@wonderwhy-er/desktop-commander 0.1.33 → 0.1.35

package/dist/handlers/filesystem-handlers.js

@@ -1,6 +1,19 @@
-import { readFile, readMultipleFiles, writeFile, createDirectory, listDirectory, moveFile, searchFiles, getFileInfo, listAllowedDirectories } from '../tools/filesystem.js';
+import { readFile, readMultipleFiles, writeFile, createDirectory, listDirectory, moveFile, searchFiles, getFileInfo } from '../tools/filesystem.js';
 import { withTimeout } from '../utils.js';
+import { createErrorResponse } from '../error-handlers.js';
 import { ReadFileArgsSchema, ReadMultipleFilesArgsSchema, WriteFileArgsSchema, CreateDirectoryArgsSchema, ListDirectoryArgsSchema, MoveFileArgsSchema, SearchFilesArgsSchema, GetFileInfoArgsSchema } from '../tools/schemas.js';
+/**
+ * Helper function to check if path contains an error
+ */
+function isErrorPath(path) {
+    return path.startsWith('__ERROR__:');
+}
+/**
+ * Extract error message from error path
+ */
+function getErrorFromPath(path) {
+    return path.substring('__ERROR__:'.length).trim();
+}
 /**
  * Handle read_file command
  */
@@ -8,8 +21,7 @@ export async function handleReadFile(args) {
     const HANDLER_TIMEOUT = 60000; // 60 seconds total operation timeout
     const readFileOperation = async () => {
         const parsed = ReadFileArgsSchema.parse(args);
-        // Explicitly cast the result to FileResult since we're passing true
-        const fileResult = await readFile(parsed.path, true, parsed.isUrl);
+        const fileResult = await readFile(parsed.path, parsed.isUrl);
         if (fileResult.isImage) {
             // For image files, return as an image content type
             return {
@@ -34,9 +46,12 @@ export async function handleReadFile(args) {
         }
     };
     // Execute with timeout at the handler level
-    return await withTimeout(readFileOperation(), HANDLER_TIMEOUT, 'Read file handler operation', {
-        content: [{ type: "text", text: `Operation timed out after ${HANDLER_TIMEOUT / 1000} seconds. The file might be too large or on a slow/unresponsive storage device.` }],
-    });
+    const result = await withTimeout(readFileOperation(), HANDLER_TIMEOUT, 'Read file handler operation', null);
+    if (result == null) {
+        // Handles the impossible case where withTimeout resolves to null instead of throwing
+        throw new Error('Failed to read the file');
+    }
+    return result;
 }
 /**
  * Handle read_multiple_files command
@@ -86,94 +101,120 @@ export async function handleReadMultipleFiles(args) {
  * Handle write_file command
  */
 export async function handleWriteFile(args) {
-    const parsed = WriteFileArgsSchema.parse(args);
-    await writeFile(parsed.path, parsed.content);
-    return {
-        content: [{ type: "text", text: `Successfully wrote to ${parsed.path}` }],
-    };
+    try {
+        const parsed = WriteFileArgsSchema.parse(args);
+        await writeFile(parsed.path, parsed.content);
+        return {
+            content: [{ type: "text", text: `Successfully wrote to ${parsed.path}` }],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return createErrorResponse(errorMessage);
+    }
 }
 /**
  * Handle create_directory command
  */
 export async function handleCreateDirectory(args) {
-    const parsed = CreateDirectoryArgsSchema.parse(args);
-    await createDirectory(parsed.path);
-    return {
-        content: [{ type: "text", text: `Successfully created directory ${parsed.path}` }],
-    };
+    try {
+        const parsed = CreateDirectoryArgsSchema.parse(args);
+        await createDirectory(parsed.path);
+        return {
+            content: [{ type: "text", text: `Successfully created directory ${parsed.path}` }],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return createErrorResponse(errorMessage);
+    }
 }
 /**
  * Handle list_directory command
  */
 export async function handleListDirectory(args) {
-    const parsed = ListDirectoryArgsSchema.parse(args);
-    const entries = await listDirectory(parsed.path);
-    return {
-        content: [{ type: "text", text: entries.join('\n') }],
-    };
+    try {
+        const parsed = ListDirectoryArgsSchema.parse(args);
+        const entries = await listDirectory(parsed.path);
+        return {
