@venturewild/workspace 0.6.8 → 0.6.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@venturewild/workspace",
-  "version": "0.6.8",
+  "version": "0.6.9",
   "description": "Claude Code Web — Replit/Lovable-style chat-first browser UI that wraps the AI agent already installed on your machine.",
   "license": "MIT",
   "bin": {

package/server/src/index.mjs

@@ -10,6 +10,7 @@ import { serve } from '@hono/node-server';
 import { WebSocketServer } from 'ws';
 import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, unlinkSync } from 'node:fs';
 import path from 'node:path';
+import os from 'node:os';
 import url from 'node:url';
 import {
   buildConfig,
@@ -32,6 +33,7 @@ import {
 import { PairingStore } from './pairing.mjs';
 import { verifyGoogleVouch, emailMatches } from './google-vouch.mjs';
 import { listDir, readFile, fullTree, workspaceSummary, safeResolve } from './fs.mjs';
+import { browseDir, browseRoots } from './lobby-browse.mjs';
 import { InboxWatcher } from './inbox.mjs';
 import { ActivityBus } from './activity.mjs';
 import { createWorkspacePresence } from './workspace-presence.mjs';
@@ -2043,11 +2045,13 @@ export async function createServer(overrides = {}) {
   // --- lobby: the per-install workspace list (lobby M1) ---
   // One install holds many local workspaces; the lobby lists them and the user
   // picks one to enter (the client then sends X-Workspace-Id to re-root the agent,
-  // files, and chat). Creating is a HOST action — the folder lives on THIS machine
-  // — so it's refused for remote/tunnel requests; entering an existing one works
-  // from anywhere. Gated on `fileTree` (owner-level: never expose the host's other
-  // projects to a shared-link viewer/client). Distinct origin from the bmo-sync
-  // rails `/api/workspaces/*` (those live on the sync server).
+  // files, and chat). Creating/opening a workspace targets THIS serving machine,
+  // which identity-first routing guarantees is the owner's OWN host — so the authed
+  // OWNER may create-by-name AND open-an-existing-folder from any device (0.6.7 +
+  // the 2026-06-18 open-by-path fix); entering an existing one works from anywhere.
+  // Gated on `fileTree` (owner-level: never expose the host's other projects to a
+  // shared-link viewer/client). Distinct origin from the bmo-sync rails
+  // `/api/workspaces/*` (those live on the sync server).
   const lobbyBootTime = Date.now();
   function isHostRequest(c) {
     const src = c.get('session')?.source;
@@ -2131,15 +2135,20 @@ export async function createServer(overrides = {}) {
     const name = typeof body.name === 'string' ? body.name.trim() : '';
     const dir = typeof body.dir === 'string' ? body.dir.trim() : '';
     if (!name && !dir) return c.json({ error: 'name_or_dir_required' }, 400);
-    // Open-an-existing-folder-by-PATH stays HOST-only: it would let a remote
-    // session reach into the host's disk (design §5.3 — a host never exposes disk
-    // outside the shared folder). Create-by-NAME is allowed for the authenticated
-    // owner from ANY device: the folder is created on THIS serving host
-    // (~/Workspaces/<name>), which identity-first routing guarantees is the
-    // member's OWN host (§5.1 "authorization = membership, not device-binding";
-    // §5.2 "a member's every device → their own host"). `fileTree` above already
-    // limits this to owner-level — never a shared-link viewer.
-    if (dir && !isHostRequest(c)) {
+    // Open-an-existing-folder-by-PATH: the authenticated OWNER may do this from ANY
+    // device, exactly like create-by-name. The path resolves on THIS serving host,
+    // which identity-first routing guarantees is the owner's OWN machine (§5.1
+    // "authorize on membership, not device"; §5.2 "a member's every device → their
+    // own host"), and the partner role already holds the file tree AND a terminal on
+    // that host — so opening one of their own folders grants nothing new. The old
+    // host-only gate conflated "remote owner" with "shared-link viewer": the
+    // `fileTree` guard above already bars viewers/clients (same bug class as the
+    // 0.6.7 create-by-name fix; supersedes the §5.3 host-only note for the owner).
+    // The consented OPERATOR support channel is deliberately still NOT allowed to
+    // open arbitrary host folders by path — that reaches beyond its diagnose/
+    // remediate scope. So: the owner from anywhere, or the on-box host.
+    const isOwner = c.get('role') === ROLES.PARTNER;
+    if (dir && !isOwner && !isHostRequest(c)) {
       return c.json(
         {
           error: 'host_only',
@@ -2164,6 +2173,33 @@ export async function createServer(overrides = {}) {
     }
   });
 
