@wlfi-agent/cli 1.4.15 → 1.4.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Cargo.lock +1 -0
- package/Cargo.toml +1 -1
- package/README.md +10 -2
- package/crates/vault-cli-admin/src/main.rs +21 -2
- package/crates/vault-cli-admin/src/tui.rs +634 -129
- package/crates/vault-cli-daemon/Cargo.toml +1 -0
- package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +122 -8
- package/crates/vault-cli-daemon/src/main.rs +24 -4
- package/crates/vault-cli-daemon/src/relay_sync.rs +155 -35
- package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +23 -18
- package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +6 -0
- package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +6 -0
- package/crates/vault-daemon/src/tests.rs +2 -2
- package/crates/vault-daemon/src/tests_parts/part4.rs +110 -0
- package/crates/vault-transport-unix/src/lib.rs +22 -3
- package/crates/vault-transport-xpc/src/lib.rs +20 -2
- package/dist/cli.cjs +20842 -25552
- package/dist/cli.cjs.map +1 -1
- package/package.json +5 -3
- package/packages/cache/.turbo/turbo-build.log +20 -20
- package/packages/cache/coverage/base.css +224 -0
- package/packages/cache/coverage/block-navigation.js +87 -0
- package/packages/cache/coverage/clover.xml +585 -0
- package/packages/cache/coverage/coverage-final.json +5 -0
- package/packages/cache/coverage/favicon.png +0 -0
- package/packages/cache/coverage/index.html +161 -0
- package/packages/cache/coverage/prettify.css +1 -0
- package/packages/cache/coverage/prettify.js +2 -0
- package/packages/cache/coverage/sort-arrow-sprite.png +0 -0
- package/packages/cache/coverage/sorter.js +210 -0
- package/packages/cache/coverage/src/client/index.html +116 -0
- package/packages/cache/coverage/src/client/index.ts.html +253 -0
- package/packages/cache/coverage/src/errors/index.html +116 -0
- package/packages/cache/coverage/src/errors/index.ts.html +244 -0
- package/packages/cache/coverage/src/index.html +116 -0
- package/packages/cache/coverage/src/index.ts.html +94 -0
- package/packages/cache/coverage/src/service/index.html +116 -0
- package/packages/cache/coverage/src/service/index.ts.html +2212 -0
- package/packages/cache/dist/{chunk-ALQ6H7KG.cjs → chunk-QF4XKEIA.cjs} +189 -45
- package/packages/cache/dist/chunk-QF4XKEIA.cjs.map +1 -0
- package/packages/cache/dist/{chunk-FGJEEF5N.js → chunk-QNK6GOTI.js} +182 -38
- package/packages/cache/dist/chunk-QNK6GOTI.js.map +1 -0
- package/packages/cache/dist/index.cjs +2 -2
- package/packages/cache/dist/index.js +1 -1
- package/packages/cache/dist/service/index.cjs +2 -2
- package/packages/cache/dist/service/index.d.cts +2 -0
- package/packages/cache/dist/service/index.d.ts +2 -0
- package/packages/cache/dist/service/index.js +1 -1
- package/packages/cache/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json +1 -0
- package/packages/cache/src/service/index.test.ts +575 -0
- package/packages/cache/src/service/index.ts +234 -51
- package/packages/config/.turbo/turbo-build.log +17 -18
- package/packages/config/node_modules/.bin/tsc +2 -2
- package/packages/config/node_modules/.bin/tsserver +2 -2
- package/packages/config/node_modules/.bin/tsup +2 -2
- package/packages/config/node_modules/.bin/tsup-node +2 -2
- package/packages/rpc/.turbo/turbo-build.log +31 -32
- package/packages/rpc/node_modules/.bin/tsc +2 -2
- package/packages/rpc/node_modules/.bin/tsserver +2 -2
- package/packages/rpc/node_modules/.bin/tsup +2 -2
- package/packages/rpc/node_modules/.bin/tsup-node +2 -2
- package/packages/ui/.turbo/turbo-build.log +43 -44
- package/scripts/install-rust-binaries.mjs +164 -58
- package/src/cli.ts +51 -39
- package/src/lib/admin-passthrough.js +1 -0
- package/src/lib/admin-reset.js +1 -0
- package/src/lib/admin-reset.ts +26 -16
- package/src/lib/admin-setup.js +1 -0
- package/src/lib/admin-setup.ts +32 -20
- package/src/lib/agent-auth-revoke.js +1 -0
- package/src/lib/agent-auth-rotate.js +1 -0
- package/src/lib/agent-auth.js +1 -0
- package/src/lib/config-mutation.js +1 -0
- package/src/lib/launchd-assets.js +1 -0
- package/src/lib/launchd-assets.ts +29 -0
- package/src/lib/local-admin-access.js +1 -0
- package/src/lib/rust.ts +1 -1
- package/src/lib/status-repair-cli.js +1 -0
- package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +0 -1
- package/packages/cache/dist/chunk-FGJEEF5N.js.map +0 -1
package/Cargo.lock
CHANGED
package/Cargo.toml
CHANGED
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
# WLFI
|
|
1
|
+
# WLFI Agentic SDK
|
|
2
2
|
|
|
3
|
-
WLFI
|
|
3
|
+
WLFI Agentic SDK is a root-managed local signing daemon with policy enforcement, a single `wlfi-agent` CLI, and an optional relay + web approval flow.
