npm - crewx - Versions diffs - 0.8.6-rc.1 → 0.8.6-rc.2 - Mend

crewx 0.8.6-rc.1 → 0.8.6-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist-server/bootstrap/tls.js +111 -26
package/package.json +8 -7
package/packages/cli/package.json +1 -1

package/dist-server/bootstrap/tls.js CHANGED Viewed

@@ -1,12 +1,18 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CERT_PATH = void 0;
 exports.resolveHttpsOptions = resolveHttpsOptions;
 const fs_1 = require("fs");
 const path_1 = require("path");
 const os_1 = require("os");
-const selfsigned_1 = require("selfsigned");
+const child_process_1 = require("child_process");
+const node_forge_1 = __importDefault(require("node-forge"));
 const TLS_DIR = (0, path_1.join)((0, os_1.homedir)(), '.crewx', 'tls');
+const CA_CERT_PATH = (0, path_1.join)(TLS_DIR, 'ca.pem');
+const CA_KEY_PATH = (0, path_1.join)(TLS_DIR, 'ca-key.pem');
 const CERT_PATH = (0, path_1.join)(TLS_DIR, 'cert.pem');
 exports.CERT_PATH = CERT_PATH;
 const KEY_PATH = (0, path_1.join)(TLS_DIR, 'key.pem');
@@ -20,38 +26,117 @@ async function resolveHttpsOptions() {
             key: (0, fs_1.readFileSync)(process.env.TLS_KEY),
         };
     }
-    if ((0, fs_1.existsSync)(CERT_PATH) && (0, fs_1.existsSync)(KEY_PATH)) {
+    if ((0, fs_1.existsSync)(CA_CERT_PATH) && (0, fs_1.existsSync)(CERT_PATH) && (0, fs_1.existsSync)(KEY_PATH)) {
         return {
             cert: (0, fs_1.readFileSync)(CERT_PATH),
             key: (0, fs_1.readFileSync)(KEY_PATH),
         };
     }
-    return generateSelfSignedCert();
-}
-async function generateSelfSignedCert() {
-    const host = (0, os_1.hostname)();
-    const attrs = [{ name: 'commonName', value: 'CrewX Local Server' }];
-    const sanExt = {
-        name: 'subjectAltName',
-        altNames: [
-            { type: 2, value: 'localhost' },
-            { type: 2, value: host },
-            { type: 7, ip: '127.0.0.1' },
-            { type: 7, ip: '::1' },
-        ],
+    // Generate CA (or reuse existing) + server cert signed by CA
+    const ca = ensureCACert();
+    const server = generateServerCert(ca.cert, ca.key);
+    (0, fs_1.writeFileSync)(CERT_PATH, server.certPem, { mode: 0o644 });
+    (0, fs_1.writeFileSync)(KEY_PATH, server.keyPem, { mode: 0o600 });
+    if (ca.isNew) {
+        installCA(CA_CERT_PATH);
+    }
+    return {
+        cert: Buffer.from(server.certPem),
+        key: Buffer.from(server.keyPem),
     };
-    const pems = await (0, selfsigned_1.generate)(attrs, {
-        keySize: 2048,
-        extensions: [sanExt],
-    });
+}
+function ensureCACert() {
+    if ((0, fs_1.existsSync)(CA_CERT_PATH) && (0, fs_1.existsSync)(CA_KEY_PATH)) {
+        return {
+            cert: node_forge_1.default.pki.certificateFromPem((0, fs_1.readFileSync)(CA_CERT_PATH, 'utf8')),
+            key: node_forge_1.default.pki.privateKeyFromPem((0, fs_1.readFileSync)(CA_KEY_PATH, 'utf8')),
+            isNew: false,
+        };
+    }
+    const keys = node_forge_1.default.pki.rsa.generateKeyPair(2048);
+    const cert = node_forge_1.default.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = randomSerialNumber();
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 10);
+    const attrs = [
+        { name: 'commonName', value: 'SowonLabs CrewX Local CA' },
+        { name: 'organizationName', value: 'SowonLabs' },
+    ];
+    cert.setSubject(attrs);
+    cert.setIssuer(attrs);
+    cert.setExtensions([
+        { name: 'basicConstraints', cA: true },
+        { name: 'keyUsage', keyCertSign: true, cRLSign: true },
+    ]);
+    cert.sign(keys.privateKey, node_forge_1.default.md.sha256.create());
     (0, fs_1.mkdirSync)(TLS_DIR, { recursive: true });
-    (0, fs_1.writeFileSync)(CERT_PATH, pems.cert, { mode: 0o644 });
-    (0, fs_1.writeFileSync)(KEY_PATH, pems.private, { mode: 0o600 });
-    console.log(`🔒 Self-signed TLS certificate generated: ~/.crewx/tls/`);
-    console.log(`⚠️  Browser will show a security warning on first access.`);
-    console.log(`💡 Install mkcert for warning-free local HTTPS.`);
+    (0, fs_1.writeFileSync)(CA_CERT_PATH, node_forge_1.default.pki.certificateToPem(cert), { mode: 0o644 });
+    (0, fs_1.writeFileSync)(CA_KEY_PATH, node_forge_1.default.pki.privateKeyToPem(keys.privateKey), {
+        mode: 0o600,
+    });
+    console.log('🏛️  SowonLabs CrewX Local CA created: ~/.crewx/tls/ca.pem');
+    return { cert, key: keys.privateKey, isNew: true };
