@drisp/cli 0.4.0 → 0.4.2

package/dist/{chunk-3FVULBV4.js → chunk-4CRZXLIP.js}

@@ -78,7 +78,8 @@ function initTelemetry(options) {
     host: POSTHOG_HOST,
     disableGeoip: true,
     flushAt: 20,
-    flushInterval: 3e4
+    flushInterval: 3e4,
+    enableExceptionAutocapture: true
   });
 }
 function isTelemetryEnabled() {
@@ -191,97 +192,18 @@ function trackGatewayRuntimeRebind(props) {
 function trackGatewayRuntimeExpired(props) {
   capture("gateway.runtime.expired", props);
 }
-
-// src/infra/gatewayTrace.ts
-import fs from "fs";
-function writeGatewayTrace(message) {
-  if (process.env["ATHENA_GATEWAY_TRACE"] !== "1") return;
-  const line = `athena-gateway: [trace] ${message}
-`;
-  const traceFile = process.env["ATHENA_GATEWAY_TRACE_FILE"];
-  if (traceFile && traceFile.length > 0) {
-    try {
-      fs.appendFileSync(traceFile, line, "utf-8");
-      return;
-    } catch {
-    }
-  }
-  process.stderr.write(line);
-}
-
-// src/gateway/auth.ts
-import crypto from "crypto";
-import fs2 from "fs";
-import path2 from "path";
-var TOKEN_BYTES = 32;
-function loadOrCreateToken(tokenPath) {
-  try {
-    const buf = fs2.readFileSync(tokenPath);
-    const text = buf.toString("utf-8").trim();
-    if (text.length >= 16) return text;
-  } catch (err) {
-    const code = err.code;
-    if (code !== "ENOENT") throw err;
-  }
-  return writeNewToken(tokenPath);
-}
-function rotateGatewayToken(tokenPath) {
-  return writeNewToken(tokenPath);
-}
-function writeNewToken(tokenPath) {
-  const dir = path2.dirname(tokenPath);
-  fs2.mkdirSync(dir, { recursive: true, mode: 448 });
-  const token = crypto.randomBytes(TOKEN_BYTES).toString("base64url");
-  const tmpPath = `${tokenPath}.tmp-${process.pid}-${crypto.randomBytes(4).toString("hex")}`;
-  fs2.writeFileSync(tmpPath, token + "\n", { mode: 384 });
-  try {
-    fs2.renameSync(tmpPath, tokenPath);
-  } catch (err) {
-    try {
-      fs2.unlinkSync(tmpPath);
-    } catch {
-    }
-    throw err;
-  }
-  if (process.platform !== "win32") {
-    fs2.chmodSync(dir, 448);
-    fs2.chmodSync(tokenPath, 384);
-  }
-  return token;
-}
-function timingSafeTokenEqual(a, b) {
-  const ab = Buffer.from(a, "utf-8");
-  const bb = Buffer.from(b, "utf-8");
-  if (ab.length !== bb.length) {
-    const filler = Buffer.alloc(Math.max(ab.length, bb.length));
-    crypto.timingSafeEqual(filler, filler);
-    return false;
-  }
-  return crypto.timingSafeEqual(ab, bb);
-}
-function requireTokenForBind(spec, token) {
-  if (spec.kind === "uds" || isLoopbackHost(spec.host)) return;
-  if (!token || token.length < 16) {
-    throw new Error(
-      `gateway: refusing to bind ${spec.host}:${spec.port} without token configured`
-    );
-  }
-  if (spec.tls) return;
-  if (!spec.insecure) {
-    throw new Error(
-      `gateway: refusing to bind ${spec.host}:${spec.port} without TLS; pass --tls-cert/--tls-key, or --insecure only for trusted reverse-proxy/tunnel deployments`
-    );
-  }
+function trackSetupCompleted(props) {
+  capture("setup.completed", props);
 }
 
 // src/infra/config/dashboardClient.ts
-import crypto2 from "crypto";
-import fs3 from "fs";
+import crypto from "crypto";
+import fs from "fs";
 import os3 from "os";
-import path3 from "path";
+import path2 from "path";
 function dashboardClientConfigPath(env = process.env) {
   const home = env["HOME"] ?? os3.homedir();
-  return path3.join(home, ".config", "athena", "dashboard.json");
+  return path2.join(home, ".config", "athena", "dashboard.json");
 }
 function normalizeDashboardUrl(input) {
   let parsed;
@@ -299,7 +221,7 @@ function readDashboardClientConfig(env = process.env) {
   const configPath = dashboardClientConfigPath(env);
   let raw;
   try {
-    raw = fs3.readFileSync(configPath, "utf-8");
+    raw = fs.readFileSync(configPath, "utf-8");
   } catch (err) {
     if (err.code === "ENOENT") return null;
     throw err;
@@ -323,29 +245,29 @@ function readDashboardClientConfig(env = process.env) {
 function writeDashboardClientConfig(config, env = process.env) {
   const validated = parseDashboardClientConfig(config);
   const configPath = dashboardClientConfigPath(env);
-  const dir = path3.dirname(configPath);
-  fs3.mkdirSync(dir, { recursive: true, mode: 448 });
-  const tmpPath = `${configPath}.${process.pid}.${crypto2.randomBytes(4).toString("hex")}.tmp`;
-  const fd = fs3.openSync(tmpPath, "w", 384);
+  const dir = path2.dirname(configPath);
+  fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  const tmpPath = `${configPath}.${process.pid}.${crypto.randomBytes(4).toString("hex")}.tmp`;
+  const fd = fs.openSync(tmpPath, "w", 384);
   try {
-    fs3.writeSync(fd, JSON.stringify(validated, null, 2) + "\n");
-    fs3.fsyncSync(fd);
+    fs.writeSync(fd, JSON.stringify(validated, null, 2) + "\n");
+    fs.fsyncSync(fd);
   } finally {
-    fs3.closeSync(fd);
+    fs.closeSync(fd);
   }
   try {
-    fs3.renameSync(tmpPath, configPath);
+    fs.renameSync(tmpPath, configPath);
   } catch (err) {
     try {
-      fs3.unlinkSync(tmpPath);
+      fs.unlinkSync(tmpPath);
     } catch {
     }
     throw err;
   }
   if (process.platform !== "win32") {
     try {
-      fs3.chmodSync(dir, 448);
-      fs3.chmodSync(configPath, 384);
+      fs.chmodSync(dir, 448);
+      fs.chmodSync(configPath, 384);
     } catch {
     }
   }
@@ -353,7 +275,7 @@ function writeDashboardClientConfig(config, env = process.env) {
 function removeDashboardClientConfig(env = process.env) {
   const configPath = dashboardClientConfigPath(env);
   try {
-    fs3.unlinkSync(configPath);
+    fs.unlinkSync(configPath);
   } catch (err) {
     if (err.code !== "ENOENT") throw err;
   }
@@ -392,7 +314,7 @@ function parseDashboardClientConfig(raw) {
 }
 
 // src/infra/config/dashboardAuth.ts
-import fs4 from "fs";
+import fs2 from "fs";
 var DEFAULT_LOCK_TIMEOUT_MS = 3e4;
 var DEFAULT_LOCK_POLL_MS = 50;
 var DEFAULT_STALE_LOCK_MS = 6e4;
@@ -475,14 +397,14 @@ async function withLock(env, deps, fn) {
   let fd = null;
   for (; ; ) {
     try {
-      fd = fs4.openSync(lockPath, "wx", 384);
+      fd = fs2.openSync(lockPath, "wx", 384);
       break;
     } catch (err) {
       if (err.code !== "EEXIST") throw err;
       try {
-        const stat = fs4.statSync(lockPath);
+        const stat = fs2.statSync(lockPath);
         if (Date.now() - stat.mtimeMs > staleMs) {
-          fs4.unlinkSync(lockPath);
+          fs2.unlinkSync(lockPath);
           continue;
         }
       } catch {
@@ -500,11 +422,11 @@ async function withLock(env, deps, fn) {
     return await fn();
   } finally {
     try {
-      fs4.closeSync(fd);
+      fs2.closeSync(fd);
     } catch {
     }
     try {
-      fs4.unlinkSync(lockPath);
+      fs2.unlinkSync(lockPath);
     } catch {
     }
   }
@@ -536,6 +458,23 @@ function truncate(text, max) {
   return text.length > max ? text.slice(0, max) + "\u2026" : text;
 }
 
+// src/infra/gatewayTrace.ts
+import fs3 from "fs";
+function writeGatewayTrace(message) {
+  if (process.env["ATHENA_GATEWAY_TRACE"] !== "1") return;
+  const line = `athena-gateway: [trace] ${message}
+`;
+  const traceFile = process.env["ATHENA_GATEWAY_TRACE_FILE"];
+  if (traceFile && traceFile.length > 0) {
+    try {
+      fs3.appendFileSync(traceFile, line, "utf-8");
+      return;
+    } catch {
+    }
+  }
+  process.stderr.write(line);
+}
+
 // src/gateway/transport/types.ts
 var TransportUnreachableError = class extends Error {
   constructor(message) {
@@ -566,9 +505,9 @@ function redactFrame(value) {
 }
 
