@rulemetric/cli 0.5.4 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-3AEVHOTS.js +33 -0
- package/dist/chunk-3AEVHOTS.js.map +7 -0
- package/dist/{chunk-WLFX4PYR.js → chunk-6TPJGYFF.js} +4 -4
- package/dist/{chunk-4LHEN2FS.js → chunk-CVMRMSV4.js} +14 -14
- package/dist/{chunk-ANOWI23I.js → chunk-HWGRTIXN.js} +98 -105
- package/dist/chunk-HWGRTIXN.js.map +7 -0
- package/dist/{chunk-H3C6EGR2.js → chunk-MUOUV5LY.js} +4 -4
- package/dist/{chunk-JNFIYBFL.js → chunk-N2X35ITW.js} +7 -1
- package/dist/{chunk-JNFIYBFL.js.map → chunk-N2X35ITW.js.map} +2 -2
- package/dist/{chunk-FTJRMUID.js → chunk-OVGP4OGK.js} +25 -1
- package/dist/chunk-OVGP4OGK.js.map +7 -0
- package/dist/{chunk-7K4ILWS7.js → chunk-UPXIO7CG.js} +4 -4
- package/dist/{chunk-IATQXFJA.js → chunk-VBGUNFKY.js} +4 -4
- package/dist/{chunk-BCIUSUEV.js → chunk-VIYUIQHW.js} +4 -4
- package/dist/{chunk-LTT2YMYY.js → chunk-YDTUPCBL.js} +94 -21
- package/dist/chunk-YDTUPCBL.js.map +7 -0
- package/dist/commands/auth/login.js +19 -1
- package/dist/commands/auth/login.js.map +2 -2
- package/dist/commands/auth/signup.js +81 -0
- package/dist/commands/auth/signup.js.map +7 -0
- package/dist/commands/evals/agent.js +10 -10
- package/dist/commands/gateway/ensure.js +1 -1
- package/dist/commands/hooks/install.js +92 -53
- package/dist/commands/hooks/install.js.map +2 -2
- package/dist/commands/hooks/run.js +5 -3
- package/dist/commands/hooks/run.js.map +2 -2
- package/dist/commands/hooks/uninstall.js +53 -7
- package/dist/commands/hooks/uninstall.js.map +2 -2
- package/dist/commands/proxy/env.js +1 -1
- package/dist/commands/proxy/status.js +1 -1
- package/dist/commands/service/install.js +8 -2
- package/dist/commands/service/install.js.map +2 -2
- package/dist/commands/setup.js +6 -6
- package/dist/commands/setup.js.map +2 -2
- package/dist/dashboard/Dashboard.js +11 -11
- package/dist/dashboard/launcher/LauncherOverlay.js +3 -3
- package/dist/lib/agent-loop.js +10 -10
- package/dist/lib/ensure-api-key.js +10 -0
- package/dist/lib/ensure-api-key.js.map +7 -0
- package/dist/lib/gateway-lifecycle.js +7 -3
- package/dist/lib/handlers/cron-suggest-instructions.js +2 -2
- package/dist/lib/handlers/process-announcement.js +2 -2
- package/dist/lib/handlers/process-run-cleanup.js +2 -2
- package/dist/lib/handlers/process-session-goal.js +2 -2
- package/dist/lib/hooks-config.js +7 -1
- package/dist/lib/manual-tasks.js +2 -2
- package/dist/lib/setup-steps.js +7 -3
- package/dist/lib/statusline-shim.js +3 -1
- package/oclif.manifest.json +52 -1
- package/package.json +6 -6
- package/dist/chunk-ANOWI23I.js.map +0 -7
- package/dist/chunk-FTJRMUID.js.map +0 -7
- package/dist/chunk-LTT2YMYY.js.map +0 -7
- /package/dist/{chunk-WLFX4PYR.js.map → chunk-6TPJGYFF.js.map} +0 -0
- /package/dist/{chunk-4LHEN2FS.js.map → chunk-CVMRMSV4.js.map} +0 -0
- /package/dist/{chunk-H3C6EGR2.js.map → chunk-MUOUV5LY.js.map} +0 -0
- /package/dist/{chunk-7K4ILWS7.js.map → chunk-UPXIO7CG.js.map} +0 -0
- /package/dist/{chunk-IATQXFJA.js.map → chunk-VBGUNFKY.js.map} +0 -0
- /package/dist/{chunk-BCIUSUEV.js.map → chunk-VIYUIQHW.js.map} +0 -0
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/lib/statusline-shim.ts"],
|
|
4
|
-
"sourcesContent": ["import { existsSync, readFileSync, writeFileSync, chmodSync } from 'node:fs';\nimport { homedir } from 'node:os';\nimport { join } from 'node:path';\n\n// Path where the shim script lives \u2014 readable by the `statusLine` config key.\nexport const STATUSLINE_SHIM_PATH = join(homedir(), '.claude', 'statusline-rulemetric.sh');\n\n/**\n * Write ~/.claude/statusline-rulemetric.sh.\n *\n * The script is invoked by Claude Code on every statusline refresh cycle.\n * Claude Code feeds a JSON payload on stdin that includes `rate_limits`\n * (same shape as GET /api/oauth/usage) using its own in-memory token \u2014\n * so freshness is tied to the statusline cadence, not the proxy capturing\n * a stale keychain token.\n *\n * The script:\n * 1. Reads stdin once (Claude Code closes it after the payload).\n * 2. If jq is available, extracts each rate_limit window and POSTs it to\n * POST /api/internal/research/observe as an oauth_usage observation.\n * 3. If a `prevCommand` is supplied (the user's original statusLine value),\n * it is executed with the same stdin forwarded so the user's prompt text\n * is still displayed \u2014 we must chain, not replace.\n * 4. Exits 0 regardless so Claude Code always gets a clean statusline.\n *\n * Auth is read from the same priority chain as the hook scripts:\n * ~/.config/rulemetric/env (RULEMETRIC_ACCESS_TOKEN / RULEMETRIC_API_KEY)\n * RULEMETRIC_API_KEY / RULEMETRIC_ACCESS_TOKEN env vars\n *\n * Returns the path written.\n */\nexport function writeStatuslineShim(prevCommand?: string): string {\n const chainBlock = prevCommand\n ? `\n# Chain to the original statusLine command so the user's prompt is preserved.\necho \"$STDIN_PAYLOAD\" | ${prevCommand}`\n : '';\n\n const script = `#!/usr/bin/env bash\n# RuleMetric statusline shim \u2014 auto-generated by \\`rulemetric hooks install --statusline-usage\\`\n# Captures Claude Code rate_limits from statusline stdin and forwards to the research pipeline.\n# DO NOT EDIT \u2014 re-run \\`rulemetric hooks install --statusline-usage\\` to regenerate.\n\nset -euo pipefail\n\n# Read stdin once (Claude Code closes the pipe after the payload).\nSTDIN_PAYLOAD=\"$(cat)\"\n\n# \u2500\u2500 Auth \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nCONFIG_ENV=\"$HOME/.config/rulemetric/env\"\nif [ -f \"$CONFIG_ENV\" ]; then\n # shellcheck source=/dev/null\n source \"$CONFIG_ENV\"\nfi\n\nAPI_URL=\"\\${RULEMETRIC_API_URL:-https://rulemetric.com}\"\nAUTH_TOKEN=\"\\${RULEMETRIC_ACCESS_TOKEN:-\\${RULEMETRIC_API_KEY:-}}\"\n\nif [ -z \"$AUTH_TOKEN\" ]; then\n # No auth \u2014 still chain so the user's statusline works.\n${chainBlock}\n exit 0\nfi\n\n# \u2500\u2500 Extract + POST rate_limit windows \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nif ! command -v jq &>/dev/null; then\n # jq missing \u2014 chain and bail; don't break the user's statusline.\n${chainBlock}\n exit 0\nfi\n\nOBSERVED_AT=\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"\nCACHE_DIR=\"$HOME/.config/rulemetric\"\nmkdir -p \"$CACHE_DIR\" 2>/dev/null || true\n\nfor WIRE_KEY in five_hour seven_day seven_day_opus; do\n # Map wire key \u2192 limit_type (case statement avoids bash 4 associative arrays).\n case \"$WIRE_KEY\" in\n five_hour) LIMIT_TYPE=\"five_hour_percent\" ;;\n seven_day) LIMIT_TYPE=\"seven_day_percent\" ;;\n seven_day_opus) LIMIT_TYPE=\"seven_day_opus_percent\" ;;\n *) continue ;;\n esac\n\n # Try both wire shapes:\n # Legacy: { \"rate_limits\": { \"five_hour\": { \"used_percentage\": ..., \"resets_at\": ... } } }\n # Current: { \"five_hour\": { \"used_percentage\": ..., \"resets_at\": ... } }\n WINDOW=\"$(echo \"$STDIN_PAYLOAD\" | jq -c \".rate_limits.\\${WIRE_KEY} // .\\${WIRE_KEY} // empty\" 2>/dev/null || true)\"\n\n if [ -z \"$WINDOW\" ] || [ \"$WINDOW\" = \"null\" ]; then\n continue\n fi\n\n USED_PCT=\"$(echo \"$WINDOW\" | jq '.used_percentage // empty' 2>/dev/null || true)\"\n RESETS_AT_EPOCH=\"$(echo \"$WINDOW\" | jq '.resets_at // empty' 2>/dev/null || true)\"\n\n if [ -z \"$USED_PCT\" ] || [ \"$USED_PCT\" = \"null\" ]; then\n continue\n fi\n\n # Convert unix epoch to ISO-8601 if present.\n if [ -n \"$RESETS_AT_EPOCH\" ] && [ \"$RESETS_AT_EPOCH\" != \"null\" ]; then\n RESETS_AT_ISO=\"$(date -u -r \"$RESETS_AT_EPOCH\" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \\\n || date -u -d \"@$RESETS_AT_EPOCH\" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \\\n || echo \"\")\"\n else\n RESETS_AT_ISO=\"\"\n fi\n\n # Skip stale windows. Claude Code can keep re-emitting a cached rate_limits\n # block after the reset time has passed; storing those rows floods the DB and\n # corrupts the \"current limits\" view.\n if [ -n \"$RESETS_AT_EPOCH\" ] && [ \"$RESETS_AT_EPOCH\" != \"null\" ]; then\n NOW_EPOCH=\"$(date -u +%s)\"\n if [ \"$RESETS_AT_EPOCH\" -lt \"$NOW_EPOCH\" ] 2>/dev/null; then\n continue\n fi\n else\n NOW_EPOCH=\"$(date -u +%s)\"\n fi\n\n # Local duplicate suppression mirrors the API's 30-minute freshness floor.\n # The statusline refreshes often; if the same window/value/reset is already\n # posted recently, another POST only burns an API request and DB connection.\n CACHE_FILE=\"$CACHE_DIR/statusline-usage-\\${LIMIT_TYPE}.cache\"\n CACHE_KEY=\"\\${LIMIT_TYPE}|\\${USED_PCT}|\\${RESETS_AT_ISO}\"\n if [ -f \"$CACHE_FILE\" ]; then\n read -r CACHED_AT CACHED_KEY < \"$CACHE_FILE\" || true\n if [ \"\\${CACHED_KEY:-}\" = \"$CACHE_KEY\" ] && [ $((NOW_EPOCH - \\${CACHED_AT:-0})) -lt 1800 ] 2>/dev/null; then\n continue\n fi\n fi\n printf '%s %s\\n' \"$NOW_EPOCH\" \"$CACHE_KEY\" > \"$CACHE_FILE.tmp\" 2>/dev/null \\\n && mv \"$CACHE_FILE.tmp\" \"$CACHE_FILE\" 2>/dev/null || true\n\n PAYLOAD=\"$(jq -nc \\\\\n --arg provider \"anthropic\" \\\\\n --arg plan \"unknown\" \\\\\n --argjson value \"$USED_PCT\" \\\\\n --arg limitType \"$LIMIT_TYPE\" \\\\\n --arg observedAt \"$OBSERVED_AT\" \\\\\n --arg resetsAt \"$RESETS_AT_ISO\" \\\\\n '{\n provider: $provider,\n plan: $plan,\n limitType: $limitType,\n value: $value,\n unit: \"percentage\",\n comparator: \"=\",\n sourceType: \"oauth_usage\",\n sourceUrl: null,\n confidence: 1.0,\n observedAt: $observedAt,\n resetsAt: (if $resetsAt == \"\" then null else $resetsAt end)\n }')\"\n\n curl -sf -o /dev/null \\\\\n -X POST \"$API_URL/api/internal/research/observe\" \\\\\n -H \"Content-Type: application/json\" \\\\\n -H \"Authorization: Bearer $AUTH_TOKEN\" \\\\\n --max-time 3 \\\\\n --data \"$PAYLOAD\" >/dev/null 2>&1 &\ndone\n\n${chainBlock}\nexit 0\n`;\n\n writeFileSync(STATUSLINE_SHIM_PATH, script, { encoding: 'utf-8' });\n chmodSync(STATUSLINE_SHIM_PATH, 0o755);\n return STATUSLINE_SHIM_PATH;\n}\n\n// The settings object shape for statusLine (Claude Code v1.x+).\nexport const STATUSLINE_SETTINGS_VALUE = {\n type: 'command' as const,\n command: STATUSLINE_SHIM_PATH,\n refreshInterval: 30,\n};\n\n/**\n * Read the current statusLine command from a settings object, if any.\n * Returns undefined if not set or already points to the shim (idempotent).\n * Handles both the legacy string form and the current object form.\n */\nexport function readCurrentStatusLine(\n settings: Record<string, unknown>,\n): string | undefined {\n const current = settings.statusLine;\n if (!current) return undefined;\n if (typeof current === 'string') {\n if (current === STATUSLINE_SHIM_PATH) return undefined;\n return current;\n }\n if (typeof current === 'object' && current !== null) {\n const cmd = (current as Record<string, unknown>).command;\n if (typeof cmd !== 'string') return undefined;\n if (cmd === STATUSLINE_SHIM_PATH) return undefined; // already installed\n return cmd;\n }\n return undefined;\n}\n\n/**\n * Returns true if the settings object already points to the shim.\n */\nexport function isStatuslineShimInstalled(settings: Record<string, unknown>): boolean {\n const current = settings.statusLine;\n if (!current) return false;\n if (typeof current === 'string') return current === STATUSLINE_SHIM_PATH;\n if (typeof current === 'object' && current !== null) {\n return (current as Record<string, unknown>).command === STATUSLINE_SHIM_PATH;\n }\n return false;\n}\n"],
