@simonyea/holysheep-cli 2.1.22 → 2.1.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@simonyea/holysheep-cli",
|
|
3
|
-
"version": "2.1.
|
|
3
|
+
"version": "2.1.23",
|
|
4
4
|
"description": "Claude Code/Cursor/Cline API relay for China \u2014 \u00a51=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js && node tests/hermes.test.js && node tests/preflight.test.js",
|
|
@@ -739,14 +739,32 @@ async function closeSession(configPath, sessionId) {
|
|
|
739
739
|
if (!sessionId) return
|
|
740
740
|
const config = readConfig(configPath)
|
|
741
741
|
const controlPlaneUrl = getControlPlaneUrl(config)
|
|
742
|
-
if (!controlPlaneUrl)
|
|
742
|
+
if (!controlPlaneUrl) {
|
|
743
|
+
logProxyTiming('lease.close', { sessionId, skipped: 'no-control-plane' })
|
|
744
|
+
return
|
|
745
|
+
}
|
|
746
|
+
const startedAt = Date.now()
|
|
747
|
+
let status = 'unknown'
|
|
743
748
|
try {
|
|
744
|
-
await fetch(`${controlPlaneUrl}/session/close`, {
|
|
749
|
+
const response = await fetch(`${controlPlaneUrl}/session/close`, {
|
|
745
750
|
method: 'POST',
|
|
746
751
|
headers: { 'content-type': 'application/json' },
|
|
747
752
|
body: JSON.stringify({ sessionId }),
|
|
748
753
|
})
|
|
749
|
-
|
|
754
|
+
status = response.ok ? 'ok' : `http_${response.status}`
|
|
755
|
+
} catch (err) {
|
|
756
|
+
status = `err_${err.name || 'unknown'}`
|
|
757
|
+
}
|
|
758
|
+
// Always log lease.close — unlike other events this isn't slow-path-gated
|
|
759
|
+
// because lease leaks silently accumulate on CRS, making it critical to
|
|
760
|
+
// observe every release attempt.
|
|
761
|
+
console.error(
|
|
762
|
+
`[hs-claude-proxy] lease.close ${JSON.stringify({
|
|
763
|
+
sessionId,
|
|
764
|
+
status,
|
|
765
|
+
durationMs: Date.now() - startedAt,
|
|
766
|
+
})}`
|
|
767
|
+
)
|
|
750
768
|
}
|
|
751
769
|
|
|
752
770
|
module.exports = {
|
|
@@ -60,10 +60,10 @@ const VENDOR_DIR = path.join(__dirname, 'vendor', 'aionui')
|
|
|
60
60
|
// new CLI release, the next `hs web` invocation on user machines will detect
|
|
61
61
|
// the version drift and upgrade the cache in place.
|
|
62
62
|
const DEFAULT_RUNTIME_URL =
|
|
63
|
-
'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-
|
|
63
|
+
'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs18.tar.gz'
|
|
64
64
|
const DEFAULT_RUNTIME_SHA256 =
|
|
65
|
-
'
|
|
66
|
-
const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-
|
|
65
|
+
'402739938fb30ddf09e31ed9fd64eb1453726cc062cc5d2ab8f3fbf19f7e6e66'
|
|
66
|
+
const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs18'
|
|
67
67
|
|
|
68
68
|
function isValidRuntimeDir(dir) {
|
|
69
69
|
if (!dir) return false
|
|
@@ -609,21 +609,33 @@ async function startWrapper({ port, runtimeDir, runtimeVersion, runtimeSource, b
|
|
|
609
609
|
// CLI package root containing package.json + src/.
|
|
610
610
|
const cliRoot = path.resolve(__dirname, '..', '..')
|
|
611
611
|
const wrapperVersion = require('../../package.json').version
|
|
612
|
+
// [HolySheep fork v2.1.23] Do NOT put HOLYSHEEP_API_KEY in env — any other
|
|
613
|
+
// process owned by the same user can read it via `ps ewww`. Instead, the
|
|
614
|
+
// fork side reads ~/.holysheep/config.json (already 0644 today; will be
|
|
615
|
+
// tightened to 0600 in the same release). Pass only the path hint.
|
|
616
|
+
const credPath = path.join(os.homedir(), '.holysheep', 'config.json')
|
|
617
|
+
try {
|
|
618
|
+
// Belt-and-suspenders: ensure the creds file is not world-readable.
|
|
619
|
+
if (fs.existsSync(credPath)) {
|
|
620
|
+
fs.chmodSync(credPath, 0o600)
|
|
621
|
+
}
|
|
622
|
+
} catch { /* best effort */ }
|
|
623
|
+
const sanitizedParentEnv = { ...process.env }
|
|
624
|
+
// If the parent process already had HOLYSHEEP_API_KEY in its env (e.g. the
|
|
625
|
+
// user exported it in their shell), DON'T propagate it — the fork reads
|
|
626
|
+
// the file instead. This closes the ps-leak vector for npm-global users.
|
|
627
|
+
delete sanitizedParentEnv.HOLYSHEEP_API_KEY
|
|
612
628
|
const aionui = spawn(bunPath, ['dist-server/server.mjs'], {
|
|
613
629
|
cwd: runtimeDir,
|
|
614
630
|
env: {
|
|
615
|
-
...
|
|
631
|
+
...sanitizedParentEnv,
|
|
616
632
|
PORT: String(internalPort),
|
|
617
633
|
HOST: '127.0.0.1',
|
|
618
634
|
ALLOW_REMOTE: '',
|
|
619
635
|
NODE_ENV: 'production',
|
|
620
636
|
HOLYSHEEP_CLI_ROOT: cliRoot,
|
|
621
637
|
HOLYSHEEP_CLI_VERSION: wrapperVersion,
|
|
622
|
-
|
|
623
|
-
// Dashboard without going through /api/holysheep/status round-trip.
|
|
624
|
-
...(process.env.HOLYSHEEP_API_KEY ? {} : (() => {
|
|
625
|
-
try { const k = require('../utils/config').getApiKey(); return k ? { HOLYSHEEP_API_KEY: k } : {} } catch { return {} }
|
|
626
|
-
})()),
|
|
638
|
+
HOLYSHEEP_CONFIG_PATH: credPath,
|
|
627
639
|
},
|
|
628
640
|
stdio: ['ignore', 'pipe', 'pipe'],
|
|
629
641
|
})
|