cursor-guard 4.7.6 → 4.7.9

package/ROADMAP.md

@@ -3,8 +3,8 @@
 > 本文档描述 cursor-guard 从 V2 到 V7 的长期演进方向。
 > 每一代向下兼容，低版本功能永远不废弃。
 >
-> **当前版本**：`V4.7.6`  
-> **文档状态**：`V2` ~ `V4.7.6` 已完成交付（含 V5 intent/audit 基础），`V5` 主体规划中
+> **当前版本**：`V4.7.9`  
+> **文档状态**：`V2` ~ `V4.7.8` 已完成交付（含 V5 intent/audit 基础），`V5` 主体规划中
 
 ## 阅读导航
 
@@ -734,6 +734,28 @@ V4 经过 4 轮系统性代码审查，修复了以下关键问题：
 }
 ```
 
+### V4.7.8：告警倒计时实时更新 + Open Dashboard CORS/Fallback 修复 ✅
+
+| 修复/增强 | 说明 |
+|----------|------|
+| **告警倒计时秒级实时更新** | 侧边栏告警 "Expires: Xm Ys" 之前只在 poller 推数据时（每 5 秒）刷新一次。新增独立 `setInterval(1000)` 定时器，每秒从 DOM `data-expires` 属性读取 `expiresAt` 时间戳并实时更新 `.alert-countdown` 文本 |
+| **Dashboard Server CORS 支持** | API 响应头新增 `Access-Control-Allow-Origin: *`；新增 `OPTIONS` preflight 处理（204 响应 + 完整 CORS 头）。解决 WebView 跨域 fetch 被浏览器/IDE 安全策略拦截的问题 |
+| **WebView CSP 策略放宽** | `connect-src` 从只允许固定 `baseUrl` 改为 `http://127.0.0.1:* http://localhost:*`；`script-src` 增加 `'unsafe-inline'` 兼容旧 Cursor 版本 |
+| **Open Dashboard 启动容错** | Server 未运行时提供 "Start Server" 按钮自动启动，不再直接报错退出。`DashboardManager` 新增 `ensureRunning()` 方法 |
+| **WebView Fetch 错误降级** | 前端 `fetchJson` 连续 3 次失败后通过 `postMessage({ type: 'fetchError' })` 通知 host，自动关闭 WebView 面板并 fallback 到浏览器打开 |
+| **侧边栏 Protection Scope 卡片** | 新增独立保护范围卡片：顶部三 chip 显示 🛡️ N protected / 🚫 N excluded / N total；下方按 Protect/Ignore 分组展示匹配模式标签（绿色/红色），最多 6 个，超出显示 "+N more"。后端 `getDashboard` 新增 `totalFiles`、`excludedCount` 字段 |
+| **protect 匹配语义修正（破坏性修复）** | `matchesAny` 新增 `{ strict: true }` 模式。**protect 规则不再匹配 basename**（仅匹配完整相对路径），`*.js` 只保护根目录 js 文件，要保护所有深度需写 `**/*.js`。**ignore 保留 basename 匹配**（宽松排除更安全）。修复了 `*.json` / `*.js` 意外保护 `node_modules/`、`.cursor/` 等无关目录的问题。`filterFiles`、`pruneIndexFiles`（snapshot.js）、`doctor.js` 统一使用 strict 模式。新增 4 组 strict 模式单元测试 |
+
+### V4.7.7：右键菜单动态 Protect/Ignore ✅
+
+| 组件 | 说明 |
+|------|------|
+| **Explorer 右键菜单** | 文件资源管理器中右键文件或文件夹，出现 "Cursor Guard: Add to Protected" 和 "Cursor Guard: Exclude from Protection" 两个菜单项 |
+| **编辑器标签右键** | 编辑器标签页右键同样支持 Protect/Ignore 操作 |
+| **模式选择 QuickPick** | 点击后弹出 QuickPick，提供 4 种模式选择：精确路径（`src/auth.ts`）、目录 glob（`src/**`）、文件名匹配（`auth.ts`）、扩展名匹配（`*.ts`）、自定义 glob 输入 |
+| **配置自动写入** | 选择后自动写入 `.cursor-guard.json` 的 `protect` 或 `ignore` 数组，不覆盖已有配置，重复检测 |
+| **即时生效** | 修改后自动触发 Poller 刷新，侧边栏实时更新保护范围 |
+
 ### V4.7.6：侧边栏 UX 重构 + Health 修复 + Open Dashboard 修复 ✅
 
 | 修复/增强 | 说明 |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cursor-guard",
-  "version": "4.7.6",
+  "version": "4.7.9",
   "description": "Protects code from accidental AI overwrite or deletion in Cursor IDE — mandatory pre-write snapshots, review-before-apply, local Git safety net, and deterministic recovery. | 保护代码免受 Cursor AI 代理意外覆写或删除——强制写前快照、预览再执行、本地 Git 安全网、确定性恢复。",
   "keywords": [
     "cursor",

package/references/dashboard/public/app.js

@@ -673,13 +673,26 @@ function relativeTime(ts) {
 
 /* ── Data fetching ────────────────────────────────────────── */
 
+let _fetchFailCount = 0;
 async function fetchJson(url) {
   const base = window.__GUARD_BASE_URL__ || '';
   const sep = url.includes('?') ? '&' : '?';
   const tokenParam = window.__GUARD_TOKEN__ ? `${sep}token=${window.__GUARD_TOKEN__}` : '';
-  const r = await fetch(base + url + tokenParam);
