cwresdev 0.1.9 → 0.2.0

package/bin/cwgit.js

@@ -0,0 +1,99 @@
+#!/usr/bin/env node
+
+"use strict";
+
+const path = require("node:path");
+const { detectChanges, exportCsv, findWorkspaceRoot, initBase, resolveDocRoot } = require("../src/cwgit");
+
+async function main() {
+  if (process.platform !== "win32") {
+    throw new Error("cwgit currently supports Windows only.");
+  }
+
+  const args = process.argv.slice(2);
+  const command = args[0];
+
+  if (!command || command === "--help" || command === "-h") {
+    process.stdout.write([
+      "cwgit <command>",
+      "",
+      "Commands:",
+      "  init      Snapshot the current project as the base version",
+      "  changes   Detect and export changed files as CSV",
+      "",
+      "Usage:",
+      "  Run from inside a project folder (under the docRoot).",
+      "  The tool locates the workspace root (package.json with cwrespro config)",
+      "  and resolves docRoot from that config.",
+      "",
+      "Examples:",
+      "  cd virtual_env/IC && cwgit init",
+      "  cd virtual_env/IC && cwgit changes",
+      "",
+    ].join("\n"));
+    return;
+  }
+
+  const cwd = process.cwd();
+
+  // Find the workspace root by walking up
+  const workspaceRoot = findWorkspaceRoot(cwd);
+
+  if (!workspaceRoot) {
+    throw new Error(
+      "Could not find workspace root.\n" +
+      "Ensure a package.json with a \"cwrespro\" key or a cwrespro.config.json exists in an ancestor directory."
+    );
+  }
+
+  // Resolve docRoot from config
+  const docRoot = resolveDocRoot(workspaceRoot);
+
+  if (command === "init") {
+    const { fileCount, basePath } = await initBase(cwd, docRoot);
+    process.stdout.write(`[cwgit] Base snapshot created: ${fileCount} files tracked.\n`);
+    process.stdout.write(`[cwgit] Stored at: ${basePath}\n`);
+    process.stdout.write(`[cwgit] Tip: add .cwgit/ to .gitignore if using Git.\n`);
+    return;
+  }
+
+  if (command === "changes") {
+    const changes = await detectChanges(cwd, docRoot);
+
+    if (changes.length === 0) {
+      process.stdout.write("[cwgit] No changes detected.\n");
+      return;
+    }
+
+    const csvPath = await exportCsv(changes, cwd);
+
+    // Print summary
+    const deleted = changes.filter((c) => c.status === "D").length;
+    const modified = changes.filter((c) => c.status === "M").length;
+    const untracked = changes.filter((c) => c.status === "U").length;
+
+    process.stdout.write(`[cwgit] ${changes.length} change(s) detected:\n`);
+
+    if (modified > 0) {
+      process.stdout.write(`  M (Modified):  ${modified}\n`);
+    }
+
+    if (untracked > 0) {
+      process.stdout.write(`  U (Untracked): ${untracked}\n`);
+    }
+
+    if (deleted > 0) {
+      process.stdout.write(`  D (Deleted):   ${deleted}\n`);
+    }
+
+    process.stdout.write(`[cwgit] CSV exported: ${csvPath}\n`);
+    return;
+  }
+
+  throw new Error(`Unknown command: "${command}". Use "cwgit --help" for usage.`);
+}
+
+main().catch((error) => {
+  process.stderr.write(`[cwgit] Error: ${error.message}\n`);
+  process.exit(1);
+});

package/package.json

@@ -1,13 +1,14 @@
 {
   "name": "cwresdev",
-  "version": "0.1.9",
+  "version": "0.2.0",
   "description": "",
   "license": "MIT",
   "private": false,
   "type": "commonjs",
   "main": "./src/index.js",
   "bin": {
-    "cwrespro": "bin/cwrespro.js"
+    "cwrespro": "bin/cwrespro.js",
+    "cwgit": "bin/cwgit.js"
   },
   "files": [
     "bin",

