the claude code sourcemaps leaked march 31
1/**
2 * Approved channel plugins allowlist. --channels plugin:name@marketplace
3 * entries only register if {marketplace, plugin} is on this list. server:
4 * entries always fail (schema is plugin-only). The
5 * --dangerously-load-development-channels flag bypasses for both kinds.
6 * Lives in GrowthBook so it can be updated without a release.
7 *
8 * Plugin-level granularity: if a plugin is approved, all its channel
9 * servers are. Per-server gating was overengineering — a plugin that
10 * sprouts a malicious second server is already compromised, and per-server
11 * entries would break on harmless plugin refactors.
12 *
13 * The allowlist check is a pure {marketplace, plugin} comparison against
14 * the user's typed tag. The gate's separate 'marketplace' step verifies
15 * the tag matches what's actually installed before this check runs.
16 */
17
18import { z } from 'zod/v4'
19import { lazySchema } from '../../utils/lazySchema.js'
20import { parsePluginIdentifier } from '../../utils/plugins/pluginIdentifier.js'
21import { getFeatureValue_CACHED_MAY_BE_STALE } from '../analytics/growthbook.js'
22
23export type ChannelAllowlistEntry = {
24 marketplace: string
25 plugin: string
26}
27
28const ChannelAllowlistSchema = lazySchema(() =>
29 z.array(
30 z.object({
31 marketplace: z.string(),
32 plugin: z.string(),
33 }),
34 ),
35)
36
37export function getChannelAllowlist(): ChannelAllowlistEntry[] {
38 const raw = getFeatureValue_CACHED_MAY_BE_STALE<unknown>(
39 'tengu_harbor_ledger',
40 [],
41 )
42 const parsed = ChannelAllowlistSchema().safeParse(raw)
43 return parsed.success ? parsed.data : []
44}
45
46/**
47 * Overall channels on/off. Checked before any per-server gating —
48 * when false, --channels is a no-op and no handlers register.
49 * Default false; GrowthBook 5-min refresh.
50 */
51export function isChannelsEnabled(): boolean {
52 return getFeatureValue_CACHED_MAY_BE_STALE('tengu_harbor', false)
53}
54
55/**
56 * Pure allowlist check keyed off the connection's pluginSource — for UI
57 * pre-filtering so the IDE only shows "Enable channel?" for servers that will
58 * actually pass the gate. Not a security boundary: channel_enable still runs
59 * the full gate. Matches the allowlist comparison inside gateChannelServer()
60 * but standalone (no session/marketplace coupling — those are tautologies
61 * when the entry is derived from pluginSource).
62 *
63 * Returns false for undefined pluginSource (non-plugin server — can never
64 * match the {marketplace, plugin}-keyed ledger) and for @-less sources
65 * (builtin/inline — same reason).
66 */
67export function isChannelAllowlisted(
68 pluginSource: string | undefined,
69): boolean {
70 if (!pluginSource) return false
71 const { name, marketplace } = parsePluginIdentifier(pluginSource)
72 if (!marketplace) return false
73 return getChannelAllowlist().some(
74 e => e.plugin === name && e.marketplace === marketplace,
75 )
76}