vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-18 04:20:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1dd05923d666a9828012df152e80b3d50a12932d
openclaw/src/agents/workspace.ts
Peter Steinberger 538605ff44 [codex] Extract filesystem safety primitives (#77918) 
* refactor: extract filesystem safety primitives

* refactor: use fs-safe for file access helpers

* refactor: reuse fs-safe for media reads

* refactor: use fs-safe for image reads

* refactor: reuse fs-safe in qqbot media opener

* refactor: reuse fs-safe for local media checks

* refactor: consume cleaner fs-safe api

* refactor: align fs-safe json option names

* fix: preserve fs-safe migration contracts

* refactor: use fs-safe primitive subpaths

* refactor: use grouped fs-safe subpaths

* refactor: align fs-safe api usage

* refactor: adapt private state store api

* chore: refresh proof gate

* refactor: follow fs-safe json api split

* refactor: follow reduced fs-safe surface

* build: default fs-safe python helper off

* fix: preserve fs-safe plugin sdk aliases

* refactor: consolidate fs-safe usage

* refactor: unify fs-safe store usage

* refactor: trim fs-safe temp workspace usage

* refactor: hide low-level fs-safe primitives

* build: use published fs-safe package

* fix: preserve outbound recovery durability after rebase

* chore: refresh pr checks
2026-05-06 02:15:17 +01:00

781 lines
23 KiB
TypeScript
Raw Blame History

import syncFs from "node:fs";
import fs from "node:fs/promises";
import path from "node:path";
import { openRootFile } from "../infra/boundary-file-read.js";
import { pathExists } from "../infra/fs-safe.js";
import { replaceFileAtomic } from "../infra/replace-file.js";
import {
CANONICAL_ROOT_MEMORY_FILENAME,
exactWorkspaceEntryExists,
} from "../memory/root-memory-files.js";
import { runCommandWithTimeout } from "../process/exec.js";
import { isCronSessionKey, isSubagentSessionKey } from "../routing/session-key.js";
import { readStringValue } from "../shared/string-coerce.js";
import { resolveUserPath } from "../utils.js";
import { DEFAULT_AGENT_WORKSPACE_DIR } from "./workspace-default.js";
import { resolveWorkspaceTemplateDir } from "./workspace-templates.js";
export {
DEFAULT_AGENT_WORKSPACE_DIR,
resolveDefaultAgentWorkspaceDir,
} from "./workspace-default.js";
export const DEFAULT_AGENTS_FILENAME = "AGENTS.md";
export const DEFAULT_SOUL_FILENAME = "SOUL.md";
export const DEFAULT_TOOLS_FILENAME = "TOOLS.md";
export const DEFAULT_IDENTITY_FILENAME = "IDENTITY.md";
export const DEFAULT_USER_FILENAME = "USER.md";
export const DEFAULT_HEARTBEAT_FILENAME = "HEARTBEAT.md";
export const DEFAULT_BOOTSTRAP_FILENAME = "BOOTSTRAP.md";
export const DEFAULT_MEMORY_FILENAME = CANONICAL_ROOT_MEMORY_FILENAME;
const WORKSPACE_STATE_DIRNAME = ".openclaw";
const WORKSPACE_STATE_FILENAME = "workspace-state.json";
const WORKSPACE_STATE_VERSION = 1;
const WORKSPACE_ONBOARDING_PROFILE_FILENAMES = [
DEFAULT_SOUL_FILENAME,
DEFAULT_IDENTITY_FILENAME,
DEFAULT_USER_FILENAME,
] as const;
const workspaceTemplateCache = new Map<string, Promise<string>>();
let gitAvailabilityPromise: Promise<boolean> | null = null;
const MAX_WORKSPACE_BOOTSTRAP_FILE_BYTES = 2 * 1024 * 1024;
// File content cache keyed by stable file identity to avoid stale reads.
