claude-code-session-manager 0.8.1 → 0.8.3

package/dist/index.html

@@ -4,8 +4,8 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Claude Session Manager</title>
-    <script type="module" crossorigin src="./assets/index-E14-spyd.js"></script>
-    <link rel="stylesheet" crossorigin href="./assets/index-DsC4vT8M.css">
+    <script type="module" crossorigin src="./assets/index-BGshD4Pw.js"></script>
+    <link rel="stylesheet" crossorigin href="./assets/index-DCK87t79.css">
   </head>
   <body class="bg-bg text-fg font-mono antialiased">
     <div id="root"></div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-code-session-manager",
-  "version": "0.8.1",
+  "version": "0.8.3",
   "description": "Local cockpit for Claude Code CLI sessions — terminal + full config surface.",
   "type": "module",
   "main": "src/main/index.cjs",

package/src/main/config.cjs

@@ -36,10 +36,31 @@ function expandHome(p) {
   return p;
 }
 
+/**
+ * Resolve a path to its realpath, handling non-existent files by resolving
+ * the parent directory instead. Prevents symlink traversal attacks.
+ */
+function realResolve(abs) {
+  const lex = path.resolve(expandHome(abs));
+  try {
+    return fs.realpathSync(lex);
+  } catch (e) {
+    if (e.code === 'ENOENT') {
+      const parent = path.dirname(lex);
+      try {
+        return path.join(fs.realpathSync(parent), path.basename(lex));
+      } catch {
+        return lex;
+      }
+    }
+    throw e;
+  }
+}
+
 /**
  * Validate that a resolved path stays within an allowed boundary. Prevents
  * path traversal attacks where a renderer-controlled path uses `..` segments
- * to escape into arbitrary filesystem locations.
+ * or symlinks to escape into arbitrary filesystem locations.
  *
  * Allowed roots: home directory and any cwd the app has seen (project scopes).
  */
@@ -50,11 +71,53 @@ function addAllowedRoot(dir) {
 }
 
 function validatePath(abs) {
-  const resolved = path.resolve(abs);
+  const real = realResolve(abs);
   for (const root of allowedRoots) {
-    if (resolved === root || resolved.startsWith(root + path.sep)) return resolved;
+    let realRoot;
+    try {
+      realRoot = fs.realpathSync(root);
+    } catch {
+      realRoot = root;
+    }
+    if (real === realRoot || real.startsWith(realRoot + path.sep)) return real;
   }
-  throw new Error(`Path outside allowed boundaries: ${resolved}`);
+  throw new Error(`Path outside allowed boundaries: ${real}`);
+}
+
+// Paths that are allowed as write destinations.
+const WRITE_PREFIXES = [
+  path.join(os.homedir(), '.claude'),
+  path.join(os.homedir(), '.claude.json'), // global MCP servers config
+  path.join(os.homedir(), '.config', 'claude-code'),
+  path.join(os.homedir(), '.config', 'session-manager'),
+];
+
+/**
+ * Restricts write operations to a tighter set of destinations than reads.
+ * Never allows writing to .credentials.json.
+ * Call after validatePath (which provides the realpath).
+ */
+function validateWrite(realAbs) {
+  if (path.basename(realAbs) === '.credentials.json') {
+    throw new Error(`Write to .credentials.json denied`);
+  }
+  const inWritePrefix = WRITE_PREFIXES.some(
+    (p) => realAbs === p || realAbs.startsWith(p + path.sep)
+  );
+  if (inWritePrefix) return;
+  // Also allowed inside a registered project root's .claude/ subtree.
+  for (const root of allowedRoots) {
+    if (root === os.homedir()) continue;
+    let realRoot;
+    try { realRoot = fs.realpathSync(root); } catch { realRoot = root; }
+    if (realAbs === realRoot || realAbs.startsWith(realRoot + path.sep)) {
+      const claudeSub = path.join(realRoot, '.claude');
+      if (realAbs === claudeSub || realAbs.startsWith(claudeSub + path.sep)) {
+        return;
+      }
+    }
+  }
+  throw new Error(`Write outside allowed write boundaries: ${realAbs}`);
 }
 
