npm - @openape/apes - Versions diffs - 0.13.1 → 0.14.1 - Mend

@openape/apes 0.13.1 → 0.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js +41 -33
package/dist/cli.js.map +1 -1
package/dist/{server-6RPIR76X.js → server-Z4PCQEB3.js} +2 -2
package/package.json +2 -2
/package/dist/{server-6RPIR76X.js.map → server-Z4PCQEB3.js.map} +0 -0

package/dist/cli.js CHANGED Viewed

@@ -2461,23 +2461,18 @@ import { defineCommand as defineCommand22 } from "citty";
 import consola20 from "consola";
 // src/proxy/config.ts
-import { homedir as homedir4 } from "os";
-import { join as join2 } from "path";
-function defaultAuditPath() {
-  const xdg = process.env.XDG_STATE_HOME;
-  const stateDir = xdg && xdg.length > 0 ? xdg : join2(homedir4(), ".local", "state");
-  return join2(stateDir, "openape", "proxy-audit.jsonl");
-}
-function buildDefaultProxyConfigToml() {
-  const auditPath = defaultAuditPath();
-  return `# Auto-generated by apes proxy -- (M1a). Do not edit; this file is
-# recreated for every \`apes proxy --\` invocation and deleted on exit.
+function buildDefaultProxyConfigToml(opts) {
+  const defaultAction = opts.mediated ? "request" : "allow";
+  const escEmail = opts.agentEmail.replace(/"/g, '\\"');
+  const escIdp = opts.idpUrl.replace(/"/g, '\\"');
+  return `# Auto-generated by \`apes proxy --\`. Do not edit; this file is
+# recreated for every invocation and deleted on exit.
+# Mode: ${opts.mediated ? "IdP-mediated (every unmatched host \u2192 grant flow)" : "transparent (default-allow + audit-only)"}.
 [proxy]
 listen = "127.0.0.1:0"
-idp_url = "https://id.openape.ai"
-agent_email = "ephemeral@apes-proxy.local"
-default_action = "allow"
-audit_log = "${auditPath.replace(/"/g, '\\"')}"
+idp_url = "${escIdp}"
+agent_email = "${escEmail}"
+default_action = "${defaultAction}"
 # Cloud / link-local metadata endpoints \u2014 never let agent traffic reach these
 # even if a downstream policy mistake would otherwise allow it.
@@ -2500,7 +2495,7 @@ import { spawn } from "child_process";
 import { mkdtempSync, rmSync, writeFileSync } from "fs";
 import { createRequire } from "module";
 import { tmpdir } from "os";
-import { dirname, join as join3, resolve as resolve2 } from "path";
+import { dirname, join as join2, resolve as resolve2 } from "path";
 var require2 = createRequire(import.meta.url);
 function findProxyBin() {
   const pkgPath = require2.resolve("@openape/proxy/package.json");
@@ -2512,8 +2507,8 @@ function findProxyBin() {
   return resolve2(dirname(pkgPath), binRel);
 }
 async function startEphemeralProxy(configToml) {
-  const tmpDir = mkdtempSync(join3(tmpdir(), "openape-proxy-"));
-  const configPath = join3(tmpDir, "config.toml");
+  const tmpDir = mkdtempSync(join2(tmpdir(), "openape-proxy-"));
+  const configPath = join2(tmpDir, "config.toml");
   writeFileSync(configPath, configToml, { mode: 384 });
   const binPath = findProxyBin();
   const child = spawn(process.execPath, [binPath, "-c", configPath], {
@@ -2596,6 +2591,19 @@ function waitForListenLine(child) {
 }
 // src/commands/proxy.ts
+function resolveProxyConfigOptions() {
+  const auth = loadAuth();
+  if (!auth?.email || !auth?.idp) {
+    throw new CliError(
+      "apes proxy requires `apes login` first.\n\nWithout a login the proxy has no agent identity to attribute grant\nrequests to, so the YOLO / Allow / Deny policy on id.openape.ai cannot\napply. Run:\n\n  apes login\n\nand re-run `apes proxy -- ...`.",
+      // 77 = EX_NOPERM from sysexits.h ("permission denied"); fits "user has\n'
+      // not authenticated to use this command" better than the default 1.
+      77
+    );
+  }
+  consola20.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
+  return { agentEmail: auth.email, idpUrl: auth.idp, mediated: true };
+}
 var proxyCommand = defineCommand22({
   meta: {
     name: "proxy",
@@ -2620,7 +2628,7 @@ var proxyCommand = defineCommand22({
       proxyUrl = reuseUrl;
       consola20.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
     } else {
-      const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml());
+      const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml(resolveProxyConfigOptions()));
       proxyUrl = ephemeral.url;
       close = ephemeral.close;
       consola20.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
@@ -2936,7 +2944,7 @@ var mcpCommand = defineCommand27({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-6RPIR76X.js");
+    const { startMcpServer } = await import("./server-Z4PCQEB3.js");
     await startMcpServer(transport, port);
   }
 });
@@ -2945,7 +2953,7 @@ var mcpCommand = defineCommand27({
 import { existsSync as existsSync3, copyFileSync, writeFileSync as writeFileSync2 } from "fs";
 import { randomBytes } from "crypto";
 import { execFileSync as execFileSync3 } from "child_process";
-import { join as join4 } from "path";
+import { join as join3 } from "path";
 import { defineCommand as defineCommand28 } from "citty";
 import consola23 from "consola";
 var DEFAULT_IDP_URL = "https://id.openape.at";
@@ -2954,7 +2962,7 @@ async function downloadTemplate(repo, targetDir) {
   await gigetDownload(`gh:${repo}`, { dir: targetDir, force: false });
 }
 function installDeps(dir) {
-  const hasLockFile = (name) => existsSync3(join4(dir, name));
+  const hasLockFile = (name) => existsSync3(join3(dir, name));
   if (hasLockFile("pnpm-lock.yaml")) {
     execFileSync3("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
   } else if (hasLockFile("bun.lockb")) {
@@ -3019,7 +3027,7 @@ var initCommand = defineCommand28({
 });
 async function initSP(targetDir) {
   const dir = targetDir || "my-app";
-  if (existsSync3(join4(dir, "package.json"))) {
+  if (existsSync3(join3(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
   consola23.start("Scaffolding SP starter...");
@@ -3028,8 +3036,8 @@ async function initSP(targetDir) {
   consola23.start("Installing dependencies...");
   installDeps(dir);
   consola23.success("Dependencies installed");
-  const envExample = join4(dir, ".env.example");
-  const envFile = join4(dir, ".env");
+  const envExample = join3(dir, ".env.example");
+  const envFile = join3(dir, ".env");
   if (existsSync3(envExample) && !existsSync3(envFile)) {
     copyFileSync(envExample, envFile);
     consola23.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
@@ -3044,7 +3052,7 @@ async function initSP(targetDir) {
 }
 async function initIdP(targetDir) {
   const dir = targetDir || "my-idp";
-  if (existsSync3(join4(dir, "package.json"))) {
+  if (existsSync3(join3(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
   const domain = await promptText("Domain for the IdP", "localhost");
@@ -3076,7 +3084,7 @@ async function initIdP(targetDir) {
     `NUXT_OPENAPE_RP_ID=${domain}`,
     `NUXT_OPENAPE_RP_ORIGIN=${origin}`
   ].join("\n");
-  writeFileSync2(join4(dir, ".env"), `${envContent}
+  writeFileSync2(join3(dir, ".env"), `${envContent}
 `, { mode: 384 });
   consola23.success(".env created");
   console.log("");
@@ -3101,7 +3109,7 @@ import { existsSync as existsSync4, readFileSync as readFileSync2, writeFileSync
 import { execFile as execFile2 } from "child_process";
 import { generateKeyPairSync, sign } from "crypto";
 import { dirname as dirname2, resolve as resolve3 } from "path";
-import { homedir as homedir5 } from "os";
+import { homedir as homedir4 } from "os";
 import { defineCommand as defineCommand29 } from "citty";
 import consola24 from "consola";
 var DEFAULT_IDP_URL2 = "https://id.openape.at";
@@ -3109,7 +3117,7 @@ var DEFAULT_KEY_PATH = "~/.ssh/id_ed25519";
 var POLL_INTERVAL = 3e3;
 var POLL_TIMEOUT = 3e5;
 function resolvePath2(p) {
-  return resolve3(p.replace(/^~/, homedir5()));
+  return resolve3(p.replace(/^~/, homedir4()));
 }
 function openBrowser2(url) {
   const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
@@ -3428,7 +3436,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "0.13.1" : "0.0.0";
+  const version = true ? "0.14.1" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -3630,10 +3638,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"0.13.1"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"0.14.1"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"0.13.1"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"0.14.1"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -3691,7 +3699,7 @@ var configCommand = defineCommand34({
 var main = defineCommand34({
   meta: {
     name: "apes",
-    version: "0.13.1",
+    version: "0.14.1",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {