@rulemetric/cli 0.6.2 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-MUOUV5LY.js → chunk-3QVMIJUL.js} +2 -2
- package/dist/{chunk-6TPJGYFF.js → chunk-5ADHO5QF.js} +2 -2
- package/dist/{chunk-QNSVCSHG.js → chunk-6EMZI4Y3.js} +391 -374
- package/dist/chunk-6EMZI4Y3.js.map +7 -0
- package/dist/{chunk-VIYUIQHW.js → chunk-AHDRN6NE.js} +2 -2
- package/dist/{chunk-CVMRMSV4.js → chunk-BBLTN35F.js} +4 -4
- package/dist/{chunk-IPOO4IGF.js → chunk-CNMWYYSV.js} +2 -2
- package/dist/{chunk-OTPC2LXW.js → chunk-DAJNO4OI.js} +7 -2
- package/dist/{chunk-OTPC2LXW.js.map → chunk-DAJNO4OI.js.map} +2 -2
- package/dist/{chunk-3AEVHOTS.js → chunk-HNZLEEG2.js} +6 -2
- package/dist/chunk-HNZLEEG2.js.map +7 -0
- package/dist/chunk-TX2HKJLA.js +55 -0
- package/dist/chunk-TX2HKJLA.js.map +7 -0
- package/dist/{chunk-TXHL3AUA.js → chunk-XNNOXGP6.js} +2 -2
- package/dist/commands/auth/login.js +6 -2
- package/dist/commands/auth/login.js.map +2 -2
- package/dist/commands/auth/signup.js +6 -2
- package/dist/commands/auth/signup.js.map +2 -2
- package/dist/commands/evals/agent.js +5 -5
- package/dist/commands/gateway/ensure.js +1 -1
- package/dist/commands/hooks/install.js +5 -1
- package/dist/commands/hooks/install.js.map +2 -2
- package/dist/commands/hooks/uninstall.js +1 -1
- package/dist/commands/proxy/env.js +1 -1
- package/dist/commands/proxy/status.js +1 -1
- package/dist/commands/service/install.js +4 -0
- package/dist/commands/service/install.js.map +2 -2
- package/dist/commands/setup.js +2 -2
- package/dist/lib/agent-loop.js +5 -5
- package/dist/lib/ensure-api-key.js +2 -1
- package/dist/lib/gateway-lifecycle.js +1 -1
- package/dist/lib/handlers/process-announcement.js +2 -2
- package/dist/lib/handlers/process-changelog.js +2 -2
- package/dist/lib/handlers/process-run-cleanup.js +2 -2
- package/dist/lib/handlers/process-session-goal.js +2 -2
- package/dist/lib/manual-tasks.js +2 -2
- package/dist/lib/setup-steps.js +2 -2
- package/dist/lib/telemetry.js +14 -0
- package/dist/lib/telemetry.js.map +7 -0
- package/oclif.manifest.json +1 -1
- package/package.json +5 -5
- package/dist/chunk-3AEVHOTS.js.map +0 -7
- package/dist/chunk-QNSVCSHG.js.map +0 -7
- /package/dist/{chunk-MUOUV5LY.js.map → chunk-3QVMIJUL.js.map} +0 -0
- /package/dist/{chunk-6TPJGYFF.js.map → chunk-5ADHO5QF.js.map} +0 -0
- /package/dist/{chunk-VIYUIQHW.js.map → chunk-AHDRN6NE.js.map} +0 -0
- /package/dist/{chunk-CVMRMSV4.js.map → chunk-BBLTN35F.js.map} +0 -0
- /package/dist/{chunk-IPOO4IGF.js.map → chunk-CNMWYYSV.js.map} +0 -0
- /package/dist/{chunk-TXHL3AUA.js.map → chunk-XNNOXGP6.js.map} +0 -0
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
import {
|
|
2
|
+
apiPost
|
|
3
|
+
} from "./chunk-ZRLYHBPN.js";
|
|
4
|
+
import {
|
|
5
|
+
getDefaultConfigDir
|
|
6
|
+
} from "./chunk-W2YERO7E.js";
|
|
7
|
+
|
|
8
|
+
// src/lib/telemetry.ts
|
|
9
|
+
import { createHash, randomUUID } from "node:crypto";
|
|
10
|
+
import { hostname, platform } from "node:os";
|
|
11
|
+
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
|
|
12
|
+
import { join } from "node:path";
|
|
13
|
+
var DEVICE_ID_FILE = "device-id";
|
|
14
|
+
function telemetryDisabled() {
|
|
15
|
+
const off = (v) => v === "1" || v === "true";
|
|
16
|
+
return off(process.env.RULEMETRIC_NO_TELEMETRY) || off(process.env.DO_NOT_TRACK);
|
|
17
|
+
}
|
|
18
|
+
function getDeviceId() {
|
|
19
|
+
const dir = getDefaultConfigDir();
|
|
20
|
+
const path = join(dir, DEVICE_ID_FILE);
|
|
21
|
+
try {
|
|
22
|
+
if (existsSync(path)) {
|
|
23
|
+
const cached = readFileSync(path, "utf-8").trim();
|
|
24
|
+
if (cached) return cached;
|
|
25
|
+
}
|
|
26
|
+
} catch {
|
|
27
|
+
}
|
|
28
|
+
const id = createHash("sha256").update(`${randomUUID()}:${hostname()}`).digest("hex").slice(0, 32);
|
|
29
|
+
try {
|
|
30
|
+
mkdirSync(dir, { recursive: true });
|
|
31
|
+
writeFileSync(path, id, { mode: 384 });
|
|
32
|
+
} catch {
|
|
33
|
+
}
|
|
34
|
+
return id;
|
|
35
|
+
}
|
|
36
|
+
async function emitSetupEvent(event, props = {}, cliVersion) {
|
|
37
|
+
if (telemetryDisabled()) return;
|
|
38
|
+
try {
|
|
39
|
+
await apiPost("/api/telemetry/cli-events", {
|
|
40
|
+
event,
|
|
41
|
+
deviceId: getDeviceId(),
|
|
42
|
+
cliVersion,
|
|
43
|
+
os: platform(),
|
|
44
|
+
props
|
|
45
|
+
});
|
|
46
|
+
} catch {
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
export {
|
|
51
|
+
telemetryDisabled,
|
|
52
|
+
getDeviceId,
|
|
53
|
+
emitSetupEvent
|
|
54
|
+
};
|
|
55
|
+
//# sourceMappingURL=chunk-TX2HKJLA.js.map
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/lib/telemetry.ts"],
|
|
4
|
+
"sourcesContent": ["import { createHash, randomUUID } from 'node:crypto';\nimport { hostname, platform } from 'node:os';\nimport { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';\nimport { join } from 'node:path';\nimport { apiPost } from './api-client.js';\nimport { getDefaultConfigDir } from './auth.js';\n\n/**\n * CLI onboarding telemetry \u2014 records setup lifecycle events (install \u2192 auth \u2192\n * hooks \u2192 worker \u2192 capture) so a remote machine coming online is VISIBLE\n * without a relayed text report. DISCLOSED (README \"Telemetry\") and OPT-OUTABLE:\n * set RULEMETRIC_NO_TELEMETRY=1 or the cross-tool standard DO_NOT_TRACK=1 and\n * nothing is sent. Best-effort: never throws, never blocks a command.\n *\n * What is sent: a per-machine device id (a random UUID minted once, NOT your\n * hostname), the event name, CLI version, os (`process.platform`), and small\n * non-sensitive flags (e.g. {proxy:true}). No prompts, no code, no file paths.\n */\n\nconst DEVICE_ID_FILE = 'device-id';\n\nexport function telemetryDisabled(): boolean {\n const off = (v: string | undefined) => v === '1' || v === 'true';\n return off(process.env.RULEMETRIC_NO_TELEMETRY) || off(process.env.DO_NOT_TRACK);\n}\n\n/**\n * Stable, non-identifying per-machine id. Minted once and cached in the config\n * dir. Salted-hashed so even the file contents don't reveal the hostname.\n */\nexport function getDeviceId(): string {\n const dir = getDefaultConfigDir();\n const path = join(dir, DEVICE_ID_FILE);\n try {\n if (existsSync(path)) {\n const cached = readFileSync(path, 'utf-8').trim();\n if (cached) return cached;\n }\n } catch {\n /* fall through to mint */\n }\n // Seed from a random UUID (primary) + a hostname hash (stable fallback signal).\n const id = createHash('sha256')\n .update(`${randomUUID()}:${hostname()}`)\n .digest('hex')\n .slice(0, 32);\n try {\n mkdirSync(dir, { recursive: true });\n writeFileSync(path, id, { mode: 0o600 });\n } catch {\n /* non-fatal \u2014 a non-persisted id still lets a single run correlate */\n }\n return id;\n}\n\n/**\n * Fire-and-forget a setup event. Swallows every error (offline, unauth, 4xx) \u2014\n * telemetry must never affect the command the user actually ran.\n */\nexport async function emitSetupEvent(\n event: string,\n props: Record<string, unknown> = {},\n cliVersion?: string,\n): Promise<void> {\n if (telemetryDisabled()) return;\n try {\n await apiPost('/api/telemetry/cli-events', {\n event,\n deviceId: getDeviceId(),\n cliVersion,\n os: platform(),\n props,\n });\n } catch {\n /* best-effort */\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;AAAA,SAAS,YAAY,kBAAkB;AACvC,SAAS,UAAU,gBAAgB;AACnC,SAAS,YAAY,WAAW,cAAc,qBAAqB;AACnE,SAAS,YAAY;AAgBrB,IAAM,iBAAiB;AAEhB,SAAS,oBAA6B;AAC3C,QAAM,MAAM,CAAC,MAA0B,MAAM,OAAO,MAAM;AAC1D,SAAO,IAAI,QAAQ,IAAI,uBAAuB,KAAK,IAAI,QAAQ,IAAI,YAAY;AACjF;AAMO,SAAS,cAAsB;AACpC,QAAM,MAAM,oBAAoB;AAChC,QAAM,OAAO,KAAK,KAAK,cAAc;AACrC,MAAI;AACF,QAAI,WAAW,IAAI,GAAG;AACpB,YAAM,SAAS,aAAa,MAAM,OAAO,EAAE,KAAK;AAChD,UAAI,OAAQ,QAAO;AAAA,IACrB;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,QAAM,KAAK,WAAW,QAAQ,EAC3B,OAAO,GAAG,WAAW,CAAC,IAAI,SAAS,CAAC,EAAE,EACtC,OAAO,KAAK,EACZ,MAAM,GAAG,EAAE;AACd,MAAI;AACF,cAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAClC,kBAAc,MAAM,IAAI,EAAE,MAAM,IAAM,CAAC;AAAA,EACzC,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAMA,eAAsB,eACpB,OACA,QAAiC,CAAC,GAClC,YACe;AACf,MAAI,kBAAkB,EAAG;AACzB,MAAI;AACF,UAAM,QAAQ,6BAA6B;AAAA,MACzC;AAAA,MACA,UAAU,YAAY;AAAA,MACtB;AAAA,MACA,IAAI,SAAS;AAAA,MACb;AAAA,IACF,CAAC;AAAA,EACH,QAAQ;AAAA,EAER;AACF;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
|
@@ -5,7 +5,7 @@ import {
|
|
|
5
5
|
} from "./chunk-XN23W5HL.js";
|
|
6
6
|
import {
|
|
7
7
|
GATEWAY_PORT
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-DAJNO4OI.js";
|
|
9
9
|
import {
|
|
10
10
|
apiGet
|
|
11
11
|
} from "./chunk-ZRLYHBPN.js";
|
|
@@ -392,4 +392,4 @@ export {
|
|
|
392
392
|
isStepId,
|
|
393
393
|
computeStatus
|
|
394
394
|
};
|
|
395
|
-
//# sourceMappingURL=chunk-
|
|
395
|
+
//# sourceMappingURL=chunk-XNNOXGP6.js.map
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
import {
|
|
2
2
|
ensureDeviceApiKey
|
|
3
|
-
} from "../../chunk-
|
|
3
|
+
} from "../../chunk-HNZLEEG2.js";
|
|
4
|
+
import {
|
|
5
|
+
emitSetupEvent
|
|
6
|
+
} from "../../chunk-TX2HKJLA.js";
|
|
4
7
|
import {
|
|
5
8
|
BaseCommand
|
|
6
9
|
} from "../../chunk-SZ7VDCD6.js";
|
|
@@ -67,7 +70,8 @@ var AuthLogin = class _AuthLogin extends BaseCommand {
|
|
|
67
70
|
});
|
|
68
71
|
saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);
|
|
69
72
|
await bootstrapActiveOrg();
|
|
70
|
-
await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this));
|
|
73
|
+
await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this), this.config.version);
|
|
74
|
+
void emitSetupEvent("auth_login", {}, this.config.version);
|
|
71
75
|
this.log(`Logged in as ${data.email}`);
|
|
72
76
|
}
|
|
73
77
|
};
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/commands/auth/login.ts"],
|
|
4
|
-