-  if (!r.ok) throw new Error(`HTTP ${r.status}`);
-  return r.json();
+  try {
+    const r = await fetch(base + url + tokenParam);
+    if (!r.ok) throw new Error(`HTTP ${r.status}`);
+    _fetchFailCount = 0;
+    return r.json();
+  } catch (err) {
+    _fetchFailCount++;
+    if (window.__IN_VSCODE__ && _fetchFailCount >= 3) {
+      try {
+        const api = window.__vscodeApi || (window.__vscodeApi = acquireVsCodeApi());
+        api.postMessage({ type: 'fetchError', detail: err.message });
+      } catch { /* ignore */ }
+    }
+    throw err;
+  }
 }
 
 async function loadProjects() {

package/references/dashboard/server.js

@@ -103,6 +103,7 @@ function json(res, data, status = 200) {
     'Content-Type': 'application/json; charset=utf-8',
     'Content-Length': Buffer.byteLength(body),
     'Cache-Control': 'no-store',
+    'Access-Control-Allow-Origin': '*',
   });
   res.end(body);
 }
@@ -301,6 +302,16 @@ function startDashboardServer(paths, opts = {}) {
         return res.end('Forbidden: invalid host');
       }
 
+      if (req.method === 'OPTIONS') {
+        res.writeHead(204, {
+          'Access-Control-Allow-Origin': '*',
+          'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
+          'Access-Control-Allow-Headers': 'Content-Type',
+          'Access-Control-Max-Age': '86400',
+        });
+        return res.end();
+      }
+
       if (req.method !== 'GET' && req.method !== 'POST') {
         res.writeHead(405);
         return res.end('Method Not Allowed');

package/references/lib/core/dashboard.js

@@ -139,11 +139,18 @@ function getDashboard(projectDir) {
     protect: cfg.protect.length > 0 ? cfg.protect : ['**'],
     ignore: cfg.ignore,
     fileCount: 0,
+    totalFiles: 0,
+    excludedCount: 0,
+    protectPatterns: cfg.protect.length > 0 ? cfg.protect.length : 1,
+    ignorePatterns: cfg.ignore.length,
   };
 
   try {
     const allFiles = walkDir(projectDir, projectDir);
-    protectionScope.fileCount = filterFiles(allFiles, cfg).length;
+    const protectedFiles = filterFiles(allFiles, cfg);
+    protectionScope.totalFiles = allFiles.length;
+    protectionScope.fileCount = protectedFiles.length;
+    protectionScope.excludedCount = allFiles.length - protectedFiles.length;
   } catch { /* ignore */ }
 
   // ── Health assessment ───────────────────────────────────────

package/references/lib/core/doctor.js

@@ -197,7 +197,7 @@ function runDiagnostics(projectDir) {
     const allFiles = walkDir(projectDir, projectDir);
     let protectedCount = 0;
     for (const f of allFiles) {
-      if (matchesAny(cfg.protect, f.rel)) protectedCount++;
+      if (matchesAny(cfg.protect, f.rel, { strict: true })) protectedCount++;
     }
     check('Protect patterns', 'PASS', `${protectedCount} / ${allFiles.length} files matched by protect patterns`);
   }

package/references/lib/core/snapshot.js

@@ -110,12 +110,10 @@ function createGitSnapshot(projectDir, cfg, opts = {}) {
     const parentHash = git(['rev-parse', '--verify', branchRef], { cwd, allowFail: true });
 
     if (cfg.protect.length > 0) {
-      // Add everything then prune — 'git add -- <pattern>' treats bare names as
-      // root-relative pathspecs, but matchesAny() also checks basenames (e.g.
