npm - gsd-pi - Versions diffs - 2.70.0-dev.8f4d92b → 2.70.0-dev.c236ea4 - Mend

gsd-pi 2.70.0-dev.8f4d92b → 2.70.0-dev.c236ea4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/src/resources/extensions/gsd/validate-directory.ts CHANGED Viewed

@@ -61,6 +61,33 @@ const WINDOWS_BLOCKED_PATHS = new Set([
   "C:\\Program Files (x86)",
 ]);
+const WINDOWS_BLOCKED_SUFFIXES = new Set([
+  "\\",
+  "\\windows",
+  "\\windows\\system32",
+  "\\program files",
+  "\\program files (x86)",
+]);
+function normalizePathForComparison(dirPath: string): string {
+  let normalized = dirPath.replace(/[/\\]+$/, "");
+  if (normalized === "") {
+    normalized = "/";
+  } else if (/^[A-Za-z]:$/.test(normalized)) {
+    normalized += "\\";
+  }
+  return platform() === "win32" ? normalized.toLowerCase() : normalized;
+}
+function isBlockedWindowsPath(normalized: string): boolean {
+  if (!/^[a-z]:\\/.test(normalized)) {
+    return false;
+  }
+  const suffix = normalized.slice(2);
+  return WINDOWS_BLOCKED_SUFFIXES.has(suffix);
+}
 // ─── Core Validation ────────────────────────────────────────────────────────────
 /**
@@ -84,16 +111,11 @@ export function validateDirectory(dirPath: string): DirectoryValidationResult {
   // Normalize trailing slashes for consistent comparison.
   // Special cases: "/" → "/" (not ""), "C:\" → "C:\" (not "C:")
-  let normalized = resolved.replace(/[/\\]+$/, "");
-  if (normalized === "") {
-    normalized = "/";
-  } else if (/^[A-Za-z]:$/.test(normalized)) {
-    normalized = normalized + "\\";
-  }
+  const normalized = normalizePathForComparison(resolved);
   // ── Check 1: Blocked system paths ──────────────────────────────────────
   const blockedPaths = platform() === "win32" ? WINDOWS_BLOCKED_PATHS : UNIX_BLOCKED_PATHS;
-  if (blockedPaths.has(normalized)) {
+  if (platform() === "win32" ? isBlockedWindowsPath(normalized) : blockedPaths.has(normalized)) {
     return {
       safe: false,
       severity: "blocked",
@@ -104,9 +126,9 @@ export function validateDirectory(dirPath: string): DirectoryValidationResult {
   // ── Check 2: Home directory itself (not subdirs) ───────────────────────
   let resolvedHome: string;
   try {
-    resolvedHome = realpathSync(resolve(homedir())).replace(/[/\\]+$/, "");
+    resolvedHome = normalizePathForComparison(realpathSync(resolve(homedir())));
   } catch {
-    resolvedHome = resolve(homedir()).replace(/[/\\]+$/, "");
+    resolvedHome = normalizePathForComparison(resolve(homedir()));
   }
   if (normalized === resolvedHome) {
@@ -120,9 +142,9 @@ export function validateDirectory(dirPath: string): DirectoryValidationResult {
   // ── Check 3: Temp directory root ───────────────────────────────────────
   let resolvedTmp: string;
   try {
-    resolvedTmp = realpathSync(resolve(tmpdir())).replace(/[/\\]+$/, "");
+    resolvedTmp = normalizePathForComparison(realpathSync(resolve(tmpdir())));
   } catch {
-    resolvedTmp = resolve(tmpdir()).replace(/[/\\]+$/, "");
+    resolvedTmp = normalizePathForComparison(resolve(tmpdir()));
   }
   if (normalized === resolvedTmp) {

package/src/resources/extensions/slash-commands/audit.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { ExtensionAPI, ExtensionCommandContext } from "@gsd/pi-coding-agent";
+import { mkdirSync } from "node:fs";
 export default function auditCommand(pi: ExtensionAPI) {
 	pi.registerCommand("audit", {
@@ -39,7 +40,7 @@ export default function auditCommand(pi: ExtensionAPI) {
 			// ── Step 3: Ensure the output directory exists ───────────────────────
-			await pi.exec("mkdir", ["-p", ".gsd/audits"]);
+			mkdirSync(".gsd/audits", { recursive: true });
 			// ── Step 4: Send the audit prompt to the agent ───────────────────────

package/src/resources/extensions/subagent/isolation.ts CHANGED Viewed

@@ -53,8 +53,10 @@ interface Baseline {
 // Directory helpers
 // ============================================================================
-function encodeCwd(cwd: string): string {
-	return cwd.replace(/\//g, "--");
+export function encodeCwd(cwd: string): string {
+	// Encode the entire cwd so Windows drive letters, separators, and UNC
+	// prefixes cannot leak into the isolation path.
+	return Buffer.from(cwd, "utf8").toString("base64url");
 }
 const gsdHome = process.env.GSD_HOME || path.join(os.homedir(), ".gsd");
@@ -500,4 +502,3 @@ export function readIsolationMode(): IsolationMode {
 		return "none";
 	}
 }

/package/dist/web/standalone/.next/static/{j_Ae_qOKzzIlA6oFOxVx4 → LWbeDf2XwDjfq_mOlqoGf}/_buildManifest.js RENAMED Viewed

File without changes

/package/dist/web/standalone/.next/static/{j_Ae_qOKzzIlA6oFOxVx4 → LWbeDf2XwDjfq_mOlqoGf}/_ssgManifest.js RENAMED Viewed

File without changes