zero-config-cli-bridge 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/executor.d.ts +4 -3
- package/dist/executor.d.ts.map +1 -1
- package/dist/executor.js +28 -11
- package/dist/executor.js.map +1 -1
- package/package.json +1 -1
package/dist/executor.d.ts
CHANGED
|
@@ -3,12 +3,13 @@ export interface ExecuteResult {
|
|
|
3
3
|
stderr: string;
|
|
4
4
|
exitCode: number;
|
|
5
5
|
}
|
|
6
|
-
declare const TIMEOUT_MS_PROBE = 5000;
|
|
7
|
-
export { TIMEOUT_MS_PROBE };
|
|
8
6
|
/**
|
|
9
7
|
* Executes a binary directly with an args array.
|
|
10
8
|
* NO shell intermediary — shell injection is structurally impossible.
|
|
11
|
-
*
|
|
9
|
+
*
|
|
10
|
+
* stdout is accumulated faithfully up to MAX_STDOUT_BYTES.
|
|
11
|
+
* If the ceiling is hit, the subprocess is killed with SIGKILL and the
|
|
12
|
+
* promise rejects — callers route this to an error envelope.
|
|
12
13
|
*/
|
|
13
14
|
export declare function executeCommand(bin: string, args: string[], timeoutMs?: number): Promise<ExecuteResult>;
|
|
14
15
|
//# sourceMappingURL=executor.d.ts.map
|
package/dist/executor.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;
|
|
1
|
+
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAoBD;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,EAAE,EACd,SAAS,GAAE,MAAmB,GAC7B,OAAO,CAAC,aAAa,CAAC,CA8CxB"}
|
package/dist/executor.js
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
import { spawn } from 'child_process';
|
|
2
|
-
// stdout carries structured JSON
|
|
3
|
-
//
|
|
4
|
-
//
|
|
2
|
+
// stdout carries structured JSON. Byte-level truncation corrupts JSON structure,
|
|
3
|
+
// so we monitor cumulative size and kill the process if it exceeds the ceiling.
|
|
4
|
+
// At that point we reject — index.ts routes the error through the envelope.
|
|
5
5
|
//
|
|
6
|
-
//
|
|
6
|
+
// Practical ceiling: STATIC_FIELDS × 30 items ≈ 300 KB in normal operation.
|
|
7
|
+
// 5 MB is unreachable in normal use and prevents OOM from runaway output.
|
|
8
|
+
const MAX_STDOUT_BYTES = 5 * 1024 * 1024; // 5 MB
|
|
9
|
+
// stderr carries error messages (human-readable, bounded by design).
|
|
7
10
|
const MAX_STDERR_CHARS = 4_096;
|
|
8
11
|
const TIMEOUT_MS = 15_000;
|
|
9
|
-
const TIMEOUT_MS_PROBE = 5_000; // shorter timeout for capability probe calls
|
|
10
|
-
export { TIMEOUT_MS_PROBE };
|
|
11
12
|
function truncateStderr(s) {
|
|
12
13
|
if (s.length <= MAX_STDERR_CHARS)
|
|
13
14
|
return s;
|
|
@@ -16,7 +17,10 @@ function truncateStderr(s) {
|
|
|
16
17
|
/**
|
|
17
18
|
* Executes a binary directly with an args array.
|
|
18
19
|
* NO shell intermediary — shell injection is structurally impossible.
|
|
19
|
-
*
|
|
20
|
+
*
|
|
21
|
+
* stdout is accumulated faithfully up to MAX_STDOUT_BYTES.
|
|
22
|
+
* If the ceiling is hit, the subprocess is killed with SIGKILL and the
|
|
23
|
+
* promise rejects — callers route this to an error envelope.
|
|
20
24
|
*/
|
|
21
25
|
export function executeCommand(bin, args, timeoutMs = TIMEOUT_MS) {
|
|
22
26
|
return new Promise((resolve, reject) => {
|
|
@@ -26,17 +30,30 @@ export function executeCommand(bin, args, timeoutMs = TIMEOUT_MS) {
|
|
|
26
30
|
});
|
|
27
31
|
let stdoutBuf = '';
|
|
28
32
|
let stderrBuf = '';
|
|
29
|
-
|
|
30
|
-
proc.
|
|
33
|
+
let sizeExceeded = false;
|
|
34
|
+
proc.stdout.on('data', (chunk) => {
|
|
35
|
+
stdoutBuf += chunk.toString();
|
|
36
|
+
if (stdoutBuf.length > MAX_STDOUT_BYTES) {
|
|
37
|
+
sizeExceeded = true;
|
|
38
|
+
proc.kill('SIGKILL');
|
|
39
|
+
}
|
|
40
|
+
});
|
|
41
|
+
proc.stderr.on('data', (chunk) => {
|
|
42
|
+
stderrBuf += chunk.toString();
|
|
43
|
+
});
|
|
31
44
|
const timer = setTimeout(() => {
|
|
32
45
|
proc.kill('SIGKILL');
|
|
33
46
|
reject(new Error(`Command timed out after ${timeoutMs}ms`));
|
|
34
47
|
}, timeoutMs);
|
|
35
48
|
proc.on('close', (code) => {
|
|
36
49
|
clearTimeout(timer);
|
|
50
|
+
if (sizeExceeded) {
|
|
51
|
+
reject(new Error(`stdout exceeded ${MAX_STDOUT_BYTES}-byte limit. Use --limit or filters to reduce output.`));
|
|
52
|
+
return;
|
|
53
|
+
}
|
|
37
54
|
resolve({
|
|
38
|
-
stdout: stdoutBuf,
|
|
39
|
-
stderr: truncateStderr(stderrBuf),
|
|
55
|
+
stdout: stdoutBuf,
|
|
56
|
+
stderr: truncateStderr(stderrBuf),
|
|
40
57
|
exitCode: code ?? 1,
|
|
41
58
|
});
|
|
42
59
|
});
|
package/dist/executor.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAQtC,
|
|
1
|
+
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAQtC,iFAAiF;AACjF,gFAAgF;AAChF,4EAA4E;AAC5E,EAAE;AACF,4EAA4E;AAC5E,0EAA0E;AAC1E,MAAM,gBAAgB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAEjD,qEAAqE;AACrE,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAE/B,MAAM,UAAU,GAAG,MAAM,CAAC;AAE1B,SAAS,cAAc,CAAC,CAAS;IAC/B,IAAI,CAAC,CAAC,MAAM,IAAI,gBAAgB;QAAE,OAAO,CAAC,CAAC;IAC3C,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,GAAG,yBAAyB,CAAC;AAClE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,GAAW,EACX,IAAc,EACd,YAAoB,UAAU;IAE9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;YAC5B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE;YACnC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,YAAY,GAAG,KAAK,CAAC;QAEzB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACvC,SAAS,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC9B,IAAI,SAAS,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;gBACxC,YAAY,GAAG,IAAI,CAAC;gBACpB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACvC,SAAS,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACrB,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,SAAS,IAAI,CAAC,CAAC,CAAC;QAC9D,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;YACvC,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,gBAAgB,uDAAuD,CAAC,CAAC,CAAC;gBAC9G,OAAO;YACT,CAAC;YACD,OAAO,CAAC;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,cAAc,CAAC,SAAS,CAAC;gBACjC,QAAQ,EAAE,IAAI,IAAI,CAAC;aACpB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC9B,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|