filemayor 2.0.5 → 3.6.0

package/core/jailer.js

@@ -0,0 +1,151 @@
+#!/usr/bin/env node
+
+/**
+ * ═══════════════════════════════════════════════════════════════════
+ * FILEMAYOR CORE — THE JAILER (IMMUTABLE SECURITY LAYER)
+ * 
+ * This is the final firewall between FileMayor's AI "intuition" and
+ * the actual operating system. Even if Gemini suggests moving files
+ * into System32, this module kills the operation cold.
+ * 
+ * CRITICAL: This file must NEVER be modified by AI assistants.
+ * It is the immutable source of truth for filesystem safety.
+ * ═══════════════════════════════════════════════════════════════════
+ */
+
+'use strict';
+
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+
+// ─── Forbidden Zones (OS-Agnostic) ───────────────────────────────
+const FORBIDDEN_ZONES = [
+    // Windows
+    'C:\\Windows', 'C:\\Program Files', 'C:\\Program Files (x86)',
+    'C:\\ProgramData', 'C:\\Users\\Public', 'C:\\Users\\Default',
+    // Linux / macOS
+    '/etc', '/usr', '/bin', '/sbin', '/var', '/root',
+    '/boot', '/dev', '/proc', '/sys', '/run',
+    // macOS specific
+    '/System', '/Library', '/private'
+].map(p => path.resolve(p).toLowerCase());
+
+/**
+ * THE JAILER: Final security check for ALL FileMayor operations.
+ * Use this before ANY fs.rename, fs.unlink, or fs.copy operation.
+ */
+class FileMayorJailer {
+    /**
+     * @param {string} rootDirectory - The user's working directory (the "jail")
+     */
+    constructor(rootDirectory = process.cwd()) {
+        // Resolve the root to its absolute, REAL path (no symlinks)
+        try {
+            this.safeRoot = fs.realpathSync(path.resolve(rootDirectory)).toLowerCase();
+        } catch {
+            this.safeRoot = path.resolve(rootDirectory).toLowerCase();
+        }
+    }
+
+    /**
+     * Validate that a target path is safe for FileMayor to operate on.
+     * Resolves symlinks to their TRUE destination before checking.
+     * 
+     * @param {string} targetPath - The path to validate
+     * @returns {{ safe: boolean, realPath: string, error?: string }}
+     */
+    validate(targetPath) {
+        try {
+            if (!targetPath || typeof targetPath !== 'string') {
+                return { safe: false, realPath: '', error: 'Empty or invalid path' };
+            }
+
+            // Reject null bytes (classic injection vector)
+            if (targetPath.includes('\0')) {
+                return { safe: false, realPath: '', error: 'Null byte injection detected' };
+            }
+
+            const absoluteTarget = path.resolve(targetPath);
+
+            // [ANTI-SYMLINK] Resolve the REAL path (follows symlinks to true source)
+            // This defeats CVE-2025-55130 style symlink race conditions
+            let realTarget;
+            try {
+                realTarget = fs.existsSync(absoluteTarget)
+                    ? fs.realpathSync(absoluteTarget)
+                    : absoluteTarget;
+            } catch {
+                realTarget = absoluteTarget;
+            }
+
+            const normalizedTarget = realTarget.toLowerCase();
+
+            // [JAIL CHECK] Is the target inside our allowed project folder?
+            if (!normalizedTarget.startsWith(this.safeRoot + path.sep) &&
+                normalizedTarget !== this.safeRoot) {
+                return {
+                    safe: false,
+                    realPath: realTarget,
+                    error: `JAIL BREACH: "${realTarget}" is outside the safe root "${this.safeRoot}"`
+                };
+            }
+
+            // [SYSTEM CHECK] Is the target a protected OS zone?
+            for (const zone of FORBIDDEN_ZONES) {
+                if (normalizedTarget.startsWith(zone + path.sep) || normalizedTarget === zone) {
+                    return {
+                        safe: false,
+                        realPath: realTarget,
+                        error: `SYSTEM PROTECTION: "${realTarget}" is within forbidden zone "${zone}"`
+                    };
+                }
+            }
+
+            // [EXTENSION CHECK] Reject system-critical file types
+            const ext = path.extname(realTarget).toLowerCase();
+            const dangerousExts = new Set(['.sys', '.drv', '.dll', '.so', '.dylib', '.kext', '.plist', '.reg']);
+            if (dangerousExts.has(ext)) {
+                return {
+                    safe: false,
+                    realPath: realTarget,
+                    error: `DANGEROUS FILE: "${ext}" files are system-critical and cannot be moved`
+                };
+            }
+
+            return { safe: true, realPath: realTarget };
+
+        } catch (err) {
+            return { safe: false, realPath: '', error: `Jailer error: ${err.message}` };
+        }
+    }
+
+    /**
+     * Validate a move operation (both source AND destination must be safe)
+     * @param {string} source - Source file path
+     * @param {string} destination - Destination file path
+     * @returns {{ safe: boolean, error?: string }}
+     */
+    validateMove(source, destination) {
+        const srcCheck = this.validate(source);
+        if (!srcCheck.safe) return { safe: false, error: `Source: ${srcCheck.error}` };
+
+        const dstCheck = this.validate(destination);
+        if (!dstCheck.safe) return { safe: false, error: `Destination: ${dstCheck.error}` };
+
+        return { safe: true };
+    }
+}
+
+// ─── Root/Sudo Kill-Switch ────────────────────────────────────────
+// If running as root on Unix, exit immediately. FileMayor should
+// NEVER have elevated privileges to limit blast radius.
+function enforceUserSpace() {
+    if (typeof process.getuid === 'function' && process.getuid() === 0) {
+        console.error('❌ FILEMAYOR SECURITY ERROR: Running as root/sudo is strictly forbidden.');
+        console.error('   FileMayor is designed to run in User Space only.');
+        process.exit(1);
+    }
+}
+
+module.exports = { FileMayorJailer, enforceUserSpace, FORBIDDEN_ZONES };