|
|
5
|
-
"mappings": ";AAAA,SAAmC,eAAe,iBAAiB;AACnE,SAAS,eAAe;AACxB,SAAS,YAAY;AAGd,IAAM,uBAAuB,KAAK,QAAQ,GAAG,WAAW,0BAA0B;AA0BlF,SAAS,oBAAoB,aAA8B;AAChE,QAAM,aAAa,cACf;AAAA;AAAA,0BAEoB,WAAW,KAC/B;AAEJ,QAAM,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBf,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOV,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiGV,UAAU;AAAA;AAAA;AAIV,gBAAc,sBAAsB,QAAQ,EAAE,UAAU,QAAQ,CAAC;AACjE,YAAU,sBAAsB,GAAK;AACrC,SAAO;AACT;AAGO,IAAM,4BAA4B;AAAA,EACvC,MAAM;AAAA,EACN,SAAS;AAAA,EACT,iBAAiB;AACnB;AAOO,SAAS,sBACd,UACoB;AACpB,QAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,OAAO,YAAY,UAAU;AAC/B,QAAI,YAAY,qBAAsB,QAAO;AAC7C,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,YAAY,YAAY,MAAM;AACnD,UAAM,MAAO,QAAoC;AACjD,QAAI,OAAO,QAAQ,SAAU,QAAO;AACpC,QAAI,QAAQ,qBAAsB,QAAO;AACzC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAKO,SAAS,0BAA0B,UAA4C;AACpF,QAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,OAAO,YAAY,SAAU,QAAO,YAAY;AACpD,MAAI,OAAO,YAAY,YAAY,YAAY,MAAM;AACnD,WAAQ,QAAoC,YAAY;AAAA,EAC1D;AACA,SAAO;AACT;",
|
|
4
|
+
"sourcesContent": ["import { existsSync, readFileSync, writeFileSync, chmodSync } from 'node:fs';\nimport { homedir } from 'node:os';\nimport { join } from 'node:path';\n\n// Path where the shim script lives \u2014 readable by the `statusLine` config key.\nexport const STATUSLINE_SHIM_PATH = join(homedir(), '.claude', 'statusline-rulemetric.sh');\n\n/**\n * Write ~/.claude/statusline-rulemetric.sh.\n *\n * The script is invoked by Claude Code on every statusline refresh cycle.\n * Claude Code feeds a JSON payload on stdin that includes `rate_limits`\n * (same shape as GET /api/oauth/usage) using its own in-memory token \u2014\n * so freshness is tied to the statusline cadence, not the proxy capturing\n * a stale keychain token.\n *\n * The script:\n * 1. Reads stdin once (Claude Code closes it after the payload).\n * 2. If jq is available, extracts each rate_limit window and POSTs it to\n * POST /api/internal/research/observe as an oauth_usage observation.\n * 3. If a `prevCommand` is supplied (the user's original statusLine value),\n * it is executed with the same stdin forwarded so the user's prompt text\n * is still displayed \u2014 we must chain, not replace.\n * 4. Exits 0 regardless so Claude Code always gets a clean statusline.\n *\n * Auth is read from the same priority chain as the hook scripts:\n * ~/.config/rulemetric/env (RULEMETRIC_ACCESS_TOKEN / RULEMETRIC_API_KEY)\n * RULEMETRIC_API_KEY / RULEMETRIC_ACCESS_TOKEN env vars\n *\n * Returns the path written.\n */\nexport function writeStatuslineShim(prevCommand?: string): string {\n const chainBlock = prevCommand\n ? `\n# Chain to the original statusLine command so the user's prompt is preserved.\necho \"$STDIN_PAYLOAD\" | ${prevCommand}`\n : '';\n\n const script = `#!/usr/bin/env bash\n# RuleMetric statusline shim \u2014 auto-generated by \\`rulemetric hooks install --statusline-usage\\`\n# Captures Claude Code rate_limits from statusline stdin and forwards to the research pipeline.\n# DO NOT EDIT \u2014 re-run \\`rulemetric hooks install --statusline-usage\\` to regenerate.\n\nset -euo pipefail\n\n# Read stdin once (Claude Code closes the pipe after the payload).\nSTDIN_PAYLOAD=\"$(cat)\"\n\n# \u2500\u2500 Auth \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nCONFIG_ENV=\"$HOME/.config/rulemetric/env\"\nif [ -f \"$CONFIG_ENV\" ]; then\n # shellcheck source=/dev/null\n source \"$CONFIG_ENV\"\nfi\n\nAPI_URL=\"\\${RULEMETRIC_API_URL:-https://rulemetric.com}\"\nAUTH_TOKEN=\"\\${RULEMETRIC_ACCESS_TOKEN:-\\${RULEMETRIC_API_KEY:-}}\"\n\nif [ -z \"$AUTH_TOKEN\" ]; then\n # No auth \u2014 still chain so the user's statusline works.\n${chainBlock}\n exit 0\nfi\n\n# \u2500\u2500 Extract + POST rate_limit windows \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nif ! command -v jq &>/dev/null; then\n # jq missing \u2014 chain and bail; don't break the user's statusline.\n${chainBlock}\n exit 0\nfi\n\nOBSERVED_AT=\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"\nCACHE_DIR=\"$HOME/.config/rulemetric\"\nmkdir -p \"$CACHE_DIR\" 2>/dev/null || true\n\nfor WIRE_KEY in five_hour seven_day seven_day_opus; do\n # Map wire key \u2192 limit_type (case statement avoids bash 4 associative arrays).\n case \"$WIRE_KEY\" in\n five_hour) LIMIT_TYPE=\"five_hour_percent\" ;;\n seven_day) LIMIT_TYPE=\"seven_day_percent\" ;;\n seven_day_opus) LIMIT_TYPE=\"seven_day_opus_percent\" ;;\n *) continue ;;\n esac\n\n # Try both wire shapes:\n # Legacy: { \"rate_limits\": { \"five_hour\": { \"used_percentage\": ..., \"resets_at\": ... } } }\n # Current: { \"five_hour\": { \"used_percentage\": ..., \"resets_at\": ... } }\n WINDOW=\"$(echo \"$STDIN_PAYLOAD\" | jq -c \".rate_limits.\\${WIRE_KEY} // .\\${WIRE_KEY} // empty\" 2>/dev/null || true)\"\n\n if [ -z \"$WINDOW\" ] || [ \"$WINDOW\" = \"null\" ]; then\n continue\n fi\n\n USED_PCT=\"$(echo \"$WINDOW\" | jq '.used_percentage // empty' 2>/dev/null || true)\"\n RESETS_AT_EPOCH=\"$(echo \"$WINDOW\" | jq '.resets_at // empty' 2>/dev/null || true)\"\n\n if [ -z \"$USED_PCT\" ] || [ \"$USED_PCT\" = \"null\" ]; then\n continue\n fi\n\n # Convert unix epoch to ISO-8601 if present.\n if [ -n \"$RESETS_AT_EPOCH\" ] && [ \"$RESETS_AT_EPOCH\" != \"null\" ]; then\n RESETS_AT_ISO=\"$(date -u -r \"$RESETS_AT_EPOCH\" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \\\n || date -u -d \"@$RESETS_AT_EPOCH\" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \\\n || echo \"\")\"\n else\n RESETS_AT_ISO=\"\"\n fi\n\n # Skip stale windows. Claude Code can keep re-emitting a cached rate_limits\n # block after the reset time has passed; storing those rows floods the DB and\n # corrupts the \"current limits\" view.\n if [ -n \"$RESETS_AT_EPOCH\" ] && [ \"$RESETS_AT_EPOCH\" != \"null\" ]; then\n NOW_EPOCH=\"$(date -u +%s)\"\n if [ \"$RESETS_AT_EPOCH\" -lt \"$NOW_EPOCH\" ] 2>/dev/null; then\n continue\n fi\n else\n NOW_EPOCH=\"$(date -u +%s)\"\n fi\n\n # Local duplicate suppression mirrors the API's 30-minute freshness floor.\n # The statusline refreshes often; if the same window/value/reset is already\n # posted recently, another POST only burns an API request and DB connection.\n CACHE_FILE=\"$CACHE_DIR/statusline-usage-\\${LIMIT_TYPE}.cache\"\n CACHE_KEY=\"\\${LIMIT_TYPE}|\\${USED_PCT}|\\${RESETS_AT_ISO}\"\n if [ -f \"$CACHE_FILE\" ]; then\n read -r CACHED_AT CACHED_KEY < \"$CACHE_FILE\" || true\n if [ \"\\${CACHED_KEY:-}\" = \"$CACHE_KEY\" ] && [ $((NOW_EPOCH - \\${CACHED_AT:-0})) -lt 1800 ] 2>/dev/null; then\n continue\n fi\n fi\n printf '%s %s\\n' \"$NOW_EPOCH\" \"$CACHE_KEY\" > \"$CACHE_FILE.tmp\" 2>/dev/null \\\n && mv \"$CACHE_FILE.tmp\" \"$CACHE_FILE\" 2>/dev/null || true\n\n PAYLOAD=\"$(jq -nc \\\\\n --arg provider \"anthropic\" \\\\\n --arg plan \"unknown\" \\\\\n --argjson value \"$USED_PCT\" \\\\\n --arg limitType \"$LIMIT_TYPE\" \\\\\n --arg observedAt \"$OBSERVED_AT\" \\\\\n --arg resetsAt \"$RESETS_AT_ISO\" \\\\\n '{\n provider: $provider,\n plan: $plan,\n limitType: $limitType,\n value: $value,\n unit: \"percentage\",\n comparator: \"=\",\n sourceType: \"oauth_usage\",\n sourceUrl: null,\n confidence: 1.0,\n observedAt: $observedAt,\n resetsAt: (if $resetsAt == \"\" then null else $resetsAt end)\n }')\"\n\n curl -sf -o /dev/null \\\\\n -X POST \"$API_URL/api/internal/research/observe\" \\\\\n -H \"Content-Type: application/json\" \\\\\n -H \"Authorization: Bearer $AUTH_TOKEN\" \\\\\n --max-time 3 \\\\\n --data \"$PAYLOAD\" >/dev/null 2>&1 &\ndone\n\n${chainBlock}\nexit 0\n`;\n\n writeFileSync(STATUSLINE_SHIM_PATH, script, { encoding: 'utf-8' });\n chmodSync(STATUSLINE_SHIM_PATH, 0o755);\n return STATUSLINE_SHIM_PATH;\n}\n\n// The settings object shape for statusLine (Claude Code v1.x+).\nexport const STATUSLINE_SETTINGS_VALUE = {\n type: 'command' as const,\n command: STATUSLINE_SHIM_PATH,\n refreshInterval: 30,\n};\n\n/**\n * Read the current statusLine command from a settings object, if any.\n * Returns undefined if not set or already points to the shim (idempotent).\n * Handles both the legacy string form and the current object form.\n */\nexport function readCurrentStatusLine(\n settings: Record<string, unknown>,\n): string | undefined {\n const current = settings.statusLine;\n if (!current) return undefined;\n if (typeof current === 'string') {\n if (current === STATUSLINE_SHIM_PATH) return undefined;\n return current;\n }\n if (typeof current === 'object' && current !== null) {\n const cmd = (current as Record<string, unknown>).command;\n if (typeof cmd !== 'string') return undefined;\n if (cmd === STATUSLINE_SHIM_PATH) return undefined; // already installed\n return cmd;\n }\n return undefined;\n}\n\n/**\n * Remove our statusline shim from a settings object (uninstall). Only deletes\n * `settings.statusLine` when it points at OUR shim \u2014 a user-owned statusLine is\n * left untouched. Returns true iff it removed the shim. Without this, `hooks\n * uninstall` leaves Claude Code POSTing usage to rulemetric.com via the shim\n * even after the hooks + CLI are gone.\n */\nexport function removeStatuslineShim(settings: Record<string, unknown>): boolean {\n if (!isStatuslineShimInstalled(settings)) return false;\n delete settings.statusLine;\n return true;\n}\n\n/**\n * Returns true if the settings object already points to the shim.\n */\nexport function isStatuslineShimInstalled(settings: Record<string, unknown>): boolean {\n const current = settings.statusLine;\n if (!current) return false;\n if (typeof current === 'string') return current === STATUSLINE_SHIM_PATH;\n if (typeof current === 'object' && current !== null) {\n return (current as Record<string, unknown>).command === STATUSLINE_SHIM_PATH;\n }\n return false;\n}\n"],
