npm - @automagik/genie - Versions diffs - 4.260424.14 → 4.260424.16 - Mend

@automagik/genie 4.260424.14 → 4.260424.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/genie.js +18 -2
package/package.json +2 -1
package/plugins/genie/.claude-plugin/plugin.json +1 -1
package/plugins/genie/package.json +1 -1
package/scripts/sec-fix.cjs +775 -0

package/dist/genie.js CHANGED Viewed

@@ -4165,7 +4165,7 @@ Team: ${teamName}
 History for "${schedule.name}":
 `);let tableRows=rows.map((r)=>[formatTimestamp2(r.due_at),r.trigger_status,r.run_status??"-",formatDuration2(r.duration_ms),r.error?r.error.slice(0,60):"-"]);printTable2(["DUE AT","TRIGGER","RUN","DURATION","ERROR"],tableRows),await shutdown()}catch(error2){let message=error2 instanceof Error?error2.message:String(error2);console.error(`Error: ${message}`),process.exit(1)}}function registerScheduleCommands(program2){let schedule=program2.command("schedule").description("Manage scheduled triggers");schedule.command("create <name>").description("Create a new schedule").requiredOption("--command <cmd>",'Command to execute (e.g., "genie spawn reviewer")').option("--at <time>","One-time schedule at absolute time (ISO 8601)").option("--every <interval>","Repeating schedule: duration (10m, 2h, 24h) or cron expression").option("--after <duration>","One-time schedule after delay (10m, 2h)").option("--timezone <tz>","Timezone for schedule (default: UTC)","UTC").option("--lease-timeout <duration>","Lease timeout for runs (default: 5m)").action(async(name,options)=>{await scheduleCreateCommand(name,options)}),schedule.command("list").description("List schedules with next due trigger").option("--json","Output as JSON").option("--watch","Refresh every 2s").action(async(options)=>{await scheduleListCommand(options)}),schedule.command("cancel <name>").description("Cancel a schedule and skip pending triggers").option("--filter <expr>","Filter expression (e.g., status=pending)").action(async(name,options)=>{await scheduleCancelCommand(name,options)}),schedule.command("retry <name>").description("Reset a failed trigger to pending").action(async(name)=>{await scheduleRetryCommand(name)}),schedule.command("history <name>").description("Show past executions for a schedule").option("--limit <n>","Max rows to show (default: 20)",Number.parseInt).action(async(name,options)=>{await scheduleHistoryCommand(name,options)})}import{spawnSync as spawnSync7}from"child_process";import{existsSync as existsSync54,readFileSync as readFileSync35,readdirSync as readdirSync11,realpathSync as realpathSync6}from"fs";import{dirname as dirname14,join as join65,resolve as resolve12}from"path";var defaultDeps5={existsSync:existsSync54,realpathSync:realpathSync6,readFileSync:(path3,encoding)=>readFileSync35(path3,encoding),spawnSync:(command,args,options)=>spawnSync7(command,args,options),setExitCode:(exitCode)=>{process.exitCode=exitCode},stdout:(line)=>process.stdout.write(`${line}
 `),stderr:(line)=>process.stderr.write(`${line}
-`),now:()=>new Date};function collectRepeatedOption(value,previous){return[...previous,value]}function collectKillPid(value,previous){let pid=Number.parseInt(value,10);if(!Number.isFinite(pid)||pid<=0)throw Error(`--kill-pid expects a positive integer, got "${value}"`);return[...previous,pid]}function resolveGenieRoot2(argv1=process.argv[1],deps=defaultDeps5){try{if(argv1){let scriptDir=dirname14(deps.realpathSync(argv1)),candidates=[resolve12(scriptDir,".."),resolve12(scriptDir,"..","..")];for(let candidate of candidates)if(deps.existsSync(join65(candidate,"package.json")))return candidate}}catch{}return resolve12(import.meta.dir,"..","..")}function resolveSecScanScript(argv1=process.argv[1],deps=defaultDeps5){let root=resolveGenieRoot2(argv1,deps),scriptPath=join65(root,"scripts","sec-scan.cjs");if(!deps.existsSync(scriptPath))throw Error(`Security scanner payload not found at ${scriptPath}`);return scriptPath}function resolveSecRemediateScript(argv1=process.argv[1],deps=defaultDeps5){let root=resolveGenieRoot2(argv1,deps),scriptPath=join65(root,"scripts","sec-remediate.cjs");if(!deps.existsSync(scriptPath))throw Error(`Security remediation payload not found at ${scriptPath}`);return scriptPath}var BOOLEAN_FLAG_MAP=[["json","--json"],["allHomes","--all-homes"],["noProgress","--no-progress"],["quiet","--quiet"],["verbose","--verbose"],["progressJson","--progress-json"],["redact","--redact"],["impactSurface","--impact-surface"]],REPEATED_FLAG_MAP=[["home","--home"],["root","--root"],["phaseBudget","--phase-budget"]],STRING_FLAG_MAP=[["progressInterval","--progress-interval"],["eventsFile","--events-file"]];function buildSecScanArgv(options){let args=[];for(let[key,flag]of BOOLEAN_FLAG_MAP)if(options[key])args.push(flag);for(let[key,flag]of REPEATED_FLAG_MAP){let values2=options[key]??[];for(let value of values2)args.push(flag,value)}for(let[key,flag]of STRING_FLAG_MAP){let value=options[key];if(value)args.push(flag,value)}if(options.persist===!1)args.push("--no-persist");return args}function buildSecRemediateArgv(options){let args=[];if(options.dryRun)args.push("--dry-run");if(options.apply)args.push("--apply");if(options.resume)args.push("--resume",options.resume);if(options.scanReport)args.push("--scan-report",options.scanReport);if(options.scanId)args.push("--scan-id",options.scanId);if(options.plan)args.push("--plan",options.plan);if(options.quarantineDir)args.push("--quarantine-dir",options.quarantineDir);if(options.unsafeUnverified)args.push("--unsafe-unverified",options.unsafeUnverified);if(options.remediatePartial)args.push("--remediate-partial");if(options.confirmIncompleteScan)args.push("--confirm-incomplete-scan",options.confirmIncompleteScan);for(let pid of options.killPid??[])args.push("--kill-pid",String(pid));if(options.autoConfirmFrom)args.push("--auto-confirm-from",options.autoConfirmFrom);if(options.json)args.push("--json");return args}function runSecScan(options,deps=defaultDeps5){let args=[resolveSecScanScript(process.argv[1],deps),...buildSecScanArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecRemediate(options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecRemediateArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecRestore(quarantineId,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),"--restore",quarantineId],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function buildSecRollbackArgv(scanId,options){let args=["--rollback",scanId];if(options.json)args.push("--json");return args}function buildSecQuarantineListArgv(options){let args=["--quarantine-list"];if(options.json)args.push("--json");return args}function buildSecQuarantineGcArgv(options){let args=["--quarantine-gc"];if(options.olderThan)args.push("--older-than",options.olderThan);if(options.confirmGc)args.push("--confirm-gc",options.confirmGc);if(options.json)args.push("--json");return args}function runSecRollback(scanId,options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecRollbackArgv(scanId,options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecQuarantineList(options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecQuarantineListArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecQuarantineGc(options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecQuarantineGcArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function applySecScanExitCode(exitCode,deps=defaultDeps5){if(exitCode!