@groundnuty/macf 0.2.36 → 0.2.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.build-info.json +2 -2
- package/dist/cli/claude-sh.d.ts +12 -10
- package/dist/cli/claude-sh.d.ts.map +1 -1
- package/dist/cli/claude-sh.js +13 -11
- package/dist/cli/claude-sh.js.map +1 -1
- package/dist/cli/commands/certs.d.ts.map +1 -1
- package/dist/cli/commands/certs.js +6 -2
- package/dist/cli/commands/certs.js.map +1 -1
- package/dist/cli/commands/doctor.d.ts +102 -3
- package/dist/cli/commands/doctor.d.ts.map +1 -1
- package/dist/cli/commands/doctor.js +349 -55
- package/dist/cli/commands/doctor.js.map +1 -1
- package/dist/cli/commands/init.d.ts +24 -0
- package/dist/cli/commands/init.d.ts.map +1 -1
- package/dist/cli/commands/init.js +81 -8
- package/dist/cli/commands/init.js.map +1 -1
- package/dist/cli/commands/monitor.d.ts +16 -0
- package/dist/cli/commands/monitor.d.ts.map +1 -0
- package/dist/cli/commands/monitor.js +96 -0
- package/dist/cli/commands/monitor.js.map +1 -0
- package/dist/cli/commands/propose.d.ts +21 -0
- package/dist/cli/commands/propose.d.ts.map +1 -0
- package/dist/cli/commands/propose.js +128 -0
- package/dist/cli/commands/propose.js.map +1 -0
- package/dist/cli/commands/ps.d.ts +17 -0
- package/dist/cli/commands/ps.d.ts.map +1 -0
- package/dist/cli/commands/ps.js +69 -0
- package/dist/cli/commands/ps.js.map +1 -0
- package/dist/cli/commands/registry-prune.d.ts +44 -0
- package/dist/cli/commands/registry-prune.d.ts.map +1 -0
- package/dist/cli/commands/registry-prune.js +124 -0
- package/dist/cli/commands/registry-prune.js.map +1 -0
- package/dist/cli/commands/rules-refresh.d.ts +1 -0
- package/dist/cli/commands/rules-refresh.d.ts.map +1 -1
- package/dist/cli/commands/rules-refresh.js +22 -1
- package/dist/cli/commands/rules-refresh.js.map +1 -1
- package/dist/cli/commands/update.d.ts.map +1 -1
- package/dist/cli/commands/update.js +23 -2
- package/dist/cli/commands/update.js.map +1 -1
- package/dist/cli/config.d.ts +2 -0
- package/dist/cli/config.d.ts.map +1 -1
- package/dist/cli/config.js +16 -0
- package/dist/cli/config.js.map +1 -1
- package/dist/cli/env-files-update.d.ts.map +1 -1
- package/dist/cli/env-files-update.js +5 -1
- package/dist/cli/env-files-update.js.map +1 -1
- package/dist/cli/env-files.d.ts +38 -13
- package/dist/cli/env-files.d.ts.map +1 -1
- package/dist/cli/env-files.js +84 -14
- package/dist/cli/env-files.js.map +1 -1
- package/dist/cli/index.js +142 -5
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/monitor/digest.d.ts +89 -0
- package/dist/cli/monitor/digest.d.ts.map +1 -0
- package/dist/cli/monitor/digest.js +232 -0
- package/dist/cli/monitor/digest.js.map +1 -0
- package/dist/cli/monitor/github-reader.d.ts +38 -0
- package/dist/cli/monitor/github-reader.d.ts.map +1 -0
- package/dist/cli/monitor/github-reader.js +65 -0
- package/dist/cli/monitor/github-reader.js.map +1 -0
- package/dist/cli/monitor/reflections.d.ts +18 -0
- package/dist/cli/monitor/reflections.d.ts.map +1 -0
- package/dist/cli/monitor/reflections.js +72 -0
- package/dist/cli/monitor/reflections.js.map +1 -0
- package/dist/cli/monitor/run.d.ts +30 -0
- package/dist/cli/monitor/run.d.ts.map +1 -0
- package/dist/cli/monitor/run.js +67 -0
- package/dist/cli/monitor/run.js.map +1 -0
- package/dist/cli/proc-scan.d.ts +81 -0
- package/dist/cli/proc-scan.d.ts.map +1 -0
- package/dist/cli/proc-scan.js +172 -0
- package/dist/cli/proc-scan.js.map +1 -0
- package/dist/cli/project-rules.d.ts +105 -0
- package/dist/cli/project-rules.d.ts.map +1 -0
- package/dist/cli/project-rules.js +305 -0
- package/dist/cli/project-rules.js.map +1 -0
- package/dist/cli/propose/candidates.d.ts +95 -0
- package/dist/cli/propose/candidates.d.ts.map +1 -0
- package/dist/cli/propose/candidates.js +117 -0
- package/dist/cli/propose/candidates.js.map +1 -0
- package/dist/cli/propose/invariants.d.ts +49 -0
- package/dist/cli/propose/invariants.d.ts.map +1 -0
- package/dist/cli/propose/invariants.js +154 -0
- package/dist/cli/propose/invariants.js.map +1 -0
- package/dist/cli/propose/proposal-writer.d.ts +33 -0
- package/dist/cli/propose/proposal-writer.d.ts.map +1 -0
- package/dist/cli/propose/proposal-writer.js +53 -0
- package/dist/cli/propose/proposal-writer.js.map +1 -0
- package/dist/cli/propose/report.d.ts +49 -0
- package/dist/cli/propose/report.d.ts.map +1 -0
- package/dist/cli/propose/report.js +227 -0
- package/dist/cli/propose/report.js.map +1 -0
- package/dist/cli/propose/run.d.ts +41 -0
- package/dist/cli/propose/run.d.ts.map +1 -0
- package/dist/cli/propose/run.js +62 -0
- package/dist/cli/propose/run.js.map +1 -0
- package/dist/cli/role-settings-model.d.ts +70 -0
- package/dist/cli/role-settings-model.d.ts.map +1 -0
- package/dist/cli/role-settings-model.js +90 -0
- package/dist/cli/role-settings-model.js.map +1 -0
- package/dist/cli/settings-writer.d.ts +103 -6
- package/dist/cli/settings-writer.d.ts.map +1 -1
- package/dist/cli/settings-writer.js +259 -8
- package/dist/cli/settings-writer.js.map +1 -1
- package/dist/reconciler/reconcile.d.ts +31 -0
- package/dist/reconciler/reconcile.d.ts.map +1 -1
- package/dist/reconciler/reconcile.js +47 -3
- package/dist/reconciler/reconcile.js.map +1 -1
- package/dist/reconciler/run.d.ts +21 -1
- package/dist/reconciler/run.d.ts.map +1 -1
- package/dist/reconciler/run.js +106 -17
- package/dist/reconciler/run.js.map +1 -1
- package/package.json +2 -2
- package/plugin/rules/gh-token-attribution-traps.md +4 -0
- package/plugin/rules/observability-wiring.md +3 -3
- package/plugin/rules/reflection-staging.md +65 -0
- package/plugin/rules/silent-fallback-hazards.md +21 -4
- package/scripts/check-auditor-never-acts.sh +167 -0
- package/scripts/check-gh-attribution.sh +254 -0
- package/scripts/emit-turn-receipt.sh +1 -1
- package/scripts/harvest-reflection.sh +125 -0
package/dist/.build-info.json
CHANGED
package/dist/cli/claude-sh.d.ts
CHANGED
|
@@ -50,16 +50,18 @@ export declare function settingsGetHelperLines(): string[];
|
|
|
50
50
|
* reachable over Tailscale / other
|
|
51
51
|
* network paths.
|
|
52
52
|
*
|
|
53
|
-
* Default endpoint is
|
|
54
|
-
*
|
|
55
|
-
*
|
|
56
|
-
*
|
|
57
|
-
*
|
|
58
|
-
*
|
|
59
|
-
* `:
|
|
60
|
-
*
|
|
61
|
-
*
|
|
62
|
-
*
|
|
53
|
+
* Default endpoint is
|
|
54
|
+
* `http://orzech-dev-agents-monitoring.tail491af.ts.net:4318` — the
|
|
55
|
+
* dedicated monitoring VM reached over Tailscale (macf#516, 2026-06-17).
|
|
56
|
+
* The stack moved off the per-host k3d cluster to its own VM, so agents
|
|
57
|
+
* are now cross-VM over the tailnet — `127.0.0.1` no longer reaches the
|
|
58
|
+
* collector. The VM uses OTel-native ports (no `+10000` k3d serverlb
|
|
59
|
+
* offset): OTLP HTTP `:4318`, OTLP gRPC `:4317`, Tempo query `:3200`.
|
|
60
|
+
* The old k3d loopback defaults (the +10000 serverlb ports per
|
|
61
|
+
* macf#418/#282) are DEAD. Aligns with the
|
|
62
|
+
* `MACF_ADVERTISE_HOST ?? '127.0.0.1'` sibling
|
|
63
|
+
* default in this file (advertise-host stays loopback — only the OTLP
|
|
64
|
+
* collector moved off-host).
|
|
63
65
|
*
|
|
64
66
|
* Run-time override: the GENERATED claude.sh emits
|
|
65
67
|
* `${OTEL_EXPORTER_OTLP_ENDPOINT:-<default>}` so a per-launch
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-sh.d.ts","sourceRoot":"","sources":["../../src/cli/claude-sh.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAuBnD;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,EAAE,CA4B/D;AAYD;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CAejD;AA0ED
|
|
1
|
+
{"version":3,"file":"claude-sh.d.ts","sourceRoot":"","sources":["../../src/cli/claude-sh.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAuBnD;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,EAAE,CA4B/D;AAYD;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CAejD;AA0ED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,eAAe,EACvB,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,MAAM,EAAE,CAgEV;AA4BD;;;;;;;;;;GAUG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,EAAE,CAkBhE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,EAAE,CAiB1D;AAiBD;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,EAAE,CAgC1E;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAkGhE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAG,MAAM,CAUnF"}
|
package/dist/cli/claude-sh.js
CHANGED
|
@@ -205,16 +205,18 @@ function tmuxSelfWrapLines() {
|
|
|
205
205
|
* reachable over Tailscale / other
|
|
206
206
|
* network paths.
|
|
207
207
|
*
|
|
208
|
-
* Default endpoint is
|
|
209
|
-
*
|
|
210
|
-
*
|
|
211
|
-
*
|
|
212
|
-
*
|
|
213
|
-
*
|
|
214
|
-
* `:
|
|
215
|
-
*
|
|
216
|
-
*
|
|
217
|
-
*
|
|
208
|
+
* Default endpoint is
|
|
209
|
+
* `http://orzech-dev-agents-monitoring.tail491af.ts.net:4318` — the
|
|
210
|
+
* dedicated monitoring VM reached over Tailscale (macf#516, 2026-06-17).
|
|
211
|
+
* The stack moved off the per-host k3d cluster to its own VM, so agents
|
|
212
|
+
* are now cross-VM over the tailnet — `127.0.0.1` no longer reaches the
|
|
213
|
+
* collector. The VM uses OTel-native ports (no `+10000` k3d serverlb
|
|
214
|
+
* offset): OTLP HTTP `:4318`, OTLP gRPC `:4317`, Tempo query `:3200`.
