tandem-editor 0.2.0 → 0.2.2

package/dist/client/index.html

@@ -9,7 +9,7 @@
       html, body, #root { height: 100%; }
       body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; }
     </style>
-    <script type="module" crossorigin src="/assets/index-D5KAGBBp.js"></script>
+    <script type="module" crossorigin src="/assets/index-NqrmyYcr.js"></script>
   </head>
   <body>
     <div id="root"></div>

package/dist/server/index.js

@@ -71,12 +71,14 @@ async function startHocuspocus(port) {
     // stdout is the MCP wire — suppress the startup banner
     async onConnect({ request, documentName }) {
       const origin = request?.headers?.origin;
-      if (origin) {
-        const url = new URL(origin);
-        if (url.hostname !== "localhost" && url.hostname !== "127.0.0.1") {
-          console.error(`[Hocuspocus] Rejected connection from origin: ${origin}`);
-          throw new Error("Connection rejected: invalid origin");
-        }
+      if (!origin) {
+        console.error("[Hocuspocus] Rejected connection: missing Origin header");
+        throw new Error("Connection rejected: missing origin header");
+      }
+      const url = new URL(origin);
+      if (url.hostname !== "localhost" && url.hostname !== "127.0.0.1") {
+        console.error(`[Hocuspocus] Rejected connection from origin: ${origin}`);
+        throw new Error("Connection rejected: invalid origin");
       }
       console.error(`[Hocuspocus] Client connected to: ${documentName}`);
     },
@@ -144,7 +146,8 @@ function freePort(port) {
     } else {
       freePortUnix(port);
     }
-  } catch {
+  } catch (err) {
+    console.error(`[Tandem] freePort(${port}): ${err instanceof Error ? err.message : err}`);
   }
 }
 async function waitForPort(port, timeoutMs = 5e3) {
@@ -153,9 +156,7 @@ async function waitForPort(port, timeoutMs = 5e3) {
     if (await tryBind(port)) return;
     await new Promise((r) => setTimeout(r, 200));
   }
-  console.error(
-    `[Tandem] Warning: port ${port} still not available after ${timeoutMs}ms, proceeding anyway`
-  );
+  throw new Error(`Port ${port} still not available after ${timeoutMs}ms`);
 }
 function tryBind(port) {
   return new Promise((resolve, reject) => {
@@ -275,7 +276,17 @@ async function loadSession(filePath) {
   try {
     const content = await fs.readFile(sessionPath, "utf-8");
     return JSON.parse(content);
-  } catch {
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") return null;
+    if (err instanceof SyntaxError) {
+      console.error(`[Tandem] Corrupted session file ${sessionPath}, removing:`, err.message);
+      await fs.unlink(sessionPath).catch((unlinkErr) => {
+        console.error(`[Tandem] Failed to remove corrupted session ${sessionPath}:`, unlinkErr);
+      });
+      return null;
+    }
+    console.error(`[Tandem] Failed to read session ${sessionPath}:`, err);
     return null;
   }
 }
@@ -344,7 +355,20 @@ async function loadCtrlSession() {
     const content = await fs.readFile(sessionPath, "utf-8");
     const data = JSON.parse(content);
     return data.ydocState ?? null;
-  } catch {
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") return null;
+    if (err instanceof SyntaxError) {
+      console.error(`[Tandem] Corrupted ctrl session ${sessionPath}, removing:`, err.message);
+      await fs.unlink(sessionPath).catch((unlinkErr) => {
+        console.error(
+          `[Tandem] Failed to remove corrupted ctrl session ${sessionPath}:`,
+          unlinkErr
+        );
+      });
+      return null;
+    }
+    console.error(`[Tandem] Failed to read ctrl session:`, err);
     return null;
   }
 }
@@ -378,18 +402,26 @@ async function listSessionFilePaths() {
 }
 async function cleanupSessions() {
   let cleaned = 0;
+  let files;
   try {
-    const files = await fs.readdir(SESSION_DIR);
-    const now = Date.now();
-    for (const file of files) {
+    files = await fs.readdir(SESSION_DIR);
+  } catch (err) {
+    if (err.code === "ENOENT") return 0;
+    console.error("[Tandem] Failed to read session directory:", err);
