tandem-editor 0.7.0 → 0.8.0

package/dist/cli/index.js

@@ -9,6 +9,352 @@ var __export = (target, all) => {
     __defProp(target, name, { get: all[name], enumerable: true });
 };
 
+// src/cli/win-path-guard.ts
+import { promises as fs } from "fs";
+import path from "path";
+async function assertSafeWorkspacePath(candidate, realLocalAppData, logger) {
+  const warn = (msg) => logger?.warn(`[path-guard] ${msg}`);
+  if (await hasSymlinkInChain(candidate, warn)) {
+    warn(`symlink/reparse point in chain: ${candidate}`);
+    return null;
+  }
+  let real;
+  try {
+    real = await fs.realpath(candidate);
+  } catch (err) {
+    warn(`realpath failed for ${candidate}: ${err.message}`);
+    return null;
+  }
+  if (isUncPath(real)) {
+    warn(`UNC path rejected: ${real}`);
+    return null;
+  }
+  if (!isComponentWiseChild(real, realLocalAppData)) {
+    warn(`path outside %LOCALAPPDATA%: ${real}`);
+    return null;
+  }
+  return real;
+}
+async function hasSymlinkInChain(p, warn) {
+  let current = path.resolve(p);
+  const visited = /* @__PURE__ */ new Set();
+  while (true) {
+    if (visited.has(current)) break;
+    visited.add(current);
+    try {
+      const stat = await fs.lstat(current);
+      if (stat.isSymbolicLink()) {
+        return true;
+      }
+    } catch (err) {
+      warn(`lstat failed for ${current}: ${err.message}`);
+      return true;
+    }
+    const parent = path.dirname(current);
+    if (parent === current) break;
+    current = parent;
+  }
+  return false;
+}
+function isUncPath(p) {
+  if (p.startsWith("\\\\?\\UNC\\") || p.startsWith("//?/UNC/")) return true;
+  if (p.startsWith("\\\\") && !p.startsWith("\\\\?\\") || p.startsWith("//") && !p.startsWith("//?/"))
+    return true;
+  return false;
+}
+function isComponentWiseChild(child, root) {
+  const normalize = (p) => p.replace(/[\\/]+/g, path.sep).replace(/[/\\]$/, "");
+  const rootNorm = normalize(root);
+  const childNorm = normalize(child);
+  const rootParts = rootNorm.split(path.sep);
+  const childParts = childNorm.split(path.sep);
+  if (childParts.length <= rootParts.length) return false;
+  for (let i = 0; i < rootParts.length; i++) {
+    if (rootParts[i].toLowerCase() !== childParts[i].toLowerCase()) return false;
+  }
+  return true;
+}
+var init_win_path_guard = __esm({
+  "src/cli/win-path-guard.ts"() {
+    "use strict";
+  }
+});
+
+// src/cli/uninstall-scrub.ts
+var uninstall_scrub_exports = {};
+__export(uninstall_scrub_exports, {
+  findCoworkWorkspaces: () => findCoworkWorkspaces,
+  removeCoworkSettings: () => removeCoworkSettings,
+  removeInstalledPlugins: () => removeInstalledPlugins,
+  removeKnownMarketplaces: () => removeKnownMarketplaces,
+  rewriteJson: () => rewriteJson,
+  runUninstallScrub: () => runUninstallScrub
+});
+import { execFile } from "child_process";
+import { promises as fsPromises } from "fs";
+import path2 from "path";
+import { promisify } from "util";
+async function openLogger() {
+  const localAppData = process.env.LOCALAPPDATA;
+  if (!localAppData) {
+    const write2 = (level, msg) => {
+      process.stderr.write(`[tandem uninstall-scrub ${level}] ${msg}
+`);
+    };
+    return {
+      info: (m) => write2("info", m),
+      warn: (m) => write2("warn", m),
+      error: (m) => write2("error", m),
+      close: async () => {
+      }
+    };
+  }
+  const logDir = path2.join(localAppData, "tandem", "Logs");
+  await fsPromises.mkdir(logDir, { recursive: true }).catch(() => {
+  });
+  const logPath = path2.join(logDir, "uninstall.log");
+  const stream = await fsPromises.open(logPath, "a").catch(() => null);
+  const write = (level, msg) => {
+    const line = `[${(/* @__PURE__ */ new Date()).toISOString()}] [${level}] ${msg}
+`;
+    process.stderr.write(line);
+    if (stream) {
+      stream.write(line).catch(() => {
+      });
+    }
+  };
+  return {
+    info: (m) => write("info", m),
+    warn: (m) => write("warn", m),
+    error: (m) => write("error", m),
+    close: async () => {
+      if (stream) await stream.close().catch(() => {
+      });
+    }
+  };
+}
+async function findCoworkWorkspaces(logger) {
+  const localAppData = process.env.LOCALAPPDATA;
+  if (!localAppData) {
+    logger.info("%LOCALAPPDATA% not set \u2014 skipping workspace scan");
+    return [];
+  }
+  let realLad;
+  try {
+    realLad = await fsPromises.realpath(localAppData);
+  } catch {
+    realLad = localAppData;
+  }
+  const packagesDir = path2.join(localAppData, "Packages");
+  let packageEntries;
+  try {
+    packageEntries = await fsPromises.readdir(packagesDir);
+  } catch (err) {
+    logger.info(`cannot read Packages dir: ${err.message}`);
+    return [];
+  }
+  const claudePackages = packageEntries.filter((name) => name.startsWith("Claude_"));
+  if (claudePackages.length === 0) {
+    logger.info("no Claude_* package directories found");
+    return [];
+  }
+  const workspaces = [];
+  for (const pkg of claudePackages) {
+    const sessionsRoot = path2.join(
+      packagesDir,
+      pkg,
+      "LocalCache",
+      "Roaming",
+      "Claude",
+      "local-agent-mode-sessions"
+    );
+    let wsEntries;
+    try {
+      wsEntries = await fsPromises.readdir(sessionsRoot);
+    } catch (err) {
+      logger.warn(`cannot read sessions root ${sessionsRoot}: ${err.message}`);
+      continue;
+    }
+    for (const ws of wsEntries) {
+      const wsPath = path2.join(sessionsRoot, ws);
+      let vmEntries;
+      try {
+        vmEntries = await fsPromises.readdir(wsPath);
+      } catch (err) {
+        logger.warn(`cannot read workspace dir ${wsPath}: ${err.message}`);
+        continue;
+      }
+      for (const vm of vmEntries) {
+        const vmPath = path2.join(wsPath, vm);
+        try {
+          const stat = await fsPromises.stat(vmPath);
+          if (!stat.isDirectory()) continue;
+          const safePath = await assertSafeWorkspacePath(vmPath, realLad, logger);
+          if (safePath !== null) {
+            workspaces.push(safePath);
+          }
+        } catch (err) {
+          logger.warn(`cannot stat ${vmPath}: ${err.message}`);
+        }
+      }
+    }
+  }
+  logger.info(`found ${workspaces.length} workspace(s)`);
+  return workspaces;
+}
+async function rewriteJson(filePath, mutate, logger) {
+  let content;
+  try {
+    content = await fsPromises.readFile(filePath, "utf8");
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      return false;
+    }
+    logger.warn(`cannot read ${filePath}: ${err.message}`);
+    return false;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch (err) {
+    logger.warn(`invalid JSON in ${filePath}: ${err.message}`);
+    return false;
+  }
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    logger.warn(`${filePath} is not a JSON object \u2014 skipping`);
+    return false;
+  }
+  const changed = mutate(parsed);
+  if (!changed) {
+    return false;
+  }
+  const dir = path2.dirname(filePath);
+  const tmpName = `.tandem-scrub-tmp-${Math.random().toString(36).slice(2, 10)}`;
+  const tmpPath = path2.join(dir, tmpName);
+  try {
+    await fsPromises.writeFile(tmpPath, JSON.stringify(parsed, null, 2), "utf8");
+    await fsPromises.rename(tmpPath, filePath);
+  } catch (err) {
+    await fsPromises.unlink(tmpPath).catch(() => {
+    });
+    throw err;
+  }
+  return true;
+}
+function removeInstalledPlugins(obj) {
