npm - @geekbeer/minion - Versions diffs - 2.57.0 → 2.58.1 - Mend

@geekbeer/minion 2.57.0 → 2.58.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/core/routes/sudoers.js ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * Sudoers endpoint
+ *
+ * Endpoints:
+ * - GET /api/sudoers - List sudo permissions for the current user
+ */
+const { exec } = require('child_process')
+const { promisify } = require('util')
+const execAsync = promisify(exec)
+const { verifyToken } = require('../lib/auth')
+/**
+ * Parse `sudo -l` output into structured permission entries
+ * @param {string} output - Raw output from `sudo -l`
+ * @returns {string[]} List of allowed commands
+ */
+function parseSudoList(output) {
+  const lines = output.split('\n')
+  const commands = []
+  for (const line of lines) {
+    const trimmed = line.trim()
+    // Lines starting with (root) contain permission entries
+    if (trimmed.startsWith('(root)') || trimmed.startsWith('(ALL)')) {
+      // Extract the command part after NOPASSWD: or the run-as spec
+      const match = trimmed.match(/(?:NOPASSWD:\s*)(.+)$/)
+      if (match) {
+        commands.push(match[1].trim())
+      }
+    }
+  }
+  return commands
+}
+/**
+ * Register sudoers routes as Fastify plugin
+ * @param {import('fastify').FastifyInstance} fastify
+ */
+async function sudoersRoutes(fastify) {
+  fastify.get('/api/sudoers', async (request, reply) => {
+    if (!verifyToken(request)) {
+      reply.code(401)
+      return { success: false, error: 'Unauthorized' }
+    }
+    try {
+      const { stdout } = await execAsync('sudo -n -l 2>/dev/null', { timeout: 5000 })
+      const commands = parseSudoList(stdout)
+      return {
+        success: true,
+        commands,
+        raw: stdout.trim(),
+      }
+    } catch (error) {
+      // sudo -l may fail if sudo is not configured at all
+      return {
+        success: true,
+        commands: [],
+        raw: '',
+        note: 'sudo is not configured or no permissions granted',
+      }
+    }
+  })
+}
+module.exports = { sudoersRoutes }

package/linux/server.js CHANGED Viewed

@@ -20,6 +20,7 @@
  * Secrets:              GET /api/secrets, PUT/DELETE /api/secrets/:key
  * Config:               GET /api/config/backup, GET/PUT /api/config/env
  * Executions:           GET /api/executions, GET /api/executions/:id, etc.
+ * Sudoers:              GET /api/sudoers
  * ─────────────────────────────────────────────────────────────────────────────
  */
@@ -65,6 +66,7 @@ const { authRoutes } = require('../core/routes/auth')
 const { variableRoutes } = require('../core/routes/variables')
 const { memoryRoutes } = require('../core/routes/memory')
 const { dailyLogRoutes } = require('../core/routes/daily-logs')
+const { sudoersRoutes } = require('../core/routes/sudoers')
 // Linux-specific routes
 const { commandRoutes, getProcessManager, getAllowedCommands } = require('./routes/commands')
@@ -265,6 +267,7 @@ async function registerAllRoutes(app) {
   await app.register(variableRoutes)
   await app.register(memoryRoutes)
   await app.register(dailyLogRoutes)
+  await app.register(sudoersRoutes)
   // Linux-specific routes
   await app.register(commandRoutes)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@geekbeer/minion",
-  "version": "2.57.0",
+  "version": "2.58.1",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "linux/server.js",
   "bin": {