+    return 0;
+  }
+  const now = Date.now();
+  for (const file of files) {
+    try {
       const filePath = path2.join(SESSION_DIR, file);
       const stat = await fs.stat(filePath);
       if (now - stat.mtimeMs > SESSION_MAX_AGE) {
         await fs.unlink(filePath);
         cleaned++;
       }
+    } catch (err) {
+      console.error(`[Tandem] cleanupSessions: failed to process ${file}:`, err);
     }
-  } catch {
   }
   return cleaned;
 }
@@ -1200,9 +1232,11 @@ var init_docx_html = __esm({
       del: () => ({ strike: {} }),
       sup: () => ({ superscript: {} }),
       sub: () => ({ subscript: {} }),
-      a: (el) => ({
-        link: { href: el.attribs.href || "" }
-      })
+      a: (el) => {
+        const href = el.attribs.href || "";
+        const safeHref = /^https?:\/\//i.test(href) || href.startsWith("mailto:") ? href : "";
+        return { link: { href: safeHref } };
+      }
     };
     BLOCK_TAGS = /* @__PURE__ */ new Set([
       "h1",
@@ -2741,7 +2775,13 @@ async function openFileByPath(filePath, options) {
   let resolved = path5.resolve(filePath);
   try {
     resolved = fsSync.realpathSync(resolved);
-  } catch {
+  } catch (err) {
+    const code = err.code;
+    if (code !== "ENOENT") {
+      console.error(
+        `[Tandem] realpathSync failed for ${filePath} (${code}), using path.resolve fallback`
+      );
+    }
     resolved = path5.resolve(filePath);
   }
   if (process.platform === "win32" && (resolved.startsWith("\\\\") || resolved.startsWith("//"))) {
@@ -3026,25 +3066,29 @@ function toDocListEntry(d) {
   };
 }
 function broadcastOpenDocs() {
+  const docList = Array.from(openDocs.values()).map(toDocListEntry);
+  const id = activeDocId;
   try {
-    const docList = Array.from(openDocs.values()).map(toDocListEntry);
-    const id = activeDocId;
     const ctrl = getOrCreateDocument(CTRL_ROOM);
     const ctrlMeta = ctrl.getMap(Y_MAP_DOCUMENT_META);
     ctrl.transact(() => {
       ctrlMeta.set("openDocuments", docList);
       ctrlMeta.set("activeDocumentId", id);
     }, MCP_ORIGIN);
-    for (const [docId] of openDocs) {
+  } catch (err) {
+    console.error("[Tandem] broadcastOpenDocs: failed to update CTRL_ROOM:", err);
+  }
+  for (const [docId] of openDocs) {
+    try {
       const ydoc = getOrCreateDocument(docId);
       const meta = ydoc.getMap(Y_MAP_DOCUMENT_META);
       ydoc.transact(() => {
         meta.set("openDocuments", docList);
         meta.set("activeDocumentId", id);
       }, MCP_ORIGIN);
+    } catch (err) {
+      console.error(`[Tandem] broadcastOpenDocs: failed to update doc ${docId}:`, err);
     }
-  } catch (err) {
-    console.error("[Tandem] broadcastOpenDocs error:", err);
   }
 }
 async function closeDocumentById(id) {
@@ -3112,7 +3156,8 @@ async function restoreOpenDocuments(previousActiveDocId) {
       const code = err.code;
       if (code === "ENOENT") {
         console.error(`[Tandem] Skipping deleted file (removing stale session): ${filePath}`);
-        deleteSession(filePath).catch(() => {
+        deleteSession(filePath).catch((err2) => {
+          console.error(`[Tandem] Failed to delete stale session for ${filePath}:`, err2);
         });
       } else {
         console.error(`[Tandem] Failed to restore ${filePath}:`, err);
@@ -4201,7 +4246,14 @@ function createAnnotation(map, ydoc, type, anchored, content, extras) {
 }
 function collectAnnotations(map) {
   const result = [];
-  map.forEach((value) => result.push(value));
+  map.forEach((value, key) => {
+    const ann = value;
+    if (ann && typeof ann === "object" && typeof ann.id === "string" && typeof ann.type === "string" && typeof ann.status === "string" && ann.range && typeof ann.range.from === "number" && typeof ann.range.to === "number") {
+      result.push(ann);
+    } else {
+      console.warn(`[Tandem] Skipping malformed annotation entry: ${key}`);
+    }
+  });
   return result;
 }
 function registerAnnotationTools(server) {
@@ -4534,6 +4586,14 @@ async function applyChangesCore(documentId, author, backupPath) {
