pi-gsd 2.0.1 → 2.0.3

package/src/wxp/security.ts

@@ -1,102 +0,0 @@
-import path from "node:path";
-import type { WxpSecurityConfig, TrustedPathEntry } from "../schemas/wxp.zod.js";
-
-export const DEFAULT_SHELL_ALLOWLIST: readonly string[] = [
-  "pi-gsd-tools",
-  "git",
-  "node",
-  "cat",
-  "ls",
-  "echo",
-  "find",
-] as const;
-
-export type SecurityCheckResult = { ok: true } | { ok: false; reason: string };
-
-/**
- * Resolve a TrustedPathEntry to an absolute path given the project root and package root.
- */
-export function resolveTrustedEntry(
-  entry: TrustedPathEntry,
-  projectRoot: string,
-  pkgRoot: string,
-): string {
-  switch (entry.position) {
-    case "project":
-      return path.resolve(projectRoot, entry.path);
-    case "pkg":
-      return path.resolve(pkgRoot, entry.path);
-    case "absolute":
-      return path.resolve(entry.path);
-  }
-}
-
-/**
- * Returns ok=true only if filePath resolves into a trusted path.
- * Hard invariant: .planning/ is NEVER trusted regardless of config.
- */
-export function checkTrustedPath(
-  filePath: string,
-  config: WxpSecurityConfig,
-  projectRoot: string,
-  pkgRoot: string,
-): SecurityCheckResult {
-  const resolved = path.resolve(filePath);
-  const planningSegment = `${path.sep}.planning`;
-
-  // Hard invariant: .planning/ is never processed
-  if (
-    resolved.includes(`${planningSegment}${path.sep}`) ||
-    resolved.endsWith(planningSegment)
-  ) {
-    return {
-      ok: false,
-      reason: ".planning/ files are never processed by WXP (hard security invariant)",
-    };
-  }
-
-  // Check untrusted paths first (they override trusted)
-  for (const entry of config.untrustedPaths) {
-    const untrustedAbs = resolveTrustedEntry(entry, projectRoot, pkgRoot);
-    if (resolved.startsWith(untrustedAbs + path.sep) || resolved === untrustedAbs) {
-      return { ok: false, reason: `File '${filePath}' is in an explicitly untrusted path: ${untrustedAbs}` };
-    }
-  }
-
-  // Check trusted paths
-  for (const entry of config.trustedPaths) {
-    const trustedAbs = resolveTrustedEntry(entry, projectRoot, pkgRoot);
-    if (resolved.startsWith(trustedAbs + path.sep) || resolved === trustedAbs) {
-      return { ok: true };
-    }
-  }
-
-  return {
-    ok: false,
-    reason: `File '${filePath}' is not in a trusted WXP path.`,
-  };
-}
-
-/**
- * Returns ok=true only if the bare command name is allowlisted and not banned.
- */
-export function checkAllowlist(
-  command: string,
-  config: WxpSecurityConfig,
-): SecurityCheckResult {
-  const bare = path.basename(command);
-
-  // Banlist overrides allowlist
-  if (config.shellBanlist.includes(bare)) {
-    return { ok: false, reason: `Command '${bare}' is explicitly banned by WXP security config.` };
-  }
-
-  if (config.shellAllowlist.includes(bare)) {
-    return { ok: true };
-  }
-
-  return {
-    ok: false,
-    reason: `Command '${bare}' is not in the WXP shell allowlist. Allowed: ${config.shellAllowlist.join(", ")}`,
-  };
-}

