cc-viewer 1.6.256 → 1.6.259

package/dist/index.html

@@ -19,7 +19,7 @@
       if (pick) document.documentElement.setAttribute('data-theme', pick);
     } catch {}
   </script>
-  <script type="module" crossorigin src="/assets/index-aBYCRImE.js"></script>
+  <script type="module" crossorigin src="/assets/index-BGEXf37A.js"></script>
   <link rel="modulepreload" crossorigin href="/assets/vendor-antd-BeN8xqGk.js">
   <link rel="modulepreload" crossorigin href="/assets/vendor-codemirror-2nbmPewy.js">
   <link rel="modulepreload" crossorigin href="/assets/vendor-mdxeditor-C7DYEBoH.js">

package/findcc.js

@@ -117,20 +117,23 @@ export function resolveCliPath() {
  * 返回 node_modules 中的 claude cli.js 路径
  */
 export function resolveNpmClaudePath() {
-  // 1. 尝试 which/command -v 找到 npm 安装的 claude
-  for (const cmd of [`which ${BINARY_NAME}`, `command -v ${BINARY_NAME}`]) {
+  // 1. 尝试 which/command -v 找到 npm 安装的 claude（Windows 上用 `where`，否则 POSIX 二选一）
+  const lookupCmds = process.platform === 'win32'
+    ? [`where ${BINARY_NAME}`]
+    : [`which ${BINARY_NAME}`, `command -v ${BINARY_NAME}`];
+  for (const cmd of lookupCmds) {
     try {
-      const result = execSync(cmd, { encoding: 'utf-8', shell: true, env: process.env }).trim();
-      // 排除 shell function 的输出（多行说明不是路径）
-      if (result && !result.includes('\n') && existsSync(result)) {
+      // Windows `where` 输出可能多行 CRLF，取第一行 trim 即可
+      const rawOut = execSync(cmd, { encoding: 'utf-8', shell: true, env: process.env });
+      const result = rawOut.split(/\r?\n/)[0].trim();
+      if (result && existsSync(result)) {
         // 只接受 npm 安装的符号链接（解析后指向 node_modules）
         try {
           const real = realpathSync(result);
           if (real.includes('node_modules')) {
-            // 找到 npm 版本，返回 cli.js 的路径
-            // real 可能是 .../node_modules/@anthropic-ai/claude-code/bin/claude
-            // 我们需要返回 .../node_modules/@anthropic-ai/claude-code/cli.js
-            const match = real.match(/(.*node_modules\/@[^/]+\/[^/]+)\//);
+            // realpath 在 Win 上是 backslash，统一 normalize 成 '/' 再匹配
+            const normReal = real.replace(/\\/g, '/');
+            const match = normReal.match(/(.*node_modules\/@[^/]+\/[^/]+)\//);
             if (match) {
               const packageDir = match[1];
               const cliPath = join(packageDir, CLI_ENTRY);
@@ -172,12 +175,15 @@ export function resolveNativePath() {
   const platformBin = findPlatformBinary(globalRoot);
   if (platformBin) return platformBin;
 
-  // 2. 尝试 which/command -v（继承当前 process.env PATH）
-  for (const cmd of [`which ${BINARY_NAME}`, `command -v ${BINARY_NAME}`]) {
+  // 2. 尝试 which/command -v（继承当前 process.env PATH；Win 上用 `where`）
+  const lookupCmds = process.platform === 'win32'
+    ? [`where ${BINARY_NAME}`]
+    : [`which ${BINARY_NAME}`, `command -v ${BINARY_NAME}`];
+  for (const cmd of lookupCmds) {
     try {
-      const result = execSync(cmd, { encoding: 'utf-8', shell: true, env: process.env }).trim();
-      // 排除 shell function 的输出（多行说明不是路径）
-      if (result && !result.includes('\n') && existsSync(result)) {
+      const rawOut = execSync(cmd, { encoding: 'utf-8', shell: true, env: process.env });
+      const result = rawOut.split(/\r?\n/)[0].trim();
+      if (result && existsSync(result)) {
         // 只排除 .js 文件（老版本 npm 分发的 cli.js，需要 node 运行，
         // 由 resolveNpmClaudePath 处理）。Claude Code 2.x+ 的 npm 包内
         // 直接打包了原生二进制（bin/claude.exe），应当作 native 处理。

package/interceptor.js

@@ -7,7 +7,8 @@ const _ccvSkipArgs = ['--version', '-v', '--v', '--help', '-h', 'doctor', 'insta
 const _ccvSkip = _ccvSkipArgs.includes(process.argv[2]);
 
