2026-02-22 17:10:45 -05:00
|
|
|
import fs from 'fs';
|
|
|
|
|
import path from 'path';
|
|
|
|
|
|
Skills engine v0.1 + multi-channel infrastructure (#307)
* refactor: multi-channel infrastructure with explicit channel/is_group tracking
- Add channels[] array and findChannel() routing in index.ts, replacing
hardcoded whatsapp.* calls with channel-agnostic callbacks
- Add channel TEXT and is_group INTEGER columns to chats table with
COALESCE upsert to protect existing values from null overwrites
- is_group defaults to 0 (safe: unknown chats excluded from groups)
- WhatsApp passes explicit channel='whatsapp' and isGroup to onChatMetadata
- getAvailableGroups filters on is_group instead of JID pattern matching
- findChannel logs warnings instead of silently dropping unroutable JIDs
- Migration backfills channel/is_group from JID patterns for existing DBs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: skills engine v0.1 — deterministic skill packages with rerere resolution
Three-way merge engine for applying skill packages on top of a core
codebase. Skills declare which files they add/modify, and the engine
uses git merge-file for conflict detection with git rerere for
automatic resolution of previously-seen conflicts.
Key components:
- apply: three-way merge with backup/rollback safety net
- replay: clean-slate replay for uninstall and rebase
- update: core version updates with deletion detection
- rebase: bake applied skills into base (one-way)
- manifest: validation with path traversal protection
- resolution-cache: pre-computed rerere resolutions
- structured: npm deps, env vars, docker-compose merging
- CI: per-skill test matrix with conflict detection
151 unit tests covering merge, rerere, backup, replay, uninstall,
update, rebase, structured ops, and edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Discord and Telegram skill packages
Skill packages for adding Discord and Telegram channels to NanoClaw.
Each package includes:
- Channel implementation (add/src/channels/)
- Three-way merge targets for index.ts, config.ts, routing.test.ts
- Intent docs explaining merge invariants
- Standalone integration tests
- manifest.yaml with dependency/conflict declarations
Applied via: npx tsx scripts/apply-skill.ts .claude/skills/add-discord
These are inert until applied — no runtime impact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* remove unused docs (skills-system-status, implementation-guide)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 01:55:00 +02:00
|
|
|
import { readState, writeState } from './state.js';
|
|
|
|
|
|
2026-02-22 17:10:45 -05:00
|
|
|
function isWithinRoot(rootPath: string, targetPath: string): boolean {
|
|
|
|
|
return targetPath === rootPath || targetPath.startsWith(rootPath + path.sep);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function nearestExistingPathOrSymlink(candidateAbsPath: string): string {
|
|
|
|
|
let current = candidateAbsPath;
|
|
|
|
|
while (true) {
|
|
|
|
|
try {
|
|
|
|
|
fs.lstatSync(current);
|
|
|
|
|
return current;
|
|
|
|
|
} catch {
|
|
|
|
|
const parent = path.dirname(current);
|
|
|
|
|
if (parent === current) {
|
|
|
|
|
throw new Error(`Invalid remap path: "${candidateAbsPath}"`);
|
|
|
|
|
}
|
|
|
|
|
current = parent;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function toSafeProjectRelativePath(
|
|
|
|
|
candidatePath: string,
|
|
|
|
|
projectRoot: string,
|
|
|
|
|
): string {
|
|
|
|
|
if (typeof candidatePath !== 'string' || candidatePath.trim() === '') {
|
|
|
|
|
throw new Error(`Invalid remap path: "${candidatePath}"`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const root = path.resolve(projectRoot);
|
|
|
|
|
const realRoot = fs.realpathSync(root);
|
|
|
|
|
const resolved = path.resolve(root, candidatePath);
|
2026-02-25 23:13:36 +02:00
|
|
|
if (!resolved.startsWith(root + path.sep) && resolved !== root) {
|
2026-02-22 17:10:45 -05:00
|
|
|
throw new Error(`Path remap escapes project root: "${candidatePath}"`);
|
|
|
|
|
}
|
|
|
|
|
if (resolved === root) {
|
|
|
|
|
throw new Error(`Path remap points to project root: "${candidatePath}"`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Detect symlink escapes by resolving the nearest existing ancestor/symlink.
