versun/claude-code
1
0
Fork 0
mirror of https://github.com/claude-code-best/claude-code.git synced 2026-06-17 05:45:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5bb0306da6b4bc8a09061f497ee15e57f25a4663
claude-code/src/utils/ripgrep.ts
Dosion c2ac9a74c1 fix: resolve dependency audit findings precisely (#361) 
* fix: harden ACP communication boundaries

Harden ACP communication boundaries

Remote ACP sessions now cannot widen permission mode through untrusted
metadata or client payloads. WebSocket ACP ingress measures payloads by bytes
before binary decode, and prompt queue handoff keeps exactly one prompt active
while queued prompts are drained FIFO.

Constraint: ACP remote clients must not be able to open bypassPermissions without local launch intent
Constraint: WebSocket payload limits must be byte-based and checked before binary decode
Rejected: Keep promptToQueryContent wrapper | no production consumers remained after prompt conversion single-sourcing
Confidence: high
Scope-risk: moderate
Directive: Do not re-enable remote bypassPermissions from _meta unless a local launch gate is verified in both acp-link and agent
Tested: targeted ACP/RCS/acp-link prompt queue, bridge, permission, payload, and prompt conversion tests; bun run typecheck; bun run build
Not-tested: Manual live ACP/RCS session against an external client

* fix: restore repository verification gates

Keep the full repository test, typecheck, build, and Biome lint gates usable
after the ACP fix pass. This commit is intentionally separate from the ACP
behavior change: it fixes Windows-safe Langfuse home redaction, removes stale
lint suppressions, resolves Biome warning/info diagnostics, and keeps env
expansion tests explicit without template-placeholder lint noise.

Constraint: The project completion contract requires full typecheck, lint, test, and build evidence
Rejected: Leave warning/info diagnostics as historical noise | they obscure future gate regressions and weaken flow-impact claims
Confidence: high
Scope-risk: narrow
Directive: Keep repository gate cleanup separate from feature fixes when it is not part of the same runtime path
Tested: bunx biome lint src/; bunx tsc --noEmit; bun test src/services/mcp/__tests__/envExpansion.test.ts src/utils/__tests__/sliceAnsi.test.ts src/utils/__tests__/stringUtils.test.ts; bun test; bun run build
Not-tested: Manual Langfuse export against a real external Langfuse service

* fix: harden ACP failure boundaries after review

Deep review found several paths that made ACP communication failures look normal: prompt errors could finish as end_turn, permission pipeline exceptions could fall through to client approval, tool rawInput was deep-copied with JSON, and acp-link accepted unbounded or unvalidated WebSocket payloads. This keeps the behavior fail-closed, validates WS payloads before dispatch, caps payload size before JSON parse, and preserves cancellation intent with a generation counter.

Constraint: User explicitly rejected pseudo-fixes, fallback behavior, and unbounded payload handling

Rejected: Keep JSON stringify/parse rawInput copy | duplicates large payloads and silently drops non-JSON inputs

Rejected: Delegate permission pipeline errors to client approval | allows a broken local permission check to be bypassed

Confidence: high

Scope-risk: moderate

Directive: Do not convert ACP errors into normal end_turn responses without a protocol-level reason and regression tests

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test packages/acp-link/src/__tests__/server.test.ts

Tested: bunx tsc --noEmit

Tested: bunx biome lint src/ packages/acp-link/src/

Tested: bun run test:all

Tested: bun run build

Not-tested: Manual end-to-end ACP client session over a real editor WebSocket

* fix: prevent ACP coverage runs from seeing partial mocks

GitHub Actions failed under bun test --coverage because permissions.test.ts replaced ../bridge.js with a partial mock that omitted forwardSessionUpdates. Coverage worker ordering on Linux let sibling tests observe that incomplete module.

This isolates ACP test mocks by snapshotting real exports, overriding only requested symbols, and restoring mocks in LIFO order. The shared helper also keeps the same behavior in agent.test.ts without duplicating mock infrastructure.

Constraint: bun:test mock.module is process-global inside a worker.

Rejected: Add fallback exports or production guards | the bridge export exists; the failure was test mock pollution.

Rejected: Keep per-file helper copies | duplication would let restore semantics drift again.

Confidence: high

Scope-risk: narrow

Directive: Prefer safeMockModule for partial mocks of real modules in ACP tests; plain mock.module is only appropriate for fully synthetic modules or isolated tests.

