npm - @openape/apes - Versions diffs - 1.16.0 → 1.18.0 - Mend

@openape/apes 1.16.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js +59 -14
package/dist/cli.js.map +1 -1
package/dist/{server-FVFFPVVN.js → server-BDZV6EI6.js} +2 -2
package/package.json +3 -3
/package/dist/{server-FVFFPVVN.js.map → server-BDZV6EI6.js.map} +0 -0

package/dist/cli.js CHANGED Viewed

@@ -4163,9 +4163,15 @@ and try again.`
         troop
       });
       writeFileSync4(scriptPath, script, { mode: 448 });
-      consola23.start("Running privileged setup as root via `apes run --as root --wait`\u2026");
-      consola23.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
-      execFileSync6(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
+      const alreadyRoot = process.getuid?.() === 0;
+      if (alreadyRoot) {
+        consola23.start("Running privileged setup directly (already root)\u2026");
+        execFileSync6("bash", [scriptPath], { stdio: "inherit" });
+      } else {
+        consola23.start("Running privileged setup as root via `apes run --as root --wait`\u2026");
+        consola23.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
+        execFileSync6(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
+      }
       try {
         const uid = readMacOSUidOrNull(name);
         upsertNestAgent({
@@ -4315,8 +4321,9 @@ var syncAgentCommand = defineCommand27({
       ownerEmail: auth.owner_email
     });
     consola24.info(sync.first_sync ? "\u2713 first sync \u2014 agent registered" : "\u2713 presence updated");
-    const { system_prompt: systemPrompt, tasks } = await client.listTasks();
+    const { system_prompt: systemPrompt, tools, tasks } = await client.listTasks();
     consola24.info(`Pulled ${tasks.length} task${tasks.length === 1 ? "" : "s"}`);
+    consola24.info(`Tools enabled: ${tools.length === 0 ? "(none)" : tools.join(", ")}`);
     let agentUid = null;
     let agentGid = null;
     if (process.geteuid?.() === 0) {
@@ -4342,7 +4349,7 @@ var syncAgentCommand = defineCommand27({
     const agentJsonPath = join8(agentDir, "agent.json");
     writeFileSync5(
       agentJsonPath,
-      `${JSON.stringify({ systemPrompt }, null, 2)}
+      `${JSON.stringify({ systemPrompt, tools }, null, 2)}
 `,
       { mode: 384 }
     );
@@ -5815,6 +5822,19 @@ async function runAudienceMode(audience, action, args) {
   const grantsUrl = await getGrantsEndpoint(idp);
   const command = action.split(" ");
   const targetHost = args.host || hostname5();
+  const runAs = args.as ?? void 0;
+  const reusableId = await findReusableAudienceGrant({
+    grantsUrl,
+    requester: auth.email,
+    audience,
+    command,
+    targetHost,
+    runAs
+  });
+  if (reusableId) {
+    const { authz_jwt: authz_jwt2 } = await apiFetch(`${grantsUrl}/${reusableId}/token`, { method: "POST" });
+    return executeWithGrantToken({ audience, command, args, token: authz_jwt2 });
+  }
   consola36.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(" ")}`);
   const grant = await apiFetch(grantsUrl, {
     method: "POST",
@@ -5825,7 +5845,7 @@ async function runAudienceMode(audience, action, args) {
       grant_type: args.approval,
       command,
       reason: args.reason || command.join(" "),
-      ...args.as ? { run_as: args.as } : {}
+      ...runAs ? { run_as: runAs } : {}
     }
   });
   if (!shouldWaitForGrant(args)) {
@@ -5861,11 +5881,15 @@ async function runAudienceMode(audience, action, args) {
   const { authz_jwt } = await apiFetch(`${grantsUrl}/${grant.id}/token`, {
     method: "POST"
   });
+  return executeWithGrantToken({ audience, command, args, token: authz_jwt });
+}
+function executeWithGrantToken(opts) {
+  const { audience, command, args, token } = opts;
   if (audience === "escapes") {
     consola36.info(`Executing: ${command.join(" ")}`);
     try {
       const { APES_SHELL_WRAPPER: _wrapperMarker, ...inheritedEnv } = process.env;
-      execFileSync13(args["escapes-path"] || "escapes", ["--grant", authz_jwt, "--", ...command], {
+      execFileSync13(args["escapes-path"] || "escapes", ["--grant", token, "--", ...command], {
         stdio: "inherit",
         env: inheritedEnv
       });
@@ -5874,7 +5898,28 @@ async function runAudienceMode(audience, action, args) {
       throw new CliExit(exitCode);
     }
   } else {
-    process.stdout.write(authz_jwt);
+    process.stdout.write(token);
+  }
+}
+async function findReusableAudienceGrant(opts) {
+  try {
+    const grants = await apiFetch(`${opts.grantsUrl}?requester=${encodeURIComponent(opts.requester)}&status=approved&limit=50`);
+    const now = Math.floor(Date.now() / 1e3);
+    const match = grants.data.find((g) => {
+      const r3 = g.request;
+      if (r3.audience !== opts.audience) return false;
+      if (r3.target_host !== opts.targetHost) return false;
+      if (r3.grant_type === "once") return false;
+      if (r3.grant_type === "timed" && g.expires_at && g.expires_at <= now) return false;
+      const cmd = r3.command ?? [];
+      if (cmd.length !== opts.command.length) return false;
+      if (!cmd.every((c2, i) => c2 === opts.command[i])) return false;
+      if ((r3.run_as ?? void 0) !== opts.runAs) return false;
+      return true;
+    });
+    return match?.id ?? null;
+  } catch {
+    return null;
   }
 }
@@ -6367,7 +6412,7 @@ var mcpCommand = defineCommand48({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-FVFFPVVN.js");
+    const { startMcpServer } = await import("./server-BDZV6EI6.js");
     await startMcpServer(transport, port);
   }
 });
@@ -7005,7 +7050,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "1.16.0" : "0.0.0";
+  const version = true ? "1.18.0" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -7278,10 +7323,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"1.16.0"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"1.18.0"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"1.16.0"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"1.18.0"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -7339,7 +7384,7 @@ var configCommand = defineCommand60({
 var main = defineCommand60({
   meta: {
     name: "apes",
-    version: "1.16.0",
+    version: "1.18.0",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {
@@ -7396,7 +7441,7 @@ async function maybeRefreshAuth() {
   }
 }
 await maybeRefreshAuth();
-await maybeWarnStaleVersion("1.16.0").catch(() => {
+await maybeWarnStaleVersion("1.18.0").catch(() => {
 });
 runMain(main).catch((err) => {
   if (err instanceof CliExit) {