foliko 1.0.74 → 1.0.75

package/plugins/file-system-plugin.js

@@ -21,6 +21,24 @@ class FileSystemPlugin extends Plugin {
     const path = require('path')
     const { exec } = require('child_process')
 
+    // 路径安全验证：防止路径穿越攻击
+    const validatePath = (filePath, allowOutsideCwd = false) => {
+      const resolved = path.resolve(filePath)
+      const cwd = process.cwd()
+
+      // 允许绝对路径且在允许列表中的路径（如果有的话）
+      if (allowOutsideCwd) {
+        return { valid: true, resolved }
+      }
+
+      // 检查是否在 cwd 目录下
+      if (!resolved.startsWith(cwd)) {
+        return { valid: false, error: `路径不允许访问: ${filePath}` }
+      }
+
+      return { valid: true, resolved }
+    }
+
     // 读取目录
     framework.registerTool({
       name: 'read_directory',
@@ -95,25 +113,32 @@ class FileSystemPlugin extends Plugin {
         if (!filePath) {
           return { success: false, error: 'path 是必填参数' }
         }
+
+        // 路径安全验证
+        const pathCheck = validatePath(filePath)
+        if (!pathCheck.valid) {
+          return { success: false, error: pathCheck.error }
+        }
+
         try {
-          if (!fs.existsSync(filePath)) {
+          if (!fs.existsSync(pathCheck.resolved)) {
             return { success: false, error: '文件不存在' }
           }
-          const stat = fs.statSync(filePath)
+          const stat = fs.statSync(pathCheck.resolved)
           if (stat.size > 1024 * 1024) {
             return { success: false, error: '文件太大，超过 1MB' }
           }
           let content
           if (lines) {
-            const fileContent = fs.readFileSync(filePath, 'utf8')
+            const fileContent = fs.readFileSync(pathCheck.resolved, 'utf8')
             const allLines = fileContent.split('\n')
             content = allLines.slice(0, lines).join('\n')
           } else {
-            content = fs.readFileSync(filePath, 'utf8')
+            content = fs.readFileSync(pathCheck.resolved, 'utf8')
           }
           return {
             success: true,
-            filePath,
+            filePath: pathCheck.resolved,
             content,
             size: stat.size,
             lines: lines ? null : content.split('\n').length
@@ -137,13 +162,20 @@ class FileSystemPlugin extends Plugin {
         if (!filePath || !content) {
           return { success: false, error: 'path 和 content 都是必填参数' }
         }
+
+        // 路径安全验证
+        const pathCheck = validatePath(filePath)
+        if (!pathCheck.valid) {
+          return { success: false, error: pathCheck.error }
+        }
+
         try {
-          const dir = path.dirname(filePath)
+          const dir = path.dirname(pathCheck.resolved)
           if (!fs.existsSync(dir)) {
             fs.mkdirSync(dir, { recursive: true })
           }
-          fs.writeFileSync(filePath, content, 'utf8')
-          return { success: true, message: `文件已写入: ${filePath}`, filePath, size: content.length }
+          fs.writeFileSync(pathCheck.resolved, content, 'utf8')
+          return { success: true, message: `文件已写入: ${pathCheck.resolved}`, filePath: pathCheck.resolved, size: content.length }
         } catch (error) {
           return { success: false, error: error.message }
         }
@@ -162,21 +194,28 @@ class FileSystemPlugin extends Plugin {
       execute: async (args, framework) => {
         const targetPath = args.path || args.targetPath
         const recursive = args.recursive || false
+
+        // 路径安全验证
+        const pathCheck = validatePath(targetPath)
+        if (!pathCheck.valid) {
+          return { success: false, error: pathCheck.error }
+        }
+
         try {
-          if (!fs.existsSync(targetPath)) {
+          if (!fs.existsSync(pathCheck.resolved)) {
             return { success: false, error: '目标不存在' }
           }
-          const stat = fs.statSync(targetPath)
+          const stat = fs.statSync(pathCheck.resolved)
           if (stat.isDirectory()) {
             if (recursive) {
-              fs.rmSync(targetPath, { recursive: true, force: true })
+              fs.rmSync(pathCheck.resolved, { recursive: true, force: true })
             } else {
-              fs.rmdirSync(targetPath)
+              fs.rmdirSync(pathCheck.resolved)
