claude-brain 0.30.2 → 0.30.3

package/src/utils/error-handler.ts

@@ -1,136 +1,136 @@
-import type { Logger } from 'pino'
-
-export class GlobalErrorHandler {
-  private logger: Logger
-  private isShuttingDown = false
-
-  constructor(logger: Logger) {
-    this.logger = logger.child({ component: 'error-handler' })
-    this.setupHandlers()
-  }
-
-  private setupHandlers(): void {
-    process.on('uncaughtException', (error: Error) => {
-      this.handleUncaughtException(error)
-    })
-
-    process.on('unhandledRejection', (reason: unknown, promise: Promise<unknown>) => {
-      this.handleUnhandledRejection(reason, promise)
-    })
-
-    process.on('warning', (warning: Error) => {
-      this.handleWarning(warning)
-    })
-
-    process.on('SIGTERM', () => {
-      this.handleShutdown('SIGTERM')
-    })
-
-    process.on('SIGINT', () => {
-      this.handleShutdown('SIGINT')
-    })
-
-    process.on('SIGHUP', () => {
-      this.handleShutdown('SIGHUP')
-    })
-  }
-
-  private handleUncaughtException(error: Error): void {
-    this.logger.fatal(
-      {
-        error: {
-          name: error.name,
-          message: error.message,
-          stack: error.stack
-        }
-      },
-      'Uncaught exception'
-    )
-
-    this.emergencyShutdown('uncaughtException')
-  }
-
-  private handleUnhandledRejection(reason: unknown, promise: Promise<unknown>): void {
-    this.logger.error(
-      {
-        reason: reason instanceof Error ? {
-          name: reason.name,
-          message: reason.message,
-          stack: reason.stack
-        } : reason,
-        promise: String(promise)
-      },
-      'Unhandled promise rejection'
-    )
-  }
-
-  private handleWarning(warning: Error): void {
-    this.logger.warn(
-      {
-        name: warning.name,
-        message: warning.message,
-        stack: warning.stack
-      },
-      'Process warning'
-    )
-  }
-
-  private handleShutdown(signal: string): void {
-    if (this.isShuttingDown) {
-      return
-    }
-
-    this.isShuttingDown = true
-
-    this.logger.info({ signal }, 'Received shutdown signal, closing gracefully...')
-
-    setTimeout(() => {
-      this.logger.info('Graceful shutdown complete')
-      process.exit(0)
-    }, 5000)
-  }
-
-  private emergencyShutdown(reason: string): void {
-    console.error(`FATAL: Emergency shutdown due to ${reason}`)
-
-    setTimeout(() => {
-      process.exit(1)
-    }, 1000)
-  }
-
-  static createError(
-    message: string,
-    code: string,
-    context?: Record<string, unknown>
-  ): AppError {
-    return new AppError(message, code, context)
-  }
-}
-
-export class AppError extends Error {
-  code: string
-  context?: Record<string, unknown>
-  isOperational: boolean
-
-  constructor(
-    message: string,
-    code: string,
-    context?: Record<string, unknown>,
-    isOperational = true
-  ) {
-    super(message)
-    this.name = 'AppError'
-    this.code = code
-    this.context = context
-    this.isOperational = isOperational
-
-    Error.captureStackTrace(this, this.constructor)
-  }
-}
-
-export function isOperationalError(error: Error): boolean {
-  if (error instanceof AppError) {
-    return error.isOperational
-  }
-  return false
-}
+import type { Logger } from 'pino'
+
+export class GlobalErrorHandler {
+  private logger: Logger
+  private isShuttingDown = false
+
+  constructor(logger: Logger) {
+    this.logger = logger.child({ component: 'error-handler' })
+    this.setupHandlers()
+  }
+
+  private setupHandlers(): void {
+    process.on('uncaughtException', (error: Error) => {
+      this.handleUncaughtException(error)
+    })
+
+    process.on('unhandledRejection', (reason: unknown, promise: Promise<unknown>) => {
+      this.handleUnhandledRejection(reason, promise)
+    })
+
+    process.on('warning', (warning: Error) => {
+      this.handleWarning(warning)
+    })
+
+    process.on('SIGTERM', () => {
+      this.handleShutdown('SIGTERM')
+    })
+
+    process.on('SIGINT', () => {
+      this.handleShutdown('SIGINT')
+    })
+
+    process.on('SIGHUP', () => {
+      this.handleShutdown('SIGHUP')
+    })
+  }
+
+  private handleUncaughtException(error: Error): void {
+    this.logger.fatal(
+      {
+        error: {
+          name: error.name,
+          message: error.message,
+          stack: error.stack
+        }
+      },
+      'Uncaught exception'
+    )
+
+    this.emergencyShutdown('uncaughtException')
+  }
+
+  private handleUnhandledRejection(reason: unknown, promise: Promise<unknown>): void {
+    this.logger.error(
+      {
+        reason: reason instanceof Error ? {
+          name: reason.name,
+          message: reason.message,
+          stack: reason.stack
+        } : reason,
+        promise: String(promise)
+      },
+      'Unhandled promise rejection'
+    )
+  }
+
+  private handleWarning(warning: Error): void {
+    this.logger.warn(
+      {
+        name: warning.name,
+        message: warning.message,
+        stack: warning.stack
+      },
+      'Process warning'
+    )
+  }
+
+  private handleShutdown(signal: string): void {
+    if (this.isShuttingDown) {
+      return
+    }
+
+    this.isShuttingDown = true
+
+    this.logger.info({ signal }, 'Received shutdown signal, closing gracefully...')
+
+    setTimeout(() => {
+      this.logger.info('Graceful shutdown complete')
+      process.exit(0)
+    }, 5000)
+  }
+
+  private emergencyShutdown(reason: string): void {
+    console.error(`FATAL: Emergency shutdown due to ${reason}`)
+
+    setTimeout(() => {
+      process.exit(1)
+    }, 1000)
+  }
+
+  static createError(
+    message: string,
+    code: string,
+    context?: Record<string, unknown>
+  ): AppError {
+    return new AppError(message, code, context)
+  }
+}
+
+export class AppError extends Error {
+  code: string
+  context?: Record<string, unknown>
+  isOperational: boolean
+
+  constructor(
+    message: string,
+    code: string,
+    context?: Record<string, unknown>,
+    isOperational = true
+  ) {
+    super(message)
+    this.name = 'AppError'
+    this.code = code
+    this.context = context
+    this.isOperational = isOperational
+
+    Error.captureStackTrace(this, this.constructor)
+  }
+}
+
+export function isOperationalError(error: Error): boolean {
+  if (error instanceof AppError) {
+    return error.isOperational
+  }
+  return false
+}

