lsh-framework 3.2.4 → 3.5.0

package/dist/lib/ipfs-client-manager.js

@@ -5,14 +5,20 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
-import { exec, spawn } from 'child_process';
+import { exec, execFile, spawn } from 'child_process';
 import { promisify } from 'util';
 import * as readline from 'readline';
 import { createLogger } from './logger.js';
 import { getPlatformInfo } from './platform-utils.js';
 import { getLshConfig } from './lsh-config.js';
 const execAsync = promisify(exec);
+// execFile does NOT spawn a shell: arguments are passed literally to the binary,
+// so interpolated values (e.g. a Kubo version) cannot inject shell commands.
+const execFileAsync = promisify(execFile);
 const logger = createLogger('IPFSClientManager');
+// Kubo releases are strict semver (e.g. "0.26.0"). Reject anything else before it
+// reaches a download URL or subprocess — defense in depth against command injection.
+const KUBO_VERSION_RE = /^\d+\.\d+\.\d+$/;
 /**
  * IPFS Client Manager
  *
@@ -91,6 +97,9 @@ export class IPFSClientManager {
         logger.info('📦 Installing IPFS client (Kubo)...');
         // Determine version to install
         const version = options.version || await this.getLatestKuboVersion();
+        if (!KUBO_VERSION_RE.test(version)) {
+            throw new Error(`Invalid Kubo version "${version}": expected semver like 0.26.0`);
+        }
         logger.info(`   Version: ${version}`);
         logger.info(`   Platform: ${platformInfo.platformName} ${platformInfo.arch}`);
         // Download and install based on platform
@@ -200,7 +209,7 @@ export class IPFSClientManager {
             }
             catch (initError) {
                 const err = initError;
-                throw new Error(`Failed to auto-initialize IPFS repo: ${err.message}`);
+                throw new Error(`Failed to auto-initialize IPFS repo: ${err.message}`, { cause: initError });
             }
         }
         logger.info('🚀 Starting IPFS daemon...');
@@ -267,6 +276,24 @@ export class IPFSClientManager {
      */
     async stop() {
         const pidPath = path.join(this.ipfsDir, 'daemon.pid');
+        // Try graceful shutdown via IPFS API first (works even without PID file)
+        try {
+            const response = await fetch('http://127.0.0.1:5001/api/v0/shutdown', {
+                method: 'POST',
+                signal: AbortSignal.timeout(5000),
+            });
+            if (response.ok) {
+                // Clean up PID file if it exists
+                if (fs.existsSync(pidPath)) {
+                    fs.unlinkSync(pidPath);
+                }
+                logger.info('✅ IPFS daemon stopped');
+                return;
+            }
+        }
+        catch {
+            // API shutdown failed, fall back to PID-based kill
+        }
         if (!fs.existsSync(pidPath)) {
             logger.info('ℹ️  IPFS daemon not running (no PID file)');
             return;
@@ -280,6 +307,13 @@ export class IPFSClientManager {
         }
         catch (error) {
             const err = error;
+            // Process already gone — clean up stale PID file
+            if (err.code === 'ESRCH') {
+                if (fs.existsSync(pidPath))
+                    fs.unlinkSync(pidPath);
+                logger.info('✅ IPFS daemon already stopped (stale PID file cleaned)');
+                return;
+            }
             logger.error(`❌ Failed to stop daemon: ${err.message}`);
             throw error;
         }
@@ -289,8 +323,12 @@ export class IPFSClientManager {
      */
     async getLatestKuboVersion() {
         try {
-            // Use GitHub API to get latest release
-            const response = await fetch('https://api.github.com/repos/ipfs/kubo/releases/latest');
+            // Use GitHub API to get latest release. Bound the request: an unbounded
+            // fetch hangs indefinitely on a blocked/slow network (e.g. CI runners),
+            // which would stall install() and time out tests before the fallback.
