",
     "@teambit/component-version": "1.0.4",
-    "@teambit/legacy.consumer-component": "0.0.112",
-    "@teambit/legacy.consumer": "0.0.111",
     "@teambit/bit-error": "0.0.404",
     "@teambit/lane-id": "0.0.312",
-    "@teambit/legacy.bit-map": "0.0.168",
     "@teambit/toolbox.fs.last-modified": "0.0.14",
     "@teambit/toolbox.path.path": "0.0.16",
     "@teambit/graph.cleargraph": "0.0.11",
-    "@teambit/logger": "0.0.1413",
-    "@teambit/cli": "0.0.1320",
     "@teambit/component.ui.component-status-resolver": "0.0.510",
     "@teambit/legacy.constants": "0.0.26",
     "@teambit/harmony.modules.resolved-component": "0.0.513",
-    "@teambit/legacy.utils": "0.0.34",
-    "@teambit/scope.remotes": "0.0.111",
-    "@teambit/config-store": "0.0.200",
-    "@teambit/config": "0.0.1495",
     "@teambit/harmony.modules.requireable-component": "0.0.513",
     "@teambit/toolbox.modules.module-resolver": "0.0.19",
-    "@teambit/workspace.modules.node-modules-linker": "0.0.341",
-    "@teambit/global-config": "0.0.1323",
-    "@teambit/legacy.consumer-config": "0.0.111",
-    "@teambit/variants": "0.0.1588",
     "@teambit/component-issues": "0.0.171",
-    "@teambit/component.sources": "0.0.163",
     "@teambit/dependencies.modules.packages-excluder": "1.0.8",
     "@teambit/git.modules.git-executable": "0.0.27",
     "@teambit/harmony.modules.in-memory-cache": "0.0.30",
     "@teambit/legacy-bit-id": "1.1.3",
-    "@teambit/legacy.component-list": "0.0.165",
-    "@teambit/legacy.scope-api": "0.0.166",
     "@teambit/toolbox.path.is-path-inside": "0.0.508",
     "@teambit/workspace.modules.match-pattern": "0.0.520",
     "@teambit/component.ui.component-drawer": "0.0.479",
@@ -107,23 +90,41 @@
     "@teambit/workspace.ui.workspace-component-card": "0.0.569",
     "@teambit/explorer.ui.component-card": "0.0.52",
     "@teambit/workspace.ui.empty-workspace": "0.0.509",
-    "@teambit/component": "1.0.974",
-    "@teambit/dependency-resolver": "1.0.974",
-    "@teambit/envs": "1.0.974",
-    "@teambit/objects": "0.0.481",
-    "@teambit/scope": "1.0.974",
-    "@teambit/graph": "1.0.974",
-    "@teambit/isolator": "1.0.974",
-    "@teambit/component-tree": "1.0.974",
-    "@teambit/watcher": "1.0.974",
-    "@teambit/aspect-loader": "1.0.974",
-    "@teambit/graphql": "1.0.974",
-    "@teambit/bundler": "1.0.974",
-    "@teambit/ui": "1.0.974",
-    "@teambit/command-bar": "1.0.974",
-    "@teambit/sidebar": "1.0.974",
-    "@teambit/pubsub": "1.0.974",
-    "@teambit/deprecation": "1.0.974"
+    "@teambit/component": "1.0.976",
+    "@teambit/dependency-resolver": "1.0.976",
+    "@teambit/envs": "1.0.976",
+    "@teambit/legacy.extension-data": "0.0.114",
+    "@teambit/legacy.scope": "0.0.112",
+    "@teambit/legacy.consumer-component": "0.0.113",
+    "@teambit/legacy.consumer": "0.0.112",
+    "@teambit/legacy.bit-map": "0.0.169",
+    "@teambit/logger": "0.0.1414",
+    "@teambit/objects": "0.0.483",
+    "@teambit/scope": "1.0.976",
+    "@teambit/graph": "1.0.976",
+    "@teambit/cli": "0.0.1321",
+    "@teambit/isolator": "1.0.976",
+    "@teambit/component-tree": "1.0.976",
+    "@teambit/legacy.utils": "0.0.35",
+    "@teambit/watcher": "1.0.976",
+    "@teambit/scope.remotes": "0.0.112",
+    "@teambit/aspect-loader": "1.0.976",
+    "@teambit/config-store": "0.0.201",
+    "@teambit/config": "0.0.1496",
+    "@teambit/workspace.modules.node-modules-linker": "0.0.342",
+    "@teambit/graphql": "1.0.976",
+    "@teambit/bundler": "1.0.976",
+    "@teambit/global-config": "0.0.1324",
+    "@teambit/legacy.consumer-config": "0.0.112",
+    "@teambit/ui": "1.0.976",
+    "@teambit/variants": "0.0.1589",
+    "@teambit/component.sources": "0.0.164",
+    "@teambit/legacy.component-list": "0.0.166",
+    "@teambit/legacy.scope-api": "0.0.167",
+    "@teambit/command-bar": "1.0.976",
