buildwithnexus 0.10.6 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -5,8 +5,8 @@
5
5
 
6
6
  A hilariously fast, **agentic AI CLI harness** — written in Rust. Remote models
7
7
  via API key, or local models on your machine. It plans, edits files, and runs
8
- commands, asking before each change. One static binary, four dependencies, no
9
- runtime to babysit.
8
+ commands, asking before each change. One static binary, five direct
9
+ dependencies, no runtime to babysit.
10
10
 
11
11
  ```bash
12
12
  npm install -g buildwithnexus
@@ -128,8 +128,9 @@ also carry build-provenance attestations (`gh attestation verify`).
128
128
 
129
129
  - Default permission is **ask** — every file write, edit, and command is
130
130
  confirmed. `auto` ("yolo") and `readonly` are opt-in.
131
- - File tools are confined to the working directory; reads outside it, and of
132
- sensitive paths (the key store, `~/.ssh`, `.env`, `*.pem`), require
131
+ - Mutating file tools (write/edit/patch) are confined to the working directory
132
+ writes outside it require explicit confirmation. Reads are unconfined, but
133
+ sensitive paths (the key store, `~/.ssh`, `.env`, `*.pem`) require
133
134
  confirmation even in `auto`. Catastrophic commands (`rm -rf /`, `mkfs`, …) too.
134
135
  - API keys are never sent to a non-HTTPS endpoint, and key-like tokens are
135
136
  redacted from surfaced errors.
package/SECURITY.md CHANGED
@@ -7,8 +7,8 @@ released minor line receives security fixes.
7
7
 
8
8
  | Version | Supported |
9
9
  |------------|--------------------|
10
- | 0.8.x | :white_check_mark: |
11
- | < 0.8 | :x: |
10
+ | 0.10.x | :white_check_mark: |
11
+ | < 0.10 | :x: |
12
12
 
13
13
  ## Reporting a Vulnerability
14
14
 
@@ -28,11 +28,10 @@ will credit reporters in the advisory unless they ask to remain anonymous.
28
28
 
29
29
  In scope:
30
30
 
31
- - The `buildwithnexus` npm package (CLI, bundled NEXUS source tarball,
32
- installer scripts).
33
- - The publish pipeline in `.github/workflows/publish.yml`.
34
- - The bundled NEXUS Python source (`dist/nexus-release.tar.gz`).
35
- - Any release artifacts attached to GitHub Releases (SBOM, checksums).
31
+ - The `buildwithnexus` npm package: the Node wrapper (`bin/`, `scripts/`) and
32
+ the Rust harness source (`harness/`) it builds or downloads.
33
+ - The CI, release, and publish pipelines in `.github/workflows/`.
34
+ - The prebuilt binaries and checksums attached to GitHub Releases.
36
35
 
37
36
  Out of scope:
38
37
 
@@ -44,42 +43,55 @@ Out of scope:
44
43
 
45
44
  ## Verifying a Release
46
45
 
47
- Every release on npm from `v0.9.0` onward ships with **npm provenance** — a
48
- SLSA-Build-L3-style attestation cryptographically tying the tarball back to the
49
- specific GitHub Actions workflow run that built it.
50
-
51
- To verify:
46
+ Every release on npm from `v0.9.0` onward ships with **npm provenance** — an
47
+ attestation cryptographically tying the tarball back to the specific GitHub
48
+ Actions workflow run that built it:
52
49
 
53
50
  ```sh
54
51
  npm view buildwithnexus@<version> --json | jq .dist.attestations
55
52
  ```
56
53
 
57
- Or interactively in the terminal:
54
+ Each per-platform binary on a GitHub Release carries a `.sha256` checksum file
55
+ and a build-provenance attestation:
58
56
 
59
57
  ```sh
60
- npx -y npm-audit-resolver buildwithnexus
58
+ gh attestation verify buildwithnexus-<target> --repo Garretts-Apps/buildwithnexus
61
59
  ```
62
60
 
63
- The publish workflow also attaches a CycloneDX SBOM (`sbom.cdx.json`) and a
64
- `SHA256SUMS.txt` to each GitHub Release. You can reproduce the tarball locally
65
- by checking out the corresponding tag and running:
61
+ You can also skip the prebuilt binaries entirely and build from the tagged
62
+ source:
66
63
 
67
64
  ```sh
68
65
  git clone --branch v<version> https://github.com/Garretts-Apps/buildwithnexus
69
- cd buildwithnexus
70
- NEXUS_SRC=/path/to/nexus npm run build && npm run bundle
71
- sha256sum dist/nexus-release.tar.gz
66
+ cd buildwithnexus/harness
67
+ cargo build --release --locked
72
68
  ```
73
69
 
70
+ ## How `npm install` Behaves
71
+
72
+ The npm package is a thin wrapper with **zero runtime npm dependencies**. It
73
+ declares one lifecycle script, `postinstall`, which:
74
+
75
+ 1. Downloads the prebuilt binary for your platform from the matching GitHub
76
+ Release over HTTPS.
77
+ 2. **Verifies its SHA-256** against the checksum published with the release
78
+ before marking it executable.
79
+ 3. Falls back to a local `cargo build` from the bundled Rust sources if no
80
+ binary matches your platform (or the download fails verification).
81
+
82
+ It executes nothing else and installs no transitive npm packages.
83
+
74
84
  ## Hardening Inside the Package
75
85
 
76
- - `prepublishOnly` refuses to publish unless `NEXUS_SRC` is explicitly set to a
77
- valid nexus checkout. No silent fall-through to a stale `/tmp/` copy.
78
- - `postinstall` was removed. `npm install buildwithnexus` no longer executes
79
- any project-defined lifecycle script on the user's machine.
80
- - All GitHub Actions in our workflows are pinned to specific minor versions
81
- (Dependabot proposes SHA-pinned bumps weekly).
82
- - The publish workflow runs with the minimum permissions required, plus
83
- `id-token: write` only for OIDC provenance signing.
84
- - `npm ci --ignore-scripts` is used in CI to neutralise transitive postinstall
85
- scripts during builds and audits.
86
+ - Publishing uses npm's **OIDC Trusted Publisher** flow no long-lived npm
87
+ token exists to steal; `id-token: write` is granted only to the publish job.
88
+ - npm publish is **gated on the release workflow succeeding**, so a package
89
+ version can never point at binaries that don't exist.
90
+ - All GitHub Actions in our workflows are version-pinned (Dependabot proposes
91
+ bumps weekly).
92
+ - Workflows run with least-privilege permissions (`permissions: {}` at the
93
+ workflow level, escalated per job only where needed).
94
+ - Inside the harness itself: mutating file tools are gated by the permission
95
+ model, sensitive paths and catastrophic commands require confirmation even in
96
+ `auto`, API keys are refused over non-HTTPS endpoints, and key-like tokens are
97
+ redacted from surfaced errors.
@@ -49,7 +49,7 @@ checksum = "b4388bee8683e3d04af747c73422af53102d2bd24d9eadb6cbc100baef4b43f8"
49
49
 
50
50
  [[package]]
51
51
  name = "buildwithnexus"
52
- version = "0.10.6"
52
+ version = "0.11.0"
53
53
  dependencies = [
54
54
  "criterion",
55
55
  "crossterm",
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "buildwithnexus"
3
- version = "0.10.6"
3
+ version = "0.11.0"
4
4
  edition = "2021"
5
5
  description = "A hilariously fast agentic AI CLI harness — remote or local models, full TUI with modes, memory, skills, hooks, and image input"
6
6
  license = "MIT"