mirror of
https://github.com/thedotmack/claude-mem
synced 2026-04-26 09:35:19 +02:00
bd7077d65f
Adds proper PowerShell escaping to prevent theoretical command injection in Start-Process arguments on Windows. Security Context: - All paths (bunPath, script, MARKETPLACE_ROOT) are application-controlled - Not user input - derived from system paths and installation directories - If attacker could modify these, they already have filesystem access - This includes direct access to ~/.claude-mem/claude-mem.db - Nevertheless, proper escaping follows security best practices Changes: - Added escapePowerShellString() helper for PowerShell single-quote escaping - Escapes all path arguments before PowerShell command construction - Added security context comment explaining threat model Fixes: Security concern raised in PR #339 review 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
46 lines
14 KiB
JavaScript
Executable File
46 lines
14 KiB
JavaScript
Executable File
#!/usr/bin/env bun
|
|
import{basename as Rt}from"path";import M from"path";import{homedir as ht}from"os";import{spawnSync as Ot}from"child_process";import{existsSync as Ct,writeFileSync as K,readFileSync as At,mkdirSync as Mt}from"fs";import{readFileSync as Q,writeFileSync as z,existsSync as Z}from"fs";import{join as tt}from"path";import{homedir as et}from"os";var J=["bugfix","feature","refactor","discovery","decision","change"],q=["how-it-works","why-it-exists","what-changed","problem-solution","gotcha","pattern","trade-off"];var k=J.join(","),U=q.join(",");var p=class{static DEFAULTS={CLAUDE_MEM_MODEL:"claude-sonnet-4-5",CLAUDE_MEM_CONTEXT_OBSERVATIONS:"50",CLAUDE_MEM_WORKER_PORT:"37777",CLAUDE_MEM_WORKER_HOST:"127.0.0.1",CLAUDE_MEM_SKIP_TOOLS:"ListMcpResourcesTool,SlashCommand,Skill,TodoWrite,AskUserQuestion",CLAUDE_MEM_DATA_DIR:tt(et(),".claude-mem"),CLAUDE_MEM_LOG_LEVEL:"INFO",CLAUDE_MEM_PYTHON_VERSION:"3.13",CLAUDE_CODE_PATH:"",CLAUDE_MEM_CONTEXT_SHOW_READ_TOKENS:"true",CLAUDE_MEM_CONTEXT_SHOW_WORK_TOKENS:"true",CLAUDE_MEM_CONTEXT_SHOW_SAVINGS_AMOUNT:"true",CLAUDE_MEM_CONTEXT_SHOW_SAVINGS_PERCENT:"true",CLAUDE_MEM_CONTEXT_OBSERVATION_TYPES:k,CLAUDE_MEM_CONTEXT_OBSERVATION_CONCEPTS:U,CLAUDE_MEM_CONTEXT_FULL_COUNT:"5",CLAUDE_MEM_CONTEXT_FULL_FIELD:"narrative",CLAUDE_MEM_CONTEXT_SESSION_COUNT:"10",CLAUDE_MEM_CONTEXT_SHOW_LAST_SUMMARY:"true",CLAUDE_MEM_CONTEXT_SHOW_LAST_MESSAGE:"false"};static getAllDefaults(){return{...this.DEFAULTS}}static get(t){return this.DEFAULTS[t]}static getInt(t){let e=this.get(t);return parseInt(e,10)}static getBool(t){return this.get(t)==="true"}static loadFromFile(t){if(!Z(t))return this.getAllDefaults();let e=Q(t,"utf-8"),r=JSON.parse(e),n=r;if(r.env&&typeof r.env=="object"){n=r.env;try{z(t,JSON.stringify(n,null,2),"utf-8"),u.info("SETTINGS","Migrated settings file from nested to flat schema",{settingsPath:t})}catch(i){u.warn("SETTINGS","Failed to auto-migrate settings file",{settingsPath:t},i)}}let s={...this.DEFAULTS};for(let i of Object.keys(this.DEFAULTS))n[i]!==void 0&&(s[i]=n[i]);return s}};var D=(s=>(s[s.DEBUG=0]="DEBUG",s[s.INFO=1]="INFO",s[s.WARN=2]="WARN",s[s.ERROR=3]="ERROR",s[s.SILENT=4]="SILENT",s))(D||{}),L=class{level=null;useColor;constructor(){this.useColor=process.stdout.isTTY??!1}getLevel(){if(this.level===null){let t=p.get("CLAUDE_MEM_LOG_LEVEL").toUpperCase();this.level=D[t]??1}return this.level}correlationId(t,e){return`obs-${t}-${e}`}sessionId(t){return`session-${t}`}formatData(t){if(t==null)return"";if(typeof t=="string")return t;if(typeof t=="number"||typeof t=="boolean")return t.toString();if(typeof t=="object"){if(t instanceof Error)return this.getLevel()===0?`${t.message}