+    "@teambit/sidebar": "1.0.976",
+    "@teambit/pubsub": "1.0.976",
+    "@teambit/deprecation": "1.0.976"
   },
   "devDependencies": {
     "@types/lodash": "4.14.165",

package/scope-trust/index.ts

@@ -0,0 +1,2 @@
+export { ScopeTrust } from './scope-trust';
+export { ScopeTrustCmd } from './scope-trust.cmd';

package/scope-trust/scope-trust.cmd.ts

@@ -0,0 +1,111 @@
+import type { Command } from '@teambit/cli';
+import { formatHint, formatItem, formatSection, formatSuccessSummary, formatTitle, joinSections } from '@teambit/cli';
+import { BitError } from '@teambit/bit-error';
+import chalk from 'chalk';
+import type { ScopeTrust } from './scope-trust';
+
+const ACTIONS = ['list', 'enable', 'disable', 'add', 'remove'] as const;
+type Action = (typeof ACTIONS)[number];
+
+export class ScopeTrustCmd implements Command {
+  name = 'trust [action] [pattern]';
+  description = "manage which scopes are trusted to load aspects (envs, etc.) into the workspace's process";
+  arguments = [
+    {
+      name: 'action',
+      description: `one of: ${ACTIONS.join(', ')}. defaults to "list".`,
+    },
+    {
+      name: 'pattern',
+      description: 'scope pattern (required for "add" and "remove")',
+    },
+  ];
+  options = [];
+  group = 'component-config';
+  // Don't load aspects for this command. If the workspace already references
+  // an aspect from a scope that the trust list doesn't allow, the pre-command
+  // aspect-load step would itself trip the gate, leaving the user with no way
+  // to run `bit scope trust` to fix it. Skipping aspect-load keeps the command
+  // usable as a recovery path.
+  loadAspects = false;
+  extendedDescription = `scope-trust is opt-in. when off (the default), aspects from any scope load without a check. when on, aspects from a scope outside the trust list trigger a prompt (interactive shells) or an error (non-interactive).
+
+  bit scope trust                    # same as "list"
+  bit scope trust list               # show status; if on, print the effective trust list
+  bit scope trust enable             # turn on (writes "trustedScopes": [] to workspace.jsonc)
+  bit scope trust disable            # turn off (removes "trustedScopes" from workspace.jsonc)
+  bit scope trust add PATTERN        # add a pattern (auto-enables if needed)
+  bit scope trust remove PATTERN     # remove a pattern (does NOT disable when list is empty)
+
+once on, the effective trust set is: builtin scopes (teambit.*, bitdev.*, and a few others — run "bit scope trust list" to see) + the owner of defaultScope + entries listed under "trustedScopes". patterns are exact ("acme.frontend") or owner wildcard ("acme.*").`;
+
+  constructor(private scopeTrust: ScopeTrust) {}
+
+  async report(args: string[]): Promise<string> {
+    const [rawAction, pattern] = args;
+    const action = (rawAction || 'list') as Action;
+    if (!ACTIONS.includes(action)) {
+      throw new BitError(`unknown action "${rawAction}". valid actions: ${ACTIONS.join(', ')}.`);
+    }
+    switch (action) {
+      case 'list':
+        return this.formatList();
+      case 'enable':
+        await this.scopeTrust.enable();
+        return formatSuccessSummary('scope-trust enabled (added trustedScopes: [] to workspace.jsonc)');
+      case 'disable':
+        await this.scopeTrust.disable();
+        return formatSuccessSummary('scope-trust disabled (removed trustedScopes from workspace.jsonc)');
+      case 'add': {
+        const p = requirePattern(action, pattern);
+        await this.scopeTrust.addTrustedScope(p);
+        return formatSuccessSummary(`added ${chalk.bold(p)} to trustedScopes in workspace.jsonc`);
+      }
+      case 'remove': {
+        const p = requirePattern(action, pattern);
+        await this.scopeTrust.removeTrustedScope(p);
+        return formatSuccessSummary(`removed ${chalk.bold(p)} from trustedScopes in workspace.jsonc`);
