npm - commandmate - Versions diffs - 0.1.11 → 0.2.0 - Mend

commandmate 0.1.11 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

package/dist/cli/commands/init.js CHANGED Viewed

@@ -15,6 +15,7 @@ const preflight_1 = require("../utils/preflight");
 const env_setup_1 = require("../utils/env-setup");
 const prompt_1 = require("../utils/prompt");
 const security_logger_1 = require("../utils/security-logger");
+const security_messages_1 = require("../config/security-messages");
 const logger = new logger_1.CLILogger();
 /**
  * Create default configuration (non-interactive mode)
@@ -66,15 +67,12 @@ async function promptForConfig() {
         default: false,
     });
     let bind = env_setup_1.ENV_DEFAULTS.CM_BIND;
-    let authToken;
     if (enableExternal) {
         bind = '0.0.0.0';
-        const envSetup = new env_setup_1.EnvSetup();
-        authToken = envSetup.generateAuthToken();
         logger.blank();
         logger.success('External access enabled');
         logger.info(`  Bind address: 0.0.0.0`);
-        logger.info(`  Auth token generated: ${authToken.substring(0, 8)}...`);
+        console.log(security_messages_1.REVERSE_PROXY_WARNING);
     }
     // CM_DB_PATH - Issue #135: Use getDefaultDbPath() for absolute path
     const defaultDbPath = (0, env_setup_1.getDefaultDbPath)();
@@ -86,7 +84,6 @@ async function promptForConfig() {
         CM_ROOT_DIR: rootDir,
         CM_PORT: port,
         CM_BIND: bind,
-        CM_AUTH_TOKEN: authToken,
         CM_DB_PATH: dbPath,
         CM_LOG_LEVEL: env_setup_1.ENV_DEFAULTS.CM_LOG_LEVEL,
         CM_LOG_FORMAT: env_setup_1.ENV_DEFAULTS.CM_LOG_FORMAT,
@@ -105,18 +102,10 @@ function displayConfigSummary(config, envPath) {
     logger.info(`  CM_ROOT_DIR:  ${config.CM_ROOT_DIR}`);
     logger.info(`  CM_PORT:      ${config.CM_PORT}`);
     logger.info(`  CM_BIND:      ${config.CM_BIND}`);
-    if (config.CM_AUTH_TOKEN) {
-        logger.info(`  CM_AUTH_TOKEN: ${config.CM_AUTH_TOKEN.substring(0, 8)}... (generated)`);
-    }
     logger.info(`  CM_DB_PATH:   ${config.CM_DB_PATH}`);
     logger.blank();
     logger.info(`  Config file:  ${envPath}`);
     logger.blank();
-    if (config.CM_AUTH_TOKEN) {
-        logger.warn('IMPORTANT: Save your auth token securely!');
-        logger.info(`  Token: ${config.CM_AUTH_TOKEN}`);
-        logger.blank();
-    }
 }
 /**
  * Execute init command

package/dist/cli/commands/start.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"start.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/start.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EAAE,YAAY,EAA6B,MAAM,UAAU,CAAC;~~AAYnE~~;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,~~CAoMvE~~"}
1	+ {"version":3,"file":"start.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/start.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EAAE,YAAY,EAA6B,MAAM,UAAU,CAAC;AAanE;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA8LvE"}

