@enactprotocol/shared 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/core/EnactCore.js +23 -8
  2. package/dist/utils/env-loader.js +1 -1
  3. package/dist/utils/help.js +1 -1
  4. package/package.json +2 -2
  5. package/src/core/EnactCore.ts +15 -12
  6. package/src/utils/env-loader.ts +1 -1
  7. package/src/utils/help.ts +1 -1
package/dist/core/EnactCore.js CHANGED
@@ -5,7 +5,7 @@ import { DaggerExecutionProvider } from "./DaggerExecutionProvider.js";
5
5
  import { resolveToolEnvironmentVariables } from "../utils/env-loader.js";
6
6
  import logger from "../exec/logger.js";
7
7
  import yaml from "yaml";
8
- import { CryptoUtils, KeyManager, SigningService } from "@enactprotocol/security";
8
+ import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
9
9
  export class EnactCore {
10
10
  constructor(options = {}) {
11
11
  this.options = {
@@ -266,6 +266,7 @@ export class EnactCore {
266
266
  }
267
267
  }
268
268
  async verifyTool(tool, dangerouslySkipVerification = false) {
269
+ console.log("=== VERIFY TOOL CALLED ===", tool.name, "skipVerification:", dangerouslySkipVerification);
269
270
  if (dangerouslySkipVerification) {
270
271
  logger.warn(`Skipping signature verification for tool: ${tool.name}`);
271
272
  return;
@@ -274,29 +275,35 @@ export class EnactCore {
274
275
  if (!tool.signatures || tool.signatures.length === 0) {
275
276
  throw new Error(`Tool ${tool.name} does not have any signatures`);
276
277
  }
278
+ console.log("=== TOOL SIGNATURE DATA ===");
279
+ console.log("Tool signatures from database:", JSON.stringify(tool.signatures, null, 2));
280
+ console.log("Tool command:", tool.command);
277
281
  const documentForVerification = {
278
282
  command: tool.command
279
283
  };
280
- // IGNORE DATABASE SIGNATURES - USE HARDCODED WORKING VALUES FOR TESTING
281
284
  const referenceSignature = {
282
285
  signature: tool.signatures[0].value,
283
- publicKey: tool.signatures[0].signer,
286
+ publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
284
287
  algorithm: tool.signatures[0].algorithm,
285
288
  timestamp: new Date(tool.signatures[0].created).getTime()
286
289
  };
287
290
  // Check what canonical document looks like
288
291
  const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
289
- // console.log("Canonical document:", JSON.stringify(canonicalDoc));
292
+ console.log("=== SIGNATURE VERIFICATION DEBUG ===");
293
+ console.log("Original document for verification:", JSON.stringify(documentForVerification, null, 2));
294
+ console.log("Canonical document:", JSON.stringify(canonicalDoc, null, 2));
290
295
  const docString = JSON.stringify(canonicalDoc);
291
296
  const messageHash = CryptoUtils.hash(docString);
292
- // console.log("Document string:", docString);
293
- // console.log("Message hash:", messageHash);
297
+ console.log("Document string:", docString);
298
+ console.log("Message hash:", messageHash);
299
+ console.log("Reference signature object:", JSON.stringify(referenceSignature, null, 2));
294
300
  // Test direct crypto verification
295
301
  const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
296
- console.log("Direct crypto verification result:", directVerify);
302
+ console.log("KEITH DEBUG - Direct crypto verification result:", directVerify, "publicKey:", referenceSignature.publicKey);
297
303
  // Check trusted keys
298
304
  const trustedKeys = KeyManager.getAllTrustedPublicKeys();
299
305
  console.log("Trusted keys:", trustedKeys);
306
+ console.log("Our referenceSignature.publicKey:", JSON.stringify(referenceSignature.publicKey));
300
307
  console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
301
308
  const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command'] });
302
309
  console.log("Final verification result:", isValid);
@@ -321,8 +328,16 @@ export class EnactCore {
321
328
  validateToolStructure(tool);
322
329
  // Validate inputs
323
330
  const validatedInputs = validateInputs(tool, inputs);
331
+ const config = SecurityConfigManager.loadConfig();
332
+ if (options.isLocalFile && config.allowLocalUnsigned) {
333
+ logger.warn(`Executing local file without signature verification: ${tool.name} (you can disallow in your security config)`);
334
+ }
335
+ if (options.dangerouslySkipVerification) {
336
+ logger.warn(`Skipping signature verification for tool: ${tool.name} because of dangerouslySkipVerification option`);
337
+ }
338
+ const skipVerification = (options.isLocalFile && config.allowLocalUnsigned) || Boolean(options.dangerouslySkipVerification);
324
339
  // Verify tool signatures (unless explicitly skipped)
325
- await this.verifyTool(tool, options.dangerouslySkipVerification);
340
+ await this.verifyTool(tool, skipVerification);
326
341
  // Resolve environment variables
327
342
  const { resolved: envVars } = await resolveToolEnvironmentVariables(tool.name, tool.env || {});
328
343
  // Execute the tool via the execution provider
package/dist/utils/env-loader.js CHANGED
@@ -250,7 +250,7 @@ loadDotenv();
250
250
  */
251
251
  export function getWebServerUrl() {
252
252
  // For now, default to localhost:5555 as that's the standard port
253
- // When running via MCP (npx -p enact-cli enact-mcp), the web server is automatically started
253
+ // When running via MCP (npx -p @enactprotocol/cli enact-mcp), the web server is automatically started
254
254
  // TODO: In the future, we could check if the server is actually responding or get the port dynamically
255
255
  return "http://localhost:5555";
256
256
  }
package/dist/utils/help.js CHANGED
@@ -65,7 +65,7 @@ ${pc.bold("More Help:")}
65
65
  */
66
66
  export function showVersion() {
67
67
  const version = getVersion();
68
- console.error(`enact-cli v${version}`);
68
+ console.error(`@enactprotocol/cli v${version}`);
69
69
  }
70
70
  /**
71
71
  * Show help for the auth command
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@enactprotocol/shared",
3
- "version": "1.2.0",
3
+ "version": "1.2.2",
4
4
  "description": "Shared utilities and core functionality for Enact Protocol",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -61,7 +61,7 @@
61
61
  "license": "MIT",
62
62
  "dependencies": {
63
63
  "@dagger.io/dagger": "^0.9.11",
64
- "@enactprotocol/security": "^0.2.5",
64
+ "@enactprotocol/security": "0.2.7",
65
65
  "dotenv": "^16.5.0",
66
66
  "pino": "^9.7.0",
67
67
  "pino-pretty": "^13.0.0",
package/src/core/EnactCore.ts CHANGED
@@ -17,7 +17,7 @@ import logger from "../exec/logger.js";
17
17
  import yaml from "yaml";
18
18
  import fs from "fs";
19
19
  import path from "path";
20
- import { CryptoUtils, KeyManager, SigningService } from "@enactprotocol/security";
20
+ import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
21
21
 
