@openape/apes 0.6.1 → 0.7.1

package/dist/index.d.ts

@@ -171,6 +171,10 @@ declare function createShapesGrant(resolved: ResolvedCommand, params: {
 }>;
 declare function waitForGrantStatus(idp: string, grantId: string): Promise<'approved' | 'denied' | 'revoked'>;
 declare function fetchGrantToken(idp: string, grantId: string): Promise<string>;
+/**
+ * One-shot verify + consume + execute. Preserves the legacy behavior of
+ * the `apes run --shell` path so existing callers keep working unchanged.
+ */
 declare function verifyAndExecute(token: string, resolved: ResolvedCommand): Promise<void>;
 declare function findExistingGrant(resolved: ResolvedCommand, idp: string): Promise<string | null>;
 
@@ -183,7 +187,12 @@ declare function buildStructuredCliGrantRequest(resolved: ResolvedCommand | Reso
 
 declare function fetchRegistry(forceRefresh?: boolean): Promise<RegistryIndex>;
 declare function searchAdapters(index: RegistryIndex, query: string): RegistryEntry[];
-declare function findAdapter(index: RegistryIndex, id: string): RegistryEntry | undefined;
+/**
+ * Look up a registry entry by its id or its executable field. This lets callers
+ * pass either the registry id ("o365") or the binary name ("o365-cli"); most
+ * adapters have id === executable, but the two can diverge.
+ */
+declare function findAdapter(index: RegistryIndex, idOrExecutable: string): RegistryEntry | undefined;
 
 interface InstallResult {
     id: string;

package/dist/index.js

@@ -10,7 +10,6 @@ import {
   appendAuditLog,
   buildExactCommandGrantRequest,
   buildStructuredCliGrantRequest,
-  clearAuth,
   createShapesGrant,
   discoverEndpoints,
   extractOption,
@@ -21,28 +20,31 @@ import {
   findAdapter,
   findConflictingAdapters,
   findExistingGrant,
-  getAuthToken,
-  getIdpUrl,
   getInstalledDigest,
-  getRequesterIdentity,
   installAdapter,
   isInstalled,
   loadAdapter,
-  loadAuth,
-  loadConfig,
   loadOrInstallAdapter,
   parseShellCommand,
   removeAdapter,
   resolveAdapterPath,
   resolveCapabilityRequest,
   resolveCommand,
-  saveAuth,
-  saveConfig,
   searchAdapters,
   tryLoadAdapter,
   verifyAndExecute,
   waitForGrantStatus
-} from "./chunk-G3Q2TMAI.js";
+} from "./chunk-B32ZQP5K.js";
+import {
+  clearAuth,
+  getAuthToken,
+  getIdpUrl,
+  getRequesterIdentity,
+  loadAuth,
+  loadConfig,
+  saveAuth,
+  saveConfig
+} from "./chunk-TBYYREL6.js";
 export {
   ApiError,
   CliError,

package/dist/orchestrator-JAMWD6DD.js

@@ -0,0 +1,637 @@
+#!/usr/bin/env node
+import {
+  apiFetch,
+  appendAuditLog,
+  createShapesGrant,
+  fetchGrantToken,
+  findExistingGrant,
+  getGrantsEndpoint,
+  loadOrInstallAdapter,
+  parseShellCommand,
+  resolveCommand,
+  verifyAndConsume,
+  waitForGrantStatus
+} from "./chunk-B32ZQP5K.js";
+import {
+  loadAuth
+} from "./chunk-TBYYREL6.js";
+
+// src/shell/orchestrator.ts
+import { hostname } from "os";
+import consola3 from "consola";
+
+// src/shell/grant-dispatch.ts
+import { basename } from "path";
+import consola from "consola";
+async function requestGrantForShellLine(line, options) {
+  const auth = loadAuth();
+  if (!auth) {
+    return { kind: "denied", reason: "Not logged in. Run `apes login` first." };
+  }
+  const idp = auth.idp;
+  if (!idp) {
+    return { kind: "denied", reason: "No IdP URL configured. Run `apes login` first." };
+  }
+  const parsed = parseShellCommand(line);
+  if (parsed && !parsed.isCompound) {
+    try {
+      const loaded = await loadOrInstallAdapter(parsed.executable);
+      if (loaded) {
+        const normalizedExecutable = basename(parsed.executable);
+        const resolved = await resolveCommand(loaded, [normalizedExecutable, ...parsed.argv]);
+        try {
