npm - @f-o-h/cli - Versions diffs - 0.1.14 → 0.1.16 - Mend

@f-o-h/cli 0.1.14 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@ AI-operator provisioning CLI for Front Of House.
 Public mirror: https://github.com/iiko38/front-of-house-cli
-Current published baseline: `@f-o-h/cli@0.1.14`
+Current published baseline: `@f-o-h/cli@0.1.16`
 This mirror is a generated release artifact. The private product monorepo is not
 published here, and no open-source license is granted unless stated separately.
@@ -68,6 +68,13 @@ foh agent replay --file ./transcript-export.json --json
 foh bug improve --from-file foh-proof.json --out foh-improvement.json --json
 ```
+Trusted server-side automation can use a scoped service token without browser
+approval:
+```bash
+FOH_SERVICE_TOKEN="$FOH_SERVICE_TOKEN" FOH_ORG_ID="$FOH_ORG_ID" foh auth whoami --json
+```
 `auth signup --web` opens the console signup page when possible and always
 prints the fallback URL. `auth login --web` starts browser device
 authorization, opens `/cli-auth`, waits for console approval, and stores the
@@ -137,15 +144,30 @@ After dry-run review, one controlled Codex run can be launched explicitly with
 `run.json` even on timeout or non-zero exit:
 ```bash
-foh eval external-agent execute \
-  --runner codex \
-  --batch test-results/external-agent-runs/<one-model-batch>/batch.json \
-  --timeout-minutes 30 \
-  --live \
-  --json
-```
-## Local Scenario Suites
+foh eval external-agent execute \
+  --runner codex \
+  --batch test-results/external-agent-runs/<one-model-batch>/batch.json \
+  --timeout-minutes 30 \
+  --live \
+  --json
+```
+For Linux eval hosts where Codex's default Bubblewrap sandbox cannot configure
+loopback networking, keep sandboxing enabled and select the legacy Landlock
+backend explicitly:
+```bash
+foh eval external-agent execute \
+  --runner codex \
+  --batch test-results/external-agent-runs/<one-model-batch>/batch.json \
+  --codex-sandbox-backend legacy-landlock \
+  --codex-network-access \
+  --timeout-minutes 30 \
+  --live \
+  --json
+```
+## Local Scenario Suites
 `foh test run --suite <file>` runs deterministic widget-runtime checks for a
 specific agent. The suite format supports reply text checks plus structured

package/dist/foh.js CHANGED Viewed

@@ -10029,9 +10029,56 @@ function resolveApiBaseUrl(cliOverride) {
   return resolveApiUrlOverride(cliOverride) ?? DEFAULT_FOH_API_URL;
 }
+// src/lib/org-id.ts
+function isUsableOrgId(value) {
+  const orgId = String(value ?? "").trim();
+  return Boolean(orgId);
+}
 // src/lib/credentials.ts
 var CONFIG_PATH = (0, import_path.join)((0, import_os.homedir)(), ".config", "foh", "credentials.json");
+var SERVICE_TOKEN_ENV = "FOH_SERVICE_TOKEN";
+var ORG_ID_ENV = "FOH_ORG_ID";
+var API_URL_ENV = "FOH_API_URL";
+var TOKEN_EXPIRES_AT_ENV = "FOH_TOKEN_EXPIRES_AT";
+function normalizeEnv(value) {
+  const normalized = String(value ?? "").trim();
+  return normalized ? normalized : void 0;
+}
+function decodeBase64UrlJson(value) {
+  try {
+    const padded = value.replace(/-/g, "+").replace(/_/g, "/").padEnd(Math.ceil(value.length / 4) * 4, "=");
+    return JSON.parse(Buffer.from(padded, "base64").toString("utf8"));
+  } catch {
+    return void 0;
+  }
+}
+function expiryFromJwt(token) {
+  const [, payload] = token.split(".");
+  if (!payload) return void 0;
+  const decoded = decodeBase64UrlJson(payload);
+  const exp = Number(decoded?.exp);
+  if (!Number.isFinite(exp) || exp <= 0) return void 0;
+  return new Date(exp * 1e3).toISOString();
+}
+function fallbackExpiry() {
+  return new Date(Date.now() + 60 * 60 * 1e3).toISOString();
+}
+function credentialsFromEnv(apiUrlOverride, env = process.env) {
+  const token = normalizeEnv(env[SERVICE_TOKEN_ENV]);
+  if (!token) return void 0;
+  const apiUrl = resolveApiUrlOverride(apiUrlOverride) ?? normalizeEnv(env[API_URL_ENV]) ?? DEFAULT_FOH_API_URL;
+  const orgId = normalizeEnv(env[ORG_ID_ENV]);