const workspaceFileCache = new Map<string, { content: string; identity: string }>();
/**
* Read workspace files via boundary-safe open and cache by inode/dev/size/mtime identity.
*/
type WorkspaceGuardedReadResult =
| { ok: true; content: string }
| { ok: false; reason: "path" | "validation" | "io"; error?: unknown };
function workspaceFileIdentity(stat: syncFs.Stats, canonicalPath: string): string {
return `${canonicalPath}|${stat.dev}:${stat.ino}:${stat.size}:${stat.mtimeMs}`;
}
async function readWorkspaceFileWithGuards(params: {
filePath: string;
workspaceDir: string;
}): Promise<WorkspaceGuardedReadResult> {
const opened = await openRootFile({
absolutePath: params.filePath,
rootPath: params.workspaceDir,
boundaryLabel: "workspace root",
maxBytes: MAX_WORKSPACE_BOOTSTRAP_FILE_BYTES,
});
if (!opened.ok) {
workspaceFileCache.delete(params.filePath);
return opened;
}
const identity = workspaceFileIdentity(opened.stat, opened.path);
const cached = workspaceFileCache.get(params.filePath);
if (cached && cached.identity === identity) {
syncFs.closeSync(opened.fd);
return { ok: true, content: cached.content };
}
try {
const content = syncFs.readFileSync(opened.fd, "utf-8");
workspaceFileCache.set(params.filePath, { content, identity });
return { ok: true, content };
} catch (error) {
workspaceFileCache.delete(params.filePath);
return { ok: false, reason: "io", error };
} finally {
syncFs.closeSync(opened.fd);
}
}
function stripFrontMatter(content: string): string {
if (!content.startsWith("---")) {
return content;
}
const endIndex = content.indexOf("\n---", 3);
if (endIndex === -1) {
return content;
}
const start = endIndex + "\n---".length;
let trimmed = content.slice(start);
trimmed = trimmed.replace(/^\s+/, "");
return trimmed;
}
async function loadTemplate(name: string): Promise<string> {
const cached = workspaceTemplateCache.get(name);
if (cached) {
return cached;
}
const pending = (async () => {
const templateDir = await resolveWorkspaceTemplateDir();
const templatePath = path.join(templateDir, name);
try {
const content = await fs.readFile(templatePath, "utf-8");
return stripFrontMatter(content);
} catch {
throw new Error(
`Missing workspace template: ${name} (${templatePath}). Ensure docs/reference/templates are packaged.`,
);
}
})();
workspaceTemplateCache.set(name, pending);
try {
return await pending;
} catch (error) {
workspaceTemplateCache.delete(name);
throw error;
}
}
export type WorkspaceBootstrapFileName =
| typeof DEFAULT_AGENTS_FILENAME
| typeof DEFAULT_SOUL_FILENAME
| typeof DEFAULT_TOOLS_FILENAME
| typeof DEFAULT_IDENTITY_FILENAME
| typeof DEFAULT_USER_FILENAME
| typeof DEFAULT_HEARTBEAT_FILENAME
| typeof DEFAULT_BOOTSTRAP_FILENAME
| typeof DEFAULT_MEMORY_FILENAME;
export type WorkspaceBootstrapFile = {
name: WorkspaceBootstrapFileName;
path: string;
content?: string;
missing: boolean;
};
export type ExtraBootstrapLoadDiagnosticCode =
| "invalid-bootstrap-filename"
| "missing"
| "security"
| "io";
export type ExtraBootstrapLoadDiagnostic = {
path: string;
reason: ExtraBootstrapLoadDiagnosticCode;
detail: string;
};
type WorkspaceSetupState = {
version: typeof WORKSPACE_STATE_VERSION;
bootstrapSeededAt?: string;
setupCompletedAt?: string;
};
/** Set of recognized bootstrap filenames for runtime validation */
const VALID_BOOTSTRAP_NAMES: ReadonlySet<string> = new Set([
