npm - @topogram/cli - Versions diffs - 0.3.39 → 0.3.40 - Mend

@topogram/cli 0.3.39 → 0.3.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@topogram/cli",
-  "version": "0.3.39",
+  "version": "0.3.40",
   "description": "Topogram CLI for checking Topogram workspaces and generating app bundles.",
   "license": "Apache-2.0",
   "repository": {

package/src/cli.js CHANGED Viewed

@@ -6170,7 +6170,7 @@ function buildTemplateCheckPayload(templateSpec) {
         configDir: projectConfigInfo.configDir
       }
     : null;
-  if (implementationInfo && implementationRequiresTrust(implementationInfo)) {
+  if (implementationInfo && implementationRequiresTrust(implementationInfo, projectConfigInfo.config)) {
     const trustStatus = getTemplateTrustStatus(implementationInfo, projectConfigInfo.config);
     const trustDiagnostics = trustStatus.issues.map((issue) => templateCheckDiagnostic({
       code: "template_trust_invalid",
@@ -7796,7 +7796,7 @@ try {
         configPath: projectConfigInfo.configPath,
         configDir: projectConfigInfo.configDir
       };
-      if (implementationRequiresTrust(implementationInfo)) {
+      if (implementationRequiresTrust(implementationInfo, projectConfigInfo.config)) {
         const trustRecord = writeTemplateTrustRecord(projectConfigInfo.configDir, projectConfigInfo.config);
         console.log(`Wrote ${TEMPLATE_TRUST_FILE} for ${trustRecord.implementation.module}.`);
         if (trustRecord.template.id) {

package/src/new-project.js CHANGED Viewed

@@ -331,6 +331,34 @@ function readTemplateManifest(templateRoot) {
   return validateTemplateManifest(JSON.parse(fs.readFileSync(manifestPath, "utf8")));
 }
+/**
+ * @param {string} root
+ * @param {string} currentDir
+ * @param {string} label
+ * @param {string} templateId
+ * @returns {void}
+ */
+function assertTemplateTreeHasNoSymlinks(root, currentDir, label, templateId) {
+  const rootStat = fs.lstatSync(currentDir);
+  const relativeRoot = path.relative(root, currentDir).replace(/\\/g, "/") || label;
+  if (rootStat.isSymbolicLink()) {
+    throw new Error(`Template '${templateId}' contains unsupported symlink '${relativeRoot}'.`);
+  }
+  if (!rootStat.isDirectory()) {
+    return;
+  }
+  for (const entry of fs.readdirSync(currentDir, { withFileTypes: true })) {
+    const entryPath = path.join(currentDir, entry.name);
+    const relativePath = path.relative(root, entryPath).replace(/\\/g, "/");
+    if (entry.isSymbolicLink()) {
+      throw new Error(`Template '${templateId}' contains unsupported symlink '${relativePath}'.`);
+    }
+    if (entry.isDirectory()) {
+      assertTemplateTreeHasNoSymlinks(root, entryPath, label, templateId);
+    }
+  }
+}
 /**
  * @param {string} templateRoot
  * @returns {TemplateManifest}
@@ -339,19 +367,30 @@ function validateTemplateRoot(templateRoot) {
   const manifest = readTemplateManifest(templateRoot);
   const topogramRoot = path.join(templateRoot, "topogram");
   const projectConfigPath = path.join(templateRoot, "topogram.project.json");
+  if (fs.existsSync(topogramRoot) && fs.lstatSync(topogramRoot).isSymbolicLink()) {
+    throw new Error(`Template '${manifest.id}' contains unsupported symlink 'topogram'.`);
+  }
+  if (fs.existsSync(projectConfigPath) && fs.lstatSync(projectConfigPath).isSymbolicLink()) {
+    throw new Error(`Template '${manifest.id}' contains unsupported symlink 'topogram.project.json'.`);
+  }
   if (!fs.existsSync(topogramRoot) || !fs.statSync(topogramRoot).isDirectory()) {
     throw new Error(`Template '${manifest.id}' is missing topogram/.`);
   }
   if (!fs.existsSync(projectConfigPath) || !fs.statSync(projectConfigPath).isFile()) {
     throw new Error(`Template '${manifest.id}' is missing topogram.project.json.`);
   }
+  assertTemplateTreeHasNoSymlinks(templateRoot, topogramRoot, "topogram", manifest.id);
   if (manifest.includesExecutableImplementation) {
     const implementationRoot = path.join(templateRoot, "implementation");
+    if (fs.existsSync(implementationRoot) && fs.lstatSync(implementationRoot).isSymbolicLink()) {
+      throw new Error(`Template '${manifest.id}' contains unsupported symlink 'implementation'.`);
+    }
     if (!fs.existsSync(implementationRoot) || !fs.statSync(implementationRoot).isDirectory()) {
       throw new Error(
         `Template '${manifest.id}' declares executable implementation code but is missing implementation/.`
       );
     }
+    assertTemplateTreeHasNoSymlinks(templateRoot, implementationRoot, "implementation", manifest.id);
   } else {
     const implementationRoot = path.join(templateRoot, "implementation");
     if (fs.existsSync(implementationRoot) && fs.statSync(implementationRoot).isDirectory()) {
@@ -1129,6 +1168,9 @@ function collectFiles(root, currentDir, files) {
       continue;
     }
     const entryPath = path.join(currentDir, entry.name);
+    if (entry.isSymbolicLink()) {
+      throw new Error(`Template-owned files cannot include symlink '${path.relative(root, entryPath).replace(/\\/g, "/")}'.`);
+    }
     if (entry.isDirectory()) {
       collectFiles(root, entryPath, files);
       continue;