 import './lib/proxy-env.js';
-import { appendFileSync, mkdirSync, readFileSync, writeFileSync, statSync, renameSync, unlinkSync, existsSync, watchFile } from 'node:fs';
+import { appendFileSync, mkdirSync, readFileSync, writeFileSync, statSync, unlinkSync, existsSync, watchFile } from 'node:fs';
+import { renameSyncWithRetry } from './lib/file-api.js';
 import http from 'node:http';
 import https from 'node:https';
 import { homedir } from 'node:os';
@@ -221,7 +222,7 @@ function resolveResumeChoice(choice) {
       if (existsSync(tempFile)) {
         const sz = statSync(tempFile).size;
         if (sz > 0) {
-          renameSync(tempFile, newPath);
+          renameSyncWithRetry(tempFile, newPath);
         } else {
           try { unlinkSync(tempFile); } catch { }
         }
@@ -873,11 +874,13 @@ export function setupInterceptor() {
                     // 此处一次性 join — 流式累积期间唯一的物化点（错误路径除外）。
                     const fullContent = streamedChunks.join('');
                     try {
-                      const events = fullContent.split('\n\n')
+                      // HTTP SSE 规范是 \r\n\r\n 分块，POSIX 上常被 normalize 成 \n\n
+                      // 但 Windows 直接收到的就是 CRLF，硬切 '\n\n' 在 Win 上整块响应当一个事件解析失败。
+                      const events = fullContent.split(/\r?\n\r?\n/)
                         .filter(block => block.trim())
                         .map(block => {
                           // SSE 块可能包含多行: event: xxx\ndata: {...}
-                          const lines = block.split('\n');
+                          const lines = block.split(/\r?\n/);
                           const dataLine = lines.find(l => l.startsWith('data:'));
                           if (dataLine) {
                             // 处理 "data:" 或 "data: " 两种格式

package/lib/file-api.js

@@ -2,8 +2,8 @@
  * File API business logic — extracted from server.js
  * Provides path validation, file read/write with security checks.
  */
-import { resolve, join } from 'node:path';
-import { realpathSync, existsSync, statSync, readFileSync, writeFileSync } from 'node:fs';
+import { resolve, join, sep, isAbsolute } from 'node:path';
+import { realpathSync, existsSync, statSync, readFileSync, writeFileSync, renameSync } from 'node:fs';
 
 /**
  * Check whether targetPath is contained within the project root directory.
@@ -16,7 +16,7 @@ export function isPathContained(targetPath, root) {
   try {
     const resolvedRoot = realpathSync(resolve(root || process.env.CCV_PROJECT_DIR || process.cwd()));
     const real = realpathSync(resolve(targetPath));
-    return real === resolvedRoot || real.startsWith(resolvedRoot + '/');
+    return real === resolvedRoot || real.startsWith(resolvedRoot + sep);
   } catch { return false; }
 }
 
@@ -40,14 +40,14 @@ export function resolveFilePath(cwd, reqPath, isEditorSession) {
   if (!reqPath) {
     throw new FileApiError('INVALID_PATH', 'Invalid path');
   }
-  if (!isEditorSession && (reqPath.startsWith('/') || reqPath.includes('..'))) {
-    const resolved = resolve(reqPath.startsWith('/') ? reqPath : join(cwd, reqPath));
+  if (!isEditorSession && (isAbsolute(reqPath) || reqPath.includes('..'))) {
+    const resolved = resolve(isAbsolute(reqPath) ? reqPath : join(cwd, reqPath));
     if (!isPathContained(resolved, cwd)) {
       throw new FileApiError('INVALID_PATH', 'Invalid path');
     }
     return resolve(resolved);
   }
-  return resolve((isEditorSession && reqPath.startsWith('/')) ? reqPath : join(cwd, reqPath));
+  return resolve((isEditorSession && isAbsolute(reqPath)) ? reqPath : join(cwd, reqPath));
 }
 
 /**
@@ -64,7 +64,7 @@ export function readFileContent(cwd, reqPath, isEditorSession) {
 
   // For non-editor sessions with absolute / ".." paths that are within project dir,
   // return the relative path from project root
-  if (!isEditorSession && (reqPath.startsWith('/') || reqPath.includes('..'))) {
+  if (!isEditorSession && (isAbsolute(reqPath) || reqPath.includes('..'))) {
     const resolved = resolve(reqPath);
     if (isPathContained(resolved, cwd)) {
       const root = realpathSync(resolve(cwd));
@@ -75,7 +75,7 @@ export function readFileContent(cwd, reqPath, isEditorSession) {
     throw new FileApiError('INVALID_PATH', 'Invalid path');
   }
 
-  const targetFile = (isEditorSession && reqPath.startsWith('/')) ? reqPath : join(cwd, reqPath);
+  const targetFile = (isEditorSession && isAbsolute(reqPath)) ? reqPath : join(cwd, reqPath);
   return _readAndReturn(targetFile, reqPath);
 }
 