==0)deps.setExitCode(exitCode)}var VERIFY_EXIT={VERIFIED:0,SIGNATURE_INVALID:2,SIGNER_IDENTITY_MISMATCH:3,PROVENANCE_INVALID:4,NO_SIGNATURE_MATERIAL:5,MISSING_BINARY:127},SIGNER_IDENTITY_REGEXP="^https://github.com/automagik-dev/genie/.github/workflows/release.yml@",SIGNER_OIDC_ISSUER="https://token.actions.githubusercontent.com",PROVENANCE_SOURCE_URI="github.com/automagik-dev/genie",COSIGN_NO_KEY_SENTINEL="BEGIN COSIGN NO-PINNED-KEY SENTINEL";function discoverSignatureBundle(bundleDir,deps=defaultDeps5){if(!deps.existsSync(bundleDir))return null;let candidates=[];try{for(let entry2 of readdirSync11(bundleDir))if(entry2.endsWith(".tgz"))candidates.push(entry2)}catch{return null}for(let tarballName of candidates){let tarball=join65(bundleDir,tarballName),signature=`${tarball}.sig`,certificate=`${tarball}.cert`;if(!deps.existsSync(signature))continue;if(!deps.existsSync(certificate))continue;let provenancePath=join65(bundleDir,"provenance.intoto.jsonl"),provenance=deps.existsSync(provenancePath)?provenancePath:null;return{tarball,signature,certificate,provenance}}return null}function readsAsCosignSentinel(path3,deps=defaultDeps5){if(!deps.existsSync(path3))return!1;try{return deps.readFileSync(path3,"utf8").includes(COSIGN_NO_KEY_SENTINEL)}catch{return!1}}function ensureBinary(name,deps){let result2=deps.spawnSync(name,["--version"],{stdio:"pipe",encoding:"utf8"});if(result2.error)return{ok:!1,binary:name,reason:result2.error.message};if((result2.status??1)!==0)return{ok:!1,binary:name,reason:`${name} --version exited non-zero`};return{ok:!0,binary:name}}function buildVerifyResult(exitCode,ctx){return{exitCode,json:{verified:exitCode===VERIFY_EXIT.VERIFIED,exit_code:exitCode,signer_identity:SIGNER_IDENTITY_REGEXP,signer_oidc_issuer:SIGNER_OIDC_ISSUER,signature_source:ctx.bundle?.signature??null,provenance_source:ctx.bundle?.provenance??null,tarball_path:ctx.bundle?.tarball??null,verified_at:ctx.verifiedAt,pinned_key_fingerprint:null,signing_mode:"cosign-keyless",offline:ctx.offline,errors:ctx.errors}}}function classifyCosignFailure(stderr){let lower=stderr.toLowerCase();return lower.includes("certificate identity")||lower.includes("subject does not match")||lower.includes("oidc issuer")?VERIFY_EXIT.SIGNER_IDENTITY_MISMATCH:VERIFY_EXIT.SIGNATURE_INVALID}function runCosignStep(bundle,offline,errors3,deps){let cosignCheck=ensureBinary("cosign",deps);if(!cosignCheck.ok)return errors3.push(`cosign not available in PATH (${cosignCheck.reason??"unknown"}). Install from https://docs.sigstore.dev/cosign/installation/.`),VERIFY_EXIT.MISSING_BINARY;let cosignArgs=["verify-blob","--certificate-identity-regexp",SIGNER_IDENTITY_REGEXP,"--certificate-oidc-issuer",SIGNER_OIDC_ISSUER,"--signature",bundle.signature,"--certificate",bundle.certificate,bundle.tarball];if(offline)cosignArgs.push("--insecure-ignore-tlog","--offline");let result2=deps.spawnSync("cosign",cosignArgs,{stdio:"pipe",encoding:"utf8"});if(result2.error)return errors3.push(`cosign spawn failed: ${result2.error.message}`),VERIFY_EXIT.MISSING_BINARY;if((result2.status??1)===0)return VERIFY_EXIT.VERIFIED;let stderr=typeof result2.stderr==="string"?result2.stderr:"";if(stderr)errors3.push(stderr.trim());return classifyCosignFailure(stderr)}function runSlsaStep(bundle,errors3,deps){if(!bundle.provenance)return errors3.push(`provenance.intoto.jsonl missing alongside ${bundle.tarball} \u2014 cosign passed but SLSA provenance cannot be checked.`),VERIFY_EXIT.PROVENANCE_INVALID;let slsaCheck=ensureBinary("slsa-verifier",deps);if(!slsaCheck.ok)return errors3.push(`slsa-verifier not available in PATH (${slsaCheck.reason??"unknown"}). Install from https://github.com/slsa-framework/slsa-verifier.`),VERIFY_EXIT.MISSING_BINARY;let result2=deps.spawnSync("slsa-verifier",["verify-artifact",bundle.tarball,"--provenance-path",bundle.provenance,"--source-uri",PROVENANCE_SOURCE_URI],{stdio:"pipe",encoding:"utf8"});if(result2.error)return errors3.push(`slsa-verifier spawn failed: ${result2.error.message}`),VERIFY_EXIT.MISSING_BINARY;if((result2.status??1)===0)return VERIFY_EXIT.VERIFIED;let stderr=typeof result2.stderr==="string"?result2.stderr:"";if(stderr)errors3.push(stderr.trim());return VERIFY_EXIT.PROVENANCE_INVALID}function resolveBundleDir(options,genieRoot){if(options.bundleDir)return options.bundleDir;if(options.tarball)return dirname14(resolve12(options.tarball));return resolve12(genieRoot)}function runVerifyInstall(options,deps=defaultDeps5){let errors3=[],verifiedAt=deps.now().toISOString(),offline=options.offline===!0,genieRoot=resolveGenieRoot2(process.argv[1],deps),bundleDir=resolveBundleDir(options,genieRoot),bundle=discoverSignatureBundle(bundleDir,deps),ctx={bundle,verifiedAt,offline,errors:errors3};if(!bundle){if(errors3.push(`No signed release bundle found under ${bundleDir}. Expected <pkg>.tgz + .sig + .cert + provenance.intoto.jsonl.`),readsAsCosignSentinel(join65(genieRoot,".github","cosign.pub"),deps))errors3.push(".github/cosign.pub is the documented NO-KEY sentinel \u2014 release signing is cosign KEYLESS ONLY; there is no public key to pin.");return buildVerifyResult(VERIFY_EXIT.NO_SIGNATURE_MATERIAL,ctx)}let cosignExit=runCosignStep(bundle,offline,errors3,deps);if(cosignExit!==VERIFY_EXIT.VERIFIED)return buildVerifyResult(cosignExit,ctx);let slsaExit=runSlsaStep(bundle,errors3,deps);return buildVerifyResult(slsaExit,ctx)}function emitHumanReport(result2,options,deps){let{json:json2,exitCode}=result2,status=json2.verified?"OK":"FAIL";if(deps.stdout(`verify-install: ${status} (exit ${exitCode})`),deps.stdout(`  signing mode:       ${json2.signing_mode}`),deps.stdout(`  signer identity:    ${json2.signer_identity}`),deps.stdout(`  OIDC issuer:        ${json2.signer_oidc_issuer}`),deps.stdout(`  provenance source:  ${PROVENANCE_SOURCE_URI}`),deps.stdout(`  tarball:            ${json2.tarball_path??"(not found)"}`),deps.stdout(`  signature:          ${json2.signature_source??"(not found)"}`),deps.stdout(`  provenance:         ${json2.provenance_source??"(not found)"}`),deps.stdout(`  verified_at:        ${json2.verified_at}`),deps.stdout(`  offline:            ${json2.offline?"yes (skips Rekor tlog)":"no"}`),options.offline)deps.stdout("  warning:            offline mode skips the Rekor transparency log; revoked certs are not detected.");if(json2.errors.length>0){deps.stderr("verify-install errors:");for(let err of json2.errors)deps.stderr(`  - ${err}`)}}function runVerifyInstallCommand(options,deps=defaultDeps5){let result2=runVerifyInstall(options,deps);if(options.json)deps.stdout(JSON.stringify(result2.json));else emitHumanReport(result2,options,deps);return result2.exitCode}function registerSecCommands(program2,deps=defaultDeps5){let sec=program2.command("sec").description("Security tooling \u2014 host compromise triage and IOC hunts");sec.command("scan",{isDefault:!0}).description("Scan host for TeamPCP/CanisterWorm-style package compromise indicators (read-only)").option("--json","Emit machine-readable report on stdout (for archival, CI, or piping to jq)").option("--all-homes","Blast-radius flag \u2014 scan every /root, /home/*, /Users/*, and WSL Windows home found on the host. When to reach for this: incident-response on a multi-tenant box or CI runner where per-user material must all be assessed in one pass.").option("--home <path>","Add one extra home directory to scan. When to reach for this: the scanner did not auto-discover a non-standard home (e.g. /var/lib/service-user) but you know it holds at-risk material.",collectRepeatedOption,[]).option("--root <path>","Blast-radius flag \u2014 add an application root (repeatable) to scan for lockfiles, node_modules, and project evidence. When to reach for this: a multi-service host where each service lives under its own prefix (e.g. --root /srv/app --root /opt/worker).",collectRepeatedOption,[]).option("--no-progress","Suppress progress output on stderr").option("--quiet","Suppress progress and banners on stderr").option("--verbose","Emit extra diagnostics on stderr").option("--progress-json","Emit progress as NDJSON events to stderr").option("--progress-interval <ms>","Progress tick interval in milliseconds").option("--events-file <path>","Append structured NDJSON events to a 0600-mode file").option("--redact","Hash $HOME-prefixed paths; scrub AWS/GitHub/npm/JWT patterns").option("--no-persist","Do not persist the report to $GENIE_HOME/sec-scan/").option("--impact-surface","Scan for at-risk local material (secrets, wallets, browsers)").option("--phase-budget <name=ms>","Budget (ms) for a named phase (repeatable)",collectRepeatedOption,[]).addHelpText("after",`
+`),now:()=>new Date};function collectRepeatedOption(value,previous){return[...previous,value]}function collectKillPid(value,previous){let pid=Number.parseInt(value,10);if(!Number.isFinite(pid)||pid<=0)throw Error(`--kill-pid expects a positive integer, got "${value}"`);return[...previous,pid]}function resolveGenieRoot2(argv1=process.argv[1],deps=defaultDeps5){try{if(argv1){let scriptDir=dirname14(deps.realpathSync(argv1)),candidates=[resolve12(scriptDir,".."),resolve12(scriptDir,"..","..")];for(let candidate of candidates)if(deps.existsSync(join65(candidate,"package.json")))return candidate}}catch{}return resolve12(import.meta.dir,"..","..")}function resolveSecScanScript(argv1=process.argv[1],deps=defaultDeps5){let root=resolveGenieRoot2(argv1,deps),scriptPath=join65(root,"scripts","sec-scan.cjs");if(!deps.existsSync(scriptPath))throw Error(`Security scanner payload not found at ${scriptPath}`);return scriptPath}function resolveSecRemediateScript(argv1=process.argv[1],deps=defaultDeps5){let root=resolveGenieRoot2(argv1,deps),scriptPath=join65(root,"scripts","sec-remediate.cjs");if(!deps.existsSync(scriptPath))throw Error(`Security remediation payload not found at ${scriptPath}`);return scriptPath}function resolveSecFixScript(argv1=process.argv[1],deps=defaultDeps5){let root=resolveGenieRoot2(argv1,deps),scriptPath=join65(root,"scripts","sec-fix.cjs");if(!deps.existsSync(scriptPath))throw Error(`Security fix payload not found at ${scriptPath}`);return scriptPath}function buildSecFixArgv(options){let args=[];if(options.yes)args.push("--yes");if(options.json)args.push("--json");if(options.skipReinstall)args.push("--skip-reinstall");if(options.skipRescan)args.push("--skip-rescan");if(options.dryRun)args.push("--dry-run");if(options.unsafeUnverified)args.push("--unsafe-unverified",options.unsafeUnverified);return args}function runSecFix(options,deps=defaultDeps5){let args=[resolveSecFixScript(process.argv[1],deps),...buildSecFixArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}var BOOLEAN_FLAG_MAP=[["json","--json"],["allHomes","--all-homes"],["noProgress","--no-progress"],["quiet","--quiet"],["verbose","--verbose"],["progressJson","--progress-json"],["redact","--redact"],["impactSurface","--impact-surface"]],REPEATED_FLAG_MAP=[["home","--home"],["root","--root"],["phaseBudget","--phase-budget"]],STRING_FLAG_MAP=[["progressInterval","--progress-interval"],["eventsFile","--events-file"]];function buildSecScanArgv(options){let args=[];for(let[key,flag]of BOOLEAN_FLAG_MAP)if(options[key])args.push(flag);for(let[key,flag]of REPEATED_FLAG_MAP){let values2=options[key]??[];for(let value of values2)args.push(flag,value)}for(let[key,flag]of STRING_FLAG_MAP){let value=options[key];if(value)args.push(flag,value)}if(options.persist===!1)args.push("--no-persist");return args}function buildSecRemediateArgv(options){let args=[];if(options.dryRun)args.push("--dry-run");if(options.apply)args.push("--apply");if(options.resume)args.push("--resume",options.resume);if(options.scanReport)args.push("--scan-report",options.scanReport);if(options.scanId)args.push("--scan-id",options.scanId);if(options.plan)args.push("--plan",options.plan);if(options.quarantineDir)args.push("--quarantine-dir",options.quarantineDir);if(options.unsafeUnverified)args.push("--unsafe-unverified",options.unsafeUnverified);if(options.remediatePartial)args.push("--remediate-partial");if(options.confirmIncompleteScan)args.push("--confirm-incomplete-scan",options.confirmIncompleteScan);for(let pid of options.killPid??[])args.push("--kill-pid",String(pid));if(options.autoConfirmFrom)args.push("--auto-confirm-from",options.autoConfirmFrom);if(options.json)args.push("--json");return args}function runSecScan(options,deps=defaultDeps5){let args=[resolveSecScanScript(process.argv[1],deps),...buildSecScanArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecRemediate(options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecRemediateArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecRestore(quarantineId,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),"--restore",quarantineId],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function buildSecRollbackArgv(scanId,options){let args=["--rollback",scanId];if(options.json)args.push("--json");return args}function buildSecQuarantineListArgv(options){let args=["--quarantine-list"];if(options.json)args.push("--json");return args}function buildSecQuarantineGcArgv(options){let args=["--quarantine-gc"];if(options.olderThan)args.push("--older-than",options.olderThan);if(options.confirmGc)args.push("--confirm-gc",options.confirmGc);if(options.json)args.push("--json");return args}function runSecRollback(scanId,options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecRollbackArgv(scanId,options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecQuarantineList(options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecQuarantineListArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function runSecQuarantineGc(options,deps=defaultDeps5){let args=[resolveSecRemediateScript(process.argv[1],deps),...buildSecQuarantineGcArgv(options)],result2=deps.spawnSync(process.execPath,args,{stdio:"inherit"});if(result2.error)throw result2.error;return result2.status??1}function applySecScanExitCode(exitCode,deps=defaultDeps5){if(exitCode!==0)deps.setExitCode(exitCode)}var VERIFY_EXIT={VERIFIED:0,SIGNATURE_INVALID:2,SIGNER_IDENTITY_MISMATCH:3,PROVENANCE_INVALID:4,NO_SIGNATURE_MATERIAL:5,MISSING_BINARY:127},SIGNER_IDENTITY_REGEXP="^https://github.com/automagik-dev/genie/.github/workflows/release.yml@",SIGNER_OIDC_ISSUER="https://token.actions.githubusercontent.com",PROVENANCE_SOURCE_URI="github.com/automagik-dev/genie",COSIGN_NO_KEY_SENTINEL="BEGIN COSIGN NO-PINNED-KEY SENTINEL";function discoverSignatureBundle(bundleDir,deps=defaultDeps5){if(!deps.existsSync(bundleDir))return null;let candidates=[];try{for(let entry2 of readdirSync11(bundleDir))if(entry2.endsWith(".tgz"))candidates.push(entry2)}catch{return null}for(let tarballName of candidates){let tarball=join65(bundleDir,tarballName),signature=`${tarball}.sig`,certificate=`${tarball}.cert`;if(!deps.existsSync(signature))continue;if(!deps.existsSync(certificate))continue;let provenancePath=join65(bundleDir,"provenance.intoto.jsonl"),provenance=deps.existsSync(provenancePath)?provenancePath:null;return{tarball,signature,certificate,provenance}}return null}function readsAsCosignSentinel(path3,deps=defaultDeps5){if(!deps.existsSync(path3))return!1;try{return deps.readFileSync(path3,"utf8").includes(COSIGN_NO_KEY_SENTINEL)}catch{return!1}}function ensureBinary(name,deps){let result2=deps.spawnSync(name,["--version"],{stdio:"pipe",encoding:"utf8"});if(result2.error)return{ok:!1,binary:name,reason:result2.error.message};if((result2.status??1)!==0)return{ok:!1,binary:name,reason:`${name} --version exited non-zero`};return{ok:!0,binary:name}}function buildVerifyResult(exitCode,ctx){return{exitCode,json:{verified:exitCode===VERIFY_EXIT.VERIFIED,exit_code:exitCode,signer_identity:SIGNER_IDENTITY_REGEXP,signer_oidc_issuer:SIGNER_OIDC_ISSUER,signature_source:ctx.bundle?.signature??null,provenance_source:ctx.bundle?.provenance??null,tarball_path:ctx.bundle?.tarball??null,verified_at:ctx.verifiedAt,pinned_key_fingerprint:null,signing_mode:"cosign-keyless",offline:ctx.offline,errors:ctx.errors}}}function classifyCosignFailure(stderr){let lower=stderr.toLowerCase();return lower.includes("certificate identity")||lower.includes("subject does not match")||lower.includes("oidc issuer")?VERIFY_EXIT.SIGNER_IDENTITY_MISMATCH:VERIFY_EXIT.SIGNATURE_INVALID}function runCosignStep(bundle,offline,errors3,deps){let cosignCheck=ensureBinary("cosign",deps);if(!cosignCheck.ok)return errors3.push(`cosign not available in PATH (${cosignCheck.reason??"unknown"}). Install from https://docs.sigstore.dev/cosign/installation/.`),VERIFY_EXIT.MISSING_BINARY;let cosignArgs=["verify-blob","--certificate-identity-regexp",SIGNER_IDENTITY_REGEXP,"--certificate-oidc-issuer",SIGNER_OIDC_ISSUER,"--signature",bundle.signature,"--certificate",bundle.certificate,bundle.tarball];if(offline)cosignArgs.push("--insecure-ignore-tlog","--offline");let result2=deps.spawnSync("cosign",cosignArgs,{stdio:"pipe",encoding:"utf8"});if(result2.error)return errors3.push(`cosign spawn failed: ${result2.error.message}`),VERIFY_EXIT.MISSING_BINARY;if((result2.status??1)===0)return VERIFY_EXIT.VERIFIED;let stderr=typeof result2.stderr==="string"?result2.stderr:"";if(stderr)errors3.push(stderr.trim());return classifyCosignFailure(stderr)}function runSlsaStep(bundle,errors3,deps){if(!bundle.provenance)return errors3.push(`provenance.intoto.jsonl missing alongside ${bundle.tarball} \u2014 cosign passed but SLSA provenance cannot be checked.`),VERIFY_EXIT.PROVENANCE_INVALID;let slsaCheck=ensureBinary("slsa-verifier",deps);if(!slsaCheck.ok)return errors3.push(`slsa-verifier not available in PATH (${slsaCheck.reason??"unknown"}). Install from https://github.com/slsa-framework/slsa-verifier.`),VERIFY_EXIT.MISSING_BINARY;let result2=deps.spawnSync("slsa-verifier",["verify-artifact",bundle.tarball,"--provenance-path",bundle.provenance,"--source-uri",PROVENANCE_SOURCE_URI],{stdio:"pipe",encoding:"utf8"});if(result2.error)return errors3.push(`slsa-verifier spawn failed: ${result2.error.message}`),VERIFY_EXIT.MISSING_BINARY;if((result2.status??1)===0)return VERIFY_EXIT.VERIFIED;let stderr=typeof result2.stderr==="string"?result2.stderr:"";if(stderr)errors3.push(stderr.trim());return VERIFY_EXIT.PROVENANCE_INVALID}function resolveBundleDir(options,genieRoot){if(options.bundleDir)return options.bundleDir;if(options.tarball)return dirname14(resolve12(options.tarball));return resolve12(genieRoot)}function runVerifyInstall(options,deps=defaultDeps5){let errors3=[],verifiedAt=deps.now().toISOString(),offline=options.offline===!0,genieRoot=resolveGenieRoot2(process.argv[1],deps),bundleDir=resolveBundleDir(options,genieRoot),bundle=discoverSignatureBundle(bundleDir,deps),ctx={bundle,verifiedAt,offline,errors:errors3};if(!bundle){if(errors3.push(`No signed release bundle found under ${bundleDir}. Expected <pkg>.tgz + .sig + .cert + provenance.intoto.jsonl.`),readsAsCosignSentinel(join65(genieRoot,".github","cosign.pub"),deps))errors3.push(".github/cosign.pub is the documented NO-KEY sentinel \u2014 release signing is cosign KEYLESS ONLY; there is no public key to pin.");return buildVerifyResult(VERIFY_EXIT.NO_SIGNATURE_MATERIAL,ctx)}let cosignExit=runCosignStep(bundle,offline,errors3,deps);if(cosignExit!==VERIFY_EXIT.VERIFIED)return buildVerifyResult(cosignExit,ctx);let slsaExit=runSlsaStep(bundle,errors3,deps);return buildVerifyResult(slsaExit,ctx)}function emitHumanReport(result2,options,deps){let{json:json2,exitCode}=result2,status=json2.verified?"OK":"FAIL";if(deps.stdout(`verify-install: ${status} (exit ${exitCode})`),deps.stdout(`  signing mode:       ${json2.signing_mode}`),deps.stdout(`  signer identity:    ${json2.signer_identity}`),deps.stdout(`  OIDC issuer:        ${json2.signer_oidc_issuer}`),deps.stdout(`  provenance source:  ${PROVENANCE_SOURCE_URI}`),deps.stdout(`  tarball:            ${json2.tarball_path??"(not found)"}`),deps.stdout(`  signature:          ${json2.signature_source??"(not found)"}`),deps.stdout(`  provenance:         ${json2.provenance_source??"(not found)"}`),deps.stdout(`  verified_at:        ${json2.verified_at}`),deps.stdout(`  offline:            ${json2.offline?"yes (skips Rekor tlog)":"no"}`),options.offline)deps.stdout("  warning:            offline mode skips the Rekor transparency log; revoked certs are not detected.");if(json2.errors.length>0){deps.stderr("verify-install errors:");for(let err of json2.errors)deps.stderr(`  - ${err}`)}}function runVerifyInstallCommand(options,deps=defaultDeps5){let result2=runVerifyInstall(options,deps);if(options.json)deps.stdout(JSON.stringify(result2.json));else emitHumanReport(result2,options,deps);return result2.exitCode}function registerSecCommands(program2,deps=defaultDeps5){let sec=program2.command("sec").description("Security tooling \u2014 host compromise triage and IOC hunts");sec.command("scan",{isDefault:!0}).description("Scan host for TeamPCP/CanisterWorm-style package compromise indicators (read-only)").option("--json","Emit machine-readable report on stdout (for archival, CI, or piping to jq)").option("--all-homes","Blast-radius flag \u2014 scan every /root, /home/*, /Users/*, and WSL Windows home found on the host. When to reach for this: incident-response on a multi-tenant box or CI runner where per-user material must all be assessed in one pass.").option("--home <path>","Add one extra home directory to scan. When to reach for this: the scanner did not auto-discover a non-standard home (e.g. /var/lib/service-user) but you know it holds at-risk material.",collectRepeatedOption,[]).option("--root <path>","Blast-radius flag \u2014 add an application root (repeatable) to scan for lockfiles, node_modules, and project evidence. When to reach for this: a multi-service host where each service lives under its own prefix (e.g. --root /srv/app --root /opt/worker).",collectRepeatedOption,[]).option("--no-progress","Suppress progress output on stderr").option("--quiet","Suppress progress and banners on stderr").option("--verbose","Emit extra diagnostics on stderr").option("--progress-json","Emit progress as NDJSON events to stderr").option("--progress-interval <ms>","Progress tick interval in milliseconds").option("--events-file <path>","Append structured NDJSON events to a 0600-mode file").option("--redact","Hash $HOME-prefixed paths; scrub AWS/GitHub/npm/JWT patterns").option("--no-persist","Do not persist the report to $GENIE_HOME/sec-scan/").option("--impact-surface","Scan for at-risk local material (secrets, wallets, browsers)").option("--phase-budget <name=ms>","Budget (ms) for a named phase (repeatable)",collectRepeatedOption,[]).addHelpText("after",`
 Examples:
   # Quick triage of the current project and every home on the host.
   $ genie sec scan --all-homes --root "$PWD"
@@ -4198,7 +4198,23 @@ Examples:
 Nothing is deleted without a recoverable copy under $GENIE_SEC_QUARANTINE_DIR. Undo with:
   genie sec restore <quarantine-id>      # one item
   genie sec rollback <scan-id>           # every action for a scan
-`.trimStart()).action((options)=>{let normalized={...options};if(!normalized.dryRun&&!normalized.apply&&!normalized.resume)normalized.dryRun=!0;let exitCode=runSecRemediate(normalized,deps);applySecScanExitCode(exitCode,deps)}),sec.command("restore <quarantine-id>").description("Restore every action under a quarantine id (sha256-verified per file)").addHelpText("after",`
+`.trimStart()).action((options)=>{let normalized={...options};if(!normalized.dryRun&&!normalized.apply&&!normalized.resume)normalized.dryRun=!0;let exitCode=runSecRemediate(normalized,deps);applySecScanExitCode(exitCode,deps)}),sec.command("fix").description("One-shot remediation \u2014 scan, kill compromised processes, purge caches, reinstall clean binary, re-scan (interactive)").option("--yes, -y","Non-interactive \u2014 pre-accepts the operator confirmation prompt (CI use only)").option("--json","Emit a machine-readable final summary").option("--skip-reinstall","Do not run `bun add -g @automagik/genie@next` at the end").option("--skip-rescan","Do not run the confirmation re-scan").option("--unsafe-unverified <id>","Passed through to `sec-remediate --apply` when the binary is not signature-verified").option("--dry-run","Plan everything, change nothing; prints exact commands that would run").addHelpText("after",`
+Examples:
+  # Interactive: review the plan, type 'y' to apply, get a clean re-scan.