 // src/gateway/transport/uds.ts
-import fs5 from "fs";
+import fs4 from "fs";
 import net from "net";
-import path4 from "path";
+import path3 from "path";
 
 // src/gateway/transport/framing.ts
 var DEFAULT_MAX_LINE_BYTES = 1024 * 1024;
@@ -628,7 +567,7 @@ function createUdsClientTransport(opts) {
 async function listenUds(opts, onConnection) {
   const logError = opts.logError ?? ((m) => process.stderr.write(m + "\n"));
   await unlinkIfStale(opts.socketPath);
-  fs5.mkdirSync(path4.dirname(opts.socketPath), { recursive: true, mode: 448 });
+  fs4.mkdirSync(path3.dirname(opts.socketPath), { recursive: true, mode: 448 });
   const activeSockets = /* @__PURE__ */ new Set();
   const server = net.createServer({ pauseOnConnect: false }, (socket) => {
     activeSockets.add(socket);
@@ -642,7 +581,7 @@ async function listenUds(opts, onConnection) {
       server.off("error", onError);
       try {
         if (process.platform !== "win32") {
-          fs5.chmodSync(opts.socketPath, 384);
+          fs4.chmodSync(opts.socketPath, 384);
         }
       } catch (err) {
         logError(
@@ -660,7 +599,7 @@ async function listenUds(opts, onConnection) {
       activeSockets.clear();
       server.close(() => {
         try {
-          fs5.unlinkSync(opts.socketPath);
+          fs4.unlinkSync(opts.socketPath);
         } catch {
         }
         resolve();
@@ -699,7 +638,7 @@ async function connectUds(opts) {
   return createSocketConnection(socket, "uds");
 }
 async function unlinkIfStale(socketPath) {
-  if (!fs5.existsSync(socketPath)) return;
+  if (!fs4.existsSync(socketPath)) return;
   const alive = await new Promise((resolve) => {
     const probe = net.connect(socketPath);
     const timer = setTimeout(() => {
@@ -718,7 +657,7 @@ async function unlinkIfStale(socketPath) {
   });
   if (!alive) {
     try {
-      fs5.unlinkSync(socketPath);
+      fs4.unlinkSync(socketPath);
     } catch {
     }
   }
@@ -825,10 +764,7 @@ export {
   trackGatewayTransportReconnect,
   trackGatewayRuntimeRebind,
   trackGatewayRuntimeExpired,
-  loadOrCreateToken,
-  rotateGatewayToken,
-  timingSafeTokenEqual,
-  requireTokenForBind,
+  trackSetupCompleted,
   dashboardClientConfigPath,
   normalizeDashboardUrl,
   readDashboardClientConfig,
@@ -836,4 +772,4 @@ export {
   removeDashboardClientConfig,
   refreshDashboardAccessToken
 };
-//# sourceMappingURL=chunk-3FVULBV4.js.map
+//# sourceMappingURL=chunk-4CRZXLIP.js.map

