npm - create-walle - Versions diffs - 0.9.21 → 0.9.23 - Mend

create-walle 0.9.21 → 0.9.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (500) hide show

package/template/claude-task-manager/lib/document-review.js CHANGED Viewed

@@ -49,6 +49,38 @@ function splitPathAndLine(input, fallbackLine = 1) {
   return { rawPath: raw, line };
 }
+function realpathOrResolve(value) {
+  const resolved = path.resolve(value);
+  try { return fs.realpathSync.native ? fs.realpathSync.native(resolved) : fs.realpathSync(resolved); }
+  catch { return resolved; }
+}
+function normalizeBaseCwd(cwd) {
+  if (!cwd) return '';
+  const raw = String(cwd || '').trim();
+  if (!raw || !path.isAbsolute(raw)) return '';
+  try {
+    const stat = fs.statSync(raw);
+    const dir = stat.isDirectory() ? raw : path.dirname(raw);
+    return realpathOrResolve(dir);
+  } catch {
+    return '';
+  }
+}
+function resolveInputPath(rawPath, options = {}) {
+  if (!rawPath) return '';
+  if (/^~(?:\/|$)/.test(rawPath)) {
+    const home = options.home || process.env.HOME || os.homedir();
+    if (!home) return '';
+    return path.resolve(home, rawPath === '~' ? '' : rawPath.slice(2));
+  }
+  if (path.isAbsolute(rawPath)) return path.resolve(rawPath);
+  const baseCwd = normalizeBaseCwd(options.cwd);
+  if (!baseCwd) throw httpError('relative document path requires a session cwd', 400, 'EINVAL');
+  return path.resolve(baseCwd, rawPath);
+}
 function projectRootFor(filePath) {
   const cwd = fs.statSync(filePath).isDirectory() ? filePath : path.dirname(filePath);
   try {
@@ -62,12 +94,102 @@ function projectRootFor(filePath) {
   }
 }
+function reviewRootFor(filePath, options = {}) {
+  const gitRoot = projectRootFor(filePath);
+  if (gitRoot) return gitRoot;
+  const realPath = realpathOrResolve(filePath);
+  const baseCwd = normalizeBaseCwd(options.cwd);
+  if (baseCwd && isInside(baseCwd, realPath)) return baseCwd;
+  return realpathOrResolve(path.dirname(realPath));
+}
+function normalizeRelativeDocRef(rawPath) {
+  let value = String(rawPath || '').trim().replace(/\\/g, '/');
+  while (value.startsWith('./')) value = value.slice(2);
+  return value.replace(/^\/+/, '');
+}
+function trackedDocumentPaths(projectRoot, options = {}) {
+  const maxPaths = Math.max(1, Number(options.maxSearchPaths) || 10000);
+  let output = '';
+  try {
+    output = execFileSync('git', ['ls-files', '-z', '--cached', '--others', '--exclude-standard'], {
+      cwd: projectRoot,
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+      maxBuffer: Math.max(1024 * 1024, Number(options.maxSearchBytes) || 8 * 1024 * 1024),
+    });
+  } catch {
+    return [];
+  }
+  const paths = output.split('\0').filter(Boolean);
+  const docPaths = paths.filter((entry) => SUPPORTED_EXTENSIONS.has(path.extname(entry).toLowerCase()));
+  if (docPaths.length > maxPaths) return [];
+  return docPaths;
+}
+function projectDocumentCandidates(rawPath, baseCwd, options = {}) {
+  const normalized = normalizeRelativeDocRef(rawPath);
+  if (!normalized || path.isAbsolute(rawPath) || /^~(?:\/|$)/.test(rawPath)) return [];
+  if (!SUPPORTED_EXTENSIONS.has(path.extname(normalized).toLowerCase())) return [];
+  const projectRoot = projectRootFor(baseCwd);
+  if (!projectRoot) return [];
+  let realProjectRoot = '';
+  try {
+    realProjectRoot = fs.realpathSync.native ? fs.realpathSync.native(projectRoot) : fs.realpathSync(projectRoot);
+  } catch {
+    realProjectRoot = path.resolve(projectRoot);
+  }
+  const roots = allowedRoots(options);
+  const seen = new Set();
+  return trackedDocumentPaths(projectRoot, options)
+    .filter((entry) => entry === normalized || entry.endsWith('/' + normalized))
+    .filter((entry) => {
+      if (seen.has(entry)) return false;
+      seen.add(entry);
+      return true;
+    })
+    .map((entry) => {
+      const candidatePath = path.join(projectRoot, entry);
+      try {
+        const stat = fs.statSync(candidatePath);
+        if (!stat.isFile()) return null;
+        const realPath = fs.realpathSync.native ? fs.realpathSync.native(candidatePath) : fs.realpathSync(candidatePath);
+        if (!isInside(realProjectRoot, realPath)) return null;
+        if (!roots.some((root) => isInside(root, realPath))) return null;
+        return {
+          path: realPath,
+          relativePath: path.relative(realProjectRoot, realPath),
+          projectRoot: realProjectRoot,
+        };
+      } catch {
+        return null;
+      }
+    })
+    .filter(Boolean);
+}
+function resolveUniqueProjectDocument(rawPath, baseCwd, options = {}) {
+  const candidates = projectDocumentCandidates(rawPath, baseCwd, options);
+  if (candidates.length === 1) return candidates[0].path;
+  if (candidates.length > 1) {
+    const err = httpError(
+      `multiple documents match ${String(rawPath || '').trim()}`,
+      409,
+      'EAMBIGUOUS'
+    );
+    err.candidates = candidates.slice(0, 50);
+    throw err;
+  }
+  return '';
+}
 function resolveDocumentTarget(input, options = {}) {
   const { rawPath, line } = splitPathAndLine(input, options.line || 1);
   if (!rawPath) throw httpError('path required', 400, 'EINVAL');
-  if (!path.isAbsolute(rawPath)) throw httpError('absolute path required', 400, 'EINVAL');
-  const resolved = path.resolve(rawPath);
+  let resolved = resolveInputPath(rawPath, options);
   let realPath = '';
   try {
     const stat = fs.statSync(resolved);
@@ -78,7 +200,19 @@ function resolveDocumentTarget(input, options = {}) {
     realPath = fs.realpathSync.native ? fs.realpathSync.native(resolved) : fs.realpathSync(resolved);
   } catch (err) {
     if (err.statusCode) throw err;
-    throw httpError('document not found', 404, 'ENOENT');
+    const baseCwd = normalizeBaseCwd(options.cwd);
+    const found = baseCwd ? resolveUniqueProjectDocument(rawPath, baseCwd, options) : '';
+    if (found) {
+      resolved = found;
+      const stat = fs.statSync(resolved);
+      if (!stat.isFile()) throw httpError('document path must be a file', 400, 'EINVAL');
+      if (stat.size > (options.maxBytes || DEFAULT_MAX_BYTES)) {
+        throw httpError('document too large for review', 413, 'ETOOLARGE');
+      }
+      realPath = fs.realpathSync.native ? fs.realpathSync.native(resolved) : fs.realpathSync(resolved);
+    } else {
+      throw httpError('document not found', 404, 'ENOENT');
+    }
   }
   const roots = allowedRoots(options);
@@ -91,11 +225,10 @@ function resolveDocumentTarget(input, options = {}) {
     throw httpError('unsupported document type', 400, 'EINVAL');
   }
-  const projectRoot = projectRootFor(realPath);
-  if (!projectRoot) throw httpError('document must be inside a git project', 403, 'ENOPROJECT');
+  const projectRoot = reviewRootFor(realPath, options);
   const realProjectRoot = fs.realpathSync.native ? fs.realpathSync.native(projectRoot) : fs.realpathSync(projectRoot);
   if (!isInside(realProjectRoot, realPath)) {
-    throw httpError('document is outside the project root', 403, 'EACCES');
+    throw httpError('document is outside the review root', 403, 'EACCES');
   }
   return {
@@ -247,4 +380,6 @@ module.exports = {
   parseDocumentPathname,
   resolveDocumentTarget,
   splitPathAndLine,
+  projectDocumentCandidates,
+  resolveUniqueProjectDocument,
 };

package/template/claude-task-manager/lib/escalation-review.js ADDED Viewed

@@ -0,0 +1,152 @@
+'use strict';
+// Helpers for the Permission "Needs Review" surface: mask secrets so the review UI
+// never re-spills real credentials, group escalation rows by command type so a huge
+// pile collapses to a handful of reviewable types, and suggest a narrow allow rule.
+function _maskValue(v, keep = 4) {
+  const s = String(v || '');
+  if (s.length <= keep + 2) return '••••';
+  return s.slice(0, keep) + '••••' + s.slice(-2);
+}
+// Mask AWS keys, KEY/SECRET/TOKEN/PASSWORD assignments, bearer + common provider
+// tokens in any command/context text shown to the client. Best-effort, not crypto.