+            const response = await fetch('https://api.github.com/repos/ipfs/kubo/releases/latest', {
+                signal: AbortSignal.timeout(3000),
+            });
             const data = await response.json();
             // Remove 'v' prefix if present
             return data.tag_name.replace(/^v/, '');
@@ -308,11 +346,11 @@ export class IPFSClientManager {
         const downloadUrl = `https://dist.ipfs.tech/kubo/v${version}/kubo_v${version}_darwin-${arch}.tar.gz`;
         const tarPath = path.join(this.ipfsDir, 'kubo.tar.gz');
         logger.info('   Downloading Kubo...');
-        // Download
-        await execAsync(`curl -L -o ${tarPath} ${downloadUrl}`);
+        // Download (execFile: no shell, args passed literally)
+        await execFileAsync('curl', ['-L', '-o', tarPath, downloadUrl]);
         logger.info('   Extracting...');
         // Extract
-        await execAsync(`tar -xzf ${tarPath} -C ${this.ipfsDir}`);
+        await execFileAsync('tar', ['-xzf', tarPath, '-C', this.ipfsDir]);
         // Move binary
         const extractedBinPath = path.join(this.ipfsDir, 'kubo', 'ipfs');
         fs.mkdirSync(this.binDir, { recursive: true });
@@ -331,11 +369,11 @@ export class IPFSClientManager {
         const downloadUrl = `https://dist.ipfs.tech/kubo/v${version}/kubo_v${version}_linux-${arch}.tar.gz`;
         const tarPath = path.join(this.ipfsDir, 'kubo.tar.gz');
         logger.info('   Downloading Kubo...');
-        // Download
-        await execAsync(`curl -L -o ${tarPath} ${downloadUrl}`);
+        // Download (execFile: no shell, args passed literally)
+        await execFileAsync('curl', ['-L', '-o', tarPath, downloadUrl]);
         logger.info('   Extracting...');
         // Extract
-        await execAsync(`tar -xzf ${tarPath} -C ${this.ipfsDir}`);
+        await execFileAsync('tar', ['-xzf', tarPath, '-C', this.ipfsDir]);
         // Move binary
         const extractedBinPath = path.join(this.ipfsDir, 'kubo', 'ipfs');
         fs.mkdirSync(this.binDir, { recursive: true });
@@ -353,11 +391,11 @@ export class IPFSClientManager {
         const downloadUrl = `https://dist.ipfs.tech/kubo/v${version}/kubo_v${version}_windows-amd64.zip`;
         const zipPath = path.join(this.ipfsDir, 'kubo.zip');
         logger.info('   Downloading Kubo...');
-        // Download
-        await execAsync(`curl -L -o ${zipPath} ${downloadUrl}`);
+        // Download (execFile: no shell, args passed literally)
+        await execFileAsync('curl', ['-L', '-o', zipPath, downloadUrl]);
         logger.info('   Extracting...');
         // Extract (Windows has built-in tar that supports zip)
-        await execAsync(`tar -xf ${zipPath} -C ${this.ipfsDir}`);
+        await execFileAsync('tar', ['-xf', zipPath, '-C', this.ipfsDir]);
         // Move binary
         const extractedBinPath = path.join(this.ipfsDir, 'kubo', 'ipfs.exe');
         fs.mkdirSync(this.binDir, { recursive: true });

package/dist/lib/ipfs-secrets-storage.js

@@ -15,6 +15,7 @@ import { createLogger } from './logger.js';
 import { getIPFSSync } from './ipfs-sync.js';
 import { deriveKeyInfo, ensureKeyImported } from './ipns-key-manager.js';
 import { ENV_VARS, DEFAULTS } from '../constants/index.js';
+import { extractErrorMessage } from './lsh-error.js';
 const logger = createLogger('IPFSSecretsStorage');
 /**
  * IPFS Secrets Storage
@@ -107,16 +108,23 @@ export class IPFSSecretsStorage {
                     }
                 }
                 catch (error) {
-                    const err = error;
-                    logger.error(`Content uploaded (CID: ${cid}) but IPNS publish failed: ${err.message}\n` +
+                    logger.error(`Content uploaded (CID: ${cid}) but IPNS publish failed: ${extractErrorMessage(error)}\n` +
                         `Other machines won't find it via 'lsh pull' until you re-push.`);
                 }
             }
+            // Durable remote pin (best-effort): survives this machine going offline.
+            // No-op unless a kubo remote pinning service is configured.
