clawvault 3.1.0 → 3.2.1

package/dist/chunk-IVRIKYFE.js

@@ -0,0 +1,520 @@
+// src/lib/webdav.ts
+import * as fs from "fs";
+import * as path from "path";
+var WEBDAV_PREFIX = "/webdav";
+var BLOCKED_PATHS = [
+  ".clawvault",
+  ".git",
+  ".obsidian",
+  "node_modules"
+];
+var SUPPORTED_METHODS = ["GET", "PUT", "DELETE", "MKCOL", "PROPFIND", "OPTIONS", "HEAD", "MOVE", "COPY"];
+function toRequestSegments(requestPath) {
+  return requestPath.replace(/\\/g, "/").split("/").filter(Boolean);
+}
+function isWithinRoot(fullPath, rootPath) {
+  const resolvedRoot = path.resolve(rootPath);
+  const relative2 = path.relative(resolvedRoot, fullPath);
+  return !(relative2.startsWith("..") || path.isAbsolute(relative2));
+}
+function isPathSafe(requestPath, rootPath) {
+  const pathParts = toRequestSegments(requestPath);
+  if (pathParts.includes("..")) {
+    return false;
+  }
+  const normalizedRelativePath = path.normalize(pathParts.join(path.sep));
+  const fullPath = path.resolve(rootPath, normalizedRelativePath);
+  if (!isWithinRoot(fullPath, rootPath)) {
+    return false;
+  }
+  for (const part of pathParts) {
+    if (BLOCKED_PATHS.includes(part)) {
+      return false;
+    }
+  }
+  return true;
+}
+function resolveWebDAVPath(requestPath, rootPath) {
+  const pathParts = toRequestSegments(requestPath);
+  if (pathParts.includes("..")) {
+    return null;
+  }
+  const normalizedRelativePath = path.normalize(pathParts.join(path.sep));
+  const fullPath = path.resolve(rootPath, normalizedRelativePath);
+  if (!isWithinRoot(fullPath, rootPath)) {
+    return null;
+  }
+  return fullPath;
+}
+function checkAuth(req, auth) {
+  if (!auth) {
+    return true;
+  }
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith("Basic ")) {
+    return false;
+  }
+  const base64Credentials = authHeader.slice(6);
+  const credentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
+  const [username, password] = credentials.split(":");
+  return username === auth.username && password === auth.password;
+}
+function escapeXml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function formatWebDAVDate(date) {
+  return date.toUTCString();
+}
+function generatePropfindEntry(href, stats, isCollection) {
+  const resourceType = isCollection ? "<D:resourcetype><D:collection/></D:resourcetype>" : "<D:resourcetype/>";
+  const contentLength = stats && !isCollection ? `<D:getcontentlength>${stats.size}</D:getcontentlength>` : "";
+  const lastModified = stats ? `<D:getlastmodified>${formatWebDAVDate(stats.mtime)}</D:getlastmodified>` : "";
+  const etag = stats ? `<D:getetag>"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"</D:getetag>` : "";
+  const contentType = !isCollection ? "<D:getcontenttype>application/octet-stream</D:getcontenttype>" : "";
+  return `  <D:response>
+    <D:href>${escapeXml(href)}</D:href>
+    <D:propstat>
+      <D:prop>
+        ${resourceType}
+        ${contentLength}
+        ${lastModified}
+        ${etag}
+        ${contentType}
+      </D:prop>
+      <D:status>HTTP/1.1 200 OK</D:status>
+    </D:propstat>
+  </D:response>`;
+}
+function generatePropfindResponse(entries) {
+  const responseEntries = entries.map(
+    (e) => generatePropfindEntry(e.href, e.stats, e.isCollection)
+  ).join("\n");
+  return `<?xml version="1.0" encoding="utf-8"?>
+<D:multistatus xmlns:D="DAV:">
+${responseEntries}
+</D:multistatus>`;
+}
+function handleOptions(res, prefix) {
+  res.writeHead(200, {
+    "Allow": SUPPORTED_METHODS.join(", "),
+    "DAV": "1, 2",
+    "Content-Length": "0",
+    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Methods": SUPPORTED_METHODS.join(", "),
+    "Access-Control-Allow-Headers": "Content-Type, Depth, Destination, Overwrite, Authorization",
+    "MS-Author-Via": "DAV"
