clawvault 2.5.2 → 2.5.4

package/bin/command-registration.test.js

@@ -1,166 +1,166 @@
-import { describe, expect, it } from 'vitest';
-import { Command } from 'commander';
-import * as fs from 'fs';
-import * as path from 'path';
-import { registerCoreCommands } from './register-core-commands.js';
-import { registerMaintenanceCommands } from './register-maintenance-commands.js';
-import { registerQueryCommands } from './register-query-commands.js';
-import { registerResilienceCommands } from './register-resilience-commands.js';
-import { registerSessionLifecycleCommands } from './register-session-lifecycle-commands.js';
-import { registerTemplateCommands } from './register-template-commands.js';
-import { registerVaultOperationsCommands } from './register-vault-operations-commands.js';
-import { registerConfigCommands } from './register-config-commands.js';
-import { registerRouteCommands } from './register-route-commands.js';
-import {
-  chalkStub,
-  createGetVaultStub,
-  registerAllCommandModules,
-  stubResolveVaultPath
-} from './test-helpers/cli-command-fixtures.js';
-
-function listCommandNames(program) {
-  return program.commands.map((command) => command.name()).sort((a, b) => a.localeCompare(b));
-}
-
-describe('CLI command registration modules', () => {
-  it('registers core lifecycle commands', () => {
-    const program = new Command();
-    registerCoreCommands(program, {
-      chalk: chalkStub,
-      path,
-      fs,
-      createVault: async () => ({ getCategories: () => [], getQmdRoot: () => '', getQmdCollection: () => '' }),
-      getVault: createGetVaultStub({ store: async () => ({}), capture: async () => ({}) }),
-      runQmd: async () => {}
-    });
-
-    const names = listCommandNames(program);
-    expect(names).toEqual(expect.arrayContaining(['init', 'setup', 'store', 'capture']));
-  });
-
-  it('registers query commands with profile option', () => {
-    const program = new Command();
-    registerQueryCommands(program, {
-      chalk: chalkStub,
-      getVault: createGetVaultStub({ find: async () => [], vsearch: async () => [] }),
-      resolveVaultPath: stubResolveVaultPath,
-      QmdUnavailableError: class extends Error {},
-      printQmdMissing: () => {}
-    });
-
-    const names = listCommandNames(program);
-    expect(names).toEqual(expect.arrayContaining(['search', 'vsearch', 'context', 'inject', 'observe', 'reflect', 'session-recap']));
-
-    const contextCommand = program.commands.find((command) => command.name() === 'context');
-    const profileOption = contextCommand?.options.find((option) => option.flags.includes('--profile <profile>'));
-    expect(profileOption?.description).toContain('auto');
-  });
-
-  it('registers vault operation commands', () => {
-    const program = new Command();
-    registerVaultOperationsCommands(program, {
-      chalk: chalkStub,
-      fs,
-      getVault: createGetVaultStub({
-        list: async () => [],
-        get: async () => null,
-        stats: async () => ({ tags: [], categories: {} }),
-        sync: async () => ({ copied: [], deleted: [], unchanged: [], errors: [] }),
-        reindex: async () => 0,
-        remember: async () => ({ id: '' }),
-        getQmdCollection: () => ''
-      }),
-      runQmd: async () => {},
-      resolveVaultPath: stubResolveVaultPath,
-      path
-    });
-
-    const names = listCommandNames(program);
-    expect(names).toEqual(expect.arrayContaining([
-      'list',
-      'get',
-      'stats',
-      'sync',
-      'reindex',
-      'remember',
-      'shell-init',
-      'dashboard'
-    ]));
-  });
-
-  it('registers maintenance, resilience, session-lifecycle and template commands', () => {
-    const program = new Command();
-    registerMaintenanceCommands(program, { chalk: chalkStub });
-    registerResilienceCommands(program, {
-      chalk: chalkStub,
-      resolveVaultPath: stubResolveVaultPath
-    });
-    registerSessionLifecycleCommands(program, {
-      chalk: chalkStub,
-      resolveVaultPath: stubResolveVaultPath,
-      QmdUnavailableError: class extends Error {},
-      printQmdMissing: () => {},
-      getVault: createGetVaultStub({
-        createHandoff: async () => ({ id: '', path: '' }),
-        getQmdCollection: () => '',
-        generateRecap: async () => ({}),
-        formatRecap: () => ''
-      }),
-      runQmd: async () => {}
-    });
-    registerTemplateCommands(program, { chalk: chalkStub });
-    registerConfigCommands(program, {
