swarmpath-claudecode-bridge 1.2.0 → 1.2.1

package/index.mjs

@@ -151,6 +151,7 @@ const cfg = loadConfig();
 const SERVER = getArg('server') || cfg.server || process.env.SWARMPATH_SERVER;
 let TOKEN = getArg('token') || process.env.SWARMPATH_TOKEN;
 let CWD = getArg('cwd') || process.cwd();
+const ROOT_CWD = resolve(CWD); // Sandbox root — cd cannot escape this directory
 
 if (!SERVER) {
   console.error('❌ 未配置服务器。请先运行: npx swarmpath-claudecode-bridge --setup');
@@ -186,8 +187,10 @@ const terminalSessions = new Map();
 const HEARTBEAT_MS = 30_000;
 const RECONNECT_MS = 5_000;
 const MAX_RECONNECT_MS = 60_000;
+const MAX_RECONNECT_ATTEMPTS = 5; // Exit after 5 failed reconnects
 const TOKEN_REFRESH_MS = 12 * 60 * 1000; // Refresh token every 12 min (before 15-min expiry)
 let reconnectDelay = RECONNECT_MS;
+let reconnectAttempts = 0;
 
 // ---------------------------------------------------------------------------
 // Token auto-refresh
@@ -217,6 +220,7 @@ function connect() {
   ws.on('open', () => {
     console.log('✅ Connected to SwarmPath server');
     reconnectDelay = RECONNECT_MS;
+    reconnectAttempts = 0;
 
     clearInterval(heartbeatTimer);
     heartbeatTimer = setInterval(() => {
@@ -267,7 +271,12 @@ function connect() {
 
 function scheduleReconnect() {
   if (reconnectTimer) return;
-  console.log(`⏳ Reconnecting in ${reconnectDelay / 1000}s ...`);
+  reconnectAttempts++;
+  if (reconnectAttempts > MAX_RECONNECT_ATTEMPTS) {
+    console.log(`\n❌ 连续 ${MAX_RECONNECT_ATTEMPTS} 次重连失败，自动退出。`);
+    process.exit(1);
+  }
+  console.log(`⏳ Reconnecting in ${reconnectDelay / 1000}s ... (${reconnectAttempts}/${MAX_RECONNECT_ATTEMPTS})`);
   reconnectTimer = setTimeout(() => {
     reconnectTimer = null;
     reconnectDelay = Math.min(reconnectDelay * 1.5, MAX_RECONNECT_MS);
@@ -533,6 +542,10 @@ function handleFileRequest(msg) {
     if (action === 'cd') {
       const target = msg.path || '..';
       const newCwd = resolve(CWD, target);
+      // Security: only allow navigating into subdirectories of ROOT_CWD
+      if (!newCwd.startsWith(ROOT_CWD + '/') && newCwd !== ROOT_CWD) {
+        throw new Error(`Access denied: cannot navigate above root directory (${ROOT_CWD})`);
+      }
       const st = statSync(newCwd);
       if (!st.isDirectory()) throw new Error('Not a directory');
       CWD = newCwd;
@@ -547,7 +560,7 @@ function handleFileRequest(msg) {
       const relPath = msg.path;
       if (!relPath) throw new Error('path required');
       const fullPath = resolve(CWD, relPath);
-      if (!fullPath.startsWith(resolve(CWD) + '/') && fullPath !== resolve(CWD)) throw new Error('Access denied');
+      if (!fullPath.startsWith(ROOT_CWD + '/') && fullPath !== ROOT_CWD) throw new Error('Access denied: outside sandbox root');
       const ext = extname(fullPath).toLowerCase();
       const mime = MIME_MAP[ext] || 'application/octet-stream';
       const isText = mime.startsWith('text/') || mime === 'application/json' || mime === 'text/markdown';
@@ -623,5 +636,6 @@ process.on('SIGTERM', shutdown);
 // ---------------------------------------------------------------------------
 console.log('🌐 SwarmPath Claude Code Bridge');
 console.log(`📁 Working directory: ${CWD}`);
+console.log(`🔒 Sandbox root: ${ROOT_CWD} (cd cannot escape)`);
 startTokenRefresh();
 connect();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "swarmpath-claudecode-bridge",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "Connect local Claude Code to SwarmPath Chat — control your Mac from your phone",
   "type": "module",
   "bin": {