create-walle 0.9.11 → 0.9.13

package/template/wall-e/security/ssrf.js

@@ -0,0 +1,236 @@
+'use strict';
+
+const net = require('node:net');
+
+const DEFAULT_ALLOWED_PROTOCOLS = ['http:', 'https:'];
+const REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);
+
+class SsrfGuardError extends Error {
+  constructor(message, details = {}) {
+    super(message);
+    this.name = 'SsrfGuardError';
+    this.code = 'ERR_WALLE_SSRF_GUARD';
+    this.details = details;
+  }
+}
+
+function validateSafeUrl(input, options = {}) {
+  const {
+    allowLocal = false,
+    allowedProtocols = DEFAULT_ALLOWED_PROTOCOLS,
+    resolvedAddresses = [],
+  } = options;
+  const parsed = parseUrl(input);
+  if (!parsed.ok) return parsed;
+
+  const protocolAllowed = allowedProtocols.includes(parsed.url.protocol);
+  if (!protocolAllowed) {
+    return failure('blocked-protocol', `URL protocol is not allowed: ${parsed.url.protocol}`, parsed.url);
+  }
+
+  const host = normalizeHostname(parsed.url.hostname);
+  if (!host) return failure('missing-hostname', 'URL must include a hostname', parsed.url);
+
+  if (!allowLocal) {
+    if (isLocalHostname(host)) return failure('local-hostname', `URL hostname is local: ${host}`, parsed.url);
+    if (isPrivateAddress(host)) return failure('private-address', `URL hostname resolves to private address: ${host}`, parsed.url);
+    for (const address of resolvedAddresses || []) {
+      if (isPrivateAddress(address)) {
+        return failure('private-resolved-address', `URL hostname resolved to private address: ${address}`, parsed.url, { address });
+      }
+    }
+  }
+
+  return {
+    ok: true,
+    url: parsed.url.toString(),
+    protocol: parsed.url.protocol,
+    hostname: host,
+  };
+}
+
+async function validateSafeUrlAsync(input, options = {}) {
+  const initial = validateSafeUrl(input, options);
+  if (!initial.ok) return initial;
+  if (options.allowLocal || !options.resolveHostname) return initial;
+  if (net.isIP(initial.hostname)) return initial;
+
+  let resolved = [];
+  try {
+    const result = await options.resolveHostname(initial.hostname);
+    resolved = Array.isArray(result) ? result : [result];
+  } catch (err) {
+    return failure('dns-resolution-failed', `Could not resolve URL hostname: ${initial.hostname}`, initial.url, {
+      error: err.message,
+    });
+  }
+
+  const addresses = resolved
+    .map(item => typeof item === 'string' ? item : item && item.address)
+    .filter(Boolean);
+  return validateSafeUrl(initial.url, { ...options, resolvedAddresses: addresses });
+}
+
+function createSafeFetch(options = {}) {
+  const {
+    fetchImpl = globalThis.fetch,
+    maxRedirects = 5,
+    ...guardOptions
+  } = options;
+  if (typeof fetchImpl !== 'function') throw new Error('fetchImpl is required');
+
+  return async function safeFetch(input, init = {}) {
+    let currentUrl = inputToUrl(input);
+    let redirects = 0;
+
+    while (true) {
+      await assertSafeUrl(currentUrl, guardOptions);
+      const response = await fetchImpl(currentUrl, { ...init, redirect: 'manual' });
+      if (response && response.url && response.url !== currentUrl) {
+        await assertSafeUrl(response.url, guardOptions);
+      }
+
+      if (init.redirect === 'manual' || !isRedirectResponse(response)) return response;
+      const location = response.headers && typeof response.headers.get === 'function'
+        ? response.headers.get('location')
+        : null;
+      if (!location) return response;
+      if (init.redirect === 'error') {
+        throw new SsrfGuardError('Redirect received while redirect mode is error', { url: currentUrl, location });
+      }
+      if (redirects >= maxRedirects) {
+        throw new SsrfGuardError('Too many redirects while fetching URL', { url: currentUrl, maxRedirects });
+      }
+      redirects += 1;
+      currentUrl = new URL(location, currentUrl).toString();