-      chalk: chalkStub,
-      resolveVaultPath: stubResolveVaultPath
-    });
-    registerRouteCommands(program, {
-      chalk: chalkStub,
-      resolveVaultPath: stubResolveVaultPath
-    });
-
-    const names = listCommandNames(program);
-    expect(names).toEqual(expect.arrayContaining([
-      'doctor',
-      'embed',
-      'compat',
-      'graph',
-      'entities',
-      'link',
-      'rebuild',
-      'archive',
-      'migrate-observations',
-      'replay',
-      'sync-bd',
-      'checkpoint',
-      'recover',
-      'status',
-      'clean-exit',
-      'repair-session',
-      'wake',
-      'sleep',
-      'handoff',
-      'recap',
-      'template',
-      'config',
-      'route'
-    ]));
-
-    const templateCommand = program.commands.find((command) => command.name() === 'template');
-    const templateSubcommands = templateCommand?.commands.map((command) => command.name()) ?? [];
-    expect(templateSubcommands).toEqual(expect.arrayContaining(['list', 'create', 'add']));
-
-    const compatCommand = program.commands.find((command) => command.name() === 'compat');
-    const strictOption = compatCommand?.options.find((option) => option.flags.includes('--strict'));
-    const baseDirOption = compatCommand?.options.find((option) => option.flags.includes('--base-dir <path>'));
-    expect(strictOption).toBeTruthy();
-    expect(baseDirOption).toBeTruthy();
-  });
-
-  it('keeps top-level command names unique when modules are combined', () => {
-    const program = registerAllCommandModules(new Command());
-
-    const names = program.commands.map((command) => command.name());
-    const unique = new Set(names);
-    expect(unique.size).toBe(names.length);
-  });
-});
+import { describe, expect, it } from 'vitest';
+import { Command } from 'commander';
+import * as fs from 'fs';
+import * as path from 'path';
+import { registerCoreCommands } from './register-core-commands.js';
+import { registerMaintenanceCommands } from './register-maintenance-commands.js';
+import { registerQueryCommands } from './register-query-commands.js';
+import { registerResilienceCommands } from './register-resilience-commands.js';
+import { registerSessionLifecycleCommands } from './register-session-lifecycle-commands.js';
+import { registerTemplateCommands } from './register-template-commands.js';
+import { registerVaultOperationsCommands } from './register-vault-operations-commands.js';
+import { registerConfigCommands } from './register-config-commands.js';
+import { registerRouteCommands } from './register-route-commands.js';
+import {
+  chalkStub,
+  createGetVaultStub,
+  registerAllCommandModules,
+  stubResolveVaultPath
+} from './test-helpers/cli-command-fixtures.js';
+
+function listCommandNames(program) {
+  return program.commands.map((command) => command.name()).sort((a, b) => a.localeCompare(b));
+}
+
+describe('CLI command registration modules', () => {
+  it('registers core lifecycle commands', () => {
+    const program = new Command();
+    registerCoreCommands(program, {
+      chalk: chalkStub,
+      path,
+      fs,
+      createVault: async () => ({ getCategories: () => [], getQmdRoot: () => '', getQmdCollection: () => '' }),
+      getVault: createGetVaultStub({ store: async () => ({}), capture: async () => ({}) }),
+      runQmd: async () => {}
+    });
+
+    const names = listCommandNames(program);
+    expect(names).toEqual(expect.arrayContaining(['init', 'setup', 'store', 'capture']));
+  });
+
+  it('registers query commands with profile option', () => {
+    const program = new Command();
+    registerQueryCommands(program, {
+      chalk: chalkStub,
+      getVault: createGetVaultStub({ find: async () => [], vsearch: async () => [] }),
+      resolveVaultPath: stubResolveVaultPath,
+      QmdUnavailableError: class extends Error {},
+      printQmdMissing: () => {}
+    });
+
+    const names = listCommandNames(program);
+    expect(names).toEqual(expect.arrayContaining(['search', 'vsearch', 'context', 'inject', 'observe', 'reflect', 'session-recap']));
+
+    const contextCommand = program.commands.find((command) => command.name() === 'context');
+    const profileOption = contextCommand?.options.find((option) => option.flags.includes('--profile <profile>'));
+    expect(profileOption?.description).toContain('auto');
+  });
+
+  it('registers vault operation commands', () => {
+    const program = new Command();
+    registerVaultOperationsCommands(program, {
+      chalk: chalkStub,
