@letterblack/lbe-core 1.3.3 → 1.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +104 -443
  2. package/RELEASE_WORKSPACE_RULES.md +110 -0
  3. package/dist/cli/lbe.js +165 -7
  4. package/dist/cli/lbe_engine.wasm +0 -0
  5. package/package.json +31 -30
  6. package/src/cli/commands/assertConsumer.js +198 -0
  7. package/src/cli/main.js +181 -176
  8. package/src/cli/parseArgs.js +1 -0
package/src/cli/main.js CHANGED
@@ -1,176 +1,181 @@
1
- // src/cli/main.js
2
- // LetterBlack Sentinel CLI entrypoint
3
-
4
- import fs from 'fs';
5
- import path from 'path';
6
- import { fileURLToPath } from 'url';
7
- import { parseArgs, printHelp } from './parseArgs.js';
8
- import { initCommand } from './commands/init.js';
9
- import { verifyCommand } from './commands/verify.js';
10
- import { dryrunCommand } from './commands/dryrun.js';
11
- import { runCommand } from './commands/run.js';
12
- import { auditVerifyCommand } from './commands/auditVerify.js';
13
- import { integrityCheckCommand, integrityGenerateCommand } from './commands/integrityCheck.js';
14
- import { performIntegrityCheck } from '../core/integrity.js';
15
- import { policySignCommand } from './commands/policySign.js';
16
- import { healthCommand } from './commands/health.js';
17
- import { policyAddCommand } from './commands/policyAdd.js';
18
- import { policyModeCommand } from './commands/policyMode.js';
19
- import { statusCommand } from './commands/status.js';
20
- import { logsCommand } from './commands/logs.js';
21
- import { openStateCommand } from './commands/openState.js';
22
- import { proofCommand } from './commands/proof.js';
23
-
24
- function toBoolean(value, defaultValue = false) {
25
- if (value === undefined) return defaultValue;
26
- if (value === true || value === false) return value;
27
- const normalized = String(value).trim().toLowerCase();
28
- if (normalized === 'true' || normalized === '1' || normalized === 'yes') return true;
29
- if (normalized === 'false' || normalized === '0' || normalized === 'no') return false;
30
- return defaultValue;
31
- }
32
-
33
- const __dirname = path.dirname(fileURLToPath(import.meta.url));
34
- const packageJsonPath = path.join(__dirname, '../../package.json');
35
- const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
36
-
37
- export async function main() {
38
- const argv = process.argv.slice(2);
39
- if (argv.includes('--version')) {
40
- console.log(`LetterBlack Sentinel v${packageJson.version}`);
41
- process.exit(0);
42
- }
43
- if (argv.length === 0 || argv.includes('--help') || argv.includes('-h')) {
44
- printHelp(packageJson.version);
45
- process.exit(0);
46
- }
47
-
48
- const { command, opts } = parseArgs(argv);
49
-
50
- // Handle version flag
51
- if (opts.version) {
52
- console.log(`LetterBlack Sentinel v${packageJson.version}`);
53
- process.exit(0);
54
- }
55
-
56
- // Handle help flag or no command
57
- if (opts.help || !command || command === 'help') {
58
- printHelp(packageJson.version);
59
- process.exit(0);
60
- }
61
-
62
- try {
63
- // Parse --pub-key-file if provided
64
- if (opts['pub-key-file']) {
65
- try {
66
- opts['pub-key'] = fs.readFileSync(path.resolve(opts['pub-key-file']), 'utf-8').trim();
67
- } catch (error) {
68
- console.error(`Error reading public key file: ${error.message}`);
69
- process.exit(1);
70
- }
71
- }
72
-
73
- // Route to command handler
74
- if (['verify', 'dryrun', 'run'].includes(command)) {
75
- const integrityStrict = toBoolean(opts['integrity-strict'], false);
76
- const integrityManifestPath = path.resolve(opts['integrity-manifest'] || '.lbe/config/integrity.manifest.json');
77
- const integrityResult = await performIntegrityCheck({
78
- strict: integrityStrict,
79
- manifestPath: integrityManifestPath
80
- });
81
- if (!integrityResult.valid) {
82
- console.error(JSON.stringify({
83
- status: 'error',
84
- error: integrityResult.reason || 'INTEGRITY_CHECK_FAILED',
85
