clawvault 2.3.0 → 2.4.0

package/dist/chunk-CLE2HHNT.js

@@ -0,0 +1,513 @@
+// src/lib/webdav.ts
+import * as fs from "fs";
+import * as path from "path";
+var WEBDAV_PREFIX = "/webdav";
+var BLOCKED_PATHS = [
+  ".clawvault",
+  ".git",
+  ".obsidian",
+  "node_modules"
+];
+var SUPPORTED_METHODS = ["GET", "PUT", "DELETE", "MKCOL", "PROPFIND", "OPTIONS", "HEAD", "MOVE", "COPY"];
+function isPathSafe(requestPath, rootPath) {
+  if (requestPath.includes("..")) {
+    return false;
+  }
+  const normalizedPath = path.normalize(requestPath).replace(/^\/+/, "");
+  const fullPath = path.resolve(rootPath, normalizedPath);
+  const resolvedRoot = path.resolve(rootPath);
+  if (!fullPath.startsWith(resolvedRoot + path.sep) && fullPath !== resolvedRoot) {
+    return false;
+  }
+  const pathParts = normalizedPath.split(path.sep);
+  for (const part of pathParts) {
+    if (BLOCKED_PATHS.includes(part)) {
+      return false;
+    }
+  }
+  return true;
+}
+function resolveWebDAVPath(requestPath, rootPath) {
+  if (requestPath.includes("..")) {
+    return null;
+  }
+  const normalizedPath = path.normalize(requestPath).replace(/^\/+/, "");
+  const fullPath = path.resolve(rootPath, normalizedPath);
+  const resolvedRoot = path.resolve(rootPath);
+  if (!fullPath.startsWith(resolvedRoot + path.sep) && fullPath !== resolvedRoot) {
+    return null;
+  }
+  return fullPath;
+}
+function checkAuth(req, auth) {
+  if (!auth) {
+    return true;
+  }
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith("Basic ")) {
+    return false;
+  }
+  const base64Credentials = authHeader.slice(6);
+  const credentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
+  const [username, password] = credentials.split(":");
+  return username === auth.username && password === auth.password;
+}
+function escapeXml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function formatWebDAVDate(date) {
+  return date.toUTCString();
+}
+function generatePropfindEntry(href, stats, isCollection) {
+  const resourceType = isCollection ? "<D:resourcetype><D:collection/></D:resourcetype>" : "<D:resourcetype/>";
+  const contentLength = stats && !isCollection ? `<D:getcontentlength>${stats.size}</D:getcontentlength>` : "";
+  const lastModified = stats ? `<D:getlastmodified>${formatWebDAVDate(stats.mtime)}</D:getlastmodified>` : "";
+  const etag = stats ? `<D:getetag>"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"</D:getetag>` : "";
+  const contentType = !isCollection ? "<D:getcontenttype>application/octet-stream</D:getcontenttype>" : "";
+  return `  <D:response>
+    <D:href>${escapeXml(href)}</D:href>
+    <D:propstat>
+      <D:prop>
+        ${resourceType}
+        ${contentLength}
+        ${lastModified}
+        ${etag}
+        ${contentType}
+      </D:prop>
+      <D:status>HTTP/1.1 200 OK</D:status>
+    </D:propstat>
+  </D:response>`;
+}
+function generatePropfindResponse(entries) {
+  const responseEntries = entries.map(
+    (e) => generatePropfindEntry(e.href, e.stats, e.isCollection)
+  ).join("\n");
+  return `<?xml version="1.0" encoding="utf-8"?>
+<D:multistatus xmlns:D="DAV:">
+${responseEntries}
+</D:multistatus>`;
+}
+function handleOptions(res, prefix) {
+  res.writeHead(200, {
+    "Allow": SUPPORTED_METHODS.join(", "),
+    "DAV": "1, 2",
+    "Content-Length": "0",
+    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Methods": SUPPORTED_METHODS.join(", "),
+    "Access-Control-Allow-Headers": "Content-Type, Depth, Destination, Overwrite, Authorization",
+    "MS-Author-Via": "DAV"
+  });
+  res.end();
+}
+function handleHead(res, filePath) {
+  try {
+    const stats = fs.statSync(filePath);
+    if (stats.isDirectory()) {
+      res.writeHead(200, {
+        "Content-Type": "httpd/unix-directory",
+        "Last-Modified": formatWebDAVDate(stats.mtime),
+        "ETag": `"${stats.mtime.getTime().toString(16)}"`,
+        "Access-Control-Allow-Origin": "*"
+      });
+    } else {
+      res.writeHead(200, {
+        "Content-Type": "application/octet-stream",
+        "Content-Length": stats.size.toString(),
+        "Last-Modified": formatWebDAVDate(stats.mtime),
+        "ETag": `"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"`,
+        "Access-Control-Allow-Origin": "*"
+      });
+    }
+    res.end();
+  } catch (err) {
+    res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end("Not Found");
+  }
+}
+function handleGet(res, filePath) {
+  try {
+    const stats = fs.statSync(filePath);
+    if (stats.isDirectory()) {
+      const entries = fs.readdirSync(filePath);
+      const listing = entries.join("\n");
+      res.writeHead(200, {
+        "Content-Type": "text/plain",
+        "Content-Length": Buffer.byteLength(listing).toString(),
+        "Access-Control-Allow-Origin": "*"
+      });
+      res.end(listing);
+    } else {
+      const content = fs.readFileSync(filePath);
+      res.writeHead(200, {
+        "Content-Type": "application/octet-stream",
+        "Content-Length": content.length.toString(),
+        "Last-Modified": formatWebDAVDate(stats.mtime),
+        "ETag": `"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"`,
+        "Access-Control-Allow-Origin": "*"
