superlocalmemory 3.4.19 → 3.4.22

package/scripts/postinstall_binary.js

@@ -0,0 +1,287 @@
+#!/usr/bin/env node
+/**
+ * SuperLocalMemory v3.4.21 — slm-hook binary fetcher.
+ *
+ * LLD reference: .backup/active-brain/lld/LLD-06-windows-binary-and-legacy-migration.md §6.2
+ *
+ * Fails open: any network / SHA / unpack failure logs a warning and
+ * exits 0. The dispatcher (bin/slm) falls back to the Python path so
+ * the hook still works — just slower on Windows.
+ *
+ * Stdlib-only (node:https, node:crypto, node:fs, node:path, node:os).
+ */
+'use strict';
+
+const fs = require('node:fs');
+const fsp = require('node:fs/promises');
+const path = require('node:path');
+const os = require('node:os');
+const crypto = require('node:crypto');
+const https = require('node:https');
+
+const SLM_HOME = path.join(os.homedir(), '.superlocalmemory');
+const BIN_DIR = path.join(SLM_HOME, 'bin');
+const MANIFEST_BASE_URL = process.env.SLM_MANIFEST_BASE_URL ||
+    'https://github.com/qualixar/superlocalmemory/releases/download';
+
+// Map Node os.platform() / os.arch() -> canonical manifest tuple.
+const PLATFORM_MAP = {
+    'darwin': 'macos',
+    'linux': 'linux',
+    'win32': 'windows',
+};
+const ARCH_MAP = {
+    'arm64': 'arm64',
+    'x64': 'x86_64',
+    'x86_64': 'x86_64',
+};
+
+function canonicalPlatformArch(platform, arch) {
+    const p = PLATFORM_MAP[platform] || null;
+    const a = ARCH_MAP[arch] || null;
+    return (p && a) ? { platform: p, arch: a } : null;
+}
+
+function logInfo(msg) { console.log(`[slm-hook] ${msg}`); }
+function logWarn(msg) { console.warn(`[slm-hook] ${msg}`); }
+
+// S8-SEC-03: redirect host allow-list. Previously any 3xx ``Location``
+// header would be followed blindly, so a compromised upstream (DNS
+// hijack, typosquat in the package registry) could redirect the postinstall
+// download to an attacker-controlled host and substitute the hook binary.
+// We only follow redirects back to GitHub's own release CDN.
+const ALLOWED_REDIRECT_HOSTS = new Set([
+    'github.com',
+    'api.github.com',
+    'codeload.github.com',
+    'objects.githubusercontent.com',
+    'raw.githubusercontent.com',
+    'release-assets.githubusercontent.com',
+]);
+
+function redirectIsAllowed(rawLocation) {
+    if (typeof rawLocation !== 'string' || rawLocation.length === 0) return false;
+    try {
+        const parsed = new URL(rawLocation);
+        if (parsed.protocol !== 'https:') return false;
+        return ALLOWED_REDIRECT_HOSTS.has(parsed.hostname);
+    } catch (_err) {
+        return false;
+    }
+}
+
+function fetchJson(url) {
+    return new Promise((resolve, reject) => {
+        const req = https.get(url, (res) => {
+            if (res.statusCode && res.statusCode >= 300 &&
+                res.statusCode < 400 && res.headers.location) {
+                if (!redirectIsAllowed(res.headers.location)) {
+                    reject(new Error('redirect host not allow-listed'));
+                    return;
+                }
+                // Single redirect hop — GitHub releases use redirects.
