@posthog/wizard 2.6.1 → 2.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (106) hide show
  1. package/dist/src/frameworks/android/android-wizard-agent.js +1 -1
  2. package/dist/src/frameworks/android/android-wizard-agent.js.map +1 -1
  3. package/dist/src/frameworks/angular/angular-wizard-agent.js +1 -1
  4. package/dist/src/frameworks/angular/angular-wizard-agent.js.map +1 -1
  5. package/dist/src/frameworks/astro/astro-wizard-agent.js +1 -1
  6. package/dist/src/frameworks/astro/astro-wizard-agent.js.map +1 -1
  7. package/dist/src/frameworks/django/django-wizard-agent.js +1 -1
  8. package/dist/src/frameworks/django/django-wizard-agent.js.map +1 -1
  9. package/dist/src/frameworks/fastapi/fastapi-wizard-agent.js +1 -1
  10. package/dist/src/frameworks/fastapi/fastapi-wizard-agent.js.map +1 -1
  11. package/dist/src/frameworks/flask/flask-wizard-agent.js +1 -1
  12. package/dist/src/frameworks/flask/flask-wizard-agent.js.map +1 -1
  13. package/dist/src/frameworks/javascript-node/javascript-node-wizard-agent.js +1 -1
  14. package/dist/src/frameworks/javascript-node/javascript-node-wizard-agent.js.map +1 -1
  15. package/dist/src/frameworks/javascript-web/javascript-web-wizard-agent.js +1 -1
  16. package/dist/src/frameworks/javascript-web/javascript-web-wizard-agent.js.map +1 -1
  17. package/dist/src/frameworks/laravel/laravel-wizard-agent.js +1 -1
  18. package/dist/src/frameworks/laravel/laravel-wizard-agent.js.map +1 -1
  19. package/dist/src/frameworks/nextjs/nextjs-wizard-agent.js +1 -1
  20. package/dist/src/frameworks/nextjs/nextjs-wizard-agent.js.map +1 -1
  21. package/dist/src/frameworks/nuxt/nuxt-wizard-agent.js +1 -1
  22. package/dist/src/frameworks/nuxt/nuxt-wizard-agent.js.map +1 -1
  23. package/dist/src/frameworks/python/python-wizard-agent.js +1 -1
  24. package/dist/src/frameworks/python/python-wizard-agent.js.map +1 -1
  25. package/dist/src/frameworks/rails/rails-wizard-agent.js +1 -1
  26. package/dist/src/frameworks/rails/rails-wizard-agent.js.map +1 -1
  27. package/dist/src/frameworks/react-native/react-native-wizard-agent.js +1 -1
  28. package/dist/src/frameworks/react-native/react-native-wizard-agent.js.map +1 -1
  29. package/dist/src/frameworks/react-router/react-router-wizard-agent.js +1 -1
  30. package/dist/src/frameworks/react-router/react-router-wizard-agent.js.map +1 -1
  31. package/dist/src/frameworks/ruby/ruby-wizard-agent.js +2 -2
  32. package/dist/src/frameworks/ruby/ruby-wizard-agent.js.map +1 -1
  33. package/dist/src/frameworks/svelte/svelte-wizard-agent.js +1 -1
  34. package/dist/src/frameworks/svelte/svelte-wizard-agent.js.map +1 -1
  35. package/dist/src/frameworks/swift/swift-wizard-agent.js +2 -2
  36. package/dist/src/frameworks/swift/swift-wizard-agent.js.map +1 -1
  37. package/dist/src/frameworks/tanstack-router/tanstack-router-wizard-agent.js +1 -1
  38. package/dist/src/frameworks/tanstack-router/tanstack-router-wizard-agent.js.map +1 -1
  39. package/dist/src/frameworks/tanstack-start/tanstack-start-wizard-agent.js +1 -1
  40. package/dist/src/frameworks/tanstack-start/tanstack-start-wizard-agent.js.map +1 -1
  41. package/dist/src/frameworks/vue/vue-wizard-agent.js +1 -1
  42. package/dist/src/frameworks/vue/vue-wizard-agent.js.map +1 -1
  43. package/dist/src/lib/__tests__/cloudflare-detection.test.d.ts +1 -0
  44. package/dist/src/lib/__tests__/cloudflare-detection.test.js +119 -0
  45. package/dist/src/lib/__tests__/cloudflare-detection.test.js.map +1 -0
  46. package/dist/src/lib/__tests__/yara-scanner.test.js +3 -3
  47. package/dist/src/lib/__tests__/yara-scanner.test.js.map +1 -1
  48. package/dist/src/lib/agent-interface.js +30 -0
  49. package/dist/src/lib/agent-interface.js.map +1 -1
  50. package/dist/src/lib/agent-runner.js +15 -3
  51. package/dist/src/lib/agent-runner.js.map +1 -1
  52. package/dist/src/lib/cloudflare-detection.d.ts +14 -0
  53. package/dist/src/lib/cloudflare-detection.js +74 -0
  54. package/dist/src/lib/cloudflare-detection.js.map +1 -0
  55. package/dist/src/lib/commandments.js +1 -1
  56. package/dist/src/lib/commandments.js.map +1 -1
  57. package/dist/src/lib/constants.d.ts +5 -2
  58. package/dist/src/lib/constants.js +5 -2
  59. package/dist/src/lib/constants.js.map +1 -1
  60. package/dist/src/lib/middleware/config.js +4 -4
  61. package/dist/src/lib/middleware/config.js.map +1 -1
  62. package/dist/src/lib/version.d.ts +1 -1
  63. package/dist/src/lib/version.js +1 -1
  64. package/dist/src/lib/version.js.map +1 -1
  65. package/dist/src/lib/wizard-session.d.ts +2 -0
  66. package/dist/src/lib/wizard-session.js +2 -0
  67. package/dist/src/lib/wizard-session.js.map +1 -1
  68. package/dist/src/lib/wizard-tools.js +3 -3
  69. package/dist/src/lib/wizard-tools.js.map +1 -1
  70. package/dist/src/lib/yara-scanner.js +1 -1
  71. package/dist/src/lib/yara-scanner.js.map +1 -1
  72. package/dist/src/run.js +4 -0
  73. package/dist/src/run.js.map +1 -1
  74. package/dist/src/steps/add-mcp-server-to-clients/defaults.js +5 -5
  75. package/dist/src/steps/add-mcp-server-to-clients/defaults.js.map +1 -1
  76. package/dist/src/ui/tui/__tests__/store.test.js +26 -2
  77. package/dist/src/ui/tui/__tests__/store.test.js.map +1 -1
  78. package/dist/src/ui/tui/components/TitleBar.js +1 -1
  79. package/dist/src/ui/tui/components/TitleBar.js.map +1 -1
  80. package/dist/src/ui/tui/flows.d.ts +1 -0
  81. package/dist/src/ui/tui/flows.js +6 -1
  82. package/dist/src/ui/tui/flows.js.map +1 -1
  83. package/dist/src/ui/tui/primitives/GroupedPickerMenu.d.ts +3 -0
  84. package/dist/src/ui/tui/primitives/GroupedPickerMenu.js +120 -15
  85. package/dist/src/ui/tui/primitives/GroupedPickerMenu.js.map +1 -1
  86. package/dist/src/ui/tui/screen-registry.js +2 -0
  87. package/dist/src/ui/tui/screen-registry.js.map +1 -1
  88. package/dist/src/ui/tui/screens/OutroScreen.js +2 -2
  89. package/dist/src/ui/tui/screens/OutroScreen.js.map +1 -1
  90. package/dist/src/ui/tui/screens/SkillsScreen.d.ts +14 -0
  91. package/dist/src/ui/tui/screens/SkillsScreen.js +71 -0
  92. package/dist/src/ui/tui/screens/SkillsScreen.js.map +1 -0
  93. package/dist/src/ui/tui/store.d.ts +2 -0
  94. package/dist/src/ui/tui/store.js +12 -0
  95. package/dist/src/ui/tui/store.js.map +1 -1
  96. package/dist/src/ui/tui/styles.d.ts +2 -1
  97. package/dist/src/ui/tui/styles.js +2 -1
  98. package/dist/src/ui/tui/styles.js.map +1 -1
  99. package/dist/src/utils/debug.d.ts +6 -0
  100. package/dist/src/utils/debug.js +16 -0
  101. package/dist/src/utils/debug.js.map +1 -1
  102. package/dist/src/utils/oauth.js +1 -1
  103. package/dist/src/utils/oauth.js.map +1 -1
  104. package/dist/src/utils/rules/astro-rules.md +2 -2
  105. package/npm-shrinkwrap.json +2931 -0
  106. package/package.json +8 -4
package/dist/src/lib/yara-scanner.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"yara-scanner.js","sourceRoot":"","sources":["../../../src/lib/yara-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AA+VH,oBA8BC;AAMD,gDAaC;AArWD,oEAAoE;AACpE,EAAE;AACF,kEAAkE;AAClE,sCAAsC;AAEtC,MAAM,eAAe,GAAkD;IACrE,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,EAAE;IACvC,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE;CACvC,CAAC;AAEF,MAAM,cAAc,GAAkD;IACpE,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE;IACtC,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE;CACvC,CAAC;AAEF,MAAM,QAAQ,GAAkD;IAC9D,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE;CACtC,CAAC;AAEF,oEAAoE;AAEpE,MAAM,mBAAmB,GAAa;IACpC,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EACT,qGAAqG;IACvG,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,aAAa;IACvB,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,+CAA+C;QAC/C,iCAAiC;QACjC,iCAAiC;QACjC,0CAA0C;QAC1C,2CAA2C;QAC3C,0CAA0C;QAC1C,sEAAsE;QACtE,sDAAsD;QACtD,kEAAkE;QAClE,+BAA+B;QAC/B,yEAAyE;QACzE,2DAA2D;QAC3D,uDAAuD;QACvD,oEAAoE;QACpE,mEAAmE;QACnE,uEAAuE;QACvE,4DAA4D;QAC5D,wBAAwB;QACxB,wBAAwB;KACzB;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAa;IACtC,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EACT,iGAAiG;IACnG,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,uBAAuB;IACjC,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,gEAAgE;QAChE,sBAAsB;QACtB,yCAAyC;QACzC,sBAAsB;QACtB,oCAAoC;QACpC,2CAA2C;QAC3C,4CAA4C;QAC5C,gDAAgD;KACjD;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAa;IACrC,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EACT,wFAAwF;IAC1F,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,qBAAqB;IAC/B,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,yBAAyB;QACzB,2BAA2B;QAC3B,2BAA2B;QAC3B,yBAAyB;QACzB,4CAA4C;KAC7C;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,sBAAsB,GAAa;IACvC,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EACT,kFAAkF;IACpF,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,uBAAuB;IACjC,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE,CAAC,4CAA4C,CAAC;CACzD,CAAC;AAEF,MAAM,0BAA0B,GAAa;IAC3C,IAAI,EAAE,4BAA4B;IAClC,WAAW,EAAE,2CAA2C;IACxD,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,gBAAgB;IAC1B,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,uCAAuC;QACvC,sCAAsC;KACvC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAa;IAClC,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,wDAAwD;IACrE,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,gBAAgB;IAC1B,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,wFAAwF;QACxF,iEAAiE;QACjE,2CAA2C;QAC3C,mCAAmC;KACpC;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,gCAAgC,GAAa;IACjD,IAAI,EAAE,kCAAkC;IACxC,WAAW,EACT,4EAA4E;IAC9E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,cAAc;IACzB,QAAQ,EAAE;QACR,2DAA2D;QAC3D,+BAA+B;QAC/B,gBAAgB;QAChB,2BAA2B;QAC3B,sBAAsB;QACtB,oBAAoB;QACpB,qBAAqB;QACrB,oBAAoB;KACrB;CACF,CAAC;AAEF,MAAM,gCAAgC,GAAa;IACjD,IAAI,EAAE,kCAAkC;IACxC,WAAW,EACT,8EAA8E;IAChF,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,cAAc;IACzB,QAAQ,EAAE;QACR,+BAA+B;QAC/B,eAAe;QACf,yBAAyB;QACzB,iBAAiB;QACjB,oBAAoB;QACpB,qBAAqB;QACrB,8BAA8B;QAC9B,4BAA4B;QAC5B,6BAA6B;QAC7B,oEAAoE;QACpE,uDAAuD;QACvD,kBAAkB;KACnB;CACF,CAAC;AAEF,MAAM,uBAAuB,GAAa;IACxC,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EACT,uGAAuG;IACzG,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,cAAc;IACzB,QAAQ,EAAE;QACR,kEAAkE;QAClE,6DAA6D;QAC7D,6CAA6C;KAC9C;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,+BAA+B,GAAa;IAChD,IAAI,EAAE,iCAAiC;IACvC,WAAW,EACT,wEAAwE;IAC1E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE;QACR,8CAA8C;QAC9C,8DAA8D;QAC9D,8DAA8D;QAC9D,4CAA4C;QAC5C,4EAA4E;QAC5E,4EAA4E;QAC5E,WAAW;QACX,eAAe;QACf,mCAAmC;QACnC,gCAAgC;QAChC,2BAA2B;QAC3B,iCAAiC;QACjC,wCAAwC;QACxC,uBAAuB;QACvB,uBAAuB;KACxB;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,cAAc,GAAa;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,+DAA+D;IAC5E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,mBAAmB;IAC7B,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE;QACR,gDAAgD;QAChD,wDAAwD;QACxD,kEAAkE;QAClE,6EAA6E;QAC7E,6EAA6E;KAC9E;CACF,CAAC;AAEF,MAAM,cAAc,GAAa;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,6DAA6D;IAC1E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,mBAAmB;IAC7B,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE,CAAC,wBAAwB,EAAE,qBAAqB,CAAC;CAC5D,CAAC;AAEF,MAAM,cAAc,GAAa;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EACT,iEAAiE;IACnE,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,mBAAmB;IAC7B,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE,CAAC,sBAAsB,CAAC;CACnC,CAAC;AAEF,oEAAoE;AAEpE,MAAM,qBAAqB,GAAa;IACtC,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EACT,yFAAyF;IAC3F,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE;QACR,yEAAyE;QACzE,sEAAsE;QACtE,+EAA+E;QAC/E,iDAAiD;QACjD,+DAA+D;KAChE;CACF,CAAC;AAEF,MAAM,kBAAkB,GAAa;IACnC,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EACT,sEAAsE;IACxE,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE,CAAC,sBAAsB,EAAE,4BAA4B,CAAC;CACjE,CAAC;AAEF,oEAAoE;AAEvD,QAAA,KAAK,GAAe;IAC/B,4BAA4B;IAC5B,mBAAmB;IACnB,qBAAqB;IACrB,oBAAoB;IACpB,sBAAsB;IACtB,0BAA0B;IAC1B,iBAAiB;IACjB,sBAAsB;IACtB,gCAAgC;IAChC,gCAAgC;IAChC,uBAAuB;IACvB,yBAAyB;IACzB,+BAA+B;IAC/B,uBAAuB;IACvB,cAAc;IACd,cAAc;IACd,cAAc;IACd,kBAAkB;IAClB,qBAAqB;IACrB,kBAAkB;CACnB,CAAC;AAEF,oEAAoE;AAEpE,iFAAiF;AACjF,MAAM,eAAe,GAAG,OAAO,CAAC;AAEhC;;;GAGG;AACH,SAAgB,IAAI,CAClB,OAAe,EACf,KAAgB,EAChB,IAAgB;IAEhB,6DAA6D;IAC7D,MAAM,WAAW,GACf,OAAO,CAAC,MAAM,GAAG,eAAe;QAC9B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC;QACnC,CAAC,CAAC,OAAO,CAAC;IACd,MAAM,eAAe,GAAG,aAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAC9D,CAAC;IAEF,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxC,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,MAAM,EAAE,KAAK,CAAC,KAAK;iBACpB,CAAC,CAAC;gBACH,MAAM,CAAC,mCAAmC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC9E,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAChC,KAA+C;IAE/C,MAAM,UAAU,GAAgB,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,UAAU,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC;QAC1B,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE;QACxC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC","sourcesContent":["/**\n * YARA content scanner for the PostHog wizard.