@automagik/omni 2.260430.3 → 2.260430.4

package/dist/commands/trust.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Trust Commands — manage genie host fingerprint registrations.
+ *
+ *   omni trust list                            List active genie hosts
+ *   omni trust get <id>                        Show one host (active or revoked)
+ *   omni trust update <id> --scope <a,b,c>     Replace host scopes wholesale
+ *   omni trust revoke <id>                     Soft-delete (stamps revoked_at)
+ *
+ * Wish: omni-host-fingerprint-trust, Group 1.2. Talks to the
+ * `/api/v2/trust/hosts` endpoints landed in Group 1.1 (#556).
+ *
+ * Why raw fetch instead of the OmniClient SDK: trust types aren't in the
+ * OpenAPI spec yet (the SDK is generated from there). Adding them requires
+ * a regen + version bump; out of scope for this PR. We use the same
+ * baseUrl / apiKey the SDK uses, so behavior is identical.
+ */
+import { Command } from 'commander';
+export declare function createTrustCommand(): Command;
+//# sourceMappingURL=trust.d.ts.map

package/dist/commands/trust.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust.d.ts","sourceRoot":"","sources":["../../src/commands/trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAwHpC,wBAAgB,kBAAkB,IAAI,OAAO,CAmB5C"}

package/dist/index.js

@@ -113981,7 +113981,7 @@ import { fileURLToPath } from "url";
 // package.json
 var package_default = {
   name: "@automagik/omni",
-  version: "2.260430.3",
+  version: "2.260430.4",
   description: "LLM-optimized CLI for Omni",
   type: "module",
   bin: {
@@ -124980,6 +124980,97 @@ function createStopCommand() {
   return new Command("stop").description("Stop all omni PM2 processes").action(runStop);
 }
 