+  let changed = false;
+  for (const key of ["mcpServers", "servers"]) {
+    const servers = obj[key];
+    if (typeof servers === "object" && servers !== null && !Array.isArray(servers)) {
+      const map = servers;
+      if (TANDEM_PLUGIN_ID in map) {
+        delete map[TANDEM_PLUGIN_ID];
+        changed = true;
+      }
+    }
+  }
+  return changed;
+}
+function removeKnownMarketplaces(obj) {
+  const mp = obj.marketplaces;
+  if (typeof mp === "object" && mp !== null && !Array.isArray(mp)) {
+    const map = mp;
+    if (TANDEM_PLUGIN_ID in map) {
+      delete map[TANDEM_PLUGIN_ID];
+      return true;
+    }
+  }
+  return false;
+}
+function removeCoworkSettings(obj) {
+  const enabled = obj.enabledPlugins;
+  if (Array.isArray(enabled)) {
+    const before = enabled.length;
+    obj.enabledPlugins = enabled.filter((v) => v !== TANDEM_ENABLED_KEY);
+    return obj.enabledPlugins.length < before;
+  }
+  if (typeof enabled === "object" && enabled !== null) {
+    const map = enabled;
+    if (TANDEM_ENABLED_KEY in map) {
+      delete map[TANDEM_ENABLED_KEY];
+      return true;
+    }
+  }
+  return false;
+}
+async function deleteFirewallRule(name, logger) {
+  try {
+    await execFileAsync("netsh", ["advfirewall", "firewall", "delete", "rule", `name=${name}`]);
+    logger.info(`deleted firewall rule: ${name}`);
+  } catch (err) {
+    const e = err;
+    const stdoutStr = e.stdout ?? "";
+    if (stdoutStr.includes("No rules match")) {
+      logger.info(`no firewall rule to delete: ${name}`);
+      return;
+    }
+    logger.warn(
+      `failed to delete firewall rule ${name}: ${e.message ?? String(err)} (stdout: ${stdoutStr.trim().slice(0, 200)})`
+    );
+  }
+}
+async function runUninstallScrub() {
+  const logger = await openLogger();
+  logger.info("Tandem uninstall scrub starting");
+  if (process.platform !== "win32") {
+    logger.info(`platform ${process.platform} is not win32 \u2014 skipping Cowork scrub`);
+    await logger.close();
+    return 0;
+  }
+  let failures = 0;
+  try {
+    const workspaces = await findCoworkWorkspaces(logger);
+    for (const ws of workspaces) {
+      const pluginsDir = path2.join(ws, "cowork_plugins");
+      try {
+        await rewriteJson(
+          path2.join(pluginsDir, "installed_plugins.json"),
+          removeInstalledPlugins,
+          logger
+        );
+        await rewriteJson(
+          path2.join(pluginsDir, "known_marketplaces.json"),
+          removeKnownMarketplaces,
+          logger
+        );
+        await rewriteJson(
+          path2.join(pluginsDir, "cowork_settings.json"),
+          removeCoworkSettings,
+          logger
+        );
+      } catch (err) {
+        logger.error(`scrub failed for ${ws}: ${err.message}`);
+        failures++;
+      }
+    }
+    await deleteFirewallRule(FIREWALL_ALLOW_RULE, logger);
+    await deleteFirewallRule(FIREWALL_DENY_RULE, logger);
+    logger.info(`scrub complete: ${workspaces.length} workspace(s), ${failures} failure(s)`);
+  } catch (err) {
+    logger.error(`scrub fatal error: ${err.message}`);
+    failures++;
+  }
+  await logger.close();
+  return failures > 0 ? 1 : 0;
+}
+var execFileAsync, TANDEM_PLUGIN_ID, TANDEM_ENABLED_KEY, FIREWALL_ALLOW_RULE, FIREWALL_DENY_RULE;
+var init_uninstall_scrub = __esm({
+  "src/cli/uninstall-scrub.ts"() {
+    "use strict";
+    init_win_path_guard();
+    execFileAsync = promisify(execFile);
+    TANDEM_PLUGIN_ID = "tandem";
+    TANDEM_ENABLED_KEY = "tandem@tandem";
+    FIREWALL_ALLOW_RULE = "Tandem Cowork";
+    FIREWALL_DENY_RULE = "Tandem Cowork \u2014 Deny (elevation refused)";
+  }
+});
+
 // src/shared/constants.ts
 var DEFAULT_MCP_PORT, MAX_FILE_SIZE, MAX_WS_PAYLOAD, IDLE_TIMEOUT, SESSION_MAX_AGE, CHANNEL_MAX_RETRIES, CHANNEL_RETRY_DELAY_MS, TOKEN_FILE_NAME;
 var init_constants = __esm({
@@ -51,15 +397,29 @@ __export(setup_exports, {
   validateChannelShimPrereq: () => validateChannelShimPrereq
 });
 import { randomUUID } from "crypto";
-import { existsSync, readFileSync as readFileSync2 } from "fs";
+import { existsSync, readdirSync, readFileSync as readFileSync2 } from "fs";
 import { copyFile, mkdir, rename, unlink, writeFile } from "fs/promises";
 import { homedir } from "os";
 import { basename, dirname as dirname2, join, resolve as resolve2 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 function buildMcpEntries(channelPath, opts = {}) {
-  const tandemEntry = { type: "http", url: `${MCP_URL}/mcp` };
-  if (opts.token) {
-    tandemEntry.headers = { Authorization: `Bearer ${opts.token}` };
+  const isDesktop = opts.targetKind === "claude-desktop";
+  let tandemEntry;
+  if (isDesktop) {
+    const env = { TANDEM_URL: MCP_URL };
+    if (opts.token) {
+      env.TANDEM_AUTH_TOKEN = opts.token;
+    }
+    tandemEntry = {
+      command: "npx",
+      args: ["-y", "tandem-editor", "mcp-stdio"],
+      env
+    };
+  } else {
+    tandemEntry = { type: "http", url: `${MCP_URL}/mcp` };
+    if (opts.token) {
+      tandemEntry.headers = { Authorization: `Bearer ${opts.token}` };
+    }
   }
   const entries = { tandem: tandemEntry };
   if (opts.withChannelShim) {
@@ -81,7 +441,7 @@ function detectTargets(opts = {}) {
   const claudeCodeConfig = join(home, ".claude.json");
   const claudeCodeDir = join(home, ".claude");
   if (opts.force || existsSync(claudeCodeConfig) || existsSync(claudeCodeDir)) {
-    targets.push({ label: "Claude Code", configPath: claudeCodeConfig });
+    targets.push({ label: "Claude Code", configPath: claudeCodeConfig, kind: "claude-code" });
   }
   let desktopConfig = null;
   if (process.platform === "win32") {
@@ -99,7 +459,33 @@ function detectTargets(opts = {}) {
     desktopConfig = join(home, ".config", "claude", "claude_desktop_config.json");
   }
   if (desktopConfig && (opts.force || existsSync(desktopConfig))) {
-    targets.push({ label: "Claude Desktop", configPath: desktopConfig });
+    targets.push({ label: "Claude Desktop", configPath: desktopConfig, kind: "claude-desktop" });
+  }
+  if (process.platform === "win32") {
+    const localAppData = opts.localAppDataOverride ?? process.env.LOCALAPPDATA ?? join(home, "AppData", "Local");
+    const packagesDir = join(localAppData, "Packages");
+    try {
+      const entries = readdirSync(packagesDir);
+      for (const pkg of entries.filter((n) => n.startsWith("Claude_"))) {
+        const msixConfig = join(
+          packagesDir,
+          pkg,
+          "LocalCache",
+          "Roaming",
+          "Claude",
+          "claude_desktop_config.json"
+        );
+        if (opts.force || existsSync(msixConfig)) {
+          const suffix = entries.filter((n) => n.startsWith("Claude_")).length > 1 ? ` (${pkg.slice(0, 12)}\u2026)` : "";
+          targets.push({
+            label: `Claude Desktop MSIX${suffix}`,
+            configPath: msixConfig,
+            kind: "claude-desktop"
+          });
+        }
+      }
+    } catch {
+    }
   }
   return targets;
 }
@@ -146,13 +532,19 @@ async function applyConfig(configPath, entries) {
       throw err;
     }
   }
-  const updated = {
-    ...existing,
-    mcpServers: {
-      ...existing.mcpServers ?? {},
-      ...entries
-    }
+  const merged = {
+    ...existing.mcpServers ?? {},
+    ...entries
   };
+  if (!entries["tandem-channel"]) {
+    if (merged["tandem-channel"]) {
+      console.error(
+        `  Warning: removed stale tandem-channel entry from ${configPath} (legacy Tauri install artifact)`
+      );
+    }
+    delete merged["tandem-channel"];
+  }
+  const updated = { ...existing, mcpServers: merged };
   await mkdir(dirname2(configPath), { recursive: true });
   await atomicWrite(JSON.stringify(updated, null, 2) + "\n", configPath);
 }
@@ -167,13 +559,14 @@ function validateChannelShimPrereq(channelPath) {
 }
 async function applyConfigWithToken(token, opts = {}) {
   const targets = detectTargets({ force: opts.force });
-  const entries = buildMcpEntries(CHANNEL_DIST, {
-    withChannelShim: opts.withChannelShim,
-    token: token ?? void 0
-  });
   let updated = 0;
   const errors = [];
   for (const t of targets) {
+    const entries = buildMcpEntries(CHANNEL_DIST, {
+      withChannelShim: opts.withChannelShim,
+      token: token ?? void 0,
+      targetKind: t.kind
+    });
     try {
       await applyConfig(t.configPath, entries);
       updated++;
@@ -204,9 +597,12 @@ Run 'npm run build' first, or drop --with-channel-shim to use the plugin monitor
     console.error(`  Found: ${t.label} (${t.configPath})`);
   }
   console.error("\nWriting MCP configuration...");
-  const entries = buildMcpEntries(CHANNEL_DIST, { withChannelShim: opts.withChannelShim });
   let failures = 0;
   for (const t of targets) {
+    const entries = buildMcpEntries(CHANNEL_DIST, {
+      withChannelShim: opts.withChannelShim,
+      targetKind: t.kind
+    });
     try {
       await applyConfig(t.configPath, entries);
       console.error(`  \x1B[32m\u2713\x1B[0m ${t.label}`);
@@ -634,7 +1030,7 @@ var init_utils = __esm({
   }
 });
 
-// src/server/events/types.ts
+// src/shared/events/types.ts
 function parseTandemEvent(raw) {
   if (typeof raw !== "object" || raw === null || !("id" in raw) || typeof raw.id !== "string" || !("type" in raw) || !VALID_EVENT_TYPES.has(raw.type) || !("timestamp" in raw) || typeof raw.timestamp !== "number" || !("payload" in raw) || typeof raw.payload !== "object") {
     return null;
@@ -684,6 +1080,7 @@ function formatEventContent(event) {
     }
     default: {
       const _exhaustive = event;
+      void _exhaustive;
       return `Unknown event${doc}`;
     }
   }
@@ -713,6 +1110,7 @@ function formatEventMeta(event) {
       break;
     default: {
       const _exhaustive = event;
+      void _exhaustive;
       break;
     }
   }
@@ -720,7 +1118,7 @@ function formatEventMeta(event) {
 }
 var VALID_EVENT_TYPES;
 var init_types = __esm({
-  "src/server/events/types.ts"() {
+  "src/shared/events/types.ts"() {
     "use strict";
     init_utils();
     VALID_EVENT_TYPES = /* @__PURE__ */ new Set([
@@ -900,9 +1298,9 @@ var AWARENESS_DEBOUNCE_MS, MODE_CACHE_TTL_MS, cachedMode, cachedModeAt;
 var init_event_bridge = __esm({
   "src/channel/event-bridge.ts"() {
     "use strict";
-    init_types();
     init_cli_runtime();
     init_constants();
+    init_types();
     AWARENESS_DEBOUNCE_MS = 500;
     MODE_CACHE_TTL_MS = 2e3;
     cachedMode = "tandem";
@@ -1106,23 +1504,23 @@ var init_channel = __esm({
   }
 });
 
-// src/server/auth/token-store.ts
+// src/shared/auth/token-file.ts
 import envPaths from "env-paths";
-import fs from "fs";
-import path from "path";
+import fs2 from "fs";
+import path3 from "path";
 function getTokenFilePath() {
-  return path.join(envPaths("tandem", { suffix: "" }).data, TOKEN_FILE_NAME);
+  return path3.join(envPaths("tandem", { suffix: "" }).data, TOKEN_FILE_NAME);
 }
 async function readTokenFromFile() {
   const filePath = getTokenFilePath();
   try {
-    const content = await fs.promises.readFile(filePath, "utf8");
+    const content = await fs2.promises.readFile(filePath, "utf8");