+      }
+    }
+  }
+
+  private formatList(): string {
+    if (!this.scopeTrust.isOptedIn()) {
+      return joinSections([
+        formatTitle('scope-trust is off for this workspace.'),
+        'aspects from any scope load without a check.',
+        formatHint(
+          'to turn on:\n  bit scope trust enable        (no scopes added; only builtins + owner-of-defaultScope auto-trusted)\n  bit scope trust add <pattern> (turns on and adds the first scope)'
+        ),
+      ]);
+    }
+    const groups = this.scopeTrust.getEffectiveTrustedPatterns();
+    return joinSections([
+      formatTitle('scope-trust is on. aspects from these scopes load without a prompt:'),
+      formatSection(
+        'builtin',
+        '',
+        groups.builtin.map((p) => formatItem(p))
+      ),
+      formatSection(
+        'inferred from workspace defaultScope',
+        '',
+        groups.owner.map((p) => formatItem(p))
+      ),
+      groups.configured.length
+        ? formatSection(
+            'configured in workspace.jsonc',
+            '',
+            groups.configured.map((p) => formatItem(p))
+          )
+        : formatHint('no scopes configured in workspace.jsonc. add one with `bit scope trust add <pattern>`.'),
+    ]);
+  }
+}
+
+function requirePattern(action: Action, pattern: string | undefined): string {
+  if (!pattern) {
+    throw new BitError(`"${action}" requires a pattern. example: bit scope trust ${action} acme.frontend`);
+  }
+  return pattern;
+}

package/scope-trust/scope-trust.ts

@@ -0,0 +1,260 @@
+import type { ComponentID } from '@teambit/component-id';
+import type { Logger } from '@teambit/logger';
+import { BitError } from '@teambit/bit-error';
+import { isValidScopeName } from '@teambit/legacy-bit-id';
+import { prompt } from 'enquirer';
+import type { Workspace } from '../workspace';
+
+const BUILTIN_TRUSTED_PATTERNS = ['teambit.*', 'bitdev.*', 'learn-bit-react.*', 'bitdesign.*', 'frontend.*'];
+
+const WORKSPACE_ASPECT_ID = 'teambit.workspace/workspace';
+
+const TRUSTED_SCOPES_KEY = 'trustedScopes';
+
+export type TrustedScopesGroups = {
+  /** patterns built into Bit (e.g. `teambit.*`, `bitdev.*`) */
+  builtin: string[];
+  /** owner wildcard inferred from `defaultScope` (e.g. `acme.frontend` → `acme.*`) */
+  owner: string[];
+  /** patterns explicitly configured in `workspace.jsonc` under `trustedScopes` */
+  configured: string[];
+};
+
+/**
+ * Workspace-level scope-trust policy. Opt-in: when the `trustedScopes` key is
+ * present in workspace.jsonc (even as an empty array), the aspect-load gate
+ * is active. When the key is absent, no gate runs and any aspect loads.
+ *
+ * Once opted in, a scope is trusted if it matches any pattern in:
+ * - the builtin set (e.g. `teambit.*`, `bitdev.*`; see `BUILTIN_TRUSTED_PATTERNS`),
+ * - the pattern derived from the workspace's `defaultScope`
+ *   (e.g. `acme.frontend` → `acme.*`; legacy dotless `my-scope` → `my-scope`),
+ * - the `trustedScopes` array configured in workspace.jsonc.
+ *
+ * Patterns are exact (`acme.frontend`) or owner wildcard (`acme.*`).
+ *
+ * Wired into `ScopeMain` via `setAspectLoadGuard`; the guard runs in the
+ * aspect-loader path so untrusted aspects never reach `require()`.
+ */
+export class ScopeTrust {
+  private deniedThisRun = new Set<string>();
+
+  constructor(
+    private workspace: Workspace,
+    private logger: Logger
+  ) {}
+
+  /**
+   * `true` when the workspace has opted in (the `trustedScopes` key is present
+   * in workspace.jsonc, even as an empty array). When `false`, the aspect-load
+   * gate is a no-op.
+   */
+  isOptedIn(): boolean {
+    return Object.prototype.hasOwnProperty.call(this.readExt(), TRUSTED_SCOPES_KEY);
+  }
+
+  /**
+   * Effective trust list, broken down by source. Useful for both internal
+   * checks and the `bit scope trust list` UX.
