claudekit-cli 4.3.0-dev.1 → 4.3.1-dev.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli-manifest.json +2 -2
- package/dist/index.js +49 -20
- package/package.json +1 -1
package/cli-manifest.json
CHANGED
package/dist/index.js
CHANGED
|
@@ -13843,7 +13843,7 @@ var init_merge_single_sections = __esm(() => {
|
|
|
13843
13843
|
|
|
13844
13844
|
// src/commands/portable/portable-installer.ts
|
|
13845
13845
|
import { existsSync as existsSync4 } from "node:fs";
|
|
13846
|
-
import { lstat, mkdir as mkdir3, readFile as readFile4, unlink as unlink3, writeFile as writeFile3 } from "node:fs/promises";
|
|
13846
|
+
import { lstat, mkdir as mkdir3, readFile as readFile4, realpath as realpath2, unlink as unlink3, writeFile as writeFile3 } from "node:fs/promises";
|
|
13847
13847
|
import { homedir as homedir5 } from "node:os";
|
|
13848
13848
|
import { basename as basename2, dirname as dirname3, join as join4, relative as relative2, resolve as resolve3, sep } from "node:path";
|
|
13849
13849
|
function isSamePath(path1, path2) {
|
|
@@ -13913,20 +13913,49 @@ async function validateNoSymlinkComponents(targetPath, boundaryPath) {
|
|
|
13913
13913
|
}
|
|
13914
13914
|
const segments = relative2(resolvedBoundary, resolvedTarget).split(/[\\/]+/).filter(Boolean);
|
|
13915
13915
|
let cursor = resolvedBoundary;
|
|
13916
|
+
let deepestExisting = resolvedBoundary;
|
|
13916
13917
|
for (const segment of segments) {
|
|
13917
13918
|
cursor = join4(cursor, segment);
|
|
13918
13919
|
try {
|
|
13919
|
-
|
|
13920
|
-
|
|
13921
|
-
return `Unsafe path: target path contains symlink (${cursor})`;
|
|
13922
|
-
}
|
|
13920
|
+
await lstat(cursor);
|
|
13921
|
+
deepestExisting = cursor;
|
|
13923
13922
|
} catch (error) {
|
|
13924
13923
|
if (isErrnoCode3(error, "ENOENT")) {
|
|
13925
13924
|
break;
|
|
13926
13925
|
}
|
|
13926
|
+
if (isErrnoCode3(error, "ELOOP")) {
|
|
13927
|
+
return `Unsafe path: circular symlink detected at ${cursor}`;
|
|
13928
|
+
}
|
|
13929
|
+
throw error;
|
|
13930
|
+
}
|
|
13931
|
+
}
|
|
13932
|
+
let realDeepest;
|
|
13933
|
+
try {
|
|
13934
|
+
realDeepest = await realpath2(deepestExisting);
|
|
13935
|
+
} catch (error) {
|
|
13936
|
+
if (isErrnoCode3(error, "ENOENT")) {
|
|
13937
|
+
return null;
|
|
13938
|
+
}
|
|
13939
|
+
if (isErrnoCode3(error, "ELOOP")) {
|
|
13940
|
+
return `Unsafe path: circular symlink detected at ${deepestExisting}`;
|
|
13941
|
+
}
|
|
13942
|
+
throw error;
|
|
13943
|
+
}
|
|
13944
|
+
let realBoundary;
|
|
13945
|
+
try {
|
|
13946
|
+
realBoundary = await realpath2(resolvedBoundary);
|
|
13947
|
+
} catch (error) {
|
|
13948
|
+
if (isErrnoCode3(error, "ENOENT")) {
|
|
13949
|
+
realBoundary = resolvedBoundary;
|
|
13950
|
+
} else if (isErrnoCode3(error, "ELOOP")) {
|
|
13951
|
+
return `Unsafe path: circular symlink detected at boundary ${resolvedBoundary}`;
|
|
13952
|
+
} else {
|
|
13927
13953
|
throw error;
|
|
13928
13954
|
}
|
|
13929
13955
|
}
|
|
13956
|
+
if (!isPathWithinBoundary2(realDeepest, realBoundary)) {
|
|
13957
|
+
return `Unsafe path: target path contains symlink that escapes ${realBoundary} (${deepestExisting} -> ${realDeepest})`;
|
|
13958
|
+
}
|
|
13930
13959
|
return null;
|
|
13931
13960
|
}
|
|
13932
13961
|
async function validateWritableTargetPath(targetPath, options2) {