package/core/license.js

@@ -19,7 +19,7 @@ const crypto = require('crypto');
 
 const LICENSE_FILE = path.join(os.homedir(), '.filemayor-license.json');
 const KEY_PREFIX = 'FM';
-const CHECKSUM_SECRET = 'filemayor-chevza-2026';
+const CHECKSUM_SECRET = process.env.FM_CHECKSUM_SECRET || 'filemayor-chevza-2026';
 
 /**
  * License tiers with capabilities
@@ -66,10 +66,12 @@ const BUILTIN_KEYS = {
  * @returns {string} 5-char checksum
  */
 function generateChecksum(body) {
-    const hash = crypto.createHmac('sha256', CHECKSUM_SECRET)
-        .update(body)
-        .digest('hex');
-    return hash.substring(0, 5).toUpperCase();
+    // Ported from Admin Dashboard simpleHash for cross-platform compatibility
+    let hash = 0;
+    for (let i = 0; i < body.length; i++) {
+        hash = ((hash << 5) - hash + body.charCodeAt(i)) | 0;
+    }
+    return Math.abs(hash).toString(36).toUpperCase().padEnd(5, '0').substring(0, 5);
 }
 
 /**
@@ -284,16 +286,13 @@ function checkProFeature(feature, featureLabel) {
     return {
         allowed: false,
         message: [
-            `⚡ ${featureLabel} is a Pro feature`,
+            c('yellow', `⚡ ${featureLabel} is a Pro Feature`),
             '',
-            '  Upgrade to Pro to unlock:',
-            '  • Real-time file watching & auto-organize',
-            '  • AI-powered SOP parsing (Gemini)',
-            '  • Bulk organize (unlimited files)',
-            '  • CSV export for all reports',
+            `  FileMayor Core is free. ${featureLabel} requires a Pro License.`,
+            '  Unlocks: Real-time Watch, AI SOP Engine, and Unlimited Bulk processing.',
             '',
-            '  Get your license: https://filemayor.lemonsqueezy.com/checkout/buy/7fdcc87f-0660-4c1c-b3db-99f94773b71a',
-            '  Then run: filemayor license activate YOUR-KEY',
+            '  Get Key: https://filemayor.com/pro',
+            '  Activate: filemayor license activate YOUR-KEY',
             '',
         ].join('\n'),
     };

