mobilcoder-mcp 1.0.0

package/src/security.ts

@@ -0,0 +1,294 @@
+import * as crypto from 'crypto';
+import * as fs from 'fs';
+import * as path from 'path';
+
+// Security configuration
+export const SECURITY_CONFIG = {
+  maxFileSize: 10 * 1024 * 1024, // 10MB
+  maxRequestsPerMinute: 60,
+  maxRequestsPerHour: 1000,
+  allowedFileExtensions: ['.ts', '.js', '.jsx', '.tsx', '.json', '.md', '.txt', '.yml', '.yaml', '.env.example'],
+  blockedPaths: [
+    '.git',
+    'node_modules',
+    '.env',
+    '.env.local',
+    '.env.development',
+    '.env.production',
+    'dist',
+    'build',
+    '.next',
+    '.nuxt',
+    '.cache',
+    'tmp',
+    'temp'
+  ],
+  blockedFilePatterns: [
+    /\.key$/,
+    /\.pem$/,
+    /\.crt$/,
+    /\.p12$/,
+    /private/i,
+    /secret/i,
+    /password/i,
+    /token/i,
+    /\.log$/,
+    /\.pid$/,
+    /\.lock$/,
+  ]
+};
+
+// Rate limiting
+class RateLimiter {
+  private requests = new Map<string, { count: number; resetTime: number; lastReset: number }>();
+  
+  constructor(private maxRequests: number, private windowMs: number) {}
+  
+  isAllowed(identifier: string): boolean {
+    const now = Date.now();
+    const entry = this.requests.get(identifier);
+    
+    if (!entry) {
+      this.requests.set(identifier, {
+        count: 1,
+        resetTime: now + this.windowMs,
+        lastReset: now
+      });
+      return true;
+    }
+    
+    // Reset if window expired
+    if (now > entry.resetTime) {
+      entry.count = 1;
+      entry.resetTime = now + this.windowMs;
+      entry.lastReset = now;
+      return true;
+    }
+    
+    if (entry.count >= this.maxRequests) {
+      return false;
+    }
+    
+    entry.count++;
+    return true;
+  }
+  
+  cleanup(): void {
+    const now = Date.now();
+    for (const [key, entry] of this.requests.entries()) {
+      if (now > entry.resetTime) {
+        this.requests.delete(key);
+      }
+    }
+  }
+}
+
+export const rateLimiters = {
+  perMinute: new RateLimiter(SECURITY_CONFIG.maxRequestsPerMinute, 60 * 1000),
+  perHour: new RateLimiter(SECURITY_CONFIG.maxRequestsPerHour, 60 * 60 * 1000),
+  fileOperations: new RateLimiter(30, 60 * 1000),
+  commands: new RateLimiter(10, 60 * 1000)
+};
+
+// Input validation
+export function validatePath(filePath: string, cwd: string): { valid: boolean; error?: string } {
+  // Normalize path
+  const normalizedPath = path.normalize(filePath);
+  const fullPath = path.resolve(cwd, normalizedPath);
+  
+  // Check for path traversal
+  if (!fullPath.startsWith(path.resolve(cwd))) {
+    return { valid: false, error: 'Path traversal detected' };
+  }
+  
+  // Check for blocked paths
+  const pathParts = normalizedPath.split(path.sep);
+  for (const part of pathParts) {
+    if (SECURITY_CONFIG.blockedPaths.includes(part)) {
+      return { valid: false, error: `Access to ${part} is not allowed` };
+    }
+  }
+  
+  // Check for blocked file patterns
+  for (const pattern of SECURITY_CONFIG.blockedFilePatterns) {
+    if (pattern.test(normalizedPath)) {
+      return { valid: false, error: 'Access to sensitive files is not allowed' };
+    }
+  }
+  
+  return { valid: true };
+}
+
+export function validateFile(filePath: string, cwd: string): { valid: boolean; error?: string } {
+  const pathValidation = validatePath(filePath, cwd);
+  if (!pathValidation.valid) {
+    return pathValidation;
+  }
+  
+  // Check file extension
+  const ext = path.extname(filePath).toLowerCase();
+  if (!SECURITY_CONFIG.allowedFileExtensions.includes(ext)) {
+    return { valid: false, error: `File type ${ext} is not allowed` };
+  }
+  
+  // Check file size if exists
+  const fullPath = path.resolve(cwd, filePath);
+  try {
+    const stats = fs.statSync(fullPath);
+    if (stats.size > SECURITY_CONFIG.maxFileSize) {
+      return { valid: false, error: 'File too large' };
+    }
+  } catch {
+    // File doesn't exist, that's ok
+  }
+  
+  return { valid: true };
+}
+
+export function validateCommand(command: string): { valid: boolean; error?: string } {
