npm - shieldcortex - Versions diffs - 3.4.12 → 3.4.14 - Mend

shieldcortex 3.4.12 → 3.4.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/dist/database/init.js CHANGED Viewed

@@ -2,8 +2,8 @@
  * Database initialization and connection management
  */
 import Database from 'better-sqlite3';
-import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync, unlinkSync, renameSync, copyFileSync } from 'fs';
-import { dirname, join } from 'path';
+import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync, unlinkSync, renameSync, copyFileSync, readdirSync, openSync, closeSync, realpathSync } from 'fs';
+import { basename, dirname, join } from 'path';
 import { homedir } from 'os';
 import { fileURLToPath } from 'url';
 import { execSync } from 'child_process';
@@ -13,6 +13,7 @@ const _currentDir = dirname(_currentFile);
 let db = null;
 let currentDbPath = null;
 let lockFilePath = null;
+let lockFileFd = null;
 // Anti-bloat: Database size limits
 const MAX_DB_SIZE = 100 * 1024 * 1024; // 100MB hard limit
 const WARN_DB_SIZE = 50 * 1024 * 1024; // 50MB warning threshold
@@ -40,6 +41,177 @@ function getDefaultDbPath() {
     // Fall back to legacy path for existing users
     return legacyPath;
 }
+function resolveRuntimeInfo() {
+    let entryPath = process.argv[1] ?? '';
+    try {
+        if (entryPath) {
+            entryPath = realpathSync(entryPath);
+        }
+    }
+    catch {
+        // Fall back to the raw argv path.
+    }
+    if (entryPath.includes('/.npm/_npx/')) {
+        return { kind: 'npx-cache', entryPath };
+    }
+    if (entryPath.includes('/node_modules/shieldcortex/')) {
+        return { kind: 'installed', entryPath };
+    }
+    if (entryPath.includes('/ShieldCortex/') || entryPath.includes('\\ShieldCortex\\')) {
+        return { kind: 'project-checkout', entryPath };
+    }
+    return { kind: 'unknown', entryPath };
+}
+function enforceSafeRuntimePath(expandedPath, explicitDbPath) {
+    if (explicitDbPath || process.env.SHIELDCORTEX_ALLOW_UNSAFE_RUNTIME === '1') {
+        return;
+    }
+    const defaultPath = expandPath(getDefaultDbPath());
+    if (expandedPath !== defaultPath) {
+        return;
+    }
+    const runtime = resolveRuntimeInfo();
+    if (runtime.kind === 'npx-cache' || runtime.kind === 'project-checkout') {
+        throw new Error(`[database] Refusing to open ${defaultPath} from ${runtime.kind === 'npx-cache' ? 'an npx cache' : 'a project checkout'}.\n` +
+            `Use the installed CLI (\`shieldcortex\`), pass \`--db\` to use a separate database, or set SHIELDCORTEX_ALLOW_UNSAFE_RUNTIME=1 if you really mean to do this.\n` +
+            `Runtime path: ${runtime.entryPath}`);
+    }
+}
+function inspectDatabaseFile(dbPath) {
+    let inspectionDb = null;
+    try {
+        inspectionDb = new Database(dbPath, {
+            readonly: true,
+            fileMustExist: true,
+        });
+        const integrity = runIntegrityCheck(inspectionDb);
+        let count = null;
+        try {
+            count = inspectionDb.prepare('SELECT COUNT(*) AS count FROM memories').get().count;
+        }
+        catch {
+            count = null;
+        }
+        return { integrity, count };
+    }
+    catch (error) {
+        return { integrity: `inspect threw: ${error}`, count: null };
+    }
+    finally {
+        try {
+            inspectionDb?.close();
+        }
+        catch {
+            // Best-effort close.
+        }
+    }
+}
+function listHealthyBackups(dbPath) {
+    const dir = dirname(dbPath);
+    const prefix = `${basename(dbPath)}.corrupt.`;
+    return readdirSync(dir)
+        .filter((name) => name.startsWith(prefix) && !name.endsWith('-wal') && !name.endsWith('-shm'))
+        .map((name) => join(dir, name))
+        .map((backupPath) => {
+        const inspection = inspectDatabaseFile(backupPath);
+        const stats = statSync(backupPath);
+        return {
+            path: backupPath,
+            integrity: inspection.integrity,
+            count: inspection.count,
+            mtimeMs: stats.mtimeMs,
+        };
+    })
+        .filter((candidate) => candidate.integrity === 'ok' && typeof candidate.count === 'number' && candidate.count > 0)
+        .sort((a, b) => b.mtimeMs - a.mtimeMs)
+        .map(({ path, count, mtimeMs }) => ({ path, count, mtimeMs }));
+}
+function stashLiveDatabase(dbPath, suffix) {
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+    const stashPath = `${dbPath}.${suffix}.${timestamp}`;
+    if (existsSync(dbPath)) {
+        try {
+            renameSync(dbPath, stashPath);
+        }
+        catch {
+            try {
+                copyFileSync(dbPath, stashPath);
+                unlinkSync(dbPath);
+            }
+            catch {
+                // Last resort: leave the original in place.
+            }
+        }
+    }
+    for (const ext of ['-wal', '-shm']) {
+        const liveSidecar = dbPath + ext;
+        if (existsSync(liveSidecar)) {
+            try {
+                renameSync(liveSidecar, stashPath + ext);
+            }
+            catch {
