@vellumai/cli 0.4.54 → 0.4.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/bun.lock +3 -70
  2. package/package.json +2 -3
  3. package/src/__tests__/random-name.test.ts +24 -5
  4. package/src/adapters/install.sh +1 -1
  5. package/src/adapters/openclaw.ts +6 -3
  6. package/src/commands/client.ts +2 -3
  7. package/src/commands/hatch.ts +78 -155
  8. package/src/commands/pair.ts +2 -2
  9. package/src/commands/retire.ts +31 -7
  10. package/src/commands/wake.ts +25 -6
  11. package/src/components/DefaultMainScreen.tsx +1 -1
  12. package/src/lib/assistant-config.ts +9 -2
  13. package/src/lib/aws.ts +11 -37
  14. package/src/lib/constants.ts +7 -0
  15. package/src/lib/docker.ts +634 -279
  16. package/src/lib/gcp.ts +15 -14
  17. package/src/lib/guardian-token.ts +174 -0
  18. package/src/lib/health-check.ts +6 -30
  19. package/src/lib/local.ts +150 -27
  20. package/src/lib/platform-client.ts +24 -0
  21. package/src/lib/process.ts +1 -1
  22. package/src/lib/random-name.ts +17 -1
  23. package/src/lib/jwt.ts +0 -62
  24. package/src/lib/policy.ts +0 -7
package/src/lib/jwt.ts DELETED
@@ -1,62 +0,0 @@
1
- /**
2
- * Minimal JWT minting for the external CLI.
3
- *
4
- * Loads the shared HMAC signing key from disk and mints short-lived JWTs
5
- * so the CLI can authenticate with the daemon's HTTP server without reading
6
- * the deprecated http-token file.
7
- */
8
-
9
- import { createHmac, randomBytes } from "crypto";
10
- import { readFileSync } from "fs";
11
- import { join } from "path";
12
-
13
- import { CURRENT_POLICY_EPOCH } from "./policy.js";
14
-
15
- function base64urlEncode(data: Buffer | string): string {
16
- const buf = typeof data === "string" ? Buffer.from(data, "utf-8") : data;
17
- return buf.toString("base64url");
18
- }
19
-
20
- const JWT_HEADER = base64urlEncode(
21
- JSON.stringify({ alg: "HS256", typ: "JWT" }),
22
- );
23
-
24
- /**
25
- * Mint a short-lived JWT bearer token for the given instance directory.
26
- *
27
- * Reads the signing key from `<instanceDir>/.vellum/protected/actor-token-signing-key`
28
- * and mints a 30-day JWT with `aud=vellum-gateway`.
29
- *
30
- * Returns undefined if the signing key doesn't exist yet (daemon not started).
31
- */
32
- export function mintLocalBearerToken(instanceDir: string): string | undefined {
33
- try {
34
- const keyPath = join(
35
- instanceDir,
36
- ".vellum",
37
- "protected",
38
- "actor-token-signing-key",
39
- );
40
- const key = readFileSync(keyPath);
41
- if (key.length !== 32) return undefined;
42
-
43
- const now = Math.floor(Date.now() / 1000);
44
- const claims = {
45
- iss: "vellum-auth",
46
- aud: "vellum-gateway",
47
- sub: "local:cli:cli",
48
- scope_profile: "actor_client_v1",
49
- exp: now + 30 * 24 * 60 * 60,
50
- policy_epoch: CURRENT_POLICY_EPOCH,
51
- iat: now,
52
- jti: randomBytes(16).toString("hex"),
53
- };
54
-
55
- const payload = base64urlEncode(JSON.stringify(claims));
56
- const sigInput = JWT_HEADER + "." + payload;
57
- const sig = createHmac("sha256", key).update(sigInput).digest();
58
- return sigInput + "." + base64urlEncode(sig);
59
- } catch {
60
- return undefined;
61
- }
62
- }
package/src/lib/policy.ts DELETED
@@ -1,7 +0,0 @@
1
- /**
2
- * Policy epoch constant for the external CLI.
3
- *
4
- * Must stay in sync with assistant/src/runtime/auth/policy.ts.
5
- * When the daemon bumps CURRENT_POLICY_EPOCH, update this value too.
6
- */
7
- export const CURRENT_POLICY_EPOCH = 1;