@enactprotocol/cli 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +14 -3
  2. package/dist/index.js.bak +14 -3
  3. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -37754,7 +37754,7 @@ var require_high_level_opt = __commonJS((exports, module) => {
37754
37754
  ]).reduce((set, kv) => (set[kv[0]] = kv[1], set), Object.create(null)) : {};
37755
37755
  });
37756
37756
 
37757
- // ../../node_modules/tar/node_modules/minipass/index.js
37757
+ // ../../node_modules/minipass/index.js
37758
37758
  var require_minipass = __commonJS((exports) => {
37759
37759
  var proc = typeof process === "object" && process ? process : {
37760
37760
  stdout: null,
@@ -229045,6 +229045,7 @@ class EnactCore {
229045
229045
  }
229046
229046
  }
229047
229047
  async verifyTool(tool, dangerouslySkipVerification = false) {
229048
+ console.log("=== VERIFY TOOL CALLED ===", tool.name, "skipVerification:", dangerouslySkipVerification);
229048
229049
  if (dangerouslySkipVerification) {
229049
229050
  logger_default.warn(`Skipping signature verification for tool: ${tool.name}`);
229050
229051
  return;
@@ -229053,22 +229054,32 @@ class EnactCore {
229053
229054
  if (!tool.signatures || tool.signatures.length === 0) {
229054
229055
  throw new Error(`Tool ${tool.name} does not have any signatures`);
229055
229056
  }
229057
+ console.log("=== TOOL SIGNATURE DATA ===");
229058
+ console.log("Tool signatures from database:", JSON.stringify(tool.signatures, null, 2));
229059
+ console.log("Tool command:", tool.command);
229056
229060
  const documentForVerification = {
229057
229061
  command: tool.command
229058
229062
  };
229059
229063
  const referenceSignature = {
229060
229064
  signature: tool.signatures[0].value,
229061
- publicKey: tool.signatures[0].signer,
229065
+ publicKey: "",
229062
229066
  algorithm: tool.signatures[0].algorithm,
229063
229067
  timestamp: new Date(tool.signatures[0].created).getTime()
229064
229068
  };
229065
229069
  const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ["command"] });
229070
+ console.log("=== SIGNATURE VERIFICATION DEBUG ===");
229071
+ console.log("Original document for verification:", JSON.stringify(documentForVerification, null, 2));
229072
+ console.log("Canonical document:", JSON.stringify(canonicalDoc, null, 2));
229066
229073
  const docString = JSON.stringify(canonicalDoc);
229067
229074
  const messageHash = CryptoUtils.hash(docString);
229075
+ console.log("Document string:", docString);
229076
+ console.log("Message hash:", messageHash);
229077
+ console.log("Reference signature object:", JSON.stringify(referenceSignature, null, 2));
229068
229078
  const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
229069
- console.log("Direct crypto verification result:", directVerify);
229079
+ console.log("KEITH DEBUG - Direct crypto verification result:", directVerify, "publicKey:", referenceSignature.publicKey);
229070
229080
  const trustedKeys = KeyManager.getAllTrustedPublicKeys();
229071
229081
  console.log("Trusted keys:", trustedKeys);
229082
+ console.log("Our referenceSignature.publicKey:", JSON.stringify(referenceSignature.publicKey));
229072
229083
  console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
229073
229084
  const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command"] });
229074
229085
  console.log("Final verification result:", isValid);
package/dist/index.js.bak CHANGED
@@ -37753,7 +37753,7 @@ var require_high_level_opt = __commonJS((exports, module) => {
37753
37753
  ]).reduce((set, kv) => (set[kv[0]] = kv[1], set), Object.create(null)) : {};
37754
37754
  });
37755
37755
 
37756
- // ../../node_modules/tar/node_modules/minipass/index.js
37756
+ // ../../node_modules/minipass/index.js
37757
37757
  var require_minipass = __commonJS((exports) => {
37758
37758
  var proc = typeof process === "object" && process ? process : {
37759
37759
  stdout: null,
@@ -229044,6 +229044,7 @@ class EnactCore {
229044
229044
  }
229045
229045
  }
229046
229046
  async verifyTool(tool, dangerouslySkipVerification = false) {
229047
+ console.log("=== VERIFY TOOL CALLED ===", tool.name, "skipVerification:", dangerouslySkipVerification);
229047
229048
  if (dangerouslySkipVerification) {
229048
229049
  logger_default.warn(`Skipping signature verification for tool: ${tool.name}`);
229049
229050
  return;
@@ -229052,22 +229053,32 @@ class EnactCore {
229052
229053
  if (!tool.signatures || tool.signatures.length === 0) {
229053
229054
  throw new Error(`Tool ${tool.name} does not have any signatures`);
229054
229055
  }
229056
+ console.log("=== TOOL SIGNATURE DATA ===");
229057
+ console.log("Tool signatures from database:", JSON.stringify(tool.signatures, null, 2));
229058
+ console.log("Tool command:", tool.command);
229055
229059
  const documentForVerification = {
229056
229060
  command: tool.command
229057
229061
  };
229058
229062
  const referenceSignature = {
229059
229063
  signature: tool.signatures[0].value,
229060
- publicKey: tool.signatures[0].signer,
229064
+ publicKey: "",
229061
229065
  algorithm: tool.signatures[0].algorithm,
229062
229066
  timestamp: new Date(tool.signatures[0].created).getTime()
229063
229067
  };
229064
229068
  const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ["command"] });
229069
+ console.log("=== SIGNATURE VERIFICATION DEBUG ===");
229070
+ console.log("Original document for verification:", JSON.stringify(documentForVerification, null, 2));
229071
+ console.log("Canonical document:", JSON.stringify(canonicalDoc, null, 2));
229065
229072
  const docString = JSON.stringify(canonicalDoc);
229066
229073
  const messageHash = CryptoUtils.hash(docString);
229074
+ console.log("Document string:", docString);
229075
+ console.log("Message hash:", messageHash);
229076
+ console.log("Reference signature object:", JSON.stringify(referenceSignature, null, 2));
229067
229077
  const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
229068
- console.log("Direct crypto verification result:", directVerify);
229078
+ console.log("KEITH DEBUG - Direct crypto verification result:", directVerify, "publicKey:", referenceSignature.publicKey);
229069
229079
  const trustedKeys = KeyManager.getAllTrustedPublicKeys();
229070
229080
  console.log("Trusted keys:", trustedKeys);
229081
+ console.log("Our referenceSignature.publicKey:", JSON.stringify(referenceSignature.publicKey));
229071
229082
  console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
229072
229083
  const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command"] });
229073
229084
  console.log("Final verification result:", isValid);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@enactprotocol/cli",
3
- "version": "1.2.1",
3
+ "version": "1.2.2",
4
4
  "description": "Official CLI for the Enact Protocol - package, secure, and discover AI tools",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -42,7 +42,7 @@
42
42
  "node": ">=18.0.0"
43
43
  },
44
44
  "dependencies": {
45
- "@enactprotocol/shared": "1.2.0",
45
+ "@enactprotocol/shared": "1.2.2",
46
46
  "@clack/core": "^0.4.2",
47
47
  "@clack/prompts": "^0.10.1",
48
48
  "picocolors": "^1.1.1"