 async function readJson(abs) {
@@ -97,13 +160,14 @@ async function readText(abs) {
  * directories if missing.
  */
 async function writeTextAtomic(abs, text) {
-  abs = validatePath(expandHome(abs));
-  const dir = path.dirname(abs);
+  const real = validatePath(expandHome(abs));
+  validateWrite(real);
+  const dir = path.dirname(real);
   await fsp.mkdir(dir, { recursive: true });
-  const tmp = `${abs}.tmp-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+  const tmp = `${real}.tmp-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
   await fsp.writeFile(tmp, text, 'utf8');
-  await fsp.rename(tmp, abs);
-  const stat = await fsp.stat(abs);
+  await fsp.rename(tmp, real);
+  const stat = await fsp.stat(real);
   return { ok: true, mtimeMs: stat.mtimeMs };
 }
 
@@ -157,6 +221,15 @@ async function exists(abs) {
   }
 }
 
+/**
+ * Normalize a path to a consistent map key: expand ~ then resolve to an
+ * absolute lexical path. Used as the refcount Map key in both watch() and
+ * unwatch() so callers can use either spelling interchangeably.
+ */
+function normalizePathKey(p) {
+  return path.resolve(expandHome(p));
+}
+
 /**
  * Watch one or more absolute paths. Each call increments a refcount per path.
  * Unwatch decrements; when refcount hits zero the underlying watcher is closed.
@@ -164,13 +237,14 @@ async function exists(abs) {
  */
 function watch(paths) {
   for (const rawPath of paths) {
-    const abs = validatePath(expandHome(rawPath));
-    const existing = watchers.get(abs);
+    validatePath(expandHome(rawPath)); // security check — throws if out of bounds
+    const key = normalizePathKey(rawPath);
+    const existing = watchers.get(key);
     if (existing) {
       existing.refCount++;
       continue;
     }
-    const w = chokidar.watch(abs, {
+    const w = chokidar.watch(key, {
       ignoreInitial: true,
       persistent: true,
       awaitWriteFinish: { stabilityThreshold: 50, pollInterval: 25 },
@@ -178,34 +252,34 @@ function watch(paths) {
     const emit = (kind) => async () => {
       let mtimeMs = 0;
       try {
-        const st = await fsp.stat(abs);
+        const st = await fsp.stat(key);
         mtimeMs = st.mtimeMs;
       } catch {
         /* file may have been deleted */
       }
       if (window && !window.isDestroyed()) {
-        window.webContents.send('config:changed', { path: abs, mtimeMs, kind });
+        window.webContents.send('config:changed', { path: key, mtimeMs, kind });
       }
     };
     w.on('add', emit('add'));
     w.on('change', emit('change'));
     w.on('unlink', emit('unlink'));
     w.on('error', (err) => {
-      console.warn('[config] watcher error for', abs, err.message);
+      console.warn('[config] watcher error for', key, err.message);
     });
-    watchers.set(abs, { watcher: w, refCount: 1 });
+    watchers.set(key, { watcher: w, refCount: 1 });
   }
 }
 
 function unwatch(paths) {
   for (const rawPath of paths) {
-    const abs = expandHome(rawPath);
-    const entry = watchers.get(abs);
+    const key = normalizePathKey(rawPath);
+    const entry = watchers.get(key);
     if (!entry) continue;
     entry.refCount--;
     if (entry.refCount <= 0) {
       entry.watcher.close().catch(() => {});
-      watchers.delete(abs);
+      watchers.delete(key);
     }
   }
 }