- message: integrityResult.message
86
- }, null, 2));
87
- process.exit(8);
88
- }
89
- }
90
-
91
- switch (command) {
92
- case 'init':
93
- await initCommand(opts);
94
- break;
95
-
96
- case 'verify':
97
- await verifyCommand(opts);
98
- break;
99
-
100
- case 'dryrun':
101
- await dryrunCommand(opts);
102
- break;
103
-
104
- case 'run':
105
- await runCommand(opts);
106
- break;
107
-
108
- case 'audit-verify':
109
- await auditVerifyCommand(opts);
110
- break;
111
-
112
- case 'integrity-check':
113
- await integrityCheckCommand(opts);
114
- break;
115
-
116
- case 'integrity-generate':
117
- await integrityGenerateCommand(opts);
118
- break;
119
-
120
- case 'policy-sign':
121
- await policySignCommand(opts);
122
- break;
123
-
124
- case 'health':
125
- await healthCommand(opts);
126
- break;
127
-
128
- case 'policy-add':
129
- await policyAddCommand(opts);
130
- break;
131
-
132
- case 'observe':
133
- case 'enforce':
134
- await policyModeCommand(command, opts);
135
- break;
136
-
137
- case 'status':
138
- await statusCommand(opts);
139
- break;
140
-
141
- case 'logs':
142
- await logsCommand(opts);
143
- break;
144
-
145
- case 'open-state':
146
- await openStateCommand(opts);
147
- break;
148
-
149
- case 'proof':
150
- await proofCommand(opts);
151
- break;
152
-
153
- default:
154
- console.error(`Unknown command: ${command}`);
155
- printHelp(packageJson.version);
156
- process.exit(1);
157
- }
158
- } catch (error) {
159
- console.error(JSON.stringify({
160
- status: 'error',
161
- error: 'INTERNAL_ERROR',
162
- message: error.message,
163
- stack: process.env.DEBUG ? error.stack : undefined
164
- }));
165
- process.exit(9);
166
- }
167
- }
168
-
169
- main().catch((error) => {
170
- console.error(JSON.stringify({
171
- status: 'error',
172
- error: 'FATAL_ERROR',
173
- message: error.message
174
- }));
175
- process.exit(9);
176
- });
1
+ // src/cli/main.js
2
+ // LetterBlack Sentinel CLI entrypoint
3
+
4
+ import fs from 'fs';
5
+ import path from 'path';
6
+ import { fileURLToPath } from 'url';
7
+ import { parseArgs, printHelp } from './parseArgs.js';
8
+ import { initCommand } from './commands/init.js';
9
+ import { verifyCommand } from './commands/verify.js';
10
+ import { dryrunCommand } from './commands/dryrun.js';
11
+ import { runCommand } from './commands/run.js';
12
+ import { auditVerifyCommand } from './commands/auditVerify.js';
13
+ import { integrityCheckCommand, integrityGenerateCommand } from './commands/integrityCheck.js';
14
+ import { performIntegrityCheck } from '../core/integrity.js';
15
+ import { policySignCommand } from './commands/policySign.js';
16
+ import { healthCommand } from './commands/health.js';
17
+ import { policyAddCommand } from './commands/policyAdd.js';
18
+ import { policyModeCommand } from './commands/policyMode.js';
19
+ import { statusCommand } from './commands/status.js';
20
+ import { logsCommand } from './commands/logs.js';
21
+ import { openStateCommand } from './commands/openState.js';
22
+ import { proofCommand } from './commands/proof.js';
23
+ import { assertConsumerCommand } from './commands/assertConsumer.js';
24
+
25
+ function toBoolean(value, defaultValue = false) {
26
+ if (value === undefined) return defaultValue;
27
+ if (value === true || value === false) return value;
28
+ const normalized = String(value).trim().toLowerCase();
29
+ if (normalized === 'true' || normalized === '1' || normalized === 'yes') return true;
30
+ if (normalized === 'false' || normalized === '0' || normalized === 'no') return false;
31
+ return defaultValue;
32
+ }
33
+
34
+ const __dirname = path.dirname(fileURLToPath(import.meta.url));
35
+ const packageJsonPath = path.join(__dirname, '../../package.json');
36
+ const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
37
+
38
+ export async function main() {
39
+ const argv = process.argv.slice(2);
40
+ if (argv.includes('--version')) {
41