|
|
5
|
+
"mappings": ";AAAA,SAAmC,eAAe,iBAAiB;AACnE,SAAS,eAAe;AACxB,SAAS,YAAY;AAGd,IAAM,uBAAuB,KAAK,QAAQ,GAAG,WAAW,0BAA0B;AA0BlF,SAAS,oBAAoB,aAA8B;AAChE,QAAM,aAAa,cACf;AAAA;AAAA,0BAEoB,WAAW,KAC/B;AAEJ,QAAM,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBf,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOV,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiGV,UAAU;AAAA;AAAA;AAIV,gBAAc,sBAAsB,QAAQ,EAAE,UAAU,QAAQ,CAAC;AACjE,YAAU,sBAAsB,GAAK;AACrC,SAAO;AACT;AAGO,IAAM,4BAA4B;AAAA,EACvC,MAAM;AAAA,EACN,SAAS;AAAA,EACT,iBAAiB;AACnB;AAOO,SAAS,sBACd,UACoB;AACpB,QAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,OAAO,YAAY,UAAU;AAC/B,QAAI,YAAY,qBAAsB,QAAO;AAC7C,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,YAAY,YAAY,MAAM;AACnD,UAAM,MAAO,QAAoC;AACjD,QAAI,OAAO,QAAQ,SAAU,QAAO;AACpC,QAAI,QAAQ,qBAAsB,QAAO;AACzC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AASO,SAAS,qBAAqB,UAA4C;AAC/E,MAAI,CAAC,0BAA0B,QAAQ,EAAG,QAAO;AACjD,SAAO,SAAS;AAChB,SAAO;AACT;AAKO,SAAS,0BAA0B,UAA4C;AACpF,QAAM,UAAU,SAAS;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,OAAO,YAAY,SAAU,QAAO,YAAY;AACpD,MAAI,OAAO,YAAY,YAAY,YAAY,MAAM;AACnD,WAAQ,QAAoC,YAAY;AAAA,EAC1D;AACA,SAAO;AACT;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
// src/lib/gateway-lifecycle.ts
|
|
2
2
|
import { spawn } from "node:child_process";
|
|
3
|
+
import { createConnection } from "node:net";
|
|
3
4
|
import { existsSync, mkdirSync, openSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
|
|
4
5
|
import { homedir } from "node:os";
|
|
5
6
|
import { join, resolve } from "node:path";
|
|
@@ -8,6 +9,27 @@ var GATEWAY_PID_FILE = join(CONFIG_DIR, "gateway.pid");
|
|
|
8
9
|
var GATEWAY_LOG_FILE = join(CONFIG_DIR, "gateway.log");
|
|
9
10
|
var GATEWAY_PORT = 8787;
|
|
10
11
|
var MITMPROXY_PORT = 8788;
|
|
12
|
+
function isGatewayListening(port = GATEWAY_PORT, timeoutMs = 1500) {
|
|
13
|
+
return new Promise((resolveProbe) => {
|
|
14
|
+
const socket = createConnection({ host: "127.0.0.1", port });
|
|
15
|
+
const finish = (result) => {
|
|
16
|
+
socket.destroy();
|
|
17
|
+
resolveProbe(result);
|
|
18
|
+
};
|
|
19
|
+
socket.setTimeout(timeoutMs);
|
|
20
|
+
socket.once("connect", () => finish(true));
|
|
21
|
+
socket.once("timeout", () => finish(false));
|
|
22
|
+
socket.once("error", () => finish(false));
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
async function waitForGatewayListening(port = GATEWAY_PORT, { timeoutMs = 3e3, intervalMs = 150 } = {}) {
|
|
26
|
+
const deadline = Date.now() + timeoutMs;
|
|
27
|
+
for (; ; ) {
|
|
28
|
+
if (await isGatewayListening(port, Math.min(1500, timeoutMs))) return true;
|
|
29
|
+
if (Date.now() >= deadline) return false;
|
|
30
|
+
await new Promise((resolve2) => setTimeout(resolve2, intervalMs));
|
|
31
|
+
}
|
|
32
|
+
}
|
|
11
33
|
function isGatewayRunning() {
|
|
12
34
|
if (!existsSync(GATEWAY_PID_FILE)) return false;
|
|
13
35
|
const content = readFileSync(GATEWAY_PID_FILE, "utf-8").trim();
|
|
@@ -88,9 +110,11 @@ export {
|
|
|
88
110
|
GATEWAY_LOG_FILE,
|
|
89
111
|
GATEWAY_PORT,
|
|
90
112
|
MITMPROXY_PORT,
|
|
113
|
+
isGatewayListening,
|
|
114
|
+
waitForGatewayListening,
|
|
91
115
|
isGatewayRunning,
|
|
92
116
|
getGatewayPid,
|
|
93
117
|
spawnGateway,
|
|
94
118
|
stopGateway
|
|
95
119
|
};
|
|
96
|
-
//# sourceMappingURL=chunk-
|
|
120
|
+
//# sourceMappingURL=chunk-OVGP4OGK.js.map
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/lib/gateway-lifecycle.ts"],
|
|
4
|
+
"sourcesContent": ["/**\n * Gateway process lifecycle helpers \u2014 spawn, stop, check status.\n * Used by hooks install/uninstall, session-start hook, and proxy status.\n */\nimport { spawn } from 'node:child_process';\nimport { createConnection } from 'node:net';\nimport { existsSync, mkdirSync, openSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';\nimport { homedir } from 'node:os';\nimport { join, resolve } from 'node:path';\n\nconst CONFIG_DIR = join(homedir(), '.config', 'rulemetric');\nexport const GATEWAY_PID_FILE = join(CONFIG_DIR, 'gateway.pid');\nexport const GATEWAY_LOG_FILE = join(CONFIG_DIR, 'gateway.log');\nexport const GATEWAY_PORT = 8787;\nexport const MITMPROXY_PORT = 8788;\n\n/**\n * TCP liveness probe: does something actually ACCEPT a connection on the port?\n * Distinct from isGatewayRunning() (which only checks the PID is alive) \u2014 a\n * process can be \"running\" per its pidfile while :8787 accepts nothing. This is\n * the check that must gate writing HTTPS_PROXY: never pin Claude Code's proxy\n * at a port with nothing behind it (the fresh-laptop ConnectionRefused footgun).\n */\nexport function isGatewayListening(port: number = GATEWAY_PORT, timeoutMs = 1500): Promise<boolean> {\n return new Promise((resolveProbe) => {\n const socket = createConnection({ host: '127.0.0.1', port });\n const finish = (result: boolean) => {\n socket.destroy();\n resolveProbe(result);\n };\n socket.setTimeout(timeoutMs);\n socket.once('connect', () => finish(true));\n socket.once('timeout', () => finish(false));\n socket.once('error', () => finish(false));\n });\n}\n\n/**\n * Poll isGatewayListening() until it's true or the window elapses. spawnGateway()\n * returns as soon as it writes the PID file \u2014 the detached child hasn't bound\n * :8787 yet (Node bootstrap + module load). A one-shot probe microseconds later\n * fails-closed on every fresh install, so the proxy/deep-capture layer silently\n * never turns on. This tolerates a normal cold-start bind delay.\n */\nexport async function waitForGatewayListening(\n port: number = GATEWAY_PORT,\n { timeoutMs = 3000, intervalMs = 150 }: { timeoutMs?: number; intervalMs?: number } = {},\n): Promise<boolean> {\n const deadline = Date.now() + timeoutMs;\n for (;;) {\n if (await isGatewayListening(port, Math.min(1500, timeoutMs))) return true;\n if (Date.now() >= deadline) return false;\n await new Promise((resolve) => setTimeout(resolve, intervalMs));\n }\n}\n\nexport function isGatewayRunning(): boolean {\n if (!existsSync(GATEWAY_PID_FILE)) return false;\n\n const content = readFileSync(GATEWAY_PID_FILE, 'utf-8').trim();\n const pid = parseInt(content, 10);\n if (isNaN(pid)) return false;\n\n try {\n process.kill(pid, 0);\n return true;\n } catch {\n return false;\n }\n}\n\nexport function getGatewayPid(): number | null {\n if (!existsSync(GATEWAY_PID_FILE)) return null;\n const content = readFileSync(GATEWAY_PID_FILE, 'utf-8').trim();\n const pid = parseInt(content, 10);\n return isNaN(pid) ? null : pid;\n}\n\nfunction findGatewayEntry(): string {\n // Look for the compiled gateway-entry.js relative to this file's location\n const candidates = [\n resolve(import.meta.dirname, './gateway-entry.js'),\n resolve(import.meta.dirname, '../lib/gateway-entry.js'),\n ];\n for (const p of candidates) {\n if (existsSync(p)) return p;\n }\n throw new Error(\n 'Could not find gateway-entry.js. Is the CLI built?\\n' +\n 'Searched:\\n' + candidates.map(c => ` ${c}`).join('\\n'),\n );\n}\n\nexport function spawnGateway(cliVersion?: string): number {\n if (isGatewayRunning()) {\n const pid = getGatewayPid();\n if (pid) return pid;\n }\n\n mkdirSync(CONFIG_DIR, { recursive: true });\n\n const entryPath = findGatewayEntry();\n const logFd = openSync(GATEWAY_LOG_FILE, 'a');\n\n const child = spawn(process.execPath, [entryPath], {\n detached: true,\n stdio: ['ignore', logFd, logFd],\n // The gateway inherits the spawning CLI's env. RULEMETRIC_CLI_VERSION\n // identifies the CLI version that started this gateway \u2014 used to\n // detect drift when a newer CLI starts mitmproxy with a different\n // version. RULEMETRIC_CLI_ENTRY is the path to the oclif entry point\n // (process.argv[1]) so the gateway can re-invoke the CLI for\n // `proxy restart` without needing the binary in PATH. Falls back to\n // \"unknown\" if the caller didn't pass them.\n env: {\n ...process.env,\n RULEMETRIC_CLI_VERSION: cliVersion ?? 'unknown',\n RULEMETRIC_CLI_ENTRY: process.argv[1] ?? '',\n },\n });\n\n child.unref();\n\n if (!child.pid) {\n throw new Error('Failed to spawn gateway process');\n }\n\n writeFileSync(GATEWAY_PID_FILE, String(child.pid));\n return child.pid;\n}\n\nexport function stopGateway(): boolean {\n const pid = getGatewayPid();\n if (pid === null) return false;\n\n try {\n process.kill(pid, 'SIGTERM');\n } catch {\n // Process already gone\n }\n\n try { unlinkSync(GATEWAY_PID_FILE); } catch { /* already gone */ }\n return true;\n}\n"],
|
|
5
|
+
"mappings": ";AAIA,SAAS,aAAa;AACtB,SAAS,wBAAwB;AACjC,SAAS,YAAY,WAAW,UAAU,cAAc,YAAY,qBAAqB;AACzF,SAAS,eAAe;AACxB,SAAS,MAAM,eAAe;AAE9B,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,YAAY;AACnD,IAAM,mBAAmB,KAAK,YAAY,aAAa;AACvD,IAAM,mBAAmB,KAAK,YAAY,aAAa;AACvD,IAAM,eAAe;AACrB,IAAM,iBAAiB;AASvB,SAAS,mBAAmB,OAAe,cAAc,YAAY,MAAwB;AAClG,SAAO,IAAI,QAAQ,CAAC,iBAAiB;AACnC,UAAM,SAAS,iBAAiB,EAAE,MAAM,aAAa,KAAK,CAAC;AAC3D,UAAM,SAAS,CAAC,WAAoB;AAClC,aAAO,QAAQ;AACf,mBAAa,MAAM;AAAA,IACrB;AACA,WAAO,WAAW,SAAS;AAC3B,WAAO,KAAK,WAAW,MAAM,OAAO,IAAI,CAAC;AACzC,WAAO,KAAK,WAAW,MAAM,OAAO,KAAK,CAAC;AAC1C,WAAO,KAAK,SAAS,MAAM,OAAO,KAAK,CAAC;AAAA,EAC1C,CAAC;AACH;AASA,eAAsB,wBACpB,OAAe,cACf,EAAE,YAAY,KAAM,aAAa,IAAI,IAAiD,CAAC,GACrE;AAClB,QAAM,WAAW,KAAK,IAAI,IAAI;AAC9B,aAAS;AACP,QAAI,MAAM,mBAAmB,MAAM,KAAK,IAAI,MAAM,SAAS,CAAC,EAAG,QAAO;AACtE,QAAI,KAAK,IAAI,KAAK,SAAU,QAAO;AACnC,UAAM,IAAI,QAAQ,CAACA,aAAY,WAAWA,UAAS,UAAU,CAAC;AAAA,EAChE;AACF;AAEO,SAAS,mBAA4B;AAC1C,MAAI,CAAC,WAAW,gBAAgB,EAAG,QAAO;AAE1C,QAAM,UAAU,aAAa,kBAAkB,OAAO,EAAE,KAAK;AAC7D,QAAM,MAAM,SAAS,SAAS,EAAE;AAChC,MAAI,MAAM,GAAG,EAAG,QAAO;AAEvB,MAAI;AACF,YAAQ,KAAK,KAAK,CAAC;AACnB,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,gBAA+B;AAC7C,MAAI,CAAC,WAAW,gBAAgB,EAAG,QAAO;AAC1C,QAAM,UAAU,aAAa,kBAAkB,OAAO,EAAE,KAAK;AAC7D,QAAM,MAAM,SAAS,SAAS,EAAE;AAChC,SAAO,MAAM,GAAG,IAAI,OAAO;AAC7B;AAEA,SAAS,mBAA2B;AAElC,QAAM,aAAa;AAAA,IACjB,QAAQ,YAAY,SAAS,oBAAoB;AAAA,IACjD,QAAQ,YAAY,SAAS,yBAAyB;AAAA,EACxD;AACA,aAAW,KAAK,YAAY;AAC1B,QAAI,WAAW,CAAC,EAAG,QAAO;AAAA,EAC5B;AACA,QAAM,IAAI;AAAA,IACR,oEACgB,WAAW,IAAI,OAAK,KAAK,CAAC,EAAE,EAAE,KAAK,IAAI;AAAA,EACzD;AACF;AAEO,SAAS,aAAa,YAA6B;AACxD,MAAI,iBAAiB,GAAG;AACtB,UAAM,MAAM,cAAc;AAC1B,QAAI,IAAK,QAAO;AAAA,EAClB;AAEA,YAAU,YAAY,EAAE,WAAW,KAAK,CAAC;AAEzC,QAAM,YAAY,iBAAiB;AACnC,QAAM,QAAQ,SAAS,kBAAkB,GAAG;AAE5C,QAAM,QAAQ,MAAM,QAAQ,UAAU,CAAC,SAAS,GAAG;AAAA,IACjD,UAAU;AAAA,IACV,OAAO,CAAC,UAAU,OAAO,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQ9B,KAAK;AAAA,MACH,GAAG,QAAQ;AAAA,MACX,wBAAwB,cAAc;AAAA,MACtC,sBAAsB,QAAQ,KAAK,CAAC,KAAK;AAAA,IAC3C;AAAA,EACF,CAAC;AAED,QAAM,MAAM;AAEZ,MAAI,CAAC,MAAM,KAAK;AACd,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACnD;AAEA,gBAAc,kBAAkB,OAAO,MAAM,GAAG,CAAC;AACjD,SAAO,MAAM;AACf;AAEO,SAAS,cAAuB;AACrC,QAAM,MAAM,cAAc;AAC1B,MAAI,QAAQ,KAAM,QAAO;AAEzB,MAAI;AACF,YAAQ,KAAK,KAAK,SAAS;AAAA,EAC7B,QAAQ;AAAA,EAER;AAEA,MAAI;AAAE,eAAW,gBAAgB;AAAA,EAAG,QAAQ;AAAA,EAAqB;AACjE,SAAO;AACT;",
|
|
6
|
+
"names": ["resolve"]
|
|
7
|
+
}
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import {
|
|
2
|
+
ActiveJobsList
|
|
3
|
+
} from "./chunk-QD6X4L4L.js";
|
|
1
4
|
import {
|
|
2
5
|
NewLaunchForm
|
|
3
6
|
} from "./chunk-DTFXCHHI.js";
|
|
@@ -9,9 +12,6 @@ import {
|
|
|
9
12
|
createLaunchJob,
|
|
10
13
|
listLaunchers
|
|
11
14
|
} from "./chunk-W4MZXKZ2.js";
|
|
12
|
-
import {
|
|
13
|
-
ActiveJobsList
|
|
14
|
-
} from "./chunk-QD6X4L4L.js";
|
|
15
15
|
import {
|
|
16
16
|
ORANGE
|
|
17
17
|
} from "./chunk-QJQS6TUN.js";
|
|
@@ -158,4 +158,4 @@ function LauncherOverlay({
|
|
|
158
158
|
export {
|
|
159
159
|
LauncherOverlay
|
|
160
160
|
};
|
|
161
|
-
//# sourceMappingURL=chunk-
|
|
161
|
+
//# sourceMappingURL=chunk-UPXIO7CG.js.map
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import {
|
|
2
|
-
buildRecommendationPrompt
|
|
3
|
-
} from "./chunk-E3BIT53W.js";
|
|
4
1
|
import {
|
|
5
2
|
detectLlmBackend,
|
|
6
3
|
runLlmPrompt
|
|
7
4
|
} from "./chunk-FZKLLNDS.js";
|
|
5
|
+
import {
|
|
6
|
+
buildRecommendationPrompt
|
|
7
|
+
} from "./chunk-E3BIT53W.js";
|
|
8
8
|
import {
|
|
9
9
|
detectLanguages
|
|
10
10
|
} from "./chunk-OQSQC7VB.js";
|
|
@@ -164,4 +164,4 @@ var cronSuggestInstructions = async (_payload, helpers) => {
|
|
|
164
164
|
export {
|
|
165
165
|
cronSuggestInstructions
|
|
166
166
|
};
|
|
167
|
-
//# sourceMappingURL=chunk-
|
|
167
|
+
//# sourceMappingURL=chunk-VBGUNFKY.js.map
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import {
|
|
2
|
+
PermanentJobError
|
|
3
|
+
} from "./chunk-DGHWRQXL.js";
|
|
1
4
|
import {
|
|
2
5
|
sendEmail
|
|
3
6
|
} from "./chunk-QSN77T7C.js";
|
|
@@ -8,9 +11,6 @@ import {
|
|
|
8
11
|
notificationPreferences,
|
|
9
12
|
profiles
|
|
10
13
|
} from "./chunk-QNSVCSHG.js";
|
|
11
|
-
import {
|
|
12
|
-
PermanentJobError
|
|
13
|
-
} from "./chunk-DGHWRQXL.js";
|
|
14
14
|
|
|
15
15
|
// src/lib/handlers/process-announcement.ts
|
|
16
16
|
import { and, asc, eq, gt, isNotNull } from "drizzle-orm";
|
|
@@ -154,4 +154,4 @@ async function sendOne(args) {
|
|
|
154
154
|
export {
|
|
155
155
|
processAnnouncement
|
|
156
156
|
};
|
|
157
|
-
//# sourceMappingURL=chunk-
|
|
157
|
+
//# sourceMappingURL=chunk-VIYUIQHW.js.map
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
|
-
detectInstalledTools
|
|
3
|
-
|
|
2
|
+
detectInstalledTools,
|
|
3
|
+
hasRulemetricClaudeHooks,
|
|
4
|
+
mergeClaudeCodeHooks
|
|
5
|
+
} from "./chunk-HWGRTIXN.js";
|
|
4
6
|
import {
|
|
5
7
|
GATEWAY_PORT
|
|
6
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-OVGP4OGK.js";
|
|
7
9
|
import {
|
|
8
10
|
apiGet
|
|
9
11
|
} from "./chunk-ZRLYHBPN.js";
|
|
@@ -18,6 +20,8 @@ import { existsSync, readFileSync } from "node:fs";
|
|
|
18
20
|
import { homedir } from "node:os";
|
|
19
21
|
import { join } from "node:path";
|
|
20
22
|
var CORE_STEP_IDS = ["install", "auth", "hooks", "worker"];
|
|
23
|
+
var OPTIONAL_STEP_IDS = [];
|
|
24
|
+
var ALL_STEP_IDS = [...CORE_STEP_IDS, ...OPTIONAL_STEP_IDS];
|
|
21
25
|
function defaultContext() {
|
|
22
26
|
return {
|
|
23
27
|
projectPath: process.cwd(),
|
|
@@ -74,7 +78,7 @@ async function workerActive() {
|
|
|
74
78
|
return false;
|
|
75
79
|
}
|
|
76
80
|
}
|
|
77
|
-
function
|
|
81
|
+
function readProjectSettings(projectPath) {
|
|
78
82
|
const settingsPath = join(projectPath, ".claude", "settings.json");
|
|
79
83
|
let settings = {};
|
|
80
84
|
let before = null;
|
|
@@ -86,14 +90,20 @@ function projectHooksSettings(projectPath) {
|
|
|
86
90
|
settings = {};
|
|
87
91
|
}
|
|
88
92
|
}
|
|
93
|
+
return { settings, before };
|
|
94
|
+
}
|
|
95
|
+
function projectHooksSettings(projectPath) {
|
|
96
|
+
const { settings, before } = readProjectSettings(projectPath);
|
|
97
|
+
mergeClaudeCodeHooks(settings);
|
|
98
|
+
return { before, after: JSON.stringify(settings, null, 2) };
|
|
99
|
+
}
|
|
100
|
+
function projectProxyEnvSettings(projectPath) {
|
|
101
|
+
const { settings, before } = readProjectSettings(projectPath);
|
|
89
102
|
const env = { ...settings.env ?? {} };
|
|
90
103
|
env.HTTPS_PROXY = `http://localhost:${GATEWAY_PORT}`;
|
|
91
104
|
env.NO_PROXY = "localhost,127.0.0.1,*.supabase.co,*.supabase.in";
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
}
|
|
95
|
-
const after = JSON.stringify({ ...settings, env }, null, 2);
|
|
96
|
-
return { before, after };
|
|
105
|
+
env.NODE_EXTRA_CA_CERTS = CERT_PATH;
|
|
106
|
+
return { before, after: JSON.stringify({ ...settings, env }, null, 2) };
|
|
97
107
|
}
|
|
98
108
|
var WORKER_PLIST_PATH = join(homedir(), "Library", "LaunchAgents", "com.rulemetric.worker.plist");
|
|
99
109
|
var WORKER_SYSTEMD_PATH = join(homedir(), ".config", "systemd", "user", "rulemetric-worker.service");
|
|
@@ -169,6 +179,15 @@ var STEPS = [
|
|
|
169
179
|
before,
|
|
170
180
|
after,
|
|
171
181
|
masked: true
|
|
182
|
+
},
|
|
183
|
+
// `auth login` (saveToken) also writes auth.json — disclose it so the
|
|
184
|
+
// plan matches every file apply() touches.
|
|
185
|
+
{
|
|
186
|
+
path: join(ctx.configDir, "auth.json"),
|
|
187
|
+
kind: "file",
|
|
188
|
+
before: existsSync(join(ctx.configDir, "auth.json")) ? "(existing session tokens)" : null,
|
|
189
|
+
after: "{ accessToken, refreshToken, expiresAt, email } \u2014 OAuth session tokens (secret)",
|
|
190
|
+
masked: true
|
|
172
191
|
}
|
|
173
192
|
]
|
|
174
193
|
};
|
|
@@ -179,15 +198,23 @@ var STEPS = [
|
|
|
179
198
|
},
|
|
180
199
|
{
|
|
181
200
|
id: "hooks",
|
|
182
|
-
title: "Install hooks",
|
|
201
|
+
title: "Install hooks + capture proxy",
|
|
202
|
+
// Default onboarding installs the FULL capture path: session hooks PLUS the
|
|
203
|
+
// MITM proxy (rendered-system-prompt / instruction linking + cross-tool
|
|
204
|
+
// capture). Every invasive side effect is disclosed up front in plan()
|
|
205
|
+
// below — nothing is silent. `hooks install` fails SAFE: if the CA sudo
|
|
206
|
+
// trust is declined it degrades to hooks-only (no machine-wide proxy pin),
|
|
207
|
+
// and HTTPS_PROXY is only pinned once the gateway actually answers on
|
|
208
|
+
// :8787 — so the default never bricks Claude Code. detect() greens on the
|
|
209
|
+
// capture hooks being present, so `coreComplete` is reachable even when the
|
|
210
|
+
// user declines the proxy.
|
|
183
211
|
command: "rulemetric hooks install",
|
|
184
212
|
async detect(ctx) {
|
|
185
213
|
const settingsPath = join(ctx.projectPath, ".claude", "settings.json");
|
|
186
214
|
if (!existsSync(settingsPath)) return false;
|
|
187
215
|
try {
|
|
188
216
|
const settings = JSON.parse(readFileSync(settingsPath, "utf-8"));
|
|
189
|
-
|
|
190
|
-
return typeof env.HTTPS_PROXY === "string";
|
|
217
|
+
return hasRulemetricClaudeHooks(settings);
|
|
191
218
|
} catch {
|
|
192
219
|
return false;
|
|
193
220
|
}
|
|
@@ -196,12 +223,54 @@ var STEPS = [
|
|
|
196
223
|
const settingsPath = join(ctx.projectPath, ".claude", "settings.json");
|
|
197
224
|
const { before, after } = projectHooksSettings(ctx.projectPath);
|
|
198
225
|
const artifacts = [
|
|
199
|
-
{ path: settingsPath, kind: "file", before, after }
|
|
226
|
+
{ path: settingsPath, kind: "file", before, after },
|
|
227
|
+
// Disclose what the hooks DO, not just that they're registered — these
|
|
228
|
+
// are the privacy-relevant behaviors a user is consenting to.
|
|
229
|
+
{
|
|
230
|
+
path: "what these hooks capture",
|
|
231
|
+
kind: "service",
|
|
232
|
+
before: null,
|
|
233
|
+
after: "session-end reimports the FULL transcript to the API; post-tool-use records each tool call and snapshots the working tree to a LOCAL shadow git ref (paper-trail, never pushed); user-prompt posts prompt text. All scoped to sessions in this project."
|
|
234
|
+
},
|
|
235
|
+
// FULL DISCLOSURE of the proxy layer — every invasive side effect of
|
|
236
|
+
// `hooks install` §2 is enumerated here so the default path hides
|
|
237
|
+
// nothing. Each degrades gracefully (see the step comment): a declined
|
|
238
|
+
// CA-trust sudo skips the machine-wide layer and stays hooks-only.
|
|
239
|
+
{
|
|
240
|
+
// The proxy env block `hooks install` §2 adds to the SAME
|
|
241
|
+
// .claude/settings.json (HTTPS_PROXY / NO_PROXY / NODE_EXTRA_CA_CERTS).
|
|
242
|
+
path: `${settingsPath} (proxy env block)`,
|
|
243
|
+
kind: "file",
|
|
244
|
+
...projectProxyEnvSettings(ctx.projectPath)
|
|
245
|
+
},
|
|
246
|
+
{
|
|
247
|
+
path: "system keychain \u2014 mitmproxy root CA",
|
|
248
|
+
kind: "service",
|
|
249
|
+
before: existsSync(CERT_PATH) ? "(CA generated; trust state unchanged)" : "(no CA yet)",
|
|
250
|
+
after: "Installs + trusts the mitmproxy CA (requires sudo). This lets the proxy DECRYPT Claude Code HTTPS request/response bodies \u2014 the capability that powers rendered-system-prompt / instruction linking. Decline the sudo prompt and setup stays hooks-only (still fully onboarded)."
|
|
251
|
+
},
|
|
252
|
+
{
|
|
253
|
+
path: "launchctl setenv HTTPS_PROXY (machine-wide, all GUI apps)",
|
|
254
|
+
kind: "command",
|
|
255
|
+
before: null,
|
|
256
|
+
after: `http://localhost:${GATEWAY_PORT} \u2014 routes every GUI app's HTTPS through the local gateway (only when the CA is trusted AND :${GATEWAY_PORT} is live)`
|
|
257
|
+
},
|
|
258
|
+
{
|
|
259
|
+
path: "VS Code + Cursor user settings (http.proxy)",
|
|
260
|
+
kind: "file",
|
|
261
|
+
before: null,
|
|
262
|
+
after: `http.proxy \u2192 http://localhost:${GATEWAY_PORT} (+ http.proxyStrictSSL=false)`
|
|
263
|
+
},
|
|
264
|
+
{
|
|
265
|
+
path: `gateway process on :${GATEWAY_PORT}`,
|
|
266
|
+
kind: "service",
|
|
267
|
+
before: null,
|
|
268
|
+
after: "started (routes Claude Code \u2192 mitmproxy \u2192 Anthropic; falls back to direct if mitmproxy is down)"
|
|
269
|
+
}
|
|
200
270
|
];
|
|
201
|
-
const
|
|
202
|
-
for (const tool of tools) {
|
|
271
|
+
for (const tool of detectInstalledTools(ctx.projectPath).filter((t) => t === "cursor" || t === "copilot_agent")) {
|
|
203
272
|
artifacts.push({
|
|
204
|
-
path: `${ctx.projectPath} (${tool} proxy config)`,
|
|
273
|
+
path: `${ctx.projectPath} (${tool} workspace proxy config)`,
|
|
205
274
|
kind: "file",
|
|
206
275
|
before: null,
|
|
207
276
|
after: `proxy \u2192 http://localhost:${GATEWAY_PORT}`
|
|
@@ -209,7 +278,7 @@ var STEPS = [
|
|
|
209
278
|
}
|
|
210
279
|
return {
|
|
211
280
|
id: "hooks",
|
|
212
|
-
title: "Install hooks",
|
|
281
|
+
title: "Install hooks + capture proxy",
|
|
213
282
|
command: "rulemetric hooks install",
|
|
214
283
|
artifacts
|
|
215
284
|
};
|
|
@@ -259,7 +328,7 @@ function getStep(id) {
|
|
|
259
328
|
return step;
|
|
260
329
|
}
|
|
261
330
|
function isStepId(value) {
|
|
262
|
-
return
|
|
331
|
+
return ALL_STEP_IDS.includes(value);
|
|
263
332
|
}
|
|
264
333
|
var SAFE_ENV_KEYS = /* @__PURE__ */ new Set([
|
|
265
334
|
"RULEMETRIC_API_URL",
|
|
@@ -291,13 +360,17 @@ async function computeStatus(ctx = defaultContext()) {
|
|
|
291
360
|
if (install && !install.done) {
|
|
292
361
|
install.done = steps.some((s) => s.id !== "install" && s.done);
|
|
293
362
|
}
|
|
294
|
-
const
|
|
295
|
-
const
|
|
363
|
+
const coreIds = new Set(CORE_STEP_IDS);
|
|
364
|
+
const coreSteps = steps.filter((s) => coreIds.has(s.id));
|
|
365
|
+
const currentStepId = coreSteps.find((s) => !s.done)?.id ?? null;
|
|
366
|
+
const coreComplete = coreSteps.every((s) => s.done);
|
|
296
367
|
return { steps, coreComplete, currentStepId };
|
|
297
368
|
}
|
|
298
369
|
|
|
299
370
|
export {
|
|
300
371
|
CORE_STEP_IDS,
|
|
372
|
+
OPTIONAL_STEP_IDS,
|
|
373
|
+
ALL_STEP_IDS,
|
|
301
374
|
defaultContext,
|
|
302
375
|
maskToken,
|
|
303
376
|
renderDiff,
|
|
@@ -306,4 +379,4 @@ export {
|
|
|
306
379
|
isStepId,
|
|
307
380
|
computeStatus
|
|
308
381
|
};
|
|
309
|
-
//# sourceMappingURL=chunk-
|
|
382
|
+
//# sourceMappingURL=chunk-YDTUPCBL.js.map
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/lib/setup-steps.ts"],
|
|
4
|
+
"sourcesContent": ["import { execSync } from 'node:child_process';\nimport { existsSync, readFileSync } from 'node:fs';\nimport { homedir } from 'node:os';\nimport { join } from 'node:path';\nimport { isAuthenticated, getDefaultConfigDir } from './auth.js';\nimport { apiGet } from './api-client.js';\nimport { GATEWAY_PORT, isGatewayListening } from './gateway-lifecycle.js';\nimport { detectInstalledTools, mergeClaudeCodeHooks, hasRulemetricClaudeHooks } from './hooks-config.js';\n\n/**\n * Data model for the four core onboarding steps, shared (by step-ID list +\n * install-monotonicity) with the web reducer `deriveSetupProgress()`.\n *\n * The two surfaces are separate implementations by necessity, but they no\n * longer read *different sources* for the same fact:\n * - Server-observable signals (cli-worker heartbeat / captured session) are\n * unified through the shared `GET /api/setup/status` endpoint \u2014 the CLI's\n * `workerActive()` and the web's `use-setup-progress.ts` both bottom out on\n * that one server-side authority, so they cannot drift on it.\n * - Local signals (auth = `~/.config/rulemetric` creds via `isAuthenticated()`,\n * hooks = cwd `.claude/settings.json`) stay machine-local: the browser\n * cannot read the user's filesystem, so these legitimately differ from the\n * web's account-scoped proxies for the same step (see the design doc's\n * \"Shared step model, two implementations\").\n * Each step exposes:\n * - detect(): is it done? (reads a local/remote signal, never mutates)\n * - plan(): what would apply() write? (read-only, returns diffs/artifacts)\n * - apply(): perform the step (thin \u2014 shells out to existing commands)\n */\n\nexport const CORE_STEP_IDS = ['install', 'auth', 'hooks', 'worker'] as const;\n// Optional steps live in the walk (offered, recommended) but do NOT gate\n// `coreComplete` \u2014 declining them still leaves the user fully onboarded. The\n// proxy/CA capture now ships as the DEFAULT of the core `hooks` step (see that\n// step's plan(), which fully discloses the invasive MITM/keychain side effects\n// up front); it is not a separate opt-in step. The mechanism is retained for\n// any future optional step.\nexport const OPTIONAL_STEP_IDS = [] as const;\nexport const ALL_STEP_IDS = [...CORE_STEP_IDS, ...OPTIONAL_STEP_IDS] as const;\nexport type StepId = (typeof ALL_STEP_IDS)[number];\n\nexport type ArtifactKind = 'file' | 'command' | 'service';\n\nexport interface Artifact {\n path: string;\n kind: ArtifactKind;\n before: string | null;\n after: string | null;\n /** True when `after` contains a masked secret (never the raw value). */\n masked?: boolean;\n}\n\nexport interface StepPlan {\n id: StepId;\n title: string;\n command?: string;\n artifacts: Artifact[];\n}\n\nexport interface SetupContext {\n projectPath: string;\n configDir: string;\n}\n\nexport interface SetupStep {\n id: StepId;\n title: string;\n command?: string;\n /** Optional steps are offered in the walk but never gate `coreComplete`. */\n optional?: boolean;\n detect(ctx: SetupContext): Promise<boolean>;\n plan(ctx: SetupContext): Promise<StepPlan>;\n apply(ctx: SetupContext): Promise<void>;\n}\n\nexport interface StepStatus {\n id: StepId;\n done: boolean;\n}\n\nexport interface SetupStatus {\n steps: StepStatus[];\n coreComplete: boolean;\n currentStepId: StepId | null;\n}\n\n/** Build the default context from the current process (cwd + config dir). */\nexport function defaultContext(): SetupContext {\n return {\n projectPath: process.cwd(),\n configDir: getDefaultConfigDir(),\n };\n}\n\nconst CERT_PATH = join(homedir(), '.mitmproxy', 'mitmproxy-ca-cert.pem');\n\n/**\n * Mask a secret: keep the first 4 and last 4 characters, replace the middle\n * with asterisks. Strings too short to reveal safely are fully masked.\n */\nexport function maskToken(s: string): string {\n if (!s) return '';\n if (s.length <= 8) return '*'.repeat(s.length);\n const head = s.slice(0, 4);\n const tail = s.slice(-4);\n return `${head}${'*'.repeat(Math.max(4, s.length - 8))}${tail}`;\n}\n\n/**\n * Simple line-oriented +/- diff for terminal display. Not a real LCS \u2014 good\n * enough to show a human/agent exactly which lines an artifact would change.\n */\nexport function renderDiff(before: string | null, after: string | null): string {\n const beforeLines = before === null ? [] : before.replace(/\\n$/, '').split('\\n');\n const afterLines = after === null ? [] : after.replace(/\\n$/, '').split('\\n');\n const out: string[] = [];\n const max = Math.max(beforeLines.length, afterLines.length);\n for (let i = 0; i < max; i++) {\n const b = beforeLines[i];\n const a = afterLines[i];\n if (b === a) {\n out.push(` ${b}`);\n } else {\n if (b !== undefined) out.push(`-${b}`);\n if (a !== undefined) out.push(`+${a}`);\n }\n }\n return out.join('\\n');\n}\n\n/** Read a single KEY=value from the env file, or null if absent. */\nfunction readEnvValue(configDir: string, key: string): string | null {\n const envPath = join(configDir, 'env');\n if (!existsSync(envPath)) return null;\n try {\n const content = readFileSync(envPath, 'utf-8');\n const match = content.match(new RegExp(`^${key}=(.+)$`, 'm'));\n return match ? match[1] : null;\n } catch {\n return null;\n }\n}\n\n/**\n * Is a CLI worker heartbeat active for the caller? (best-effort, network)\n *\n * Reads the shared `GET /api/setup/status` endpoint's `workerActive` field\n * rather than re-deriving it from `/api/workers/status`. That endpoint computes\n * the cli-worker heartbeat signal server-side using the SAME window +\n * staleness thresholds + `workerType === 'cli-worker'` filter the web strip\n * uses, so the CLI and web can't drift on this fact by construction (they used\n * to each filter/threshold client-side, which is exactly how they could\n * disagree). Fast-fails after 2.5s so `setup --json` / `setup plan` degrade to\n * \"not running\" instead of blocking on a stalled connection \u2014 detection is a\n * UX signal, not a correctness gate; offline \u2192 false.\n */\nasync function workerActive(): Promise<boolean> {\n if (!isAuthenticated()) return false;\n try {\n const status = await Promise.race([\n apiGet<{\n cliEverConnected?: boolean;\n anyCapturedSession?: boolean;\n workerActive?: boolean;\n }>('/api/setup/status'),\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('setup/status timeout')), 2500),\n ),\n ]);\n return status?.workerActive === true;\n } catch {\n return false;\n }\n}\n\n/** Read the project's `.claude/settings.json` for a read-only preview (no throw). */\nfunction readProjectSettings(projectPath: string): { settings: Record<string, unknown>; before: string | null } {\n const settingsPath = join(projectPath, '.claude', 'settings.json');\n let settings: Record<string, unknown> = {};\n let before: string | null = null;\n if (existsSync(settingsPath)) {\n try {\n before = readFileSync(settingsPath, 'utf-8').replace(/\\n$/, '');\n settings = JSON.parse(before) as Record<string, unknown>;\n } catch {\n settings = {};\n }\n }\n return { settings, before };\n}\n\n/**\n * Compute the in-memory `.claude/settings.json` after the RuleMetric session\n * HOOKS are merged, WITHOUT touching disk. This is the \u00A71 (hooks) portion of\n * the diff; the proxy env block that `hooks install` \u00A72 also writes is disclosed\n * separately via projectProxyEnvSettings so the two changes read distinctly.\n */\nfunction projectHooksSettings(projectPath: string): { before: string | null; after: string } {\n const { settings, before } = readProjectSettings(projectPath);\n mergeClaudeCodeHooks(settings);\n return { before, after: JSON.stringify(settings, null, 2) };\n}\n\n/**\n * The proxy-env addition to `.claude/settings.json` that `hooks install` \u00A72\n * makes on the default path \u2014 for the disclosure diff only. Read-only.\n */\nfunction projectProxyEnvSettings(projectPath: string): { before: string | null; after: string } {\n const { settings, before } = readProjectSettings(projectPath);\n const env = { ...((settings.env as Record<string, string>) ?? {}) };\n env.HTTPS_PROXY = `http://localhost:${GATEWAY_PORT}`;\n env.NO_PROXY = 'localhost,127.0.0.1,*.supabase.co,*.supabase.in';\n env.NODE_EXTRA_CA_CERTS = CERT_PATH;\n return { before, after: JSON.stringify({ ...settings, env }, null, 2) };\n}\n\nconst WORKER_PLIST_PATH = join(homedir(), 'Library', 'LaunchAgents', 'com.rulemetric.worker.plist');\nconst WORKER_SYSTEMD_PATH = join(homedir(), '.config', 'systemd', 'user', 'rulemetric-worker.service');\n\n/** Run a command with inherited stdio (interactive-friendly). Thin apply(). */\nfunction runCommand(cmd: string): void {\n execSync(cmd, { stdio: 'inherit' });\n}\n\nexport const STEPS: SetupStep[] = [\n {\n id: 'install',\n title: 'Install the CLI',\n command: 'npm install -g @rulemetric/cli',\n // Monotonic: the CLI must exist to produce any downstream signal, so it\n // greens off auth or worker presence (nothing local phones home before).\n async detect(): Promise<boolean> {\n return isAuthenticated() || (await workerActive());\n },\n async plan(): Promise<StepPlan> {\n return {\n id: 'install',\n title: 'Install the CLI',\n command: 'npm install -g @rulemetric/cli',\n artifacts: [\n {\n path: 'npm install -g @rulemetric/cli',\n kind: 'command',\n before: null,\n after: 'rulemetric --version # verifies the binary is on PATH',\n },\n ],\n };\n },\n async apply(): Promise<void> {\n runCommand('npm install -g @rulemetric/cli');\n },\n },\n {\n id: 'auth',\n title: 'Authenticate',\n command: 'rulemetric auth login',\n async detect(): Promise<boolean> {\n return isAuthenticated();\n },\n async plan(ctx): Promise<StepPlan> {\n const envPath = join(ctx.configDir, 'env');\n // Guard the read like the sibling helpers (readEnvValue /\n // projectHooksSettings) do: a TOCTOU race or permission error between\n // existsSync and readFileSync must NOT throw out of plan(). Fall back to\n // a secret-free marker rather than crashing `setup plan`/`--show`.\n let before: string | null = null;\n if (existsSync(envPath)) {\n try {\n before = maskEnvFile(readFileSync(envPath, 'utf-8'));\n } catch {\n before = '(unreadable)';\n }\n }\n const rawToken = readEnvValue(ctx.configDir, 'RULEMETRIC_ACCESS_TOKEN');\n const tokenDisplay = rawToken ? maskToken(rawToken) : maskToken('<token-from-login>');\n // Reconstruct EXACTLY what `auth login`'s saveEnvFile writes so the diff\n // doesn't show phantom changes: line order [TOKEN, KEY?, URL?], the key\n // preserved (masked) when present, and the URL sourced from\n // process.env.RULEMETRIC_API_URL \u2014 the same value login passes \u2014 and OMITTED\n // when unset (login writes no URL line then). All masking preserved; the raw\n // token/key are never emitted.\n const afterLines = [`RULEMETRIC_ACCESS_TOKEN=${tokenDisplay}`];\n const rawApiKey = readEnvValue(ctx.configDir, 'RULEMETRIC_API_KEY');\n if (rawApiKey) {\n afterLines.push(`RULEMETRIC_API_KEY=${maskToken(rawApiKey)}`);\n }\n const loginUrl = process.env.RULEMETRIC_API_URL;\n if (loginUrl) {\n afterLines.push(`RULEMETRIC_API_URL=${loginUrl}`);\n }\n const after = afterLines.join('\\n');\n return {\n id: 'auth',\n title: 'Authenticate',\n command: 'rulemetric auth login',\n artifacts: [\n {\n path: envPath,\n kind: 'file',\n before,\n after,\n masked: true,\n },\n // `auth login` (saveToken) also writes auth.json \u2014 disclose it so the\n // plan matches every file apply() touches.\n {\n path: join(ctx.configDir, 'auth.json'),\n kind: 'file',\n before: existsSync(join(ctx.configDir, 'auth.json')) ? '(existing session tokens)' : null,\n after: '{ accessToken, refreshToken, expiresAt, email } \u2014 OAuth session tokens (secret)',\n masked: true,\n },\n ],\n };\n },\n async apply(): Promise<void> {\n runCommand('rulemetric auth login');\n },\n },\n {\n id: 'hooks',\n title: 'Install hooks + capture proxy',\n // Default onboarding installs the FULL capture path: session hooks PLUS the\n // MITM proxy (rendered-system-prompt / instruction linking + cross-tool\n // capture). Every invasive side effect is disclosed up front in plan()\n // below \u2014 nothing is silent. `hooks install` fails SAFE: if the CA sudo\n // trust is declined it degrades to hooks-only (no machine-wide proxy pin),\n // and HTTPS_PROXY is only pinned once the gateway actually answers on\n // :8787 \u2014 so the default never bricks Claude Code. detect() greens on the\n // capture hooks being present, so `coreComplete` is reachable even when the\n // user declines the proxy.\n command: 'rulemetric hooks install',\n async detect(ctx): Promise<boolean> {\n const settingsPath = join(ctx.projectPath, '.claude', 'settings.json');\n if (!existsSync(settingsPath)) return false;\n try {\n const settings = JSON.parse(readFileSync(settingsPath, 'utf-8')) as Record<string, unknown>;\n // Ready when capture hooks are actually wired up \u2014 NOT when a proxy env\n // var was written (that greened even against a dead proxy port). The\n // proxy is a best-effort upgrade layered on top; hooks presence is the\n // honest \"capture is working\" signal.\n return hasRulemetricClaudeHooks(settings);\n } catch {\n return false;\n }\n },\n async plan(ctx): Promise<StepPlan> {\n const settingsPath = join(ctx.projectPath, '.claude', 'settings.json');\n const { before, after } = projectHooksSettings(ctx.projectPath);\n const artifacts: Artifact[] = [\n { path: settingsPath, kind: 'file', before, after },\n // Disclose what the hooks DO, not just that they're registered \u2014 these\n // are the privacy-relevant behaviors a user is consenting to.\n {\n path: 'what these hooks capture',\n kind: 'service',\n before: null,\n after:\n 'session-end reimports the FULL transcript to the API; post-tool-use records each ' +\n 'tool call and snapshots the working tree to a LOCAL shadow git ref (paper-trail, ' +\n 'never pushed); user-prompt posts prompt text. All scoped to sessions in this project.',\n },\n // FULL DISCLOSURE of the proxy layer \u2014 every invasive side effect of\n // `hooks install` \u00A72 is enumerated here so the default path hides\n // nothing. Each degrades gracefully (see the step comment): a declined\n // CA-trust sudo skips the machine-wide layer and stays hooks-only.\n {\n // The proxy env block `hooks install` \u00A72 adds to the SAME\n // .claude/settings.json (HTTPS_PROXY / NO_PROXY / NODE_EXTRA_CA_CERTS).\n path: `${settingsPath} (proxy env block)`,\n kind: 'file',\n ...projectProxyEnvSettings(ctx.projectPath),\n },\n {\n path: 'system keychain \u2014 mitmproxy root CA',\n kind: 'service',\n before: existsSync(CERT_PATH) ? '(CA generated; trust state unchanged)' : '(no CA yet)',\n after:\n 'Installs + trusts the mitmproxy CA (requires sudo). This lets the ' +\n 'proxy DECRYPT Claude Code HTTPS request/response bodies \u2014 the ' +\n 'capability that powers rendered-system-prompt / instruction linking. ' +\n 'Decline the sudo prompt and setup stays hooks-only (still fully onboarded).',\n },\n {\n path: 'launchctl setenv HTTPS_PROXY (machine-wide, all GUI apps)',\n kind: 'command',\n before: null,\n after: `http://localhost:${GATEWAY_PORT} \u2014 routes every GUI app's HTTPS through the local gateway (only when the CA is trusted AND :${GATEWAY_PORT} is live)`,\n },\n {\n path: 'VS Code + Cursor user settings (http.proxy)',\n kind: 'file',\n before: null,\n after: `http.proxy \u2192 http://localhost:${GATEWAY_PORT} (+ http.proxyStrictSSL=false)`,\n },\n {\n path: `gateway process on :${GATEWAY_PORT}`,\n kind: 'service',\n before: null,\n after: 'started (routes Claude Code \u2192 mitmproxy \u2192 Anthropic; falls back to direct if mitmproxy is down)',\n },\n ];\n // Workspace-level editor configs, only if those dirs exist here.\n for (const tool of detectInstalledTools(ctx.projectPath).filter((t) => t === 'cursor' || t === 'copilot_agent')) {\n artifacts.push({\n path: `${ctx.projectPath} (${tool} workspace proxy config)`,\n kind: 'file',\n before: null,\n after: `proxy \u2192 http://localhost:${GATEWAY_PORT}`,\n });\n }\n return {\n id: 'hooks',\n title: 'Install hooks + capture proxy',\n command: 'rulemetric hooks install',\n artifacts,\n };\n },\n async apply(): Promise<void> {\n runCommand('rulemetric hooks install');\n },\n },\n {\n id: 'worker',\n title: 'Run the worker',\n command: 'rulemetric service install --worker-only',\n async detect(): Promise<boolean> {\n return workerActive();\n },\n async plan(): Promise<StepPlan> {\n const isMac = process.platform === 'darwin';\n const servicePath = isMac ? WORKER_PLIST_PATH : WORKER_SYSTEMD_PATH;\n // SECURITY: never read the installed plist/systemd unit into `before` \u2014\n // those files embed RULEMETRIC_ACCESS_TOKEN / RULEMETRIC_API_KEY verbatim\n // (service/install.ts writes them from ALLOWED_ENV_VARS), so echoing the\n // file contents would leak the raw secret through `plan`, `--show`, and\n // `--json`. Use a synthetic, secret-free marker for the current state.\n const before = existsSync(servicePath)\n ? `(service already installed at ${servicePath})`\n : null;\n // Concise representation (path + ExecStart node/cli invocation) rather\n // than reconstructing the full plist \u2014 keep read-only + legible.\n const after = isMac\n ? [\n `Label: com.rulemetric.worker`,\n `ProgramArguments: <node> <cli>/bin/run.js evals agent`,\n `RunAtLoad: true, KeepAlive: true`,\n ].join('\\n')\n : [\n `[Service]`,\n `ExecStart=<node> <cli>/bin/run.js evals agent`,\n `Restart=on-failure`,\n ].join('\\n');\n return {\n id: 'worker',\n title: 'Run the worker',\n command: 'rulemetric service install --worker-only',\n artifacts: [\n { path: servicePath, kind: 'service', before, after },\n ],\n };\n },\n async apply(): Promise<void> {\n runCommand('rulemetric service install --worker-only');\n },\n },\n];\n\nconst STEP_BY_ID = new Map<StepId, SetupStep>(STEPS.map((s) => [s.id, s]));\n\nexport function getStep(id: StepId): SetupStep {\n const step = STEP_BY_ID.get(id);\n if (!step) throw new Error(`Unknown setup step: ${id}`);\n return step;\n}\n\nexport function isStepId(value: string): value is StepId {\n return (ALL_STEP_IDS as readonly string[]).includes(value);\n}\n\n/**\n * Keys whose values are safe to show verbatim in the env-file diff. Everything\n * NOT in this set is masked. Deny-by-default is deliberate: `~/.config/rulemetric/env`\n * can legitimately hold DATABASE_URL, SUPABASE_SERVICE_ROLE_KEY, SUPABASE_JWT_SECRET,\n * GITHUB_TOKEN, RESEND_API_KEY, etc. (see ALLOWED_ENV_VARS in service/install.ts),\n * so an allowlist-to-hide would leak any secret we forgot to enumerate. Revealing\n * only known-safe keys means a future secret added to the file is masked automatically.\n */\nconst SAFE_ENV_KEYS = new Set([\n 'RULEMETRIC_API_URL',\n 'RULEMETRIC_USER_ID',\n 'RULEMETRIC_CLIENT_NAME',\n 'RESEND_FROM_EMAIL',\n 'SENTRY_DSN', // a DSN is not a secret\n 'PG_POOL_MAX',\n 'PG_IDLE_TIMEOUT',\n 'PG_STATEMENT_TIMEOUT_MS',\n 'NODE_ENV',\n]);\n\n/**\n * Mask secret-bearing lines in a raw env file for display. Deny-by-default:\n * every `KEY=value` line has its value masked unless KEY is in SAFE_ENV_KEYS.\n * Non-assignment lines (comments, blanks) pass through untouched.\n */\nfunction maskEnvFile(content: string): string {\n return content\n .replace(/\\n$/, '')\n .split('\\n')\n .map((line) => {\n const match = line.match(/^([A-Z0-9_]+)=(.+)$/);\n if (!match) return line; // comment / blank / non-assignment\n const [, key, value] = match;\n return SAFE_ENV_KEYS.has(key) ? line : `${key}=${maskToken(value)}`;\n })\n .join('\\n');\n}\n\n/**\n * Run every step's detect() and derive the overall status. `currentStepId` is\n * the first incomplete step in core order (mirrors the web reducer).\n */\nexport async function computeStatus(ctx: SetupContext = defaultContext()): Promise<SetupStatus> {\n const steps: StepStatus[] = [];\n for (const step of STEPS) {\n // Sequential: detect() may hit the network; order is stable + cheap.\n // eslint-disable-next-line no-await-in-loop\n const done = await step.detect(ctx);\n steps.push({ id: step.id, done });\n }\n // Monotonicity (mirrors the web reducer's `cliDetected`): the CLI binary must\n // exist to produce ANY downstream signal, so `install` greens whenever auth,\n // hooks, or worker is detected \u2014 even if `install.detect()` alone (which only\n // sees auth/worker, not hooks) came back false. Without this, a user with\n // hooks installed but no live worker sees \"Install the CLI: waiting\" while\n // \"Install hooks: done\" \u2014 a contradiction.\n const install = steps.find((s) => s.id === 'install');\n if (install && !install.done) {\n install.done = steps.some((s) => s.id !== 'install' && s.done);\n }\n\n // coreComplete + currentStepId are derived from CORE steps only. The proxy now\n // ships inside the `hooks` step (whose detect() greens on hooks-presence, so a\n // declined CA still completes it); any future OPTIONAL_STEP_IDS never block\n // \"done\" or steal the cursor. Mirrors the web reducer's optional-step handling.\n const coreIds = new Set<string>(CORE_STEP_IDS);\n const coreSteps = steps.filter((s) => coreIds.has(s.id));\n const currentStepId = coreSteps.find((s) => !s.done)?.id ?? null;\n const coreComplete = coreSteps.every((s) => s.done);\n return { steps, coreComplete, currentStepId };\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;AAAA,SAAS,gBAAgB;AACzB,SAAS,YAAY,oBAAoB;AACzC,SAAS,eAAe;AACxB,SAAS,YAAY;AA2Bd,IAAM,gBAAgB,CAAC,WAAW,QAAQ,SAAS,QAAQ;AAO3D,IAAM,oBAAoB,CAAC;AAC3B,IAAM,eAAe,CAAC,GAAG,eAAe,GAAG,iBAAiB;AAiD5D,SAAS,iBAA+B;AAC7C,SAAO;AAAA,IACL,aAAa,QAAQ,IAAI;AAAA,IACzB,WAAW,oBAAoB;AAAA,EACjC;AACF;AAEA,IAAM,YAAY,KAAK,QAAQ,GAAG,cAAc,uBAAuB;AAMhE,SAAS,UAAU,GAAmB;AAC3C,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,EAAE,UAAU,EAAG,QAAO,IAAI,OAAO,EAAE,MAAM;AAC7C,QAAM,OAAO,EAAE,MAAM,GAAG,CAAC;AACzB,QAAM,OAAO,EAAE,MAAM,EAAE;AACvB,SAAO,GAAG,IAAI,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI;AAC/D;AAMO,SAAS,WAAW,QAAuB,OAA8B;AAC9E,QAAM,cAAc,WAAW,OAAO,CAAC,IAAI,OAAO,QAAQ,OAAO,EAAE,EAAE,MAAM,IAAI;AAC/E,QAAM,aAAa,UAAU,OAAO,CAAC,IAAI,MAAM,QAAQ,OAAO,EAAE,EAAE,MAAM,IAAI;AAC5E,QAAM,MAAgB,CAAC;AACvB,QAAM,MAAM,KAAK,IAAI,YAAY,QAAQ,WAAW,MAAM;AAC1D,WAAS,IAAI,GAAG,IAAI,KAAK,KAAK;AAC5B,UAAM,IAAI,YAAY,CAAC;AACvB,UAAM,IAAI,WAAW,CAAC;AACtB,QAAI,MAAM,GAAG;AACX,UAAI,KAAK,IAAI,CAAC,EAAE;AAAA,IAClB,OAAO;AACL,UAAI,MAAM,OAAW,KAAI,KAAK,IAAI,CAAC,EAAE;AACrC,UAAI,MAAM,OAAW,KAAI,KAAK,IAAI,CAAC,EAAE;AAAA,IACvC;AAAA,EACF;AACA,SAAO,IAAI,KAAK,IAAI;AACtB;AAGA,SAAS,aAAa,WAAmB,KAA4B;AACnE,QAAM,UAAU,KAAK,WAAW,KAAK;AACrC,MAAI,CAAC,WAAW,OAAO,EAAG,QAAO;AACjC,MAAI;AACF,UAAM,UAAU,aAAa,SAAS,OAAO;AAC7C,UAAM,QAAQ,QAAQ,MAAM,IAAI,OAAO,IAAI,GAAG,UAAU,GAAG,CAAC;AAC5D,WAAO,QAAQ,MAAM,CAAC,IAAI;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAeA,eAAe,eAAiC;AAC9C,MAAI,CAAC,gBAAgB,EAAG,QAAO;AAC/B,MAAI;AACF,UAAM,SAAS,MAAM,QAAQ,KAAK;AAAA,MAChC,OAIG,mBAAmB;AAAA,MACtB,IAAI;AAAA,QAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,sBAAsB,CAAC,GAAG,IAAI;AAAA,MAClE;AAAA,IACF,CAAC;AACD,WAAO,QAAQ,iBAAiB;AAAA,EAClC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,SAAS,oBAAoB,aAAmF;AAC9G,QAAM,eAAe,KAAK,aAAa,WAAW,eAAe;AACjE,MAAI,WAAoC,CAAC;AACzC,MAAI,SAAwB;AAC5B,MAAI,WAAW,YAAY,GAAG;AAC5B,QAAI;AACF,eAAS,aAAa,cAAc,OAAO,EAAE,QAAQ,OAAO,EAAE;AAC9D,iBAAW,KAAK,MAAM,MAAM;AAAA,IAC9B,QAAQ;AACN,iBAAW,CAAC;AAAA,IACd;AAAA,EACF;AACA,SAAO,EAAE,UAAU,OAAO;AAC5B;AAQA,SAAS,qBAAqB,aAA+D;AAC3F,QAAM,EAAE,UAAU,OAAO,IAAI,oBAAoB,WAAW;AAC5D,uBAAqB,QAAQ;AAC7B,SAAO,EAAE,QAAQ,OAAO,KAAK,UAAU,UAAU,MAAM,CAAC,EAAE;AAC5D;AAMA,SAAS,wBAAwB,aAA+D;AAC9F,QAAM,EAAE,UAAU,OAAO,IAAI,oBAAoB,WAAW;AAC5D,QAAM,MAAM,EAAE,GAAK,SAAS,OAAkC,CAAC,EAAG;AAClE,MAAI,cAAc,oBAAoB,YAAY;AAClD,MAAI,WAAW;AACf,MAAI,sBAAsB;AAC1B,SAAO,EAAE,QAAQ,OAAO,KAAK,UAAU,EAAE,GAAG,UAAU,IAAI,GAAG,MAAM,CAAC,EAAE;AACxE;AAEA,IAAM,oBAAoB,KAAK,QAAQ,GAAG,WAAW,gBAAgB,6BAA6B;AAClG,IAAM,sBAAsB,KAAK,QAAQ,GAAG,WAAW,WAAW,QAAQ,2BAA2B;AAGrG,SAAS,WAAW,KAAmB;AACrC,WAAS,KAAK,EAAE,OAAO,UAAU,CAAC;AACpC;AAEO,IAAM,QAAqB;AAAA,EAChC;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA;AAAA;AAAA,IAGT,MAAM,SAA2B;AAC/B,aAAO,gBAAgB,KAAM,MAAM,aAAa;AAAA,IAClD;AAAA,IACA,MAAM,OAA0B;AAC9B,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,SAAS;AAAA,QACT,WAAW;AAAA,UACT;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,QAAQ;AAAA,YACR,OAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,MAAM,QAAuB;AAC3B,iBAAW,gCAAgC;AAAA,IAC7C;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,MAAM,SAA2B;AAC/B,aAAO,gBAAgB;AAAA,IACzB;AAAA,IACA,MAAM,KAAK,KAAwB;AACjC,YAAM,UAAU,KAAK,IAAI,WAAW,KAAK;AAKzC,UAAI,SAAwB;AAC5B,UAAI,WAAW,OAAO,GAAG;AACvB,YAAI;AACF,mBAAS,YAAY,aAAa,SAAS,OAAO,CAAC;AAAA,QACrD,QAAQ;AACN,mBAAS;AAAA,QACX;AAAA,MACF;AACA,YAAM,WAAW,aAAa,IAAI,WAAW,yBAAyB;AACtE,YAAM,eAAe,WAAW,UAAU,QAAQ,IAAI,UAAU,oBAAoB;AAOpF,YAAM,aAAa,CAAC,2BAA2B,YAAY,EAAE;AAC7D,YAAM,YAAY,aAAa,IAAI,WAAW,oBAAoB;AAClE,UAAI,WAAW;AACb,mBAAW,KAAK,sBAAsB,UAAU,SAAS,CAAC,EAAE;AAAA,MAC9D;AACA,YAAM,WAAW,QAAQ,IAAI;AAC7B,UAAI,UAAU;AACZ,mBAAW,KAAK,sBAAsB,QAAQ,EAAE;AAAA,MAClD;AACA,YAAM,QAAQ,WAAW,KAAK,IAAI;AAClC,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,SAAS;AAAA,QACT,WAAW;AAAA,UACT;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN;AAAA,YACA;AAAA,YACA,QAAQ;AAAA,UACV;AAAA;AAAA;AAAA,UAGA;AAAA,YACE,MAAM,KAAK,IAAI,WAAW,WAAW;AAAA,YACrC,MAAM;AAAA,YACN,QAAQ,WAAW,KAAK,IAAI,WAAW,WAAW,CAAC,IAAI,8BAA8B;AAAA,YACrF,OAAO;AAAA,YACP,QAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,MAAM,QAAuB;AAC3B,iBAAW,uBAAuB;AAAA,IACpC;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUP,SAAS;AAAA,IACT,MAAM,OAAO,KAAuB;AAClC,YAAM,eAAe,KAAK,IAAI,aAAa,WAAW,eAAe;AACrE,UAAI,CAAC,WAAW,YAAY,EAAG,QAAO;AACtC,UAAI;AACF,cAAM,WAAW,KAAK,MAAM,aAAa,cAAc,OAAO,CAAC;AAK/D,eAAO,yBAAyB,QAAQ;AAAA,MAC1C,QAAQ;AACN,eAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,MAAM,KAAK,KAAwB;AACjC,YAAM,eAAe,KAAK,IAAI,aAAa,WAAW,eAAe;AACrE,YAAM,EAAE,QAAQ,MAAM,IAAI,qBAAqB,IAAI,WAAW;AAC9D,YAAM,YAAwB;AAAA,QAC5B,EAAE,MAAM,cAAc,MAAM,QAAQ,QAAQ,MAAM;AAAA;AAAA;AAAA,QAGlD;AAAA,UACE,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,OACE;AAAA,QAGJ;AAAA;AAAA;AAAA;AAAA;AAAA,QAKA;AAAA;AAAA;AAAA,UAGE,MAAM,GAAG,YAAY;AAAA,UACrB,MAAM;AAAA,UACN,GAAG,wBAAwB,IAAI,WAAW;AAAA,QAC5C;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ,WAAW,SAAS,IAAI,0CAA0C;AAAA,UAC1E,OACE;AAAA,QAIJ;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,OAAO,oBAAoB,YAAY,qGAAgG,YAAY;AAAA,QACrJ;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,OAAO,sCAAiC,YAAY;AAAA,QACtD;AAAA,QACA;AAAA,UACE,MAAM,uBAAuB,YAAY;AAAA,UACzC,