package/src/main/index.cjs

@@ -2,7 +2,10 @@ const { app, BrowserWindow, ipcMain, dialog, Menu, session, systemPreferences, g
 const { spawn, execFile, execFileSync } = require('node:child_process');
 const path = require('node:path');
 const fs = require('node:fs');
+const fsp = require('node:fs/promises');
 const os = require('node:os');
+const { schemas } = require('./ipcSchemas.cjs');
+const { cleanChildEnv } = require('./lib/cleanEnv.cjs');
 const { manager: ptyManager, registerPtyHandlers } = require('./pty.cjs');
 const configMgr = require('./config.cjs');
 const transcripts = require('./transcripts.cjs');
@@ -68,7 +71,7 @@ function relaunchViaNpx() {
   const child = spawn(npxPath, ['--yes', 'claude-code-session-manager@latest'], {
     detached: true,
     stdio: ['ignore', logFd, logFd],
-    env: process.env,
+    env: cleanChildEnv(),
   });
   // fd was dup'd into the child at spawn time; closing the parent copy frees
   // our file table slot and ensures the child owns the lifetime of the log.
@@ -147,6 +150,7 @@ function createWindow() {
       preload: path.join(__dirname, '..', 'preload', 'index.cjs'),
       contextIsolation: true,
       nodeIntegration: false,
+      sandbox: true,
     },
   });
 
@@ -171,27 +175,6 @@ function createWindow() {
     return;
   }
 
-  // Lock down navigation: deny window.open + reject any navigation away from
-  // the loaded UI. External links are routed to the OS browser via shell
-  // instead of opening inside the Electron window. Defense against XSS or
-  // a compromised dependency that tries to navigate to a phishing page.
-  mainWindow.webContents.setWindowOpenHandler(({ url }) => {
-    if (url.startsWith('http://') || url.startsWith('https://')) {
-      shell.openExternal(url).catch(() => {});
-    }
-    return { action: 'deny' };
-  });
-
-  mainWindow.webContents.on('will-navigate', (event, url) => {
-    const allowed = useDevServer
-      ? ['http://localhost:5173', 'http://127.0.0.1:5173']
-      : []; // file:// loads happen via loadFile, not navigation
-    if (!allowed.some((a) => url.startsWith(a))) {
-      event.preventDefault();
-      console.warn('[main] blocked will-navigate to', url);
-    }
-  });
-
   mainWindow.on('closed', () => {
     mainWindow = null;
   });
@@ -238,13 +221,32 @@ ipcMain.handle('app:test-fire-hook', async (_e, payload) => {
     return { exitCode: -1, stdout: '', stderr: 'empty command', durationMs: 0 };
   }
 
+  // Require main window focused and explicit user confirmation before exec.
+  if (!mainWindow || !mainWindow.isFocused()) {
+    return { exitCode: -1, stdout: '', stderr: 'window not focused', durationMs: 0 };
+  }
+  const detail = command.length > 500 ? command.slice(0, 500) + '…' : command;
+  const { response } = await dialog.showMessageBox(mainWindow, {
+    type: 'warning',
+    buttons: ['Cancel', 'Run'],
+    defaultId: 0,
+    cancelId: 0,
+    message: 'Run hook command?',
+    detail,
+  });
+  if (response !== 1) {
+    return { exitCode: -1, stdout: '', stderr: 'user cancelled', durationMs: 0 };
+  }
+
+  const MAX_BUF = 1024 * 1024; // 1 MiB per stream
+
   return await new Promise((resolve) => {
     const startedAt = Date.now();
     let child;
     try {
       child = spawn(command, {
         shell: true,
-        env: { ...process.env, ...(env ?? {}) },
+        env: cleanChildEnv(env ?? {}),
         stdio: ['pipe', 'pipe', 'pipe'],
       });
     } catch (err) {
@@ -259,6 +261,8 @@ ipcMain.handle('app:test-fire-hook', async (_e, payload) => {
 
     const stdoutChunks = [];
     const stderrChunks = [];
+    let stdoutLen = 0;
+    let stderrLen = 0;
     let timedOut = false;
 
     const killTimer = setTimeout(() => {
@@ -266,8 +270,18 @@ ipcMain.handle('app:test-fire-hook', async (_e, payload) => {
       try { child.kill('SIGKILL'); } catch { /* already dead */ }
     }, timeoutMs);
 