+      fs,
+      getVault: createGetVaultStub({
+        list: async () => [],
+        get: async () => null,
+        stats: async () => ({ tags: [], categories: {} }),
+        sync: async () => ({ copied: [], deleted: [], unchanged: [], errors: [] }),
+        reindex: async () => 0,
+        remember: async () => ({ id: '' }),
+        getQmdCollection: () => ''
+      }),
+      runQmd: async () => {},
+      resolveVaultPath: stubResolveVaultPath,
+      path
+    });
+
+    const names = listCommandNames(program);
+    expect(names).toEqual(expect.arrayContaining([
+      'list',
+      'get',
+      'stats',
+      'sync',
+      'reindex',
+      'remember',
+      'shell-init',
+      'dashboard'
+    ]));
+  });
+
+  it('registers maintenance, resilience, session-lifecycle and template commands', () => {
+    const program = new Command();
+    registerMaintenanceCommands(program, { chalk: chalkStub });
+    registerResilienceCommands(program, {
+      chalk: chalkStub,
+      resolveVaultPath: stubResolveVaultPath
+    });
+    registerSessionLifecycleCommands(program, {
+      chalk: chalkStub,
+      resolveVaultPath: stubResolveVaultPath,
+      QmdUnavailableError: class extends Error {},
+      printQmdMissing: () => {},
+      getVault: createGetVaultStub({
+        createHandoff: async () => ({ id: '', path: '' }),
+        getQmdCollection: () => '',
+        generateRecap: async () => ({}),
+        formatRecap: () => ''
+      }),
+      runQmd: async () => {}
+    });
+    registerTemplateCommands(program, { chalk: chalkStub });
+    registerConfigCommands(program, {
+      chalk: chalkStub,
+      resolveVaultPath: stubResolveVaultPath
+    });
+    registerRouteCommands(program, {
+      chalk: chalkStub,
+      resolveVaultPath: stubResolveVaultPath
+    });
+
+    const names = listCommandNames(program);
+    expect(names).toEqual(expect.arrayContaining([
+      'doctor',
+      'embed',
+      'compat',
+      'graph',
+      'entities',
+      'link',
+      'rebuild',
+      'archive',
+      'migrate-observations',
+      'replay',
+      'sync-bd',
+      'checkpoint',
+      'recover',
+      'status',
+      'clean-exit',
+      'repair-session',
+      'wake',
+      'sleep',
+      'handoff',
+      'recap',
+      'template',
+      'config',
+      'route'
+    ]));
+
+    const templateCommand = program.commands.find((command) => command.name() === 'template');
+    const templateSubcommands = templateCommand?.commands.map((command) => command.name()) ?? [];
+    expect(templateSubcommands).toEqual(expect.arrayContaining(['list', 'create', 'add']));
+
+    const compatCommand = program.commands.find((command) => command.name() === 'compat');
+    const strictOption = compatCommand?.options.find((option) => option.flags.includes('--strict'));
+    const baseDirOption = compatCommand?.options.find((option) => option.flags.includes('--base-dir <path>'));
+    expect(strictOption).toBeTruthy();
+    expect(baseDirOption).toBeTruthy();
+  });
+
+  it('keeps top-level command names unique when modules are combined', () => {
+    const program = registerAllCommandModules(new Command());
+
+    const names = program.commands.map((command) => command.name());
+    const unique = new Set(names);
+    expect(unique.size).toBe(names.length);
+  });
+});

package/bin/command-runtime.js

@@ -1,93 +1,93 @@
-import { spawn } from 'child_process';
-import chalk from 'chalk';
-import path from 'path';
-import {
-  ClawVault,
-  QmdUnavailableError,
-  QMD_INSTALL_COMMAND,
-  resolveVaultPath as resolveConfiguredVaultPath
-} from '../dist/index.js';
-
-const QMD_INDEX_ENV_VAR = 'CLAWVAULT_QMD_INDEX';
-
-/**
- * Validates that a path is within an allowed base directory.
- * Prevents path traversal attacks.
- * @param {string} inputPath - The path to validate
- * @param {string} basePath - The allowed base directory
- * @returns {string} The resolved, validated path
- * @throws {Error} If the path escapes the base directory
- */
-export function validatePathWithinBase(inputPath, basePath) {
-  const resolvedBase = path.resolve(basePath);
-  const resolvedPath = path.resolve(basePath, inputPath);
-
-  if (!resolvedPath.startsWith(resolvedBase + path.sep) && resolvedPath !== resolvedBase) {
-    throw new Error(`Path traversal detected: ${inputPath} escapes ${basePath}`);
-  }
-
-  return resolvedPath;
-}
-
-/**
- * Sanitizes an argument that may contain a path to prevent injection.
