npm - chatcc-agent - Versions diffs - 0.3.9 → 0.5.0 - Mend

chatcc-agent 0.3.9 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "chatcc-agent",
-  "version": "0.3.9",
+  "version": "0.5.0",
   "description": "CCLink Agent - bridges Claude Code CLI with instant messaging",
   "bin": {
     "chatcc": "src/cli.js"

package/src/claude-bridge.js CHANGED Viewed

@@ -105,10 +105,15 @@ class ClaudeBridge {
     }
   }
-  resolveToolApproval(toolUseID, approved) {
+  resolveToolApproval(toolUseID, approved, from) {
     // Control protocol (new flow — respond via stdin)
     const permReq = this._pendingPermissionRequests.get(toolUseID);
     if (permReq) {
+      // Only the client who owns this session may approve/deny
+      if (from && permReq.replyTo && permReq.replyTo !== from) {
+        console.warn(`[Security] tool_approval rejected: ${from} is not the session owner (${permReq.replyTo})`);
+        return false;
+      }
       this._pendingPermissionRequests.delete(toolUseID);
       const entry = this._activeProcesses.get(permReq.msgID);
       if (entry) {
@@ -130,6 +135,12 @@ class ClaudeBridge {
     const pending = this._pendingToolApprovals.get(toolUseID);
     if (!pending) return false;
+    // Only the client who owns this session may approve/deny
+    if (from && pending.replyTo && pending.replyTo !== from) {
+      console.warn(`[Security] tool_approval rejected (legacy): ${from} is not the session owner (${pending.replyTo})`);
+      return false;
+    }
     this._pendingToolApprovals.delete(toolUseID);
     if (!approved) {

package/src/config.js CHANGED Viewed

@@ -113,6 +113,12 @@ async function promptSetupCode() {
     const setupCode = input.slice(0, atIdx);
     const tcbEnv = input.slice(atIdx + 1);
+    // L3: validate cloud env id before building the trigger URL
+    if (!/^[a-z0-9-]+$/.test(tcbEnv)) {
+      console.log('  ✗ 无效格式，环境信息只能包含小写字母、数字和连字符');
+      continue;
+    }
     console.log('  验证中...');
     try {
       const result = await callCloudFunction('validateSetupCode', {

package/src/im-client.js CHANGED Viewed

@@ -1,6 +1,10 @@
 const WebSocket = require('ws');
 global.WebSocket = WebSocket;
+const path = require('path');
+const os = require('os');
+const { SeqStore } = require('./seq-store');
 const { CURRENT_PROTOCOL_VERSION, MIN_PROTOCOL_VERSION } = require('./constants');
 const PROTOCOL_VERSION = CURRENT_PROTOCOL_VERSION;
@@ -13,6 +17,12 @@ class IMClient {
     this._onFatal = options.onFatal || (() => process.exit(1));
     this._onUserSigExpired = options.onUserSigExpired || null;
+    // Persistent monotonic sequence stamped onto every outgoing message as
+    // `seq`, so the iOS client can order messages by real send order instead
+    // of unreliable arrival order. Falls back to ~/.chatcc/seq.json when the
+    // caller (tests) doesn't pass a path.
+    this._seqStore = new SeqStore(options.seqFilePath || path.join(os.homedir(), '.chatcc', 'seq.json'));
     const TIM = require('@tencentcloud/chat');
     this.TIM = TIM;
     this.tim = TIM.create({ SDKAppID: sdkAppID });
@@ -136,6 +146,10 @@ class IMClient {
   }
   async sendCustomMessage(to, ccType, payload = {}, pushOptions = null) {
+    // Stamp a monotonic seq onto every outgoing message (including chunks).
+    // The iOS client uses it as the authoritative sort key. Placed here so it
+    // is impossible to send without one — this is the sole send path.
+    payload = { ...payload, seq: this._seqStore.next() };
     const message = this.tim.createCustomMessage({
       to,
       conversationType: this.TIM.TYPES.CONV_C2C,

