codex-overleaf-link 1.1.1

package/extension/src/shared/projectFiles.js

@@ -0,0 +1,180 @@
+(function initProjectFiles(root, factory) {
+  if (typeof module === 'object' && module.exports) {
+    module.exports = factory();
+  } else {
+    root.CodexOverleafProjectFiles = factory();
+  }
+})(typeof globalThis !== 'undefined' ? globalThis : window, function projectFilesFactory() {
+  'use strict';
+
+  const TEXT_EXTENSIONS = new Set([
+    '.tex',
+    '.bib',
+    '.sty',
+    '.cls',
+    '.bst',
+    '.bbx',
+    '.cbx',
+    '.lbx',
+    '.cfg',
+    '.def',
+    '.clo',
+    '.ist',
+    '.txt',
+    '.md',
+    '.latex'
+  ]);
+
+  const BINARY_EXTENSIONS = new Set([
+    '.pdf',
+    '.png',
+    '.jpg',
+    '.jpeg',
+    '.gif',
+    '.svg',
+    '.eps',
+    '.zip',
+    '.gz',
+    '.tar',
+    '.doc',
+    '.docx',
+    '.ppt',
+    '.pptx',
+    '.xls',
+    '.xlsx'
+  ]);
+  const MAX_SAFE_PROJECT_PATH_LENGTH = 2048;
+
+  function isTextProjectPath(path) {
+    const normalized = normalizeSafeProjectPath(path);
+    if (!normalized) {
+      return false;
+    }
+
+    const extension = getExtension(normalized);
+    if (BINARY_EXTENSIONS.has(extension)) {
+      return false;
+    }
+    return TEXT_EXTENSIONS.has(extension);
+  }
+
+  function collectUniqueTextPaths(paths, limit = 80) {
+    const seen = new Set();
+    const result = [];
+    for (const path of paths || []) {
+      const normalized = normalizeSafeProjectPath(path);
+      if (!isTextProjectPath(normalized) || seen.has(normalized)) {
+        continue;
+      }
+      seen.add(normalized);
+      result.push(normalized);
+      if (result.length >= limit) {
+        break;
+      }
+    }
+    return result;
+  }
+
+  function normalizePath(path) {
+    return String(path || '')
+      .replace(/\s+/g, ' ')
+      .replace(/\\/g, '/')
+      .trim()
+      .replace(/^\/+/, '');
+  }
+
+  function normalizeSafeProjectPath(value) {
+    if (typeof value !== 'string') {
+      return '';
+    }
+    if (hasControlCharacter(value)) {
+      return '';
+    }
+    const trimmed = value.trim();
+    if (!trimmed || trimmed.length > MAX_SAFE_PROJECT_PATH_LENGTH) {
+      return '';
+    }
+    if (trimmed.startsWith('/') || trimmed.includes('\\') || hasWindowsDrivePrefix(trimmed)) {
+      return '';
+    }
+
+    let decoded = trimmed;
+    for (let index = 0; index < 3; index += 1) {
+      if (hasEncodedSeparator(decoded)) {
+        return '';
+      }
+      let next;
+      try {
+        next = decodeURIComponent(decoded);
+      } catch (_error) {
+        return '';
+      }
+      if (next === decoded) {
+        break;
+      }
+      decoded = next;
+    }
+
+    if (hasControlCharacter(decoded)
+      || decoded.startsWith('/')
+      || decoded.includes('\\')
+      || hasWindowsDrivePrefix(decoded)
+      || decoded.length > MAX_SAFE_PROJECT_PATH_LENGTH) {
+      return '';
+    }
+
+    const normalized = decoded.replace(/\/+/g, '/').trim();
+    if (!normalized || normalized.length > MAX_SAFE_PROJECT_PATH_LENGTH) {
+      return '';
+    }
+    const segments = normalized.split('/');
+    if (segments.some(segment => !segment || segment === '.' || segment === '..')) {
+      return '';
+    }
+    return normalized;
+  }
+
+  function assertSafeProjectPath(value, label = 'path') {
+    const normalized = normalizeSafeProjectPath(value);
+    if (!normalized) {
+      throw new Error(`Invalid ${label}`);
+    }
+    return normalized;
+  }
+
+  function hasControlCharacter(value) {
+    return /[\u0000-\u001f\u007f]/.test(String(value || ''));
+  }
+
+  function hasEncodedSeparator(value) {
+    return /%(?:2f|5c)/i.test(String(value || ''));
+  }
+
+  function hasWindowsDrivePrefix(value) {
+    return /^[A-Za-z]:/.test(String(value || ''));
+  }
+
+  function getExtension(path) {
+    const fileName = path.split('/').pop() || '';
+    const dotIndex = fileName.lastIndexOf('.');
+    return dotIndex >= 0 ? fileName.slice(dotIndex).toLowerCase() : '';
+  }
+
+  function isUsableProjectFileContent(content) {
+    const text = String(content || '').trim();
+    if (!text) {
+      return false;
+    }
+    return !/^(loading|loading\.{3}|loading…)$/i.test(text);
+  }
+
+  return {
+    MAX_SAFE_PROJECT_PATH_LENGTH,
+    assertSafeProjectPath,
+    collectUniqueTextPaths,
+    isUsableProjectFileContent,
+    isTextProjectPath,
+    normalizePath,
+    normalizeSafeProjectPath
+  };
+});