@@ -106,18 +106,45 @@ export function writeFileContent(cwd, reqPath, content, isEditorSession) {
   if (!reqPath) {
     throw new FileApiError('INVALID_PATH', 'Invalid path');
   }
-  if (!isEditorSession && (reqPath.startsWith('/') || reqPath.includes('..'))) {
+  if (!isEditorSession && (isAbsolute(reqPath) || reqPath.includes('..'))) {
     throw new FileApiError('INVALID_PATH', 'Invalid path');
   }
   if (typeof content !== 'string') {
     throw new FileApiError('INVALID_CONTENT', 'Content must be a string');
   }
-  const targetFile = (isEditorSession && reqPath.startsWith('/')) ? reqPath : join(cwd, reqPath);
+  const targetFile = (isEditorSession && isAbsolute(reqPath)) ? reqPath : join(cwd, reqPath);
   writeFileSync(targetFile, content, 'utf-8');
   const stat = statSync(targetFile);
   return { path: reqPath, size: stat.size };
 }
 
+/**
+ * renameSync 带 retry —— Windows 上目标文件被 reader（chokidar / watchFile / 编辑器预览）
+ * 持有时会抛 EACCES/EPERM/EBUSY。POSIX 不会，但 helper 上行为相同。
+ * 只 retry 这 3 个 code，其它错误（ENOENT / EISDIR / EXDEV）直接抛——retry 无意义。
+ *
+ * @param {string} src
+ * @param {string} dst
+ * @param {{retries?: number, delayMs?: number}} [opts]
+ */
+export function renameSyncWithRetry(src, dst, opts = {}) {
+  const retries = opts.retries ?? 3;
+  const delayMs = opts.delayMs ?? 20;
+  const RETRYABLE = new Set(['EACCES', 'EPERM', 'EBUSY']);
+  let lastErr;
+  for (let i = 0; i < retries; i++) {
+    try {
+      renameSync(src, dst);
+      return;
+    } catch (err) {
+      lastErr = err;
+      if (i === retries - 1 || !RETRYABLE.has(err.code)) throw err;
+      Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, delayMs);
+    }
+  }
+  throw lastErr;
+}
+
 /** Map FileApiError codes to HTTP status codes */
 export const ERROR_STATUS_MAP = {
   INVALID_PATH: 400,
@@ -144,6 +171,8 @@ export function validateImportDir(dir) {
   if (dir.startsWith('/') || dir.startsWith('\\') || dir.includes('\0')) {
     return { ok: false, error: 'Invalid dir parameter' };
   }
+  // 故意按 '/' 切段：本函数契约要求 POSIX-style 相对路径，所以段内 '\\' 必须被下文 includes 检测拒掉
+  // （否则 `src/foo\bar` 在 Win 上会被 join 解释成 `src/foo\bar` 双重含义）。
   const segs = dir.split('/');
   const bad = segs.find(s => s === '' || s === '.' || s === '..' || s.includes('\\'));
   if (bad !== undefined) return { ok: false, error: 'Invalid dir parameter' };

package/lib/git-diff.js

@@ -126,7 +126,8 @@ export async function getUnpushedCommits(cwd, { maxCommits = 100 } = {}) {
   const commits = [];
   const blocks = stdout.split(COMMIT_SEP).filter(Boolean);
   for (const block of blocks) {
-    const lines = block.split('\n');
+    // git on Windows 在 piped 模式输出 CRLF；split('\n') 会让 fp 末尾带 \r，前端文件名乱码。
+    const lines = block.split(/\r?\n/);
     const header = lines[0] || '';
     const parts = header.split(FIELD_SEP);
     if (parts.length < 4) continue;

package/lib/interceptor-core.js

@@ -1,4 +1,5 @@
-import { appendFileSync, existsSync, readdirSync, readFileSync, renameSync, statSync, unlinkSync, writeFileSync } from 'node:fs';
+import { appendFileSync, existsSync, readdirSync, readFileSync, statSync, unlinkSync, writeFileSync } from 'node:fs';
+import { renameSyncWithRetry } from './file-api.js';
 import { join } from 'node:path';
 
 const SUBAGENT_SYSTEM_RE = /(?:command execution|file search|planning) specialist|general-purpose agent/i;
@@ -273,7 +274,7 @@ export function cleanupTempFiles(dir, projectName) {
           // 只有非空 temp 文件才 rename，空文件直接删除
           const sz = statSync(tempPath).size;
           if (sz > 0) {
-            renameSync(tempPath, newPath);
+            renameSyncWithRetry(tempPath, newPath);
           } else {
             unlinkSync(tempPath);
           }