+  // Check for dangerous commands
+  const dangerousPatterns = [
+    /\brm\s+-rf\b/i,
+    /\bsudo\b/i,
+    /\bsu\s/i,
+    /\bchmod\s+777\b/i,
+    /\bwget\b|\bcurl\b/i,
+    /\bnc\s|\bnetcat\b/i,
+    /\bssh\b/i,
+    /\bscp\b/i,
+    /\brsync\b/i,
+    /\bdd\s+if=/i,
+    /\bmkfs\b/i,
+    /\bfdisk\b/i,
+    /\bmount\b/i,
+    /\bumount\b/i,
+    /\bpasswd\b/i,
+    /\bshadow\b/i,
+    /\bcrontab\b/i,
+    /\bsystemctl\b/i,
+    /\bservice\s/i,
+    /\bkill\s+-9\b/i,
+    /\bkillall\b/i,
+    />\s*\/dev\/null/,
+    />\s*\/dev\/(zero|random|urandom)/,
+  ];
+  
+  for (const pattern of dangerousPatterns) {
+    if (pattern.test(command)) {
+      return { valid: false, error: 'Dangerous command detected' };
+    }
+  }
+  
+  return { valid: true };
+}
+
+// Sanitization
+export function sanitizeInput(input: string): string {
+  return input
+    .replace(/[<>]/g, '') // Remove HTML tags
+    .replace(/[\x00-\x1f\x7f]/g, '') // Remove control characters
+    .replace(/[\r\n\t]/g, ' ') // Replace newlines and tabs
+    .trim()
+    .substring(0, 1000); // Limit length
+}
+
+export function sanitizePath(input: string): string {
+  return input
+    .replace(/\.\./g, '') // Remove parent directory references
+    .replace(/^\//, '') // Remove leading slashes
+    .replace(/\/$/, '') // Remove trailing slashes
+    .replace(/[<>:"|?*]/g, '') // Remove invalid characters
+    .trim();
+}
+
+// Security logging
+export class SecurityLogger {
+  private static instance: SecurityLogger;
+  private logFile: string;
+  
+  private constructor() {
+    this.logFile = path.join(process.cwd(), '.security.log');
+  }
+  
+  static getInstance(): SecurityLogger {
+    if (!SecurityLogger.instance) {
+      SecurityLogger.instance = new SecurityLogger();
+    }
+    return SecurityLogger.instance;
+  }
+  
+  log(event: string, details: any, severity: 'low' | 'medium' | 'high' = 'medium'): void {
+    const logEntry = {
+      timestamp: new Date().toISOString(),
+      event,
+      details,
+      severity,
+      pid: process.pid,
+      user: process.env.USER || 'unknown'
+    };
+    
+    const logLine = JSON.stringify(logEntry) + '\n';
+    
+    try {
+      fs.appendFileSync(this.logFile, logLine);
+    } catch (error) {
+      console.error('Failed to write security log:', error);
+    }
+    
+    // Also log to console for immediate visibility
+    if (severity === 'high') {
+      console.error('🚨 SECURITY ALERT:', logEntry);
+    } else if (severity === 'medium') {
+      console.warn('⚠️  SECURITY WARNING:', logEntry);
+    } else {
+      console.log('ℹ️  SECURITY INFO:', logEntry);
+    }
+  }
+  
+  logBlockedCommand(command: string, reason: string): void {
+    this.log('blocked_command', { command, reason }, 'high');
+  }
+  
+  logPathTraversal(attemptedPath: string, resolvedPath: string): void {
+    this.log('path_traversal', { attemptedPath, resolvedPath }, 'high');
+  }
+  
+  logRateLimitExceeded(identifier: string, operation: string): void {
+    this.log('rate_limit_exceeded', { identifier, operation }, 'medium');
+  }
+  
+  logSuspiciousActivity(activity: string, details: any): void {
+    this.log('suspicious_activity', { activity, details }, 'medium');
+  }
+}
+
+export const securityLogger = SecurityLogger.getInstance();
+
+// Cleanup old rate limit entries periodically
+setInterval(() => {
+  rateLimiters.perMinute.cleanup();
+  rateLimiters.perHour.cleanup();
+  rateLimiters.fileOperations.cleanup();
+  rateLimiters.commands.cleanup();
+}, 5 * 60 * 1000); // Every 5 minutes
+
+// Generate secure tokens
+export function generateSecureToken(length: number = 32): string {
+  return crypto.randomBytes(length).toString('hex');
+}
+
+// Validate session tokens
+export function validateSessionToken(token: string): boolean {
+  // Basic token validation
+  if (!token || typeof token !== 'string') {
+    return false;
+  }
+  
+  // Check length
+  if (token.length < 16 || token.length > 128) {
+    return false;
+  }
+  
+  // Check format (hex)
+  return /^[a-f0-9]+$/.test(token);
+}