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,OAAO;AAAA,QACT;AAAA,MACF;AAEA,iBAAW,QAAQ,qBAAqB,IAAI,WAAW,EAAE,OAAO,CAAC,MAAM,MAAM,YAAY,MAAM,eAAe,GAAG;AAC/G,kBAAU,KAAK;AAAA,UACb,MAAM,GAAG,IAAI,WAAW,KAAK,IAAI;AAAA,UACjC,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,OAAO,iCAA4B,YAAY;AAAA,QACjD,CAAC;AAAA,MACH;AACA,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,SAAS;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAAA,IACA,MAAM,QAAuB;AAC3B,iBAAW,0BAA0B;AAAA,IACvC;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,SAAS;AAAA,IACT,MAAM,SAA2B;AAC/B,aAAO,aAAa;AAAA,IACtB;AAAA,IACA,MAAM,OAA0B;AAC9B,YAAM,QAAQ,QAAQ,aAAa;AACnC,YAAM,cAAc,QAAQ,oBAAoB;AAMhD,YAAM,SAAS,WAAW,WAAW,IACjC,iCAAiC,WAAW,MAC5C;AAGJ,YAAM,QAAQ,QACV;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,MACF,EAAE,KAAK,IAAI,IACX;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,MACF,EAAE,KAAK,IAAI;AACf,aAAO;AAAA,QACL,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,SAAS;AAAA,QACT,WAAW;AAAA,UACT,EAAE,MAAM,aAAa,MAAM,WAAW,QAAQ,MAAM;AAAA,QACtD;AAAA,MACF;AAAA,IACF;AAAA,IACA,MAAM,QAAuB;AAC3B,iBAAW,0CAA0C;AAAA,IACvD;AAAA,EACF;AACF;AAEA,IAAM,aAAa,IAAI,IAAuB,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAElE,SAAS,QAAQ,IAAuB;AAC7C,QAAM,OAAO,WAAW,IAAI,EAAE;AAC9B,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,uBAAuB,EAAE,EAAE;AACtD,SAAO;AACT;AAEO,SAAS,SAAS,OAAgC;AACvD,SAAQ,aAAmC,SAAS,KAAK;AAC3D;AAUA,IAAM,gBAAgB,oBAAI,IAAI;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAOD,SAAS,YAAY,SAAyB;AAC5C,SAAO,QACJ,QAAQ,OAAO,EAAE,EACjB,MAAM,IAAI,EACV,IAAI,CAAC,SAAS;AACb,UAAM,QAAQ,KAAK,MAAM,qBAAqB;AAC9C,QAAI,CAAC,MAAO,QAAO;AACnB,UAAM,CAAC,EAAE,KAAK,KAAK,IAAI;AACvB,WAAO,cAAc,IAAI,GAAG,IAAI,OAAO,GAAG,GAAG,IAAI,UAAU,KAAK,CAAC;AAAA,EACnE,CAAC,EACA,KAAK,IAAI;AACd;AAMA,eAAsB,cAAc,MAAoB,eAAe,GAAyB;AAC9F,QAAM,QAAsB,CAAC;AAC7B,aAAW,QAAQ,OAAO;AAGxB,UAAM,OAAO,MAAM,KAAK,OAAO,GAAG;AAClC,UAAM,KAAK,EAAE,IAAI,KAAK,IAAI,KAAK,CAAC;AAAA,EAClC;AAOA,QAAM,UAAU,MAAM,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AACpD,MAAI,WAAW,CAAC,QAAQ,MAAM;AAC5B,YAAQ,OAAO,MAAM,KAAK,CAAC,MAAM,EAAE,OAAO,aAAa,EAAE,IAAI;AAAA,EAC/D;AAMA,QAAM,UAAU,IAAI,IAAY,aAAa;AAC7C,QAAM,YAAY,MAAM,OAAO,CAAC,MAAM,QAAQ,IAAI,EAAE,EAAE,CAAC;AACvD,QAAM,gBAAgB,UAAU,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,GAAG,MAAM;AAC5D,QAAM,eAAe,UAAU,MAAM,CAAC,MAAM,EAAE,IAAI;AAClD,SAAO,EAAE,OAAO,cAAc,cAAc;AAC9C;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import {
|
|
2
|
+
ensureDeviceApiKey
|
|
3
|
+
} from "../../chunk-3AEVHOTS.js";
|
|
1
4
|
import {
|
|
2
5
|
BaseCommand
|
|
3
6
|
} from "../../chunk-SZ7VDCD6.js";
|
|
@@ -7,6 +10,7 @@ import {
|
|
|
7
10
|
} from "../../chunk-SLL3OBKN.js";
|
|
8
11
|
import "../../chunk-EKJ2CABV.js";
|
|
9
12
|
import {
|
|
13
|
+
ApiError,
|
|
10
14
|
apiPost
|
|
11
15
|
} from "../../chunk-ZRLYHBPN.js";
|
|
12
16
|
import {
|
|
@@ -32,6 +36,11 @@ var AuthLogin = class _AuthLogin extends BaseCommand {
|
|
|
32
36
|
let email = flags.email;
|
|
33
37
|
let password = flags.password;
|
|
34
38
|
if (!email || !password) {
|
|
39
|
+
if (!process.stdin.isTTY) {
|
|
40
|
+
this.error(
|
|
41
|
+
"Missing credentials in a non-interactive shell. Pass --email/-e and --password/-p, or set RULEMETRIC_API_KEY (create a key at https://rulemetric.com/settings)."
|
|
42
|
+
);
|
|
43
|
+
}
|
|
35
44
|
const { input, password: passwordPrompt } = await import("@inquirer/prompts");
|
|
36
45
|
if (!email) {
|
|
37
46
|
email = await input({ message: "Email:" });
|
|
@@ -40,7 +49,15 @@ var AuthLogin = class _AuthLogin extends BaseCommand {
|
|
|
40
49
|
password = await passwordPrompt({ message: "Password:" });
|
|
41
50
|
}
|
|
42
51
|
}
|
|
43
|
-
|
|
52
|
+
let data;
|
|
53
|
+
try {
|
|
54
|
+
data = await apiPost("/auth/login", { email, password });
|
|
55
|
+
} catch (err) {
|
|
56
|
+
if (err instanceof ApiError && err.statusCode === 401) {
|
|
57
|
+
this.error("Invalid email or password.");
|
|
58
|
+
}
|
|
59
|
+
throw err;
|
|
60
|
+
}
|
|
44
61
|
const expiresAt = data.expiresAt ?? new Date(Date.now() + 3600 * 1e3).toISOString();
|
|
45
62
|
saveToken({
|
|
46
63
|
accessToken: data.accessToken,
|
|
@@ -50,6 +67,7 @@ var AuthLogin = class _AuthLogin extends BaseCommand {
|
|
|
50
67
|
});
|
|
51
68
|
saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);
|
|
52
69
|
await bootstrapActiveOrg();
|
|
70
|
+
await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this));
|
|
53
71
|
this.log(`Logged in as ${data.email}`);
|
|
54
72
|
}
|
|
55
73
|
};
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/commands/auth/login.ts"],
|
|
4
|
-
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { BaseCommand } from '../../base-command.js';\nimport { saveToken, saveEnvFile } from '../../lib/auth.js';\nimport { apiPost } from '../../lib/api-client.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\n\ninterface LoginResponse {\n accessToken: string;\n refreshToken: string;\n expiresAt: string | null;\n email: string;\n}\n\nexport default class AuthLogin extends BaseCommand {\n static override description = 'Log in to RuleMetric';\n\n static override examples = [\n '<%= config.bin %> auth login',\n '<%= config.bin %> auth login -e user@example.com',\n ];\n\n static override flags = {\n email: Flags.string({ char: 'e', description: 'Email address' }),\n password: Flags.string({ char: 'p', description: 'Password (for non-interactive use)' }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(AuthLogin);\n\n let email = flags.email;\n let password = flags.password;\n\n if (!email || !password) {\n const { input, password: passwordPrompt } = await import('@inquirer/prompts');\n\n if (!email) {\n email = await input({ message: 'Email:' });\n }\n\n if (!password) {\n password = await passwordPrompt({ message: 'Password:' });\n }\n }\n\n
|
|
5
|
-
"mappings": "
|
|
4
|
+
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { BaseCommand } from '../../base-command.js';\nimport { saveToken, saveEnvFile } from '../../lib/auth.js';\nimport { apiPost, ApiError } from '../../lib/api-client.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\nimport { ensureDeviceApiKey } from '../../lib/ensure-api-key.js';\n\ninterface LoginResponse {\n accessToken: string;\n refreshToken: string;\n expiresAt: string | null;\n email: string;\n}\n\nexport default class AuthLogin extends BaseCommand {\n static override description = 'Log in to RuleMetric';\n\n static override examples = [\n '<%= config.bin %> auth login',\n '<%= config.bin %> auth login -e user@example.com',\n ];\n\n static override flags = {\n email: Flags.string({ char: 'e', description: 'Email address' }),\n password: Flags.string({ char: 'p', description: 'Password (for non-interactive use)' }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(AuthLogin);\n\n let email = flags.email;\n let password = flags.password;\n\n if (!email || !password) {\n // Interactive prompts hang forever with no output in a non-TTY (CI, SSH\n // pipe, an agent driving the CLI). Fail fast with actionable guidance\n // instead of appearing to freeze.\n if (!process.stdin.isTTY) {\n this.error(\n 'Missing credentials in a non-interactive shell. Pass --email/-e and --password/-p, ' +\n 'or set RULEMETRIC_API_KEY (create a key at https://rulemetric.com/settings).',\n );\n }\n const { input, password: passwordPrompt } = await import('@inquirer/prompts');\n\n if (!email) {\n email = await input({ message: 'Email:' });\n }\n\n if (!password) {\n password = await passwordPrompt({ message: 'Password:' });\n }\n }\n\n let data: LoginResponse;\n try {\n data = await apiPost<LoginResponse>('/auth/login', { email, password });\n } catch (err) {\n // A 401 HERE means the email/password were rejected \u2014 not that a prior\n // session expired. base-command's generic catch maps every 401 to\n // \"Session expired. Run auth login\", which is nonsensical mid-login and\n // loops the user. Give the real reason.\n if (err instanceof ApiError && err.statusCode === 401) {\n this.error('Invalid email or password.');\n }\n throw err;\n }\n\n const expiresAt = data.expiresAt ?? new Date(Date.now() + 3600 * 1000).toISOString();\n\n saveToken({\n accessToken: data.accessToken,\n refreshToken: data.refreshToken,\n expiresAt,\n email: data.email,\n });\n\n saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);\n\n // Bootstrap the active-org cache now that auth is available. BaseCommand\n // fired the guarded refresh BEFORE login completed (no creds \u2192 401 \u2192\n // swallowed); without this explicit retry, the cache stays empty until\n // the user runs another CLI command, and any Claude Code session that\n // fires in the meantime lands with org_id = NULL.\n await bootstrapActiveOrg();\n\n // Auto-mint a hooks/proxy API key so create-key isn't a separate manual\n // step (best-effort; no-ops if a key already exists, never fails login).\n await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this));\n\n this.log(`Logged in as ${data.email}`);\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,aAAa;AActB,IAAqB,YAArB,MAAqB,mBAAkB,YAAY;AAAA,EACjD,OAAgB,cAAc;AAAA,EAE9B,OAAgB,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AAAA,EAEA,OAAgB,QAAQ;AAAA,IACtB,OAAO,MAAM,OAAO,EAAE,MAAM,KAAK,aAAa,gBAAgB,CAAC;AAAA,IAC/D,UAAU,MAAM,OAAO,EAAE,MAAM,KAAK,aAAa,qCAAqC,CAAC;AAAA,EACzF;AAAA,EAEA,MAAM,MAAqB;AACzB,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,MAAM,UAAS;AAE5C,QAAI,QAAQ,MAAM;AAClB,QAAI,WAAW,MAAM;AAErB,QAAI,CAAC,SAAS,CAAC,UAAU;AAIvB,UAAI,CAAC,QAAQ,MAAM,OAAO;AACxB,aAAK;AAAA,UACH;AAAA,QAEF;AAAA,MACF;AACA,YAAM,EAAE,OAAO,UAAU,eAAe,IAAI,MAAM,OAAO,mBAAmB;AAE5E,UAAI,CAAC,OAAO;AACV,gBAAQ,MAAM,MAAM,EAAE,SAAS,SAAS,CAAC;AAAA,MAC3C;AAEA,UAAI,CAAC,UAAU;AACb,mBAAW,MAAM,eAAe,EAAE,SAAS,YAAY,CAAC;AAAA,MAC1D;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,aAAO,MAAM,QAAuB,eAAe,EAAE,OAAO,SAAS,CAAC;AAAA,IACxE,SAAS,KAAK;AAKZ,UAAI,eAAe,YAAY,IAAI,eAAe,KAAK;AACrD,aAAK,MAAM,4BAA4B;AAAA,MACzC;AACA,YAAM;AAAA,IACR;AAEA,UAAM,YAAY,KAAK,aAAa,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,GAAI,EAAE,YAAY;AAEnF,cAAU;AAAA,MACR,aAAa,KAAK;AAAA,MAClB,cAAc,KAAK;AAAA,MACnB;AAAA,MACA,OAAO,KAAK;AAAA,IACd,CAAC;AAED,gBAAY,KAAK,aAAa,QAAQ,IAAI,kBAAkB;AAO5D,UAAM,mBAAmB;AAIzB,UAAM,mBAAmB,KAAK,IAAI,KAAK,IAAI,GAAG,KAAK,KAAK,KAAK,IAAI,CAAC;AAElE,SAAK,IAAI,gBAAgB,KAAK,KAAK,EAAE;AAAA,EACvC;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|