@lifeaitools/clauth 1.4.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli/fingerprint.js +54 -14
  2. package/package.json +1 -1
package/cli/fingerprint.js CHANGED
@@ -5,31 +5,69 @@
5
5
  import { execSync } from "child_process";
6
6
  import { createHmac, createHash } from "crypto";
7
7
  import os from "os";
8
+ import fs from "fs";
9
+ import path from "path";
8
10
 
9
11
  // ============================================================
10
12
  // Machine ID collection
11
13
  // ============================================================
12
14
 
15
+ // Cache path — avoids re-querying WMI/CIM on every daemon start.
16
+ // This eliminates the spawnSync cmd.exe ETIMEDOUT crash that occurs
17
+ // when PowerShell/WMI is slow on first call after boot.
18
+ const CACHE_FILE = path.join(os.tmpdir(), "clauth-machine.cache");
19
+
20
+ function readCache() {
21
+ try {
22
+ const raw = fs.readFileSync(CACHE_FILE, "utf8").trim();
23
+ // Validate: must be two non-empty lines (primary:secondary)
24
+ const [primary, secondary] = raw.split("\n");
25
+ if (primary && secondary) return { primary: primary.trim(), secondary: secondary.trim() };
26
+ } catch { /* cache miss */ }
27
+ return null;
28
+ }
29
+
30
+ function writeCache(primary, secondary) {
31
+ try { fs.writeFileSync(CACHE_FILE, `${primary}\n${secondary}`, "utf8"); } catch { /* best effort */ }
32
+ }
33
+
13
34
  function getMachineId() {
35
+ // Fast path: use cached IDs if available (avoids WMI/PowerShell on every restart)
36
+ const cached = readCache();
37
+ if (cached) return { ...cached, platform: os.platform() };
38
+
14
39
  const platform = os.platform();
15
40
 
16
41
  try {
17
42
  if (platform === "win32") {
18
- // Primary: BIOS UUID via PowerShell (wmic removed in Win11 26xxx+)
19
43
  const psPath = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe";
20
- const uuid = execSync(
21
- `${psPath} -NoProfile -Command "(Get-CimInstance Win32_ComputerSystemProduct).UUID"`,
22
- { encoding: "utf8", timeout: 5000, stdio: ["pipe", "pipe", "pipe"] }
23
- ).trim();
24
-
25
- // Secondary: Windows MachineGuid from registry (via PowerShell for Win11 compat)
26
- const machineGuid = execSync(
27
- `${psPath} -NoProfile -Command "(Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Cryptography').MachineGuid"`,
28
- { encoding: "utf8", timeout: 5000, stdio: ["pipe", "pipe", "pipe"] }
29
- ).trim();
30
-
31
- if (!uuid || !machineGuid) throw new Error("Could not read Windows machine IDs");
32
- return { primary: uuid, secondary: machineGuid, platform: "win32" };
44
+ // Increased timeout to 15s — CimInstance/WMI can be slow after boot or under load.
45
+ // Each call is wrapped independently so a partial failure still yields a result.
46
+ let uuid = "";
47
+ try {
48
+ uuid = execSync(
49
+ `${psPath} -NoProfile -Command "(Get-CimInstance Win32_ComputerSystemProduct).UUID"`,
50
+ { encoding: "utf8", timeout: 15000, stdio: ["pipe", "pipe", "pipe"] }
51
+ ).trim();
52
+ } catch { /* fall through to registry-only path */ }
53
+
54
+ let machineGuid = "";
55
+ try {
56
+ machineGuid = execSync(
57
+ `${psPath} -NoProfile -Command "(Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Cryptography').MachineGuid"`,
58
+ { encoding: "utf8", timeout: 15000, stdio: ["pipe", "pipe", "pipe"] }
59
+ ).trim();
60
+ } catch { /* fall through */ }
61
+
62
+ // Require at least one identifier
63
+ if (!uuid && !machineGuid) throw new Error("Could not read any Windows machine ID");
64
+
65
+ // Use hostname as fallback secondary if registry query failed
66
+ const primary = uuid || machineGuid;
67
+ const secondary = machineGuid || os.hostname();
68
+
69
+ writeCache(primary, secondary);
70
+ return { primary, secondary, platform: "win32" };
33
71
  }
34
72
 
35
73
  if (platform === "darwin") {
@@ -37,6 +75,7 @@ function getMachineId() {
37
75
  "ioreg -rd1 -c IOPlatformExpertDevice | awk '/IOPlatformUUID/ { print $3 }'",
38
76
  { encoding: "utf8", timeout: 5000, stdio: ["pipe", "pipe", "pipe"] }
39
77
  ).replace(/['"]/g, "").trim();
78
+ writeCache(uuid, os.hostname());
40
79
  return { primary: uuid, secondary: os.hostname(), platform: "darwin" };
41
80
  }
42
81
 
@@ -44,6 +83,7 @@ function getMachineId() {
44
83
  let uuid = "";
45
84
  try { uuid = execSync("cat /etc/machine-id", { encoding: "utf8", timeout: 2000 }).trim(); }
46
85
  catch { uuid = execSync("cat /var/lib/dbus/machine-id", { encoding: "utf8", timeout: 2000 }).trim(); }
86
+ writeCache(uuid, os.hostname());
47
87
  return { primary: uuid, secondary: os.hostname(), platform: "linux" };
48
88
 
49
89
  } catch (err) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lifeaitools/clauth",
3
- "version": "1.4.0",
3
+ "version": "1.4.1",
4
4
  "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
5
5
  "type": "module",
6
6
  "bin": {