* Extract hostname from a URL or git spec and bucket to the allowlist. * Handles `https://host/...`, `git@host:path`, `ssh://host/...`. * Returns a known public host, 'other' (parseable but not allowlisted — * don't leak private hostnames), or 'unknown' (unparseable / local path).
(urlOrSpec: string)
| 52 | * don't leak private hostnames), or 'unknown' (unparseable / local path). |
| 53 | */ |
| 54 | function extractHost(urlOrSpec: string): string { |
| 55 | let host: string |
| 56 | const scpMatch = /^[^@/]+@([^:/]+):/.exec(urlOrSpec) |
| 57 | if (scpMatch) { |
| 58 | host = scpMatch[1]! |
| 59 | } else { |
| 60 | try { |
| 61 | host = new URL(urlOrSpec).hostname |
| 62 | } catch { |
| 63 | return 'unknown' |
| 64 | } |
| 65 | } |
| 66 | const normalized = host.toLowerCase() |
| 67 | return KNOWN_PUBLIC_HOSTS.has(normalized) ? normalized : 'other' |
| 68 | } |
| 69 | |
| 70 | /** |
| 71 | * True if the URL/spec points at anthropics/claude-plugins-official — the |