claude-ws 0.3.110 → 0.3.112-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/packages/agentic-sdk/src/services/files/operations-path-security-and-compression-helpers.ts +2 -8
  3. package/src/app/api/filesystem/route.ts +1 -10
  4. package/src/lib/terminal-manager.ts +16 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "claude-ws",
3
- "version": "0.3.110",
3
+ "version": "0.3.112-beta.1",
4
4
  "private": false,
5
5
  "description": "A beautifully crafted workspace interface for Claude Code with real-time streaming and local SQLite database",
6
6
  "keywords": [
package/packages/agentic-sdk/src/services/files/operations-path-security-and-compression-helpers.ts CHANGED
@@ -3,7 +3,6 @@
3
3
  * Provides home-directory boundary enforcement and zip/tar/gz decompression utilities.
4
4
  */
5
5
  import path from 'path';
6
- import os from 'os';
7
6
  import { createReadStream, createWriteStream } from 'fs';
8
7
  import { createGunzip } from 'zlib';
9
8
  import { pipeline } from 'stream/promises';
@@ -14,14 +13,9 @@ import * as tar from 'tar';
14
13
  // Path security helpers
15
14
  // ---------------------------------------------------------------------------
16
15
 
17
- /** Resolve rootPath and assert it is within the user's home directory */
16
+ /** Resolve rootPath and return the absolute path */
18
17
  export function validateRootPath(rootPath: string): string {
19
- const resolved = path.resolve(rootPath);
20
- const home = os.homedir();
21
- if (!resolved.startsWith(home + path.sep) && resolved !== home) {
22
- throw new Error('Root path outside home directory');
23
- }
24
- return resolved;
18
+ return path.resolve(rootPath);
25
19
  }
26
20
 
27
21
  /** Resolve targetPath and assert it does not escape allowedRoot */
package/src/app/api/filesystem/route.ts CHANGED
@@ -14,16 +14,7 @@ export async function GET(request: NextRequest) {
14
14
  dirPath = dirPath.replace('~', os.homedir());
15
15
  }
16
16
 
17
- // Security: validate path is within home directory
18
- const resolved = path.resolve(dirPath);
19
- const home = os.homedir();
20
- if (!resolved.startsWith(home)) {
21
- return NextResponse.json(
22
- { error: 'Access denied: path outside home directory' },
23
- { status: 403 }
24
- );
25
- }
26
- dirPath = resolved;
17
+ dirPath = path.resolve(dirPath);
27
18
 
28
19
  // Ensure path exists and is a directory
29
20
  if (!fs.existsSync(dirPath)) {
package/src/lib/terminal-manager.ts CHANGED
@@ -15,9 +15,22 @@ import { createLogger } from './logger';
15
15
 
16
16
  const log = createLogger('TerminalManager');
17
17
 
18
- // Lazy-load node-pty — native module that may not compile on all platforms (e.g. Windows)
19
- type NodePty = typeof import('@homebridge/node-pty-prebuilt-multiarch');
20
- type IPty = import('@homebridge/node-pty-prebuilt-multiarch').IPty;
18
+ // Lazy-load node-pty — native module that may not compile on all platforms (e.g. Windows ARM64).
19
+ // Types are defined inline to avoid TypeScript errors when the package is not installed.
20
+ interface IPty {
21
+ pid: number;
22
+ cols: number;
23
+ rows: number;
24
+ process: string;
25
+ onData: (callback: (data: string) => void) => void;
26
+ onExit: (callback: (e: { exitCode: number; signal?: number }) => void) => void;
27
+ write: (data: string) => void;
28
+ resize: (cols: number, rows: number) => void;
29
+ kill: (signal?: string) => void;
30
+ }
31
+ interface NodePty {
32
+ spawn: (file: string, args: string[], options: Record<string, unknown>) => IPty;
33
+ }
21
34
  let pty: NodePty | null = null;
22
35
  try {
23
36
  pty = require('@homebridge/node-pty-prebuilt-multiarch');