DEFAULT_AGENTS_FILENAME,
DEFAULT_SOUL_FILENAME,
DEFAULT_TOOLS_FILENAME,
DEFAULT_IDENTITY_FILENAME,
DEFAULT_USER_FILENAME,
DEFAULT_HEARTBEAT_FILENAME,
DEFAULT_BOOTSTRAP_FILENAME,
DEFAULT_MEMORY_FILENAME,
]);
const OPTIONAL_BOOTSTRAP_FILENAMES: ReadonlySet<string> = new Set([
DEFAULT_SOUL_FILENAME,
DEFAULT_IDENTITY_FILENAME,
DEFAULT_USER_FILENAME,
DEFAULT_HEARTBEAT_FILENAME,
]);
async function writeFileIfMissing(filePath: string, content: string): Promise<boolean> {
try {
await fs.writeFile(filePath, content, {
encoding: "utf-8",
flag: "wx",
});
return true;
} catch (err) {
const anyErr = err as { code?: string };
if (anyErr.code !== "EEXIST") {
throw err;
}
return false;
}
}
async function fileContentDiffersFromTemplate(
filePath: string,
template: string,
): Promise<boolean> {
try {
return (await fs.readFile(filePath, "utf-8")) !== template;
} catch (err) {
const anyErr = err as { code?: string };
if (anyErr.code !== "ENOENT") {
throw err;
}
return false;
}
}
async function hasWorkspaceUserContentEvidence(
dir: string,
opts?: { includeGit?: boolean },
): Promise<boolean> {
const indicators = [path.join(dir, "memory")];
if (opts?.includeGit) {
indicators.push(path.join(dir, ".git"));
}
for (const indicator of indicators) {
try {
await fs.access(indicator);
return true;
} catch {
// continue
}
}
return await exactWorkspaceEntryExists(dir, DEFAULT_MEMORY_FILENAME);
}
async function workspaceProfileLooksConfigured(params: {
dir: string;
includeGitEvidence?: boolean;
}): Promise<boolean> {
const profileFileDiffs = await Promise.all(
WORKSPACE_ONBOARDING_PROFILE_FILENAMES.map(async (fileName) =>
fileContentDiffersFromTemplate(path.join(params.dir, fileName), await loadTemplate(fileName)),
),
);
return (
profileFileDiffs.some(Boolean) ||
(await hasWorkspaceUserContentEvidence(params.dir, {
includeGit: params.includeGitEvidence,
}))
);
}
async function workspaceHasBootstrapCompletionEvidence(params: { dir: string }): Promise<boolean> {
return await workspaceProfileLooksConfigured(params);
}
type WorkspaceBootstrapCompletionReconcileResult = {
repaired: boolean;
bootstrapExists: boolean;
state: WorkspaceSetupState;
};
async function reconcileWorkspaceBootstrapCompletionState(params: {
dir: string;
bootstrapPath: string;
statePath: string;
state: WorkspaceSetupState;
bootstrapExists?: boolean;
}): Promise<WorkspaceBootstrapCompletionReconcileResult> {
const bootstrapExists = params.bootstrapExists ?? (await pathExists(params.bootstrapPath));
if (
typeof params.state.setupCompletedAt === "string" &&
params.state.setupCompletedAt.trim().length > 0
) {
return { repaired: false, bootstrapExists, state: params.state };
}
if (params.state.bootstrapSeededAt && !bootstrapExists) {
const completedState: WorkspaceSetupState = {
...params.state,
setupCompletedAt: new Date().toISOString(),
};
await writeWorkspaceSetupState(params.statePath, completedState);
return { repaired: true, bootstrapExists: false, state: completedState };
}
if (
!bootstrapExists ||
!(await workspaceHasBootstrapCompletionEvidence({
dir: params.dir,
}))
) {
return { repaired: false, bootstrapExists, state: params.state };
}
const now = new Date().toISOString();
const repairedState: WorkspaceSetupState = {
...params.state,
bootstrapSeededAt: params.state.bootstrapSeededAt ?? now,
setupCompletedAt: now,
};
