@enactprotocol/shared 1.2.0 → 1.2.1

package/dist/core/EnactCore.js

@@ -5,7 +5,7 @@ import { DaggerExecutionProvider } from "./DaggerExecutionProvider.js";
 import { resolveToolEnvironmentVariables } from "../utils/env-loader.js";
 import logger from "../exec/logger.js";
 import yaml from "yaml";
-import { CryptoUtils, KeyManager, SigningService } from "@enactprotocol/security";
+import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
 export class EnactCore {
     constructor(options = {}) {
         this.options = {
@@ -277,7 +277,6 @@ export class EnactCore {
             const documentForVerification = {
                 command: tool.command
             };
-            // IGNORE DATABASE SIGNATURES - USE HARDCODED WORKING VALUES FOR TESTING
             const referenceSignature = {
                 signature: tool.signatures[0].value,
                 publicKey: tool.signatures[0].signer,
@@ -321,8 +320,16 @@ export class EnactCore {
             validateToolStructure(tool);
             // Validate inputs
             const validatedInputs = validateInputs(tool, inputs);
+            const config = SecurityConfigManager.loadConfig();
+            if (options.isLocalFile && config.allowLocalUnsigned) {
+                logger.warn(`Executing local file without signature verification: ${tool.name} (you can disallow in your security config)`);
+            }
+            if (options.dangerouslySkipVerification) {
+                logger.warn(`Skipping signature verification for tool: ${tool.name} because of dangerouslySkipVerification option`);
+            }
+            const skipVerification = (options.isLocalFile && config.allowLocalUnsigned) || Boolean(options.dangerouslySkipVerification);
             // Verify tool signatures (unless explicitly skipped)
-            await this.verifyTool(tool, options.dangerouslySkipVerification);
+            await this.verifyTool(tool, skipVerification);
             // Resolve environment variables
             const { resolved: envVars } = await resolveToolEnvironmentVariables(tool.name, tool.env || {});
             // Execute the tool via the execution provider

package/dist/utils/env-loader.js

@@ -250,7 +250,7 @@ loadDotenv();
  */
 export function getWebServerUrl() {
     // For now, default to localhost:5555 as that's the standard port
-    // When running via MCP (npx -p enact-cli enact-mcp), the web server is automatically started
+    // When running via MCP (npx -p @enactprotocol/cli enact-mcp), the web server is automatically started
     // TODO: In the future, we could check if the server is actually responding or get the port dynamically
     return "http://localhost:5555";
 }

package/dist/utils/help.js

@@ -65,7 +65,7 @@ ${pc.bold("More Help:")}
  */
 export function showVersion() {
     const version = getVersion();
-    console.error(`enact-cli v${version}`);
+    console.error(`@enactprotocol/cli v${version}`);
 }
 /**
  * Show help for the auth command

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/shared",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "Shared utilities and core functionality for Enact Protocol",
   "type": "module",
   "main": "./dist/index.js",

package/src/core/EnactCore.ts

@@ -17,7 +17,7 @@ import logger from "../exec/logger.js";
 import yaml from "yaml";
 import fs from "fs";
 import path from "path";
-import { CryptoUtils, KeyManager, SigningService } from "@enactprotocol/security";
+import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
 
 export interface EnactCoreOptions {
 	apiUrl?: string;
@@ -406,7 +406,6 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
 			command: tool.command
 		};
 
-        // IGNORE DATABASE SIGNATURES - USE HARDCODED WORKING VALUES FOR TESTING
        	const referenceSignature = {
 				signature: tool.signatures[0].value,
 				publicKey: tool.signatures[0].signer,
@@ -474,9 +473,17 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
 
 			// Validate inputs
 			const validatedInputs = validateInputs(tool, inputs);
-			
+			const config = SecurityConfigManager.loadConfig(); 
+		
+			if( options.isLocalFile && config.allowLocalUnsigned){
+				logger.warn(`Executing local file without signature verification: ${tool.name} (you can disallow in your security config)`);
+			}
+			if( options.dangerouslySkipVerification) {
+				logger.warn(`Skipping signature verification for tool: ${tool.name} because of dangerouslySkipVerification option`);
+			}
+			const skipVerification = (options.isLocalFile && config.allowLocalUnsigned) || Boolean(options.dangerouslySkipVerification);
 			// Verify tool signatures (unless explicitly skipped)
-			await this.verifyTool(tool, options.dangerouslySkipVerification);
+			await this.verifyTool(tool, skipVerification);
 
 			// Resolve environment variables
 			const { resolved: envVars } =

package/src/utils/env-loader.ts

@@ -344,7 +344,7 @@ loadDotenv();
  */
 export function getWebServerUrl(): string | null {
 	// For now, default to localhost:5555 as that's the standard port
-	// When running via MCP (npx -p enact-cli enact-mcp), the web server is automatically started
+	// When running via MCP (npx -p @enactprotocol/cli enact-mcp), the web server is automatically started
 	// TODO: In the future, we could check if the server is actually responding or get the port dynamically
 	return "http://localhost:5555";
 }

package/src/utils/help.ts

@@ -67,7 +67,7 @@ ${pc.bold("More Help:")}
  */
 export function showVersion(): void {
 	const version = getVersion();
-	console.error(`enact-cli v${version}`);
+	console.error(`@enactprotocol/cli v${version}`);
 }
 
 /**