autosnippet 3.1.3 → 3.1.4

package/lib/external/mcp/handlers/bootstrap/pipeline/checkpoint.js

@@ -9,6 +9,7 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import Logger from '../../../../../infrastructure/logging/Logger.js';
+import pathGuard from '../../../../../shared/PathGuard.js';
 
 const logger = Logger.getInstance();
 
@@ -79,8 +80,12 @@ export async function loadCheckpoints(projectRoot) {
 export async function clearCheckpoints(projectRoot) {
   try {
     const checkpointDir = path.join(projectRoot, '.autosnippet', 'bootstrap-checkpoint');
+    pathGuard.assertSafe(checkpointDir);
     await fs.rm(checkpointDir, { recursive: true, force: true });
-  } catch {
-    /* ignore */
+  } catch (err) {
+    if (err?.name === 'PathGuardError') {
+      throw err;
+    }
+    /* ignore other errors */
   }
 }

package/lib/service/knowledge/KnowledgeFileWriter.js

@@ -309,6 +309,7 @@ export class KnowledgeFileWriter {
     if (entry.sourceFile) {
       const fullPath = path.join(this.projectRoot, entry.sourceFile);
       if (fs.existsSync(fullPath)) {
+        pathGuard.assertSafe(fullPath);
         fs.unlinkSync(fullPath);
         this.logger.info('Knowledge entry file removed', {
           entryId: entry.id,
@@ -328,6 +329,7 @@ export class KnowledgeFileWriter {
     for (const dir of searchDirs) {
       const fp = path.join(dir, filename);
       if (fs.existsSync(fp)) {
+        pathGuard.assertSafe(fp);
         fs.unlinkSync(fp);
         this.logger.info('Knowledge entry file removed', { entryId: entry.id, path: fp });
         return true;
@@ -358,6 +360,7 @@ export class KnowledgeFileWriter {
 
     // 删除旧文件
     if (oldPath && fs.existsSync(oldPath)) {
+      pathGuard.assertSafe(oldPath);
       fs.unlinkSync(oldPath);
       this.logger.info('Removed old knowledge entry file on lifecycle change', {
         entryId: entry.id,
@@ -392,6 +395,7 @@ export class KnowledgeFileWriter {
     }
     const oldPath = path.join(this.projectRoot, entry.sourceFile);
     if (oldPath !== newPath && fs.existsSync(oldPath)) {
+      pathGuard.assertSafe(oldPath);
       fs.unlinkSync(oldPath);
       this.logger.info('Cleaned up old knowledge entry file', {
         entryId: entry.id,
@@ -675,6 +679,7 @@ function _walkAndRemoveById(dir, id) {
     } else if (entry.name.endsWith('.md') && !entry.name.startsWith('_')) {
       const head = fs.readFileSync(full, 'utf8').slice(0, 500);
       if (head.includes(`id: ${id}`)) {
+        pathGuard.assertSafe(full);
         fs.unlinkSync(full);
         return true;
       }

package/lib/service/wiki/WikiUtils.js

@@ -332,6 +332,10 @@ export function dedup(files, wikiDir, emit) {
       // 完全相同 hash → 移除后来的
       if (existing.hash === file.hash) {
         const fullPath = path.join(wikiDir, file.path);
+        if (!fullPath.startsWith(path.resolve(wikiDir) + path.sep)) {
+          logger.warn(`[WikiGenerator] Dedup: path escape blocked — ${file.path}`);
+          continue;
+        }
         try {
           fs.unlinkSync(fullPath);
         } catch {
@@ -361,6 +365,10 @@ export function dedup(files, wikiDir, emit) {
       if (isCurrentSynced && !isFirstSynced) {
         // 当前是 synced，first 是 codegen → 删除 synced
         const fullPath = path.join(wikiDir, file.path);
+        if (!fullPath.startsWith(path.resolve(wikiDir) + path.sep)) {
+          logger.warn(`[WikiGenerator] Dedup: path escape blocked — ${file.path}`);
+          continue;
+        }
         try {
           fs.unlinkSync(fullPath);
         } catch {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "autosnippet",
-  "version": "3.1.3",
+  "version": "3.1.4",
   "description": "Extract code patterns into a knowledge base for AI coding assistants",
   "type": "module",
   "main": "lib/bootstrap.js",