       code: "INVALID_PATH"
     });
   }
+  if (backupPath) {
+    const resolvedBp = path8.resolve(backupPath);
+    if (process.platform === "win32" && (resolvedBp.startsWith("\\\\") || resolvedBp.startsWith("//"))) {
+      throw Object.assign(new Error("UNC paths are not supported for security reasons."), {
+        code: "INVALID_PATH"
+      });
+    }
+  }
   const map = ydoc.getMap(Y_MAP_ANNOTATIONS);
   const suggestions = [];
   let pendingCount = 0;
@@ -4788,7 +4848,11 @@ function notifyStreamHandler(req, res) {
   const keepalive = setInterval(() => {
     try {
       if (!res.writableEnded) res.write(": keepalive\n\n");
-    } catch {
+    } catch (err) {
+      console.error(
+        "[NotifyStream] Keepalive write failed, cleaning up:",
+        err instanceof Error ? err.message : err
+      );
       cleanup();
     }
   }, CHANNEL_SSE_KEEPALIVE_MS);
@@ -5264,16 +5328,25 @@ function getFullText(docName) {
   return extractText(doc);
 }
 function searchText(fullText, query, useRegex) {
+  const MAX_MATCHES = 1e4;
   const matches = [];
   try {
     const pattern = useRegex ? new RegExp(query, "gi") : new RegExp(escapeRegex(query), "gi");
     let match;
+    const start = Date.now();
     while ((match = pattern.exec(fullText)) !== null) {
       matches.push({
         from: toFlatOffset(match.index),
         to: toFlatOffset(match.index + match[0].length),
         text: match[0]
       });
+      if (matches.length >= MAX_MATCHES) {
+        return { matches, error: `Search capped at ${MAX_MATCHES} matches` };
+      }
+      if (Date.now() - start > 2e3) {
+        return { matches, error: "Search timed out \u2014 simplify the regex pattern" };
+      }
+      if (match[0].length === 0) pattern.lastIndex++;
     }
   } catch (err) {
     return { matches: [], error: `Invalid regex: ${getErrorMessage(err)}` };
@@ -5501,14 +5574,18 @@ async function startMcpServerHttp(port, host = "127.0.0.1") {
     await currentTransport.handleRequest(req, res, req.body);
     currentTransport = null;
   });
-  app.get("/health", (_req, res) => {
-    res.json({
-      status: "ok",
-      version: APP_VERSION,
-      transport: "http",
-      hasSession: currentTransport !== null
-    });
-  });
+  app.get(
+    "/health",
+    apiMiddleware,
+    (_req, res) => {
+      res.json({
+        status: "ok",
+        version: APP_VERSION,
+        transport: "http",
+        hasSession: currentTransport !== null
+      });
+    }
+  );
   app.get(
     "/.well-known/oauth-protected-resource/mcp",
     (_req, res) => {
@@ -5577,7 +5654,7 @@ function isKnownHocuspocusError(err) {
   }
   const msg = err.message;
   if (msg.startsWith("WebSocket is not open")) return true;
-  if (msg === "Unexpected end of array" || msg === "Integer out of Range") return true;
+  if (msg.includes("Unexpected end of array") || msg.includes("Integer out of Range")) return true;
   if (msg.startsWith("Received a message with an unknown type:")) return true;
   return false;
 }
@@ -5770,7 +5847,11 @@ async function main() {
   if (transportMode === "http") {
     freePort(wsPort);
     freePort(mcpPort);
-    await Promise.all([waitForPort(wsPort), waitForPort(mcpPort)]);
+    try {
+      await Promise.all([waitForPort(wsPort), waitForPort(mcpPort)]);
+    } catch (err) {
+      console.error(`[Tandem] ${err instanceof Error ? err.message : err} \u2014 proceeding anyway`);
+    }
     const [srv] = await Promise.all([
       startMcpServerHttp(mcpPort),
       startHocuspocus(wsPort).then(() => {
@@ -5806,7 +5887,11 @@ async function main() {
   } else {
     (async () => {
       freePort(wsPort);
-      await waitForPort(wsPort);
+      try {
+        await waitForPort(wsPort);
+      } catch (err) {
+        console.error(`[Tandem] ${err instanceof Error ? err.message : err} \u2014 proceeding anyway`);
+      }
       await startHocuspocus(wsPort);
       console.error(`[Tandem] Hocuspocus WebSocket server running on ws://localhost:${wsPort}`);
     })().catch((err) => {