@openape/apes 0.13.1 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js
CHANGED
|
@@ -2468,15 +2468,19 @@ function defaultAuditPath() {
|
|
|
2468
2468
|
const stateDir = xdg && xdg.length > 0 ? xdg : join2(homedir4(), ".local", "state");
|
|
2469
2469
|
return join2(stateDir, "openape", "proxy-audit.jsonl");
|
|
2470
2470
|
}
|
|
2471
|
-
function buildDefaultProxyConfigToml() {
|
|
2471
|
+
function buildDefaultProxyConfigToml(opts) {
|
|
2472
2472
|
const auditPath = defaultAuditPath();
|
|
2473
|
-
|
|
2474
|
-
|
|
2473
|
+
const defaultAction = opts.mediated ? "request" : "allow";
|
|
2474
|
+
const escEmail = opts.agentEmail.replace(/"/g, '\\"');
|
|
2475
|
+
const escIdp = opts.idpUrl.replace(/"/g, '\\"');
|
|
2476
|
+
return `# Auto-generated by \`apes proxy --\`. Do not edit; this file is
|
|
2477
|
+
# recreated for every invocation and deleted on exit.
|
|
2478
|
+
# Mode: ${opts.mediated ? "IdP-mediated (every unmatched host \u2192 grant flow)" : "transparent (default-allow + audit-only)"}.
|
|
2475
2479
|
[proxy]
|
|
2476
2480
|
listen = "127.0.0.1:0"
|
|
2477
|
-
idp_url = "
|
|
2478
|
-
agent_email = "
|
|
2479
|
-
default_action = "
|
|
2481
|
+
idp_url = "${escIdp}"
|
|
2482
|
+
agent_email = "${escEmail}"
|
|
2483
|
+
default_action = "${defaultAction}"
|
|
2480
2484
|
audit_log = "${auditPath.replace(/"/g, '\\"')}"
|
|
2481
2485
|
|
|
2482
2486
|
# Cloud / link-local metadata endpoints \u2014 never let agent traffic reach these
|
|
@@ -2596,6 +2600,19 @@ function waitForListenLine(child) {
|
|
|
2596
2600
|
}
|
|
2597
2601
|
|
|
2598
2602
|
// src/commands/proxy.ts
|
|
2603
|
+
function resolveProxyConfigOptions() {
|
|
2604
|
+
const auth = loadAuth();
|
|
2605
|
+
if (!auth?.email || !auth?.idp) {
|
|
2606
|
+
throw new CliError(
|
|
2607
|
+
"apes proxy requires `apes login` first.\n\nWithout a login the proxy has no agent identity to attribute grant\nrequests to, so the YOLO / Allow / Deny policy on id.openape.ai cannot\napply. Run:\n\n apes login\n\nand re-run `apes proxy -- ...`.",
|
|
2608
|
+
// 77 = EX_NOPERM from sysexits.h ("permission denied"); fits "user has\n'
|
|
2609
|
+
// not authenticated to use this command" better than the default 1.
|
|
2610
|
+
77
|
|
2611
|
+
);
|
|
2612
|
+
}
|
|
2613
|
+
consola20.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
|
|
2614
|
+
return { agentEmail: auth.email, idpUrl: auth.idp, mediated: true };
|
|
2615
|
+
}
|
|
2599
2616
|
var proxyCommand = defineCommand22({
|
|
2600
2617
|
meta: {
|
|
2601
2618
|
name: "proxy",
|
|
@@ -2620,7 +2637,7 @@ var proxyCommand = defineCommand22({
|
|
|
2620
2637
|
proxyUrl = reuseUrl;
|
|
2621
2638
|
consola20.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
|
|
2622
2639
|
} else {
|
|
2623
|
-
const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml());
|
|
2640
|
+
const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml(resolveProxyConfigOptions()));
|
|
2624
2641
|
proxyUrl = ephemeral.url;
|
|
2625
2642
|
close = ephemeral.close;
|
|
2626
2643
|
consola20.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
|
|
@@ -2936,7 +2953,7 @@ var mcpCommand = defineCommand27({
|
|
|
2936
2953
|
if (transport !== "stdio" && transport !== "sse") {
|
|
2937
2954
|
throw new Error('Transport must be "stdio" or "sse"');
|
|
2938
2955
|
}
|
|
2939
|
-
const { startMcpServer } = await import("./server-
|
|
2956
|
+
const { startMcpServer } = await import("./server-LU6IBZ76.js");
|
|
2940
2957
|
await startMcpServer(transport, port);
|
|
2941
2958
|
}
|
|
2942
2959
|
});
|
|
@@ -3428,7 +3445,7 @@ async function bestEffortGrantCount(idp) {
|
|
|
3428
3445
|
}
|
|
3429
3446
|
}
|
|
3430
3447
|
async function runHealth(args) {
|
|
3431
|
-
const version = true ? "0.
|
|
3448
|
+
const version = true ? "0.14.0" : "0.0.0";
|
|
3432
3449
|
const auth = loadAuth();
|
|
3433
3450
|
if (!auth) {
|
|
3434
3451
|
throw new CliError("Not logged in. Run `apes login` first.", 1);
|
|
@@ -3630,10 +3647,10 @@ if (shellRewrite) {
|
|
|
3630
3647
|
if (shellRewrite.action === "rewrite") {
|
|
3631
3648
|
process.argv = shellRewrite.argv;
|
|
3632
3649
|
} else if (shellRewrite.action === "version") {
|
|
3633
|
-
console.log(`ape-shell ${"0.
|
|
3650
|
+
console.log(`ape-shell ${"0.14.0"} (OpenApe DDISA shell wrapper)`);
|
|
3634
3651
|
process.exit(0);
|
|
3635
3652
|
} else if (shellRewrite.action === "help") {
|
|
3636
|
-
console.log(`ape-shell ${"0.
|
|
3653
|
+
console.log(`ape-shell ${"0.14.0"} \u2014 OpenApe DDISA shell wrapper`);
|
|
3637
3654
|
console.log("");
|
|
3638
3655
|
console.log("Usage:");
|
|
3639
3656
|
console.log(" ape-shell Start interactive grant-mediated REPL");
|
|
@@ -3691,7 +3708,7 @@ var configCommand = defineCommand34({
|
|
|
3691
3708
|
var main = defineCommand34({
|
|
3692
3709
|
meta: {
|
|
3693
3710
|
name: "apes",
|
|
3694
|
-
version: "0.
|
|
3711
|
+
version: "0.14.0",
|
|
3695
3712
|
description: "Unified CLI for OpenApe"
|
|
3696
3713
|
},
|
|
3697
3714
|
subCommands: {
|