- * @param {unknown} arg - The argument to sanitize
- * @returns {string} The sanitized argument
- */
-export function sanitizeQmdArg(arg) {
-  const normalizedArg = String(arg);
-  // Reject arguments with null bytes (injection attempt)
-  if (normalizedArg.includes('\0')) {
-    throw new Error('Invalid argument: contains null byte');
-  }
-  return normalizedArg;
-}
-
-function withQmdIndex(args) {
-  if (args.includes('--index')) {
-    return [...args];
-  }
-
-  const indexName = process.env[QMD_INDEX_ENV_VAR]?.trim();
-  if (!indexName) {
-    return [...args];
-  }
-
-  return ['--index', indexName, ...args];
-}
-
-export function resolveVaultPath(vaultPath) {
-  return resolveConfiguredVaultPath({ explicitPath: vaultPath });
-}
-
-export async function getVault(vaultPath) {
-  const vault = new ClawVault(resolveVaultPath(vaultPath));
-  await vault.load();
-  return vault;
-}
-
-export async function runQmd(args) {
-  return new Promise((resolve, reject) => {
-    // Sanitize all arguments before passing to spawn
-    const sanitizedArgs = withQmdIndex(args).map(sanitizeQmdArg);
-    const proc = spawn('qmd', sanitizedArgs, { stdio: 'inherit' });
-    proc.on('close', (code) => {
-      if (code === 0) resolve();
-      else reject(new Error(`qmd exited with code ${code}`));
-    });
-    proc.on('error', (err) => {
-      if (err?.code === 'ENOENT') {
-        reject(new QmdUnavailableError());
-      } else {
-        reject(err);
-      }
-    });
-  });
-}
-
-export function printQmdMissing() {
-  console.error(chalk.red('Error: ClawVault requires qmd.'));
-  console.log(chalk.dim(`Install: ${QMD_INSTALL_COMMAND}`));
-}
-
-export { QmdUnavailableError };
+import { spawn } from 'child_process';
+import chalk from 'chalk';
+import path from 'path';
+import {
+  ClawVault,
+  QmdUnavailableError,
+  QMD_INSTALL_COMMAND,
+  resolveVaultPath as resolveConfiguredVaultPath
+} from '../dist/index.js';
+
+const QMD_INDEX_ENV_VAR = 'CLAWVAULT_QMD_INDEX';
+
+/**
+ * Validates that a path is within an allowed base directory.
+ * Prevents path traversal attacks.
+ * @param {string} inputPath - The path to validate
+ * @param {string} basePath - The allowed base directory
+ * @returns {string} The resolved, validated path
+ * @throws {Error} If the path escapes the base directory
+ */
+export function validatePathWithinBase(inputPath, basePath) {
+  const resolvedBase = path.resolve(basePath);
+  const resolvedPath = path.resolve(basePath, inputPath);
+
+  if (!resolvedPath.startsWith(resolvedBase + path.sep) && resolvedPath !== resolvedBase) {
+    throw new Error(`Path traversal detected: ${inputPath} escapes ${basePath}`);
+  }
+
+  return resolvedPath;
+}
+
+/**
+ * Sanitizes an argument that may contain a path to prevent injection.
+ * @param {unknown} arg - The argument to sanitize
+ * @returns {string} The sanitized argument
+ */
+export function sanitizeQmdArg(arg) {
+  const normalizedArg = String(arg);
+  // Reject arguments with null bytes (injection attempt)
+  if (normalizedArg.includes('\0')) {
+    throw new Error('Invalid argument: contains null byte');
+  }
+  return normalizedArg;
+}
+
+function withQmdIndex(args) {
+  if (args.includes('--index')) {
+    return [...args];
+  }
+
+  const indexName = process.env[QMD_INDEX_ENV_VAR]?.trim();
+  if (!indexName) {
+    return [...args];
+  }
+
+  return ['--index', indexName, ...args];
+}
+
+export function resolveVaultPath(vaultPath) {
+  return resolveConfiguredVaultPath({ explicitPath: vaultPath });
+}
+
+export async function getVault(vaultPath) {
+  const vault = new ClawVault(resolveVaultPath(vaultPath));
+  await vault.load();
+  return vault;
+}
+
+export async function runQmd(args) {
+  return new Promise((resolve, reject) => {
+    // Sanitize all arguments before passing to spawn
+    const sanitizedArgs = withQmdIndex(args).map(sanitizeQmdArg);
+    const proc = spawn('qmd', sanitizedArgs, { stdio: 'inherit' });
+    proc.on('close', (code) => {
+      if (code === 0) resolve();
+      else reject(new Error(`qmd exited with code ${code}`));
+    });
+    proc.on('error', (err) => {
+      if (err?.code === 'ENOENT') {
+        reject(new QmdUnavailableError());
+      } else {
+        reject(err);
+      }
+    });
+  });
+}
+
+export function printQmdMissing() {
+  console.error(chalk.red('Error: ClawVault requires qmd.'));
+  console.log(chalk.dim(`Install: ${QMD_INSTALL_COMMAND}`));
+}
+
+export { QmdUnavailableError };