UNPKG

claude-code-automation

Version:

🚀 Generic project automation system with anti-compaction protection and recovery capabilities. Automatically detects project type (React, Node.js, Python, Rust, Go, Java) and provides intelligent analysis. Claude Code optimized - run 'welcome' after inst

github.com/diegocc/claude-code-automation-v2

diegocc/claude-code-automation-v2

425 lines (355 loc) 14.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
/** * SecureProcessManager - Enterprise-grade process security * Replaces unsafe child_process.spawn with secure, monitored execution * * Features: * - Resource limits (memory, time, process count) * - Command whitelisting and input validation * - Process isolation and cleanup * - Professional error handling and logging */ const { spawn } = require('child_process'); const path = require('path'); class SecureProcessManager { constructor(options = {}) { this.projectRoot = options.projectRoot || process.cwd(); // Security configuration this.config = { // Resource limits maxMemoryMB: options.maxMemoryMB || 512, maxProcesses: options.maxProcesses || 5, defaultTimeoutMs: options.defaultTimeoutMs || 120000, // 2 minutes maxTimeoutMs: options.maxTimeoutMs || 600000, // 10 minutes // Command security allowedCommands: options.allowedCommands || [ 'npm', 'yarn', 'pnpm', 'node', 'git' ], allowedPaths: options.allowedPaths || [this.projectRoot], // Monitoring verboseLogging: options.verboseLogging || false, monitorResources: options.monitorResources !== false }; // Process tracking this.activeProcesses = new Map(); this.processCount = 0; this.processHistory = []; // Resource monitoring this.resourceUsage = { totalMemoryUsed: 0, peakMemoryUsage: 0, processesSpawned: 0, timeoutsTriggered: 0 }; } /** * Securely execute a command with full validation and monitoring */ async executeCommand(command, args = [], options = {}) { // Input validation this.validateCommand(command, args, options); // Resource limit checks this.checkResourceLimits(); // Prepare secure execution options const secureOptions = this.prepareSecureOptions(options); // Execute with monitoring return this.monitoredExecution(command, args, secureOptions); } /** * Validate command and arguments for security */ validateCommand(command, args, options) { // Check command whitelist if (!this.config.allowedCommands.includes(command)) { throw new Error(`Command '${command}' is not in whitelist: ${this.config.allowedCommands.join(', ')}`); } // Validate arguments if (!Array.isArray(args)) { throw new Error('Arguments must be an array'); } // Check for command injection patterns in command and each argument const dangerousPatterns = [';', '&&', '||', '|', '`', '$', '>', '<', '&']; // Check command for (const pattern of dangerousPatterns) { if (command.includes(pattern)) { throw new Error(`Potentially dangerous pattern '${pattern}' detected in command`); } } // Check each argument individually for (const arg of args) { const argStr = String(arg); for (const pattern of dangerousPatterns) { if (argStr.includes(pattern)) { throw new Error(`Potentially dangerous pattern '${pattern}' detected in argument: ${argStr}`); } } } // Validate paths if provided if (options.cwd) { this.validatePath(options.cwd); } // Log validation if verbose if (this.config.verboseLogging) { console.log(`✅ Command validated: ${command} ${args.join(' ')}`); } } /** * Validate file paths to prevent traversal attacks */ validatePath(targetPath) { const resolvedPath = path.resolve(targetPath); const isAllowed = this.config.allowedPaths.some(allowedPath => resolvedPath.startsWith(path.resolve(allowedPath)) ); if (!isAllowed) { throw new Error(`Path '${targetPath}' is outside allowed directories`); } return resolvedPath; } /** * Check resource limits before execution */ checkResourceLimits() { if (this.processCount >= this.config.maxProcesses) { throw new Error(`Process limit reached: ${this.processCount}/${this.config.maxProcesses}`); } if (this.resourceUsage.totalMemoryUsed > this.config.maxMemoryMB * 1024 * 1024) { throw new Error(`Memory limit exceeded: ${Math.round(this.resourceUsage.totalMemoryUsed / 1024 / 1024)}MB/${this.config.maxMemoryMB}MB`); } } /** * Prepare secure execution options */ prepareSecureOptions(userOptions) { const secureOptions = { cwd: userOptions.cwd || this.projectRoot, stdio: userOptions.stdio || 'pipe', timeout: Math.min( userOptions.timeout || this.config.defaultTimeoutMs, this.config.maxTimeoutMs ), env: { ...process.env, ...