skalpel 3.2.3 → 3.2.4

package/npm-bin/skalpel.bug-0039.test.js

@@ -0,0 +1,232 @@
+#!/usr/bin/env node
+// BUG-0039 — Windows daemon missing → Defender-aware warning test.
+//
+// What we're testing: the sibling-check branch in resolveBinary. When
+// the user runs `skalpel <anything>` on Windows AND skalpeld.exe is
+// missing from the platform package's bin/, the CLI must:
+//   - emit a clear actionable warning to stderr
+//   - NOT exit (so --version / --help still work)
+//   - include the PowerShell Add-MpPreference command
+//   - use single-quoted path (neutralises NTFS-legal $ / backtick / ')
+//
+// Stdlib-only, no test framework. Builds a fake @skalpelai/skalpel-*
+// package layout in a tmpdir inside the repo's node_modules so Node's
+// resolver finds it, then patches Module._resolveLookupPaths to prefer
+// the sandbox.
+//
+// Run:  node npm-bin/skalpel.bug-0039.test.js
+'use strict';
+
+const assert = require('assert');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+let pass = 0;
+let fail = 0;
+
+function t(name, fn) {
+  try {
+    fn();
+    process.stdout.write(`  PASS ${name}\n`);
+    pass += 1;
+  } catch (err) {
+    process.stderr.write(`  FAIL ${name}\n    ${err && err.stack ? err.stack : err}\n`);
+    fail += 1;
+  }
+}
+
+// Capture stderr + intercepted process.exit code.
+function captureStderr(fn) {
+  const original = process.stderr.write.bind(process.stderr);
+  let buf = '';
+  process.stderr.write = (chunk) => {
+    buf += String(chunk);
+    return true;
+  };
+  const origExit = process.exit;
+  let exitCode = null;
+  process.exit = (code) => {
+    exitCode = code;
+    throw new Error('__BUG0039_TEST_EXIT__');
+  };
+  try {
+    try { fn(); } catch (e) {
+      if (e && e.message !== '__BUG0039_TEST_EXIT__') throw e;
+    }
+  } finally {
+    process.stderr.write = original;
+    process.exit = origExit;
+  }
+  return { stderr: buf, exitCode };
+}
+
+function withFakeWin32Package(opts) {
+  // Use os.tmpdir() (NOT in-repo node_modules) so a test crash between
+  // mkdir and finally-cleanup can't leave a stub that shadows the real
+  // platform package on subsequent dev runs.
+  const sandboxRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'bug0039-'));
+  const platDir = path.join(sandboxRoot, 'node_modules', '@skalpelai', 'skalpel-win32-x64');
+  const binDir = path.join(platDir, 'bin');
+  fs.mkdirSync(binDir, { recursive: true });
+  fs.writeFileSync(
+    path.join(platDir, 'package.json'),
+    JSON.stringify({ name: '@skalpelai/skalpel-win32-x64', version: '3.2.2-test' })
+  );
+  fs.writeFileSync(path.join(binDir, 'skalpel.exe'), 'stub');
+  if (opts.daemonPresent) fs.writeFileSync(path.join(binDir, 'skalpeld.exe'), 'stub');
+  return {
+    sandboxRoot,
+    cleanup: () => fs.rmSync(sandboxRoot, { recursive: true, force: true }),
+  };
+}
+
+function withResolveOverride(sandboxRoot, fn) {
+  const Module = require('module');
+  const orig = Module._resolveLookupPaths;
+  Module._resolveLookupPaths = function (request, parent) {
+    const base = orig.call(this, request, parent);
+    if (request && request.startsWith('@skalpelai/skalpel-')) {
+      const inject = path.join(sandboxRoot, 'node_modules');
+      return base && Array.isArray(base) ? [inject, ...base] : [inject];
+    }
+    return base;
+  };
+  try { return fn(); } finally { Module._resolveLookupPaths = orig; }
+}
+
+const skalpel = require('./skalpel.js');
+Object.defineProperty(process, 'platform', { value: 'win32', configurable: true });
+Object.defineProperty(process, 'arch', { value: 'x64', configurable: true });
+