+  });
+  res.end();
+}
+function handleHead(res, filePath) {
+  try {
+    const stats = fs.statSync(filePath);
+    if (stats.isDirectory()) {
+      res.writeHead(200, {
+        "Content-Type": "httpd/unix-directory",
+        "Last-Modified": formatWebDAVDate(stats.mtime),
+        "ETag": `"${stats.mtime.getTime().toString(16)}"`,
+        "Access-Control-Allow-Origin": "*"
+      });
+    } else {
+      res.writeHead(200, {
+        "Content-Type": "application/octet-stream",
+        "Content-Length": stats.size.toString(),
+        "Last-Modified": formatWebDAVDate(stats.mtime),
+        "ETag": `"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"`,
+        "Access-Control-Allow-Origin": "*"
+      });
+    }
+    res.end();
+  } catch (err) {
+    res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end("Not Found");
+  }
+}
+function handleGet(res, filePath) {
+  try {
+    const stats = fs.statSync(filePath);
+    if (stats.isDirectory()) {
+      const entries = fs.readdirSync(filePath);
+      const listing = entries.join("\n");
+      res.writeHead(200, {
+        "Content-Type": "text/plain",
+        "Content-Length": Buffer.byteLength(listing).toString(),
+        "Access-Control-Allow-Origin": "*"
+      });
+      res.end(listing);
+    } else {
+      const content = fs.readFileSync(filePath);
+      res.writeHead(200, {
+        "Content-Type": "application/octet-stream",
+        "Content-Length": content.length.toString(),
+        "Last-Modified": formatWebDAVDate(stats.mtime),
+        "ETag": `"${stats.mtime.getTime().toString(16)}-${stats.size.toString(16)}"`,
+        "Access-Control-Allow-Origin": "*"
+      });
+      res.end(content);
+    }
+  } catch (err) {
+    res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end("Not Found");
+  }
+}
+function handlePut(res, filePath, body) {
+  try {
+    const exists = fs.existsSync(filePath);
+    const dir = path.dirname(filePath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    fs.writeFileSync(filePath, body);
+    const status = exists ? 204 : 201;
+    res.writeHead(status, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleDelete(res, filePath) {
+  try {
+    if (!fs.existsSync(filePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Not Found");
+      return;
+    }
+    const stats = fs.statSync(filePath);
+    if (stats.isDirectory()) {
+      fs.rmSync(filePath, { recursive: true });
+    } else {
+      fs.unlinkSync(filePath);
+    }
+    res.writeHead(204, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleMkcol(res, filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      res.writeHead(405, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Resource already exists");
+      return;
+    }
+    const parent = path.dirname(filePath);
+    if (!fs.existsSync(parent)) {
+      res.writeHead(409, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Parent directory does not exist");
+      return;
+    }
+    fs.mkdirSync(filePath);
+    res.writeHead(201, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handlePropfind(res, filePath, webdavPath, prefix, depth) {
+  try {
+    if (!fs.existsSync(filePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Not Found");
+      return;
+    }
+    const stats = fs.statSync(filePath);
+    const entries = [];
+    const normalizedWebdavPath = webdavPath.startsWith("/") ? webdavPath : "/" + webdavPath;
+    const href = prefix + normalizedWebdavPath;
+    entries.push({
+      href: href.endsWith("/") || stats.isDirectory() ? href : href,
+      stats,
+      isCollection: stats.isDirectory()
+    });
+    if (stats.isDirectory() && depth !== "0") {
+      try {
+        const children = fs.readdirSync(filePath);
+        for (const child of children) {