\n *\n * This file is the single source of truth for all wizard YARA rules.\n *\n * Scans tool inputs (pre-execution) and outputs (post-execution) for\n * security violations including PII leakage, hardcoded secrets,\n * prompt injection, and secret exfiltration.\n *\n * We use YARA-style regex rules rather than the real YARA C library to\n * avoid native binary dependencies in an npx-distributed npm package.\n *\n * This is Layer 2 (L2) in the wizard's defense-in-depth model,\n * complementing the prompt-based commandments (L0) and the\n * canUseTool() allowlist (L1).\n */\n\n// ─── Types ───────────────────────────────────────────────────────\n\nexport type YaraSeverity = 'critical' | 'high' | 'medium' | 'low';\n\nexport type YaraCategory =\n | 'posthog_pii'\n | 'posthog_hardcoded_key'\n | 'posthog_autocapture'\n | 'posthog_config'\n | 'prompt_injection'\n | 'exfiltration'\n | 'filesystem_safety'\n | 'supply_chain';\n\nexport type HookPhase = 'PreToolUse' | 'PostToolUse';\nexport type ToolTarget = 'Bash' | 'Write' | 'Edit' | 'Read' | 'Grep';\n\nexport interface YaraRule {\n /** Rule name matching the .yar file (e.g. 'pii_in_capture_call') */\n name: string;\n description: string;\n severity: YaraSeverity;\n category: YaraCategory;\n /** Which hook+tool combinations this rule applies to */\n appliesTo: Array<{ phase: HookPhase; tool: ToolTarget }>;\n /** Compiled regex patterns — any match triggers the rule */\n patterns: RegExp[];\n}\n\nexport interface YaraMatch {\n rule: YaraRule;\n /** The matched substring */\n matchedText: string;\n /** Byte offset in the scanned content */\n offset: number;\n}\n\nexport type ScanResult =\n | { matched: false }\n | { matched: true; matches: YaraMatch[] };\n\n// ─── Rule Definitions ────────────────────────────────────────────\n//\n// Patterns are compiled once at module load time for performance.\n// Design spec: policies/yara/RULES.md\n\nconst POST_WRITE_EDIT: Array<{ phase: HookPhase; tool: ToolTarget }> = [\n { phase: 'PostToolUse', tool: 'Write' },\n { phase: 'PostToolUse', tool: 'Edit' },\n];\n\nconst POST_READ_GREP: Array<{ phase: HookPhase; tool: ToolTarget }> = [\n { phase: 'PostToolUse', tool: 'Read' },\n { phase: 'PostToolUse', tool: 'Grep' },\n];\n\nconst PRE_BASH: Array<{ phase: HookPhase; tool: ToolTarget }> = [\n { phase: 'PreToolUse', tool: 'Bash' },\n];\n\n// ── §1 PostHog API Violations ────────────────────────────────────\n\nconst pii_in_capture_call: YaraRule = {\n name: 'pii_in_capture_call',\n description:\n \"Detects PII fields passed to posthog.capture() — violates 'NEVER send PII in capture()' commandment\",\n severity: 'high',\n category: 'posthog_pii',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n // Direct PII field names in capture properties\n /\\.capture\\s*\\([^)]{0,200}email/i,\n /\\.capture\\s*\\([^)]{0,200}phone/i,\n /\\.capture\\s*\\([^)]{0,200}full[_\\s]?name/i,\n /\\.capture\\s*\\([^)]{0,200}first[_\\s]?name/i,\n /\\.capture\\s*\\([^)]{0,200}last[_\\s]?name/i,\n /\\.capture\\s*\\([^)]{0,200}(street|mailing|home|billing)[_\\s]?address/i,\n /\\.capture\\s*\\([^)]{0,200}(ssn|social[_\\s]?security)/i,\n /\\.capture\\s*\\([^)]{0,200}(date[_\\s]?of[_\\s]?birth|dob|birthday)/i,\n /\\.capture\\s*\\([^)]{0,200}\\$ip/,\n // identify() allows email/phone/name (standard PostHog user properties),\n // but highly sensitive PII is still blocked in identify().\n /\\.identify\\s*\\([^)]{0,200}(ssn|social[_\\s]?security)/i,\n /\\.identify\\s*\\([^)]{0,200}(card[_\\s]?number|cvv|credit[_\\s]?card)/i,\n /\\.identify\\s*\\([^)]{0,200}(date[_\\s]?of[_\\s]?birth|dob|birthday)/i,\n /\\.identify\\s*\\([^)]{0,200}(street|mailing|home|billing)[_\\s]?address/i,\n // PII in $set properties via capture (bound to same object)\n /\\$set[^}]{0,200}email/i,\n /\\$set[^}]{0,200}phone/i,\n ],\n};\n\nconst hardcoded_posthog_key: YaraRule = {\n name: 'hardcoded_posthog_key',\n description:\n \"Detects hardcoded PostHog API keys in source — violates 'use environment variables' commandment\",\n severity: 'high',\n category: 'posthog_hardcoded_key',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n // PostHog project API key (phc_ prefix, 20+ alphanumeric chars)\n /phc_[a-zA-Z0-9]{20,}/,\n // PostHog personal API key (phx_ prefix)\n /phx_[a-zA-Z0-9]{20,}/,\n // Hardcoded key assignment patterns\n /apiKey\\s*[:=]\\s*['\"][a-zA-Z0-9_]{20,}['\"]/,\n /api_key\\s*[:=]\\s*['\"][a-zA-Z0-9_]{20,}['\"]/,\n /POSTHOG_KEY\\s*[:=]\\s*['\"][a-zA-Z0-9_]{20,}['\"]/,\n ],\n};\n\nconst autocapture_disabled: YaraRule = {\n name: 'autocapture_disabled',\n description:\n \"Detects agent disabling autocapture — violates 'don't disable autocapture' commandment\",\n severity: 'medium',\n category: 'posthog_autocapture',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n /autocapture\\s*:\\s*false/,\n /autocapture\\s*:\\s*'false'/,\n /autocapture\\s*:\\s*\"false\"/,\n /autocapture\\s*=\\s*False/,\n /disable_autocapture\\s*[:=]\\s*(true|True|1)/,\n ],\n};\n\n// ── §1b Additional PostHog config rules ──────────────────────────\n\nconst hardcoded_posthog_host: YaraRule = {\n name: 'hardcoded_posthog_host',\n description:\n 'Detects hardcoded PostHog host URLs in source — should use environment variables',\n severity: 'high',\n category: 'posthog_hardcoded_key',\n appliesTo: POST_WRITE_EDIT,\n patterns: [/['\"]https:\\/\\/(us|eu)\\.i\\.posthog\\.com['\"]/],\n};\n\nconst session_recording_disabled: YaraRule = {\n name: 'session_recording_disabled',\n description: 'Detects agent disabling session recording',\n severity: 'medium',\n category: 'posthog_config',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n /disable_session_recording\\s*:\\s*true/i,\n /disable_session_recording\\s*=\\s*True/,\n ],\n};\n\nconst opt_out_capturing: YaraRule = {\n name: 'opt_out_capturing',\n description: 'Detects agent opting out of PostHog capturing entirely',\n severity: 'medium',\n category: 'posthog_config',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n // Match opt_out_capturing as a config property (in init options), not as a method call.\n // posthog.opt_out_capturing() is a legitimate GDPR-required API.\n /opt_out_capturing\\s*[:=]\\s*(true|True|1)/i,\n /opted_out\\s*[:=]\\s*(true|True|1)/i,\n ],\n};\n\n// ── §2 Prompt Injection ──────────────────────────────────────────\n\nconst prompt_injection_wizard_override: YaraRule = {\n name: 'prompt_injection_wizard_override',\n description:\n 'Detects classic prompt injection attempting to override agent instructions',\n severity: 'critical',\n category: 'prompt_injection',\n appliesTo: POST_READ_GREP,\n patterns: [\n // Direct instruction override — classic injection patterns\n /ignore previous instructions/i,\n /disregard all/i,\n /forget your instructions/i,\n /override your rules/i,\n // Role manipulation\n /act as a different/i,\n /new instructions:/i,\n ],\n};\n\nconst prompt_injection_wizard_specific: YaraRule = {\n name: 'prompt_injection_wizard_specific',\n description:\n 'Detects wizard-specific manipulation or tool abuse attempts in project files',\n severity: 'medium',\n category: 'prompt_injection',\n appliesTo: POST_READ_GREP,\n patterns: [\n // Wizard-specific manipulation\n /skip posthog/i,\n /do not install posthog/i,\n /remove posthog/i,\n /uninstall posthog/i,\n /delete the posthog/i,\n // Tool abuse via file content\n /run the following command/i,\n /execute this shell command/i,\n // Role hijacking — require \"you are now a\" to avoid false positives\n // on legitimate phrases like \"you are now ready to...\"\n /you are now a\\s/i,\n ],\n};\n\nconst prompt_injection_base64: YaraRule = {\n name: 'prompt_injection_base64',\n description:\n 'Detects suspicious base64-encoded blocks in file content that may contain obfuscated prompt injection',\n severity: 'critical',\n category: 'prompt_injection',\n appliesTo: POST_READ_GREP,\n patterns: [\n // Long base64 strings (100+ chars) in comments or string literals\n // that aren't typical data URIs or legitimate base64 content\n /(?:\\/\\/|#|\\/\\*)\\s*[A-Za-z0-9+/]{100,}={0,2}/,\n ],\n};\n\n// ── §3 Secret Exfiltration ───────────────────────────────────────\n\nconst secret_exfiltration_via_command: YaraRule = {\n name: 'secret_exfiltration_via_command',\n description:\n 'Detects shell commands attempting to exfiltrate secrets or credentials',\n severity: 'critical',\n category: 'exfiltration',\n appliesTo: PRE_BASH,\n patterns: [\n // curl/wget with environment variable secrets\n /curl\\s+.*\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)/i,\n /wget\\s+.*\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)/i,\n // Piping sensitive content to network tools\n /(\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD)|\\.env|credentials)\\S*.*\\|\\s*curl/i,\n /(\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD)|\\.env|credentials)\\S*.*\\|\\s*wget/i,\n /\\|\\s*nc\\s/,\n /\\|\\s*netcat\\s/,\n // Base64 encoding piped to network\n /base64.*\\|\\s*(curl|wget|nc\\s)/i,\n // Reading .env and sending\n /cat\\s+.*\\.env.*\\|\\s*(curl|wget)/,\n // PostHog key exfiltration specifically\n /curl.*phc_[a-zA-Z0-9]/,\n /wget.*phc_[a-zA-Z0-9]/,\n ],\n};\n\n// ── §4 Filesystem Safety ─────────────────────────────────────────\n\nconst destructive_rm: YaraRule = {\n name: 'destructive_rm',\n description: 'Detects rm -rf or rm -r commands that could mass-delete files',\n severity: 'critical',\n category: 'filesystem_safety',\n appliesTo: PRE_BASH,\n patterns: [\n // Combined flags: rm -rf, rm -fr, rm -rfi, etc.\n /\\brm\\s+(-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r)\\b/,\n // Separated flags: rm -r -f, rm -f -r (with optional other flags)\n /\\brm\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*r[a-zA-Z]*\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*f\\b/,\n /\\brm\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*f[a-zA-Z]*\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*r\\b/,\n ],\n};\n\nconst git_force_push: YaraRule = {\n name: 'git_force_push',\n description: 'Detects git push --force which can overwrite remote history',\n severity: 'critical',\n category: 'filesystem_safety',\n appliesTo: PRE_BASH,\n patterns: [/git\\s+push\\s+.*--force/, /git\\s+push\\s+.*-f\\b/],\n};\n\nconst git_reset_hard: YaraRule = {\n name: 'git_reset_hard',\n description:\n 'Detects git reset --hard which discards all uncommitted changes',\n severity: 'critical',\n category: 'filesystem_safety',\n appliesTo: PRE_BASH,\n patterns: [/git\\s+reset\\s+--hard/],\n};\n\n// ── §5 Supply Chain ──────────────────────────────────────────────\n\nconst wrong_posthog_package: YaraRule = {\n name: 'wrong_posthog_package',\n description:\n 'Detects installing the wrong PostHog npm package — should be posthog-js or posthog-node',\n severity: 'high',\n category: 'supply_chain',\n appliesTo: PRE_BASH,\n patterns: [\n // Match \"npm install posthog\" but not \"posthog-js\", \"posthog-node\", etc.