-      // "settings.json" matches "src/settings.json").  Pruning via matchesAny
-      // keeps the semantics consistent with filterFiles().
+      // protect uses strict matching (full path only, no basename fallback)
+      // so *.js only matches root-level js files, not nested ones
       execFileSync('git', ['add', '-A'], { cwd, env, stdio: 'pipe' });
-      pruneIndexFiles(cwd, env, f => !matchesAny(cfg.protect, f));
+      pruneIndexFiles(cwd, env, f => !matchesAny(cfg.protect, f, { strict: true }));
     } else {
       if (parentHash) {
         execFileSync('git', ['read-tree', branchRef], { cwd, env, stdio: 'pipe' });

package/references/lib/utils.js

@@ -36,12 +36,19 @@ function globMatch(pattern, relPath) {
 
 /**
  * Check if a relative file path matches any pattern in a list.
- * Also checks leaf filename for patterns like "*.log".
+ *
+ * @param {string[]} patterns
+ * @param {string}   relPath
+ * @param {{ strict?: boolean }} [opts]
+ *   strict = true  → only match against full relPath (for `protect`)
+ *   strict = false → also match against basename   (for `ignore` / `secrets`)
  */
-function matchesAny(patterns, relPath) {
-  const leaf = path.basename(relPath);
+function matchesAny(patterns, relPath, opts) {
+  const strict = opts?.strict === true;
+  const leaf = strict ? null : path.basename(relPath);
   for (const pat of patterns) {
-    if (globMatch(pat, relPath) || globMatch(pat, leaf)) return true;
+    if (globMatch(pat, relPath)) return true;
+    if (!strict && globMatch(pat, leaf)) return true;
   }
   return false;
 }
@@ -427,7 +434,7 @@ function parseArgs(argv) {
 function filterFiles(files, cfg) {
   let result = files;
   if (cfg.protect.length > 0) {
-    result = result.filter(f => matchesAny(cfg.protect, f.rel));
+    result = result.filter(f => matchesAny(cfg.protect, f.rel, { strict: true }));
   }
   result = result.filter(f => {
     if (cfg.ignore.length > 0 && matchesAny(cfg.ignore, f.rel)) return false;

package/references/vscode-extension/dist/dashboard/public/app.js

@@ -673,13 +673,26 @@ function relativeTime(ts) {
 
 /* ── Data fetching ────────────────────────────────────────── */
 
+let _fetchFailCount = 0;
 async function fetchJson(url) {
   const base = window.__GUARD_BASE_URL__ || '';
   const sep = url.includes('?') ? '&' : '?';
   const tokenParam = window.__GUARD_TOKEN__ ? `${sep}token=${window.__GUARD_TOKEN__}` : '';
-  const r = await fetch(base + url + tokenParam);
-  if (!r.ok) throw new Error(`HTTP ${r.status}`);
-  return r.json();
+  try {
+    const r = await fetch(base + url + tokenParam);
+    if (!r.ok) throw new Error(`HTTP ${r.status}`);
+    _fetchFailCount = 0;
+    return r.json();
+  } catch (err) {
+    _fetchFailCount++;
+    if (window.__IN_VSCODE__ && _fetchFailCount >= 3) {
+      try {
+        const api = window.__vscodeApi || (window.__vscodeApi = acquireVsCodeApi());
+        api.postMessage({ type: 'fetchError', detail: err.message });
+      } catch { /* ignore */ }
+    }
+    throw err;
+  }
 }
 
 async function loadProjects() {

package/references/vscode-extension/dist/dashboard/server.js

@@ -103,6 +103,7 @@ function json(res, data, status = 200) {
     'Content-Type': 'application/json; charset=utf-8',
     'Content-Length': Buffer.byteLength(body),
     'Cache-Control': 'no-store',
+    'Access-Control-Allow-Origin': '*',
   });
   res.end(body);
 }
@@ -301,6 +302,16 @@ function startDashboardServer(paths, opts = {}) {
         return res.end('Forbidden: invalid host');
       }
 
+      if (req.method === 'OPTIONS') {
+        res.writeHead(204, {
+          'Access-Control-Allow-Origin': '*',
+          'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
+          'Access-Control-Allow-Headers': 'Content-Type',
+          'Access-Control-Max-Age': '86400',
+        });
+        return res.end();
+      }
+
       if (req.method !== 'GET' && req.method !== 'POST') {
         res.writeHead(405);
         return res.end('Method Not Allowed');

package/references/vscode-extension/dist/extension.js

@@ -1,6 +1,8 @@
 'use strict';
 
 const vscode = require('vscode');
+const fs = require('fs');
+const path = require('path');
 const { DashboardManager } = require('./lib/dashboard-manager');
 const { WebViewProvider } = require('./lib/webview-provider');
 const { StatusBarController } = require('./lib/status-bar');
@@ -8,6 +10,7 @@ const { GuardTreeView } = require('./lib/tree-view');
 const { Poller } = require('./lib/poller');
 const { SidebarDashboardProvider } = require('./lib/sidebar-webview');
 const { autoSetup } = require('./lib/auto-setup');
+const { guardPath } = require('./lib/paths');
 
 let dashMgr, poller, statusBar, treeView, webviewProvider, sidebarProvider;
 
@@ -24,10 +27,24 @@ async function activate(context) {
   context.subscriptions.push(
     vscode.window.registerWebviewViewProvider('cursorGuardDashboard', sidebarProvider),
 
-    vscode.commands.registerCommand('cursorGuard.openDashboard', () => {
+    vscode.commands.registerCommand('cursorGuard.openDashboard', async () => {
       if (!dashMgr.running) {
-        vscode.window.showWarningMessage('Cursor Guard: no projects detected. Add .cursor-guard.json to your workspace.');
-        return;
+        const action = await vscode.window.showWarningMessage(
+          'Cursor Guard: Dashboard server not running.',
+          'Start Server', 'Cancel'
+        );
+        if (action === 'Start Server') {
+          const folders = vscode.workspace.workspaceFolders;
+          if (folders) {
+            await dashMgr.ensureRunning(folders.map(f => f.uri.fsPath));
+          }
+          if (!dashMgr.running) {
+            vscode.window.showErrorMessage('Cursor Guard: failed to start dashboard server.');
+            return;
+          }
+        } else {
+          return;
+        }
       }
       webviewProvider.show();
     }),
@@ -88,6 +105,77 @@ async function activate(context) {
       treeView.refresh();
     }),
 
+    vscode.commands.registerCommand('cursorGuard.quickRestore', async () => {
+      const folders = vscode.workspace.workspaceFolders;
+      if (!folders || folders.length === 0) return;
+      if (!dashMgr.running) {
+        vscode.window.showWarningMessage('Cursor Guard: dashboard not running. Cannot list backups.');
+        return;
+      }
+      const projects = await dashMgr.fetchApi('/api/projects');
+      if (!projects || projects.length === 0) return;
+      const pid = projects[0].id;
+      const pageData = await dashMgr.getFullPageData(pid);
+      const backups = (pageData?.backups || []).slice(0, 8);
+      if (backups.length === 0) {
+        vscode.window.showInformationMessage('Cursor Guard: no backups available to restore from.');
+        return;
+      }
+      const items = backups.map(b => {
+        const time = b.timestamp ? new Date(b.timestamp).toLocaleString() : '?';
+        const files = b.filesChanged ? `${b.filesChanged} files` : '';
+        const summary = b.summary ? b.summary.slice(0, 60) : '';
+        return {
+          label: `$(git-commit) ${time}`,
+          description: `${b.type || 'auto'} · ${files}`,
+          detail: summary,
+          hash: b.commitHash,
+        };
+      });
+      const selected = await vscode.window.showQuickPick(items, {
+        placeHolder: 'Select a backup to restore from',
+        title: 'Cursor Guard: Quick Restore',
+      });
+      if (selected && selected.hash) {
+        const url = `${dashMgr.baseUrl}?token=${dashMgr.token}`;
+        vscode.env.openExternal(vscode.Uri.parse(url));
+        vscode.window.showInformationMessage(
+          `Cursor Guard: opening dashboard for restore. Selected backup: ${selected.hash.slice(0, 7)}`
+        );
+      }
+    }),
+
+    vscode.commands.registerCommand('cursorGuard.doctor', async () => {
+      const folders = vscode.workspace.workspaceFolders;
+      if (!folders || folders.length === 0) return;
+      const projectPath = folders[0].uri.fsPath;
+      try {
+        const { runDiagnostics } = require(guardPath('lib', 'core', 'doctor'));
+        const result = runDiagnostics(projectPath);
+        const passed = result.checks.filter(c => c.status === 'PASS').length;
+        const warned = result.checks.filter(c => c.status === 'WARN').length;
+        const failed = result.checks.filter(c => c.status === 'FAIL').length;
+        const msg = `Doctor: ${passed} passed, ${warned} warnings, ${failed} failed`;
+        if (failed > 0) {
+          vscode.window.showErrorMessage(`Cursor Guard: ${msg}`);
+        } else if (warned > 0) {
+          vscode.window.showWarningMessage(`Cursor Guard: ${msg}`);
+        } else {
+          vscode.window.showInformationMessage(`Cursor Guard: ${msg} ✓`);
+        }
+      } catch (e) {
+        vscode.window.showErrorMessage(`Cursor Guard Doctor: ${e.message}`);
+      }
+    }),
+
+    vscode.commands.registerCommand('cursorGuard.addToProtect', (uri) => {
+      _modifyGuardConfig(uri, 'protect');
+    }),
+
+    vscode.commands.registerCommand('cursorGuard.addToIgnore', (uri) => {
+      _modifyGuardConfig(uri, 'ignore');
+    }),
+
     statusBar,
     poller,
     treeView,
@@ -110,6 +198,80 @@ async function activate(context) {
   );
 }
 
+async function _modifyGuardConfig(uri, field) {
+  const folders = vscode.workspace.workspaceFolders;
+  if (!folders || folders.length === 0) {
+    vscode.window.showWarningMessage('Cursor Guard: no workspace folder open.');
+    return;
+  }
+
+  let targetUri = uri;
+  if (!targetUri) {
+    const editor = vscode.window.activeTextEditor;
+    if (editor) targetUri = editor.document.uri;
+  }
+  if (!targetUri) {
+    vscode.window.showWarningMessage('Cursor Guard: no file or folder selected.');
+    return;
+  }
+
+  const wsRoot = folders[0].uri.fsPath;
+  const configPath = path.join(wsRoot, '.cursor-guard.json');
+  const targetPath = targetUri.fsPath;
+
+  const relative = path.relative(wsRoot, targetPath).replace(/\\/g, '/');
+  if (!relative || relative.startsWith('..')) {
+    vscode.window.showWarningMessage('Cursor Guard: selected path is outside the workspace.');
+    return;
+  }
+
+  let isDir = false;
+  try { isDir = fs.statSync(targetPath).isDirectory(); } catch { /* file */ }
+  const pattern = isDir ? `${relative}/**` : relative;
+
+  const action = field === 'protect' ? 'Add to Protected' : 'Exclude from Protection';
+  const pick = await vscode.window.showQuickPick(
+    [
+      { label: pattern, description: isDir ? 'directory glob' : 'exact file' },
+      { label: `${path.basename(targetPath)}`, description: 'filename only (matches anywhere)' },
+      ...(isDir ? [] : [{ label: `*.${path.extname(targetPath).slice(1)}`, description: 'file extension' }]),
+      { label: '$(edit) Custom pattern...', description: 'enter your own glob', custom: true },
+    ],
+    { placeHolder: `${action}: choose a pattern`, title: `Cursor Guard: ${action}` }
+  );
+  if (!pick) return;
+
+  let chosenPattern = pick.label;
+  if (pick.custom) {
+    const input = await vscode.window.showInputBox({
+      prompt: `Enter a glob pattern to ${field === 'protect' ? 'protect' : 'exclude'}`,
+      value: pattern,
+    });
+    if (!input) return;
+    chosenPattern = input;
+  }
+
+  let config = {};
+  if (fs.existsSync(configPath)) {
+    try { config = JSON.parse(fs.readFileSync(configPath, 'utf-8')); } catch { config = {}; }
+  }
+
+  if (!Array.isArray(config[field])) config[field] = [];
+
+  if (config[field].includes(chosenPattern)) {
+    vscode.window.showInformationMessage(`Cursor Guard: "${chosenPattern}" already in ${field} list.`);
+    return;
+  }
+
+  config[field].push(chosenPattern);
+  fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+
+  const label = field === 'protect' ? 'Protected' : 'Excluded';
+  vscode.window.showInformationMessage(`Cursor Guard: "${chosenPattern}" added to ${label} list.`);
+
+  if (poller) poller.forceRefresh();