|
|
${t.stack}`:t.message;if(Array.isArray(t))return`[${t.length} items]`;let e=Object.keys(t);return e.length===0?"{}":e.length<=3?JSON.stringify(t):`{${e.length} keys: ${e.slice(0,3).join(", ")}...}`}return String(t)}formatTool(t,e){if(!e)return t;try{let r=typeof e=="string"?JSON.parse(e):e;if(t==="Bash"&&r.command){let n=r.command.length>50?r.command.substring(0,50)+"...":r.command;return`${t}(${n})`}if(t==="Read"&&r.file_path){let n=r.file_path.split("/").pop()||r.file_path;return`${t}(${n})`}if(t==="Edit"&&r.file_path){let n=r.file_path.split("/").pop()||r.file_path;return`${t}(${n})`}if(t==="Write"&&r.file_path){let n=r.file_path.split("/").pop()||r.file_path;return`${t}(${n})`}return t}catch{return t}}formatTimestamp(t){let e=t.getFullYear(),r=String(t.getMonth()+1).padStart(2,"0"),n=String(t.getDate()).padStart(2,"0"),s=String(t.getHours()).padStart(2,"0"),i=String(t.getMinutes()).padStart(2,"0"),c=String(t.getSeconds()).padStart(2,"0"),l=String(t.getMilliseconds()).padStart(3,"0");return`${e}-${r}-${n} ${s}:${i}:${c}.${l}`}log(t,e,r,n,s){if(t<this.getLevel())return;let i=this.formatTimestamp(new Date),c=D[t].padEnd(5),l=e.padEnd(6),m="";n?.correlationId?m=`[${n.correlationId}] `:n?.sessionId&&(m=`[session-${n.sessionId}] `);let a="";s!=null&&(this.getLevel()===0&&typeof s=="object"?a=`
|
|
`+JSON.stringify(s,null,2):a=" "+this.formatData(s));let _="";if(n){let{sessionId:Pt,sdkSessionId:It,correlationId:yt,...v}=n;Object.keys(v).length>0&&(_=` {${Object.entries(v).map(([Y,X])=>`${Y}=${X}`).join(", ")}}`)}let d=`[${i}] [${c}] [${l}] ${m}${r}${_}${a}`;t===3?console.error(d):console.log(d)}debug(t,e,r,n){this.log(0,t,e,r,n)}info(t,e,r,n){this.log(1,t,e,r,n)}warn(t,e,r,n){this.log(2,t,e,r,n)}error(t,e,r,n){this.log(3,t,e,r,n)}dataIn(t,e,r,n){this.info(t,`\u2192 ${e}`,r,n)}dataOut(t,e,r,n){this.info(t,`\u2190 ${e}`,r,n)}success(t,e,r,n){this.info(t,`\u2713 ${e}`,r,n)}failure(t,e,r,n){this.error(t,`\u2717 ${e}`,r,n)}timing(t,e,r,n){this.info(t,`\u23F1 ${e}`,n,{duration:`${r}ms`})}happyPathError(t,e,r,n,s=""){let m=((new Error().stack||"").split(`
|
|
`)[2]||"").match(/at\s+(?:.*\s+)?\(?([^:]+):(\d+):(\d+)\)?/),a=m?`${m[1].split("/").pop()}:${m[2]}`:"unknown",_={...r,location:a};return this.warn(t,`[HAPPY-PATH] ${e}`,_,n),s}},u=new L;var A={DEFAULT:5e3,HEALTH_CHECK:1e3,WORKER_STARTUP_WAIT:1e3,WORKER_STARTUP_RETRIES:15,PRE_RESTART_SETTLE_DELAY:2e3,WINDOWS_MULTIPLIER:1.5},N={SUCCESS:0,FAILURE:1,USER_MESSAGE_ONLY:3};function w(o){return process.platform==="win32"?Math.round(o*A.WINDOWS_MULTIPLIER):o}import{existsSync as I,readFileSync as ct,writeFileSync as ut,unlinkSync as lt,mkdirSync as F}from"fs";import{createWriteStream as pt}from"fs";import{join as h}from"path";import{spawn as Et,spawnSync as gt}from"child_process";import{homedir as mt}from"os";import{join as E,dirname as rt,basename as Vt}from"path";import{homedir as nt}from"os";import{fileURLToPath as ot}from"url";function st(){return typeof __dirname<"u"?