package/lib/log-management.js

@@ -1,4 +1,5 @@
-import { readFileSync, writeFileSync, existsSync, statSync, readdirSync, unlinkSync, realpathSync, renameSync, appendFileSync } from 'node:fs';
+import { readFileSync, writeFileSync, existsSync, statSync, readdirSync, unlinkSync, realpathSync, appendFileSync } from 'node:fs';
+import { renameSyncWithRetry } from './file-api.js';
 import { join } from 'node:path';
 import { reconstructEntries } from './delta-reconstructor.js';
 import { streamReconstructedEntries } from './log-stream.js';
@@ -138,7 +139,8 @@ export function mergeLogFiles(logDir, files) {
     throw err;
   }
   // 校验所有文件属于同一 project
-  const projects = new Set(files.map(f => f.split('/')[0]));
+  // 兼容 Win backslash：files 内部可能是 `project\log.json`，按两种 sep 都切才能拿 project 段。
+  const projects = new Set(files.map(f => f.split(/[\\/]/)[0]));
   if (projects.size !== 1) {
     const err = new Error('All files must belong to the same project');
     err.code = 'INVALID_INPUT';
@@ -188,8 +190,8 @@ export function mergeLogFiles(logDir, files) {
       appendFileSync(tmpPath, chunk);
     });
   }
-  // 临时文件写入成功后原子覆盖目标（POSIX renameSync 自动替换）
-  renameSync(tmpPath, targetPath);
+  // 临时文件写入成功后原子覆盖目标（POSIX renameSync 自动替换；Windows reader 持锁时 retry）
+  renameSyncWithRetry(tmpPath, targetPath);
   // 删除其余文件
   for (let i = 1; i < files.length; i++) {
     unlinkSync(join(logDir, files[i]));

package/lib/log-watcher.js

@@ -20,7 +20,9 @@ export function readLogFile(logFile) {
 
   try {
     const content = readFileSync(logFile, 'utf-8');
-    const entries = content.split('\n---\n').filter(line => line.trim());
+    // Windows 上若 writer 使用 os.EOL，分隔符会变 \r\n---\r\n。固定 LF 切会失败 → 整文件
+    // 解析成一条乱码或漏。CRLF-tolerant split 把两边都 cover 住。
+    const entries = content.split(/\r?\n---\r?\n/).filter(line => line.trim());
     const parsed = entries.map(entry => {
       try {
         return JSON.parse(entry);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-viewer",
-  "version": "1.6.256",
+  "version": "1.6.259",
   "description": "Claude Code Logger visualization management tool",
   "license": "MIT",
   "main": "server.js",

package/server.js

@@ -2,10 +2,10 @@ import { createServer } from 'node:http';
 import { createServer as createHttpsServer } from 'node:https';
 import { createConnection } from 'node:net';
 import { randomBytes } from 'node:crypto';
-import { readFileSync, writeFileSync, existsSync, watchFile, unwatchFile, statSync, readdirSync, renameSync, unlinkSync, rmSync, openSync, readSync, closeSync, realpathSync, mkdirSync, createReadStream, cpSync, copyFileSync } from 'node:fs';
+import { readFileSync, writeFileSync, existsSync, watchFile, unwatchFile, statSync, lstatSync, readdirSync, renameSync, unlinkSync, rmSync, openSync, readSync, closeSync, realpathSync, mkdirSync, createReadStream, cpSync, copyFileSync } from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import { dirname, join, extname, resolve, basename, sep } from 'node:path';
-import { homedir, platform, networkInterfaces } from 'node:os';
+import { homedir, platform, networkInterfaces, tmpdir } from 'node:os';
 import { execFile, exec, spawn } from 'node:child_process';
 import { promisify } from 'node:util';
 import { Worker } from 'node:worker_threads';
@@ -131,6 +131,16 @@ const ASK_HOOK_MAP_MAX = 50;
 const pendingPermHooks = new Map(); // Map<id, { toolName, input, res, timer, createdAt }>
 const PERM_HOOK_MAP_MAX = 50;
 
