npm - @kvell007/embed-labs-cli - Versions diffs - 0.1.0-alpha.13 → 0.1.0-alpha.14 - Mend

@kvell007/embed-labs-cli 0.1.0-alpha.13 → 0.1.0-alpha.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { createHash } from "node:crypto";
+import { createHash, createHmac, randomBytes } from "node:crypto";
 import { constants } from "node:fs";
 import { spawn } from "node:child_process";
 import { access, cp, mkdir, mkdtemp, readFile, readdir, rm, stat, writeFile } from "node:fs/promises";
@@ -1386,6 +1386,7 @@ async function cloudDownloadArtifact(artifactId, outputPath) {
         const token = await cloudAuthToken();
         if (token) {
             headers.authorization = `Bearer ${token}`;
+            addCloudRequestSignature(headers, "GET", `/v1/artifacts/${encodeURIComponent(artifactId)}/download`, "", token);
         }
         const response = await fetch(`${serviceBaseUrl(DEFAULT_CLOUD_API_URL)}/v1/artifacts/${encodeURIComponent(artifactId)}/download`, {
             headers: Object.keys(headers).length > 0 ? headers : undefined
@@ -1421,17 +1422,19 @@ async function cloudDownloadArtifact(artifactId, outputPath) {
 async function cloudRequest(method, path, body) {
     try {
         const headers = {};
-        if (body !== undefined) {
+        const bodyText = body === undefined ? "" : JSON.stringify(body);
+        if (bodyText) {
             headers["content-type"] = "application/json";
         }
         const token = await cloudAuthToken();
         if (token) {
             headers.authorization = `Bearer ${token}`;
+            addCloudRequestSignature(headers, method, path, bodyText, token);
         }
         const response = await fetch(`${serviceBaseUrl(DEFAULT_CLOUD_API_URL)}${path}`, {
             method,
             headers: Object.keys(headers).length > 0 ? headers : undefined,
-            body: body === undefined ? undefined : JSON.stringify(body)
+            body: body === undefined ? undefined : bodyText
         });
         return await response.json();
     }
@@ -1441,6 +1444,39 @@ async function cloudRequest(method, path, body) {
         });
     }
 }
+function addCloudRequestSignature(headers, method, pathWithQuery, bodyText, token) {
+    if (process.env.EMBED_CLOUD_API_SIGNING === "0") {
+        return;
+    }
+    const timestamp = String(Math.floor(Date.now() / 1000));
+    const nonce = randomBytes(16).toString("hex");
+    const bodySha256 = createHash("sha256").update(bodyText).digest("hex");
+    const keyId = createHash("sha256").update(token).digest("hex").slice(0, 16);
+    const canonical = cloudRequestCanonicalString(method, pathWithQuery, timestamp, nonce, bodySha256);
+    headers["x-embed-key-id"] = keyId;
+    headers["x-embed-timestamp"] = timestamp;
+    headers["x-embed-nonce"] = nonce;
+    headers["x-embed-body-sha256"] = bodySha256;
+    headers["x-embed-signature"] = createHmac("sha256", token).update(canonical).digest("hex");
+}
+function cloudRequestCanonicalString(method, pathWithQuery, timestamp, nonce, bodySha256) {
+    return [
+        method.toUpperCase(),
+        normalizeCloudPathForSignature(pathWithQuery),
+        timestamp,
+        nonce,
+        bodySha256
+    ].join("\n");
+}
+function normalizeCloudPathForSignature(pathWithQuery) {
+    try {
+        const parsed = new URL(pathWithQuery, "http://embed.local");
+        return `${parsed.pathname}${parsed.search}`;
+    }
+    catch {
+        return pathWithQuery.startsWith("/") ? pathWithQuery : `/${pathWithQuery}`;
+    }
+}
 async function pluginList(parsed) {
     const releaseDir = stringFlag(parsed, "release-dir");
     const manifest = releaseDir ? await readPluginReleaseManifest(releaseDir) : undefined;
@@ -1850,6 +1886,7 @@ async function cleanupLegacyCodexPluginRemnants(targetRoot) {
     const removedPaths = [];
     const removedConfigTables = [];
     const warnings = [];
+    const stoppedProcesses = await stopLegacyCodexPluginProcesses(warnings);
     const legacyPaths = [
         join(targetRoot, "dbt-agent"),
         join(targetRoot, "development-board-toolchain"),
@@ -1859,7 +1896,7 @@ async function cleanupLegacyCodexPluginRemnants(targetRoot) {
     ];
     legacyPaths.push(...await discoverLegacyCodexCachePaths(targetRoot));
     if (resolve(targetRoot) === resolve(defaultCodexPluginRoot())) {
-        legacyPaths.push(join(defaultCodexHome(), ".tmp", "plugins"), join(defaultCodexHome(), ".tmp", "plugins.sha"));
+        legacyPaths.push(join(defaultCodexHome(), ".tmp", "plugins"), join(defaultCodexHome(), ".tmp", "plugins.sha"), join(defaultCodexHome(), "memories", "skills", "dbt-agent-live-board-ops"), join(defaultCodexHome(), "memories", "skills", "dbt-agent-platform-plugin-maintenance"));