             }
           } else {
-            fs.unlinkSync(targetPath)
+            fs.unlinkSync(pathCheck.resolved)
           }
-          return { success: true, message: `已删除: ${targetPath}` }
+          return { success: true, message: `已删除: ${pathCheck.resolved}` }
         } catch (error) {
           return { success: false, error: error.message }
         }
@@ -184,64 +223,236 @@ class FileSystemPlugin extends Plugin {
     })
 
     // 修改文件（替换文本）
-    framework.registerTool({
-      name: 'modify_file',
-      description: '修改文件内容（替换文本）',
-      inputSchema: z.object({
-        path: z.string().optional().describe('文件路径'),
-        filePath: z.string().optional().describe('文件路径(同path)'),
-        find: z.string().describe('要查找的文本'),
-        replace: z.string().describe('替换后的文本'),
-        replaceAll: z.boolean().optional().describe('替换所有匹配')
-      }),
-      execute: async (args, framework) => {
-        const filePath = args.path || args.filePath
-        const find = args.find
-        const replace = args.replace
-        const replaceAll = args.replaceAll || false
-        try {
-          if (!fs.existsSync(filePath)) {
-            return { success: false, error: '文件不存在' }
-          }
-          let content = fs.readFileSync(filePath, 'utf8')
-          if (replaceAll) {
-            content = content.split(find).join(replace)
-          } else {
-            content = content.replace(find, replace)
+        framework.registerTool({
+          name: 'modify_file',
+          description: '修改文件内容（替换文本），支持精确匹配和正则',
+          inputSchema: z.object({
+            filePath: z.string().describe('文件路径（必须）'),
+            find: z.string().min(1).describe('要查找的文本（必填，不能为空）'),
+            replace: z.string().describe('替换后的文本'),
+            replaceAll: z.boolean().optional().describe('是否替换所有匹配，默认 true'),
+            useRegex: z.boolean().optional().describe('是否使用正则表达式匹配，默认 false'),
+            backup: z.boolean().default(false).describe('修改前是否创建备份，默认 false')
+          }),
+          execute: async (args, framework) => {
+            const filePath = args.filePath || args.path
+            const find = args.find
+            const replace = args.replace
+            const replaceAll = args.replaceAll !== false // 默认 true
+            const useRegex = args.useRegex === true
+            const backup = args.backup !== false // 默认 true
+
+            // 校验 filePath
+            if (!filePath || typeof filePath !== 'string' || filePath.trim() === '') {
+              return { success: false, error: 'filePath 是必填参数，不能为空' }
+            }
+
+            // 校验 find
+            if (!find || typeof find !== 'string' || find.trim() === '') {
+              return { success: false, error: 'find 是必填参数，不能为空字符串' }
+            }
+
+            // 路径安全验证
+            const pathCheck = validatePath(filePath)
+            if (!pathCheck.valid) {
+              return { success: false, error: pathCheck.error }
+            }
+
+            try {
+              if (!fs.existsSync(pathCheck.resolved)) {
+                return { success: false, error: '文件不存在' }
+              }
+
+              // 检查是否是二进制文件
+              const stats = fs.statSync(pathCheck.resolved)
+              if (stats.size > 10 * 1024 * 1024) {
+                return { success: false, error: '文件超过 10MB，不支持修改' }
+              }
+
+              let content = fs.readFileSync(pathCheck.resolved, 'utf8')
+              let count = 0
+              const matches = []
+
+              if (useRegex) {
+                // 正则表达式模式
+                const flags = replaceAll ? 'g' : ''
+                const regex = new RegExp(find, flags)
+
+                let match
+                while ((match = regex.exec(content)) !== null) {
+                  matches.push({
+                    index: match.index,
+                    length: match[0].length,
+                    text: match[0]
+                  })
+                  if (!replaceAll) break
+                }
+
+                if (matches.length > 0) {
+                  count = replaceAll ? matches.length : 1
+                  content = content.replace(regex, replace)
