@agentprojectcontext/apx 1.15.3 → 1.15.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentprojectcontext/apx",
-  "version": "1.15.3",
+  "version": "1.15.5",
   "description": "APX — unified CLI + daemon for the Agent Project Context (APC) standard.",
   "publishConfig": {
     "access": "public"

package/src/cli/commands/identity.js

@@ -65,12 +65,14 @@ export async function cmdIdentity(args) {
       console.log("No identity configured. Run: apx identity wizard");
       return;
     }
+    const { readConfig } = await import("../../core/config.js");
+    const cfg = readConfig();
     console.log("");
     console.log(`  Agent name  : ${id.agent_name}`);
     console.log(`  Personality : ${id.personality || "(not set)"}`);
     console.log(`  Owner       : ${id.owner_name}`);
     console.log(`  Context     : ${id.owner_context || "(not set)"}`);
-    console.log(`  Language    : ${id.language || "(auto-detect)"}`);
+    console.log(`  Language    : ${cfg.user?.language || "en"}  (set via: apx config set user.language <code>)`);
     console.log(`  Last wakeup : ${id.last_wakeup || "(never)"}`);
     console.log(`  File        : ~/.apx/identity.json`);
     console.log("");
@@ -113,14 +115,14 @@ export async function runWizard() {
   const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
 
   console.log("\n  APX Identity Setup\n");
-  console.log("  This defines who the agent is and who it works for.");
-  console.log("  Used for wake-up messages and agent self-description.\n");
+  console.log("  Defines who the agent is, who it works for, and what extra context");
+  console.log("  it carries in every conversation (injected into the system prompt).");
+  console.log("  Language is configured separately via: apx config set user.language <code>\n");
 
   const agent_name    = await ask(rl, "  Agent name", existing.agent_name || "APX");
   const personality   = await ask(rl, "  Personality (comma-separated traits)", existing.personality || "direct, curious, helpful");
   const owner_name    = await ask(rl, "  Your name", existing.owner_name || "");
-  const owner_context = await ask(rl, "  What are you building / working on", existing.owner_context || "");
-  const language      = await ask(rl, "  Language for agent messages (e.g. Spanish, English)", existing.language || "English");
+  const owner_context = await ask(rl, "  Context for the agent (what you build / work on — added to every system prompt)", existing.owner_context || "");
 
   console.log("\n  Claude Code permissions");
   console.log("  APX can configure Claude Code to allow terminal commands without prompts.");
@@ -130,7 +132,7 @@ export async function runWizard() {
 
   rl.close();
 
-  const id = writeIdentity({ agent_name, personality, owner_name, owner_context, language, last_wakeup: null });
+  const id = writeIdentity({ agent_name, personality, owner_name, owner_context, last_wakeup: null });
   console.log(`\n  Identity saved to ~/.apx/identity.json`);
 
   if (setupPerms) {

package/src/cli/http.js

@@ -11,6 +11,12 @@ const __dirname = path.dirname(__filename);
 const DEFAULT_PORT = parseInt(process.env.APX_PORT || "7430", 10);
 const DEFAULT_HOST = process.env.APX_HOST || "127.0.0.1";
 
+const TOKEN_PATH = path.join(os.homedir(), ".apx", "daemon.token");
+
+function readToken() {
+  try { return fs.readFileSync(TOKEN_PATH, "utf8").trim(); } catch { return ""; }
+}
+
 function baseUrl() {
   return `http://${DEFAULT_HOST}:${DEFAULT_PORT}`;
 }
@@ -71,9 +77,13 @@ async function request(method, path, body, opts = {}) {
   else if (!(await ping())) {
     throw new Error(`apx daemon not running (no response on ${baseUrl()})`);
   }
+  const token = readToken();
   const res = await fetch(`${baseUrl()}${path}`, {
     method,
-    headers: body ? { "content-type": "application/json" } : {},
+    headers: {
+      ...(body ? { "content-type": "application/json" } : {}),
+      ...(token ? { "authorization": `Bearer ${token}` } : {}),
+    },
     body: body ? JSON.stringify(body) : undefined,
     signal: opts.signal,
   });
@@ -98,9 +108,13 @@ async function streamRequest(method, path, body, onEvent, opts = {}) {
     throw new Error(`apx daemon not running (no response on ${baseUrl()})`);
   }
 