package/src/cwgit.js

@@ -0,0 +1,362 @@
+"use strict";
+
+const crypto = require("node:crypto");
+const fs = require("node:fs");
+const path = require("node:path");
+
+const CWGIT_DIR = ".cwgit";
+const IGNORED_DIRS = new Set([".cwgit", "node_modules", ".git"]);
+const HASH_STREAM_THRESHOLD = 5 * 1024 * 1024; // 5 MB
+
+// CSV-injection-dangerous prefixes (OWASP)
+const CSV_DANGEROUS_CHARS = new Set(["=", "+", "-", "@", "\t", "\r"]);
+
+/**
+ * Walk up from startDir to find the nearest directory containing a package.json
+ * with a "cwrespro" key or a cwrespro.config.json file.
+ */
+function findWorkspaceRoot(startDir) {
+  let current = path.resolve(startDir);
+  const { root } = path.parse(current);
+
+  while (true) {
+    const pkgPath = path.join(current, "package.json");
+
+    if (fs.existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+
+        if (pkg.cwrespro && typeof pkg.cwrespro === "object") {
+          return current;
+        }
+      } catch (_) {
+        // malformed package.json — skip
+      }
+    }
+
+    const configPath = path.join(current, "cwrespro.config.json");
+
+    if (fs.existsSync(configPath)) {
+      return current;
+    }
+
+    if (current === root) {
+      return null;
+    }
+
+    current = path.dirname(current);
+  }
+}
+
+/**
+ * Resolve the docRoot from the workspace root's config.
+ * Returns absolute docRoot path.
+ */
+function resolveDocRoot(workspaceRoot) {
+  const configPath = path.join(workspaceRoot, "cwrespro.config.json");
+
+  if (fs.existsSync(configPath)) {
+    try {
+      const cfg = JSON.parse(fs.readFileSync(configPath, "utf8"));
+
+      if (cfg.docRoot) {
+        return path.resolve(workspaceRoot, cfg.docRoot);
+      }
+    } catch (_) {
+      // fall through to package.json
+    }
+  }
+
+  const pkgPath = path.join(workspaceRoot, "package.json");
+
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+
+      if (pkg.cwrespro && pkg.cwrespro.docRoot) {
+        return path.resolve(workspaceRoot, pkg.cwrespro.docRoot);
+      }
+    } catch (_) {
+      // fall through to default
+    }
+  }
+
+  return path.resolve(workspaceRoot, "virtual_env");
+}
+
+/**
+ * Compute SHA-256 hash of a file.
+ * Uses one-shot API for small files, streaming for large files.
+ */
+async function hashFile(filePath) {
+  const stat = await fs.promises.stat(filePath);
+
+  if (stat.size <= HASH_STREAM_THRESHOLD) {
+    const data = await fs.promises.readFile(filePath);
+    return crypto.createHash("sha256").update(data).digest("hex");
+  }
+
+  // Stream for large files (videos, images, etc.)
+  return new Promise((resolve, reject) => {
+    const hash = crypto.createHash("sha256");
+    const stream = fs.createReadStream(filePath);
+
+    stream.on("data", (chunk) => hash.update(chunk));
+    stream.on("end", () => resolve(hash.digest("hex")));
+    stream.on("error", reject);
+  });
+}
+
+/**
+ * Recursively collect all files in a directory.
+ * Skips symlinks, IGNORED_DIRS, and validates paths stay within boundary.
+ */
+async function collectFiles(dir, boundary) {
+  const results = [];
+  const resolvedBoundary = path.resolve(boundary);
+
+  async function walk(current) {
+    let entries;
+
+    try {
+      entries = await fs.promises.readdir(current, { withFileTypes: true });
+    } catch (err) {
+      if (err.code === "EACCES" || err.code === "EPERM") {
+        return; // skip inaccessible directories
+      }
+
+      throw err;
+    }
+
+    for (const entry of entries) {
+      if (IGNORED_DIRS.has(entry.name)) {
+        continue;
+      }
+
+      const fullPath = path.join(current, entry.name);
+      const resolved = path.resolve(fullPath);
+
+      // Path traversal guard