|
|
4
4
|
|
|
5
5
|
The main user path is:
|
|
6
6
|
|
|
@@ -43,12 +43,20 @@ User-facing examples below avoid shell env vars on purpose. Prefer prompts, conf
|
|
|
43
43
|
|
|
44
44
|
## Install
|
|
45
45
|
|
|
46
|
+
### Prerequisites
|
|
47
|
+
|
|
48
|
+
- macOS
|
|
49
|
+
- Rust toolchain on `PATH` (`cargo`, `rustc`)
|
|
50
|
+
- Xcode Command Line Tools (`xcode-select --install`)
|
|
51
|
+
|
|
46
52
|
### Install from npm
|
|
47
53
|
|
|
48
54
|
```bash
|
|
49
55
|
npm i -g @wlfi-agent/cli
|
|
50
56
|
```
|
|
51
57
|
|
|
58
|
+
`npm i -g @wlfi-agent/cli` builds the local Rust runtime during `postinstall`. If the prerequisites above are already installed, this is the normal one-step install path. If `cargo` or the macOS Command Line Tools are missing, installation fails immediately and tells you how to install the missing prerequisite before retrying.
|
|
59
|
+
|
|
52
60
|
### Work from this repo
|
|
53
61
|
|
|
54
62
|
```bash
|
|
@@ -813,16 +813,25 @@ async fn main() -> Result<()> {
|
|
|
813
813
|
if let Some(output) = tui::run_bootstrap_tui(
|
|
814
814
|
&shared_config.config,
|
|
815
815
|
args.print_agent_auth_token,
|
|
816
|
-
|params| {
|
|
816
|
+
|params, on_status| {
|
|
817
|
+
let mut status_error = None;
|
|
817
818
|
tokio::task::block_in_place(|| {
|
|
818
819
|
tokio::runtime::Handle::current().block_on(execute_bootstrap(
|
|
819
820
|
daemon_api.clone(),
|
|
820
821
|
&vault_password,
|
|
821
822
|
&state_file_display,
|
|
822
823
|
params,
|
|
823
|
-
|
|
|
824
|
+
|message| {
|
|
825
|
+
if status_error.is_none() {
|
|
826
|
+
status_error = on_status(message).err();
|
|
827
|
+
}
|
|
828
|
+
},
|
|
824
829
|
))
|
|
825
830
|
})
|
|
831
|
+
.and_then(|output| match status_error {
|
|
832
|
+
Some(err) => Err(err),
|
|
833
|
+
None => Ok(output),
|
|
834
|
+
})
|
|
826
835
|
},
|
|
827
836
|
)? {
|
|
828
837
|
print_status("bootstrap complete", output_format, cli.quiet);
|
|
@@ -3965,6 +3974,7 @@ mod tests {
|
|
|
3965
3974
|
#[test]
|
|
3966
3975
|
#[cfg(unix)]
|
|
3967
3976
|
fn resolve_daemon_socket_path_rejects_non_root_owned_socket() {
|
|
3977
|
+
use std::os::fd::AsRawFd;
|
|
3968
3978
|
use std::os::unix::fs::PermissionsExt;
|
|
3969
3979
|
use std::os::unix::net::UnixListener;
|
|
3970
3980
|
|
|
@@ -3979,6 +3989,15 @@ mod tests {
|
|
|
3979
3989
|
|
|
3980
3990
|
let socket_path = root.join("daemon.sock");
|
|
3981
3991
|
let listener = UnixListener::bind(&socket_path).expect("bind socket");
|
|
3992
|
+
if unsafe { libc::geteuid() } == 0 {
|
|
3993
|
+
let rc = unsafe { libc::fchown(listener.as_raw_fd(), 1, libc::gid_t::MAX) };
|
|
3994
|
+
assert_eq!(
|
|
3995
|
+
rc,
|
|
3996
|
+
0,
|
|
3997
|
+
"must set non-root owner for root-mode test: {}",
|
|
3998
|
+
std::io::Error::last_os_error()
|
|
3999
|
+
);
|
|
4000
|
+
}
|
|
3982
4001
|
|
|
3983
4002
|
let err = resolve_daemon_socket_path(Some(socket_path.clone())).expect_err("must reject");
|
|
3984
4003
|
assert!(err.to_string().contains("must be owned by root"));
|