package/extension/src/shared/reviewing.js

@@ -0,0 +1,99 @@
+(function initReviewing(root, factory) {
+  if (typeof module === 'object' && module.exports) {
+    module.exports = factory();
+  } else {
+    root.CodexOverleafReviewing = factory();
+  }
+})(typeof globalThis !== 'undefined' ? globalThis : window, function reviewingFactory() {
+  'use strict';
+
+  const CONTROL_REVIEW_PATTERNS = [
+    /\breviewing\b/i,
+    /\btrack(?:ed)? changes?\s*(?:on|enabled)\b/i,
+    /\bsuggest(?:ing|ions?)\s*(?:on|enabled)\b/i
+  ];
+
+  const INTERNAL_ACTIVE_REVIEW_PATTERNS = [
+    /\b(?:mode|editingMode|reviewMode)\s*:\s*(?:reviewing|suggesting|track(?:ed)? changes?)\b/i
+  ];
+
+  const GENERIC_REVIEW_PATTERNS = [
+    /\breview panel\b/i,
+    /^\s*review\s*$/i
+  ];
+
+  function detectReviewingFromSignals(signals = {}) {
+    if (signals.manualOverride === true) {
+      return {
+        ok: true,
+        status: 'manual-override',
+        source: 'user-confirmed'
+      };
+    }
+
+    for (const control of signals.controls || []) {
+      const controlText = normalize([
+        control.text,
+        control.innerText,
+        control.ariaLabel,
+        control.title,
+        control.value,
+        control.role,
+        control.id,
+        control.className,
+        control.dataTestId,
+        control.dataQa,
+        control.dataOlName,
+        control.ariaSelected,
+        control.ariaCurrent,
+        control.htmlSnippet,
+        control.ariaPressed === 'true' ? 'pressed' : ''
+      ].filter(Boolean).join(' '));
+
+      if (matchesControlReview(controlText) && !isGenericReviewOnly(controlText)) {
+        return {
+          ok: true,
+          status: 'detected',
+          source: 'control-text'
+        };
+      }
+    }
+
+    for (const stateText of signals.internalStates || []) {
+      const normalized = normalize(stateText);
+      if (matchesInternalActiveReview(normalized)) {
+        return {
+          ok: true,
+          status: 'detected',
+          source: 'internal-state'
+        };
+      }
+    }
+
+    return {
+      ok: false,
+      status: 'not-detected',
+      source: 'none'
+    };
+  }
+
+  function matchesControlReview(text) {
+    return CONTROL_REVIEW_PATTERNS.some(pattern => pattern.test(text));
+  }
+
+  function matchesInternalActiveReview(text) {
+    return INTERNAL_ACTIVE_REVIEW_PATTERNS.some(pattern => pattern.test(text));
+  }
+
+  function isGenericReviewOnly(text) {
+    return GENERIC_REVIEW_PATTERNS.some(pattern => pattern.test(text)) && !/\breviewing\b/i.test(text);
+  }
+
+  function normalize(value) {
+    return String(value || '').replace(/\s+/g, ' ').trim();
+  }
+
+  return {
+    detectReviewingFromSignals
+  };
+});

