npm - @kody-ade/kody-engine - Versions diffs - 0.4.149 → 0.4.150 - Mend

@kody-ade/kody-engine 0.4.149 → 0.4.150

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/bin/kody.js +97 -14
package/package.json +1 -1

package/dist/bin/kody.js CHANGED Viewed

@@ -1061,7 +1061,7 @@ var init_loadPriorArt = __esm({
 // package.json
 var package_default = {
   name: "@kody-ade/kody-engine",
-  version: "0.4.149",
+  version: "0.4.150",
   description: "kody \u2014 autonomous development engine. Single-session Claude Code agent behind a generic executor + declarative executable profiles.",
   license: "MIT",
   type: "module",
@@ -2703,6 +2703,76 @@ import { execFileSync as execFileSync29 } from "child_process";
 import * as fs41 from "fs";
 import * as path37 from "path";
+// src/app-auth.ts
+import { createSign } from "crypto";
+var GH_API = process.env.GITHUB_API_URL || "https://api.github.com";
+function b64url(input) {
+  return Buffer.from(input).toString("base64url");
+}
+function normalizePem(key) {
+  const trimmed = key.trim();
+  if (trimmed.includes("BEGIN")) return trimmed;
+  try {
+    const decoded = Buffer.from(trimmed, "base64").toString("utf8");
+    if (decoded.includes("BEGIN")) return decoded;
+  } catch {
+  }
+  return trimmed;
+}
+function buildAppJwt(appId, privateKeyPem) {
+  const now = Math.floor(Date.now() / 1e3);
+  const header = { alg: "RS256", typ: "JWT" };
+  const payload = { iat: now - 60, exp: now + 9 * 60, iss: appId };
+  const signingInput = `${b64url(JSON.stringify(header))}.${b64url(JSON.stringify(payload))}`;
+  const signer = createSign("RSA-SHA256");
+  signer.update(signingInput);
+  signer.end();
+  const signature = signer.sign(normalizePem(privateKeyPem)).toString("base64url");
+  return `${signingInput}.${signature}`;
+}
+async function ghApp(jwt, apiPath, method = "GET") {
+  const res = await fetch(`${GH_API}${apiPath}`, {
+    method,
+    headers: {
+      Authorization: `Bearer ${jwt}`,
+      Accept: "application/vnd.github+json",
+      "X-GitHub-Api-Version": "2022-11-28",
+      "User-Agent": "kody-engine"
+    }
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new Error(
+      `GitHub App API ${method} ${apiPath} \u2192 ${res.status} ${res.statusText}${body ? `: ${body.slice(0, 200)}` : ""}`
+    );
+  }
+  return await res.json();
+}
+function readAppCreds(env = process.env) {
+  const appId = env.KODY_APP_ID?.trim();
+  const privateKey = env.KODY_APP_PRIVATE_KEY;
+  if (!appId || !privateKey) return null;
+  return {
+    appId,
+    privateKey,
+    installationId: env.KODY_APP_INSTALLATION_ID?.trim() || void 0,
+    repo: env.GITHUB_REPOSITORY?.trim() || void 0
+  };
+}
+async function mintAppInstallationToken(creds) {
+  const jwt = buildAppJwt(creds.appId, creds.privateKey);
+  let installationId = creds.installationId;
+  if (!installationId) {
+    if (!creds.repo) {
+      throw new Error("cannot resolve App installation: no KODY_APP_INSTALLATION_ID and no GITHUB_REPOSITORY");
+    }
+    const inst = await ghApp(jwt, `/repos/${creds.repo}/installation`);
+    installationId = String(inst.id);
+  }
+  const tok = await ghApp(jwt, `/app/installations/${installationId}/access_tokens`, "POST");
+  return tok.token;
+}
 // src/dispatch.ts
 import * as fs12 from "fs";
@@ -3029,9 +3099,6 @@ function coerceBare(spec, value) {
   return value;
 }
-// src/kody-cli.ts
-init_issue();
 // src/executor.ts
 import { execFileSync as execFileSync28, spawn as spawn9 } from "child_process";
 import * as fs40 from "fs";
@@ -13821,7 +13888,7 @@ function unpackAllSecrets(env = process.env) {
   }
   return count;
 }
-function resolveAuthToken(env = process.env) {
+async function resolveAuthToken(env = process.env) {
   const sources = [
     ["KODY_TOKEN", env.KODY_TOKEN],
     ["GH_TOKEN", env.GH_TOKEN],
@@ -13834,10 +13901,24 @@ function resolveAuthToken(env = process.env) {
   if (token) {
     process.stdout.write(`\u2192 kody: GH_TOKEN sourced from env.${picked[0]}
 `);
-  } else {
-    process.stdout.write("\u2192 kody: WARNING no auth token found (KODY_TOKEN/GH_TOKEN/GITHUB_TOKEN/GH_PAT all empty)\n");
+    return token;
+  }
+  const creds = readAppCreds(env);
+  if (creds) {
+    try {
+      const minted = await mintAppInstallationToken(creds);
+      env.GH_TOKEN = minted;
+      process.stdout.write("\u2192 kody: GH_TOKEN minted from GitHub App (KODY_APP_ID/KODY_APP_PRIVATE_KEY)\n");
+      return minted;
+    } catch (err) {
+      process.stdout.write(`\u2192 kody: WARNING GitHub App token mint failed: ${err.message}
+`);
+    }
   }
-  return token;
+  process.stdout.write(
+    "\u2192 kody: WARNING no auth token found (KODY_TOKEN/GH_TOKEN/GITHUB_TOKEN/GH_PAT/GitHub App all empty)\n"
+  );
+  return void 0;
 }
 function detectPackageManager2(cwd) {
   if (fs41.existsSync(path37.join(cwd, "pnpm-lock.yaml"))) return "pnpm";
@@ -13986,7 +14067,7 @@ async function runCi(argv) {
     if (outcome.kind === "unrecognized") {
       try {
         unpackAllSecrets();
-        resolveAuthToken();
+        await resolveAuthToken();
       } catch {
       }
       const tokenLabel = outcome.token ? `\`${outcome.token}\`` : "an empty subcommand";
@@ -14003,8 +14084,10 @@ async function runCi(argv) {
         if (outcome.isPr) postPrReviewComment(outcome.target, body, cwd);
         else postIssueComment(outcome.target, body, cwd);
       } catch (err) {
-        process.stderr.write(`[kody] dispatch: failed to post unrecognized-token feedback: ${err instanceof Error ? err.message : String(err)}
-`);
+        process.stderr.write(
+          `[kody] dispatch: failed to post unrecognized-token feedback: ${err instanceof Error ? err.message : String(err)}
+`
+        );
       }
       process.stdout.write(
         `\u2192 kody: unrecognized subcommand "${outcome.token}" on #${outcome.target} \u2014 feedback comment attempt finished, exiting cleanly
@@ -14039,7 +14122,7 @@ ${CI_HELP}`);
     const n = unpackAllSecrets();
     if (n > 0) process.stdout.write(`\u2192 kody: unpacked ${n} secret(s) from ALL_SECRETS
 `);
-    resolveAuthToken();
+    await resolveAuthToken();
     reactToTriggerComment(cwd);
     const pm = args.packageManager ?? detectPackageManager2(cwd);
     process.stdout.write(`\u2192 kody: package manager = ${pm}
@@ -14112,7 +14195,7 @@ async function runScheduledFanOut(cwd, args, opts) {
     const n = unpackAllSecrets();
     if (n > 0) process.stdout.write(`\u2192 kody: unpacked ${n} secret(s) from ALL_SECRETS
 `);
-    resolveAuthToken();
+    await resolveAuthToken();
     const pm = args.packageManager ?? detectPackageManager2(cwd);
     process.stdout.write(`\u2192 kody: package manager = ${pm}
 `);
@@ -14285,7 +14368,7 @@ ${CHAT_HELP}`);
     process.stdout.write(`\u2192 kody: unpacked ${unpackedSecrets} secret(s) from ALL_SECRETS
 `);
   }
-  resolveAuthToken();
+  await resolveAuthToken();
   configureGitIdentity(cwd);
   const config = tryLoadConfig(cwd);
   const modelSpec = args.model ?? config?.agent.model ?? DEFAULT_MODEL;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kody-ade/kody-engine",
-  "version": "0.4.149",
+  "version": "0.4.150",
   "description": "kody — autonomous development engine. Single-session Claude Code agent behind a generic executor + declarative executable profiles.",
   "license": "MIT",
   "type": "module",