-    child.stdout.on('data', (b) => stdoutChunks.push(b));
-    child.stderr.on('data', (b) => stderrChunks.push(b));
+    child.stdout.on('data', (b) => {
+      if (stdoutLen < MAX_BUF) {
+        stdoutChunks.push(b);
+        stdoutLen += b.length;
+      }
+    });
+    child.stderr.on('data', (b) => {
+      if (stderrLen < MAX_BUF) {
+        stderrChunks.push(b);
+        stderrLen += b.length;
+      }
+    });
 
     child.on('error', (err) => {
       clearTimeout(killTimer);
@@ -317,6 +331,75 @@ ipcMain.handle('app:git-branch', async (_e, payload) => {
   });
 });
 
+// Returns the resolved path of a command, or null if not found on PATH.
+function findCommand(name) {
+  try {
+    const out = execFileSync(
+      process.platform === 'win32' ? 'where' : 'which',
+      [name],
+      { encoding: 'utf8', env: process.env, timeout: 500 },
+    ).trim().split(/\r?\n/)[0];
+    if (out) return out;
+  } catch { /* not found */ }
+  return null;
+}
+
+ipcMain.handle('app:open-in-editor', async (_e, payload) => {
+  const { cwd, editor } = schemas.openInEditor.parse(payload);
+  const home = os.homedir();
+  if (!path.resolve(cwd).startsWith(home)) throw new Error('cwd outside home');
+  const candidates = (editor && editor !== 'auto')
+    ? [editor]
+    : [process.env.VISUAL, process.env.EDITOR, 'code', 'cursor', 'subl', 'nano'].filter(Boolean);
+  for (const cmd of candidates) {
+    if (!findCommand(cmd)) continue;
+    const child = spawn(cmd, [cwd], { detached: true, stdio: 'ignore', env: cleanChildEnv() });
+    child.unref();
+    return { ok: true, editor: cmd };
+  }
+  return { ok: false, error: 'no editor found' };
+});
+
+ipcMain.handle('app:open-in-finder', async (_e, payload) => {
+  const { cwd } = schemas.openInFinder.parse(payload);
+  const home = os.homedir();
+  if (!path.resolve(cwd).startsWith(home)) throw new Error('cwd outside home');
+  await shell.openPath(cwd);
+  return { ok: true };
+});
+
+ipcMain.handle('app:open-in-terminal', async (_e, payload) => {
+  const { cwd } = schemas.openInTerminal.parse(payload);
+  const home = os.homedir();
+  if (!path.resolve(cwd).startsWith(home)) throw new Error('cwd outside home');
+  if (process.platform === 'linux') {
+    const terms = ['gnome-terminal', 'konsole', 'xfce4-terminal', 'xterm'];
+    for (const t of terms) {
+      if (!findCommand(t)) continue;
+      const args = t === 'gnome-terminal'
+        ? ['--working-directory=' + cwd]
+        : ['-e', `bash -c "cd '${cwd.replace(/'/g, "'\\''")}' && exec bash"`];
+      const child = spawn(t, args, { detached: true, stdio: 'ignore', env: cleanChildEnv() });
+      child.unref();
+      return { ok: true, terminal: t };
+    }
+  } else if (process.platform === 'darwin') {
+    spawn('open', ['-a', 'Terminal', cwd], { detached: true, stdio: 'ignore', env: cleanChildEnv() }).unref();
+    return { ok: true, terminal: 'Terminal.app' };
+  }
+  return { ok: false, error: 'no terminal found' };
+});
+
+ipcMain.handle('app:archive-project', async (_e, payload) => {
+  const { encoded } = schemas.archiveProject.parse(payload);
+  const home = os.homedir();
+  const src = path.join(home, '.claude', 'projects', encoded);
+  const dst = path.join(home, '.claude', 'projects-archive', encoded);
+  await fsp.mkdir(path.dirname(dst), { recursive: true });
+  await fsp.rename(src, dst);
+  return { ok: true };
+});
+
 registerPtyHandlers();
 configMgr.registerConfigHandlers();
 transcripts.registerTranscriptHandlers();
@@ -371,6 +454,33 @@ if (!isDev) {
   }
 }
 
