npm - @wlfi-agent/cli - Versions diffs - 1.4.15 → 1.4.17 - Mend

@wlfi-agent/cli 1.4.15 → 1.4.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/Cargo.lock +22 -20
package/Cargo.toml +2 -2
package/README.md +10 -2
package/crates/vault-cli-admin/src/main.rs +21 -2
package/crates/vault-cli-admin/src/tui.rs +634 -129
package/crates/vault-cli-daemon/Cargo.toml +1 -0
package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +122 -8
package/crates/vault-cli-daemon/src/main.rs +24 -4
package/crates/vault-cli-daemon/src/relay_sync.rs +155 -35
package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +23 -18
package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +6 -0
package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +6 -0
package/crates/vault-daemon/src/tests.rs +2 -2
package/crates/vault-daemon/src/tests_parts/part4.rs +110 -0
package/crates/vault-transport-unix/src/lib.rs +22 -3
package/crates/vault-transport-xpc/src/lib.rs +20 -2
package/dist/cli.cjs +20842 -25552
package/dist/cli.cjs.map +1 -1
package/package.json +5 -3
package/packages/cache/.turbo/turbo-build.log +53 -52
package/packages/cache/coverage/base.css +224 -0
package/packages/cache/coverage/block-navigation.js +87 -0
package/packages/cache/coverage/clover.xml +585 -0
package/packages/cache/coverage/coverage-final.json +5 -0
package/packages/cache/coverage/favicon.png +0 -0
package/packages/cache/coverage/index.html +161 -0
package/packages/cache/coverage/prettify.css +1 -0
package/packages/cache/coverage/prettify.js +2 -0
package/packages/cache/coverage/sort-arrow-sprite.png +0 -0
package/packages/cache/coverage/sorter.js +210 -0
package/packages/cache/coverage/src/client/index.html +116 -0
package/packages/cache/coverage/src/client/index.ts.html +253 -0
package/packages/cache/coverage/src/errors/index.html +116 -0
package/packages/cache/coverage/src/errors/index.ts.html +244 -0
package/packages/cache/coverage/src/index.html +116 -0
package/packages/cache/coverage/src/index.ts.html +94 -0
package/packages/cache/coverage/src/service/index.html +116 -0
package/packages/cache/coverage/src/service/index.ts.html +2212 -0
package/packages/cache/dist/{chunk-ALQ6H7KG.cjs → chunk-QF4XKEIA.cjs} +189 -45
package/packages/cache/dist/chunk-QF4XKEIA.cjs.map +1 -0
package/packages/cache/dist/{chunk-FGJEEF5N.js → chunk-QNK6GOTI.js} +182 -38
package/packages/cache/dist/chunk-QNK6GOTI.js.map +1 -0
package/packages/cache/dist/index.cjs +2 -2
package/packages/cache/dist/index.js +1 -1
package/packages/cache/dist/service/index.cjs +2 -2
package/packages/cache/dist/service/index.d.cts +2 -0
package/packages/cache/dist/service/index.d.ts +2 -0
package/packages/cache/dist/service/index.js +1 -1
package/packages/cache/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json +1 -0
package/packages/cache/src/service/index.test.ts +575 -0
package/packages/cache/src/service/index.ts +234 -51
package/packages/config/.turbo/turbo-build.log +2 -2
package/packages/config/node_modules/.bin/tsc +2 -2
package/packages/config/node_modules/.bin/tsserver +2 -2
package/packages/config/node_modules/.bin/tsup +2 -2
package/packages/config/node_modules/.bin/tsup-node +2 -2
package/packages/rpc/.turbo/turbo-build.log +11 -11
package/packages/rpc/node_modules/.bin/tsc +2 -2
package/packages/rpc/node_modules/.bin/tsserver +2 -2
package/packages/rpc/node_modules/.bin/tsup +2 -2
package/packages/rpc/node_modules/.bin/tsup-node +2 -2
package/packages/ui/.turbo/turbo-build.log +13 -13
package/packages/ui/dist/components/badge.d.ts +1 -1
package/packages/ui/dist/components/button.d.ts +1 -1
package/scripts/install-rust-binaries.mjs +229 -58
package/src/cli.ts +51 -39
package/src/lib/admin-passthrough.js +1 -0
package/src/lib/admin-reset.js +1 -0
package/src/lib/admin-reset.ts +26 -16
package/src/lib/admin-setup.js +1 -0
package/src/lib/admin-setup.ts +32 -20
package/src/lib/agent-auth-revoke.js +1 -0
package/src/lib/agent-auth-rotate.js +1 -0
package/src/lib/agent-auth.js +1 -0
package/src/lib/config-mutation.js +1 -0
package/src/lib/launchd-assets.js +1 -0
package/src/lib/launchd-assets.ts +29 -0
package/src/lib/local-admin-access.js +1 -0
package/src/lib/rust.ts +1 -1
package/src/lib/status-repair-cli.js +1 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +0 -1
package/packages/cache/dist/chunk-FGJEEF5N.js.map +0 -1

package/Cargo.lock CHANGED Viewed

@@ -823,9 +823,9 @@ dependencies = [
 [[package]]
 name = "darling"
-version = "0.23.0"
+version = "0.20.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25ae13da2f202d56bd7f91c25fba009e7717a1e4a1cc98a76d844b65ae912e9d"
+checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee"
 dependencies = [
  "darling_core",
  "darling_macro",
@@ -833,10 +833,11 @@ dependencies = [
 [[package]]
 name = "darling_core"
-version = "0.23.0"
+version = "0.20.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9865a50f7c335f53564bb694ef660825eb8610e0a53d3e11bf1b0d3df31e03b0"
+checksum = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e"
 dependencies = [
+ "fnv",
  "ident_case",
  "proc-macro2",
  "quote",
@@ -846,9 +847,9 @@ dependencies = [
 [[package]]
 name = "darling_macro"
-version = "0.23.0"
+version = "0.20.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3984ec7bd6cfa798e62b4a642426a5be0e68f9401cfc2a01e3fa9ea2fcdb8d"
+checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead"
 dependencies = [
  "darling_core",
  "quote",
@@ -867,12 +868,12 @@ dependencies = [
 [[package]]
 name = "deranged"
-version = "0.5.8"
+version = "0.3.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
+checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
 dependencies = [
  "powerfmt",
- "serde_core",
+ "serde",
 ]
 [[package]]
@@ -1523,9 +1524,9 @@ dependencies = [
 [[package]]
 name = "instability"
-version = "0.3.11"
+version = "0.3.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "357b7205c6cd18dd2c86ed312d1e70add149aea98e7ef72b9fdf0270e555c11d"
+checksum = "6778b0196eefee7df739db78758e5cf9b37412268bfa5650bfeed028aed20d9c"
 dependencies = [
  "darling",
  "indoc",
@@ -1752,9 +1753,9 @@ dependencies = [
 [[package]]
 name = "num-conv"
-version = "0.2.0"
+version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 [[package]]
 name = "num-integer"
@@ -2822,30 +2823,30 @@ dependencies = [
 [[package]]
 name = "time"
-version = "0.3.47"
+version = "0.3.36"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
+checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
 dependencies = [
  "deranged",
  "itoa",
  "num-conv",
  "powerfmt",
- "serde_core",
+ "serde",
  "time-core",
  "time-macros",
 ]
 [[package]]
 name = "time-core"
-version = "0.1.8"
+version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
+checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
 [[package]]
 name = "time-macros"
-version = "0.2.27"
+version = "0.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
+checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
 dependencies = [
  "num-conv",
  "time-core",
@@ -3799,6 +3800,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "clap",
+ "core-foundation",
  "libc",
  "nix",
  "reqwest",

package/Cargo.toml CHANGED Viewed

@@ -17,7 +17,7 @@ resolver = "2"
 edition = "2021"
 license = "MIT"
 version = "0.1.0"
-authors = ["WLFI Agent SDK Team"]
+authors = ["WLFI Agentic SDK Team"]
 [workspace.dependencies]
 alloy-primitives = "0.8"
@@ -43,7 +43,7 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 sha2 = "0.10"
 thiserror = "2"
-time = { version = "0.3", features = ["macros", "serde", "formatting", "parsing"] }
+time = { version = "=0.3.36", features = ["macros", "serde", "formatting", "parsing"] }
 tokio = { version = "1", features = ["macros", "rt-multi-thread", "sync", "net", "io-util", "time", "signal"] }
 uuid = { version = "1", features = ["serde", "v4"] }
 zeroize = "1"

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
-# WLFI Agent SDK
+# WLFI Agentic SDK
-WLFI Agent SDK is a root-managed local signing daemon with policy enforcement, a single `wlfi-agent` CLI, and an optional relay + web approval flow.
+WLFI Agentic SDK is a root-managed local signing daemon with policy enforcement, a single `wlfi-agent` CLI, and an optional relay + web approval flow.
 The main user path is:
@@ -43,12 +43,20 @@ User-facing examples below avoid shell env vars on purpose. Prefer prompts, conf
 ## Install
+### Prerequisites
+- macOS
+- Rust toolchain on `PATH` (`cargo`, `rustc`) with Rust `1.87.0` or newer
+- Xcode Command Line Tools (`xcode-select --install`)
 ### Install from npm
 ```bash
 npm i -g @wlfi-agent/cli
 ```
+`npm i -g @wlfi-agent/cli` builds the local Rust runtime during `postinstall`. If the prerequisites above are already installed, this is the normal one-step install path. If `cargo` or the macOS Command Line Tools are missing, installation fails immediately and tells you how to install the missing prerequisite before retrying.
 ### Work from this repo
 ```bash

package/crates/vault-cli-admin/src/main.rs CHANGED Viewed

@@ -813,16 +813,25 @@ async fn main() -> Result<()> {
             if let Some(output) = tui::run_bootstrap_tui(
                 &shared_config.config,
                 args.print_agent_auth_token,
-                |params| {
+                |params, on_status| {
+                    let mut status_error = None;
                     tokio::task::block_in_place(|| {
                         tokio::runtime::Handle::current().block_on(execute_bootstrap(
                             daemon_api.clone(),
                             &vault_password,
                             &state_file_display,
                             params,
-                            |_| {},
+                            |message| {
+                                if status_error.is_none() {
+                                    status_error = on_status(message).err();
+                                }
+                            },
                         ))
                     })
+                    .and_then(|output| match status_error {
+                        Some(err) => Err(err),
+                        None => Ok(output),
+                    })
                 },
             )? {
                 print_status("bootstrap complete", output_format, cli.quiet);
@@ -3965,6 +3974,7 @@ mod tests {
     #[test]
     #[cfg(unix)]
     fn resolve_daemon_socket_path_rejects_non_root_owned_socket() {
+        use std::os::fd::AsRawFd;
         use std::os::unix::fs::PermissionsExt;
         use std::os::unix::net::UnixListener;
@@ -3979,6 +3989,15 @@ mod tests {
         let socket_path = root.join("daemon.sock");
         let listener = UnixListener::bind(&socket_path).expect("bind socket");
+        if unsafe { libc::geteuid() } == 0 {
+            let rc = unsafe { libc::fchown(listener.as_raw_fd(), 1, libc::gid_t::MAX) };
+            assert_eq!(
+                rc,
+                0,
+                "must set non-root owner for root-mode test: {}",
+                std::io::Error::last_os_error()
+            );
+        }
         let err = resolve_daemon_socket_path(Some(socket_path.clone())).expect_err("must reject");
         assert!(err.to_string().contains("must be owned by root"));