maestro
Public
Forked from brdcastro/maestro
Forked from brdcastro/maestro
"use strict";
/**
* @file shared.ts
* Shared context, types, and helpers used across all tool modules.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.createSafeToolImplementation = void 0;
exports.validatePath = validatePath;
const path_1 = require("path");
const errorCodes_1 = require("./errorCodes");
/**
* Validate that a path stays within a security boundary.
* @param baseDir — directory used to resolve relative paths (usually ctx.cwd)
* @param requestedPath — the user/model-supplied path
* @param securityRoot — immutable workspace root used as boundary (defaults to baseDir)
*/
function validatePath(baseDir, requestedPath, securityRoot) {
const resolved = (0, path_1.resolve)(baseDir, requestedPath);
const boundary = (0, path_1.resolve)(securityRoot ?? baseDir);
const lowerResolved = resolved.toLowerCase();
const lowerBoundary = boundary.toLowerCase();
if (!lowerResolved.startsWith(lowerBoundary)) {
throw new Error(`Access Denied: Path '${requestedPath}' is outside the workspace.`);
}
return resolved;
}
/** Wrap a tool implementation with an enable/disable guard. */
const createSafeToolImplementation = (originalImplementation, isEnabled, toolName) => async (params) => {
if (!isEnabled) {
return (0, errorCodes_1.toolError)(errorCodes_1.TOOL_DISABLED, `Tool '${toolName}' is disabled in the plugin settings.`, `Ask the user to enable 'Allow ${toolName.replace(/_/g, " ")}' (or similar) in the settings.`);
}
return originalImplementation(params);
};
exports.createSafeToolImplementation = createSafeToolImplementation;
//# sourceMappingURL=shared.js.map