+            content: [{ type: "text", text: entries.join('\n') }],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return createErrorResponse(errorMessage);
+    }
 }
 /**
  * Handle move_file command
  */
 export async function handleMoveFile(args) {
-    const parsed = MoveFileArgsSchema.parse(args);
-    await moveFile(parsed.source, parsed.destination);
-    return {
-        content: [{ type: "text", text: `Successfully moved ${parsed.source} to ${parsed.destination}` }],
-    };
+    try {
+        const parsed = MoveFileArgsSchema.parse(args);
+        await moveFile(parsed.source, parsed.destination);
+        return {
+            content: [{ type: "text", text: `Successfully moved ${parsed.source} to ${parsed.destination}` }],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return createErrorResponse(errorMessage);
+    }
 }
 /**
  * Handle search_files command
  */
 export async function handleSearchFiles(args) {
-    const parsed = SearchFilesArgsSchema.parse(args);
-    const timeoutMs = parsed.timeoutMs || 30000; // 30 seconds default
-    // Apply timeout at the handler level
-    const searchOperation = async () => {
-        return await searchFiles(parsed.path, parsed.pattern);
-    };
-    // Use withTimeout at the handler level
-    const results = await withTimeout(searchOperation(), timeoutMs, 'File search operation', [] // Empty array as default on timeout
-    );
-    if (results.length === 0) {
-        // Similar approach as in handleSearchCode
-        if (timeoutMs > 0) {
+    try {
+        const parsed = SearchFilesArgsSchema.parse(args);
+        const timeoutMs = parsed.timeoutMs || 30000; // 30 seconds default
+        // Apply timeout at the handler level
+        const searchOperation = async () => {
+            return await searchFiles(parsed.path, parsed.pattern);
+        };
+        // Use withTimeout at the handler level
+        const results = await withTimeout(searchOperation(), timeoutMs, 'File search operation', [] // Empty array as default on timeout
+        );
+        if (results.length === 0) {
+            // Similar approach as in handleSearchCode
+            if (timeoutMs > 0) {
+                return {
+                    content: [{ type: "text", text: `No matches found or search timed out after ${timeoutMs}ms.` }],
+                };
+            }
             return {
-                content: [{ type: "text", text: `No matches found or search timed out after ${timeoutMs}ms.` }],
+                content: [{ type: "text", text: "No matches found" }],
             };
         }
         return {
-            content: [{ type: "text", text: "No matches found" }],
+            content: [{ type: "text", text: results.join('\n') }],
         };
     }
-    return {
-        content: [{ type: "text", text: results.join('\n') }],
-    };
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return createErrorResponse(errorMessage);
+    }
 }
 /**
  * Handle get_file_info command
  */
 export async function handleGetFileInfo(args) {
-    const parsed = GetFileInfoArgsSchema.parse(args);
-    const info = await getFileInfo(parsed.path);
-    return {
-        content: [{
-                type: "text",
-                text: Object.entries(info)
-                    .map(([key, value]) => `${key}: ${value}`)
-                    .join('\n')
-            }],
-    };
-}
-/**
- * Handle list_allowed_directories command
- */
-export function handleListAllowedDirectories() {
-    const directories = listAllowedDirectories();
-    return {
-        content: [{
-                type: "text",
-                text: `Allowed directories:\n${directories.join('\n')}`
-            }],
-    };
+    try {
+        const parsed = GetFileInfoArgsSchema.parse(args);
+        const info = await getFileInfo(parsed.path);
+        return {
+            content: [{
+                    type: "text",
+                    text: Object.entries(info)
+                        .map(([key, value]) => `${key}: ${value}`)
+                        .join('\n')
+                }],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return createErrorResponse(errorMessage);
+    }
 }
+// The listAllowedDirectories function has been removed
+// Use get_config to retrieve the allowedDirectories configuration