package/src/utils/index.ts

@@ -1,58 +1,58 @@
-export {
-  createLogger,
-  createComponentLogger,
-  createRequestLogger,
-  generateRequestId
-} from './logger'
-
-export {
-  logToolCall,
-  logToolResult,
-  logAgentActivity,
-  logPerformance,
-  logError,
-  logVaultOperation,
-  logMemoryOperation,
-  createTimer
-} from './logger-utils'
-
-export {
-  GlobalErrorHandler,
-  AppError,
-  isOperationalError
-} from './error-handler'
-
-export {
-  RetryManager
-} from './retry'
-
-export {
-  CircuitBreaker,
-  CircuitState
-} from './circuit-breaker'
-
-export {
-  FallbackManager
-} from './fallback'
-
-export {
-  TransactionManager
-} from './transaction'
-
-export {
-  CleanupManager
-} from './cleanup'
-
-export {
-  ErrorMessages
-} from './error-messages'
-
-export {
-  isPhase12Available,
-  getPhase12Instance,
-  resetPhase12Cache
-} from './phase12-helper'
-
-export {
-  killProcessOnPort
-} from './kill-port'
+export {
+  createLogger,
+  createComponentLogger,
+  createRequestLogger,
+  generateRequestId
+} from './logger'
+
+export {
+  logToolCall,
+  logToolResult,
+  logAgentActivity,
+  logPerformance,
+  logError,
+  logVaultOperation,
+  logMemoryOperation,
+  createTimer
+} from './logger-utils'
+
+export {
+  GlobalErrorHandler,
+  AppError,
+  isOperationalError
+} from './error-handler'
+
+export {
+  RetryManager
+} from './retry'
+
+export {
+  CircuitBreaker,
+  CircuitState
+} from './circuit-breaker'
+
+export {
+  FallbackManager
+} from './fallback'
+
+export {
+  TransactionManager
+} from './transaction'
+
+export {
+  CleanupManager
+} from './cleanup'
+
+export {
+  ErrorMessages
+} from './error-messages'
+
+export {
+  isPhase12Available,
+  getPhase12Instance,
+  resetPhase12Cache
+} from './phase12-helper'
+
+export {
+  killProcessOnPort
+} from './kill-port'

package/src/utils/kill-port.ts

@@ -1,53 +1,55 @@
-/**
- * Cross-platform utility to kill the process holding a specific port.
- * Used by serve.ts (EADDRINUSE recovery) and auto-updater.ts (ghost cleanup).
- */
-
-import { execSync } from 'node:child_process'
-
-const isWindows = process.platform === 'win32'
-
-/**
- * Kill the process listening on the given port.
- * Skips the current process (myPid) to avoid self-termination.
- * Returns the PIDs that were killed, or an empty array if none found.
- */
-export function killProcessOnPort(port: number, myPid: number = process.pid): number[] {
-  const killed: number[] = []
-
-  try {
-    if (isWindows) {
-      const result = execSync(`netstat -ano | findstr :${port} | findstr LISTENING`, {
-        encoding: 'utf-8', stdio: 'pipe', timeout: 5000,
-      })
-      const pids = new Set(
-        result.split('\n')
-          .map(line => line.trim().split(/\s+/).pop())
-          .filter((p): p is string => !!p && Number(p) !== myPid && !isNaN(Number(p)))
-      )
-      for (const pid of pids) {
-        try {
-          execSync(`taskkill /F /PID ${pid}`, { stdio: 'pipe', timeout: 5000 })
-          killed.push(Number(pid))
-        } catch {}
-      }
-    } else {
-      const raw = execSync(`lsof -ti :${port}`, {
-        encoding: 'utf-8', stdio: 'pipe', timeout: 5000,
-      }).trim()
-      if (raw) {
-        const pids = raw.split('\n').filter(p => p && Number(p) !== myPid)
-        for (const pid of pids) {
-          try {
-            process.kill(Number(pid), 'SIGKILL')
-            killed.push(Number(pid))
-          } catch {}
-        }
-      }
-    }
-  } catch {
-    // No process on port — that's fine
-  }
-
-  return killed
-}
+/**
+ * Cross-platform utility to kill the process holding a specific port.
+ * Used by serve.ts (EADDRINUSE recovery) and auto-updater.ts (ghost cleanup).
+ */
+
+import { spawnSync } from 'node:child_process'
+
+const isWindows = process.platform === 'win32'
+
+/**
+ * Kill the process listening on the given port.
+ * Skips the current process (myPid) to avoid self-termination.
+ * Returns the PIDs that were killed, or an empty array if none found.
+ */
+export function killProcessOnPort(port: number, myPid: number = process.pid): number[] {
+  const killed: number[] = []
+
+  try {
+    if (isWindows) {
+      const result = spawnSync('cmd', ['/c', `netstat -ano | findstr :${port} | findstr LISTENING`], {
+        encoding: 'utf-8', stdio: 'pipe', timeout: 5000,
+      })
+      const output = result.stdout || ''
+      const pids = new Set(
+        output.split('\n')
+          .map(line => line.trim().split(/\s+/).pop())
+          .filter((p): p is string => !!p && Number(p) !== myPid && !isNaN(Number(p)))
+      )
+      for (const pid of pids) {
+        try {
+          spawnSync('taskkill', ['/F', '/PID', pid], { stdio: 'pipe', timeout: 5000 })
+          killed.push(Number(pid))
+        } catch {}
+      }
+    } else {
+      const result = spawnSync('lsof', ['-ti', `:${port}`], {
+        encoding: 'utf-8', stdio: 'pipe', timeout: 5000,
+      })
+      const raw = result.stdout?.trim() || ''
+      if (raw) {
+        const pids = raw.split('\n').filter(p => p && Number(p) !== myPid)
+        for (const pid of pids) {
+          try {
+            process.kill(Number(pid), 'SIGKILL')
+            killed.push(Number(pid))
+          } catch {}
+        }
+      }
+    }
+  } catch {
+    // No process on port — that's fine
+  }
+
+  return killed
+}