|
|
@@ -46296,7 +46325,7 @@ var init_config = __esm(() => {
|
|
|
46296
46325
|
});
|
|
46297
46326
|
|
|
46298
46327
|
// node_modules/readdirp/index.js
|
|
46299
|
-
import { lstat as lstat4, readdir as readdir5, realpath as
|
|
46328
|
+
import { lstat as lstat4, readdir as readdir5, realpath as realpath5, stat as stat2 } from "node:fs/promises";
|
|
46300
46329
|
import { join as pjoin, relative as prelative, resolve as presolve, sep as psep } from "node:path";
|
|
46301
46330
|
import { Readable } from "node:stream";
|
|
46302
46331
|
function readdirp(root, options2 = {}) {
|
|
@@ -46500,7 +46529,7 @@ var init_readdirp = __esm(() => {
|
|
|
46500
46529
|
if (stats && stats.isSymbolicLink()) {
|
|
46501
46530
|
const full = entry.fullPath;
|
|
46502
46531
|
try {
|
|
46503
|
-
const entryRealPath = await
|
|
46532
|
+
const entryRealPath = await realpath5(full);
|
|
46504
46533
|
const entryRealPathStats = await lstat4(entryRealPath);
|
|
46505
46534
|
if (entryRealPathStats.isFile()) {
|
|
46506
46535
|
return "file";
|
|
@@ -46729,7 +46758,7 @@ class NodeFsHandler {
|
|
|
46729
46758
|
});
|
|
46730
46759
|
});
|
|
46731
46760
|
}
|
|
46732
|
-
async _handleDir(dir, stats, initialAdd, depth, target, wh,
|
|
46761
|
+
async _handleDir(dir, stats, initialAdd, depth, target, wh, realpath6) {
|
|
46733
46762
|
const parentDir = this.fsw._getWatchedDir(sp.dirname(dir));
|
|
46734
46763
|
const tracked = parentDir.has(sp.basename(dir));
|
|
46735
46764
|
if (!(initialAdd && this.fsw.options.ignoreInitial) && !target && !tracked) {
|
|
@@ -46740,7 +46769,7 @@ class NodeFsHandler {
|
|
|
46740
46769
|
let throttler;
|
|
46741
46770
|
let closer;
|
|
46742
46771
|
const oDepth = this.fsw.options.depth;
|
|
46743
|
-
if ((oDepth == null || depth <= oDepth) && !this.fsw._symlinkPaths.has(
|
|
46772
|
+
if ((oDepth == null || depth <= oDepth) && !this.fsw._symlinkPaths.has(realpath6)) {
|
|
46744
46773
|
if (!target) {
|
|
46745
46774
|
await this._handleRead(dir, initialAdd, wh, target, dir, depth, throttler);
|
|
46746
46775
|
if (this.fsw.closed)
|
|
@@ -51663,18 +51692,18 @@ var init_migrate_provider_scopes = __esm(() => {
|
|
|
51663
51692
|
|
|
51664
51693
|
// src/commands/migrate/skill-directory-installer.ts
|
|
51665
51694
|
import { existsSync as existsSync22 } from "node:fs";
|
|
51666
|
-
import { cp, mkdir as mkdir10, realpath as
|
|
51695
|
+
import { cp, mkdir as mkdir10, realpath as realpath6, rename as rename6, rm as rm5 } from "node:fs/promises";
|
|
51667
51696
|
import { dirname as dirname11, join as join40, resolve as resolve15 } from "node:path";
|
|
51668
51697
|
async function canonicalize(path3) {
|
|
51669
51698
|
try {
|
|
51670
|
-
return await
|
|
51699
|
+
return await realpath6(path3);
|
|
51671
51700
|
} catch {
|
|
51672
51701
|
const parent = dirname11(path3);
|
|
51673
51702
|
if (parent === path3) {
|
|
51674
51703
|
return resolve15(path3);
|
|
51675
51704
|
}
|
|
51676
51705
|
try {
|
|
51677
|
-
const canonicalParent = await
|
|
51706
|
+
const canonicalParent = await realpath6(parent);
|
|
51678
51707
|
const absPath = resolve15(path3);
|
|
51679
51708
|
const absParent = resolve15(parent);
|
|
51680
51709
|
const basename13 = absPath.slice(absParent.length + 1) || "";
|
|
@@ -53923,7 +53952,7 @@ var init_codex_capabilities = __esm(() => {