|
|
215
|
+
* The old k3d loopback defaults (the +10000 serverlb ports per
|
|
216
|
+
* macf#418/#282) are DEAD. Aligns with the
|
|
217
|
+
* `MACF_ADVERTISE_HOST ?? '127.0.0.1'` sibling
|
|
218
|
+
* default in this file (advertise-host stays loopback — only the OTLP
|
|
219
|
+
* collector moved off-host).
|
|
218
220
|
*
|
|
219
221
|
* Run-time override: the GENERATED claude.sh emits
|
|
220
222
|
* `${OTEL_EXPORTER_OTLP_ENDPOINT:-<default>}` so a per-launch
|
|
@@ -233,7 +235,7 @@ export function otelTelemetryLines(config, env = process.env) {
|
|
|
233
235
|
if (env['MACF_OTEL_DISABLED'] === '1' || env['MACF_OTEL_DISABLED'] === 'true') {
|
|
234
236
|
return [];
|
|
235
237
|
}
|
|
236
|
-
const endpoint = env['MACF_OTEL_ENDPOINT'] ?? 'http://
|
|
238
|
+
const endpoint = env['MACF_OTEL_ENDPOINT'] ?? 'http://orzech-dev-agents-monitoring.tail491af.ts.net:4318';
|
|
237
239
|
// The endpoint value gets embedded verbatim in a shell double-
|
|
238
240
|
// quoted export. Reject chars that would break quoting or trigger
|
|
239
241
|
// substitution: `"`, `$`, backtick, backslash, newline. Same
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"claude-sh.js","sourceRoot":"","sources":["../../src/cli/claude-sh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAG1C,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAC9E,EAAE;AACF,0DAA0D;AAC1D,2DAA2D;AAC3D,+DAA+D;AAC/D,kEAAkE;AAClE,0DAA0D;AAC1D,qEAAqE;AACrE,oEAAoE;AACpE,sDAAsD;AACtD,EAAE;AACF,iEAAiE;AACjE,gEAAgE;AAChE,oEAAoE;AACpE,2DAA2D;AAC3D,EAAE;AACF,sEAAsE;AACtE,yEAAyE;AAEzE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAoB;IACnD,QAAQ,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC1B,KAAK,MAAM;YACT,OAAO;gBACL,kCAAkC;gBAClC,8BAA8B,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG;aACzE,CAAC;QACJ,KAAK,KAAK;YACR,OAAO;gBACL,iCAAiC;gBACjC,6BAA6B,GAAG,CAAC,QAAQ,CAAC,GAAG,GAAG;aACjD,CAAC;QACJ,KAAK,SAAS;YACZ,OAAO;gBACL,qCAAqC;gBACrC,8BAA8B,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG;aACnD,CAAC;QACJ,KAAK,OAAO;YACV,8DAA8D;YAC9D,iEAAiE;YACjE,+DAA+D;YAC/D,mEAAmE;YACnE,mEAAmE;YACnE,OAAO;gBACL,mCAAmC;gBACnC,8BAA8B,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG;aACnD,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,GAAoB;IACvC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC;AACvC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,EAAE;QACF,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,8EAA8E;QAC9E,yEAAyE;QACzE,uBAAuB;QACvB,uBAAuB;QACvB,8FAA8F;QAC9F,6FAA6F;QAC7F,MAAM;QACN,GAAG;KACJ,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,SAAS,iBAAiB;IACxB,OAAO;QACL,EAAE;QACF,gEAAgE;QAChE,qEAAqE;QACrE,mEAAmE;QACnE,mEAAmE;QACnE,mEAAmE;QACnE,qCAAqC;QACrC,GAAG;QACH,oEAAoE;QACpE,qEAAqE;QACrE,iEAAiE;QACjE,mEAAmE;QACnE,+DAA+D;QAC/D,mEAAmE;QACnE,oEAAoE;QACpE,qEAAqE;QACrE,iEAAiE;QACjE,qEAAqE;QACrE,mEAAmE;QACnE,gEAAgE;QAChE,wCAAwC;QACxC,GAAG;QACH,4CAA4C;QAC5C,uEAAuE;QACvE,2CAA2C;QAC3C,oEAAoE;QACpE,qDAAqD;QACrD,4DAA4D;QAC5D,yCAAyC;QACzC,QAAQ;QACR,qEAAqE;QACrE,sEAAsE;QACtE,uEAAuE;QACvE,qEAAqE;QACrE,mEAAmE;QACnE,mEAAmE;QACnE,2DAA2D;QAC3D,yBAAyB;QACzB,0CAA0C;QAC1C,iDAAiD;QACjD,8CAA8C;QAC9C,kGAAkG;QAClG,MAAM;QACN,IAAI;KACL,CAAC;AACJ,CAAC;AAED
|
|
1
|
+