+   */
+  getEffectiveTrustedPatterns(): TrustedScopesGroups {
+    const ext = this.readExt();
+    const configured = Array.isArray(ext[TRUSTED_SCOPES_KEY]) ? (ext[TRUSTED_SCOPES_KEY] as string[]).slice() : [];
+    const owner = this.getInferredOwnerPattern();
+    return {
+      builtin: BUILTIN_TRUSTED_PATTERNS.slice(),
+      owner: owner ? [owner] : [],
+      configured,
+    };
+  }
+
+  /**
+   * True iff `scopeName` matches any pattern in the effective trust list.
+   * `scopeName` is expected to be the bare scope (e.g. `acme.frontend`).
+   */
+  isScopeTrusted(scopeName: string): boolean {
+    if (!scopeName) return false;
+    const groups = this.getEffectiveTrustedPatterns();
+    const all = [...groups.builtin, ...groups.owner, ...groups.configured];
+    return all.some((pattern) => ScopeTrust.matchesPattern(scopeName, pattern));
+  }
+
+  /**
+   * Pattern matcher. Two forms:
+   * - exact: `acme.frontend` matches only `acme.frontend`.
+   * - owner wildcard: `acme.*` matches `acme.<anything>`.
+   */
+  static matchesPattern(scopeName: string, pattern: string): boolean {
+    if (pattern === scopeName) return true;
+    if (pattern.endsWith('.*')) {
+      const owner = pattern.slice(0, -2);
+      return scopeName.startsWith(`${owner}.`);
+    }
+    return false;
+  }
+
+  /** Opt the workspace in by writing `trustedScopes: []` (idempotent). */
+  async enable(): Promise<void> {
+    if (this.isOptedIn()) return;
+    await this.writeExtPatch({ [TRUSTED_SCOPES_KEY]: [] }, 'enable scope-trust');
+  }
+
+  /**
+   * Opt the workspace out by removing the `trustedScopes` key (idempotent).
+   * Uses `overrideExisting` because key deletion isn't expressible via
+   * `mergeIntoExisting`; comments on other keys may be reformatted as a result.
+   */
+  async disable(): Promise<void> {
+    if (!this.isOptedIn()) return;
+    const updated = { ...this.readExt() };
+    delete updated[TRUSTED_SCOPES_KEY];
+    const wsConfig = this.workspace.getWorkspaceConfig();
+    wsConfig.setExtension(WORKSPACE_ASPECT_ID, updated, { overrideExisting: true, ignoreVersion: true });
+    await wsConfig.write({ reasonForChange: 'disable scope-trust' });
+  }
+
+  /** Add `pattern` to `trustedScopes` (auto-enables if not yet). */
+  async addTrustedScope(pattern: string): Promise<void> {
+    if (!ScopeTrust.isValidPattern(pattern)) {
+      throw new BitError(
+        `invalid scope pattern: "${pattern}". use an exact scope name (e.g. "acme.frontend" or "my-scope") or an owner wildcard (e.g. "acme.*").`
+      );
+    }
+    await this.mutateConfiguredList(
+      (list) => (list.includes(pattern) ? null : [...list, pattern]),
+      `add trusted scope ${pattern}`
+    );
+  }
+
+  /**
+   * Remove `pattern` from `trustedScopes`. Leaves the key in place even if
+   * the list becomes empty — use `disable()` to fully turn the gate off.
+   */
+  async removeTrustedScope(pattern: string): Promise<void> {
+    await this.mutateConfiguredList(
+      (list) => (list.includes(pattern) ? list.filter((p) => p !== pattern) : null),
+      `remove trusted scope ${pattern}`
+    );
+  }
+
+  /**
+   * Build the aspect-load guard. No-op when not opted in. When opted in:
+   * untrusted scopes get a TTY prompt to extend the trust list, or in
+   * non-TTY contexts an instructional error.
+   */
+  createGuard(): (componentId: ComponentID) => Promise<void> {
+    return async (componentId: ComponentID) => {
+      if (!this.isOptedIn()) return;
+      const scopeName = componentId.scope;
+      if (this.isScopeTrusted(scopeName)) return;
+
+      const deny = (): never => {
+        throw makeUntrustedError(scopeName, componentId);
+      };
+
+      // The user's answer is persisted to workspace.jsonc on accept; remember
+      // a denial so we don't re-prompt for the same scope in this run.