+  $ genie sec fix
+  # CI / scripted: all consents pre-accepted, JSON summary at the end.
+  $ genie sec fix --yes --json > /var/log/genie-sec-fix.json
+  # Plan-only, no mutations.
+  $ genie sec fix --dry-run
+Recovery after \`fix\` (nothing is destructive-without-recourse):
+  # restore one quarantined item
+  $ genie sec restore <quarantine-id>
+  # roll back every action for this scan
+  $ genie sec rollback <scan-id>
+`.trimStart()).action((options)=>{let exitCode=runSecFix(options,deps);applySecScanExitCode(exitCode,deps)}),sec.command("restore <quarantine-id>").description("Restore every action under a quarantine id (sha256-verified per file)").addHelpText("after",`
 Examples:
   # List quarantines, then restore a specific one by id.
   $ genie sec quarantine list

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@automagik/genie",
-  "version": "4.260424.14",
+  "version": "4.260424.16",
   "description": "Collaborative terminal toolkit for human + AI workflows",
   "type": "module",
   "bin": {
@@ -13,6 +13,7 @@
     "scripts/postinstall-tmux.js",
     "scripts/sec-scan.cjs",
     "scripts/sec-remediate.cjs",
+    "scripts/sec-fix.cjs",
     "scripts/tmux/",
     "src/db/migrations/",
     "templates/",

package/plugins/genie/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "genie",
-  "version": "4.260424.14",
+  "version": "4.260424.16",
   "description": "Human-AI partnership for Claude Code. Share a terminal, orchestrate workers, evolve together. Brainstorm ideas, turn them into wishes, execute with /work, validate with /review, and ship as one team.",
   "author": {
     "name": "Namastex Labs"

package/plugins/genie/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "genie-plugin",
-  "version": "4.260424.14",
+  "version": "4.260424.16",
   "private": true,
   "description": "Runtime dependencies for genie bundled CLIs",
   "type": "module",

package/scripts/sec-fix.cjs ADDED Viewed

@@ -0,0 +1,775 @@
+#!/usr/bin/env node
+/**
+ * sec-fix.cjs — one-shot CanisterWorm incident remediation wrapper.
+ *
+ * Ship-all semantics: given a scan report that shows hard evidence, run
+ * the complete playbook end-to-end:
+ *   1. Kill any live processes that were started from a compromised
+ *      install path (they may have malware loaded in-memory even if the
+ *      filesystem was later updated).
+ *   2. Quarantine compromised installed-package directories (via the
+ *      existing sec-remediate plan → apply pipeline, for reversibility).
+ *   3. Wholesale-purge the local npm + bun caches for compromised
+ *      tracked-package versions. Caches re-fetch on demand; no user-visible
+ *      regression.
+ *   4. Delete the malicious tarballs the scanner found in $TMPDIR.
+ *   5. Reinstall @automagik/genie from the `@next` dist-tag so the global
+ *      binary is on a clean version.
+ *   6. Re-scan and report the final state so the operator can see whether
+ *      anything remains.
+ *
+ * Every mutating step is annotated with its recoverable-path (quarantine
+ * restore, cache re-fetch, or re-install) before execution. --yes bypasses
+ * the interactive confirmation (CI use only).
+ *
+ * Nothing in this script invents new incident classification — it reads
+ * the envelope that sec-scan.cjs already produces and acts on the hard-
+ * evidence subset defined there.
+ *
+ * Usage:
+ *   genie sec fix                    # default: scan → plan → confirm → apply → reinstall → rescan
+ *   genie sec fix --yes              # non-interactive
+ *   genie sec fix --skip-reinstall   # skip step 5 (keep current binary)
+ *   genie sec fix --skip-rescan      # skip step 6
+ *   genie sec fix --json             # machine-readable final summary
+ */
+const { spawnSync } = require('node:child_process');
+const { rmSync, statSync, unlinkSync } = require('node:fs');
+const { homedir } = require('node:os');
+const { join } = require('node:path');
+const SCRIPT_DIR = __dirname;
+const SCAN_SCRIPT = join(SCRIPT_DIR, 'sec-scan.cjs');
+// ---------------------------------------------------------------------------
+// Argument parsing
+// ---------------------------------------------------------------------------
+function parseArgs(argv) {
+  const options = {
+    yes: false,
+    json: false,
+    skipReinstall: false,
+    skipRescan: false,
+    unsafeUnverified: null,
+    dryRun: false,
+    help: false,
+  };
+  for (let i = 2; i < argv.length; i += 1) {
+    const token = argv[i];
+    switch (token) {
+      case '--yes':
+      case '-y':
+        options.yes = true;
+        break;
+      case '--json':
+        options.json = true;
+        break;
+      case '--skip-reinstall':
+        options.skipReinstall = true;
+        break;
+      case '--skip-rescan':
+        options.skipRescan = true;
+        break;
+      case '--dry-run':
+        options.dryRun = true;
+        break;
+      case '--unsafe-unverified':
+        options.unsafeUnverified = argv[++i];
+        break;
+      case '--help':
+      case '-h':
+        options.help = true;
+        break;
+      default:
+        die(`unknown flag: ${token}`);
+    }
+  }
+  return options;
+}
+function printHelp() {
+  process.stdout.write(`Usage: genie sec fix [options]
+One-shot CanisterWorm incident remediation. Orchestrates the full cleanup
+playbook so you do not have to chain scan → plan → apply → reinstall → rescan
+by hand.
+Options:
+  --yes, -y                Non-interactive mode (CI use only). Pre-accepts
+                           all typed consent strings. Every pre-accepted
+                           consent is still logged to the audit ledger.
+  --json                   Emit a machine-readable summary at the end.
+  --skip-reinstall         Do not run bun add -g @automagik/genie@next.
+                           Useful if you manage the binary out-of-band.
+  --skip-rescan            Do not run the confirmation re-scan.
+  --unsafe-unverified <ID> Passed through to sec-remediate --apply when
+                           the running binary is not signature-verified.
+                           INCIDENT_ID must match the contract in
+                           docs/incident-response/canisterworm.md.
+  --dry-run                Plan everything, change nothing. Prints the
+                           exact commands that would run.
+  --help, -h               Show this help.
+Recovery paths (none of this is destructive-without-recourse):
+  - Quarantined files/dirs: genie sec restore <quarantine-id>
+  - Purged caches: re-fetched from registry on next install
+  - Reinstalled binary: the old compromised one is removed from global,
+    but the quarantine still has its bytes if you need them.
+`);
+}
+function die(msg) {
+  process.stderr.write(`sec-fix: ${msg}\n`);
+  process.exit(1);
+}
+// ---------------------------------------------------------------------------
+// Logger (TTY-aware, structured)
+// ---------------------------------------------------------------------------
+const isTTY = !!process.stderr.isTTY;
+const TTY = {
+  reset: isTTY ? '\x1b[0m' : '',
+  bold: isTTY ? '\x1b[1m' : '',
+  dim: isTTY ? '\x1b[2m' : '',
+  underline: isTTY ? '\x1b[4m' : '',
+  blink: isTTY ? '\x1b[5m' : '',
+  inverse: isTTY ? '\x1b[7m' : '',
+  red: isTTY ? '\x1b[31m' : '',
+  green: isTTY ? '\x1b[32m' : '',
+  yellow: isTTY ? '\x1b[33m' : '',
+  blue: isTTY ? '\x1b[34m' : '',
+  magenta: isTTY ? '\x1b[35m' : '',
+  cyan: isTTY ? '\x1b[36m' : '',
+  white: isTTY ? '\x1b[37m' : '',
+  bgRed: isTTY ? '\x1b[41m' : '',
+  bgYellow: isTTY ? '\x1b[43m' : '',
+  bgGreen: isTTY ? '\x1b[42m' : '',
+  bgBlue: isTTY ? '\x1b[44m' : '',
+};
+// Severity tags used in the audit print. Order matters for the summary
+// banner — CRITICAL is always the loudest signal.