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { BaseCommand } from '../../base-command.js';\nimport { saveToken, saveEnvFile } from '../../lib/auth.js';\nimport { apiPost, ApiError } from '../../lib/api-client.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\nimport { ensureDeviceApiKey } from '../../lib/ensure-api-key.js';\n\ninterface LoginResponse {\n accessToken: string;\n refreshToken: string;\n expiresAt: string | null;\n email: string;\n}\n\nexport default class AuthLogin extends BaseCommand {\n static override description = 'Log in to RuleMetric';\n\n static override examples = [\n '<%= config.bin %> auth login',\n '<%= config.bin %> auth login -e user@example.com',\n ];\n\n static override flags = {\n email: Flags.string({ char: 'e', description: 'Email address' }),\n password: Flags.string({ char: 'p', description: 'Password (for non-interactive use)' }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(AuthLogin);\n\n let email = flags.email;\n let password = flags.password;\n\n if (!email || !password) {\n // Interactive prompts hang forever with no output in a non-TTY (CI, SSH\n // pipe, an agent driving the CLI). Fail fast with actionable guidance\n // instead of appearing to freeze.\n if (!process.stdin.isTTY) {\n this.error(\n 'Missing credentials in a non-interactive shell. Pass --email/-e and --password/-p, ' +\n 'or set RULEMETRIC_API_KEY (create a key at https://rulemetric.com/settings).',\n );\n }\n const { input, password: passwordPrompt } = await import('@inquirer/prompts');\n\n if (!email) {\n email = await input({ message: 'Email:' });\n }\n\n if (!password) {\n password = await passwordPrompt({ message: 'Password:' });\n }\n }\n\n let data: LoginResponse;\n try {\n data = await apiPost<LoginResponse>('/auth/login', { email, password });\n } catch (err) {\n // A 401 HERE means the email/password were rejected \u2014 not that a prior\n // session expired. base-command's generic catch maps every 401 to\n // \"Session expired. Run auth login\", which is nonsensical mid-login and\n // loops the user. Give the real reason.\n if (err instanceof ApiError && err.statusCode === 401) {\n this.error('Invalid email or password.');\n }\n throw err;\n }\n\n const expiresAt = data.expiresAt ?? new Date(Date.now() + 3600 * 1000).toISOString();\n\n saveToken({\n accessToken: data.accessToken,\n refreshToken: data.refreshToken,\n expiresAt,\n email: data.email,\n });\n\n saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);\n\n // Bootstrap the active-org cache now that auth is available. BaseCommand\n // fired the guarded refresh BEFORE login completed (no creds \u2192 401 \u2192\n // swallowed); without this explicit retry, the cache stays empty until\n // the user runs another CLI command, and any Claude Code session that\n // fires in the meantime lands with org_id = NULL.\n await bootstrapActiveOrg();\n\n // Auto-mint a hooks/proxy API key so create-key isn't a separate manual\n // step (best-effort; no-ops if a key already exists, never fails login).\n await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this));\n\n this.log(`Logged in as ${data.email}`);\n }\n}\n"],
|
|
5
|
-
"mappings": "
|
|
4
|
+
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { BaseCommand } from '../../base-command.js';\nimport { saveToken, saveEnvFile } from '../../lib/auth.js';\nimport { apiPost, ApiError } from '../../lib/api-client.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\nimport { ensureDeviceApiKey } from '../../lib/ensure-api-key.js';\nimport { emitSetupEvent } from '../../lib/telemetry.js';\n\ninterface LoginResponse {\n accessToken: string;\n refreshToken: string;\n expiresAt: string | null;\n email: string;\n}\n\nexport default class AuthLogin extends BaseCommand {\n static override description = 'Log in to RuleMetric';\n\n static override examples = [\n '<%= config.bin %> auth login',\n '<%= config.bin %> auth login -e user@example.com',\n ];\n\n static override flags = {\n email: Flags.string({ char: 'e', description: 'Email address' }),\n password: Flags.string({ char: 'p', description: 'Password (for non-interactive use)' }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(AuthLogin);\n\n let email = flags.email;\n let password = flags.password;\n\n if (!email || !password) {\n // Interactive prompts hang forever with no output in a non-TTY (CI, SSH\n // pipe, an agent driving the CLI). Fail fast with actionable guidance\n // instead of appearing to freeze.\n if (!process.stdin.isTTY) {\n this.error(\n 'Missing credentials in a non-interactive shell. Pass --email/-e and --password/-p, ' +\n 'or set RULEMETRIC_API_KEY (create a key at https://rulemetric.com/settings).',\n );\n }\n const { input, password: passwordPrompt } = await import('@inquirer/prompts');\n\n if (!email) {\n email = await input({ message: 'Email:' });\n }\n\n if (!password) {\n password = await passwordPrompt({ message: 'Password:' });\n }\n }\n\n let data: LoginResponse;\n try {\n data = await apiPost<LoginResponse>('/auth/login', { email, password });\n } catch (err) {\n // A 401 HERE means the email/password were rejected \u2014 not that a prior\n // session expired. base-command's generic catch maps every 401 to\n // \"Session expired. Run auth login\", which is nonsensical mid-login and\n // loops the user. Give the real reason.\n if (err instanceof ApiError && err.statusCode === 401) {\n this.error('Invalid email or password.');\n }\n throw err;\n }\n\n const expiresAt = data.expiresAt ?? new Date(Date.now() + 3600 * 1000).toISOString();\n\n saveToken({\n accessToken: data.accessToken,\n refreshToken: data.refreshToken,\n expiresAt,\n email: data.email,\n });\n\n saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);\n\n // Bootstrap the active-org cache now that auth is available. BaseCommand\n // fired the guarded refresh BEFORE login completed (no creds \u2192 401 \u2192\n // swallowed); without this explicit retry, the cache stays empty until\n // the user runs another CLI command, and any Claude Code session that\n // fires in the meantime lands with org_id = NULL.\n await bootstrapActiveOrg();\n\n // Auto-mint a hooks/proxy API key so create-key isn't a separate manual\n // step (best-effort; no-ops if a key already exists, never fails login).\n await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this), this.config.version);\n\n // Onboarding telemetry (disclosed + opt-outable) \u2014 first authenticated\n // event, so a remote install becomes visible from here on.\n void emitSetupEvent('auth_login', {}, this.config.version);\n\n this.log(`Logged in as ${data.email}`);\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,aAAa;AAetB,IAAqB,YAArB,MAAqB,mBAAkB,YAAY;AAAA,EACjD,OAAgB,cAAc;AAAA,EAE9B,OAAgB,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AAAA,EAEA,OAAgB,QAAQ;AAAA,IACtB,OAAO,MAAM,OAAO,EAAE,MAAM,KAAK,aAAa,gBAAgB,CAAC;AAAA,IAC/D,UAAU,MAAM,OAAO,EAAE,MAAM,KAAK,aAAa,qCAAqC,CAAC;AAAA,EACzF;AAAA,EAEA,MAAM,MAAqB;AACzB,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,MAAM,UAAS;AAE5C,QAAI,QAAQ,MAAM;AAClB,QAAI,WAAW,MAAM;AAErB,QAAI,CAAC,SAAS,CAAC,UAAU;AAIvB,UAAI,CAAC,QAAQ,MAAM,OAAO;AACxB,aAAK;AAAA,UACH;AAAA,QAEF;AAAA,MACF;AACA,YAAM,EAAE,OAAO,UAAU,eAAe,IAAI,MAAM,OAAO,mBAAmB;AAE5E,UAAI,CAAC,OAAO;AACV,gBAAQ,MAAM,MAAM,EAAE,SAAS,SAAS,CAAC;AAAA,MAC3C;AAEA,UAAI,CAAC,UAAU;AACb,mBAAW,MAAM,eAAe,EAAE,SAAS,YAAY,CAAC;AAAA,MAC1D;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,aAAO,MAAM,QAAuB,eAAe,EAAE,OAAO,SAAS,CAAC;AAAA,IACxE,SAAS,KAAK;AAKZ,UAAI,eAAe,YAAY,IAAI,eAAe,KAAK;AACrD,aAAK,MAAM,4BAA4B;AAAA,MACzC;AACA,YAAM;AAAA,IACR;AAEA,UAAM,YAAY,KAAK,aAAa,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,GAAI,EAAE,YAAY;AAEnF,cAAU;AAAA,MACR,aAAa,KAAK;AAAA,MAClB,cAAc,KAAK;AAAA,MACnB;AAAA,MACA,OAAO,KAAK;AAAA,IACd,CAAC;AAED,gBAAY,KAAK,aAAa,QAAQ,IAAI,kBAAkB;AAO5D,UAAM,mBAAmB;AAIzB,UAAM,mBAAmB,KAAK,IAAI,KAAK,IAAI,GAAG,KAAK,KAAK,KAAK,IAAI,GAAG,KAAK,OAAO,OAAO;AAIvF,SAAK,eAAe,cAAc,CAAC,GAAG,KAAK,OAAO,OAAO;AAEzD,SAAK,IAAI,gBAAgB,KAAK,KAAK,EAAE;AAAA,EACvC;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
import {
|
|
2
2
|
ensureDeviceApiKey
|
|
3
|
-
} from "../../chunk-
|
|
3
|
+
} from "../../chunk-HNZLEEG2.js";
|
|
4
|
+
import {
|
|
5
|
+
emitSetupEvent
|
|
6
|
+
} from "../../chunk-TX2HKJLA.js";
|
|
4
7
|
import {
|
|
5
8
|
BaseCommand
|
|
6
9
|
} from "../../chunk-SZ7VDCD6.js";
|
|
@@ -71,7 +74,8 @@ var AuthSignup = class _AuthSignup extends BaseCommand {
|
|
|
71
74
|
});
|
|
72
75
|
saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);
|
|
73
76
|
await bootstrapActiveOrg();
|
|
74
|
-
await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this));
|
|
77
|
+
await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this), this.config.version);
|
|
78
|
+
void emitSetupEvent("auth_signup", {}, this.config.version);
|
|
75
79
|
this.log(`Signed up and logged in as ${data.email}`);
|
|
76
80
|
}
|
|
77
81
|
};
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/commands/auth/signup.ts"],
|
|
4
|
-
