@automagik/omni 2.260430.7 → 2.260430.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/doctor.d.ts +19 -1
- package/dist/commands/doctor.d.ts.map +1 -1
- package/dist/index.js +44 -3
- package/dist/server/index.js +1 -1
- package/package.json +10 -10
|
@@ -41,7 +41,7 @@ import { type Config, type ServerConfig } from '../config.js';
|
|
|
41
41
|
/** Severity levels reported by each check. */
|
|
42
42
|
export type CheckLevel = 'OK' | 'WARN' | 'FAIL';
|
|
43
43
|
/** Identifier used in tests and --json output. */
|
|
44
|
-
export type CheckId = 'pm2-env-drift' | 'cli-key-valid' | 'pgserve-reachable' | 'omni-db-exists' | 'orphaned-data-dirs' | 'version-match' | 'pm2-status' | 'pm2-max-restarts' | 'pm2-logrotate-installed';
|
|
44
|
+
export type CheckId = 'pm2-env-drift' | 'cli-key-valid' | 'pgserve-reachable' | 'omni-db-exists' | 'orphaned-data-dirs' | 'version-match' | 'pm2-status' | 'pm2-max-restarts' | 'pm2-logrotate-installed' | 'cli-signing-key-for-locked-instances';
|
|
45
45
|
export interface CheckResult {
|
|
46
46
|
id: CheckId;
|
|
47
47
|
level: CheckLevel;
|
|
@@ -117,6 +117,24 @@ export interface DoctorDeps {
|
|
|
117
117
|
sleepMs: (ms: number) => Promise<void>;
|
|
118
118
|
/** Capture `pm2 conf` stdout (or null on error). Used by pm2-logrotate check. */
|
|
119
119
|
capturePm2Conf: () => Promise<string | null>;
|
|
120
|
+
/**
|
|
121
|
+
* List instances that have `requireGenieSignature: true` set. Used by the
|
|
122
|
+
* signature-key-for-locked-instances check (omni-host-fingerprint-trust
|
|
123
|
+
* P2). Returns an empty array when the API is unreachable — the check
|
|
124
|
+
* then becomes a no-op rather than false-positive WARN.
|
|
125
|
+
*/
|
|
126
|
+
listLockedInstances: () => Promise<{
|
|
127
|
+
id: string;
|
|
128
|
+
name: string;
|
|
129
|
+
}[]>;
|
|
130
|
+
/**
|
|
131
|
+
* Return true when the running CLI has a usable ed25519 keypair (i.e.
|
|
132
|
+
* `omni trust handshake` has been run). Locked instances refuse
|
|
133
|
+
* bearer-only requests, so an operator without a key can only do the
|
|
134
|
+
* unlock-only PATCH escape — anything else fails with 401. We surface
|
|
135
|
+
* that as a WARN so it's caught before the operator hits the wall.
|
|
136
|
+
*/
|
|
137
|
+
cliHasSigningKey: () => boolean;
|
|
120
138
|
}
|
|
121
139
|
/**
|
|
122
140
|
* Run all checks and optionally apply fixes. Returns a structured
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../src/commands/doctor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAMH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,YAAY,EAA4C,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../src/commands/doctor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAMH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,YAAY,EAA4C,MAAM,cAAc,CAAC;AAexG,8CAA8C;AAC9C,MAAM,MAAM,UAAU,GAAG,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;AAEhD,kDAAkD;AAClD,MAAM,MAAM,OAAO,GACf,eAAe,GACf,eAAe,GACf,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,eAAe,GACf,YAAY,GACZ,kBAAkB,GAClB,yBAAyB,GACzB,sCAAsC,CAAC;AAE3C,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,OAAO,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACpD,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,UAAU,QAAQ;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;QACzC,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC7B