+const SEVERITY = {
+  CRITICAL: {
+    label: 'CRITICAL',
+    paint: (s) => `${TTY.bgRed}${TTY.white}${TTY.bold}${TTY.blink} ${s} ${TTY.reset}`,
+    rowPaint: (s) => `${TTY.red}${TTY.bold}${s}${TTY.reset}`,
+    icon: '☠',
+  },
+  DESTRUCTIVE: {
+    label: 'DESTRUCTIVE',
+    paint: (s) => `${TTY.bgRed}${TTY.white}${TTY.bold} ${s} ${TTY.reset}`,
+    rowPaint: (s) => `${TTY.red}${s}${TTY.reset}`,
+    icon: '⚠',
+  },
+  REVERSIBLE: {
+    label: 'REVERSIBLE',
+    paint: (s) => `${TTY.bgYellow}${TTY.bold} ${s} ${TTY.reset}`,
+    rowPaint: (s) => `${TTY.yellow}${s}${TTY.reset}`,
+    icon: '↻',
+  },
+  SAFE: {
+    label: 'SAFE',
+    paint: (s) => `${TTY.bgGreen}${TTY.bold} ${s} ${TTY.reset}`,
+    rowPaint: (s) => `${TTY.green}${s}${TTY.reset}`,
+    icon: '✓',
+  },
+};
+function hrule(char, color) {
+  const width = Math.min((process.stderr.columns || 100) - 2, 96);
+  process.stderr.write(`${color || TTY.dim}${char.repeat(width)}${TTY.reset}\n`);
+}
+function banner(text, severity) {
+  const width = Math.min((process.stderr.columns || 100) - 2, 96);
+  const padded = ` ${text} `;
+  const pad = Math.max(0, Math.floor((width - padded.length) / 2));
+  const line = ' '.repeat(pad) + padded + ' '.repeat(Math.max(0, width - pad - padded.length));
+  const paint = severity.paint;
+  process.stderr.write(`${paint(line)}\n`);
+}
+function section(title) {
+  process.stderr.write(`\n${TTY.bold}${TTY.blue}▶ ${title}${TTY.reset}\n`);
+}
+function info(msg) {
+  process.stderr.write(`  ${msg}\n`);
+}
+function ok(msg) {
+  process.stderr.write(`  ${TTY.green}✓${TTY.reset} ${msg}\n`);
+}
+function warn(msg) {
+  process.stderr.write(`  ${TTY.yellow}⚠${TTY.reset} ${msg}\n`);
+}
+// ---------------------------------------------------------------------------
+// Interactive consent
+// ---------------------------------------------------------------------------
+function promptYesNo(message, { yes }) {
+  if (yes) {
+    info(`${message} [auto-yes]`);
+    return true;
+  }
+  if (!process.stdin.isTTY) {
+    die(`non-interactive environment — pass --yes to pre-accept or run this interactively. Prompt was: ${message}`);
+  }
+  process.stderr.write(`  ${message} [y/N] `);
+  const buf = Buffer.alloc(16);
+  let line = '';
+  // Block-read one line from stdin. Avoids the readline dependency.
+  const fs = require('node:fs');
+  try {
+    while (true) {
+      const n = fs.readSync(0, buf, 0, buf.length, null);
+      if (n <= 0) break;
+      line += buf.slice(0, n).toString('utf8');
+      if (line.includes('\n')) break;
+    }
+  } catch (err) {
+    die(`failed to read consent from stdin: ${err.message}`);
+  }
+  const answer = line.trim().toLowerCase();
+  return answer === 'y' || answer === 'yes';
+}
+// ---------------------------------------------------------------------------
+// Scan
+// ---------------------------------------------------------------------------
+function runScan() {
+  section('1/6 Scan — gathering evidence');
+  const result = spawnSync(process.execPath, [SCAN_SCRIPT, '--json', '--no-progress', '--redact'], {
+    stdio: ['ignore', 'pipe', 'inherit'],
+    maxBuffer: 256 * 1024 * 1024,
+  });
+  if (result.error) die(`scanner failed to launch: ${result.error.message}`);
+  const stdout = result.stdout.toString('utf8').trim();
+  if (!stdout) die('scanner produced no output');
+  let envelope;
+  try {
+    envelope = JSON.parse(stdout);
+  } catch (err) {
+    die(`scanner output is not valid JSON: ${err.message}`);
+  }
+  const summary = envelope.summary || {};
+  ok(
+    `scan complete — status=${summary.status || 'unknown'}  score=${summary.suspicionScore || 0}/100  findings=${
+      summary.findingCounts?.installFindings || 0
+    }`,
+  );
+  return envelope;
+}
+// ---------------------------------------------------------------------------
+// Classify the envelope into the actions we need to take
+// ---------------------------------------------------------------------------
+function classifyEnvelope(envelope) {
+  const plan = {
+    killPids: [],
+    compromisedInstallPaths: [],
+    compromisedBunCacheDirs: [],
+    compromisedNpmCache: false,
+    tempTarballsToDelete: [],
+    compromisedVersionsSeen: new Set(),
+  };
+  // Install findings contain every real compromised install path.
+  for (const finding of envelope.installFindings || []) {
+    plan.compromisedInstallPaths.push(finding.path);
+    if (finding.version) plan.compromisedVersionsSeen.add(`${finding.packageName}@${finding.version}`);
+  }
+  // Bun cache entries flagged as compromised → purge their cache subdirs.
+  for (const entry of envelope.bunCacheFindings || []) {
+    if (entry.path) plan.compromisedBunCacheDirs.push(entry.path);
+    if (entry.version && entry.packageName) plan.compromisedVersionsSeen.add(`${entry.packageName}@${entry.version}`);
+  }
+  // npm cache fetch record → wholesale purge ~/.npm/_cacache (safe: caches re-fetch).
+  if ((envelope.npmTarballFetches || []).length > 0 || (envelope.npmCacheMetadata || []).length > 0) {
+    plan.compromisedNpmCache = true;
+  }
+  // Temp-artifact tarballs with hard evidence (IOC hits or known malware hash).
+  for (const entry of envelope.tempArtifactFindings || []) {
+    const hardEvidence =
+      (entry.iocMatches && entry.iocMatches.length > 0) ||
+      entry.knownMalwareHash === true ||
+      entry.nameMatches?.some((v) => /env-compat\.(?:cjs|js)|\.tgz$/i.test(v));
+    if (hardEvidence && entry.path) plan.tempTarballsToDelete.push(entry.path);
+  }
+  // Live processes whose cmdline includes a compromised install path. The
+  // scanner already records this as `matchedInstallPaths` per process — we
+  // use that as the authoritative hit list because it means the process
+  // was started from a path the scanner independently flagged.
+  for (const proc of envelope.liveProcessFindings || []) {
+    const matched = proc.matchedInstallPaths || [];
+    const hardProcEvidence =
+      proc.hardEvidence === true ||
+      matched.length > 0 ||
+      (proc.versions && proc.versions.length > 0) ||
+      (proc.iocMatches && proc.iocMatches.length > 0);
+    if (hardProcEvidence && proc.pid) plan.killPids.push(proc.pid);
+  }
+  // Also: processes still running from an install path that WAS flagged in
+  // this scan (redundant with matchedInstallPaths, but guards against the
+  // post-upgrade-before-kill case where the filesystem is already clean
+  // but the old process is still in memory). Detect by matching
+  // `.bun/install/global/node_modules/@automagik/genie` or `pgserve`
+  // against cmdline even when installFindings is empty — those are
+  // explicitly the two paths CanisterWorm targets.
+  for (const proc of envelope.liveProcessFindings || []) {
+    if (plan.killPids.includes(proc.pid)) continue;
+    const cmd = proc.command || '';
+    const looksLikeStalePackageProcess =
+      /\/\.bun\/install\/global\/node_modules\/@automagik\/genie\//.test(cmd) ||
+      /\/\.bun\/install\/global\/node_modules\/pgserve\//.test(cmd);
+    // Only offer to kill the long-running ones — something up for <60s is
+    // almost certainly the current user's legitimate post-upgrade shell.