+          const existingGrantId = await findExistingGrant(resolved, idp);
+          if (existingGrantId) {
+            consola.info(`Reusing grant ${existingGrantId} for: ${resolved.detail.display}`);
+            const token2 = await fetchGrantToken(idp, existingGrantId);
+            await verifyAndConsume(token2, resolved);
+            return { kind: "approved", grantId: existingGrantId, mode: "adapter" };
+          }
+        } catch (err) {
+          consola.debug(`ape-shell: findExistingGrant failed, will request new grant:`, err);
+        }
+        consola.info(`Requesting grant for: ${resolved.detail.display}`);
+        const grant = await createShapesGrant(resolved, {
+          idp,
+          approval: options.approval ?? "once",
+          reason: `ape-shell: ${resolved.detail.display}`
+        });
+        consola.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+        const status = await waitForGrantStatus(idp, grant.id);
+        if (status !== "approved") {
+          return { kind: "denied", reason: `Grant ${status}` };
+        }
+        const token = await fetchGrantToken(idp, grant.id);
+        await verifyAndConsume(token, resolved);
+        return { kind: "approved", grantId: grant.id, mode: "adapter" };
+      }
+    } catch (err) {
+      consola.debug(`ape-shell: adapter resolve failed, falling back to session grant:`, err);
+    }
+  }
+  const grantsUrl = await getGrantsEndpoint(idp);
+  try {
+    const grants = await apiFetch(
+      `${grantsUrl}?requester=${encodeURIComponent(auth.email)}&status=approved&limit=20`
+    );
+    const sessionGrant = grants.data.find(
+      (g) => g.request.audience === "ape-shell" && g.request.target_host === options.targetHost && g.request.grant_type !== "once"
+    );
+    if (sessionGrant) {
+      return { kind: "approved", grantId: sessionGrant.id, mode: "session" };
+    }
+  } catch (err) {
+    consola.debug(`ape-shell: session grant lookup failed:`, err);
+  }
+  consola.info(`Requesting ape-shell session grant on ${options.targetHost}`);
+  try {
+    const grant = await apiFetch(grantsUrl, {
+      method: "POST",
+      body: {
+        requester: auth.email,
+        target_host: options.targetHost,
+        audience: "ape-shell",
+        grant_type: options.approval ?? "once",
+        command: ["bash", "-c", line],
+        reason: `Shell session: ${line.slice(0, 100)}`
+      }
+    });
+    consola.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+    const maxWait = 3e5;
+    const interval = 3e3;
+    const start = Date.now();
+    while (Date.now() - start < maxWait) {
+      const status = await apiFetch(`${grantsUrl}/${grant.id}`);
+      if (status.status === "approved")
+        return { kind: "approved", grantId: grant.id, mode: "session" };
+      if (status.status === "denied" || status.status === "revoked")
+        return { kind: "denied", reason: `Grant ${status.status}` };
+      await new Promise((r) => setTimeout(r, interval));
+    }
+    return { kind: "denied", reason: "Grant approval timed out after 5 minutes" };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { kind: "denied", reason: `Grant request failed: ${msg}` };
+  }
+}
+
+// src/shell/pty-bridge.ts
+import { randomBytes } from "crypto";
+import * as pty from "node-pty";
+var PtyBridge = class {
+  marker;
+  /** Compiled once. Captures the exit code in group 1. */
+  markerRegex;
+  term;
+  events;
+  /** Bytes received since the last completed line. Searched for the marker. */
+  pending = "";
+  /**
+   * Accumulated output for the current in-flight line. Streams to `onOutput`
+   * live as chunks arrive, and is handed to `onLineDone` in full when the
+   * marker is matched. Resets at that point.
