@hasna/machines 0.0.45 → 0.0.46

package/README.md

@@ -23,6 +23,12 @@ Endpoints on `127.0.0.1` only:
 - `GET /health` → `{"status":"ok","name":"machines"}`
 - `POST /mcp` → MCP Streamable HTTP
 
+HTTP mode rejects browser requests with untrusted `Origin` headers, caps JSON
+bodies at `MACHINES_HTTP_MAX_BODY_BYTES` (default 1 MiB), and requires either
+`MACHINES_API_KEY` or loopback-only `MACHINES_ALLOW_UNAUTHENTICATED=1`. Use
+`MACHINES_HTTP_ALLOWED_ORIGINS=https://ops.example` for an explicit browser
+origin allowlist.
+
 ## Manifest
 
 `machines.json` is the desired fleet declaration.
@@ -373,6 +379,7 @@ machines install-tailscale --machine mac-lab-01 --json
 
 ```bash
 machines notifications add --id ops --type webhook --target https://example.com/hook --event sync_failed
+machines notifications add --id cmd --type command --target /bin/sh --arg -c --arg 'printf "%s\n" "$HASNA_MACHINES_NOTIFICATION_EVENT"'
 machines notifications list
 machines notifications test --channel ops
 machines notifications test --channel ops --apply --yes
@@ -381,7 +388,9 @@ machines notifications dispatch --event manual.test --message "hello fleet"
 
 - `email` channels deliver through local `sendmail` or `mail` when available
 - `webhook` channels deliver JSON via HTTP POST
-- `command` channels execute the configured command with `HASNA_MACHINES_NOTIFICATION_*` env vars
+- `command` channels execute an explicit command executable plus optional `--arg`
+  values with `HASNA_MACHINES_NOTIFICATION_*` env vars; use `/bin/sh -c ...`
+  explicitly if a shell is required
 
 ## Runtime Events
 
@@ -390,19 +399,31 @@ events without sending keys, killing panes, or changing tmux state.
 
 ```bash
 machines runtime tmux-watch %11 --once --json
-machines runtime tmux-watch session:0.1 --interval-ms 5000
+machines runtime tmux-watch session:0.1 --interval-ms 5000 --approval-token "$TOKEN"
+machines runtime tmux-hook-plan --trusted-local-mutation --json
+machines runtime tmux-hook-plan --approval-token "$TOKEN"
 machines webhooks add https://example.com/hook --id tmux-alerts --type machines.tmux.pane_died
 ```
 
 When a pane was present and later disappears, the command records
 `machines.tmux.pane_died`. With `--once`, a missing pane records
 `machines.tmux.pane_missing`; add `--no-deliver` to record without webhook
-delivery.
+delivery. Runtime event delivery requires a scoped mutation approval token; local
+no-deliver recording remains available for diagnostics.
+
+`machines runtime tmux-hook-plan` prints a native tmux `pane-died` hook command
+for operators that prefer tmux hooks over polling. It is read-only and does not
+install hooks. Pass `--approval-token` when you want the generated hook command
+to be scoped to a short-lived approval token, or pass
+`--trusted-local-mutation` to generate a process-local
+`HASNA_MACHINES_ALLOW_MUTATIONS=1` prefix for local event recording.
 
 ## Dashboard
 
 ```bash
 machines serve --json
+machines serve --port 7676
+# Explicitly expose beyond loopback only on a trusted network:
 machines serve --host 0.0.0.0 --port 7676
 ```
 
@@ -416,13 +437,15 @@ The dashboard exposes:
 - `/api/daemon/status` daemon heartbeat rows
 - `/api/manifest` current manifest JSON
 - `/api/notifications` notification channel JSON
+- `/api/webhooks` shared event webhook channel JSON
+- `/api/events` shared event JSON
 - `/api/doctor` doctor report JSON
 - `/api/self-test` smoke-check JSON
 - `/api/apps/status` app inventory JSON
 - `/api/apps/diff` app drift JSON
 - `/api/install-claude/status` CLI inventory JSON
 - `/api/install-claude/diff` CLI drift JSON
-- `/api/notifications/test` POST endpoint for test delivery
+- `/api/events`, `/api/notifications/test`, `/api/webhooks/test` POST mutation routes require scoped dashboard mutation approval tokens
 
 ## Local development
 

package/dist/agent/index.d.ts

@@ -1,3 +1,2 @@
 #!/usr/bin/env bun
 export {};
-//# sourceMappingURL=index.d.ts.map

package/dist/agent/index.js

@@ -6999,6 +6999,7 @@ class SqliteAdapter {