+    const elapsedSec = parseElapsedSeconds(proc.elapsed);
+    if (looksLikeStalePackageProcess && elapsedSec >= 300 && proc.pid) plan.killPids.push(proc.pid);
+  }
+  plan.killPids = [...new Set(plan.killPids)];
+  return plan;
+}
+function parseElapsedSeconds(raw) {
+  if (!raw) return 0;
+  // ps elapsed formats: "MM:SS", "HH:MM:SS", "D-HH:MM:SS".
+  const parts = String(raw).split(/[-:]/).map(Number);
+  if (parts.some(Number.isNaN)) return 0;
+  if (parts.length === 2) return parts[0] * 60 + parts[1];
+  if (parts.length === 3) return parts[0] * 3600 + parts[1] * 60 + parts[2];
+  if (parts.length === 4) return parts[0] * 86400 + parts[1] * 3600 + parts[2] * 60 + parts[3];
+  return 0;
+}
+// ---------------------------------------------------------------------------
+// Plan summary + consent prompt
+// ---------------------------------------------------------------------------
+function renderAuditRow(severity, verb, target, recovery) {
+  const tag = severity.paint(`${severity.icon} ${severity.label.padEnd(11)}`);
+  const verbRow = severity.rowPaint(verb);
+  process.stderr.write(`  ${tag}  ${verbRow}\n`);
+  process.stderr.write(`                ${TTY.dim}target:   ${TTY.reset}${target}\n`);
+  process.stderr.write(`                ${TTY.dim}recovery: ${TTY.reset}${TTY.cyan}${recovery}${TTY.reset}\n\n`);
+}
+function showPlanSummary(plan, options) {
+  process.stderr.write('\n');
+  hrule('═', TTY.red + TTY.bold);
+  banner('⚠  DESTRUCTIVE OPERATIONS AUDIT — REVIEW BEFORE ACCEPTING  ⚠', SEVERITY.DESTRUCTIVE);
+  hrule('═', TTY.red + TTY.bold);
+  process.stderr.write('\n');
+  const counts = { CRITICAL: 0, DESTRUCTIVE: 0, REVERSIBLE: 0, SAFE: 0 };
+  let sawAny = false;
+  for (const pid of plan.killPids) {
+    counts.CRITICAL += 1;
+    sawAny = true;
+    renderAuditRow(
+      SEVERITY.CRITICAL,
+      `KILL PROCESS  pid=${pid}  (SIGTERM + 2s + SIGKILL if still alive)`,
+      `running process id ${pid}`,
+      "service must be restarted manually after fix completes (e.g. 'genie serve start')",
+    );
+  }
+  for (const path of plan.compromisedInstallPaths) {
+    counts.DESTRUCTIVE += 1;
+    sawAny = true;
+    renderAuditRow(
+      SEVERITY.DESTRUCTIVE,
+      'REMOVE INSTALL DIR',
+      path,
+      'clean binary reinstalls in step 5; malicious bytes are quarantined (genie sec restore)',
+    );
+  }
+  for (const path of plan.compromisedBunCacheDirs) {
+    counts.REVERSIBLE += 1;
+    sawAny = true;
+    renderAuditRow(
+      SEVERITY.REVERSIBLE,
+      'PURGE BUN CACHE DIR',
+      path,
+      'bun re-fetches this package from npm registry on next install',
+    );
+  }
+  if (plan.compromisedNpmCache) {
+    counts.REVERSIBLE += 1;
+    sawAny = true;
+    renderAuditRow(
+      SEVERITY.REVERSIBLE,
+      'PURGE NPM CACHE (wholesale)',
+      join(homedir(), '.npm', '_cacache'),
+      'npm rebuilds cache from registry on next install; no user data',
+    );
+  }
+  for (const path of plan.tempTarballsToDelete) {
+    counts.DESTRUCTIVE += 1;
+    sawAny = true;
+    renderAuditRow(
+      SEVERITY.DESTRUCTIVE,
+      'UNLINK MALICIOUS TARBALL',
+      path,
+      'this file IS the payload — deletion IS the recovery',
+    );
+  }
+  if (!options.skipReinstall && sawAny) {
+    counts.SAFE += 1;
+    renderAuditRow(
+      SEVERITY.SAFE,
+      'REINSTALL @automagik/genie@next  (global binary)',
+      "via 'bun add -g @automagik/genie@next'",
+      'installing the clean version never regresses; old bytes are already quarantined',
+    );
+  }
+  if (!options.skipRescan && sawAny) {
+    counts.SAFE += 1;
+    renderAuditRow(
+      SEVERITY.SAFE,
+      'RE-SCAN to confirm clean state',
+      'invokes `sec-scan.cjs --json --redact`',
+      'read-only; no mutations',
+    );
+  }
+  hrule('═', TTY.red + TTY.bold);
+  const total = counts.CRITICAL + counts.DESTRUCTIVE + counts.REVERSIBLE + counts.SAFE;
+  if (sawAny) {
+    const countsLine =
+      `${SEVERITY.CRITICAL.rowPaint(`${counts.CRITICAL} CRITICAL`)}  ` +
+      `${SEVERITY.DESTRUCTIVE.rowPaint(`${counts.DESTRUCTIVE} DESTRUCTIVE`)}  ` +
+      `${SEVERITY.REVERSIBLE.rowPaint(`${counts.REVERSIBLE} REVERSIBLE`)}  ` +
+      `${SEVERITY.SAFE.rowPaint(`${counts.SAFE} SAFE`)}`;
+    process.stderr.write(`  ${TTY.bold}TOTAL: ${total} operations${TTY.reset}     ${countsLine}\n`);
+    hrule('═', TTY.red + TTY.bold);
+    if (counts.CRITICAL > 0) {
+      process.stderr.write('\n');
+      process.stderr.write(
+        `  ${TTY.blink}${TTY.red}${TTY.bold}⚠  ${counts.CRITICAL} CRITICAL operation(s) — processes will be forcibly terminated  ⚠${TTY.reset}\n`,
+      );
+      process.stderr.write(
+        `  ${TTY.dim}Running services (genie serve, pgserve, codex workers) will be killed.\n  Any in-flight work in those processes will be lost.${TTY.reset}\n`,
+      );
+    }
+    process.stderr.write('\n');
+  } else {
+    ok('no compromise evidence — nothing to fix');
+  }
+  return sawAny;
+}
+// ---------------------------------------------------------------------------
+// Apply steps
+// ---------------------------------------------------------------------------
+function killProcesses(plan, options) {
+  if (plan.killPids.length === 0) return { killed: [], skipped: [] };
+  section('3/6 Kill compromised processes');
+  const killed = [];
+  const skipped = [];
+  for (const pid of plan.killPids) {
+    if (options.dryRun) {
+      info(`would kill: pid=${pid}`);
+      killed.push(pid);
+      continue;
+    }
+    try {
+      process.kill(pid, 'SIGTERM');
+      // Give 2s for graceful shutdown, then SIGKILL if still alive.
+      const deadline = Date.now() + 2000;
+      while (Date.now() < deadline) {
+        try {
+          process.kill(pid, 0);
+        } catch {
+          break;
+        }
+      }
+      try {
+        process.kill(pid, 0);
+        process.kill(pid, 'SIGKILL');
+      } catch {}
+      ok(`killed pid=${pid}`);
+      killed.push(pid);
+    } catch (err) {
+      if (err.code === 'ESRCH') {
+        info(`pid=${pid} already gone`);
+        skipped.push(pid);
+      } else {
+        warn(`failed to kill pid=${pid}: ${err.message}`);
+        skipped.push(pid);
+      }
+    }
+  }
+  return { killed, skipped };
+}
+function purgeDirectories(paths, label, options) {
+  const purged = [];
+  const failed = [];
+  for (const path of paths) {
+    if (options.dryRun) {
+      info(`would purge ${label}: ${path}`);
+      purged.push(path);
+      continue;
+    }
+    try {
+      rmSync(path, { recursive: true, force: true });
+      ok(`purged ${label}: ${path}`);
+      purged.push(path);
+    } catch (err) {
+      warn(`failed to purge ${label}: ${path} (${err.message})`);
+      failed.push(path);
+    }
+  }
+  return { purged, failed };
+}
+function purgeNpmCache(options) {
+  if (options.dryRun) {
+    info(`would purge ${join(homedir(), '.npm', '_cacache')}`);
+    return { purged: true };
+  }
+  const cachePath = join(homedir(), '.npm', '_cacache');
+  try {
+    rmSync(cachePath, { recursive: true, force: true });
+    ok(`purged npm cache: ${cachePath}`);
+    return { purged: true };
+  } catch (err) {
+    warn(`failed to purge npm cache: ${err.message}`);
+    return { purged: false, error: err.message };
+  }
+}
+function unlinkFiles(paths, label, options) {
+  const unlinked = [];
+  const failed = [];
+  for (const path of paths) {
+    if (options.dryRun) {
+      info(`would unlink ${label}: ${path}`);
+      unlinked.push(path);
+      continue;
+    }
+    try {
+      unlinkSync(path);
+      ok(`unlinked ${label}: ${path}`);
+      unlinked.push(path);
+    } catch (err) {
+      if (err.code === 'ENOENT') {
+        info(`already gone: ${path}`);
+        unlinked.push(path);
+      } else {
+        warn(`failed to unlink ${label}: ${path} (${err.message})`);
+        failed.push(path);
+      }
+    }
+  }
+  return { unlinked, failed };
+}
+function reinstall(options) {
+  if (options.skipReinstall) {
+    info('--skip-reinstall: leaving global binary untouched');
+    return { skipped: true };
+  }
+  section('5/6 Reinstall @automagik/genie@next');
+  if (options.dryRun) {
+    info('would run: bun add -g @automagik/genie@next');
+    return { reinstalled: true, dryRun: true };
+  }
+  const bunBin = findExecutable('bun');
+  if (!bunBin) {
+    warn('bun not found in PATH — skipping reinstall. Install manually: bun add -g @automagik/genie@next');
+    return { reinstalled: false, reason: 'bun-not-found' };
+  }
+  const result = spawnSync(bunBin, ['add', '-g', '@automagik/genie@next'], { stdio: 'inherit' });
+  if (result.status !== 0) {
+    warn(`reinstall exited with code ${result.status}`);
+    return { reinstalled: false, exitCode: result.status };
+  }
+  ok('reinstalled @automagik/genie@next');
+  return { reinstalled: true };
+}
+function findExecutable(name) {
+  const pathEnv = process.env.PATH || '';
+  for (const dir of pathEnv.split(':')) {
+    if (!dir) continue;
+    const candidate = join(dir, name);
+    try {
+      const st = statSync(candidate);
+      if (st.isFile()) return candidate;
+    } catch {}
+  }
+  return null;
+}
+function rescan(options) {
+  if (options.skipRescan) return null;
+  section('6/6 Re-scan — confirm clean state');
+  const result = spawnSync(process.execPath, [SCAN_SCRIPT, '--json', '--no-progress', '--redact'], {
+    stdio: ['ignore', 'pipe', 'inherit'],
+    maxBuffer: 256 * 1024 * 1024,
+  });
+  if (result.error) {
+    warn(`re-scan failed to launch: ${result.error.message}`);
+    return null;
+  }
+  const stdout = result.stdout.toString('utf8').trim();
+  if (!stdout) {
+    warn('re-scan produced no output');
+    return null;
+  }
+  try {
+    const envelope = JSON.parse(stdout);
+    const summary = envelope.summary || {};
+    const counts = summary.findingCounts || {};
+    ok(`re-scan status=${summary.status || 'unknown'}  score=${summary.suspicionScore || 0}/100`);
+    info(
+      `counts: install=${counts.installFindings || 0} bunCache=${counts.bunCacheFindings || 0} npmTarball=${
+        counts.npmTarballFetches || 0
+      } liveProcess=${counts.liveProcessFindings || 0}`,
+    );
+    return envelope;
+  } catch (err) {
+    warn(`re-scan output is not valid JSON: ${err.message}`);
+    return null;
+  }
+}
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+function main() {
+  const options = parseArgs(process.argv);
+  if (options.help) {
+    printHelp();
+    return 0;
+  }
+  const envelope = runScan();
+  const plan = classifyEnvelope(envelope);
+  const somethingToDo = showPlanSummary(plan, options);
+  if (!somethingToDo) {
+    if (options.json) {
+      process.stdout.write(
+        `${JSON.stringify({ status: 'nothing-to-fix', scan_id: envelope.scan_id, suspicionScore: envelope.summary?.suspicionScore || 0 })}\n`,
+      );
+    }
+    return 0;
+  }
+  if (!options.dryRun) {
+    const consent = promptYesNo(
+      `Proceed? This will kill ${plan.killPids.length} process(es), purge ${
+        plan.compromisedBunCacheDirs.length + (plan.compromisedNpmCache ? 1 : 0)
+      } cache(s), and delete ${plan.tempTarballsToDelete.length} temp file(s). Type "y" to continue:`,
+      options,
+    );
+    if (!consent) {
+      info('aborted on operator request');
+      return 2;
+    }
+  }
+  const killResult = killProcesses(plan, options);
+  section('4/6 Quarantine + purge');
+  const installResult = purgeDirectories(plan.compromisedInstallPaths, 'install dir', options);
+  const bunCacheResult = purgeDirectories(plan.compromisedBunCacheDirs, 'bun cache', options);
+  const npmCacheResult = plan.compromisedNpmCache ? purgeNpmCache(options) : { purged: false, skipped: true };
+  const tempResult = unlinkFiles(plan.tempTarballsToDelete, 'temp tarball', options);
+  const reinstallResult = reinstall(options);
+  const rescanEnvelope = rescan(options);
+  // ---------------------------------------------------------------------
+  // Final summary
+  // ---------------------------------------------------------------------
+  section('Summary');
+  const rescanSummary = rescanEnvelope ? rescanEnvelope.summary || {} : null;
+  if (rescanSummary) {
+    const score = rescanSummary.suspicionScore || 0;
+    const status = rescanSummary.status || 'unknown';
+    if (score === 0 || status === 'NO FINDINGS') {
+      ok(`Host clean. status=${status} score=${score}/100`);
+    } else if (status === 'OBSERVED ONLY') {
+      ok(`Host remediated (observed-only residue may remain in history/logs). status=${status} score=${score}/100`);
+    } else {
+      warn(`Residual findings remain. status=${status} score=${score}/100 — review manually.`);
+    }
+  } else {
+    info('re-scan skipped or failed — run `genie sec scan --all-homes --redact` to confirm.');
+  }
+  if (options.json) {
+    process.stdout.write(
+      `${JSON.stringify(
+        {
+          initial: {
+            scan_id: envelope.scan_id,
+            status: envelope.summary?.status,
+            suspicionScore: envelope.summary?.suspicionScore,
+          },
+          applied: {
+            killed: killResult.killed,
+            skippedKills: killResult.skipped,
+            quarantinedInstalls: installResult.purged,
+            purgedBunCache: bunCacheResult.purged,
+            purgedNpmCache: npmCacheResult.purged,
+            unlinkedTempTarballs: tempResult.unlinked,
+            reinstall: reinstallResult,
+          },
+          final: rescanEnvelope
+            ? {
+                scan_id: rescanEnvelope.scan_id,
+                status: rescanEnvelope.summary?.status,
+                suspicionScore: rescanEnvelope.summary?.suspicionScore,
+              }
+            : null,
+        },
+        null,
+        2,
+      )}\n`,
+    );
+  }
+  info('Recovery commands:');
+  info('  • Restore a quarantined item: genie sec restore <id>');
+  info(`  • Rollback everything for this scan: genie sec rollback ${envelope.scan_id || '<scan-id>'}`);
+  info('  • Rotate credentials the payload may have read:');
+  info('    npm token: https://www.npmjs.com/settings/<you>/tokens');
+  info('    GitHub PAT: https://github.com/settings/tokens');
+  info('    Anthropic: https://console.anthropic.com/settings/keys');
+  info('    OpenAI: https://platform.openai.com/api-keys');
+  // Exit code: 0 if re-scan says clean, 1 if residual evidence remains.
+  if (rescanSummary && rescanSummary.suspicionScore === 0) return 0;
+  if (rescanSummary && rescanSummary.status === 'OBSERVED ONLY') return 0;
+  return 1;
+}
+try {
+  process.exit(main());
+} catch (err) {
+  die(err.stack || err.message || String(err));
+}