@enactprotocol/cli 1.2.0 → 1.2.1

package/dist/index.js

@@ -215402,7 +215402,7 @@ command: "${command}"
 }
 function generateFullYaml(config2) {
   let yaml = `# Enact Tool Definition
-# Generated by enact-cli
+# Generated by @enactprotocol/cli
 
 name: ${config2.name}
 description: "${config2.description}"
@@ -226134,11 +226134,14 @@ class DaggerExecutionProvider extends ExecutionProvider {
 init_env_loader();
 var import_yaml = __toESM(require_dist(), 1);
 
-// ../shared/node_modules/@enactprotocol/security/dist/index.js
+// ../../node_modules/@enactprotocol/security/dist/index.js
 import * as nc from "node:crypto";
 import fs5 from "fs";
 import path8 from "path";
 import os5 from "os";
+import fs22 from "fs";
+import path22 from "path";
+import os22 from "os";
 var crypto4 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && ("randomBytes" in nc) ? nc : undefined;
 /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 function isBytes(a) {
@@ -228581,6 +228584,165 @@ class KeyManager {
   }
 }
 
+class SecurityConfigManager {
+  static ENACT_DIR = path22.join(os22.homedir(), ".enact");
+  static SECURITY_DIR = path22.join(this.ENACT_DIR, "security");
+  static CONFIG_FILE = path22.join(this.SECURITY_DIR, "config.json");
+  static ensureDirectories() {
+    try {
+      if (!fs22.existsSync(this.ENACT_DIR)) {
+        fs22.mkdirSync(this.ENACT_DIR, { recursive: true, mode: 493 });
+        console.log(`Created .enact directory: ${this.ENACT_DIR}`);
+      }
+      if (!fs22.existsSync(this.SECURITY_DIR)) {
+        fs22.mkdirSync(this.SECURITY_DIR, { recursive: true, mode: 493 });
+        console.log(`Created security directory: ${this.SECURITY_DIR}`);
+      }
+    } catch (error2) {
+      console.warn(`Failed to create directories: ${error2 instanceof Error ? error2.message : String(error2)}`);
+    }
+  }
+  static initializeConfig() {
+    this.ensureDirectories();
+    try {
+      if (fs22.existsSync(this.CONFIG_FILE)) {
+        console.log(`Security config already exists: ${this.CONFIG_FILE}`);
+        return this.loadConfig();
+      }
+      const defaultConfig = { ...DEFAULT_SECURITY_CONFIG };
+      const configContent = JSON.stringify(defaultConfig, null, 2);
+      fs22.writeFileSync(this.CONFIG_FILE, configContent, { mode: 420 });
+      console.log(`Initialized security config: ${this.CONFIG_FILE}`);
+      console.log("Default config:", defaultConfig);
+      return defaultConfig;
+    } catch (error2) {
+      console.warn(`Failed to initialize security config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      console.log("Using in-memory default config");
+      return { ...DEFAULT_SECURITY_CONFIG };
+    }
+  }
+  static loadConfig() {
+    try {
+      if (!fs22.existsSync(this.CONFIG_FILE)) {
+        console.log("No security config file found, initializing...");
+        return this.initializeConfig();
+      }
+      const configContent = fs22.readFileSync(this.CONFIG_FILE, "utf8");
+      const config2 = JSON.parse(configContent);
+      const mergedConfig = { ...DEFAULT_SECURITY_CONFIG, ...config2 };
+      console.log(`Loaded security config from: ${this.CONFIG_FILE}`);
+      return mergedConfig;
+    } catch (error2) {
+      console.warn(`Failed to load security config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      console.log("Using default config");
+      return { ...DEFAULT_SECURITY_CONFIG };
+    }
+  }
+  static saveConfig(config2) {
+    this.ensureDirectories();
+    try {
+      const configToSave = { ...DEFAULT_SECURITY_CONFIG, ...config2 };
+      const configContent = JSON.stringify(configToSave, null, 2);
+      fs22.writeFileSync(this.CONFIG_FILE, configContent, { mode: 420 });
+      console.log(`Saved security config to: ${this.CONFIG_FILE}`);
+      return true;
+    } catch (error2) {
+      console.error(`Failed to save security config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      return false;
+    }
+  }
+  static updateConfig(updates) {
+    const currentConfig = this.loadConfig();
+    const updatedConfig = { ...currentConfig, ...updates };
+    if (this.saveConfig(updatedConfig)) {
+      console.log("Security config updated:", updates);
+      return updatedConfig;
+    } else {
+      console.warn("Failed to save updated config, returning current config");
+      return currentConfig;
+    }
+  }
+  static resetToDefaults() {
+    const defaultConfig = { ...DEFAULT_SECURITY_CONFIG };
+    if (this.saveConfig(defaultConfig)) {
+      console.log("Security config reset to defaults");
+      return defaultConfig;
+    } else {
+      console.warn("Failed to reset config");
+      return this.loadConfig();
+    }
+  }
+  static getPaths() {
+    return {
+      enactDir: this.ENACT_DIR,