+      if (!resolved.startsWith(resolvedBoundary + path.sep) && resolved !== resolvedBoundary) {
+        continue;
+      }
+
+      // Use lstat to detect symlinks (don't follow them)
+      let stat;
+
+      try {
+        stat = await fs.promises.lstat(fullPath);
+      } catch (err) {
+        if (err.code === "EBUSY" || err.code === "EPERM" || err.code === "ENOENT") {
+          continue; // skip locked/deleted files
+        }
+
+        throw err;
+      }
+
+      // Skip symlinks for security
+      if (stat.isSymbolicLink()) {
+        continue;
+      }
+
+      if (stat.isDirectory()) {
+        await walk(fullPath);
+      } else if (stat.isFile()) {
+        results.push(fullPath);
+      }
+    }
+  }
+
+  await walk(dir);
+  return results;
+}
+
+/**
+ * Initialize (or re-initialize) the base snapshot for a project.
+ */
+async function initBase(projectDir, docRoot) {
+  const resolvedProject = path.resolve(projectDir);
+  const resolvedDocRoot = path.resolve(docRoot);
+
+  // Validate projectDir is inside or equal to docRoot
+  if (resolvedProject !== resolvedDocRoot && !resolvedProject.startsWith(resolvedDocRoot + path.sep)) {
+    throw new Error(`Project directory must be inside docRoot.\n  Project: ${resolvedProject}\n  DocRoot: ${resolvedDocRoot}`);
+  }
+
+  const relPath = resolvedProject === resolvedDocRoot
+    ? "."
+    : path.relative(resolvedDocRoot, resolvedProject);
+
+  const cwgitDir = path.join(resolvedDocRoot, CWGIT_DIR, relPath);
+  const basePath = path.join(cwgitDir, "base.json");
+  const tmpPath = basePath + ".tmp";
+
+  // Collect and hash files
+  const filePaths = await collectFiles(resolvedProject, resolvedProject);
+  const fileCount = filePaths.length;
+
+  process.stderr.write(`[cwgit] Hashing ${fileCount} files...\n`);
+
+  const files = {};
+  let processed = 0;
+
+  for (const filePath of filePaths) {
+    const relFilePath = path.relative(resolvedProject, filePath).replace(/\\/g, "/");
+
+    try {
+      files[relFilePath] = await hashFile(filePath);
+    } catch (err) {
+      if (err.code === "EBUSY" || err.code === "EPERM" || err.code === "ENOENT") {
+        process.stderr.write(`[cwgit] Warning: skipped inaccessible file: ${relFilePath}\n`);
+        continue;
+      }
+
+      throw err;
+    }
+
+    processed += 1;
+
+    if (processed % 100 === 0) {
+      process.stderr.write(`[cwgit] ${processed}/${fileCount} files hashed\n`);
+    }
+  }
+
+  const baseData = {
+    version: 1,
+    createdAt: new Date().toISOString(),
+    project: relPath,
+    files,
+  };
+
+  // Atomic write: write to tmp then rename
+  await fs.promises.mkdir(cwgitDir, { recursive: true });
+  await fs.promises.writeFile(tmpPath, JSON.stringify(baseData, null, 2), "utf8");
+  await fs.promises.rename(tmpPath, basePath);
+
+  return { fileCount: Object.keys(files).length, basePath };
+}
+
+/**
+ * Detect changes between current state and base snapshot.
+ * Returns array of { file, status } where status is M, U, or D.
+ */
+async function detectChanges(projectDir, docRoot) {
+  const resolvedProject = path.resolve(projectDir);
+  const resolvedDocRoot = path.resolve(docRoot);
+
+  if (resolvedProject !== resolvedDocRoot && !resolvedProject.startsWith(resolvedDocRoot + path.sep)) {
+    throw new Error(`Project directory must be inside docRoot.\n  Project: ${resolvedProject}\n  DocRoot: ${resolvedDocRoot}`);
+  }
+
+  const relPath = resolvedProject === resolvedDocRoot
+    ? "."
+    : path.relative(resolvedDocRoot, resolvedProject);
+
+  const basePath = path.join(resolvedDocRoot, CWGIT_DIR, relPath, "base.json");
+
+  if (!fs.existsSync(basePath)) {
+    throw new Error(`No base snapshot found. Run "cwgit init" first.\n  Expected: ${basePath}`);