await fs.rm(params.bootstrapPath, { force: true });
await writeWorkspaceSetupState(params.statePath, repairedState);
return { repaired: true, bootstrapExists: false, state: repairedState };
}
function resolveWorkspaceStatePath(dir: string): string {
return path.join(dir, WORKSPACE_STATE_DIRNAME, WORKSPACE_STATE_FILENAME);
}
function parseWorkspaceSetupState(raw: string): WorkspaceSetupState | null {
try {
const parsed = JSON.parse(raw) as {
bootstrapSeededAt?: unknown;
setupCompletedAt?: unknown;
onboardingCompletedAt?: unknown;
};
if (!parsed || typeof parsed !== "object") {
return null;
}
const legacyCompletedAt = readStringValue(parsed.onboardingCompletedAt);
return {
version: WORKSPACE_STATE_VERSION,
bootstrapSeededAt: readStringValue(parsed.bootstrapSeededAt),
setupCompletedAt: readStringValue(parsed.setupCompletedAt) ?? legacyCompletedAt,
};
} catch {
return null;
}
}
async function readWorkspaceSetupState(
statePath: string,
opts?: { persistLegacyMigration?: boolean },
): Promise<WorkspaceSetupState> {
try {
const raw = await fs.readFile(statePath, "utf-8");
const parsed = parseWorkspaceSetupState(raw);
if (
opts?.persistLegacyMigration &&
parsed &&
raw.includes('"onboardingCompletedAt"') &&
!raw.includes('"setupCompletedAt"') &&
parsed.setupCompletedAt
) {
await writeWorkspaceSetupState(statePath, parsed);
}
return parsed ?? { version: WORKSPACE_STATE_VERSION };
} catch (err) {
const anyErr = err as { code?: string };
if (anyErr.code !== "ENOENT") {
throw err;
}
return {
version: WORKSPACE_STATE_VERSION,
};
}
}
async function readWorkspaceSetupStateForDir(dir: string): Promise<WorkspaceSetupState> {
const statePath = resolveWorkspaceStatePath(resolveUserPath(dir));
return await readWorkspaceSetupState(statePath);
}
export async function isWorkspaceSetupCompleted(dir: string): Promise<boolean> {
const state = await readWorkspaceSetupStateForDir(dir);
return typeof state.setupCompletedAt === "string" && state.setupCompletedAt.trim().length > 0;
}
export async function resolveWorkspaceBootstrapStatus(
dir: string,
): Promise<"pending" | "complete"> {
const resolvedDir = resolveUserPath(dir);
const statePath = resolveWorkspaceStatePath(resolvedDir);
const state = await readWorkspaceSetupState(statePath);
if (typeof state.setupCompletedAt === "string" && state.setupCompletedAt.trim().length > 0) {
return "complete";
}
const bootstrapPath = path.join(resolvedDir, DEFAULT_BOOTSTRAP_FILENAME);
const bootstrapExists = await pathExists(bootstrapPath);
if (!bootstrapExists) {
return "complete";
}
return "pending";
}
export async function isWorkspaceBootstrapPending(dir: string): Promise<boolean> {
return (await resolveWorkspaceBootstrapStatus(dir)) === "pending";
}
export async function reconcileWorkspaceBootstrapCompletion(
dir: string,
): Promise<WorkspaceBootstrapCompletionReconcileResult> {
const resolvedDir = resolveUserPath(dir);
const statePath = resolveWorkspaceStatePath(resolvedDir);
const bootstrapPath = path.join(resolvedDir, DEFAULT_BOOTSTRAP_FILENAME);
const state = await readWorkspaceSetupState(statePath, {
persistLegacyMigration: true,
});
return await reconcileWorkspaceBootstrapCompletionState({
dir: resolvedDir,
bootstrapPath,
statePath,
state,
});
}
async function writeWorkspaceSetupState(
statePath: string,
state: WorkspaceSetupState,