__dirname:rt(ot(import.meta.url))}var Jt=st(),g=p.get("CLAUDE_MEM_DATA_DIR"),R=process.env.CLAUDE_CONFIG_DIR||E(nt(),".claude"),qt=E(g,"archives"),Qt=E(g,"logs"),zt=E(g,"trash"),Zt=E(g,"backups"),te=E(g,"settings.json"),ee=E(g,"claude-mem.db"),re=E(g,"vector-db"),ne=E(R,"settings.json"),oe=E(R,"commands"),se=E(R,"CLAUDE.md");import{spawnSync as it}from"child_process";import{existsSync as at}from"fs";import{join as x}from"path";import{homedir as $}from"os";function P(){let o=process.platform==="win32";try{if(it("bun",["--version"],{encoding:"utf-8",stdio:["pipe","pipe","pipe"],shell:o}).status===0)return"bun"}catch{}let t=o?[x($(),".bun","bin","bun.exe")]:[x($(),".bun","bin","bun"),"/usr/local/bin/bun","/opt/homebrew/bin/bun","/home/linuxbrew/.linuxbrew/bin/bun"];for(let e of t)if(at(e))return e;return null}function W(){return P()!==null}var T=h(g,"worker.pid"),H=h(g,"logs"),y=h(mt(),".claude","plugins","marketplaces","thedotmack"),ft=5e3,_t=1e4,dt=200,St=1e3,Tt=100,O=class{static async start(t){if(isNaN(t)||t<1024||t>65535)return{success:!1,error:`Invalid port ${t}. Must be between 1024 and 65535`};if(await this.isRunning())return{success:!0,pid:this.getPidInfo()?.pid};F(H,{recursive:!0});let e=h(y,"plugin","scripts","worker-service.cjs");if(!I(e))return{success:!1,error:`Worker script not found at ${e}`};let r=this.getLogFilePath();return this.startWithBun(e,r,t)}static isBunAvailable(){return W()}static escapePowerShellString(t){return t.replace(/'/g,"''")}static async startWithBun(t,e,r){let n=P();if(!n)return{success:!1,error:"Bun is required but not found in PATH or common installation paths. Install from https://bun.sh"};try{if(process.platform==="win32"){let i=this.escapePowerShellString(n),c=this.escapePowerShellString(t),l=this.escapePowerShellString(y),a=`${`$env:CLAUDE_MEM_WORKER_PORT='${r}'`}; Start-Process -FilePath '${i}' -ArgumentList '${c}' -WorkingDirectory '${l}' -WindowStyle Hidden -PassThru | Select-Object -ExpandProperty Id`,_=gt("powershell",["-Command",a],{stdio:"pipe",timeout:1e4,windowsHide:!0});if(_.status!==0)return{success:!1,error:`PowerShell spawn failed: ${_.stderr?.toString()||"unknown error"}`};let d=parseInt(_.stdout.toString().trim(),10);return isNaN(d)?{success:!1,error:"Failed to get PID from PowerShell"}:(this.writePidFile({pid:d,port:r,startedAt:new Date().toISOString(),version:process.env.npm_package_version||"unknown"}),this.waitForHealth(d,r))}else{let i=Et(n,[t],{detached:!0,stdio:["ignore","pipe","pipe"],env:{...process.env,CLAUDE_MEM_WORKER_PORT:String(r)},cwd:y}),c=pt(e,{flags:"a"});return i.stdout?.pipe(c),i.stderr?.pipe(c),i.unref(),i.pid?