package/src/template-trust.js CHANGED Viewed

@@ -185,12 +185,16 @@ function collectImplementationFiles(implementationRoot, currentDir, files) {
       continue;
     }
     const entryPath = path.join(currentDir, entry.name);
+    const relativePath = normalizeRelativePath(path.relative(implementationRoot, entryPath));
+    if (entry.isSymbolicLink()) {
+      throw new Error(`Template implementation contains unsupported symlink '${relativePath}'.`);
+    }
     if (entry.isDirectory()) {
       collectImplementationFiles(implementationRoot, entryPath, files);
       continue;
     }
     if (entry.isFile()) {
-      files.push(normalizeRelativePath(path.relative(implementationRoot, entryPath)));
+      files.push(relativePath);
     }
   }
 }
@@ -250,17 +254,38 @@ export function implementationTrustFingerprint(config) {
   };
 }
+/**
+ * @param {{ config: Record<string, any>, configDir: string }} implementationInfo
+ * @param {Record<string, any>|null} [projectConfig]
+ * @returns {boolean}
+ */
+export function implementationRequiresTrust(implementationInfo, projectConfig = null) {
+  const fingerprint = implementationTrustFingerprint(implementationInfo.config);
+  const modulePath = path.resolve(implementationInfo.configDir, fingerprint.module);
+  const implementationRoot = path.resolve(implementationInfo.configDir, "implementation");
+  return isSameOrInside(implementationRoot, modulePath) || projectHasTemplateAttachment(projectConfig);
+}
 /**
  * @param {{ config: Record<string, any>, configDir: string }} implementationInfo
  * @returns {boolean}
  */
-export function implementationRequiresTrust(implementationInfo) {
+function implementationModuleIsUnderRoot(implementationInfo) {
   const fingerprint = implementationTrustFingerprint(implementationInfo.config);
   const modulePath = path.resolve(implementationInfo.configDir, fingerprint.module);
   const implementationRoot = path.resolve(implementationInfo.configDir, "implementation");
   return isSameOrInside(implementationRoot, modulePath);
 }
+/**
+ * @param {Record<string, any>|null} projectConfig
+ * @returns {boolean}
+ */
+function projectHasTemplateAttachment(projectConfig) {
+  const template = projectConfig?.template || null;
+  return Boolean(template?.id || template?.sourceSpec || template?.requested);
+}
 /**
  * @param {string} configDir
  * @returns {TemplateTrustRecord|null}
@@ -312,6 +337,14 @@ export function writeTemplateTrustRecord(configDir, projectConfig) {
   if (!implementationConfig) {
     throw new Error("Cannot trust template implementation because topogram.project.json has no implementation config.");
   }
+  const implementationInfo = {
+    config: implementationConfig,
+    configDir
+  };
+  if (!implementationModuleIsUnderRoot(implementationInfo)) {
+    const implementation = implementationTrustFingerprint(implementationConfig);
+    throw new Error(`Template implementation module '${implementation.module}' must be under implementation/.`);
+  }
   const implementation = implementationTrustFingerprint(implementationConfig);
   const record = buildTrustRecord(configDir, projectConfig, implementation);
