@wlfi-agent/cli 1.4.15 → 1.4.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Cargo.lock +22 -20
- package/Cargo.toml +2 -2
- package/README.md +10 -2
- package/crates/vault-cli-admin/src/main.rs +21 -2
- package/crates/vault-cli-admin/src/tui.rs +634 -129
- package/crates/vault-cli-daemon/Cargo.toml +1 -0
- package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +122 -8
- package/crates/vault-cli-daemon/src/main.rs +24 -4
- package/crates/vault-cli-daemon/src/relay_sync.rs +155 -35
- package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +23 -18
- package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +6 -0
- package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +6 -0
- package/crates/vault-daemon/src/tests.rs +2 -2
- package/crates/vault-daemon/src/tests_parts/part4.rs +110 -0
- package/crates/vault-transport-unix/src/lib.rs +22 -3
- package/crates/vault-transport-xpc/src/lib.rs +20 -2
- package/dist/cli.cjs +20842 -25552
- package/dist/cli.cjs.map +1 -1
- package/package.json +5 -3
- package/packages/cache/.turbo/turbo-build.log +53 -52
- package/packages/cache/coverage/base.css +224 -0
- package/packages/cache/coverage/block-navigation.js +87 -0
- package/packages/cache/coverage/clover.xml +585 -0
- package/packages/cache/coverage/coverage-final.json +5 -0
- package/packages/cache/coverage/favicon.png +0 -0
- package/packages/cache/coverage/index.html +161 -0
- package/packages/cache/coverage/prettify.css +1 -0
- package/packages/cache/coverage/prettify.js +2 -0
- package/packages/cache/coverage/sort-arrow-sprite.png +0 -0
- package/packages/cache/coverage/sorter.js +210 -0
- package/packages/cache/coverage/src/client/index.html +116 -0
- package/packages/cache/coverage/src/client/index.ts.html +253 -0
- package/packages/cache/coverage/src/errors/index.html +116 -0
- package/packages/cache/coverage/src/errors/index.ts.html +244 -0
- package/packages/cache/coverage/src/index.html +116 -0
- package/packages/cache/coverage/src/index.ts.html +94 -0
- package/packages/cache/coverage/src/service/index.html +116 -0
- package/packages/cache/coverage/src/service/index.ts.html +2212 -0
- package/packages/cache/dist/{chunk-ALQ6H7KG.cjs → chunk-QF4XKEIA.cjs} +189 -45
- package/packages/cache/dist/chunk-QF4XKEIA.cjs.map +1 -0
- package/packages/cache/dist/{chunk-FGJEEF5N.js → chunk-QNK6GOTI.js} +182 -38
- package/packages/cache/dist/chunk-QNK6GOTI.js.map +1 -0
- package/packages/cache/dist/index.cjs +2 -2
- package/packages/cache/dist/index.js +1 -1
- package/packages/cache/dist/service/index.cjs +2 -2
- package/packages/cache/dist/service/index.d.cts +2 -0
- package/packages/cache/dist/service/index.d.ts +2 -0
- package/packages/cache/dist/service/index.js +1 -1
- package/packages/cache/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json +1 -0
- package/packages/cache/src/service/index.test.ts +575 -0
- package/packages/cache/src/service/index.ts +234 -51
- package/packages/config/.turbo/turbo-build.log +2 -2
- package/packages/config/node_modules/.bin/tsc +2 -2
- package/packages/config/node_modules/.bin/tsserver +2 -2
- package/packages/config/node_modules/.bin/tsup +2 -2
- package/packages/config/node_modules/.bin/tsup-node +2 -2