+function maskSecrets(text) {
+  let out = String(text || '');
+  out = out.replace(/\bAKIA[0-9A-Z]{12,}\b/g, (m) => m.slice(0, 4) + '••••' + m.slice(-2));
+  out = out.replace(
+    /\b([A-Za-z0-9_]*(?:SECRET|TOKEN|PASSWORD|PASSWD|API[_-]?KEY|ACCESS[_-]?KEY|PRIVATE[_-]?KEY|CREDENTIAL)[A-Za-z0-9_]*)(\s*=\s*)(["']?)([^\s"'&;|]{4,})\3/gi,
+    (m, name, eq, q, val) => `${name}${eq}${q}${_maskValue(val)}${q}`,
+  );
+  out = out.replace(/\b(Bearer\s+)([A-Za-z0-9._-]{12,})/gi, (m, p, t) => p + _maskValue(t));
+  out = out.replace(
+    /\b((?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9]{16,}|sk-[A-Za-z0-9]{16,}|xox[baprs]-[A-Za-z0-9-]{10,})\b/g,
+    (m) => _maskValue(m, 6),
+  );
+  return out;
+}
+// Strip leading shell environment-variable assignments (FOO=bar, including
+// secret VALUES) from a command. "AWS_ACCESS_KEY_ID=AKIA… AWS_SECRET_ACCESS_KEY=…
+// aws ecr get-login" → { rest: "aws ecr get-login", envNames: ["AWS_ACCESS_KEY_ID",
+// "AWS_SECRET_ACCESS_KEY"] }. Without this, the (varying) secret value lands in the
+// grouping key and every invocation becomes its own one-off "type".
+function stripEnvAssignments(text) {
+  const tokens = String(text || '').trim().split(/\s+/).filter(Boolean);
+  let i = 0;
+  const envNames = [];
+  while (i < tokens.length && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[i])) {
+    envNames.push(tokens[i].slice(0, tokens[i].indexOf('=')));
+    i += 1;
+  }
+  return { rest: tokens.slice(i).join(' '), envNames };
+}
+// The "command head" is the command + its subcommands, up to the first flag or
+// normalized-arg placeholder — e.g. "aws eks update-kubeconfig --name octo" and
+// "… --name prod" both reduce to "aws eks update-kubeconfig". This is the grouping
+// TYPE: arg variations collapse, but distinct operations stay distinct. Leading
+// env-credential prefixes are stripped first so they don't fragment the grouping.
+// Skip a leading run of `cd <path>` / `echo <arg>` framing token-pairs so the head
+// is the operative command, not navigation/logging. Defense-in-depth: new signatures
+// are already framing-stripped upstream (approval-agent `_stripFramingPrefix`), but
+// OLD escalation rows persisted before that fix still lead with `cd`. Keeps the
+// original tokens if framing was the ENTIRE command (a bare `cd x` stays `cd`).
+function _stripLeadingFramingTokens(tokens) {
+  let i = 0;
+  while (i + 1 < tokens.length && (tokens[i] === 'cd' || tokens[i] === 'echo')) i += 2;
+  const rest = tokens.slice(i);
+  return rest.length ? rest : tokens;
+}
+function commandHead(text) {
+  const s = String(text || '').trim();
+  if (!s || s === 'unknown') return '';
+  const { rest, envNames } = stripEnvAssignments(s);
+  const head = [];
+  for (const t of _stripLeadingFramingTokens(rest.split(/\s+/).filter(Boolean))) {
+    if (!t) continue;
+    if (t.startsWith('-')) break;                 // flag
+    if (/^[<{[(].*[>}\])]$/.test(t)) break;       // <arg>/<path>/<num> placeholder
+    if (/[/@:=]/.test(t) && head.length >= 1) break; // a path/url/image arg after the verb
+    head.push(t);
+    if (head.length >= 4) break;
+  }
+  if (head.length) return head.join(' ').trim();
+  // The command was nothing but env assignments — group by the sorted var NAMES so
+  // distinct secret VALUES still collapse into one reviewable type.
+  if (envNames.length) return 'env ' + envNames.slice().sort().join(' ');
+  return '';
+}
+// Display title for a group: prefer the command with any leading env-credential
+// prefix stripped so the row reads "aws ecr get-login", not the masked secret.
+function cleanTitle(text) {
+  const raw = String(text || '').trim();
+  if (!raw || raw === 'Bash command') return '';
+  const { rest } = stripEnvAssignments(raw);
+  return rest || raw;
+}
+// Group escalation rows (db approval_decisions where decision='escalated') by
+// command type. keyFn(row) -> a stable grouping signature; defaults to the row's
+// command_signature, falling back to summary/tool. Returns groups sorted lastSeen↓.
