stow-cli 2.2.0 → 2.2.3

package/dist/buckets-FPMMPRR2.js

@@ -0,0 +1,130 @@
+import {
+  parseJsonInput
+} from "./chunk-XVKIRHTX.js";
+import {
+  validateBucketName
+} from "./chunk-NBHBVKP5.js";
+import {
+  isJsonOutput,
+  output
+} from "./chunk-KPIQZBTO.js";
+import {
+  formatBytes,
+  formatTable
+} from "./chunk-PE6V3MVP.js";
+import {
+  createStow
+} from "./chunk-5LU25QZK.js";
+import "./chunk-TOADDO2F.js";
+
+// src/commands/buckets.ts
+async function listBuckets() {
+  const stow = createStow();
+  const data = await stow.listBuckets();
+  if (data.buckets.length === 0) {
+    if (isJsonOutput()) {
+      output(data);
+    } else {
+      console.log("No buckets yet. Create one with: stow buckets create <name>");
+    }
+    return;
+  }
+  output(data, () => {
+    const rows = data.buckets.map((b) => [
+      b.name,
+      b.isPublic ? "public" : "private",
+      b.searchable ? "yes" : "no",
+      `${b.fileCount ?? 0} files`,
+      formatBytes(b.usageBytes ?? 0),
+      b.description || ""
+    ]);
+    return formatTable(["Name", "Access", "Search", "Files", "Size", "Description"], rows);
+  });
+}
+async function createBucket(name, options) {
+  const input = parseJsonInput(options.inputJson, {
+    name,
+    description: options.description,
+    public: options.public
+  });
+  validateBucketName(input.name);
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "createBucket",
+          details: {
+            name: input.name,
+            description: input.description ?? null,
+            isPublic: input.public ?? false
+          }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  const stow = createStow();
+  const bucket = await stow.createBucket({
+    name: input.name,
+    ...input.description ? { description: input.description } : {},
+    ...input.public ? { isPublic: true } : {}
+  });
+  console.log(`Created bucket: ${bucket.name}`);
+}
+async function renameBucket(name, newName, options) {
+  const input = parseJsonInput(options.inputJson, {
+    name,
+    newName
+  });
+  validateBucketName(input.name);
+  validateBucketName(input.newName);
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "renameBucket",
+          details: { name: input.name, newName: input.newName }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  if (!options.yes) {
+    console.error("Warning: Renaming a bucket will break any existing URLs using the old name.");
+    console.error("Use --yes to skip this warning.");
+  }
+  const stow = createStow();
+  const bucket = await stow.renameBucket(input.name, input.newName);
+  console.log(`Renamed bucket: ${input.name} \u2192 ${bucket.name}`);
+}
+async function deleteBucket(id, options = {}) {
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "deleteBucket",
+          details: { id }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  const stow = createStow();
+  await stow.deleteBucket(id);
+  console.log(`Deleted bucket: ${id}`);
+}
+export {
+  createBucket,
+  deleteBucket,
+  listBuckets,
+  renameBucket
+};

package/dist/buckets-JJBWUVKF.js

@@ -0,0 +1,137 @@
+import {
+  parseJsonInput
+} from "./chunk-AHBVZRDR.js";
+import {
+  validateBucketName
+} from "./chunk-533UGNLM.js";
+import {
+  isJsonOutput,
+  output
+} from "./chunk-RH4BOSYB.js";
+import {
+  formatBytes,
+  formatTable
+} from "./chunk-FZGOTXTE.js";
+import {
+  createStow
+} from "./chunk-5LU25QZK.js";
+import "./chunk-TOADDO2F.js";
+
+// src/commands/buckets.ts
+async function listBuckets() {
+  const stow = createStow();
+  const data = await stow.listBuckets();
+  if (data.buckets.length === 0) {
+    if (isJsonOutput()) {
+      output(data);
+    } else {
+      console.log(
+        "No buckets yet. Create one with: stow buckets create <name>"
+      );
+    }
+    return;
+  }
+  output(data, () => {
+    const rows = data.buckets.map((b) => [
+      b.name,
+      b.isPublic ? "public" : "private",
+      b.searchable ? "yes" : "no",
+      `${b.fileCount ?? 0} files`,
+      formatBytes(b.usageBytes ?? 0),
+      b.description || ""
+    ]);
+    return formatTable(
+      ["Name", "Access", "Search", "Files", "Size", "Description"],
+      rows
+    );
+  });
+}
+async function createBucket(name, options) {
+  const input = parseJsonInput(options.inputJson, {
+    name,
+    description: options.description,
+    public: options.public
+  });
+  validateBucketName(input.name);
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "createBucket",
+          details: {
+            name: input.name,
+            description: input.description ?? null,
+            isPublic: input.public ?? false
+          }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  const stow = createStow();
+  const bucket = await stow.createBucket({
+    name: input.name,
+    ...input.description ? { description: input.description } : {},
+    ...input.public ? { isPublic: true } : {}
+  });
+  console.log(`Created bucket: ${bucket.name}`);
+}
+async function renameBucket(name, newName, options) {
+  const input = parseJsonInput(
+    options.inputJson,
+    { name, newName }
+  );
+  validateBucketName(input.name);
+  validateBucketName(input.newName);
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "renameBucket",
+          details: { name: input.name, newName: input.newName }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  if (!options.yes) {
+    console.error(
+      "Warning: Renaming a bucket will break any existing URLs using the old name."
+    );
+    console.error("Use --yes to skip this warning.");
+  }
+  const stow = createStow();
+  const bucket = await stow.renameBucket(input.name, input.newName);
+  console.log(`Renamed bucket: ${input.name} \u2192 ${bucket.name}`);
+}
+async function deleteBucket(id, options = {}) {
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "deleteBucket",
+          details: { id }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  const stow = createStow();
+  await stow.deleteBucket(id);
+  console.log(`Deleted bucket: ${id}`);
+}
+export {
+  createBucket,
+  deleteBucket,
+  listBuckets,
+  renameBucket
+};

