horizon-code 0.3.3 → 0.5.0

package/src/strategy/workspace.ts

@@ -0,0 +1,175 @@
+// Sandboxed file I/O for LLM strategy mode
+// All operations are confined to ~/.horizon/workspace/
+// Prevents directory traversal, dotfiles, symlink escapes
+
+import { resolve, join, relative, normalize } from "path";
+import { homedir } from "os";
+import { existsSync, mkdirSync, readdirSync, statSync, lstatSync, readlinkSync } from "fs";
+
+const WORKSPACE_ROOT = resolve(homedir(), ".horizon", "workspace");
+const MAX_FILE_SIZE = 1_048_576; // 1MB
+const BLOCKED_EXTENSIONS = new Set([".sh", ".bash", ".zsh"]);
+const DEFAULT_SUBDIRS = ["dashboards", "scripts", "data"];
+
+// Ensure workspace and default subdirs exist
+function ensureWorkspace(): void {
+  if (!existsSync(WORKSPACE_ROOT)) {
+    mkdirSync(WORKSPACE_ROOT, { recursive: true });
+  }
+  for (const sub of DEFAULT_SUBDIRS) {
+    const dir = join(WORKSPACE_ROOT, sub);
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true });
+    }
+  }
+}
+
+/**
+ * Resolve a user-provided path to an absolute path within the workspace.
+ * Blocks: absolute paths, .., dotfiles, null bytes, symlink escapes.
+ */
+export function resolveSafePath(userPath: string): string {
+  // Block null bytes
+  if (userPath.includes("\0")) {
+    throw new Error("Invalid path: null bytes not allowed");
+  }
+
+  // Block absolute paths
+  if (userPath.startsWith("/") || userPath.startsWith("~")) {
+    throw new Error("Invalid path: absolute paths not allowed. Use relative paths within workspace.");
+  }
+
+  // Normalize and resolve relative to workspace
+  const normalized = normalize(userPath);
+
+  // Block .. traversal
+  if (normalized.startsWith("..") || normalized.includes("/..") || normalized.includes("\\..")) {
+    throw new Error("Invalid path: directory traversal (..) not allowed");
+  }
+
+  // Block dotfiles/dotdirs (hidden files)
+  const parts = normalized.split(/[/\\]/);
+  for (const part of parts) {
+    if (part.startsWith(".") && part !== "." && part !== "..") {
+      throw new Error(`Invalid path: dotfiles not allowed (${part})`);
+    }
+  }
+
+  const absolute = resolve(WORKSPACE_ROOT, normalized);
+
+  // Verify the resolved path is still within workspace
+  const rel = relative(WORKSPACE_ROOT, absolute);
+  if (rel.startsWith("..") || resolve(WORKSPACE_ROOT, rel) !== absolute) {
+    throw new Error("Invalid path: resolves outside workspace");
+  }
+
+  // Check for symlink escape (if the path exists)
+  if (existsSync(absolute)) {
+    try {
+      const stat = lstatSync(absolute);
+      if (stat.isSymbolicLink()) {
+        const target = readlinkSync(absolute);
+        const resolvedTarget = resolve(join(absolute, ".."), target);
+        const targetRel = relative(WORKSPACE_ROOT, resolvedTarget);
+        if (targetRel.startsWith("..")) {
+          throw new Error("Invalid path: symlink points outside workspace");
+        }
+      }
+    } catch (e: any) {
+      if (e.message.includes("symlink")) throw e;
+      // stat errors on non-existent paths are fine
+    }
+  }
+
+  return absolute;
+}
+
+/**
+ * Write a file to the workspace. Creates parent directories as needed.
+ * Blocks: files > 1MB, dangerous extensions (.sh, .bash, .zsh).
+ */
+export async function writeWorkspaceFile(path: string, content: string): Promise<{ path: string; size: number }> {
+  ensureWorkspace();
+  const absolute = resolveSafePath(path);
+
+  // Check extension
+  const ext = path.includes(".") ? "." + path.split(".").pop()!.toLowerCase() : "";
+  if (BLOCKED_EXTENSIONS.has(ext)) {
+    throw new Error(`Blocked extension: ${ext} files cannot be written for security`);
+  }
+
+  // Check size
+  const bytes = new TextEncoder().encode(content);
+  if (bytes.length > MAX_FILE_SIZE) {
+    throw new Error(`File too large: ${bytes.length} bytes (max ${MAX_FILE_SIZE})`);
+  }
+
+  // Create parent dirs
+  const parentDir = join(absolute, "..");
+  if (!existsSync(parentDir)) {
+    mkdirSync(parentDir, { recursive: true });
+  }
+
+  await Bun.write(absolute, content);
+  return { path: relative(WORKSPACE_ROOT, absolute), size: bytes.length };
+}
+
+/**
+ * Read a file from the workspace.
+ */
+export async function readWorkspaceFile(path: string): Promise<string> {
+  ensureWorkspace();
+  const absolute = resolveSafePath(path);
+
+  if (!existsSync(absolute)) {
+    throw new Error(`File not found: ${path}`);
+  }
+
+  const stat = statSync(absolute);
+  if (stat.isDirectory()) {
+    throw new Error(`Path is a directory, not a file: ${path}`);
+  }
+  if (stat.size > MAX_FILE_SIZE) {
+    throw new Error(`File too large to read: ${stat.size} bytes (max ${MAX_FILE_SIZE})`);
+  }
+
+  const file = Bun.file(absolute);
+  return await file.text();
+}
+
+/**
+ * List files in a workspace directory.
+ */
+export function listWorkspaceFiles(dir?: string): { name: string; size: number; modified: string }[] {
+  ensureWorkspace();
+  const absolute = dir ? resolveSafePath(dir) : WORKSPACE_ROOT;
+
+  if (!existsSync(absolute)) {
+    return [];
+  }
+
+  const stat = statSync(absolute);
+  if (!stat.isDirectory()) {
+    throw new Error(`Not a directory: ${dir}`);
+  }
+
+  const entries = readdirSync(absolute, { withFileTypes: true });
+  return entries
+    .filter(e => !e.name.startsWith("."))
+    .map(e => {
+      const fullPath = join(absolute, e.name);
+      const s = statSync(fullPath);
+      return {
+        name: e.isDirectory() ? e.name + "/" : e.name,
+        size: s.size,
+        modified: s.mtime.toISOString(),
+      };
+    })
+    .sort((a, b) => a.name.localeCompare(b.name));
+}
+
+/** Get the absolute workspace root path */
+export function getWorkspaceRoot(): string {
+  ensureWorkspace();
+  return WORKSPACE_ROOT;
+}