\n /npm\\s+install\\s+(?:--save\\s+|--save-dev\\s+|-[SD]\\s+)*posthog(?!\\s*-)/,\n /pnpm\\s+(?:add|install)\\s+(?:--save\\s+|--save-dev\\s+|-[SD]\\s+)*posthog(?!\\s*-)/,\n /yarn\\s+add\\s+(?:--dev\\s+|-D\\s+)*posthog(?!\\s*-)/,\n /bun\\s+(?:add|install)\\s+(?:--dev\\s+|-[dD]\\s+)*posthog(?!\\s*-)/,\n ],\n};\n\nconst npm_install_global: YaraRule = {\n name: 'npm_install_global',\n description:\n 'Detects global npm installs — should never install packages globally',\n severity: 'high',\n category: 'supply_chain',\n appliesTo: PRE_BASH,\n patterns: [/npm\\s+install\\s+-g\\b/, /npm\\s+install\\s+--global\\b/],\n};\n\n// ─── Rule Registry ───────────────────────────────────────────────\n\nexport const RULES: YaraRule[] = [\n // §1 PostHog API violations\n pii_in_capture_call,\n hardcoded_posthog_key,\n autocapture_disabled,\n hardcoded_posthog_host,\n session_recording_disabled,\n opt_out_capturing,\n // §2 Prompt injection\n prompt_injection_wizard_override,\n prompt_injection_wizard_specific,\n prompt_injection_base64,\n // §3 Secret exfiltration\n secret_exfiltration_via_command,\n // §4 Filesystem safety\n destructive_rm,\n git_force_push,\n git_reset_hard,\n // §5 Supply chain\n wrong_posthog_package,\n npm_install_global,\n];\n\n// ─── Scan Engine ─────────────────────────────────────────────────\n\n/** Maximum content length to scan (100 KB). Inputs beyond this are truncated. */\nconst MAX_SCAN_LENGTH = 100_000;\n\n/**\n * Scan content against rules applicable to a given hook phase and tool.\n * Returns all matching rules (one match per rule, first pattern wins).\n */\nexport function scan(\n content: string,\n phase: HookPhase,\n tool: ToolTarget,\n): ScanResult {\n // Cap input length to prevent pathological regex performance\n const scanContent =\n content.length > MAX_SCAN_LENGTH\n ? content.slice(0, MAX_SCAN_LENGTH)\n : content;\n const applicableRules = RULES.filter((r) =>\n r.appliesTo.some((a) => a.phase === phase && a.tool === tool),\n );\n\n const matches: YaraMatch[] = [];\n for (const rule of applicableRules) {\n for (const pattern of rule.patterns) {\n const match = pattern.exec(scanContent);\n if (match) {\n matches.push({\n rule,\n matchedText: match[0],\n offset: match.index,\n });\n break; // One match per rule is sufficient\n }\n }\n }\n\n return matches.length > 0 ? { matched: true, matches } : { matched: false };\n}\n\n/**\n * Scan all files in a skill directory for prompt injection.\n * Used for context-mill scanning after skill installation.\n */\nexport function scanSkillDirectory(\n files: Array<{ path: string; content: string }>,\n): ScanResult {\n const allMatches: YaraMatch[] = [];\n for (const file of files) {\n const result = scan(file.content, 'PostToolUse', 'Read');\n if (result.matched) {\n allMatches.push(...result.matches);\n }\n }\n return allMatches.length > 0\n ? { matched: true, matches: allMatches }\n : { matched: false };\n}\n"]}
1
+ {"version":3,"file":"yara-scanner.js","sourceRoot":"","sources":["../../../src/lib/yara-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AA+VH,oBA8BC;AAMD,gDAaC;AArWD,oEAAoE;AACpE,EAAE;AACF,kEAAkE;AAClE,sCAAsC;AAEtC,MAAM,eAAe,GAAkD;IACrE,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,EAAE;IACvC,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE;CACvC,CAAC;AAEF,MAAM,cAAc,GAAkD;IACpE,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE;IACtC,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE;CACvC,CAAC;AAEF,MAAM,QAAQ,GAAkD;IAC9D,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE;CACtC,CAAC;AAEF,oEAAoE;AAEpE,MAAM,mBAAmB,GAAa;IACpC,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EACT,qGAAqG;IACvG,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,aAAa;IACvB,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,+CAA+C;QAC/C,iCAAiC;QACjC,iCAAiC;QACjC,0CAA0C;QAC1C,2CAA2C;QAC3C,0CAA0C;QAC1C,sEAAsE;QACtE,sDAAsD;QACtD,kEAAkE;QAClE,+BAA+B;QAC/B,yEAAyE;QACzE,2DAA2D;QAC3D,uDAAuD;QACvD,oEAAoE;QACpE,mEAAmE;QACnE,uEAAuE;QACvE,4DAA4D;QAC5D,wBAAwB;QACxB,wBAAwB;KACzB;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAa;IACtC,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EACT,iGAAiG;IACnG,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,uBAAuB;IACjC,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,gEAAgE;QAChE,sBAAsB;QACtB,yCAAyC;QACzC,sBAAsB;QACtB,oCAAoC;QACpC,2CAA2C;QAC3C,4CAA4C;QAC5C,0DAA0D;KAC3D;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAa;IACrC,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EACT,wFAAwF;IAC1F,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,qBAAqB;IAC/B,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,yBAAyB;QACzB,2BAA2B;QAC3B,2BAA2B;QAC3B,yBAAyB;QACzB,4CAA4C;KAC7C;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,sBAAsB,GAAa;IACvC,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EACT,kFAAkF;IACpF,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,uBAAuB;IACjC,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE,CAAC,4CAA4C,CAAC;CACzD,CAAC;AAEF,MAAM,0BAA0B,GAAa;IAC3C,IAAI,EAAE,4BAA4B;IAClC,WAAW,EAAE,2CAA2C;IACxD,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,gBAAgB;IAC1B,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,uCAAuC;QACvC,sCAAsC;KACvC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAa;IAClC,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,wDAAwD;IACrE,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,gBAAgB;IAC1B,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE;QACR,wFAAwF;QACxF,iEAAiE;QACjE,2CAA2C;QAC3C,mCAAmC;KACpC;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,gCAAgC,GAAa;IACjD,IAAI,EAAE,kCAAkC;IACxC,WAAW,EACT,4EAA4E;IAC9E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,cAAc;IACzB,QAAQ,EAAE;QACR,2DAA2D;QAC3D,+BAA+B;QAC/B,gBAAgB;QAChB,2BAA2B;QAC3B,sBAAsB;QACtB,oBAAoB;QACpB,qBAAqB;QACrB,oBAAoB;KACrB;CACF,CAAC;AAEF,MAAM,gCAAgC,GAAa;IACjD,IAAI,EAAE,kCAAkC;IACxC,WAAW,EACT,8EAA8E;IAChF,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,cAAc;IACzB,QAAQ,EAAE;QACR,+BAA+B;QAC/B,eAAe;QACf,yBAAyB;QACzB,iBAAiB;QACjB,oBAAoB;QACpB,qBAAqB;QACrB,8BAA8B;QAC9B,4BAA4B;QAC5B,6BAA6B;QAC7B,oEAAoE;QACpE,uDAAuD;QACvD,kBAAkB;KACnB;CACF,CAAC;AAEF,MAAM,uBAAuB,GAAa;IACxC,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EACT,uGAAuG;IACzG,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,cAAc;IACzB,QAAQ,EAAE;QACR,kEAAkE;QAClE,6DAA6D;QAC7D,6CAA6C;KAC9C;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,+BAA+B,GAAa;IAChD,IAAI,EAAE,iCAAiC;IACvC,WAAW,EACT,wEAAwE;IAC1E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE;QACR,8CAA8C;QAC9C,8DAA8D;QAC9D,8DAA8D;QAC9D,4CAA4C;QAC5C,4EAA4E;QAC5E,4EAA4E;QAC5E,WAAW;QACX,eAAe;QACf,mCAAmC;QACnC,gCAAgC;QAChC,2BAA2B;QAC3B,iCAAiC;QACjC,wCAAwC;QACxC,uBAAuB;QACvB,uBAAuB;KACxB;CACF,CAAC;AAEF,oEAAoE;AAEpE,MAAM,cAAc,GAAa;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,+DAA+D;IAC5E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,mBAAmB;IAC7B,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE;QACR,gDAAgD;QAChD,wDAAwD;QACxD,kEAAkE;QAClE,6EAA6E;QAC7E,6EAA6E;KAC9E;CACF,CAAC;AAEF,MAAM,cAAc,GAAa;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,6DAA6D;IAC1E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,mBAAmB;IAC7B,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE,CAAC,wBAAwB,EAAE,qBAAqB,CAAC;CAC5D,CAAC;AAEF,MAAM,cAAc,GAAa;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EACT,iEAAiE;IACnE,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,mBAAmB;IAC7B,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE,CAAC,sBAAsB,CAAC;CACnC,CAAC;AAEF,oEAAoE;AAEpE,MAAM,qBAAqB,GAAa;IACtC,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EACT,yFAAyF;IAC3F,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE;QACR,yEAAyE;QACzE,sEAAsE;QACtE,+EAA+E;QAC/E,iDAAiD;QACjD,+DAA+D;KAChE;CACF,CAAC;AAEF,MAAM,kBAAkB,GAAa;IACnC,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EACT,sEAAsE;IACxE,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,QAAQ;IACnB,QAAQ,EAAE,CAAC,sBAAsB,EAAE,4BAA4B,CAAC;CACjE,CAAC;AAEF,oEAAoE;AAEvD,QAAA,KAAK,GAAe;IAC/B,4BAA4B;IAC5B,mBAAmB;IACnB,qBAAqB;IACrB,oBAAoB;IACpB,sBAAsB;IACtB,0BAA0B;IAC1B,iBAAiB;IACjB,sBAAsB;IACtB,gCAAgC;IAChC,gCAAgC;IAChC,uBAAuB;IACvB,yBAAyB;IACzB,+BAA+B;IAC/B,uBAAuB;IACvB,cAAc;IACd,cAAc;IACd,cAAc;IACd,kBAAkB;IAClB,qBAAqB;IACrB,kBAAkB;CACnB,CAAC;AAEF,oEAAoE;AAEpE,iFAAiF;AACjF,MAAM,eAAe,GAAG,OAAO,CAAC;AAEhC;;;GAGG;AACH,SAAgB,IAAI,CAClB,OAAe,EACf,KAAgB,EAChB,IAAgB;IAEhB,6DAA6D;IAC7D,MAAM,WAAW,GACf,OAAO,CAAC,MAAM,GAAG,eAAe;QAC9B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC;QACnC,CAAC,CAAC,OAAO,CAAC;IACd,MAAM,eAAe,GAAG,aAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAC9D,CAAC;IAEF,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxC,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,MAAM,EAAE,KAAK,CAAC,KAAK;iBACpB,CAAC,CAAC;gBACH,MAAM,CAAC,mCAAmC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC9E,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAChC,KAA+C;IAE/C,MAAM,UAAU,GAAgB,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,UAAU,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC;QAC1B,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE;QACxC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC","sourcesContent":["/**\n * YARA content scanner for the PostHog wizard.\n *\n * This file is the single source of truth for all wizard YARA rules.\n *\n * Scans tool inputs (pre-execution) and outputs (post-execution) for\n * security violations including PII leakage, hardcoded secrets,\n * prompt injection, and secret exfiltration.\n *\n * We use YARA-style regex rules rather than the real YARA C library to\n * avoid native binary dependencies in an npx-distributed npm package.\n *\n * This is Layer 2 (L2) in the wizard's defense-in-depth model,\n * complementing the prompt-based commandments (L0) and the\n * canUseTool() allowlist (L1).\n */\n\n// ─── Types ───────────────────────────────────────────────────────\n\nexport type YaraSeverity = 'critical' | 'high' | 'medium' | 'low';\n\nexport type YaraCategory =\n | 'posthog_pii'\n | 'posthog_hardcoded_key'\n | 'posthog_autocapture'\n | 'posthog_config'\n | 'prompt_injection'\n | 'exfiltration'\n | 'filesystem_safety'\n | 'supply_chain';\n\nexport type HookPhase = 'PreToolUse' | 'PostToolUse';\nexport type ToolTarget = 'Bash' | 'Write' | 'Edit' | 'Read' | 'Grep';\n\nexport interface YaraRule {\n /** Rule name matching the .yar file (e.g. 'pii_in_capture_call') */\n name: string;\n description: string;\n severity: YaraSeverity;\n category: YaraCategory;\n /** Which hook+tool combinations this rule applies to */\n appliesTo: Array<{ phase: HookPhase; tool: ToolTarget }>;\n /** Compiled regex patterns — any match triggers the rule */\n patterns: RegExp[];\n}\n\nexport interface YaraMatch {\n rule: YaraRule;\n /** The matched substring */\n matchedText: string;\n /** Byte offset in the scanned content */\n offset: number;\n}\n\nexport type ScanResult =\n | { matched: false }\n | { matched: true; matches: YaraMatch[] };\n\n// ─── Rule Definitions ────────────────────────────────────────────\n//\n// Patterns are compiled once at module load time for performance.\n// Design spec: policies/yara/RULES.md\n\nconst POST_WRITE_EDIT: Array<{ phase: HookPhase; tool: ToolTarget }> = [\n { phase: 'PostToolUse', tool: 'Write' },\n { phase: 'PostToolUse', tool: 'Edit' },\n];\n\nconst POST_READ_GREP: Array<{ phase: HookPhase; tool: ToolTarget }> = [\n { phase: 'PostToolUse', tool: 'Read' },\n { phase: 'PostToolUse', tool: 'Grep' },\n];\n\nconst PRE_BASH: Array<{ phase: HookPhase; tool: ToolTarget }> = [\n { phase: 'PreToolUse', tool: 'Bash' },\n];\n\n// ── §1 PostHog API Violations ────────────────────────────────────\n\nconst pii_in_capture_call: YaraRule = {\n name: 'pii_in_capture_call',\n description:\n \"Detects PII fields passed to posthog.capture() — violates 'NEVER send PII in capture()' commandment\",\n severity: 'high',\n category: 'posthog_pii',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n // Direct PII field names in capture properties\n /\\.capture\\s*\\([^)]{0,200}email/i,\n /\\.capture\\s*\\([^)]{0,200}phone/i,\n /\\.capture\\s*\\([^)]{0,200}full[_\\s]?name/i,\n /\\.capture\\s*\\([^)]{0,200}first[_\\s]?name/i,\n /\\.capture\\s*\\([^)]{0,200}last[_\\s]?name/i,\n /\\.capture\\s*\\([^)]{0,200}(street|mailing|home|billing)[_\\s]?address/i,\n /\\.capture\\s*\\([^)]{0,200}(ssn|social[_\\s]?security)/i,\n /\\.capture\\s*\\([^)]{0,200}(date[_\\s]?of[_\\s]?birth|dob|birthday)/i,\n /\\.capture\\s*\\([^)]{0,200}\\$ip/,\n // identify() allows email/phone/name (standard PostHog user properties),\n // but highly sensitive PII is still blocked in identify().\n /\\.identify\\s*\\([^)]{0,200}(ssn|social[_\\s]?security)/i,\n /\\.identify\\s*\\([^)]{0,200}(card[_\\s]?number|cvv|credit[_\\s]?card)/i,\n /\\.identify\\s*\\([^)]{0,200}(date[_\\s]?of[_\\s]?birth|dob|birthday)/i,\n /\\.identify\\s*\\([^)]{0,200}(street|mailing|home|billing)[_\\s]?address/i,\n // PII in $set properties via capture (bound to same object)\n /\\$set[^}]{0,200}email/i,\n /\\$set[^}]{0,200}phone/i,\n ],\n};\n\nconst hardcoded_posthog_key: YaraRule = {\n name: 'hardcoded_posthog_key',\n description:\n \"Detects hardcoded PostHog API keys in source — violates 'use environment variables' commandment\",\n severity: 'high',\n category: 'posthog_hardcoded_key',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n // PostHog project API key (phc_ prefix, 20+ alphanumeric chars)\n /phc_[a-zA-Z0-9]{20,}/,\n // PostHog personal API key (phx_ prefix)\n /phx_[a-zA-Z0-9]{20,}/,\n // Hardcoded key assignment patterns\n /apiKey\\s*[:=]\\s*['\"][a-zA-Z0-9_]{20,}['\"]/,\n /api_key\\s*[:=]\\s*['\"][a-zA-Z0-9_]{20,}['\"]/,\n /POSTHOG_PROJECT_TOKEN\\s*[:=]\\s*['\"][a-zA-Z0-9_]{20,}['\"]/,\n ],\n};\n\nconst autocapture_disabled: YaraRule = {\n name: 'autocapture_disabled',\n description:\n \"Detects agent disabling autocapture — violates 'don't disable autocapture' commandment\",\n severity: 'medium',\n category: 'posthog_autocapture',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n /autocapture\\s*:\\s*false/,\n /autocapture\\s*:\\s*'false'/,\n /autocapture\\s*:\\s*\"false\"/,\n /autocapture\\s*=\\s*False/,\n /disable_autocapture\\s*[:=]\\s*(true|True|1)/,\n ],\n};\n\n// ── §1b Additional PostHog config rules ──────────────────────────\n\nconst hardcoded_posthog_host: YaraRule = {\n name: 'hardcoded_posthog_host',\n description:\n 'Detects hardcoded PostHog host URLs in source — should use environment variables',\n severity: 'high',\n category: 'posthog_hardcoded_key',\n appliesTo: POST_WRITE_EDIT,\n patterns: [/['\"]https:\\/\\/(us|eu)\\.i\\.posthog\\.com['\"]/],\n};\n\nconst session_recording_disabled: YaraRule = {\n name: 'session_recording_disabled',\n description: 'Detects agent disabling session recording',\n severity: 'medium',\n category: 'posthog_config',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n /disable_session_recording\\s*:\\s*true/i,\n /disable_session_recording\\s*=\\s*True/,\n ],\n};\n\nconst opt_out_capturing: YaraRule = {\n name: 'opt_out_capturing',\n description: 'Detects agent opting out of PostHog capturing entirely',\n severity: 'medium',\n category: 'posthog_config',\n appliesTo: POST_WRITE_EDIT,\n patterns: [\n // Match opt_out_capturing as a config property (in init options), not as a method call.\n // posthog.opt_out_capturing() is a legitimate GDPR-required API.\n /opt_out_capturing\\s*[:=]\\s*(true|True|1)/i,\n /opted_out\\s*[:=]\\s*(true|True|1)/i,\n ],\n};\n\n// ── §2 Prompt Injection ──────────────────────────────────────────\n\nconst prompt_injection_wizard_override: YaraRule = {\n name: 'prompt_injection_wizard_override',\n description:\n 'Detects classic prompt injection attempting to override agent instructions',\n severity: 'critical',\n category: 'prompt_injection',\n appliesTo: POST_READ_GREP,\n patterns: [\n // Direct instruction override — classic injection patterns\n /ignore previous instructions/i,\n /disregard all/i,\n /forget your instructions/i,\n /override your rules/i,\n // Role manipulation\n /act as a different/i,\n /new instructions:/i,\n ],\n};\n\nconst prompt_injection_wizard_specific: YaraRule = {\n name: 'prompt_injection_wizard_specific',\n description:\n 'Detects wizard-specific manipulation or tool abuse attempts in project files',\n severity: 'medium',\n category: 'prompt_injection',\n appliesTo: POST_READ_GREP,\n patterns: [\n // Wizard-specific manipulation\n /skip posthog/i,\n /do not install posthog/i,\n /remove posthog/i,\n /uninstall posthog/i,\n /delete the posthog/i,\n // Tool abuse via file content\n /run the following command/i,\n /execute this shell command/i,\n // Role hijacking — require \"you are now a\" to avoid false positives\n // on legitimate phrases like \"you are now ready to...\"\n /you are now a\\s/i,\n ],\n};\n\nconst prompt_injection_base64: YaraRule = {\n name: 'prompt_injection_base64',\n description:\n 'Detects suspicious base64-encoded blocks in file content that may contain obfuscated prompt injection',\n severity: 'critical',\n category: 'prompt_injection',\n appliesTo: POST_READ_GREP,\n patterns: [\n // Long base64 strings (100+ chars) in comments or string literals\n // that aren't typical data URIs or legitimate base64 content\n /(?:\\/\\/|#|\\/\\*)\\s*[A-Za-z0-9+/]{100,}={0,2}/,\n ],\n};\n\n// ── §3 Secret Exfiltration ───────────────────────────────────────\n\nconst secret_exfiltration_via_command: YaraRule = {\n name: 'secret_exfiltration_via_command',\n description:\n 'Detects shell commands attempting to exfiltrate secrets or credentials',\n severity: 'critical',\n category: 'exfiltration',\n appliesTo: PRE_BASH,\n patterns: [\n // curl/wget with environment variable secrets\n /curl\\s+.*\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)/i,\n /wget\\s+.*\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)/i,\n // Piping sensitive content to network tools\n /(\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD)|\\.env|credentials)\\S*.*\\|\\s*curl/i,\n /(\\$\\{?[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD)|\\.env|credentials)\\S*.*\\|\\s*wget/i,\n /\\|\\s*nc\\s/,\n /\\|\\s*netcat\\s/,\n // Base64 encoding piped to network\n /base64.*\\|\\s*(curl|wget|nc\\s)/i,\n // Reading .env and sending\n /cat\\s+.*\\.env.*\\|\\s*(curl|wget)/,\n // PostHog key exfiltration specifically\n /curl.*phc_[a-zA-Z0-9]/,\n /wget.*phc_[a-zA-Z0-9]/,\n ],\n};\n\n// ── §4 Filesystem Safety ─────────────────────────────────────────\n\nconst destructive_rm: YaraRule = {\n name: 'destructive_rm',\n description: 'Detects rm -rf or rm -r commands that could mass-delete files',\n severity: 'critical',\n category: 'filesystem_safety',\n appliesTo: PRE_BASH,\n patterns: [\n // Combined flags: rm -rf, rm -fr, rm -rfi, etc.\n /\\brm\\s+(-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r)\\b/,\n // Separated flags: rm -r -f, rm -f -r (with optional other flags)\n /\\brm\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*r[a-zA-Z]*\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*f\\b/,\n /\\brm\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*f[a-zA-Z]*\\s+(-[a-zA-Z]*\\s+)*-[a-zA-Z]*r\\b/,\n ],\n};\n\nconst git_force_push: YaraRule = {\n name: 'git_force_push',\n description: 'Detects git push --force which can overwrite remote history',\n severity: 'critical',\n category: 'filesystem_safety',\n appliesTo: PRE_BASH,\n patterns: [/git\\s+push\\s+.*--force/, /git\\s+push\\s+.*-f\\b/],\n};\n\nconst git_reset_hard: YaraRule = {\n name: 'git_reset_hard',\n description:\n 'Detects git reset --hard which discards all uncommitted changes',\n severity: 'critical',\n category: 'filesystem_safety',\n appliesTo: PRE_BASH,\n patterns: [/git\\s+reset\\s+--hard/],\n};\n\n// ── §5 Supply Chain ──────────────────────────────────────────────\n\nconst wrong_posthog_package: YaraRule = {\n name: 'wrong_posthog_package',\n description:\n 'Detects installing the wrong PostHog npm package — should be posthog-js or posthog-node',\n severity: 'high',\n category: 'supply_chain',\n appliesTo: PRE_BASH,\n patterns: [\n // Match \"npm install posthog\" but not \"posthog-js\", \"posthog-node\", etc.\n /npm\\s+install\\s+(?:--save\\s+|--save-dev\\s+|-[SD]\\s+)*posthog(?!\\s*-)/,\n /pnpm\\s+(?:add|install)\\s+(?:--save\\s+|--save-dev\\s+|-[SD]\\s+)*posthog(?!\\s*-)/,\n /yarn\\s+add\\s+(?:--dev\\s+|-D\\s+)*posthog(?!\\s*-)/,\n /bun\\s+(?:add|install)\\s+(?:--dev\\s+|-[dD]\\s+)*posthog(?!\\s*-)/,\n ],\n};\n\nconst npm_install_global: YaraRule = {\n name: 'npm_install_global',\n description:\n 'Detects global npm installs — should never install packages globally',\n severity: 'high',\n category: 'supply_chain',\n appliesTo: PRE_BASH,\n patterns: [/npm\\s+install\\s+-g\\b/, /npm\\s+install\\s+--global\\b/],\n};\n\n// ─── Rule Registry ───────────────────────────────────────────────\n\nexport const RULES: YaraRule[] = [\n // §1 PostHog API violations\n pii_in_capture_call,\n hardcoded_posthog_key,\n autocapture_disabled,\n hardcoded_posthog_host,\n session_recording_disabled,\n opt_out_capturing,\n // §2 Prompt injection\n prompt_injection_wizard_override,\n prompt_injection_wizard_specific,\n prompt_injection_base64,\n // §3 Secret exfiltration\n secret_exfiltration_via_command,\n // §4 Filesystem safety\n destructive_rm,\n git_force_push,\n git_reset_hard,\n // §5 Supply chain\n wrong_posthog_package,\n npm_install_global,\n];\n\n// ─── Scan Engine ─────────────────────────────────────────────────\n\n/** Maximum content length to scan (100 KB). Inputs beyond this are truncated. */\nconst MAX_SCAN_LENGTH = 100_000;\n\n/**\n * Scan content against rules applicable to a given hook phase and tool.\n * Returns all matching rules (one match per rule, first pattern wins).\n */\nexport function scan(\n content: string,\n phase: HookPhase,\n tool: ToolTarget,\n): ScanResult {\n // Cap input length to prevent pathological regex performance\n const scanContent =\n content.length > MAX_SCAN_LENGTH\n ? content.slice(0, MAX_SCAN_LENGTH)\n : content;\n const applicableRules = RULES.filter((r) =>\n r.appliesTo.some((a) => a.phase === phase && a.tool === tool),\n );\n\n const matches: YaraMatch[] = [];\n for (const rule of applicableRules) {\n for (const pattern of rule.patterns) {\n const match = pattern.exec(scanContent);\n if (match) {\n matches.push({\n rule,\n matchedText: match[0],\n offset: match.index,\n });\n break; // One match per rule is sufficient\n }\n }\n }\n\n return matches.length > 0 ? { matched: true, matches } : { matched: false };\n}\n\n/**\n * Scan all files in a skill directory for prompt injection.\n * Used for context-mill scanning after skill installation.\n */\nexport function scanSkillDirectory(\n files: Array<{ path: string; content: string }>,\n): ScanResult {\n const allMatches: YaraMatch[] = [];\n for (const file of files) {\n const result = scan(file.content, 'PostToolUse', 'Read');\n if (result.matched) {\n allMatches.push(...result.matches);\n }\n }\n return allMatches.length > 0\n ? { matched: true, matches: allMatches }\n : { matched: false };\n}\n"]}
package/dist/src/run.js CHANGED
@@ -16,11 +16,15 @@ const agent_runner_1 = require("./lib/agent-runner");
16
16
  const events_1 = require("events");
17
17
  const debug_1 = require("./utils/debug");
18
18
  const wizard_abort_1 = require("./utils/wizard-abort");
19
+ const env_api_key_1 = require("./utils/env-api-key");
19
20
  events_1.EventEmitter.defaultMaxListeners = 50;
20
21
  async function runWizard(argv, session) {
22
+ // Apply log file env overrides for all modes (CI, benchmark, and interactive).