   raw;
   constructor(path) {
     this.raw = new Database(path);
+    this.raw.exec("PRAGMA busy_timeout = 5000");
   }
   close() {
     this.raw.close();
@@ -7064,6 +7065,23 @@ function createTables(db) {
       updated_at TEXT NOT NULL
     )
   `);
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS mutation_approval_nonces (
+      nonce_sha256 TEXT PRIMARY KEY,
+      token_sha256 TEXT NOT NULL,
+      surface TEXT NOT NULL,
+      operation TEXT NOT NULL,
+      caller_id TEXT NOT NULL,
+      run_id TEXT NOT NULL,
+      transport TEXT NOT NULL,
+      expires_at INTEGER NOT NULL,
+      used_at INTEGER NOT NULL
+    )
+  `);
+  db.exec(`
+    CREATE INDEX IF NOT EXISTS mutation_approval_nonces_expires_at_idx
+    ON mutation_approval_nonces (expires_at)
+  `);
 }
 function migrateAgentHeartbeats(db) {
   const columns = db.query("PRAGMA table_info(agent_heartbeats)").all();
@@ -11387,7 +11405,9 @@ function readManifestWithSource(options = {}) {
 
 // src/remote.ts
 import { spawnSync as spawnSync2 } from "child_process";
-import { hostname as hostname3 } from "os";
+import { existsSync as existsSync5, mkdtempSync, readFileSync as readFileSync3, rmSync } from "fs";
+import { hostname as hostname3, tmpdir } from "os";
+import { join as join3 } from "path";
 
 // src/topology.ts
 import { existsSync as existsSync4 } from "fs";
@@ -11845,6 +11865,16 @@ function resolveMachineRoute(machineId, options = {}) {
 function shellQuote(value) {
   return `'${value.replace(/'/g, "'\\''")}'`;
 }
+function validateSshTarget(target) {
+  const trimmed = target.trim();
+  if (!trimmed || trimmed.startsWith("-") || /[\s"'`$\\;&|<>()[\]{}]/.test(trimmed)) {
+    throw new Error(`Unsafe SSH target: ${target}`);
+  }
+  if (!/^(?:[A-Za-z0-9._%+-]+@)?[A-Za-z0-9._:-]+$/.test(trimmed)) {
+    throw new Error(`Unsafe SSH target: ${target}`);
+  }
+  return trimmed;
+}
 function resolveSshTarget(machineId, options = {}) {
   const resolved = resolveMachineRoute(machineId, options);
   if (!resolved.ok || !resolved.target) {
@@ -11855,15 +11885,22 @@ function resolveSshTarget(machineId, options = {}) {
   }
   return {
     machineId: resolved.machine_id ?? machineId,
-    target: resolved.command_target ?? resolved.target,
+    target: validateSshTarget(resolved.command_target ?? resolved.target),
     route: resolved.route,
     confidence: resolved.confidence,
     warnings: resolved.warnings
   };
 }
-function buildSshCommand(machineId, remoteCommand, options = {}) {
+function buildSshCommandPlan(machineId, remoteCommand, options = {}) {
   const resolved = resolveSshTarget(machineId, options);
-  return remoteCommand ? `ssh ${resolved.target} ${shellQuote(remoteCommand)}` : `ssh ${resolved.target}`;
+  const args = remoteCommand ? [resolved.target, remoteCommand] : [resolved.target];
+  const shellCommand = `ssh ${args.map(shellQuote).join(" ")}`;
+  return {
+    ...resolved,
+    command: "ssh",
+    args,
+    shellCommand
+  };
 }
 
 // src/remote.ts
@@ -11875,35 +11912,233 @@ function machineIsLocal(machineId, localMachineId) {
 }
 function resolveMachineCommand(machineId, command, localMachineId = getLocalMachineId()) {
   if (machineIsLocal(machineId, localMachineId)) {
-    return { source: "local", shellCommand: command };
+    return { source: "local", command: "bash", args: ["-c", command], shellCommand: command, usesShell: true };
   }
   try {
+    const plan = buildSshCommandPlan(machineId, command);
     return {
-      source: resolveSshTarget(machineId).route,
-      shellCommand: buildSshCommand(machineId, command)
+      source: plan.route,
+      command: plan.command,
+      args: plan.args,
+      shellCommand: plan.shellCommand,
+      usesShell: false
     };
   } catch (error) {
     const message = String(error.message ?? error);
     if (message.includes("Machine route not found") || message.includes("Machine not found in manifest")) {
-      return { source: "ssh", shellCommand: `ssh ${shellQuote2(machineId)} ${shellQuote2(command)}` };
