@openape/apes 0.13.0 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js
CHANGED
|
@@ -2468,15 +2468,19 @@ function defaultAuditPath() {
|
|
|
2468
2468
|
const stateDir = xdg && xdg.length > 0 ? xdg : join2(homedir4(), ".local", "state");
|
|
2469
2469
|
return join2(stateDir, "openape", "proxy-audit.jsonl");
|
|
2470
2470
|
}
|
|
2471
|
-
function buildDefaultProxyConfigToml() {
|
|
2471
|
+
function buildDefaultProxyConfigToml(opts) {
|
|
2472
2472
|
const auditPath = defaultAuditPath();
|
|
2473
|
-
|
|
2474
|
-
|
|
2473
|
+
const defaultAction = opts.mediated ? "request" : "allow";
|
|
2474
|
+
const escEmail = opts.agentEmail.replace(/"/g, '\\"');
|
|
2475
|
+
const escIdp = opts.idpUrl.replace(/"/g, '\\"');
|
|
2476
|
+
return `# Auto-generated by \`apes proxy --\`. Do not edit; this file is
|
|
2477
|
+
# recreated for every invocation and deleted on exit.
|
|
2478
|
+
# Mode: ${opts.mediated ? "IdP-mediated (every unmatched host \u2192 grant flow)" : "transparent (default-allow + audit-only)"}.
|
|
2475
2479
|
[proxy]
|
|
2476
2480
|
listen = "127.0.0.1:0"
|
|
2477
|
-
idp_url = "
|
|
2478
|
-
agent_email = "
|
|
2479
|
-
default_action = "
|
|
2481
|
+
idp_url = "${escIdp}"
|
|
2482
|
+
agent_email = "${escEmail}"
|
|
2483
|
+
default_action = "${defaultAction}"
|
|
2480
2484
|
audit_log = "${auditPath.replace(/"/g, '\\"')}"
|
|
2481
2485
|
|
|
2482
2486
|
# Cloud / link-local metadata endpoints \u2014 never let agent traffic reach these
|
|
@@ -2596,6 +2600,19 @@ function waitForListenLine(child) {
|
|
|
2596
2600
|
}
|
|
2597
2601
|
|
|
2598
2602
|
// src/commands/proxy.ts
|
|
2603
|
+
function resolveProxyConfigOptions() {
|
|
2604
|
+
const auth = loadAuth();
|
|
2605
|
+
if (!auth?.email || !auth?.idp) {
|
|
2606
|
+
throw new CliError(
|
|
2607
|
+
"apes proxy requires `apes login` first.\n\nWithout a login the proxy has no agent identity to attribute grant\nrequests to, so the YOLO / Allow / Deny policy on id.openape.ai cannot\napply. Run:\n\n apes login\n\nand re-run `apes proxy -- ...`.",
|
|
2608
|
+
// 77 = EX_NOPERM from sysexits.h ("permission denied"); fits "user has\n'
|
|
2609
|
+
// not authenticated to use this command" better than the default 1.