+}
+function generateServerCert(caCert, caKey) {
+    const host = (0, os_1.hostname)();
+    const keys = node_forge_1.default.pki.rsa.generateKeyPair(2048);
+    const cert = node_forge_1.default.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = randomSerialNumber();
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
+    cert.setSubject([{ name: 'commonName', value: host }]);
+    cert.setIssuer(caCert.subject.attributes);
+    cert.setExtensions([
+        {
+            name: 'subjectAltName',
+            altNames: [
+                { type: 2, value: 'localhost' },
+                { type: 2, value: host },
+                { type: 7, ip: '127.0.0.1' },
+                { type: 7, ip: '::1' },
+            ],
+        },
+    ]);
+    cert.sign(caKey, node_forge_1.default.md.sha256.create());
+    console.log('🔒 Server certificate issued by SowonLabs CA: ~/.crewx/tls/cert.pem');
     return {
-        cert: Buffer.from(pems.cert),
-        key: Buffer.from(pems.private),
+        certPem: node_forge_1.default.pki.certificateToPem(cert),
+        keyPem: node_forge_1.default.pki.privateKeyToPem(keys.privateKey),
     };
 }
+function installCA(caCertPath) {
+    if (process.env.CREWX_TRUST_CA === '0') {
+        return;
+    }
+    const platform = process.platform;
+    console.log('');
+    console.log('🔐 브라우저 경고 없이 HTTPS를 사용하려면 CA 인증서를 등록해야 합니다.');
+    console.log('   등록하지 않아도 HTTPS는 동작하지만, 브라우저에서 "주의 요함" 경고가 표시됩니다.');
+    console.log('');
+    try {
+        if (platform === 'win32') {
+            (0, child_process_1.execSync)(`powershell -Command "Import-Certificate -FilePath '${caCertPath}' -CertStoreLocation Cert:\\CurrentUser\\Root"`, { stdio: 'inherit' });
+        }
+        else if (platform === 'darwin') {
+            (0, child_process_1.execSync)(`security add-trusted-cert -r trustRoot -k ~/Library/Keychains/login.keychain-db "${caCertPath}"`, { stdio: 'inherit' });
+        }
+        else {
+            console.log('   Linux에서는 수동 등록이 필요합니다:');
+            console.log(`   sudo cp ${caCertPath} /usr/local/share/ca-certificates/crewx-ca.crt`);
+            console.log('   sudo update-ca-certificates');
+            return;
+        }
+        console.log('✅ SowonLabs CA가 시스템에 등록되었습니다. 브라우저 경고 없이 HTTPS를 사용할 수 있습니다.');
+    }
+    catch {
+        console.log('⚠️  CA 등록에 실패했습니다. HTTPS는 동작하지만 브라우저에서 경고가 표시됩니다.');
+        console.log(`   수동 등록: ${caCertPath}`);
+    }
+}
+function randomSerialNumber() {
+    return node_forge_1.default.util.bytesToHex(node_forge_1.default.random.getBytesSync(16));
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "crewx",
-  "version": "0.8.6-rc.1",
+  "version": "0.8.6-rc.2",
   "description": "CrewX — AI agent team dashboard with Electron UI and CLI (Web + Electron + Global CLI)",
   "main": "server.js",
   "bin": {
@@ -55,12 +55,12 @@
     "js-tiktoken": "^1.0.21",
     "js-yaml": "^4.1.1",
     "md-to-slack": "^1.0.0",
+    "node-forge": "^1.3.1",
     "open": "^11.0.0",
     "reflect-metadata": "^0.2.2",
     "remark-parse": "^11.0.0",
     "remark-stringify": "^11.0.0",
     "rxjs": "^7.8.1",
-    "selfsigned": "^5.5.0",
     "swagger-ui-express": "^5.0.1",
     "unified": "^11.0.5",
     "unist-util-visit": "^5.0.0",
@@ -68,17 +68,17 @@
     "wink-nlp-utils": "^2.1.0",
     "yargs": "^17.7.0",
     "zod": "^3.22.0",
-    "@crewx/cli": "0.8.6-rc.1",
-    "@crewx/doc": "0.1.8",
+    "@crewx/cli": "0.8.6-rc.2",
     "@crewx/cron": "0.1.8",
+    "@crewx/doc": "0.1.8",
     "@crewx/memory": "0.1.10",
     "@crewx/knowledge-core": "0.1.6",
-    "@crewx/sdk": "0.8.6-rc.2",
+    "@crewx/sdk": "0.8.6-rc.3",
     "@crewx/shared": "0.0.5",
     "@crewx/wbs": "0.1.9",
     "@crewx/search": "0.1.9",
-    "@crewx/skill": "0.1.8",
-    "@crewx/workflow": "0.3.18"
+    "@crewx/workflow": "0.3.18",
+    "@crewx/skill": "0.1.8"
   },
   "devDependencies": {
     "@ccusage/codex": "^0.0.1",
@@ -107,6 +107,7 @@
     "@types/express": "^5.0.0",
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^20.10.0",
+    "@types/node-forge": "^1.3.11",
     "@types/react": "^18.2.0",
     "@types/react-dom": "^18.2.0",
     "@types/supertest": "^7.2.0",

package/packages/cli/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@crewx/cli",
-  "version": "0.8.6-rc.1",
+  "version": "0.8.6-rc.2",
   "license": "UNLICENSED",
   "engines": {
     "node": ">=20.19.0"