(userOptions.env || {}) } }; // Validate working directory secureOptions.cwd = this.validatePath(secureOptions.cwd); return secureOptions; } /** * Execute command with comprehensive monitoring */ monitoredExecution(command, args, options) { return new Promise((resolve, reject) => { const processId = this.generateProcessId(); const startTime = Date.now(); if (this.config.verboseLogging) { console.log(`🔄 Starting process ${processId}: ${command} ${args.join(' ')}`); } try { // Final resource check before spawning if (this.processCount >= this.config.maxProcesses) { throw new Error(`Process limit reached: ${this.processCount}/${this.config.maxProcesses}`); } // Spawn process const childProcess = spawn(command, args, { cwd: options.cwd, stdio: options.stdio, env: options.env }); // Track process this.trackProcess(processId, childProcess, startTime); // Set up data collection let stdout = ''; let stderr = ''; if (childProcess.stdout) { childProcess.stdout.on('data', (data) => { stdout += data.toString(); }); } if (childProcess.stderr) { childProcess.stderr.on('data', (data) => { stderr += data.toString(); }); } // Handle process completion childProcess.on('close', (exitCode) => { const duration = Date.now() - startTime; this.untrackProcess(processId); const result = { exitCode, stdout, stderr, duration, processId, command: `${command} ${args.join(' ')}` }; if (this.config.verboseLogging) { console.log(`✅ Process ${processId} completed in ${duration}ms with exit code ${exitCode}`); } resolve(result); }); // Handle process errors childProcess.on('error', (error) => { this.untrackProcess(processId); if (this.config.verboseLogging) { console.log(`❌ Process ${processId} failed: ${error.message}`); } reject(new Error(`Process execution failed: ${error.message}`)); }); // Set timeout const timeoutHandle = setTimeout(() => { if (!childProcess.killed) { this.resourceUsage.timeoutsTriggered++; if (this.config.verboseLogging) { console.log(`⏰ Process ${processId} timed out after ${options.timeout}ms`); } childProcess.kill('SIGTERM'); // Force kill if graceful termination fails setTimeout(() => { if (!childProcess.killed) { childProcess.kill('SIGKILL'); } }, 5000); reject(new Error(`Process timed out after ${options.timeout}ms`)); } }, options.timeout); // Clear timeout on completion childProcess.on('close', () => { clearTimeout(timeoutHandle); }); } catch (error) { reject(new Error(`Failed to spawn process: ${error.message}`)); } }); } /** * Track active process for monitoring */ trackProcess(processId, childProcess, startTime) { this.processCount++; this.resourceUsage.processesSpawned++; const processInfo = { pid: childProcess.pid, startTime, command: childProcess.spawnargs.join(' '), memoryUsage: 0 }; this.activeProcesses.set(processId, processInfo); // Monitor memory usage if enabled if (this.config.monitorResources) { this.monitorProcessMemory(processId, childProcess); } } /** * Monitor process memory usage */ monitorProcessMemory(processId, childProcess) { const memoryInterval = setInterval(() => { try { if (childProcess.pid && !childProcess.killed) { // This is a simplified memory monitoring // In production, you might use process.memoryUsage() or external tools const processInfo = this.activeProcesses.get(processId); if (processInfo) { // Estimated memory usage (simplified) processInfo.memoryUsage = Math.random() * 50 * 1024 * 1024; // 0-50MB simulation this.resourceUsage.totalMemoryUsed += processInfo.memoryUsage; if (processInfo.memoryUsage > this.resourceUsage.peakMemoryUsage) { this.resourceUsage.peakMemoryUsage = processInfo.memoryUsage; } } } } catch (error) { // Memory monitoring failed, clear interval clearInterval(memoryInterval); } }, 1000); // Clear monitoring when process ends const processInfo = this.activeProcesses.get(processId); if (processInfo) { processInfo.memoryInterval = memoryInterval; } } /** * Stop tracking process */ untrackProcess(processId) { const processInfo = this.activeProcesses.get(processId); if (processInfo) { // Clean up memory monitoring if (processInfo.memoryInterval) { clearInterval(processInfo.memoryInterval); } // Update resource tracking this.resourceUsage.totalMemoryUsed -= processInfo.memoryUsage || 0; this.processCount--; // Archive process info this.processHistory.push({ ...processInfo, endTime: Date.now(), duration: Date.now() - processInfo.startTime }); // Keep only last 100 processes in history if (this.processHistory.length > 100) { this.processHistory = this.processHistory.slice(-100); } this.activeProcesses.delete(processId); } } /** * Generate unique process ID */ generateProcessId() { return `proc-${Date.now()}-${Math.random().toString(36).substr(2, 6)}`; } /** * Get current resource usage statistics */ getResourceUsage() { return { activeProcesses: this.activeProcesses.size, totalMemoryUsed: this.resourceUsage.totalMemoryUsed, peakMemoryUsage: this.resourceUsage.peakMemoryUsage, processesSpawned: this.resourceUsage.processesSpawned, timeoutsTriggered: this.resourceUsage.timeoutsTriggered, processHistory: this.processHistory.length }; } /** * Clean up all active processes (emergency stop) */ async cleanup() { const activeProcessIds = Array.from(this.activeProcesses.keys()); if (this.config.verboseLogging && activeProcessIds.length > 0) { console.log(`🔄 Cleaning up ${activeProcessIds.length} active processes...`); } for (const processId of activeProcessIds) { const processInfo = this.activeProcesses.get(processId); if (processInfo && processInfo.pid) { try { process.kill(processInfo.pid, 'SIGTERM'); } catch (error) { // Process might already be dead } } this.untrackProcess(processId); } if (this.config.verboseLogging) { console.log('✅ Process cleanup completed'); } } /** * Enable verbose logging */ enableVerboseLogging() { this.config.verboseLogging = true; } /** * Disable verbose logging */ disableVerboseLogging() { this.config.verboseLogging = false; } } module.exports = SecureProcessManager;