+   */
+  currentLineBuffer = "";
+  /** True until bash prints its first marker-prompt. */
+  readyForFirstLine = false;
+  awaitingInitialPrompt = null;
+  constructor(events, options = {}) {
+    this.events = events;
+    this.marker = randomBytes(16).toString("hex");
+    this.markerRegex = new RegExp(
+      `__APES_${this.marker}__:(-?\\d+):__END__\\r?\\n?`
+    );
+    const cols = options.cols ?? process.stdout.columns ?? 80;
+    const rows = options.rows ?? process.stdout.rows ?? 24;
+    this.term = pty.spawn("bash", ["--login", "-i"], {
+      name: "xterm-256color",
+      cols,
+      rows,
+      cwd: options.cwd ?? process.cwd(),
+      env: {
+        ...process.env,
+        // Force our marker PS1 on every prompt and keep pty echo off —
+        // both survive .bashrc overrides because PROMPT_COMMAND runs
+        // before each prompt.
+        PROMPT_COMMAND: `stty -echo 2>/dev/null; PS1='__APES_${this.marker}__:$?:__END__'`,
+        // Also set it initially so the very first prompt carries the marker.
+        PS1: `__APES_${this.marker}__:$?:__END__`,
+        PS2: "> ",
+        // Silence bash-specific onboarding that would pollute our output.
+        BASH_SILENCE_DEPRECATION_WARNING: "1"
+      }
+    });
+    this.term.onData((chunk) => this.handleData(chunk));
+    this.term.onExit(({ exitCode, signal }) => {
+      this.events.onExit(exitCode, signal);
+    });
+  }
+  /**
+   * Resolves once bash has printed its very first marker-bearing prompt,
+   * which means it has finished sourcing ~/.bashrc and is ready to accept
+   * input. Callers should await this before sending the first line.
+   */
+  waitForReady() {
+    if (this.readyForFirstLine)
+      return Promise.resolve();
+    return new Promise((resolve) => {
+      this.awaitingInitialPrompt = resolve;
+    });
+  }
+  /**
+   * Write a shell command line to bash's stdin. The caller must ensure the
+   * line has already been approved by the grant flow. The bridge does NOT
+   * validate or filter the line.
+   */
+  writeLine(line) {
+    const clean = line.replace(/\r?\n+$/, "");
+    this.term.write(`${clean}
+`);
+  }
+  /**
+   * Raw passthrough write — used for forwarding user keystrokes during
+   * interactive output mode (e.g. while vim is running).
+   */
+  writeRaw(data) {
+    this.term.write(data);
+  }
+  /** Resize the underlying pty. Called on SIGWINCH. */
+  resize(cols, rows) {
+    this.term.resize(cols, rows);
+  }
+  /** Kill the bash child. Called on Ctrl-D / shell exit. */
+  kill(signal) {
+    this.term.kill(signal);
+  }
+  /** Process id of the bash child, for logging / debugging. */
+  get pid() {
+    return this.term.pid;
+  }
+  /** Exposed for tests that want to look at the raw marker. */
+  getMarkerForTest() {
+    return this.marker;
+  }
+  // ----- internals -----
+  handleData(chunk) {
+    this.pending += chunk;
+    for (; ; ) {
+      const match = this.pending.match(this.markerRegex);
+      if (!match || match.index === void 0)
+        break;
+      const before = this.pending.slice(0, match.index);
+      const exitCode = Number(match[1]);
+      if (before.length > 0) {
+        this.currentLineBuffer += before;
+        if (this.readyForFirstLine)
+          this.events.onOutput(before);
+      }
+      this.pending = this.pending.slice(match.index + match[0].length);
+      if (!this.readyForFirstLine) {
+        this.readyForFirstLine = true;
+        this.currentLineBuffer = "";