): Promise<void> {
await replaceFileAtomic({
filePath: statePath,
content: `${JSON.stringify(state, null, 2)}\n`,
tempPrefix: ".workspace-state",
});
}
async function hasGitRepo(dir: string): Promise<boolean> {
try {
await fs.stat(path.join(dir, ".git"));
return true;
} catch {
return false;
}
}
async function isGitAvailable(): Promise<boolean> {
if (gitAvailabilityPromise) {
return gitAvailabilityPromise;
}
gitAvailabilityPromise = (async () => {
try {
const result = await runCommandWithTimeout(["git", "--version"], { timeoutMs: 2_000 });
return result.code === 0;
} catch {
return false;
}
})();
return gitAvailabilityPromise;
}
async function ensureGitRepo(dir: string, isBrandNewWorkspace: boolean) {
if (!isBrandNewWorkspace) {
return;
}
if (await hasGitRepo(dir)) {
return;
}
if (!(await isGitAvailable())) {
return;
}
try {
await runCommandWithTimeout(["git", "init"], { cwd: dir, timeoutMs: 10_000 });
} catch {
// Ignore git init failures; workspace creation should still succeed.
}
}
export async function ensureAgentWorkspace(params?: {
dir?: string;
ensureBootstrapFiles?: boolean;
/**
* List of optional bootstrap filenames to skip writing.
* Applies only to SOUL.md, USER.md, HEARTBEAT.md, IDENTITY.md.
* Required workspace setup such as AGENTS.md and TOOLS.md still runs.
*/
skipOptionalBootstrapFiles?: string[];
}): Promise<{
dir: string;
agentsPath?: string;
soulPath?: string;
toolsPath?: string;
identityPath?: string;
userPath?: string;
heartbeatPath?: string;
bootstrapPath?: string;
identityPathCreated?: boolean;
}> {
const rawDir = params?.dir?.trim() ? params.dir.trim() : DEFAULT_AGENT_WORKSPACE_DIR;
const dir = resolveUserPath(rawDir);
await fs.mkdir(dir, { recursive: true });
if (!params?.ensureBootstrapFiles) {
return { dir };
}
const agentsPath = path.join(dir, DEFAULT_AGENTS_FILENAME);
const soulPath = path.join(dir, DEFAULT_SOUL_FILENAME);
const toolsPath = path.join(dir, DEFAULT_TOOLS_FILENAME);
const identityPath = path.join(dir, DEFAULT_IDENTITY_FILENAME);
const userPath = path.join(dir, DEFAULT_USER_FILENAME);
const heartbeatPath = path.join(dir, DEFAULT_HEARTBEAT_FILENAME);
const bootstrapPath = path.join(dir, DEFAULT_BOOTSTRAP_FILENAME);
const statePath = resolveWorkspaceStatePath(dir);
const isBrandNewWorkspace = await (async () => {
const templatePaths = [agentsPath, soulPath, toolsPath, identityPath, userPath, heartbeatPath];
const userContentPaths = [path.join(dir, "memory"), path.join(dir, ".git")];
const paths = [...templatePaths, ...userContentPaths];
const existing = await Promise.all(
paths.map(async (p) => {
try {
await fs.access(p);
return true;
} catch {
return false;
}
}),
);
const hasCanonicalRootMemory = await exactWorkspaceEntryExists(dir, DEFAULT_MEMORY_FILENAME);
return existing.every((v) => !v) && !hasCanonicalRootMemory;
})();
const agentsTemplate = await loadTemplate(DEFAULT_AGENTS_FILENAME);
const soulTemplate = await loadTemplate(DEFAULT_SOUL_FILENAME);
const toolsTemplate = await loadTemplate(DEFAULT_TOOLS_FILENAME);
const identityTemplate = await loadTemplate(DEFAULT_IDENTITY_FILENAME);
const userTemplate = await loadTemplate(DEFAULT_USER_FILENAME);
const heartbeatTemplate = await loadTemplate(DEFAULT_HEARTBEAT_FILENAME);
const skipOptionalBootstrapFiles = new Set(params?.skipOptionalBootstrapFiles ?? []);
const shouldWriteBootstrapFile = (fileName: string): boolean =>
!OPTIONAL_BOOTSTRAP_FILENAMES.has(fileName) || !skipOptionalBootstrapFiles.has(fileName);
await writeFileIfMissing(agentsPath, agentsTemplate);
if (shouldWriteBootstrapFile(DEFAULT_SOUL_FILENAME)) {
await writeFileIfMissing(soulPath, soulTemplate);
}
await writeFileIfMissing(toolsPath, toolsTemplate);
const identityPathCreated = shouldWriteBootstrapFile(DEFAULT_IDENTITY_FILENAME)
? await writeFileIfMissing(identityPath, identityTemplate)
: false;
if (shouldWriteBootstrapFile(DEFAULT_USER_FILENAME)) {
await writeFileIfMissing(userPath, userTemplate);
}
if (shouldWriteBootstrapFile(DEFAULT_HEARTBEAT_FILENAME)) {
await writeFileIfMissing(heartbeatPath, heartbeatTemplate);
}
let state = await readWorkspaceSetupState(statePath, {
persistLegacyMigration: true,
});
let stateDirty = false;
const markState = (next: Partial<WorkspaceSetupState>) => {
state = { ...state, ...next };
stateDirty = true;
};
const nowIso = () => new Date().toISOString();
let bootstrapExists = await pathExists(bootstrapPath);
if (!state.bootstrapSeededAt && bootstrapExists) {
markState({ bootstrapSeededAt: nowIso() });
}
if (!state.setupCompletedAt) {
const repair = await reconcileWorkspaceBootstrapCompletionState({
dir,
bootstrapPath,
statePath,
state,
bootstrapExists,
});
if (repair.repaired) {
state = repair.state;
stateDirty = false;
bootstrapExists = repair.bootstrapExists;
}
}
if (!state.bootstrapSeededAt && !state.setupCompletedAt && !bootstrapExists) {
// Legacy migration path: if USER/IDENTITY diverged from templates, or if user-content
// indicators exist, treat setup as complete and avoid recreating BOOTSTRAP for
// already-configured workspaces.
if (
await workspaceProfileLooksConfigured({
dir,
includeGitEvidence: true,
})
) {
markState({ setupCompletedAt: nowIso() });
} else {
const bootstrapTemplate = await loadTemplate(DEFAULT_BOOTSTRAP_FILENAME);
const wroteBootstrap = await writeFileIfMissing(bootstrapPath, bootstrapTemplate);
if (!wroteBootstrap) {
bootstrapExists = await pathExists(bootstrapPath);
} else {
bootstrapExists = true;
}
if (bootstrapExists && !state.bootstrapSeededAt) {
markState({ bootstrapSeededAt: nowIso() });
}
}
}
if (stateDirty) {
await writeWorkspaceSetupState(statePath, state);
}
await ensureGitRepo(dir, isBrandNewWorkspace);
return {
dir,
agentsPath,
soulPath,
toolsPath,
identityPath,
userPath,
heartbeatPath,
bootstrapPath,
identityPathCreated,
};
}
export async function loadWorkspaceBootstrapFiles(dir: string): Promise<WorkspaceBootstrapFile[]> {
const resolvedDir = resolveUserPath(dir);
const entries: Array<{
name: WorkspaceBootstrapFileName;
filePath: string;
}> = [
{
name: DEFAULT_AGENTS_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_AGENTS_FILENAME),
},
{
name: DEFAULT_SOUL_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_SOUL_FILENAME),
},
{
name: DEFAULT_TOOLS_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_TOOLS_FILENAME),
},
{
name: DEFAULT_IDENTITY_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_IDENTITY_FILENAME),
},
{
name: DEFAULT_USER_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_USER_FILENAME),
},
{
name: DEFAULT_HEARTBEAT_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_HEARTBEAT_FILENAME),
},
{
