@wrongstack/core 0.7.4 → 0.7.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-subagent-runner-BOBYkW_r.d.ts +174 -0
- package/dist/coordination/index.d.ts +5 -4
- package/dist/defaults/index.d.ts +8 -7
- package/dist/defaults/index.js +324 -38
- package/dist/defaults/index.js.map +1 -1
- package/dist/execution/index.d.ts +4 -3
- package/dist/execution/index.js +11 -9
- package/dist/execution/index.js.map +1 -1
- package/dist/{goal-store-HHgaq5ue.d.ts → goal-store-C7jcumEh.d.ts} +2 -1
- package/dist/index.d.ts +8 -7
- package/dist/index.js +344 -53
- package/dist/index.js.map +1 -1
- package/dist/{multi-agent-coordinator-D8PLzfz6.d.ts → multi-agent-coordinator-3Ypfg-hr.d.ts} +2 -173
- package/dist/{null-fleet-bus-Bkk3gafb.d.ts → null-fleet-bus-JdTSYJv9.d.ts} +2 -1
- package/dist/permission-policy-D5Gj1o2K.d.ts +111 -0
- package/dist/{plan-templates-DWbEIJvV.d.ts → plan-templates-C-IOLJ8Q.d.ts} +1 -1
- package/dist/sdd/index.d.ts +173 -2
- package/dist/sdd/index.js +3619 -1
- package/dist/sdd/index.js.map +1 -1
- package/dist/security/index.d.ts +6 -109
- package/dist/security/index.js +35 -11
- package/dist/security/index.js.map +1 -1
- package/dist/storage/index.d.ts +3 -3
- package/dist/storage/index.js +5 -4
- package/dist/storage/index.js.map +1 -1
- package/dist/types/index.js +25 -10
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.js +6 -1
- package/dist/utils/index.js.map +1 -1
- package/dist/{wstack-paths-BGu2INTm.d.ts → wstack-paths-gCrJ631C.d.ts} +10 -0
- package/package.json +1 -1
package/dist/types/index.js
CHANGED
|
@@ -424,7 +424,9 @@ var DefaultSecretVault = class {
|
|
|
424
424
|
try {
|
|
425
425
|
const buf = fs2.readFileSync(this.keyFile);
|
|
426
426
|
if (buf.length !== KEY_BYTES) {
|
|
427
|
-
throw new Error(
|
|
427
|
+
throw new Error(
|
|
428
|
+
`SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`
|
|
429
|
+
);
|
|
428
430
|
}
|
|
429
431
|
this.key = buf;
|
|
430
432
|
return this.key;
|
|
@@ -439,7 +441,9 @@ var DefaultSecretVault = class {
|
|
|
439
441
|
if (err.code !== "EEXIST") throw err;
|
|
440
442
|
const buf = fs2.readFileSync(this.keyFile);
|
|
441
443
|
if (buf.length !== KEY_BYTES) {
|
|
442
|
-
throw new Error(
|
|
444
|
+
throw new Error(
|
|
445
|
+
`SecretVault: key file ${this.keyFile} is ${buf.length} bytes (expected ${KEY_BYTES}). Remove it manually to generate a new key.`
|
|
446
|
+
);
|
|
443
447
|
}
|
|
444
448
|
this.key = buf;
|
|
445
449
|
return this.key;
|
|
@@ -500,10 +504,7 @@ async function rewriteConfigEncrypted(configPath, vault, patch) {
|
|
|
500
504
|
const encrypted = encryptConfigSecrets(merged, vault);
|
|
501
505
|
await fs.mkdir(path4.dirname(configPath), { recursive: true });
|
|
502
506
|
await atomicWrite(configPath, JSON.stringify(encrypted, null, 2), { mode: 384 });
|
|
503
|
-
|
|
504
|
-
await fs.chmod(configPath, 384);
|
|
505
|
-
} catch {
|
|
506
|
-
}
|
|
507
|
+
await restrictFilePermissions(configPath);
|
|
507
508
|
}
|
|
508
509
|
async function migratePlaintextSecrets(configPath, vault) {
|
|
509
510
|
let raw;
|
|
@@ -522,12 +523,26 @@ async function migratePlaintextSecrets(configPath, vault) {
|
|
|
522
523
|
const migrated = walkCount(parsed, vault, counter);
|
|
523
524
|
if (counter.n === 0) return { migrated: 0, file: configPath };
|
|
524
525
|
await atomicWrite(configPath, JSON.stringify(migrated, null, 2), { mode: 384 });
|
|
525
|
-
|
|
526
|
-
await fs.chmod(configPath, 384);
|
|
527
|
-
} catch {
|
|
528
|
-
}
|
|
526
|
+
await restrictFilePermissions(configPath);
|
|
529
527
|
return { migrated: counter.n, file: configPath };
|
|
530
528
|
}
|
|
529
|
+
async function restrictFilePermissions(filePath) {
|
|
530
|
+
if (process.platform === "win32") {
|
|
531
|
+
try {
|
|
532
|
+
const { execFile } = await import('child_process');
|
|
533
|
+
const { promisify } = await import('util');
|
|
534
|
+
const execFileAsync = promisify(execFile);
|
|
535
|
+
await execFileAsync("icacls", [filePath, "/inheritance:r", "/grant:r", `${process.env.USERNAME}:(F)`]);
|
|
536
|
+
} catch {
|
|
537
|
+
console.warn(`[secret-vault] Could not restrict permissions on ${filePath} \u2014 config file may be readable by other users on this system.`);
|
|
538
|
+
}
|
|
539
|
+
} else {
|
|
540
|
+
try {
|
|
541
|
+
await fs.chmod(filePath, 384);
|
|
542
|
+
} catch {
|
|
543
|
+
}
|
|
544
|
+
}
|
|
545
|
+
}
|
|
531
546
|
function walkCount(node, vault, counter) {
|
|
532
547
|
if (node === null || node === void 0) return node;
|
|
533
548
|
if (typeof node !== "object") return node;
|