package/src/syntax/setup.ts

@@ -2,6 +2,7 @@
 // Loads tree-sitter-python WASM and registers it for markdown code blocks
 
 import { resolve } from "path";
+import { existsSync } from "fs";
 
 const assetsDir = resolve(import.meta.dir, "../../assets/python");
 const wasmPath = resolve(assetsDir, "tree-sitter-python.wasm");
@@ -17,9 +18,19 @@ export async function getTreeSitterClient(): Promise<any> {
   if (client) return client;
 
   try {
+    // Verify WASM file exists before attempting to load
+    if (!existsSync(wasmPath)) {
+      console.warn(`[syntax] Python WASM not found at ${wasmPath}`);
+      return null;
+    }
+    if (!existsSync(highlightsPath)) {
+      console.warn(`[syntax] Python highlights.scm not found at ${highlightsPath}`);
+      return null;
+    }
+
     const { TreeSitterClient, addDefaultParsers } = await import("@opentui/core");
 
-    // Register Python parser globally
+    // Register Python parser globally BEFORE creating the client
     addDefaultParsers([{
       filetype: "python",
       wasm: wasmPath,
@@ -29,7 +40,10 @@ export async function getTreeSitterClient(): Promise<any> {
     const dataPath = resolve(import.meta.dir, "../../node_modules/@opentui/core/assets");
     client = new TreeSitterClient({ dataPath });
 
-    // Also register directly on the client instance
+    // Initialize FIRST, then register filetype parser
+    await client.initialize();
+
+    // Register directly on the client instance AFTER initialize
     if (client.addFiletypeParser) {
       client.addFiletypeParser({
         filetype: "python",
@@ -38,10 +52,14 @@ export async function getTreeSitterClient(): Promise<any> {
       });
     }
 
-    await client.initialize();
+    // Eagerly preload the Python parser to verify it works
+    if (client.preloadParser) {
+      await client.preloadParser("python");
+    }
+
     return client;
   } catch (e) {
-    // Tree-sitter init failed — code panel will work without highlighting
+    console.warn(`[syntax] Tree-sitter init failed:`, e);
     return null;
   }
 }