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { BaseCommand } from '../../base-command.js';\nimport { saveToken, saveEnvFile } from '../../lib/auth.js';\nimport { apiPost, ApiError } from '../../lib/api-client.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\nimport { ensureDeviceApiKey } from '../../lib/ensure-api-key.js';\n\ninterface SignupResponse {\n confirmationRequired: boolean;\n accessToken?: string;\n refreshToken?: string;\n expiresAt?: string | null;\n email: string;\n}\n\nexport default class AuthSignup extends BaseCommand {\n static override description = 'Create a RuleMetric account from the CLI';\n\n static override examples = [\n '<%= config.bin %> auth signup',\n '<%= config.bin %> auth signup -e user@example.com',\n ];\n\n static override flags = {\n email: Flags.string({ char: 'e', description: 'Email address' }),\n password: Flags.string({ char: 'p', description: 'Password (min 8 chars; for non-interactive use)' }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(AuthSignup);\n\n let email = flags.email;\n let password = flags.password;\n\n if (!email || !password) {\n // Interactive prompts hang forever with no output in a non-TTY (CI, SSH\n // pipe, an agent driving the CLI). Fail fast with actionable guidance.\n if (!process.stdin.isTTY) {\n this.error('Missing credentials in a non-interactive shell. Pass --email/-e and --password/-p.');\n }\n const { input, password: passwordPrompt } = await import('@inquirer/prompts');\n\n if (!email) {\n email = await input({ message: 'Email:' });\n }\n if (!password) {\n password = await passwordPrompt({ message: 'Password (min 8 chars):' });\n }\n }\n\n let data: SignupResponse;\n try {\n data = await apiPost<SignupResponse>('/auth/signup', { email, password });\n } catch (err) {\n // 409 = the email is already registered \u2014 steer to login, not a retry loop.\n if (err instanceof ApiError && err.statusCode === 409) {\n this.error(`An account with ${email} already exists. Run: rulemetric auth login -e ${email}`);\n }\n throw err;\n }\n\n // Email confirmation is ON: no session yet. Tell the user exactly what to do\n // next instead of leaving them at a dead end.\n if (data.confirmationRequired || !data.accessToken || !data.refreshToken) {\n this.log(`Account created for ${data.email}.`);\n this.log('Check your email and click the confirmation link, then run:');\n this.log(` rulemetric auth login -e ${data.email}`);\n return;\n }\n\n // Confirmation OFF: a session came back \u2014 log in immediately.\n const expiresAt = data.expiresAt ?? new Date(Date.now() + 3600 * 1000).toISOString();\n saveToken({\n accessToken: data.accessToken,\n refreshToken: data.refreshToken,\n expiresAt,\n email: data.email,\n });\n saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);\n\n await bootstrapActiveOrg();\n await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this));\n\n this.log(`Signed up and logged in as ${data.email}`);\n }\n}\n"],
|
|
5
|
-
"mappings": "
|
|
4
|
+
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { BaseCommand } from '../../base-command.js';\nimport { saveToken, saveEnvFile } from '../../lib/auth.js';\nimport { apiPost, ApiError } from '../../lib/api-client.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\nimport { ensureDeviceApiKey } from '../../lib/ensure-api-key.js';\nimport { emitSetupEvent } from '../../lib/telemetry.js';\n\ninterface SignupResponse {\n confirmationRequired: boolean;\n accessToken?: string;\n refreshToken?: string;\n expiresAt?: string | null;\n email: string;\n}\n\nexport default class AuthSignup extends BaseCommand {\n static override description = 'Create a RuleMetric account from the CLI';\n\n static override examples = [\n '<%= config.bin %> auth signup',\n '<%= config.bin %> auth signup -e user@example.com',\n ];\n\n static override flags = {\n email: Flags.string({ char: 'e', description: 'Email address' }),\n password: Flags.string({ char: 'p', description: 'Password (min 8 chars; for non-interactive use)' }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(AuthSignup);\n\n let email = flags.email;\n let password = flags.password;\n\n if (!email || !password) {\n // Interactive prompts hang forever with no output in a non-TTY (CI, SSH\n // pipe, an agent driving the CLI). Fail fast with actionable guidance.\n if (!process.stdin.isTTY) {\n this.error('Missing credentials in a non-interactive shell. Pass --email/-e and --password/-p.');\n }\n const { input, password: passwordPrompt } = await import('@inquirer/prompts');\n\n if (!email) {\n email = await input({ message: 'Email:' });\n }\n if (!password) {\n password = await passwordPrompt({ message: 'Password (min 8 chars):' });\n }\n }\n\n let data: SignupResponse;\n try {\n data = await apiPost<SignupResponse>('/auth/signup', { email, password });\n } catch (err) {\n // 409 = the email is already registered \u2014 steer to login, not a retry loop.\n if (err instanceof ApiError && err.statusCode === 409) {\n this.error(`An account with ${email} already exists. Run: rulemetric auth login -e ${email}`);\n }\n throw err;\n }\n\n // Email confirmation is ON: no session yet. Tell the user exactly what to do\n // next instead of leaving them at a dead end.\n if (data.confirmationRequired || !data.accessToken || !data.refreshToken) {\n this.log(`Account created for ${data.email}.`);\n this.log('Check your email and click the confirmation link, then run:');\n this.log(` rulemetric auth login -e ${data.email}`);\n return;\n }\n\n // Confirmation OFF: a session came back \u2014 log in immediately.\n const expiresAt = data.expiresAt ?? new Date(Date.now() + 3600 * 1000).toISOString();\n saveToken({\n accessToken: data.accessToken,\n refreshToken: data.refreshToken,\n expiresAt,\n email: data.email,\n });\n saveEnvFile(data.accessToken, process.env.RULEMETRIC_API_URL);\n\n await bootstrapActiveOrg();\n await ensureDeviceApiKey(this.log.bind(this), this.warn.bind(this), this.config.version);\n void emitSetupEvent('auth_signup', {}, this.config.version);\n\n this.log(`Signed up and logged in as ${data.email}`);\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,aAAa;AAgBtB,IAAqB,aAArB,MAAqB,oBAAmB,YAAY;AAAA,EAClD,OAAgB,cAAc;AAAA,EAE9B,OAAgB,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,EACF;AAAA,EAEA,OAAgB,QAAQ;AAAA,IACtB,OAAO,MAAM,OAAO,EAAE,MAAM,KAAK,aAAa,gBAAgB,CAAC;AAAA,IAC/D,UAAU,MAAM,OAAO,EAAE,MAAM,KAAK,aAAa,kDAAkD,CAAC;AAAA,EACtG;AAAA,EAEA,MAAM,MAAqB;AACzB,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,MAAM,WAAU;AAE7C,QAAI,QAAQ,MAAM;AAClB,QAAI,WAAW,MAAM;AAErB,QAAI,CAAC,SAAS,CAAC,UAAU;AAGvB,UAAI,CAAC,QAAQ,MAAM,OAAO;AACxB,aAAK,MAAM,oFAAoF;AAAA,MACjG;AACA,YAAM,EAAE,OAAO,UAAU,eAAe,IAAI,MAAM,OAAO,mBAAmB;AAE5E,UAAI,CAAC,OAAO;AACV,gBAAQ,MAAM,MAAM,EAAE,SAAS,SAAS,CAAC;AAAA,MAC3C;AACA,UAAI,CAAC,UAAU;AACb,mBAAW,MAAM,eAAe,EAAE,SAAS,0BAA0B,CAAC;AAAA,MACxE;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,aAAO,MAAM,QAAwB,gBAAgB,EAAE,OAAO,SAAS,CAAC;AAAA,IAC1E,SAAS,KAAK;AAEZ,UAAI,eAAe,YAAY,IAAI,eAAe,KAAK;AACrD,aAAK,MAAM,mBAAmB,KAAK,kDAAkD,KAAK,EAAE;AAAA,MAC9F;AACA,YAAM;AAAA,IACR;AAIA,QAAI,KAAK,wBAAwB,CAAC,KAAK,eAAe,CAAC,KAAK,cAAc;AACxE,WAAK,IAAI,uBAAuB,KAAK,KAAK,GAAG;AAC7C,WAAK,IAAI,6DAA6D;AACtE,WAAK,IAAI,8BAA8B,KAAK,KAAK,EAAE;AACnD;AAAA,IACF;AAGA,UAAM,YAAY,KAAK,aAAa,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,GAAI,EAAE,YAAY;AACnF,cAAU;AAAA,MACR,aAAa,KAAK;AAAA,MAClB,cAAc,KAAK;AAAA,MACnB;AAAA,MACA,OAAO,KAAK;AAAA,IACd,CAAC;AACD,gBAAY,KAAK,aAAa,QAAQ,IAAI,kBAAkB;AAE5D,UAAM,mBAAmB;AACzB,UAAM,mBAAmB,KAAK,IAAI,KAAK,IAAI,GAAG,KAAK,KAAK,KAAK,IAAI,GAAG,KAAK,OAAO,OAAO;AACvF,SAAK,eAAe,eAAe,CAAC,GAAG,KAAK,OAAO,OAAO;AAE1D,SAAK,IAAI,8BAA8B,KAAK,KAAK,EAAE;AAAA,EACrD;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -1,25 +1,25 @@
|
|
|
1
1
|
import {
|
|
2
2
|
runAgentLoop
|
|
3
|
-
} from "../../chunk-
|
|
3
|
+
} from "../../chunk-BBLTN35F.js";
|
|
4
4
|
import "../../chunk-JEJ3J5J6.js";
|
|
5
5
|
import "../../chunk-RCMXTLQF.js";
|
|
6
6
|
import "../../chunk-N5A2IQAK.js";
|
|
7
7
|
import "../../chunk-OTOWLUOJ.js";
|
|
8
|
-
import "../../chunk-
|
|
8
|
+
import "../../chunk-5ADHO5QF.js";
|
|
9
9
|
import "../../chunk-Y4BJXXYV.js";
|
|
10
10
|
import "../../chunk-W53GKIZQ.js";
|
|
11
|
-
import "../../chunk-
|
|
11
|
+
import "../../chunk-3QVMIJUL.js";
|
|
12
12
|
import "../../chunk-XZXS2W24.js";
|
|
13
13
|
import "../../chunk-RQ2TMLKG.js";
|
|
14
14
|
import "../../chunk-VBGUNFKY.js";
|
|
15
15
|
import "../../chunk-FZKLLNDS.js";
|
|
16
|
-
import "../../chunk-
|
|
16
|
+
import "../../chunk-AHDRN6NE.js";
|
|
17
17
|
import "../../chunk-DGHWRQXL.js";
|
|
18
18
|
import "../../chunk-E3BIT53W.js";
|
|
19
19
|
import "../../chunk-QSN77T7C.js";
|
|
20
20
|
import {
|
|
21
21
|
closeDb
|
|
22
|
-
} from "../../chunk-
|
|
22
|
+
} from "../../chunk-6EMZI4Y3.js";
|
|
23
23
|
import "../../chunk-3POYC5NA.js";
|
|
24
24
|
import "../../chunk-DR5WLIOU.js";
|
|
25
25
|
import "../../chunk-J7N3DLH6.js";
|
|
@@ -28,8 +28,11 @@ import {
|
|
|
28
28
|
isGatewayRunning,
|
|
29
29
|
spawnGateway,
|
|
30
30
|
waitForGatewayListening
|
|
31
|
-
} from "../../chunk-
|
|
31
|
+
} from "../../chunk-DAJNO4OI.js";
|
|
32
32
|
import "../../chunk-KRBQLMOP.js";
|
|
33
|
+
import {
|
|
34
|
+
emitSetupEvent
|
|
35
|
+
} from "../../chunk-TX2HKJLA.js";
|
|
33
36
|
import {
|
|
34
37
|
BaseCommand
|
|
35
38
|
} from "../../chunk-SZ7VDCD6.js";
|
|
@@ -289,6 +292,7 @@ var HooksInstall = class _HooksInstall extends BaseCommand {
|
|
|
289
292
|
this.log("prompts for instruction-effectiveness linking.");
|
|
290
293
|
}
|
|
291
294
|
await bootstrapActiveOrg();
|
|
295
|
+
void emitSetupEvent("hooks_installed", { proxy: proxyActive, global: isGlobal }, this.config.version);
|
|
292
296
|
const tmux = await detectTmux();
|
|
293
297
|
this.log("");
|
|
294
298
|
if (tmux.available) {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/commands/hooks/install.ts"],
|
|
4
|
-