+  }
+
+  const baseData = JSON.parse(await fs.promises.readFile(basePath, "utf8"));
+  const baseFiles = baseData.files || {};
+
+  // Collect current files
+  const currentPaths = await collectFiles(resolvedProject, resolvedProject);
+  const currentFiles = {};
+
+  process.stderr.write(`[cwgit] Scanning ${currentPaths.length} files...\n`);
+
+  for (const filePath of currentPaths) {
+    const relFilePath = path.relative(resolvedProject, filePath).replace(/\\/g, "/");
+
+    try {
+      currentFiles[relFilePath] = await hashFile(filePath);
+    } catch (err) {
+      if (err.code === "EBUSY" || err.code === "EPERM" || err.code === "ENOENT") {
+        process.stderr.write(`[cwgit] Warning: skipped inaccessible file: ${relFilePath}\n`);
+        continue;
+      }
+
+      throw err;
+    }
+  }
+
+  const changes = [];
+
+  // Check for modified and deleted files
+  for (const [file, hash] of Object.entries(baseFiles)) {
+    if (!(file in currentFiles)) {
+      changes.push({ file, status: "D" });
+    } else if (currentFiles[file] !== hash) {
+      changes.push({ file, status: "M" });
+    }
+  }
+
+  // Check for new/untracked files
+  for (const file of Object.keys(currentFiles)) {
+    if (!(file in baseFiles)) {
+      changes.push({ file, status: "U" });
+    }
+  }
+
+  // Sort: D first, then M, then U; alphabetical within each group
+  changes.sort((a, b) => {
+    const order = { D: 0, M: 1, U: 2 };
+
+    if (order[a.status] !== order[b.status]) {
+      return order[a.status] - order[b.status];
+    }
+
+    return a.file.localeCompare(b.file);
+  });
+
+  return changes;
+}
+
+/**
+ * Sanitize a CSV cell value to prevent formula injection.
+ */
+function sanitizeCsvCell(value) {
+  if (typeof value !== "string" || value.length === 0) {
+    return value;
+  }
+
+  if (CSV_DANGEROUS_CHARS.has(value[0])) {
+    return "'" + value;
+  }
+
+  return value;
+}
+
+/**
+ * Export changes to a CSV file.
+ */
+async function exportCsv(changes, outputDir) {
+  const csvPath = path.join(outputDir, "cwgit-changes.csv");
+  const lines = ["file,status"];
+
+  for (const { file, status } of changes) {
+    const safeFile = sanitizeCsvCell(file);
+    // Escape double quotes in file path and wrap in quotes if contains comma
+    const escaped = safeFile.includes(",") || safeFile.includes('"')
+      ? `"${safeFile.replace(/"/g, '""')}"`
+      : safeFile;
+    lines.push(`${escaped},${status}`);
+  }
+
+  await fs.promises.writeFile(csvPath, lines.join("\n") + "\n", "utf8");
+  return csvPath;
+}
+
+module.exports = {
+  CWGIT_DIR,
+  collectFiles,
+  detectChanges,
+  exportCsv,
+  findWorkspaceRoot,
+  hashFile,
+  initBase,
+  resolveDocRoot,
+  sanitizeCsvCell,
+};

package/src/server.js

@@ -231,6 +231,11 @@ async function startDevServer(config) {
     });
   });
 
+  // Block HTTP access to .cwgit tracking data
+  app.use("/.cwgit", (req, res) => {
+    res.status(404).type("text/plain").send("Not Found");
+  });
+
   app.get(CLIENT_SCRIPT_ROUTE, (req, res) => {
     res.type("application/javascript");
     res.send(clientScript);
@@ -340,9 +345,15 @@ async function startDevServer(config) {
     return (filePath) => filePath.replace(/\\/g, "/") === normalized;
   });
 
+  // Always ignore .cwgit tracking folder (prevents reload loops)
+  const cwgitIgnore = (filePath) => {
+    const normalized = filePath.replace(/\\/g, "/");
+    return normalized.includes("/.cwgit/") || normalized.endsWith("/.cwgit");
+  };
+
   const watcher = chokidar.watch(config.docRoot, {
     ignoreInitial: true,
-    ignored,
+    ignored: [cwgitIgnore, ...ignored],
   });
 
   watcher.on("all", (eventName, filePath) => {