package/dist/buckets-VYI2QVLO.js

@@ -0,0 +1,137 @@
+import {
+  parseJsonInput
+} from "./chunk-3BLL5SQJ.js";
+import {
+  validateBucketName
+} from "./chunk-PLZFHPLC.js";
+import {
+  isJsonOutput,
+  output
+} from "./chunk-5BVMPHKH.js";
+import {
+  formatBytes,
+  formatTable
+} from "./chunk-FZGOTXTE.js";
+import {
+  createStow
+} from "./chunk-5LU25QZK.js";
+import "./chunk-TOADDO2F.js";
+
+// src/commands/buckets.ts
+async function listBuckets() {
+  const stow = createStow();
+  const data = await stow.listBuckets();
+  if (data.buckets.length === 0) {
+    if (isJsonOutput()) {
+      output(data);
+    } else {
+      console.log(
+        "No buckets yet. Create one with: stow buckets create <name>"
+      );
+    }
+    return;
+  }
+  output(data, () => {
+    const rows = data.buckets.map((b) => [
+      b.name,
+      b.isPublic ? "public" : "private",
+      b.searchable ? "yes" : "no",
+      `${b.fileCount ?? 0} files`,
+      formatBytes(b.usageBytes ?? 0),
+      b.description || ""
+    ]);
+    return formatTable(
+      ["Name", "Access", "Search", "Files", "Size", "Description"],
+      rows
+    );
+  });
+}
+async function createBucket(name, options) {
+  const input = parseJsonInput(options.inputJson, {
+    name,
+    description: options.description,
+    public: options.public
+  });
+  validateBucketName(input.name);
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "createBucket",
+          details: {
+            name: input.name,
+            description: input.description ?? null,
+            isPublic: input.public ?? false
+          }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  const stow = createStow();
+  const bucket = await stow.createBucket({
+    name: input.name,
+    ...input.description ? { description: input.description } : {},
+    ...input.public ? { isPublic: true } : {}
+  });
+  console.log(`Created bucket: ${bucket.name}`);
+}
+async function renameBucket(name, newName, options) {
+  const input = parseJsonInput(
+    options.inputJson,
+    { name, newName }
+  );
+  validateBucketName(input.name);
+  validateBucketName(input.newName);
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "renameBucket",
+          details: { name: input.name, newName: input.newName }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  if (!options.yes) {
+    console.error(
+      "Warning: Renaming a bucket will break any existing URLs using the old name."
+    );
+    console.error("Use --yes to skip this warning.");
+  }
+  const stow = createStow();
+  const bucket = await stow.renameBucket(input.name, input.newName);
+  console.log(`Renamed bucket: ${input.name} \u2192 ${bucket.name}`);
+}
+async function deleteBucket(id, options = {}) {
+  if (options.dryRun) {
+    console.log(
+      JSON.stringify(
+        {
+          dryRun: true,
+          action: "deleteBucket",
+          details: { id }
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  const stow = createStow();
+  await stow.deleteBucket(id);
+  console.log(`Deleted bucket: ${id}`);
+}
+export {
+  createBucket,
+  deleteBucket,
+  listBuckets,
+  renameBucket
+};

package/dist/chunk-533UGNLM.js

@@ -0,0 +1,42 @@
+// src/lib/validate-input.ts
+import path from "path";
+var InputValidationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "InputValidationError";
+  }
+};
+function validateInput(value, context) {
+  if (value.includes("../") || value.includes("..\\")) {
+    throw new InputValidationError(`${context}: path traversal not allowed`);
+  }
+  if (context !== "url" && value.includes("?")) {
+    throw new InputValidationError(`${context}: embedded query parameters not allowed`);
+  }
+  if (/[\x00-\x08\x0B\x0C\x0E-\x1F]/.test(value)) {
+    throw new InputValidationError(`${context}: control characters not allowed`);
+  }
+  if (/%25/.test(value)) {
+    throw new InputValidationError(`${context}: double-encoded values not allowed`);
+  }
+  if (/%2[fF]/.test(value) || /%2[eE]/.test(value)) {
+    throw new InputValidationError(`${context}: percent-encoded path characters not allowed`);
+  }
+  if (context !== "url" && value.includes("#")) {
+    throw new InputValidationError(`${context}: embedded hash fragments not allowed`);
+  }
+  return value;
+}
+function validateBucketName(name) {
+  return validateInput(name, "bucket name");
+}
+function validateFileKey(key) {
+  return validateInput(key, "file key");
+}
+
+export {
+  InputValidationError,
+  validateInput,
+  validateBucketName,
+  validateFileKey
+};