+  // Folder picker for "open an existing folder": browse the SERVING host's
+  // directories so the owner navigates + picks a folder instead of typing a path.
+  // Gated identically to open-by-path — the authed OWNER from any device, or the
+  // on-box host; never a viewer/client (`require` fileTree) and never the operator
+  // (it would let a support session enumerate the whole host disk). The owner
+  // already holds a terminal + file tree on its own host, so this is no new reach.
+  app.get('/api/lobby/browse', (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    const isOwner = c.get('role') === ROLES.PARTNER;
+    if (!isOwner && !isHostRequest(c)) {
+      return c.json(
+        { error: 'host_only', message: 'Browsing folders is available to the workspace owner.' },
+        403,
+      );
+    }
+    const home = os.homedir();
+    const workspacesHome = registryEnv.WILD_WORKSPACE_HOME || path.join(home, 'Workspaces');
+    const reqPath = c.req.query('path');
+    try {
+      const listing = browseDir(reqPath && reqPath.trim() ? reqPath.trim() : home);
+      return c.json({ ...listing, roots: browseRoots({ home, workspacesHome }) });
+    } catch (e) {
+      return c.json({ error: e.code || 'browse_failed', message: String(e.message || e) }, 400);
+    }
+  });
+
   app.post('/api/lobby/workspaces/:id/open', (c) => {
     const forbidden = require(c, 'fileTree');
     if (forbidden) return forbidden;

package/server/src/lobby-browse.mjs

@@ -0,0 +1,90 @@
+// Folder picker backend for the lobby's "open an existing folder".
+//
+// Lists DIRECTORIES on the serving host so the owner can navigate + pick a folder
+// to open as a workspace, instead of typing an absolute path (the bug Tuan hit:
+// from the public URL there was no picker, only "name a new workspace", so an
+// existing folder silently became a new empty one).
+//
+// Host-WIDE, NOT rooted to a workspace — so it is OWNER-gated at the route (the
+// same identity gate as open-by-path). That's safe: the partner role already holds
+// a terminal + file tree on its own host, so enumerating its own directories
+// exposes nothing new. Directories only (you open a folder); hidden/dot entries
+// skipped; an unreadable child is skipped rather than failing the whole listing.
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+function isDirSafe(p) {
+  try {
+    return fs.statSync(p).isDirectory();
+  } catch {
+    return false;
+  }
+}
+
+// Quick-access roots offered beside the listing — only the ones that actually
+// exist, de-duped by resolved path (Home/Desktop/Documents can coincide).
+export function browseRoots({ home, workspacesHome } = {}) {
+  const candidates = [
+    { name: 'Home', dir: home },
+    { name: 'Desktop', dir: home && path.join(home, 'Desktop') },
+    { name: 'Documents', dir: home && path.join(home, 'Documents') },
+    { name: 'Workspaces', dir: workspacesHome },
+  ];
+  const seen = new Set();
+  const out = [];
+  for (const r of candidates) {
+    if (!r.dir) continue;
+    const abs = path.resolve(r.dir);
+    if (seen.has(abs) || !isDirSafe(abs)) continue;
+    seen.add(abs);
+    out.push({ name: r.name, dir: abs });
+  }
+  return out;
+}
+
+// List the immediate sub-directories of `target` (absolute path). Returns
+// `{ path, parent, entries:[{name,dir}] }` — `parent` is null at a filesystem
+// root (so the UI knows it can't go up). Throws an Error with `.code` for the
+// route to map to a status: 'not_found' | 'not_a_directory' | 'unreadable'.
+export function browseDir(target) {
+  if (typeof target !== 'string' || !target.trim()) {
+    const e = new Error('a folder path is required');
+    e.code = 'not_found';
+    throw e;
+  }
+  const abs = path.resolve(target);
+  let stat;
+  try {
+    stat = fs.statSync(abs);
+  } catch {
+    const e = new Error(`folder not found: ${abs}`);
+    e.code = 'not_found';
+    throw e;
+  }
+  if (!stat.isDirectory()) {
+    const e = new Error(`not a folder: ${abs}`);
+    e.code = 'not_a_directory';
+    throw e;
+  }
+  let dirents;
+  try {
+    dirents = fs.readdirSync(abs, { withFileTypes: true });
+  } catch (err) {
+    const e = new Error(String(err?.message || err));
+    e.code = 'unreadable';
+    throw e;
+  }
+  const entries = dirents
+    .filter((d) => {
+      if (d.name.startsWith('.')) return false; // hidden / dotfolders
+      if (d.isDirectory()) return true;
+      // Follow symlinks: a link to a directory is still a pickable folder.
+      if (d.isSymbolicLink()) return isDirSafe(path.join(abs, d.name));
+      return false;
+    })
+    .map((d) => ({ name: d.name, dir: path.join(abs, d.name) }))
+    .sort((a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: 'base' }));
+  const parent = path.dirname(abs);
+  return { path: abs, parent: parent !== abs ? parent : null, entries };
+}