package/src/tool-detector.ts

@@ -0,0 +1,110 @@
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+
+const execAsync = promisify(exec);
+
+export interface DetectedTool {
+    id: string;
+    name: string;
+    version: string;
+    path: string;
+    isInstalled: boolean;
+}
+
+export class ToolDetector {
+    async detectAll(): Promise<DetectedTool[]> {
+        const tools = [
+            this.checkClaude(),
+            this.checkGemini(),
+            this.checkQoder(),
+            this.checkKiro(),
+            this.checkAider(),
+            this.checkCursor()
+        ];
+
+        const results = await Promise.all(tools);
+        return results.filter(t => t.isInstalled);
+    }
+
+    private async checkCommand(command: string): Promise<string | null> {
+        try {
+            const { stdout } = await execAsync(`${command} --version`);
+            return stdout.trim();
+        } catch {
+            return null;
+        }
+    }
+
+    private async checkClaude(): Promise<DetectedTool> {
+        const version = await this.checkCommand('claude');
+        return {
+            id: 'claude',
+            name: 'Claude Code',
+            version: version || '',
+            path: '',
+            isInstalled: !!version
+        };
+    }
+
+    private async checkGemini(): Promise<DetectedTool> {
+        const version = await this.checkCommand('gemini');
+        return {
+            id: 'gemini',
+            name: 'Gemini CLI',
+            version: version || '',
+            path: '',
+            isInstalled: !!version
+        };
+    }
+
+    private async checkQoder(): Promise<DetectedTool> {
+        const version = await this.checkCommand('qoder');
+        return {
+            id: 'qoder',
+            name: 'Qoder',
+            version: version || '',
+            path: '',
+            isInstalled: !!version
+        };
+    }
+
+    private async checkKiro(): Promise<DetectedTool> {
+        const version = await this.checkCommand('kiro');
+        return {
+            id: 'kiro',
+            name: 'Kiro',
+            version: version || '',
+            path: '',
+            isInstalled: !!version
+        };
+    }
+
+    private async checkAider(): Promise<DetectedTool> {
+        const version = await this.checkCommand('aider');
+        return {
+            id: 'aider',
+            name: 'Aider',
+            version: version || '',
+            path: '',
+            isInstalled: !!version
+        };
+    }
+
+    private async checkCursor(): Promise<DetectedTool> {
+        // Cursor is an app, not typically a CLI command for version checking in the same way
+        // We check for config file existence as a proxy for "installed/configured"
+        const configPath = path.join(os.homedir(), '.cursor', 'mcp.json');
+        const isInstalled = fs.existsSync(configPath);
+
+        return {
+            id: 'mcp', // Maps to 'mcp' in ToolSelector
+            name: 'Cursor',
+            version: 'App',
+            path: configPath,
+            isInstalled
+        };
+    }
+}

