chore(security): harden ipc socket

CHANGELOG.md

@@ -1,9 +1,16 @@
 # Changelog
 
-## 1.3.0 — Unreleased
+## Unreleased
+
+### Security
+- Hardened the relay IPC socket: now lives under `~/.warelay/ipc`, enforces 0700 dir / 0600 socket perms, rejects symlink or foreign-owned paths, and includes unit tests to lock in the behavior.
+
+## 1.3.0 — 2025-12-02
 
 ### Highlights
 - **Pluggable agents (Claude, Pi, Codex, Opencode):** New `inbound.reply.agent` block chooses the CLI and parser per command reply; per-agent argv builders inject the right flags/identity/prompt handling and parse NDJSON streams, enabling Pi/Codex swaps without changing templates.
+- **Safety stop words for agents:** If an inbound message is exactly `stop`, `esc`, `abort`, `wait`, or `exit`, warelay immediately replies “Agent was aborted.”, kills the pending agent run, and marks the session so the next prompt is prefixed with a reminder that the previous run was aborted.
+- **Agent session reliability:** Only Claude currently returns a `session_id` that warelay persists; other agents (Gemini, Opencode, Codex, Pi) don’t emit stable session identifiers, so multi-turn continuity may reset between runs for those harnesses.
 
 ### Bug Fixes
 - **Empty result field handling:** Fixed bug where Claude CLI returning `result: ""` (empty string) would cause raw JSON to be sent to WhatsApp instead of being treated as valid empty output. Changed truthy check to explicit type check in `command-reply.ts`.
@@ -11,6 +18,7 @@
 - **User-visible error messages:** Command failures (non-zero exit, killed processes, exceptions) now return user-friendly error messages to WhatsApp instead of silently failing with empty responses.
 - **Test session isolation:** Fixed tests corrupting production `sessions.json` by mocking session persistence in all test files.
 - **Signal session corruption prevention:** Added IPC mechanism so `warelay send` and `warelay heartbeat` reuse the running relay's WhatsApp connection instead of creating new Baileys sockets. Previously, using these commands while the relay was running could corrupt the Signal session ratchet (both connections wrote to the same auth state), causing the relay's subsequent sends to fail silently.
+- **Web send media kinds:** `sendMessageWeb` now honors media kind when sending via WhatsApp Web: audio → PTT with correct opus mimetype, video → video, image → image, other → document with filename. Previously all media were sent as images, breaking audio/video/doc sends.
 
 ### Changes
 - **IPC server for relay:** The web relay now starts a Unix socket server at `~/.warelay/relay.sock`. Commands like `warelay send --provider web` automatically connect via IPC when the relay is running, falling back to direct connection otherwise.

src/web/ipc.test.ts

@@ -0,0 +1,63 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+vi.mock("../logging.js", () => ({
+  getChildLogger: () => ({
+    info: vi.fn(),
+    error: vi.fn(),
+    warn: vi.fn(),
+    debug: vi.fn(),
+  }),
+}));
+
+const originalHome = process.env.HOME;
+
+afterEach(() => {
+  process.env.HOME = originalHome;
+  vi.resetModules();
+});
+
+describe("ipc hardening", () => {
+  it("creates private socket dir and socket with tight perms", async () => {
+    const tmpHome = fs.mkdtempSync(path.join(os.tmpdir(), "warelay-home-"));
+    process.env.HOME = tmpHome;
+    vi.resetModules();
+
+    const ipc = await import("./ipc.js");
+
+    const sendHandler = vi.fn().mockResolvedValue({ messageId: "msg1" });
+    ipc.startIpcServer(sendHandler);
+
+    const dirStat = fs.lstatSync(path.join(tmpHome, ".warelay", "ipc"));
+    expect(dirStat.mode & 0o777).toBe(0o700);
+
+    expect(ipc.isRelayRunning()).toBe(true);
+
+    const socketStat = fs.lstatSync(ipc.getSocketPath());
+    expect(socketStat.isSocket()).toBe(true);
+    if (typeof process.getuid === "function") {
+      expect(socketStat.uid).toBe(process.getuid());
+    }
+
+    ipc.stopIpcServer();
+    expect(ipc.isRelayRunning()).toBe(false);
+  });
+
+  it("refuses to start when IPC dir is a symlink", async () => {
+    const tmpHome = fs.mkdtempSync(path.join(os.tmpdir(), "warelay-home-"));
+    const warelayDir = path.join(tmpHome, ".warelay");
+    fs.mkdirSync(warelayDir, { recursive: true });
+    fs.symlinkSync("/tmp", path.join(warelayDir, "ipc"));
+
+    process.env.HOME = tmpHome;
+    vi.resetModules();
+
+    const ipc = await import("./ipc.js");
+    const sendHandler = vi.fn().mockResolvedValue({ messageId: "msg1" });
+
+    expect(() => ipc.startIpcServer(sendHandler)).toThrow(/symlink/i);
+  });
+});