+  return {
+    apiUrl,
+    token,
+    expiresAt: normalizeEnv(env[TOKEN_EXPIRES_AT_ENV]) ?? expiryFromJwt(token) ?? fallbackExpiry(),
+    ...isUsableOrgId(orgId) ? { orgId } : {}
+  };
+}
 function loadCredentials(apiUrlOverride) {
+  const envCreds = credentialsFromEnv(apiUrlOverride);
+  if (envCreds) return envCreds;
   let creds;
   try {
     const raw = (0, import_fs.readFileSync)(CONFIG_PATH, "utf-8");
@@ -10059,12 +10106,6 @@ function clearCredentials() {
   }
 }
-// src/lib/org-id.ts
-function isUsableOrgId(value) {
-  const orgId = String(value ?? "").trim();
-  return Boolean(orgId);
-}
 // src/lib/command-runtime.ts
 function markCommandFailed(code = 1) {
   const normalized = Number.isFinite(code) ? Math.max(1, Math.trunc(code)) : 1;
@@ -16034,9 +16075,9 @@ function registerVoice(program3) {
     const outputPath = String(opts.out || `foh-voice-preview-${provider}-${voiceId}.mp3`).trim();
     const audio = Buffer.from(await res.arrayBuffer());
     const { mkdirSync: mkdirSync7, writeFileSync: writeFileSync9 } = await import("fs");
-    const { dirname: dirname5, resolve: resolve12 } = await import("path");
+    const { dirname: dirname6, resolve: resolve12 } = await import("path");
     const absolutePath = resolve12(outputPath);
-    mkdirSync7(dirname5(absolutePath), { recursive: true });
+    mkdirSync7(dirname6(absolutePath), { recursive: true });
     writeFileSync9(absolutePath, audio);
     format({
       status: "ok",
@@ -32640,7 +32681,7 @@ var StdioServerTransport = class {
 };
 // src/lib/cli-version.ts
-var CLI_VERSION = "0.1.14";
+var CLI_VERSION = "0.1.16";
 // src/commands/mcp-serve.ts
 var DEFAULT_TIMEOUT_MS = 12e4;
@@ -38281,7 +38322,8 @@ var TEXT_ARTIFACT_NAMES = /* @__PURE__ */ new Set([
   "run.json",
   "terminal-transcript.txt"
 ]);
-var SECRET_RE2 = /\b(?:Bearer\s+)?(?:sk|pk|xai|whsec|EAAN|ghp|gho|github_pat|npm_)[A-Za-z0-9_\-.]{12,}\b/gi;
+var SECRET_RE2 = /\b(?:Bearer\s+[A-Za-z0-9_\-.]{12,}|(?:sk|pk|xai|whsec|EAAN|ghp|gho|github_pat)[A-Za-z0-9_\-.]{12,}|npm_[A-Za-z0-9]{20,})\b/g;
+var SECRET_QUERY_PARAM_RE = /\b((?:device_code|access_token|refresh_token|api_key|token)=)[A-Za-z0-9_.~-]{12,}/gi;
 var EMAIL_RE2 = /\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi;
 var PHONE_RE2 = /(?<!\w)(?:\+?\d[\d\s().-]{7,}\d)(?!\w)/g;
 function escapeRegExp(value) {
@@ -38308,6 +38350,9 @@ function matchesFor(pattern, text) {
   const matches = text.match(pattern);
   return matches ? matches.length : 0;
 }
+function secretMatches(text) {
+  return matchesFor(SECRET_RE2, text) + matchesFor(SECRET_QUERY_PARAM_RE, text);
+}
 function redactionPatterns(input) {
   return {
     secret: SECRET_RE2,
@@ -38319,11 +38364,14 @@ function redactionPatterns(input) {
 }
 function redactExternalAgentArtifactText(text, input = {}) {
   const patterns = redactionPatterns(input);
-  let redacted = text.replace(patterns.secret, "[redacted_secret]").replace(patterns.email, "[redacted_email]").replace(patterns.phone, "[redacted_phone]");
+  let redacted = redactExternalAgentSecretText(text).replace(patterns.email, "[redacted_email]").replace(patterns.phone, "[redacted_phone]");
   if (patterns.privateRepo) redacted = redacted.replace(patterns.privateRepo, "[redacted_private_repo_path]");
   if (patterns.home) redacted = redacted.replace(patterns.home, "[redacted_home_path]");
   return redacted;
 }
+function redactExternalAgentSecretText(text) {
+  return text.replace(SECRET_QUERY_PARAM_RE, "$1[redacted_secret]").replace(SECRET_RE2, "[redacted_secret]");
+}
 function artifactFiles(runDir) {
   if (!(0, import_fs12.existsSync)(runDir)) return [];
   return (0, import_fs12.readdirSync)(runDir).map((name) => (0, import_path10.join)(runDir, name)).filter((path2) => {
@@ -38343,7 +38391,7 @@ function finding(kind, file2, count) {
 function scanText(input) {
   const patterns = redactionPatterns(input);
   return [
-    finding("secret_like_token", input.file, matchesFor(patterns.secret, input.text)),
+    finding("secret_like_token", input.file, secretMatches(input.text)),
     finding("private_repo_path", input.file, matchesFor(patterns.privateRepo, input.text)),
     finding("local_home_path", input.file, matchesFor(patterns.home, input.text)),
     finding("email_address", input.file, matchesFor(patterns.email, input.text)),
@@ -38483,6 +38531,12 @@ var CHILD_ENV_ALLOWLIST = [
   "USERPROFILE",
   "WINDIR"
 ];
+var EXTERNAL_AGENT_EVAL_AUTH_ENV_MAP = {
+  FOH_EXTERNAL_AGENT_EVAL_TOKEN: "FOH_SERVICE_TOKEN",
+  FOH_EXTERNAL_AGENT_EVAL_ORG_ID: "FOH_ORG_ID",
+  FOH_EXTERNAL_AGENT_EVAL_API_URL: "FOH_API_URL",
+  FOH_EXTERNAL_AGENT_EVAL_TOKEN_EXPIRES_AT: "FOH_TOKEN_EXPIRES_AT"
+};
 var ExternalAgentExecutorError = class extends Error {
   reasonCode;
   constructor(reasonCode, message) {
@@ -38505,6 +38559,12 @@ function buildCodexExecutorEnv(input) {
       env[key] = value;
     }
   }
+  for (const [sourceKey, childKey] of Object.entries(EXTERNAL_AGENT_EVAL_AUTH_ENV_MAP)) {
+    const value = source[sourceKey];
+    if (typeof value === "string" && value.trim() && !isDeniedEnvKey(childKey)) {
+      env[childKey] = value;
+    }
+  }
   env[EXTERNAL_AGENT_RUN_DIR_ENV] = input.runDir;
   env[EXTERNAL_AGENT_PROMPT_VERSION_ENV] = input.promptVersion;
   env.FOH_CLI_SUPPRESS_BANNER = "1";
@@ -38602,6 +38662,29 @@ ${help.stderr}`;
   }
   return { binaryChecked: true, requiredFlagsChecked: true };
 }
+function normalizeCodexSandboxBackend(value) {
+  const normalized = (value || "default").trim().toLowerCase();
+  if (normalized === "default" || normalized === "legacy-landlock") return normalized;
+  throw new ExternalAgentExecutorError(
+    "invalid_codex_sandbox_backend",
+    `Unsupported Codex sandbox backend: ${value}. Use default or legacy-landlock.`
+  );
+}
+function codexConfigArgs(input) {
+  const args = [];
+  if (input.backend === "legacy-landlock") {
+    args.push(
+      "-c",
+      "features.use_legacy_landlock=true",
+      "-c",
+      "features.use_linux_sandbox_bwrap=false"
+    );
+  }
+  if (input.networkAccess) {
+    args.push("-c", "sandbox_workspace_write.network_access=true");
+  }
+  return args;
+}
 function safeRunId(value) {
   return value.toLowerCase().replace(/[^a-z0-9_.-]+/g, "-").replace(/^-+|-+$/g, "") || "run";
 }
@@ -38624,6 +38707,8 @@ function createExternalAgentExecutorPlan(options) {
   const batchPath = (0, import_path12.resolve)(options.batchPath);
   const batch = readBatch(batchPath);
   const runnerProbe = validateCodexRunner(options);
+  const codexSandboxBackend = normalizeCodexSandboxBackend(options.codexSandboxBackend);
+  const codexNetworkAccess = options.codexNetworkAccess === true;
   const privateRepoRoot = (0, import_path12.resolve)(options.privateRepoRoot || options.cwd || process.cwd());
   const workspaceRoot = resolveWorkspaceRoot({ batchPath, workspaceRoot: options.workspaceRoot, privateRepoRoot });
   if (isPathInside(workspaceRoot, privateRepoRoot)) {
@@ -38666,12 +38751,12 @@ function createExternalAgentExecutorPlan(options) {
     const artifactSafetyPath = (0, import_path12.join)(runDir, "artifact-safety.json");
     const args = [
       "exec",
+      ...codexConfigArgs({ backend: codexSandboxBackend, networkAccess: codexNetworkAccess }),
       "--cd",
       workspaceDir,
       "--skip-git-repo-check",
       "--ephemeral",
       "--ignore-rules",
-      "--ignore-user-config",
       "--sandbox",
       "workspace-write",
       "--full-auto",
@@ -38719,7 +38804,9 @@ function createExternalAgentExecutorPlan(options) {
       runner_probe: {
         binary_checked: runnerProbe.binaryChecked,
         required_flags_checked: runnerProbe.requiredFlagsChecked
-      }
+      },
+      codex_sandbox_backend: codexSandboxBackend,
+      codex_network_access: codexNetworkAccess
     },
     runs
   };
@@ -38744,6 +38831,22 @@ function proofArtifactPasses(runDir) {
