fix: address PR review feedback — path safety, SQL injection, gate scoping
- Resolve relative filePath against input.cwd before statSync; early-return on ENOENT - Replace LIKE '%path%' with exact json_each equality to prevent false matches - Sanitize and parameterize LIMIT to prevent NaN SQL errors - Fix day-sorting to use earliest epoch in group, not first (specificity-sorted) item - Use exact path equality in deduplicateObservations instead of substring includes - Scope FileReadGate by session+cwd to prevent worktree collisions - Refresh lastAccess TTL on active sessions; throttle prune to every 50 calls - Type params as (string | number)[] instead of any[] - Remove unused permissionDecision fields from HookResult Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alex Newman
@@ -89,7 +89,8 @@ function deduplicateObservations(
|
||||
const filesRead = parseJsonArray(obs.files_read);
|
||||
const filesModified = parseJsonArray(obs.files_modified);
|
||||
const totalFiles = filesRead.length + filesModified.length;
|
||||
const inModified = filesModified.some(f => f.includes(targetPath) || targetPath.includes(f));
|
||||
const normalizedTarget = targetPath.replace(/\\/g, '/');
|
||||
const inModified = filesModified.some(f => f.replace(/\\/g, '/') === normalizedTarget);
|
||||
|
||||
let specificityScore = 0;
|
||||
if (inModified) specificityScore += 2;
|
||||
@@ -117,10 +118,10 @@ function formatFileTimeline(observations: ObservationRow[], filePath: string): s
|
||||
byDay.get(day)!.push(obs);
|
||||
}
|
||||
|
||||
// Sort days chronologically
|
||||
// Sort days chronologically (use earliest observation in each group, not first — which is specificity-sorted)
|
||||
const sortedDays = Array.from(byDay.entries()).sort((a, b) => {
|
||||
const aEpoch = a[1][0].created_at_epoch;
|
||||
const bEpoch = b[1][0].created_at_epoch;
|
||||
const aEpoch = Math.min(...a[1].map(o => o.created_at_epoch));
|
||||
const bEpoch = Math.min(...b[1].map(o => o.created_at_epoch));
|
||||
return aEpoch - bEpoch;
|
||||
});
|
||||
|
||||
@@ -154,12 +155,16 @@ export const fileContextHandler: EventHandler = {
|
||||
// Skip gate for files below the token-economics threshold — timeline (~370 tokens)
|
||||
// costs more than reading small files directly.
|
||||
try {
|
||||
const stat = statSync(filePath);
|
||||
const statPath = path.isAbsolute(filePath)
|
||||
? filePath
|
||||
: path.resolve(input.cwd || process.cwd(), filePath);
|
||||
const stat = statSync(statPath);
|
||||
if (stat.size < FILE_READ_GATE_MIN_BYTES) {
|
||||
return { continue: true, suppressOutput: true };
|
||||
}
|
||||
} catch {
|
||||
// File not found, symlink error, permission denied — fall through and let gate proceed
|
||||
} catch (err: any) {
|
||||
if (err.code === 'ENOENT') return { continue: true, suppressOutput: true };
|
||||
// Other errors (symlink, permission denied) — fall through and let gate proceed
|
||||
}
|
||||
|
||||
// Check if project is excluded from tracking
|
||||
@@ -211,7 +216,7 @@ export const fileContextHandler: EventHandler = {
|
||||
const gateResponse = await workerHttpRequest('/api/file-context/gate', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ sessionId: input.sessionId, filePath: relativePath }),
|
||||
body: JSON.stringify({ sessionId: input.sessionId, filePath: relativePath, cwd }),
|
||||
});
|
||||
|
||||
if (gateResponse.ok) {
|
||||
|
||||
@@ -20,8 +20,6 @@ export interface HookResult {
|
||||
hookSpecificOutput?: {
|
||||
hookEventName: string;
|
||||
additionalContext: string;
|
||||
permissionDecision?: string;
|
||||
permissionDecisionReason?: string;
|
||||
};
|
||||
systemMessage?: string;
|
||||
exitCode?: number;
|
||||
|
||||
@@ -121,9 +121,11 @@ export function getObservationsByFilePath(
|
||||
filePath: string,
|
||||
options?: { projects?: string[]; limit?: number }
|
||||
): ObservationRecord[] {
|
||||
const likePattern = `%${filePath}%`;
|
||||
const limit = options?.limit ?? 15;
|
||||
const params: any[] = [likePattern, likePattern];
|
||||
const rawLimit = options?.limit;
|
||||
const limit = Number.isInteger(rawLimit) && rawLimit! > 0
|
||||
? Math.min(rawLimit!, 100)
|
||||
: 15;
|
||||
const params: (string | number)[] = [filePath, filePath];
|
||||
|
||||
let projectClause = '';
|
||||
if (options?.projects?.length) {
|
||||
@@ -132,16 +134,18 @@ export function getObservationsByFilePath(
|
||||
params.push(...options.projects);
|
||||
}
|
||||
|
||||
params.push(limit);
|
||||
|
||||
const stmt = db.prepare(`
|
||||
SELECT *
|
||||
FROM observations
|
||||
WHERE (
|
||||
EXISTS (SELECT 1 FROM json_each(files_read) WHERE value LIKE ?)
|
||||
OR EXISTS (SELECT 1 FROM json_each(files_modified) WHERE value LIKE ?)
|
||||
EXISTS (SELECT 1 FROM json_each(files_read) WHERE value = ?)