package/dist/chunk-5BVMPHKH.js

@@ -0,0 +1,147 @@
+// src/lib/sanitize-response.ts
+var INJECTION_PATTERNS = [
+  // Direct instruction injection
+  /\b(?:ignore|disregard|forget)\b.*\b(?:previous|above|prior)\b.*\b(?:instructions?|rules?|context)\b/i,
+  // System prompt extraction attempts
+  /\b(?:reveal|show|print|output|display)\b.*\b(?:system\s*prompt|instructions?|rules?)\b/i,
+  // Role hijacking
+  /\byou\s+are\s+(?:now|a)\b/i,
+  // Tool/action injection
+  /\b(?:execute|run|call)\b.*\b(?:command|tool|function|bash|shell)\b/i,
+  // Markdown/XML injection that could affect agent parsing
+  /<\/?(?:system|user|assistant|tool_use|tool_result)\b/i
+];
+var USER_CONTENT_FIELDS = /* @__PURE__ */ new Set([
+  "originalFilename",
+  "filename",
+  "name",
+  "description",
+  "label",
+  "text",
+  "slug",
+  "webhookUrl"
+]);
+function detectInjection(value) {
+  return INJECTION_PATTERNS.some((pattern) => pattern.test(value));
+}
+function sanitizeValue(value) {
+  if (detectInjection(value)) {
+    return `[FLAGGED: potential prompt injection] ${value}`;
+  }
+  return value;
+}
+function sanitizeResponse(data) {
+  if (data === null || data === void 0) return data;
+  if (typeof data === "string") {
+    return sanitizeValue(data);
+  }
+  if (Array.isArray(data)) {
+    return data.map((item) => sanitizeResponse(item));
+  }
+  if (typeof data === "object") {
+    const result = {};
+    for (const [key, value] of Object.entries(
+      data
+    )) {
+      if (USER_CONTENT_FIELDS.has(key) && typeof value === "string") {
+        result[key] = sanitizeValue(value);
+      } else if (typeof value === "object" && value !== null) {
+        result[key] = sanitizeResponse(value);
+      } else {
+        result[key] = value;
+      }
+    }
+    return result;
+  }
+  return data;
+}
+
+// src/lib/output.ts
+var _forceHuman = false;
+var _globalFields;
+var _globalNdjson = false;
+function setForceHuman(value) {
+  _forceHuman = value;
+}
+function setGlobalFields(fields) {
+  _globalFields = fields;
+}
+function setGlobalNdjson(value) {
+  _globalNdjson = value;
+}
+function isJsonOutput() {
+  if (_forceHuman) return false;
+  return !process.stdout.isTTY;
+}
+function output(data, humanFormatter, options) {
+  const sanitized = sanitizeResponse(data);
+  const unwrapped = _globalFields || _globalNdjson ? unwrapArray(sanitized) : sanitized;
+  const masked = applyFieldMask(unwrapped, _globalFields);
+  if (_globalNdjson && Array.isArray(masked)) {
+    outputNdjson(masked);
+    return;
+  }
+  if (options?.json || isJsonOutput()) {
+    console.log(JSON.stringify(masked, null, 2));
+  } else if (humanFormatter && !_globalFields) {
+    console.log(humanFormatter());
+  } else {
+    console.log(JSON.stringify(masked, null, 2));
+  }
+}
+function outputError(error, code, details) {
+  if (isJsonOutput()) {
+    console.error(
+      JSON.stringify({ error, ...code ? { code } : {}, ...details })
+    );
+  } else {
+    console.error(`Error: ${error}`);
+  }
+  process.exit(1);
+}
+function outputNdjson(items) {
+  for (const item of items) {
+    const sanitized = sanitizeResponse(item);
+    console.log(JSON.stringify(sanitized));
+  }
+}
+function applyFieldMask(data, fields) {
+  if (!fields) return data;
+  const fieldSet = new Set(fields.split(",").map((f) => f.trim()));
+  if (Array.isArray(data)) {
+    return data.map((item) => pickFields(item, fieldSet));
+  }
+  if (typeof data === "object" && data !== null) {
+    return pickFields(data, fieldSet);
+  }
+  return data;
+}
+function unwrapArray(data) {
+  if (typeof data !== "object" || data === null || Array.isArray(data)) {
+    return data;
+  }
+  const entries = Object.entries(data);
+  if (entries.length === 1 && Array.isArray(entries[0][1])) {
+    return entries[0][1];
+  }
+  return data;
+}
+function pickFields(obj, fieldSet) {
+  if (typeof obj !== "object" || obj === null) return {};
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (fieldSet.has(key)) {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+
+export {
+  setForceHuman,
+  setGlobalFields,
+  setGlobalNdjson,
+  isJsonOutput,
+  output,
+  outputError
+};