+          if (BLOCKED_PATHS.includes(child)) {
+            continue;
+          }
+          const childPath = path.join(filePath, child);
+          const childWebdavPath = normalizedWebdavPath.endsWith("/") ? normalizedWebdavPath + child : normalizedWebdavPath + "/" + child;
+          try {
+            const childStats = fs.statSync(childPath);
+            entries.push({
+              href: prefix + childWebdavPath,
+              stats: childStats,
+              isCollection: childStats.isDirectory()
+            });
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    const xml = generatePropfindResponse(entries);
+    res.writeHead(207, {
+      "Content-Type": "application/xml; charset=utf-8",
+      "Content-Length": Buffer.byteLength(xml).toString(),
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end(xml);
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleMove(res, sourcePath, destinationPath, overwrite) {
+  try {
+    if (!fs.existsSync(sourcePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Source not found");
+      return;
+    }
+    if (!destinationPath) {
+      res.writeHead(400, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination header required");
+      return;
+    }
+    const destExists = fs.existsSync(destinationPath);
+    if (destExists && !overwrite) {
+      res.writeHead(412, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination exists and Overwrite is F");
+      return;
+    }
+    const destDir = path.dirname(destinationPath);
+    if (!fs.existsSync(destDir)) {
+      fs.mkdirSync(destDir, { recursive: true });
+    }
+    if (destExists) {
+      const destStats = fs.statSync(destinationPath);
+      if (destStats.isDirectory()) {
+        fs.rmSync(destinationPath, { recursive: true });
+      } else {
+        fs.unlinkSync(destinationPath);
+      }
+    }
+    fs.renameSync(sourcePath, destinationPath);
+    const status = destExists ? 204 : 201;
+    res.writeHead(status, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function handleCopy(res, sourcePath, destinationPath, overwrite) {
+  try {
+    if (!fs.existsSync(sourcePath)) {
+      res.writeHead(404, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Source not found");
+      return;
+    }
+    if (!destinationPath) {
+      res.writeHead(400, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination header required");
+      return;
+    }
+    const destExists = fs.existsSync(destinationPath);
+    if (destExists && !overwrite) {
+      res.writeHead(412, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Destination exists and Overwrite is F");
+      return;
+    }
+    const destDir = path.dirname(destinationPath);
+    if (!fs.existsSync(destDir)) {
+      fs.mkdirSync(destDir, { recursive: true });
+    }
+    const sourceStats = fs.statSync(sourcePath);
+    if (sourceStats.isDirectory()) {
+      copyDirRecursive(sourcePath, destinationPath);
+    } else {
+      fs.copyFileSync(sourcePath, destinationPath);
+    }
+    const status = destExists ? 204 : 201;
+    res.writeHead(status, {
+      "Content-Length": "0",
+      "Access-Control-Allow-Origin": "*"
+    });
+    res.end();
+  } catch (err) {
+    res.writeHead(500, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+    res.end(`Error: ${err}`);
+  }
+}
+function copyDirRecursive(src, dest) {
+  if (!fs.existsSync(dest)) {
+    fs.mkdirSync(dest, { recursive: true });
+  }
+  const entries = fs.readdirSync(src, { withFileTypes: true });
+  for (const entry of entries) {
+    const srcPath = path.join(src, entry.name);
+    const destPath = path.join(dest, entry.name);
+    if (entry.isDirectory()) {
+      copyDirRecursive(srcPath, destPath);
+    } else {
+      fs.copyFileSync(srcPath, destPath);