+                fetchJson(res.headers.location).then(resolve, reject);
+                return;
+            }
+            if (res.statusCode !== 200) {
+                reject(new Error(`HTTP ${res.statusCode} for ${url}`));
+                return;
+            }
+            const chunks = [];
+            res.on('data', (c) => chunks.push(c));
+            res.on('end', () => {
+                try {
+                    resolve(JSON.parse(Buffer.concat(chunks).toString('utf8')));
+                } catch (err) {
+                    reject(err);
+                }
+            });
+        });
+        req.on('error', reject);
+        req.setTimeout(15000, () => {
+            req.destroy(new Error('timeout fetching manifest'));
+        });
+    });
+}
+
+function downloadFile(url, destPath) {
+    return new Promise((resolve, reject) => {
+        const out = fs.createWriteStream(destPath);
+        const req = https.get(url, (res) => {
+            if (res.statusCode && res.statusCode >= 300 &&
+                res.statusCode < 400 && res.headers.location) {
+                if (!redirectIsAllowed(res.headers.location)) {
+                    out.close();
+                    fs.unlink(destPath, () => {});
+                    reject(new Error('redirect host not allow-listed'));
+                    return;
+                }
+                out.close();
+                fs.unlink(destPath, () => {
+                    downloadFile(res.headers.location, destPath)
+                        .then(resolve, reject);
+                });
+                return;
+            }
+            if (res.statusCode !== 200) {
+                out.close();
+                fs.unlink(destPath, () => {});
+                reject(new Error(`HTTP ${res.statusCode} for ${url}`));
+                return;
+            }
+            res.pipe(out);
+            out.on('finish', () => out.close(resolve));
+        });
+        req.on('error', (err) => {
+            out.close();
+            fs.unlink(destPath, () => {});
+            reject(err);
+        });
+        req.setTimeout(60000, () => {
+            req.destroy(new Error('timeout downloading asset'));
+        });
+    });
+}
+
+async function sha256File(filePath) {
+    const h = crypto.createHash('sha256');
+    const stream = fs.createReadStream(filePath);
+    return new Promise((resolve, reject) => {
+        stream.on('data', (c) => h.update(c));
+        stream.on('end', () => resolve(h.digest('hex')));
+        stream.on('error', reject);
+    });
+}
+
+function pickAsset(manifest, platform, arch) {
+    if (!manifest || !Array.isArray(manifest.assets)) return null;
+    // Prefer setup.exe on Windows (Inno Setup) when present, fall back
+    // to plain archive.
+    const matches = manifest.assets.filter(a =>
+        a.platform === platform && a.arch === arch);
+    if (matches.length === 0) return null;
+    // Deterministic ordering: setup.exe > .zip > .tar.gz
+    matches.sort((a, b) => {
+        const rank = (n) => n.endsWith('setup.exe') ? 0 :
+            n.endsWith('.zip') ? 1 : 2;
+        return rank(a.name) - rank(b.name);
+    });
+    return matches[0];
+}
+
+async function main() {
+    try {
+        const pkgJson = require(path.join(__dirname, '..', 'package.json'));
+        const version = pkgJson.version;
+        const url = `${MANIFEST_BASE_URL}/v${version}/manifest.json`;
+
+        const pa = canonicalPlatformArch(os.platform(), os.arch());
+        if (!pa) {
+            logWarn(`unsupported platform ${os.platform()}/${os.arch()}; ` +
+                    'Python fallback');
+            return 0;
+        }
+
+        let manifest;
+        try {
+            manifest = await fetchJson(url);
+        } catch (err) {
+            logWarn(`manifest fetch failed: ${err.message}; Python fallback`);
+            return 0;
+        }
+
+        const asset = pickAsset(manifest, pa.platform, pa.arch);
+        if (!asset) {
+            logWarn(`no prebuilt binary for ${pa.platform}/${pa.arch}; ` +
+                    'Python fallback');
+            return 0;
+        }
+
+        // S8-SEC-01 fix: the manifest is remote-attacker-controllable (even
+        // when minisigned, the signer is a release process we don't fully
+        // trust at the per-asset level). Reject any ``asset.name`` that
+        // contains a path separator, traversal segments, or is empty —
+        // and re-derive the safe filename from basename before joining.
+        // Without this, a poisoned manifest can write arbitrary paths
+        // (e.g., "../../.ssh/authorized_keys") even though SHA-256 validates
+        // the bytes, because SHA only binds the content to the claimed name.
+        const rawName = typeof asset.name === 'string' ? asset.name : '';
+        if (!rawName
+            || rawName.includes('/')
+            || rawName.includes('\\')
+            || rawName.includes('\0')
+            || rawName === '.'
+            || rawName === '..'