+      if (response.body && typeof response.body.cancel === 'function') {
+        try { await response.body.cancel(); } catch {}
+      }
+    }
+  };
+}
+
+async function assertSafeUrl(input, options = {}) {
+  const result = await validateSafeUrlAsync(input, options);
+  if (!result.ok) throw new SsrfGuardError(result.message, result);
+  return result;
+}
+
+function parseUrl(input) {
+  try {
+    const url = input instanceof URL ? input : new URL(inputToUrl(input));
+    return { ok: true, url };
+  } catch (err) {
+    return {
+      ok: false,
+      reason: 'invalid-url',
+      message: `Invalid URL: ${err.message}`,
+      url: String(input || ''),
+    };
+  }
+}
+
+function inputToUrl(input) {
+  if (input instanceof URL) return input.toString();
+  if (typeof Request !== 'undefined' && input instanceof Request) return input.url;
+  if (input && typeof input === 'object' && typeof input.url === 'string') return input.url;
+  return String(input || '');
+}
+
+function isRedirectResponse(response) {
+  return response && REDIRECT_STATUSES.has(response.status);
+}
+
+function normalizeHostname(hostname) {
+  return String(hostname || '')
+    .trim()
+    .replace(/^\[/, '')
+    .replace(/\]$/, '')
+    .replace(/\.$/, '')
+    .split('%')[0]
+    .toLowerCase();
+}
+
+function isLocalHostname(hostname) {
+  const host = normalizeHostname(hostname);
+  return host === 'localhost' ||
+    host.endsWith('.localhost') ||
+    host === 'localdomain' ||
+    host.endsWith('.localdomain') ||
+    host.endsWith('.local');
+}
+
+function isPrivateAddress(address) {
+  const value = normalizeHostname(address);
+  const ipVersion = net.isIP(value);
+  if (ipVersion === 4) return isPrivateIpv4(value);
+  if (ipVersion === 6) return isPrivateIpv6(value);
+  return false;
+}
+
+function isPrivateIpv4(address) {
+  const parts = address.split('.').map(part => Number(part));
+  if (parts.length !== 4 || parts.some(part => !Number.isInteger(part) || part < 0 || part > 255)) return false;
+  const [a, b] = parts;
+  if (a === 0 || a === 10 || a === 127) return true;
+  if (a === 100 && b >= 64 && b <= 127) return true;
+  if (a === 169 && b === 254) return true;
+  if (a === 172 && b >= 16 && b <= 31) return true;
+  if (a === 192 && (b === 0 || b === 168)) return true;
+  if (a === 198 && (b === 18 || b === 19)) return true;
+  if (a >= 224) return true;
+  return false;
+}
+
+function isPrivateIpv6(address) {
+  const ip = normalizeHostname(address);
+  if (ip === '::' || ip === '::1') return true;
+  const mapped = ip.match(/^::ffff:(.+)$/);
+  if (mapped) {
+    const mappedIpv4 = ipv4FromMappedIpv6(mapped[1]);
+    if (mappedIpv4) return isPrivateIpv4(mappedIpv4);
+  }
+  const first = parseInt(ip.split(':')[0] || '0', 16);
+  if (!Number.isFinite(first)) return false;
+  if ((first & 0xfe00) === 0xfc00) return true; // unique local fc00::/7
+  if ((first & 0xffc0) === 0xfe80) return true; // link-local fe80::/10
+  if ((first & 0xff00) === 0xff00) return true; // multicast ff00::/8
+  return false;
+}
+
+function ipv4FromMappedIpv6(value) {
+  if (net.isIP(value) === 4) return value;
+  const parts = value.split(':');
+  if (parts.length !== 2) return null;
+  const high = parseInt(parts[0] || '0', 16);
+  const low = parseInt(parts[1] || '0', 16);
+  if (!Number.isInteger(high) || !Number.isInteger(low) || high < 0 || high > 0xffff || low < 0 || low > 0xffff) {
+    return null;
+  }
+  return [
+    (high >> 8) & 0xff,
+    high & 0xff,
+    (low >> 8) & 0xff,
+    low & 0xff,
+  ].join('.');
+}
+
+function failure(reason, message, url, details = {}) {
+  return {
+    ok: false,
+    reason,
+    message,
+    url: url instanceof URL ? url.toString() : String(url || ''),
+    ...details,
+  };
+}
+
+module.exports = {
+  SsrfGuardError,
+  assertSafeUrl,
+  createSafeFetch,
+  isLocalHostname,
+  isPrivateAddress,
+  validateSafeUrl,
+  validateSafeUrlAsync,
+};