+            const pinnedService = await ipfsSync.addRemotePin(cid, `lsh-${gitRepo || DEFAULTS.DEFAULT_ENVIRONMENT}-${environment}`);
+            if (pinnedService) {
+                logger.info(`   📌 Remote-pinned to "${pinnedService}" (durable)`);
+            }
+            else {
+                logger.warn('No remote pin — content lives only on this machine until a peer caches it. Configure LSH_PIN_SERVICE for durability.');
+            }
             return cid;
         }
         catch (error) {
-            const err = error;
-            logger.error(`Failed to push secrets to IPFS: ${err.message}`);
+            logger.error(`Failed to push secrets to IPFS: ${extractErrorMessage(error)}`);
             throw error;
         }
     }
@@ -155,8 +163,7 @@ export class IPFSSecretsStorage {
                     }
                 }
                 catch (error) {
-                    const err = error;
-                    logger.debug(`   IPNS resolution error: ${err.message}`);
+                    logger.debug(`   IPNS resolution error: ${extractErrorMessage(error)}`);
                 }
             }
             // No fallback to local metadata — IPNS is the source of truth
@@ -185,8 +192,7 @@ export class IPFSSecretsStorage {
                     }
                 }
                 catch (error) {
-                    const err = error;
-                    logger.debug(`   IPFS download failed: ${err.message}`);
+                    logger.debug(`   IPFS download failed: ${extractErrorMessage(error)}`);
                 }
             }
             if (!cachedData) {
@@ -201,8 +207,7 @@ export class IPFSSecretsStorage {
             return secrets;
         }
         catch (error) {
-            const err = error;
-            logger.error(`Failed to pull secrets from IPFS: ${err.message}`);
+            logger.error(`Failed to pull secrets from IPFS: ${extractErrorMessage(error)}`);
             throw error;
         }
     }
@@ -275,19 +280,19 @@ export class IPFSSecretsStorage {
             return JSON.parse(decrypted);
         }
         catch (error) {
-            const err = error;
+            const msg = extractErrorMessage(error);
             // Catch crypto errors (bad decrypt, wrong block length) AND JSON parse errors
             // (wrong key can produce garbage that fails JSON.parse)
-            if (err.message.includes('bad decrypt') ||
-                err.message.includes('wrong final block length') ||
-                err.message.includes('Unexpected token') ||
-                err.message.includes('JSON')) {
+            if (msg.includes('bad decrypt') ||
+                msg.includes('wrong final block length') ||
+                msg.includes('Unexpected token') ||
+                msg.includes('JSON')) {
                 throw new Error('Decryption failed. This usually means:\n' +
                     '  1. You need to set LSH_SECRETS_KEY environment variable\n' +
                     '  2. The key must match the one used during encryption\n' +
                     '  3. Generate a shared key with: lsh key\n' +
                     '  4. Add it to your .env: LSH_SECRETS_KEY=<key>\n' +
-                    '\nOriginal error: ' + err.message);
+                    '\nOriginal error: ' + msg, { cause: error });
             }
             throw error;
         }

package/dist/lib/ipfs-sync.js

@@ -14,6 +14,8 @@ import * as fsPromises from 'fs/promises';
 import * as path from 'path';
 import * as os from 'os';
 import { createLogger } from './logger.js';
+import { extractErrorMessage } from './lsh-error.js';
+import { ENV_VARS } from '../constants/config.js';
 const logger = createLogger('IPFSSync');
 /**
  * Native IPFS Sync
@@ -123,8 +125,7 @@ export class IPFSSync {
             return cid;
         }
         catch (error) {
-            const err = error;
-            logger.error(`IPFS upload error: ${err.message}`);
+            logger.error(`IPFS upload error: ${extractErrorMessage(error)}`);
             return null;
         }
     }
@@ -151,6 +152,7 @@ export class IPFSSync {
             logger.debug('Local daemon download failed, trying gateways...');
         }
         // Fall back to public gateways
+        let backoffMs = 1000;
         for (const gatewayTemplate of this.GATEWAYS) {
             const gatewayUrl = gatewayTemplate.replace('{cid}', cid);
             try {
@@ -165,6 +167,8 @@ export class IPFSSync {
             }
             catch {
                 logger.debug(`Gateway ${gatewayUrl} failed, trying next...`);
+                await new Promise((resolve) => { setTimeout(resolve, backoffMs); });
+                backoffMs = Math.min(backoffMs * 2, 10000);
             }
         }
         logger.error(`Failed to download CID: ${cid}`);
@@ -229,8 +233,7 @@ export class IPFSSync {
             return false;
         }
         catch (error) {
-            const err = error;
-            logger.error(`Pin failed: ${err.message}`);
+            logger.error(`Pin failed: ${extractErrorMessage(error)}`);
             return false;
         }
     }
@@ -255,8 +258,7 @@ export class IPFSSync {
             return false;
         }
         catch (error) {
-            const err = error;
-            logger.error(`Unpin failed: ${err.message}`);
+            logger.error(`Unpin failed: ${extractErrorMessage(error)}`);
             return false;
         }
     }
@@ -297,8 +299,7 @@ export class IPFSSync {
             await fsPromises.writeFile(this.historyPath, JSON.stringify(history, null, 2), 'utf-8');
         }
         catch (error) {
-            const err = error;
-            logger.debug(`Failed to save history: ${err.message}`);
+            logger.debug(`Failed to save history: ${extractErrorMessage(error)}`);
         }
     }
     /**
@@ -327,8 +328,7 @@ export class IPFSSync {
             }
         }
         catch (error) {
-            const err = error;
-            logger.error(`Failed to clear history: ${err.message}`);
+            logger.error(`Failed to clear history: ${extractErrorMessage(error)}`);
         }
     }
     /**
@@ -343,6 +343,82 @@ export class IPFSSync {
     getApiUrl() {
         return this.LOCAL_IPFS_API;
     }
+    /**
+     * List the names of remote pinning services configured in the local Kubo
+     * node (via `ipfs pin remote service add`). Returns [] on any error.