+      });
+      res.end(content);
+    }
+  } catch (err) {
+    res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end("Not Found");
+  }
+}
+function handlePut(res, filePath, body) {
+  try {
+    const exists = fs.existsSync(filePath);
+    const dir = path.dirname(filePath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    fs.writeFileSync(filePath, body);
+    const status = exists ? 204 : 201;
+    res.writeHead(status, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleDelete(res, filePath) {
+  try {
+    if (!fs.existsSync(filePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Not Found");
+      return;
+    }
+    const stats = fs.statSync(filePath);
+    if (stats.isDirectory()) {
+      fs.rmSync(filePath, { recursive: true });
+    } else {
+      fs.unlinkSync(filePath);
+    }
+    res.writeHead(204, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleMkcol(res, filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      res.writeHead(405, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Resource already exists");
+      return;
+    }
+    const parent = path.dirname(filePath);
+    if (!fs.existsSync(parent)) {
+      res.writeHead(409, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Parent directory does not exist");
+      return;
+    }
+    fs.mkdirSync(filePath);
+    res.writeHead(201, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handlePropfind(res, filePath, webdavPath, prefix, depth) {
+  try {
+    if (!fs.existsSync(filePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Not Found");
+      return;
+    }
+    const stats = fs.statSync(filePath);
+    const entries = [];
+    const normalizedWebdavPath = webdavPath.startsWith("/") ? webdavPath : "/" + webdavPath;
+    const href = prefix + normalizedWebdavPath;
+    entries.push({
+      href: href.endsWith("/") || stats.isDirectory() ? href : href,
+      stats,
+      isCollection: stats.isDirectory()
+    });
+    if (stats.isDirectory() && depth !== "0") {
+      try {
+        const children = fs.readdirSync(filePath);
+        for (const child of children) {
+          if (BLOCKED_PATHS.includes(child)) {
+            continue;
+          }
+          const childPath = path.join(filePath, child);
+          const childWebdavPath = normalizedWebdavPath.endsWith("/") ? normalizedWebdavPath + child : normalizedWebdavPath + "/" + child;
+          try {
+            const childStats = fs.statSync(childPath);
+            entries.push({
+              href: prefix + childWebdavPath,
+              stats: childStats,
+              isCollection: childStats.isDirectory()
+            });
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    const xml = generatePropfindResponse(entries);
+    res.writeHead(207, {
+      "Content-Type": "application/xml; charset=utf-8",
+      "Content-Length": Buffer.byteLength(xml).toString(),
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end(xml);
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleMove(res, sourcePath, destinationPath, overwrite) {
+  try {
+    if (!fs.existsSync(sourcePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Source not found");
+      return;
+    }
+    if (!destinationPath) {
+      res.writeHead(400, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination header required");
+      return;
+    }
+    const destExists = fs.existsSync(destinationPath);
+    if (destExists && !overwrite) {
+      res.writeHead(412, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination exists and Overwrite is F");
+      return;
+    }
+    const destDir = path.dirname(destinationPath);
+    if (!fs.existsSync(destDir)) {
+      fs.mkdirSync(destDir, { recursive: true });
+    }
+    if (destExists) {
+      const destStats = fs.statSync(destinationPath);
+      if (destStats.isDirectory()) {
+        fs.rmSync(destinationPath, { recursive: true });
+      } else {
+        fs.unlinkSync(destinationPath);
+      }
+    }
+    fs.renameSync(sourcePath, destinationPath);
+    const status = destExists ? 204 : 201;
+    res.writeHead(status, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleCopy(res, sourcePath, destinationPath, overwrite) {
+  try {
+    if (!fs.existsSync(sourcePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Source not found");
+      return;
+    }
+    if (!destinationPath) {
+      res.writeHead(400, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination header required");
+      return;
+    }
+    const destExists = fs.existsSync(destinationPath);
+    if (destExists && !overwrite) {
+      res.writeHead(412, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination exists and Overwrite is F");
+      return;
+    }
+    const destDir = path.dirname(destinationPath);
+    if (!fs.existsSync(destDir)) {
+      fs.mkdirSync(destDir, { recursive: true });
+    }
+    const sourceStats = fs.statSync(sourcePath);
+    if (sourceStats.isDirectory()) {
+      copyDirRecursive(sourcePath, destinationPath);
+    } else {
+      fs.copyFileSync(sourcePath, destinationPath);
+    }
+    const status = destExists ? 204 : 201;
+    res.writeHead(status, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function copyDirRecursive(src, dest) {
+  if (!fs.existsSync(dest)) {
+    fs.mkdirSync(dest, { recursive: true });
+  }
+  const entries = fs.readdirSync(src, { withFileTypes: true });
+  for (const entry of entries) {
+    const srcPath = path.join(src, entry.name);
+    const destPath = path.join(dest, entry.name);
+    if (entry.isDirectory()) {
+      copyDirRecursive(srcPath, destPath);
+    } else {
+      fs.copyFileSync(srcPath, destPath);
+    }
+  }
+}
+function parseDestinationHeader(destinationHeader, prefix, rootPath) {
+  if (!destinationHeader) {
+    return null;
+  }
+  try {
+    let destPath;
+    if (destinationHeader.startsWith("http://") || destinationHeader.startsWith("https://")) {
+      const url = new URL(destinationHeader);
+      destPath = decodeURIComponent(url.pathname);
+    } else {
+      destPath = decodeURIComponent(destinationHeader);
+    }
+    if (destPath.startsWith(prefix)) {
+      destPath = destPath.slice(prefix.length);
+    }
+    return resolveWebDAVPath(destPath, rootPath);
+  } catch {
+    return null;
+  }
+}
+function createWebDAVHandler(config) {
+  const { rootPath, prefix = WEBDAV_PREFIX, auth } = config;
+  return async (req, res) => {
+    const rawUrl = req.url || "/";
+    if (rawUrl.includes("..")) {
+      if (rawUrl.startsWith(prefix)) {
+        res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+        res.end("Forbidden");
+        return true;
+      }
+    }
+    const url = new URL(rawUrl, `http://${req.headers.host || "localhost"}`);
+    const pathname = decodeURIComponent(url.pathname);
+    if (!pathname.startsWith(prefix)) {
+      return false;
+    }
+    let webdavPath = pathname.slice(prefix.length);
+    if (!webdavPath.startsWith("/")) {
+      webdavPath = "/" + webdavPath;
+    }
+    if (req.method === "OPTIONS") {
+      handleOptions(res, prefix);
+      return true;
+    }
+    if (!checkAuth(req, auth)) {
+      res.writeHead(401, {
+        "WWW-Authenticate": 'Basic realm="ClawVault WebDAV"',
+        "Content-Type": "text/plain",
+        "Access-Control-Allow-Origin": "*"
+      });
+      res.end("Unauthorized");
+      return true;
+    }
+    if (!isPathSafe(webdavPath, rootPath)) {
+      res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Forbidden");
+      return true;
+    }
+    const filePath = resolveWebDAVPath(webdavPath, rootPath);
+    if (!filePath) {
+      res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Forbidden");
+      return true;
+    }
+    const depth = req.headers.depth || "infinity";
+    const overwrite = req.headers.overwrite?.toUpperCase() !== "F";
+    const destinationHeader = req.headers.destination;
+    switch (req.method) {
+      case "HEAD":
+        handleHead(res, filePath);
+        return true;
+      case "GET":
+        handleGet(res, filePath);
+        return true;
+      case "PUT": {
+        const chunks = [];
+        for await (const chunk of req) {
+          chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+        }
+        const body = Buffer.concat(chunks);
+        handlePut(res, filePath, body);
+        return true;
+      }
+      case "DELETE":
+        handleDelete(res, filePath);
+        return true;
+      case "MKCOL":
+        handleMkcol(res, filePath);
+        return true;
+      case "PROPFIND":
+        handlePropfind(res, filePath, webdavPath, prefix, depth);
+        return true;
+      case "MOVE": {
+        const destPath = parseDestinationHeader(destinationHeader, prefix, rootPath);
+        if (destPath && destinationHeader) {
+          const destWebdavPath = destinationHeader.includes(prefix) ? destinationHeader.slice(destinationHeader.indexOf(prefix) + prefix.length) : destinationHeader;
+          if (!isPathSafe(destWebdavPath, rootPath)) {
+            res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+            res.end("Forbidden");
+            return true;
+          }
+        }
+        handleMove(res, filePath, destPath, overwrite);
+        return true;
+      }
+      case "COPY": {
+        const destPath = parseDestinationHeader(destinationHeader, prefix, rootPath);
+        if (destPath && destinationHeader) {
+          const destWebdavPath = destinationHeader.includes(prefix) ? destinationHeader.slice(destinationHeader.indexOf(prefix) + prefix.length) : destinationHeader;
+          if (!isPathSafe(destWebdavPath, rootPath)) {
+            res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+            res.end("Forbidden");
+            return true;
+          }
+        }
+        handleCopy(res, filePath, destPath, overwrite);
+        return true;
+      }
+      default:
+        res.writeHead(405, {
+          "Allow": SUPPORTED_METHODS.join(", "),
+          "Content-Type": "text/plain",
+          "Access-Control-Allow-Origin": "*"
+        });
+        res.end("Method Not Allowed");
+        return true;
+    }
+  };
+}
+
+export {
+  WEBDAV_PREFIX,
+  isPathSafe,
+  resolveWebDAVPath,
+  checkAuth,
+  generatePropfindResponse,
+  handleOptions,
+  handleHead,
+  handleGet,
+  handlePut,
+  handleDelete,
+  handleMkcol,
+  handlePropfind,
+  handleMove,
+  handleCopy,
+  createWebDAVHandler
+};

