Add croc-transfer extension#27304
Conversation
- Remove file renaming on receive (preserve original filenames) - Async croc binary detection in useCrocCheck (non-blocking) - clearCrocPathCache() + resolveCrocPathAsync() in croc.ts - buildCrocArgs overloads: receive takes no extra args - computeFileSize() in process.ts (recursive, sync) - formatFileSize() in history.ts - TransferStatus gains 'in_progress' + sessionId field - cleanStaleInProgressRecords() for session-based cleanup - useTransfer hook: covers form/zipping states, cancel writes record - InstallGuide: Refresh + Install with Homebrew actions - receive-file: Form input (autoFocus, clipboard pre-fill), Finder reveal, cancel writes record, no /Share subdir - send-file: uses useTransfer hook, showHUD on complete, computeFileSize stored in record - transfer-history: date groups (Today/Yesterday/Earlier), accessories (date + file count tag), keywords (basenames), size in metadata - quick-send: no-view command with write-ahead history pattern - package.json: quick-send command entry, updated downloadDirectory description
…to clipboard - Wrap spawnCrocSend in Promise so no-view command doesn't exit prematurely - Auto-copy code phrase to clipboard on Quick Send for easy sharing - Change default download directory to ~/Downloads/Share
…de, update author
- fix: reSend() now records status as in_progress on phrase, updates to success/failed on completion (matches quick-send lifecycle) - feat: add CHANGELOG.md required for new extensions - feat: add metadata/ directory with screenshots (send, receive, history) - chore: migrate ESLint config from legacy .eslintrc.json to v9 flat config (eslint.config.mjs), upgrade eslint ^8→^9 and @raycast/eslint-config ^1→^2
|
Congratulations on your new Raycast extension! 🚀 We're currently experiencing a high volume of incoming requests. As a result, the initial review may take up to 10-15 business days. Once the PR is approved and merged, the extension will be available on our Store. |
Greptile SummaryThis commit addresses four prior review findings: the CHANGELOG now uses the correct
Confidence Score: 4/5The four targeted fixes are correct, but the false-success path in spawnCrocSend still reports successful transfers when croc exits non-zero after emitting a code phrase. The croc-transfer/src/utils/process.ts — the Important Files Changed
Reviews (3): Last reviewed commit: "fix: address all code review issues" | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| @@ -0,0 +1,13 @@ | |||
| # Croc Transfer Changelog | |||
|
|
|||
| ## [Initial Version] - 2026-04-09 | |||
There was a problem hiding this comment.
The entry uses a literal date (2026-04-09) instead of the required {PR_MERGE_DATE} placeholder, and the section title should be [Initial Release] not [Initial Version].
| ## [Initial Version] - 2026-04-09 | |
| ## [Initial Release] - {PR_MERGE_DATE} |
Rule Used: What: In Raycast extension changelogs, `{PR_MERGE_... (source)
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/croc-transfer/CHANGELOG.md
Line: 3
Comment:
**CHANGELOG uses hardcoded date and wrong title**
The entry uses a literal date (`2026-04-09`) instead of the required `{PR_MERGE_DATE}` placeholder, and the section title should be `[Initial Release]` not `[Initial Version]`.
```suggestion
## [Initial Release] - {PR_MERGE_DATE}
```
**Rule Used:** What: In Raycast extension changelogs, `{PR_MERGE_... ([source](https://app.greptile.com/review/custom-context?memory=799af734-ebd9-4b40-9ffd-97a70fc71c8a))
How can I resolve this? If you propose a fix, please make it concise.| "@raycast/utils": "^1.16.0" | ||
| }, |
There was a problem hiding this comment.
@raycast/utils is listed but never imported
@raycast/utils appears in dependencies but is not imported in any file under src/. Unused dependencies bloat the bundle and create confusion about what the extension actually requires.
| "@raycast/utils": "^1.16.0" | |
| }, | |
| "@raycast/api": "^1.72.0" |
Rule Used: What: Every dependency listed in package.json must... (source)
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/croc-transfer/package.json
Line: 116-117
Comment:
**`@raycast/utils` is listed but never imported**
`@raycast/utils` appears in `dependencies` but is not imported in any file under `src/`. Unused dependencies bloat the bundle and create confusion about what the extension actually requires.
```suggestion
"@raycast/api": "^1.72.0"
```
**Rule Used:** What: Every dependency listed in package.json must... ([source](https://app.greptile.com/review/custom-context?memory=bffc60eb-f9f2-4219-b804-76e29e267d43))
How can I resolve this? If you propose a fix, please make it concise.| }; | ||
|
|
||
| try { | ||
| proc = spawn("/usr/bin/python3", [wrapperPath, crocPath, ...args], { |
There was a problem hiding this comment.
