@northflare/runner 0.0.1

package/lib/preload-script.js

@@ -0,0 +1,293 @@
+// Check if logging is enabled via environment variable
+const loggingEnabled =
+  process.env.DEBUG_PRELOAD_SCRIPT === "1" ||
+  process.env.DEBUG_PRELOAD_SCRIPT === "true";
+
+// Patch child_process to prevent security commands
+const childProcess = require("child_process");
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+
+const originalExecSync = childProcess.execSync;
+
+function logToFile(...args) {
+  try {
+    const logFilePath = path.join(os.homedir(), ".preload-script.log");
+    const timestamp = new Date().toISOString();
+    const message = args
+      .map((arg) => {
+        if (typeof arg === "string") return arg;
+        try {
+          return JSON.stringify(arg, null, 2);
+        } catch {
+          return String(arg);
+        }
+      })
+      .join(" ");
+    fs.appendFileSync(logFilePath, `[${timestamp}] ${message}\n`);
+  } catch (err) {
+    // Fallback: do nothing if logging fails
+  }
+}
+
+// Patch console.log and console.error to use logToFile
+//console.log = (...args) => logToFile(...args);
+//console.error = (...args) => logToFile("ERROR:", ...args);
+
+// === macOS Security Commands Patching ===
+childProcess.execSync = function (command, options) {
+  // Check if command starts with "security "
+  if (
+    typeof command === "string" &&
+    command.trim().startsWith("security find-generic-password ")
+  ) {
+    if (loggingEnabled) {
+      console.log("🔀 Intercepted execSync call:", command);
+    }
+
+    // Check if CLAUDE_CREDENTIALS is set
+    const credentials = process.env.CLAUDE_CREDENTIALS;
+    if (credentials) {
+      if (loggingEnabled) {
+        console.log("🔐 Reading credentials from CLAUDE_CREDENTIALS env var");
+      }
+      // Return credentials directly as buffer
+      return Buffer.from(credentials);
+    } else {
+      if (loggingEnabled) {
+        console.log("⚠️ CLAUDE_CREDENTIALS not set, returning empty buffer");
+      }
+      // Return empty buffer to mimic successful execution
+      return Buffer.from("");
+    }
+  }
+
+  // Check if command starts with "security "
+  if (typeof command === "string" && command.trim().startsWith("security ")) {
+    if (loggingEnabled) {
+      console.log("🚫 Blocked execSync call:", command);
+    }
+    // Return empty buffer to mimic successful execution
+    return Buffer.from("");
+  }
+
+  if (loggingEnabled) {
+    console.log("🔧 Allowed execSync call:", command);
+  }
+
+  return originalExecSync.apply(this, arguments);
+};
+
+// === macOS Security Commands Patching ===
+const originalSpawnSync = childProcess.spawnSync;
+
+// Helper function to create spawnSync return format
+function createSpawnSyncResult(stdout = "", stderr = "", status = 0) {
+  return {
+    pid: 0,
+    output: [null, stdout, stderr],
+    stdout: stdout,
+    stderr: stderr,
+    status: status,
+    signal: null,
+    error: null,
+  };
+}
+
+childProcess.spawnSync = function (command) {
+  // Check if command starts with "security "
+  if (
+    typeof command === "string" &&
+    command.trim().startsWith("security find-generic-password ")
+  ) {
+    if (loggingEnabled) {
+      console.log("🔀 Intercepted spawnSync call:", command);
+    }
+
+    // Check if CLAUDE_CREDENTIALS is set
+    const credentials = process.env.CLAUDE_CREDENTIALS;
+    if (credentials) {
+      if (loggingEnabled) {
+        console.log("🔐 Reading credentials from CLAUDE_CREDENTIALS env var");
+      }
+      // Return credentials directly in spawnSync format
+      return createSpawnSyncResult(credentials);
+    } else {
+      if (loggingEnabled) {
+        console.log("⚠️ CLAUDE_CREDENTIALS not set, returning empty result");
+      }
+      // Return empty result to mimic successful execution
+      return createSpawnSyncResult();
+    }
+  }
+
+  // Check if command starts with "security "
+  if (typeof command === "string" && command.trim().startsWith("security ")) {
+    if (loggingEnabled) {
+      console.log("🚫 Blocked spawnSync call:", command);
+    }
+    // Return empty result to mimic successful execution
+    return createSpawnSyncResult();
+  }
+
+  if (loggingEnabled) {
+    console.log("🔧 Allowed spawnSync call:", command);
+  }
+
+  return originalSpawnSync.apply(this, arguments);
+};
+
+// === Windows/Linux Credential File Support ===
+if (process.platform !== "darwin") {
+  const originalExistsSync = fs.existsSync;
+  const originalReadFileSync = fs.readFileSync;
+  const originalWriteFileSync = fs.writeFileSync;
+  const originalUnlinkSync = fs.unlinkSync;
+  const originalChmodSync = fs.chmodSync;
+
+  // Hook fs.existsSync to handle credential files
+  fs.existsSync = function (filePath) {
+    if (
+      typeof filePath === "string" &&
+      filePath.endsWith(".credentials.json")
+    ) {
+      if (loggingEnabled) {
+        console.log("✅ Mocking existsSync for credentials file:", filePath);
+      }
+      return true;
+    }
+
+    return originalExistsSync.apply(this, arguments);
+  };
+
+  // Hook fs.readFileSync to handle credential files
+  fs.readFileSync = function (filePath, options) {
+    if (
+      typeof filePath === "string" &&
+      filePath.endsWith(".credentials.json")
+    ) {
+      if (loggingEnabled) {
+        console.log(
+          "🔀 Intercepted readFileSync for credentials file:",
+          filePath
+        );
+      }
+
+      // Check if CLAUDE_CREDENTIALS is set
+      const credentialsData = process.env.CLAUDE_CREDENTIALS;
+      if (credentialsData) {
+        try {
+          if (loggingEnabled) {
+            console.log(
+              "🔐 Reading credentials from CLAUDE_CREDENTIALS env var"
+            );
+          }
+          // Parse credentials as JSON
+          const credentials = JSON.parse(credentialsData);
+
+          // Replace refreshToken with empty string
+          if (
+            credentials.claudeAiOauth &&
+            credentials.claudeAiOauth.refreshToken
+          ) {
+            credentials.claudeAiOauth.refreshToken = "";
+            if (loggingEnabled) {
+              console.log("🔐 Replaced refreshToken with empty string");
+            }
+          }
+
+          // Return as string or buffer depending on options
+          const result = JSON.stringify(credentials);
+
+          // TEMPORARY DEBUG: Log full credentials string being returned
+          console.log(
+            "🔍 TEMP DEBUG - Full credentials string being returned:"
+          );
+          console.log(result);
+
+          if (
+            options &&
+            typeof options === "object" &&
+            options.encoding === null
+          ) {
+            return Buffer.from(result);
+          }
+          return result;
+        } catch (error) {
+          if (loggingEnabled) {
+            console.error(
+              "❌ Error parsing credentials from env var:",
+              error.message
+            );
+          }
+          // Fall back to empty string if credentials can't be parsed
+          return "";
+        }
+      } else {
+        if (loggingEnabled) {
+          console.log("⚠️ CLAUDE_CREDENTIALS not set, returning empty string");
+        }
+        // Return empty string to mimic file not found
+        return "";
+      }
+    }
+
+    return originalReadFileSync.apply(this, arguments);
+  };
+
+  // Hook fs.writeFileSync to be a no-op for credential files
+  fs.writeFileSync = function (filePath, data, options) {
+    if (
+      typeof filePath === "string" &&
+      filePath.endsWith(".credentials.json")
+    ) {
+      if (loggingEnabled) {
+        console.log("🚫 Blocked writeFileSync for credentials file:", filePath);
+      }
+      // No-op - do nothing
+      return;
+    }
+
+    return originalWriteFileSync.apply(this, arguments);
+  };
+
+  // Hook fs.unlinkSync to be a no-op for credential files
+  fs.unlinkSync = function (filePath) {
+    if (
+      typeof filePath === "string" &&
+      filePath.endsWith(".credentials.json")
+    ) {
+      if (loggingEnabled) {
+        console.log("🚫 Blocked unlinkSync for credentials file:", filePath);
+      }
+      // No-op - do nothing
+      return;
+    }
+
+    return originalUnlinkSync.apply(this, arguments);
+  };
+
+  // Hook fs.chmodSync to be a no-op for credential files
+  fs.chmodSync = function (filePath, mode) {
+    if (
+      typeof filePath === "string" &&
+      filePath.endsWith(".credentials.json")
+    ) {
+      if (loggingEnabled) {
+        console.log("🚫 Blocked chmodSync for credentials file:", filePath);
+      }
+      // No-op - do nothing
+      return;
+    }
+
+    return originalChmodSync.apply(this, arguments);
+  };
+}
+
+if (loggingEnabled) {
+  console.log(
+    "✅ Preload script loaded with platform support:",
+    process.platform
+  );
+}

package/package.json

@@ -0,0 +1,55 @@
+{
+  "name": "@northflare/runner",
+  "version": "0.0.1",
+  "description": "Distributed conversation runner for Northflare",
+  "license": "MIT",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "runner": "./bin/northflare-runner"
+  },
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "tsx src/index.ts",
+    "test": "vitest run",
+    "test:watch": "vitest watch",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src",
+    "prepublishOnly": "npm run build",
+    "postbuild": "chmod +x bin/northflare-runner",
+    "postinstall": "node -e \"console.log('\\n✅ Northflare Runner installed successfully!\\n\\nTo start the runner:\\n  npx @northflare/runner start\\n\\nFor help:\\n  npx @northflare/runner --help\\n')\"",
+    "release": "npm publish --access public",
+    "release:env": "source .env && npm publish --access public"
+  },
+  "dependencies": {
+    "@anthropic-ai/claude-agent-sdk": "0.1.30",
+    "@botanicastudios/claude-code-sdk-ts": "0.2.22-fork",
+    "@botanicastudios/mcp-host-rpc": "^0.4.0",
+    "@tanstack/react-query": "^5.x.x",
+    "@types/jsonwebtoken": "^9.0.10",
+    "ajv": "^8.x.x",
+    "commander": "^11.x.x",
+    "computer-name": "^0.1.0",
+    "env-paths": "^3.0.0",
+    "eventsource": "^4.0.0",
+    "jsonrpc-lite": "^2.2.0",
+    "jsonwebtoken": "^9.0.2",
+    "simple-git": "^3.x.x",
+    "winston": "^3.x.x",
+    "zod": "^3.x.x"
+  },
+  "devDependencies": {
+    "@types/eventsource": "^1.1.15",
+    "@types/express": "^4.x.x",
+    "@types/node": "^20.x.x",
+    "@vitest/coverage-v8": "^1.x.x",
+    "eslint": "^8.x.x",
+    "tsx": "^4.x.x",
+    "typescript": "^5.x.x",
+    "vitest": "^1.x.x"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}