(this.writePidFile({pid:i.pid,port:r,startedAt:new Date().toISOString(),version:process.env.npm_package_version||"unknown"}),this.waitForHealth(i.pid,r)):{success:!1,error:"Failed to get PID from spawned process"}}}catch(s){return{success:!1,error:s instanceof Error?s.message:String(s)}}}static async stop(t=ft){let e=this.getPidInfo();if(!e)return!0;try{process.kill(e.pid,"SIGTERM"),await this.waitForExit(e.pid,t)}catch{try{process.kill(e.pid,"SIGKILL")}catch{}}return this.removePidFile(),!0}static async restart(t){return await this.stop(),this.start(t)}static async status(){let t=this.getPidInfo();if(!t)return{running:!1};let e=this.isProcessAlive(t.pid);return{running:e,pid:e?t.pid:void 0,port:e?t.port:void 0,uptime:e?this.formatUptime(t.startedAt):void 0}}static async isRunning(){let t=this.getPidInfo();if(!t)return!1;let e=this.isProcessAlive(t.pid);return e||this.removePidFile(),e}static getPidInfo(){try{if(!I(T))return null;let t=ct(T,"utf-8"),e=JSON.parse(t);return typeof e.pid!="number"||typeof e.port!="number"?null:e}catch{return null}}static writePidFile(t){F(g,{recursive:!0}),ut(T,JSON.stringify(t,null,2))}static removePidFile(){try{I(T)&<(T)}catch{}}static isProcessAlive(t){try{return process.kill(t,0),!0}catch{return!1}}static async waitForHealth(t,e,r=_t){let n=Date.now();for(;Date.now()-n<r;){if(!this.isProcessAlive(t))return{success:!1,error:"Process died during startup"};try{if((await fetch(`http://127.0.0.1:${e}/health`,{signal:AbortSignal.timeout(St)})).ok)return{success:!0,pid:t}}catch{}await new Promise(s=>setTimeout(s,dt))}return{success:!1,error:"Health check timed out"}}static async waitForExit(t,e){let r=Date.now();for(;Date.now()-r<e;){if(!this.isProcessAlive(t))return;await new Promise(n=>setTimeout(n,Tt))}throw new Error("Process did not exit within timeout")}static getLogFilePath(){let t=new Date().toISOString().slice(0,10);return h(H,`worker-${t}.log`)}static formatUptime(t){let e=new Date(t).getTime(),n=Date.now()-e,s=Math.floor(n/1e3),i=Math.floor(s/60),c=Math.floor(i/60),l=Math.floor(c/24);return l>0?`${l}d ${c%24}h`:c>0?`${c}h ${i%60}m`:i>0?`${i}m ${s%60}s`:`${s}s`}};function C(o={}){let{port:t,includeSkillFallback:e=!1,customPrefix:r,actualError:n}=o,s=process.platform==="win32",i=s?"%USERPROFILE%\\.claude\\plugins\\marketplaces\\thedotmack":"~/.claude/plugins/marketplaces/thedotmack",c=s?"Command Prompt or PowerShell":"Terminal",l=r||"Worker service connection failed.",m=t?` (port ${t})`:"",a=`${l}${m}
|
|
|
|
`;return a+=`To restart the worker:
|
|
`,a+=`1. Exit Claude Code completely
|
|
`,a+=`2. Open ${c}
|
|
`,a+=`3. Navigate to: ${i}
|
|
`,a+=`4. Run: npm run worker:restart
|
|
`,a+="5. Restart Claude Code",e&&(a+=`
|
|
|
|
If that doesn't work, try: /troubleshoot`),n&&(a=`Worker Error: ${n}
|
|
|
|
${a}`),a}var V=M.join(ht(),".claude","plugins","marketplaces","thedotmack"),j=w(A.HEALTH_CHECK),S=null;function f(){if(S!==null)return S;try{let o=M.join(p.get("CLAUDE_MEM_DATA_DIR"),"settings.json"),t=p.loadFromFile(o);return S=parseInt(t.CLAUDE_MEM_WORKER_PORT,10),S}catch(o){return u.debug("SYSTEM","Failed to load port from settings, using default",{error:o}),S=parseInt(p.get("CLAUDE_MEM_WORKER_PORT"),10),S}}async function b(){try{let o=f();return(await fetch(`http://127.0.0.1:${o}/health`,{signal:AbortSignal.timeout(j)})).ok}catch(o){return u.debug("SYSTEM","Worker health check failed",{error:o instanceof Error?o.message:String(o),errorType:o?.constructor?.name}),!1}}function Dt(){try{let o=M.join(V,"package.json");return JSON.parse(At(o,"utf-8")).version}catch(o){return u.debug("SYSTEM","Failed to read plugin version",{error:o instanceof Error?o.message:String(o)}),null}}async function Lt(){try{let o=f(),t=await fetch(`http://127.0.0.1:${o}/api/version`,{signal:AbortSignal.timeout(j)});return t.ok?