|
|
|
53923
53952
|
|
|
53924
53953
|
// src/commands/portable/codex-path-safety.ts
|
|
53925
53954
|
import { existsSync as existsSync24 } from "node:fs";
|
|
53926
|
-
import { mkdir as mkdir12, realpath as
|
|
53955
|
+
import { mkdir as mkdir12, realpath as realpath7 } from "node:fs/promises";
|
|
53927
53956
|
import { homedir as homedir25 } from "node:os";
|
|
53928
53957
|
import { dirname as dirname12, join as join42, resolve as resolve17, sep as sep7 } from "node:path";
|
|
53929
53958
|
function isPathWithinBoundary3(targetPath, boundaryPath) {
|
|
@@ -53933,7 +53962,7 @@ function isPathWithinBoundary3(targetPath, boundaryPath) {
|
|
|
53933
53962
|
}
|
|
53934
53963
|
async function resolveRealPathSafe2(path3) {
|
|
53935
53964
|
try {
|
|
53936
|
-
return await
|
|
53965
|
+
return await realpath7(path3);
|
|
53937
53966
|
} catch {
|
|
53938
53967
|
return resolve17(path3);
|
|
53939
53968
|
}
|
|
@@ -63258,7 +63287,7 @@ var package_default;
|
|
|
63258
63287
|
var init_package = __esm(() => {
|
|
63259
63288
|
package_default = {
|
|
63260
63289
|
name: "claudekit-cli",
|
|
63261
|
-
version: "4.3.
|
|
63290
|
+
version: "4.3.1-dev.1",
|
|
63262
63291
|
description: "CLI tool for bootstrapping and updating ClaudeKit projects",
|
|
63263
63292
|
type: "module",
|
|
63264
63293
|
repository: {
|
|
@@ -89535,7 +89564,7 @@ init_github_client();
|
|
|
89535
89564
|
init_config_version_checker();
|
|
89536
89565
|
|
|
89537
89566
|
// src/domains/sync/sync-engine.ts
|
|
89538
|
-
import { lstat as lstat6, readFile as readFile46, readlink as readlink2, realpath as
|
|
89567
|
+
import { lstat as lstat6, readFile as readFile46, readlink as readlink2, realpath as realpath8, stat as stat14 } from "node:fs/promises";
|
|
89539
89568
|
import { isAbsolute as isAbsolute10, join as join88, normalize as normalize8, relative as relative18 } from "node:path";
|
|
89540
89569
|
|
|
89541
89570
|
// src/services/file-operations/ownership-checker.ts
|
|
@@ -90794,8 +90823,8 @@ async function validateSyncPath(basePath, filePath) {
|
|
|
90794
90823
|
}
|
|
90795
90824
|
await validateSymlinkChain(fullPath, basePath);
|
|
90796
90825
|
try {
|
|
90797
|
-
const resolvedBase = await
|
|
90798
|
-
const resolvedFull = await
|
|
90826
|
+
const resolvedBase = await realpath8(basePath);
|
|
90827
|
+
const resolvedFull = await realpath8(fullPath);
|
|
90799
90828
|
const resolvedRel = relative18(resolvedBase, resolvedFull);
|
|
90800
90829
|
if (resolvedRel.startsWith("..") || isAbsolute10(resolvedRel)) {
|
|
90801
90830
|
throw new Error(`Symlink escapes base directory: ${filePath}`);
|
|
@@ -90804,8 +90833,8 @@ async function validateSyncPath(basePath, filePath) {
|
|
|
90804
90833
|
if (error.code === "ENOENT") {
|
|
90805
90834
|
const parentPath = join88(fullPath, "..");
|
|
90806
90835
|
try {
|
|
90807
|
-
const resolvedBase = await
|
|
90808
|
-
const resolvedParent = await
|
|
90836
|
+
const resolvedBase = await realpath8(basePath);
|
|
90837
|
+
const resolvedParent = await realpath8(parentPath);
|
|
90809
90838
|
const resolvedRel = relative18(resolvedBase, resolvedParent);
|
|
90810
90839
|
if (resolvedRel.startsWith("..") || isAbsolute10(resolvedRel)) {
|
|
90811
90840
|
throw new Error(`Parent symlink escapes base directory: ${filePath}`);
|