commandmate 0.1.8 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/.next/BUILD_ID +1 -1
  2. package/.next/app-path-routes-manifest.json +1 -1
  3. package/.next/build-manifest.json +2 -2
  4. package/.next/cache/.tsbuildinfo +1 -1
  5. package/.next/cache/config.json +3 -3
  6. package/.next/cache/webpack/client-production/0.pack +0 -0
  7. package/.next/cache/webpack/client-production/1.pack +0 -0
  8. package/.next/cache/webpack/client-production/2.pack +0 -0
  9. package/.next/cache/webpack/client-production/index.pack +0 -0
  10. package/.next/cache/webpack/client-production/index.pack.old +0 -0
  11. package/.next/cache/webpack/edge-server-production/0.pack +0 -0
  12. package/.next/cache/webpack/edge-server-production/index.pack +0 -0
  13. package/.next/cache/webpack/server-production/0.pack +0 -0
  14. package/.next/cache/webpack/server-production/index.pack +0 -0
  15. package/.next/next-server.js.nft.json +1 -1
  16. package/.next/prerender-manifest.json +1 -1
  17. package/.next/server/app/_not-found.html +1 -1
  18. package/.next/server/app/_not-found.rsc +1 -1
  19. package/.next/server/app/index.html +1 -1
  20. package/.next/server/app/index.rsc +1 -1
  21. package/.next/server/app-paths-manifest.json +5 -5
  22. package/.next/server/functions-config-manifest.json +1 -1
  23. package/.next/server/middleware-manifest.json +5 -5
  24. package/.next/server/pages/404.html +1 -1
  25. package/.next/server/pages/500.html +1 -1
  26. package/.next/server/server-reference-manifest.json +1 -1
  27. package/.next/trace +5 -5
  28. package/dist/cli/commands/start.d.ts.map +1 -1
  29. package/dist/cli/commands/start.js +23 -1
  30. package/package.json +1 -1
  31. /package/.next/static/{KtDmF-FzoCLvoKXEcXyU- → ntEU_tKhyyZ-FVJS5Em3L}/_buildManifest.js +0 -0
  32. /package/.next/static/{KtDmF-FzoCLvoKXEcXyU- → ntEU_tKhyyZ-FVJS5Em3L}/_ssgManifest.js +0 -0
@@ -1 +1 @@
1
- {"version":3,"file":"start.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/start.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,YAAY,EAA6B,MAAM,UAAU,CAAC;AASnE;;;GAGG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAyHvE"}
1
+ {"version":3,"file":"start.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/start.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAAE,YAAY,EAA6B,MAAM,UAAU,CAAC;AASnE;;;GAGG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAoJvE"}
@@ -9,6 +9,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
9
9
  exports.startCommand = startCommand;
10
10
  const fs_1 = require("fs");
11
11
  const child_process_1 = require("child_process");
12
+ const dotenv_1 = require("dotenv");
12
13
  const types_1 = require("../types");
13
14
  const logger_1 = require("../utils/logger");
14
15
  const daemon_1 = require("../utils/daemon");
@@ -76,10 +77,31 @@ async function startCommand(options) {
76
77
  // Foreground mode (default)
77
78
  const npmScript = options.dev ? 'dev' : 'start';
78
79
  logger.info(`Starting server in foreground (${options.dev ? 'development' : 'production'} mode)...`);
79
- const env = { ...process.env };
80
+ // Issue #125: Load .env file from correct location (same as daemon mode)
81
+ const envResult = (0, dotenv_1.config)({ path: envPath });
82
+ if (envResult.error) {
83
+ logger.warn(`Failed to load .env file at ${envPath}: ${envResult.error.message}`);
84
+ logger.info('Continuing with existing environment variables');
85
+ }
86
+ // Build environment by merging process.env with .env values
87
+ const env = {
88
+ ...process.env,
89
+ ...(envResult.parsed || {}),
90
+ };
91
+ // Command line options override .env values
80
92
  if (options.port) {
81
93
  env.CM_PORT = String(options.port);
82
94
  }
95
+ // Issue #125: Security warnings for external access
96
+ const bindAddress = env.CM_BIND || '127.0.0.1';
97
+ const authToken = env.CM_AUTH_TOKEN;
98
+ if (bindAddress === '0.0.0.0') {
99
+ logger.warn('WARNING: Server is accessible from external networks (CM_BIND=0.0.0.0)');
100
+ if (!authToken) {
101
+ logger.warn('SECURITY WARNING: No authentication token configured. External access is not recommended without CM_AUTH_TOKEN.');
102
+ logger.info('Run "commandmate init" to configure a secure authentication token.');
103
+ }
104
+ }
83
105
  // Use package installation directory, not current working directory
84
106
  const packageRoot = (0, paths_1.getPackageRoot)();
85
107
  const child = (0, child_process_1.spawn)('npm', ['run', npmScript], {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "commandmate",
3
- "version": "0.1.8",
3
+ "version": "0.1.9",
4
4
  "description": "Git worktree management with Claude CLI and tmux sessions",
5
5
  "repository": {
6
6
  "type": "git",