/usr/bin/python3 will silently break transfers if Python 3 isn't installed
/usr/bin/python3 is only present on macOS when Xcode Command Line Tools are installed; on minimal or managed systems it may be absent, causing spawn to fail with ENOENT and every transfer to immediately error. There is no fallback to /opt/homebrew/bin/python3, /usr/local/bin/python3, or a which python3 lookup.
Consider resolving the python3 path with the same candidate-list pattern already used for croc, or checking existence before spawning and surfacing an actionable error message if Python 3 cannot be found.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/croc-transfer/src/utils/process.ts
Line: 157
Comment:
**Hardcoded `/usr/bin/python3` will silently break transfers if Python 3 isn't installed**
`/usr/bin/python3` is only present on macOS when Xcode Command Line Tools are installed; on minimal or managed systems it may be absent, causing `spawn` to fail with `ENOENT` and every transfer to immediately error. There is no fallback to `/opt/homebrew/bin/python3`, `/usr/local/bin/python3`, or a `which python3` lookup.
Consider resolving the python3 path with the same candidate-list pattern already used for croc, or checking existence before spawning and surfacing an actionable error message if Python 3 cannot be found.
How can I resolve this? If you propose a fix, please make it concise.|
|
||
| export function getCrocVersion(crocPath: string): string | null { | ||
| try { | ||
| const output = execSync(`"${crocPath}" --version`, { |
There was a problem hiding this comment.
execSync with shell interpolation; prefer execFileSync
execSync(\"${crocPath}" --version`)passes the command to/bin/sh, so a crocPathcontaining shell metacharacters (e.g. a custom path set in preferences like/tmp/croc"; echo pwned; echo ") can execute arbitrary commands. The async sibling getCrocVersionAsyncalready uses the saferexecFileAPI —getCrocVersion` should do the same.
Replace with execFileSync(crocPath, ["--version"], { encoding: "utf8", timeout: 3000 }).
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/croc-transfer/src/utils/croc.ts
Line: 70
Comment:
**`execSync` with shell interpolation; prefer `execFileSync`**
`execSync(\`"${crocPath}" --version\`)` passes the command to `/bin/sh`, so a `crocPath` containing shell metacharacters (e.g. a custom path set in preferences like `/tmp/croc"; echo pwned; echo "`) can execute arbitrary commands. The async sibling `getCrocVersionAsync` already uses the safer `execFile` API — `getCrocVersion` should do the same.
Replace with `execFileSync(crocPath, ["--version"], { encoding: "utf8", timeout: 3000 })`.
How can I resolve this? If you propose a fix, please make it concise.…g polling
- add runState.ts: STATE_FILE / LIVE_LOG_FILE constants, RunState interface,
read/write helpers, isProcessAlive util
- rewrite runScript.ts: spawn a temp wrapper.sh with stdio:ignore+detached so
the child survives parent exit; wrapper redirects all output to LIVE_LOG_FILE
and writes final state back via python3; RunHandle now exposes {pid, kill}
instead of {promise, kill}
- add LivePollView.tsx: polls LIVE_LOG_FILE (500ms) and STATE_FILE (1500ms);
works after Raycast restart; reads result.json / *.summary.txt on completion
- update release-testflight.tsx: call runScript → writeRunState → push LivePollView;
remove the old in-process ExecutionView (~350 lines of streaming/state logic)
…ing releases reads STATE_FILE written by the detached wrapper and renders LivePollView; works for both in-progress and completed runs, shows "no record" when state file is absent; registered in package.json with type declarations in raycast-env.d.ts
|
This pull request has been automatically marked as stale because it did not have any recent activity. It will be closed if no further activity occurs in the next 7 days to keep our backlog clean 😊 |
- Fix CHANGELOG.md to use {PR_MERGE_DATE} placeholder and correct title
- Remove unused @raycast/utils dependency from package.json
- Fix hardcoded Python3 path with findPython3Path() function
- Fix shell injection vulnerability in getCrocVersion()
|
I have reopened this PR because all review issues have now been fixed: ✅ Fixed issues:
|
🔧 Verification:
The PR is now ready for review again. Thank you for your patience! |
2 participants
A Raycast extension for peer-to-peer file transfer using croc. Supports Send, Receive, Quick Send, and Transfer History commands with end-to-end encryption.
Co-Authored-By: Oz oz-agent@warp.dev