npm - @ijfw/install - Versions diffs - 1.4.0 → 1.4.1 - Mend

@ijfw/install 1.4.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -49,6 +49,36 @@ iwr https://gitlab.com/therealseandonahoe/ijfw/-/raw/main/installer/src/install.
 .\install.ps1 -Dir $env:USERPROFILE\.ijfw
 ```
+## Extension CLI
+IJFW ships a full extension system for installing and sandboxing third-party skills.
+```bash
+# Publisher key management
+ijfw extension keygen <author>              # Generate an Ed25519 publisher keypair
+ijfw extension trust <keyId> <publicKey>   # Add a publisher to your trusted store
+ijfw extension trust-registry [<url>]      # Pull + apply the hosted publisher registry
+ijfw extension untrust <keyId>             # Remove a publisher from your trusted store
+ijfw extension trusted                     # List all trusted publishers
+# Extension lifecycle
+ijfw extension add <source> [flags]        # Install an extension (npm name, local path, or https git URL)
+  --allow-unsigned                         #   Accept extensions with no signature
+  --accept-untrusted                       #   Accept extensions signed by an untrusted publisher (prompts on TTY)
+  --activate                               #   Auto-activate after install
+ijfw extension activate <name>             # Activate an installed extension (enforces declared permissions)
+ijfw extension deactivate                  # Deactivate the current extension
+# Admin / registry maintainer (rare)
+ijfw extension rotate-keys <oldKeyId> <newKeyId>   # Produce a signed rotation token
+ijfw extension keygen-meta <author>                # Generate the registry meta-keypair
+ijfw extension sign-registry <path>                # Sign a registry JSON file in place
+ijfw extension verify-registry <path>              # Verify a registry JSON signature
+ijfw extension registry-status                     # Show registry cache age + signature status
+```
+The rotation flow and registry maintainer docs live in `docs/REGISTRY-MAINTAINER.md`.
 ## Build (contributors)
 ```bash

package/dist/install.js CHANGED Viewed

@@ -502,6 +502,31 @@ function clineMerge(serverJs, home, ts) {
   writeAtomic(dst, JSON.stringify(doc, null, 2), { mode: 384 });
   return dst;
 }
+function mergeYamlHook(dst, scriptPath, ts) {
+  mkdirSync2(dirname3(dst), { recursive: true });
+  if (ts) backup(dst, ts);
+  let text = "";
+  try {
+    text = existsSync3(dst) ? readFileSync2(dst, "utf8") : "";
+  } catch {
+    text = "";
+  }
+  const BEGIN = "# IJFW-HOOK-BEGIN pre_tool_use";
+  const END = "# IJFW-HOOK-END pre_tool_use";
+  text = stripSentinelBlock(text, BEGIN, END);
+  if (text && !text.endsWith("\n")) text += "\n";
+  const escaped = String(scriptPath).replace(/"/g, '\\"');
+  let block = `${BEGIN}
+`;
+  block += "hooks:\n";
+  block += "  pre_tool_use:\n";
+  block += `    - script: "${escaped}"
+`;
+  block += "      interpreter: python3\n";
+  block += `${END}
+`;
+  writeAtomic(dst, text + block, { mode: 384 });
+}
 var IS_WIN, EXTENSION_PLATFORM_SKILL_DIRS;
 var init_install_helpers = __esm({
   "src/install-helpers.js"() {
@@ -772,6 +797,12 @@ async function installCodex(ctx) {
   for (const f of listFiles(hookScriptsDir, ".sh")) {
     installHook(f.path, join4(hooksBase, f.name), ctx.ts);
   }
+  const codexScriptsSrc = join4(ctx.repoRoot, "codex", ".codex", "scripts");
+  const codexScriptsDst = join4(hooksBase, "scripts");
+  ensureDir(codexScriptsDst);
+  for (const f of listFiles(codexScriptsSrc, ".sh")) {
+    installHook(f.path, join4(codexScriptsDst, f.name), ctx.ts);
+  }
   const codexCtx = join4(ctx.home, ".codex", "IJFW.md");
   copyIfAbsent(join4(ctx.repoRoot, "codex", ".codex", "IJFW.md"), codexCtx);
   const userSkills = join4(ctx.home, ".codex", "skills");
@@ -852,6 +883,12 @@ async function installGemini(ctx) {
   for (const f of listFiles(hookScriptsDir, ".sh")) {
     installHook(f.path, join4(extDst, "hooks", f.name), ctx.ts);
   }
+  const geminiHookScriptsSrc = join4(extSrc, "hooks", "scripts");
+  const geminiHookScriptsDst = join4(extDst, "hooks", "scripts");
+  ensureDir(geminiHookScriptsDst);
+  for (const f of listFiles(geminiHookScriptsSrc, ".sh")) {
+    installHook(f.path, join4(geminiHookScriptsDst, f.name), ctx.ts);
+  }
   const skillsSrc = join4(extSrc, "skills");
   for (const sd of listSubdirs(skillsSrc)) {
     copyDirIfAbsent(sd.path, join4(extDst, "skills", sd.name));
@@ -914,7 +951,8 @@ async function installWayland(ctx) {
       }
     }
   }
-  ctx.log.ok("Installed Wayland bundle: MCP + WAYLAND.md + skills + plugin");
+  mergeYamlHook(dst, "plugins/ijfw/hooks/pre_tool_use_extension_check.py", ctx.ts);
+  ctx.log.ok("Installed Wayland bundle: MCP + WAYLAND.md + skills + plugin + tier-2 hook");
   return { status: "ok" };
 }
 async function installHermes(ctx) {
@@ -965,7 +1003,8 @@ async function installHermes(ctx) {
     }
   }
   mergeYamlPluginsEnabled(dst, "ijfw");
-  ctx.log.ok("Installed Hermes bundle: MCP + HERMES.md + skills + plugin");
+  mergeYamlHook(dst, "plugins/ijfw/hooks/pre_tool_use_extension_check.py", ctx.ts);
+  ctx.log.ok("Installed Hermes bundle: MCP + HERMES.md + skills + plugin + tier-2 hook");
   return { status: "ok" };
 }
 async function installCursor(ctx) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ijfw/install",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "description": "One-command installer for IJFW -- the AI efficiency layer. One install, every AI coding agent, zero config.",
   "type": "module",
   "bin": {