npm - @openape/apes - Versions diffs - 0.20.0 → 0.21.0 - Mend

@openape/apes 0.20.0 → 0.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js +78 -20
package/dist/cli.js.map +1 -1
package/dist/{server-XZHBOWRD.js → server-UWKEQDNM.js} +2 -2
package/package.json +1 -1
/package/dist/{server-XZHBOWRD.js.map → server-UWKEQDNM.js.map} +0 -0

package/dist/cli.js CHANGED Viewed

@@ -96,7 +96,7 @@ function rewriteApeShellArgs(argv, argv0) {
 import { defineCommand as defineCommand44, runMain } from "citty";
 // src/commands/auth/login.ts
-import { Buffer } from "buffer";
+import { Buffer as Buffer2 } from "buffer";
 import { execFile } from "child_process";
 import { createServer } from "http";
 import { homedir as homedir2 } from "os";
@@ -394,7 +394,7 @@ async function loginWithKey(idp, keyPath, agentEmail) {
   const { challenge } = await challengeResp.json();
   const keyContent = readFileSync7(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey2(keyContent);
-  const signature = sign3(null, Buffer.from(challenge), privateKey).toString("base64");
+  const signature = sign3(null, Buffer2.from(challenge), privateKey).toString("base64");
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
   const authResp = await fetch(authenticateUrl, {
     method: "POST",
@@ -1754,7 +1754,7 @@ import { defineCommand as defineCommand20 } from "citty";
 import consola18 from "consola";
 // src/lib/agent-bootstrap.ts
-import { Buffer as Buffer2 } from "buffer";
+import { Buffer as Buffer3 } from "buffer";
 import { createPrivateKey, sign } from "crypto";
 var AGENT_NAME_REGEX = /^[a-z][a-z0-9-]{0,23}$/;
 var SSH_ED25519_PREFIX = "ssh-ed25519 ";
@@ -1779,7 +1779,7 @@ async function issueAgentToken(input) {
     throw new Error(`Challenge failed (${challengeResp.status}): ${text}`);
   }
   const { challenge } = await challengeResp.json();
-  const signature = sign(null, Buffer2.from(challenge), privateKey).toString("base64");
+  const signature = sign(null, Buffer3.from(challenge), privateKey).toString("base64");
   const authenticateUrl = await getAgentAuthenticateEndpoint(input.idp);
   const authResp = await fetch(authenticateUrl, {
     method: "POST",
@@ -1811,6 +1811,25 @@ mkdir -p "$HOME_DIR/.claude/hooks"
 cat > "$HOME_DIR/.claude/settings.json" ${shHeredoc(input.claudeSettingsJson)}
 cat > "$HOME_DIR/.claude/hooks/bash-via-ape-shell.sh" ${shHeredoc(input.hookScriptSource)}
 chmod 755 "$HOME_DIR/.claude/hooks/bash-via-ape-shell.sh"
+` : "";
+  const claudeTokenBlock = input.claudeOauthToken ? `
+mkdir -p "$HOME_DIR/.config/openape"
+cat > "$HOME_DIR/.config/openape/claude-token.env" ${shHeredoc(`# Auto-generated by 'apes agents spawn'. chmod 600 \u2014 contains a long-lived
+# Claude Code OAuth token. Rotate by editing this file in place; the
+# .zshenv / .profile source-lines below will pick it up automatically.
