specrails-desktop 2.10.1 → 2.11.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "specrails-desktop",
-  "version": "2.10.1",
+  "version": "2.11.1",
   "license": "MIT",
   "repository": {
     "type": "git",

package/server/dist/core-update-manager.js

@@ -10,6 +10,7 @@ const os_1 = __importDefault(require("os"));
 const path_1 = __importDefault(require("path"));
 const framework_manager_1 = require("./framework-manager");
 const semver_lite_1 = require("./semver-lite");
+const win_spawn_1 = require("./util/win-spawn");
 /**
  * CoreUpdateManager — the voluntary, app-global specrails-core update channel.
  *
@@ -215,5 +216,8 @@ function defaultNpmInstall(spec, cwd) {
         stdio: ['ignore', 'inherit', 'inherit'],
         timeout: INSTALL_TIMEOUT_MS,
         shell: process.platform === 'win32',
+        // SystemRoot/ComSpec so npm.cmd's cmd.exe can start even if the packaged
+        // sidecar inherited a stripped Windows environment.
+        env: (0, win_spawn_1.windowsSpawnEnv)(),
     });
 }

package/server/dist/framework-manager.js

@@ -13,6 +13,19 @@ const bundled_core_1 = require("./bundled-core");
 const artifact_registry_1 = require("./artifact-registry");
 Object.defineProperty(exports, "atomicWrite", { enumerable: true, get: function () { return artifact_registry_1.atomicWrite; } });
 const semver_lite_1 = require("./semver-lite");
+const path_resolver_1 = require("./path-resolver");
+/**
+ * The node interpreter to run the core CLI with. In the PACKAGED app
+ * `process.execPath` is the `specrails-server` pkg binary — NOT node — so
+ * `spawnSync(process.execPath, [cli, …])` would re-launch the server instead of
+ * running `cli.js`, silently breaking every framework materialize/swap/assemble.
+ * Use the bundled real node when present (it always is when a bundled core is —
+ * they ship together), and fall back to `process.execPath` only in dev/tests
+ * where `process.execPath` IS node.
+ */
+function nodeInterpreter() {
+    return (0, path_resolver_1.resolveBundledNodeExe)() ?? process.execPath;
+}
 /** `~/.specrails/framework` — same home as the registry. */
 function frameworkRoot(home) {
     return path_1.default.join((0, artifact_registry_1.resolveHome)(home), '.specrails', 'framework');
@@ -114,7 +127,7 @@ class FrameworkManager {
         const errors = [];
         const done = [];
         for (const provider of dedupe(providers)) {
-            const res = (0, child_process_1.spawnSync)(process.execPath, [
+            const res = (0, child_process_1.spawnSync)(nodeInterpreter(), [
                 cli,
                 'install-framework',
                 '--framework-dir',
@@ -153,7 +166,7 @@ class FrameworkManager {
         if (readCurrentFrameworkVersion(this.home) === version)
             return true;
         const fwDir = frameworkRoot(this.home);
-        const res = (0, child_process_1.spawnSync)(process.execPath, [cli, 'swap-current', '--framework-dir', fwDir, '--version', version], { env: this.childEnv(), encoding: 'utf-8', timeout: 120_000 });
+        const res = (0, child_process_1.spawnSync)(nodeInterpreter(), [cli, 'swap-current', '--framework-dir', fwDir, '--version', version], { env: this.childEnv(), encoding: 'utf-8', timeout: 120_000 });
         if (res.error || (res.status ?? 1) !== 0)
             return false;
         return readCurrentFrameworkVersion(this.home) === version;
@@ -245,7 +258,7 @@ class FrameworkManager {
         if (!ver)
             return { ran: false };
         const fwDir = frameworkRoot(this.home);
-        const res = (0, child_process_1.spawnSync)(process.execPath, [
+        const res = (0, child_process_1.spawnSync)(nodeInterpreter(), [
             cli,
             'assemble',
             '--workspace',