+// Windows 保留设备名（CON/PRN/AUX/NUL/COM1-9/LPT1-9）模块级常量——multipart 3 处 upload
+// handler 都用此校验，避免内联 regex 复制粘贴漂移。
+const WINDOWS_RESERVED_NAMES = /^(con|prn|aux|nul|com[1-9]|lpt[1-9])$/;
+
+// Per-file mutex for /api/git-restore —— 防多 tab 并发 revert 同文件造成 git status + checkout
+// 子命令序列被插队导致不可预测的工作树状态。Promise chain 串行化同 key 请求；finally 路径
+// 主清理，setTimeout 兜底防 finally 异常吞 entry 累积内存。
+const gitRestoreLocks = new Map(); // Map<absLockKey, Promise<void>>
+const GIT_RESTORE_LOCK_CLEANUP_MS = 30000;
+
 // Notify the parent process (Electron main, when forked under tab-worker) about pending state changes.
 // No-op outside Electron (process.send is undefined when run as a standalone Node server).
 // Only ask-hook-* / sdk-ask-* are translated. Permission and SDK plan stay inline-only and do not
@@ -413,12 +423,21 @@ async function handleRequest(req, res) {
         // Windows 非法字符 <>:"|?* 在 Unix 合法（ISO 时间戳 10:30:45.log、name:v1.txt 等常见），
         // 不做跨平台代理过滤，让 writeFileSync 在 Windows 上自行抛错即可。
         const originalName = nameMatch[1].replace(/[\x00-\x1f/\\]/g, '_');
+        // Windows 保留设备名守卫（/api/upload-image）——见 WINDOWS_RESERVED_NAMES 注释。
+        {
+          const base = originalName.split('.')[0].trim().toLowerCase();
+          if (WINDOWS_RESERVED_NAMES.test(base)) {
+            throw new Error('Reserved filename not allowed');
+          }
+        }
         const bodyStart = headerEnd + 4;
         // Find the closing boundary
         const closingBoundary = Buffer.from('\r\n--' + boundary);
         const bodyEnd = buf.indexOf(closingBoundary, bodyStart);
         const fileData = bodyEnd !== -1 ? buf.slice(bodyStart, bodyEnd) : buf.slice(bodyStart);
-        const uploadDir = '/tmp/cc-viewer-uploads';
+        // Windows 没有 /tmp，走 os.tmpdir() (%TEMP%)；POSIX 保留 /tmp/cc-viewer-uploads/
+        // 以兼容 1.6.245 PR #81 的 macOS allowlist 修复（/private/tmp 双 realpath）。
+        const uploadDir = process.platform === 'win32' ? join(tmpdir(), 'cc-viewer-uploads') : '/tmp/cc-viewer-uploads';
         mkdirSync(uploadDir, { recursive: true });
         bumpWorkspacesVersion();
         // Unique filename: prepend timestamp to avoid silent overwrite
@@ -497,7 +516,7 @@ async function handleRequest(req, res) {
         mkdirSync(targetDir, { recursive: true });
         const realDir = realpathSync(targetDir);
         const realCwd = realpathSync(cwd);
-        if (realDir !== realCwd && !realDir.startsWith(realCwd + '/')) {
+        if (realDir !== realCwd && !realDir.startsWith(realCwd + sep)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
           return;
@@ -510,6 +529,13 @@ async function handleRequest(req, res) {
         if (!nameMatch) throw new Error('No filename');
         // sanitize 与 /api/upload 一致：只过真正有害的字符，保留 Unix 合法 : " < > | ? * 等
         const originalName = nameMatch[1].replace(/[\x00-\x1f/\\]/g, '_');
+        // Windows 保留设备名守卫（见 WINDOWS_RESERVED_NAMES 注释）。
+        {
+          const base = originalName.split('.')[0].trim().toLowerCase();
+          if (WINDOWS_RESERVED_NAMES.test(base)) {
+            throw new Error('Reserved filename not allowed');
+          }
+        }
         const bodyStart = headerEnd + 4;
         const closingBoundary = Buffer.from('\r\n--' + boundary);
         const bodyEnd = buf.indexOf(closingBoundary, bodyStart);
@@ -1517,6 +1543,13 @@ async function handleRequest(req, res) {
           .normalize('NFKC')
           .replace(/[\x00-\x1f/\\]/g, '_')
           .replace(/[​-‏‪-‮⁠]/g, '');
+        // Windows 保留设备名守卫（见 WINDOWS_RESERVED_NAMES 注释）。
+        {
+          const base = originalName.split('.')[0].trim().toLowerCase();
+          if (WINDOWS_RESERVED_NAMES.test(base)) {
+            throw Object.assign(new Error('Reserved filename not allowed'), { status: 400 });
+          }
+        }
         const lower = originalName.toLowerCase();
         const isZip = lower.endsWith('.zip');
         const isMd = lower.endsWith('.md');
@@ -1765,7 +1798,7 @@ async function handleRequest(req, res) {
         if (statSync(oldFullPath).isDirectory()) {
           const srcResolved = resolve(oldFullPath);
           const destResolved = resolve(toDirFull);
-          if (destResolved === srcResolved || destResolved.startsWith(srcResolved + '/')) {
+          if (destResolved === srcResolved || destResolved.startsWith(srcResolved + sep)) {
             res.writeHead(400, { 'Content-Type': 'application/json' });
             res.end(JSON.stringify({ error: 'Cannot move directory into itself' }));
             return;
@@ -1783,9 +1816,18 @@ async function handleRequest(req, res) {
           renameSync(oldFullPath, newFullPath);
         } catch (mvErr) {
           if (mvErr.code === 'EXDEV') {
-            // 跨文件系统：fallback to copy + delete
-            if (statSync(oldFullPath).isDirectory()) {
-              cpSync(oldFullPath, newFullPath, { recursive: true });
+            // 跨文件系统：fallback to copy + delete。先 lstat 拒 symlink ——避免攻击者 swap 让
+            // cpSync 跟随复制 + rmSync 跟随删除（同 /api/delete-file 的 TOCTOU）。
+            const oldStat = lstatSync(oldFullPath);
+            if (oldStat.isSymbolicLink()) {
+              res.writeHead(400, { 'Content-Type': 'application/json' });
+              res.end(JSON.stringify({ error: 'Cannot move symbolic links via this endpoint' }));
+              return;
+            }
+            if (oldStat.isDirectory()) {
+              // dereference: false 是 Node 默认，但显式写明意图——避免未来默认变更让递归 copy
+              // 跟随内嵌 symlink 复制到 newFullPath 形成 cwd 内"指向 cwd 外"的活链。
+              cpSync(oldFullPath, newFullPath, { recursive: true, dereference: false });
               rmSync(oldFullPath, { recursive: true, force: true });
             } else {
               copyFileSync(oldFullPath, newFullPath);
@@ -1799,7 +1841,8 @@ async function handleRequest(req, res) {
             throw mvErr;
           }
         }
-        const newRelPath = toDir.endsWith('/') ? toDir + name : toDir + '/' + name;
+        // 返回前端 JSON 统一 POSIX 风格，path.join 在 Win 上会产 backslash，需 normalize 回 '/'。
+        const newRelPath = join(toDir, name).replace(/\\/g, '/');
         res.writeHead(200, { 'Content-Type': 'application/json' });
         res.end(JSON.stringify({ ok: true, newPath: newRelPath }));
       } catch (err) {
@@ -1843,19 +1886,36 @@ async function handleRequest(req, res) {
         }
         const realFull = realpathSync(fullPath);
         const realCwd = realpathSync(cwd);
-        if (!realFull.startsWith(realCwd + '/')) {
+        if (!realFull.startsWith(realCwd + sep)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
           return;
         }
-        const stat = statSync(fullPath);
+        // 用 lstatSync 不跟随 symlink ——避免 TOCTOU 攻击者把目标换成软链让 rmSync(recursive)
+        // 在 POSIX 上跟着删 cwd 外的目录。一切 symlink 目标都拒绝。
+        const stat = lstatSync(fullPath);
+        if (stat.isSymbolicLink()) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'Cannot delete symbolic links via this endpoint' }));
+          return;
+        }
         if (stat.isDirectory()) {
+          // protectedDirs 守卫得对 Win backslash 路径 & NTFS case-insensitive 同时设防 ——
+          // 否则 `path: "node_modules\\foo"` 或 `".GIT"` 都能绕过 split('/') 直接删整目录。
           const protectedDirs = new Set(['node_modules', '.git', '.svn', '.hg']);
-          if (filePath.split('/').some(part => protectedDirs.has(part))) {
+          const normalizedSegs = filePath.split(/[\\/]/).map(s => s.toLowerCase());
+          if (normalizedSegs.some(part => protectedDirs.has(part))) {
             res.writeHead(400, { 'Content-Type': 'application/json' });
             res.end(JSON.stringify({ error: 'Cannot delete protected directory' }));
             return;
           }
+          // Defense-in-depth：lstat 跟 rmSync 间窗内攻击者再次 swap → 再 realpath 确认。
+          const realFull2 = realpathSync(fullPath);
+          if (!realFull2.startsWith(realCwd + sep)) {
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Path escaped cwd after validation' }));
+            return;
+          }
           rmSync(fullPath, { recursive: true, force: true });
         } else if (stat.isFile()) {
           unlinkSync(fullPath);
@@ -1906,7 +1966,7 @@ async function handleRequest(req, res) {
         }
         const realFull = realpathSync(fullPath);
         const realCwd = realpathSync(cwd);
-        if (!realFull.startsWith(realCwd + '/')) {
+        if (!realFull.startsWith(realCwd + sep)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
           return;
@@ -1915,7 +1975,8 @@ async function handleRequest(req, res) {
         if (plat === 'darwin') {
           execFile('open', ['-R', fullPath], () => {});
         } else if (plat === 'win32') {
-          spawn('explorer', ['/select,', fullPath], { shell: false });