package/dist/{chunk-NGVAEFT2.js → chunk-DEFBIVQ3.js}

@@ -147,6 +147,7 @@ function createTask(vaultPath, title, options = {}) {
     created: now,
     updated: now
   };
+  if (options.source) frontmatter.source = options.source;
   if (options.owner) frontmatter.owner = options.owner;
   if (options.project) frontmatter.project = options.project;
   if (options.priority) frontmatter.priority = options.priority;
@@ -264,6 +265,25 @@ ${options.content}
     path: backlogPath
   };
 }
+function updateBacklogItem(vaultPath, slug, updates) {
+  const backlogItem = readBacklogItem(vaultPath, slug);
+  if (!backlogItem) {
+    throw new Error(`Backlog item not found: ${slug}`);
+  }
+  const newFrontmatter = {
+    ...backlogItem.frontmatter
+  };
+  if (updates.source !== void 0) newFrontmatter.source = updates.source;
+  if (updates.project !== void 0) newFrontmatter.project = updates.project;
+  if (updates.tags !== void 0) newFrontmatter.tags = updates.tags;
+  if (updates.lastSeen !== void 0) newFrontmatter.lastSeen = updates.lastSeen;
+  const fileContent = matter.stringify(backlogItem.content, newFrontmatter);
+  fs.writeFileSync(backlogItem.path, fileContent);
+  return {
+    ...backlogItem,
+    frontmatter: newFrontmatter
+  };
+}
 function promoteBacklogItem(vaultPath, slug, options = {}) {
   const backlogItem = readBacklogItem(vaultPath, slug);
   if (!backlogItem) {
@@ -343,6 +363,7 @@ export {
   updateTask,
   completeTask,
   createBacklogItem,
+  updateBacklogItem,
   promoteBacklogItem,
   getBlockedTasks,
   getActiveTasks,

package/dist/{chunk-DPS7NYIU.js → chunk-DHJPXGC7.js}

@@ -1,6 +1,6 @@
 import {
   Observer
-} from "./chunk-2HM7ZI4X.js";
+} from "./chunk-FEFPBHH4.js";
 import {
   resolveVaultPath
 } from "./chunk-MXSSG3QU.js";
@@ -8,7 +8,7 @@ import {
   getLegacyObservationPath,
   getObservationPath,
   listRawTranscriptFiles
-} from "./chunk-Z2XBWN7A.js";
+} from "./chunk-NAMFB7ZA.js";
 
 // src/commands/rebuild.ts
 import * as fs from "fs";