+            || rawName.startsWith('.')) {
+            logWarn(`rejected asset name (path-traversal guard): ` +
+                    `${JSON.stringify(rawName)}; Python fallback`);
+            return 0;
+        }
+        const safeName = path.basename(rawName);
+        if (safeName !== rawName) {
+            logWarn(`asset name changed under basename sanitisation: ` +
+                    `${JSON.stringify(rawName)} -> ${JSON.stringify(safeName)}; ` +
+                    'Python fallback');
+            return 0;
+        }
+
+        await fsp.mkdir(BIN_DIR, { recursive: true });
+        const tmpName = `${safeName}.part`;
+        const tmpPath = path.join(BIN_DIR, tmpName);
+        try {
+            await downloadFile(asset.url, tmpPath);
+        } catch (err) {
+            logWarn(`download failed: ${err.message}; Python fallback`);
+            await fsp.unlink(tmpPath).catch(() => {});
+            return 0;
+        }
+
+        const actual = await sha256File(tmpPath);
+        if (actual !== asset.sha256) {
+            await fsp.unlink(tmpPath).catch(() => {});
+            logWarn(`SHA-256 mismatch for ${asset.name}: expected ` +
+                    `${asset.sha256}, got ${actual}; Python fallback`);
+            return 0;
+        }
+
+        const finalPath = path.join(BIN_DIR, safeName);
+        // Belt-and-suspenders: after resolving the final path, assert it
+        // sits under BIN_DIR. ``path.resolve`` normalises any '..' that
+        // could have slipped through; if the result escapes BIN_DIR
+        // (which it shouldn't after basename sanitisation, but it's
+        // cheap insurance), refuse to install.
+        const resolvedFinal = path.resolve(finalPath);
+        const resolvedBin = path.resolve(BIN_DIR);
+        if (!resolvedFinal.startsWith(resolvedBin + path.sep)
+            && resolvedFinal !== resolvedBin) {
+            await fsp.unlink(tmpPath).catch(() => {});
+            logWarn(`path escape detected: ${resolvedFinal} not under ` +
+                    `${resolvedBin}; Python fallback`);
+            return 0;
+        }
+        await fsp.rename(tmpPath, finalPath);
+        logInfo(`✓ slm-hook asset fetched: ${asset.name} ` +
+                `(${asset.signing})`);
+        logInfo(`  path: ${finalPath}`);
+        logInfo('  Note: unpack step is platform-specific; ' +
+                'the installer runs it.');
+        return 0;
+    } catch (err) {
+        logWarn(`unexpected error: ${err.message}; Python fallback`);
+        return 0;
+    }
+}
+
+// Exports for testing; direct execution runs main().
+module.exports = {
+    canonicalPlatformArch,
+    pickAsset,
+    sha256File,
+    MANIFEST_BASE_URL,
+    main,
+};
+
+if (require.main === module) {
+    main().then((code) => process.exit(code || 0),
+                () => process.exit(0));
+}

package/scripts/release_manifest.py

@@ -0,0 +1,273 @@
+# Copyright (c) 2026 Varun Pratap Bhardwaj / Qualixar
+# Licensed under AGPL-3.0-or-later - see LICENSE file
+# Part of SuperLocalMemory v3.4.22 — LLD-06 §6.1
+
+"""Generate the release ``manifest.json`` for ``slm-hook`` binaries.
+
+LLD reference: ``.backup/active-brain/lld/LLD-06-windows-binary-and-legacy-migration.md``
+Section 6.1 (Release manifest).
+
+Shape (per LLD-06 §6.1):
+
+    {
+      "version": "3.4.22",
+      "released_at": "2026-04-17T00:00:00Z",
+      "assets": [
+        {
+          "name": "slm-hook-macos-arm64.tar.gz",
+          "url":  "https://.../manifest.json",
+          "size_bytes": 5312000,
+          "sha256": "a7c3...",
+          "signing": "apple-notarized"
+        }, ...
+      ],
+      "manifest_sha256_self": "...",
+      "manifest_signature": "minisign: placeholder"
+    }
+
+Minisign signing is OUT of scope at Stage 6 — this module emits a
+placeholder and a ``manifest.minisig`` stub. Real signing is a CI job
+that layers on top (needs the private key in GitHub Secrets).
+"""
+from __future__ import annotations
+
+import hashlib
+import json
+from dataclasses import dataclass, field
+from datetime import datetime, timezone
+from pathlib import Path
+
+# Signing envelope strings — one per expected platform. Must match the
+# values the dispatcher + postinstall check. Kept as constants so tests
+# can lock them.
+SIGNING_APPLE_NOTARIZED = "apple-notarized"
+SIGNING_AUTHENTICODE = "authenticode"
+SIGNING_UNSIGNED = "unsigned"
+
+# Default base URL used when the caller doesn't supply one. Kept in a
+# constant so tests can assert the release shape without a network call.
+DEFAULT_BASE_URL = (
+    "https://github.com/qualixar/superlocalmemory/releases/download"
+)
+
+# Allowed platform/arch combos we ship binaries for. Any asset whose
+# filename does not encode one of these is rejected.