+                try {
+                    unlinkSync(liveSidecar);
+                }
+                catch {
+                    // Best-effort cleanup.
+                }
+            }
+        }
+    }
+}
+function restoreBackupAsLive(dbPath, backupPath, reason) {
+    stashLiveDatabase(dbPath, reason);
+    copyFileSync(backupPath, dbPath);
+}
+function acquireStartupLock(dbPath) {
+    lockFilePath = `${dbPath}.lock`;
+    const runtime = resolveRuntimeInfo();
+    const payload = JSON.stringify({
+        pid: process.pid,
+        startedAt: new Date().toISOString(),
+        entryPath: runtime.entryPath,
+    }, null, 2);
+    const tryOpen = () => {
+        lockFileFd = openSync(lockFilePath, 'wx');
+        writeFileSync(lockFileFd, payload, 'utf-8');
+    };
+    try {
+        tryOpen();
+        return;
+    }
+    catch {
+        let activeProcessError = null;
+        try {
+            const existing = JSON.parse(readFileSync(lockFilePath, 'utf-8'));
+            if (typeof existing.pid === 'number') {
+                try {
+                    process.kill(existing.pid, 0);
+                    activeProcessError = new Error(`[database] Refusing startup because ShieldCortex PID ${existing.pid} is already using ${dbPath}` +
+                        (existing.entryPath ? ` (${existing.entryPath})` : ''));
+                }
+                catch (error) {
+                    if (error.code !== 'ESRCH') {
+                        activeProcessError = error;
+                    }
+                }
+            }
+        }
+        catch {
+            // Stale or unreadable lock file — remove and retry.
+        }
+        if (activeProcessError) {
+            throw activeProcessError;
+        }
+        try {
+            unlinkSync(lockFilePath);
+        }
+        catch {
+            // Best-effort stale lock cleanup.
+        }
+        tryOpen();
+    }
+}
 /**
  * Back up a corrupt database file with a timestamped name.
  * Returns the backup path.
@@ -164,30 +336,16 @@ function attemptFtsRecovery(database) {
     }
 }
 function verifyOnDiskIntegrity(dbPath) {
-    let verificationDb = null;
-    try {
-        verificationDb = new Database(dbPath, {
-            readonly: true,
-            fileMustExist: true,
-        });
-        return runIntegrityCheck(verificationDb);
-    }
-    catch (error) {
-        return `fresh integrity check threw: ${error}`;
-    }
-    finally {
-        try {
-            verificationDb?.close();
-        }
-        catch {
-            // Best-effort close for verification handles.
-        }
-    }
+    return inspectDatabaseFile(dbPath).integrity;
 }
 export const __databaseTestUtils = {
     isLikelyFtsIntegrityIssue,
     attemptFtsRecovery,
     verifyOnDiskIntegrity,
+    inspectDatabaseFile,
+    listHealthyBackups,
+    resolveRuntimeInfo,
+    enforceSafeRuntimePath,
 };
 /**
  * Initialize the database connection
@@ -195,10 +353,12 @@ export const __databaseTestUtils = {
 export function initDatabase(dbPath) {
     // Use auto-detected path if not specified
     const resolvedPath = dbPath || getDefaultDbPath();
+    const explicitDbPath = Boolean(dbPath);
     if (db) {
         return db;
     }
     const expandedPath = expandPath(resolvedPath);
+    enforceSafeRuntimePath(expandedPath, explicitDbPath);
     const dir = dirname(expandedPath);
     // Create directory if it doesn't exist
     if (!existsSync(dir)) {
@@ -206,6 +366,9 @@ export function initDatabase(dbPath) {
     }
     // Store path for size monitoring
     currentDbPath = expandedPath;
+    acquireStartupLock(expandedPath);
+    console.log(`[database] Startup runtime=${resolveRuntimeInfo().kind} db=${expandedPath} wal=${existsSync(expandedPath + '-wal')} shm=${existsSync(expandedPath + '-shm')}`);
+    const healthyBackups = listHealthyBackups(expandedPath);
     // Wrap the initial open in try/catch to handle corrupt files gracefully
     let database;
     try {
@@ -213,11 +376,19 @@ export function initDatabase(dbPath) {
     }
     catch (openError) {
         // Database file is corrupt or not a valid SQLite database
-        console.error('❌ Database file is corrupt or not a valid SQLite database.');
-        const backupPath = backupCorruptDatabase(expandedPath);
-        console.error(`   Backed up to ${backupPath}`);
-        console.error('   Creating fresh database...');
-        database = new Database(expandedPath);
+        console.error(`❌ Database open failed for ${expandedPath}: ${openError}`);
+        const latestHealthyBackup = healthyBackups[0];
+        if (latestHealthyBackup) {
+            console.error(`[database] Restoring latest healthy backup with ${latestHealthyBackup.count} memories: ${latestHealthyBackup.path}`);
+            restoreBackupAsLive(expandedPath, latestHealthyBackup.path, 'failed-open');
+            database = new Database(expandedPath);
+        }
+        else {
+            const backupPath = backupCorruptDatabase(expandedPath);
+            console.error(`   Backed up to ${backupPath}`);