22
22
  export interface EnactCoreOptions {
23
23
  apiUrl?: string;
@@ -402,14 +402,14 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
402
402
  if (!tool.signatures || tool.signatures.length === 0) {
403
403
  throw new Error(`Tool ${tool.name} does not have any signatures`);
404
404
  }
405
+
405
406
  const documentForVerification = {
406
407
  command: tool.command
407
408
  };
408
409
 
409
- // IGNORE DATABASE SIGNATURES - USE HARDCODED WORKING VALUES FOR TESTING
410
410
  const referenceSignature = {
411
411
  signature: tool.signatures[0].value,
412
- publicKey: tool.signatures[0].signer,
412
+ publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
413
413
  algorithm: tool.signatures[0].algorithm,
414
414
  timestamp: new Date(tool.signatures[0].created).getTime()
415
415
  };
@@ -417,12 +417,10 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
417
417
 
418
418
  // Check what canonical document looks like
419
419
  const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
420
- // console.log("Canonical document:", JSON.stringify(canonicalDoc));
421
420
 
422
421
  const docString = JSON.stringify(canonicalDoc);
423
422
  const messageHash = CryptoUtils.hash(docString);
424
- // console.log("Document string:", docString);
425
- // console.log("Message hash:", messageHash);
423
+
426
424
 
427
425
  // Test direct crypto verification
428
426
  const directVerify = CryptoUtils.verify(
@@ -430,12 +428,9 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
430
428
  messageHash,
431
429
  referenceSignature.signature
432
430
  );
433
- console.log("Direct crypto verification result:", directVerify);
434
431
 
435
432
  // Check trusted keys
436
- const trustedKeys = KeyManager.getAllTrustedPublicKeys();
437
- console.log("Trusted keys:", trustedKeys);
438
- console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
433
+ // const trustedKeys = KeyManager.getAllTrustedPublicKeys();
439
434
 
440
435
  const isValid = SigningService.verifyDocument(
441
436
  documentForVerification,
@@ -474,9 +469,17 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
474
469
 
475
470
  // Validate inputs
476
471
  const validatedInputs = validateInputs(tool, inputs);
477
-
472
+ const config = SecurityConfigManager.loadConfig();
473
+
474
+ if( options.isLocalFile && config.allowLocalUnsigned){
475
+ logger.warn(`Executing local file without signature verification: ${tool.name} (you can disallow in your security config)`);
476
+ }
477
+ if( options.dangerouslySkipVerification) {
478
+ logger.warn(`Skipping signature verification for tool: ${tool.name} because of dangerouslySkipVerification option`);
479
+ }
480
+ const skipVerification = (options.isLocalFile && config.allowLocalUnsigned) || Boolean(options.dangerouslySkipVerification);
478
481
  // Verify tool signatures (unless explicitly skipped)
479
- await this.verifyTool(tool, options.dangerouslySkipVerification);
482
+ await this.verifyTool(tool, skipVerification);
480
483
 
481
484
  // Resolve environment variables
482
485
  const { resolved: envVars } =
package/src/utils/env-loader.ts CHANGED
@@ -344,7 +344,7 @@ loadDotenv();
344
344
  */
345
345
  export function getWebServerUrl(): string | null {
346
346
  // For now, default to localhost:5555 as that's the standard port
347
- // When running via MCP (npx -p enact-cli enact-mcp), the web server is automatically started
347
+ // When running via MCP (npx -p @enactprotocol/cli enact-mcp), the web server is automatically started
348
348
  // TODO: In the future, we could check if the server is actually responding or get the port dynamically
349
349
  return "http://localhost:5555";
350
350
  }
package/src/utils/help.ts CHANGED
@@ -67,7 +67,7 @@ ${pc.bold("More Help:")}
67
67
  */
68
68
  export function showVersion(): void {
69
69
  const version = getVersion();
70
- console.error(`enact-cli v${version}`);
70
+ console.error(`@enactprotocol/cli v${version}`);
71
71
  }
72
72
 
73
73
  /**