+                }
+              } else {
+                // 精确字符串匹配
+                const escapedFind = find.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+                const flags = replaceAll ? 'g' : ''
+                const regex = new RegExp(escapedFind, flags)
+
+                let match
+                while ((match = regex.exec(content)) !== null) {
+                  matches.push({
+                    index: match.index,
+                    length: match[0].length,
+                    text: match[0]
+                  })
+                  if (!replaceAll) break
+                }
+
+                if (matches.length > 0) {
+                  count = replaceAll ? matches.length : 1
+                  content = content.replace(regex, replace)
+                }
+              }
+
+              if (count === 0) {
+                return {
+                  success: false,
+                  error: `未找到匹配文本: "${find.substring(0, 50)}${find.length > 50 ? '...' : ''}"`,
+                  filePath
+                }
+              }
+
+              // 创建备份
+              if (backup) {
+                const backupPath = pathCheck.resolved + '.bak'
+                fs.writeFileSync(backupPath, fs.readFileSync(pathCheck.resolved), 'utf8')
+              }
+
+              // 原子写入：先写临时文件，再 rename
+              const tempPath = pathCheck.resolved + '.tmp.' + Date.now()
+              fs.writeFileSync(tempPath, content, 'utf8')
+
+              // 验证写入内容
+              const verifyContent = fs.readFileSync(tempPath, 'utf8')
+              if (verifyContent !== content) {
+                fs.unlinkSync(tempPath)
+                return { success: false, error: '写入验证失败，内容不匹配' }
+              }
+
+              fs.renameSync(tempPath, pathCheck.resolved)
+
+              return {
+                success: true,
+                message: `文件已修改: ${pathCheck.resolved}`,
+                filePath: pathCheck.resolved,
+                replacements: count,
+                matches: matches.slice(0, 5), // 最多返回5个匹配位置
+                backupCreated: backup
+              }
+            } catch (error) {
+              return { success: false, error: error.message }
+            }
           }
-          fs.writeFileSync(filePath, content, 'utf8')
-          return { success: true, message: `文件已修改: ${filePath}`, filePath }
-        } catch (error) {
-          return { success: false, error: error.message }
-        }
-      }
-    })
+        })
 
     // 搜索文件
     framework.registerTool({
       name: 'search_file',
-      description: '在文件或目录中搜索文本',
+      description: '在文件或目录中搜索文本，支持精确匹配和正则表达式',
       inputSchema: z.object({
-        query: z.string().optional().describe('搜索关键词'),
-        pattern: z.string().optional().describe('搜索模式(支持正则)'),
-        searchText: z.string().optional().describe('搜索文本'),
-        path: z.string().optional().describe('搜索目录'),
-        dirPath: z.string().optional().describe('搜索目录(同path)'),
-        file: z.string().optional().describe('搜索指定文件'),
-        fileType: z.string().optional().describe('文件类型过滤'),
-        maxResults: z.number().optional().describe('最大结果数'),
-        contextLines: z.number().optional().describe('匹配行的上下文行数')
+        pattern: z.string().describe('搜索模式（关键词或正则表达式）'),
+        path: z.string().optional().describe('搜索目录路径'),
+        file: z.string().optional().describe('搜索指定文件（与 path 二选一）'),
+        fileType: z.string().optional().describe('文件类型过滤，如 .js、.py'),
+        maxResults: z.number().optional().describe('最大结果数，默认 100'),
+        maxResultsPerFile: z.number().optional().describe('每个文件最大结果数，默认 50'),
+        contextLines: z.number().optional().describe('匹配行的上下文行数，默认 0'),
+        caseSensitive: z.boolean().optional().describe('是否大小写敏感，默认 false'),
+        useRegex: z.boolean().optional().describe('是否使用正则表达式，默认 false'),
+        excludeDirs: z.array(z.string()).optional().describe('排除的目录名，默认 ["node_modules", ".git", "dist", "build"]')
       }),
       execute: async (args, framework) => {
-        const pattern = args.query || args.pattern || args.searchText || ''
-        const dirPath = args.path || args.dirPath || '.'
+        const pattern = args.pattern
+        const dirPath = args.path || process.cwd()
         const targetFile = args.file
         const fileType = args.fileType
-        const maxResults = args.maxResults || 50
+        const maxResults = args.maxResults || 100
+        const maxResultsPerFile = args.maxResultsPerFile || 50
         const contextLines = args.contextLines || 0
+        const caseSensitive = args.caseSensitive === true
+        const useRegex = args.useRegex === true
+        const excludeDirs = args.excludeDirs || ['node_modules', '.git', 'dist', 'build', '.claude']
+
+        if (!pattern || typeof pattern !== 'string' || pattern.trim() === '') {
+          return { success: false, error: 'pattern 是必填参数，不能为空' }
+        }
+
         try {
           const results = []
-          const regex = new RegExp(pattern, 'gi')
+          let regex
+
+          if (useRegex) {
+            // 直接使用正则表达式
+            try {
+              regex = new RegExp(pattern, caseSensitive ? 'g' : 'gi')
+            } catch (e) {
+              return { success: false, error: `无效的正则表达式: ${e.message}` }
+            }
+          } else {
+            // 转义特殊字符作为精确匹配
+            const escaped = pattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+            regex = new RegExp(escaped, caseSensitive ? 'g' : 'gi')
+          }
+
+          const binaryExtensions = ['.jpg', '.jpeg', '.png', '.gif', '.bmp', '.ico', '.exe', '.dll', '.so', '.zip', '.tar', '.gz', '.rar', '.7z', '.pdf', '.doc', '.docx', '.xls', '.xlsx', '.ppt', '.pptx', '.mp3', '.mp4', '.avi', '.mkv', '.wav', '.flac']
+
+          const searchInContent = (content, filePath) => {
+            const matches = []
+            const lines = content.split('\n')
+            let fileResultsCount = 0
+
+            for (let i = 0; i < lines.length; i++) {
+              if (fileResultsCount >= maxResultsPerFile) break
+              const line = lines[i]
+              regex.lastIndex = 0 // 重置 regex 状态
+
+              if (regex.test(line)) {
+                // 找到所有匹配的位置
+                const lineMatches = []
+                regex.lastIndex = 0
+                let match
+                while ((match = regex.exec(line)) !== null) {
+                  lineMatches.push({
+                    column: match.index,
+                    length: match[0].length,
+                    text: match[0]
+                  })
+                  if (!regex.global) break
+                }
+
+                const matchInfo = {
+                  file: filePath,
+                  line: i + 1,
+                  content: line.substring(0, 300),
+                  matches: lineMatches
+                }
+
+                if (contextLines > 0) {
+                  const start = Math.max(0, i - contextLines)
+                  const end = Math.min(lines.length, i + contextLines + 1)
+                  matchInfo.context = lines.slice(start, end).map((l, idx) => ({
+                    line: start + idx + 1,
+                    content: l
+                  }))
+                }
+
+                matches.push(matchInfo)
+                fileResultsCount++
+              }
+            }
+
+            return matches
+          }
 
           // 搜索单个文件
           if (targetFile) {
@@ -249,74 +460,85 @@ class FileSystemPlugin extends Plugin {
             if (!fs.existsSync(fullPath)) {
               return { success: false, error: `文件不存在: ${targetFile}` }
             }
+
+            const ext = path.extname(fullPath).toLowerCase()
+            if (binaryExtensions.includes(ext)) {
+              return { success: false, error: `不支持搜索二进制文件: ${ext}` }
+            }
+
             try {
               const content = fs.readFileSync(fullPath, 'utf8')
-              const lines = content.split('\n')
-              for (let i = 0; i < lines.length; i++) {
-                if (regex.test(lines[i])) {
-                  let matchInfo = { file: targetFile, line: i + 1, content: lines[i].substring(0, 200) }
-                  // 添加上下文行
-                  if (contextLines > 0) {
-                    const start = Math.max(0, i - contextLines)
-                    const end = Math.min(lines.length, i + contextLines + 1)
-                    matchInfo.context = lines.slice(start, end).map((l, idx) => ({
-                      line: start + idx + 1,
-                      content: l
-                    }))
-                  }
-                  results.push(matchInfo)
-                  if (results.length >= maxResults) break
-                }
-              }
-              regex.lastIndex = 0
+              const fileMatches = searchInContent(content, targetFile)
+              results.push(...fileMatches)
             } catch (e) {
               return { success: false, error: `读取文件失败: ${e.message}` }
             }
           } else {
             // 搜索目录
             const searchDir = (currentPath, depth = 0) => {
-              if (depth > 5 || results.length >= maxResults) return
-              const entries = fs.readdirSync(currentPath, { withFileTypes: true })
+              if (depth > 10 || results.length >= maxResults) return
+
+              let entries
+              try {
+                entries = fs.readdirSync(currentPath, { withFileTypes: true })
+              } catch (e) {
+                return // 跳过无法读取的目录
+              }
+
               for (const entry of entries) {
                 if (results.length >= maxResults) break
+
                 const fullPath = path.join(currentPath, entry.name)
                 const relativePath = path.relative(process.cwd(), fullPath)
-                if (relativePath.includes('node_modules') || relativePath.includes('.git') ||
-                    relativePath.includes('dist') || relativePath.includes('build')) {
-                  continue
-                }
+
+                // 检查是否在排除目录中
+                const shouldExclude = excludeDirs.some(exclude =>
+                  relativePath.includes(exclude)
+                )
+                if (shouldExclude) continue
+
                 if (entry.isDirectory()) {
                   searchDir(fullPath, depth + 1)
                 } else if (entry.isFile()) {
+                  // 文件类型过滤
                   if (fileType && !entry.name.endsWith(fileType)) continue
-                  const ext = path.extname(entry.name)
-                  if (['.jpg', '.png', '.gif', '.exe', '.dll', '.zip'].includes(ext)) continue
+
+                  const ext = path.extname(entry.name).toLowerCase()
+                  if (binaryExtensions.includes(ext)) continue
+
                   try {
                     const content = fs.readFileSync(fullPath, 'utf8')
-                    const lines = content.split('\n')
-                    for (let i = 0; i < lines.length; i++) {
-                      if (regex.test(lines[i])) {
-                        let matchInfo = { file: relativePath, line: i + 1, content: lines[i].substring(0, 200) }
-                        if (contextLines > 0) {
-                          const start = Math.max(0, i - contextLines)
-                          const end = Math.min(lines.length, i + contextLines + 1)
-                          matchInfo.context = lines.slice(start, end).map((l, idx) => ({
-                            line: start + idx + 1,
-                            content: l
-                          }))
-                        }
-                        results.push(matchInfo)
-                        if (results.length >= maxResults) break
-                      }
+                    const fileMatches = searchInContent(content, relativePath)
+
+                    for (const match of fileMatches) {
+                      if (results.length >= maxResults) break
+                      results.push(match)
                     }
-                    regex.lastIndex = 0
-                  } catch (e) { }
+                  } catch (e) {
+                    // 跳过无法读取的文件
+                  }
                 }
               }
             }
+
             searchDir(dirPath)
           }
-          return { success: true, pattern, results: results.slice(0, maxResults), total: results.length }
+
+          // 计算统计信息
+          const filesWithMatches = new Set(results.map(r => r.file)).size
+          const totalMatches = results.reduce((sum, r) => sum + (r.matches?.length || 1), 0)
+
+          return {
+            success: true,
+            pattern,
+            results: results.slice(0, maxResults),
+            total: results.length,
+            stats: {
+              filesWithMatches,
+              totalMatches,
+              searchPath: targetFile || dirPath
+            }
+          }
         } catch (error) {
           return { success: false, error: error.message }
         }
@@ -337,13 +559,45 @@ class FileSystemPlugin extends Plugin {
       execute: async (args, framework) => {
         const command = args.cmd || args.command || args.run
         const cwd = args.cwd || process.cwd()
-        const timeout = args.timeout || 30000
+        const timeout = Math.min(args.timeout || 30000, 120000) // 最多 2 分钟
+
+        // 验证命令：检查危险的 shell 模式
+        const dangerousPatterns = [
+          /;\s*rm\s+/i,           // ; rm -rf
+          /\|\s*rm\s+/i,          // | rm -rf
+          /&&\s*rm\s+/i,          // && rm -rf
+          /;\s*del\s+/i,          // ; del
+          /\|\s*del\s+/i,         // | del
+          /&\s*rm\s+/i,           // & rm -rf
+          /;\s*format\s+/i,       // ; format
+          /&\s*format\s+/i,       // & format
+          /\$\(/i,                // $(command substitution)
+          /`[^`]+`/i,             // `command substitution`
+          />\s*\/dev\//i,         // redirect to /dev/
+          /<\s*\/dev\//i,         // read from /dev/
+        ]
+
+        for (const pattern of dangerousPatterns) {
+          if (pattern.test(command)) {
+            return {
+              success: false,
+              error: `命令包含可疑模式，已拒绝执行: ${pattern.toString()}`
+            }
+          }
+        }
+
+        // 验证 cwd 路径
+        const resolvedCwd = path.resolve(cwd)
+        if (!fs.existsSync(resolvedCwd)) {
+          return { success: false, error: `工作目录不存在: ${resolvedCwd}` }
+        }
+
         return new Promise((resolve) => {
           const startTime = Date.now()
-          exec(command, { cwd, timeout }, (error, stdout, stderr) => {
+          exec(command, { cwd: resolvedCwd, timeout, shell: true }, (error, stdout, stderr) => {
             const duration = Date.now() - startTime
             if (error) {
-              resolve({ success: false, command, error: error.message, stderr, duration })
+              resolve({ success: false, command, error: error.message, stderr: stderr.substring(0, 1000), duration })
             } else {
               resolve({
                 success: true,
@@ -358,6 +612,102 @@ class FileSystemPlugin extends Plugin {
       }
     })
 
+    // 执行 Bash 命令
+    framework.registerTool({
+      name: 'bash',
+      description: '执行 Bash 命令（支持 Linux/macOS/Windows Git Bash）',
+      inputSchema: z.object({
+        cmd: z.string().optional().describe('要执行的 bash 命令'),
+        command: z.string().optional().describe('要执行的 bash 命令(同cmd)'),
+        cwd: z.string().optional().describe('工作目录'),
+        timeout: z.number().optional().describe('超时时间(ms)')
+      }),
+      execute: async (args, framework) => {
+        const command = args.cmd || args.command
+        const cwd = args.cwd || process.cwd()
+        const timeout = Math.min(args.timeout || 30000, 120000)
+
+        if (!command) {
+          return { success: false, error: 'cmd/command 是必填参数' }
+        }
+
+        // 验证命令：检查危险的 shell 模式
+        const dangerousPatterns = [
+          /;\s*rm\s+-rf/i,
+          /\|\s*rm\s+/i,
+          /&&\s*rm\s+/i,
+          /;\s*del\s+/i,
+          /\$\(/i,
+          /`[^`]+`/i,
+          />\s*\/dev\//i,
+          /<\s*\/dev\//i,
+        ]
+
+        for (const pattern of dangerousPatterns) {
+          if (pattern.test(command)) {
+            return {
+              success: false,
+              error: `命令包含可疑模式，已拒绝执行: ${pattern.toString()}`
+            }
+          }
+        }
+
+        // 验证 cwd 路径
+        const resolvedCwd = path.resolve(cwd)
+        if (!fs.existsSync(resolvedCwd)) {
+          return { success: false, error: `工作目录不存在: ${resolvedCwd}` }
+        }
+
+        // 确定 bash 路径
+        let bashPath = 'bash'
+        const isWindows = process.platform === 'win32'
+
+        if (isWindows) {
+          // Windows 下尝试查找 Git Bash
+          const possiblePaths = [
+            'C:\\Program Files\\Git\\bin\\bash.exe',
+            'C:\\Program Files (x86)\\Git\\bin\\bash.exe',
+            process.env.GIT_BASH_PATH || 'bash'
+          ]
+          for (const p of possiblePaths) {
+            if (fs.existsSync(p)) {
+              bashPath = p
+              break
+            }
+          }
+        }
+
+        return new Promise((resolve) => {
+          const startTime = Date.now()
+          exec(
+            `"${bashPath}" -c ${JSON.stringify(command)}`,
+            { cwd: resolvedCwd, timeout, shell: false },
+            (error, stdout, stderr) => {
+              const duration = Date.now() - startTime
+              if (error) {
+                resolve({
+                  success: false,
+                  command,
+                  error: error.message,
+                  stderr: stderr.substring(0, 2000),
+                  stdout: stdout.substring(0, 2000),
+                  duration
+                })
+              } else {
+                resolve({
+                  success: true,
+                  command,
+                  stdout: stdout.substring(0, 10000),
+                  stderr: stderr.substring(0, 1000),
+                  duration
+                })
+              }
+            }
+          )
+        })
+      }
+    })
+
     // 获取北京时间
     framework.registerTool({
       name: 'get_time',