package/template/wall-e/session-files.js

@@ -0,0 +1,303 @@
+'use strict';
+
+const crypto = require('node:crypto');
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+const { execFileSync } = require('node:child_process');
+
+const SESSION_SCHEMA = 'wall-e-session-v1';
+const MAX_SEGMENT_LENGTH = 180;
+const LAST_EVENT_SCAN_BYTES = 4 * 1024 * 1024;
+
+const lastUuidByFile = new Map();
+const gitBranchByCwd = new Map();
+
+function getDataDir() {
+  return process.env.WALL_E_DATA_DIR || path.join(os.homedir(), '.walle', 'data');
+}
+
+function getSessionRoot() {
+  return process.env.WALL_E_SESSION_DIR
+    || process.env.WALLE_SESSION_DIR
+    || path.join(getDataDir(), 'sessions');
+}
+
+function isSessionFilesEnabled() {
+  const value = String(process.env.WALL_E_SESSION_FILES || process.env.WALLE_SESSION_FILES || '').toLowerCase();
+  return value !== '0' && value !== 'false' && value !== 'off';
+}
+
+function projectSlug(cwd) {
+  const resolved = path.resolve(cwd || process.cwd());
+  const normalized = resolved.replace(/\\/g, '/');
+  const slug = normalized
+    .replace(/\//g, '-')
+    .replace(/[^A-Za-z0-9._-]/g, '-')
+    .replace(/-+/g, '-');
+  return safeSegment(slug || 'unknown-project', 'unknown-project', 240);
+}
+
+function safeSegment(value, fallback = 'session', maxLength = MAX_SEGMENT_LENGTH) {
+  const raw = String(value || fallback);
+  const cleaned = raw
+    .replace(/[\\/]/g, '_')
+    .replace(/[^A-Za-z0-9._:-]/g, '_')
+    .replace(/:+/g, '_')
+    .replace(/_+/g, '_')
+    .replace(/^_+|_+$/g, '')
+    .slice(0, maxLength);
+  return cleaned || fallback;
+}
+
+function resolveSessionFile({ sessionId, cwd, rootDir } = {}) {
+  const id = sessionId || 'default';
+  const baseDir = rootDir || getSessionRoot();
+  const projectDir = path.join(baseDir, projectSlug(cwd));
+  const fileName = `${safeSegment(id)}.jsonl`;
+  return {
+    rootDir: baseDir,
+    projectDir,
+    filePath: path.join(projectDir, fileName),
+    sessionId: id,
+  };
+}
+
+class WallESessionRecorder {
+  constructor({ sessionId, channel = 'ctm', cwd, rootDir, version, gitBranch, metadata } = {}) {
+    this.sessionId = sessionId || 'default';
+    this.channel = channel || 'ctm';
+    this.cwd = path.resolve(cwd || process.cwd());
+    this.version = version || getWallEVersion();
+    this.gitBranch = gitBranch || detectGitBranch(this.cwd);
+    this.metadata = metadata || {};
+    this.enabled = isSessionFilesEnabled();
+
+    const resolved = resolveSessionFile({ sessionId: this.sessionId, cwd: this.cwd, rootDir });
+    this.rootDir = resolved.rootDir;
+    this.projectDir = resolved.projectDir;
+    this.filePath = resolved.filePath;
+    this._started = false;
+    this._parentUuid = this.enabled ? (lastUuidByFile.get(this.filePath) || readLastEventUuid(this.filePath)) : null;
+  }
+
+  ensureStarted() {
+    if (!this.enabled || this._started) return null;
+    this._started = true;
+    if (hasExistingContent(this.filePath)) return null;
+    return this._appendRecord(this._baseRecord('session_start', {
+      data: {
+        channel: this.channel,
+        cwd: this.cwd,
+        metadata: this.metadata,
+      },
+    }));
+  }
+
+  appendMessage(role, content, extra = {}) {
+    if (!this.enabled) return null;
+    this.ensureStarted();
+    return this._appendRecord(this._baseRecord(role, {
+      ...extra,
+      message: {
+        role,
+        content: normalizeContent(content),
+        ...(extra.message && typeof extra.message === 'object' ? extra.message : {}),
+      },
+    }));
+  }
+
+  appendProgress(data, extra = {}) {
+    if (!this.enabled) return null;
+    this.ensureStarted();
+    return this._appendRecord(this._baseRecord('progress', {
+      ...extra,
+      data: normalizeContent(data),
+    }));
+  }
+
+  appendError(error, extra = {}) {
+    if (!this.enabled) return null;
+    this.ensureStarted();
+    return this._appendRecord(this._baseRecord('error', {
+      ...extra,
+      error: serializeError(error),
+    }));
+  }
+
+  _baseRecord(type, fields = {}) {
+    const uuid = crypto.randomUUID();
+    return {
+      parentUuid: this._parentUuid || null,
+      isSidechain: false,
+      userType: 'external',
+      cwd: this.cwd,
+      sessionId: this.sessionId,
+      version: this.version,
+      gitBranch: this.gitBranch || undefined,
+      type,
+      timestamp: new Date().toISOString(),
+      uuid,
+      walle: {
+        schema: SESSION_SCHEMA,
+        channel: this.channel,
+        projectSlug: projectSlug(this.cwd),
+      },
+      ...fields,
+    };
+  }
+
+  _appendRecord(record) {
+    fs.mkdirSync(path.dirname(this.filePath), { recursive: true });