+_VALID_PLATFORMS: frozenset[tuple[str, str]] = frozenset({
+    ("macos", "arm64"),
+    ("macos", "x86_64"),
+    ("linux", "x86_64"),
+    ("linux", "arm64"),
+    ("windows", "x86_64"),
+})
+
+
+@dataclass(frozen=True, slots=True)
+class AssetSpec:
+    """Input spec for a single release artefact on disk."""
+
+    path: Path
+    platform: str
+    arch: str
+    signing: str
+
+
+@dataclass(frozen=True, slots=True)
+class Manifest:
+    """In-memory representation of the manifest to be serialized."""
+
+    version: str
+    released_at: str
+    assets: list[dict] = field(default_factory=list)
+    manifest_sha256_self: str = ""
+    manifest_signature: str = "minisign: placeholder"
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+def _sha256_file(path: Path) -> str:
+    h = hashlib.sha256()
+    with path.open("rb") as fh:
+        for chunk in iter(lambda: fh.read(1024 * 1024), b""):
+            h.update(chunk)
+    return h.hexdigest()
+
+
+def _utcnow_iso() -> str:
+    return datetime.now(timezone.utc).replace(microsecond=0).isoformat()
+
+
+def _validate_platform(platform: str, arch: str) -> None:
+    if (platform, arch) not in _VALID_PLATFORMS:
+        raise ValueError(
+            f"unsupported platform/arch: {platform}/{arch}"
+        )
+
+
+def _validate_signing(signing: str) -> None:
+    allowed = {SIGNING_APPLE_NOTARIZED, SIGNING_AUTHENTICODE,
+               SIGNING_UNSIGNED}
+    if signing not in allowed:
+        raise ValueError(
+            f"invalid signing value: {signing!r} (allowed: {allowed})"
+        )
+
+
+def _asset_url(base_url: str, version: str, filename: str) -> str:
+    base = base_url.rstrip("/")
+    return f"{base}/v{version}/{filename}"
+
+
+# ---------------------------------------------------------------------------
+# Builders
+# ---------------------------------------------------------------------------
+
+def build_asset_entry(
+    spec: AssetSpec,
+    *,
+    version: str,
+    base_url: str,
+) -> dict:
+    """Compute a single manifest asset entry."""
+    if not spec.path.is_file():
+        raise FileNotFoundError(f"asset missing: {spec.path}")
+    _validate_platform(spec.platform, spec.arch)
+    _validate_signing(spec.signing)
+
+    return {
+        "name": spec.path.name,
+        "url": _asset_url(base_url, version, spec.path.name),
+        "size_bytes": spec.path.stat().st_size,
+        "sha256": _sha256_file(spec.path),
+        "signing": spec.signing,
+        "platform": spec.platform,
+        "arch": spec.arch,
+    }
+
+
+def build_manifest(
+    version: str,
+    assets: list[AssetSpec],
+    *,
+    base_url: str = DEFAULT_BASE_URL,
+    released_at: str | None = None,
+) -> Manifest:
+    """Assemble the full Manifest object (including self SHA)."""
+    if not version:
+        raise ValueError("version is required")
+    if not assets:
+        raise ValueError("at least one asset is required")
+
+    entries: list[dict] = [
+        build_asset_entry(spec, version=version, base_url=base_url)
+        for spec in assets
+    ]
+    payload = {
+        "version": version,
+        "released_at": released_at or _utcnow_iso(),
+        "assets": entries,
+    }
+    # Compute the manifest-self SHA over the canonical JSON WITHOUT the
+    # self-SHA field (otherwise it would be recursive).
+    serialized = json.dumps(payload, sort_keys=True,
+                            separators=(",", ":")).encode("utf-8")
+    self_sha = hashlib.sha256(serialized).hexdigest()
+
+    return Manifest(
+        version=version,
+        released_at=payload["released_at"],
+        assets=entries,
+        manifest_sha256_self=self_sha,
+        manifest_signature="minisign: placeholder",
+    )
+
+
+def serialize(manifest: Manifest) -> str:
+    """Deterministic JSON serialization for on-disk storage."""
+    doc = {
+        "version": manifest.version,
+        "released_at": manifest.released_at,
+        "assets": manifest.assets,
+        "manifest_sha256_self": manifest.manifest_sha256_self,
+        "manifest_signature": manifest.manifest_signature,
+    }
+    return json.dumps(doc, indent=2, sort_keys=False) + "\n"
+
+
+def write_manifest(
+    manifest: Manifest,
+    dest_dir: Path,
+) -> tuple[Path, Path]:
+    """Write ``manifest.json`` + a stub ``manifest.minisig`` to ``dest_dir``.
+
+    Returns the two paths (for caller convenience).