|
|
|
|
|
const anchorPath = nearestExistingPathOrSymlink(resolved);
|
|
|
|
|
const anchorStat = fs.lstatSync(anchorPath);
|
|
|
|
|
let realAnchor: string;
|
|
|
|
|
|
|
|
|
|
if (anchorStat.isSymbolicLink()) {
|
|
|
|
|
const linkTarget = fs.readlinkSync(anchorPath);
|
|
|
|
|
const linkResolved = path.resolve(path.dirname(anchorPath), linkTarget);
|
|
|
|
|
realAnchor = fs.realpathSync(linkResolved);
|
|
|
|
|
} else {
|
|
|
|
|
realAnchor = fs.realpathSync(anchorPath);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const relativeRemainder = path.relative(anchorPath, resolved);
|
|
|
|
|
const realResolved = relativeRemainder
|
|
|
|
|
? path.resolve(realAnchor, relativeRemainder)
|
|
|
|
|
: realAnchor;
|
|
|
|
|
|
|
|
|
|
if (!isWithinRoot(realRoot, realResolved)) {
|
|
|
|
|
throw new Error(
|
|
|
|
|
`Path remap escapes project root via symlink: "${candidatePath}"`,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return path.relative(realRoot, realResolved);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function sanitizeRemapEntries(
|
|
|
|
|
remap: Record<string, string>,
|
|
|
|
|
mode: 'throw' | 'drop',
|
|
|
|
|
): Record<string, string> {
|
|
|
|
|
const projectRoot = process.cwd();
|
|
|
|
|
const sanitized: Record<string, string> = {};
|
|
|
|
|
|
|
|
|
|
for (const [from, to] of Object.entries(remap)) {
|
|
|
|
|
try {
|
|
|
|
|
const safeFrom = toSafeProjectRelativePath(from, projectRoot);
|
|
|
|
|
const safeTo = toSafeProjectRelativePath(to, projectRoot);
|
|
|
|
|
sanitized[safeFrom] = safeTo;
|
|
|
|
|
} catch (err) {
|
|
|
|
|
if (mode === 'throw') {
|
|
|
|
|
throw err;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return sanitized;
|
|
|
|
|
}
|
|
|
|
|
|
Skills engine v0.1 + multi-channel infrastructure (#307)
* refactor: multi-channel infrastructure with explicit channel/is_group tracking
- Add channels[] array and findChannel() routing in index.ts, replacing
hardcoded whatsapp.* calls with channel-agnostic callbacks
- Add channel TEXT and is_group INTEGER columns to chats table with
COALESCE upsert to protect existing values from null overwrites
- is_group defaults to 0 (safe: unknown chats excluded from groups)
- WhatsApp passes explicit channel='whatsapp' and isGroup to onChatMetadata
- getAvailableGroups filters on is_group instead of JID pattern matching
- findChannel logs warnings instead of silently dropping unroutable JIDs
- Migration backfills channel/is_group from JID patterns for existing DBs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: skills engine v0.1 — deterministic skill packages with rerere resolution
Three-way merge engine for applying skill packages on top of a core
codebase. Skills declare which files they add/modify, and the engine
uses git merge-file for conflict detection with git rerere for
automatic resolution of previously-seen conflicts.
Key components:
- apply: three-way merge with backup/rollback safety net
- replay: clean-slate replay for uninstall and rebase
- update: core version updates with deletion detection
- rebase: bake applied skills into base (one-way)
- manifest: validation with path traversal protection
- resolution-cache: pre-computed rerere resolutions
- structured: npm deps, env vars, docker-compose merging
- CI: per-skill test matrix with conflict detection
151 unit tests covering merge, rerere, backup, replay, uninstall,
update, rebase, structured ops, and edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Discord and Telegram skill packages
Skill packages for adding Discord and Telegram channels to NanoClaw.