package/core/metadata-store.js

@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+
+/**
+ * ═══════════════════════════════════════════════════════════════════
+ * FILEMAYOR CORE — METADATA STORE
+ * Lightweight, persistent indexing for S2 compliance (<300ms search).
+ * ═══════════════════════════════════════════════════════════════════
+ */
+
+'use strict';
+
+const fs = require('fs').promises;
+const fssync = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+class MetadataStore {
+    constructor(dbPath) {
+        this.rootPath = dbPath || path.join(os.homedir(), '.filemayor', 'metadata_index.json');
+        this.index = {
+            version: '1.0',
+            lastUpdated: null,
+            files: {} // path -> metadata
+        };
+        this._ensureDir();
+        this.load();
+    }
+
+    _ensureDir() {
+        const dir = path.dirname(this.rootPath);
+        if (!fssync.existsSync(dir)) {
+            fssync.mkdirSync(dir, { recursive: true });
+        }
+    }
+
+    load() {
+        try {
+            if (fssync.existsSync(this.rootPath)) {
+                const data = fssync.readFileSync(this.rootPath, 'utf8');
+                this.index = JSON.parse(data);
+            }
+        } catch (err) {
+            console.error('[IDX] Failed to load index:', err.message);
+        }
+    }
+
+    async save() {
+        try {
+            this.index.lastUpdated = new Date().toISOString();
+            await fs.writeFile(this.rootPath, JSON.stringify(this.index, null, 2));
+        } catch (err) {
+            console.error('[IDX] Failed to save index:', err.message);
+        }
+    }
+
+    /**
+     * Update the index with fresh file metadata
+     * @param {Object[]} files 
+     */
+    update(files) {
+        for (const file of files) {
+            this.index.files[file.path] = {
+                name: file.name,
+                size: file.size,
+                mtime: file.modified,
+                category: file.category,
+                ext: file.ext
+            };
+        }
+    }
+
+    /**
+     * Search the index with < 300ms latency
+     * @param {string} query 
+     * @returns {Object[]}
+     */
+    search(query) {
+        const startTime = Date.now();
+        const results = [];
+        const lowerQuery = query.toLowerCase();
+
+        for (const [filePath, meta] of Object.entries(this.index.files)) {
+            if (meta.name.toLowerCase().includes(lowerQuery) || filePath.toLowerCase().includes(lowerQuery)) {
+                results.push({ path: filePath, ...meta });
+            }
+            if (results.length > 100) break; // Cap results for performance
+        }
+
+        const duration = Date.now() - startTime;
+        return {
+            results,
+            duration,
+            totalFound: results.length
+        };
+    }
+
+    clear() {
+        this.index.files = {};
+        this.save();
+    }
+}
+
+module.exports = new MetadataStore();

package/core/organizer.js

@@ -14,7 +14,10 @@ const fs = require('fs');
 const path = require('path');
 const { categorize, getCategories } = require('./categories');
 const { scan } = require('./scanner');
-const { validatePath, isFileSafe, sanitizeFilename, canWrite, createSnapshot } = require('./security');
+const { 
+    validatePath, isFileSafe, sanitizeFilename, canWrite, createSnapshot,
+    findNearestSubstrate 
+} = require('./security');
 const { formatBytes } = require('./scanner');
 
 // ─── Naming Conventions ───────────────────────────────────────────
@@ -175,6 +178,13 @@ function generatePlan(srcDir, options = {}) {
 