+      securityDir: this.SECURITY_DIR,
+      configFile: this.CONFIG_FILE
+    };
+  }
+  static configExists() {
+    return fs22.existsSync(this.CONFIG_FILE);
+  }
+  static getStatus() {
+    const paths = this.getPaths();
+    return {
+      enactDirExists: fs22.existsSync(paths.enactDir),
+      securityDirExists: fs22.existsSync(paths.securityDir),
+      configFileExists: fs22.existsSync(paths.configFile),
+      paths
+    };
+  }
+  static validateConfig(config2) {
+    if (typeof config2 !== "object" || config2 === null) {
+      return false;
+    }
+    if ("allowLocalUnsigned" in config2 && typeof config2.allowLocalUnsigned !== "boolean") {
+      return false;
+    }
+    if ("minimumSignatures" in config2) {
+      if (typeof config2.minimumSignatures !== "number" || config2.minimumSignatures < 0 || !Number.isInteger(config2.minimumSignatures)) {
+        return false;
+      }
+    }
+    return true;
+  }
+  static importConfig(filePath) {
+    try {
+      if (!fs22.existsSync(filePath)) {
+        console.error(`Config file does not exist: ${filePath}`);
+        return null;
+      }
+      const configContent = fs22.readFileSync(filePath, "utf8");
+      const config2 = JSON.parse(configContent);
+      if (!this.validateConfig(config2)) {
+        console.error("Invalid config format");
+        return null;
+      }
+      if (this.saveConfig(config2)) {
+        console.log(`Imported config from: ${filePath}`);
+        return config2;
+      } else {
+        console.error("Failed to save imported config");
+        return null;
+      }
+    } catch (error2) {
+      console.error(`Failed to import config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      return null;
+    }
+  }
+  static exportConfig(filePath) {
+    try {
+      const config2 = this.loadConfig();
+      const configContent = JSON.stringify(config2, null, 2);
+      fs22.writeFileSync(filePath, configContent, { mode: 420 });
+      console.log(`Exported config to: ${filePath}`);
+      return true;
+    } catch (error2) {
+      console.error(`Failed to export config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      return false;
+    }
+  }
+}
+
 class SigningService {
   static signDocument(document, privateKey, options = {}) {
     const {
@@ -228607,14 +228769,15 @@ class SigningService {
       timestamp: Date.now()
     };
   }
-  static verifyDocument(document, signature, options = {}, securityConfig = DEFAULT_SECURITY_CONFIG) {
+  static verifyDocument(document, signature, options = {}, securityConfig) {
     const {
       useEnactDefaults = false,
       includeFields,
       excludeFields,
       additionalCriticalFields
     } = options;
-    const config2 = { ...DEFAULT_SECURITY_CONFIG, ...securityConfig };
+    const loadedConfig = securityConfig ?? SecurityConfigManager.loadConfig();
+    const config2 = { ...DEFAULT_SECURITY_CONFIG, ...loadedConfig };
     const signatures = document.signatures || [signature];
     if (signatures.length < (config2.minimumSignatures ?? 1)) {
       if (config2.allowLocalUnsigned && signatures.length === 0) {
@@ -228924,7 +229087,15 @@ class EnactCore {
       logger_default.info(`Executing tool: ${tool.name}`);
       validateToolStructure(tool);
       const validatedInputs = validateInputs(tool, inputs);
-      await this.verifyTool(tool, options.dangerouslySkipVerification);
+      const config2 = SecurityConfigManager.loadConfig();
+      if (options.isLocalFile && config2.allowLocalUnsigned) {
+        logger_default.warn(`Executing local file without signature verification: ${tool.name} (you can disallow in your security config)`);
+      }
+      if (options.dangerouslySkipVerification) {
+        logger_default.warn(`Skipping signature verification for tool: ${tool.name} because of dangerouslySkipVerification option`);
+      }
+      const skipVerification = options.isLocalFile && config2.allowLocalUnsigned || Boolean(options.dangerouslySkipVerification);
+      await this.verifyTool(tool, skipVerification);
       const { resolved: envVars } = await resolveToolEnvironmentVariables(tool.name, tool.env || {});
       return await this.executionProvider.execute(tool, { ...validatedInputs, ...envVars }, {
         vars: { ...envVars, ...validatedInputs },

package/dist/index.js.bak

@@ -215401,7 +215401,7 @@ command: "${command}"
 }
 function generateFullYaml(config2) {
   let yaml = `# Enact Tool Definition
-# Generated by enact-cli
+# Generated by @enactprotocol/cli
 
 name: ${config2.name}
 description: "${config2.description}"
@@ -226133,11 +226133,14 @@ class DaggerExecutionProvider extends ExecutionProvider {
 init_env_loader();
 var import_yaml = __toESM(require_dist(), 1);
 
