@iliasalmerekov/aegis 0.5.6

package/README.md

@@ -0,0 +1,18 @@
+# @iliasalmerekov/aegis
+
+NPM distribution wrapper for Aegis.
+
+```bash
+npm i -g @iliasalmerekov/aegis
+```
+
+The package downloads the correct Aegis GitHub Release binary for the current
+Linux/macOS x64/arm64 host during `postinstall`, verifies SHA256, and exposes
+the `aegis` command.
+
+NPM installs the binary only. It does not edit `.bashrc`, `.zshrc`, Codex
+configuration, or Claude configuration. After installation, run
+`aegis install-hooks --all` if you want supported agent hooks, or configure
+`SHELL` and `AEGIS_REAL_SHELL` explicitly for shell-proxy usage.
+
+Native Windows shells are not supported; use Aegis from WSL2 on Windows.

package/bin/aegis.js

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+"use strict";
+
+const { spawnSync } = require("node:child_process");
+const path = require("node:path");
+
+const binary = path.join(__dirname, "..", "vendor", process.platform === "win32" ? "aegis.exe" : "aegis");
+const result = spawnSync(binary, process.argv.slice(2), {
+  stdio: "inherit"
+});
+
+if (result.error) {
+  console.error(`failed to run ${binary}: ${result.error.message}`);
+  process.exit(127);
+}
+
+if (result.signal) {
+  process.kill(process.pid, result.signal);
+}
+
+process.exit(result.status === null ? 1 : result.status);

package/checksums.json

@@ -0,0 +1,10 @@
+{
+  "release": "v0.5.6",
+  "repo": "IliasAlmerekov/aegis",
+  "assets": {
+    "aegis-linux-x86_64": "3af320804df191d3a10637e3da103dc306a5d573a85f1d740726d62c0826f683",
+    "aegis-linux-aarch64": "5e900632230750dff271d5816bd7c81a53158005d88c30ec439e59df871d0e31",
+    "aegis-macos-x86_64": "092d91e7b22800e68df8290707031beac531feb44bd02ddb0356ff082299ff2e",
+    "aegis-macos-aarch64": "8768865f2456c115788967ab29db790106e8a87fea8aa654561f8e942ec172b0"
+  }
+}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@iliasalmerekov/aegis",
+  "version": "0.5.6",
+  "description": "Terminal proxy that intercepts AI agent shell commands and requires human confirmation before destructive operations",
+  "license": "MIT",
+  "homepage": "https://github.com/IliasAlmerekov/aegis",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/IliasAlmerekov/aegis.git"
+  },
+  "bugs": {
+    "url": "https://github.com/IliasAlmerekov/aegis/issues"
+  },
+  "bin": {
+    "aegis": "bin/aegis.js"
+  },
+  "scripts": {
+    "postinstall": "node scripts/install.js",
+    "smoke": "node scripts/smoke.js"
+  },
+  "os": [
+    "darwin",
+    "linux"
+  ],
+  "cpu": [
+    "x64",
+    "arm64"
+  ],
+  "files": [
+    "bin/",
+    "scripts/",
+    "checksums.json",
+    "README.md"
+  ],
+  "keywords": [
+    "aegis",
+    "security",
+    "ai",
+    "shell",
+    "cli",
+    "safety"
+  ]
+}

