npm - @bike4mind/cli - Versions diffs - 0.9.3 → 0.10.1 - Mend

@bike4mind/cli 0.9.3 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist/types-CqscS34o.mjs ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { t as DEFAULT_SANDBOX_CONFIG } from "./types-LyRNHOiS.mjs";
+export { DEFAULT_SANDBOX_CONFIG };

package/dist/{updateChecker-DhWcEKAu.mjs → updateChecker-CP_jeER9.mjs} RENAMED Viewed

@@ -4,7 +4,7 @@ import { homedir } from "os";
 import path from "path";
 import axios from "axios";
 //#region package.json
-var version = "0.9.3";
+var version = "0.10.1";
 //#endregion
 //#region src/utils/updateChecker.ts
 /**

package/dist/utils-BGtSXfce.mjs ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { p as verifyTOTPToken } from "./utils-PpNti-tY.mjs";
+export { verifyTOTPToken };

package/dist/utils-PpNti-tY.mjs ADDED Viewed

@@ -0,0 +1,146 @@
+#!/usr/bin/env node
+import { timingSafeEqual } from "crypto";
+import speakeasy from "speakeasy";
+import QRCode from "qrcode";
+//#region ../../b4m-core/auth/dist/mfaService/utils.mjs
+const originalEmitWarning = process.emitWarning;
+process.emitWarning = (warning, name) => {
+	if (name === "DeprecationWarning" && warning?.toString().includes("Buffer")) return;
+	return originalEmitWarning.call(process, warning, name);
+};
+process.emitWarning = originalEmitWarning;
+/**
+* Generate TOTP setup data including secret and QR code
+* Using the same implementation as polaris
+*/
+async function generateTOTPSetup(userEmail, appName = "Bike4Mind") {
+	const secret = speakeasy.generateSecret({ name: `${appName} (${userEmail})` });
+	const qrCodeUrl = await QRCode.toDataURL(secret.otpauth_url);
+	return {
+		secret: secret.base32,
+		qrCodeUrl,
+		manualEntryKey: secret.base32
+	};
+}
+/**
+* Verify a TOTP token against a secret
+* Using industry-standard window to handle minor clock drift
+*/
+function verifyTOTPToken(secret, token, window = 1) {
+	return speakeasy.totp.verify({
+		secret,
+		encoding: "base32",
+		token,
+		window
+	});
+}
+/**
+* Generate cryptographically secure backup codes for MFA
+* Using speakeasy's secure random generation to be consistent with TOTP secrets
+*/
+function generateBackupCodes(count = 10) {
+	return Array.from({ length: count }, () => {
+		return speakeasy.generateSecret({ length: 20 }).base32.substring(0, 10).toUpperCase();
+	});
+}
+/**
+* Verify a backup code against the user's backup codes
+*/
+function verifyBackupCode(userBackupCodes, providedCode) {
+	if (!userBackupCodes || !providedCode) return { isValid: false };
+	const cleanProvidedCode = providedCode.trim().toUpperCase();
+	const providedBuf = Buffer.from(cleanProvidedCode, "utf8");
+	let matchIdx = -1;
+	for (let i = 0; i < userBackupCodes.length; i++) {
+		const storedBuf = Buffer.from(userBackupCodes[i].trim().toUpperCase(), "utf8");
+		if (storedBuf.length === providedBuf.length && timingSafeEqual(storedBuf, providedBuf)) {
+			matchIdx = i;
+			break;
+		}
+	}
+	if (matchIdx !== -1) return {
+		isValid: true,
+		usedBackupCode: userBackupCodes[matchIdx]
+	};
+	return { isValid: false };
+}
+/**
+* Check if a user requires MFA based on enforcement settings
+* In lumina5, when MFA is enforced, it applies to ALL users (unlike polaris)
+*/
+function userRequiresMFA(user, enforceMFASetting) {
+	return enforceMFASetting;