+          // explorer /select,<path> 必须合到一个 arg；分两个会让含空格/中文路径 escape 失败。
+          spawn('explorer.exe', [`/select,${fullPath}`], { shell: false, windowsHide: true });
         } else {
           execFile('xdg-open', [dirname(fullPath)], () => {});
         }
@@ -1961,7 +2022,7 @@ async function handleRequest(req, res) {
         }
         const realFull = realpathSync(fullPath);
         const realCwd = realpathSync(cwd);
-        if (!realFull.startsWith(realCwd + '/')) {
+        if (!realFull.startsWith(realCwd + sep)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
           return;
@@ -2052,7 +2113,7 @@ async function handleRequest(req, res) {
         }
         const realDir = realpathSync(fullDirPath);
         const realCwd = realpathSync(cwd);
-        if (realDir !== realCwd && !realDir.startsWith(realCwd + '/')) {
+        if (realDir !== realCwd && !realDir.startsWith(realCwd + sep)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
           return;
@@ -2102,7 +2163,7 @@ async function handleRequest(req, res) {
         }
         const realDir = realpathSync(fullDir);
         const realCwd = realpathSync(cwd);
-        if (realDir !== realCwd && !realDir.startsWith(realCwd + '/')) {
+        if (realDir !== realCwd && !realDir.startsWith(realCwd + sep)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
           return;
@@ -2111,7 +2172,7 @@ async function handleRequest(req, res) {
         if (plat === 'darwin') {
           spawn('open', ['-a', 'Terminal', fullDir], { stdio: 'ignore', detached: true }).unref();
         } else if (plat === 'win32') {
-          spawn('cmd.exe', ['/c', 'start', 'cmd.exe'], { cwd: fullDir, stdio: 'ignore', detached: true }).unref();
+          spawn('cmd.exe', ['/c', 'start', 'cmd.exe'], { cwd: fullDir, stdio: 'ignore', detached: true, windowsHide: true }).unref();
         } else {
           // Linux: try common terminal emulators
           const terminals = ['gnome-terminal', 'konsole', 'xfce4-terminal', 'xterm'];
@@ -2181,7 +2242,7 @@ async function handleRequest(req, res) {
         }
         const realDir = realpathSync(fullDirPath);
         const realCwd = realpathSync(cwd);
-        if (realDir !== realCwd && !realDir.startsWith(realCwd + '/')) {
+        if (realDir !== realCwd && !realDir.startsWith(realCwd + sep)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
           return;
@@ -2726,8 +2787,8 @@ async function handleRequest(req, res) {
       } catch {
         return respondJson(404, { error: 'File not found' });
       }
-      const sep = realDir.endsWith('/') ? realDir : realDir + '/';
-      if (realFile !== realDir && !realFile.startsWith(sep)) {
+      const realDirWithSep = realDir.endsWith(sep) ? realDir : realDir + sep;
+      if (realFile !== realDir && !realFile.startsWith(realDirWithSep)) {
         return respondJson(403, { error: 'Path traversal not allowed' });
       }
       const policy = isReadAllowed(realFile);
@@ -2835,7 +2896,7 @@ async function handleRequest(req, res) {
       if (!policy.ok && policy.reason === 'realpath-failed' && isAbs) {
         const pName = _projectName || 'default';
         const persistPrefix = join(getClaudeConfigDir(), 'cc-viewer', pName, 'images');
-        const fileName = absPath.split('/').pop();
+        const fileName = basename(absPath);
         if (fileName) {
           const persistFile = join(persistPrefix, fileName);
           const fallbackPolicy = isReadAllowed(persistFile);
@@ -3057,20 +3118,34 @@ async function handleRequest(req, res) {
         if (existsSync(fullPath)) {
           const realFull = realpathSync(fullPath);
           const realCwd = realpathSync(cwd);
-          if (!realFull.startsWith(realCwd + '/')) {
+          if (!realFull.startsWith(realCwd + sep)) {
             res.writeHead(400, { 'Content-Type': 'application/json' });
             res.end(JSON.stringify({ error: 'Path traversal not allowed' }));
             return;
           }
         }
-        // Check if file is untracked
-        const { stdout: statusOut } = await execFileAsync('git', ['status', '--porcelain', '--', filePath], { cwd, encoding: 'utf-8', timeout: 5000 });
-        const isUntracked = statusOut.trim().startsWith('??');
-        if (isUntracked) {
-          await execFileAsync('git', ['clean', '-fd', '--', filePath], { cwd, timeout: 10000 });