+      const target = validateSshTarget(machineId);
+      return {
+        source: "ssh",
+        command: "ssh",
+        args: [target, command],
+        shellCommand: `ssh ${shellQuote2(target)} ${shellQuote2(command)}`,
+        usesShell: false
+      };
     }
     throw error;
   }
 }
-function runMachineCommand(machineId, command) {
+function runMachineCommand(machineId, command, options = {}) {
   const resolved = resolveMachineCommand(machineId, command);
-  const result = spawnSync2("bash", ["-c", resolved.shellCommand], {
+  if (options.timeoutMs && options.timeoutMs > 0 && process.platform !== "win32") {
+    return runMachineCommandWithProcessGroupTimeout(machineId, resolved, options);
+  }
+  const result = spawnSync2(resolved.command, resolved.args, {
     encoding: "utf8",
-    env: process.env
+    env: process.env,
+    timeout: options.timeoutMs,
+    killSignal: "SIGTERM"
   });
+  const timedOut = Boolean(result.error && "code" in result.error && result.error.code === "ETIMEDOUT");
+  const timeoutMessage = timedOut ? `Command timed out after ${options.timeoutMs}ms.` : "";
+  const stderr = [result.stderr || "", timeoutMessage].filter(Boolean).join(result.stderr ? `
+` : "");
   return {
     machineId,
     source: resolved.source,
     stdout: result.stdout || "",
-    stderr: result.stderr || "",
-    exitCode: result.status ?? 1
-  };
+    stderr,
+    exitCode: timedOut ? 124 : result.status ?? 1,
+    timedOut,
+    signal: result.signal
+  };
+}
+function runMachineCommandWithProcessGroupTimeout(machineId, resolved, options) {
+  const timeoutMs = Math.max(1, options.timeoutMs ?? 1);
+  const killGraceMs = Math.max(1, options.killGraceMs ?? 1000);
+  const helperDir = mkdtempSync(join3(tmpdir(), "machines-timeout-helper-"));
+  const pgidFile = join3(helperDir, "pgid");
+  const helper = spawnSync2(process.execPath, ["--eval", PROCESS_GROUP_TIMEOUT_HELPER], {
+    input: JSON.stringify({ command: resolved.command, args: resolved.args }),
+    encoding: "utf8",
+    env: {
+      ...process.env,
+      HASNA_MACHINES_COMMAND_TIMEOUT_MS: String(timeoutMs),
+      HASNA_MACHINES_COMMAND_KILL_GRACE_MS: String(killGraceMs),
+      HASNA_MACHINES_COMMAND_PGID_FILE: pgidFile
+    },
+    timeout: timeoutMs + killGraceMs + 2000,
+    killSignal: "SIGKILL",
+    maxBuffer: 64 * 1024 * 1024
+  });
+  try {
+    const parsed = parseHelperResult(helper.stdout);
+    if (parsed) {
+      return {
+        machineId,
+        source: resolved.source,
+        stdout: parsed.stdout,
+        stderr: parsed.stderr,
+        exitCode: parsed.exitCode,
+        timedOut: parsed.timedOut,
+        signal: parsed.signal
+      };
+    }
+    const helperTimedOut = Boolean(helper.error && "code" in helper.error && helper.error.code === "ETIMEDOUT");
+    if (helperTimedOut)
+      killPublishedProcessGroup(pgidFile);
+    const timeoutMessage = helperTimedOut ? `Command timed out after ${timeoutMs}ms; timeout helper exceeded cleanup grace ${killGraceMs}ms.` : "";
+    const stderr = [helper.stderr || "", timeoutMessage].filter(Boolean).join(helper.stderr ? `
+` : "");
+    return {
+      machineId,
+      source: resolved.source,
+      stdout: "",
+      stderr,
+      exitCode: helperTimedOut ? 124 : helper.status ?? 1,
+      timedOut: helperTimedOut,
+      signal: helper.signal
+    };
+  } finally {
+    rmSync(helperDir, { recursive: true, force: true });
+  }
+}
+function killPublishedProcessGroup(pgidFile) {
+  if (!existsSync5(pgidFile))
+    return;
+  try {
+    const pid = Number.parseInt(readFileSync3(pgidFile, "utf8").trim(), 10);
+    if (!Number.isInteger(pid) || pid <= 1)
+      return;
+    process.kill(-pid, "SIGKILL");
+  } catch {}
 }
+function parseHelperResult(stdout) {
+  if (!stdout)
+    return null;
+  try {
+    const parsed = JSON.parse(stdout);
+    if (typeof parsed.stdout !== "string" || typeof parsed.stderr !== "string" || typeof parsed.exitCode !== "number")
+      return null;