+}
+/**
+* Check if a user has MFA configured
+*/
+function userHasMFAConfigured(user) {
+	return !!(user.mfa && user.mfa.totpEnabled && user.mfa.totpSecret);
+}
+/**
+* Server-side attempt tracking to prevent bypass via refresh/cancel
+* Constants for lockout policy
+*/
+const MAX_FAILED_ATTEMPTS = 3;
+const LOCKOUT_DURATION_MS = 900 * 1e3;
+const ATTEMPT_RESET_WINDOW_MS = 3600 * 1e3;
+/**
+* Check if user is currently locked out from MFA attempts
+*/
+function isUserLockedOut(user) {
+	if (!user.mfa?.lockedUntil) return false;
+	return /* @__PURE__ */ new Date() < new Date(user.mfa.lockedUntil);
+}
+/**
+* Get remaining lockout time in minutes
+*/
+function getLockoutTimeRemaining(user) {
+	if (!user.mfa?.lockedUntil) return 0;
+	const remaining = new Date(user.mfa.lockedUntil).getTime() - Date.now();
+	return Math.max(0, Math.ceil(remaining / (60 * 1e3)));
+}
+/**
+* Reset failed attempts if enough time has passed since last failure
+*/
+function shouldResetFailedAttempts(user) {
+	if (!user.mfa?.lastFailedAttempt) return false;
+	return Date.now() - new Date(user.mfa.lastFailedAttempt).getTime() > ATTEMPT_RESET_WINDOW_MS;
+}
+/**
+* Record a failed MFA attempt and return updated MFA object
+*/
+function recordFailedAttempt(user) {
+	const newAttempts = (shouldResetFailedAttempts(user) ? 0 : user.mfa?.failedAttempts || 0) + 1;
+	const now = /* @__PURE__ */ new Date();
+	const updatedMFA = { ...user.mfa };
+	updatedMFA.failedAttempts = newAttempts;
+	updatedMFA.lastFailedAttempt = now;
+	if (newAttempts >= MAX_FAILED_ATTEMPTS) updatedMFA.lockedUntil = new Date(Date.now() + LOCKOUT_DURATION_MS);
+	return updatedMFA;
+}
+/**
+* Clear failed attempts on successful verification
+*/
+function clearFailedAttempts(user) {
+	if (!user.mfa) return null;
+	const updatedMFA = { ...user.mfa };
+	updatedMFA.failedAttempts = 0;
+	updatedMFA.lastFailedAttempt = void 0;
+	updatedMFA.lockedUntil = void 0;
+	return updatedMFA;
+}
+/**
+* Check if a user is eligible to set up MFA
+*/
+function userEligibleForMFA(user) {
+	return true;
+}
+/**
+* Check if a user can disable MFA based on enforcement settings
+* In lumina5, when MFA is enforced, NO user can disable it
+*/
+function userCanDisableMFA(user, enforceMFASetting) {
+	return !enforceMFASetting;
+}
+//#endregion
+export { isUserLockedOut as a, userCanDisableMFA as c, userRequiresMFA as d, verifyBackupCode as f, getLockoutTimeRemaining as i, userEligibleForMFA as l, generateBackupCodes as n, recordFailedAttempt as o, verifyTOTPToken as p, generateTOTPSetup as r, shouldResetFailedAttempts as s, clearFailedAttempts as t, userHasMFAConfigured as u };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bike4mind/cli",
-  "version": "0.9.3",
+  "version": "0.10.1",
   "type": "module",
   "description": "Interactive CLI tool for Bike4Mind with ReAct agents",
   "license": "UNLICENSED",
@@ -34,29 +34,29 @@
     "node": ">=24.0.0"
   },
   "dependencies": {
-    "@anthropic-ai/sdk": "^0.79.0",
-    "@aws-sdk/client-apigatewaymanagementapi": "^3.1048.0",
-    "@aws-sdk/client-bedrock-runtime": "^3.1048.0",
-    "@aws-sdk/client-cloudwatch": "^3.1048.0",
-    "@aws-sdk/client-lambda": "^3.1048.0",
-    "@aws-sdk/client-s3": "^3.1048.0",
-    "@aws-sdk/client-sqs": "^3.1048.0",
-    "@aws-sdk/client-transcribe": "^3.1048.0",
