npm - @agentsoc/beacon - Versions diffs - 0.0.4 → 0.0.5 - Mend

@agentsoc/beacon 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +2 -2
package/dist/service-install.d.ts.map +1 -1
package/dist/service-install.js +35 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -98,7 +98,7 @@ Install the background service daemon (systemd on Linux, launchd on macOS):
 sudo beacon install
 ```
-On macOS the plist is written under `/Library/LaunchDaemons/`, and on Linux the unit file goes under `/etc/systemd/system/`—both require root, so use `sudo`. If `sudo` cannot find `beacon` (for example with nvm), run `sudo env "PATH=$PATH" beacon install` or invoke the CLI with the full path to the global binary.
+On macOS the plist is written under `/Library/LaunchDaemons/`, and on Linux the unit file goes under `/etc/systemd/system/`—both require root, so use `sudo`. The service is configured to **run as your login user** (via `SUDO_USER` when you use `sudo`), so it uses the same config directory as `beacon config`—not root’s home. If `sudo` cannot find `beacon` (for example with nvm), run `sudo env "PATH=$PATH" beacon install` or invoke the CLI with the full path to the global binary.
 ### Status and stats
@@ -110,7 +110,7 @@ beacon status
 Use `beacon status --json` for machine-readable output (includes `validateKeyUrl` on errors).
-After successful batches, the CLI updates **`stats.json`** next to your config (same config directory as `config.json`—for example `~/Library/Application Support/agentsoc-beacon/` on macOS). The file tracks `logsForwarded`, `batchesSucceeded`, `batchesFailed`, optional `lastError`, and `updatedAt`. If the beacon runs as another user (e.g. root), that user’s config directory holds the stats file.
+After successful batches, the CLI updates **`stats.json`** next to your config (same config directory as `config.json`—for example `~/Library/Application Support/agentsoc-beacon/` on macOS). The file tracks `logsForwarded`, `batchesSucceeded`, `batchesFailed`, optional `lastError`, and `updatedAt`. The background service runs as the installing user (see Install Service above), so stats stay alongside your user config.
 The marketing site’s product demo terminal runs through **`beacon status`** so visitors can see a sample of this output.

package/dist/service-install.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"service-install.d.ts","sourceRoot":"","sources":["../src/service-install.ts"],"names":[],"mappings":"~~AA2GA~~,wBAAsB,cAAc,~~kBAuEnC~~"}
1	+ {"version":3,"file":"service-install.d.ts","sourceRoot":"","sources":["../src/service-install.ts"],"names":[],"mappings":"AA4IA,wBAAsB,cAAc,kBA4EnC"}

package/dist/service-install.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { constants as fsConstants } from 'node:fs';
 import fs from 'node:fs/promises';
+import os from 'node:os';
 import path from 'node:path';
 import { execFileSync, execSync } from 'node:child_process';
 import { BEACON_CONFIG_REQUIRED_MESSAGE, loadConfig } from './config.js';
@@ -82,6 +83,35 @@ function launchctlBootoutSystem(plistPath, label) {
         // not loaded yet
     }
 }
+/**
+ * Config and stats paths use os.homedir(). A LaunchDaemon/systemd unit runs as root by
+ * default, which points at /var/root (macOS) or /root — not the user who ran `beacon config`.
+ * Prefer SUDO_USER from `sudo`; otherwise the current login user when not root.
+ */
+function resolveDaemonRunAsUsername() {
+    const sudoUser = process.env.SUDO_USER?.trim();
+    if (sudoUser) {
+        return sudoUser;
+    }
+    const uid = typeof process.getuid === 'function' ? process.getuid() : -1;
+    if (uid !== 0) {
+        try {
+            return os.userInfo().username;
+        }
+        catch {
+            // fall through
+        }
+    }
+    throw new Error('Cannot determine which user account should run the beacon daemon. ' +
+        'Config is stored under that user\'s home directory. ' +
+        'Run install from your normal account with sudo, e.g. `sudo beacon install`, not from a root-only shell.');
+}
+function escapePlistString(s) {
+    return s
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}
 function launchctlBootstrapSystem(plistPath) {
     try {
         execFileSync('launchctl', ['bootstrap', 'system', plistPath], {
@@ -107,12 +137,14 @@ export async function installService() {
     const cliPath = path.resolve(process.argv[1]);
     const command = `${runner} ${cliPath} run`;
     if (process.platform === 'linux') {
+        const runAs = resolveDaemonRunAsUsername();
         const serviceUnit = `[Unit]
 Description=AgentSOC Syslog Beacon
 After=network.target
 [Service]
 Type=simple
+User=${runAs}
 ExecStart=${command}
 Restart=always
 RestartSec=10
@@ -131,6 +163,7 @@ WantedBy=multi-user.target
     }
     else if (process.platform === 'darwin') {
         const label = 'com.agentsoc.syslog-beacon';
+        const runAs = escapePlistString(resolveDaemonRunAsUsername());
         const launchdRunner = resolveLaunchdRunner();
         const plist = `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
@@ -138,6 +171,8 @@ WantedBy=multi-user.target
 <dict>
     <key>Label</key>
     <string>${label}</string>
+    <key>UserName</key>
+    <string>${runAs}</string>
     <key>ProgramArguments</key>
     <array>
         <string>${launchdRunner}</string>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agentsoc/beacon",
-  "version": "0.0.4",
+  "version": "0.0.5",
   "description": "Lightweight, background-running log forwarder (beacon) for AgentSOC",
   "type": "module",
   "bin": {