package/dist/cli/commands/start.js CHANGED Viewed

@@ -17,6 +17,7 @@ const daemon_1 = require("../utils/daemon");
 const security_logger_1 = require("../utils/security-logger");
 const paths_1 = require("../utils/paths");
 const env_setup_1 = require("../utils/env-setup");
+const security_messages_1 = require("../config/security-messages");
 const input_validators_1 = require("../utils/input-validators");
 const port_allocator_1 = require("../utils/port-allocator");
 const resource_resolvers_1 = require("../utils/resource-resolvers");
@@ -139,15 +140,10 @@ async function startCommand(options) {
         if (dbPath) {
             env.CM_DB_PATH = dbPath;
         }
-        // Issue #125: Security warnings for external access
+        // Issue #179: Security warning for external access - recommend reverse proxy
         const bindAddress = env.CM_BIND || '127.0.0.1';
-        const authToken = env.CM_AUTH_TOKEN;
         if (bindAddress === '0.0.0.0') {
-            logger.warn('WARNING: Server is accessible from external networks (CM_BIND=0.0.0.0)');
-            if (!authToken) {
-                logger.warn('SECURITY WARNING: No authentication token configured. External access is not recommended without CM_AUTH_TOKEN.');
-                logger.info('Run "commandmate init" to configure a secure authentication token.');
-            }
+            console.log(security_messages_1.REVERSE_PROXY_WARNING);
         }
         // Use package installation directory, not current working directory
         const packageRoot = (0, paths_1.getPackageRoot)();

package/dist/cli/config/security-messages.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Security Messages
+ * Issue #179: Reverse proxy authentication recommendation
+ * Shared warning constants for CLI commands (DRY principle)
+ */
+/**
+ * Warning message displayed when CM_BIND=0.0.0.0
+ * Used by: init.ts, start.ts, daemon.ts
+ */
+export declare const REVERSE_PROXY_WARNING = "\n\u001B[1m\u001B[31mWARNING: Server is exposed to external networks without authentication\u001B[0m\n\nExposing the server without reverse proxy authentication\nis a serious security risk.\n\n\u001B[1mRisks:\u001B[0m\n  File read/write/delete and command execution\n  become accessible to third parties.\n\n\u001B[1mRecommended authentication methods:\u001B[0m\n  - Nginx + Basic Auth\n  - Cloudflare Access\n  - Tailscale\n\nDetails: https://github.com/Kewton/CommandMate/blob/main/docs/security-guide.md\n";
+//# sourceMappingURL=security-messages.d.ts.map

package/dist/cli/config/security-messages.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"security-messages.d.ts","sourceRoot":"","sources":["../../../src/cli/config/security-messages.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,eAAO,MAAM,qBAAqB,igBAgBjC,CAAC"}

package/dist/cli/config/security-messages.js ADDED Viewed

@@ -0,0 +1,29 @@
+"use strict";
+/**
+ * Security Messages
+ * Issue #179: Reverse proxy authentication recommendation
+ * Shared warning constants for CLI commands (DRY principle)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REVERSE_PROXY_WARNING = void 0;
+/**
+ * Warning message displayed when CM_BIND=0.0.0.0
+ * Used by: init.ts, start.ts, daemon.ts
+ */
+exports.REVERSE_PROXY_WARNING = `
+\x1b[1m\x1b[31mWARNING: Server is exposed to external networks without authentication\x1b[0m
+Exposing the server without reverse proxy authentication
+is a serious security risk.
+\x1b[1mRisks:\x1b[0m
+  File read/write/delete and command execution
+  become accessible to third parties.
+\x1b[1mRecommended authentication methods:\x1b[0m
+  - Nginx + Basic Auth
+  - Cloudflare Access
+  - Tailscale
+Details: https://github.com/Kewton/CommandMate/blob/main/docs/security-guide.md
+`;

package/dist/cli/types/index.d.ts CHANGED Viewed

@@ -120,7 +120,6 @@ export interface EnvConfig {
     CM_ROOT_DIR: string;
     CM_PORT: number;
     CM_BIND: string;
-    CM_AUTH_TOKEN?: string;
     CM_DB_PATH: string;
     CM_LOG_LEVEL: string;
     CM_LOG_FORMAT: string;