|
|
2610
|
+
77
|
|
2611
|
+
);
|
|
2612
|
+
}
|
|
2613
|
+
consola20.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
|
|
2614
|
+
return { agentEmail: auth.email, idpUrl: auth.idp, mediated: true };
|
|
2615
|
+
}
|
|
2599
2616
|
var proxyCommand = defineCommand22({
|
|
2600
2617
|
meta: {
|
|
2601
2618
|
name: "proxy",
|
|
@@ -2620,16 +2637,23 @@ var proxyCommand = defineCommand22({
|
|
|
2620
2637
|
proxyUrl = reuseUrl;
|
|
2621
2638
|
consola20.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
|
|
2622
2639
|
} else {
|
|
2623
|
-
const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml());
|
|
2640
|
+
const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml(resolveProxyConfigOptions()));
|
|
2624
2641
|
proxyUrl = ephemeral.url;
|
|
2625
2642
|
close = ephemeral.close;
|
|
2626
2643
|
consola20.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
|
|
2627
2644
|
}
|
|
2645
|
+
const noProxy = process.env.NO_PROXY ?? process.env.no_proxy ?? "127.0.0.1,localhost";
|
|
2628
2646
|
const childEnv = {
|
|
2629
2647
|
...process.env,
|
|
2630
2648
|
HTTPS_PROXY: proxyUrl,
|
|
2649
|
+
https_proxy: proxyUrl,
|
|
2631
2650
|
HTTP_PROXY: proxyUrl,
|
|
2632
|
-
|
|
2651
|
+
http_proxy: proxyUrl,
|
|
2652
|
+
ALL_PROXY: proxyUrl,
|
|
2653
|
+
all_proxy: proxyUrl,
|
|
2654
|
+
NO_PROXY: noProxy,
|
|
2655
|
+
no_proxy: noProxy,
|
|
2656
|
+
NODE_USE_ENV_PROXY: "1"
|
|
2633
2657
|
};
|
|
2634
2658
|
const exitCode = await new Promise((resolveExit) => {
|
|
2635
2659
|
const child = spawn2(wrapped[0], wrapped.slice(1), {
|
|
@@ -2929,7 +2953,7 @@ var mcpCommand = defineCommand27({
|
|
|
2929
2953
|
if (transport !== "stdio" && transport !== "sse") {
|
|
2930
2954
|
throw new Error('Transport must be "stdio" or "sse"');
|
|
2931
2955
|
}
|
|
2932
|
-
const { startMcpServer } = await import("./server-
|
|
2956
|
+
const { startMcpServer } = await import("./server-LU6IBZ76.js");
|
|
2933
2957
|
await startMcpServer(transport, port);
|
|
2934
2958
|
}
|
|
2935
2959
|
});
|
|
@@ -3421,7 +3445,7 @@ async function bestEffortGrantCount(idp) {
|
|
|
3421
3445
|
}
|
|
3422
3446
|
}
|
|
3423
3447
|
async function runHealth(args) {
|
|
3424
|
-
const version = true ? "0.
|
|
3448
|
+
const version = true ? "0.14.0" : "0.0.0";
|
|
3425
3449
|
const auth = loadAuth();
|
|
3426
3450
|
if (!auth) {
|
|
3427
3451
|
throw new CliError("Not logged in. Run `apes login` first.", 1);
|
|
@@ -3623,10 +3647,10 @@ if (shellRewrite) {
|
|
|
3623
3647
|
if (shellRewrite.action === "rewrite") {
|
|
3624
3648
|
process.argv = shellRewrite.argv;
|
|
3625
3649
|
} else if (shellRewrite.action === "version") {
|
|
3626
|
-
console.log(`ape-shell ${"0.
|
|
3650
|
+
console.log(`ape-shell ${"0.14.0"} (OpenApe DDISA shell wrapper)`);
|
|
3627
3651
|
process.exit(0);
|
|
3628
3652
|
} else if (shellRewrite.action === "help") {
|
|
3629
|
-
console.log(`ape-shell ${"0.
|
|
3653
|
+
console.log(`ape-shell ${"0.14.0"} \u2014 OpenApe DDISA shell wrapper`);
|
|
3630
3654
|
console.log("");
|
|
3631
3655
|
console.log("Usage:");
|
|
3632
3656
|
console.log(" ape-shell Start interactive grant-mediated REPL");
|
|
@@ -3684,7 +3708,7 @@ var configCommand = defineCommand34({
|
|
|
3684
3708
|
var main = defineCommand34({
|
|
3685
3709
|
meta: {
|
|
3686
3710
|
name: "apes",
|
|
3687
|
-
version: "0.
|
|
3711
|
+
version: "0.14.0",
|
|
3688
3712
|
description: "Unified CLI for OpenApe"
|
|
3689
3713
|
},
|
|
3690
3714
|
subCommands: {
|