- package/packages/rpc/.turbo/turbo-build.log +11 -11
- package/packages/rpc/node_modules/.bin/tsc +2 -2
- package/packages/rpc/node_modules/.bin/tsserver +2 -2
- package/packages/rpc/node_modules/.bin/tsup +2 -2
- package/packages/rpc/node_modules/.bin/tsup-node +2 -2
- package/packages/ui/.turbo/turbo-build.log +13 -13
- package/packages/ui/dist/components/badge.d.ts +1 -1
- package/packages/ui/dist/components/button.d.ts +1 -1
- package/scripts/install-rust-binaries.mjs +229 -58
- package/src/cli.ts +51 -39
- package/src/lib/admin-passthrough.js +1 -0
- package/src/lib/admin-reset.js +1 -0
- package/src/lib/admin-reset.ts +26 -16
- package/src/lib/admin-setup.js +1 -0
- package/src/lib/admin-setup.ts +32 -20
- package/src/lib/agent-auth-revoke.js +1 -0
- package/src/lib/agent-auth-rotate.js +1 -0
- package/src/lib/agent-auth.js +1 -0
- package/src/lib/config-mutation.js +1 -0
- package/src/lib/launchd-assets.js +1 -0
- package/src/lib/launchd-assets.ts +29 -0
- package/src/lib/local-admin-access.js +1 -0
- package/src/lib/rust.ts +1 -1
- package/src/lib/status-repair-cli.js +1 -0
- package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +0 -1
- package/packages/cache/dist/chunk-FGJEEF5N.js.map +0 -1
|
@@ -23,8 +23,8 @@ use vault_daemon::{
|
|
|
23
23
|
};
|
|
24
24
|
use vault_domain::{
|
|
25
25
|
AdminSession, AgentCredentials, Lease, ManualApprovalDecision, ManualApprovalRequest,
|
|
26
|
-
NonceReleaseRequest, NonceReservation, NonceReservationRequest,
|
|
27
|
-
SignRequest, Signature, SpendingPolicy, VaultKey,
|
|
26
|
+
ManualApprovalStatus, NonceReleaseRequest, NonceReservation, NonceReservationRequest,
|
|
27
|
+
PolicyAttachment, RelayConfig, SignRequest, Signature, SpendingPolicy, VaultKey,
|
|
28
28
|
};
|
|
29
29
|
use vault_policy::{PolicyEvaluation, PolicyExplanation};
|
|
30
30
|
use vault_signer::{KeyCreateRequest, SignerError, VaultSignerBackend};
|
|
@@ -185,6 +185,10 @@ enum WireDaemonError {
|
|
|
185
185
|
ManualApprovalRejected {
|
|
186
186
|
approval_request_id: Uuid,
|
|
187
187
|
},
|
|
188
|
+
ManualApprovalRequestNotPending {
|
|
189
|
+
approval_request_id: Uuid,
|
|
190
|
+
status: ManualApprovalStatus,
|
|
191
|
+
},
|
|
188
192
|
Policy(vault_policy::PolicyError),
|
|
189
193
|
Signer(SignerError),
|
|
190
194
|
PasswordHash(String),
|
|
@@ -233,6 +237,13 @@ impl From<DaemonError> for WireDaemonError {
|
|
|
233
237
|
} => Self::ManualApprovalRejected {
|
|
234
238
|
approval_request_id,
|
|
235
239
|
},
|
|
240
|
+
DaemonError::ManualApprovalRequestNotPending {
|
|
241
|
+
approval_request_id,
|
|
242
|
+
status,
|
|
243
|
+
} => Self::ManualApprovalRequestNotPending {
|
|
244
|
+
approval_request_id,
|
|
245
|
+
status,
|
|
246
|
+
},
|
|
236
247
|
DaemonError::Policy(err) => Self::Policy(err),
|
|
237
248
|
DaemonError::Signer(err) => Self::Signer(err),
|
|
238
249
|
DaemonError::PasswordHash(msg) => Self::PasswordHash(msg),
|
|
@@ -293,6 +304,13 @@ impl WireDaemonError {
|
|
|
293
304
|
} => DaemonError::ManualApprovalRejected {
|
|
294
305
|
approval_request_id,
|
|
295
306
|
},
|
|
307
|
+
WireDaemonError::ManualApprovalRequestNotPending {
|
|
308
|
+
approval_request_id,
|
|
309
|