Each package includes:
- Channel implementation (add/src/channels/)
- Three-way merge targets for index.ts, config.ts, routing.test.ts
- Intent docs explaining merge invariants
- Standalone integration tests
- manifest.yaml with dependency/conflict declarations
Applied via: npx tsx scripts/apply-skill.ts .claude/skills/add-discord
These are inert until applied — no runtime impact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* remove unused docs (skills-system-status, implementation-guide)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 01:55:00 +02:00
|
|
|
export function resolvePathRemap(
|
|
|
|
|
relPath: string,
|
|
|
|
|
remap: Record<string, string>,
|
|
|
|
|
): string {
|
2026-02-22 17:10:45 -05:00
|
|
|
const projectRoot = process.cwd();
|
|
|
|
|
const safeRelPath = toSafeProjectRelativePath(relPath, projectRoot);
|
2026-02-25 23:13:36 +02:00
|
|
|
const remapped = remap[safeRelPath] ?? remap[relPath];
|
2026-02-22 17:10:45 -05:00
|
|
|
|
|
|
|
|
if (remapped === undefined) {
|
|
|
|
|
return safeRelPath;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Fail closed: if remap target is invalid, ignore remap and keep original path.
|
|
|
|
|
try {
|
|
|
|
|
return toSafeProjectRelativePath(remapped, projectRoot);
|
|
|
|
|
} catch {
|
|
|
|
|
return safeRelPath;
|
|
|
|
|
}
|
Skills engine v0.1 + multi-channel infrastructure (#307)
* refactor: multi-channel infrastructure with explicit channel/is_group tracking
- Add channels[] array and findChannel() routing in index.ts, replacing
hardcoded whatsapp.* calls with channel-agnostic callbacks
- Add channel TEXT and is_group INTEGER columns to chats table with
COALESCE upsert to protect existing values from null overwrites
- is_group defaults to 0 (safe: unknown chats excluded from groups)
- WhatsApp passes explicit channel='whatsapp' and isGroup to onChatMetadata
- getAvailableGroups filters on is_group instead of JID pattern matching
- findChannel logs warnings instead of silently dropping unroutable JIDs
- Migration backfills channel/is_group from JID patterns for existing DBs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: skills engine v0.1 — deterministic skill packages with rerere resolution
Three-way merge engine for applying skill packages on top of a core
codebase. Skills declare which files they add/modify, and the engine
uses git merge-file for conflict detection with git rerere for
automatic resolution of previously-seen conflicts.
Key components:
- apply: three-way merge with backup/rollback safety net
- replay: clean-slate replay for uninstall and rebase
- update: core version updates with deletion detection
- rebase: bake applied skills into base (one-way)
- manifest: validation with path traversal protection
- resolution-cache: pre-computed rerere resolutions
- structured: npm deps, env vars, docker-compose merging
- CI: per-skill test matrix with conflict detection
151 unit tests covering merge, rerere, backup, replay, uninstall,
update, rebase, structured ops, and edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Discord and Telegram skill packages
Skill packages for adding Discord and Telegram channels to NanoClaw.
Each package includes:
- Channel implementation (add/src/channels/)
- Three-way merge targets for index.ts, config.ts, routing.test.ts
- Intent docs explaining merge invariants
- Standalone integration tests
- manifest.yaml with dependency/conflict declarations
Applied via: npx tsx scripts/apply-skill.ts .claude/skills/add-discord
These are inert until applied — no runtime impact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* remove unused docs (skills-system-status, implementation-guide)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 01:55:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function loadPathRemap(): Record<string, string> {
|
|
|
|
|
const state = readState();
|
2026-02-22 17:10:45 -05:00
|
|
|
const remap = state.path_remap ?? {};
|
|
|
|
|
return sanitizeRemapEntries(remap, 'drop');
|
Skills engine v0.1 + multi-channel infrastructure (#307)
* refactor: multi-channel infrastructure with explicit channel/is_group tracking
- Add channels[] array and findChannel() routing in index.ts, replacing
hardcoded whatsapp.* calls with channel-agnostic callbacks
- Add channel TEXT and is_group INTEGER columns to chats table with
COALESCE upsert to protect existing values from null overwrites
- is_group defaults to 0 (safe: unknown chats excluded from groups)
- WhatsApp passes explicit channel='whatsapp' and isGroup to onChatMetadata
- getAvailableGroups filters on is_group instead of JID pattern matching
- findChannel logs warnings instead of silently dropping unroutable JIDs
- Migration backfills channel/is_group from JID patterns for existing DBs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: skills engine v0.1 — deterministic skill packages with rerere resolution
Three-way merge engine for applying skill packages on top of a core
codebase. Skills declare which files they add/modify, and the engine
uses git merge-file for conflict detection with git rerere for
automatic resolution of previously-seen conflicts.
