@velvetmonkey/flywheel-memory 2.0.116 → 2.0.118

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +8 -4
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -16096,8 +16096,9 @@ async function executeCreateNote(params, vaultPath2, context) {
16096
16096
  const frontmatter = params.frontmatter || {};
16097
16097
  const overwrite = Boolean(params.overwrite);
16098
16098
  const skipWikilinks = Boolean(params.skipWikilinks);
16099
- if (!validatePath(vaultPath2, notePath)) {
16100
- return { success: false, message: "Invalid path: path traversal not allowed", path: notePath };
16099
+ const pathCheck = await validatePathSecure(vaultPath2, notePath);
16100
+ if (!pathCheck.valid) {
16101
+ return { success: false, message: `Path blocked: ${pathCheck.reason}`, path: notePath };
16101
16102
  }
16102
16103
  const fullPath = path27.join(vaultPath2, notePath);
16103
16104
  try {
@@ -16124,8 +16125,9 @@ async function executeDeleteNote(params, vaultPath2) {
16124
16125
  if (!confirm) {
16125
16126
  return { success: false, message: "Deletion requires explicit confirmation (confirm=true)", path: notePath };
16126
16127
  }
16127
- if (!validatePath(vaultPath2, notePath)) {
16128
- return { success: false, message: "Invalid path: path traversal not allowed", path: notePath };
16128
+ const pathCheck = await validatePathSecure(vaultPath2, notePath);
16129
+ if (!pathCheck.valid) {
16130
+ return { success: false, message: `Path blocked: ${pathCheck.reason}`, path: notePath };
16129
16131
  }
16130
16132
  const fullPath = path27.join(vaultPath2, notePath);
16131
16133
  try {
@@ -16443,6 +16445,8 @@ async function executePolicy(policy, vaultPath2, variables, commit = false, sear
16443
16445
  }
16444
16446
  async function rollbackChanges(vaultPath2, originalContents, filesModified) {
16445
16447
  for (const filePath of filesModified) {
16448
+ const pathCheck = await validatePathSecure(vaultPath2, filePath);
16449
+ if (!pathCheck.valid) continue;
16446
16450
  const original = originalContents.get(filePath);
16447
16451
  const fullPath = path27.join(vaultPath2, filePath);
16448
16452
  if (original === null) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@velvetmonkey/flywheel-memory",
3
- "version": "2.0.116",
3
+ "version": "2.0.118",
4
4
  "description": "MCP server that gives Claude full read/write access to your Obsidian vault. Select from 69 tools for search, backlinks, graph queries, mutations, agent memory, and hybrid semantic search.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",