codemem 0.22.0-alpha.5 → 0.22.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +1 -0
  2. package/dist/commands/serve.d.ts +1 -0
  3. package/dist/commands/serve.d.ts.map +1 -1
  4. package/dist/index.js +10 -0
  5. package/dist/index.js.map +1 -1
  6. package/package.json +4 -4
package/README.md CHANGED
@@ -21,6 +21,7 @@ npx -y codemem stats
21
21
 
22
22
  ```bash
23
23
  codemem --help
24
+ codemem setup --opencode-only
24
25
  codemem stats
25
26
  codemem search "query"
26
27
  codemem serve start
package/dist/commands/serve.d.ts CHANGED
@@ -2,6 +2,7 @@ import { Command } from "commander";
2
2
  import { type ResolvedServeInvocation } from "./serve-invocation.js";
3
3
  export declare function extractViewerPid(payload: unknown): number | null;
4
4
  export declare function isLocalHost(host: string): boolean;
5
+ export declare function isLoopbackOnlyHost(host: string): boolean;
5
6
  export declare function isLikelyViewerCommand(command: string): boolean;
6
7
  export declare function pickViewerPidCandidate(statsPid: number | null, listenerPid: number | null): number | null;
7
8
  export declare function buildForegroundRunnerArgs(scriptPath: string, invocation: ResolvedServeInvocation, execArgv?: string[]): string[];
package/dist/commands/serve.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../src/commands/serve.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAEN,KAAK,uBAAuB,EAG5B,MAAM,uBAAuB,CAAC;AAQ/B,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAKhE;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CASjD;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAQ9D;AAED,wBAAgB,sBAAsB,CACrC,QAAQ,EAAE,MAAM,GAAG,IAAI,EACvB,WAAW,EAAE,MAAM,GAAG,IAAI,GACxB,MAAM,GAAG,IAAI,CAGf;AAqLD,wBAAgB,yBAAyB,CACxC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,uBAAuB,EACnC,QAAQ,GAAE,MAAM,EAAqB,GACnC,MAAM,EAAE,CAgBV;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS9D;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAUpF;AA2SD,eAAO,MAAM,YAAY,SAuBtB,CAAC"}
1
+ {"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../src/commands/serve.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAEN,KAAK,uBAAuB,EAG5B,MAAM,uBAAuB,CAAC;AAQ/B,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAKhE;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CASjD;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAQxD;AASD,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAQ9D;AAED,wBAAgB,sBAAsB,CACrC,QAAQ,EAAE,MAAM,GAAG,IAAI,EACvB,WAAW,EAAE,MAAM,GAAG,IAAI,GACxB,MAAM,GAAG,IAAI,CAGf;AAqLD,wBAAgB,yBAAyB,CACxC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,uBAAuB,EACnC,QAAQ,GAAE,MAAM,EAAqB,GACnC,MAAM,EAAE,CAgBV;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS9D;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAUpF;AA6SD,eAAO,MAAM,YAAY,SAuBtB,CAAC"}
package/dist/index.js CHANGED
@@ -953,6 +953,14 @@ function isLocalHost(host) {
953
953
  const normalized = host.trim().toLowerCase();
954
954
  return normalized === "127.0.0.1" || normalized === "localhost" || normalized === "::1" || normalized === "0.0.0.0" || normalized === "::";
955
955
  }
956
+ function isLoopbackOnlyHost(host) {
957
+ const normalized = host.trim().toLowerCase();
958
+ return normalized === "localhost" || /^127(?:\.\d{1,3}){0,3}$/.test(normalized) || normalized === "::1" || normalized === "0:0:0:0:0:0:0:1";
959
+ }
960
+ function warnIfViewerExposed(host, port) {
961
+ if (isLoopbackOnlyHost(host)) return;
962
+ p.log.warn(`Viewer bound to ${host}:${port}. codemem's viewer trust model assumes localhost-only access; do not expose it through a reverse proxy, tunnel, or public bind without adding your own auth layer.`);
963
+ }
956
964
  function isLikelyViewerCommand(command) {
957
965
  const lowered = command.toLowerCase();
958
966
  if (!/\bserve\s+start\b/.test(lowered)) return false;
@@ -1165,6 +1173,7 @@ function sqliteVecFailureDiagnostics(error, dbPath) {
1165
1173
  ];
1166
1174
  }
1167
1175
  async function startBackgroundViewer(invocation) {
1176
+ warnIfViewerExposed(invocation.host, invocation.port);
1168
1177
  if (await isPortOpen(invocation.host, invocation.port)) {
1169
1178
  p.log.warn(`Viewer already running at http://${invocation.host}:${invocation.port}`);
1170
1179
  return;
@@ -1193,6 +1202,7 @@ async function startForegroundViewer(invocation) {
1193
1202
  const { createApp, createSyncApp, closeStore, getStore } = await import("@codemem/server");
1194
1203
  const { serve } = await import("@hono/node-server");
1195
1204
  if (invocation.dbPath) process.env.CODEMEM_DB = invocation.dbPath;
1205
+ warnIfViewerExposed(invocation.host, invocation.port);
1196
1206
  if (await isPortOpen(invocation.host, invocation.port)) {
1197
1207
  p.log.warn(`Viewer already running at http://${invocation.host}:${invocation.port}`);
1198
1208
  process.exitCode = 1;