npm - codeam-cli - Versions diffs - 2.2.0 → 2.2.2 - Mend

codeam-cli 2.2.0 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +106 -13
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -179,7 +179,7 @@ var import_qrcode_terminal = __toESM(require("qrcode-terminal"));
 // package.json
 var package_default = {
   name: "codeam-cli",
-  version: "2.2.0",
+  version: "2.2.2",
   description: "Remote control Claude Code (and other AI coding agents) from your mobile phone. Pair your device, send prompts, stream responses in real-time, and approve commands \u2014 from anywhere.",
   main: "dist/index.js",
   bin: {
@@ -2174,14 +2174,104 @@ function parsePayload(schema, raw) {
 var fs5 = __toESM(require("fs/promises"));
 var path5 = __toESM(require("path"));
 var MAX_FILE_BYTES = 5 * 1024 * 1024;
-function resolveSafe(rawPath) {
-  const cwd = process.cwd();
-  const absolute = path5.isAbsolute(rawPath) ? path5.normalize(rawPath) : path5.resolve(cwd, rawPath);
-  const relativeFromCwd = path5.relative(cwd, absolute);
-  if (relativeFromCwd.startsWith("..") || path5.isAbsolute(relativeFromCwd)) {
-    throw new Error(`Path escapes the project root: ${rawPath}`);
+var MAX_WALK_DEPTH = 6;
+var MAX_VISITED_DIRS = 5e3;
+var SUBDIR_IGNORE = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  ".next",
+  ".expo",
+  "dist",
+  "build",
+  "out",
+  ".cache",
+  "coverage",
+  ".turbo",
+  ".parcel-cache",
+  ".idea",
+  ".vscode",
+  ".vscode-test",
+  "ios",
+  "android",
+  // expo-managed native dirs are huge and rarely interesting
+  ".gradle",
+  ".cxx",
+  ".intellijPlatform",
+  ".kotlin",
+  "tmp",
+  "target",
+  "venv",
+  ".venv",
+  ".mypy_cache",
+  ".pytest_cache",
+  "__pycache__"
+]);
+function isUnder(parent, candidate) {
+  const rel = path5.relative(parent, candidate);
+  return rel === "" || !rel.startsWith("..") && !path5.isAbsolute(rel);
+}
+async function isExistingFile(absPath) {
+  try {
+    const stat2 = await fs5.stat(absPath);
+    return stat2.isFile();
+  } catch {
+    return false;
   }
-  return absolute;
+}
+async function walkForSuffix(dir, needleVariants, depth, ctx) {
+  if (depth > MAX_WALK_DEPTH) return;
+  if (ctx.visited > MAX_VISITED_DIRS) return;
+  if (ctx.matches.length >= ctx.cap) return;
+  ctx.visited++;
+  let entries = [];
+  try {
+    entries = await fs5.readdir(dir, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  for (const e of entries) {
+    if (!e.isFile()) continue;
+    const full = path5.join(dir, e.name);
+    if (needleVariants.some((needle) => full.endsWith(needle))) {
+      ctx.matches.push(full);
+      if (ctx.matches.length >= ctx.cap) return;
+    }
+  }
+  for (const e of entries) {
+    if (!e.isDirectory()) continue;
+    if (SUBDIR_IGNORE.has(e.name)) continue;
+    if (e.name.startsWith(".") && SUBDIR_IGNORE.has(e.name)) continue;
+    await walkForSuffix(path5.join(dir, e.name), needleVariants, depth + 1, ctx);
+    if (ctx.matches.length >= ctx.cap) return;
+  }
+}
+async function findFile(rawPath) {
+  const cwd = process.cwd();
+  if (path5.isAbsolute(rawPath)) {
+    const abs = path5.normalize(rawPath);
+    if (isUnder(cwd, abs) && await isExistingFile(abs)) return abs;
+  }
+  const direct = path5.resolve(cwd, rawPath);
+  if (isUnder(cwd, direct) && await isExistingFile(direct)) return direct;
+  const normalized = path5.normalize(rawPath).replace(/^[./\\]+/, "");
+  const needles = [
+    `${path5.sep}${normalized}`,
+    `/${normalized}`
+  ].filter((v, i, a) => a.indexOf(v) === i);
+  const ctx = { visited: 0, matches: [], cap: 16 };
+  await walkForSuffix(cwd, needles, 0, ctx);
+  const candidates = ctx.matches.filter((c2) => isUnder(cwd, c2));
+  if (candidates.length === 0) return null;
+  candidates.sort((a, b) => a.length - b.length);
+  return candidates[0];
+}
+async function findWriteTarget(rawPath) {
+  const found = await findFile(rawPath);
+  if (found) return found;
+  const cwd = process.cwd();
+  const fallback = path5.isAbsolute(rawPath) ? path5.normalize(rawPath) : path5.resolve(cwd, rawPath);
+  if (!isUnder(cwd, fallback)) return null;
+  return fallback;
 }
 function looksBinary(buf) {
   const sample = buf.subarray(0, Math.min(8192, buf.length));
@@ -2192,11 +2282,11 @@ function looksBinary(buf) {
 }
 async function readProjectFile(rawPath) {
   try {
-    const abs = resolveSafe(rawPath);
-    const stat2 = await fs5.stat(abs);
-    if (!stat2.isFile()) {
-      return { error: "Not a regular file." };
+    const abs = await findFile(rawPath);
+    if (!abs) {
+      return { error: `File not found in the project tree: ${rawPath}` };
     }
+    const stat2 = await fs5.stat(abs);
     if (stat2.size > MAX_FILE_BYTES) {
       return { error: `File too large (${(stat2.size / 1024 / 1024).toFixed(1)} MB > ${MAX_FILE_BYTES / 1024 / 1024} MB).` };
     }
@@ -2212,7 +2302,10 @@ async function readProjectFile(rawPath) {
 }
 async function writeProjectFile(rawPath, content) {
   try {
-    const abs = resolveSafe(rawPath);
+    const abs = await findWriteTarget(rawPath);
+    if (!abs) {
+      return { error: `Path escapes the project root: ${rawPath}` };
+    }
     if (Buffer.byteLength(content, "utf-8") > MAX_FILE_BYTES) {
       return { error: "Content too large." };
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codeam-cli",
-  "version": "2.2.0",
+  "version": "2.2.2",
   "description": "Remote control Claude Code (and other AI coding agents) from your mobile phone. Pair your device, send prompts, stream responses in real-time, and approve commands — from anywhere.",
   "main": "dist/index.js",
   "bin": {