package/src/image-downloader.js CHANGED Viewed

@@ -10,6 +10,17 @@ const DOWNLOAD_MAX_SIZE = 10 * 1024 * 1024; // 10MB
 const IMAGE_CONTENT_TYPES = new Set([
   'image/png', 'image/jpeg', 'image/gif', 'image/webp', 'image/bmp', 'image/svg+xml',
 ]);
+// Map Content-Type -> file extension so the saved temp file's extension (and thus the
+// downstream media_type) matches the actual bytes, instead of trusting the URL path.
+const CONTENT_TYPE_EXT = {
+  'image/png': 'png',
+  'image/jpeg': 'jpg',
+  'image/jpg': 'jpg',
+  'image/gif': 'gif',
+  'image/webp': 'webp',
+  'image/bmp': 'bmp',
+  'image/svg+xml': 'svg',
+};
 function downloadImage(url, tempFiles) {
   return new Promise((resolve, reject) => {
@@ -19,13 +30,14 @@ function downloadImage(url, tempFiles) {
     const initialProtocol = parsed.protocol;
     const extMatch = parsed.pathname.match(/\.(png|jpg|jpeg|gif|webp|bmp)/i);
-    const ext = extMatch ? '.' + extMatch[1] : '.png';
-    const tmpPath = path.join(os.tmpdir(), 'chatcc-' + crypto.randomBytes(8).toString('hex') + ext);
-    tempFiles.add(tmpPath);
+    const urlExt = extMatch ? extMatch[1].toLowerCase() : 'png';
+    const makePath = (e) => path.join(os.tmpdir(), 'chatcc-' + crypto.randomBytes(8).toString('hex') + '.' + e);
+    let writePath = makePath(urlExt);
+    tempFiles.add(writePath);
     function fail(err) {
-      fs.unlink(tmpPath, () => {});
-      tempFiles.delete(tmpPath);
+      fs.unlink(writePath, () => {});
+      tempFiles.delete(writePath);
       reject(err);
     }
@@ -52,11 +64,26 @@ function downloadImage(url, tempFiles) {
             return fail(new Error('Invalid content type: ' + contentType));
           }
+          // Realign the temp file extension to the real Content-Type: COS / IM image
+          // URLs are often bare UUIDs with no extension, so the URL-derived ext (which
+          // defaults to 'png') is unreliable. The file extension drives the media_type
+          // we later declare to Claude, so it must match the actual bytes.
+          const realExt = CONTENT_TYPE_EXT[contentType] || urlExt;
+          if (realExt !== urlExt) {
+            console.log(`[Image] Realign ext: url=${urlExt} -> ${realExt} (content-type=${contentType})`);
+            tempFiles.delete(writePath);
+            fs.unlink(writePath, () => {});
+            writePath = makePath(realExt);
+            tempFiles.add(writePath);
+          } else {
+            console.log(`[Image] ext=${realExt} (content-type=${contentType})`);
+          }
           const contentLength = parseInt(res.headers['content-length'], 10);
           if (contentLength && contentLength > DOWNLOAD_MAX_SIZE) return fail(new Error('File too large'));
           let downloaded = 0;
-          const file = fs.createWriteStream(tmpPath);
+          const file = fs.createWriteStream(writePath);
           res.on('data', (chunk) => {
             downloaded += chunk.length;
             if (downloaded > DOWNLOAD_MAX_SIZE) {
@@ -66,7 +93,11 @@ function downloadImage(url, tempFiles) {
             }
           });
           res.pipe(file);
-          file.on('finish', () => { file.close(); resolve(tmpPath); });
+          file.on('finish', () => {
+            file.close();
+            console.log(`[Image] Downloaded ${downloaded} bytes -> ${path.basename(writePath)}`);
+            resolve(writePath);
+          });
         }).on('error', fail);
       }).catch(fail);
     }