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test --coverage --coverage-reporter=lcov

Tested: bunx tsc --noEmit

Tested: bun run lint

Tested: git diff --check

Not-tested: Linux runner directly before push

* fix: normalize ACP bypass requests without warning noise

The previous CI repair removed the failing partial bridge mock, but it also added a shared safeMockModule helper and left the acp-link bypass normalization warning in the real new_session path.

This tightens the fix: acp-link now treats an unauthorized client bypass request as normal permission-mode normalization without emitting a warning, and the ACP permission test explicitly preserves the real bridge and permission exports instead of using a shared helper. The agent test keeps its local mock preservation but names it by behavior and restores mocks in LIFO order.

Constraint: CI output should not contain expected warning noise for covered policy branches.

Rejected: Silence the test only | the normal new_session path would still warn for an expected normalization branch.

Rejected: Keep the shared safeMockModule helper | the failing module was specific and should be fixed by preserving real exports at the mocking site.

Confidence: high

Scope-risk: narrow

Directive: Treat client-requested bypassPermissions as data to normalize unless the local default explicitly enables bypass.

Tested: bun test packages/acp-link/src/__tests__/server.test.ts

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test --coverage --coverage-reporter=lcov with UPPER_WARN_COUNT=0

Tested: bun run test:all

Tested: bun run lint

Tested: bunx tsc --noEmit

Tested: git diff --check

* fix: harden ACP bypass and CI warning gates

ACP clients must not be able to enter bypassPermissions unless the local ACP gate and process environment both allow it. The same gate now controls session creation, explicit mode changes, and the ExitPlanMode option list, while session setup restores process.cwd so coverage and later work do not inherit ACP session state.

Constraint: CI must stay warning-clean without hiding real ACP permission failures

Rejected: Logging rejected bypass requests on the normal new_session path | it preserves audit text but reintroduces warning noise the runtime should not emit

Rejected: Broad CI=true postinstall skip | it hides explicit Chrome MCP setup checks outside the install path

Confidence: high

Scope-risk: moderate

Directive: Keep bypassPermissions gated through one ACP availability decision before exposing it to clients

Tested: bun test src/services/acp/__tests__/permissions.test.ts src/services/acp/__tests__/agent.test.ts packages/acp-link/src/__tests__/server.test.ts

Tested: bun run test:all

Tested: bun run lint

Tested: bun run build:vite with zero warning matches

Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage produced non-empty lcov with SF records and zero filtered warning matches

Not-tested: GitHub Actions result after this push

* fix: remove remaining CI warning noise

The CI log still had three non-failing warnings after the ACP hardening commit: git init default-branch advice from checkout, a Node 20 action-runtime deprecation, and one additional known Vite dynamic-import diagnostic that only surfaced on Linux. The workflow now provides explicit git config and opts actions into Node 24, while Vite keeps a narrow allowlist for acknowledged optimizer diagnostics.

Constraint: Do not use shell log filtering to hide warnings after they happen

Rejected: Grep warning lines out of CI output | it would make future diagnostics harder to find

Confidence: high

Scope-risk: narrow

Directive: Add new Vite warning allowlist entries only after checking that they are existing optimizer diagnostics, not new application defects

Tested: bunx tsc --noEmit --pretty false

Tested: bunx biome lint .github/workflows/ci.yml vite.config.ts

Tested: bun run build:vite with zero warning matches

Not-tested: GitHub Actions result after this push

* fix: reject unauthorized ACP bypass and harden CI actions

ACP clients now fail closed when permissionMode is malformed, unknown, or requests bypass without a local bypass opt-in. acp-link validates new_session input before forwarding to the agent and returns client error frames for expected unauthorized requests without logging create-failed noise. The direct AcpAgent path independently rejects invalid _meta.permissionMode and unauthorized bypass instead of falling back to settings.

CI workflows and generated GitHub App templates now use Node 24-compatible actions pinned to immutable commit SHAs, and acp-link startup output no longer prints the auth token.