;AAoCD,uEAAuE;AACvE,MAAM,WAAW,UAAU;IACzB,mDAAmD;IACnD,eAAe,EAAE,MAAM,OAAO,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;IAClD,+DAA+D;IAC/D,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/C,uEAAuE;IACvE,YAAY,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,oEAAoE;IACpE,oBAAoB,EAAE,MAAM,MAAM,EAAE,CAAC;IACrC,qDAAqD;IACrD,kBAAkB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAChE,8DAA8D;IAC9D,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACzD,6CAA6C;IAC7C,SAAS,EAAE,MAAM;QAAE,YAAY,EAAE,YAAY,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE;;;OAGG;IACH,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1E,oEAAoE;IACpE,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,2DAA2D;IAC3D,eAAe,EAAE,MAAM,MAAM,CAAC;IAC9B,0DAA0D;IAC1D,cAAc,EAAE,MAAM,MAAM,CAAC;IAC7B,mEAAmE;IACnE,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,iFAAiF;IACjF,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC7C;;;;;OAKG;IACH,mBAAmB,EAAE,MAAM,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC,CAAC;IACnE;;;;;;OAMG;IACH,gBAAgB,EAAE,MAAM,OAAO,CAAC;CACjC;AAyiBD;;;GAGG;AACH,wBAAsB,SAAS,CAAC,OAAO,EAAE,aAAa,EAAE,YAAY,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAkBxG;AA2BD,wBAAgB,mBAAmB,IAAI,OAAO,CA+C7C"}
|
package/dist/index.js
CHANGED
|
@@ -114079,7 +114079,7 @@ import { fileURLToPath } from "url";
|
|
|
114079
114079
|
// package.json
|
|
114080
114080
|
var package_default = {
|
|
114081
114081
|
name: "@automagik/omni",
|
|
114082
|
-
version: "2.260430.
|
|
114082
|
+
version: "2.260430.9",
|
|
114083
114083
|
description: "LLM-optimized CLI for Omni",
|
|
114084
114084
|
type: "module",
|
|
114085
114085
|
bin: {
|
|
@@ -118866,7 +118866,22 @@ function productionDeps() {
|
|
|
118866
118866
|
if (code !== 0)
|
|
118867
118867
|
return null;
|
|
118868
118868
|
return stdout;
|
|
118869
|
-
}
|
|
118869
|
+
},
|
|
118870
|
+
listLockedInstances: async () => {
|
|
118871
|
+
const cliConfig = loadConfig();
|
|
118872
|
+
if (!cliConfig.apiKey)
|
|
118873
|
+
return [];
|
|
118874
|
+
try {
|
|
118875
|
+
const apiPort = loadServerConfig().port;
|
|
118876
|
+
const baseUrl = cliConfig.apiUrl ?? `http://localhost:${apiPort}`;
|
|
118877
|
+
const client = createOmniClient({ baseUrl, apiKey: cliConfig.apiKey, cliVersion: VERSION });
|
|
118878
|
+
const { items } = await client.instances.list({ limit: 200 });
|
|
118879
|
+
return items.filter((i) => i.requireGenieSignature === true).map((i) => ({ id: i.id, name: i.name }));
|
|
118880
|
+
} catch {
|
|
118881
|
+
return [];
|
|
118882
|
+
}
|
|
118883
|
+
},
|
|
118884
|
+
cliHasSigningKey: () => loadSigningContext() !== null
|
|
118870
118885
|
};
|
|
118871
118886
|
}
|
|
118872
118887
|
function scanForOrphans(dir, acc, depth, maxDepth = 4) {
|
|
@@ -119148,6 +119163,31 @@ function fixOrphanedDataDirs(deps) {
|
|
|
119148
119163
|
raw("");
|
|
119149
119164
|
return `printed ${found.length} rm-rf suggestion(s)`;
|
|
119150
119165
|
}
|
|
119166
|
+
async function checkSigningKeyForLockedInstances(deps) {
|
|
119167
|
+
const locked = await deps.listLockedInstances();
|
|
119168
|
+
if (locked.length === 0) {
|
|
119169
|
+
return {
|
|
119170
|
+
id: "cli-signing-key-for-locked-instances",
|
|
119171
|
+
level: "OK",
|
|
119172
|
+
detail: "no instances require signed requests (or API unreachable \u2014 check pgserve-reachable / omni-db-exists)"
|
|
119173