+            console.error('   Creating fresh database...');
+            database = new Database(expandedPath);
+        }
     }
     // Integrity check on existing databases (skip for newly created files)
     if (existsSync(expandedPath) && statSync(expandedPath).size > 0) {
@@ -244,18 +415,40 @@ export function initDatabase(dbPath) {
                         database = recovered;
                     }
                     else {
-                        // Recovery failed — backup and create fresh
-                        if (existsSync(expandedPath)) {
-                            const backupPath = backupCorruptDatabase(expandedPath);
-                            console.error(`[database] Recovery failed. Backed up corrupt file to: ${backupPath}`);
+                        const latestHealthyBackup = healthyBackups[0];
+                        if (latestHealthyBackup) {
+                            console.error(`[database] Recovery failed. Restoring latest healthy backup with ${latestHealthyBackup.count} memories: ${latestHealthyBackup.path}`);
+                            restoreBackupAsLive(expandedPath, latestHealthyBackup.path, 'recovery-failed');
+                            database = new Database(expandedPath);
+                        }
+                        else {
+                            // Recovery failed — backup and create fresh
+                            if (existsSync(expandedPath)) {
+                                const backupPath = backupCorruptDatabase(expandedPath);
+                                console.error(`[database] Recovery failed. Backed up corrupt file to: ${backupPath}`);
+                            }
+                            console.error('[database] Creating fresh database...');
+                            database = new Database(expandedPath);
                         }
-                        console.error('[database] Creating fresh database...');
-                        database = new Database(expandedPath);
                     }
                 }
             }
         }
     }
+    const currentInspection = inspectDatabaseFile(expandedPath);
+    const latestHealthyBackup = healthyBackups[0];
+    const liveStats = existsSync(expandedPath) ? statSync(expandedPath) : null;
+    if (currentInspection.integrity === 'ok'
+        && currentInspection.count === 0
+        && latestHealthyBackup
+        && latestHealthyBackup.count >= 100
+        && liveStats
+        && (liveStats.mtimeMs - latestHealthyBackup.mtimeMs) < (24 * 60 * 60 * 1000)) {
+        console.error(`[database] Empty live database detected alongside a recent healthy backup (${latestHealthyBackup.count} memories). Restoring ${latestHealthyBackup.path}`);
+        database.close();
+        restoreBackupAsLive(expandedPath, latestHealthyBackup.path, 'empty-live');
+        database = new Database(expandedPath);
+    }
     db = database;
     // Enable WAL mode for better concurrency
     db.pragma('journal_mode = WAL');
@@ -265,15 +458,6 @@ export function initDatabase(dbPath) {
     db.pragma('busy_timeout = 10000');
     // Auto-checkpoint every 100 pages (~400KB) to prevent WAL bloat
     db.pragma('wal_autocheckpoint = 100');
-    // Create lock file to help detect concurrent instances
-    lockFilePath = expandedPath + '.lock';
-    const pid = process.pid;
-    try {
-        writeFileSync(lockFilePath, `${pid}\n${new Date().toISOString()}`);
-    }
-    catch {
-        // Non-fatal - lock file is advisory
-    }
     // Register cleanup handlers for graceful shutdown
     registerShutdownHandlers();
     // Run migrations FIRST for existing databases
@@ -633,16 +817,24 @@ export function closeDatabase() {
         db.close();
         db = null;
         currentDbPath = null;
-        // Remove lock file
-        if (lockFilePath && existsSync(lockFilePath)) {
-            try {
-                unlinkSync(lockFilePath);
-            }
-            catch {
-                // Non-fatal
-            }
-            lockFilePath = null;
+    }
+    if (lockFileFd !== null) {
+        try {
+            closeSync(lockFileFd);
+        }
+        catch {
+            // Best-effort close.
+        }
+        lockFileFd = null;
+    }
+    if (lockFilePath && existsSync(lockFilePath)) {
+        try {
+            unlinkSync(lockFilePath);
+        }
+        catch {
+            // Non-fatal
         }
+        lockFilePath = null;
     }
 }
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "3.4.12",
+  "version": "3.4.14",
   "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

/package/dashboard/.next/standalone/dashboard/.next/static/{IEheIaoI03DPDkMm1iq_v → uiyXVE418p8MtLu_mVA4X}/_buildManifest.js RENAMED Viewed

File without changes

/package/dashboard/.next/standalone/dashboard/.next/static/{IEheIaoI03DPDkMm1iq_v → uiyXVE418p8MtLu_mVA4X}/_clientMiddlewareManifest.json RENAMED Viewed

File without changes

/package/dashboard/.next/standalone/dashboard/.next/static/{IEheIaoI03DPDkMm1iq_v → uiyXVE418p8MtLu_mVA4X}/_ssgManifest.js RENAMED Viewed

File without changes