+    fs.appendFileSync(this.filePath, JSON.stringify(record) + '\n', 'utf8');
+    this._parentUuid = record.uuid;
+    lastUuidByFile.set(this.filePath, record.uuid);
+    return { uuid: record.uuid, filePath: this.filePath };
+  }
+}
+
+function createSessionRecorder(opts) {
+  return new WallESessionRecorder(opts);
+}
+
+function readSessionFile({ sessionId, cwd, rootDir, filePath } = {}) {
+  const target = filePath || resolveSessionFile({ sessionId, cwd, rootDir }).filePath;
+  let raw = '';
+  try { raw = fs.readFileSync(target, 'utf8'); } catch {
+    return { filePath: target, events: [] };
+  }
+  const events = [];
+  for (const line of raw.split('\n')) {
+    if (!line.trim()) continue;
+    try { events.push(JSON.parse(line)); } catch {
+      events.push({ type: 'malformed', raw: line });
+    }
+  }
+  return { filePath: target, events };
+}
+
+function listSessionFiles({ rootDir, limit = 100 } = {}) {
+  const root = rootDir || getSessionRoot();
+  const files = [];
+  collectJsonlFiles(root, files);
+  files.sort((a, b) => b.mtimeMs - a.mtimeMs);
+  return files.slice(0, Math.max(1, limit)).map((entry) => ({
+    filePath: entry.filePath,
+    sessionId: path.basename(entry.filePath, '.jsonl'),
+    projectSlug: path.basename(path.dirname(entry.filePath)),
+    size: entry.size,
+    mtime: new Date(entry.mtimeMs).toISOString(),
+  }));
+}
+
+function collectJsonlFiles(dir, out) {
+  let entries;
+  try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+  for (const entry of entries) {
+    const fullPath = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      collectJsonlFiles(fullPath, out);
+      continue;
+    }
+    if (!entry.isFile() || !entry.name.endsWith('.jsonl')) continue;
+    try {
+      const stat = fs.statSync(fullPath);
+      out.push({ filePath: fullPath, size: stat.size, mtimeMs: stat.mtimeMs });
+    } catch {}
+  }
+}
+
+function hasExistingContent(filePath) {
+  try { return fs.statSync(filePath).size > 0; } catch { return false; }
+}
+
+function readLastEventUuid(filePath) {
+  const evt = readLastJsonObject(filePath);
+  return evt && typeof evt.uuid === 'string' ? evt.uuid : null;
+}
+
+function readLastJsonObject(filePath) {
+  let stat;
+  try { stat = fs.statSync(filePath); } catch { return null; }
+  if (!stat.size) return null;
+
+  const fd = fs.openSync(filePath, 'r');
+  try {
+    const bytes = Math.min(stat.size, LAST_EVENT_SCAN_BYTES);
+    const buffer = Buffer.alloc(bytes);
+    fs.readSync(fd, buffer, 0, bytes, stat.size - bytes);
+    const text = buffer.toString('utf8');
+    const lines = text.split('\n').filter((line) => line.trim());
+    for (let i = lines.length - 1; i >= 0; i--) {
+      try { return JSON.parse(lines[i]); } catch {}
+    }
+  } finally {
+    fs.closeSync(fd);
+  }
+  return null;
+}
+
+function normalizeContent(value) {
+  if (value == null) return value;
+  if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') return value;
+  if (Array.isArray(value)) return value.map(normalizeContent);
+  if (typeof value !== 'object') return String(value);
+
+  const out = {};
+  for (const [key, child] of Object.entries(value)) {
+    if (key === 'data' && typeof child === 'string' && child.length > 1024 && looksLikeBase64(child)) {
+      out.dataSha256 = crypto.createHash('sha256').update(child).digest('hex');
+      out.dataBytes = Buffer.byteLength(child, 'utf8');
+      out.data = '[base64 omitted: persisted attachment payload is stored outside the session transcript]';
+      continue;
+    }
+    out[key] = normalizeContent(child);
+  }
+  return out;
+}
+
+function looksLikeBase64(value) {
+  return /^[A-Za-z0-9+/=\r\n]+$/.test(value);
+}
+
+function serializeError(error) {
+  if (!error) return { message: 'Unknown error' };
+  return {
+    name: error.name || 'Error',
+    message: error.message || String(error),
+    code: error.code || undefined,
+  };
+}
+
+function detectGitBranch(cwd) {
+  const key = path.resolve(cwd || process.cwd());
+  if (gitBranchByCwd.has(key)) return gitBranchByCwd.get(key);
+  let branch = null;
+  try {
+    branch = execFileSync('git', ['rev-parse', '--abbrev-ref', 'HEAD'], {
+      cwd: key,
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+      timeout: 500,
+    }).trim() || null;
+  } catch {}
+  gitBranchByCwd.set(key, branch);
+  return branch;
+}
+
+function getWallEVersion() {
+  try { return require('./package.json').version || 'unknown'; } catch { return 'unknown'; }
+}
+
+module.exports = {
+  SESSION_SCHEMA,
+  WallESessionRecorder,
+  createSessionRecorder,
+  getSessionRoot,
+  isSessionFilesEnabled,
+  listSessionFiles,
+  projectSlug,
+  readSessionFile,
+  resolveSessionFile,
+  safeSegment,
+};