+}
+
 function deactivate() {
   if (poller) poller.dispose();
   if (statusBar) statusBar.dispose();

package/references/vscode-extension/dist/guard-version.json

@@ -1 +1 @@
-{"version":"4.7.5"}
+{"version":"4.7.8"}

package/references/vscode-extension/dist/lib/core/dashboard.js

@@ -139,11 +139,18 @@ function getDashboard(projectDir) {
     protect: cfg.protect.length > 0 ? cfg.protect : ['**'],
     ignore: cfg.ignore,
     fileCount: 0,
+    totalFiles: 0,
+    excludedCount: 0,
+    protectPatterns: cfg.protect.length > 0 ? cfg.protect.length : 1,
+    ignorePatterns: cfg.ignore.length,
   };
 
   try {
     const allFiles = walkDir(projectDir, projectDir);
-    protectionScope.fileCount = filterFiles(allFiles, cfg).length;
+    const protectedFiles = filterFiles(allFiles, cfg);
+    protectionScope.totalFiles = allFiles.length;
+    protectionScope.fileCount = protectedFiles.length;
+    protectionScope.excludedCount = allFiles.length - protectedFiles.length;
   } catch { /* ignore */ }
 
   // ── Health assessment ───────────────────────────────────────
@@ -168,14 +175,8 @@ function getDashboard(projectDir) {
     issues.push(`Disk space low (${status.disk.freeGB} GB free)`);
   }
 
-  if (status.lastBackup.git && status.watcher.running) {
-    const lastTs = new Date(status.lastBackup.git.timestamp).getTime();
-    const staleSec = (Date.now() - lastTs) / 1000;
-    const staleThreshold = Math.max(cfg.auto_backup_interval_seconds * 10, 300);
-    if (staleSec > staleThreshold) {
-      issues.push(`Last git backup: ${relativeTime(status.lastBackup.git.timestamp)}`);
-    }
-  }
+  // Last backup time is purely informational — no changes = no backup is normal behavior.
+  // Health warnings should only reflect actionable problems (watcher down, disk full, no repo).
 
   let healthStatus = 'healthy';
   if (issues.length > 0) healthStatus = 'warning';

package/references/vscode-extension/dist/lib/core/doctor.js

@@ -197,7 +197,7 @@ function runDiagnostics(projectDir) {
     const allFiles = walkDir(projectDir, projectDir);
     let protectedCount = 0;
     for (const f of allFiles) {
-      if (matchesAny(cfg.protect, f.rel)) protectedCount++;
+      if (matchesAny(cfg.protect, f.rel, { strict: true })) protectedCount++;
     }
     check('Protect patterns', 'PASS', `${protectedCount} / ${allFiles.length} files matched by protect patterns`);
   }

package/references/vscode-extension/dist/lib/core/snapshot.js

@@ -110,12 +110,10 @@ function createGitSnapshot(projectDir, cfg, opts = {}) {
     const parentHash = git(['rev-parse', '--verify', branchRef], { cwd, allowFail: true });
 
     if (cfg.protect.length > 0) {
-      // Add everything then prune — 'git add -- <pattern>' treats bare names as
-      // root-relative pathspecs, but matchesAny() also checks basenames (e.g.
-      // "settings.json" matches "src/settings.json").  Pruning via matchesAny
-      // keeps the semantics consistent with filterFiles().
+      // protect uses strict matching (full path only, no basename fallback)
+      // so *.js only matches root-level js files, not nested ones
       execFileSync('git', ['add', '-A'], { cwd, env, stdio: 'pipe' });
-      pruneIndexFiles(cwd, env, f => !matchesAny(cfg.protect, f));
+      pruneIndexFiles(cwd, env, f => !matchesAny(cfg.protect, f, { strict: true }));
     } else {
       if (parentHash) {
         execFileSync('git', ['read-tree', branchRef], { cwd, env, stdio: 'pipe' });

package/references/vscode-extension/dist/lib/dashboard-manager.js

@@ -29,6 +29,13 @@ class DashboardManager {
     return this.start(paths);
   }
 
+  async ensureRunning(paths) {
+    if (this._instance) return true;
+    const configPaths = paths.filter(p => fs.existsSync(path.join(p, CONFIG_FILE)));
+    if (configPaths.length === 0) return false;
+    return this.start(configPaths);
+  }
+
   async start(paths) {
     if (!this._serverModule) {
       this._serverModule = require(guardPath('dashboard', 'server'));