package/server/dist/openspec-shim.js

@@ -12,6 +12,7 @@ const fs_1 = __importDefault(require("fs"));
 const os_1 = __importDefault(require("os"));
 const path_1 = __importDefault(require("path"));
 const bundled_openspec_1 = require("./bundled-openspec");
+const path_resolver_1 = require("./path-resolver");
 /**
  * openspec PATH shim — the robustness backstop for relocated Claude rails.
  *
@@ -54,11 +55,15 @@ function openspecShimDir(slug, jobId, home = os_1.default.homedir()) {
 function realOpenspecInvocation() {
     const cli = (0, bundled_openspec_1.getBundledOpenspecCli)();
     if (cli) {
-        // node "<cli>" — invoke the bundled openspec as a node script (Tauri strips
-        // exec bits from bundled resources, so it can't be run as a binary).
+        // <node> "<cli>" — invoke the bundled openspec as a node script (Tauri strips
+        // exec bits from bundled resources, so it can't be run as a binary). Anchor to
+        // the absolute bundled node when present rather than a bare `node` (which is
+        // PATH-dependent and may be absent / a mismatched system node in a partial
+        // bundle); fall back to bare `node` only when no bundled runtimes ship.
+        const node = (0, path_resolver_1.resolveBundledNodeExe)();
         return {
-            posix: `node ${shq(cli)}`,
-            windows: `node ${winq(cli)}`,
+            posix: `${node ? shq(node) : 'node'} ${shq(cli)}`,
+            windows: `${node ? winq(node) : 'node'} ${winq(cli)}`,
         };
     }
     // Legacy fallback: npx resolves + caches openspec. `-y` skips the install

package/server/dist/setup-manager.js

@@ -44,7 +44,7 @@ function resolveCoreBinary(bin) {
     if (bin.includes('/') || bin.includes('\\'))
         return (0, path_1.resolve)(bin);
     const result = (0, child_process_1.spawnSync)(WHICH_CMD, [bin], {
-        env: process.env,
+        env: (0, win_spawn_1.windowsSpawnEnv)(),
         shell: process.platform === 'win32',
         encoding: 'utf-8',
         timeout: 5_000,
@@ -77,7 +77,12 @@ function spawnCoreInit(args, cwd) {
     // .cmd shim AND quotes each arg, so spaces (and newlines) survive intact.
     return (0, win_spawn_1.spawnCli)(bin, fullArgs, {
         cwd,
-        env: process.env,
+        // Force RELOCATION: specrails-core installs in-repo by DEFAULT now (so a
+        // standalone `npx specrails-core init` user's CLI finds the agents in their
+        // repo). The desktop manages the cwd (spawns rails with cwd=workspace), so
+        // it MUST relocate to keep the user's imported repo pristine — independent of
+        // whether the registry mirror already ran. See specrails-core init's gate.
+        env: { ...(0, win_spawn_1.windowsSpawnEnv)(), SPECRAILS_RELOCATE: '1' },
         stdio: ['ignore', 'pipe', 'pipe'],
     });
 }
@@ -98,7 +103,9 @@ function spawnBundledCoreInit(args, cwd) {
     if (!cli || !coreRoot)
         return null;
     const fullArgs = [cli, 'init', ...args];
-    const env = { ...process.env, SPECRAILS_CORE_SCRIPT_DIR: coreRoot };
+    // Force RELOCATION (core installs in-repo by default; the desktop keeps the
+    // user's repo pristine + manages the spawn cwd). See spawnCoreInit.
+    const env = { ...(0, win_spawn_1.windowsSpawnEnv)(), SPECRAILS_CORE_SCRIPT_DIR: coreRoot, SPECRAILS_RELOCATE: '1' };
     // Bundled openspec (offline) — the LAST network step of project-add. When the
     // app ships @fission-ai/openspec, point specrails-core's `installOpenSpecProject`
     // at the bundled CLI and the SAME node we run the bundled core with. Tauri
@@ -118,9 +125,14 @@ function spawnBundledCoreInit(args, cwd) {
         // bundled node bin in desktop mode, so PATH `node` is the bundled node too).
         env.SPECRAILS_OPENSPEC_NODE = (0, path_resolver_1.resolveBundledNodeExe)() ?? 'node';
     }
-    console.log(`[SetupManager] spawning BUNDLED core: ${process.execPath} ${fullArgs.join(' ')} (cwd=${cwd})` +
+    // Run the core CLI with the REAL bundled node — NOT process.execPath, which in
+    // the packaged app is the `specrails-server` pkg binary and would re-launch the
+    // server instead of running cli.js (same trap as SPECRAILS_OPENSPEC_NODE above).
+    // Fall back to process.execPath only in dev/tests where it IS node.
+    const nodeBin = (0, path_resolver_1.resolveBundledNodeExe)() ?? process.execPath;
+    console.log(`[SetupManager] spawning BUNDLED core: ${nodeBin} ${fullArgs.join(' ')} (cwd=${cwd})` +
         (openspecCli ? ' [bundled openspec: offline]' : ' [openspec: npx fallback]'));
-    return (0, win_spawn_1.spawnCli)(process.execPath, fullArgs, {
+    return (0, win_spawn_1.spawnCli)(nodeBin, fullArgs, {
         cwd,
         env,
         stdio: ['ignore', 'pipe', 'pipe'],
@@ -137,7 +149,7 @@ function probeCoreRuntimeVersion(cwd) {
     const { bin, fullArgs } = buildCoreArgs(['version']);
     const result = (0, child_process_1.spawnSync)(bin, fullArgs, {
         cwd,
-        env: process.env,
+        env: (0, win_spawn_1.windowsSpawnEnv)(),
         shell: process.platform === 'win32',
         encoding: 'utf-8',
         timeout: CORE_PROBE_TIMEOUT_MS,