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { execFileSync, execSync, spawnSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\nimport { homedir } from 'node:os';\nimport { join, dirname } from 'node:path';\nimport { BaseCommand } from '../../base-command.js';\nimport { isGatewayRunning, waitForGatewayListening, spawnGateway, GATEWAY_PORT } from '../../lib/gateway-lifecycle.js';\n\n// Resolve the directory holding the `rulemetric` executable, so hook commands\n// can prepend it to PATH. Claude Code runs hooks via `/bin/sh -c` with a\n// minimal PATH that omits nvm/pnpm global bin dirs \u2014 so a bare `rulemetric`\n// hits \"command not found\" and capture (plus the session-start gateway\n// auto-start) silently fails. We resolve it here, in the install process's\n// full PATH, and bake the dir into the hook command. Returns undefined on\n// failure \u2192 callers fall back to the bare `rulemetric` (dev/back-compat).\nfunction resolveHookBinDir(): string | undefined {\n try {\n const out = execFileSync('/bin/sh', ['-c', 'command -v rulemetric'], {\n encoding: 'utf-8',\n }).trim();\n if (out && existsSync(out)) return dirname(out);\n } catch {\n /* not resolvable \u2014 fall back to bare `rulemetric` */\n }\n return undefined;\n}\n\n// True iff `rulemetric service install` has wired the gateway up as a launchd\n// agent. When this returns true, hooks install must NOT spawn its own\n// detached gateway \u2014 two processes fighting for :8787 means one crash-loops\n// and Claude Code's HTTPS_PROXY breaks.\nfunction isGatewayLaunchdManaged(): boolean {\n try {\n execFileSync('launchctl', ['list', 'com.rulemetric.gateway'], {\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return true;\n } catch {\n // Non-zero exit = label not loaded\n return false;\n }\n}\nimport {\n writeStatuslineShim,\n readCurrentStatusLine,\n isStatuslineShimInstalled,\n STATUSLINE_SETTINGS_VALUE,\n} from '../../lib/statusline-shim.js';\nimport {\n mergeClaudeCodeHooks,\n removeClaudeCodeHooks,\n readClaudeSettings,\n writeClaudeSettingsWithBackup,\n writeCursorProxyConfig,\n writeCursorUserProxyConfig,\n writeVSCodeProxyConfig,\n installMacOSProxyEnv,\n writeVSCodeUserProxyConfig,\n writeCursorHooks,\n writeCursorUserHooks,\n writeCopilotHooks,\n writeAntigravityHooks,\n writeAntigravityUserHooks,\n} from '../../lib/hooks-config.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\nimport { detectTmux } from '../../lib/detect-tmux.js';\n\nconst CERT_PATH = join(homedir(), '.mitmproxy', 'mitmproxy-ca-cert.pem');\n\nexport default class HooksInstall extends BaseCommand {\n static override description = 'Install session tracking hooks and context capture proxy for Claude Code';\n\n static override examples = [\n '<%= config.bin %> hooks install',\n '<%= config.bin %> hooks install --global',\n '<%= config.bin %> hooks install --no-proxy',\n ];\n\n static override flags = {\n 'no-proxy': Flags.boolean({\n default: false,\n description: 'Skip proxy/gateway configuration (hooks only)',\n }),\n 'project-dir': Flags.string({\n description: 'Project directory to install hooks in (defaults to cwd)',\n }),\n global: Flags.boolean({\n char: 'g',\n default: false,\n description: 'Install hooks globally (~/.claude/settings.json) so all projects are tracked',\n }),\n 'statusline-usage': Flags.boolean({\n default: false,\n description: 'Install the statusline shim so Claude Code pushes live rate_limits on every refresh (makes /usage rings update in real time without needing the proxy)',\n }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(HooksInstall);\n const isGlobal = flags.global;\n const projectPath = isGlobal ? homedir() : (flags['project-dir'] ?? process.cwd());\n const configDir = join(projectPath, '.claude');\n const configPath = join(configDir, 'settings.json');\n const noProxy = flags['no-proxy'];\n // Whether the capture proxy actually went live this run (HTTPS_PROXY pinned\n // against a verified-live gateway). Drives the \"next steps\" copy so we never\n // tell the user to start a proxy that is already running.\n let proxyActive = false;\n\n if (isGlobal) {\n this.log(`Installing hooks globally \u2192 ${configPath}`);\n }\n\n // Read or create .claude/settings.json. Never crash on a malformed file \u2014\n // a fresh user's hand-edited settings.json must not block capture install.\n const { settings, recoveredBackup } = readClaudeSettings(configPath);\n if (recoveredBackup) {\n this.log(`[!!] ${configPath} was not valid JSON \u2014 backed it up to ${recoveredBackup} and continued with a fresh file.`);\n }\n\n // \u2500\u2500 1. Install Claude Code session-tracking hooks (hooks-first, zero-proxy\n // capture). Strip any stale rulemetric entries first \u2014 handles old command\n // formats, preserves the user's own hooks \u2014 then merge the current canonical\n // set. Runs regardless of --no-proxy: this is the whole point of the hooks\n // path, which captures full sessions (lifecycle + SessionEnd transcript\n // reimport) without mitmproxy / CA trust / gateway. The proxy adds the\n // rendered system prompt (instruction-linking) + cross-tool capture on top.\n const refreshedHooks = removeClaudeCodeHooks(settings);\n // Resolve once; every hook writer (Claude Code, Cursor, Copilot) needs the\n // same PATH prefix so a GUI-launched tool with a minimal PATH can find the CLI.\n const hookBinDir = resolveHookBinDir();\n mergeClaudeCodeHooks(settings, hookBinDir);\n this.log(\n refreshedHooks\n ? '[OK] Refreshed RuleMetric Claude Code session hooks \u2192 .claude/settings.json'\n : '[OK] Installed RuleMetric Claude Code session hooks \u2192 .claude/settings.json',\n );\n\n // \u2500\u2500 2. Configure gateway + proxy \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n if (!noProxy) {\n // Ensure mitmproxy is available\n const hasMitmproxy = this.findBinary('mitmdump');\n if (!hasMitmproxy) {\n this.log('');\n this.log('[!!] mitmproxy not found \u2014 installing...');\n const installed = this.installMitmproxy();\n if (!installed) {\n this.log('[!!] Could not install mitmproxy. Skipping proxy config.');\n this.log(' Install manually: pipx install mitmproxy');\n this.log(' Then re-run: rulemetric hooks install');\n }\n }\n\n // Generate CA cert if missing\n if (!existsSync(CERT_PATH)) {\n this.log('[..] Generating CA certificate...');\n const mitmdump = this.findBinary('mitmdump');\n if (mitmdump) {\n spawnSync(mitmdump, ['--set', 'listen_port=0', '-q'], {\n timeout: 5000,\n stdio: 'ignore',\n });\n if (existsSync(CERT_PATH)) {\n this.log(`[OK] CA certificate generated at ${CERT_PATH}`);\n } else {\n this.log('[!!] Could not generate CA cert');\n }\n }\n } else {\n this.log('[OK] CA certificate found');\n }\n\n // Trust CA cert in system store (if not already trusted). Track the\n // result: whether the CA is trusted decides if we may route MACHINE-WIDE /\n // native-app traffic through the MITM proxy (native apps validate against\n // the system keychain, so an untrusted CA breaks their TLS).\n const caGenerated = existsSync(CERT_PATH);\n let caTrusted = false;\n if (caGenerated && !this.isCACertTrusted()) {\n this.log('[..] Installing CA certificate into system trust store (requires admin)...');\n caTrusted = this.trustCACert();\n if (caTrusted) {\n this.log('[OK] CA certificate trusted by system');\n } else {\n this.log('[!!] Could not install CA cert automatically.');\n if (process.platform === 'darwin') {\n this.log(` Run manually: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${CERT_PATH}`);\n } else if (process.platform === 'linux') {\n this.log(` Run manually: sudo cp ${CERT_PATH} /usr/local/share/ca-certificates/mitmproxy-ca.crt && sudo update-ca-certificates`);\n }\n }\n } else if (caGenerated) {\n this.log('[OK] CA certificate already trusted');\n caTrusted = true;\n }\n\n // Start the gateway BEFORE pinning HTTPS_PROXY. Three possible owners (in\n // order of precedence):\n // 1. launchd (`rulemetric service install` plist) \u2014 authoritative;\n // hooks must NOT spawn a competing copy that would fight for :8787\n // 2. legacy PID-file (this same code path from a previous run)\n // 3. nothing \u2014 spawn a fresh detached process\n if (isGatewayLaunchdManaged()) {\n this.log('[OK] Gateway managed by launchd (com.rulemetric.gateway)');\n } else if (isGatewayRunning()) {\n this.log('[OK] Gateway already running');\n } else {\n try {\n const pid = spawnGateway(this.config.version);\n this.log(`[OK] Gateway started (PID ${pid})`);\n } catch (err) {\n this.log(`[!!] Could not start gateway: ${(err as Error).message}`);\n }\n }\n\n // Liveness guard: ONLY pin HTTPS_PROXY once :8787 actually accepts\n // connections. Writing it against a dead port is the fresh-laptop\n // ConnectionRefused footgun \u2014 it breaks all of Claude Code's HTTPS. If the\n // gateway isn't answering, we leave Claude Code talking to Anthropic\n // directly; capture still works via the hooks installed in \u00A71.\n // Poll (not a one-shot probe): a just-spawned gateway needs a moment to\n // bind :8787, and a single immediate probe would fail-close every fresh\n // install and silently disable deep capture.\n const gatewayLive = await waitForGatewayListening(GATEWAY_PORT, { timeoutMs: 4000 });\n if (!caGenerated) {\n // No CA \u2192 mitmproxy will regenerate one and intercept, but nothing\n // trusts it, so pinning HTTPS_PROXY would break even Claude Code's TLS.\n // Stay hooks-only rather than pin a proxy nothing can validate.\n this.log('[!!] No CA certificate \u2014 NOT setting HTTPS_PROXY (capture stays hooks-only).');\n this.log(' Install mitmproxy, then re-run: rulemetric hooks install');\n } else if (!gatewayLive) {\n this.log(`[!!] Gateway is not answering on :${GATEWAY_PORT} \u2014 NOT setting HTTPS_PROXY.`);\n this.log(' Capture still works via hooks. To enable deep (proxy) capture later:');\n this.log(' rulemetric proxy start && rulemetric hooks install');\n } else {\n // Set permanent HTTPS_PROXY and NODE_EXTRA_CA_CERTS in settings.json.\n // These point to the gateway (verified live above), not mitmproxy directly.\n const env = (settings.env ?? {}) as Record<string, string>;\n env.HTTPS_PROXY = `http://localhost:${GATEWAY_PORT}`;\n // Bypass proxy for non-Anthropic traffic (Supabase auth, npm, etc.)\n env.NO_PROXY = 'localhost,127.0.0.1,*.supabase.co,*.supabase.in';\n if (existsSync(CERT_PATH)) {\n env.NODE_EXTRA_CA_CERTS = CERT_PATH;\n }\n settings.env = env;\n proxyActive = true;\n this.log(`[OK] HTTPS_PROXY set to gateway on :${GATEWAY_PORT} (verified live)`);\n\n // Configure Cursor proxy (if .cursor/ exists)\n const cursorProxy = writeCursorProxyConfig(projectPath, GATEWAY_PORT, CERT_PATH);\n if (cursorProxy) {\n this.log('[OK] Cursor proxy configured \u2192 .cursor/settings.json');\n }\n\n // Configure VS Code proxy for Copilot capture (workspace settings)\n const vscodeProxy = writeVSCodeProxyConfig(projectPath, GATEWAY_PORT, CERT_PATH);\n if (vscodeProxy) {\n this.log('[OK] VS Code workspace proxy configured \u2192 .vscode/settings.json');\n }\n\n // Set http.proxy in VS Code user settings (workspace-level is silently ignored\n // for http.proxy due to APPLICATION scope \u2014 microsoft/vscode#236932)\n const vscodeUserProxy = writeVSCodeUserProxyConfig(GATEWAY_PORT);\n if (vscodeUserProxy) {\n this.log('[OK] VS Code user proxy configured \u2192 ~/Library/Application Support/Code/User/settings.json');\n }\n\n // Same for Cursor (VS Code fork inherits the APPLICATION-scope restriction).\n const cursorUserProxy = writeCursorUserProxyConfig(GATEWAY_PORT);\n if (cursorUserProxy) {\n this.log('[OK] Cursor user proxy configured \u2192 ~/Library/Application Support/Cursor/User/settings.json');\n }\n\n // Set HTTPS_PROXY for all GUI apps via launchctl + LaunchAgent (macOS)\n // Copilot reads process.env.HTTPS_PROXY directly \u2014 VS Code settings alone\n // are insufficient because workspace http.proxy is ignored and extensions\n // may bypass vscode-proxy-agent (microsoft/vscode#12588).\n //\n // GATED ON CA TRUST: this routes EVERY GUI/native app's HTTPS through the\n // MITM proxy machine-wide. Native apps validate against the system\n // keychain, so if the CA isn't trusted (sudo declined / non-admin) this\n // would break their TLS with an unknown-CA error attributed to nothing\n // obvious. Claude Code + Node apps are unaffected either way (they trust\n // NODE_EXTRA_CA_CERTS), so we keep that path and only skip the\n // machine-wide native layer.\n if (caTrusted) {\n const macProxy = installMacOSProxyEnv(GATEWAY_PORT, CERT_PATH);\n if (macProxy) {\n this.log('[OK] HTTPS_PROXY set for GUI apps (launchctl + LaunchAgent)');\n }\n } else {\n this.log('[!!] CA not trusted \u2014 skipping machine-wide GUI proxy (would break native-app TLS).');\n this.log(' Claude Code capture is unaffected. Trust the CA + re-run to enable cross-app capture.');\n }\n }\n }\n\n // \u2500\u2500 3. Write Cursor + Copilot hook configs \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n // These are independent of the proxy (they capture editor lifecycle\n // events, not LLM traffic), so they run regardless of --no-proxy. Both\n // helpers no-op when the target directory (.cursor/ or .github/)\n // doesn't exist.\n if (!isGlobal) {\n const cursorHooks = writeCursorHooks(projectPath, hookBinDir);\n if (cursorHooks) {\n this.log(`[OK] Cursor hooks configured \u2192 ${cursorHooks}`);\n }\n\n const copilotHooks = writeCopilotHooks(projectPath, hookBinDir);\n if (copilotHooks) {\n this.log(`[OK] Copilot Agent hooks configured \u2192 ${copilotHooks}`);\n }\n\n const antigravityHooks = writeAntigravityHooks(projectPath);\n if (antigravityHooks) {\n this.log(`[OK] Antigravity workspace hooks configured \u2192 ${antigravityHooks}`);\n }\n }\n\n // User-level Antigravity hooks at ~/.gemini/config/hooks.json \u2014 covers any\n // workspace the user opens, not just the install-time cwd. Written ONLY when\n // ~/.gemini already exists (the tool is present); returns null otherwise so\n // we never manufacture config for a tool the user doesn't have (F2).\n const antigravityUserHooks = writeAntigravityUserHooks();\n if (antigravityUserHooks) {\n this.log(`[OK] Antigravity user hooks configured \u2192 ${antigravityUserHooks}`);\n }\n\n // User-level Cursor hooks (~/.cursor/hooks.json) are required for global\n // capture because Cursor's chat traffic bypasses HTTP proxies (HTTP/2\n // multiplexed persistent connection \u2014 see cursor.com/docs/hooks). Without\n // hooks, we get zero Cursor visibility for sessions outside this project.\n // Runs in both --global and per-project modes since the user file is\n // machine-wide either way.\n const cursorUserHooks = writeCursorUserHooks(hookBinDir);\n if (cursorUserHooks) {\n this.log(`[OK] Cursor user hooks configured \u2192 ${cursorUserHooks}`);\n }\n\n // \u2500\u2500 4. Statusline shim (rate_limits freshness) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n // When --statusline-usage is set, write ~/.claude/statusline-rulemetric.sh\n // and point settings.statusLine at it. If the user already has a statusLine\n // command configured, chain it so their prompt text is preserved.\n if (flags['statusline-usage']) {\n if (isStatuslineShimInstalled(settings)) {\n this.log('[OK] Statusline shim already installed');\n } else {\n const prevCmd = readCurrentStatusLine(settings);\n writeStatuslineShim(prevCmd);\n settings.statusLine = STATUSLINE_SETTINGS_VALUE;\n if (prevCmd) {\n this.log(`[OK] Statusline shim installed \u2192 ${STATUSLINE_SETTINGS_VALUE.command} (chains to: ${prevCmd})`);\n } else {\n this.log(`[OK] Statusline shim installed \u2192 ${STATUSLINE_SETTINGS_VALUE.command}`);\n }\n this.log(' Rate-limit rings will now update on Claude Code\\'s statusline refresh cadence');\n }\n }\n\n // \u2500\u2500 5. Write Claude Code settings (backup prior file \u2192 reversible) \u2500\u2500\u2500\u2500\u2500\n const { backupPath } = writeClaudeSettingsWithBackup(configPath, settings);\n if (backupPath) {\n this.log(`[OK] Backed up previous settings \u2192 ${backupPath}`);\n }\n\n this.log('');\n this.log('Setup complete! Next steps:');\n if (isGlobal) {\n this.log(' 1. Install always-on API: rulemetric service install');\n this.log(' 2. Start Claude Code in any project \u2014 all sessions tracked automatically');\n this.log('');\n this.log('The API service starts on login and restarts on crash.');\n } else if (!noProxy) {\n this.log(' 1. Start Claude Code \u2014 sessions are captured by hooks immediately');\n if (proxyActive) {\n // The proxy IS live (pinned against a verified gateway above) \u2014 don't\n // tell the user to start something that's already running.\n this.log(' 2. Full-depth capture is ON \u2014 the proxy is live on :' + GATEWAY_PORT + '.');\n } else {\n this.log(' 2. Enable full depth (proxy not yet live): rulemetric proxy start');\n }\n this.log('');\n this.log('Hooks capture every session (lifecycle + transcript). The proxy adds the');\n this.log('rendered system prompt (instruction-effectiveness linking) + cross-tool capture.');\n this.log('');\n this.log('To capture traffic from other clients (Python, curl, etc.):');\n this.log(' eval \"$(rulemetric proxy env --all)\"');\n } else {\n // --no-proxy still installs the Claude Code session hooks above, so full\n // sessions ARE captured (lifecycle + SessionEnd transcript reimport) with\n // no mitmproxy / CA trust / gateway. Only the proxy-exclusive layer\n // (rendered system prompt \u2192 instruction-linking, cross-tool) is skipped.\n this.log(' 1. Start Claude Code \u2014 sessions are captured by the hooks just installed');\n this.log('');\n this.log('No proxy means no mitmproxy / CA cert needed. The hooks capture full');\n this.log('sessions on their own; re-run without --no-proxy to also capture system');\n this.log('prompts for instruction-effectiveness linking.');\n }\n\n // Ensure the active-org cache is populated before the user starts a\n // Claude Code session. BaseCommand fired the guarded refresh earlier\n // but may have raced with auth init or hit a transient error; this\n // explicit retry guarantees the cache reflects the user's current\n // active_org_id at the end of `hooks install`.\n await bootstrapActiveOrg();\n\n // Soft tmux capability check \u2014 live message send needs tmux on the\n // user's machine. We do not auto-install; just surface one line.\n const tmux = await detectTmux();\n this.log('');\n if (tmux.available) {\n this.log(`[OK] tmux found${tmux.version ? ` (v${tmux.version})` : ''} \u2014 live send enabled`);\n } else {\n this.log('[!!] tmux not found \u2014 live send will fall back to opening Terminal. Install with: brew install tmux');\n }\n }\n\n private findBinary(name: string): string | null {\n try {\n return execSync(`which ${name} 2>/dev/null`, { encoding: 'utf-8' }).trim() || null;\n } catch {\n return null;\n }\n }\n\n private installMitmproxy(): boolean {\n for (const [cmd, args] of [\n ['pipx', ['install', 'mitmproxy']],\n ['uv', ['tool', 'install', 'mitmproxy']],\n ['brew', ['install', 'mitmproxy']],\n ] as const) {\n if (this.findBinary(cmd)) {\n this.log(` Installing via ${cmd}...`);\n const result = spawnSync(cmd, [...args], { stdio: 'inherit' });\n if (result.status === 0) return true;\n }\n }\n return false;\n }\n\n private isCACertTrusted(): boolean {\n if (process.platform === 'darwin') {\n const result = spawnSync('security', ['verify-cert', '-c', CERT_PATH], {\n stdio: 'pipe',\n });\n return result.status === 0;\n }\n\n if (process.platform === 'linux') {\n return existsSync('/usr/local/share/ca-certificates/mitmproxy-ca.crt');\n }\n\n if (process.platform === 'win32') {\n // On Windows, check if cert is in the Root store\n const result = spawnSync('certutil', ['-verify', CERT_PATH], {\n stdio: 'pipe',\n });\n return result.status === 0;\n }\n\n return false;\n }\n\n private trustCACert(): boolean {\n if (process.platform === 'darwin') {\n const result = spawnSync('sudo', [\n 'security', 'add-trusted-cert', '-d', '-r', 'trustRoot',\n '-k', '/Library/Keychains/System.keychain', CERT_PATH,\n ], { stdio: 'inherit' });\n return result.status === 0;\n }\n\n if (process.platform === 'linux') {\n const cp = spawnSync('sudo', [\n 'cp', CERT_PATH, '/usr/local/share/ca-certificates/mitmproxy-ca.crt',\n ], { stdio: 'inherit' });\n if (cp.status !== 0) return false;\n const update = spawnSync('sudo', ['update-ca-certificates'], { stdio: 'inherit' });\n return update.status === 0;\n }\n\n if (process.platform === 'win32') {\n const result = spawnSync('certutil', [\n '-addstore', '-f', 'Root', CERT_PATH,\n ], { stdio: 'inherit' });\n return result.status === 0;\n }\n\n return false;\n }\n}\n"],
|
|
5
|
-
"mappings": "
|
|
4
|
+
"sourcesContent": ["import { Flags } from '@oclif/core';\nimport { execFileSync, execSync, spawnSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\nimport { homedir } from 'node:os';\nimport { join, dirname } from 'node:path';\nimport { BaseCommand } from '../../base-command.js';\nimport { isGatewayRunning, waitForGatewayListening, spawnGateway, GATEWAY_PORT } from '../../lib/gateway-lifecycle.js';\n\n// Resolve the directory holding the `rulemetric` executable, so hook commands\n// can prepend it to PATH. Claude Code runs hooks via `/bin/sh -c` with a\n// minimal PATH that omits nvm/pnpm global bin dirs \u2014 so a bare `rulemetric`\n// hits \"command not found\" and capture (plus the session-start gateway\n// auto-start) silently fails. We resolve it here, in the install process's\n// full PATH, and bake the dir into the hook command. Returns undefined on\n// failure \u2192 callers fall back to the bare `rulemetric` (dev/back-compat).\nfunction resolveHookBinDir(): string | undefined {\n try {\n const out = execFileSync('/bin/sh', ['-c', 'command -v rulemetric'], {\n encoding: 'utf-8',\n }).trim();\n if (out && existsSync(out)) return dirname(out);\n } catch {\n /* not resolvable \u2014 fall back to bare `rulemetric` */\n }\n return undefined;\n}\n\n// True iff `rulemetric service install` has wired the gateway up as a launchd\n// agent. When this returns true, hooks install must NOT spawn its own\n// detached gateway \u2014 two processes fighting for :8787 means one crash-loops\n// and Claude Code's HTTPS_PROXY breaks.\nfunction isGatewayLaunchdManaged(): boolean {\n try {\n execFileSync('launchctl', ['list', 'com.rulemetric.gateway'], {\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return true;\n } catch {\n // Non-zero exit = label not loaded\n return false;\n }\n}\nimport {\n writeStatuslineShim,\n readCurrentStatusLine,\n isStatuslineShimInstalled,\n STATUSLINE_SETTINGS_VALUE,\n} from '../../lib/statusline-shim.js';\nimport {\n mergeClaudeCodeHooks,\n removeClaudeCodeHooks,\n readClaudeSettings,\n writeClaudeSettingsWithBackup,\n writeCursorProxyConfig,\n writeCursorUserProxyConfig,\n writeVSCodeProxyConfig,\n installMacOSProxyEnv,\n writeVSCodeUserProxyConfig,\n writeCursorHooks,\n writeCursorUserHooks,\n writeCopilotHooks,\n writeAntigravityHooks,\n writeAntigravityUserHooks,\n} from '../../lib/hooks-config.js';\nimport { bootstrapActiveOrg } from '../../lib/active-org-refresh.js';\nimport { emitSetupEvent } from '../../lib/telemetry.js';\nimport { detectTmux } from '../../lib/detect-tmux.js';\n\nconst CERT_PATH = join(homedir(), '.mitmproxy', 'mitmproxy-ca-cert.pem');\n\nexport default class HooksInstall extends BaseCommand {\n static override description = 'Install session tracking hooks and context capture proxy for Claude Code';\n\n static override examples = [\n '<%= config.bin %> hooks install',\n '<%= config.bin %> hooks install --global',\n '<%= config.bin %> hooks install --no-proxy',\n ];\n\n static override flags = {\n 'no-proxy': Flags.boolean({\n default: false,\n description: 'Skip proxy/gateway configuration (hooks only)',\n }),\n 'project-dir': Flags.string({\n description: 'Project directory to install hooks in (defaults to cwd)',\n }),\n global: Flags.boolean({\n char: 'g',\n default: false,\n description: 'Install hooks globally (~/.claude/settings.json) so all projects are tracked',\n }),\n 'statusline-usage': Flags.boolean({\n default: false,\n description: 'Install the statusline shim so Claude Code pushes live rate_limits on every refresh (makes /usage rings update in real time without needing the proxy)',\n }),\n };\n\n async run(): Promise<void> {\n const { flags } = await this.parse(HooksInstall);\n const isGlobal = flags.global;\n const projectPath = isGlobal ? homedir() : (flags['project-dir'] ?? process.cwd());\n const configDir = join(projectPath, '.claude');\n const configPath = join(configDir, 'settings.json');\n const noProxy = flags['no-proxy'];\n // Whether the capture proxy actually went live this run (HTTPS_PROXY pinned\n // against a verified-live gateway). Drives the \"next steps\" copy so we never\n // tell the user to start a proxy that is already running.\n let proxyActive = false;\n\n if (isGlobal) {\n this.log(`Installing hooks globally \u2192 ${configPath}`);\n }\n\n // Read or create .claude/settings.json. Never crash on a malformed file \u2014\n // a fresh user's hand-edited settings.json must not block capture install.\n const { settings, recoveredBackup } = readClaudeSettings(configPath);\n if (recoveredBackup) {\n this.log(`[!!] ${configPath} was not valid JSON \u2014 backed it up to ${recoveredBackup} and continued with a fresh file.`);\n }\n\n // \u2500\u2500 1. Install Claude Code session-tracking hooks (hooks-first, zero-proxy\n // capture). Strip any stale rulemetric entries first \u2014 handles old command\n // formats, preserves the user's own hooks \u2014 then merge the current canonical\n // set. Runs regardless of --no-proxy: this is the whole point of the hooks\n // path, which captures full sessions (lifecycle + SessionEnd transcript\n // reimport) without mitmproxy / CA trust / gateway. The proxy adds the\n // rendered system prompt (instruction-linking) + cross-tool capture on top.\n const refreshedHooks = removeClaudeCodeHooks(settings);\n // Resolve once; every hook writer (Claude Code, Cursor, Copilot) needs the\n // same PATH prefix so a GUI-launched tool with a minimal PATH can find the CLI.\n const hookBinDir = resolveHookBinDir();\n mergeClaudeCodeHooks(settings, hookBinDir);\n this.log(\n refreshedHooks\n ? '[OK] Refreshed RuleMetric Claude Code session hooks \u2192 .claude/settings.json'\n : '[OK] Installed RuleMetric Claude Code session hooks \u2192 .claude/settings.json',\n );\n\n // \u2500\u2500 2. Configure gateway + proxy \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n if (!noProxy) {\n // Ensure mitmproxy is available\n const hasMitmproxy = this.findBinary('mitmdump');\n if (!hasMitmproxy) {\n this.log('');\n this.log('[!!] mitmproxy not found \u2014 installing...');\n const installed = this.installMitmproxy();\n if (!installed) {\n this.log('[!!] Could not install mitmproxy. Skipping proxy config.');\n this.log(' Install manually: pipx install mitmproxy');\n this.log(' Then re-run: rulemetric hooks install');\n }\n }\n\n // Generate CA cert if missing\n if (!existsSync(CERT_PATH)) {\n this.log('[..] Generating CA certificate...');\n const mitmdump = this.findBinary('mitmdump');\n if (mitmdump) {\n spawnSync(mitmdump, ['--set', 'listen_port=0', '-q'], {\n timeout: 5000,\n stdio: 'ignore',\n });\n if (existsSync(CERT_PATH)) {\n this.log(`[OK] CA certificate generated at ${CERT_PATH}`);\n } else {\n this.log('[!!] Could not generate CA cert');\n }\n }\n } else {\n this.log('[OK] CA certificate found');\n }\n\n // Trust CA cert in system store (if not already trusted). Track the\n // result: whether the CA is trusted decides if we may route MACHINE-WIDE /\n // native-app traffic through the MITM proxy (native apps validate against\n // the system keychain, so an untrusted CA breaks their TLS).\n const caGenerated = existsSync(CERT_PATH);\n let caTrusted = false;\n if (caGenerated && !this.isCACertTrusted()) {\n this.log('[..] Installing CA certificate into system trust store (requires admin)...');\n caTrusted = this.trustCACert();\n if (caTrusted) {\n this.log('[OK] CA certificate trusted by system');\n } else {\n this.log('[!!] Could not install CA cert automatically.');\n if (process.platform === 'darwin') {\n this.log(` Run manually: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${CERT_PATH}`);\n } else if (process.platform === 'linux') {\n this.log(` Run manually: sudo cp ${CERT_PATH} /usr/local/share/ca-certificates/mitmproxy-ca.crt && sudo update-ca-certificates`);\n }\n }\n } else if (caGenerated) {\n this.log('[OK] CA certificate already trusted');\n caTrusted = true;\n }\n\n // Start the gateway BEFORE pinning HTTPS_PROXY. Three possible owners (in\n // order of precedence):\n // 1. launchd (`rulemetric service install` plist) \u2014 authoritative;\n // hooks must NOT spawn a competing copy that would fight for :8787\n // 2. legacy PID-file (this same code path from a previous run)\n // 3. nothing \u2014 spawn a fresh detached process\n if (isGatewayLaunchdManaged()) {\n this.log('[OK] Gateway managed by launchd (com.rulemetric.gateway)');\n } else if (isGatewayRunning()) {\n this.log('[OK] Gateway already running');\n } else {\n try {\n const pid = spawnGateway(this.config.version);\n this.log(`[OK] Gateway started (PID ${pid})`);\n } catch (err) {\n this.log(`[!!] Could not start gateway: ${(err as Error).message}`);\n }\n }\n\n // Liveness guard: ONLY pin HTTPS_PROXY once :8787 actually accepts\n // connections. Writing it against a dead port is the fresh-laptop\n // ConnectionRefused footgun \u2014 it breaks all of Claude Code's HTTPS. If the\n // gateway isn't answering, we leave Claude Code talking to Anthropic\n // directly; capture still works via the hooks installed in \u00A71.\n // Poll (not a one-shot probe): a just-spawned gateway needs a moment to\n // bind :8787, and a single immediate probe would fail-close every fresh\n // install and silently disable deep capture.\n const gatewayLive = await waitForGatewayListening(GATEWAY_PORT, { timeoutMs: 4000 });\n if (!caGenerated) {\n // No CA \u2192 mitmproxy will regenerate one and intercept, but nothing\n // trusts it, so pinning HTTPS_PROXY would break even Claude Code's TLS.\n // Stay hooks-only rather than pin a proxy nothing can validate.\n this.log('[!!] No CA certificate \u2014 NOT setting HTTPS_PROXY (capture stays hooks-only).');\n this.log(' Install mitmproxy, then re-run: rulemetric hooks install');\n } else if (!gatewayLive) {\n this.log(`[!!] Gateway is not answering on :${GATEWAY_PORT} \u2014 NOT setting HTTPS_PROXY.`);\n this.log(' Capture still works via hooks. To enable deep (proxy) capture later:');\n this.log(' rulemetric proxy start && rulemetric hooks install');\n } else {\n // Set permanent HTTPS_PROXY and NODE_EXTRA_CA_CERTS in settings.json.\n // These point to the gateway (verified live above), not mitmproxy directly.\n const env = (settings.env ?? {}) as Record<string, string>;\n env.HTTPS_PROXY = `http://localhost:${GATEWAY_PORT}`;\n // Bypass proxy for non-Anthropic traffic (Supabase auth, npm, etc.)\n env.NO_PROXY = 'localhost,127.0.0.1,*.supabase.co,*.supabase.in';\n if (existsSync(CERT_PATH)) {\n env.NODE_EXTRA_CA_CERTS = CERT_PATH;\n }\n settings.env = env;\n proxyActive = true;\n this.log(`[OK] HTTPS_PROXY set to gateway on :${GATEWAY_PORT} (verified live)`);\n\n // Configure Cursor proxy (if .cursor/ exists)\n const cursorProxy = writeCursorProxyConfig(projectPath, GATEWAY_PORT, CERT_PATH);\n if (cursorProxy) {\n this.log('[OK] Cursor proxy configured \u2192 .cursor/settings.json');\n }\n\n // Configure VS Code proxy for Copilot capture (workspace settings)\n const vscodeProxy = writeVSCodeProxyConfig(projectPath, GATEWAY_PORT, CERT_PATH);\n if (vscodeProxy) {\n this.log('[OK] VS Code workspace proxy configured \u2192 .vscode/settings.json');\n }\n\n // Set http.proxy in VS Code user settings (workspace-level is silently ignored\n // for http.proxy due to APPLICATION scope \u2014 microsoft/vscode#236932)\n const vscodeUserProxy = writeVSCodeUserProxyConfig(GATEWAY_PORT);\n if (vscodeUserProxy) {\n this.log('[OK] VS Code user proxy configured \u2192 ~/Library/Application Support/Code/User/settings.json');\n }\n\n // Same for Cursor (VS Code fork inherits the APPLICATION-scope restriction).\n const cursorUserProxy = writeCursorUserProxyConfig(GATEWAY_PORT);\n if (cursorUserProxy) {\n this.log('[OK] Cursor user proxy configured \u2192 ~/Library/Application Support/Cursor/User/settings.json');\n }\n\n // Set HTTPS_PROXY for all GUI apps via launchctl + LaunchAgent (macOS)\n // Copilot reads process.env.HTTPS_PROXY directly \u2014 VS Code settings alone\n // are insufficient because workspace http.proxy is ignored and extensions\n // may bypass vscode-proxy-agent (microsoft/vscode#12588).\n //\n // GATED ON CA TRUST: this routes EVERY GUI/native app's HTTPS through the\n // MITM proxy machine-wide. Native apps validate against the system\n // keychain, so if the CA isn't trusted (sudo declined / non-admin) this\n // would break their TLS with an unknown-CA error attributed to nothing\n // obvious. Claude Code + Node apps are unaffected either way (they trust\n // NODE_EXTRA_CA_CERTS), so we keep that path and only skip the\n // machine-wide native layer.\n if (caTrusted) {\n const macProxy = installMacOSProxyEnv(GATEWAY_PORT, CERT_PATH);\n if (macProxy) {\n this.log('[OK] HTTPS_PROXY set for GUI apps (launchctl + LaunchAgent)');\n }\n } else {\n this.log('[!!] CA not trusted \u2014 skipping machine-wide GUI proxy (would break native-app TLS).');\n this.log(' Claude Code capture is unaffected. Trust the CA + re-run to enable cross-app capture.');\n }\n }\n }\n\n // \u2500\u2500 3. Write Cursor + Copilot hook configs \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n // These are independent of the proxy (they capture editor lifecycle\n // events, not LLM traffic), so they run regardless of --no-proxy. Both\n // helpers no-op when the target directory (.cursor/ or .github/)\n // doesn't exist.\n if (!isGlobal) {\n const cursorHooks = writeCursorHooks(projectPath, hookBinDir);\n if (cursorHooks) {\n this.log(`[OK] Cursor hooks configured \u2192 ${cursorHooks}`);\n }\n\n const copilotHooks = writeCopilotHooks(projectPath, hookBinDir);\n if (copilotHooks) {\n this.log(`[OK] Copilot Agent hooks configured \u2192 ${copilotHooks}`);\n }\n\n const antigravityHooks = writeAntigravityHooks(projectPath);\n if (antigravityHooks) {\n this.log(`[OK] Antigravity workspace hooks configured \u2192 ${antigravityHooks}`);\n }\n }\n\n // User-level Antigravity hooks at ~/.gemini/config/hooks.json \u2014 covers any\n // workspace the user opens, not just the install-time cwd. Written ONLY when\n // ~/.gemini already exists (the tool is present); returns null otherwise so\n // we never manufacture config for a tool the user doesn't have (F2).\n const antigravityUserHooks = writeAntigravityUserHooks();\n if (antigravityUserHooks) {\n this.log(`[OK] Antigravity user hooks configured \u2192 ${antigravityUserHooks}`);\n }\n\n // User-level Cursor hooks (~/.cursor/hooks.json) are required for global\n // capture because Cursor's chat traffic bypasses HTTP proxies (HTTP/2\n // multiplexed persistent connection \u2014 see cursor.com/docs/hooks). Without\n // hooks, we get zero Cursor visibility for sessions outside this project.\n // Runs in both --global and per-project modes since the user file is\n // machine-wide either way.\n const cursorUserHooks = writeCursorUserHooks(hookBinDir);\n if (cursorUserHooks) {\n this.log(`[OK] Cursor user hooks configured \u2192 ${cursorUserHooks}`);\n }\n\n // \u2500\u2500 4. Statusline shim (rate_limits freshness) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n // When --statusline-usage is set, write ~/.claude/statusline-rulemetric.sh\n // and point settings.statusLine at it. If the user already has a statusLine\n // command configured, chain it so their prompt text is preserved.\n if (flags['statusline-usage']) {\n if (isStatuslineShimInstalled(settings)) {\n this.log('[OK] Statusline shim already installed');\n } else {\n const prevCmd = readCurrentStatusLine(settings);\n writeStatuslineShim(prevCmd);\n settings.statusLine = STATUSLINE_SETTINGS_VALUE;\n if (prevCmd) {\n this.log(`[OK] Statusline shim installed \u2192 ${STATUSLINE_SETTINGS_VALUE.command} (chains to: ${prevCmd})`);\n } else {\n this.log(`[OK] Statusline shim installed \u2192 ${STATUSLINE_SETTINGS_VALUE.command}`);\n }\n this.log(' Rate-limit rings will now update on Claude Code\\'s statusline refresh cadence');\n }\n }\n\n // \u2500\u2500 5. Write Claude Code settings (backup prior file \u2192 reversible) \u2500\u2500\u2500\u2500\u2500\n const { backupPath } = writeClaudeSettingsWithBackup(configPath, settings);\n if (backupPath) {\n this.log(`[OK] Backed up previous settings \u2192 ${backupPath}`);\n }\n\n this.log('');\n this.log('Setup complete! Next steps:');\n if (isGlobal) {\n this.log(' 1. Install always-on API: rulemetric service install');\n this.log(' 2. Start Claude Code in any project \u2014 all sessions tracked automatically');\n this.log('');\n this.log('The API service starts on login and restarts on crash.');\n } else if (!noProxy) {\n this.log(' 1. Start Claude Code \u2014 sessions are captured by hooks immediately');\n if (proxyActive) {\n // The proxy IS live (pinned against a verified gateway above) \u2014 don't\n // tell the user to start something that's already running.\n this.log(' 2. Full-depth capture is ON \u2014 the proxy is live on :' + GATEWAY_PORT + '.');\n } else {\n this.log(' 2. Enable full depth (proxy not yet live): rulemetric proxy start');\n }\n this.log('');\n this.log('Hooks capture every session (lifecycle + transcript). The proxy adds the');\n this.log('rendered system prompt (instruction-effectiveness linking) + cross-tool capture.');\n this.log('');\n this.log('To capture traffic from other clients (Python, curl, etc.):');\n this.log(' eval \"$(rulemetric proxy env --all)\"');\n } else {\n // --no-proxy still installs the Claude Code session hooks above, so full\n // sessions ARE captured (lifecycle + SessionEnd transcript reimport) with\n // no mitmproxy / CA trust / gateway. Only the proxy-exclusive layer\n // (rendered system prompt \u2192 instruction-linking, cross-tool) is skipped.\n this.log(' 1. Start Claude Code \u2014 sessions are captured by the hooks just installed');\n this.log('');\n this.log('No proxy means no mitmproxy / CA cert needed. The hooks capture full');\n this.log('sessions on their own; re-run without --no-proxy to also capture system');\n this.log('prompts for instruction-effectiveness linking.');\n }\n\n // Ensure the active-org cache is populated before the user starts a\n // Claude Code session. BaseCommand fired the guarded refresh earlier\n // but may have raced with auth init or hit a transient error; this\n // explicit retry guarantees the cache reflects the user's current\n // active_org_id at the end of `hooks install`.\n await bootstrapActiveOrg();\n\n // Onboarding telemetry (disclosed + opt-outable) \u2014 records that hooks\n // landed and whether the proxy actually went live, so a remote install's\n // capture depth is visible.\n void emitSetupEvent('hooks_installed', { proxy: proxyActive, global: isGlobal }, this.config.version);\n\n // Soft tmux capability check \u2014 live message send needs tmux on the\n // user's machine. We do not auto-install; just surface one line.\n const tmux = await detectTmux();\n this.log('');\n if (tmux.available) {\n this.log(`[OK] tmux found${tmux.version ? ` (v${tmux.version})` : ''} \u2014 live send enabled`);\n } else {\n this.log('[!!] tmux not found \u2014 live send will fall back to opening Terminal. Install with: brew install tmux');\n }\n }\n\n private findBinary(name: string): string | null {\n try {\n return execSync(`which ${name} 2>/dev/null`, { encoding: 'utf-8' }).trim() || null;\n } catch {\n return null;\n }\n }\n\n private installMitmproxy(): boolean {\n for (const [cmd, args] of [\n ['pipx', ['install', 'mitmproxy']],\n ['uv', ['tool', 'install', 'mitmproxy']],\n ['brew', ['install', 'mitmproxy']],\n ] as const) {\n if (this.findBinary(cmd)) {\n this.log(` Installing via ${cmd}...