+// src/commands/trust.ts
+init_config();
+init_output();
+function trustEndpoint(path) {
+  if (!hasAuth()) {
+    error("Not authenticated. Run: omni auth login --api-key <key>", undefined, 2);
+  }
+  const config2 = loadConfig();
+  const baseUrl = (config2.apiUrl ?? "http://localhost:8882").replace(/\/+$/, "");
+  return `${baseUrl}/api/v2/trust${path}`;
+}
+function authHeaders() {
+  const config2 = loadConfig();
+  const headers = { "Content-Type": "application/json" };
+  if (config2.apiKey) {
+    headers.Authorization = `Bearer ${config2.apiKey}`;
+  }
+  return headers;
+}
+async function callApi(method, path, body) {
+  const res = await fetch(trustEndpoint(path), {
+    method,
+    headers: authHeaders(),
+    body: body === undefined ? undefined : JSON.stringify(body)
+  });
+  if (!res.ok) {
+    const text3 = await res.text().catch(() => "");
+    throw new Error(`HTTP ${res.status} ${res.statusText}${text3 ? `: ${text3}` : ""}`);
+  }
+  return await res.json();
+}
+function formatHostRow(host) {
+  return {
+    id: host.id.slice(0, 8),
+    hostname: host.hostname,
+    scopes: host.scopes.join(", ") || "(none)",
+    pubkeyPrefix: `${host.pubkey.slice(0, 12)}\u2026`,
+    lastSeen: host.lastSeenAt ? new Date(host.lastSeenAt).toISOString().replace("T", " ").slice(0, 16) : "never",
+    status: host.revokedAt ? "revoked" : "active"
+  };
+}
+async function handleList4() {
+  try {
+    const { items } = await callApi("GET", "/hosts");
+    list(items.map(formatHostRow), {
+      emptyMessage: "No genie hosts registered. Run `genie omni handshake` from a genie installation to register one.",
+      rawData: items
+    });
+  } catch (err2) {
+    error(`Failed to list genie hosts: ${err2 instanceof Error ? err2.message : "Unknown error"}`);
+  }
+}
+async function handleGet3(id) {
+  try {
+    const { data: data2 } = await callApi("GET", `/hosts/${encodeURIComponent(id)}`);
+    data(data2);
+  } catch (err2) {
+    error(`Failed to get genie host: ${err2 instanceof Error ? err2.message : "Unknown error"}`);
+  }
+}
+async function handleUpdate3(id, options3) {
+  const scopes = options3.scope.split(",").map((s2) => s2.trim()).filter(Boolean);
+  if (scopes.length === 0) {
+    error("--scope must contain at least one scope (use `omni trust revoke <id>` to deny everything).");
+  }
+  try {
+    const { data: data2 } = await callApi("PATCH", `/hosts/${encodeURIComponent(id)}`, { scopes });
+    success(`Updated genie host ${data2.id} scopes: ${data2.scopes.join(", ")}`);
+    data(data2);
+  } catch (err2) {
+    error(`Failed to update genie host: ${err2 instanceof Error ? err2.message : "Unknown error"}`);
+  }
+}
+async function handleRevoke2(id) {
+  try {
+    const { data: data2 } = await callApi("DELETE", `/hosts/${encodeURIComponent(id)}`);
+    success(`Revoked genie host ${data2.id} (${data2.hostname}). Tombstone kept for audit.`);
+    data(data2);
+  } catch (err2) {
+    error(`Failed to revoke genie host: ${err2 instanceof Error ? err2.message : "Unknown error"}`);
+  }
+}
+function createTrustCommand() {
+  const trust = new Command("trust").description("Manage genie host fingerprint registrations");
+  trust.command("list").description("List active (non-revoked) genie hosts").action(handleList4);
+  trust.command("get <id>").description("Show details for one genie host (active or revoked)").action(handleGet3);
+  trust.command("update <id>").description("Replace a genie host scopes (comma-separated)").requiredOption("--scope <list>", 'Comma-separated scope list, e.g. "agents:write,providers:write"').action(handleUpdate3);
+  trust.command("revoke <id>").description("Revoke a genie host (irreversible \u2014 re-register with a fresh keypair to restore trust)").action(handleRevoke2);
+  return trust;
+}
+
 // src/commands/tts.ts
 init_output();
 function createTtsCommand() {
@@ -126213,6 +126304,12 @@ var COMMANDS = [
     helpGroup: "Management",
     helpDescription: "API key management"
   },
+  {
+    create: createTrustCommand,
+    category: "advanced",
+    helpGroup: "Management",
+    helpDescription: "Genie host fingerprint trust (omni-host-fingerprint-trust wish)"
+  },
   {
     create: createAccessCommand,
     category: "advanced",

package/dist/server/index.js

@@ -224556,7 +224556,7 @@ var init_sentry_scrub = __esm(() => {
 var require_package8 = __commonJS((exports, module) => {
   module.exports = {
     name: "@omni/api",
-    version: "2.260430.3",
+    version: "2.260430.4",
     type: "module",
     exports: {
       ".": {
@@ -281176,6 +281176,21 @@ class GenieHostsService {
   async touchLastSeen(id) {
     await this.db.update(genieHosts).set({ lastSeenAt: new Date, updatedAt: new Date }).where(and2(eq(genieHosts.id, id), isNull2(genieHosts.revokedAt)));
   }
+  async updateScopes(id, scopes) {
+    const [updated] = await this.db.update(genieHosts).set({ scopes, updatedAt: new Date }).where(and2(eq(genieHosts.id, id), isNull2(genieHosts.revokedAt))).returning();
+    if (updated) {
+      log87.info("genie host scopes updated", { hostId: updated.id, scopes });
+    }
+    return updated ?? null;
+  }
+  async revoke(id) {
+    const now = new Date;
+    const [revoked] = await this.db.update(genieHosts).set({ revokedAt: now, updatedAt: now }).where(and2(eq(genieHosts.id, id), isNull2(genieHosts.revokedAt))).returning();
+    if (revoked) {
+      log87.info("genie host revoked", { hostId: revoked.id, hostname: revoked.hostname });
+    }
+    return revoked ?? null;
+  }
 }
 var log87;
 var init_genie_hosts = __esm(() => {
@@ -302631,7 +302646,7 @@ var init_settings3 = __esm(() => {
 });
 
 // ../api/src/routes/v2/trust.ts
-var trustRoutes, PUBKEY_PATTERN, handshakeSchema;
+var trustRoutes, PUBKEY_PATTERN, handshakeSchema, idParamSchema6, updateScopesSchema;
 var init_trust = __esm(() => {
   init_dist6();
   init_dist2();
@@ -302658,6 +302673,38 @@ var init_trust = __esm(() => {
     const items = await services.genieHosts.listActive();
     return c.json({ items });
   });
+  idParamSchema6 = exports_external.object({ id: exports_external.string().uuid() });
+  trustRoutes.get("/hosts/:id", zValidator("param", idParamSchema6), async (c) => {
+    const { id } = c.req.valid("param");
+    const services = c.get("services");
+    const host = await services.genieHosts.findById(id);
+    if (!host) {
+      return c.json({ error: { code: "NOT_FOUND", message: `genie host ${id} not found` } }, 404);
+    }
+    return c.json({ data: host });
+  });
+  updateScopesSchema = exports_external.object({
+    scopes: exports_external.array(exports_external.string().min(1)).max(64)
+  });
+  trustRoutes.patch("/hosts/:id", zValidator("param", idParamSchema6), zValidator("json", updateScopesSchema), async (c) => {
+    const { id } = c.req.valid("param");
+    const { scopes } = c.req.valid("json");
+    const services = c.get("services");
+    const host = await services.genieHosts.updateScopes(id, scopes);
+    if (!host) {
+      return c.json({ error: { code: "NOT_FOUND", message: `genie host ${id} not found or revoked` } }, 404);
+    }
+    return c.json({ data: host });
+  });
+  trustRoutes.delete("/hosts/:id", zValidator("param", idParamSchema6), async (c) => {
+    const { id } = c.req.valid("param");
+    const services = c.get("services");
+    const host = await services.genieHosts.revoke(id);
+    if (!host) {
+      return c.json({ error: { code: "NOT_FOUND", message: `genie host ${id} not found or already revoked` } }, 404);
+    }
+    return c.json({ data: host });
+  });
 });
 
 // ../api/src/routes/v2/turns.ts

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@automagik/omni",
-  "version": "2.260430.3",
+  "version": "2.260430.4",
   "description": "LLM-optimized CLI for Omni",
   "type": "module",
   "bin": {
@@ -50,15 +50,15 @@
     "qrcode-terminal": "^0.12.0"
   },
   "devDependencies": {
-    "@omni/api": "2.260430.2",
-    "@omni/channel-discord": "2.260430.2",
-    "@omni/channel-gupshup": "2.260430.2",
-    "@omni/channel-sdk": "2.260430.2",
-    "@omni/channel-slack": "2.260430.2",
-    "@omni/channel-telegram": "2.260430.2",
-    "@omni/channel-whatsapp": "2.260430.2",
-    "@omni/core": "2.260430.2",
-    "@omni/sdk": "2.260430.2",
+    "@omni/api": "2.260430.3",
+    "@omni/channel-discord": "2.260430.3",
+    "@omni/channel-gupshup": "2.260430.3",
+    "@omni/channel-sdk": "2.260430.3",
+    "@omni/channel-slack": "2.260430.3",
+    "@omni/channel-telegram": "2.260430.3",
+    "@omni/channel-whatsapp": "2.260430.3",
+    "@omni/core": "2.260430.3",
+    "@omni/sdk": "2.260430.3",
     "@types/node": "^22.10.3",
     "@types/qrcode-terminal": "^0.12.2",
     "typescript": "^5.7.3"