+ console.log(`LetterBlack Sentinel v${packageJson.version}`);
42
+ process.exit(0);
43
+ }
44
+ if (argv.length === 0 || argv.includes('--help') || argv.includes('-h')) {
45
+ printHelp(packageJson.version);
46
+ process.exit(0);
47
+ }
48
+
49
+ const { command, opts } = parseArgs(argv);
50
+
51
+ // Handle version flag
52
+ if (opts.version) {
53
+ console.log(`LetterBlack Sentinel v${packageJson.version}`);
54
+ process.exit(0);
55
+ }
56
+
57
+ // Handle help flag or no command
58
+ if (opts.help || !command || command === 'help') {
59
+ printHelp(packageJson.version);
60
+ process.exit(0);
61
+ }
62
+
63
+ try {
64
+ // Parse --pub-key-file if provided
65
+ if (opts['pub-key-file']) {
66
+ try {
67
+ opts['pub-key'] = fs.readFileSync(path.resolve(opts['pub-key-file']), 'utf-8').trim();
68
+ } catch (error) {
69
+ console.error(`Error reading public key file: ${error.message}`);
70
+ process.exit(1);
71
+ }
72
+ }
73
+
74
+ // Route to command handler
75
+ if (['verify', 'dryrun', 'run'].includes(command)) {
76
+ const integrityStrict = toBoolean(opts['integrity-strict'], false);
77
+ const integrityManifestPath = path.resolve(opts['integrity-manifest'] || '.lbe/config/integrity.manifest.json');
78
+ const integrityResult = await performIntegrityCheck({
79
+ strict: integrityStrict,
80
+ manifestPath: integrityManifestPath
81
+ });
82
+ if (!integrityResult.valid) {
83
+ console.error(JSON.stringify({
84
+ status: 'error',
85
+ error: integrityResult.reason || 'INTEGRITY_CHECK_FAILED',
86
+ message: integrityResult.message
87
+ }, null, 2));
88
+ process.exit(8);
89
+ }
90
+ }
91
+
92
+ switch (command) {
93
+ case 'init':
94
+ await initCommand(opts);
95
+ break;
96
+
97
+ case 'verify':
98
+ await verifyCommand(opts);
99
+ break;
100
+
101
+ case 'dryrun':
102
+ await dryrunCommand(opts);
103
+ break;
104
+
105
+ case 'run':
106
+ await runCommand(opts);
107
+ break;
108
+
109
+ case 'audit-verify':
110
+ await auditVerifyCommand(opts);
111
+ break;
112
+
113
+ case 'integrity-check':
114
+ await integrityCheckCommand(opts);
115
+ break;
116
+
117
+ case 'integrity-generate':
118
+ await integrityGenerateCommand(opts);
119
+ break;
120
+
121
+ case 'policy-sign':
122
+ await policySignCommand(opts);
123
+ break;
124
+
125
+ case 'health':
126
+ await healthCommand(opts);
127
+ break;
128
+
129
+ case 'policy-add':
130
+ await policyAddCommand(opts);
131
+ break;
132
+
133
+ case 'observe':
134
+ case 'enforce':
135
+ await policyModeCommand(command, opts);
136
+ break;
137
+
138
+ case 'status':
139
+ await statusCommand(opts);
140
+ break;
141
+
142
+ case 'logs':
143
+ await logsCommand(opts);
144
+ break;
145
+
146
+ case 'open-state':
147
+ await openStateCommand(opts);
148
+ break;
149
+
150
+ case 'proof':
151
+ await proofCommand(opts);
152
+ break;
153
+
154
+ case 'assert-consumer':
155
+ await assertConsumerCommand(opts);
156
+ break;
157
+
158
+ default:
159
+ console.error(`Unknown command: ${command}`);
160
+ printHelp(packageJson.version);
161
+ process.exit(1);
162
+ }
163
+ } catch (error) {
164
+ console.error(JSON.stringify({
165
+ status: 'error',
166
+ error: 'INTERNAL_ERROR',
167
+ message: error.message,
168
+ stack: process.env.DEBUG ? error.stack : undefined
169
+ }));
170
+ process.exit(9);
171
+ }
172
+ }
173
+
174
+ main().catch((error) => {
175
+ console.error(JSON.stringify({
176
+ status: 'error',
177
+ error: 'FATAL_ERROR',
178
+ message: error.message
179
+ }));
180
+ process.exit(9);
181
+ });
package/src/cli/parseArgs.js CHANGED
@@ -68,6 +68,7 @@ COMMANDS:
68
68
  logs Print recent entries from central event log
69
69
  open-state Open the central state directory in the file manager
70
70
  proof Show latest proof result (--json for raw JSON, --public for redacted)
71
+ assert-consumer Verify this project consumes LBE as an installed registry dependency
71
72
  help Show this help message
72
73
 
73
74
  OPTIONS: