@modelstatus/cli 0.1.71 → 0.1.74

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelstatus/cli",
-  "version": "0.1.71",
+  "version": "0.1.74",
   "description": "Track which AI models you use, where, and never get surprised by a retirement. Free offline model-health for any repo (mm status), browser sign-in for cloud inventory + alerts.",
   "keywords": [
     "llm",

package/src/index.js

@@ -824,6 +824,7 @@ async function applyUpdate(rerunArgs) {
   if (r.status === "latest") process.stderr.write(`✓ Already on the latest mm (${r.version}).\n`);
   else if (r.status === "manual")
     process.stderr.write(`✦ mm ${r.to} is available (you're on ${r.from}), but auto-update can't write ${process.execPath}. Reinstall:\n  curl -fsSL https://llmstatus.ai/install.sh | bash\n`);
+  else if (r.status === "brew") process.stderr.write(`✦ mm ${r.to} is available (you're on ${r.from}). This is a Homebrew install — update with:\n  brew upgrade modelstatus-cli\n`);
   else if (r.status === "npm") process.stderr.write(`This is an npm-managed install. Update with:\n  npm update -g @modelstatus/cli\n`);
   else if (r.status === "unsupported") process.stderr.write(`Self-update isn't supported for this build. Reinstall:\n  curl -fsSL https://llmstatus.ai/install.sh | bash\n`);
   else if (r.status === "error") process.stderr.write(`! Update check failed: ${r.message}\n`);

package/src/updater.js

@@ -13,6 +13,7 @@
  *     same-run doesn't re-exec, so any in-flight state stays sane.
  */
 import crypto from "node:crypto";
+import { spawnSync } from "node:child_process";
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
@@ -87,6 +88,33 @@ async function fetchJson(url) {
   return res.json();
 }
 
+// Ed25519 RELEASE public key (committed: packages/cli/release-pubkey.pem). The
+// manifest is signed with the matching private key; verifying that signature is
+// what makes the manifest's sha256 trustworthy on every platform, independent of
+// the CDN. An auto-update that can't verify this signature does not proceed.
+const RELEASE_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEApu4VP7vB6iwxsPcK5KaosjK7SIp9HrWMt5IvcUwjUOM=
+-----END PUBLIC KEY-----`;
+
+/** Fetch the manifest + its detached Ed25519 signature and verify before
+ * parsing. Returns the parsed manifest, or throws if the signature is missing or
+ * invalid (fail closed — never self-update against an unverifiable manifest). */
+async function fetchVerifiedManifest(base) {
+  const [mRes, sRes] = await Promise.all([
+    fetch(`${base}/version.json`, { cache: "no-store" }),
+    fetch(`${base}/version.json.sig`, { cache: "no-store" }),
+  ]);
+  if (!mRes.ok) throw new Error(`GET version.json -> ${mRes.status}`);
+  if (!sRes.ok) throw new Error("manifest signature unavailable — refusing to self-update");
+  const manifestBytes = Buffer.from(await mRes.arrayBuffer());
+  const sig = Buffer.from((await sRes.text()).trim(), "base64");
+  const key = crypto.createPublicKey(RELEASE_PUBKEY);
+  if (!crypto.verify(null, manifestBytes, key, sig)) {
+    throw new Error("manifest signature INVALID — refusing to self-update");
+  }
+  return JSON.parse(manifestBytes.toString("utf8"));
+}
+
 /** True if we can create/rename files in `dir` (needed for an atomic swap). */
 function dirWritable(dir) {
   try {
@@ -97,6 +125,14 @@ function dirWritable(dir) {
   }
 }
 
+/** True when the running binary lives under a Homebrew prefix. Brew owns the
+ * binary's lifecycle (`brew upgrade`), and silently swapping it out from under
+ * brew would break its integrity tracking — so we never self-update there. */
+function isBrewManaged() {
+  const p = process.execPath;
+  return p.includes("/Cellar/") || p.includes("/homebrew/") || p.includes("/linuxbrew/");
+}
+
 /** Replace the executable via the atomic tmp+rename pattern ONLY (a new inode).
  * We must NOT writeFileSync over the live executable's inode: truncating +
  * rewriting a running, memory-mapped Mach-O can make macOS SIGKILL the running
@@ -114,6 +150,24 @@ function replaceBinary(exe, buf) {
   }
 }
 