package/template/wall-e/skills/_bundled/slack-backfill/SKILL.md

@@ -11,6 +11,9 @@ entry: ../../../scripts/slack-backfill.js
 args: []
 trigger:
   type: manual
+requires:
+  env:
+    - SLACK_OWNER_USER_ID
 config:
   mode:
     type: string

package/template/wall-e/skills/_bundled/slack-sync/SKILL.md

@@ -12,6 +12,9 @@ args: ["--sync"]
 trigger:
   type: interval
   schedule: "every 15m"
+requires:
+  env:
+    - SLACK_OWNER_USER_ID
 config:
   mode:
     type: string

package/template/wall-e/skills/internal-skill-registry.js

@@ -39,7 +39,7 @@ const BUNDLED_SKILL_TIMEOUT_MS = parseInt(
 // the bundled script (which historically crashed wall-e — see the
 // `gws-workspace/run.js` "no accounts" path for the canonical case).
 function _makeBundledFactory(modPath, name) {
-  return async function bundledFactory({ brain: _brain, log }) {
+  return async function bundledFactory({ brain: _brain, log } = {}) {
     void _brain; // children load their own brain singleton
     return new Promise((resolve) => {
       const child = spawn(process.execPath, [modPath], {
@@ -215,7 +215,7 @@ function clearInternalSkillRegistry() {
 // The pre-existing slack-ingest hardcoded path becomes an explicit
 // registration here. Other bundled skills continue to work through
 // the filesystem fallback in resolveInternalSkill.
-registerInternalSkill('slack-ingest', async ({ brain, log }) => {
+registerInternalSkill('slack-ingest', async ({ brain, log } = {}) => {
   const slackIngest = require('./slack-ingest');
   return await slackIngest.runIngestBatch({ brain, log });
 });