+     */
+    async listRemoteServices() {
+        try {
+            const response = await fetch(`${this.LOCAL_IPFS_API}/pin/remote/service/ls`, {
+                method: 'POST',
+                signal: AbortSignal.timeout(5000),
+            });
+            if (!response.ok)
+                return [];
+            const data = await response.json();
+            return (data.RemoteServices || []).map((s) => s.Service).filter(Boolean);
+        }
+        catch {
+            return [];
+        }
+    }
+    /**
+     * Decide which remote pinning service to pin to.
+     * - If LSH_PIN_SERVICE is set, use it only when it is actually configured.
+     * - Otherwise, use the sole configured service when exactly one exists.
+     * - Returns null when nothing is configured or the choice is ambiguous.
+     */
+    async resolveRemoteService() {
+        const services = await this.listRemoteServices();
+        const explicit = process.env[ENV_VARS.LSH_PIN_SERVICE];
+        if (explicit) {
+            return services.includes(explicit) ? explicit : null;
+        }
+        return services.length === 1 ? services[0] : null;
+    }
+    /**
+     * Pin a CID to a configured remote pinning service so the content survives
+     * this machine going offline. This is what makes "pull anywhere, anytime"
+     * real: without it, blocks live only on the pushing node.
+     *
+     * Returns the service name on success, or null when no service is
+     * configured (the common zero-config case) or the pin request failed.
+     * Never throws — durable pinning is best-effort and the caller decides how
+     * loudly to warn.
+     */
+    async addRemotePin(cid, pinName) {
+        try {
+            const service = await this.resolveRemoteService();
+            if (!service)
+                return null;
+            const url = `${this.LOCAL_IPFS_API}/pin/remote/add` +
+                `?arg=${encodeURIComponent(cid)}` +
+                `&service=${encodeURIComponent(service)}` +
+                `&name=${encodeURIComponent(pinName)}` +
+                `&background=true`;
+            const response = await fetch(url, {
+                method: 'POST',
+                signal: AbortSignal.timeout(30000),
+            });
+            if (!response.ok) {
+                const errorText = await response.text();
+                // An already-present pin is reported as an error by some services; treat
+                // a "already pinned"/"duplicate" message as success rather than a failure.
+                if (/already|duplicate|exists/i.test(errorText)) {
+                    logger.info(`📌 Already remote-pinned on "${service}": ${cid}`);
+                    return service;
+                }
+                logger.warn(`Remote pin failed on "${service}": ${errorText}`);
+                return null;
+            }
+            logger.info(`📌 Remote-pinned to "${service}" (durable): ${cid}`);
+            return service;
+        }
+        catch (error) {
+            logger.warn(`Remote pin error: ${extractErrorMessage(error)}`);
+            return null;
+        }
+    }
     /**
      * Publish a CID to IPNS under the given key name.
      * The key must already be imported into Kubo.
@@ -371,8 +447,7 @@ export class IPFSSync {
                 return data.Name;
             }
             catch (error) {
-                const err = error;
-                logger.warn(`IPNS publish error (attempt ${attempt}): ${err.message}`);
+                logger.warn(`IPNS publish error (attempt ${attempt}): ${extractErrorMessage(error)}`);
                 if (attempt === 2) {
                     logger.error(`IPNS publish failed after retry. Content is uploaded (CID: ${cid}) ` +
                         `but other machines won't find it via 'lsh pull' until you re-push.`);
@@ -402,8 +477,7 @@ export class IPFSSync {
             return resolvedCid;
         }
         catch (error) {
-            const err = error;
-            logger.debug(`IPNS resolve error: ${err.message}`);
+            logger.debug(`IPNS resolve error: ${extractErrorMessage(error)}`);
             return null;
         }
     }