package/server/dist/setup-prerequisites.js

@@ -10,10 +10,29 @@ exports.getSetupPrerequisitesStatus = getSetupPrerequisitesStatus;
 exports.__resetSetupPrerequisitesCacheForTest = __resetSetupPrerequisitesCacheForTest;
 exports.formatMissingSetupPrerequisites = formatMissingSetupPrerequisites;
 const child_process_1 = require("child_process");
+const cross_spawn_1 = __importDefault(require("cross-spawn"));
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
 const providers_1 = require("./providers");
+const win_spawn_1 = require("./util/win-spawn");
 const WHICH_CMD = process.platform === 'win32' ? 'where' : 'which';
+/**
+ * Run `<cmd> <args>` synchronously. On Windows use cross-spawn (NOT `shell:true`):
+ * it spawns a real `.exe` directly (no `cmd.exe` interposition — pkg-safe and
+ * immune to the GUI-launch env stripping), and runs `.cmd`/`.bat` shims through
+ * `cmd.exe` with correct quoting (Node refuses to spawn `.cmd` without a shell
+ * since CVE-2024-27980). On POSIX it is a plain `spawnSync`. `windowsSpawnEnv()`
+ * guarantees `cmd.exe` can start (SystemRoot/ComSpec present even if the sidecar
+ * inherited a stripped env) — without it every bundled probe failed with a bogus
+ * "bundle corrupted — reinstall the app".
+ */
+function runVersionSpawn(cmd, args) {
+    const opts = { env: (0, win_spawn_1.windowsSpawnEnv)(), encoding: 'utf-8', timeout: 5_000 };
+    if (process.platform === 'win32') {
+        return cross_spawn_1.default.sync(cmd, args, opts);
+    }
+    return (0, child_process_1.spawnSync)(cmd, args, opts);
+}
 exports.MIN_VERSIONS = {
     node: '18.0.0',
     npm: '9.0.0',
@@ -21,11 +40,10 @@ exports.MIN_VERSIONS = {
     uv: '0.1.0',
 };
 function locateCommand(command) {
-    const result = (0, child_process_1.spawnSync)(WHICH_CMD, [command], {
-        env: process.env,
-        shell: process.platform === 'win32',
-        encoding: 'utf-8',
-    });
+    // cross-spawn (via runVersionSpawn) resolves the `where`/`which` executable
+    // and PATHEXT itself — no `shell:true` needed — and runs under an env that
+    // includes SystemRoot so `where` can actually start in the packaged sidecar.
+    const result = runVersionSpawn(WHICH_CMD, [command]);
     if (result.error || (result.status ?? 1) !== 0)
         return { found: false };
     const resolvedPath = `${result.stdout ?? ''}`.trim().split(/\r?\n/)[0]?.trim() || undefined;
@@ -39,19 +57,14 @@ function probeVersion(command, resolvedPath) {
     // `Cannot find module '/--version'` from pkg/prelude/bootstrap.js. Passing
     // an absolute path bypasses this interception.
     const target = resolvedPath || command;
-    // On Windows we must use `shell: true` to execute `.cmd` shims (npm, npx) — Node
-    // refuses to spawn them directly since CVE-2024-27980. But cmd.exe splits the
-    // command line on whitespace, so an absolute path like
-    // `C:\Program Files\Git\cmd\git.exe` becomes `C:\Program` + arg `Files\Git\...`.
-    // Wrap the target in double quotes when it contains a space.
-    const isWin = process.platform === 'win32';
-    const quotedTarget = isWin && /\s/.test(target) ? `"${target}"` : target;
-    const result = (0, child_process_1.spawnSync)(quotedTarget, ['--version'], {
-        env: process.env,
-        shell: isWin,
-        encoding: 'utf-8',
-        timeout: 5_000,
-    });
+    // Spawn via cross-spawn on Windows (NOT shell:true). A bundled `.exe`
+    // (node.exe, git.exe) is launched DIRECTLY — no cmd.exe interposition — so a
+    // path with spaces needs no manual quoting and pkg's bare-name redirect never
+    // applies. A `.cmd` shim (npm.cmd, npx.cmd) is run through cmd.exe by
+    // cross-spawn with correct escaping. The env carries SystemRoot so cmd.exe can
+    // start. This replaces the old `shell:true` path that made every bundled probe
+    // fail with a bogus "corrupted-bundle" when the sidecar env lacked SystemRoot.
+    const result = runVersionSpawn(target, ['--version']);
     if (result.error) {
         const err = result.error;
         return { executed: false, error: `${err.code ?? 'ERR'}: ${err.message}` };