+// ── Test 1: skalpel-resolve + missing sibling daemon → warning, no exit
+t('resolveBinary(\'skalpel\') with missing skalpeld.exe emits warning and returns', () => {
+  const fake = withFakeWin32Package({ daemonPresent: false });
+  try {
+    let returned = null;
+    const { stderr, exitCode } = captureStderr(() => {
+      withResolveOverride(fake.sandboxRoot, () => {
+        returned = skalpel.resolveBinary('skalpel', []);
+      });
+    });
+    // MUST return the resolved skalpel.exe path (no exit)
+    assert.ok(returned, `expected non-null return, got ${returned}`);
+    assert.ok(returned.endsWith('skalpel.exe'), `expected skalpel.exe, got ${returned}`);
+    assert.strictEqual(exitCode, null, `expected NO process.exit, got code=${exitCode}`);
+    // MUST emit Defender-aware warning
+    assert.ok(stderr.includes('skalpel daemon missing'), `expected daemon-missing title:\n${stderr}`);
+    assert.ok(stderr.includes('Defender'), `expected Defender mention:\n${stderr}`);
+    assert.ok(stderr.includes('Add-MpPreference'), `expected PowerShell command:\n${stderr}`);
+    assert.ok(stderr.includes('Authenticode'), `expected code-sign mention:\n${stderr}`);
+    assert.ok(stderr.includes('Restore'), `expected restore path:\n${stderr}`);
+    // PowerShell path is single-quoted (the critical quoting fix)
+    const dirLine = stderr.split('\n').find((l) => l.includes('$dir ='));
+    assert.ok(dirLine, `expected $dir = line, got:\n${stderr}`);
+    assert.ok(/\$dir = '/.test(dirLine), `expected single-quoted path in $dir line: ${dirLine}`);
+    // The Add-MpPreference line should reference $dir (not embed the path)
+    const mpLine = stderr.split('\n').find((l) => l.includes('Add-MpPreference'));
+    assert.ok(mpLine, `expected Add-MpPreference line:\n${stderr}`);
+    assert.ok(/-ExclusionPath \$dir/.test(mpLine), `expected -ExclusionPath $dir: ${mpLine}`);
+  } finally { fake.cleanup(); }
+});
+
+// ── Test 2: happy path (daemon present) → returns path, NO warning
+t('resolveBinary(\'skalpel\') with daemon present: silent, returns path', () => {
+  const fake = withFakeWin32Package({ daemonPresent: true });
+  try {
+    let returned = null;
+    const { stderr, exitCode } = captureStderr(() => {
+      withResolveOverride(fake.sandboxRoot, () => {
+        returned = skalpel.resolveBinary('skalpel', []);
+      });
+    });
+    assert.ok(returned && returned.endsWith('skalpel.exe'), `expected skalpel.exe, got ${returned}`);
+    assert.strictEqual(exitCode, null);
+    assert.ok(!stderr.includes('Defender'), `expected no Defender warning on happy path, got:\n${stderr}`);
+    assert.ok(!stderr.includes('quarantine'), `expected no quarantine mention on happy path:\n${stderr}`);
+  } finally { fake.cleanup(); }
+});
+
+// ── Test 3: skalpel.exe itself missing → generic Binary missing error
+t('resolveBinary(\'skalpel\') with skalpel.exe missing: generic error, NOT Defender block', () => {
+  const fake = withFakeWin32Package({ daemonPresent: false });
+  // Also remove skalpel.exe
+  fs.unlinkSync(path.join(fake.sandboxRoot, 'node_modules', '@skalpelai', 'skalpel-win32-x64', 'bin', 'skalpel.exe'));
+  try {
+    const { stderr, exitCode } = captureStderr(() => {
+      withResolveOverride(fake.sandboxRoot, () => {
+        skalpel.resolveBinary('skalpel', []);
+      });
+    });
+    assert.strictEqual(exitCode, 1, 'expected exit 1 on missing CLI binary');
+    assert.ok(stderr.includes('Binary missing'), `expected generic title:\n${stderr}`);
+    // The Defender block is gated on a successful candidate-exists check,
+    // so it should NOT fire when skalpel.exe itself is missing.