   fs.writeFileSync(path.join(configDir, TEMPLATE_TRUST_FILE), `${JSON.stringify(record, null, 2)}\n`, "utf8");
@@ -393,7 +426,8 @@ function implementationReviewFile(configDir, relativePath, file) {
  * @returns {{ ok: boolean, requiresTrust: boolean, trustPath: string, trustRecord: TemplateTrustRecord|null, template: { id: string|null, version: string|null, source: string|null, sourceSpec: string|null, requested: string|null, sourceRoot: string|null, catalog?: Record<string, any>|null, includesExecutableImplementation: boolean|null }, implementation: { id: string|null, module: string|null, export: string|null }, content: { trustedDigest: string|null, currentDigest: string|null, added: string[], removed: string[], changed: string[] }, issues: string[] }}
  */
 export function getTemplateTrustStatus(implementationInfo, projectConfig = null) {
-  if (!implementationRequiresTrust(implementationInfo)) {
+  const templateAttached = projectHasTemplateAttachment(projectConfig);
+  if (!implementationRequiresTrust(implementationInfo, projectConfig)) {
     return {
       ok: true,
       requiresTrust: false,
@@ -406,6 +440,7 @@ export function getTemplateTrustStatus(implementationInfo, projectConfig = null)
     };
   }
   const fingerprint = implementationTrustFingerprint(implementationInfo.config);
+  const moduleInsideImplementation = implementationModuleIsUnderRoot(implementationInfo);
   const trustRecord = readTemplateTrustRecord(implementationInfo.configDir);
   const configLabel = implementationInfo.configPath || "topogram.project.json";
   const trustPath = path.join(implementationInfo.configDir, TEMPLATE_TRUST_FILE);
@@ -415,6 +450,12 @@ export function getTemplateTrustStatus(implementationInfo, projectConfig = null)
   /** @type {{ trustedDigest: string|null, currentDigest: string|null, added: string[], removed: string[], changed: string[] }} */
   const contentStatus = { trustedDigest: null, currentDigest: null, added: [], removed: [], changed: [] };
+  if (templateAttached && !moduleInsideImplementation) {
+    issues.push(
+      `Template implementation module '${fingerprint.module}' must be under implementation/ for template-attached projects`
+    );
+  }
   if (!trustRecord) {
     issues.push(
       `Refusing to load executable implementation '${fingerprint.module}' from ${normalizeRoot(configLabel)} without ${TEMPLATE_TRUST_FILE}`
@@ -441,7 +482,10 @@ export function getTemplateTrustStatus(implementationInfo, projectConfig = null)
       issues.push(`${TEMPLATE_TRUST_FILE} trusts template version '${trustRecord.template?.version}', but topogram.project.json declares '${projectTemplate.version}'`);
     }
-    if (!trustRecord.content) {
+    if (!moduleInsideImplementation) {
+      // The module itself is outside the only supported trust root. Do not
+      // pretend the implementation/ content digest covers the executable code.
+    } else if (!trustRecord.content) {
       issues.push(`${TEMPLATE_TRUST_FILE} is missing implementation content hashes`);
     } else if (trustRecord.content.algorithm !== "sha256") {
       issues.push(`${TEMPLATE_TRUST_FILE} uses unsupported content hash algorithm '${trustRecord.content.algorithm}'`);