+// Global webContents hardening — applies to DevTools, future webContents, etc.
+// Must be registered before app.whenReady so it captures the first window too.
+app.on('web-contents-created', (_e, wc) => {
+  const useDevServer = process.env.SM_DEV === '1';
+
+  wc.setWindowOpenHandler(({ url }) => {
+    if (url.startsWith('http://') || url.startsWith('https://')) {
+      shell.openExternal(url).catch(() => {});
+    }
+    return { action: 'deny' };
+  });
+
+  wc.on('will-navigate', (event, url) => {
+    const allowed = useDevServer
+      ? ['http://localhost:5173', 'http://127.0.0.1:5173']
+      : [];
+    if (!allowed.some((a) => url.startsWith(a))) {
+      event.preventDefault();
+      console.warn('[main] blocked will-navigate to', url);
+    }
+  });
+
+  wc.on('will-attach-webview', (event) => {
+    event.preventDefault();
+  });
+});
+
 app.whenReady().then(async () => {
   logs.pruneOld();
   logs.writeLine({ scope: 'main', level: 'info', message: 'app start', meta: { version: app.getVersion(), platform: process.platform } });
@@ -383,14 +493,36 @@ app.whenReady().then(async () => {
     logs.writeLine({ scope: 'main', level: 'error', message: 'unhandledRejection', meta: r });
   });
 
-  // Grant microphone / media permissions so the renderer's getUserMedia
-  // (Whisper voice-to-text) resolves instead of being silently denied.
+  // Inject Content-Security-Policy for all renderer responses.
+  const CSP = [
+    "default-src 'self'",
+    "script-src 'self' 'wasm-unsafe-eval'",
+    "style-src 'self' 'unsafe-inline'",
+    "img-src 'self' data: blob:",
+    "font-src 'self' data:",
+    "connect-src 'self' https://api.anthropic.com",
+    "media-src 'self' blob:",
+    "worker-src 'self' blob:",
+  ].join('; ') + ';';
+  session.defaultSession.webRequest.onHeadersReceived((details, cb) => {
+    cb({
+      responseHeaders: {
+        ...details.responseHeaders,
+        'Content-Security-Policy': [CSP],
+      },
+    });
+  });
+
+  // Grant microphone / media permissions only for trusted origins.
   const MEDIA_PERMS = new Set(['media', 'audioCapture', 'microphone']);
-  session.defaultSession.setPermissionRequestHandler((_wc, permission, cb) => {
-    cb(MEDIA_PERMS.has(permission));
+  const isTrustedOrigin = (url) =>
+    (typeof url === 'string') &&
+    (url.startsWith('file://') || url.startsWith('http://localhost:5173'));
+  session.defaultSession.setPermissionRequestHandler((_wc, permission, cb, details) => {
+    cb(MEDIA_PERMS.has(permission) && isTrustedOrigin(details?.requestingUrl));
   });
-  session.defaultSession.setPermissionCheckHandler((_wc, permission) => {
-    return MEDIA_PERMS.has(permission);
+  session.defaultSession.setPermissionCheckHandler((_wc, permission, requestingOrigin) => {
+    return MEDIA_PERMS.has(permission) && isTrustedOrigin(requestingOrigin);
   });
   // macOS: trigger the OS-level mic consent prompt up front. Safe no-op on
   // other platforms (systemPreferences.askForMediaAccess is darwin-only).

package/src/main/ipcSchemas.cjs

@@ -6,6 +6,8 @@
  */
 
 const { z } = require('zod');
+const os = require('node:os');
+const path = require('node:path');
 
 // ──────────────────────────────────────────── PTY
 const ptySpawn = z.object({
@@ -30,17 +32,19 @@ const ptyResize = z.object({
 });
 
