npm - @agntk/agent-harness - Versions diffs - 0.1.2 → 0.1.4 - Mend

@agntk/agent-harness 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli/index.js +1 -1
package/dist/index.js +213 -1
package/dist/index.js.map +1 -1
package/dist/{universal-installer-QGS4SJGX.js → universal-installer-AAXXYM5A.js} +216 -2
package/dist/universal-installer-AAXXYM5A.js.map +1 -0
package/package.json +1 -1
package/dist/universal-installer-QGS4SJGX.js.map +0 -1

package/dist/cli/index.js CHANGED Viewed

@@ -3490,7 +3490,7 @@ Customize the workflows in your workflows/ directory.`);
     }
     return;
   }
-  const { universalInstall } = await import("../universal-installer-QGS4SJGX.js");
+  const { universalInstall } = await import("../universal-installer-AAXXYM5A.js");
   const result = await universalInstall(dir, source, {
     type: opts.type,
     id: opts.id,

package/dist/index.js CHANGED Viewed

@@ -12444,8 +12444,215 @@ function inferContentType(filePath, sourceContentTypes) {
 import { existsSync as existsSync32, readFileSync as readFileSync25, writeFileSync as writeFileSync18, mkdirSync as mkdirSync16, copyFileSync as copyFileSync2 } from "fs";
 import { join as join32, basename as basename9, extname } from "path";
 import { tmpdir as tmpdir2 } from "os";
+import { createRequire } from "module";
 import matter4 from "gray-matter";
 import { parse as parseYaml3 } from "yaml";
+function getHarnessVersion() {
+  try {
+    const require2 = createRequire(import.meta.url);
+    const candidates = [
+      "../package.json",
+      "../../package.json",
+      "../../../package.json"
+    ];
+    for (const candidate of candidates) {
+      try {
+        const pkg = require2(candidate);
+        if (pkg.name === "@agntk/agent-harness" && pkg.version) {
+          return pkg.version;
+        }
+      } catch {
+      }
+    }
+    return "unknown";
+  } catch {
+    return "unknown";
+  }
+}
+async function resolveGithubCommitSha(url) {
+  const match2 = url.match(
+    /^https?:\/\/raw\.githubusercontent\.com\/([^/]+)\/([^/]+)\/([^/]+)\/(.+)$/
+  );
+  if (!match2) return null;
+  const [, owner, repo, ref, path] = match2;
+  if (/^[0-9a-f]{40}$/i.test(ref)) return ref;
+  const apiUrl = `https://api.github.com/repos/${owner}/${repo}/contents/${path}?ref=${ref}`;
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 5e3);
+  try {
+    const response = await fetch(apiUrl, {
+      signal: controller.signal,
+      headers: { "Accept": "application/vnd.github+json" }
+    });
+    if (!response.ok) return null;
+    const data = await response.json();
+    if (typeof data.sha === "string" && /^[0-9a-f]{40}$/i.test(data.sha)) {
+      return data.sha;
+    }
+    return null;
+  } catch {
+    return null;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+var SIBLING_LICENSE_NAMES = [
+  "LICENSE",
+  "LICENSE.txt",
+  "LICENSE.md",
+  "COPYING",
+  "COPYING.txt"
+];
+function classifyLicenseText(text) {
+  const lower = text.toLowerCase();
+  if (lower.includes("all rights reserved")) {
+    return "PROPRIETARY";
+  }
+  if (lower.includes("mit license")) return "MIT";
+  if (lower.includes("apache license, version 2.0") || lower.includes("apache-2.0"))
+    return "Apache-2.0";
+  if (lower.includes("mozilla public license version 2.0") || lower.includes("mpl-2.0"))
+    return "MPL-2.0";
+  if (lower.includes("gnu affero general public license")) return "AGPL-3.0";
+  if (lower.includes("gnu lesser general public license")) {
+    if (lower.includes("version 3")) return "LGPL-3.0";
+    if (lower.includes("version 2")) return "LGPL-2.1";
+  }
+  if (lower.includes("gnu general public license")) {
+    if (lower.includes("version 3")) return "GPL-3.0";
+    if (lower.includes("version 2")) return "GPL-2.0";
+  }
+  if (lower.includes("isc license")) return "ISC";
+  if (lower.includes("cc0 1.0 universal") || lower.includes("cc0-1.0")) return "CC0-1.0";
+  if (lower.includes("creative commons attribution-sharealike 4.0")) return "CC-BY-SA-4.0";
+  if (lower.includes("creative commons attribution 4.0") || lower.includes("cc-by-4.0"))
+    return "CC-BY-4.0";
+  if (lower.includes("redistribution and use in source and binary forms") && lower.includes("neither the name of")) {
+    return "BSD-3-Clause";
+  }
+  if (lower.includes("redistribution and use in source and binary forms")) {
+    return "BSD-2-Clause";
+  }
+  if (lower.includes("this is free and unencumbered software released into the public domain")) {
+    return "Unlicense";
+  }
+  return "UNKNOWN";
+}
+function extractCopyright(text) {
+  const lines = text.split(/\r?\n/);
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (/^©\s*\d{4}/.test(trimmed) || /^copyright\b.*\d{4}/i.test(trimmed)) {
+      return trimmed;
+    }
+  }
+  return void 0;
+}
+async function fetchSiblingLicense(siblingUrl) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 5e3);
+  try {
+    const response = await fetch(siblingUrl, { signal: controller.signal });
+    if (!response.ok) return null;
+    return await response.text();
+  } catch {
+    return null;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+async function fetchGithubRepoLicense(owner, repo) {
+  const apiUrl = `https://api.github.com/repos/${owner}/${repo}/license`;
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 5e3);
+  try {
+    const response = await fetch(apiUrl, {
+      signal: controller.signal,
+      headers: { "Accept": "application/vnd.github+json" }
+    });
+    if (!response.ok) return null;
+    const data = await response.json();
+    const spdxId = data.license?.spdx_id;
+    if (!spdxId || spdxId === "NOASSERTION") return null;
+    let body;
+    if (data.content && data.encoding === "base64") {
+      try {
+        body = Buffer.from(data.content, "base64").toString("utf-8");
+      } catch {
+        body = void 0;
+      }
+    }
+    return { spdxId, htmlUrl: data.html_url ?? "", body };
+  } catch {
+    return null;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+async function detectLicense(sourceUrl) {
+  const match2 = sourceUrl.match(
+    /^https?:\/\/raw\.githubusercontent\.com\/([^/]+)\/([^/]+)\/([^/]+)\/(.+)$/
+  );
+  if (!match2) {
+    return { spdxId: "UNKNOWN" };
+  }
+  const [, owner, repo, ref, path] = match2;
+  const lastSlash = path.lastIndexOf("/");
+  const dir = lastSlash >= 0 ? path.slice(0, lastSlash) : "";
+  const dirPrefix = dir ? `${dir}/` : "";
+  for (const siblingName of SIBLING_LICENSE_NAMES) {
+    const siblingUrl = `https://raw.githubusercontent.com/${owner}/${repo}/${ref}/${dirPrefix}${siblingName}`;
+    const text = await fetchSiblingLicense(siblingUrl);
+    if (text) {
+      const spdxId = classifyLicenseText(text);
+      const copyright = extractCopyright(text);
+      return { spdxId, copyright, licenseSource: siblingUrl };
+    }
+  }
+  const repoLicense = await fetchGithubRepoLicense(owner, repo);
+  if (repoLicense) {
+    const copyright = repoLicense.body ? extractCopyright(repoLicense.body) : void 0;
+    return {
+      spdxId: repoLicense.spdxId,
+      copyright,
+      licenseSource: repoLicense.htmlUrl || void 0
+    };
+  }
+  return { spdxId: "UNKNOWN" };
+}
+async function recordProvenance(content, originalSource) {
+  let parsed;
+  try {
+    parsed = matter4(content);
+  } catch {
+    return content;
+  }
+  const data = parsed.data;
+  if (!data.source) {
+    data.source = originalSource;
+  }
+  if (!data.source_commit) {
+    const sha = await resolveGithubCommitSha(originalSource);
+    if (sha) {
+      data.source_commit = sha;
+    }
+  }
+  if (!data.license || !data.copyright || !data.license_source) {
+    const license = await detectLicense(originalSource);
+    if (!data.license) {
+      data.license = license.spdxId;
+    }
+    if (!data.copyright && license.copyright) {
+      data.copyright = license.copyright;
+    }
+    if (!data.license_source && license.licenseSource) {
+      data.license_source = license.licenseSource;
+    }
+  }
+  data.installed_at = (/* @__PURE__ */ new Date()).toISOString();
+  data.installed_by = `agent-harness@${getHarnessVersion()}`;
+  return matter4.stringify(parsed.content, data);
+}
 var VALID_TYPES2 = ["rule", "instinct", "skill", "playbook", "workflow", "tool", "agent"];
 var TYPE_DIRS2 = {
   rule: "rules",
@@ -12852,10 +13059,15 @@ async function universalInstall(harnessDir, source, options) {
   result.format = detection;
   const normalized = normalizeToHarness(content, filename, detection, options);
   result.fixes.push(...normalized.fixes);
+  let finalContent = normalized.content;
+  if (source.startsWith("http://") || source.startsWith("https://")) {
+    finalContent = await recordProvenance(finalContent, source);
+    result.fixes.push("Recorded provenance (source, installed_at, installed_by)");
+  }
   const tempDir = join32(tmpdir2(), "harness-install");
   mkdirSync16(tempDir, { recursive: true });
   const tempPath = join32(tempDir, normalized.filename);
-  writeFileSync18(tempPath, normalized.content, "utf-8");
+  writeFileSync18(tempPath, finalContent, "utf-8");
   if (!options?.skipFix) {
     const fixResult = fixCapability(tempPath);
     result.fixes.push(...fixResult.fixes_applied);