Constraint: Must not hide warnings with test isolation or log filtering

Rejected: Silent fallback to local permission mode | accepts invalid client intent and masks boundary behavior

Rejected: Broad dependency churn from bun update | audit remained failing while package and lockfile churn expanded scope

Confidence: high

Scope-risk: moderate

Directive: Client-provided permissionMode must stay fail-closed before reaching AcpAgent; only local settings.defaultMode may fall back to default on invalid local config

Tested: bun test packages/acp-link/src/__tests__/server.test.ts src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/permissions.test.ts src/services/skillLearning/__tests__/skillLifecycle.test.ts src/utils/settings/__tests__/config.test.ts

Tested: bunx tsc -p packages/acp-link/tsconfig.json --noEmit --pretty false

Tested: bunx tsc --noEmit --pretty false

Tested: bun run lint

Tested: bun run test:all

Tested: local CI equivalent install/typecheck/coverage/build with warning_scan=0

Not-tested: Pre-existing bun audit vulnerabilities require a separate dependency-hardening PR

* fix: resolve dependency audit findings precisely

Use dependency-native upgrades and lockfile resolution to close the audit findings without suppressions. Keep the chrome MCP setup aligned with the new dependency graph and add real integration coverage so the override behavior stays verified.

Constraint: no audit ignores or warning suppression
Rejected: broad google-auth/protobuf overrides | replaced with upstream-compatible resolution
Confidence: high
Scope-risk: moderate
Directive: keep dependency fixes upstream-compatible; do not reintroduce blanket overrides unless the audit surface changes materially
Tested: bun audit; bun audit --json; bun install --frozen-lockfile with CLAUDE_CODE_SKIP_CHROME_MCP_SETUP=1; bunx tsc --noEmit --pretty false; bun run lint; targeted tests; bun run test:all; bun test --coverage --coverage-reporter lcov --coverage-dir coverage; bun run build:vite
Not-tested: unrelated pre-existing ACP/CORS/token fallback residual risks

* fix: keep ACP auth tokens out of URLs

Replace the ad hoc URL-token flow with crypto UUID-backed transport identifiers so the bearer token stays in structured request data instead of query strings. Keep the server, web client, and transport helpers aligned so the ACP/RCS handshake remains compatible after the API shape change.

Constraint: token must not be embedded in the URL
Rejected: token-as-uuid query fallback | leaked bearer tokens in URLs
Confidence: high
Scope-risk: moderate
Directive: preserve the structured auth path; do not reintroduce query-token fallback when adjusting ACP transport code
Tested: targeted ACP/RCS transport tests
Not-tested: unrelated pre-existing ACP/CORS/token fallback residual risks

* fix: normalize WebFetch request headers

Normalize WebFetch headers before dispatch so canonicalization preserves auth semantics and duplicate forms do not slip through. Keep the behavior locked with a focused header test instead of broadening the request pipeline.

Constraint: preserve header semantics without widening the fetch surface
Rejected: ad hoc caller-side normalization | too easy to bypass in future call sites
Confidence: high
Scope-risk: narrow
Directive: keep header normalization close to the WebFetch utility so future callers inherit the same behavior automatically
Tested: targeted WebFetch header tests
Not-tested: unrelated fetch backend behavior beyond header normalization

* fix: harden ACP remote auth surfaces

Tighten the remaining Claude security artifact items by requiring API keys on ACP global reads and relay upgrades, moving WebSocket tokens out of URLs, and replacing open web CORS with an explicit allowlist.

Constraint: Browser WebSocket clients cannot set arbitrary Authorization headers, so the token is carried in a selected subprotocol instead of a query string.
Rejected: Keep UUID auth for ACP channel groups | any caller can mint a UUID and read global ACP data.
Rejected: Preserve ?token= compatibility | secrets leak into logs, history, referrers, and intermediaries.
Confidence: high
Scope-risk: moderate
Directive: Do not reintroduce query-string bearer tokens; use Authorization or rcs.auth.<base64url-token>.
Tested: bunx tsc --noEmit --pretty false
Tested: bun run typecheck in packages/remote-control-server
Tested: bun run build in packages/acp-link
Tested: bun run lint
Tested: bun audit
Tested: focused RCS/acp-link/web tests, 160 pass
Tested: Edge headless browser WebSocket subprotocol handshake
Tested: bun run test:all, 3669 pass
Tested: bun run build:vite
Tested: bun run build
Not-tested: Manual end-to-end relay with a live external ACP agent

* fix: resolve CI dependency override lookup

The CI runner does not expose @grpc/proto-loader as a root-resolvable package, and the test was relying on local hoisting rather than the real dependency owner. Resolve proto-loader through @opentelemetry/exporter-trace-otlp-grpc and @grpc/grpc-js so the smoke test follows the package graph it is validating.

Constraint: Do not add a new root dependency for a transitive smoke test.