 // ──────────────────────────────────────────── Transcripts
+const SESSION_UUID_RE = /^[a-zA-Z0-9-]{1,64}$/;
+
 const transcriptSubscribe = z.object({
   tabId: z.string().min(1).max(128),
   cwd: z.string().min(1).max(4096),
-  sessionUuid: z.string().min(1).max(128),
+  sessionUuid: z.string().regex(SESSION_UUID_RE),
 });
 
 const transcriptTabId = z.object({ tabId: z.string().min(1).max(128) });
 
 const transcriptPath = z.object({
   cwd: z.string().min(1).max(4096),
-  sessionUuid: z.string().min(1).max(128),
+  sessionUuid: z.string().regex(SESSION_UUID_RE),
 });
 
 // ──────────────────────────────────────────── Config
@@ -79,6 +83,52 @@ const sessionsPayload = z.object({
   activeTabId: z.string().max(128).nullable(),
 });
 
+// ──────────────────────────────────────────── Schedule
+const SCHEDULE_SLUG_RE = /^[A-Za-z0-9._-]{1,128}$/;
+const SCHEDULE_RUN_ID_RE = /^[A-Za-z0-9._:-]{1,64}$/;
+
+const scheduleSlug = z.object({
+  slug: z.string().regex(SCHEDULE_SLUG_RE),
+});
+
+const scheduleReadLog = z.object({
+  slug: z.string().regex(SCHEDULE_SLUG_RE),
+  runId: z.string().regex(SCHEDULE_RUN_ID_RE),
+});
+
+// ──────────────────────────────────────────── Projects
+const ENCODED_SLUG_RE = /^[A-Za-z0-9._-]+$/;
+
+const openInEditor = z.object({
+  cwd: z.string().min(1).max(4096),
+  editor: z.string().max(256).nullable().optional(),
+});
+
+const openInFinder = z.object({
+  cwd: z.string().min(1).max(4096),
+});
+
+const openInTerminal = z.object({
+  cwd: z.string().min(1).max(4096),
+});
+
+const archiveProject = z.object({
+  encoded: z.string().regex(ENCODED_SLUG_RE).min(1).max(4096),
+});
+
+const home = os.homedir();
+const setConfigSchema = z.object({
+  enabled: z.boolean().optional(),
+  offsetMinutes: z.number().int().min(0).max(180).optional(),
+  concurrencyCap: z.number().int().min(1).max(20).optional(),
+  defaultCwd: z.string().max(4096).refine(
+    (s) => s === home || s.startsWith(home + path.sep),
+    'defaultCwd must be inside home directory'
+  ).optional(),
+  firePolicy: z.enum(['when-available', 'on-reset', 'manual']).optional(),
+  utilizationThreshold: z.number().min(0).max(200).optional(),
+}).strict();
+
 /**
  * Wrap an IPC handler with schema validation. Returns a new handler that
  * parses the payload before calling the original.
@@ -105,6 +155,13 @@ module.exports = {
     configListDir,
     configWatch,
     sessionsPayload,
+    scheduleSlug,
+    scheduleReadLog,
+    setConfigSchema,
+    openInEditor,
+    openInFinder,
+    openInTerminal,
+    archiveProject,
   },
   validated,
 };

package/src/main/lib/cleanEnv.cjs

@@ -0,0 +1,20 @@
+const SECRET_KEY_RE = /^(?:.*_)?(TOKEN|API_?KEY|SECRET|PASSWORD|AUTHORIZATION|COOKIE|REFRESH[_-]?TOKEN|ACCESS[_-]?TOKEN)$/i;
+
+function cleanChildEnv(extra = {}) {
+  const env = { ...process.env, ...extra };
+  for (const k of Object.keys(env)) {
+    if (
+      k === 'CLAUDE_EFFORT' ||
+      k === 'CLAUDECODE' ||
+      k === 'NODE_OPTIONS' ||
+      k.startsWith('CLAUDE_CODE_') ||
+      k.startsWith('npm_config_') ||
+      SECRET_KEY_RE.test(k)
+    ) {
+      delete env[k];
+    }
+  }
+  return env;
+}
+
+module.exports = { cleanChildEnv };