npm - @tankpkg/cli - Versions diffs - 0.10.4 → 0.10.6 - Mend

@tankpkg/cli 0.10.4 → 0.10.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/bin/tank.js +86 -1
package/dist/bin/tank.js.map +1 -1
package/dist/{debug-logger-hFhzviBs.js → debug-logger-Dr14Gtjr.js} +2 -2
package/dist/{debug-logger-hFhzviBs.js.map → debug-logger-Dr14Gtjr.js.map} +1 -1
package/dist/index.js +1 -1
package/dist/package.json +2 -1
package/package.json +2 -1

package/dist/bin/tank.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { a as VERSION, c as getConfigDir, i as USER_AGENT, n as flushLogs, o as logger, s as getConfig, t as authFlowLog, u as setConfig } from "../debug-logger-hFhzviBs.js";
+import { a as VERSION, c as getConfigDir, i as USER_AGENT, n as flushLogs, o as logger, s as getConfig, t as authFlowLog, u as setConfig } from "../debug-logger-Dr14Gtjr.js";
 import { Command } from "commander";
 import chalk from "chalk";
 import fs from "node:fs";
@@ -13,6 +13,8 @@ import ora from "ora";
 import { create, extract } from "tar";
 import open from "open";
 import ignore from "ignore";
+import { spawn } from "node:child_process";
+import { fileURLToPath } from "node:url";
 process.env.TANK_REGISTRY_URL;
 const MANIFEST_FILENAME = "tank.json";
 const LEGACY_MANIFEST_FILENAME = "skills.json";
@@ -2543,6 +2545,75 @@ function getGlobalSkillDir(homedir, skillName) {
 	return path.join(globalDir, skillName);
 }
 //#endregion
+//#region src/commands/run.ts
+const AGENTS_MODULE = "@tankpkg/vault/src/runner/agents";
+const RUNNER_MODULE = "@tankpkg/vault/src/runner/run";
+const SERVER_MODULE = "@tankpkg/vault/src/proxy/server";
+const VAULT_MODULE = "@tankpkg/vault/src/tokenizer/vault";
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const BOOTSTRAP_PATH = path.resolve(__dirname, "..", "..", "..", "vault", "src", "proxy", "bootstrap.cjs");
+const PLACEHOLDER_REQUIRE = "--require tank-vault-proxy-bootstrap.js";
+async function runCommand(options) {
+	const [agentsModule, runnerModule, serverModule, vaultModule] = await Promise.all([
+		import(AGENTS_MODULE),
+		import(RUNNER_MODULE),
+		import(SERVER_MODULE),
+		import(VAULT_MODULE)
+	]);
+	const { getAgentConfig, getSupportedAgentIds } = agentsModule;
+	const { buildAgentEnv } = runnerModule;
+	const { startProxy } = serverModule;
+	const { VaultStore } = vaultModule;
+	const config = getAgentConfig(options.agent);
+	if (!config) {
+		const supported = getSupportedAgentIds().join(", ");
+		console.error(chalk.red(`Unknown agent: ${options.agent}`));
+		console.error(`Supported agents: ${supported}`);
+		process.exit(1);
+	}
+	const vault = new VaultStore();
+	const proxy = await startProxy(vault);
+	console.log(`Vault proxy started on port ${proxy.port}`);
+	console.log(`Agent: ${config.name} (${config.runtime})`);
+	console.log("Credentials will be detected from traffic");
+	const env = buildAgentEnv(config.strategy, proxy.url, process.env);
+	const bootstrapRequire = `--require ${BOOTSTRAP_PATH}`;
+	if (env.NODE_OPTIONS?.includes(PLACEHOLDER_REQUIRE)) env.NODE_OPTIONS = env.NODE_OPTIONS.replace(PLACEHOLDER_REQUIRE, bootstrapRequire);
+	if (options.verbose) {
+		console.log(`Bootstrap: ${BOOTSTRAP_PATH}`);
+		console.log(`Proxy URL: ${proxy.url}`);
+	}
+	const child = spawn(config.command, options.agentArgs ?? [], {
+		env,
+		stdio: "inherit"
+	});
+	let cleaningUp = false;
+	const cleanupAndExit = async (code) => {
+		if (cleaningUp) return;
+		cleaningUp = true;
+		process.off("SIGINT", onSigint);
+		process.off("SIGTERM", onSigterm);
+		vault.clear();
+		await proxy.close();
+		process.exit(code);
+	};
+	const onSigint = () => {
+		child.kill("SIGINT");
+	};
+	const onSigterm = () => {
+		child.kill("SIGTERM");
+	};
+	process.on("SIGINT", onSigint);
+	process.on("SIGTERM", onSigterm);
+	child.once("error", async (error) => {
+		console.error(chalk.red(`Failed to launch agent: ${error.message}`));
+		await cleanupAndExit(1);
+	});
+	child.once("exit", async (code, signal) => {
+		await cleanupAndExit(typeof code === "number" ? code : signal ? 1 : 0);
+	});
+}
+//#endregion
 //#region src/commands/scan.ts
 function verdictColor(verdict) {
 	switch (verdict) {
@@ -3383,6 +3454,20 @@ program.command("audit").description("Display security audit results for install
 		process.exit(1);
 	}
 });
+program.command("run").description("Launch an agent with credential protection (vault proxy)").argument("<agent>", "Agent ID to launch").allowUnknownOption(true).allowExcessArguments(true).option("--verbose", "Print verbose vault proxy details").action(async (agent, opts, cmd) => {
+	try {
+		const agentArgs = cmd.args.slice(1);
+		await runCommand({
+			agent,
+			verbose: opts.verbose,
+			agentArgs
+		});
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		console.error(`Run failed: ${msg}`);
+		process.exit(1);
+	}
+});
 program.command("scan").description("Scan a local skill for security issues without publishing").option("-d, --directory <path>", "Directory to scan (default: current directory)").action(async (opts) => {
 	try {
 		await scanCommand({ directory: opts.directory });