+        const resolve = this.awaitingInitialPrompt;
+        this.awaitingInitialPrompt = null;
+        if (resolve)
+          resolve();
+        continue;
+      }
+      const frame = { output: this.currentLineBuffer, exitCode };
+      this.currentLineBuffer = "";
+      this.events.onLineDone(frame);
+    }
+    if (!this.readyForFirstLine)
+      return;
+    const lastNewline = this.pending.lastIndexOf("\n");
+    if (lastNewline >= 0) {
+      const ready = this.pending.slice(0, lastNewline + 1);
+      this.pending = this.pending.slice(lastNewline + 1);
+      if (ready.length > 0) {
+        this.currentLineBuffer += ready;
+        this.events.onOutput(ready);
+      }
+    }
+  }
+};
+
+// src/shell/repl.ts
+import { createInterface } from "readline";
+import { homedir } from "os";
+import { join } from "path";
+import consola2 from "consola";
+
+// src/shell/multi-line.ts
+import { spawnSync } from "child_process";
+var CONTINUE_PATTERNS = [
+  /syntax error: unexpected end of file/i,
+  /unexpected end of file/i,
+  /here-document.+delimited by end-of-file/i,
+  /unexpected EOF while looking for matching/i
+];
+function hasUnterminatedHeredoc(buffer) {
+  const pattern = /<<(-?)\s*(['"]?)([A-Z_]\w*)\2/gi;
+  for (const match of buffer.matchAll(pattern)) {
+    const stripTabs = match[1] === "-";
+    const delimiter = match[3];
+    const afterMatch = buffer.slice((match.index ?? 0) + match[0].length);
+    const lines = afterMatch.split("\n").slice(1);
+    const terminated = lines.some((line) => {
+      const compare = stripTabs ? line.replace(/^\t+/, "") : line;
+      return compare === delimiter;
+    });
+    if (!terminated)
+      return true;
+  }
+  return false;
+}
+function checkMultiLineStatus(buffer) {
+  if (buffer.trim().length === 0)
+    return { kind: "complete" };
+  if (hasUnterminatedHeredoc(buffer))
+    return { kind: "continue" };
+  const result = spawnSync("bash", ["-n", "-c", buffer], {
+    stdio: ["ignore", "ignore", "pipe"],
+    encoding: "utf-8"
+  });
+  if (result.error) {
+    return { kind: "error", message: `Failed to spawn bash for syntax check: ${result.error.message}` };
+  }
+  if (result.status === 0)
+    return { kind: "complete" };
+  const stderr = result.stderr || "";
+  for (const pattern of CONTINUE_PATTERNS) {
+    if (pattern.test(stderr))
+      return { kind: "continue" };
+  }
+  return { kind: "error", message: stderr.trim() || "Syntax error" };
+}
+
+// src/shell/repl.ts
+var HISTORY_FILE = join(homedir(), ".config", "apes", "shell-history");
+var PS1 = "apes$ ";
+var PS2 = "> ";
+var ShellRepl = class {
+  events;
+  input;
+  output;
+  quiet;
+  rl = null;
+  /** Accumulated input across multi-line continuations. */
+  buffer = "";
+  /** Whether the REPL has called `stop`. */
+  stopped = false;
+  constructor(events, options = {}) {
+    this.events = events;
+    this.input = options.input ?? process.stdin;
+    this.output = options.output ?? process.stdout;
+    this.quiet = options.quiet ?? false;
+  }
+  /**
+   * Start the REPL. Resolves when the user ends the session (Ctrl-D) or
+   * `stop()` is called from outside. Errors bubble out of `onLine` and
+   * cause the line to be rejected, but do NOT tear down the REPL.
+   */
+  async run() {
+    if (this.stopped)
+      return;
+    this.rl = createInterface({
+      input: this.input,
+      output: this.output,
+      prompt: PS1,
+      historySize: 1e3,
+      // Enable tab completion fallback (file names + history) via default.