package/dist/cli/types/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cli/types/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;GAGG;AACH,oBAAY,QAAQ;IAClB,OAAO,IAAI;IACX,gBAAgB,IAAI;IACpB,YAAY,IAAI;IAChB,YAAY,IAAI;IAChB,WAAW,IAAI;IACf,gBAAgB,KAAK;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uCAAuC;IACvC,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,wBAAwB;IACxB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,2BAA2B;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,mBAAmB;IACnB,MAAM,EAAE,IAAI,GAAG,SAAS,GAAG,kBAAkB,CAAC;IAC9C,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,OAAO,EAAE,gBAAgB,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,~~aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,~~UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,oCAAoC;IACpC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;CAC7C;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,gEAAgE;IAChE,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAKtD"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cli/types/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;GAGG;AACH,oBAAY,QAAQ;IAClB,OAAO,IAAI;IACX,gBAAgB,IAAI;IACpB,YAAY,IAAI;IAChB,YAAY,IAAI;IAChB,WAAW,IAAI;IACf,gBAAgB,KAAK;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uCAAuC;IACvC,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,wBAAwB;IACxB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,2BAA2B;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,mBAAmB;IACnB,MAAM,EAAE,IAAI,GAAG,SAAS,GAAG,kBAAkB,CAAC;IAC9C,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,OAAO,EAAE,gBAAgB,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,oCAAoC;IACpC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;CAC7C;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,gEAAgE;IAChE,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAKtD"}

package/dist/cli/utils/daemon.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/daemon.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;~~AAMtD~~;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,MAAM,CAAY;gBAEd,WAAW,EAAE,MAAM;IAK/B;;;;;OAKG;IACG,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;~~IAmFnD~~;;;;OAIG;IACG,IAAI,CAAC,KAAK,GAAE,OAAe,GAAG,OAAO,CAAC,OAAO,CAAC;IA8BpD;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IA6B/C;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAInC;;OAEG;YACW,WAAW;CAiB1B"}
1	+ {"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/daemon.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAOtD;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,MAAM,CAAY;gBAEd,WAAW,EAAE,MAAM;IAK/B;;;;;OAKG;IACG,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;IA6EnD;;;;OAIG;IACG,IAAI,CAAC,KAAK,GAAE,OAAe,GAAG,OAAO,CAAC,OAAO,CAAC;IA8BpD;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IA6B/C;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAInC;;OAEG;YACW,WAAW;CAiB1B"}

package/dist/cli/utils/daemon.js CHANGED Viewed

@@ -12,6 +12,7 @@ const dotenv_1 = require("dotenv");
 const pid_manager_1 = require("./pid-manager");
 const paths_1 = require("./paths");
 const env_setup_1 = require("./env-setup");
+const security_messages_1 = require("../config/security-messages");
 const logger_1 = require("./logger");
 /**
  * Daemon manager for background server process
@@ -60,16 +61,11 @@ class DaemonManager {
         if (options.dbPath) {
             env.CM_DB_PATH = options.dbPath;
         }
-        // Issue #125: Security warnings for external access (Stage 4 review: MF-2)
+        // Issue #179: Security warning for external access - recommend reverse proxy
         const bindAddress = env.CM_BIND || '127.0.0.1';
-        const authToken = env.CM_AUTH_TOKEN;
         const port = env.CM_PORT || '3000';
         if (bindAddress === '0.0.0.0') {
-            this.logger.warn('WARNING: Server is accessible from external networks (CM_BIND=0.0.0.0)');
-            if (!authToken) {
-                this.logger.warn('SECURITY WARNING: No authentication token configured. External access is not recommended without CM_AUTH_TOKEN.');
-                this.logger.info('Run "commandmate init" to configure a secure authentication token.');
-            }
+            console.log(security_messages_1.REVERSE_PROXY_WARNING);
         }
         // Log startup with accurate settings (Stage 4 review: MF-2)
         this.logger.info(`Starting server at http://${bindAddress}:${port}`);

package/dist/cli/utils/env-setup.d.ts CHANGED Viewed

@@ -105,10 +105,6 @@ export declare class EnvSetup {
      * Backup existing .env file
      */
     backupExisting(): Promise<string | null>;
-    /**
-     * Generate secure authentication token
-     */
-    generateAuthToken(): string;
     /**
      * Validate configuration
      */