-// ../shared/node_modules/@enactprotocol/security/dist/index.js
+// ../../node_modules/@enactprotocol/security/dist/index.js
 import * as nc from "node:crypto";
 import fs5 from "fs";
 import path8 from "path";
 import os5 from "os";
+import fs22 from "fs";
+import path22 from "path";
+import os22 from "os";
 var crypto4 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && ("randomBytes" in nc) ? nc : undefined;
 /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 function isBytes(a) {
@@ -228580,6 +228583,165 @@ class KeyManager {
   }
 }
 
+class SecurityConfigManager {
+  static ENACT_DIR = path22.join(os22.homedir(), ".enact");
+  static SECURITY_DIR = path22.join(this.ENACT_DIR, "security");
+  static CONFIG_FILE = path22.join(this.SECURITY_DIR, "config.json");
+  static ensureDirectories() {
+    try {
+      if (!fs22.existsSync(this.ENACT_DIR)) {
+        fs22.mkdirSync(this.ENACT_DIR, { recursive: true, mode: 493 });
+        console.log(`Created .enact directory: ${this.ENACT_DIR}`);
+      }
+      if (!fs22.existsSync(this.SECURITY_DIR)) {
+        fs22.mkdirSync(this.SECURITY_DIR, { recursive: true, mode: 493 });
+        console.log(`Created security directory: ${this.SECURITY_DIR}`);
+      }
+    } catch (error2) {
+      console.warn(`Failed to create directories: ${error2 instanceof Error ? error2.message : String(error2)}`);
+    }
+  }
+  static initializeConfig() {
+    this.ensureDirectories();
+    try {
+      if (fs22.existsSync(this.CONFIG_FILE)) {
+        console.log(`Security config already exists: ${this.CONFIG_FILE}`);
+        return this.loadConfig();
+      }
+      const defaultConfig = { ...DEFAULT_SECURITY_CONFIG };
+      const configContent = JSON.stringify(defaultConfig, null, 2);
+      fs22.writeFileSync(this.CONFIG_FILE, configContent, { mode: 420 });
+      console.log(`Initialized security config: ${this.CONFIG_FILE}`);
+      console.log("Default config:", defaultConfig);
+      return defaultConfig;
+    } catch (error2) {
+      console.warn(`Failed to initialize security config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      console.log("Using in-memory default config");
+      return { ...DEFAULT_SECURITY_CONFIG };
+    }
+  }
+  static loadConfig() {
+    try {
+      if (!fs22.existsSync(this.CONFIG_FILE)) {
+        console.log("No security config file found, initializing...");
+        return this.initializeConfig();
+      }
+      const configContent = fs22.readFileSync(this.CONFIG_FILE, "utf8");
+      const config2 = JSON.parse(configContent);
+      const mergedConfig = { ...DEFAULT_SECURITY_CONFIG, ...config2 };
+      console.log(`Loaded security config from: ${this.CONFIG_FILE}`);
+      return mergedConfig;
+    } catch (error2) {
+      console.warn(`Failed to load security config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      console.log("Using default config");
+      return { ...DEFAULT_SECURITY_CONFIG };
+    }
+  }
+  static saveConfig(config2) {
+    this.ensureDirectories();
+    try {
+      const configToSave = { ...DEFAULT_SECURITY_CONFIG, ...config2 };
+      const configContent = JSON.stringify(configToSave, null, 2);
+      fs22.writeFileSync(this.CONFIG_FILE, configContent, { mode: 420 });
+      console.log(`Saved security config to: ${this.CONFIG_FILE}`);
+      return true;
+    } catch (error2) {
+      console.error(`Failed to save security config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      return false;
+    }
+  }
+  static updateConfig(updates) {
+    const currentConfig = this.loadConfig();
+    const updatedConfig = { ...currentConfig, ...updates };
+    if (this.saveConfig(updatedConfig)) {
+      console.log("Security config updated:", updates);
+      return updatedConfig;
+    } else {
+      console.warn("Failed to save updated config, returning current config");
+      return currentConfig;
+    }
+  }
+  static resetToDefaults() {
+    const defaultConfig = { ...DEFAULT_SECURITY_CONFIG };
+    if (this.saveConfig(defaultConfig)) {
+      console.log("Security config reset to defaults");
+      return defaultConfig;
+    } else {
+      console.warn("Failed to reset config");
+      return this.loadConfig();
+    }
+  }
+  static getPaths() {
+    return {
+      enactDir: this.ENACT_DIR,
+      securityDir: this.SECURITY_DIR,
+      configFile: this.CONFIG_FILE
+    };
+  }
+  static configExists() {