+export CLAUDE_CODE_OAUTH_TOKEN=${shQuote(input.claudeOauthToken)}
+`)}
+SOURCE_LINE='[ -f "$HOME/.config/openape/claude-token.env" ] && . "$HOME/.config/openape/claude-token.env"'
+for f in "$HOME_DIR/.zshenv" "$HOME_DIR/.profile"; do
+  touch "$f"
+  if ! grep -qF 'config/openape/claude-token.env' "$f" 2>/dev/null; then
+    {
+      echo ''
+      echo '# OpenApe: load Claude Code OAuth token (added by apes agents spawn)'
+      echo "$SOURCE_LINE"
+    } >> "$f"
+  fi
+done
 ` : "";
   return `#!/bin/bash
 set -euo pipefail
@@ -1854,13 +1873,17 @@ mkdir -p "$HOME_DIR/.ssh" "$HOME_DIR/.config/apes"
 cat > "$HOME_DIR/.ssh/id_ed25519" ${shHeredoc(privatePemForHeredoc.trimEnd())}
 cat > "$HOME_DIR/.ssh/id_ed25519.pub" ${shHeredoc(`${input.publicKeySshLine}`)}
 cat > "$HOME_DIR/.config/apes/auth.json" ${shHeredoc(input.authJson)}
-${claudeBlock}
+${claudeBlock}${claudeTokenBlock}
 chown -R "$NAME:staff" "$HOME_DIR"
 chmod 700 "$HOME_DIR/.ssh"
 chmod 700 "$HOME_DIR/.config"
 chmod 600 "$HOME_DIR/.ssh/id_ed25519"
 chmod 644 "$HOME_DIR/.ssh/id_ed25519.pub"
 chmod 600 "$HOME_DIR/.config/apes/auth.json"
+if [ -f "$HOME_DIR/.config/openape/claude-token.env" ]; then
+  chmod 700 "$HOME_DIR/.config/openape"
+  chmod 600 "$HOME_DIR/.config/openape/claude-token.env"
+fi
 echo "OK $NAME uid=$NEXT_UID home=$HOME_DIR"
 `;
@@ -2268,7 +2291,7 @@ import { defineCommand as defineCommand23 } from "citty";
 import consola21 from "consola";
 // src/lib/keygen.ts
-import { Buffer as Buffer3 } from "buffer";
+import { Buffer as Buffer4 } from "buffer";
 import { existsSync as existsSync5, mkdirSync, readFileSync as readFileSync4, writeFileSync as writeFileSync2 } from "fs";
 import { generateKeyPairSync } from "crypto";
 import { homedir as homedir4 } from "os";
@@ -2278,11 +2301,11 @@ function resolveKeyPath(p) {
 }
 function buildSshEd25519Line(rawPub) {
   const keyTypeStr = "ssh-ed25519";
-  const keyTypeLen = Buffer3.alloc(4);
+  const keyTypeLen = Buffer4.alloc(4);
   keyTypeLen.writeUInt32BE(keyTypeStr.length);
-  const pubKeyLen = Buffer3.alloc(4);
+  const pubKeyLen = Buffer4.alloc(4);
   pubKeyLen.writeUInt32BE(rawPub.length);
-  const blob = Buffer3.concat([keyTypeLen, Buffer3.from(keyTypeStr), pubKeyLen, rawPub]);
+  const blob = Buffer4.concat([keyTypeLen, Buffer4.from(keyTypeStr), pubKeyLen, rawPub]);
   return `ssh-ed25519 ${blob.toString("base64")}`;
 }
 function readPublicKey(keyPath) {
@@ -2293,7 +2316,7 @@ function readPublicKey(keyPath) {
   const keyContent = readFileSync4(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey(keyContent);
   const jwk = privateKey.export({ format: "jwk" });
-  const pubBytes = Buffer3.from(jwk.x, "base64url");
+  const pubBytes = Buffer4.from(jwk.x, "base64url");
   return buildSshEd25519Line(pubBytes);
 }
 function generateAndSaveKey(keyPath) {
@@ -2306,7 +2329,7 @@ function generateAndSaveKey(keyPath) {
   const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
   writeFileSync2(resolved, privatePem, { mode: 384 });
   const jwk = publicKey.export({ format: "jwk" });
-  const pubBytes = Buffer3.from(jwk.x, "base64url");
+  const pubBytes = Buffer4.from(jwk.x, "base64url");
   const pubKeyStr = buildSshEd25519Line(pubBytes);
   writeFileSync2(`${resolved}.pub`, `${pubKeyStr}
 `, { mode: 420 });
@@ -2316,7 +2339,7 @@ function generateKeyPairInMemory() {
   const { publicKey, privateKey } = generateKeyPairSync("ed25519");
   const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
   const jwk = publicKey.export({ format: "jwk" });
-  const pubBytes = Buffer3.from(jwk.x, "base64url");
+  const pubBytes = Buffer4.from(jwk.x, "base64url");
   return {
     privatePem,
     publicSshLine: buildSshEd25519Line(pubBytes)
@@ -2342,6 +2365,14 @@ var spawnAgentCommand = defineCommand23({
     "no-claude-hook": {
       type: "boolean",
       description: "Skip writing ~/.claude/settings.json + the Bash-rewrite hook"
+    },
+    "claude-token": {
+      type: "string",
+      description: "Claude Code OAuth token (sk-ant-oat01-\u2026) from `claude setup-token`. Visible to ps \u2014 prefer --claude-token-stdin in scripts."