package/scripts/install.js

@@ -0,0 +1,132 @@
+"use strict";
+
+const crypto = require("node:crypto");
+const fs = require("node:fs");
+const https = require("node:https");
+const path = require("node:path");
+
+const packageRoot = path.join(__dirname, "..");
+const vendorDir = path.join(packageRoot, "vendor");
+const binaryPath = path.join(vendorDir, "aegis");
+const checksumsPath = path.join(packageRoot, "checksums.json");
+
+const platform = process.env.AEGIS_NPM_PLATFORM || process.platform;
+const arch = process.env.AEGIS_NPM_ARCH || process.arch;
+
+const assets = {
+  "linux:x64": "aegis-linux-x86_64",
+  "linux:arm64": "aegis-linux-aarch64",
+  "darwin:x64": "aegis-macos-x86_64",
+  "darwin:arm64": "aegis-macos-aarch64"
+};
+
+function fail(message) {
+  console.error(message);
+  process.exit(1);
+}
+
+function readChecksums() {
+  const raw = fs.readFileSync(checksumsPath, "utf8");
+  return JSON.parse(raw);
+}
+
+function selectedAsset() {
+  const asset = assets[`${platform}:${arch}`];
+  if (!asset) {
+    fail(`Unsupported platform or architecture: ${platform}/${arch}`);
+  }
+  return asset;
+}
+
+function releaseUrl(checksums, asset) {
+  const repo = process.env.AEGIS_NPM_REPO || checksums.repo;
+  const release = process.env.AEGIS_NPM_RELEASE || checksums.release;
+  const baseUrl = process.env.AEGIS_NPM_BASE_URL || `https://github.com/${repo}/releases/download/${release}`;
+  return `${baseUrl}/${asset}`;
+}
+
+const MAX_REDIRECTS = 5;
+
+function download(url, destination, redirects = 0) {
+  return new Promise((resolve, reject) => {
+    if (redirects > MAX_REDIRECTS) {
+      reject(new Error(`too many redirects for ${url}`));
+      return;
+    }
+
+    https.get(url, response => {
+      const status = response.statusCode;
+
+      // GitHub release asset URLs respond with 301/302/303/307/308 and a
+      // Location header pointing at release-assets.githubusercontent.com. Node's
+      // https.get does not follow redirects automatically, so follow them here.
+      if (status === 301 || status === 302 || status === 303 || status === 307 || status === 308) {
+        const location = response.headers.location;
+        response.resume();
+        if (!location) {
+          reject(new Error(`redirect ${status} without Location header from ${url}`));
+          return;
+        }
+        const nextUrl = new URL(location, url).toString();
+        download(nextUrl, destination, redirects + 1).then(resolve, reject);
+        return;
+      }
+
+      if (status !== 200) {
+        response.resume();
+        reject(new Error(`download failed with HTTP ${status}: ${url}`));
+        return;
+      }
+
+      const file = fs.createWriteStream(destination, { mode: 0o755 });
+      response.pipe(file);
+      file.on("finish", () => {
+        file.close(resolve);
+      });
+      file.on("error", error => {
+        fs.rmSync(destination, { force: true });
+        reject(error);
+      });
+    }).on("error", error => {
+      reject(error);
+    });
+  });
+}
+
+function sha256(filePath) {
+  const hash = crypto.createHash("sha256");
+  hash.update(fs.readFileSync(filePath));
+  return hash.digest("hex");
+}
+
+async function main() {
+  const checksums = readChecksums();
+  const asset = selectedAsset();
+  const expected = checksums.assets[asset];
+  if (!expected) {
+    fail(`missing SHA256 for ${asset}`);
+  }
+
+  fs.mkdirSync(vendorDir, { recursive: true });
+
+  if (process.env.AEGIS_NPM_SKIP_DOWNLOAD === "1") {
+    fs.writeFileSync(binaryPath, "#!/bin/sh\nprintf 'aegis test binary\\n'\n", { mode: 0o755 });
+    return;
+  }
+
+  const tmpPath = `${binaryPath}.tmp`;
+  await download(releaseUrl(checksums, asset), tmpPath);
+
+  const actual = sha256(tmpPath);
+  if (actual !== expected.toLowerCase()) {
+    fs.rmSync(tmpPath, { force: true });
+    fail(`SHA256 mismatch for ${asset}: expected ${expected}, got ${actual}`);
+  }
+
+  fs.renameSync(tmpPath, binaryPath);
+  fs.chmodSync(binaryPath, 0o755);
+}
+
+main().catch(error => {
+  fail(error.message);
+});

package/scripts/smoke.js

@@ -0,0 +1,20 @@
+"use strict";
+
+const { spawnSync } = require("node:child_process");
+const path = require("node:path");
+
+const shim = path.join(__dirname, "..", "bin", "aegis.js");
+const result = spawnSync(process.execPath, [shim, "--version"], {
+  encoding: "utf8"
+});
+
+if (result.status !== 0) {
+  process.stderr.write(result.stderr);
+  process.stdout.write(result.stdout);
+  process.exit(result.status === null ? 1 : result.status);
+}
+
+if (!result.stdout.includes("aegis")) {
+  process.stderr.write(`expected aegis version output, got: ${result.stdout}`);
+  process.exit(1);
+}