 function readIfExists(path2) {
   return (0, import_fs14.existsSync)(path2) ? (0, import_fs14.readFileSync)(path2, "utf8") : "";
 }
+function redactSecretLikeFile(path2) {
+  if (!(0, import_fs14.existsSync)(path2)) return;
+  const original = (0, import_fs14.readFileSync)(path2, "utf8");
+  const redacted = redactExternalAgentSecretText(original);
+  if (redacted !== original) (0, import_fs14.writeFileSync)(path2, redacted, "utf8");
+}
+function redactSecretLikeOutputArtifacts(run) {
+  redactSecretLikeFile(run.outputs.jsonl);
+  redactSecretLikeFile(run.outputs.last_message);
+  redactSecretLikeFile(run.outputs.stderr);
+}
+function copyCommandCaptureArtifacts(input) {
+  const commandLog = (0, import_path12.join)(input.captureDir, "commands.ndjson");
+  if (!(0, import_fs14.existsSync)(commandLog)) return;
+  (0, import_fs14.writeFileSync)((0, import_path12.join)(input.runDir, "commands.ndjson"), (0, import_fs14.readFileSync)(commandLog, "utf8"), "utf8");
+}
 function relativeArtifactName(path2) {
   return (0, import_path12.basename)(path2);
 }
@@ -38760,6 +38863,24 @@ ${stderr}`;
   if (/(?:blocked|rejected|declined) by policy|EXEC_POLICY_BLOCKED|command execution was rejected|shell commands were rejected/i.test(combined)) {
     return { status: "hold", reasonCode: "codex_exec_policy_blocked" };
   }
+  if (/bwrap:.*(?:RTM_NEWADDR|Operation not permitted)|bubblewrap.*(?:RTM_NEWADDR|Operation not permitted)|Failed RTM_NEWADDR|ENV_SANDBOX_EXEC_BLOCKED/i.test(combined)) {
+    return { status: "hold", reasonCode: "codex_sandbox_exec_blocked" };
+  }
+  if (/ENV_NETWORK_DNS_BLOCK|Could not resolve host|npm ping.*timeout|NO_EXECUTABLE_INSTALL/i.test(combined)) {
+    return { status: "hold", reasonCode: "codex_network_dns_blocked" };
+  }
+  if (/contact_phone_missing/i.test(combined)) {
+    return { status: "hold", reasonCode: "voice_contact_phone_missing" };
+  }
+  if (/simulation_certification_failed/i.test(combined)) {
+    return { status: "hold", reasonCode: "simulation_certification_failed" };
+  }
+  if (/proof_held/i.test(combined)) {
+    return { status: "hold", reasonCode: "external_agent_proof_held" };
+  }
+  if (/agent_limit_reached/i.test(combined)) {
+    return { status: "hold", reasonCode: "eval_org_agent_limit_reached" };
+  }
   if (/browser|approve|approval|login|auth|sign in/i.test(combined) && !proofArtifactPasses(input.run.run_dir)) {
     return { status: "hold", reasonCode: "auth_browser_approval_required" };
   }
@@ -38824,11 +38945,11 @@ function buildExecutedRunArtifact(input) {
 function spawnCodex(input) {
   return new Promise((resolveRun) => {
     const started = Date.now();
-    const useShell = process.platform === "win32" && input.command.toLowerCase().endsWith(".cmd");
-    const child = (0, import_child_process4.spawn)(input.command, input.args, {
+    const commandInvocation = buildCommandInvocation(input.command, input.args);
+    const child = (0, import_child_process4.spawn)(commandInvocation.command, commandInvocation.args, {
       cwd: input.cwd,
       env: input.env,
-      shell: useShell,
+      shell: false,
       stdio: ["pipe", "pipe", "pipe"],
       windowsHide: true
     });
@@ -38868,15 +38989,24 @@ function spawnCodex(input) {
     });
   });
 }
+function buildCommandInvocation(command, args) {
+  if (process.platform === "win32" && command.toLowerCase().endsWith(".cmd")) {
+    const codexEntrypoint = (0, import_path12.join)((0, import_path12.dirname)(command), "node_modules", "@openai", "codex", "bin", "codex.js");
+    if ((0, import_fs14.existsSync)(codexEntrypoint)) return { command: process.execPath, args: [codexEntrypoint, ...args] };
+  }
+  return { command, args };
+}
 async function executeExternalAgentExecutorPlan(plan, options = {}) {
   const startedAt = (/* @__PURE__ */ new Date()).toISOString();
   const results = [];
   const runnerCommand = options.runnerCommand || resolveCodexExecutionCommand();