Rejected: Skip or weaken the test | the test protects the protobuf 7 override path and should keep exercising loadSync.

Rejected: Add @grpc/proto-loader directly to root package.json | that hides the owning-package resolution issue and broadens dependency surface.

Confidence: high

Scope-risk: narrow

Directive: Dependency override smoke tests should resolve from the package that actually owns the dependency, not from incidental root hoisting.

Tested: bun test tests/integration/dependency-overrides.test.ts; bunx tsc --noEmit --pretty false; bun run lint; bun audit; bun run test:all; git diff --check

---------

Co-authored-by: unraid <local@unraid.local>
2026-04-26 19:49:54 +08:00

694 lines
22 KiB
TypeScript
Raw Blame History

import type { ChildProcess, ExecFileException } from 'child_process'
import { execFile, spawn } from 'child_process'
import memoize from 'lodash-es/memoize.js'
import { homedir } from 'os'
import * as path from 'path'
import { logEvent } from 'src/services/analytics/index.js'
import { fileURLToPath } from 'url'
import { isInBundledMode } from './bundledMode.js'
import { logForDebugging } from './debug.js'
import { isEnvDefinedFalsy } from './envUtils.js'
import { execFileNoThrow } from './execFileNoThrow.js'
import { findExecutable } from './findExecutable.js'
import { logError } from './log.js'
import { getPlatform } from './platform.js'
import { countCharInString } from './stringUtils.js'
const __filename = fileURLToPath(import.meta.url)
// we use node:path.join instead of node:url.resolve because the former doesn't encode spaces
// In dev mode: __filename = <root>/src/utils/ripgrep.ts → __dirname = <root>/src/utils/
// In built mode (bun): __filename = <root>/dist/chunk-xxx.js → need <root>/dist/
// In built mode (vite): __filename = <root>/dist/chunks/chunk-xxx.js → need <root>/dist/
// Both built modes: the dist root is at <root>/dist/ where dist/vendor/ripgrep/ lives.
const __dirname = (() => {
const dir = path.dirname(__filename)
// Test mode: from src/utils/ → project root
if (process.env.NODE_ENV === 'test') return path.resolve(dir, '../../../')
// Check if we're inside a dist directory at any depth
// (dist/ or dist/chunks/) — vendor lives at <dist-root>/vendor/ripgrep/
const parts = dir.split(path.sep)
const distIdx = parts.lastIndexOf('dist')
if (distIdx !== -1) {
return parts.slice(0, distIdx + 1).join(path.sep)
}
// Dev mode: from src/utils/ → src/utils/
return dir
})()
type RipgrepConfig = {
mode: 'system' | 'builtin' | 'embedded'
command: string
args: string[]
argv0?: string
}
const getRipgrepConfig = memoize((): RipgrepConfig => {
const userWantsSystemRipgrep = isEnvDefinedFalsy(
process.env.USE_BUILTIN_RIPGREP,
)
// Try system ripgrep if user wants it
if (userWantsSystemRipgrep) {
const { cmd: systemPath } = findExecutable('rg', [])
if (systemPath !== 'rg') {
// SECURITY: Use command name 'rg' instead of systemPath to prevent PATH hijacking
// If we used systemPath, a malicious ./rg.exe in current directory could be executed
// Using just 'rg' lets the OS resolve it safely with NoDefaultCurrentDirectoryInExePath protection
return { mode: 'system', command: 'rg', args: [] }
}
}
// In bundled (native) mode, ripgrep is statically compiled into bun-internal
// and dispatches based on argv[0]. We spawn ourselves with argv0='rg'.
if (isInBundledMode()) {
return {
mode: 'embedded',
command: process.execPath,
args: ['--no-config'],
argv0: 'rg',
}
}
const rgRoot = path.resolve(__dirname, 'vendor', 'ripgrep')
const command =
process.platform === 'win32'
? path.resolve(rgRoot, `${process.arch}-win32`, 'rg.exe')
: path.resolve(rgRoot, `${process.arch}-${process.platform}`, 'rg')
return { mode: 'builtin', command, args: [] }
})
export function ripgrepCommand(): {
rgPath: string
rgArgs: string[]
argv0?: string
} {
const config = getRipgrepConfig()
return {
rgPath: config.command,
rgArgs: config.args,
argv0: config.argv0,
}
}
const MAX_BUFFER_SIZE = 20_000_000 // 20MB; large monorepos can have 200k+ files
/**
* Check if an error is EAGAIN (resource temporarily unavailable).
* This happens in resource-constrained environments (Docker, CI) when
* ripgrep tries to spawn too many threads.
*/
function isEagainError(stderr: string): boolean {
return (
stderr.includes('os error 11') ||
stderr.includes('Resource temporarily unavailable')
)
}
/**
* Custom error class for ripgrep timeouts.
* This allows callers to distinguish between "no matches" and "timed out".
*/
export class RipgrepTimeoutError extends Error {
constructor(
message: string,
public readonly partialResults: string[],
) {
super(message)
this.name = 'RipgrepTimeoutError'
}
}
function ripGrepRaw(
args: string[],
target: string,
abortSignal: AbortSignal,
callback: (
error: ExecFileException | null,
stdout: string,
stderr: string,
) => void,
singleThread = false,
): ChildProcess {
// NB: When running interactively, ripgrep does not require a path as its last
// argument, but when run non-interactively, it will hang unless a path or file
// pattern is provided
const { rgPath, rgArgs, argv0 } = ripgrepCommand()
// Use single-threaded mode only if explicitly requested for this call's retry
const threadArgs = singleThread ? ['-j', '1'] : []
const fullArgs = [...rgArgs, ...threadArgs, ...args, target]
// Allow timeout to be configured via env var (in seconds), otherwise use platform defaults
// WSL has severe performance penalty for file reads (3-5x slower on WSL2)
const defaultTimeout = getPlatform() === 'wsl' ? 60_000 : 20_000
const parsedSeconds =
parseInt(process.env.CLAUDE_CODE_GLOB_TIMEOUT_SECONDS || '', 10) || 0
const timeout = parsedSeconds > 0 ? parsedSeconds * 1000 : defaultTimeout
// For embedded ripgrep, use spawn with argv0 (execFile doesn't support argv0 properly)
if (argv0) {
const child = spawn(rgPath, fullArgs, {
argv0,
signal: abortSignal,
// Prevent visible console window on Windows (no-op on other platforms)
windowsHide: true,
})
let stdout = ''
let stderr = ''
let stdoutTruncated = false
let stderrTruncated = false
child.stdout?.on('data', (data: Buffer) => {
if (!stdoutTruncated) {
stdout += data.toString()
if (stdout.length > MAX_BUFFER_SIZE) {
stdout = stdout.slice(0, MAX_BUFFER_SIZE)
stdoutTruncated = true
}
}
})
child.stderr?.on('data', (data: Buffer) => {
if (!stderrTruncated) {
stderr += data.toString()
if (stderr.length > MAX_BUFFER_SIZE) {
stderr = stderr.slice(0, MAX_BUFFER_SIZE)
stderrTruncated = true
}
}
})
// Set up timeout with SIGKILL escalation.
// SIGTERM alone may not kill ripgrep if it's blocked in uninterruptible I/O
// (e.g., deep filesystem traversal). If SIGTERM doesn't work within 5 seconds,
// escalate to SIGKILL which cannot be caught or ignored.
// On Windows, child.kill('SIGTERM') throws; use default signal.
let killTimeoutId: ReturnType<typeof setTimeout> | undefined
const timeoutId = setTimeout(() => {
if (process.platform === 'win32') {
child.kill()
} else {
child.kill('SIGTERM')
killTimeoutId = setTimeout(c => c.kill('SIGKILL'), 5_000, child)
}
}, timeout)
// On Windows, both 'close' and 'error' can fire for the same process
// (e.g. when AbortSignal kills the child). Guard against double-callback.
let settled = false
child.on('close', (code, signal) => {
if (settled) return
settled = true
clearTimeout(timeoutId)
clearTimeout(killTimeoutId)
if (code === 0 || code === 1) {
// 0 = matches found, 1 = no matches (both are success)
callback(null, stdout, stderr)
} else {
const error: ExecFileException = new Error(
`ripgrep exited with code ${code}`,
)
error.code = code ?? undefined
error.signal = signal ?? undefined
callback(error, stdout, stderr)
}
})
child.on('error', (err: NodeJS.ErrnoException) => {
if (settled) return
settled = true
clearTimeout(timeoutId)
clearTimeout(killTimeoutId)
const error: ExecFileException = err
callback(error, stdout, stderr)
})
return child
}
// For non-embedded ripgrep, use execFile
// Use SIGKILL as killSignal because SIGTERM may not terminate ripgrep
// when it's blocked in uninterruptible filesystem I/O.