+function groupEscalations(rows, keyFn) {
+  const groups = new Map();
+  for (const row of (Array.isArray(rows) ? rows : [])) {
+    const base = String(row.command_signature || (keyFn ? keyFn(row) : '') || row.command_summary || row.tool_name || '').trim();
+    const key = commandHead(base) || base || 'unknown';
+    let g = groups.get(key);
+    if (!g) {
+      g = {
+        key,
+        title: cleanTitle(row.command_summary) || (key && key !== 'unknown' && !key.startsWith('env ') ? key : (row.tool_name || 'command')),
+        toolName: row.tool_name || '',
+        riskLevel: row.risk_level || 'medium',
+        count: 0,
+        ids: [],
+        sessions: new Set(),
+        firstSeen: row.created_at || '',
+        lastSeen: row.created_at || '',
+        reasoning: row.reasoning || '',
+        sampleContext: row.full_context || '',
+      };
+      groups.set(key, g);
+    }
+    g.count += 1;
+    g.ids.push(row.id);
+    if (row.session_id) g.sessions.add(row.session_id);
+    if (row.created_at && (!g.lastSeen || row.created_at > g.lastSeen)) {
+      g.lastSeen = row.created_at;
+      g.reasoning = row.reasoning || g.reasoning;
+      g.sampleContext = row.full_context || g.sampleContext;
+    }
+    if (row.created_at && (!g.firstSeen || row.created_at < g.firstSeen)) g.firstSeen = row.created_at;
+    if (row.risk_level === 'high') g.riskLevel = 'high';
+  }
+  return Array.from(groups.values())
+    .map((g) => ({
+      key: g.key,
+      title: maskSecrets(g.title),
+      toolName: g.toolName,
+      riskLevel: g.riskLevel,
+      count: g.count,
+      ids: g.ids,
+      sessionCount: g.sessions.size,
+      firstSeen: g.firstSeen,
+      lastSeen: g.lastSeen,
+      reasoning: g.reasoning,
+      sampleCommand: maskSecrets(String(g.sampleContext || '').slice(0, 1200)),
+      suggestedRule: suggestAllowRule(g),
+    }))
+    .sort((a, b) => String(b.lastSeen || '').localeCompare(String(a.lastSeen || '')));
+}
+// Suggest a NARROW Claude-syntax allow pattern from a group's signature/title.
+// "aws eks update-kubeconfig <arg>" -> "Bash(aws eks update-kubeconfig:*)".
+function suggestAllowRule(group) {
+  const prefix = commandHead(String((group && (group.key || group.title)) || '').trim());
+  return prefix ? `Bash(${prefix}:*)` : '';
+}
+module.exports = { maskSecrets, groupEscalations, suggestAllowRule, commandHead };

package/template/claude-task-manager/lib/graceful-shutdown.js ADDED Viewed

@@ -0,0 +1,159 @@
+'use strict';
+const DEFAULT_HTTP_FORCE_AFTER_MS = 1000;
+const DEFAULT_HTTP_TIMEOUT_MS = 2000;
+const DEFAULT_WS_GRACE_MS = 750;
+function _unref(timer) {
+  if (timer && typeof timer.unref === 'function') timer.unref();
+  return timer;
+}
+function installHttpConnectionTracking(listenerServers = []) {
+  for (const listener of listenerServers) {
+    const server = listener && listener.server;
+    if (!server || server.__ctmShutdownTrackingInstalled) continue;
+    const sockets = new Set();
+    server.on('connection', (socket) => {
+      sockets.add(socket);
+      socket.on('close', () => sockets.delete(socket));
+    });
+    listener.trackedSockets = sockets;
+    Object.defineProperty(server, '__ctmShutdownTrackingInstalled', { value: true });
+  }
+}
+function stopAcceptingHttpRequests(listenerServers = [], options = {}) {
+  const forceAfterMs = Number.isFinite(Number(options.forceAfterMs))
+    ? Math.max(0, Number(options.forceAfterMs))
+    : DEFAULT_HTTP_FORCE_AFTER_MS;
+  const timeoutMs = Number.isFinite(Number(options.timeoutMs))
+    ? Math.max(forceAfterMs, Number(options.timeoutMs))
+    : Math.max(DEFAULT_HTTP_TIMEOUT_MS, forceAfterMs);
+  const logger = options.logger || console;
+  return Promise.all(listenerServers.map((listener) => new Promise((resolve) => {
+    const server = listener && listener.server;
+    if (!server) return resolve({ id: listener?.id, closed: true, missing: true });
+    let settled = false;
+    const done = (result = {}) => {
+      if (settled) return;