|
+
};
|
|
119174
|
+
}
|
|
119175
|
+
const hasKey = deps.cliHasSigningKey();
|
|
119176
|
+
if (hasKey) {
|
|
119177
|
+
return {
|
|
119178
|
+
id: "cli-signing-key-for-locked-instances",
|
|
119179
|
+
level: "OK",
|
|
119180
|
+
detail: `${locked.length} instance(s) require signing; CLI has a signing key \u2014 admin will sign automatically`
|
|
119181
|
+
};
|
|
119182
|
+
}
|
|
119183
|
+
const names = locked.slice(0, 3).map((i) => i.name || i.id.slice(0, 8)).join(", ");
|
|
119184
|
+
const more = locked.length > 3 ? ` (+${locked.length - 3} more)` : "";
|
|
119185
|
+
return {
|
|
119186
|
+
id: "cli-signing-key-for-locked-instances",
|
|
119187
|
+
level: "WARN",
|
|
119188
|
+
detail: `${locked.length} instance(s) require signing (${names}${more}) but this CLI has no key in ~/.omni/keys/. Bearer-only admin against these instances will fail with 401 GENIE_SIGNATURE_REQUIRED. Run \`omni trust handshake\` to enable signed requests. (The unlock-only PATCH escape from omni#568 still works without a key.)`
|
|
119189
|
+
};
|
|
119190
|
+
}
|
|
119151
119191
|
async function runAllChecks(deps) {
|
|
119152
119192
|
return [
|
|
119153
119193
|
await checkPm2EnvDrift(deps),
|
|
@@ -119158,7 +119198,8 @@ async function runAllChecks(deps) {
|
|
|
119158
119198
|
await checkVersionMatch(deps),
|
|
119159
119199
|
await checkPm2Status(deps),
|
|
119160
119200
|
await checkPm2MaxRestarts(deps),
|
|
119161
|
-
await checkPm2LogrotateInstalled(deps)
|
|
119201
|
+
await checkPm2LogrotateInstalled(deps),
|
|
119202
|
+
await checkSigningKeyForLockedInstances(deps)
|
|
119162
119203
|
];
|
|
119163
119204
|
}
|
|
119164
119205
|
async function applyFix(deps, check) {
|
package/dist/server/index.js
CHANGED
|
@@ -224556,7 +224556,7 @@ var init_sentry_scrub = __esm(() => {
|
|
|
224556
224556
|
var require_package8 = __commonJS((exports, module) => {
|
|
224557
224557
|
module.exports = {
|
|
224558
224558
|
name: "@omni/api",
|
|
224559
|
-
version: "2.260430.
|
|
224559
|
+
version: "2.260430.9",
|
|
224560
224560
|
type: "module",
|
|
224561
224561
|
exports: {
|
|
224562
224562
|
".": {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@automagik/omni",
|
|
3
|
-
"version": "2.260430.
|
|
3
|
+
"version": "2.260430.9",
|
|
4
4
|
"description": "LLM-optimized CLI for Omni",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -50,15 +50,15 @@
|
|
|
50
50
|
"qrcode-terminal": "^0.12.0"
|
|
51
51
|
},
|
|
52
52
|
"devDependencies": {
|
|
53
|
-
"@omni/api": "2.260430.
|
|
54
|
-
"@omni/channel-discord": "2.260430.
|
|
55
|
-
"@omni/channel-gupshup": "2.260430.
|
|
56
|
-
"@omni/channel-sdk": "2.260430.
|
|
57
|
-
"@omni/channel-slack": "2.260430.
|
|
58
|
-
"@omni/channel-telegram": "2.260430.
|
|
59
|
-
"@omni/channel-whatsapp": "2.260430.
|
|
60
|
-
"@omni/core": "2.260430.
|
|
61
|
-
"@omni/sdk": "2.260430.
|
|
53
|
+
"@omni/api": "2.260430.8",
|
|
54
|
+
"@omni/channel-discord": "2.260430.8",
|
|
55
|
+
"@omni/channel-gupshup": "2.260430.8",
|
|
56
|
+
"@omni/channel-sdk": "2.260430.8",
|
|
57
|
+
"@omni/channel-slack": "2.260430.8",
|
|
58
|
+
"@omni/channel-telegram": "2.260430.8",
|
|
59
|
+
"@omni/channel-whatsapp": "2.260430.8",
|
|
60
|
+
"@omni/core": "2.260430.8",
|
|
61
|
+
"@omni/sdk": "2.260430.8",
|
|
62
62
|
"@types/node": "^22.10.3",
|
|
63
63
|
"@types/qrcode-terminal": "^0.12.2",
|
|
64
64
|
"typescript": "^5.7.3"
|