@openape/apes 0.22.0 → 0.22.1

package/dist/cli.js

@@ -1748,7 +1748,7 @@ import { defineCommand as defineCommand24 } from "citty";
 // src/commands/agents/destroy.ts
 import { execFileSync as execFileSync3 } from "child_process";
 import { mkdtempSync, rmSync, writeFileSync } from "fs";
-import { tmpdir } from "os";
+import { tmpdir, userInfo } from "os";
 import { join as join2 } from "path";
 import { defineCommand as defineCommand20 } from "citty";
 import consola18 from "consola";
@@ -1889,7 +1889,7 @@ echo "OK $NAME uid=$NEXT_UID home=$HOME_DIR"
 `;
 }
 function buildDestroyTeardownScript(input) {
-  const { name, homeDir } = input;
+  const { name, homeDir, adminUser } = input;
   return `#!/bin/bash
 # Best-effort teardown. set -u catches typos; we deliberately do NOT use -e
 # because pkill / launchctl are allowed to fail when the user has no live
@@ -1898,6 +1898,16 @@ set -u
 
 NAME=${shQuote(name)}
 HOME_DIR=${shQuote(homeDir)}
+ADMIN_USER=${shQuote(adminUser)}
+
+# Read the admin password from stdin (line 1). The caller pipes it in.
+# We never accept it as an argv element so it can't show up in process
+# listings or escapes' audit log.
+read -r ADMIN_PASSWORD
+if [ -z "$ADMIN_PASSWORD" ]; then
+  echo "ERROR: no admin password on stdin (expected one line)." >&2
+  exit 2
+fi
 
 UID_OF=$(dscl . -read "/Users/$NAME" UniqueID 2>/dev/null | awk '/UniqueID:/ {print $2}')
 
@@ -1910,25 +1920,32 @@ if [ -d "$HOME_DIR" ] && [ "$HOME_DIR" != "/" ] && [ "$HOME_DIR" != "" ]; then
   rm -rf "$HOME_DIR"
 fi
 
-# Delete the user record. \`sysadminctl -deleteUser\` is the canonical macOS
-# API and removes Open Directory metadata that \`dscl . -delete\` leaves
-# behind. Fall back to dscl if sysadminctl isn't available or rejects the
-# user. Surface a clear error if both fail \u2014 silent failure here is what
-# left orphaned dscl records on previous spawn/destroy round-trips.
-if command -v sysadminctl >/dev/null 2>&1; then
-  if sysadminctl -deleteUser "$NAME" 2>/dev/null; then
-    :
-  elif dscl . -read "/Users/$NAME" >/dev/null 2>&1; then
-    dscl . -delete "/Users/$NAME" || {
-      echo "ERROR: failed to delete user record /Users/$NAME" >&2
-      exit 1
-    }
-  fi
-elif dscl . -read "/Users/$NAME" >/dev/null 2>&1; then
-  dscl . -delete "/Users/$NAME" || {
-    echo "ERROR: failed to delete user record /Users/$NAME" >&2
-    exit 1
-  }
+# \`escapes\` is a plain setuid binary \u2014 opendirectoryd sees no audit/PAM
+# session attached (AUDIT_SESSION_ID=unset) and rejects DirectoryService
+# writes from this context: a bare \`sysadminctl -deleteUser\` or
+# \`dscl . -delete\` hangs ~5 minutes and exits with eUndefinedError -14987
+# at DSRecord.m:563. Passing explicit -adminUser/-adminPassword bypasses
+# opendirectoryd's implicit "is current session admin?" check and
+# authenticates against DirectoryService directly \u2014 the delete then
+# completes in ~1 second.
+if ! command -v sysadminctl >/dev/null 2>&1; then
+  echo "ERROR: sysadminctl not available; cannot delete user record." >&2
+  exit 1
+fi
+
+sysadminctl \\
+  -deleteUser "$NAME" \\
+  -adminUser "$ADMIN_USER" \\
+  -adminPassword "$ADMIN_PASSWORD"
+SYSAD_EC=$?
+unset ADMIN_PASSWORD
+
+if [ $SYSAD_EC -ne 0 ]; then
+  echo "ERROR: sysadminctl -deleteUser failed (exit=$SYSAD_EC)." >&2
+  echo "       Common causes: wrong admin password, admin user '$ADMIN_USER'" >&2
+  echo "       not in admin group, or target user '$NAME' is the last secure" >&2
+  echo "       token holder (run \\\`sysadminctl -secureTokenStatus $NAME\\\`)." >&2
+  exit 1
 fi
 
