fix: address PR review feedback — path safety, SQL injection, gate scoping

- Resolve relative filePath against input.cwd before statSync; early-return on ENOENT - Replace LIKE '%path%' with exact json_each equality to prevent false matches - Sanitize and parameterize LIMIT to prevent NaN SQL errors - Fix day-sorting to use earliest epoch in group, not first (specificity-sorted) item - Use exact path equality in deduplicateObservations instead of substring includes - Scope FileReadGate by session+cwd to prevent worktree collisions - Refresh lastAccess TTL on active sessions; throttle prune to every 50 calls - Type params as (string | number)[] instead of any[] - Remove unused permissionDecision fields from HookResult Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 17:29:59 -07:00
parent a60f79c44d
commit 31910fb265
6 changed files with 175 additions and 142 deletions
@@ -121,9 +121,11 @@ export function getObservationsByFilePath(
  filePath: string,
  options?: { projects?: string[]; limit?: number }
 ): ObservationRecord[] {
-  const likePattern = `%${filePath}%`;
-  const limit = options?.limit ?? 15;
-  const params: any[] = [likePattern, likePattern];
+  const rawLimit = options?.limit;
+  const limit = Number.isInteger(rawLimit) && rawLimit! > 0
+    ? Math.min(rawLimit!, 100)
+    : 15;
+  const params: (string | number)[] = [filePath, filePath];

  let projectClause = '';
  if (options?.projects?.length) {
@@ -132,16 +134,18 @@ export function getObservationsByFilePath(
    params.push(...options.projects);
  }

+  params.push(limit);
+
  const stmt = db.prepare(`
    SELECT *
    FROM observations
    WHERE (
-      EXISTS (SELECT 1 FROM json_each(files_read) WHERE value LIKE ?)
-      OR EXISTS (SELECT 1 FROM json_each(files_modified) WHERE value LIKE ?)
+      EXISTS (SELECT 1 FROM json_each(files_read) WHERE value = ?)
+      OR EXISTS (SELECT 1 FROM json_each(files_modified) WHERE value = ?)
    )
    ${projectClause}
    ORDER BY created_at_epoch DESC
-    LIMIT ${limit}
+    LIMIT ?
  `);

  return stmt.all(...params) as ObservationRecord[];
@@ -3,45 +3,65 @@
 *
 * In-memory session-scoped gate tracking which files have had their timeline
 * injected. Prevents duplicate timeline injections within the same session.
+ * Keys include cwd to prevent worktree collisions.
 */

 interface SessionEntry {
  files: Set<string>;
-  createdAt: number;
+  lastAccess: number;
 }

 const TTL_MS = 4 * 60 * 60 * 1000; // 4 hours

 const sessionGates = new Map<string, SessionEntry>();

+let pruneCallCount = 0;
+const PRUNE_EVERY_N_CALLS = 50;
+
 /**
 * Lazily prune session entries older than the TTL.
+ * Throttled to run every N calls to avoid iterating all sessions on every check.
 */
 function pruneExpiredSessions(): void {
+  pruneCallCount++;
+  if (pruneCallCount < PRUNE_EVERY_N_CALLS) return;
+  pruneCallCount = 0;
+
  const now = Date.now();
-  for (const [sessionId, entry] of sessionGates) {
-    if (now - entry.createdAt > TTL_MS) {
-      sessionGates.delete(sessionId);
+  for (const [key, entry] of sessionGates) {
+    if (now - entry.lastAccess > TTL_MS) {
+      sessionGates.delete(key);
    }
  }
 }

 /**
- * Check if this is the first read of a file in a session, and mark it if so.
+ * Build a composite key scoped to session + cwd to prevent worktree collisions.
+ */
+function makeKey(sessionId: string, cwd?: string): string {
+  return cwd ? `${sessionId}::${cwd}` : sessionId;
+}
+
+/**
+ * Check if this is the first read of a file in a session+cwd scope, and mark it if so.
 * Returns true if this is the first attempt (file was not previously seen).
 * Returns false if the file was already seen in this session.
 */
-export function checkAndMark(sessionId: string, filePath: string): boolean {
+export function checkAndMark(sessionId: string, filePath: string, cwd?: string): boolean {
  pruneExpiredSessions();

+  const key = makeKey(sessionId, cwd);
  const normalizedPath = filePath.replace(/\\/g, '/');

-  let entry = sessionGates.get(sessionId);
+  let entry = sessionGates.get(key);
  if (!entry) {
-    entry = { files: new Set(), createdAt: Date.now() };
-    sessionGates.set(sessionId, entry);
+    entry = { files: new Set(), lastAccess: Date.now() };
+    sessionGates.set(key, entry);
  }

+  // Refresh TTL on every access so active sessions don't get re-blocked
+  entry.lastAccess = Date.now();
+
  if (entry.files.has(normalizedPath)) {
    return false;
  }
@@ -52,7 +72,12 @@ export function checkAndMark(sessionId: string, filePath: string): boolean {

 /**
 * Clear all tracked files for a session (e.g., on session end).
+ * Clears all cwd scopes for the given session.
 */
 export function clearSession(sessionId: string): void {
-  sessionGates.delete(sessionId);
+  for (const key of sessionGates.keys()) {
+    if (key === sessionId || key.startsWith(`${sessionId}::`)) {
+      sessionGates.delete(key);
+    }
+  }
 }
@@ -127,7 +127,8 @@ export class DataRoutes extends BaseRouteHandler {

    const projectsParam = req.query.projects as string | undefined;
    const projects = projectsParam ? projectsParam.split(',').filter(Boolean) : undefined;
-    const limit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
+    const parsedLimit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
+    const limit = Number.isFinite(parsedLimit) && parsedLimit! > 0 ? parsedLimit : undefined;

    const db = this.dbManager.getSessionStore().db;
    const observations = getObservationsByFilePath(db, filePath, { projects, limit });
@@ -508,12 +509,12 @@ export class DataRoutes extends BaseRouteHandler {
   * Returns: { firstAttempt: boolean }
   */
  private handleFileContextGate = this.wrapHandler((req: Request, res: Response): void => {
-    const { sessionId, filePath } = req.body;
+    const { sessionId, filePath, cwd } = req.body;
    if (!sessionId || !filePath) {
      this.badRequest(res, 'sessionId and filePath are required');
      return;
    }
-    const firstAttempt = checkAndMark(sessionId, filePath);
+    const firstAttempt = checkAndMark(sessionId, filePath, cwd);
    res.json({ firstAttempt });
  });
 }