// On Windows, SIGKILL throws; use default (undefined) which sends SIGTERM.
return execFile(
rgPath,
fullArgs,
{
maxBuffer: MAX_BUFFER_SIZE,
signal: abortSignal,
timeout,
killSignal: process.platform === 'win32' ? undefined : 'SIGKILL',
},
callback,
)
}
/**
* Stream-count lines from `rg --files` without buffering stdout.
*
* On large repos (e.g. 247k files, 16MB of paths), calling `ripGrep()` just
* to read `.length` materializes the full stdout string plus a 247k-element
* array. This counts newline bytes per chunk instead; peak memory is one
* stream chunk (~64KB).
*
* Intentionally minimal: the only caller is telemetry (countFilesRoundedRg),
* which swallows all errors. No EAGAIN retry, no stderr capture, no internal
* timeout (callers pass AbortSignal.timeout; spawn's signal option kills rg).
*/
async function ripGrepFileCount(
args: string[],
target: string,
abortSignal: AbortSignal,
): Promise<number> {
await codesignRipgrepIfNecessary()
const { rgPath, rgArgs, argv0 } = ripgrepCommand()
return new Promise<number>((resolve, reject) => {
const child = spawn(rgPath, [...rgArgs, ...args, target], {
argv0,
signal: abortSignal,
windowsHide: true,
stdio: ['ignore', 'pipe', 'ignore'],
})
let lines = 0
child.stdout?.on('data', (chunk: Buffer) => {
lines += countCharInString(chunk, '\n')
})
// On Windows, both 'close' and 'error' can fire for the same process.
let settled = false
child.on('close', code => {
if (settled) return
settled = true
if (code === 0 || code === 1) resolve(lines)
else reject(new Error(`rg --files exited ${code}`))
})
child.on('error', err => {
if (settled) return
settled = true
reject(err)
})
})
}
/**
* Stream lines from ripgrep as they arrive, calling `onLines` per stdout chunk.
*
* Unlike `ripGrep()` which buffers the entire stdout, this flushes complete
* lines as soon as each chunk arrives — first results paint while rg is still
* walking the tree (the fzf `change:reload` pattern). Partial trailing lines
* are carried across chunk boundaries.
*
* Callers that want to stop early (e.g. after N matches) should abort the
* signal — spawn's signal option kills rg. No EAGAIN retry, no internal
* timeout, stderr is ignored; interactive callers own recovery.
*/
export async function ripGrepStream(
args: string[],
target: string,
abortSignal: AbortSignal,
onLines: (lines: string[]) => void,
): Promise<void> {
await codesignRipgrepIfNecessary()
const { rgPath, rgArgs, argv0 } = ripgrepCommand()
return new Promise<void>((resolve, reject) => {
const child = spawn(rgPath, [...rgArgs, ...args, target], {
argv0,
signal: abortSignal,
windowsHide: true,
stdio: ['ignore', 'pipe', 'ignore'],
})
const stripCR = (l: string) => (l.endsWith('\r') ? l.slice(0, -1) : l)
let remainder = ''
child.stdout?.on('data', (chunk: Buffer) => {
const data = remainder + chunk.toString()
const lines = data.split('\n')
remainder = lines.pop() ?? ''
if (lines.length) onLines(lines.map(stripCR))
})
// On Windows, both 'close' and 'error' can fire for the same process.
let settled = false
child.on('close', code => {
if (settled) return
// Abort races close — don't flush a torn tail from a killed process.
// Promise still settles: spawn's signal option fires 'error' with
// AbortError → reject below.
if (abortSignal.aborted) return
settled = true
if (code === 0 || code === 1) {
if (remainder) onLines([stripCR(remainder)])
resolve()
} else {
reject(new Error(`ripgrep exited with code ${code}`))
}
})
child.on('error', err => {
if (settled) return
settled = true
reject(err)
})
})
}
export async function ripGrep(
args: string[],
target: string,
abortSignal: AbortSignal,
): Promise<string[]> {
await codesignRipgrepIfNecessary()
// Test ripgrep on first use and cache the result (fire and forget)
void testRipgrepOnFirstUse().catch(error => {
logError(error)
})
return new Promise((resolve, reject) => {
const handleResult = (
error: ExecFileException | null,
stdout: string,
stderr: string,
isRetry: boolean,
): void => {
// Success case
if (!error) {
resolve(
stdout
.trim()
.split('\n')