+      terminal: true
+    });
+    if (!this.quiet)
+      this.writeBanner();
+    this.safePrompt(PS1);
+    return new Promise((resolve) => {
+      this.rl.on("line", async (line) => {
+        try {
+          await this.handleLine(line);
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          consola2.error(`Shell error: ${msg}`);
+          this.resetBuffer();
+          this.safePrompt(PS1);
+        }
+      });
+      this.rl.on("SIGINT", () => {
+        if (this.buffer.length > 0)
+          this.output.write("\n");
+        this.resetBuffer();
+        this.safePrompt(PS1);
+      });
+      this.rl.on("close", async () => {
+        this.stopped = true;
+        await this.events.onExit();
+        resolve();
+      });
+    });
+  }
+  /**
+   * Request the REPL to stop cleanly. Equivalent to the user pressing
+   * Ctrl-D. Typically called during shutdown or after a fatal error.
+   */
+  stop() {
+    if (this.rl)
+      this.rl.close();
+  }
+  // ----- internals -----
+  writeBanner() {
+    this.output.write("apes interactive shell\n");
+    this.output.write("Ctrl-D to exit.\n");
+    this.output.write("\n");
+  }
+  async handleLine(rawLine) {
+    this.buffer = this.buffer.length === 0 ? rawLine : `${this.buffer}
+${rawLine}`;
+    const status = checkMultiLineStatus(this.buffer);
+    if (status.kind === "continue") {
+      this.safePrompt(PS2);
+      return;
+    }
+    if (status.kind === "error") {
+      this.output.write(`${status.message}
+`);
+      this.resetBuffer();
+      this.safePrompt(PS1);
+      return;
+    }
+    const completeLine = this.buffer;
+    this.resetBuffer();
+    if (completeLine.trim().length === 0) {
+      this.safePrompt(PS1);
+      return;
+    }
+    await this.events.onLine(completeLine);
+    this.safePrompt(PS1);
+  }
+  /**
+   * Draw a prompt, but only if the readline interface is still alive.
+   * The onLine callback may have triggered `stop()` (e.g., bash exited),
+   * in which case setPrompt/prompt would throw ERR_USE_AFTER_CLOSE.
+   */
+  safePrompt(prompt) {
+    if (this.stopped || !this.rl)
+      return;
+    try {
+      this.rl.setPrompt(prompt);
+      this.rl.prompt();
+    } catch (err) {
+      const code = err?.code;
+      if (code !== "ERR_USE_AFTER_CLOSE")
+        throw err;
+    }
+  }
+  resetBuffer() {
+    this.buffer = "";
+  }
+};
+
+// src/shell/session.ts
+import { randomBytes as randomBytes2 } from "crypto";
+var ShellSession = class {
+  id;
+  startedAt;
+  lineSeq = 0;
+  constructor(options) {
+    this.id = randomBytes2(8).toString("hex");
+    this.startedAt = Date.now();
+    appendAuditLog({
+      action: "shell-session-start",
+      session_id: this.id,
+      host: options.host,
+      requester: options.requester
+    });
+  }
+  /**
+   * Record a granted line that was approved for execution. Called after the
+   * grant flow returns approval but before (or right after) bash runs the
+   * command. Stores the grant id so the line can be traced back to the
+   * specific grant that authorized it.