-    "@aws-sdk/credential-provider-node": "^3.972.39",
-    "@aws-sdk/s3-request-presigner": "^3.1048.0",
+    "@anthropic-ai/sdk": "^0.97.1",
+    "@aws-sdk/client-apigatewaymanagementapi": "^3.1050.0",
+    "@aws-sdk/client-bedrock-runtime": "^3.1050.0",
+    "@aws-sdk/client-cloudwatch": "^3.1050.0",
+    "@aws-sdk/client-lambda": "^3.1050.0",
+    "@aws-sdk/client-s3": "^3.1050.0",
+    "@aws-sdk/client-sqs": "^3.1050.0",
+    "@aws-sdk/client-transcribe": "^3.1050.0",
+    "@aws-sdk/credential-provider-node": "^3.972.43",
+    "@aws-sdk/s3-request-presigner": "^3.1050.0",
     "@casl/ability": "^6.8.1",
     "@google/genai": "^1.46.0",
-    "@joplin/turndown-plugin-gfm": "^1.0.64",
+    "@joplin/turndown-plugin-gfm": "^1.0.67",
     "@mendable/firecrawl-js": "^1.29.3",
-    "@modelcontextprotocol/sdk": "1.27.1",
+    "@modelcontextprotocol/sdk": "1.29.0",
     "@octokit/rest": "^22.0.1",
     "@opensearch-project/opensearch": "2.11.0",
-    "@smithy/node-http-handler": "^4.6.1",
+    "@smithy/node-http-handler": "^4.7.3",
     "async-mutex": "^0.5.0",
     "axios": "1.16.1",
     "bcryptjs": "^3.0.2",
-    "better-sqlite3": "^12.9.0",
-    "cheerio": "1.0.0-rc.12",
+    "better-sqlite3": "^12.10.0",
+    "cheerio": "1.2.0",
     "chess.js": "^1.0.0-beta.8",
     "cli-highlight": "^2.1.11",
     "csv-parse": "^6.2.1",
@@ -72,7 +72,7 @@
     "glob": "^13.0.6",
     "gray-matter": "^4.0.3",
     "ignore": "^7.0.5",
-    "ink": "^7.0.1",
+    "ink": "^7.0.3",
     "ink-select-input": "^6.2.0",
     "ink-spinner": "^5.0.0",
     "ink-text-input": "^6.0.0",
@@ -85,11 +85,11 @@
     "mongoose": "^8.8.3",
     "ollama": "^0.6.3",
     "open": "^11.0.0",
-    "openai": "^6.34.0",
+    "openai": "^6.38.0",
     "p-limit": "^7.3.0",
     "picomatch": "^4.0.3",
     "qrcode": "^1.5.4",
-    "react": "^19.2.4",
+    "react": "^19.2.6",
     "sharp": "^0.34.5",
     "speakeasy": "^2.0.0",
     "tiktoken": "^1.0.22",
@@ -100,11 +100,11 @@
     "uuid": "^13.0.0",
     "voyageai": "^0.0.4",
     "web-tree-sitter": "0.25.10",
-    "ws": "^8.20.0",
+    "ws": "^8.20.1",
     "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz",
     "yargs": "^18.0.0",
     "yauzl": "^3.3.0",
-    "zod": "^4.3.6",
+    "zod": "^4.4.3",
     "zod-validation-error": "^5.0.0",
     "zustand": "^5.0.13"
   },
@@ -113,22 +113,22 @@
     "@types/jsonwebtoken": "^9.0.4",
     "@types/node": "^24.0.0",
     "@types/picomatch": "^4.0.3",
-    "@types/react": "^19.2.14",
+    "@types/react": "^19.2.15",
     "@types/ws": "^8.18.1",
     "@types/yargs": "^17.0.35",
     "ink-testing-library": "^4.0.0",
-    "tsdown": "^0.21.10",
-    "tsx": "^4.21.0",
+    "tsdown": "^0.22.0",
+    "tsx": "^4.22.3",
     "typescript": "^5.9.3",
-    "vitest": "^4.1.2",
-    "@bike4mind/agents": "0.9.4",
-    "@bike4mind/common": "2.97.0",
-    "@bike4mind/mcp": "1.37.11",
-    "@bike4mind/services": "2.84.0",
-    "@bike4mind/utils": "2.22.3"
+    "vitest": "^4.1.7",
+    "@bike4mind/agents": "0.11.3",
+    "@bike4mind/common": "2.103.0",
+    "@bike4mind/mcp": "1.37.17",
+    "@bike4mind/services": "2.90.3",
+    "@bike4mind/utils": "2.23.5"
   },
   "optionalDependencies": {
-    "@vscode/ripgrep": "^1.17.1"
+    "@vscode/ripgrep": "^1.18.0"
   },
   "scripts": {
     "dev": "tsx src/index.tsx",