UNPKG

ailock

Version:

AI-Proof File Guard - Protect sensitive files from accidental AI modifications

github.com/daymade/ailock

daymade/ailock

128 lines 4.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
import { Platform } from '../platform.js'; import { BasePlatformAdapter } from './BasePlatformAdapter.js'; import { SecureCommandExecutor } from '../../security/CommandExecutor.js'; import path from 'path'; /** * Windows platform adapter for file locking */ export class WindowsAdapter extends BasePlatformAdapter { platformType = Platform.WINDOWS; constructor() { super(); // Add Windows-specific commands to the allowed list this.commandExecutor = new SecureCommandExecutor(['net']); } /** * Lock a file on Windows */ async lockFile(filePath) { const absolutePath = path.resolve(filePath); // Validate path await this.pathValidator.validateAndSanitizePath(absolutePath); // On Windows, we use attrib to set read-only await this.setReadOnlyAttribute(absolutePath, true); // Additionally, we can use ACLs for stronger protection await this.setWindowsACL(absolutePath, true); } /** * Unlock a file on Windows */ async unlockFile(filePath) { const absolutePath = path.resolve(filePath); // Validate path await this.pathValidator.validateAndSanitizePath(absolutePath); // Remove ACL restrictions first await this.setWindowsACL(absolutePath, false); // Then remove read-only attribute await this.setReadOnlyAttribute(absolutePath, false); } /** * Check if a file is locked on Windows */ async isLocked(filePath) { const absolutePath = path.resolve(filePath); try { // Check if file has read-only attribute const result = await this.commandExecutor.executeCommand('attrib', [absolutePath]); return result.stdout.includes(' R '); } catch { // If we can't check, use the base implementation return await this.isReadOnly(absolutePath); } } /** * Windows doesn't support immutable attributes like Unix */ supportsImmutable() { return false; } /** * Check if a file has immutable attributes (always false on Windows) */ async checkImmutable(filePath) { return false; } /** * Set or remove the read-only attribute using attrib command */ async setReadOnlyAttribute(filePath, readOnly) { try { const flag = readOnly ? '+R' : '-R'; await this.commandExecutor.executeCommand('attrib', [flag, filePath]); } catch (error) { // Fallback to chmod if attrib fails if (readOnly) { await this.makeReadOnly(filePath); } else { await this.makeWritable(filePath); } } } /** * Set Windows ACLs for additional protection */ async setWindowsACL(filePath, lock) { try { if (lock) { // Remove write permissions for current user using icacls // /deny removes write (W) and delete (D) permissions const username = process.env.USERNAME || process.env.USER || 'Everyone'; await this.commandExecutor.executeCommand('icacls', [ filePath, '/deny', `${username}:(W,D)`, '/Q' ]); } else { // Reset permissions to inherited defaults await this.commandExecutor.executeCommand('icacls', [ filePath, '/reset', '/Q' ]); } } catch (error) { // ACL operations might fail without admin rights // Continue with basic protection console.debug(`Could not modify Windows ACLs: ${error}`); } } /** * Check if running with administrator privileges */ async isAdmin() { try { await this.commandExecutor.executeCommand('net', ['session']); return true; } catch { return false; } } } //# sourceMappingURL=WindowsAdapter.js.map