package/src/utils/phase12-helper.ts

@@ -1,56 +1,56 @@
-/**
- * Phase 12 Helper
- * Utilities for checking Phase 12 availability
- * Allows Phase 6.5 to gracefully degrade if Phase 12 isn't fully implemented
- */
-
-import type { Phase12Manager } from '@/automation/phase12-manager'
-
-// Cache for Phase 12 availability check
-let phase12Available: boolean | null = null
-
-/**
- * Check if Phase 12 features are available
- */
-export function isPhase12Available(): boolean {
-  if (phase12Available !== null) {
-    return phase12Available
-  }
-
-  try {
-    // Check if the module can be loaded
-    require('@/automation/phase12-manager')
-    phase12Available = true
-    return true
-  } catch {
-    phase12Available = false
-    return false
-  }
-}
-
-/**
- * Get Phase 12 instance if available
- * Returns null if Phase 12 is not available or not initialized
- */
-export function getPhase12Instance(): Phase12Manager | null {
-  try {
-    // Import the service getter
-    const { getPhase12Service, isServicesInitialized } = require('@/server/services')
-
-    if (!isServicesInitialized()) {
-      return null
-    }
-
-    return getPhase12Service()
-  } catch {
-    return null
-  }
-}
-
-/**
- * Reset the Phase 12 availability cache
- * Useful for testing
- */
-export function resetPhase12Cache(): void {
-  phase12Available = null
-}
+/**
+ * Phase 12 Helper
+ * Utilities for checking Phase 12 availability
+ * Allows Phase 6.5 to gracefully degrade if Phase 12 isn't fully implemented
+ */
+
+import type { Phase12Manager } from '@/automation/phase12-manager'
+
+// Cache for Phase 12 availability check
+let phase12Available: boolean | null = null
+
+/**
+ * Check if Phase 12 features are available
+ */
+export function isPhase12Available(): boolean {
+  if (phase12Available !== null) {
+    return phase12Available
+  }
+
+  try {
+    // Check if the module can be loaded
+    require('@/automation/phase12-manager')
+    phase12Available = true
+    return true
+  } catch {
+    phase12Available = false
+    return false
+  }
+}
+
+/**
+ * Get Phase 12 instance if available
+ * Returns null if Phase 12 is not available or not initialized
+ */
+export function getPhase12Instance(): Phase12Manager | null {
+  try {
+    // Import the service getter
+    const { getPhase12Service, isServicesInitialized } = require('@/server/services')
+
+    if (!isServicesInitialized()) {
+      return null
+    }
+
+    return getPhase12Service()
+  } catch {
+    return null
+  }
+}
+
+/**
+ * Reset the Phase 12 availability cache
+ * Useful for testing
+ */
+export function resetPhase12Cache(): void {
+  phase12Available = null
+}

package/src/utils/safe-path.ts

@@ -0,0 +1,43 @@
+/**
+ * Path Traversal Protection Utility
+ * Phase 1: Security Hardening
+ *
+ * Validates that file paths are within allowed base directories.
+ */
+
+import path from 'path'
+import fs from 'fs'
+
+/**
+ * Validate that a file path is within the allowed base directory.
+ * Resolves symlinks to prevent traversal via symlinked directories.
+ *
+ * @throws Error if path escapes the base directory
+ */
+export function validatePath(filePath: string, baseDir: string): string {
+  // Resolve to absolute paths
+  const resolvedBase = fs.realpathSync(baseDir)
+  const resolvedPath = path.resolve(resolvedBase, filePath)
+
+  // For existing files, resolve symlinks
+  let canonicalPath: string
+  try {
+    canonicalPath = fs.realpathSync(resolvedPath)
+  } catch {
+    // File doesn't exist yet — check the parent directory
+    const parentDir = path.dirname(resolvedPath)
+    try {
+      const canonicalParent = fs.realpathSync(parentDir)
+      canonicalPath = path.join(canonicalParent, path.basename(resolvedPath))
+    } catch {
+      canonicalPath = resolvedPath
+    }
+  }
+
+  // Verify the canonical path starts with the base
+  if (!canonicalPath.startsWith(resolvedBase + path.sep) && canonicalPath !== resolvedBase) {
+    throw new Error(`Path traversal detected: ${filePath} resolves outside ${baseDir}`)
+  }
+
+  return canonicalPath
+}