+    }
+  }
+}
+function parseDestinationHeader(destinationHeader, prefix, rootPath) {
+  if (!destinationHeader) {
+    return null;
+  }
+  try {
+    let destPath;
+    if (destinationHeader.startsWith("http://") || destinationHeader.startsWith("https://")) {
+      const url = new URL(destinationHeader);
+      destPath = decodeURIComponent(url.pathname);
+    } else {
+      destPath = decodeURIComponent(destinationHeader);
+    }
+    if (destPath.startsWith(prefix)) {
+      destPath = destPath.slice(prefix.length);
+    }
+    return resolveWebDAVPath(destPath, rootPath);
+  } catch {
+    return null;
+  }
+}
+function createWebDAVHandler(config) {
+  const { rootPath, prefix = WEBDAV_PREFIX, auth } = config;
+  return async (req, res) => {
+    const rawUrl = req.url || "/";
+    if (rawUrl.includes("..")) {
+      if (rawUrl.startsWith(prefix)) {
+        res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+        res.end("Forbidden");
+        return true;
+      }
+    }
+    const url = new URL(rawUrl, `http://${req.headers.host || "localhost"}`);
+    const pathname = decodeURIComponent(url.pathname);
+    if (!pathname.startsWith(prefix)) {
+      return false;
+    }
+    let webdavPath = pathname.slice(prefix.length);
+    if (!webdavPath.startsWith("/")) {
+      webdavPath = "/" + webdavPath;
+    }
+    if (req.method === "OPTIONS") {
+      handleOptions(res, prefix);
+      return true;
+    }
+    if (!checkAuth(req, auth)) {
+      res.writeHead(401, {
+        "WWW-Authenticate": 'Basic realm="ClawVault WebDAV"',
+        "Content-Type": "text/plain",
+        "Access-Control-Allow-Origin": "*"
+      });
+      res.end("Unauthorized");
+      return true;
+    }
+    if (!isPathSafe(webdavPath, rootPath)) {
+      res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Forbidden");
+      return true;
+    }
+    const filePath = resolveWebDAVPath(webdavPath, rootPath);
+    if (!filePath) {
+      res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+      res.end("Forbidden");
+      return true;
+    }
+    const depth = req.headers.depth || "infinity";
+    const overwrite = req.headers.overwrite?.toUpperCase() !== "F";
+    const destinationHeader = req.headers.destination;
+    switch (req.method) {
+      case "HEAD":
+        handleHead(res, filePath);
+        return true;
+      case "GET":
+        handleGet(res, filePath);
+        return true;
+      case "PUT": {
+        const chunks = [];
+        for await (const chunk of req) {
+          chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+        }
+        const body = Buffer.concat(chunks);
+        handlePut(res, filePath, body);
+        return true;
+      }
+      case "DELETE":
+        handleDelete(res, filePath);
+        return true;
+      case "MKCOL":
+        handleMkcol(res, filePath);
+        return true;
+      case "PROPFIND":
+        handlePropfind(res, filePath, webdavPath, prefix, depth);
+        return true;
+      case "MOVE": {
+        const destPath = parseDestinationHeader(destinationHeader, prefix, rootPath);
+        if (destPath && destinationHeader) {
+          const destWebdavPath = destinationHeader.includes(prefix) ? destinationHeader.slice(destinationHeader.indexOf(prefix) + prefix.length) : destinationHeader;
+          if (!isPathSafe(destWebdavPath, rootPath)) {
+            res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+            res.end("Forbidden");
+            return true;
+          }
+        }
+        handleMove(res, filePath, destPath, overwrite);
+        return true;
+      }
+      case "COPY": {
+        const destPath = parseDestinationHeader(destinationHeader, prefix, rootPath);
+        if (destPath && destinationHeader) {
