noctrace 0.3.5 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/server/ws.js +21 -1
- package/package.json +2 -2
package/dist/server/server/ws.js
CHANGED
|
@@ -31,7 +31,22 @@ function send(ws, msg) {
|
|
|
31
31
|
* back in real time using chokidar file watching.
|
|
32
32
|
*/
|
|
33
33
|
export function setupWebSocket(server, claudeHome) {
|
|
34
|
-
const wss = new WebSocketServer({
|
|
34
|
+
const wss = new WebSocketServer({
|
|
35
|
+
server,
|
|
36
|
+
path: '/ws',
|
|
37
|
+
maxPayload: 64 * 1024,
|
|
38
|
+
verifyClient: ({ origin }) => {
|
|
39
|
+
if (!origin)
|
|
40
|
+
return true; // non-browser clients (curl, wscat)
|
|
41
|
+
try {
|
|
42
|
+
const url = new URL(origin);
|
|
43
|
+
return url.hostname === 'localhost' || url.hostname === '127.0.0.1';
|
|
44
|
+
}
|
|
45
|
+
catch {
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
48
|
+
},
|
|
49
|
+
});
|
|
35
50
|
// Watch the projects directory for new .jsonl session files.
|
|
36
51
|
// When a new file appears, broadcast to all connected clients so they
|
|
37
52
|
// can refresh their session list without a manual page reload.
|
|
@@ -106,6 +121,11 @@ export function setupWebSocket(server, claudeHome) {
|
|
|
106
121
|
send(ws, { type: 'resume-error', message: 'resume requires sessionId and message' });
|
|
107
122
|
return;
|
|
108
123
|
}
|
|
124
|
+
// Cap message length to prevent abuse via cross-origin or oversized prompts
|
|
125
|
+
if (userMsg.length > 10_000) {
|
|
126
|
+
send(ws, { type: 'resume-error', message: 'Message too long (max 10000 chars)' });
|
|
127
|
+
return;
|
|
128
|
+
}
|
|
109
129
|
// Validate sessionId format — must be a UUID-like string, no dashes-starting args
|
|
110
130
|
if (!/^[a-zA-Z0-9_-]+$/.test(sessionId) || sessionId.startsWith('-')) {
|
|
111
131
|
send(ws, { type: 'resume-error', message: 'Invalid sessionId format' });
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "noctrace",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.6",
|
|
4
4
|
"description": "Chrome DevTools Network-tab-style waterfall visualizer for Claude Code agent workflows",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -64,7 +64,7 @@
|
|
|
64
64
|
"tailwindcss": "4.2.2",
|
|
65
65
|
"tsx": "4.21.0",
|
|
66
66
|
"typescript": "5.9.3",
|
|
67
|
-
"vite": "8.0.
|
|
67
|
+
"vite": "^8.0.5",
|
|
68
68
|
"vitest": "4.1.2",
|
|
69
69
|
"zustand": "5.0.12"
|
|
70
70
|
}
|