package/dist/handlers/index.d.ts

@@ -1,5 +1,4 @@
 export * from './filesystem-handlers.js';
 export * from './terminal-handlers.js';
 export * from './process-handlers.js';
-export * from './command-handlers.js';
 export * from './edit-search-handlers.js';

package/dist/handlers/index.js

@@ -2,5 +2,4 @@
 export * from './filesystem-handlers.js';
 export * from './terminal-handlers.js';
 export * from './process-handlers.js';
-export * from './command-handlers.js';
 export * from './edit-search-handlers.js';

package/dist/handlers/process-handlers.d.ts

@@ -1,18 +1,9 @@
+import { ServerResult } from '../types.js';
 /**
  * Handle list_processes command
  */
-export declare function handleListProcesses(): Promise<{
-    content: Array<{
-        type: string;
-        text: string;
-    }>;
-}>;
+export declare function handleListProcesses(): Promise<ServerResult>;
 /**
  * Handle kill_process command
  */
-export declare function handleKillProcess(args: unknown): Promise<{
-    content: {
-        type: string;
-        text: string;
-    }[];
-}>;
+export declare function handleKillProcess(args: unknown): Promise<ServerResult>;

package/dist/handlers/terminal-handlers.d.ts

@@ -1,36 +1,17 @@
+import { ServerResult } from '../types.js';
 /**
  * Handle execute_command command
  */
-export declare function handleExecuteCommand(args: unknown): Promise<{
-    content: {
-        type: string;
-        text: string;
-    }[];
-}>;
+export declare function handleExecuteCommand(args: unknown): Promise<ServerResult>;
 /**
  * Handle read_output command
  */
-export declare function handleReadOutput(args: unknown): Promise<{
-    content: {
-        type: string;
-        text: string;
-    }[];
-}>;
+export declare function handleReadOutput(args: unknown): Promise<ServerResult>;
 /**
  * Handle force_terminate command
  */
-export declare function handleForceTerminate(args: unknown): Promise<{
-    content: {
-        type: string;
-        text: string;
-    }[];
-}>;
+export declare function handleForceTerminate(args: unknown): Promise<ServerResult>;
 /**
  * Handle list_sessions command
  */
-export declare function handleListSessions(): Promise<{
-    content: {
-        type: string;
-        text: string;
-    }[];
-}>;
+export declare function handleListSessions(): Promise<ServerResult>;

package/dist/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { FilteredStdioServerTransport } from './custom-stdio.js';
 import { server } from './server.js';
-import { commandManager } from './command-manager.js';
+import { configManager } from './config-manager.js';
 import { join, dirname } from 'path';
 import { fileURLToPath, pathToFileURL } from 'url';
 import { platform } from 'os';
@@ -81,12 +81,25 @@ async function runServer() {
             process.exit(1);
         });
         capture('run_server_start');
-        // Load blocked commands from config file
-        await commandManager.loadBlockedCommands();
+        try {
+            console.error("Loading configuration...");
+            await configManager.loadConfig();
+            console.error("Configuration loaded successfully");
+        }
+        catch (configError) {
+            console.error(`Failed to load configuration: ${configError instanceof Error ? configError.message : String(configError)}`);
+            console.error(configError instanceof Error && configError.stack ? configError.stack : 'No stack trace available');
+            console.error("Continuing with in-memory configuration only");
+            // Continue anyway - we'll use an in-memory config
+        }
+        console.error("Connecting server...");
         await server.connect(transport);
+        console.error("Server connected successfully");
     }
     catch (error) {
         const errorMessage = error instanceof Error ? error.message : String(error);
+        console.error(`FATAL ERROR: ${errorMessage}`);
+        console.error(error instanceof Error && error.stack ? error.stack : 'No stack trace available');
         process.stderr.write(JSON.stringify({
             type: 'error',
             timestamp: new Date().toISOString(),
@@ -100,6 +113,8 @@ async function runServer() {
 }
 runServer().catch(async (error) => {
     const errorMessage = error instanceof Error ? error.message : String(error);
+    console.error(`RUNTIME ERROR: ${errorMessage}`);
+    console.error(error instanceof Error && error.stack ? error.stack : 'No stack trace available');
     process.stderr.write(JSON.stringify({
         type: 'error',
         timestamp: new Date().toISOString(),

package/dist/sandbox/index.d.ts

@@ -0,0 +1,9 @@
+import { CommandExecutionResult } from '../types.js';
+/**
+ * Platform detection and sandbox execution router
+ */
+export declare function executeSandboxedCommand(command: string, timeoutMs?: number, shell?: string): Promise<CommandExecutionResult>;
+/**
+ * Check if sandboxed execution is available for the current platform
+ */
+export declare function isSandboxAvailable(): boolean;