+
status,
|
|
310
|
+
} => DaemonError::ManualApprovalRequestNotPending {
|
|
311
|
+
approval_request_id,
|
|
312
|
+
status,
|
|
313
|
+
},
|
|
296
314
|
WireDaemonError::Policy(err) => DaemonError::Policy(err),
|
|
297
315
|
WireDaemonError::Signer(err) => DaemonError::Signer(err),
|
|
298
316
|
WireDaemonError::PasswordHash(msg) => DaemonError::PasswordHash(msg),
|
|
@@ -1451,10 +1469,11 @@ mod tests {
|
|
|
1451
1469
|
);
|
|
1452
1470
|
|
|
1453
1471
|
let current_euid = nix::unistd::geteuid().as_raw();
|
|
1472
|
+
let non_root_euid = if current_euid == 0 { 1 } else { current_euid };
|
|
1454
1473
|
assert_eq!(
|
|
1455
1474
|
socket_mode_for_allowed_peer_euids(
|
|
1456
1475
|
&singleton_allowed_set(0),
|
|
1457
|
-
&singleton_allowed_set(
|
|
1476
|
+
&singleton_allowed_set(non_root_euid)
|
|
1458
1477
|
),
|
|
1459
1478
|
0o666
|
|
1460
1479
|
);
|
|
@@ -22,8 +22,8 @@ use vault_daemon::{
|
|
|
22
22
|
};
|
|
23
23
|
use vault_domain::{
|
|
24
24
|
AdminSession, AgentCredentials, Lease, ManualApprovalDecision, ManualApprovalRequest,
|
|
25
|
-
NonceReleaseRequest, NonceReservation, NonceReservationRequest,
|
|
26
|
-
SignRequest, Signature, SpendingPolicy, VaultKey,
|
|
25
|
+
ManualApprovalStatus, NonceReleaseRequest, NonceReservation, NonceReservationRequest,
|
|
26
|
+
PolicyAttachment, RelayConfig, SignRequest, Signature, SpendingPolicy, VaultKey,
|
|
27
27
|
};
|
|
28
28
|
use vault_policy::{PolicyError, PolicyEvaluation, PolicyExplanation};
|
|
29
29
|
use vault_signer::{KeyCreateRequest, SignerError, VaultSignerBackend};
|
|
@@ -194,6 +194,10 @@ enum WireDaemonError {
|
|
|
194
194
|
ManualApprovalRejected {
|
|
195
195
|
approval_request_id: Uuid,
|
|
196
196
|
},
|
|
197
|
+
ManualApprovalRequestNotPending {
|
|
198
|
+
approval_request_id: Uuid,
|
|
199
|
+
status: ManualApprovalStatus,
|
|
200
|
+
},
|
|
197
201
|
Policy(PolicyError),
|
|
198
202
|
Signer(SignerError),
|
|
199
203
|
PasswordHash(String),
|
|
@@ -242,6 +246,13 @@ impl From<DaemonError> for WireDaemonError {
|
|
|
242
246
|
} => Self::ManualApprovalRejected {
|
|
243
247
|
approval_request_id,
|
|
244
248
|
},
|
|
249
|
+
DaemonError::ManualApprovalRequestNotPending {
|
|
250
|
+
approval_request_id,
|
|
251
|
+
status,
|
|
252
|
+
} => Self::ManualApprovalRequestNotPending {
|
|
253
|
+
approval_request_id,
|
|
254
|
+
status,
|
|
255
|
+
},
|
|
245
256
|
DaemonError::Policy(err) => Self::Policy(err),
|
|
246
257
|
DaemonError::Signer(err) => Self::Signer(err),
|
|
247
258
|
DaemonError::PasswordHash(msg) => Self::PasswordHash(msg),
|
|
@@ -302,6 +313,13 @@ impl WireDaemonError {
|
|
|
302
313
|
} => DaemonError::ManualApprovalRejected {
|
|
303
314
|
approval_request_id,
|
|
304
315
|
},
|
|
316
|
+
WireDaemonError::ManualApprovalRequestNotPending {
|
|
317
|
+
approval_request_id,
|
|
318
|
+
status,
|
|
319
|
+
} => DaemonError::ManualApprovalRequestNotPending {
|
|
320
|
+
approval_request_id,
|
|
321
|
+
status,
|
|
322
|
+
},
|
|
305
323
|
WireDaemonError::Policy(err) => DaemonError::Policy(err),
|
|
306
324
|
WireDaemonError::Signer(err) => DaemonError::Signer(err),
|
|
307
325
|
WireDaemonError::PasswordHash(msg) => DaemonError::PasswordHash(msg),
|