src/web/ipc.ts

@@ -15,7 +15,8 @@ import path from "node:path";
 
 import { getChildLogger } from "../logging.js";
 
-const SOCKET_PATH = path.join(os.homedir(), ".warelay", "relay.sock");
+const SOCKET_DIR = path.join(os.homedir(), ".warelay", "ipc");
+const SOCKET_PATH = path.join(SOCKET_DIR, "relay.sock");
 
 export interface IpcSendRequest {
   type: "send";
@@ -44,11 +45,21 @@ let server: net.Server | null = null;
 export function startIpcServer(sendHandler: SendHandler): void {
   const logger = getChildLogger({ module: "ipc-server" });
 
-  // Clean up stale socket file
+  ensureSocketDir();
+  try {
+    assertSafeSocketPath(SOCKET_PATH);
+  } catch (err) {
+    logger.error({ error: String(err) }, "Refusing to start IPC server");
+    throw err;
+  }
+
+  // Clean up stale socket file (only if safe to do so)
   try {
     fs.unlinkSync(SOCKET_PATH);
-  } catch {
-    // Ignore if doesn't exist
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code !== "ENOENT") {
+      throw err;
+    }
   }
 
   server = net.createServer((conn) => {
@@ -134,6 +145,7 @@ export function stopIpcServer(): void {
  */
 export function isRelayRunning(): boolean {
   try {
+    assertSafeSocketPath(SOCKET_PATH);
     fs.accessSync(SOCKET_PATH);
     return true;
   } catch {
@@ -223,3 +235,43 @@ export async function sendViaIpc(
 export function getSocketPath(): string {
   return SOCKET_PATH;
 }
+
+function ensureSocketDir(): void {
+  try {
+    const stat = fs.lstatSync(SOCKET_DIR);
+    if (stat.isSymbolicLink()) {
+      throw new Error(`IPC dir is a symlink: ${SOCKET_DIR}`);
+    }
+    if (!stat.isDirectory()) {
+      throw new Error(`IPC dir is not a directory: ${SOCKET_DIR}`);
+    }
+    // Enforce private permissions
+    fs.chmodSync(SOCKET_DIR, 0o700);
+    if (typeof process.getuid === "function" && stat.uid !== process.getuid()) {
+      throw new Error(`IPC dir owned by different user: ${SOCKET_DIR}`);
+    }
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code === "ENOENT") {
+      fs.mkdirSync(SOCKET_DIR, { recursive: true, mode: 0o700 });
+      return;
+    }
+    throw err;
+  }
+}
+
+function assertSafeSocketPath(socketPath: string): void {
+  try {
+    const stat = fs.lstatSync(socketPath);
+    if (stat.isSymbolicLink()) {
+      throw new Error(`Refusing IPC socket symlink: ${socketPath}`);
+    }
+    if (typeof process.getuid === "function" && stat.uid !== process.getuid()) {
+      throw new Error(`IPC socket owned by different user: ${socketPath}`);
+    }
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code === "ENOENT") {
+      return; // Missing is fine; creation will happen next.
+    }
+    throw err;
+  }
+}