     // Build the plan
     for (const file of scanResult.files) {
+        // Substrate Protection (v3.5)
+        // If file is inside a project substrate, DO NOT scatter it by default
+        const projectRoot = findNearestSubstrate(file.path);
+        if (projectRoot) {
+            continue; // Skip project-locked files
+        }
+
         const category = file.category;
         categoryCounts[category] = (categoryCounts[category] || 0);
 
@@ -241,22 +251,23 @@ function generatePlan(srcDir, options = {}) {
 
 // ─── Execution ────────────────────────────────────────────────────
 
+const FileMayorFS = require('./fs-abstraction');
+const fmfs = new FileMayorFS();
+
 /**
  * Execute a move plan with journal logging for rollback
  * @param {MovePlanItem[]} plan - The move plan to execute
  * @param {Object} options - Execution options
  * @returns {{ results: Object[], journal: Object[], summary: Object }}
  */
-function executePlan(plan, options = {}) {
+async function executePlan(plan, options = {}) {
     const {
         onProgress = null,
         onError = null,
-        journalPath = null,   // Path to save rollback journal
-        abortOnError = false, // Stop on first error
+        abortOnError = false,
     } = options;
 
     const results = [];
-    const journal = [];
     let succeeded = 0;
     let failed = 0;
     let skipped = 0;
@@ -264,7 +275,6 @@ function executePlan(plan, options = {}) {
     for (let i = 0; i < plan.length; i++) {
         const item = plan[i];
 
-        // Progress callback
         if (onProgress) {
             onProgress({
                 current: i + 1,
@@ -276,104 +286,21 @@ function executePlan(plan, options = {}) {
             });
         }
 
-        // Skip items marked as skip
         if (item.action === 'skip') {
             results.push({ ...item, status: 'skipped', error: null });
             skipped++;
             continue;
         }
 
-        // Safety check
-        const safeCheck = isFileSafe(item.source);
-        if (!safeCheck.safe) {
-            const error = `Safety check failed: ${safeCheck.reason}`;
-            results.push({ ...item, status: 'error', error });
-            failed++;
-            if (onError) onError({ item, error });
-            if (abortOnError) break;
-            continue;
-        }
-
-        // Create destination directory
-        const destDir = path.dirname(item.destination);
         try {
-            fs.mkdirSync(destDir, { recursive: true });
-        } catch (err) {
-            const error = `Failed to create directory: ${err.message}`;
-            results.push({ ...item, status: 'error', error });
-            failed++;
-            if (onError) onError({ item, error });
-            if (abortOnError) break;
-            continue;
-        }
-
-        // Create pre-move snapshot for integrity
-        const snapshot = createSnapshot(item.source);
-
-        // Execute the move
-        try {
-            // Handle overwrite
-            if (item.action === 'overwrite' && fs.existsSync(item.destination)) {
-                fs.unlinkSync(item.destination);
-            }
-
-            // Perform the move
-            fs.renameSync(item.source, item.destination);
-
-            // Journal entry for rollback
-            const journalEntry = {
-                source: item.source,
-                destination: item.destination,
-                originalName: item.originalName,
-                newName: item.newName,
-                size: item.size,
-                timestamp: Date.now(),
-                snapshot
-            };
-            journal.push(journalEntry);
-
+            await fmfs.move(item.source, item.destination);
             results.push({ ...item, status: 'success', error: null });
             succeeded++;
         } catch (err) {
-            // If rename fails (cross-device), try copy + delete
-            try {
-                fs.copyFileSync(item.source, item.destination);
-                fs.unlinkSync(item.source);
-
-                const journalEntry = {
-                    source: item.source,
-                    destination: item.destination,
-                    originalName: item.originalName,
-                    newName: item.newName,
-                    size: item.size,
-                    timestamp: Date.now(),
-                    snapshot,
-                    crossDevice: true
-                };
-                journal.push(journalEntry);
-
-                results.push({ ...item, status: 'success', error: null });
-                succeeded++;
-            } catch (copyErr) {
-                const error = `Move failed: ${copyErr.message}`;
-                results.push({ ...item, status: 'error', error });
-                failed++;
-                if (onError) onError({ item, error });
-                if (abortOnError) break;
-            }
-        }
-    }
-
-    // Save journal to disk if path provided
-    if (journalPath && journal.length > 0) {
-        try {
-            const existing = fs.existsSync(journalPath)
-                ? JSON.parse(fs.readFileSync(journalPath, 'utf8'))
-                : [];
-            const merged = [...existing, ...journal];
-            fs.writeFileSync(journalPath, JSON.stringify(merged, null, 2), 'utf8');
-        } catch (err) {
-            // Journal save failed — non-fatal
+            results.push({ ...item, status: 'error', error: err.message });
+            failed++;
+            if (onError) onError({ item, error: err.message });
+            if (abortOnError) break;
         }
     }
 