package/src/wxp/shell.ts

@@ -1,81 +0,0 @@
-import { execFileSync } from "node:child_process";
-import { checkAllowlist } from "./security.js";
-import type { WxpSecurityConfig, XmlNode } from "../schemas/wxp.zod.js";
-import type { VariableStore } from "./variables.js";
-
-export class WxpShellError extends Error {
-  constructor(
-    public readonly command: string,
-    public readonly stderr: string,
-    public readonly variableSnapshot: Record<string, string>,
-    message: string,
-  ) {
-    super(message);
-    this.name = "WxpShellError";
-  }
-}
-
-/** Resolve a single <arg> node to its string value. */
-export function resolveArgNode(arg: XmlNode, vars: VariableStore): string {
-  if (arg.attrs["string"] !== undefined) return arg.attrs["string"];
-  if (arg.attrs["name"] !== undefined) {
-    const raw = vars.resolve(arg.attrs["name"]) ?? "";
-    const wrap = arg.attrs["wrap"];
-    return wrap ? `${wrap}${raw}${wrap}` : raw;
-  }
-  if (arg.attrs["value"] !== undefined) return arg.attrs["value"];
-  return "";
-}
-
-export function executeShell(
-  node: XmlNode,
-  vars: VariableStore,
-  config: WxpSecurityConfig,
-): void {
-  const command = node.attrs["command"] ?? "";
-  const check = checkAllowlist(command, config);
-  if (!check.ok) {
-    throw new WxpShellError(command, "", vars.snapshot(), check.reason);
-  }
-
-  const argsContainer = node.children.find((c) => c.tag === "args");
-  const outsContainer = node.children.find((c) => c.tag === "outs");
-
-  const resolvedArgs = argsContainer
-    ? argsContainer.children.filter((c) => c.tag === "arg").map((a) => resolveArgNode(a, vars))
-    : [];
-
-  const suppressErrors = outsContainer
-    ? outsContainer.children.some((c) => c.tag === "suppress-errors")
-    : false;
-
-  const outVars = outsContainer
-    ? outsContainer.children
-        .filter((c) => c.tag === "out" && c.attrs["name"])
-        .map((c) => c.attrs["name"] as string)
-    : [];
-
-  let stdout = "";
-  try {
-    stdout = execFileSync(command, resolvedArgs, {
-      encoding: "utf8",
-      timeout: config.shellTimeoutMs,
-      windowsHide: true,
-    }).trim();
-  } catch (err) {
-    if (suppressErrors) {
-      for (const name of outVars) vars.set(name, "", undefined);
-      return;
-    }
-    const e = err as { stderr?: string; message?: string };
-    const stderr = (e.stderr ?? e.message ?? String(err)).trim();
-    throw new WxpShellError(
-      command,
-      stderr,
-      vars.snapshot(),
-      `Shell '${command} ${resolvedArgs.join(" ")}' failed: ${stderr}`,
-    );
-  }
-
-  if (outVars.length > 0) vars.set(outVars[0], stdout, undefined);
-}

package/src/wxp/string-ops.ts

@@ -1,44 +0,0 @@
-import type { XmlNode } from "../schemas/wxp.zod.js";
-import type { VariableStore } from "./variables.js";
-import { resolveArgNode } from "./shell.js";
-
-export class WxpStringOpError extends Error {
-  constructor(message: string) {
-    super(message);
-    this.name = "WxpStringOpError";
-  }
-}
-
-export function executeStringOp(node: XmlNode, vars: VariableStore): void {
-  const op = node.attrs["op"];
-  if (op !== "split") throw new WxpStringOpError(`<string-op> only op="split" is supported in v1`);
-
-  const argsContainer = node.children.find((c) => c.tag === "args");
-  const outsContainer = node.children.find((c) => c.tag === "outs");
-
-  if (!argsContainer || !outsContainer) {
-    throw new WxpStringOpError(`<string-op> requires <args> and <outs>`);
-  }
-
-  const args = argsContainer.children.filter((c) => c.tag === "arg");
-  const outs = outsContainer.children.filter((c) => c.tag === "out");
-
-  const srcArg   = args[0];
-  const delimArg = args[1];
-
-  if (!srcArg) throw new WxpStringOpError(`<string-op op="split"> requires at least 2 <arg> children`);
-
-  const source = resolveArgNode(srcArg, vars);
-  if (srcArg.attrs["name"] && vars.get(srcArg.attrs["name"]) === undefined) {
-    throw new WxpStringOpError(`string-op split: source variable '${srcArg.attrs["name"]}' is not defined`);
-  }
-
-  const delimiter = delimArg ? resolveArgNode(delimArg, vars) : "";
-  const parts = source.split(delimiter);
-
-  // Each <out> gets one part starting from index 1 (part after the delimiter prefix)
-  outs.forEach((out, i) => {
-    const name = out.attrs["name"];
-    if (name) vars.set(name, parts[i + 1] ?? parts[i] ?? "", undefined);
-  });
-}