+    """
+    dest_dir.mkdir(parents=True, exist_ok=True)
+    manifest_path = dest_dir / "manifest.json"
+    sig_path = dest_dir / "manifest.minisig"
+
+    manifest_path.write_text(serialize(manifest), encoding="utf-8")
+    # Placeholder — real minisig produced by a separate CI job.
+    sig_path.write_text(
+        "untrusted comment: placeholder - real signature added by CI\n"
+        f"manifest_sha256_self: {manifest.manifest_sha256_self}\n",
+        encoding="utf-8",
+    )
+    return manifest_path, sig_path
+
+
+# ---------------------------------------------------------------------------
+# Validation helpers (used by tests + postinstall)
+# ---------------------------------------------------------------------------
+
+def validate_shape(doc: dict) -> list[str]:
+    """Return a list of validation errors on a loaded manifest dict."""
+    errors: list[str] = []
+    for key in ("version", "released_at", "assets",
+                "manifest_sha256_self", "manifest_signature"):
+        if key not in doc:
+            errors.append(f"missing top-level key: {key}")
+
+    assets = doc.get("assets")
+    if not isinstance(assets, list):
+        errors.append("assets must be a list")
+        return errors
+    if not assets:
+        errors.append("assets list is empty")
+
+    for i, entry in enumerate(assets):
+        if not isinstance(entry, dict):
+            errors.append(f"asset[{i}] must be an object")
+            continue
+        for field_name in ("name", "url", "size_bytes",
+                           "sha256", "signing"):
+            if field_name not in entry:
+                errors.append(
+                    f"asset[{i}] missing field: {field_name}"
+                )
+        sha = entry.get("sha256", "")
+        if not isinstance(sha, str) or len(sha) != 64:
+            errors.append(f"asset[{i}] sha256 must be 64-char hex")
+        signing = entry.get("signing")
+        if signing is not None:
+            try:
+                _validate_signing(signing)
+            except ValueError as exc:
+                errors.append(f"asset[{i}] {exc}")
+    return errors
+
+
+__all__ = (
+    "AssetSpec",
+    "Manifest",
+    "SIGNING_APPLE_NOTARIZED",
+    "SIGNING_AUTHENTICODE",
+    "SIGNING_UNSIGNED",
+    "DEFAULT_BASE_URL",
+    "build_asset_entry",
+    "build_manifest",
+    "serialize",
+    "write_manifest",
+    "validate_shape",
+)

package/scripts/slm-hook.spec

@@ -0,0 +1,56 @@
+# -*- mode: python ; coding: utf-8 -*-
+# LLD reference: .backup/active-brain/lld/LLD-06-windows-binary-and-legacy-migration.md §4.2
+# Mode: onedir (not onefile) — LLD-06 §4.1, verification claim 7.
+# console=False, upx=False, strip=True.
+
+block_cipher = None
+
+a = Analysis(
+    ['../src/superlocalmemory/hook_binary_entry.py'],
+    pathex=[],
+    binaries=[],
+    datas=[],
+    hiddenimports=[],
+    hookspath=[],
+    runtime_hooks=[],
+    excludes=[
+        # Deny-list — anything imported here would blow up cold-start and size.
+        'torch', 'sentence_transformers', 'fastapi', 'uvicorn',
+        'numpy', 'scipy', 'lightgbm', 'onnxruntime', 'transformers',
+        'httpx', 'mcp', 'pydantic', 'lark',
+        'superlocalmemory.core.engine',
+        'superlocalmemory.core.embeddings',
+        'superlocalmemory.retrieval',
+        'superlocalmemory.learning',
+    ],
+    cipher=block_cipher,
+    noarchive=False,
+)
+pyz = PYZ(a.pure, a.zipped_data, cipher=block_cipher)
+
+exe = EXE(
+    pyz,
+    a.scripts,
+    [],
+    exclude_binaries=True,
+    name='slm-hook',
+    debug=False,
+    bootloader_ignore_signals=False,
+    strip=True,
+    upx=False,                 # UPX adds 30-60 ms cold-start + AV heuristics
+    console=False,             # no console flash on Windows
+    disable_windowed_traceback=False,
+    target_arch=None,
+    codesign_identity=None,    # handled in scripts/sign-macos.sh post-build
+    entitlements_file=None,
+)
+
+coll = COLLECT(
+    exe,
+    a.binaries,
+    a.zipfiles,
+    a.datas,
+    strip=True,
+    upx=False,
+    name='slm-hook',
+)