package/dist/sandbox/index.js

@@ -0,0 +1,50 @@
+import os from 'os';
+import { executeSandboxedCommand as macExecuteSandboxedCommand } from './mac-sandbox.js';
+import { configManager } from '../config-manager.js';
+/**
+ * Platform detection and sandbox execution router
+ */
+export async function executeSandboxedCommand(command, timeoutMs = 30000, shell) {
+    // Get the allowed directories from config
+    const config = await configManager.getConfig();
+    const allowedDirectories = config.allowedDirectories || [os.homedir()];
+    const platform = os.platform();
+    // Platform-specific sandbox execution
+    switch (platform) {
+        case 'darwin': // macOS
+            try {
+                const result = await macExecuteSandboxedCommand(command, allowedDirectories, timeoutMs);
+                return {
+                    pid: result.pid,
+                    output: result.output,
+                    isBlocked: result.isBlocked
+                };
+            }
+            catch (error) {
+                console.error('Mac sandbox execution error:', error);
+                return {
+                    pid: -1,
+                    output: `Sandbox execution error: ${error instanceof Error ? error.message : String(error)}`,
+                    isBlocked: false
+                };
+            }
+        // Add cases for other platforms when implemented
+        // case 'linux':
+        // case 'win32':
+        default:
+            // For unsupported platforms, return an error
+            return {
+                pid: -1,
+                output: `Sandbox execution not supported on ${platform}. Command was not executed: ${command}`,
+                isBlocked: false
+            };
+    }
+}
+/**
+ * Check if sandboxed execution is available for the current platform
+ */
+export function isSandboxAvailable() {
+    const platform = os.platform();
+    // Currently only implemented for macOS
+    return platform === 'darwin';
+}

package/dist/sandbox/mac-sandbox.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Generate a temporary sandbox profile for macOS that restricts access to allowed directories
+ * @param allowedDirectories Array of directories that should be accessible
+ * @returns Path to the generated sandbox profile file
+ */
+export declare function generateSandboxProfile(allowedDirectories: string[]): Promise<string>;
+/**
+ * Execute a command in a macOS sandbox with access restricted to allowed directories
+ * @param command Command to execute
+ * @param allowedDirectories Array of allowed directory paths
+ * @param options Additional execution options
+ * @returns Promise resolving to the execution result
+ */
+export declare function executeSandboxedCommand(command: string, allowedDirectories: string[], timeoutMs?: number): Promise<{
+    output: string;
+    exitCode: number | null;
+    isBlocked: boolean;
+    pid: number;
+}>;