package/server/dist/util/win-spawn.js

@@ -25,16 +25,41 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.spawnCli = spawnCli;
+exports.windowsSpawnEnv = windowsSpawnEnv;
 exports.resolveWindowsBinary = resolveWindowsBinary;
 const child_process_1 = require("child_process");
 const cross_spawn_1 = __importDefault(require("cross-spawn"));
 function spawnCli(binary, args, options = {}) {
-    /* c8 ignore next 3 -- Windows-only branch; coverage runs on Linux/macOS */
+    /* c8 ignore next 5 -- Windows-only branch; coverage runs on Linux/macOS */
     if (process.platform === 'win32') {
-        return (0, cross_spawn_1.default)(binary, args, options);
+        // Guarantee SystemRoot/ComSpec so cmd.exe (which cross-spawn uses to run
+        // `.cmd` shims like claude.cmd/npm.cmd) can start even when the packaged
+        // sidecar inherited a stripped environment. Chokepoint for EVERY Windows
+        // spawn — protects rails, chat, setup and probes uniformly.
+        return (0, cross_spawn_1.default)(binary, args, { ...options, env: windowsSpawnEnv(options.env) });
     }
     return (0, child_process_1.spawn)(binary, args, options);
 }
+/**
+ * Return an environment safe for spawning children on Windows. The desktop
+ * server runs as a pkg-packaged sidecar launched by the Tauri host, and that
+ * spawn can deliver a STRIPPED environment missing `SystemRoot` / `windir` /
+ * `ComSpec`. Without `SystemRoot`, `cmd.exe` (used to run `.cmd` shims like
+ * `npm.cmd`/`npx.cmd`, and by cross-spawn) fails to initialise — which silently
+ * broke every bundled-tool `--version` probe and any npx/npm spawn during setup.
+ * Reconstructs the canonical values when absent. No-op (returns `base`
+ * unchanged) on POSIX. Pass a base env to layer extra vars on top.
+ */
+function windowsSpawnEnv(base = process.env) {
+    if (process.platform !== 'win32')
+        return base;
+    const env = { ...base };
+    const systemRoot = env.SystemRoot || env.windir || 'C:\\Windows';
+    env.SystemRoot = systemRoot;
+    env.windir = env.windir || systemRoot;
+    env.ComSpec = env.ComSpec || `${systemRoot.replace(/[\\/]$/, '')}\\System32\\cmd.exe`;
+    return env;
+}
 // Back-compat for callsites that only need the resolved binary
 // (e.g. logging). Kept as a no-op identity on POSIX; on Windows
 // `where`-based resolution lives inside cross-spawn now.