@@ -386,7 +313,7 @@ function executePlan(plan, options = {}) {
         totalSizeHuman: formatBytes(plan.reduce((sum, p) => sum + p.size, 0))
     };
 
-    return { results, journal, summary };
+    return { results, journal: fmfs.getJournal(), summary };
 }
 
 // ─── Rollback (Undo) ──────────────────────────────────────────────
@@ -395,50 +322,11 @@ function executePlan(plan, options = {}) {
  * Rollback operations using a journal
  * @param {Object[]} journal - Journal entries from executePlan
  * @param {Object} options - Rollback options
- * @returns {{ undone: number, failed: number, errors: string[] }}
  */
-function rollback(journal, options = {}) {
-    const { onProgress = null } = options;
-    let undone = 0;
-    let failed = 0;
-    const errors = [];
-
-    // Process in reverse order (most recent first)
-    const reversed = [...journal].reverse();
-
-    for (let i = 0; i < reversed.length; i++) {
-        const entry = reversed[i];
-
-        if (onProgress) {
-            onProgress({
-                current: i + 1,
-                total: reversed.length,
-                percent: Math.round(((i + 1) / reversed.length) * 100),
-                file: entry.originalName
-            });
-        }
-
-        try {
-            // Ensure source directory exists
-            const sourceDir = path.dirname(entry.source);
-            fs.mkdirSync(sourceDir, { recursive: true });
-
-            // Move back
-            if (entry.crossDevice) {
-                fs.copyFileSync(entry.destination, entry.source);
-                fs.unlinkSync(entry.destination);
-            } else {
-                fs.renameSync(entry.destination, entry.source);
-            }
-
-            undone++;
-        } catch (err) {
-            failed++;
-            errors.push(`Failed to undo ${entry.originalName}: ${err.message}`);
-        }
-    }
-
-    return { undone, failed, errors };
+async function rollback(journal, options = {}) {
+    // Fill the fmfs internal journal with the passed journal to use its logic
+    fmfs.sessionJournal = journal;
+    return await fmfs.rollback();
 }
 
 /**
@@ -463,13 +351,12 @@ function loadJournal(journalPath) {
  * @param {Object} options - Full options
  * @returns {{ results: Object[], journal: Object[], planSummary: Object, execSummary: Object }}
  */
-function organize(dirPath, options = {}) {
+async function organize(dirPath, options = {}) {
     const {
         dryRun = false,
         naming = 'original',
         outputDir = null,
         duplicateStrategy = 'rename',
-        journalPath = null,
         onProgress = null,
         onError = null,
         abortOnError = false,
@@ -498,10 +385,9 @@ function organize(dirPath, options = {}) {
     }
 
     // Execute
-    const { results, journal, summary: execSummary } = executePlan(plan, {
+    const { results, journal, summary: execSummary } = await executePlan(plan, {
         onProgress,
         onError,
-        journalPath: journalPath || path.join(dirPath, '.filemayor-journal.json'),
         abortOnError
     });