+    assert.ok(!stderr.includes('Defender'), `Defender warning should NOT fire when CLI itself missing:\n${stderr}`);
+  } finally { fake.cleanup(); }
+});
+
+// ── Test 4: non-Windows platform → no sibling check fires
+t('resolveBinary(\'skalpel\') on linux: no sibling check, silent on success', () => {
+  // Temporarily flip to linux + reset PLATFORM_PACKAGES key check
+  Object.defineProperty(process, 'platform', { value: 'linux', configurable: true });
+  try {
+    const sandboxRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'bug0039-linux-'));
+    const platDir = path.join(sandboxRoot, 'node_modules', '@skalpelai', 'skalpel-linux-x64');
+    const binDir = path.join(platDir, 'bin');
+    fs.mkdirSync(binDir, { recursive: true });
+    fs.writeFileSync(path.join(platDir, 'package.json'), JSON.stringify({ name: '@skalpelai/skalpel-linux-x64', version: '3.2.2-test' }));
+    fs.writeFileSync(path.join(binDir, 'skalpel'), 'stub');
+    // daemon intentionally missing
+    try {
+      const { stderr, exitCode } = captureStderr(() => {
+        withResolveOverride(sandboxRoot, () => {
+          skalpel.resolveBinary('skalpel', []);
+        });
+      });
+      assert.strictEqual(exitCode, null, 'expected no exit on linux happy path');
+      assert.ok(!stderr.includes('Defender'), `linux must NOT emit Defender warning:\n${stderr}`);
+    } finally { fs.rmSync(sandboxRoot, { recursive: true, force: true }); }
+  } finally {
+    Object.defineProperty(process, 'platform', { value: 'win32', configurable: true });
+  }
+});
+
+// ── Test 5: PowerShell escape of literal apostrophe in path
+t("PowerShell '' escape activates when path contains a literal apostrophe", () => {
+  // Build a sandbox under a parent dir whose NAME contains an apostrophe.
+  // NTFS allows ' in filenames, and POSIX paths do too. The Defender
+  // exclusion path will be path.dirname(siblingDaemon) — which on this
+  // sandbox includes a "with'apos" segment. The PowerShell single-quote
+  // literal MUST escape the inner ' as '' to remain valid PS syntax.
+  const parent = fs.mkdtempSync(path.join(os.tmpdir(), "bug0039-apos-"));
+  const aposDir = path.join(parent, "with'apos");
+  const platDir = path.join(aposDir, 'node_modules', '@skalpelai', 'skalpel-win32-x64');
+  const binDir = path.join(platDir, 'bin');
+  fs.mkdirSync(binDir, { recursive: true });
+  fs.writeFileSync(path.join(platDir, 'package.json'), JSON.stringify({ name: '@skalpelai/skalpel-win32-x64', version: '3.2.2-test' }));
+  fs.writeFileSync(path.join(binDir, 'skalpel.exe'), 'stub');
+  // skalpeld.exe intentionally missing
+  try {
+    const { stderr } = captureStderr(() => {
+      withResolveOverride(aposDir, () => {
+        skalpel.resolveBinary('skalpel', []);
+      });
+    });
+    const dirLine = stderr.split('\n').find((l) => l.includes('$dir ='));
+    assert.ok(dirLine, `expected $dir = line, got:\n${stderr}`);
+    // The literal ' in the path must be DOUBLED inside the single-quoted PS literal
+    assert.ok(
+      dirLine.includes("with''apos"),
+      `expected '' escape for literal apostrophe, got: ${dirLine}`
+    );
+    // And the path must still be wrapped in single quotes
+    assert.ok(/\$dir = '.*'$/.test(dirLine.trim()), `expected single-quoted: ${dirLine}`);
+  } finally {
+    fs.rmSync(parent, { recursive: true, force: true });
+  }
+});
+
+// ── summary
+process.stdout.write(`\n  results: ${pass} passed, ${fail} failed\n`);
+if (fail > 0) process.exit(1);

package/npm-bin/skalpel.js

@@ -196,6 +196,73 @@ function resolveBinary(name, argv) {
     );
     process.exit(failExit);
   }
+  // BUG-0039 sibling check (Windows only). The CLI shim binary
+  // (skalpel.exe) survives Defender heuristics — it doesn't network
+  // or spawn — but the daemon (skalpeld.exe) trips them (unsigned +
+  // network-active + spawns processes) and gets silently quarantined
+  // within ~30s of `npm install`. The user then runs `skalpel login`,
+  // the Go binary's spawn-daemon call fails with an opaque error,
+  // and the user has no idea why. Emit a one-shot actionable warning
+  // here on the CLI-resolve path so the user sees the Defender
+  // explanation BEFORE the spawn failure. Doesn't exit — `skalpel
+  // --version` / `--help` continue to work; the Go binary surfaces
+  // its own error on commands that actually need the daemon.
+  if (process.platform === 'win32' && name === 'skalpel') {
+    const siblingDaemon = path.join(pkgRoot, 'bin', 'skalpeld.exe');
+    if (!fs.existsSync(siblingDaemon)) {
+      // Single-quoted PS path with '' escape neutralises backtick,
+      // $, and apostrophe (all NTFS-legal).