     }
     for (const candidate of legacyPaths) {
         try {
@@ -1888,14 +1925,51 @@ async function cleanupLegacyCodexPluginRemnants(targetRoot) {
             warnings.push(`Could not update ${configPath}: ${error instanceof Error ? error.message : String(error)}`);
         }
     }
-    const removedHistoryEntries = await cleanupLegacyCodexHistoryMentions(warnings);
+    const removedHistoryEntries = await cleanupLegacyCodexTextState(warnings);
     return {
         legacy_removed_paths: Array.from(new Set(removedPaths)),
         legacy_removed_config_tables: removedConfigTables,
         legacy_removed_history_entries: removedHistoryEntries,
+        legacy_stopped_processes: stoppedProcesses,
         ...(warnings.length > 0 ? { warnings } : {})
     };
 }
+async function stopLegacyCodexPluginProcesses(warnings) {
+    if (process.platform === "win32")
+        return 0;
+    try {
+        const ps = await runLocalProcess("ps", ["-axo", "pid=,command="]);
+        if (ps.code !== 0)
+            return 0;
+        let stopped = 0;
+        for (const line of ps.stdout.split("\n")) {
+            const match = /^\s*(\d+)\s+(.+)$/.exec(line);
+            if (!match)
+                continue;
+            const pid = Number(match[1]);
+            const command = match[2] || "";
+            if (!isLegacyCodexPluginProcess(command))
+                continue;
+            try {
+                process.kill(pid, "SIGTERM");
+                stopped += 1;
+            }
+            catch (error) {
+                warnings.push(`Could not stop legacy Codex plugin process ${pid}: ${error instanceof Error ? error.message : String(error)}`);
+            }
+        }
+        return stopped;
+    }
+    catch (error) {
+        warnings.push(`Could not scan legacy Codex plugin processes: ${error instanceof Error ? error.message : String(error)}`);
+        return 0;
+    }
+}
+function isLegacyCodexPluginProcess(command) {
+    const trimmed = command.trim();
+    return /^\/.*\/dbt-agent-mcp-bridge(?:\s|$)/.test(trimmed)
+        || /^dbt-agent-mcp-bridge(?:\s|$)/.test(trimmed);
+}
 async function discoverLegacyCodexCachePaths(targetRoot) {
     const paths = [];
     const cacheRoot = join(targetRoot, "cache");
@@ -1913,12 +1987,18 @@ async function discoverLegacyCodexCachePaths(targetRoot) {
     }
     return paths;
 }
-async function cleanupLegacyCodexHistoryMentions(warnings) {
-    const historyPath = join(defaultCodexHome(), "history.jsonl");
+async function cleanupLegacyCodexTextState(warnings) {
+    let removed = 0;
+    removed += await cleanupLegacyCodexTextFile(join(defaultCodexHome(), "history.jsonl"), warnings);
+    removed += await cleanupLegacyCodexTextFile(join(defaultCodexHome(), "session_index.jsonl"), warnings);
+    removed += await cleanupLegacyCodexTextFile(join(defaultCodexHome(), "rules", "default.rules"), warnings);
+    return removed;
+}
+async function cleanupLegacyCodexTextFile(filePath, warnings) {
     try {
-        if (!await pathExists(historyPath))
+        if (!await pathExists(filePath))
             return 0;
-        const current = await readFile(historyPath, "utf8");
+        const current = await readFile(filePath, "utf8");
         const lines = current.split("\n");
         let removed = 0;
         const kept = lines.filter((line) => {
@@ -1931,12 +2011,12 @@ async function cleanupLegacyCodexHistoryMentions(warnings) {
             return true;
         });
         if (removed > 0) {
-            await writeFile(historyPath, kept.join("\n"), "utf8");
+            await writeFile(filePath, kept.join("\n"), "utf8");
         }
         return removed;
     }
     catch (error) {
-        warnings.push(`Could not clean Codex legacy history mentions: ${error instanceof Error ? error.message : String(error)}`);
+        warnings.push(`Could not clean Codex legacy text state ${filePath}: ${error instanceof Error ? error.message : String(error)}`);
         return 0;
     }
 }
@@ -1985,7 +2065,10 @@ function legacyCodexCleanupWarning(cleanup) {
         parts.push(`removed ${cleanup.legacy_removed_config_tables.length} legacy Codex config table(s)`);
     }
     if (cleanup.legacy_removed_history_entries) {
-        parts.push(`removed ${cleanup.legacy_removed_history_entries} legacy Codex history mention(s)`);
+        parts.push(`removed ${cleanup.legacy_removed_history_entries} legacy Codex text-state mention(s)`);
+    }
+    if (cleanup.legacy_stopped_processes) {
+        parts.push(`stopped ${cleanup.legacy_stopped_processes} legacy Codex plugin process(es)`);
     }
     if (cleanup.warnings?.length) {
         parts.push(`cleanup warning(s): ${cleanup.warnings.join("; ")}`);