npm - @ait-co/console-cli - Versions diffs - 0.1.16 → 0.1.17 - Mend

@ait-co/console-cli 0.1.16 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -99,3 +99,15 @@ Every command accepts `--json`. When set:
 ## Status
 `login`, `logout`, `whoami`, and `upgrade` are implemented end-to-end — `login` drives a real browser over CDP and `whoami` reads the live console member API. `deploy`, `logs`, `status` are next — see [TODO.md](./TODO.md). See the [organization landing page](https://apps-in-toss-community.github.io/) for the full roadmap.
+## Pre-commit hook
+Optional but recommended. After cloning, activate the standard pre-commit hook (runs `biome check` on staged files):
+```sh
+git config core.hooksPath .githooks
+```
+This is a developer convenience for fast feedback before push. CI runs the same checks as the enforcement layer, so contributors who don't activate the hook will still see lint failures in their PR.
+선택 사항이지만 권장합니다. clone 후 표준 pre-commit hook을 활성화하면 staged 파일에 `biome check`가 자동으로 돕니다 (push 전에 빠른 피드백). 활성화하지 않아도 동일한 검사가 CI에서 실행되므로 PR 단계에서 lint 실패를 볼 수 있습니다.

package/dist/cli.mjs CHANGED Viewed

@@ -7,7 +7,8 @@ import { unzipSync } from "fflate";
 import { parse } from "yaml";
 import { imageSize } from "image-size";
 import { spawn } from "node:child_process";
-import { constants } from "node:fs";
+import { constants, createReadStream } from "node:fs";
+import { createHash } from "node:crypto";
 //#region src/api/http.ts
 var TossApiError = class extends Error {
 	constructor(status, errorCode, reason, errorType) {
@@ -718,7 +719,8 @@ const ExitCode = {
 	LoginCookieCaptureFailed: 16,
 	ApiError: 17,
 	UpgradeUnavailable: 20,
-	UpgradeAlreadyLatest: 21
+	UpgradeAlreadyLatest: 21,
+	UpgradeChecksumFailed: 22
 };
 //#endregion
 //#region src/flush.ts
@@ -5459,6 +5461,9 @@ async function fetchLatestReleaseConditional(previousEtag) {
 		etag
 	};
 }
+function findSha256SumsAsset(release) {
+	return release.assets.find((a) => a.name === "SHA256SUMS");
+}
 function versionFromTag(tag) {
 	const at = tag.lastIndexOf("@");
 	const candidate = at >= 0 ? tag.slice(at + 1) : tag;
@@ -5522,6 +5527,31 @@ function compareSemver(a, b) {
 	return pa.pre > pb.pre ? 1 : -1;
 }
 //#endregion
+//#region src/sha256.ts
+function parseSha256Sums(text) {
+	const out = /* @__PURE__ */ new Map();
+	for (const rawLine of text.split(/\r?\n/)) {
+		const line = rawLine.trim();
+		if (line === "" || line.startsWith("#")) continue;
+		const match = line.match(/^([0-9a-fA-F]{64})\s+\*?(.+)$/);
+		if (!match) continue;
+		const hash = match[1]?.toLowerCase();
+		const name = match[2]?.trim();
+		if (!hash || !name) continue;
+		out.set(name, hash);
+	}
+	return out;
+}
+function sha256OfFile(path) {
+	return new Promise((resolve, reject) => {
+		const hash = createHash("sha256");
+		const stream = createReadStream(path);
+		stream.on("error", reject);
+		stream.on("data", (chunk) => hash.update(chunk));
+		stream.on("end", () => resolve(hash.digest("hex")));
+	});
+}
+//#endregion
 //#region src/version.ts
 function resolveVersion() {
 	try {
@@ -5529,7 +5559,7 @@ function resolveVersion() {
 		if (typeof injected === "string" && injected.length > 0) return injected;
 	} catch {}
 	try {
-		return "0.1.16";
+		return "0.1.17";
 	} catch {}
 	return "0.0.0-dev";
 }
@@ -5650,6 +5680,50 @@ const upgradeCommand = defineCommand({
 			}, `Failed to download new binary: ${err.message}`);
 			process.exit(ExitCode.NetworkError);
 		}
+		const sumsAsset = findSha256SumsAsset(release);
+		if (!sumsAsset) {
+			await unlink(stagingPath).catch(() => {});
+			emitError({
+				reason: "sums-missing",
+				tag: release.tag_name
+			}, `Release ${release.tag_name} has no SHA256SUMS asset. It may still be uploading; retry shortly.`);
+			process.exit(ExitCode.UpgradeChecksumFailed);
+		}
+		let expected;
+		let actual;
+		try {
+			const sumsRes = await fetch(sumsAsset.browser_download_url);
+			if (!sumsRes.ok) throw new Error(`SHA256SUMS download failed: ${sumsRes.status} ${sumsRes.statusText}`);
+			expected = parseSha256Sums(await sumsRes.text()).get(platform.assetName);
+			actual = (await sha256OfFile(stagingPath)).toLowerCase();
+		} catch (err) {
+			await unlink(stagingPath).catch(() => {});
+			emitError({
+				reason: "sums-fetch-failed",
+				message: err.message
+			}, `Failed to verify checksum: ${err.message}`);
+			process.exit(ExitCode.UpgradeChecksumFailed);
+		}
+		if (!expected) {
+			await unlink(stagingPath).catch(() => {});
+			emitError({
+				reason: "sums-no-entry",
+				assetName: platform.assetName,
+				tag: release.tag_name
+			}, `SHA256SUMS for ${release.tag_name} has no entry for ${platform.assetName}.`);
+			process.exit(ExitCode.UpgradeChecksumFailed);
+		}
+		if (expected.toLowerCase() !== actual) {
+			await unlink(stagingPath).catch(() => {});
+			emitError({
+				reason: "sha256-mismatch",
+				assetName: platform.assetName,
+				expected: expected.toLowerCase(),
+				actual
+			}, `Checksum mismatch for ${platform.assetName}: expected ${expected.toLowerCase()}, got ${actual}.`);
+			process.exit(ExitCode.UpgradeChecksumFailed);
+		}
+		if (!args.json) process.stdout.write("Checksum OK.\n");
 		try {
 			if (process.platform === "win32") {
 				await rename(exePath, `${exePath}.old`);