(await t.json()).version:null}catch(o){return u.debug("SYSTEM","Failed to get worker version",{error:o instanceof Error?o.message:String(o)}),null}}async function B(){let o=Dt(),t=await Lt();!o||!t||o!==t&&(u.info("SYSTEM","Worker version mismatch detected - restarting worker",{pluginVersion:o,workerVersion:t}),await new Promise(e=>setTimeout(e,w(A.PRE_RESTART_SETTLE_DELAY))),await O.restart(f()),await new Promise(e=>setTimeout(e,1e3)),await b()||u.error("SYSTEM","Worker failed to restart after version mismatch",{expectedVersion:o,runningVersion:t,port:f()}))}async function wt(){let o=p.get("CLAUDE_MEM_DATA_DIR"),t=M.join(o,".pm2-migrated");if(Mt(o,{recursive:!0}),!Ct(t))try{Ot("pm2",["delete","claude-mem-worker"],{stdio:"ignore"}),K(t,new Date().toISOString(),"utf-8"),u.debug("SYSTEM","PM2 cleanup completed and marked")}catch{K(t,new Date().toISOString(),"utf-8")}let e=f(),r=await O.start(e);return r.success||u.error("SYSTEM","Failed to start worker",{platform:process.platform,port:e,error:r.error,marketplaceRoot:V}),r.success}async function G(){if(await b()){await B();return}if(!await wt()){let e=f();throw new Error(C({port:e,customPrefix:`Worker service failed to start on port ${e}.`}))}for(let e=0;e<5;e++)if(await new Promise(r=>setTimeout(r,500)),await b()){await B();return}let t=f();throw u.error("SYSTEM","Worker started but not responding to health checks"),new Error(C({port:t,customPrefix:`Worker service started but is not responding on port ${t}.`}))}try{await G();let o=f(),t=Rt(process.cwd()),e=await fetch(`http://127.0.0.1:${o}/api/context/inject?project=${encodeURIComponent(t)}&colors=true`,{method:"GET",signal:AbortSignal.timeout(5e3)});if(!e.ok)throw new Error(C({includeSkillFallback:!0}));let r=await e.text();console.error(`
|
|
|
|
\u{1F4DD} Claude-Mem Context Loaded
|
|
\u2139\uFE0F Note: This appears as stderr but is informational only
|
|
|
|
`+r+`
|
|
|
|
\u{1F4A1} New! Wrap all or part of any message with <private> ... </private> to prevent storing sensitive information in your observation history.
|
|
|
|
\u{1F4AC} Community https://discord.gg/J4wttp9vDu
|
|
\u{1F4FA} Watch live in browser http://localhost:${o}/
|
|
`)}catch{console.error(`
|
|
---
|
|
\u{1F389} Note: This appears under Plugin Hook Error, but it's not an error. That's the only option for
|
|
user messages in Claude Code UI until a better method is provided.
|
|
---
|
|
|
|
\u26A0\uFE0F Claude-Mem: First-Time Setup
|
|
|
|
Dependencies are installing in the background. This only happens once.
|
|
|
|
\u{1F4A1} TIPS:
|
|
\u2022 Memories will start generating while you work
|
|
\u2022 Use /init to write or update your CLAUDE.md for better project context
|
|
\u2022 Try /clear after one session to see what context looks like
|
|
|
|
Thank you for installing Claude-Mem!
|
|
|
|
This message was not added to your startup context, so you can continue working as normal.
|
|
`)}process.exit(N.USER_MESSAGE_ONLY);
|