+          const destWebdavPath = destinationHeader.includes(prefix) ? destinationHeader.slice(destinationHeader.indexOf(prefix) + prefix.length) : destinationHeader;
+          if (!isPathSafe(destWebdavPath, rootPath)) {
+            res.writeHead(403, { "Content-Type": "text/plain", "Access-Control-Allow-Origin": "*" });
+            res.end("Forbidden");
+            return true;
+          }
+        }
+        handleCopy(res, filePath, destPath, overwrite);
+        return true;
+      }
+      default:
+        res.writeHead(405, {
+          "Allow": SUPPORTED_METHODS.join(", "),
+          "Content-Type": "text/plain",
+          "Access-Control-Allow-Origin": "*"
+        });
+        res.end("Method Not Allowed");
+        return true;
+    }
+  };
+}
+
+export {
+  WEBDAV_PREFIX,
+  isPathSafe,
+  resolveWebDAVPath,
+  checkAuth,
+  generatePropfindResponse,
+  handleOptions,
+  handleHead,
+  handleGet,
+  handlePut,
+  handleDelete,
+  handleMkcol,
+  handlePropfind,
+  handleMove,
+  handleCopy,
+  createWebDAVHandler
+};

package/dist/chunk-K7PNYS45.js

@@ -0,0 +1,93 @@
+import {
+  __export
+} from "./chunk-U67V476Y.js";
+
+// src/workgraph/ledger.ts
+var ledger_exports = {};
+__export(ledger_exports, {
+  activityOf: () => activityOf,
+  allClaims: () => allClaims,
+  append: () => append,
+  currentOwner: () => currentOwner,
+  historyOf: () => historyOf,
+  isClaimed: () => isClaimed,
+  ledgerPath: () => ledgerPath,
+  readAll: () => readAll,
+  readSince: () => readSince,
+  recent: () => recent
+});
+import fs from "fs";
+import path from "path";
+var LEDGER_FILE = ".clawvault/ledger.jsonl";
+function ledgerPath(vaultPath) {
+  return path.join(vaultPath, LEDGER_FILE);
+}
+function append(vaultPath, actor, op, target, type, data) {
+  const entry = {
+    ts: (/* @__PURE__ */ new Date()).toISOString(),
+    actor,
+    op,
+    target,
+    ...type ? { type } : {},
+    ...data && Object.keys(data).length > 0 ? { data } : {}
+  };
+  const lPath = ledgerPath(vaultPath);
+  const dir = path.dirname(lPath);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  fs.appendFileSync(lPath, JSON.stringify(entry) + "\n", "utf-8");
+  return entry;
+}
+function readAll(vaultPath) {
+  const lPath = ledgerPath(vaultPath);
+  if (!fs.existsSync(lPath)) return [];
+  const lines = fs.readFileSync(lPath, "utf-8").split("\n").filter(Boolean);
+  return lines.map((line) => JSON.parse(line));
+}
+function readSince(vaultPath, since) {
+  return readAll(vaultPath).filter((e) => e.ts >= since);
+}
+function currentOwner(vaultPath, target) {
+  const entries = readAll(vaultPath).filter((e) => e.target === target);
+  let owner = null;
+  for (const e of entries) {
+    if (e.op === "claim") owner = e.actor;
+    if (e.op === "release" || e.op === "done" || e.op === "cancel") owner = null;
+  }
+  return owner;
+}
+function isClaimed(vaultPath, target) {
+  return currentOwner(vaultPath, target) !== null;
+}
+function historyOf(vaultPath, target) {
+  return readAll(vaultPath).filter((e) => e.target === target);
+}
+function activityOf(vaultPath, actor) {
+  return readAll(vaultPath).filter((e) => e.actor === actor);
+}
+function allClaims(vaultPath) {
+  const claims = /* @__PURE__ */ new Map();
+  const entries = readAll(vaultPath);
+  for (const e of entries) {
+    if (e.op === "claim") claims.set(e.target, e.actor);
+    if (e.op === "release" || e.op === "done" || e.op === "cancel") claims.delete(e.target);
+  }
+  return claims;
+}
+function recent(vaultPath, count = 20) {
+  const all = readAll(vaultPath);
+  return all.slice(-count);
+}
+
+export {
+  ledgerPath,
+  append,
+  readAll,
+  readSince,
+  currentOwner,
+  isClaimed,
+  historyOf,
+  activityOf,
+  allClaims,
+  recent,
+  ledger_exports
+};