{"version":3,"file":"claude-sh.js","sourceRoot":"","sources":["../../src/cli/claude-sh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAG1C,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAC9E,EAAE;AACF,0DAA0D;AAC1D,2DAA2D;AAC3D,+DAA+D;AAC/D,kEAAkE;AAClE,0DAA0D;AAC1D,qEAAqE;AACrE,oEAAoE;AACpE,sDAAsD;AACtD,EAAE;AACF,iEAAiE;AACjE,gEAAgE;AAChE,oEAAoE;AACpE,2DAA2D;AAC3D,EAAE;AACF,sEAAsE;AACtE,yEAAyE;AAEzE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAoB;IACnD,QAAQ,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC1B,KAAK,MAAM;YACT,OAAO;gBACL,kCAAkC;gBAClC,8BAA8B,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG;aACzE,CAAC;QACJ,KAAK,KAAK;YACR,OAAO;gBACL,iCAAiC;gBACjC,6BAA6B,GAAG,CAAC,QAAQ,CAAC,GAAG,GAAG;aACjD,CAAC;QACJ,KAAK,SAAS;YACZ,OAAO;gBACL,qCAAqC;gBACrC,8BAA8B,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG;aACnD,CAAC;QACJ,KAAK,OAAO;YACV,8DAA8D;YAC9D,iEAAiE;YACjE,+DAA+D;YAC/D,mEAAmE;YACnE,mEAAmE;YACnE,OAAO;gBACL,mCAAmC;gBACnC,8BAA8B,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG;aACnD,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,GAAoB;IACvC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC;AACvC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,EAAE;QACF,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,8EAA8E;QAC9E,yEAAyE;QACzE,uBAAuB;QACvB,uBAAuB;QACvB,8FAA8F;QAC9F,6FAA6F;QAC7F,MAAM;QACN,GAAG;KACJ,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,SAAS,iBAAiB;IACxB,OAAO;QACL,EAAE;QACF,gEAAgE;QAChE,qEAAqE;QACrE,mEAAmE;QACnE,mEAAmE;QACnE,mEAAmE;QACnE,qCAAqC;QACrC,GAAG;QACH,oEAAoE;QACpE,qEAAqE;QACrE,iEAAiE;QACjE,mEAAmE;QACnE,+DAA+D;QAC/D,mEAAmE;QACnE,oEAAoE;QACpE,qEAAqE;QACrE,iEAAiE;QACjE,qEAAqE;QACrE,mEAAmE;QACnE,gEAAgE;QAChE,wCAAwC;QACxC,GAAG;QACH,4CAA4C;QAC5C,uEAAuE;QACvE,2CAA2C;QAC3C,oEAAoE;QACpE,qDAAqD;QACrD,4DAA4D;QAC5D,yCAAyC;QACzC,QAAQ;QACR,qEAAqE;QACrE,sEAAsE;QACtE,uEAAuE;QACvE,qEAAqE;QACrE,mEAAmE;QACnE,mEAAmE;QACnE,2DAA2D;QAC3D,yBAAyB;QACzB,0CAA0C;QAC1C,iDAAiD;QACjD,8CAA8C;QAC9C,kGAAkG;QAClG,MAAM;QACN,IAAI;KACL,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAuB,EACvB,MAAyB,OAAO,CAAC,GAAG;IAEpC,IAAI,GAAG,CAAC,oBAAoB,CAAC,KAAK,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,KAAK,MAAM,EAAE,CAAC;QAC9E,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,QAAQ,GACZ,GAAG,CAAC,oBAAoB,CAAC,IAAI,2DAA2D,CAAC;IAE3F,+DAA+D;IAC/D,kEAAkE;IAClE,6DAA6D;IAC7D,oDAAoD;IACpD,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,wDAAwD;YACtD,QAAQ,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI;YACpC,6CAA6C,CAChD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,EAAE;QACF,iFAAiF;QACjF,yEAAyE;QACzE,gFAAgF;QAChF,+EAA+E;QAC/E,mFAAmF;QACnF,uEAAuE;QACvE,wEAAwE;QACxE,qEAAqE;QACrE,wEAAwE;QACxE,yEAAyE;QACzE,sEAAsE;QACtE,yEAAyE;QACzE,kEAAkE;QAClE,2DAA2D;QAC3D,gEAAgE;QAChE,gEAAgE;QAChE,gEAAgE;QAChE,+DAA+D;QAC/D,8DAA8D;QAC9D,uCAAuC;QACvC,8CAA8C;QAC9C,kCAAkC;QAClC,mCAAmC;QACnC,gCAAgC;QAChC,gDAAgD;QAChD,6EAA6E;QAC7E,wCAAwC;QACxC,uEAAuE;QACvE,8EAA8E;QAC9E,qEAAqE;QACrE,sEAAsE;QACtE,iEAAiE;QACjE,qEAAqE;QACrE,sEAAsE;QACtE,uEAAuE;QACvE,sFAAsF;QACtF,8CAA8C,QAAQ,IAAI;QAC1D,0FAA0F;QAC1F,kDAAkD;QAClD,wCAAwC,MAAM,CAAC,UAAU,GAAG;QAC5D,sDAAsD,MAAM,CAAC,UAAU,sBAAsB,MAAM,CAAC,UAAU,0BAA0B;KACzI,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,WAAW,CAAC,GAAoB;IACvC,QAAQ,GAAG,CAAC,UAAU,EAAE,CAAC;QACvB,KAAK,WAAW;YACd,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,oBAAoB,GAAG;IAC3B,oEAAoE;IACpE,gEAAgE;IAChE,sEAAsE;IACtE,kEAAkE;CACnE,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAoB;IACpD,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,EAAE,CAAC;IACnD,OAAO;QACL,kBAAkB,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG;QAC1C,sBAAsB,GAAG,CAAC,UAAU,CAAC,UAAU,GAAG;QAClD,oBAAoB,GAAG,CAAC,UAAU,CAAC,QAAQ,GAAG;QAC9C,kEAAkE;QAClE,gEAAgE;QAChE,kEAAkE;QAClE,gEAAgE;QAChE,+DAA+D;QAC/D,kDAAkD;QAClD,qBAAqB;QACrB,8BAA8B;QAC9B,0CAA0C;QAC1C,MAAM;QACN,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CAAC,GAAoB;IAC9C,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,mEAAmE;QACnE,mEAAmE;QACnE,wEAAwE;QACxE,MAAM,WAAW,GAAG,YAAY,CAC9B,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACvD,CAAC;QACF,OAAO;YACL,wBAAwB,WAAW,IAAI,GAAG,CAAC,OAAO,UAAU;YAC5D,uBAAuB,WAAW,IAAI,GAAG,CAAC,OAAO,UAAU;SAC5D,CAAC;IACJ,CAAC;IACD,OAAO;QACL,0CAA0C,GAAG,CAAC,OAAO,eAAe;QACpE,yCAAyC,GAAG,CAAC,OAAO,cAAc;KACnE,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,YAAY,CAAC,CAAS;IAC7B,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,GAAG,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACxB,IAAI,GAAG,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IAC1B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACzB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CAAC,GAAoB;IAC9D,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO;YACL,kEAAkE;YAClE,mEAAmE;YACnE,oEAAoE;YACpE,qEAAqE;YACrE,+DAA+D;YAC/D,EAAE;YACF,kBAAkB,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,UAAU,6BAA6B;YAChF,EAAE;SACH,CAAC;IACJ,CAAC;IACD,OAAO;QACL,0EAA0E;QAC1E,0EAA0E;QAC1E,4EAA4E;QAC5E,2EAA2E;QAC3E,2EAA2E;QAC3E,oEAAoE;QACpE,8DAA8D;QAC9D,2EAA2E;QAC3E,qEAAqE;QACrE,UAAU;QACV,GAAG;QACH,iBAAiB;QACjB,EAAE;QACF,2BAA2B,GAAG,CAAC,UAAU,QAAQ;QACjD,8BAA8B,GAAG,CAAC,UAAU,QAAQ;QACpD,EAAE;QACF,kBAAkB,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,UAAU,OAAO;KAC3D,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAuB;IACtD,OAAO;QACL,qBAAqB;QACrB,mBAAmB;QACnB,EAAE;QACF,0BAA0B,MAAM,CAAC,UAAU,EAAE;QAC7C,GAAG,oBAAoB;QACvB,GAAG;QACH,mEAAmE;QACnE,yEAAyE;QACzE,uEAAuE;QACvE,gEAAgE;QAChE,GAAG;QACH,6DAA6D;QAC7D,wFAAwF;QACxF,6FAA6F;QAC7F,kHAAkH;QAClH,6FAA6F;QAC7F,6FAA6F;QAC7F,2HAA2H;QAC3H,2HAA2H;QAC3H,GAAG;QACH,2EAA2E;QAC3E,6EAA6E;QAC7E,0EAA0E;QAC1E,gFAAgF;QAChF,gEAAgE;QAChE,EAAE;QACF,4DAA4D;QAC5D,kBAAkB;QAClB,EAAE;QACF,6DAA6D;QAC7D,mEAAmE;QACnE,8DAA8D;QAC9D,oEAAoE;QACpE,qEAAqE;QACrE,kCAAkC;QAClC,GAAG;QACH,oEAAoE;QACpE,iEAAiE;QACjE,sEAAsE;QACtE,yEAAyE;QACzE,sEAAsE;QACtE,wEAAwE;QACxE,wEAAwE;QACxE,oEAAoE;QACpE,gEAAgE;QAChE,6DAA6D;QAC7D,6CAA6C;QAC7C,kDAAkD;QAClD,gCAAgC;QAChC,QAAQ;QACR,IAAI;QACJ,EAAE;QACF,kEAAkE;QAClE,mEAAmE;QACnE,oEAAoE;QACpE,mEAAmE;QACnE,0DAA0D;QAC1D,GAAG;QACH,qEAAqE;QACrE,sEAAsE;QACtE,+DAA+D;QAC/D,8DAA8D;QAC9D,4BAA4B;QAC5B,+BAA+B,MAAM,CAAC,cAAc,IAAI,WAAW,GAAG;QACtE,0CAA0C;QAC1C,GAAG,iBAAiB,EAAE;QACtB,EAAE;QACF,sEAAsE;QACtE,oEAAoE;QACpE,kEAAkE;QAClE,oEAAoE;QACpE,uDAAuD;QACvD,EAAE;QACF,kEAAkE;QAClE,oEAAoE;QACpE,iEAAiE;QACjE,4DAA4D;QAC5D,uBAAuB;QACvB,EAAE;QACF,sEAAsE;QACtE,yEAAyE;QACzE,yEAAyE;QACzE,oEAAoE;QACpE,mEAAmE;QACnE,uEAAuE;QACvE,kCAAkC;QAClC,4DAA4D;QAC5D,MAAM;QACN,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC;YAChC,CAAC,CAAC;gBACE,YAAY,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,2GAA2G;aACrJ;YACH,CAAC,CAAC,CAAC,4DAA4D,CAAC,CAAC;QACnE,IAAI;QACJ,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,YAAoB,EAAE,MAAuB;IACzE,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACvC,aAAa,CAAC,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/D,uEAAuE;IACvE,qEAAqE;IACrE,kEAAkE;IAClE,oDAAoD;IACpD,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACvB,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/certs.ts"],"names":[],"mappings":"AAoCA;;GAEG;AACH,wBAAsB,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA8CjE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAiCpE;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/certs.ts"],"names":[],"mappings":"AAoCA;;GAEG;AACH,wBAAsB,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA8CjE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAiCpE;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CnE;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE,yBAA8B,GACnC,OAAO,CAAC,IAAI,CAAC,CAyFf"}
|
|
@@ -121,9 +121,13 @@ export async function certsRotate(projectDir) {
|
|
|
121
121
|
const ca = loadCA(caCertP, caKeyP);
|
|
122
122
|
const certP = agentCertPath(projectDir);
|
|
123
123
|
const keyP = agentKeyPath(projectDir);
|
|
124
|
-
|
|
124
|
+
// macf#545: the cert CN is the ROUTING identity (registry key), not the OTEL
|
|
125
|
+
// bot-name — mTLS validates the CN against the slot the router resolved.
|
|
126
|
+
// Defaults to agent_name (back-compat; inert when routing_label is unset).
|
|
127
|
+
const certCn = config.routing_label ?? config.agent_name;
|
|
128
|
+
console.log(`Rotating certificate for "${certCn}"...`);
|
|
125
129
|
await generateAgentCert({
|
|
126
|
-
agentName:
|
|
130
|
+
agentName: certCn,
|
|
127
131
|
caCertPem: ca.certPem,
|
|
128
132
|
caKeyPem: ca.keyPem,
|
|
129
133
|
// Flow the advertised host into the cert SAN so TLS hostname
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certs.js","sourceRoot":"","sources":["../../../src/cli/commands/certs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EACL,eAAe,EAAE,aAAa,EAAE,YAAY,EAC5C,UAAU,IAAI,aAAa,EAAE,SAAS,IAAI,YAAY,EAAE,KAAK,EAC7D,qBAAqB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,iBAAiB,GAAG,gBAAgB,CAAC;AAC3C,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B,KAAK,UAAU,gBAAgB,CAAC,OAAe;IAC7C,IAAI,CAAC;QACH,OAAO,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,eAAe,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe;QACpC,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA0C,EAAE,KAAa;IACnF,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACjF,OAAO,sBAAsB,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,UAAkB;IAChD,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEjD,gFAAgF;IAChF,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE5C,OAAO,CAAC,GAAG,CAAC,4BAA4B,MAAM,CAAC,OAAO,MAAM,CAAC,CAAC;IAE9D,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC;QACxB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,MAAM;QACf,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,EAAE,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,qCAAqC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE9F,mBAAmB;IACnB,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,sCAAsC,CAAC,CAAC;IAClF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,WAAW,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,UAAU;QACV,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,+CAA+C,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACjH,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAkB;IACnD,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEjD,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,wCAAwC,CAAC,CAAC;IACpF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACtD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,0CAA0C;IAC1C,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE5C,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAElD,MAAM,YAAY,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,UAAU;QACV,OAAO,EAAE,MAAM;QACf,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,UAAkB;IAClD,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,OAAO,CAAC,KAAK,CAAC,gFAAgF,CAAC,CAAC;QAChG,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEnC,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IAEtC,
|
|
1
|
+
{"version":3,"file":"certs.js","sourceRoot":"","sources":["../../../src/cli/commands/certs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EACL,eAAe,EAAE,aAAa,EAAE,YAAY,EAC5C,UAAU,IAAI,aAAa,EAAE,SAAS,IAAI,YAAY,EAAE,KAAK,EAC7D,qBAAqB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,iBAAiB,GAAG,gBAAgB,CAAC;AAC3C,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B,KAAK,UAAU,gBAAgB,CAAC,OAAe;IAC7C,IAAI,CAAC;QACH,OAAO,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,eAAe,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe;QACpC,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA0C,EAAE,KAAa;IACnF,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACjF,OAAO,sBAAsB,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,UAAkB;IAChD,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEjD,gFAAgF;IAChF,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE5C,OAAO,CAAC,GAAG,CAAC,4BAA4B,MAAM,CAAC,OAAO,MAAM,CAAC,CAAC;IAE9D,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC;QACxB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,MAAM;QACf,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,EAAE,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,qCAAqC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE9F,mBAAmB;IACnB,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,sCAAsC,CAAC,CAAC;IAClF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,WAAW,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,UAAU;QACV,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,+CAA+C,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACjH,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAkB;IACnD,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEjD,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,wCAAwC,CAAC,CAAC;IACpF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACtD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,0CAA0C;IAC1C,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE5C,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAElD,MAAM,YAAY,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,UAAU;QACV,OAAO,EAAE,MAAM;QACf,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,UAAkB;IAClD,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,OAAO,CAAC,KAAK,CAAC,gFAAgF,CAAC,CAAC;QAChG,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEnC,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IAEtC,6EAA6E;IAC7E,yEAAyE;IACzE,2EAA2E;IAC3E,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,UAAU,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,6BAA6B,MAAM,MAAM,CAAC,CAAC;IAEvD,MAAM,iBAAiB,CAAC;QACtB,SAAS,EAAE,MAAM;QACjB,SAAS,EAAE,EAAE,CAAC,OAAO;QACrB,QAAQ,EAAE,EAAE,CAAC,MAAM;QACnB,6DAA6D;QAC7D,kEAAkE;QAClE,4DAA4D;QAC5D,GAAG,CAAC,MAAM,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxF,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IAC/B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AACpC,CAAC;AAOD;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,UAAkB,EAClB,OAAkC,EAAE;IAEpC,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,qBAAqB,CAAC;IAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACxD,OAAO,CAAC,KAAK,CAAC,oDAAoD,IAAI,CAAC,YAAY,IAAI,CAAC,CAAC;QACzF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,YAAY,GAAG,kBAAkB,EAAE,CAAC;QACtC,OAAO,CAAC,IAAI,CACV,wBAAwB,YAAY,iBAAiB,kBAAkB,SAAS;YAChF,kEAAkE;YAClE,sCAAsC,CACvC,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,OAAO,CAAC,KAAK,CACX,2EAA2E;YAC3E,4FAA4F,CAC7F,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEnC,mEAAmE;IACnE,iEAAiE;IACjE,gCAAgC;IAChC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,wBAAwB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAClF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACvD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,CAAC,KAAK,CACX,mBAAmB,iBAAiB,2BAA2B;YAC/D,yEAAyE;YACzE,iDAAiD,CAClD,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,4CAA4C,MAAM,CAAC,OAAO,MAAM,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,qBAAqB,iBAAiB,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,OAAO,CAAC,CAAC;IAEtD,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC;QACtC,UAAU,EAAE,iBAAiB;QAC7B,YAAY;QACZ,SAAS,EAAE,EAAE,CAAC,OAAO;QACrB,QAAQ,EAAE,EAAE,CAAC,MAAM;KACpB,CAAC,CAAC;IAEH,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAC;QAC3D,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,0BAA0B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzF,OAAO,CAAC,GAAG,CAAC,0BAA0B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1F,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxF,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,0GAA0G,CAAC,CAAC;IACxH,OAAO,CAAC,GAAG,CAAC,8FAA8F,CAAC,CAAC;IAC5G,OAAO,CAAC,GAAG,CAAC,iIAAiI,CAAC,CAAC;IAC/I,OAAO,CAAC,GAAG,CAAC,4HAA4H,CAAC,CAAC;AAC5I,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { ProcReader } from '../proc-scan.js';
|
|
1
2
|
/**
|
|
2
3
|
* One required permission entry from DR-019.