|
||||
OR EXISTS (SELECT 1 FROM json_each(files_modified) WHERE value = ?)
|
||||
)
|
||||
${projectClause}
|
||||
ORDER BY created_at_epoch DESC
|
||||
LIMIT ${limit}
|
||||
LIMIT ?
|
||||
`);
|
||||
|
||||
return stmt.all(...params) as ObservationRecord[];
|
||||
|
||||
@@ -3,45 +3,65 @@
|
||||
*
|
||||
* In-memory session-scoped gate tracking which files have had their timeline
|
||||
* injected. Prevents duplicate timeline injections within the same session.
|
||||
* Keys include cwd to prevent worktree collisions.
|
||||
*/
|
||||
|
||||
interface SessionEntry {
|
||||
files: Set<string>;
|
||||
createdAt: number;
|
||||
lastAccess: number;
|
||||
}
|
||||
|
||||
const TTL_MS = 4 * 60 * 60 * 1000; // 4 hours
|
||||
|
||||
const sessionGates = new Map<string, SessionEntry>();
|
||||
|
||||
let pruneCallCount = 0;
|
||||
const PRUNE_EVERY_N_CALLS = 50;
|
||||
|
||||
/**
|
||||
* Lazily prune session entries older than the TTL.
|
||||
* Throttled to run every N calls to avoid iterating all sessions on every check.
|
||||
*/
|
||||
function pruneExpiredSessions(): void {
|
||||
pruneCallCount++;
|
||||
if (pruneCallCount < PRUNE_EVERY_N_CALLS) return;
|
||||
pruneCallCount = 0;
|
||||
|
||||
const now = Date.now();
|
||||
for (const [sessionId, entry] of sessionGates) {
|
||||
if (now - entry.createdAt > TTL_MS) {
|
||||
sessionGates.delete(sessionId);
|
||||
for (const [key, entry] of sessionGates) {
|
||||
if (now - entry.lastAccess > TTL_MS) {
|
||||
sessionGates.delete(key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if this is the first read of a file in a session, and mark it if so.
|
||||
* Build a composite key scoped to session + cwd to prevent worktree collisions.
|
||||
*/
|
||||
function makeKey(sessionId: string, cwd?: string): string {
|
||||
return cwd ? `${sessionId}::${cwd}` : sessionId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if this is the first read of a file in a session+cwd scope, and mark it if so.
|
||||
* Returns true if this is the first attempt (file was not previously seen).
|
||||
* Returns false if the file was already seen in this session.
|
||||
*/
|
||||
export function checkAndMark(sessionId: string, filePath: string): boolean {
|
||||
export function checkAndMark(sessionId: string, filePath: string, cwd?: string): boolean {
|
||||
pruneExpiredSessions();
|
||||
|
||||
const key = makeKey(sessionId, cwd);
|
||||
const normalizedPath = filePath.replace(/\\/g, '/');
|
||||
|
||||
let entry = sessionGates.get(sessionId);
|
||||
let entry = sessionGates.get(key);
|
||||
if (!entry) {
|
||||
entry = { files: new Set(), createdAt: Date.now() };
|
||||
sessionGates.set(sessionId, entry);
|
||||
entry = { files: new Set(), lastAccess: Date.now() };
|
||||
sessionGates.set(key, entry);
|
||||
}
|
||||
|
||||
// Refresh TTL on every access so active sessions don't get re-blocked
|
||||
entry.lastAccess = Date.now();
|
||||
|
||||
if (entry.files.has(normalizedPath)) {
|
||||
return false;
|
||||
}
|
||||
@@ -52,7 +72,12 @@ export function checkAndMark(sessionId: string, filePath: string): boolean {
|
||||
|
||||
/**
|
||||
* Clear all tracked files for a session (e.g., on session end).
|
||||
* Clears all cwd scopes for the given session.
|
||||
*/
|
||||
export function clearSession(sessionId: string): void {
|
||||
sessionGates.delete(sessionId);
|
||||
for (const key of sessionGates.keys()) {
|
||||
if (key === sessionId || key.startsWith(`${sessionId}::`)) {
|
||||
sessionGates.delete(key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -127,7 +127,8 @@ export class DataRoutes extends BaseRouteHandler {
|
||||
|
||||
const projectsParam = req.query.projects as string | undefined;
|
||||
const projects = projectsParam ? projectsParam.split(',').filter(Boolean) : undefined;
|
||||
const limit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
|
||||
const parsedLimit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
|
||||
const limit = Number.isFinite(parsedLimit) && parsedLimit! > 0 ? parsedLimit : undefined;
|
||||
|
||||
const db = this.dbManager.getSessionStore().db;
|
||||
const observations = getObservationsByFilePath(db, filePath, { projects, limit });
|
||||
@@ -508,12 +509,12 @@ export class DataRoutes extends BaseRouteHandler {
|
||||
* Returns: { firstAttempt: boolean }
|
||||
*/
|
||||
private handleFileContextGate = this.wrapHandler((req: Request, res: Response): void => {
|
||||
const { sessionId, filePath } = req.body;
|
||||
const { sessionId, filePath, cwd } = req.body;
|
||||
if (!sessionId || !filePath) {
|
||||
this.badRequest(res, 'sessionId and filePath are required');
|
||||
return;
|
||||
}
|
||||
const firstAttempt = checkAndMark(sessionId, filePath);
|
||||
const firstAttempt = checkAndMark(sessionId, filePath, cwd);
|
||||
res.json({ firstAttempt });
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user