package/src/index.js CHANGED Viewed

@@ -7,6 +7,7 @@ const { FileService } = require('./file-service');
 const { collectServerMeta } = require('./server-info');
 const { getLogFilePath, cleanupOldLogs, rotateLogStream } = require('./log-rotation');
 const { SessionStore } = require('./session-store');
+const { CURRENT_PROTOCOL_VERSION, MIN_PROTOCOL_VERSION } = require('./constants');
 const { handleSessionCreate, handleSessionUpdateSettings, handleClaudeSessionList, handlePermissionGrant, handleSessionSync } = require('./session-handler');
 const { handleClientList, handleClientRemove } = require('./client-handler');
 const { downloadImage } = require('./image-downloader');
@@ -22,7 +23,9 @@ const CHATCC_DIR = path.join(os.homedir(), '.chatcc');
 let logStream = null;
 if (isDaemon) {
   if (!fs.existsSync(CHATCC_DIR)) fs.mkdirSync(CHATCC_DIR, { recursive: true });
-  logStream = fs.createWriteStream(getLogFilePath(CHATCC_DIR), { flags: 'a' });
+  const _logPath = getLogFilePath(CHATCC_DIR);
+  try { if (fs.existsSync(_logPath)) fs.chmodSync(_logPath, 0o600); } catch {}
+  logStream = fs.createWriteStream(_logPath, { flags: 'a', mode: 0o600 });
   const origLog = console.log;
   const origWarn = console.warn;
   const origErr = console.error;
@@ -185,6 +188,7 @@ async function main() {
   // Create IM client and login
   imClient = new IMClient(config.sdkAppID, config.agentUserID, config.userSig, {
+    seqFilePath: path.join(CHATCC_DIR, 'seq.json'),
     onFatal: () => shutdown('IM_FATAL'),
     onUserSigExpired: async () => {
       console.log('[UserSig] Refreshing from CloudBase...');
@@ -290,6 +294,30 @@ async function main() {
       return;
     }
+    // M3: reject messages from incompatible protocol versions.
+    // data.v = sender's version; data.min_v = lowest version the sender can talk to.
+    if (data.v !== undefined) {
+      if (data.v < MIN_PROTOCOL_VERSION) {
+        console.warn(`[Security] Rejected ${from}: protocol v${data.v} < min v${MIN_PROTOCOL_VERSION}`);
+        imClient.sendCustomMessage(from, 'version_error', {
+          agent_version: CURRENT_PROTOCOL_VERSION,
+          min_version: MIN_PROTOCOL_VERSION,
+          received_version: data.v,
+          message: `Protocol version ${data.v} is no longer supported`,
+        }).catch(() => {});
+        return;
+      }
+      if (data.min_v !== undefined && data.min_v > CURRENT_PROTOCOL_VERSION) {
+        console.warn(`[Security] Rejected ${from}: client requires v${data.min_v} > agent v${CURRENT_PROTOCOL_VERSION}`);
+        imClient.sendCustomMessage(from, 'version_error', {
+          agent_version: CURRENT_PROTOCOL_VERSION,
+          required_version: data.min_v,
+          message: `Agent too old (client requires v${data.min_v}), please upgrade`,
+        }).catch(() => {});
+        return;
+      }
+    }
     switch (data.cc_type) {
       case 'user_text': {
         const sid = data.session_id;
@@ -341,10 +369,27 @@ async function main() {
         const bridgeOpts = { cwd, claudeSessionId: claudeSid, onClaudeSessionId, onResumeFailed, onSessionTitle, workspaceRestricted: isRestricted, permissions: sessionPermissions };
         if (imageUrls.length > 0) {
           Promise.all(imageUrls.map(u => downloadImage(u, tempFiles).catch(e => {
-            console.error('[Image] Download failed:', e.message, e.stack);
+            console.error('[Image] Download failed for', u, ':', e.message, e.stack);
             return null;
           }))).then((paths) => {
-            bridge.handleUserText(from, data.content, sid, { ...bridgeOpts, imagePaths: paths.filter(p => p !== null) });
+            const ok = paths.filter(p => p !== null);
+            const failed = paths.length - ok.length;
