openfused 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/wasm-core.js +7 -5
- package/package.json +2 -2
- package/wasm/.gitkeep +0 -0
- package/wasm/openfuse-core.wasm +0 -0
package/dist/wasm-core.js
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
// Networking (sync, registry, watch) stays in Node.js.
|
|
5
5
|
import { WASI } from "node:wasi";
|
|
6
6
|
import { readFileSync } from "node:fs";
|
|
7
|
-
import { readFile,
|
|
7
|
+
import { readFile, mkdtemp, rm } from "node:fs/promises";
|
|
8
8
|
import { join, dirname } from "node:path";
|
|
9
9
|
import { fileURLToPath } from "node:url";
|
|
10
10
|
import { tmpdir } from "node:os";
|
|
@@ -23,11 +23,13 @@ function getModule() {
|
|
|
23
23
|
}
|
|
24
24
|
async function callWasm(storeRoot, args) {
|
|
25
25
|
// Create a temp file to capture stdout (node:wasi doesn't support piping stdout directly)
|
|
26
|
+
// Restrictive permissions: 0o700 dir + 0o600 file — prevents other users from reading
|
|
27
|
+
// WASM output which may contain decrypted messages, keys, or config data.
|
|
26
28
|
const tmpDir = await mkdtemp(join(tmpdir(), "openfuse-wasi-"));
|
|
29
|
+
const { chmodSync, openSync, closeSync } = await import("node:fs");
|
|
30
|
+
chmodSync(tmpDir, 0o700);
|
|
27
31
|
const stdoutPath = join(tmpDir, "stdout");
|
|
28
|
-
|
|
29
|
-
const { openSync, closeSync } = await import("node:fs");
|
|
30
|
-
const fd = openSync(stdoutPath, "w");
|
|
32
|
+
const fd = openSync(stdoutPath, "w", 0o600);
|
|
31
33
|
try {
|
|
32
34
|
const wasi = new WASI({
|
|
33
35
|
version: "preview1",
|
|
@@ -70,7 +72,7 @@ async function callWasm(storeRoot, args) {
|
|
|
70
72
|
async function callWasmJson(storeRoot, args) {
|
|
71
73
|
const { stdout, exitCode } = await callWasm(storeRoot, args);
|
|
72
74
|
if (!stdout) {
|
|
73
|
-
throw new Error(`WASM returned empty output for: ${args
|
|
75
|
+
throw new Error(`WASM returned empty output for command: ${args[0] ?? "unknown"}`);
|
|
74
76
|
}
|
|
75
77
|
const parsed = JSON.parse(stdout);
|
|
76
78
|
if (exitCode !== 0 && parsed.error) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "openfused",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.1",
|
|
4
4
|
"description": "The file protocol for AI agent context. Encrypted, signed, peer-to-peer.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
38
|
"@types/node": "^25.5.0",
|
|
39
|
-
"typescript": "^
|
|
39
|
+
"typescript": "^6.0.2"
|
|
40
40
|
},
|
|
41
41
|
"engines": {
|
|
42
42
|
"node": ">=20"
|
package/wasm/.gitkeep
ADDED
|
File without changes
|
package/wasm/openfuse-core.wasm
CHANGED
|
Binary file
|