+      settled = true;
+      listener.started = false;
+      if (forceTimer) clearTimeout(forceTimer);
+      if (timeoutTimer) clearTimeout(timeoutTimer);
+      resolve({ id: listener.id, ...result });
+    };
+    let forceTimer = null;
+    let timeoutTimer = null;
+    try {
+      server.close((err) => {
+        if (err && err.code !== 'ERR_SERVER_NOT_RUNNING') {
+          try { logger.warn(`[shutdown] ${listener.id || 'http'} listener close error: ${err.message}`); } catch {}
+        }
+        done({ closed: true, error: err?.code || null });
+      });
+    } catch (err) {
+      if (err?.code === 'ERR_SERVER_NOT_RUNNING') return done({ closed: true, alreadyClosed: true });
+      try { logger.warn(`[shutdown] ${listener.id || 'http'} listener close threw: ${err.message}`); } catch {}
+    }
+    try { if (typeof server.closeIdleConnections === 'function') server.closeIdleConnections(); } catch {}
+    forceTimer = _unref(setTimeout(() => {
+      try { if (typeof server.closeAllConnections === 'function') server.closeAllConnections(); } catch {}
+      const tracked = listener.trackedSockets || new Set();
+      for (const socket of tracked) {
+        try { if (socket && !socket.destroyed) socket.destroy(); } catch {}
+      }
+    }, forceAfterMs));
+    timeoutTimer = _unref(setTimeout(() => {
+      done({
+        closed: false,
+        timedOut: true,
+        trackedSockets: listener.trackedSockets ? listener.trackedSockets.size : 0,
+      });
+    }, timeoutMs));
+  })));
+}
+function closeWebSocketClients(wss, options = {}) {
+  const clients = Array.from(wss?.clients || []);
+  const code = Number.isFinite(Number(options.code)) ? Number(options.code) : 1012;
+  const reason = String(options.reason || 'Service restart').slice(0, 123);
+  const graceMs = Number.isFinite(Number(options.graceMs))
+    ? Math.max(0, Number(options.graceMs))
+    : DEFAULT_WS_GRACE_MS;
+  const preCloseDelayMs = Number.isFinite(Number(options.preCloseDelayMs))
+    ? Math.max(0, Number(options.preCloseDelayMs))
+    : 0;
+  return new Promise((resolve) => {
+    if (!wss) return resolve({ closed: 0, terminated: 0, total: 0 });
+    const startClose = () => {
+      if (clients.length === 0) {
+        try { wss.close(() => {}); } catch {}
+        return resolve({ closed: 0, terminated: 0, total: 0 });
+      }
+      let closed = 0;
+      let settled = false;
+      const pending = new Set(clients);
+      const listeners = new Map();
+      let timer = null;
+      const finish = (timedOut = false) => {
+        if (settled) return;
+        settled = true;
+        if (timer) clearTimeout(timer);
+        let terminated = 0;
+        for (const ws of pending) {
+          const onClose = listeners.get(ws);
+          if (onClose) {
+            try { ws.off('close', onClose); } catch {}
+          }
+          try {
+            if (timedOut && ws.readyState !== ws.CLOSED) {
+              ws.terminate();
+              terminated += 1;
+            }
+          } catch {}
+        }
+        try { wss.close(() => {}); } catch {}
+        resolve({ closed, terminated, total: clients.length, timedOut });
+      };
+      for (const ws of clients) {
+        const onClose = () => {
+          if (!pending.delete(ws)) return;
+          closed += 1;
+          if (pending.size === 0) finish(false);
+        };
+        listeners.set(ws, onClose);
+        try { ws.once('close', onClose); } catch {}
+        try {
+          if (ws.readyState === ws.OPEN || ws.readyState === ws.CONNECTING) ws.close(code, reason);
+          else if (ws.readyState === ws.CLOSED) onClose();
+        } catch {
+          onClose();
+        }
+      }
+      if (!settled) timer = _unref(setTimeout(() => finish(true), graceMs));
+    };
+    if (preCloseDelayMs > 0) _unref(setTimeout(startClose, preCloseDelayMs));
+    else startClose();
+  });
+}
+module.exports = {
+  closeWebSocketClients,
+  installHttpConnectionTracking,
+  stopAcceptingHttpRequests,
+};