Key components:
- apply: three-way merge with backup/rollback safety net
- replay: clean-slate replay for uninstall and rebase
- update: core version updates with deletion detection
- rebase: bake applied skills into base (one-way)
- manifest: validation with path traversal protection
- resolution-cache: pre-computed rerere resolutions
- structured: npm deps, env vars, docker-compose merging
- CI: per-skill test matrix with conflict detection
151 unit tests covering merge, rerere, backup, replay, uninstall,
update, rebase, structured ops, and edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Discord and Telegram skill packages
Skill packages for adding Discord and Telegram channels to NanoClaw.
Each package includes:
- Channel implementation (add/src/channels/)
- Three-way merge targets for index.ts, config.ts, routing.test.ts
- Intent docs explaining merge invariants
- Standalone integration tests
- manifest.yaml with dependency/conflict declarations
Applied via: npx tsx scripts/apply-skill.ts .claude/skills/add-discord
These are inert until applied — no runtime impact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* remove unused docs (skills-system-status, implementation-guide)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 01:55:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export function recordPathRemap(remap: Record<string, string>): void {
|
|
|
|
|
const state = readState();
|
2026-02-22 17:10:45 -05:00
|
|
|
const existing = sanitizeRemapEntries(state.path_remap ?? {}, 'drop');
|
|
|
|
|
const incoming = sanitizeRemapEntries(remap, 'throw');
|
|
|
|
|
state.path_remap = { ...existing, ...incoming };
|
Skills engine v0.1 + multi-channel infrastructure (#307)
* refactor: multi-channel infrastructure with explicit channel/is_group tracking
- Add channels[] array and findChannel() routing in index.ts, replacing
hardcoded whatsapp.* calls with channel-agnostic callbacks
- Add channel TEXT and is_group INTEGER columns to chats table with
COALESCE upsert to protect existing values from null overwrites
- is_group defaults to 0 (safe: unknown chats excluded from groups)
- WhatsApp passes explicit channel='whatsapp' and isGroup to onChatMetadata
- getAvailableGroups filters on is_group instead of JID pattern matching
- findChannel logs warnings instead of silently dropping unroutable JIDs
- Migration backfills channel/is_group from JID patterns for existing DBs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: skills engine v0.1 — deterministic skill packages with rerere resolution
Three-way merge engine for applying skill packages on top of a core
codebase. Skills declare which files they add/modify, and the engine
uses git merge-file for conflict detection with git rerere for
automatic resolution of previously-seen conflicts.
Key components:
- apply: three-way merge with backup/rollback safety net
- replay: clean-slate replay for uninstall and rebase
- update: core version updates with deletion detection
- rebase: bake applied skills into base (one-way)
- manifest: validation with path traversal protection
- resolution-cache: pre-computed rerere resolutions
- structured: npm deps, env vars, docker-compose merging
- CI: per-skill test matrix with conflict detection
151 unit tests covering merge, rerere, backup, replay, uninstall,
update, rebase, structured ops, and edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Discord and Telegram skill packages
Skill packages for adding Discord and Telegram channels to NanoClaw.
Each package includes:
- Channel implementation (add/src/channels/)
- Three-way merge targets for index.ts, config.ts, routing.test.ts
- Intent docs explaining merge invariants
- Standalone integration tests
- manifest.yaml with dependency/conflict declarations
Applied via: npx tsx scripts/apply-skill.ts .claude/skills/add-discord
These are inert until applied — no runtime impact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* remove unused docs (skills-system-status, implementation-guide)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 01:55:00 +02:00
|
|
|
writeState(state);
|
|
|
|
|
}
|