|
|
3
4
|
*/
|
|
@@ -170,8 +171,106 @@ export declare function describeNonJwtOutput(jwt: string): string;
|
|
|
170
171
|
*/
|
|
171
172
|
export declare function fetchInstallationPermissions(appId: string, installId: string, keyPath: string): Promise<Record<string, string>>;
|
|
172
173
|
/**
|
|
173
|
-
*
|
|
174
|
-
*
|
|
174
|
+
* One finding from the DR-028 role-settings check.
|
|
175
|
+
*
|
|
176
|
+
* `severity`:
|
|
177
|
+
* - `ERROR` — a model-`required` item is absent. Today this is exactly the
|
|
178
|
+
* auditor's `check-auditor-never-acts.sh` hook (DR-026 F1): its absence is
|
|
179
|
+
* a missing structural safety invariant, not cosmetic drift, so it
|
|
180
|
+
* influences the doctor exit code (see `runDoctor`).
|
|
181
|
+
* - `WARN` — a recommended floor item (allow/deny/hook) is absent. Drift the
|
|
182
|
+
* operator can `--fix` or `macf update`; does NOT affect the exit code,
|
|
183
|
+
* matching the macf#296 permissions-allow check's warn-only discipline.
|
|
184
|
+
*/
|
|
185
|
+
export interface RoleSettingFinding {
|
|
186
|
+
readonly category: 'allow' | 'deny' | 'hook';
|
|
187
|
+
/** The expected entry — an allow/deny pattern or a hook command string. */
|
|
188
|
+
readonly item: string;
|
|
189
|
+
readonly severity: 'ERROR' | 'WARN';
|
|
190
|
+
readonly message: string;
|
|
191
|
+
}
|
|
192
|
+
/**
|
|
193
|
+
* Result of the DR-028 role-settings check (`checkRoleSettings`). `findings`
|
|
194
|
+
* lists one entry per absent floor/role item; `status` summarises across them —
|
|
195
|
+
* `ERROR` if any required item is missing, `WARN` if any recommended item is,
|
|
196
|
+
* `PASS` otherwise. `readError` is set when settings JSON was malformed (then
|
|
197
|
+
* `findings` is empty and `status` is `WARN`, mirroring `checkPermissionsAllow`).
|
|
198
|
+
*/
|
|
199
|
+
export interface RoleSettingsCheckResult {
|
|
200
|
+
readonly status: 'PASS' | 'WARN' | 'ERROR';
|
|
201
|
+
readonly role: string;
|
|
202
|
+
readonly findings: readonly RoleSettingFinding[];
|
|
203
|
+
/**
|
|
204
|
+
* False when `role` is not a framework-recognized role (`KNOWN_ROLES`,
|
|
205
|
+
* macf#551) — a custom role validated against the floor only. The report
|
|
206
|
+
* surfaces this (INFO) so a typo on a delta-bearing safety role (e.g.
|
|
207
|
+
* `auditor-agent` vs `auditor`) is visible rather than silently floor-only.
|
|
208
|
+
*/
|
|
209
|
+
readonly roleKnown: boolean;
|
|
210
|
+
readonly readError?: string;
|
|
211
|
+
}
|
|
212
|
+
/**
|
|
213
|
+
* DR-028 increment 2: validate `.claude/settings.json` (merged with
|
|
214
|
+
* settings.local.json) against the role-aware expected-settings model for
|
|
215
|
+
* `role`. Compares the effective allow/deny/hooks to `expectedAllowForRole` +
|
|
216
|
+
* `ROLE_FLOOR_DENY` + `expectedHooksForRole`. A missing model-`required` hook
|
|
217
|
+
* (the auditor's never-acts hook) is an `ERROR`; everything else is `WARN`
|
|
218
|
+
* drift. Robust to malformed settings (try/catch → `readError`), like
|
|
219
|
+
* `checkPermissionsAllow`.
|
|
220
|
+
*/
|
|
221
|
+
export declare function checkRoleSettings(workspaceDir: string, role: string): RoleSettingsCheckResult;
|
|
222
|
+
/**
|
|
223
|
+
* Infer the workspace's role from `macf-agent.json` (`agent_role`). Returns
|
|
224
|
+
* `null` when indeterminable (no config / no role) — the doctor then WARNs and
|
|
225
|
+
* skips role-settings validation rather than guessing a role.