+    return {
+      machineId: "",
+      source: "local",
+      stdout: parsed.stdout,
+      stderr: parsed.stderr,
+      exitCode: parsed.exitCode,
+      timedOut: parsed.timedOut === true,
+      signal: typeof parsed.signal === "string" ? parsed.signal : null
+    };
+  } catch {
+    return null;
+  }
+}
+var PROCESS_GROUP_TIMEOUT_HELPER = `
+	const { spawn } = require("node:child_process");
+	const { readFileSync, writeFileSync } = require("node:fs");
+
+	const plan = JSON.parse(readFileSync(0, "utf8"));
+	const command = String(plan.command || "");
+	const args = Array.isArray(plan.args) ? plan.args.map(String) : [];
+	const timeoutMs = Math.max(1, Number.parseInt(process.env.HASNA_MACHINES_COMMAND_TIMEOUT_MS || "1", 10));
+	const killGraceMs = Math.max(1, Number.parseInt(process.env.HASNA_MACHINES_COMMAND_KILL_GRACE_MS || "1000", 10));
+	const pgidFile = process.env.HASNA_MACHINES_COMMAND_PGID_FILE || "";
+	let stdout = "";
+	let stderr = "";
+	let timedOut = false;
+	let finished = false;
+let timeoutTimer;
+let killTimer;
+let sigkillSent = false;
+let pendingExit = null;
+
+const child = spawn(command, args, {
+  detached: true,
+  stdio: ["ignore", "pipe", "pipe"],
+	  env: process.env,
+	});
+
+	if (pgidFile && child.pid) {
+	  try {
+	    writeFileSync(pgidFile, String(child.pid), { mode: 0o600 });
+	  } catch {}
+	}
+
+function appendText(target, chunk) {
+  return target + String(chunk);
+}
+
+	function killTarget(signal) {
+	  if (!child.pid) return;
+	  if (process.platform === "win32") {
+	    try {
+	      process.kill(child.pid, signal);
+	    } catch {}
+	    return;
+	  }
+	  try {
+	    process.kill(-child.pid, signal);
+	  } catch {}
+	}
+
+	function finish(code, signal) {
+	  if (finished) return;
+  if (timedOut && !sigkillSent) {
+    pendingExit = { code, signal };
+    return;
+  }
+  finished = true;
+  if (timeoutTimer) clearTimeout(timeoutTimer);
+  if (killTimer) clearTimeout(killTimer);
+	  if (timedOut) {
+	    stderr = [stderr, "Command timed out after " + timeoutMs + "ms."].filter(Boolean).join(stderr ? "\\n" : "");
+	  }
+	  const exitCode = timedOut ? 124 : code ?? 1;
+	  process.stdout.write(JSON.stringify({
+	    stdout,
+	    stderr,
+	    exitCode,
+	    timedOut,
+	    signal: signal ?? null,
+	  }), () => process.exit(exitCode));
+	}
+
+	child.stdout.setEncoding("utf8");
+	child.stderr.setEncoding("utf8");
+	child.stdout.on("data", (chunk) => { stdout = appendText(stdout, chunk); });
+	child.stderr.on("data", (chunk) => { stderr = appendText(stderr, chunk); });
+	let childExit = { code: null, signal: null };
+	child.on("error", (error) => {
+	    stderr = [stderr, error instanceof Error ? error.message : String(error)].filter(Boolean).join(stderr ? "\\n" : "");
+	    finish(1, null);
+	});
+	child.on("exit", (code, signal) => {
+	  childExit = { code, signal };
+	});
+	child.on("close", (code, signal) => {
+	  finish(code ?? childExit.code, signal ?? childExit.signal);
+	});
+
+timeoutTimer = setTimeout(() => {
+  timedOut = true;
+  killTarget("SIGTERM");
+  killTimer = setTimeout(() => {
+    sigkillSent = true;
+    killTarget("SIGKILL");
+    if (pendingExit) finish(pendingExit.code, pendingExit.signal);
+  }, killGraceMs);
+}, timeoutMs);
+`;
 
 // src/commands/doctor.ts
 var DOCTOR_OPTIONAL_ADAPTER_DOMAINS = ["secrets", "configs", "monitor", "repos", "mcps", "shield"];

package/dist/agent/runtime.d.ts

@@ -37,4 +37,3 @@ export declare function writeHeartbeat(status?: "online" | "offline", options?:
 export declare function writeHeartbeatTick(status?: "online" | "offline", options?: AgentTickOptions): Promise<AgentRuntimeStatus>;
 export declare function markOffline(options?: AgentRuntimeOptions): AgentRuntimeStatus;
 export declare function getAgentStatus(machineId?: string, options?: AgentStatusOptions): AgentRuntimeStatus[];
-//# sourceMappingURL=runtime.d.ts.map

package/dist/cli/index.d.ts

@@ -1,3 +1,2 @@
 #!/usr/bin/env bun
 export {};
-//# sourceMappingURL=index.d.ts.map