package/dist/chunk-6TJHAUNB.js

@@ -0,0 +1,161 @@
+import {
+  isLoopbackHost
+} from "./chunk-4CRZXLIP.js";
+
+// src/gateway/auth.ts
+import crypto from "crypto";
+import fs from "fs";
+import path from "path";
+var TOKEN_BYTES = 32;
+function loadOrCreateToken(tokenPath) {
+  try {
+    const buf = fs.readFileSync(tokenPath);
+    const text = buf.toString("utf-8").trim();
+    if (text.length >= 16) return text;
+  } catch (err) {
+    const code = err.code;
+    if (code !== "ENOENT") throw err;
+  }
+  return writeNewToken(tokenPath);
+}
+function rotateGatewayToken(tokenPath) {
+  return writeNewToken(tokenPath);
+}
+function writeNewToken(tokenPath) {
+  const dir = path.dirname(tokenPath);
+  fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  const token = crypto.randomBytes(TOKEN_BYTES).toString("base64url");
+  const tmpPath = `${tokenPath}.tmp-${process.pid}-${crypto.randomBytes(4).toString("hex")}`;
+  fs.writeFileSync(tmpPath, token + "\n", { mode: 384 });
+  try {
+    fs.renameSync(tmpPath, tokenPath);
+  } catch (err) {
+    try {
+      fs.unlinkSync(tmpPath);
+    } catch {
+    }
+    throw err;
+  }
+  if (process.platform !== "win32") {
+    fs.chmodSync(dir, 448);
+    fs.chmodSync(tokenPath, 384);
+  }
+  return token;
+}
+function timingSafeTokenEqual(a, b) {
+  const ab = Buffer.from(a, "utf-8");
+  const bb = Buffer.from(b, "utf-8");
+  if (ab.length !== bb.length) {
+    const filler = Buffer.alloc(Math.max(ab.length, bb.length));
+    crypto.timingSafeEqual(filler, filler);
+    return false;
+  }
+  return crypto.timingSafeEqual(ab, bb);
+}
+function requireTokenForBind(spec, token) {
+  if (spec.kind === "uds" || isLoopbackHost(spec.host)) return;
+  if (!token || token.length < 16) {
+    throw new Error(
+      `gateway: refusing to bind ${spec.host}:${spec.port} without token configured`
+    );
+  }
+  if (spec.tls) return;
+  if (!spec.insecure) {
+    throw new Error(
+      `gateway: refusing to bind ${spec.host}:${spec.port} without TLS; pass --tls-cert/--tls-key, or --insecure only for trusted reverse-proxy/tunnel deployments`
+    );
+  }
+}
+
+// src/infra/config/channels.ts
+import fs2 from "fs";
+import os from "os";
+import path2 from "path";
+function channelSidecarDir(home = os.homedir()) {
+  return path2.join(home, ".config", "athena", "channels");
+}
+function loadChannelSidecars(home = os.homedir()) {
+  const dir = channelSidecarDir(home);
+  const sidecars = [];
+  const errors = [];
+  let entries;
+  try {
+    entries = fs2.readdirSync(dir);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") return { sidecars, errors };
+    errors.push({
+      path: dir,
+      reason: `read dir failed: ${err instanceof Error ? err.message : String(err)}`
+    });
+    return { sidecars, errors };
+  }
+  for (const entry of entries) {
+    if (!entry.endsWith(".json")) continue;
+    const full = path2.join(dir, entry);
+    const name = entry.slice(0, -".json".length);
+    const result = loadOne(name, full);
+    if (result.ok) sidecars.push(result.sidecar);
+    else errors.push({ path: full, reason: result.reason });
+  }
+  return { sidecars, errors };
+}
+function loadOne(name, filePath) {
+  let raw;
+  try {
+    if (process.platform !== "win32") {
+      const stat = fs2.statSync(filePath);
+      if ((stat.mode & 63) !== 0) {
+        return {
+          ok: false,
+          reason: `file ${filePath} is too permissive (mode ${(stat.mode & 511).toString(8)}); chmod 600`
+        };
+      }
+    }
+    raw = JSON.parse(fs2.readFileSync(filePath, "utf-8"));
+  } catch (err) {
+    return {
+      ok: false,
+      reason: err instanceof Error ? err.message : String(err)
+    };
+  }
+  if (typeof raw !== "object" || raw === null) {
+    return { ok: false, reason: "config root must be an object" };
+  }
+  const obj = raw;
+  const userIdsRaw = obj["allowed_user_ids"];
+  const allowedUserIds = [];
+  if (userIdsRaw !== void 0) {
+    if (!Array.isArray(userIdsRaw)) {
+      return { ok: false, reason: "allowed_user_ids must be an array" };
+    }
+    for (const id of userIdsRaw) {
+      if (typeof id === "string") allowedUserIds.push(id);
+      else if (typeof id === "number") allowedUserIds.push(String(id));
+      else
+        return {
+          ok: false,
+          reason: "allowed_user_ids entries must be string or number"
+        };
+    }
+  }
+  const options = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (key === "allowed_user_ids") continue;
+    options[key] = value;
+  }
+  return {
+    ok: true,
+    sidecar: { name, path: filePath, allowedUserIds, options }
+  };
+}
+
+export {
+  loadOrCreateToken,
+  rotateGatewayToken,
+  timingSafeTokenEqual,
+  requireTokenForBind,
+  channelSidecarDir,
+  loadChannelSidecars
+};
+//# sourceMappingURL=chunk-6TJHAUNB.js.map

package/dist/{chunk-PSD3WBN4.js → chunk-BTKQ67RE.js}

@@ -147,4 +147,4 @@ export {
   createPermissionRequestDenyResult,
   createStopBlockResult
 };
-//# sourceMappingURL=chunk-PSD3WBN4.js.map
+//# sourceMappingURL=chunk-BTKQ67RE.js.map