+// Our Developer ID team. A self-update download must be signed by us before we
+// swap it in — otherwise a CDN compromise would auto-propagate to every
+// installed macOS user (worse than a one-time install compromise). The sha256
+// is from the same CDN as the binary, so it can't prove provenance; the code
+// signature is the real anchor.
+const TEAM_ID = "9H8U98V2UU";
+
+/** macOS only: verify a downloaded binary file carries a valid Developer ID
+ * signature under OUR team, anchored to Apple. Throws if codesign is missing or
+ * the check fails (fail closed). No-op on Linux/Windows (no equivalent). */
+function verifyMacSignature(file) {
+  if (process.platform !== "darwin") return;
+  const req = `anchor apple generic and certificate leaf[subject.OU] = "${TEAM_ID}"`;
+  const r = spawnSync("codesign", ["--verify", "--strict", `-R=${req}`, file], { stdio: "ignore" });
+  if (r.error) throw new Error("codesign unavailable — refusing to self-update");
+  if (r.status !== 0) throw new Error(`downloaded binary failed Developer ID verification (team ${TEAM_ID})`);
+}
+
 async function downloadAndReplace(version, key, expectedSha) {
   const exe = process.execPath;
   const ext = process.platform === "win32" ? ".exe" : "";
@@ -125,6 +179,17 @@ async function downloadAndReplace(version, key, expectedSha) {
   if (actualSha !== expectedSha) {
     throw new Error(`sha256 mismatch: expected ${expectedSha.slice(0, 12)}…, got ${actualSha.slice(0, 12)}…`);
   }
+  // On macOS, verify the SIGNATURE before trusting these bytes as our binary.
+  // Stage to a temp file, codesign-verify it, then swap — never swap unverified.
+  if (process.platform === "darwin") {
+    const staged = path.join(path.dirname(exe), `.${path.basename(exe)}.verify.${process.pid}`);
+    try {
+      fs.writeFileSync(staged, buf, { mode: 0o755 });
+      verifyMacSignature(staged);
+    } finally {
+      try { fs.unlinkSync(staged); } catch { /* best effort */ }
+    }
+  }
   replaceBinary(exe, buf);
 }
 
@@ -151,13 +216,16 @@ export async function forceUpdate() {
     const key = platformKey();
     if (!key) return { status: "unsupported" };
 
-    const manifest = await fetchJson(`${CDN}/cli/${CHANNEL_PATH}/version.json`);
+    const manifest = await fetchVerifiedManifest(`${CDN}/cli/${CHANNEL_PATH}`);
     writeCache({ ...(readCache() || {}), last_check: Date.now(), latest_known: manifest.version });
     if (!manifest.version) return { status: "error", message: "manifest has no version" };
     if (compareVer(manifest.version, BUILD_VERSION) <= 0) return { status: "latest", version: dispVer(BUILD_VERSION) };
 
     const expectedSha = manifest.sha256?.[key];
     if (!expectedSha) return { status: "error", message: `no sha256 for ${key}` };
+    if (isBrewManaged()) {
+      return { status: "brew", from: dispVer(BUILD_VERSION), to: dispVer(manifest.version) };
+    }
     if (!dirWritable(path.dirname(process.execPath))) {
       return { status: "manual", from: dispVer(BUILD_VERSION), to: dispVer(manifest.version) };
     }
@@ -173,6 +241,7 @@ export async function maybeCheckForUpdate(flags = {}) {
   try {
     if (!IS_SHELL_INSTALL) return null;
     if (process.env.MM_NO_AUTO_UPDATE) return null;
+    if (isBrewManaged()) return null; // brew upgrade owns the lifecycle
     if (flags.json || flags.ci) return null;
 
     const cache = readCache() || {};
@@ -181,7 +250,7 @@ export async function maybeCheckForUpdate(flags = {}) {
     const key = platformKey();
     if (!key) return null;
 
-    const manifest = await fetchJson(`${CDN}/cli/${CHANNEL_PATH}/version.json`);
+    const manifest = await fetchVerifiedManifest(`${CDN}/cli/${CHANNEL_PATH}`);
     // Always update the cache so we don't re-check for 24 h.
     writeCache({ ...cache, last_check: Date.now(), latest_known: manifest.version });