npm - @atlasnomos/atlas - Versions diffs - 1.1.2 → 1.1.5 - Mend

@atlasnomos/atlas 1.1.2 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/atlas.js +19 -5
package/package.json +1 -1
package/src/kernel/boot/BootGuard.js +9 -5

package/atlas.js CHANGED Viewed

@@ -8,10 +8,8 @@ const path = require('path');
 const { ErrorHandler } = require('./src/core/ErrorHandler');
 // 0. Entry Point Hardening (Anti-Bypass)
-if (require.main !== module) {
-    console.error('⛔ SECURITY VIOLATION: ATLAS Kernel must be executed directly, not required as a module.');
-    process.exit(1);
-}
+const { validateEntryPoint } = require('./src/kernel/boot/BootGuard');
+validateEntryPoint();
 // 1. Load Env & Config
 // Priority 1: CWD .env (Project specific)
@@ -117,7 +115,23 @@ const { ModelsCommand } = require('./src/interface/cli/commands/ModelsCommand');
                         console.error('\n⚠️  DRY-RUN MODE ACTIVE: No changes will be persisted.\n');
                     }
-                    const context = await bootstrap.boot();
+                    // PHASE 4: Setup Flow Interception
+                    const command = rawArgs[0] || 'doctor';
+                    const isSetupCommand = ['init', 'help', '--help', '-h', '--version', '-v'].includes(command);
+                    let context;
+                    if (isSetupCommand) {
+                        // Use minimal context for setup commands to bypass Ring-1 validation
+                        context = {
+                            tierManager: { getTier: () => 'DEV', displayBanner: () => { } },
+                            trace: { log: () => { } },
+                            auditSink: { log: () => { } },
+                            costTracker: { log: () => { } }
+                        };
+                    } else {
+                        // Full kernel boot for governed commands
+                        context = await bootstrap.boot();
+                    }
                     const dispatcher = new CommandDispatcher(context);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@atlasnomos/atlas",
-    "version": "1.1.2",
+    "version": "1.1.5",
     "description": "Production-grade AI governance kernel for autonomous agents with fail-closed security and cryptographic audit trails",
     "main": "atlas.js",
     "bin": {

package/src/kernel/boot/BootGuard.js CHANGED Viewed

@@ -25,7 +25,8 @@ const { panic } = require('./HardKill');
  * All paths are relative to the atlas root directory.
  */
 const AUTHORIZED_ENTRY_POINTS = Object.freeze([
-    'atlas.js'
+    'atlas.js',
+    'atlas'      // Supported for NPM global wrapper
 ]);
 // ═══════════════════════════════════════════════════════════════
@@ -56,11 +57,14 @@ function validateEntryPoint() {
     const expectedPath = path.join(atlasRoot, entryFilename);
     // Normalize paths for comparison (handle Windows backslashes)
-    if (path.resolve(mainModule.filename) !== expectedPath) {
-        panic('BOOT_GUARD: Entry point path mismatch', {
+    const normalizedActual = path.resolve(mainModule.filename);
+    const isUnderRoot = normalizedActual.startsWith(atlasRoot);
+    if (!isUnderRoot) {
+        panic('BOOT_GUARD: Entry point out of bounds', {
             actual: mainModule.filename,
-            expected: expectedPath,
-            reason: 'Entry point must be in the kernel root directory'
+            expectedPrefix: atlasRoot,
+            reason: 'Entry point must be within the kernel root directory'
         });
         return false;
     }