mikael-lovqvists-claude-agent
67c1c3f9a4
Each request is signed with HMAC-SHA256 over timestamp+body using a per-user secret loaded from a --secrets file (never env vars or git). Users have a canApprove list controlling who may approve queued actions. Queue entries track submitted_by for permission checks on approve/deny. Also renames all identifiers to snake_case throughout the codebase. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
26 lines
771 B
JavaScript
26 lines
771 B
JavaScript
import { spawnSync } from "child_process";
|
|
import path from "path";
|
|
|
|
const WORKSPACE_ROOT = process.env.CONDUIT_ROOT || "/workspace";
|
|
|
|
// Resolve a path param relative to WORKSPACE_ROOT, preventing traversal.
|
|
export function resolve_path(user_path) {
|
|
const resolved = path.resolve(WORKSPACE_ROOT, user_path.replace(/^\//, ""));
|
|
if (!resolved.startsWith(WORKSPACE_ROOT)) {
|
|
throw new Error(`Path escapes workspace root: ${user_path}`);
|
|
}
|
|
return resolved;
|
|
}
|
|
|
|
// Execute a binary with an argument list — no shell interpolation.
|
|
export function exec(bin, args = []) {
|
|
return new Promise((resolve, reject) => {
|
|
const result = spawnSync(bin, args, { stdio: "inherit" });
|
|
if (result.error) {
|
|
reject(result.error);
|
|
} else {
|
|
resolve(result.status);
|
|
}
|
|
});
|
|
}
|