+      const psSafePath = path.dirname(siblingDaemon).replace(/'/g, "''");
+      // Custom layout: box contains ONLY the diagnostic explanation,
+      // hint text is emitted as plain stderr lines BELOW the box. This
+      // keeps long Windows install paths (which can exceed 80 cols)
+      // out of the box — cmd.exe's default 80-col width would
+      // otherwise wrap the box and shatter the copy-pasteable
+      // PowerShell command. Plain-text below the box wraps naturally
+      // and the user can still copy-paste a multi-line PS literal.
+      const body = [
+        'skalpel.exe is present and runnable, but skalpeld.exe is missing',
+        'from the install. Windows Defender (or another AV) almost',
+        'certainly quarantined the unsigned daemon binary shortly after',
+        'npm finished installing. `skalpel login` and the TUI need the',
+        'daemon and will fail with an opaque error until it is restored.',
+      ].join('\n');
+      const colored = process.stderr.isTTY && !process.env.NO_COLOR;
+      const titleText = colored
+        ? theme.bold(theme.red('✗ skalpel daemon missing (Defender quarantine likely)'))
+        : '✗ skalpel daemon missing (Defender quarantine likely)';
+      const bodyDim = colored ? theme.dim(theme.text(body)) : body;
+      const boxed = box([titleText, '', bodyDim].join('\n'), colored ? 'red' : null, { padding: 1 });
+      process.stderr.write(`${boxed}\n`);
+      // Plain-text hint — long path lives on its own line, no box to corrupt.
+      process.stderr.write([
+        '',
+        'FIX (pick one):',
+        '',
+        'A. Whitelist install dir in Defender, then reinstall:',
+        '   1) Open PowerShell as Administrator',
+        '   2) Run, with the path on its own line:',
+        '',
+        `        $dir = '${psSafePath}'`,
+        '        Add-MpPreference -ExclusionPath $dir',
+        '',
+        '   3) In any shell:  npm install -g skalpel',
+        '',
+        'B. Restore the quarantined binary:',
+        '     Windows Security → Virus & threat protection →',
+        '     Protection history → Allow → Restore (skalpeld.exe).',
+        '',
+        'Different AV? Add the directory to its own exclusion UI.',
+        'Add-MpPreference only configures Windows Defender.',
+        '',
+        'Permanent fix in progress: Authenticode code-signing of the',
+        'Windows binaries.',
+        '',
+      ].join('\n'));
+      // Intentionally no process.exit — the CLI must still run for
+      // --version / --help / diagnostic commands.
+    }
+  }
   return candidate;
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skalpel",
-  "version": "3.2.3",
+  "version": "3.2.4",
   "description": "Skalpel — local proxy and TUI for coding agents (skalpel + skalpeld bundle).",
   "license": "Apache-2.0",
   "homepage": "https://skalpel.ai",
@@ -31,10 +31,11 @@
     "preinstall": "node postinstall/preinstall.js",
     "postinstall": "node postinstall/index.js",
     "preuninstall": "node postinstall/uninstall.js",
-    "test": "node postinstall/lib/run-tests.js",
+    "test": "node postinstall/lib/run-tests.js && node npm-bin/skalpel.bug-0039.test.js",
     "test:rc-edit": "node postinstall/lib/rc-edit.test.js",
     "test:postinstall": "node --test postinstall/index.test.js",
-    "test:preinstall": "node --test postinstall/preinstall.test.js"
+    "test:preinstall": "node --test postinstall/preinstall.test.js",
+    "test:bug-0039": "node npm-bin/skalpel.bug-0039.test.js"
   },
   "files": [
     "npm-bin/",
@@ -57,10 +58,10 @@
     "x64"
   ],
   "optionalDependencies": {
-    "@skalpelai/skalpel-darwin-arm64": "3.2.3",
-    "@skalpelai/skalpel-darwin-x64": "3.2.3",
-    "@skalpelai/skalpel-linux-arm64": "3.2.3",
-    "@skalpelai/skalpel-linux-x64": "3.2.3",
-    "@skalpelai/skalpel-win32-x64": "3.2.3"
+    "@skalpelai/skalpel-darwin-arm64": "3.2.4",
+    "@skalpelai/skalpel-darwin-x64": "3.2.4",
+    "@skalpelai/skalpel-linux-arm64": "3.2.4",
+    "@skalpelai/skalpel-linux-x64": "3.2.4",
+    "@skalpelai/skalpel-win32-x64": "3.2.4"
   }
 }