+  const token = readToken();
   const res = await fetch(`${baseUrl()}${path}`, {
     method,
-    headers: body ? { "content-type": "application/json" } : {},
+    headers: {
+      ...(body ? { "content-type": "application/json" } : {}),
+      ...(token ? { "authorization": `Bearer ${token}` } : {}),
+    },
     body: body ? JSON.stringify(body) : undefined,
     signal: opts.signal,
   });

package/src/core/config.js

@@ -8,6 +8,7 @@ export const CONFIG_PATH = path.join(APX_HOME, "config.json");
 export const PID_PATH = path.join(APX_HOME, "daemon.pid");
 export const LOG_PATH = path.join(APX_HOME, "daemon.log");
 export const TELEGRAM_STATE_PATH = path.join(APX_HOME, "telegram-state.json");
+export const TOKEN_PATH = path.join(APX_HOME, "daemon.token");
 // Global channel messages (telegram, direct, whatsapp, …) live here,
 // separated from any project.  Structure: ~/.apx/messages/<channel>/YYYY-MM-DD.jsonl
 export const GLOBAL_MESSAGES_DIR = path.join(APX_HOME, "messages");

package/src/daemon/api.js

@@ -78,7 +78,7 @@ function appendSuperAgentErrorTrace(req, error, details = {}) {
   });
 }
 
-export function buildApi({ projects, registries, plugins, scheduler, version, startedAt, addProjectGlobally, config }) {
+export function buildApi({ projects, registries, plugins, scheduler, version, startedAt, addProjectGlobally, config, token }) {
   const telegram = plugins?.get("telegram");
 
   const app = express();
@@ -89,6 +89,17 @@ export function buildApi({ projects, registries, plugins, scheduler, version, st
     next();
   });
 
+  // Token auth — skip only /health so the CLI can ping before reading the token.
+  if (token) {
+    app.use((req, res, next) => {
+      if (req.path === "/health") return next();
+      const auth = req.get("authorization") || "";
+      const provided = auth.startsWith("Bearer ") ? auth.slice(7) : "";
+      if (provided !== token) return res.status(401).json({ error: "unauthorized" });
+      next();
+    });
+  }
+
   // ---- Tool routers (fetch / browser / search / glob / grep / registry) ----
   // fetch  = native HTTP, no Chromium  → fast, cheap, default for REST/HTML
   // browser = Puppeteer-backed         → heavy, lazy-launched, for JS-rendered pages

package/src/daemon/index.js

@@ -3,6 +3,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { randomBytes } from "node:crypto";
 import {
   readConfig,
   writeConfig,
@@ -12,6 +13,7 @@ import {
   PID_PATH,
   LOG_PATH,
   APX_HOME,
+  TOKEN_PATH,
 } from "../core/config.js";
 import { ProjectManager } from "./db.js";
 import { McpRegistry } from "./mcp-runner.js";
@@ -76,6 +78,12 @@ function clearPid() {
   } catch {}
 }
 
+function generateToken() {
+  const token = randomBytes(32).toString("hex");
+  fs.writeFileSync(TOKEN_PATH, token, { mode: 0o600 });
+  return token;
+}
+
 class RegistryCache {
   constructor() {
     this.byProjectId = new Map();
@@ -98,6 +106,7 @@ class RegistryCache {
 async function main() {
   ensureHome();
   claimSingleton();
+  const token = generateToken();
 
   const cfg = readConfig();
   const host = effectiveHost(cfg);
@@ -138,6 +147,7 @@ async function main() {
     plugins,
     scheduler,
     config: cfg,
+    token,
     version: PKG.version,
     startedAt,
     addProjectGlobally: (absPath) => {

package/src/daemon/super-agent-tools/tools/set-identity.js

@@ -13,20 +13,20 @@ export default {
         properties: {
           agent_name: { type: "string", description: "new agent name" },
           owner_name: { type: "string", description: "owner name" },
+          owner_context: { type: "string", description: "context injected into every system prompt — what the owner builds / works on" },
           personality: { type: "string", description: "comma-separated personality traits" },
-          language: { type: "string", description: "preferred language" },
           confirmed: confirmedProperty("true only after explicit user confirmation for this exact identity update"),
         },
       },
     },
   },
-  makeHandler: ({ requirePermission }) => ({ agent_name, owner_name, personality, language, confirmed = false } = {}) => {
+  makeHandler: ({ requirePermission }) => ({ agent_name, owner_name, owner_context, personality, confirmed = false } = {}) => {
     requirePermission("set_identity", { dangerous: true, confirmed });
     const fields = {};
     if (agent_name) fields.agent_name = agent_name;
     if (owner_name) fields.owner_name = owner_name;
+    if (owner_context !== undefined) fields.owner_context = owner_context;
     if (personality) fields.personality = personality;
-    if (language) fields.language = language;
     if (Object.keys(fields).length === 0) {
       return { ok: true, identity: readIdentity() };
     }

package/src/daemon/super-agent.js

@@ -18,6 +18,7 @@ import {
   extractPseudoToolCalls,
   cleanTextOfPseudoToolCalls,
 } from "./tool-call-parser.js";
+import { readIdentity } from "../core/identity.js";
 
 const MAX_TOOL_ITERS = 6;
 
@@ -201,8 +202,23 @@ export async function runSuperAgent({
     ].join("\n");
   })();
 
+  // Identity: who the agent is, who it works for, and what extra context the owner provided.
+  // Language comes from config.user.language (ISO 639-1) so it stays in sync with transcription.
+  const identity = (() => { try { return readIdentity(); } catch { return null; } })();
+  const userLang = globalConfig?.user?.language || "en";
+  const identityBlock = (() => {
+    const lines = ["# Identity"];
+    if (identity?.agent_name) lines.push(`Your name is ${identity.agent_name}.`);
+    if (identity?.personality) lines.push(`Your personality: ${identity.personality}.`);
+    if (identity?.owner_name) lines.push(`Your owner is ${identity.owner_name}.`);
+    if (identity?.owner_context) lines.push(`Owner context: ${identity.owner_context}`);
+    lines.push(`Always reply in the language with ISO code "${userLang}" unless the user explicitly switches.`);
+    return lines.join("\n");
+  })();
+
   const system = [
     sa.system || DEFAULT_SYSTEM,
+    identityBlock,
     permissionNote,
     contextNote,
     "# Registered projects (just the index — call tools for details)",

package/src/daemon/tools/fetch.js

@@ -33,6 +33,22 @@ async function getFetch() {
 const DEFAULT_TIMEOUT = 30000;
 const MAX_BODY_BYTES  = 5 * 1024 * 1024; // 5MB
 
+// Block private/link-local ranges and cloud metadata endpoints to prevent SSRF.
+const BLOCKED_HOST_RE = /^(localhost|metadata\.google\.internal\.?)$/i;
+const PRIVATE_IP_RE   = /^(127\.\d+\.\d+\.\d+|0\.0\.0\.0|::1|10\.\d+\.\d+\.\d+|172\.(1[6-9]|2\d|3[01])\.\d+\.\d+|192\.168\.\d+\.\d+|169\.254\.\d+\.\d+|fd[0-9a-f]{2}:)/i;
+
+function validateUrl(rawUrl) {
+  let parsed;
+  try { parsed = new URL(rawUrl); } catch { throw new Error("Invalid URL"); }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`Protocol "${parsed.protocol}" is not allowed; use http or https`);
+  }
+  const host = parsed.hostname.toLowerCase().replace(/^\[|\]$/g, "");
+  if (BLOCKED_HOST_RE.test(host) || PRIVATE_IP_RE.test(host)) {
+    throw new Error(`Requests to private or link-local addresses are blocked`);
+  }
+}
+
 async function readBody(response, jsonHint) {
   const ctype = response.headers.get("content-type") || "";
   const wantsJson = jsonHint || ctype.includes("application/json");
@@ -57,6 +73,7 @@ async function readBody(response, jsonHint) {
 
 async function doRequest({ url, method = "GET", headers = {}, body = null, timeout_ms = DEFAULT_TIMEOUT, json = false } = {}) {
   if (!url) throw new Error("url required");
+  validateUrl(url);
   const fetch = await getFetch();
 
   const controller = new AbortController();