package/dist/cli/utils/env-setup.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"env-setup.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/env-setup.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;~~AAaH~~,OAAO,EACL,SAAS,EACT,eAAe,EACf,gBAAgB,EACjB,MAAM,UAAU,CAAC;AASlB,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAElE;;;;;;GAMG;AACH,eAAO,MAAM,YAAY;;;;;CAMf,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAA2B,CAAC;AAEzD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAOzC;AAED;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAwBnD;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CASpF;AAKD;;;;;GAKG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAGnC;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAYvD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAGnD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAGlD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMlD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAUpD;AAED;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,OAAO,CAAS;gBAEZ,OAAO,CAAC,EAAE,MAAM;IAI5B;;;OAGG;IACG,aAAa,CACjB,MAAM,EAAE,SAAS,EACjB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;~~IAiChB~~;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAY9C;;OAEG;IACH,~~iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACH,~~cAAc,CAAC,MAAM,EAAE,SAAS,GAAG,gBAAgB;~~CAoCpD~~"}
1	+ {"version":3,"file":"env-setup.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/env-setup.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,OAAO,EACL,SAAS,EACT,eAAe,EACf,gBAAgB,EACjB,MAAM,UAAU,CAAC;AASlB,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAElE;;;;;;GAMG;AACH,eAAO,MAAM,YAAY;;;;;CAMf,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAA2B,CAAC;AAEzD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAOzC;AAED;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAwBnD;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CASpF;AAKD;;;;;GAKG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAGnC;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAYvD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAGnD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAGlD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMlD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAUpD;AAED;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,OAAO,CAAS;gBAEZ,OAAO,CAAC,EAAE,MAAM;IAI5B;;;OAGG;IACG,aAAa,CACjB,MAAM,EAAE,SAAS,EACjB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;IA6BhB;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAY9C;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,SAAS,GAAG,gBAAgB;CA+BpD"}

package/dist/cli/utils/env-setup.js CHANGED Viewed

@@ -18,7 +18,6 @@ exports.validatePort = validatePort;
 exports.escapeEnvValue = escapeEnvValue;
 const fs_1 = require("fs");
 const path_1 = require("path");
-const crypto_1 = require("crypto");
 const os_1 = require("os");
 // Issue #136: Import from install-context.ts to avoid circular imports
 // Re-export for backward compatibility
@@ -210,9 +209,6 @@ class EnvSetup {
             `CM_LOG_LEVEL=${config.CM_LOG_LEVEL}`,
             `CM_LOG_FORMAT=${config.CM_LOG_FORMAT}`,
         ];
-        if (config.CM_AUTH_TOKEN) {
-            lines.push(`CM_AUTH_TOKEN=${config.CM_AUTH_TOKEN}`);
-        }
         lines.push('');
         const content = lines.join('\n');
         // Write with secure permissions
@@ -232,12 +228,6 @@ class EnvSetup {
         (0, fs_1.copyFileSync)(this.envPath, backupPath);
         return backupPath;
     }
-    /**
-     * Generate secure authentication token
-     */
-    generateAuthToken() {
-        return (0, crypto_1.randomBytes)(32).toString('hex');
-    }
     /**
      * Validate configuration
      */
@@ -252,10 +242,6 @@ class EnvSetup {
         if (!validBinds.includes(config.CM_BIND)) {
             errors.push(`Invalid bind address: must be one of ${validBinds.join(', ')}`);
         }
-        // Require auth token for external access
-        if (config.CM_BIND === '0.0.0.0' && !config.CM_AUTH_TOKEN) {
-            errors.push('auth token is required when binding to 0.0.0.0');
-        }
         // Validate log level
         const validLogLevels = ['debug', 'info', 'warn', 'error'];
         if (!validLogLevels.includes(config.CM_LOG_LEVEL)) {

package/dist/cli/utils/security-logger.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"security-logger.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/security-logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAC1C,yBAAyB;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAaD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAU3D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,~~CAc~~/E"}
1	+ {"version":3,"file":"security-logger.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/security-logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAC1C,yBAAyB;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAaD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAU3D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAY/E"}