.map(line => line.replace(/\r$/, ''))
.filter(Boolean),
)
return
}
// Exit code 1 is normal "no matches"
if (error.code === 1) {
resolve([])
return
}
// Critical errors that indicate ripgrep is broken, not "no matches"
// These should be surfaced to the user rather than silently returning empty results
const CRITICAL_ERROR_CODES = ['ENOENT', 'EACCES', 'EPERM']
if (CRITICAL_ERROR_CODES.includes(error.code as string)) {
reject(error)
return
}
// If we hit EAGAIN and haven't retried yet, retry with single-threaded mode
// Note: We only use -j 1 for this specific retry, not for future calls.
// Persisting single-threaded mode globally caused timeouts on large repos
// where EAGAIN was just a transient startup error.
if (!isRetry && isEagainError(stderr)) {
logForDebugging(
`rg EAGAIN error detected, retrying with single-threaded mode (-j 1)`,
)
logEvent('tengu_ripgrep_eagain_retry', {})
ripGrepRaw(
args,
target,
abortSignal,
(retryError, retryStdout, retryStderr) => {
handleResult(retryError, retryStdout, retryStderr, true)
},
true, // Force single-threaded mode for this retry only
)
return
}
// For all other errors, try to return partial results if available
const hasOutput = stdout && stdout.trim().length > 0
const isTimeout =
error.signal === 'SIGTERM' ||
error.signal === 'SIGKILL' ||
error.code === 'ABORT_ERR'
const isBufferOverflow =
error.code === 'ERR_CHILD_PROCESS_STDIO_MAXBUFFER'
let lines: string[] = []
if (hasOutput) {
lines = stdout
.trim()
.split('\n')
.map(line => line.replace(/\r$/, ''))
.filter(Boolean)
// Drop last line for timeouts and buffer overflow - it may be incomplete
if (lines.length > 0 && (isTimeout || isBufferOverflow)) {
lines = lines.slice(0, -1)
}
}
logForDebugging(
`rg error (signal=${error.signal}, code=${error.code}, stderr: ${stderr}), ${lines.length} results`,
)
// code 2 = ripgrep usage error (already handled); ABORT_ERR = caller
// explicitly aborted (not an error, just a cancellation — interactive
// callers may abort on every keystroke-after-debounce).
if (error.code !== 2 && error.code !== 'ABORT_ERR') {
logError(error)
}
// If we timed out with no results, throw an error so Claude knows the search
// didn't complete rather than thinking there were no matches
if (isTimeout && lines.length === 0) {
reject(
new RipgrepTimeoutError(
`Ripgrep search timed out after ${getPlatform() === 'wsl' ? 60 : 20} seconds. The search may have matched files but did not complete in time. Try searching a more specific path or pattern.`,
lines,
),
)
return
}
resolve(lines)
}
ripGrepRaw(args, target, abortSignal, (error, stdout, stderr) => {
handleResult(error, stdout, stderr, false)
})
})
}
/**
* Count files in a directory recursively using ripgrep and round to the nearest power of 10 for privacy
*
* This is much more efficient than using native Node.js methods for counting files
* in large directories since it uses ripgrep's highly optimized file traversal.
*
* @param path Directory path to count files in
* @param abortSignal AbortSignal to cancel the operation
* @param ignorePatterns Optional additional patterns to ignore (beyond .gitignore)
* @returns Approximate file count rounded to the nearest power of 10
*/
export const countFilesRoundedRg = memoize(
async (
dirPath: string,
abortSignal: AbortSignal,
ignorePatterns: string[] = [],
): Promise<number | undefined> => {
// Skip file counting if we're in the home directory to avoid triggering
// macOS TCC permission dialogs for Desktop, Downloads, Documents, etc.
if (path.resolve(dirPath) === path.resolve(homedir())) {
return undefined
}
try {
// Build ripgrep arguments:
// --files: List files that would be searched (rather than searching them)
// --count: Only print a count of matching lines for each file
// --no-ignore-parent: Don't respect ignore files in parent directories
// --hidden: Search hidden files and directories
const args = ['--files', '--hidden']
// Add ignore patterns if provided
ignorePatterns.forEach(pattern => {
args.push('--glob', `!${pattern}`)
})