package/extension/src/shared/sensitiveScan.js

@@ -0,0 +1,116 @@
+(function initSensitiveScan(root, factory) {
+  if (typeof module === 'object' && module.exports) {
+    module.exports = factory();
+  } else {
+    root.CodexOverleafSensitiveScan = factory();
+  }
+})(typeof globalThis !== 'undefined' ? globalThis : window, function sensitiveScanFactory() {
+  'use strict';
+
+  const MAX_PREVIEW_CHARS = 96;
+  const DETECTORS = [
+    { id: 'private-key', pattern: /-----BEGIN [A-Z ]*PRIVATE KEY-----/gi },
+    { id: 'bearer-token', pattern: /\bBearer\s+[A-Za-z0-9._~+/=-]{12,}\b/gi },
+    { id: 'api-token', pattern: /\b(?:(?:ghp|github_pat|xox[baprs])_[A-Za-z0-9_=-]{16,}|sk-[A-Za-z0-9_-]{16,})\b/gi },
+    {
+      id: 'secret-assignment',
+      pattern: /\b(?:api[_-]?key|token|secret|password|passwd)\b\s*[:=]\s*["']?[^"'\s,;]{4,}/gi
+    }
+  ];
+
+  function scanSensitiveText(source, text, options = {}) {
+    const content = typeof text === 'string' ? text : '';
+    const findings = [];
+    const seen = new Set();
+    const sourceKey = typeof source === 'string' && source ? source : 'text';
+
+    for (const detector of DETECTORS) {
+      const pattern = new RegExp(detector.pattern.source, detector.pattern.flags);
+      let match;
+      while ((match = pattern.exec(content)) !== null) {
+        const key = detector.id + ':' + sourceKey + ':' + (options.path || '');
+        if (seen.has(key)) {
+          continue;
+        }
+        seen.add(key);
+        findings.push({
+          detectorId: detector.id,
+          source: sourceKey,
+          path: typeof options.path === 'string' ? options.path : undefined,
+          preview: buildRedactedPreview(content, match.index, match[0])
+        });
+      }
+    }
+
+    return findings.map(removeUndefinedFields);
+  }
+
+  function scanSensitiveProjectFiles(files) {
+    const findings = [];
+    for (const file of Array.isArray(files) ? files : []) {
+      const path = typeof file.path === 'string' ? file.path : '';
+      const content = typeof file.content === 'string' ? file.content : '';
+      const fileFindings = scanSensitiveText('project-file', content, { path });
+      findings.push(...fileFindings);
+    }
+    return findings;
+  }
+
+  function scanSensitiveInputs(input = {}) {
+    const findings = [];
+    if (typeof input.task === 'string') {
+      findings.push(...scanSensitiveText('task', input.task));
+    }
+    if (typeof input.prompt === 'string') {
+      findings.push(...scanSensitiveText('prompt', input.prompt));
+    }
+    findings.push(...scanSensitiveProjectFiles(input.files));
+    return findings;
+  }
+
+  function buildRedactedPreview(content, index, matchedText) {
+    const lineStart = content.lastIndexOf('\n', index) + 1;
+    const nextNewline = content.indexOf('\n', index);
+    const lineEnd = nextNewline === -1 ? content.length : nextNewline;
+    const line = content.slice(lineStart, lineEnd);
+    const localIndex = Math.max(0, index - lineStart);
+    const redacted = line.slice(0, localIndex) + '[REDACTED]' + line.slice(localIndex + matchedText.length);
+    return trimPreview(redactPreviewLine(redacted).replace(/\s+/g, ' '));
+  }
+
+  function redactPreviewLine(line) {
+    let redacted = String(line || '');
+    for (const detector of DETECTORS) {
+      const pattern = new RegExp(detector.pattern.source, detector.pattern.flags);
+      redacted = redacted.replace(pattern, '[REDACTED]');
+    }
+    return redacted;
+  }
+
+  function trimPreview(value) {
+    const text = String(value || '').trim();
+    if (text.length <= MAX_PREVIEW_CHARS) {
+      return text;
+    }
+    return text.slice(0, MAX_PREVIEW_CHARS - 1) + '…';
+  }
+
+  function removeUndefinedFields(value) {
+    const result = {};
+    for (const key of Object.keys(value)) {
+      if (value[key] !== undefined) {
+        result[key] = value[key];
+      }
+    }
+    return result;
+  }
+
+  return {
+    DETECTORS,
+    scanSensitiveText,
+    scanSensitiveProjectFiles,
+    scanSensitiveInputs,
+    buildRedactedPreview,
+    redactPreviewLine
+  };
+});