23
+ (0, debug_1.configureLogFileFromEnvironment)();
21
24
  const finalArgs = {
22
25
  ...argv,
23
26
  ...(0, environment_1.readEnvironment)(),
27
+ apiKey: argv.apiKey ?? (0, env_api_key_1.readApiKeyFromEnv)(),
24
28
  };
25
29
  let resolvedInstallDir;
26
30
  if (finalArgs.installDir) {
package/dist/src/run.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"run.js","sourceRoot":"","sources":["../../src/run.ts"],"names":[],"mappings":";;;;;AAsCA,8BAmGC;AAED,8CAmBC;AA9JD,yDAAwE;AAIxE,+CAIyB;AACzB,qDAAsD;AACtD,6BAA6B;AAC7B,gDAAwB;AACxB,6CAAoD;AACpD,iDAA8C;AAC9C,qDAAoD;AACpD,mCAAsC;AACtC,yCAA0C;AAC1C,uDAAmD;AAEnD,qBAAY,CAAC,mBAAmB,GAAG,EAAE,CAAC;AAmB/B,KAAK,UAAU,SAAS,CAAC,IAAU,EAAE,OAAuB;IACjE,MAAM,SAAS,GAAG;QAChB,GAAG,IAAI;QACP,GAAG,IAAA,6BAAe,GAAE;KACrB,CAAC;IAEF,IAAI,kBAA0B,CAAC;IAC/B,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;QACzB,IAAI,cAAI,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1C,kBAAkB,GAAG,SAAS,CAAC,UAAU,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,kBAAkB,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,kBAAkB,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IACrC,CAAC;IAED,+DAA+D;IAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,IAAA,6BAAY,EAAC;YACrB,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,YAAY,EAAE,SAAS,CAAC,YAAY;YACpC,UAAU,EAAE,kBAAkB;YAC9B,EAAE,EAAE,SAAS,CAAC,EAAE;YAChB,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,SAAS,EAAE,SAAS,CAAC,SAAS;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,UAAU,GAAG,kBAAkB,CAAC;IAExC,IAAA,UAAK,GAAE,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAErD,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;QACf,IAAA,UAAK,GAAE,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,WAAW,GACf,OAAO,CAAC,WAAW,IAAI,CAAC,MAAM,2BAA2B,CAAC,OAAO,CAAC,CAAC,CAAC;IAEtE,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;IAClC,qBAAS,CAAC,MAAM,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,6BAAkB,CAAC,WAAW,CAAC,CAAC;IAC/C,OAAO,CAAC,eAAe,GAAG,MAAM,CAAC;IAEjC,sEAAsE;IACtE,oEAAoE;IACpE,MAAM,sBAAsB,GAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IACnD,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAClD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;YACH,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBACvC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;QAC3D,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAA,6BAAc,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,UAAU,GACd,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAElE,IAAA,iBAAS,EAAC,kCAAkC,YAAY,GAAG,CAAC,CAAC;QAC7D,IAAI,UAAU,EAAE,CAAC;YACf,IAAA,iBAAS,EAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,CAAC,CAAC,OAAO,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAEzE,MAAM,IAAA,0BAAW,EAAC;YAChB,OAAO,EAAE,yBAAyB,YAAY,yCAAyC,MAAM,CAAC,QAAQ,CAAC,OAAO,+BAA+B,SAAS,EAAE;YACxJ,KAAK,EAAE,KAAc;SACtB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,UAAkB;IAElB,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAW,CAAC,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,6BAAkB,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC;gBACvC,IAAI,OAAO,CAAQ,CAAC,OAAO,EAAE,EAAE,CAC7B,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,gCAAoB,CAAC,CACvD;aACF,CAAC,CAAC;YACH,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC;YACrB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,OAAsB;IAEtB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClB,MAAM,mBAAmB,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAExE,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAA,UAAK,GAAE,CAAC,oBAAoB,CAC1B,6BAAkB,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,IAAI,CACtD,CAAC;YACF,qBAAS,CAAC,OAAO,CAAC,yCAA6B,EAAE;gBAC/C,MAAM,EAAE,2BAA2B;gBACnC,WAAW,EAAE,mBAAmB;gBAChC,cAAc,EAAE,6BAAkB,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,IAAI;aACtE,CAAC,CAAC;YACH,OAAO,mBAAmB,CAAC;QAC7B,CAAC;QAED,qBAAS,CAAC,OAAO,CAAC,yCAA6B,EAAE;YAC/C,MAAM,EAAE,mCAAmC;SAC5C,CAAC,CAAC;QACH,IAAA,UAAK,GAAE,CAAC,GAAG,CAAC,IAAI,CACd,qEAAqE,CACtE,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,gEAAgE;IAChE,OAAO,IAAA,0BAAW,EAAC;QACjB,OAAO,EACL,yFAAyF;KAC5F,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type WizardSession, buildSession } from './lib/wizard-session';\n\nimport type { CloudRegion } from './utils/types';\n\nimport {\n Integration,\n DETECTION_TIMEOUT_MS,\n WIZARD_INTERACTION_EVENT_NAME,\n} from './lib/constants';\nimport { readEnvironment } from './utils/environment';\nimport { getUI } from './ui';\nimport path from 'path';\nimport { FRAMEWORK_REGISTRY } from './lib/registry';\nimport { analytics } from './utils/analytics';\nimport { runAgentWizard } from './lib/agent-runner';\nimport { EventEmitter } from 'events';\nimport { logToFile } from './utils/debug';\nimport { wizardAbort } from './utils/wizard-abort';\n\nEventEmitter.defaultMaxListeners = 50;\n\ntype Args = {\n integration?: Integration;\n debug?: boolean;\n forceInstall?: boolean;\n installDir?: string;\n region?: CloudRegion;\n default?: boolean;\n signup?: boolean;\n localMcp?: boolean;\n ci?: boolean;\n apiKey?: string;\n projectId?: string;\n menu?: boolean;\n benchmark?: boolean;\n yaraReport?: boolean;\n};\n\nexport async function runWizard(argv: Args, session?: WizardSession) {\n const finalArgs = {\n ...argv,\n ...readEnvironment(),\n };\n\n let resolvedInstallDir: string;\n if (finalArgs.installDir) {\n if (path.isAbsolute(finalArgs.installDir)) {\n resolvedInstallDir = finalArgs.installDir;\n } else {\n resolvedInstallDir = path.join(process.cwd(), finalArgs.installDir);\n }\n } else {\n resolvedInstallDir = process.cwd();\n }\n\n // Build session if not provided (CI mode passes one pre-built)\n if (!session) {\n session = buildSession({\n debug: finalArgs.debug,\n forceInstall: finalArgs.forceInstall,\n installDir: resolvedInstallDir,\n ci: finalArgs.ci,\n signup: finalArgs.signup,\n localMcp: finalArgs.localMcp,\n apiKey: finalArgs.apiKey,\n menu: finalArgs.menu,\n integration: finalArgs.integration,\n benchmark: finalArgs.benchmark,\n yaraReport: finalArgs.yaraReport,\n projectId: finalArgs.projectId,\n });\n }\n\n session.installDir = resolvedInstallDir;\n\n getUI().intro(`Welcome to the PostHog setup wizard`);\n\n if (session.ci) {\n getUI().log.info('Running in CI mode');\n }\n\n const integration =\n session.integration ?? (await detectAndResolveIntegration(session));\n\n session.integration = integration;\n analytics.setTag('integration', integration);\n\n const config = FRAMEWORK_REGISTRY[integration];\n session.frameworkConfig = config;\n\n // Run gatherContext if the framework has it and it hasn't already run\n // (bin.ts runs it early so IntroScreen can show the friendly label)\n const contextAlreadyGathered =\n Object.keys(session.frameworkContext).length > 0;\n if (config.metadata.gatherContext && !contextAlreadyGathered) {\n try {\n const context = await config.metadata.gatherContext({\n installDir: session.installDir,\n debug: session.debug,\n forceInstall: session.forceInstall,\n default: false,\n signup: session.signup,\n localMcp: session.localMcp,\n ci: session.ci,\n menu: session.menu,\n benchmark: session.benchmark,\n yaraReport: session.yaraReport,\n });\n for (const [key, value] of Object.entries(context)) {\n if (!(key in session.frameworkContext)) {\n session.frameworkContext[key] = value;\n }\n }\n } catch {\n // Detection failed — SetupScreen or agent will handle it\n }\n }\n\n try {\n await runAgentWizard(config, session);\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n const errorStack =\n error instanceof Error && error.stack ? error.stack : undefined;\n\n logToFile(`[Wizard run.ts] ERROR MESSAGE: ${errorMessage} `);\n if (errorStack) {\n logToFile(`[Wizard run.ts] ERROR STACK: ${errorStack}`);\n }\n\n const debugInfo = session.debug && errorStack ? `\\n\\n${errorStack}` : '';\n\n await wizardAbort({\n message: `Something went wrong: ${errorMessage}\\n\\nYou can read the documentation at ${config.metadata.docsUrl} to set up PostHog manually.${debugInfo}`,\n error: error as Error,\n });\n }\n}\n\nexport async function detectIntegration(\n installDir: string,\n): Promise<Integration | undefined> {\n for (const integration of Object.values(Integration)) {\n const config = FRAMEWORK_REGISTRY[integration];\n try {\n const detected = await Promise.race([\n config.detection.detect({ installDir }),\n new Promise<false>((resolve) =>\n setTimeout(() => resolve(false), DETECTION_TIMEOUT_MS),\n ),\n ]);\n if (detected) {\n return integration;\n }\n } catch {\n // Skip frameworks whose detection throws\n }\n }\n}\n\nasync function detectAndResolveIntegration(\n session: WizardSession,\n): Promise<Integration> {\n if (!session.menu) {\n const detectedIntegration = await detectIntegration(session.installDir);\n\n if (detectedIntegration) {\n getUI().setDetectedFramework(\n FRAMEWORK_REGISTRY[detectedIntegration].metadata.name,\n );\n analytics.capture(WIZARD_INTERACTION_EVENT_NAME, {\n action: 'wizard_framework_detected',\n integration: detectedIntegration,\n framework_name: FRAMEWORK_REGISTRY[detectedIntegration].metadata.name,\n });\n return detectedIntegration;\n }\n\n analytics.capture(WIZARD_INTERACTION_EVENT_NAME, {\n action: 'wizard_framework_detection_failed',\n });\n getUI().log.info(\n \"I couldn't detect your framework. Please choose one to get started.\",\n );\n }\n\n // Fallback: in TUI mode the IntroScreen would handle this,\n // but for CI mode or when detection fails, abort with guidance.\n return wizardAbort({\n message:\n 'Could not auto-detect your framework. Please specify --integration on the command line.',\n });\n}\n"]}
1