 # Verify the record is actually gone.
@@ -2122,14 +2139,20 @@ ${consequences.join("\n")}`);
       if (!escapes) {
         throw new CliError("`escapes` not found on PATH; OS teardown requires escapes.");
       }
+      const adminUser = userInfo().username;
+      const adminPassword = await collectAdminPassword({ adminUser, force: !!args.force });
       const scratch = mkdtempSync(join2(tmpdir(), `apes-destroy-${name}-`));
       const scriptPath = join2(scratch, "teardown.sh");
       try {
-        const script = buildDestroyTeardownScript({ name, homeDir: `/Users/${name}` });
+        const script = buildDestroyTeardownScript({ name, homeDir: `/Users/${name}`, adminUser });
         writeFileSync(scriptPath, script, { mode: 448 });
         consola18.start("Running teardown as root via `apes run --as root --wait`\u2026");
         consola18.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
-        execFileSync3(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
+        execFileSync3(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], {
+          input: `${adminPassword}
+`,
+          stdio: ["pipe", "inherit", "inherit"]
+        });
       } finally {
         rmSync(scratch, { recursive: true, force: true });
       }
@@ -2139,6 +2162,21 @@ ${consequences.join("\n")}`);
     consola18.success(`Destroyed ${name}.`);
   }
 });
+async function collectAdminPassword(opts) {
+  const fromEnv = process.env.APES_ADMIN_PASSWORD;
+  if (fromEnv && fromEnv.length > 0) return fromEnv;
+  if (!process.stdin.isTTY) {
+    throw new CliError(
+      `Admin password required for sysadminctl -deleteUser. No TTY available for the silent prompt; set APES_ADMIN_PASSWORD in the environment (local admin password for ${opts.adminUser}). The teardown reads it from stdin and never stores it.`
+    );
+  }
+  consola18.info(`Local admin password for ${opts.adminUser} (used for sysadminctl -deleteUser; not stored):`);
+  const pw = await consola18.prompt("Admin password", { type: "text", mask: "*" });
+  if (typeof pw === "symbol" || !pw || pw.length === 0) {
+    throw new CliExit(0);
+  }
+  return pw;
+}
 
 // src/commands/agents/list.ts
 import { defineCommand as defineCommand21 } from "citty";
@@ -3770,7 +3808,7 @@ var mcpCommand = defineCommand32({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-GBFP2XSM.js");
+    const { startMcpServer } = await import("./server-WBR7VEDY.js");
     await startMcpServer(transport, port);
   }
 });
@@ -4408,7 +4446,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "0.22.0" : "0.0.0";
+  const version = true ? "0.22.1" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -4681,10 +4719,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"0.22.0"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"0.22.1"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"0.22.0"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"0.22.1"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -4742,7 +4780,7 @@ var configCommand = defineCommand44({
 var main = defineCommand44({
   meta: {
     name: "apes",
-    version: "0.22.0",
+    version: "0.22.1",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {
@@ -4797,7 +4835,7 @@ async function maybeRefreshAuth() {
   }
 }
 await maybeRefreshAuth();
-await maybeWarnStaleVersion("0.22.0").catch(() => {
+await maybeWarnStaleVersion("0.22.1").catch(() => {
 });
 runMain(main).catch((err) => {
   if (err instanceof CliExit) {