+    },
+    "claude-token-stdin": {
+      type: "boolean",
+      description: "Read the Claude Code OAuth token from stdin (paranoid form of --claude-token)."
     }
   },
   async run({ args }) {
@@ -2408,6 +2439,10 @@ and try again.`
         expiresAt: Math.floor(Date.now() / 1e3) + expiresIn
       });
       const includeClaudeHook = !args["no-claude-hook"];
+      const claudeOauthToken = await resolveClaudeToken({
+        flag: typeof args["claude-token"] === "string" ? args["claude-token"] : void 0,
+        fromStdin: !!args["claude-token-stdin"]
+      });
       const script = buildSpawnSetupScript({
         name,
         homeDir,
@@ -2416,7 +2451,8 @@ and try again.`
         publicKeySshLine: publicSshLine,
         authJson,
         claudeSettingsJson: includeClaudeHook ? CLAUDE_SETTINGS_JSON : null,
-        hookScriptSource: includeClaudeHook ? BASH_VIA_APE_SHELL_HOOK_SOURCE : null
+        hookScriptSource: includeClaudeHook ? BASH_VIA_APE_SHELL_HOOK_SOURCE : null,
+        claudeOauthToken
       });
       writeFileSync3(scriptPath, script, { mode: 448 });
       consola21.start("Running privileged setup as root via `apes run --as root --wait`\u2026");
@@ -2431,6 +2467,28 @@ and try again.`
     }
   }
 });
+async function resolveClaudeToken(opts) {
+  if (opts.flag && opts.fromStdin) {
+    throw new CliError("Pass --claude-token OR --claude-token-stdin, not both.");
+  }
+  let raw = null;
+  if (typeof opts.flag === "string") {
+    raw = opts.flag.trim();
+  } else if (opts.fromStdin) {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+    }
+    raw = Buffer.concat(chunks).toString("utf-8").trim();
+  }
+  if (!raw) return null;
+  if (!raw.startsWith("sk-ant-oat01-")) {
+    throw new CliError(
+      `Claude token doesn't look right (expected sk-ant-oat01-\u2026). Run \`claude setup-token\` and paste the resulting token.`
+    );
+  }
+  return raw;
+}
 // src/commands/agents/index.ts
 var agentsCommand = defineCommand24({
@@ -3698,7 +3756,7 @@ var mcpCommand = defineCommand32({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-XZHBOWRD.js");
+    const { startMcpServer } = await import("./server-UWKEQDNM.js");
     await startMcpServer(transport, port);
   }
 });
@@ -3858,7 +3916,7 @@ async function initIdP(targetDir) {
 }
 // src/commands/enroll.ts
-import { Buffer as Buffer4 } from "buffer";
+import { Buffer as Buffer5 } from "buffer";
 import { existsSync as existsSync7, readFileSync as readFileSync5 } from "fs";
 import { execFile as execFile2 } from "child_process";
 import { sign as sign2 } from "crypto";
@@ -3889,7 +3947,7 @@ async function pollForEnrollment(idp, agentEmail, keyPath) {
       });
       if (challengeResp.ok) {
         const { challenge } = await challengeResp.json();
-        const signature = sign2(null, Buffer4.from(challenge), privateKey).toString("base64");
+        const signature = sign2(null, Buffer5.from(challenge), privateKey).toString("base64");
         const authResp = await fetch(authenticateUrl, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
@@ -4336,7 +4394,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "0.20.0" : "0.0.0";
+  const version = true ? "0.21.0" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -4538,10 +4596,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"0.20.0"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"0.21.0"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"0.20.0"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"0.21.0"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -4599,7 +4657,7 @@ var configCommand = defineCommand44({
 var main = defineCommand44({
   meta: {
     name: "apes",
-    version: "0.20.0",
+    version: "0.21.0",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {