server for rowboatx

2026-04-25 08:26:22 +02:00 · 2025-12-02 13:24:58 +05:30 · 2025-12-02 13:24:58 +05:30 · 9ad6331fbc
commit 9ad6331fbc
parent ae877e70ae
38 changed files with 2223 additions and 1088 deletions
--- a/apps/cli/src/config/config.ts
+++ b/apps/cli/src/config/config.ts
@ -0,0 +1,15 @@
+import path from "path";
+import fs from "fs";
+import { homedir } from "os";
+
+// Resolve app root relative to compiled file location (dist/...)
+export const WorkDir = path.join(homedir(), ".rowboat");
+
+function ensureDirs() {
+    const ensure = (p: string) => { if (!fs.existsSync(p)) fs.mkdirSync(p, { recursive: true }); };
+    ensure(WorkDir);
+    ensure(path.join(WorkDir, "agents"));
+    ensure(path.join(WorkDir, "config"));
+}
+
+ensureDirs();
--- a/apps/cli/src/config/security.ts
+++ b/apps/cli/src/config/security.ts
@ -0,0 +1,101 @@
+import path from "path";
+import fs from "fs";
+import { WorkDir } from "./config.js";
+
+export const SECURITY_CONFIG_PATH = path.join(WorkDir, "config", "security.json");
+
+const DEFAULT_ALLOW_LIST = [
+    "cat",
+    "curl",
+    "date",
+    "echo",
+    "grep",
+    "jq",
+    "ls",
+    "pwd",
+    "yq",
+    "whoami"
+]
+
+let cachedAllowList: string[] | null = null;
+let cachedMtimeMs: number | null = null;
+
+function ensureSecurityConfig() {
+    if (!fs.existsSync(SECURITY_CONFIG_PATH)) {
+        fs.writeFileSync(
+            SECURITY_CONFIG_PATH,
+            JSON.stringify(DEFAULT_ALLOW_LIST, null, 2) + "\n",
+            "utf8",
+        );
+    }
+}
+
+function normalizeList(commands: unknown[]): string[] {
+    const seen = new Set<string>();
+    for (const entry of commands) {
+        if (typeof entry !== "string") continue;
+        const normalized = entry.trim().toLowerCase();
+        if (!normalized) continue;
+        seen.add(normalized);
+    }
+
+    return Array.from(seen);
+}
+
+function parseSecurityPayload(payload: unknown): string[] {
+    if (Array.isArray(payload)) {
+        return normalizeList(payload);
+    }
+
+    if (payload && typeof payload === "object") {
+        const maybeObject = payload as Record<string, unknown>;
+        if (Array.isArray(maybeObject.allowedCommands)) {
+            return normalizeList(maybeObject.allowedCommands);
+        }
+
+        const dynamicList = Object.entries(maybeObject)
+            .filter(([, value]) => Boolean(value))
+            .map(([key]) => key);
+
+        return normalizeList(dynamicList);
+    }
+
+    return [];
+}
+
+function readAllowList(): string[] {
+    ensureSecurityConfig();
+
+    try {
+        const configContent = fs.readFileSync(SECURITY_CONFIG_PATH, "utf8");
+        const parsed = JSON.parse(configContent);
+        return parseSecurityPayload(parsed);
+    } catch (error) {
+        console.warn(`Failed to read security config at ${SECURITY_CONFIG_PATH}: ${error instanceof Error ? error.message : error}`);
+        return DEFAULT_ALLOW_LIST;
+    }
+}
+
+export function getSecurityAllowList(): string[] {
+    ensureSecurityConfig();
+    try {
+        const stats = fs.statSync(SECURITY_CONFIG_PATH);
+        if (cachedAllowList && cachedMtimeMs === stats.mtimeMs) {
+            return cachedAllowList;
+        }
+
+        const allowList = readAllowList();
+        cachedAllowList = allowList;
+        cachedMtimeMs = stats.mtimeMs;
+        return allowList;
+    } catch {
+        cachedAllowList = null;
+        cachedMtimeMs = null;
+        return readAllowList();
+    }
+}
+
+export function resetSecurityAllowListCache() {
+    cachedAllowList = null;
+    cachedMtimeMs = null;
+}