   for (const run of plan.runs) {
     const runStartedAt = (/* @__PURE__ */ new Date()).toISOString();
+    const commandCaptureDir = (0, import_path12.join)(run.workspace_dir, ".foh-capture");
+    (0, import_fs14.mkdirSync)(commandCaptureDir, { recursive: true });
     const env = buildCodexExecutorEnv({
       sourceEnv: options.env,
-      runDir: run.run_dir,
+      runDir: commandCaptureDir,
       promptVersion: run.prompt_version
     });
     const spawned = await spawnCodex({
@@ -38889,6 +39019,8 @@ async function executeExternalAgentExecutorPlan(plan, options = {}) {
       stderrPath: run.outputs.stderr,
       timeoutMs: plan.timeout_minutes * 60 * 1e3
     });
+    copyCommandCaptureArtifacts({ captureDir: commandCaptureDir, runDir: run.run_dir });
+    redactSecretLikeOutputArtifacts(run);
     const artifactSafety = scanExternalAgentArtifacts({
       runDir: run.run_dir,
       privateRepoRoot: options.privateRepoRoot || plan.private_repo_root,
@@ -39212,7 +39344,7 @@ Exit the shell to finalize run.json.
     }), { json: Boolean(opts.json) });
     if (!report.ok) process.exitCode = 1;
   });
-  external.command("execute").description("Create a guarded dry-run executor plan for programmable external-agent runners").requiredOption("--batch <path>", "Path to external_agent_batch_plan.v1 batch.json").option("--runner <runner>", "Runner implementation", "codex").option("--workspace-root <path>", "Clean executor workspace root; must be outside the private repo").option("--private-repo-root <path>", "Private repository root to guard against").option("--timeout-minutes <minutes>", "Per-run timeout planned for future execution", "30").option("--skip-runner-probe", "Skip local runner binary/help probing").option("--dry-run", "Write the executor plan without launching the runner", true).option("--live", "Launch one controlled external-agent run after writing the guarded plan").option("--json", "Output as JSON").action(async (opts) => {
+  external.command("execute").description("Create a guarded dry-run executor plan for programmable external-agent runners").requiredOption("--batch <path>", "Path to external_agent_batch_plan.v1 batch.json").option("--runner <runner>", "Runner implementation", "codex").option("--workspace-root <path>", "Clean executor workspace root; must be outside the private repo").option("--private-repo-root <path>", "Private repository root to guard against").option("--timeout-minutes <minutes>", "Per-run timeout planned for future execution", "30").option("--codex-sandbox-backend <backend>", "Codex sandbox backend override: default|legacy-landlock", "default").option("--codex-network-access", "Allow Codex workspace-write sandbox network access for public docs/npm probes").option("--skip-runner-probe", "Skip local runner binary/help probing").option("--dry-run", "Write the executor plan without launching the runner", true).option("--live", "Launch one controlled external-agent run after writing the guarded plan").option("--json", "Output as JSON").action(async (opts) => {
     try {
       const plan = createExternalAgentExecutorPlan({
         batchPath: String(opts.batch),
@@ -39220,6 +39352,8 @@ Exit the shell to finalize run.json.
         workspaceRoot: opts.workspaceRoot ? String(opts.workspaceRoot) : void 0,
         privateRepoRoot: opts.privateRepoRoot ? String(opts.privateRepoRoot) : void 0,
         timeoutMinutes: Number(opts.timeoutMinutes || 30),
+        codexSandboxBackend: String(opts.codexSandboxBackend || "default"),
+        codexNetworkAccess: Boolean(opts.codexNetworkAccess),
         skipRunnerProbe: Boolean(opts.skipRunnerProbe),
         cwd: process.cwd()
       });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@f-o-h/cli",
-  "version": "0.1.14",
+  "version": "0.1.16",
   "description": "FOH CLI - AI-operator provisioning tool for Front Of House",
   "license": "UNLICENSED",
   "bin": {