+   */
+  logLineGranted(params) {
+    const seq = ++this.lineSeq;
+    appendAuditLog({
+      action: "shell-session-line",
+      session_id: this.id,
+      seq,
+      line: params.line,
+      grant_id: params.grantId,
+      grant_mode: params.grantMode,
+      status: "executing"
+    });
+    return seq;
+  }
+  /** Record the final exit code of a previously-granted line. */
+  logLineDone(params) {
+    appendAuditLog({
+      action: "shell-session-line-done",
+      session_id: this.id,
+      seq: params.seq,
+      exit_code: params.exitCode
+    });
+  }
+  /** Record that a line was denied by the grant flow and never reached bash. */
+  logLineDenied(params) {
+    const seq = ++this.lineSeq;
+    appendAuditLog({
+      action: "shell-session-line",
+      session_id: this.id,
+      seq,
+      line: params.line,
+      status: "denied",
+      reason: params.reason
+    });
+  }
+  /** Record session termination. Fires on clean Ctrl-D or bash death. */
+  close() {
+    appendAuditLog({
+      action: "shell-session-end",
+      session_id: this.id,
+      duration_ms: Date.now() - this.startedAt,
+      lines: this.lineSeq
+    });
+  }
+};
+
+// src/shell/orchestrator.ts
+async function runInteractiveShell() {
+  let pendingResolve = null;
+  let lastExitCode = 0;
+  let shuttingDown = false;
+  let repl = null;
+  const bridge = new PtyBridge(
+    {
+      onOutput: (chunk) => {
+        process.stdout.write(chunk);
+      },
+      onLineDone: (frame) => {
+        if (pendingResolve) {
+          const r = pendingResolve;
+          pendingResolve = null;
+          lastExitCode = frame.exitCode;
+          r();
+        }
+      },
+      onExit: (exitCode) => {
+        if (!shuttingDown) {
+          process.stdout.write(`
+[bash exited with code ${exitCode}]
+`);
+          repl?.stop();
+        }
+      }
+    }
+  );
+  await bridge.waitForReady();
+  const targetHost = hostname();
+  const auth = loadAuth();
+  const session = new ShellSession({
+    host: targetHost,
+    requester: auth?.email ?? "unknown"
+  });
+  repl = new ShellRepl(
+    {
+      onLine: async (line) => {
+        const grant = await requestGrantForShellLine(line, {
+          targetHost,
+          approval: "once"
+        });
+        if (grant.kind === "denied") {
+          session.logLineDenied({ line, reason: grant.reason });
+          consola3.error(grant.reason);
+          return;
+        }
+        const seq = session.logLineGranted({
+          line,
+          grantId: grant.grantId,
+          grantMode: grant.mode
+        });
+        const wasRaw = process.stdin.isTTY && process.stdin.isRaw;
+        if (process.stdin.isTTY && !wasRaw)
+          process.stdin.setRawMode(true);
+        const forward = (chunk) => {
+          bridge.writeRaw(chunk.toString());
+        };
+        const rawInputAvailable = process.stdin.isTTY === true;
+        if (rawInputAvailable)
+          process.stdin.on("data", forward);
+        try {
+          await new Promise((resolve) => {
+            pendingResolve = resolve;
+            bridge.writeLine(line);
+          });
+        } finally {
+          if (rawInputAvailable) {
+            process.stdin.off("data", forward);
+            if (!wasRaw && process.stdin.isTTY)
+              process.stdin.setRawMode(false);
+          }
+        }
+        session.logLineDone({ seq, exitCode: lastExitCode });
+        if (lastExitCode !== 0) {
+          consola3.debug(`(exit ${lastExitCode})`);
+        }
+      },
+      onExit: () => {
+        shuttingDown = true;
+        session.close();
+        try {
+          bridge.kill();
+        } catch {
+        }
+      }
+    }
+  );
+  const onResize = () => {
+    const cols = process.stdout.columns ?? 80;
+    const rows = process.stdout.rows ?? 24;
+    try {
+      bridge.resize(cols, rows);
+    } catch {
+    }
+  };
+  process.stdout.on("resize", onResize);
+  const restoreTty = () => {
+    if (process.stdin.isTTY && process.stdin.isRaw) {
+      try {
+        process.stdin.setRawMode(false);
+      } catch {
+      }
+    }
+  };
+  process.on("exit", restoreTty);
+  const gracefulShutdown = () => {
+    if (shuttingDown)
+      return;
+    shuttingDown = true;
+    restoreTty();
+    try {
+      session.close();
+    } catch {
+    }
+    try {
+      bridge.kill();
+    } catch {
+    }
+    try {
+      repl?.stop();
+    } catch {
+    }
+  };
+  process.on("SIGTERM", gracefulShutdown);
+  process.on("SIGHUP", gracefulShutdown);
+  try {
+    await repl.run();
+  } finally {
+    process.stdout.off("resize", onResize);
+    process.off("exit", restoreTty);
+    process.off("SIGTERM", gracefulShutdown);
+    process.off("SIGHUP", gracefulShutdown);
+  }
+}
+export {
+  runInteractiveShell
+};
+//# sourceMappingURL=orchestrator-JAMWD6DD.js.map