@wlfi-agent/cli 1.4.14 → 1.4.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/Cargo.lock +1 -0
  2. package/Cargo.toml +1 -1
  3. package/README.md +10 -2
  4. package/crates/vault-cli-admin/src/main.rs +21 -2
  5. package/crates/vault-cli-admin/src/tui.rs +634 -129
  6. package/crates/vault-cli-daemon/Cargo.toml +1 -0
  7. package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +122 -8
  8. package/crates/vault-cli-daemon/src/main.rs +24 -4
  9. package/crates/vault-cli-daemon/src/relay_sync.rs +155 -35
  10. package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +23 -18
  11. package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +6 -0
  12. package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +6 -0
  13. package/crates/vault-daemon/src/tests.rs +2 -2
  14. package/crates/vault-daemon/src/tests_parts/part4.rs +110 -0
  15. package/crates/vault-transport-unix/src/lib.rs +22 -3
  16. package/crates/vault-transport-xpc/src/lib.rs +20 -2
  17. package/dist/cli.cjs +20842 -25552
  18. package/dist/cli.cjs.map +1 -1
  19. package/package.json +18 -18
  20. package/packages/cache/.turbo/turbo-build.log +20 -20
  21. package/packages/cache/coverage/base.css +224 -0
  22. package/packages/cache/coverage/block-navigation.js +87 -0
  23. package/packages/cache/coverage/clover.xml +585 -0
  24. package/packages/cache/coverage/coverage-final.json +5 -0
  25. package/packages/cache/coverage/favicon.png +0 -0
  26. package/packages/cache/coverage/index.html +161 -0
  27. package/packages/cache/coverage/prettify.css +1 -0
  28. package/packages/cache/coverage/prettify.js +2 -0
  29. package/packages/cache/coverage/sort-arrow-sprite.png +0 -0
  30. package/packages/cache/coverage/sorter.js +210 -0
  31. package/packages/cache/coverage/src/client/index.html +116 -0
  32. package/packages/cache/coverage/src/client/index.ts.html +253 -0
  33. package/packages/cache/coverage/src/errors/index.html +116 -0
  34. package/packages/cache/coverage/src/errors/index.ts.html +244 -0
  35. package/packages/cache/coverage/src/index.html +116 -0
  36. package/packages/cache/coverage/src/index.ts.html +94 -0
  37. package/packages/cache/coverage/src/service/index.html +116 -0
  38. package/packages/cache/coverage/src/service/index.ts.html +2212 -0
  39. package/packages/cache/dist/{chunk-ALQ6H7KG.cjs → chunk-QF4XKEIA.cjs} +189 -45
  40. package/packages/cache/dist/chunk-QF4XKEIA.cjs.map +1 -0
  41. package/packages/cache/dist/{chunk-FGJEEF5N.js → chunk-QNK6GOTI.js} +182 -38
  42. package/packages/cache/dist/chunk-QNK6GOTI.js.map +1 -0
  43. package/packages/cache/dist/index.cjs +2 -2
  44. package/packages/cache/dist/index.js +1 -1
  45. package/packages/cache/dist/service/index.cjs +2 -2
  46. package/packages/cache/dist/service/index.d.cts +2 -0
  47. package/packages/cache/dist/service/index.d.ts +2 -0
  48. package/packages/cache/dist/service/index.js +1 -1
  49. package/packages/cache/node_modules/.bin/jiti +0 -0
  50. package/packages/cache/node_modules/.bin/tsc +0 -0
  51. package/packages/cache/node_modules/.bin/tsserver +0 -0
  52. package/packages/cache/node_modules/.bin/tsup +0 -0
  53. package/packages/cache/node_modules/.bin/tsup-node +0 -0
  54. package/packages/cache/node_modules/.bin/tsx +0 -0
  55. package/packages/cache/node_modules/.bin/vitest +0 -0
  56. package/packages/cache/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json +1 -0
  57. package/packages/cache/src/service/index.test.ts +575 -0
  58. package/packages/cache/src/service/index.ts +234 -51
  59. package/packages/config/.turbo/turbo-build.log +17 -18
  60. package/packages/config/dist/index.cjs +0 -0
  61. package/packages/config/node_modules/.bin/jiti +0 -0