name: DEFAULT_BOOTSTRAP_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_BOOTSTRAP_FILENAME),
},
{
name: DEFAULT_MEMORY_FILENAME,
filePath: path.join(resolvedDir, DEFAULT_MEMORY_FILENAME),
},
];
const result: WorkspaceBootstrapFile[] = [];
for (const entry of entries) {
if (
entry.name === DEFAULT_MEMORY_FILENAME &&
!(await exactWorkspaceEntryExists(resolvedDir, DEFAULT_MEMORY_FILENAME))
) {
continue;
}
const loaded = await readWorkspaceFileWithGuards({
filePath: entry.filePath,
workspaceDir: resolvedDir,
});
if (loaded.ok) {
result.push({
name: entry.name,
path: entry.filePath,
content: loaded.content,
missing: false,
});
} else {
result.push({ name: entry.name, path: entry.filePath, missing: true });
}
}
return result;
}
const MINIMAL_BOOTSTRAP_ALLOWLIST = new Set([
DEFAULT_AGENTS_FILENAME,
DEFAULT_TOOLS_FILENAME,
DEFAULT_SOUL_FILENAME,
DEFAULT_IDENTITY_FILENAME,
DEFAULT_USER_FILENAME,
]);
export function filterBootstrapFilesForSession(
files: WorkspaceBootstrapFile[],
sessionKey?: string,
): WorkspaceBootstrapFile[] {
if (!sessionKey || (!isSubagentSessionKey(sessionKey) && !isCronSessionKey(sessionKey))) {
return files;
}
return files.filter((file) => MINIMAL_BOOTSTRAP_ALLOWLIST.has(file.name));
}
export async function loadExtraBootstrapFiles(
dir: string,
extraPatterns: string[],
): Promise<WorkspaceBootstrapFile[]> {
const loaded = await loadExtraBootstrapFilesWithDiagnostics(dir, extraPatterns);
return loaded.files;
}
export async function loadExtraBootstrapFilesWithDiagnostics(
dir: string,
extraPatterns: string[],
): Promise<{
files: WorkspaceBootstrapFile[];
diagnostics: ExtraBootstrapLoadDiagnostic[];
}> {
if (!extraPatterns.length) {
return { files: [], diagnostics: [] };
}
const resolvedDir = resolveUserPath(dir);
// Resolve glob patterns into concrete file paths
const resolvedPaths = new Set<string>();
for (const pattern of extraPatterns) {
if (pattern.includes("*") || pattern.includes("?") || pattern.includes("{")) {
try {
const matches = fs.glob(pattern, { cwd: resolvedDir });
for await (const m of matches) {
resolvedPaths.add(m);
}
} catch {
// glob not available or pattern error — fall back to literal
resolvedPaths.add(pattern);
}
} else {
resolvedPaths.add(pattern);
}
}
const files: WorkspaceBootstrapFile[] = [];
const diagnostics: ExtraBootstrapLoadDiagnostic[] = [];
for (const relPath of resolvedPaths) {
const filePath = path.resolve(resolvedDir, relPath);
// Only load files whose basename is a recognized bootstrap filename
const baseName = path.basename(relPath);
if (!VALID_BOOTSTRAP_NAMES.has(baseName)) {
diagnostics.push({
path: filePath,
reason: "invalid-bootstrap-filename",
detail: `unsupported bootstrap basename: ${baseName}`,
});
continue;
}
const loaded = await readWorkspaceFileWithGuards({
filePath,
workspaceDir: resolvedDir,
});
if (loaded.ok) {
files.push({
name: baseName as WorkspaceBootstrapFileName,
path: filePath,
content: loaded.content,
missing: false,
});
continue;
}
const reason: ExtraBootstrapLoadDiagnosticCode =
loaded.reason === "path" ? "missing" : loaded.reason === "validation" ? "security" : "io";
diagnostics.push({
path: filePath,
reason,
detail:
loaded.error instanceof Error
? loaded.error.message
: typeof loaded.error === "string"
? loaded.error
: reason,
});
}
return { files, diagnostics };
}
Reference in New Issue View Git Blame Copy Permalink