|
|
226
|
+
*/
|
|
227
|
+
export declare function inferRole(workspaceDir: string): string | null;
|
|
228
|
+
/**
|
|
229
|
+
* Result of the OTEL launch-boundary probe (macf#554/#556).
|
|
230
|
+
*
|
|
231
|
+
* - `PASS` — the claude process whose cwd IS this workspace exports
|
|
232
|
+
* `OTEL_EXPORTER_OTLP_ENDPOINT` (telemetry will flow).
|
|
233
|
+
* - `WARN` — that process exists but lacks the endpoint (a REAL stale/missing
|
|
234
|
+
* launch-env: traces silently won't export). Warn-only — does not affect the
|
|
235
|
+
* exit code, matching the macf#296 permissions check's discipline.
|
|
236
|
+
* - `INFO` — no claude process for this workspace is running, or `/proc` is
|
|
237
|
+
* unavailable (non-Linux). Nothing to assert; skip.
|
|
238
|
+
*/
|
|
239
|
+
export interface OtelLaunchCheck {
|
|
240
|
+
readonly status: 'PASS' | 'WARN' | 'INFO';
|
|
241
|
+
readonly detail: string;
|
|
242
|
+
}
|
|
243
|
+
/**
|
|
244
|
+
* Pattern-A launch-boundary probe: find the running `claude` process whose
|
|
245
|
+
* `/proc/<pid>/cwd` EQUALS this workspace dir — the cwd disambiguation is the
|
|
246
|
+
* whole point; a multi-tenant host runs many `claude`s and a `head -1` grab
|
|
247
|
+
* would assert against the wrong one — then assert its environ carries
|
|
248
|
+
* `OTEL_EXPORTER_OTLP_ENDPOINT`. The `ProcReader` is injectable for tests; the
|
|
249
|
+
* default reads real `/proc`. See macf#556 for the misdiagnosis this prevents.
|
|
250
|
+
*/
|
|
251
|
+
export declare function checkOtelLaunchBoundary(workspaceDir: string, reader?: ProcReader): OtelLaunchCheck;
|
|
252
|
+
/** Options for `runDoctor`. */
|
|
253
|
+
export interface RunDoctorOptions {
|
|
254
|
+
/** Write the DR-028 floor (allow/deny/hooks) + sandbox entries after consent. */
|
|
255
|
+
readonly fix?: boolean;
|
|
256
|
+
/** Skip the `--fix` confirmation prompt (non-interactive). */
|
|
257
|
+
readonly yes?: boolean;
|
|
258
|
+
}
|
|
259
|
+
/**
|
|
260
|
+
* Main entry for `macf doctor`. Prints the DR-019 token report, the sandbox-fd
|
|
261
|
+
* + macf#296 permissions checks, and the DR-028 role-settings report; returns
|
|
262
|
+
* the shell exit code.
|
|
263
|
+
*
|
|
264
|
+
* Exit-code discipline:
|
|
265
|
+
* - DR-019 missing/insufficient permission → 1 (unchanged).
|
|
266
|
+
* - Sandbox fd FAIL → 1 (unchanged).
|
|
267
|
+
* - DR-028 role-settings ERROR (auditor never-acts hook absent) → 1. This is
|
|
268
|
+
* a missing structural safety invariant, treated like a missing required
|
|
269
|
+
* permission. Plain WARN drift (allow/deny/hook gaps) does NOT affect the
|
|
270
|
+
* exit code — same warn-only posture as the macf#296 permissions check.
|
|
271
|
+
* - A failed/unreachable DR-019 token check is non-fatal to the rest of the
|
|
272
|
+
* report (so `--fix` of the local settings floor still runs offline) but
|
|
273
|
+
* still contributes 1 to the exit code.
|
|
175
274
|
*/
|
|
176
|
-
export declare function runDoctor(projectDir: string): Promise<number>;
|
|
275
|
+
export declare function runDoctor(projectDir: string, opts?: RunDoctorOptions): Promise<number>;
|
|
177
276
|
//# sourceMappingURL=doctor.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/doctor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/doctor.ts"],"names":[],"mappings":"AAqBA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAmBlD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACjC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,yBAAyB,EAAE,SAAS,kBAAkB,EAQlE,CAAC;AAEF,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,OAAO,EAAE,SAAS,kBAAkB,EAAE,CAAC;IAChD,iFAAiF;IACjF,QAAQ,CAAC,YAAY,EAAE,SAAS;QAC9B,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;QACtC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;KACzB,EAAE,CAAC;CACL;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,aAAa,CAgBvF;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,kBAAkB,EACvB,MAAM,EAAE,MAAM,GAAG,SAAS,GACzB,MAAM,CAWR;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,gFAAgF;IAChF,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,cAAc,CAc5E;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,uBAAuB,EAAE,SAAS,MAAM,EAAsB,CAAC;AAE5E;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAElF;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAK1E;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED;;;;;GAKG;AACH,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC1C,QAAQ,CAAC,QAAQ,EAAE,SAAS,iBAAiB,EAAE,CAAC;IAChD,iEAAiE;IACjE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,qBAAqB,CAAC,YAAY,EAAE,MAAM,GAAG,2BAA2B,CAgEvF;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAMxD;AAED;;;;;;;;GAQG;AACH,wBAAsB,4BAA4B,CAChD,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CA6CjC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAC7C,2EAA2E;IAC3E,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC3C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACjD;;;;;OAKG;IACH,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAkED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,uBAAuB,CA6B7F;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAE7D;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC1C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAQD;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,UAA8B,GACrC,eAAe,CA6BjB;AAwDD,+BAA+B;AAC/B,MAAM,WAAW,gBAAgB;IAC/B,iFAAiF;IACjF,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC;IACvB,8DAA8D;IAC9D,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,CAsI5F"}
|