+      if (this.deniedThisRun.has(scopeName)) deny();
+
+      const isInteractive = Boolean(process.stdin.isTTY) && Boolean(process.stdout.isTTY);
+      if (!isInteractive) deny();
+
+      const accepted = await this.promptForTrust(scopeName, componentId);
+      if (!accepted) {
+        this.deniedThisRun.add(scopeName);
+        deny();
+      }
+      await this.addTrustedScope(scopeName);
+      this.logger.consoleSuccess(`added "${scopeName}" to trustedScopes in workspace.jsonc`);
+    };
+  }
+
+  private readExt(): Record<string, unknown> {
+    try {
+      return (this.workspace.getWorkspaceConfig().extension(WORKSPACE_ASPECT_ID, true) || {}) as Record<
+        string,
+        unknown
+      >;
+    } catch {
+      return {};
+    }
+  }
+
+  /**
+   * Apply `mutator` to the current `trustedScopes` list. If the mutator
+   * returns `null`, treat the call as a no-op (idempotent fast path).
+   * Uses `mergeIntoExisting` so other keys' comments are preserved.
+   */
+  private async mutateConfiguredList(mutator: (list: string[]) => string[] | null, reason: string): Promise<void> {
+    const ext = this.readExt();
+    const current: string[] = Array.isArray(ext[TRUSTED_SCOPES_KEY]) ? (ext[TRUSTED_SCOPES_KEY] as string[]) : [];
+    const next = mutator(current);
+    if (next === null) return;
+    await this.writeExtPatch({ [TRUSTED_SCOPES_KEY]: next }, reason);
+  }
+
+  private async writeExtPatch(patch: Record<string, unknown>, reason: string): Promise<void> {
+    const wsConfig = this.workspace.getWorkspaceConfig();
+    wsConfig.setExtension(WORKSPACE_ASPECT_ID, patch, { mergeIntoExisting: true, ignoreVersion: true });
+    await wsConfig.write({ reasonForChange: reason });
+  }
+
+  /**
+   * Returns the trust pattern derived from the workspace's `defaultScope`:
+   * - `acme.frontend` → `acme.*` (owner wildcard)
+   * - `my-scope` (legacy dotless) → `my-scope` (exact match)
+   * - empty / unset → undefined
+   */
+  private getInferredOwnerPattern(): string | undefined {
+    const defaultScope = this.workspace.defaultScope;
+    if (!defaultScope) return undefined;
+    if (!defaultScope.includes('.')) return defaultScope;
+    const owner = defaultScope.split('.')[0];
+    if (!owner) return undefined;
+    return `${owner}.*`;
+  }
+
+  private async promptForTrust(scopeName: string, componentId: ComponentID): Promise<boolean> {
+    try {
+      const response = (await prompt({
+        type: 'toggle',
+        name: 'trust',
+        message:
+          `Aspect ${componentId.toString()} comes from scope "${scopeName}", which isn't on your workspace's trusted list.\n` +
+          `Trust "${scopeName}" and add it to workspace.jsonc?`,
+        enabled: 'Yes',
+        disabled: 'No',
+        initial: false,
+        // The `toggle` prompt's option type isn't exported by enquirer's main
+        // typings; cast just the literal so the rest of the call stays typed.
+      } as Parameters<typeof prompt>[0])) as { trust: boolean };
+      return Boolean(response.trust);
+    } catch {
+      // user cancelled the prompt (Ctrl+C etc.)
+      return false;
+    }
+  }
+
+  static isValidPattern(pattern: string): boolean {
+    if (!pattern || typeof pattern !== 'string') return false;
+    if (pattern.endsWith('.*')) {
+      const owner = pattern.slice(0, -2);
+      // wildcard must be a single owner segment ("acme.*"), not nested
+      // ("acme.frontend.*") — the matcher only consults scope owners.
+      if (owner.includes('.')) return false;
+      return isValidScopeName(owner);
+    }
+    // exact match: "acme.frontend" or dotless legacy "my-scope".
+    return isValidScopeName(pattern);
+  }
+}
+
+function makeUntrustedError(scopeName: string, componentId: ComponentID): BitError {
+  return new BitError(
+    `cannot load aspect ${componentId.toString()}: scope "${scopeName}" isn't on the workspace's trusted list.\n` +
+      `\n` +
+      `to trust this scope, run:\n` +
+      `  bit scope trust add ${scopeName}\n` +
+      `or add it to "trustedScopes" under "${WORKSPACE_ASPECT_ID}" in workspace.jsonc.`
+  );
+}