const count = await ripGrepFileCount(args, dirPath, abortSignal)
// Round to nearest power of 10 for privacy
if (count === 0) return 0
const magnitude = Math.floor(Math.log10(count))
const power = 10 ** magnitude
// Round to nearest power of 10
// e.g., 8 -> 10, 42 -> 100, 350 -> 100, 750 -> 1000
return Math.round(count / power) * power
} catch (error) {
// AbortSignal.timeout firing is expected on large/slow repos, not an error.
if ((error as Error)?.name !== 'AbortError') logError(error)
}
},
// lodash memoize's default resolver only uses the first argument.
// ignorePatterns affect the result, so include them in the cache key.
// abortSignal is intentionally excluded — it doesn't affect the count.
(dirPath, _abortSignal, ignorePatterns = []) =>
`${dirPath}|${ignorePatterns.join(',')}`,
)
// Singleton to store ripgrep availability status
let ripgrepStatus: {
working: boolean
lastTested: number
config: RipgrepConfig
} | null = null
/**
* Get ripgrep status and configuration info
* Returns current configuration immediately, with working status if available
*/
export function getRipgrepStatus(): {
mode: 'system' | 'builtin' | 'embedded'
path: string
working: boolean | null // null if not yet tested
} {
const config = getRipgrepConfig()
return {
mode: config.mode,
path: config.command,
working: ripgrepStatus?.working ?? null,
}
}
/**
* Test ripgrep availability on first use and cache the result
*/
const testRipgrepOnFirstUse = memoize(async (): Promise<void> => {
// Already tested
if (ripgrepStatus !== null) {
return
}
const config = getRipgrepConfig()
try {
let test: { code: number; stdout: string }
// For embedded ripgrep, use Bun.spawn with argv0
if (config.argv0) {
// Only Bun embeds ripgrep.
// eslint-disable-next-line custom-rules/require-bun-typeof-guard
const proc = Bun.spawn([config.command, '--version'], {
argv0: config.argv0,
stderr: 'ignore',
stdout: 'pipe',
})
// Bun's ReadableStream has .text() at runtime, but TS types don't reflect it
const [stdout, code] = await Promise.all([
(proc.stdout as unknown as Blob).text(),
proc.exited,
])
test = {
code,
stdout,
}
} else {
test = await execFileNoThrow(
config.command,
[...config.args, '--version'],
{
timeout: 5000,
},
)
}
const working =
test.code === 0 && !!test.stdout && test.stdout.startsWith('ripgrep ')
ripgrepStatus = {
working,
lastTested: Date.now(),
config,
}
logForDebugging(
`Ripgrep first use test: ${working ? 'PASSED' : 'FAILED'} (mode=${config.mode}, path=${config.command})`,
)
// Log telemetry for actual ripgrep availability
logEvent('tengu_ripgrep_availability', {
working: working ? 1 : 0,
using_system: config.mode === 'system' ? 1 : 0,
})
} catch (error) {
ripgrepStatus = {
working: false,
lastTested: Date.now(),
config,
}
logError(error)
}
})
let alreadyDoneSignCheck = false
async function codesignRipgrepIfNecessary() {
if (process.platform !== 'darwin' || alreadyDoneSignCheck) {
return
}
alreadyDoneSignCheck = true
// Only sign the standalone vendored rg binary (npm builds)
const config = getRipgrepConfig()
if (config.mode !== 'builtin') {
return
}
const builtinPath = config.command
// First, check to see if ripgrep is already signed
const lines = (
await execFileNoThrow('codesign', ['-vv', '-d', builtinPath], {
preserveOutputOnError: false,
})
).stdout.split('\n')
const needsSigned = lines.find(line => line.includes('linker-signed'))
if (!needsSigned) {
return
}
try {
const signResult = await execFileNoThrow('codesign', [
'--sign',
'-',
'--force',
'--preserve-metadata=entitlements,requirements,flags,runtime',
builtinPath,
])
if (signResult.code !== 0) {
logError(
new Error(
`Failed to sign ripgrep: ${signResult.stdout} ${signResult.stderr}`,
),
)
}
const quarantineResult = await execFileNoThrow('xattr', [
'-d',
'com.apple.quarantine',
builtinPath,
])
if (quarantineResult.code !== 0) {
logError(
new Error(
`Failed to remove quarantine: ${quarantineResult.stdout} ${quarantineResult.stderr}`,
),
)
}
} catch (e) {
logError(e)
}
}
Reference in New Issue View Git Blame Copy Permalink