nthfuncx/nanoclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
d487faf55aecd872ef8082179b2603d7e9571e44
nanoclaw/skills-engine/path-remap.ts
Gabi Simons 11c201088b refactor: CI optimization, logging improvements, and codebase formatting (#456) 
* fix(db): remove unique constraint on folder to support multi-channel agents

* ci: implement automated skill drift detection and self-healing PRs

* fix: align registration logic with Gavriel's feedback and fix build/test issues from Daniel Mi

* style: conform to prettier standards for CI validation

* test: fix branch naming inconsistency in CI (master vs main)

* fix(ci): robust module resolution by removing file extensions in scripts

* refactor(ci): simplify skill validation by removing redundant combination tests

* style: conform skills-engine to prettier, unify logging in index.ts and cleanup unused imports

* refactor: extract multi-channel DB changes to separate branch

Move channel column, folder suffix logic, and related migrations
to feat/multi-channel-db-v2 for independent review. This PR now
contains only CI/CD optimizations, Prettier formatting, and
logging improvements.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 23:13:36 +02:00

126 lines
3.6 KiB
TypeScript
Raw Blame History

import fs from 'fs';
import path from 'path';
import { readState, writeState } from './state.js';
function isWithinRoot(rootPath: string, targetPath: string): boolean {
return targetPath === rootPath || targetPath.startsWith(rootPath + path.sep);
}
function nearestExistingPathOrSymlink(candidateAbsPath: string): string {
let current = candidateAbsPath;
while (true) {
try {
fs.lstatSync(current);
return current;
} catch {
const parent = path.dirname(current);
if (parent === current) {
throw new Error(`Invalid remap path: "${candidateAbsPath}"`);
}
current = parent;
}
}
}
function toSafeProjectRelativePath(
candidatePath: string,
projectRoot: string,
): string {
if (typeof candidatePath !== 'string' || candidatePath.trim() === '') {
throw new Error(`Invalid remap path: "${candidatePath}"`);
}
const root = path.resolve(projectRoot);
const realRoot = fs.realpathSync(root);
const resolved = path.resolve(root, candidatePath);
if (!resolved.startsWith(root + path.sep) && resolved !== root) {
throw new Error(`Path remap escapes project root: "${candidatePath}"`);
}
if (resolved === root) {
throw new Error(`Path remap points to project root: "${candidatePath}"`);
}
// Detect symlink escapes by resolving the nearest existing ancestor/symlink.
const anchorPath = nearestExistingPathOrSymlink(resolved);
const anchorStat = fs.lstatSync(anchorPath);
let realAnchor: string;
if (anchorStat.isSymbolicLink()) {
const linkTarget = fs.readlinkSync(anchorPath);
const linkResolved = path.resolve(path.dirname(anchorPath), linkTarget);
realAnchor = fs.realpathSync(linkResolved);
} else {
realAnchor = fs.realpathSync(anchorPath);
}
const relativeRemainder = path.relative(anchorPath, resolved);
const realResolved = relativeRemainder
? path.resolve(realAnchor, relativeRemainder)
: realAnchor;
if (!isWithinRoot(realRoot, realResolved)) {
throw new Error(
`Path remap escapes project root via symlink: "${candidatePath}"`,
);
}
return path.relative(realRoot, realResolved);
}
function sanitizeRemapEntries(
remap: Record<string, string>,
mode: 'throw' | 'drop',
): Record<string, string> {
const projectRoot = process.cwd();
const sanitized: Record<string, string> = {};
for (const [from, to] of Object.entries(remap)) {
try {
const safeFrom = toSafeProjectRelativePath(from, projectRoot);
const safeTo = toSafeProjectRelativePath(to, projectRoot);
sanitized[safeFrom] = safeTo;
} catch (err) {
if (mode === 'throw') {
throw err;
}
}
}
return sanitized;
}
export function resolvePathRemap(
relPath: string,
remap: Record<string, string>,
): string {
const projectRoot = process.cwd();
const safeRelPath = toSafeProjectRelativePath(relPath, projectRoot);
const remapped = remap[safeRelPath] ?? remap[relPath];
if (remapped === undefined) {
return safeRelPath;
}
// Fail closed: if remap target is invalid, ignore remap and keep original path.
try {
return toSafeProjectRelativePath(remapped, projectRoot);
} catch {
return safeRelPath;
}
}
export function loadPathRemap(): Record<string, string> {
const state = readState();
const remap = state.path_remap ?? {};
return sanitizeRemapEntries(remap, 'drop');
}
export function recordPathRemap(remap: Record<string, string>): void {
const state = readState();
const existing = sanitizeRemapEntries(state.path_remap ?? {}, 'drop');
const incoming = sanitizeRemapEntries(remap, 'throw');
state.path_remap = { ...existing, ...incoming };
writeState(state);
}
Reference in New Issue View Git Blame Copy Permalink