-        } else {
-          await execFileAsync('git', ['checkout', '--', filePath], { cwd, timeout: 10000 });
-        }
+        // Per-file mutex 序列化「git status + checkout/clean」子命令对。多 tab 并发同文件
+        // revert 时不再有 race 让两个 checkout 交错执行（最终状态不可预测）。
+        // resolve() 规整 `./foo.js` / `foo.js` / `.//foo.js` 为同一 lockKey，防形变绕过。
+        const lockKey = resolve(join(cwd, filePath));
+        const prev = gitRestoreLocks.get(lockKey) || Promise.resolve();
+        const current = prev.then(async () => {
+          const { stdout: statusOut } = await execFileAsync('git', ['status', '--porcelain', '--', filePath], { cwd, encoding: 'utf-8', timeout: 5000 });
+          const isUntracked = statusOut.trim().startsWith('??');
+          if (isUntracked) {
+            await execFileAsync('git', ['clean', '-fd', '--', filePath], { cwd, timeout: 10000 });
+          } else {
+            await execFileAsync('git', ['checkout', '--', filePath], { cwd, timeout: 10000 });
+          }
+        }).finally(() => {
+          if (gitRestoreLocks.get(lockKey) === current) gitRestoreLocks.delete(lockKey);
+        });
+        gitRestoreLocks.set(lockKey, current);
+        // setTimeout 兜底——防 finally 异常吞 entry 累积内存。
+        setTimeout(() => {
+          if (gitRestoreLocks.get(lockKey) === current) gitRestoreLocks.delete(lockKey);
+        }, GIT_RESTORE_LOCK_CLEANUP_MS).unref();
+        await current;
         res.writeHead(200, { 'Content-Type': 'application/json' });
         res.end(JSON.stringify({ ok: true }));
       } catch (err) {
@@ -3095,7 +3170,8 @@ async function handleRequest(req, res) {
       // maxBuffer 拉到 10MB——默认 1MB 在 node_modules 未 gitignore 之类的极端
       // 场景下会被截断，导致后续 split 解析错位。
       const { stdout: output } = await execFileAsync('git', ['status', '--porcelain', '-uall'], { cwd, encoding: 'utf-8', timeout: 5000, maxBuffer: 10 * 1024 * 1024 });
-      const lines = output.split('\n').filter(line => line.trim());
+      // Win 上 git stdout 是 CRLF；现状靠下文 .trim() 兜底，加正则更稳防未来 strict 比较破窗。
+      const lines = output.split(/\r?\n/).filter(line => line.trim());
       const changes = lines.map(line => {
         const status = line.substring(0, 2).trim();
         let file = line.substring(3).trim();
@@ -3344,7 +3420,7 @@ async function handleRequest(req, res) {
         res.end(JSON.stringify({ error: 'Access denied' }));
         return;
       }
-      const fileName = file.split('/').pop();
+      const fileName = basename(file);
       const format = parsedUrl.searchParams.get('format');
       // Delta storage: format=raw 下载原始文件；默认下载重建后的全量格式
       if (format === 'raw') {
@@ -4207,8 +4283,10 @@ async function setupTerminalWebSocket(httpServer) {
           } else if (msg.type === 'image-remove-notify' || msg.type === 'image-upload-notify') {
             // Security: only allow paths within upload directories, reject traversal
             const p = msg.path;
+            // Windows 走 tmpdir()/cc-viewer-uploads/，POSIX 仍是 /tmp/cc-viewer-uploads/（macOS realpath 解为 /private/tmp 两种前缀都放行）。
+            const winUploadPrefix = join(tmpdir(), 'cc-viewer-uploads') + sep;
             if (terminalWss && p && !p.includes('..') && (
-              p.startsWith('/tmp/cc-viewer-uploads/') || (p.includes('/cc-viewer/') && p.includes('/images/'))
+              p.startsWith('/tmp/cc-viewer-uploads/') || p.startsWith('/private/tmp/cc-viewer-uploads/') || p.startsWith(winUploadPrefix) || (p.includes('/cc-viewer/') && p.includes('/images/'))
             )) {
               const rmsg = msg.type === 'image-upload-notify'
                 ? JSON.stringify({ type: 'image-upload-notify', path: p, source: msg.source || 'unknown' })
@@ -4235,8 +4313,12 @@ async function setupTerminalWebSocket(httpServer) {
             if (_needRedrawBootstrap) {
               _needRedrawBootstrap = false;
               try {
-                const pid = getClaudePid();
-                if (pid && pid !== process.pid) process.kill(pid, 'SIGWINCH');
+                // Windows 无 SIGWINCH；ConPTY 在前面的 resizePty 调用里已经处理过 resize 通知，
+                // 这里仅是 POSIX 上的"等尺寸 noop 不发信号"兜底，Win 上跳过避免抛异常。
+                if (process.platform !== 'win32') {
+                  const pid = getClaudePid();
+                  if (pid && pid !== process.pid) process.kill(pid, 'SIGWINCH');
+                }
               } catch {}
             }
           }