  62. package/packages/config/node_modules/.bin/tsc +2 -2
  63. package/packages/config/node_modules/.bin/tsserver +2 -2
  64. package/packages/config/node_modules/.bin/tsup +2 -2
  65. package/packages/config/node_modules/.bin/tsup-node +2 -2
  66. package/packages/config/node_modules/.bin/tsx +0 -0
  67. package/packages/rpc/.turbo/turbo-build.log +31 -32
  68. package/packages/rpc/dist/_esm-BCLXDO2R.cjs +0 -0
  69. package/packages/rpc/dist/ccip-OWJLAW55.cjs +0 -0
  70. package/packages/rpc/dist/chunk-APQIFZ3B.cjs +0 -0
  71. package/packages/rpc/dist/chunk-CDO2GWRD.cjs +0 -0
  72. package/packages/rpc/dist/chunk-QGTNTFJ7.cjs +0 -0
  73. package/packages/rpc/dist/chunk-TZDTAHWR.cjs +0 -0
  74. package/packages/rpc/dist/index.cjs +0 -0
  75. package/packages/rpc/dist/secp256k1-WCNM675D.cjs +0 -0
  76. package/packages/rpc/node_modules/.bin/jiti +0 -0
  77. package/packages/rpc/node_modules/.bin/tsc +2 -2
  78. package/packages/rpc/node_modules/.bin/tsserver +2 -2
  79. package/packages/rpc/node_modules/.bin/tsup +2 -2
  80. package/packages/rpc/node_modules/.bin/tsup-node +2 -2
  81. package/packages/rpc/node_modules/.bin/tsx +0 -0
  82. package/packages/ui/.turbo/turbo-build.log +43 -44
  83. package/packages/ui/node_modules/.bin/jiti +0 -0
  84. package/packages/ui/node_modules/.bin/tsc +0 -0
  85. package/packages/ui/node_modules/.bin/tsserver +0 -0
  86. package/packages/ui/node_modules/.bin/tsup +0 -0
  87. package/packages/ui/node_modules/.bin/tsup-node +0 -0
  88. package/packages/ui/node_modules/.bin/tsx +0 -0
  89. package/scripts/install-rust-binaries.mjs +164 -58
  90. package/scripts/launchd/install-user-daemon.sh +0 -0
  91. package/scripts/launchd/run-vault-daemon.sh +0 -0
  92. package/scripts/launchd/run-wlfi-agent-daemon.sh +0 -0
  93. package/scripts/launchd/uninstall-user-daemon.sh +0 -0
  94. package/src/cli.ts +51 -39
  95. package/src/lib/admin-passthrough.js +1 -0
  96. package/src/lib/admin-reset.js +1 -0
  97. package/src/lib/admin-reset.ts +26 -16
  98. package/src/lib/admin-setup.js +1 -0
  99. package/src/lib/admin-setup.ts +32 -20
  100. package/src/lib/agent-auth-revoke.js +1 -0
  101. package/src/lib/agent-auth-rotate.js +1 -0
  102. package/src/lib/agent-auth.js +1 -0
  103. package/src/lib/config-mutation.js +1 -0
  104. package/src/lib/launchd-assets.js +1 -0
  105. package/src/lib/launchd-assets.ts +29 -0
  106. package/src/lib/local-admin-access.js +1 -0
  107. package/src/lib/rust.ts +1 -1
  108. package/src/lib/status-repair-cli.js +1 -0
  109. package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +0 -1
  110. package/packages/cache/dist/chunk-FGJEEF5N.js.map +0 -1
package/crates/vault-transport-unix/src/lib.rs CHANGED
@@ -23,8 +23,8 @@ use vault_daemon::{
23
23
  };
24
24
  use vault_domain::{
25
25
  AdminSession, AgentCredentials, Lease, ManualApprovalDecision, ManualApprovalRequest,
26
- NonceReleaseRequest, NonceReservation, NonceReservationRequest, PolicyAttachment, RelayConfig,
27
- SignRequest, Signature, SpendingPolicy, VaultKey,
26
+ ManualApprovalStatus, NonceReleaseRequest, NonceReservation, NonceReservationRequest,
27
+ PolicyAttachment, RelayConfig, SignRequest, Signature, SpendingPolicy, VaultKey,
28
28
  };
29
29
  use vault_policy::{PolicyEvaluation, PolicyExplanation};
30
30
  use vault_signer::{KeyCreateRequest, SignerError, VaultSignerBackend};
@@ -185,6 +185,10 @@ enum WireDaemonError {
185
185
  ManualApprovalRejected {
186
186
  approval_request_id: Uuid,
187
187
  },
188
+ ManualApprovalRequestNotPending {
189
+ approval_request_id: Uuid,
190
+ status: ManualApprovalStatus,
191
+ },
188
192
  Policy(vault_policy::PolicyError),
189
193
  Signer(SignerError),
190
194
  PasswordHash(String),
@@ -233,6 +237,13 @@ impl From<DaemonError> for WireDaemonError {
233
237
  } => Self::ManualApprovalRejected {
234
238
  approval_request_id,
235
239
  },
240
+ DaemonError::ManualApprovalRequestNotPending {
241
+ approval_request_id,
242
+ status,
243
+ } => Self::ManualApprovalRequestNotPending {
244
+ approval_request_id,
245
+ status,
246
+ },
236
247
  DaemonError::Policy(err) => Self::Policy(err),
237
248
  DaemonError::Signer(err) => Self::Signer(err),
238
249
  DaemonError::PasswordHash(msg) => Self::PasswordHash(msg),
@@ -293,6 +304,13 @@ impl WireDaemonError {
293
304
  } => DaemonError::ManualApprovalRejected {
294
305
  approval_request_id,
295
306
  },
307
+ WireDaemonError::ManualApprovalRequestNotPending {
308
+ approval_request_id,
309
+ status,
310
+ } => DaemonError::ManualApprovalRequestNotPending {
311
+ approval_request_id,
312
+ status,
313
+ },
296
314
  WireDaemonError::Policy(err) => DaemonError::Policy(err),
297
315
  WireDaemonError::Signer(err) => DaemonError::Signer(err),
298
316
  WireDaemonError::PasswordHash(msg) => DaemonError::PasswordHash(msg),
@@ -1451,10 +1469,11 @@ mod tests {
1451
1469
  );
1452
1470
 
1453
1471
  let current_euid = nix::unistd::geteuid().as_raw();
1472
+ let non_root_euid = if current_euid == 0 { 1 } else { current_euid };
1454
1473
  assert_eq!(
1455
1474
  socket_mode_for_allowed_peer_euids(
1456
1475
  &singleton_allowed_set(0),
1457
- &singleton_allowed_set(current_euid)
1476
+ &singleton_allowed_set(non_root_euid)
1458
1477
  ),
1459
1478
  0o666
1460
1479
  );
package/crates/vault-transport-xpc/src/lib.rs CHANGED
@@ -22,8 +22,8 @@ use vault_daemon::{
22
22
  };
23
23
  use vault_domain::{
24
24
  AdminSession, AgentCredentials, Lease, ManualApprovalDecision, ManualApprovalRequest,
25
- NonceReleaseRequest, NonceReservation, NonceReservationRequest, PolicyAttachment, RelayConfig,
26
- SignRequest, Signature, SpendingPolicy, VaultKey,
25
+ ManualApprovalStatus, NonceReleaseRequest, NonceReservation, NonceReservationRequest,
26
+ PolicyAttachment, RelayConfig, SignRequest, Signature, SpendingPolicy, VaultKey,
27
27
  };
28
28
  use vault_policy::{PolicyError, PolicyEvaluation, PolicyExplanation};
29
29
  use vault_signer::{KeyCreateRequest, SignerError, VaultSignerBackend};
@@ -194,6 +194,10 @@ enum WireDaemonError {
194
194
  ManualApprovalRejected {
195
195
  approval_request_id: Uuid,
196
196
  },
197
+ ManualApprovalRequestNotPending {
198
+ approval_request_id: Uuid,
199
+ status: ManualApprovalStatus,
200
+ },
197
201
  Policy(PolicyError),
198
202
  Signer(SignerError),
199
203
  PasswordHash(String),
@@ -242,6 +246,13 @@ impl From<DaemonError> for WireDaemonError {
242
246
  } => Self::ManualApprovalRejected {
243
247
  approval_request_id,
244
248
  },
249
+ DaemonError::ManualApprovalRequestNotPending {
250
+ approval_request_id,
251
+ status,
252
+ } => Self::ManualApprovalRequestNotPending {
253
+ approval_request_id,
254
+ status,
255
+ },
245
256
  DaemonError::Policy(err) => Self::Policy(err),
246
257
  DaemonError::Signer(err) => Self::Signer(err),
247
258
  DaemonError::PasswordHash(msg) => Self::PasswordHash(msg),
@@ -302,6 +313,13 @@ impl WireDaemonError {
302
313
  } => DaemonError::ManualApprovalRejected {
303
314
  approval_request_id,
304
315
  },
316
+ WireDaemonError::ManualApprovalRequestNotPending {
317
+ approval_request_id,
318
+ status,
319
+ } => DaemonError::ManualApprovalRequestNotPending {
320
+ approval_request_id,
321
+ status,
322
+ },
305
323
  WireDaemonError::Policy(err) => DaemonError::Policy(err),
306
324
  WireDaemonError::Signer(err) => DaemonError::Signer(err),
307
325
  WireDaemonError::PasswordHash(msg) => DaemonError::PasswordHash(msg),