+            // If every image failed, there's nothing to analyze — tell the client instead
+            // of silently feeding an empty (or text-only) prompt to Claude.
+            if (ok.length === 0) {
+              console.warn(`[Image] All ${paths.length} image(s) failed to download in session ${sid}; notifying client`);
+              imClient.sendCustomMessage(from, 'error', {
+                type: 'image_download',
+                session_id: sid,
+                message: `图片加载失败（${failed}/${paths.length}），请重试或换一张图`,
+              }).catch(() => {});
+              return;
+            }
+            // Partial failure: still proceed, but warn how many dropped so behavior is visible.
+            if (failed > 0) {
+              console.warn(`[Image] Partial failure: ${failed}/${paths.length} images dropped in session ${sid}`);
+            }
+            bridge.handleUserText(from, data.content, sid, { ...bridgeOpts, imagePaths: ok });
           }).catch(e => console.error('[Image] Processing failed:', e.message, e.stack));
         } else {
           bridge.handleUserText(from, data.content, sid, { ...bridgeOpts, imagePaths: [] });
@@ -373,32 +418,48 @@ async function main() {
       case 'tool_approval_response': {
         const approved = data.approved === true;
-        console.log(`[Approval] tool_use_id=${data.msg_id} approved=${approved}`);
+        console.log(`[Approval] tool_use_id=${data.msg_id} approved=${approved} from=${from}`);
         if (bridge) {
-          bridge.resolveToolApproval(data.msg_id, approved);
+          bridge.resolveToolApproval(data.msg_id, approved, from);
         }
         break;
       }
       case 'file_tree_request': {
+        if (fileSessionDenied(from, data)) {
+          imClient.sendCustomMessage(from, 'file_tree_response', { request_id: data.request_id, error: 'Access denied' }).catch(() => {});
+          break;
+        }
         const fsConstraint = resolveFileConstraint(data);
         fileService.handleTreeRequest(from, data, fsConstraint);
         break;
       }
       case 'file_read_request': {
+        if (fileSessionDenied(from, data)) {
+          imClient.sendCustomMessage(from, 'file_read_response', { request_id: data.request_id, error: 'Access denied' }).catch(() => {});
+          break;
+        }
         const fsConstraint = resolveFileConstraint(data);
         fileService.handleReadRequest(from, data, fsConstraint);
         break;
       }
       case 'file_search_request': {
+        if (fileSessionDenied(from, data)) {
+          imClient.sendCustomMessage(from, 'file_search_response', { request_id: data.request_id, error: 'Access denied' }).catch(() => {});
+          break;
+        }
         const fsConstraint = resolveFileConstraint(data);
         fileService.handleSearchRequest(from, data, fsConstraint);
         break;
       }
       case 'file_mkdir_request': {
+        if (fileSessionDenied(from, data)) {
+          imClient.sendCustomMessage(from, 'file_mkdir_response', { request_id: data.request_id, error: 'Access denied' }).catch(() => {});
+          break;
+        }
         const fsConstraint = resolveFileConstraint(data);
         fileService.handleMkdirRequest(from, data, fsConstraint);
         break;
@@ -552,6 +613,13 @@ async function main() {
 const MAX_SESSIONS = 50;
+// Reject file operations that reference another client's session.
+function fileSessionDenied(from, data) {
+  if (!data.session_id) return false;
+  const sess = sessions ? sessions.get(data.session_id) : null;
+  return !!sess && sess.clientID !== from;
+}
 function resolveFileConstraint(data) {
   if (!data.session_id) return null;
   const sess = sessions ? sessions.get(data.session_id) : null;

package/src/log-rotation.js CHANGED Viewed

@@ -32,7 +32,10 @@ function rotateLogStream(dir, oldStream) {
     oldStream.end();
   }
   cleanupOldLogs(dir);
-  const newStream = fs.createWriteStream(getLogFilePath(dir), { flags: 'a' });
+  // L2: tighten log file permission to 0o600
+  const newPath = getLogFilePath(dir);
+  try { if (fs.existsSync(newPath)) fs.chmodSync(newPath, 0o600); } catch {}
+  const newStream = fs.createWriteStream(newPath, { flags: 'a', mode: 0o600 });
   newStream.on('error', (e) => console.error(`[LogRotation] Write error: ${e.message}`));
   return newStream;
 }

package/src/seq-store.js ADDED Viewed

@@ -0,0 +1,85 @@
+const fs = require('fs');
+const path = require('path');
+/**
+ * Persistent, monotonically increasing sequence counter.
+ *
+ * Every outgoing IM message carries the result of `next()` as a `seq` field,
+ * which the iOS client uses as the authoritative sort order (instead of its
+ * local arrival-order counter). Two hard requirements shape this design:
+ *
+ *   1. Never reuse a number. If the agent crashes and restarts, the counter
+ *      MUST resume past the last value it handed out — otherwise a freshly
+ *      sent `seq=3` collides with a message the client already stored as
+ *      `seq=3`, and pagination/sorting breaks.
+ *   2. Keep up with streaming throughput (many chunks per second).
+ *
+ * (1) forces a synchronous, atomic write on every `next()` — a 2s debounced
+ * flush (like SessionStore uses) would lose the tail on crash and let the
+ * counter roll back. A single integer file with tmp+rename is cheap enough
+ * that we accept the per-message fsync.
+ */
+class SeqStore {
+  constructor(filePath) {
+    this.filePath = filePath;
+    this.seq = 0;
+    this._load();
+  }
+  _load() {
+    try {
+      if (fs.existsSync(this.filePath)) {
+        const raw = fs.readFileSync(this.filePath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.seq === 'number' && parsed.seq >= 0 && Number.isFinite(parsed.seq)) {
+          this.seq = Math.floor(parsed.seq);
+        }
+      }
+    } catch (e) {
+      // A half-written file is renamed aside (like SessionStore) so the next
+      // boot starts clean from 0 rather than crashing on bad JSON.
+      try { fs.renameSync(this.filePath, this.filePath + '.broken'); } catch {}
+      console.warn('[SeqStore] Load failed, starting from 0:', e.message);
+    }
+    // Normalize to an odd high-water mark. Old builds incremented by 1 and may
+    // have persisted an even value; resume on the next odd number so we never
+    // emit an even seq (those belong to the client).
+    if (this.seq % 2 === 0) this.seq += 1;
+  }
+  /**
+   * Returns the next ODD sequence number (1, 3, 5, …). Monotonic, never reused
+   * across restarts. Odd-only so agent seqs and client-minted (even) sort
+   * orders never collide.
+   */
+  next() {
+    this.seq += 2;
+    this._writeToDisk();
+    return this.seq;
+  }
+  flush() {
+    this._writeToDisk();
+  }
+  _writeToDisk() {
+    try {
+      const dir = path.dirname(this.filePath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+      }
+      const tmp = this.filePath + '.tmp';
+      const fd = fs.openSync(tmp, 'w', 0o600);
+      fs.writeFileSync(fd, JSON.stringify({ seq: this.seq }), 'utf-8');
+      fs.closeSync(fd);
+      fs.renameSync(tmp, this.filePath);
+    } catch (e) {
+      // Best-effort: if the write fails we DO NOT throw, because a throw here
+      // would abort message dispatch. The in-memory counter is still correct
+      // for this process; only a crash within this window risks rollback.
+      console.warn('[SeqStore] Write failed:', e.message);
+    }
+  }
+}
+module.exports = { SeqStore };

package/src/session-store.js CHANGED Viewed

@@ -6,7 +6,7 @@ class SessionStore {
     this.filePath = filePath;
     this.maxSessions = options.maxSessions || 50;
     this.ttlDays = options.ttlDays || 30;
-    this.data = {};
+    this.data = Object.create(null);
     this._flushTimer = null;
     this._load();
@@ -19,7 +19,10 @@ class SessionStore {
       const raw = fs.readFileSync(this.filePath, 'utf-8');
       const parsed = JSON.parse(raw);
       if (typeof parsed === 'object' && parsed !== null && !Array.isArray(parsed)) {
-        this.data = parsed;
+        // L1: use a prototype-less object so session_id like '__proto__' is harmless
+        const safe = Object.create(null);
+        for (const key of Object.keys(parsed)) safe[key] = parsed[key];
+        this.data = safe;
       }
     } catch {
       try {