package/src/wxp/variables.ts

@@ -1,109 +0,0 @@
-import type { WxpVariable } from "../schemas/wxp.zod.js";
-
-export interface VariableStore {
-  /** Set a string variable, with optional owner for collision detection */
-  set(name: string, value: string, owner?: string): void;
-  /** Get a string variable value (supports dot-notation: "item.prop") */
-  get(name: string): string | undefined;
-  /** Resolve a name — handles both plain variables and dot-notation property access on JSON items */
-  resolve(name: string): string | undefined;
-  /** Store an array of JSON strings for <for-each> iteration */
-  setArray(name: string, items: string[], owner?: string): void;
-  /** Retrieve an array variable */
-  getArray(name: string): string[] | undefined;
-  has(name: string): boolean;
-  entries(): IterableIterator<[string, WxpVariable]>;
-  snapshot(): Record<string, string>;
-}
-
-export function createVariableStore(): VariableStore {
-  const scalars = new Map<string, WxpVariable>();
-  const arrays  = new Map<string, string[]>();
-
-  const resolveScalar = (name: string): string | undefined => {
-    // Plain lookup first
-    const direct = scalars.get(name)?.value;
-    if (direct !== undefined) return direct;
-
-    // Dot-notation: "item.prop.sub" → look up "item", parse JSON, traverse path
-    const dotIdx = name.indexOf(".");
-    if (dotIdx === -1) return undefined;
-
-    const varPart  = name.slice(0, dotIdx);
-    const pathPart = name.slice(dotIdx + 1);
-    const jsonStr  = scalars.get(varPart)?.value;
-    if (jsonStr === undefined) return undefined;
-
-    try {
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any -- JSON traversal requires dynamic access
-      let obj: any = JSON.parse(jsonStr);
-      for (const key of pathPart.split(".")) {
-        if (obj === null || typeof obj !== "object") return undefined;
-        obj = obj[key];
-      }
-      return obj === undefined || obj === null ? undefined : String(obj);
-    } catch {
-      return undefined;
-    }
-  };
-
-  return {
-    set(name, value, owner) {
-      const existing = scalars.get(name);
-      if (existing?.owner && owner && existing.owner !== owner) {
-        scalars.delete(name);
-        scalars.set(`${existing.owner}:${name}`, {
-          name: `${existing.owner}:${name}`,
-          value: existing.value,
-          owner: existing.owner,
-        });
-        scalars.set(`${owner}:${name}`, { name: `${owner}:${name}`, value, owner });
-      } else {
-        scalars.set(name, { name, value, owner });
-      }
-    },
-
-    get(name) {
-      return scalars.get(name)?.value;
-    },
-
-    resolve(name) {
-      return resolveScalar(name);
-    },
-
-    setArray(name, items, owner) {
-      arrays.set(name, items);
-      // Also store as a JSON string in scalars so it's accessible via get()
-      scalars.set(name, { name, value: JSON.stringify(items), owner });
-    },
-
-    getArray(name) {
-      // Try direct array store first
-      if (arrays.has(name)) return arrays.get(name);
-      // Fall back: try to parse the scalar as a JSON array
-      const str = scalars.get(name)?.value;
-      if (!str) return undefined;
-      try {
-        const parsed: unknown = JSON.parse(str);
-        if (Array.isArray(parsed)) return parsed.map((item) =>
-          typeof item === "string" ? item : JSON.stringify(item)
-        );
-      } catch { /* not a JSON array */ }
-      return undefined;
-    },
-
-    has(name) {
-      return scalars.has(name) || arrays.has(name);
-    },
-
-    entries() {
-      return scalars.entries();
-    },
-
-    snapshot() {
-      const out: Record<string, string> = {};
-      for (const [k, v] of scalars) out[k] = v.value;
-      return out;
-    },
-  };
-}