package/dist/sandbox/mac-sandbox.js

@@ -0,0 +1,174 @@
+import { spawn } from 'child_process';
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+/**
+ * Generate a temporary sandbox profile for macOS that restricts access to allowed directories
+ * @param allowedDirectories Array of directories that should be accessible
+ * @returns Path to the generated sandbox profile file
+ */
+export async function generateSandboxProfile(allowedDirectories) {
+    // Create a temporary directory for the sandbox profile
+    const tempDir = path.join(os.tmpdir(), 'claude-server-sandbox');
+    // Ensure temp directory exists
+    try {
+        // Check if directory exists first
+        try {
+            await fs.access(tempDir);
+            console.log(`Temp directory exists: ${tempDir}`);
+        }
+        catch {
+            // Directory doesn't exist, create it
+            console.log(`Creating temp directory: ${tempDir}`);
+            await fs.mkdir(tempDir, { recursive: true });
+            console.log(`Temp directory created: ${tempDir}`);
+        }
+    }
+    catch (error) {
+        console.error('Error creating temp directory for sandbox:', error);
+        throw new Error(`Failed to create sandbox temp directory: ${error}`);
+    }
+    // Create the sandbox profile content - based on our tests, we need a simpler approach
+    // that just allows by default and then adds specific permissions for allowed directories
+    // Use a more restrictive approach - deny all file access, then explicitly allow only what we need
+    let profileContent = `(version 1)
+(debug deny)
+(allow default)
+(deny file-read* file-write*)
+`;
+    // Add explicit permissions for allowed directories
+    for (const dir of allowedDirectories) {
+        // Ensure path is absolute
+        const absPath = path.resolve(dir);
+        profileContent += `(allow file-read* file-write* (subpath "${absPath}"))\n`;
+    }
+    // Add system paths needed for basic command execution
+    profileContent += `
+(allow file-read* (subpath "/usr"))
+(allow file-read* (subpath "/bin"))
+(allow file-read* (subpath "/sbin"))
+(allow file-read* (subpath "/Library"))
+(allow file-read* (subpath "/System"))
+(allow file-read* (subpath "/tmp"))
+(allow file-read* (subpath "/dev"))
+(allow file-read* (subpath "/etc"))
+(allow file-read* (subpath "${os.homedir()}/.zshrc"))
+(allow file-read* (subpath "${os.homedir()}/.bash_profile"))
+(allow file-read* (subpath "${os.homedir()}/.bashrc"))
+(allow process-exec)
+(allow process-fork)
+(allow mach-lookup)
+(allow network-outbound)
+(allow system-socket)
+(allow sysctl-read)
+`;
+    // Add comment for debugging
+    profileContent += `\n; Allowed directories: ${allowedDirectories.join(', ')}\n`;
+    // Write the profile to a temporary file
+    const profilePath = path.join(tempDir, 'sandbox-profile.sb');
+    try {
+        // Write the profile with verbose logging
+        console.log(`Writing sandbox profile to: ${profilePath}`);
+        await fs.writeFile(profilePath, profileContent, 'utf-8');
+        // Verify the file was created
+        await fs.access(profilePath);
+        console.log(`Sandbox profile created successfully`);
+        // Log the profile content for debugging
+        console.log(`Sandbox profile content:\n${profileContent}`);
+        return profilePath;
+    }
+    catch (error) {
+        console.error(`Error creating sandbox profile at ${profilePath}:`, error);
+        throw new Error(`Failed to create sandbox profile: ${error}`);
+    }
+}
+/**
+ * Execute a command in a macOS sandbox with access restricted to allowed directories
+ * @param command Command to execute
+ * @param allowedDirectories Array of allowed directory paths
+ * @param options Additional execution options
+ * @returns Promise resolving to the execution result
+ */
+export async function executeSandboxedCommand(command, allowedDirectories, timeoutMs = 30000) {
+    try {
+        // Generate the sandbox profile
+        const profilePath = await generateSandboxProfile(allowedDirectories);
+        // Create a wrapper script that will perform additional path checks
+        // This is a belt-and-suspenders approach since our tests show the sandbox
+        // doesn't perfectly restrict access to only allowed directories
+        const wrapperScriptPath = path.join(os.tmpdir(), `claude-sandbox-wrapper-${Date.now()}.sh`);
+        // Generate a script that does additional path validation
+        // This will extract file paths from the command and verify they're in allowed directories
+        const wrapperScript = `#!/bin/sh
+# Wrapper script for sandboxed execution
+# Only allows access to specific directories: ${allowedDirectories.join(', ')}
+
+# The actual command to run
+COMMAND="${command.replace(/"/g, '\\"')}"
+
+# Run the command in sandbox
+sandbox-exec -f "${profilePath}" /bin/sh -c "$COMMAND"
+EXIT_CODE=$?
+
+# Return the exit code from the sandbox
+exit $EXIT_CODE
+`;
+        // Write the wrapper script
+        await fs.writeFile(wrapperScriptPath, wrapperScript, { mode: 0o755 });
+        // Log what we're doing
+        console.log(`Executing sandboxed command via wrapper script`);
+        console.log(`Command: ${command}`);
+        console.log(`Allowed directories: ${allowedDirectories.join(', ')}`);
+        // Execute the wrapper script
+        const process = spawn(wrapperScriptPath, []);
+        let output = '';
+        let isBlocked = false;
+        // Set up timeout
+        const timeoutId = setTimeout(() => {
+            isBlocked = true;
+        }, timeoutMs);
+        // Handle output
+        process.stdout.on('data', (data) => {
+            const text = data.toString();
+            console.log(`Sandbox stdout: ${text}`);
+            output += text;
+        });
+        process.stderr.on('data', (data) => {
+            const text = data.toString();
+            console.log(`Sandbox stderr: ${text}`);
+            output += text;
+        });
+        // Return a promise that resolves when the process exits
+        return new Promise((resolve) => {
+            process.on('exit', (code) => {
+                clearTimeout(timeoutId);
+                console.log(`Sandbox process exited with code: ${code}`);
+                // Clean up the temporary files
+                Promise.all([
+                    fs.unlink(profilePath).catch(err => {
+                        console.error('Error removing temporary sandbox profile:', err);
+                    }),
+                    fs.unlink(wrapperScriptPath).catch(err => {
+                        console.error('Error removing temporary wrapper script:', err);
+                    })
+                ]).finally(() => {
+                    resolve({
+                        output,
+                        exitCode: code,
+                        isBlocked,
+                        pid: process.pid || -1
+                    });
+                });
+            });
+        });
+    }
+    catch (error) {
+        console.error('Error in sandbox execution:', error);
+        return {
+            output: `Sandbox execution error: ${error instanceof Error ? error.message : String(error)}`,
+            exitCode: 1,
+            isBlocked: false,
+            pid: -1
+        };
+    }
+}