     if (process.platform !== "win32") {
       try {
-        const stat = await fs.promises.stat(filePath);
+        const stat = await fs2.promises.stat(filePath);
         if ((stat.mode & 63) !== 0) {
           console.error("[tandem] auth token file has insecure permissions; attempting chmod 0600");
-          await fs.promises.chmod(filePath, 384);
+          await fs2.promises.chmod(filePath, 384);
         }
       } catch {
       }
@@ -1134,8 +1532,8 @@ async function readTokenFromFile() {
     throw err;
   }
 }
-var init_token_store = __esm({
-  "src/server/auth/token-store.ts"() {
+var init_token_file = __esm({
+  "src/shared/auth/token-file.ts"() {
     "use strict";
     init_constants();
   }
@@ -1147,8 +1545,8 @@ __export(rotate_token_exports, {
   rotateToken: () => rotateToken
 });
 import { createHash, randomBytes } from "crypto";
-import { promises as fsPromises } from "fs";
-import path2 from "path";
+import { promises as fsPromises2 } from "fs";
+import path4 from "path";
 function fingerprint(token) {
   return createHash("sha256").update(token, "utf8").digest("hex").slice(0, 8);
 }
@@ -1172,13 +1570,13 @@ async function rotateToken() {
   }
   const newToken = generateToken();
   const tokenPath = getTokenFilePath();
-  const dir = path2.dirname(tokenPath);
-  const tmpPath = path2.join(dir, `.auth-token-tmp-${randomBytes(4).toString("hex")}`);
+  const dir = path4.dirname(tokenPath);
+  const tmpPath = path4.join(dir, `.auth-token-tmp-${randomBytes(4).toString("hex")}`);
   try {
-    await fsPromises.writeFile(tmpPath, newToken, { encoding: "utf8", mode: 384 });
-    await fsPromises.rename(tmpPath, tokenPath);
+    await fsPromises2.writeFile(tmpPath, newToken, { encoding: "utf8", mode: 384 });
+    await fsPromises2.rename(tmpPath, tokenPath);
   } catch (err) {
-    await fsPromises.unlink(tmpPath).catch(() => {
+    await fsPromises2.unlink(tmpPath).catch(() => {
     });
     throw err;
   }
@@ -1257,7 +1655,7 @@ async function rotateToken() {
 var init_rotate_token = __esm({
   "src/cli/rotate-token.ts"() {
     "use strict";
-    init_token_store();
+    init_token_file();
     init_constants();
     init_setup();
   }
@@ -1320,7 +1718,7 @@ process.once("unhandledRejection", (reason) => {
 `);
   process.exit(1);
 });
-var version = true ? "0.7.0" : "0.0.0-dev";
+var version = true ? "0.8.0" : "0.0.0-dev";
 var args = process.argv.slice(2);
 var isStdioMode = args[0] === "mcp-stdio" || args[0] === "channel";
 if (!isStdioMode) {
@@ -1330,7 +1728,7 @@ if (args.includes("--help") || args.includes("-h")) {
   console.log(`tandem v${version}
 
 Usage:
-  tandem                            Start Tandem server and open the browser
+  tandem                            Start Tandem server and open the editor
   tandem setup                      Register MCP tools with Claude Code / Claude Desktop
   tandem setup --force              Register to default paths regardless of detection
   tandem setup --with-channel-shim  Also register the stdio channel shim (legacy opt-in)
@@ -1350,7 +1748,11 @@ if (args.includes("--version") || args.includes("-v")) {
   process.exit(0);
 }
 try {
-  if (args[0] === "setup") {
+  if (args[0] === "--uninstall-scrub") {
+    const { runUninstallScrub: runUninstallScrub2 } = await Promise.resolve().then(() => (init_uninstall_scrub(), uninstall_scrub_exports));
+    const exitCode = await runUninstallScrub2();
+    process.exit(exitCode);
+  } else if (args[0] === "setup") {
     const { runSetup: runSetup2 } = await Promise.resolve().then(() => (init_setup(), setup_exports));
     await runSetup2({
       force: args.includes("--force"),