package/dist/cli/utils/security-logger.js CHANGED Viewed

@@ -43,9 +43,8 @@ function maskSensitiveData(input) {
     if (!input) {
         return input;
     }
-    // Mask CM_AUTH_TOKEN values
-    let result = input.replace(/CM_AUTH_TOKEN=\S+/g, 'CM_AUTH_TOKEN=***masked***');
     // Mask any token-like strings (12+ hex/alphanumeric characters after "token:")
+    let result = input;
     result = result.replace(/(?:token|Token)[:\s]+([a-zA-Z0-9]{12,})/gi, (_match, token) => {
         return _match.replace(token, '***');
     });

package/dist/server/src/lib/auto-yes-manager.js CHANGED Viewed

@@ -43,13 +43,12 @@ exports.MAX_CONCURRENT_POLLERS = 50;
 const AUTO_YES_TIMEOUT_MS = 3600000;
 /** Worktree ID validation pattern (security: prevent command injection) */
 const WORKTREE_ID_PATTERN = /^[a-zA-Z0-9_-]+$/;
-// =============================================================================
-// In-memory State
-// =============================================================================
-/** In-memory storage for auto-yes states */
-const autoYesStates = new Map();
-/** In-memory storage for poller states (Issue #138) */
-const autoYesPollerStates = new Map();
+/** In-memory storage for auto-yes states (globalThis for hot reload persistence) */
+const autoYesStates = globalThis.__autoYesStates ??
+    (globalThis.__autoYesStates = new Map());
+/** In-memory storage for poller states (globalThis for hot reload persistence) */
+const autoYesPollerStates = globalThis.__autoYesPollerStates ??
+    (globalThis.__autoYesPollerStates = new Map());
 // =============================================================================
 // Utility Functions
 // =============================================================================
@@ -206,22 +205,30 @@ async function pollAutoYes(worktreeId, cliToolId) {
     try {
         // 1. Capture tmux output
         const output = await (0, cli_session_1.captureSessionOutput)(worktreeId, cliToolId, 5000);
-        // 2. Strip ANSI codes and detect prompt
+        // 2. Strip ANSI codes
         const cleanOutput = (0, cli_patterns_1.stripAnsi)(output);
+        // 2.5. Skip prompt detection during thinking state (Issue #161, Layer 1)
+        // This prevents false positive detection of numbered lists in CLI output
+        // while Claude is actively processing (thinking/planning).
+        if ((0, cli_patterns_1.detectThinking)(cliToolId, cleanOutput)) {
+            scheduleNextPoll(worktreeId, cliToolId);
+            return;
+        }
+        // 3. Detect prompt
         const promptDetection = (0, prompt_detector_1.detectPrompt)(cleanOutput);
         if (!promptDetection.isPrompt || !promptDetection.promptData) {
             // No prompt detected, schedule next poll
             scheduleNextPoll(worktreeId, cliToolId);
             return;
         }
-        // 3. Resolve auto answer
+        // 4. Resolve auto answer
         const answer = (0, auto_yes_resolver_1.resolveAutoAnswer)(promptDetection.promptData);
         if (answer === null) {
             // Cannot auto-answer this prompt
             scheduleNextPoll(worktreeId, cliToolId);
             return;
         }
-        // 4. Send answer to tmux
+        // 5. Send answer to tmux
         const manager = manager_1.CLIToolManager.getInstance();
         const cliTool = manager.getTool(cliToolId);
         const sessionName = cliTool.getSessionName(worktreeId);
@@ -229,9 +236,9 @@ async function pollAutoYes(worktreeId, cliToolId) {
         await (0, tmux_1.sendKeys)(sessionName, answer, false);
         await new Promise(resolve => setTimeout(resolve, 100));
         await (0, tmux_1.sendKeys)(sessionName, '', true);
-        // 5. Update timestamp
+        // 6. Update timestamp
         updateLastServerResponseTimestamp(worktreeId, Date.now());
-        // 6. Reset error count on success
+        // 7. Reset error count on success
         resetErrorCount(worktreeId);
         // Log success (without sensitive content)
         console.info(`[Auto-Yes Poller] Sent response for worktree: ${worktreeId}`);