package/src/webrtc.ts

@@ -0,0 +1,156 @@
+import SimplePeer from 'simple-peer';
+
+export class WebRTCConnection {
+  private peer: SimplePeer.Instance | null = null;
+  private code: string;
+  private signalingUrl: string;
+  private onMessageCallback?: (message: any) => void;
+  private onConnectCallback?: () => void;
+  private onDisconnectCallback?: () => void;
+  private isConnected: boolean = false;
+  private pollingInterval?: NodeJS.Timeout;
+
+  constructor(code: string, signalingUrl: string) {
+    this.code = code;
+    this.signalingUrl = signalingUrl;
+  }
+
+  async connect(): Promise<void> {
+    return new Promise((resolve, reject) => {
+      try {
+        // Desktop acts as answerer (not initiator)
+        this.peer = new SimplePeer({
+          initiator: false,
+          trickle: false,
+          config: {
+            iceServers: [
+              { urls: 'stun:stun.l.google.com:19302' },
+              { urls: 'stun:stun1.l.google.com:19302' }
+            ]
+          }
+        });
+
+        this.peer.on('signal', async (signal: any) => {
+          // Send answer to signaling server
+          try {
+            await fetch(`${this.signalingUrl}/answer`, {
+              method: 'POST',
+              headers: { 'Content-Type': 'application/json' },
+              body: JSON.stringify({ code: this.code, signal })
+            });
+          } catch (error) {
+            console.error('Failed to send answer:', error);
+          }
+        });
+
+        this.peer.on('connect', () => {
+          console.log('✅ Connected to mobile device!');
+          this.isConnected = true;
+          if (this.onConnectCallback) {
+            this.onConnectCallback();
+          }
+          resolve();
+        });
+
+        this.peer.on('data', (data: any) => {
+          try {
+            const message = JSON.parse(data.toString());
+            if (this.onMessageCallback) {
+              this.onMessageCallback(message);
+            }
+          } catch (error) {
+            console.error('Failed to parse message:', error);
+          }
+        });
+
+        this.peer.on('error', (error: any) => {
+          console.error('WebRTC error:', error);
+          this.isConnected = false;
+          if (this.onDisconnectCallback) {
+            this.onDisconnectCallback();
+          }
+          reject(error);
+        });
+
+        this.peer.on('close', () => {
+          console.log('❌ Connection closed');
+          this.isConnected = false;
+          if (this.onDisconnectCallback) {
+            this.onDisconnectCallback();
+          }
+        });
+
+        // Start polling for offer from mobile
+        this.startPollingForOffer();
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+
+  private async startPollingForOffer(): Promise<void> {
+    const poll = async () => {
+      try {
+        const response = await fetch(`${this.signalingUrl}/poll?code=${this.code}`);
+        if (response.ok) {
+          const data = await response.json() as { signal?: any };
+          if (data.signal && this.peer) {
+            // Received offer from mobile, signal the peer
+            this.peer.signal(data.signal);
+            // Stop polling once we got the offer
+            if (this.pollingInterval) {
+              clearInterval(this.pollingInterval);
+            }
+          }
+        }
+      } catch (error) {
+        // Silently handle polling errors
+      }
+    };
+
+    // Poll every 2 seconds
+    this.pollingInterval = setInterval(poll, 2000);
+    // Initial poll
+    await poll();
+  }
+
+  send(message: any): void {
+    if (this.peer && this.isConnected) {
+      try {
+        this.peer.send(JSON.stringify(message));
+      } catch (error) {
+        console.error('Failed to send message:', error);
+      }
+    } else {
+      console.warn('Cannot send message: not connected');
+    }
+  }
+
+  onMessage(callback: (message: any) => void): void {
+    this.onMessageCallback = callback;
+  }
+
+  onConnect(callback: () => void): void {
+    this.onConnectCallback = callback;
+  }
+
+  onDisconnect(callback: () => void): void {
+    this.onDisconnectCallback = callback;
+  }
+
+  disconnect(): void {
+    if (this.pollingInterval) {
+      clearInterval(this.pollingInterval);
+    }
+    if (this.peer) {
+      this.peer.destroy();
+      this.peer = null;
+    }
+    this.isConnected = false;
+  }
+
+  getConnected(): boolean {
+    return this.isConnected;
+  }
+}
+

package/tsconfig.json

@@ -0,0 +1,21 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "commonjs",
+    "lib": ["ES2022"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "moduleResolution": "node",
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}
+