`);\n const result = spawnSync(cmd, [...args], { stdio: 'inherit' });\n if (result.status === 0) return true;\n }\n }\n return false;\n }\n\n private isCACertTrusted(): boolean {\n if (process.platform === 'darwin') {\n const result = spawnSync('security', ['verify-cert', '-c', CERT_PATH], {\n stdio: 'pipe',\n });\n return result.status === 0;\n }\n\n if (process.platform === 'linux') {\n return existsSync('/usr/local/share/ca-certificates/mitmproxy-ca.crt');\n }\n\n if (process.platform === 'win32') {\n // On Windows, check if cert is in the Root store\n const result = spawnSync('certutil', ['-verify', CERT_PATH], {\n stdio: 'pipe',\n });\n return result.status === 0;\n }\n\n return false;\n }\n\n private trustCACert(): boolean {\n if (process.platform === 'darwin') {\n const result = spawnSync('sudo', [\n 'security', 'add-trusted-cert', '-d', '-r', 'trustRoot',\n '-k', '/Library/Keychains/System.keychain', CERT_PATH,\n ], { stdio: 'inherit' });\n return result.status === 0;\n }\n\n if (process.platform === 'linux') {\n const cp = spawnSync('sudo', [\n 'cp', CERT_PATH, '/usr/local/share/ca-certificates/mitmproxy-ca.crt',\n ], { stdio: 'inherit' });\n if (cp.status !== 0) return false;\n const update = spawnSync('sudo', ['update-ca-certificates'], { stdio: 'inherit' });\n return update.status === 0;\n }\n\n if (process.platform === 'win32') {\n const result = spawnSync('certutil', [\n '-addstore', '-f', 'Root', CERT_PATH,\n ], { stdio: 'inherit' });\n return result.status === 0;\n }\n\n return false;\n }\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,aAAa;AACtB,SAAS,cAAc,UAAU,iBAAiB;AAClD,SAAS,kBAAkB;AAC3B,SAAS,eAAe;AACxB,SAAS,MAAM,eAAe;AAW9B,SAAS,oBAAwC;AAC/C,MAAI;AACF,UAAM,MAAM,aAAa,WAAW,CAAC,MAAM,uBAAuB,GAAG;AAAA,MACnE,UAAU;AAAA,IACZ,CAAC,EAAE,KAAK;AACR,QAAI,OAAO,WAAW,GAAG,EAAG,QAAO,QAAQ,GAAG;AAAA,EAChD,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAMA,SAAS,0BAAmC;AAC1C,MAAI;AACF,iBAAa,aAAa,CAAC,QAAQ,wBAAwB,GAAG;AAAA,MAC5D,OAAO,CAAC,UAAU,QAAQ,MAAM;AAAA,IAClC,CAAC;AACD,WAAO;AAAA,EACT,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AA2BA,IAAM,YAAY,KAAK,QAAQ,GAAG,cAAc,uBAAuB;AAEvE,IAAqB,eAArB,MAAqB,sBAAqB,YAAY;AAAA,EACpD,OAAgB,cAAc;AAAA,EAE9B,OAAgB,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,OAAgB,QAAQ;AAAA,IACtB,YAAY,MAAM,QAAQ;AAAA,MACxB,SAAS;AAAA,MACT,aAAa;AAAA,IACf,CAAC;AAAA,IACD,eAAe,MAAM,OAAO;AAAA,MAC1B,aAAa;AAAA,IACf,CAAC;AAAA,IACD,QAAQ,MAAM,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,IACf,CAAC;AAAA,IACD,oBAAoB,MAAM,QAAQ;AAAA,MAChC,SAAS;AAAA,MACT,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,MAAqB;AACzB,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,MAAM,aAAY;AAC/C,UAAM,WAAW,MAAM;AACvB,UAAM,cAAc,WAAW,QAAQ,IAAK,MAAM,aAAa,KAAK,QAAQ,IAAI;AAChF,UAAM,YAAY,KAAK,aAAa,SAAS;AAC7C,UAAM,aAAa,KAAK,WAAW,eAAe;AAClD,UAAM,UAAU,MAAM,UAAU;AAIhC,QAAI,cAAc;AAElB,QAAI,UAAU;AACZ,WAAK,IAAI,oCAA+B,UAAU,EAAE;AAAA,IACtD;AAIA,UAAM,EAAE,UAAU,gBAAgB,IAAI,mBAAmB,UAAU;AACnE,QAAI,iBAAiB;AACnB,WAAK,IAAI,QAAQ,UAAU,8CAAyC,eAAe,mCAAmC;AAAA,IACxH;AASA,UAAM,iBAAiB,sBAAsB,QAAQ;AAGrD,UAAM,aAAa,kBAAkB;AACrC,yBAAqB,UAAU,UAAU;AACzC,SAAK;AAAA,MACH,iBACI,qFACA;AAAA,IACN;AAGA,QAAI,CAAC,SAAS;AAEZ,YAAM,eAAe,KAAK,WAAW,UAAU;AAC/C,UAAI,CAAC,cAAc;AACjB,aAAK,IAAI,EAAE;AACX,aAAK,IAAI,+CAA0C;AACnD,cAAM,YAAY,KAAK,iBAAiB;AACxC,YAAI,CAAC,WAAW;AACd,eAAK,IAAI,0DAA0D;AACnE,eAAK,IAAI,+CAA+C;AACxD,eAAK,IAAI,4CAA4C;AAAA,QACvD;AAAA,MACF;AAGA,UAAI,CAAC,WAAW,SAAS,GAAG;AAC1B,aAAK,IAAI,mCAAmC;AAC5C,cAAM,WAAW,KAAK,WAAW,UAAU;AAC3C,YAAI,UAAU;AACZ,oBAAU,UAAU,CAAC,SAAS,iBAAiB,IAAI,GAAG;AAAA,YACpD,SAAS;AAAA,YACT,OAAO;AAAA,UACT,CAAC;AACD,cAAI,WAAW,SAAS,GAAG;AACzB,iBAAK,IAAI,oCAAoC,SAAS,EAAE;AAAA,UAC1D,OAAO;AACL,iBAAK,IAAI,iCAAiC;AAAA,UAC5C;AAAA,QACF;AAAA,MACF,OAAO;AACL,aAAK,IAAI,2BAA2B;AAAA,MACtC;AAMA,YAAM,cAAc,WAAW,SAAS;AACxC,UAAI,YAAY;AAChB,UAAI,eAAe,CAAC,KAAK,gBAAgB,GAAG;AAC1C,aAAK,IAAI,4EAA4E;AACrF,oBAAY,KAAK,YAAY;AAC7B,YAAI,WAAW;AACb,eAAK,IAAI,uCAAuC;AAAA,QAClD,OAAO;AACL,eAAK,IAAI,+CAA+C;AACxD,cAAI,QAAQ,aAAa,UAAU;AACjC,iBAAK,IAAI,2GAA2G,SAAS,EAAE;AAAA,UACjI,WAAW,QAAQ,aAAa,SAAS;AACvC,iBAAK,IAAI,8BAA8B,SAAS,mFAAmF;AAAA,UACrI;AAAA,QACF;AAAA,MACF,WAAW,aAAa;AACtB,aAAK,IAAI,qCAAqC;AAC9C,oBAAY;AAAA,MACd;AAQA,UAAI,wBAAwB,GAAG;AAC7B,aAAK,IAAI,0DAA0D;AAAA,MACrE,WAAW,iBAAiB,GAAG;AAC7B,aAAK,IAAI,8BAA8B;AAAA,MACzC,OAAO;AACL,YAAI;AACF,gBAAM,MAAM,aAAa,KAAK,OAAO,OAAO;AAC5C,eAAK,IAAI,6BAA6B,GAAG,GAAG;AAAA,QAC9C,SAAS,KAAK;AACZ,eAAK,IAAI,iCAAkC,IAAc,OAAO,EAAE;AAAA,QACpE;AAAA,MACF;AAUA,YAAM,cAAc,MAAM,wBAAwB,cAAc,EAAE,WAAW,IAAK,CAAC;AACnF,UAAI,CAAC,aAAa;AAIhB,aAAK,IAAI,mFAA8E;AACvF,aAAK,IAAI,+DAA+D;AAAA,MAC1E,WAAW,CAAC,aAAa;AACvB,aAAK,IAAI,qCAAqC,YAAY,kCAA6B;AACvF,aAAK,IAAI,2EAA2E;AACpF,aAAK,IAAI,2DAA2D;AAAA,MACtE,OAAO;AAGL,cAAM,MAAO,SAAS,OAAO,CAAC;AAC9B,YAAI,cAAc,oBAAoB,YAAY;AAElD,YAAI,WAAW;AACf,YAAI,WAAW,SAAS,GAAG;AACzB,cAAI,sBAAsB;AAAA,QAC5B;AACA,iBAAS,MAAM;AACf,sBAAc;AACd,aAAK,IAAI,uCAAuC,YAAY,kBAAkB;AAG9E,cAAM,cAAc,uBAAuB,aAAa,cAAc,SAAS;AAC/E,YAAI,aAAa;AACf,eAAK,IAAI,2DAAsD;AAAA,QACjE;AAGA,cAAM,cAAc,uBAAuB,aAAa,cAAc,SAAS;AAC/E,YAAI,aAAa;AACf,eAAK,IAAI,sEAAiE;AAAA,QAC5E;AAIA,cAAM,kBAAkB,2BAA2B,YAAY;AAC/D,YAAI,iBAAiB;AACnB,eAAK,IAAI,iGAA4F;AAAA,QACvG;AAGA,cAAM,kBAAkB,2BAA2B,YAAY;AAC/D,YAAI,iBAAiB;AACnB,eAAK,IAAI,kGAA6F;AAAA,QACxG;AAcA,YAAI,WAAW;AACb,gBAAM,WAAW,qBAAqB,cAAc,SAAS;AAC7D,cAAI,UAAU;AACZ,iBAAK,IAAI,6DAA6D;AAAA,UACxE;AAAA,QACF,OAAO;AACL,eAAK,IAAI,0FAAqF;AAC9F,eAAK,IAAI,4FAA4F;AAAA,QACvG;AAAA,MACF;AAAA,IACF;AAOA,QAAI,CAAC,UAAU;AACb,YAAM,cAAc,iBAAiB,aAAa,UAAU;AAC5D,UAAI,aAAa;AACf,aAAK,IAAI,uCAAkC,WAAW,EAAE;AAAA,MAC1D;AAEA,YAAM,eAAe,kBAAkB,aAAa,UAAU;AAC9D,UAAI,cAAc;AAChB,aAAK,IAAI,8CAAyC,YAAY,EAAE;AAAA,MAClE;AAEA,YAAM,mBAAmB,sBAAsB,WAAW;AAC1D,UAAI,kBAAkB;AACpB,aAAK,IAAI,sDAAiD,gBAAgB,EAAE;AAAA,MAC9E;AAAA,IACF;AAMA,UAAM,uBAAuB,0BAA0B;AACvD,QAAI,sBAAsB;AACxB,WAAK,IAAI,iDAA4C,oBAAoB,EAAE;AAAA,IAC7E;AAQA,UAAM,kBAAkB,qBAAqB,UAAU;AACvD,QAAI,iBAAiB;AACnB,WAAK,IAAI,4CAAuC,eAAe,EAAE;AAAA,IACnE;AAMA,QAAI,MAAM,kBAAkB,GAAG;AAC7B,UAAI,0BAA0B,QAAQ,GAAG;AACvC,aAAK,IAAI,wCAAwC;AAAA,MACnD,OAAO;AACL,cAAM,UAAU,sBAAsB,QAAQ;AAC9C,4BAAoB,OAAO;AAC3B,iBAAS,aAAa;AACtB,YAAI,SAAS;AACX,eAAK,IAAI,yCAAoC,0BAA0B,OAAO,gBAAgB,OAAO,GAAG;AAAA,QAC1G,OAAO;AACL,eAAK,IAAI,yCAAoC,0BAA0B,OAAO,EAAE;AAAA,QAClF;AACA,aAAK,IAAI,mFAAoF;AAAA,MAC/F;AAAA,IACF;AAGA,UAAM,EAAE,WAAW,IAAI,8BAA8B,YAAY,QAAQ;AACzE,QAAI,YAAY;AACd,WAAK,IAAI,2CAAsC,UAAU,EAAE;AAAA,IAC7D;AAEA,SAAK,IAAI,EAAE;AACX,SAAK,IAAI,6BAA6B;AACtC,QAAI,UAAU;AACZ,WAAK,IAAI,2DAA2D;AACpE,WAAK,IAAI,iFAA4E;AACrF,WAAK,IAAI,EAAE;AACX,WAAK,IAAI,wDAAwD;AAAA,IACnE,WAAW,CAAC,SAAS;AACnB,WAAK,IAAI,0EAAqE;AAC9E,UAAI,aAAa;AAGf,aAAK,IAAI,gEAA2D,eAAe,GAAG;AAAA,MACxF,OAAO;AACL,aAAK,IAAI,sEAAsE;AAAA,MACjF;AACA,WAAK,IAAI,EAAE;AACX,WAAK,IAAI,0EAA0E;AACnF,WAAK,IAAI,kFAAkF;AAC3F,WAAK,IAAI,EAAE;AACX,WAAK,IAAI,6DAA6D;AACtE,WAAK,IAAI,wCAAwC;AAAA,IACnD,OAAO;AAKL,WAAK,IAAI,iFAA4E;AACrF,WAAK,IAAI,EAAE;AACX,WAAK,IAAI,sEAAsE;AAC/E,WAAK,IAAI,yEAAyE;AAClF,WAAK,IAAI,gDAAgD;AAAA,IAC3D;AAOA,UAAM,mBAAmB;AAKzB,SAAK,eAAe,mBAAmB,EAAE,OAAO,aAAa,QAAQ,SAAS,GAAG,KAAK,OAAO,OAAO;AAIpG,UAAM,OAAO,MAAM,WAAW;AAC9B,SAAK,IAAI,EAAE;AACX,QAAI,KAAK,WAAW;AAClB,WAAK,IAAI,kBAAkB,KAAK,UAAU,MAAM,KAAK,OAAO,MAAM,EAAE,2BAAsB;AAAA,IAC5F,OAAO;AACL,WAAK,IAAI,0GAAqG;AAAA,IAChH;AAAA,EACF;AAAA,EAEQ,WAAW,MAA6B;AAC9C,QAAI;AACF,aAAO,SAAS,SAAS,IAAI,gBAAgB,EAAE,UAAU,QAAQ,CAAC,EAAE,KAAK,KAAK;AAAA,IAChF,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,mBAA4B;AAClC,eAAW,CAAC,KAAK,IAAI,KAAK;AAAA,MACxB,CAAC,QAAQ,CAAC,WAAW,WAAW,CAAC;AAAA,MACjC,CAAC,MAAM,CAAC,QAAQ,WAAW,WAAW,CAAC;AAAA,MACvC,CAAC,QAAQ,CAAC,WAAW,WAAW,CAAC;AAAA,IACnC,GAAY;AACV,UAAI,KAAK,WAAW,GAAG,GAAG;AACxB,aAAK,IAAI,uBAAuB,GAAG,KAAK;AACxC,cAAM,SAAS,UAAU,KAAK,CAAC,GAAG,IAAI,GAAG,EAAE,OAAO,UAAU,CAAC;AAC7D,YAAI,OAAO,WAAW,EAAG,QAAO;AAAA,MAClC;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,kBAA2B;AACjC,QAAI,QAAQ,aAAa,UAAU;AACjC,YAAM,SAAS,UAAU,YAAY,CAAC,eAAe,MAAM,SAAS,GAAG;AAAA,QACrE,OAAO;AAAA,MACT,CAAC;AACD,aAAO,OAAO,WAAW;AAAA,IAC3B;AAEA,QAAI,QAAQ,aAAa,SAAS;AAChC,aAAO,WAAW,mDAAmD;AAAA,IACvE;AAEA,QAAI,QAAQ,aAAa,SAAS;AAEhC,YAAM,SAAS,UAAU,YAAY,CAAC,WAAW,SAAS,GAAG;AAAA,QAC3D,OAAO;AAAA,MACT,CAAC;AACD,aAAO,OAAO,WAAW;AAAA,IAC3B;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,cAAuB;AAC7B,QAAI,QAAQ,aAAa,UAAU;AACjC,YAAM,SAAS,UAAU,QAAQ;AAAA,QAC/B;AAAA,QAAY;AAAA,QAAoB;AAAA,QAAM;AAAA,QAAM;AAAA,QAC5C;AAAA,QAAM;AAAA,QAAsC;AAAA,MAC9C,GAAG,EAAE,OAAO,UAAU,CAAC;AACvB,aAAO,OAAO,WAAW;AAAA,IAC3B;AAEA,QAAI,QAAQ,aAAa,SAAS;AAChC,YAAM,KAAK,UAAU,QAAQ;AAAA,QAC3B;AAAA,QAAM;AAAA,QAAW;AAAA,MACnB,GAAG,EAAE,OAAO,UAAU,CAAC;AACvB,UAAI,GAAG,WAAW,EAAG,QAAO;AAC5B,YAAM,SAAS,UAAU,QAAQ,CAAC,wBAAwB,GAAG,EAAE,OAAO,UAAU,CAAC;AACjF,aAAO,OAAO,WAAW;AAAA,IAC3B;AAEA,QAAI,QAAQ,aAAa,SAAS;AAChC,YAAM,SAAS,UAAU,YAAY;AAAA,QACnC;AAAA,QAAa;AAAA,QAAM;AAAA,QAAQ;AAAA,MAC7B,GAAG,EAAE,OAAO,UAAU,CAAC;AACvB,aAAO,OAAO,WAAW;AAAA,IAC3B;AAEA,WAAO;AAAA,EACT;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -2,6 +2,9 @@ import {
|
|
|
2
2
|
detectTmux
|
|
3
3
|
} from "../../chunk-BO76WKJR.js";
|
|
4
4
|
import "../../chunk-KRBQLMOP.js";
|
|
5
|
+
import {
|
|
6
|
+
emitSetupEvent
|
|
7
|
+
} from "../../chunk-TX2HKJLA.js";
|
|
5
8
|
import {
|
|
6
9
|
BaseCommand
|
|
7
10
|
} from "../../chunk-SZ7VDCD6.js";
|
|
@@ -389,6 +392,7 @@ var ServiceInstall = class _ServiceInstall extends BaseCommand {
|
|
|
389
392
|
this.log(" rulemetric service status \u2014 check if running");
|
|
390
393
|
this.log(" rulemetric service uninstall \u2014 remove the worker");
|
|
391
394
|
await bootstrapActiveOrg();
|
|
395
|
+
void emitSetupEvent("worker_started", { mode: "worker-only" }, this.config.version);
|
|
392
396
|
}
|
|
393
397
|
/**
|
|
394
398
|
* Load worker env from ~/.config/rulemetric/env only (no repo .env.local).
|