+    return fs22.existsSync(this.CONFIG_FILE);
+  }
+  static getStatus() {
+    const paths = this.getPaths();
+    return {
+      enactDirExists: fs22.existsSync(paths.enactDir),
+      securityDirExists: fs22.existsSync(paths.securityDir),
+      configFileExists: fs22.existsSync(paths.configFile),
+      paths
+    };
+  }
+  static validateConfig(config2) {
+    if (typeof config2 !== "object" || config2 === null) {
+      return false;
+    }
+    if ("allowLocalUnsigned" in config2 && typeof config2.allowLocalUnsigned !== "boolean") {
+      return false;
+    }
+    if ("minimumSignatures" in config2) {
+      if (typeof config2.minimumSignatures !== "number" || config2.minimumSignatures < 0 || !Number.isInteger(config2.minimumSignatures)) {
+        return false;
+      }
+    }
+    return true;
+  }
+  static importConfig(filePath) {
+    try {
+      if (!fs22.existsSync(filePath)) {
+        console.error(`Config file does not exist: ${filePath}`);
+        return null;
+      }
+      const configContent = fs22.readFileSync(filePath, "utf8");
+      const config2 = JSON.parse(configContent);
+      if (!this.validateConfig(config2)) {
+        console.error("Invalid config format");
+        return null;
+      }
+      if (this.saveConfig(config2)) {
+        console.log(`Imported config from: ${filePath}`);
+        return config2;
+      } else {
+        console.error("Failed to save imported config");
+        return null;
+      }
+    } catch (error2) {
+      console.error(`Failed to import config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      return null;
+    }
+  }
+  static exportConfig(filePath) {
+    try {
+      const config2 = this.loadConfig();
+      const configContent = JSON.stringify(config2, null, 2);
+      fs22.writeFileSync(filePath, configContent, { mode: 420 });
+      console.log(`Exported config to: ${filePath}`);
+      return true;
+    } catch (error2) {
+      console.error(`Failed to export config: ${error2 instanceof Error ? error2.message : String(error2)}`);
+      return false;
+    }
+  }
+}
+
 class SigningService {
   static signDocument(document, privateKey, options = {}) {
     const {
@@ -228606,14 +228768,15 @@ class SigningService {
       timestamp: Date.now()
     };
   }
-  static verifyDocument(document, signature, options = {}, securityConfig = DEFAULT_SECURITY_CONFIG) {
+  static verifyDocument(document, signature, options = {}, securityConfig) {
     const {
       useEnactDefaults = false,
       includeFields,
       excludeFields,
       additionalCriticalFields
     } = options;
-    const config2 = { ...DEFAULT_SECURITY_CONFIG, ...securityConfig };
+    const loadedConfig = securityConfig ?? SecurityConfigManager.loadConfig();
+    const config2 = { ...DEFAULT_SECURITY_CONFIG, ...loadedConfig };
     const signatures = document.signatures || [signature];
     if (signatures.length < (config2.minimumSignatures ?? 1)) {
       if (config2.allowLocalUnsigned && signatures.length === 0) {
@@ -228923,7 +229086,15 @@ class EnactCore {
       logger_default.info(`Executing tool: ${tool.name}`);
       validateToolStructure(tool);
       const validatedInputs = validateInputs(tool, inputs);
-      await this.verifyTool(tool, options.dangerouslySkipVerification);
+      const config2 = SecurityConfigManager.loadConfig();
+      if (options.isLocalFile && config2.allowLocalUnsigned) {
+        logger_default.warn(`Executing local file without signature verification: ${tool.name} (you can disallow in your security config)`);
+      }
+      if (options.dangerouslySkipVerification) {
+        logger_default.warn(`Skipping signature verification for tool: ${tool.name} because of dangerouslySkipVerification option`);
+      }
+      const skipVerification = options.isLocalFile && config2.allowLocalUnsigned || Boolean(options.dangerouslySkipVerification);
+      await this.verifyTool(tool, skipVerification);
       const { resolved: envVars } = await resolveToolEnvironmentVariables(tool.name, tool.env || {});
       return await this.executionProvider.execute(tool, { ...validatedInputs, ...envVars }, {
         vars: { ...envVars, ...validatedInputs },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/cli",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "Official CLI for the Enact Protocol - package, secure, and discover AI tools",
   "type": "module",
   "main": "./dist/index.js",