+ {"version":3,"file":"run.js","sourceRoot":"","sources":["../../src/run.ts"],"names":[],"mappings":";;;;;AAuCA,8BAuGC;AAED,8CAmBC;AAnKD,yDAAwE;AAIxE,+CAIyB;AACzB,qDAAsD;AACtD,6BAA6B;AAC7B,gDAAwB;AACxB,6CAAoD;AACpD,iDAA8C;AAC9C,qDAAoD;AACpD,mCAAsC;AACtC,yCAA2E;AAC3E,uDAAmD;AACnD,qDAAwD;AAExD,qBAAY,CAAC,mBAAmB,GAAG,EAAE,CAAC;AAmB/B,KAAK,UAAU,SAAS,CAAC,IAAU,EAAE,OAAuB;IACjE,+EAA+E;IAC/E,IAAA,uCAA+B,GAAE,CAAC;IAElC,MAAM,SAAS,GAAG;QAChB,GAAG,IAAI;QACP,GAAG,IAAA,6BAAe,GAAE;QACpB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,IAAA,+BAAiB,GAAE;KAC3C,CAAC;IAEF,IAAI,kBAA0B,CAAC;IAC/B,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;QACzB,IAAI,cAAI,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1C,kBAAkB,GAAG,SAAS,CAAC,UAAU,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,kBAAkB,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,kBAAkB,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IACrC,CAAC;IAED,+DAA+D;IAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,IAAA,6BAAY,EAAC;YACrB,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,YAAY,EAAE,SAAS,CAAC,YAAY;YACpC,UAAU,EAAE,kBAAkB;YAC9B,EAAE,EAAE,SAAS,CAAC,EAAE;YAChB,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,SAAS,EAAE,SAAS,CAAC,SAAS;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,UAAU,GAAG,kBAAkB,CAAC;IAExC,IAAA,UAAK,GAAE,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAErD,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;QACf,IAAA,UAAK,GAAE,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,WAAW,GACf,OAAO,CAAC,WAAW,IAAI,CAAC,MAAM,2BAA2B,CAAC,OAAO,CAAC,CAAC,CAAC;IAEtE,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;IAClC,qBAAS,CAAC,MAAM,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,6BAAkB,CAAC,WAAW,CAAC,CAAC;IAC/C,OAAO,CAAC,eAAe,GAAG,MAAM,CAAC;IAEjC,sEAAsE;IACtE,oEAAoE;IACpE,MAAM,sBAAsB,GAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IACnD,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAClD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;YACH,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBACvC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;QAC3D,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAA,6BAAc,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,UAAU,GACd,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAElE,IAAA,iBAAS,EAAC,kCAAkC,YAAY,GAAG,CAAC,CAAC;QAC7D,IAAI,UAAU,EAAE,CAAC;YACf,IAAA,iBAAS,EAAC,gCAAgC,UAAU,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,CAAC,CAAC,OAAO,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAEzE,MAAM,IAAA,0BAAW,EAAC;YAChB,OAAO,EAAE,yBAAyB,YAAY,yCAAyC,MAAM,CAAC,QAAQ,CAAC,OAAO,+BAA+B,SAAS,EAAE;YACxJ,KAAK,EAAE,KAAc;SACtB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,UAAkB;IAElB,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAW,CAAC,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,6BAAkB,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC;gBACvC,IAAI,OAAO,CAAQ,CAAC,OAAO,EAAE,EAAE,CAC7B,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,gCAAoB,CAAC,CACvD;aACF,CAAC,CAAC;YACH,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC;YACrB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,OAAsB;IAEtB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClB,MAAM,mBAAmB,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAExE,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAA,UAAK,GAAE,CAAC,oBAAoB,CAC1B,6BAAkB,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,IAAI,CACtD,CAAC;YACF,qBAAS,CAAC,OAAO,CAAC,yCAA6B,EAAE;gBAC/C,MAAM,EAAE,2BAA2B;gBACnC,WAAW,EAAE,mBAAmB;gBAChC,cAAc,EAAE,6BAAkB,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,IAAI;aACtE,CAAC,CAAC;YACH,OAAO,mBAAmB,CAAC;QAC7B,CAAC;QAED,qBAAS,CAAC,OAAO,CAAC,yCAA6B,EAAE;YAC/C,MAAM,EAAE,mCAAmC;SAC5C,CAAC,CAAC;QACH,IAAA,UAAK,GAAE,CAAC,GAAG,CAAC,IAAI,CACd,qEAAqE,CACtE,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,gEAAgE;IAChE,OAAO,IAAA,0BAAW,EAAC;QACjB,OAAO,EACL,yFAAyF;KAC5F,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type WizardSession, buildSession } from './lib/wizard-session';\n\nimport type { CloudRegion } from './utils/types';\n\nimport {\n Integration,\n DETECTION_TIMEOUT_MS,\n WIZARD_INTERACTION_EVENT_NAME,\n} from './lib/constants';\nimport { readEnvironment } from './utils/environment';\nimport { getUI } from './ui';\nimport path from 'path';\nimport { FRAMEWORK_REGISTRY } from './lib/registry';\nimport { analytics } from './utils/analytics';\nimport { runAgentWizard } from './lib/agent-runner';\nimport { EventEmitter } from 'events';\nimport { logToFile, configureLogFileFromEnvironment } from './utils/debug';\nimport { wizardAbort } from './utils/wizard-abort';\nimport { readApiKeyFromEnv } from './utils/env-api-key';\n\nEventEmitter.defaultMaxListeners = 50;\n\ntype Args = {\n integration?: Integration;\n debug?: boolean;\n forceInstall?: boolean;\n installDir?: string;\n region?: CloudRegion;\n default?: boolean;\n signup?: boolean;\n localMcp?: boolean;\n ci?: boolean;\n apiKey?: string;\n projectId?: string;\n menu?: boolean;\n benchmark?: boolean;\n yaraReport?: boolean;\n};\n\nexport async function runWizard(argv: Args, session?: WizardSession) {\n // Apply log file env overrides for all modes (CI, benchmark, and interactive).\n configureLogFileFromEnvironment();\n\n const finalArgs = {\n ...argv,\n ...readEnvironment(),\n apiKey: argv.apiKey ?? readApiKeyFromEnv(),\n };\n\n let resolvedInstallDir: string;\n if (finalArgs.installDir) {\n if (path.isAbsolute(finalArgs.installDir)) {\n resolvedInstallDir = finalArgs.installDir;\n } else {\n resolvedInstallDir = path.join(process.cwd(), finalArgs.installDir);\n }\n } else {\n resolvedInstallDir = process.cwd();\n }\n\n // Build session if not provided (CI mode passes one pre-built)\n if (!session) {\n session = buildSession({\n debug: finalArgs.debug,\n forceInstall: finalArgs.forceInstall,\n installDir: resolvedInstallDir,\n ci: finalArgs.ci,\n signup: finalArgs.signup,\n localMcp: finalArgs.localMcp,\n apiKey: finalArgs.apiKey,\n menu: finalArgs.menu,\n integration: finalArgs.integration,\n benchmark: finalArgs.benchmark,\n yaraReport: finalArgs.yaraReport,\n projectId: finalArgs.projectId,\n });\n }\n\n session.installDir = resolvedInstallDir;\n\n getUI().intro(`Welcome to the PostHog setup wizard`);\n\n if (session.ci) {\n getUI().log.info('Running in CI mode');\n }\n\n const integration =\n session.integration ?? (await detectAndResolveIntegration(session));\n\n session.integration = integration;\n analytics.setTag('integration', integration);\n\n const config = FRAMEWORK_REGISTRY[integration];\n session.frameworkConfig = config;\n\n // Run gatherContext if the framework has it and it hasn't already run\n // (bin.ts runs it early so IntroScreen can show the friendly label)\n const contextAlreadyGathered =\n Object.keys(session.frameworkContext).length > 0;\n if (config.metadata.gatherContext && !contextAlreadyGathered) {\n try {\n const context = await config.metadata.gatherContext({\n installDir: session.installDir,\n debug: session.debug,\n forceInstall: session.forceInstall,\n default: false,\n signup: session.signup,\n localMcp: session.localMcp,\n ci: session.ci,\n menu: session.menu,\n benchmark: session.benchmark,\n yaraReport: session.yaraReport,\n });\n for (const [key, value] of Object.entries(context)) {\n if (!(key in session.frameworkContext)) {\n session.frameworkContext[key] = value;\n }\n }\n } catch {\n // Detection failed — SetupScreen or agent will handle it\n }\n }\n\n try {\n await runAgentWizard(config, session);\n } catch (error) {\n const errorMessage = error instanceof Error ? error.message : String(error);\n const errorStack =\n error instanceof Error && error.stack ? error.stack : undefined;\n\n logToFile(`[Wizard run.ts] ERROR MESSAGE: ${errorMessage} `);\n if (errorStack) {\n logToFile(`[Wizard run.ts] ERROR STACK: ${errorStack}`);\n }\n\n const debugInfo = session.debug && errorStack ? `\\n\\n${errorStack}` : '';\n\n await wizardAbort({\n message: `Something went wrong: ${errorMessage}\\n\\nYou can read the documentation at ${config.metadata.docsUrl} to set up PostHog manually.${debugInfo}`,\n error: error as Error,\n });\n }\n}\n\nexport async function detectIntegration(\n installDir: string,\n): Promise<Integration | undefined> {\n for (const integration of Object.values(Integration)) {\n const config = FRAMEWORK_REGISTRY[integration];\n try {\n const detected = await Promise.race([\n config.detection.detect({ installDir }),\n new Promise<false>((resolve) =>\n setTimeout(() => resolve(false), DETECTION_TIMEOUT_MS),\n ),\n ]);\n if (detected) {\n return integration;\n }\n } catch {\n // Skip frameworks whose detection throws\n }\n }\n}\n\nasync function detectAndResolveIntegration(\n session: WizardSession,\n): Promise<Integration> {\n if (!session.menu) {\n const detectedIntegration = await detectIntegration(session.installDir);\n\n if (detectedIntegration) {\n getUI().setDetectedFramework(\n FRAMEWORK_REGISTRY[detectedIntegration].metadata.name,\n );\n analytics.capture(WIZARD_INTERACTION_EVENT_NAME, {\n action: 'wizard_framework_detected',\n integration: detectedIntegration,\n framework_name: FRAMEWORK_REGISTRY[detectedIntegration].metadata.name,\n });\n return detectedIntegration;\n }\n\n analytics.capture(WIZARD_INTERACTION_EVENT_NAME, {\n action: 'wizard_framework_detection_failed',\n });\n getUI().log.info(\n \"I couldn't detect your framework. Please choose one to get started.\",\n );\n }\n\n // Fallback: in TUI mode the IntroScreen would handle this,\n // but for CI mode or when detection fails, abort with guidance.\n return wizardAbort({\n message:\n 'Could not auto-detect your framework. Please specify --integration on the command line.',\n });\n}\n"]}
package/dist/src/steps/add-mcp-server-to-clients/defaults.js CHANGED
@@ -64,11 +64,6 @@ exports.AVAILABLE_FEATURES = {
64
64
  label: 'Prompts',
65
65
  hint: 'LLM prompt management',
66
66
  },
67
- {
68
- value: 'logs',
69
- label: 'Logs',
70
- hint: 'Log querying',
71
- },
72
67
  ],
73
68
  'Development Tools': [
74
69
  {
@@ -76,6 +71,11 @@ exports.AVAILABLE_FEATURES = {
76
71
  label: 'Error Tracking',
77
72
  hint: 'Error monitoring and debugging',
78
73
  },
74
+ {
75
+ value: 'logs',
76
+ label: 'Logs',
77
+ hint: 'Log querying',
78
+ },
79
79
  {
80
80
  value: 'flags',
81
81
  label: 'Feature Flags',
package/dist/src/steps/add-mcp-server-to-clients/defaults.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../../../src/steps/add-mcp-server-to-clients/defaults.ts"],"names":[],"mappings":";;;;;;AAAA,8CAAoB;AAEP,QAAA,sBAAsB,GAAG,aAAC;KACpC,MAAM,CAAC;IACN,UAAU,EAAE,aAAC,CAAC,MAAM,CAClB,aAAC,CAAC,MAAM,EAAE,EACV,aAAC,CAAC,KAAK,CAAC;QACN,aAAC,CAAC,MAAM,CAAC;YACP,OAAO,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,IAAI,EAAE,aAAC,CAAC,KAAK,CAAC,aAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;YACpC,GAAG,EAAE,aAAC,CAAC,MAAM,CAAC,aAAC,CAAC,MAAM,EAAE,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SACjD,CAAC;QACF,aAAC,CAAC,MAAM,CAAC;YACP,GAAG,EAAE,aAAC,CAAC,MAAM,EAAE;YACf,OAAO,EAAE,aAAC,CAAC,MAAM,CAAC,aAAC,CAAC,MAAM,EAAE,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SACrD,CAAC;KACH,CAAC,CACH;CACF,CAAC;KACD,WAAW,EAAE,CAAC;AAEJ,QAAA,kBAAkB,GAAG;IAChC,kBAAkB,EAAE;QAClB;YACE,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,YAAY;YACnB,IAAI,EAAE,mCAAmC;SAC1C;QACD;YACE,KAAK,EAAE,UAAU;YACjB,KAAK,EAAE,UAAU;YACjB,IAAI,EAAE,oBAAoB;SAC3B;QACD;YACE,KAAK,EAAE,aAAa;YACpB,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,yBAAyB;SAChC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,mBAAmB;SAC1B;QACD;YACE,KAAK,EAAE,aAAa;YACpB,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,uBAAuB;SAC9B;QACD;YACE,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE,qBAAqB;SAC5B;KACF;IACD,gBAAgB,EAAE;QAChB;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,6BAA6B;SACpC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,uBAAuB;SAC9B;QACD;YACE,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,cAAc;SACrB;KACF;IACD,mBAAmB,EAAE;QACnB;YACE,KAAK,EAAE,gBAAgB;YACvB,KAAK,EAAE,gBAAgB;YACvB,IAAI,EAAE,gCAAgC;SACvC;QACD;YACE,KAAK,EAAE,OAAO;YACd,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,yBAAyB;SAChC;QACD;YACE,KAAK,EAAE,uBAAuB;YAC9B,KAAK,EAAE,uBAAuB;YAC9B,IAAI,EAAE,iCAAiC;SACxC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,mBAAmB;SAC1B;KACF;IACD,iBAAiB,EAAE;QACjB;YACE,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,gCAAgC;SACvC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,6BAA6B;SACpC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,oBAAoB;SAC3B;QACD;YACE,KAAK,EAAE,gBAAgB;YACvB,KAAK,EAAE,gBAAgB;YACvB,IAAI,EAAE,2BAA2B;SAClC;QACD;YACE,KAAK,EAAE,aAAa;YACpB,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,yBAAyB;SAChC;KACF;IACD,kBAAkB,EAAE;QAClB;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,yBAAyB;SAChC;QACD;YACE,KAAK,EAAE,wBAAwB;YAC/B,KAAK,EAAE,wBAAwB;YAC/B,IAAI,EAAE,gCAAgC;SACvC;QACD;YACE,KAAK,EAAE,WAAW;YAClB,KAAK,EAAE,WAAW;YAClB,IAAI,EAAE,qBAAqB;SAC5B;KACF;IACD,uBAAuB,EAAE;QACvB;YACE,KAAK,EAAE,WAAW;YAClB,KAAK,EAAE,WAAW;YAClB,IAAI,EAAE,qCAAqC;SAC5C;QACD;YACE,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,8BAA8B;SACrC;QACD;YACE,KAAK,EAAE,WAAW;YAClB,KAAK,EAAE,WAAW;YAClB,IAAI,EAAE,qBAAqB;SAC5B;QACD;YACE,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,kBAAkB;SACzB;QACD;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,sBAAsB;SAC7B;QACD;YACE,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,kCAAkC;SACzC;QACD;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,iCAAiC;SACxC;QACD;YACE,KAAK,EAAE,OAAO;YACd,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,4BAA4B;SACnC;KACF;CACF,CAAC;AAEW,QAAA,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,0BAAkB,CAAC;KAChE,IAAI,EAAE;KACN,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAI5B,MAAM,WAAW,GAAG,CACzB,IAAmB,EACnB,gBAA2B,EAC3B,KAAe,EACf,EAAE;IACF,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,yBAAyB,CAAC;IACzE,MAAM,OAAO,GAAG,GAAG,IAAI,IAAI,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IAE5D,MAAM,qBAAqB,GACzB,gBAAgB;QAChB,gBAAgB,CAAC,MAAM,KAAK,0BAAkB,CAAC,MAAM;QACrD,0BAAkB,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAE5E,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,kDAAkD;IAClD,IACE,gBAAgB;QAChB,gBAAgB,CAAC,MAAM,GAAG,CAAC;QAC3B,CAAC,qBAAqB,EACtB,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,YAAY,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;AACxE,CAAC,CAAC;AAzBW,QAAA,WAAW,eAyBtB;AAEK,MAAM,yBAAyB,GAAG,CACvC,MAA0B,EAC1B,IAAmB,EACnB,gBAA2B,EAC3B,KAAe,EACf,EAAE;IACF,MAAM,MAAM,GAA4B;QACtC,GAAG,EAAE,IAAA,mBAAW,EAAC,IAAI,EAAE,gBAAgB,EAAE,KAAK,CAAC;KAChD,CAAC;IAEF,+DAA+D;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,OAAO,GAAG;YACf,aAAa,EAAE,UAAU,MAAM,EAAE;SAClC,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAlBW,QAAA,yBAAyB,6BAkBpC;AAEK,MAAM,sBAAsB,GAAG,CACpC,MAA0B,EAC1B,IAAmB,EACnB,gBAA2B,EAC3B,KAAe,EACf,EAAE;IACF,MAAM,eAAe,GAAG,IAAA,mBAAW,EAAC,IAAI,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;IAEnE,mDAAmD;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,CAAC,IAAI,EAAE,mBAAmB,EAAE,eAAe,CAAC;SACnD,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,IAAI;YACJ,mBAAmB;YACnB,eAAe;YACf,UAAU;YACV,uCAAuC;SACxC;QACD,GAAG,EAAE;YACH,mBAAmB,EAAE,UAAU,MAAM,EAAE;SACxC;KACF,CAAC;AACJ,CAAC,CAAC;AA9BW,QAAA,sBAAsB,0BA8BjC","sourcesContent":["import z from 'zod';\n\nexport const DefaultMCPClientConfig = z\n .object({\n mcpServers: z.record(\n z.string(),\n z.union([\n z.object({\n command: z.string().optional(),\n args: z.array(z.string()).optional(),\n env: z.record(z.string(), z.string()).optional(),\n }),\n z.object({\n url: z.string(),\n headers: z.record(z.string(), z.string()).optional(),\n }),\n ]),\n ),\n })\n .passthrough();\n\nexport const AVAILABLE_FEATURES = {\n 'Data & Analytics': [\n {\n value: 'dashboards',\n label: 'Dashboards',\n hint: 'Dashboard creation and management',\n },\n {\n value: 'insights',\n label: 'Insights',\n hint: 'Analytics insights',\n },\n {\n value: 'experiments',\n label: 'Experiments',\n hint: 'A/B testing experiments',\n },\n {\n value: 'surveys',\n label: 'Surveys',\n hint: 'Survey management',\n },\n {\n value: 'annotations',\n label: 'Annotations',\n hint: 'Annotation management',\n },\n {\n value: 'sql',\n label: 'SQL',\n hint: 'SQL query execution',\n },\n ],\n 'AI Engineering': [\n {\n value: 'llm_analytics',\n label: 'LLM Analytics',\n hint: 'LLM usage and cost tracking',\n },\n {\n value: 'prompts',\n label: 'Prompts',\n hint: 'LLM prompt management',\n },\n {\n value: 'logs',\n label: 'Logs',\n hint: 'Log querying',\n },\n ],\n 'Development Tools': [\n {\n value: 'error_tracking',\n label: 'Error Tracking',\n hint: 'Error monitoring and debugging',\n },\n {\n value: 'flags',\n label: 'Feature Flags',\n hint: 'Feature flag management',\n },\n {\n value: 'early_access_features',\n label: 'Early Access Features',\n hint: 'Early access feature management',\n },\n {\n value: 'cohorts',\n label: 'Cohorts',\n hint: 'Cohort management',\n },\n ],\n 'Data Management': [\n {\n value: 'events',\n label: 'Events',\n hint: 'Event and property definitions',\n },\n {\n value: 'persons',\n label: 'Persons',\n hint: 'Person and group management',\n },\n {\n value: 'actions',\n label: 'Actions',\n hint: 'Action definitions',\n },\n {\n value: 'data_warehouse',\n label: 'Data Warehouse',\n hint: 'Data warehouse management',\n },\n {\n value: 'data_schema',\n label: 'Data Schema',\n hint: 'Data schema exploration',\n },\n ],\n 'CDP & Automation': [\n {\n value: 'hog_functions',\n label: 'Hog Functions',\n hint: 'CDP function management',\n },\n {\n value: 'hog_function_templates',\n label: 'Hog Function Templates',\n hint: 'CDP function template browsing',\n },\n {\n value: 'workflows',\n label: 'Workflows',\n hint: 'Workflow management',\n },\n ],\n 'Platform & Management': [\n {\n value: 'workspace',\n label: 'Workspace',\n hint: 'Organization and project management',\n },\n {\n value: 'docs',\n label: 'Documentation',\n hint: 'PostHog documentation search',\n },\n {\n value: 'notebooks',\n label: 'Notebooks',\n hint: 'Notebook management',\n },\n {\n value: 'alerts',\n label: 'Alerts',\n hint: 'Alert management',\n },\n {\n value: 'activity_logs',\n label: 'Activity Logs',\n hint: 'Activity log viewing',\n },\n {\n value: 'search',\n label: 'Search',\n hint: 'Entity search across the project',\n },\n {\n value: 'reverse_proxy',\n label: 'Reverse Proxy',\n hint: 'Reverse proxy record management',\n },\n {\n value: 'debug',\n label: 'Debug',\n hint: 'Debug and diagnostic tools',\n },\n ],\n};\n\nexport const ALL_FEATURE_VALUES = Object.values(AVAILABLE_FEATURES)\n .flat()\n .map((feature) => feature.value);\n\ntype MCPServerType = 'sse' | 'streamable-http';\n\nexport const buildMCPUrl = (\n type: MCPServerType,\n selectedFeatures?: string[],\n local?: boolean,\n) => {\n const host = local ? 'http://localhost:8787' : 'https://mcp.posthog.com';\n const baseUrl = `${host}/${type === 'sse' ? 'sse' : 'mcp'}`;\n\n const isAllFeaturesSelected =\n selectedFeatures &&\n selectedFeatures.length === ALL_FEATURE_VALUES.length &&\n ALL_FEATURE_VALUES.every((feature) => selectedFeatures.includes(feature));\n\n const params: string[] = [];\n\n // Add features param if not all features selected\n if (\n selectedFeatures &&\n selectedFeatures.length > 0 &&\n !isAllFeaturesSelected\n ) {\n params.push(`features=${selectedFeatures.join(',')}`);\n }\n\n return params.length > 0 ? `${baseUrl}?${params.join('&')}` : baseUrl;\n};\n\nexport const getNativeHTTPServerConfig = (\n apiKey: string | undefined,\n type: MCPServerType,\n selectedFeatures?: string[],\n local?: boolean,\n) => {\n const config: Record<string, unknown> = {\n url: buildMCPUrl(type, selectedFeatures, local),\n };\n\n // Only add auth header if API key is provided (not OAuth mode)\n if (apiKey) {\n config.headers = {\n Authorization: `Bearer ${apiKey}`,\n };\n }\n\n return config;\n};\n\nexport const getDefaultServerConfig = (\n apiKey: string | undefined,\n type: MCPServerType,\n selectedFeatures?: string[],\n local?: boolean,\n) => {\n const urlWithFeatures = buildMCPUrl(type, selectedFeatures, local);\n\n // OAuth mode: no auth header, let MCP handle OAuth\n if (!apiKey) {\n return {\n command: 'npx',\n args: ['-y', 'mcp-remote@latest', urlWithFeatures],\n };\n }\n\n // API key mode: include auth header\n return {\n command: 'npx',\n args: [\n '-y',\n 'mcp-remote@latest',\n urlWithFeatures,\n '--header',\n `Authorization:\\${POSTHOG_AUTH_HEADER}`,\n ],\n env: {\n POSTHOG_AUTH_HEADER: `Bearer ${apiKey}`,\n },\n };\n};\n"]}
1
+ {"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../../../src/steps/add-mcp-server-to-clients/defaults.ts"],"names":[],"mappings":";;;;;;AAAA,8CAAoB;AAEP,QAAA,sBAAsB,GAAG,aAAC;KACpC,MAAM,CAAC;IACN,UAAU,EAAE,aAAC,CAAC,MAAM,CAClB,aAAC,CAAC,MAAM,EAAE,EACV,aAAC,CAAC,KAAK,CAAC;QACN,aAAC,CAAC,MAAM,CAAC;YACP,OAAO,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,IAAI,EAAE,aAAC,CAAC,KAAK,CAAC,aAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;YACpC,GAAG,EAAE,aAAC,CAAC,MAAM,CAAC,aAAC,CAAC,MAAM,EAAE,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SACjD,CAAC;QACF,aAAC,CAAC,MAAM,CAAC;YACP,GAAG,EAAE,aAAC,CAAC,MAAM,EAAE;YACf,OAAO,EAAE,aAAC,CAAC,MAAM,CAAC,aAAC,CAAC,MAAM,EAAE,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SACrD,CAAC;KACH,CAAC,CACH;CACF,CAAC;KACD,WAAW,EAAE,CAAC;AAEJ,QAAA,kBAAkB,GAAG;IAChC,kBAAkB,EAAE;QAClB;YACE,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,YAAY;YACnB,IAAI,EAAE,mCAAmC;SAC1C;QACD;YACE,KAAK,EAAE,UAAU;YACjB,KAAK,EAAE,UAAU;YACjB,IAAI,EAAE,oBAAoB;SAC3B;QACD;YACE,KAAK,EAAE,aAAa;YACpB,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,yBAAyB;SAChC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,mBAAmB;SAC1B;QACD;YACE,KAAK,EAAE,aAAa;YACpB,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,uBAAuB;SAC9B;QACD;YACE,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE,qBAAqB;SAC5B;KACF;IACD,gBAAgB,EAAE;QAChB;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,6BAA6B;SACpC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,uBAAuB;SAC9B;KACF;IACD,mBAAmB,EAAE;QACnB;YACE,KAAK,EAAE,gBAAgB;YACvB,KAAK,EAAE,gBAAgB;YACvB,IAAI,EAAE,gCAAgC;SACvC;QACD;YACE,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,cAAc;SACrB;QACD;YACE,KAAK,EAAE,OAAO;YACd,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,yBAAyB;SAChC;QACD;YACE,KAAK,EAAE,uBAAuB;YAC9B,KAAK,EAAE,uBAAuB;YAC9B,IAAI,EAAE,iCAAiC;SACxC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,mBAAmB;SAC1B;KACF;IACD,iBAAiB,EAAE;QACjB;YACE,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,gCAAgC;SACvC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,6BAA6B;SACpC;QACD;YACE,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,oBAAoB;SAC3B;QACD;YACE,KAAK,EAAE,gBAAgB;YACvB,KAAK,EAAE,gBAAgB;YACvB,IAAI,EAAE,2BAA2B;SAClC;QACD;YACE,KAAK,EAAE,aAAa;YACpB,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,yBAAyB;SAChC;KACF;IACD,kBAAkB,EAAE;QAClB;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,yBAAyB;SAChC;QACD;YACE,KAAK,EAAE,wBAAwB;YAC/B,KAAK,EAAE,wBAAwB;YAC/B,IAAI,EAAE,gCAAgC;SACvC;QACD;YACE,KAAK,EAAE,WAAW;YAClB,KAAK,EAAE,WAAW;YAClB,IAAI,EAAE,qBAAqB;SAC5B;KACF;IACD,uBAAuB,EAAE;QACvB;YACE,KAAK,EAAE,WAAW;YAClB,KAAK,EAAE,WAAW;YAClB,IAAI,EAAE,qCAAqC;SAC5C;QACD;YACE,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,8BAA8B;SACrC;QACD;YACE,KAAK,EAAE,WAAW;YAClB,KAAK,EAAE,WAAW;YAClB,IAAI,EAAE,qBAAqB;SAC5B;QACD;YACE,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,kBAAkB;SACzB;QACD;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,sBAAsB;SAC7B;QACD;YACE,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,kCAAkC;SACzC;QACD;YACE,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,iCAAiC;SACxC;QACD;YACE,KAAK,EAAE,OAAO;YACd,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,4BAA4B;SACnC;KACF;CACF,CAAC;AAEW,QAAA,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,0BAAkB,CAAC;KAChE,IAAI,EAAE;KACN,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAI5B,MAAM,WAAW,GAAG,CACzB,IAAmB,EACnB,gBAA2B,EAC3B,KAAe,EACf,EAAE;IACF,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,yBAAyB,CAAC;IACzE,MAAM,OAAO,GAAG,GAAG,IAAI,IAAI,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IAE5D,MAAM,qBAAqB,GACzB,gBAAgB;QAChB,gBAAgB,CAAC,MAAM,KAAK,0BAAkB,CAAC,MAAM;QACrD,0BAAkB,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAE5E,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,kDAAkD;IAClD,IACE,gBAAgB;QAChB,gBAAgB,CAAC,MAAM,GAAG,CAAC;QAC3B,CAAC,qBAAqB,EACtB,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,YAAY,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;AACxE,CAAC,CAAC;AAzBW,QAAA,WAAW,eAyBtB;AAEK,MAAM,yBAAyB,GAAG,CACvC,MAA0B,EAC1B,IAAmB,EACnB,gBAA2B,EAC3B,KAAe,EACf,EAAE;IACF,MAAM,MAAM,GAA4B;QACtC,GAAG,EAAE,IAAA,mBAAW,EAAC,IAAI,EAAE,gBAAgB,EAAE,KAAK,CAAC;KAChD,CAAC;IAEF,+DAA+D;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,OAAO,GAAG;YACf,aAAa,EAAE,UAAU,MAAM,EAAE;SAClC,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAlBW,QAAA,yBAAyB,6BAkBpC;AAEK,MAAM,sBAAsB,GAAG,CACpC,MAA0B,EAC1B,IAAmB,EACnB,gBAA2B,EAC3B,KAAe,EACf,EAAE;IACF,MAAM,eAAe,GAAG,IAAA,mBAAW,EAAC,IAAI,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;IAEnE,mDAAmD;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,CAAC,IAAI,EAAE,mBAAmB,EAAE,eAAe,CAAC;SACnD,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,IAAI;YACJ,mBAAmB;YACnB,eAAe;YACf,UAAU;YACV,uCAAuC;SACxC;QACD,GAAG,EAAE;YACH,mBAAmB,EAAE,UAAU,MAAM,EAAE;SACxC;KACF,CAAC;AACJ,CAAC,CAAC;AA9BW,QAAA,sBAAsB,0BA8BjC","sourcesContent":["import z from 'zod';\n\nexport const DefaultMCPClientConfig = z\n .object({\n mcpServers: z.record(\n z.string(),\n z.union([\n z.object({\n command: z.string().optional(),\n args: z.array(z.string()).optional(),\n env: z.record(z.string(), z.string()).optional(),\n }),\n z.object({\n url: z.string(),\n headers: z.record(z.string(), z.string()).optional(),\n }),\n ]),\n ),\n })\n .passthrough();\n\nexport const AVAILABLE_FEATURES = {\n 'Data & Analytics': [\n {\n value: 'dashboards',\n label: 'Dashboards',\n hint: 'Dashboard creation and management',\n },\n {\n value: 'insights',\n label: 'Insights',\n hint: 'Analytics insights',\n },\n {\n value: 'experiments',\n label: 'Experiments',\n hint: 'A/B testing experiments',\n },\n {\n value: 'surveys',\n label: 'Surveys',\n hint: 'Survey management',\n },\n {\n value: 'annotations',\n label: 'Annotations',\n hint: 'Annotation management',\n },\n {\n value: 'sql',\n label: 'SQL',\n hint: 'SQL query execution',\n },\n ],\n 'AI Engineering': [\n {\n value: 'llm_analytics',\n label: 'LLM Analytics',\n hint: 'LLM usage and cost tracking',\n },\n {\n value: 'prompts',\n label: 'Prompts',\n hint: 'LLM prompt management',\n },\n ],\n 'Development Tools': [\n {\n value: 'error_tracking',\n label: 'Error Tracking',\n hint: 'Error monitoring and debugging',\n },\n {\n value: 'logs',\n label: 'Logs',\n hint: 'Log querying',\n },\n {\n value: 'flags',\n label: 'Feature Flags',\n hint: 'Feature flag management',\n },\n {\n value: 'early_access_features',\n label: 'Early Access Features',\n hint: 'Early access feature management',\n },\n {\n value: 'cohorts',\n label: 'Cohorts',\n hint: 'Cohort management',\n },\n ],\n 'Data Management': [\n {\n value: 'events',\n label: 'Events',\n hint: 'Event and property definitions',\n },\n {\n value: 'persons',\n label: 'Persons',\n hint: 'Person and group management',\n },\n {\n value: 'actions',\n label: 'Actions',\n hint: 'Action definitions',\n },\n {\n value: 'data_warehouse',\n label: 'Data Warehouse',\n hint: 'Data warehouse management',\n },\n {\n value: 'data_schema',\n label: 'Data Schema',\n hint: 'Data schema exploration',\n },\n ],\n 'CDP & Automation': [\n {\n value: 'hog_functions',\n label: 'Hog Functions',\n hint: 'CDP function management',\n },\n {\n value: 'hog_function_templates',\n label: 'Hog Function Templates',\n hint: 'CDP function template browsing',\n },\n {\n value: 'workflows',\n label: 'Workflows',\n hint: 'Workflow management',\n },\n ],\n 'Platform & Management': [\n {\n value: 'workspace',\n label: 'Workspace',\n hint: 'Organization and project management',\n },\n {\n value: 'docs',\n label: 'Documentation',\n hint: 'PostHog documentation search',\n },\n {\n value: 'notebooks',\n label: 'Notebooks',\n hint: 'Notebook management',\n },\n {\n value: 'alerts',\n label: 'Alerts',\n hint: 'Alert management',\n },\n {\n value: 'activity_logs',\n label: 'Activity Logs',\n hint: 'Activity log viewing',\n },\n {\n value: 'search',\n label: 'Search',\n hint: 'Entity search across the project',\n },\n {\n value: 'reverse_proxy',\n label: 'Reverse Proxy',\n hint: 'Reverse proxy record management',\n },\n {\n value: 'debug',\n label: 'Debug',\n hint: 'Debug and diagnostic tools',\n },\n ],\n};\n\nexport const ALL_FEATURE_VALUES = Object.values(AVAILABLE_FEATURES)\n .flat()\n .map((feature) => feature.value);\n\ntype MCPServerType = 'sse' | 'streamable-http';\n\nexport const buildMCPUrl = (\n type: MCPServerType,\n selectedFeatures?: string[],\n local?: boolean,\n) => {\n const host = local ? 'http://localhost:8787' : 'https://mcp.posthog.com';\n const baseUrl = `${host}/${type === 'sse' ? 'sse' : 'mcp'}`;\n\n const isAllFeaturesSelected =\n selectedFeatures &&\n selectedFeatures.length === ALL_FEATURE_VALUES.length &&\n ALL_FEATURE_VALUES.every((feature) => selectedFeatures.includes(feature));\n\n const params: string[] = [];\n\n // Add features param if not all features selected\n if (\n selectedFeatures &&\n selectedFeatures.length > 0 &&\n !isAllFeaturesSelected\n ) {\n params.push(`features=${selectedFeatures.join(',')}`);\n }\n\n return params.length > 0 ? `${baseUrl}?${params.join('&')}` : baseUrl;\n};\n\nexport const getNativeHTTPServerConfig = (\n apiKey: string | undefined,\n type: MCPServerType,\n selectedFeatures?: string[],\n local?: boolean,\n) => {\n const config: Record<string, unknown> = {\n url: buildMCPUrl(type, selectedFeatures, local),\n };\n\n // Only add auth header if API key is provided (not OAuth mode)\n if (apiKey) {\n config.headers = {\n Authorization: `Bearer ${apiKey}`,\n };\n }\n\n return config;\n};\n\nexport const getDefaultServerConfig = (\n apiKey: string | undefined,\n type: MCPServerType,\n selectedFeatures?: string[],\n local?: boolean,\n) => {\n const urlWithFeatures = buildMCPUrl(type, selectedFeatures, local);\n\n // OAuth mode: no auth header, let MCP handle OAuth\n if (!apiKey) {\n return {\n command: 'npx',\n args: ['-y', 'mcp-remote@latest', urlWithFeatures],\n };\n }\n\n // API key mode: include auth header\n return {\n command: 'npx',\n args: [\n '-y',\n 'mcp-remote@latest',\n urlWithFeatures,\n '--header',\n `Authorization:\\${POSTHOG_AUTH_HEADER}`,\n ],\n env: {\n POSTHOG_AUTH_HEADER: `Bearer ${apiKey}`,\n },\n };\n};\n"]}
package/dist/src/ui/tui/__tests__/store.test.js CHANGED
@@ -210,10 +210,12 @@ describe('WizardStore', () => {
210
210
  store.setLoginUrl('url');
211
211
  store.setReadinessResult(null);
212
212
  store.setMcpComplete();
213
+ store.setOutroDismissed();
214
+ store.setSkillsComplete(true);
213
215
  store.setOutroData({ kind: OutroKind.Success });
214
216
  store.setFrameworkContext('k', 'v');
215
217
  store.setFrameworkConfig(null, null);
216
- expect(cb).toHaveBeenCalledTimes(11);
218
+ expect(cb).toHaveBeenCalledTimes(13);
217
219
  });
218
220
  });
219
221
  // ── Setter analytics events ────────────────────────────────────
@@ -323,6 +325,25 @@ describe('WizardStore', () => {
323
325
  store.setMcpComplete();
324
326
  expect(store.currentScreen).toBe(Screen.Outro);
325
327
  });
328
+ it('advances to skills after outro dismissed', () => {
329
+ const store = createStore();
330
+ store.completeSetup();
331
+ store.setReadinessResult({
332
+ decision: WizardReadiness.Yes,
333
+ health: {},
334
+ reasons: [],
335
+ });
336
+ store.setCredentials({
337
+ accessToken: 'tok',
338
+ projectApiKey: 'pk',
339
+ host: 'h',
340
+ projectId: 1,
341
+ });
342
+ store.setRunPhase(RunPhase.Completed);
343
+ store.setMcpComplete();
344
+ store.setOutroDismissed();
345
+ expect(store.currentScreen).toBe(Screen.Skills);
346
+ });
326
347
  it('starts at McpAdd for McpAdd flow', () => {
327
348
  const store = createStore(Flow.McpAdd);
328
349
  expect(store.currentScreen).toBe(Screen.McpAdd);
@@ -745,8 +766,11 @@ describe('WizardStore', () => {
745
766
  // Step 5: Complete MCP
746
767
  store.setMcpComplete();
747
768
  expect(store.currentScreen).toBe(Screen.Outro);
769
+ // Step 6: Dismiss outro
770
+ store.setOutroDismissed();
771
+ expect(store.currentScreen).toBe(Screen.Skills);
748
772
  // Verify version was bumped for each setter call
749
- expect(store.getVersion()).toBe(6);
773
+ expect(store.getVersion()).toBe(7);
750
774
  });
751
775
  });
752
776
  // ── setupComplete promise ────────────────────────────────────────