npm - failproofai - Versions diffs - 0.0.6-beta.2 → 0.0.6-beta.3 - Mend

failproofai 0.0.6-beta.2 → 0.0.6-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (119) hide show

package/.next/standalone/src/auth/logout.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { readTokens, clearTokens } from "./token-store";
+import { stopRelay } from "../relay/pid";
+const LOGOUT_TIMEOUT_MS = 3_000;
+export async function logout(): Promise<void> {
+  const tokens = readTokens();
+  if (!tokens) {
+    console.log("Not logged in.");
+    return;
+  }
+  // Best-effort server revoke with a short timeout — the local logout
+  // must not block on a slow network.
+  try {
+    await fetch(`${tokens.server_url}/api/v1/auth/logout`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ refresh_token: tokens.refresh_token }),
+      signal: AbortSignal.timeout(LOGOUT_TIMEOUT_MS),
+    });
+  } catch {
+    // Network or timeout — proceed to local clear anyway
+  }
+  try {
+    stopRelay();
+  } catch {
+    // Best-effort daemon stop
+  }
+  clearTokens();
+  console.log("Logged out.");
+}
+export function whoami(): void {
+  const tokens = readTokens();
+  if (!tokens) {
+    console.log("Not logged in. Run `failproofai login` to authenticate.");
+    process.exit(1);
+  }
+  console.log(`Logged in as ${tokens.user_email}`);
+  console.log(`Server: ${tokens.server_url}`);
+  const expiresIn = tokens.expires_at - Math.floor(Date.now() / 1000);
+  if (expiresIn > 0) {
+    console.log(`Access token expires in ${Math.floor(expiresIn / 60)} minutes`);
+  } else {
+    console.log(`Access token expired (will refresh on next use)`);
+  }
+}

package/.next/standalone/src/auth/token-store.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import {
+  readFileSync,
+  writeFileSync,
+  existsSync,
+  mkdirSync,
+  unlinkSync,
+  renameSync,
+  openSync,
+  closeSync,
+} from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+export interface AuthTokens {
+  access_token: string;
+  refresh_token: string;
+  expires_at: number;
+  user_email: string;
+  user_id: string;
+  server_url: string;
+}
+const AUTH_DIR = join(homedir(), ".failproofai");
+const AUTH_FILE = join(AUTH_DIR, "auth.json");
+function ensureAuthDir(): void {
+  if (!existsSync(AUTH_DIR)) mkdirSync(AUTH_DIR, { recursive: true, mode: 0o700 });
+}
+export function readTokens(): AuthTokens | null {
+  if (!existsSync(AUTH_FILE)) return null;
+  try {
+    const raw = readFileSync(AUTH_FILE, "utf8");
+    return JSON.parse(raw) as AuthTokens;
+  } catch {
+    return null;
+  }
+}
+/**
+ * Write tokens atomically with 0600 permissions *from creation*.
+ * We open with O_WRONLY|O_CREAT|O_TRUNC and explicit mode 0600 so the
+ * file is never world-readable, not even briefly during the write.
+ * Then rename into place (atomic on POSIX).
+ */
+export function writeTokens(tokens: AuthTokens): void {
+  ensureAuthDir();
+  const tmpPath = `${AUTH_FILE}.tmp`;
+  const fd = openSync(tmpPath, "w", 0o600);
+  try {
+    writeFileSync(fd, JSON.stringify(tokens, null, 2));
+  } finally {
+    closeSync(fd);
+  }
+  renameSync(tmpPath, AUTH_FILE);
+}
+export function clearTokens(): void {
+  if (existsSync(AUTH_FILE)) unlinkSync(AUTH_FILE);
+}
+export function isLoggedIn(): boolean {
+  return existsSync(AUTH_FILE);
+}

package/.next/standalone/src/hooks/builtin-policies.ts CHANGED Viewed

@@ -171,7 +171,7 @@ function getCurrentBranch(cwd: string): string | null {
     if (branch === undefined) {
       branch = execSync("git rev-parse --abbrev-ref HEAD", {
         cwd,
-        encoding: "utf8",
+        encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
         timeout: 3000,
       }).trim();
       gitBranchCache.set(cwd, branch);
@@ -186,7 +186,7 @@ function getHeadSha(cwd: string): string | null {
   try {
     const sha = execSync("git rev-parse HEAD", {
       cwd,
-      encoding: "utf8",
+      encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
       timeout: 3000,
     }).trim();
     return sha || null;
@@ -214,7 +214,7 @@ function getThirdPartyCheckRuns(cwd: string, sha: string): CiCheck[] {
       ],
       {
         cwd,
-        encoding: "utf8",
+        encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
         timeout: 15000,
       },
     ).trim();
@@ -239,7 +239,7 @@ function getCommitStatuses(cwd: string, sha: string): CiCheck[] {
       ],
       {
         cwd,
-        encoding: "utf8",
+        encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
         timeout: 15000,
       },
     ).trim();
@@ -676,7 +676,9 @@ function extractAbsolutePaths(command: string): string[] {
 }
 function blockReadOutsideCwd(ctx: PolicyContext): PolicyResult {
-  const cwd = ctx.session?.cwd;
+  // Prefer $CLAUDE_PROJECT_DIR (stable project root) over ctx.session.cwd,
+  // which tracks the live shell CWD and drifts when Claude `cd`s into a subdir.
+  const cwd = process.env.CLAUDE_PROJECT_DIR || ctx.session?.cwd;
   if (!cwd) return allow(); // Can't enforce without cwd
   const allowPaths = ((ctx.params?.allowPaths ?? []) as string[]);
@@ -964,7 +966,7 @@ function requireCommitBeforeStop(ctx: PolicyContext): PolicyResult {
   try {
     const status = execSync("git status --porcelain", {
       cwd,
-      encoding: "utf8",
+      encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
       timeout: 5000,
     }).trim();
@@ -986,7 +988,7 @@ function requirePushBeforeStop(ctx: PolicyContext): PolicyResult {
   try {
     const remotes = execSync("git remote", {
       cwd,
-      encoding: "utf8",
+      encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
       timeout: 3000,
     }).trim();
@@ -1009,7 +1011,7 @@ function requirePushBeforeStop(ctx: PolicyContext): PolicyResult {
       const ahead = execFileSync(
         "git",
         ["log", `${remote}/${baseBranch}..HEAD`, "--oneline"],
-        { cwd, encoding: "utf8", timeout: 5000 },
+        { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 },
       ).trim();
       if (!ahead) {
@@ -1022,7 +1024,7 @@ function requirePushBeforeStop(ctx: PolicyContext): PolicyResult {
       const diff = execFileSync(
         "git",
         ["diff", "--stat", `${remote}/${baseBranch}`, "HEAD"],
-        { cwd, encoding: "utf8", timeout: 5000 },
+        { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 },
       ).trim();
       if (!diff) {
@@ -1037,7 +1039,7 @@ function requirePushBeforeStop(ctx: PolicyContext): PolicyResult {
     try {
       execFileSync("git", ["rev-parse", "--verify", `${remote}/${branch}`], {
         cwd,
-        encoding: "utf8",
+        encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
         timeout: 3000,
       });
       hasTracking = true;
@@ -1055,7 +1057,7 @@ function requirePushBeforeStop(ctx: PolicyContext): PolicyResult {
     // Check for unpushed commits
     const unpushed = execFileSync("git", ["log", `${remote}/${branch}..HEAD`, "--oneline"], {
       cwd,
-      encoding: "utf8",
+      encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
       timeout: 5000,
     }).trim();
@@ -1080,7 +1082,7 @@ function requirePrBeforeStop(ctx: PolicyContext): PolicyResult {
   try {
     // Check if gh CLI is available
     try {
-      execSync("gh --version", { cwd, encoding: "utf8", timeout: 3000 });
+      execSync("gh --version", { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 3000 });
     } catch {
       return allow("GitHub CLI (gh) not installed, skipping PR check.");
     }
@@ -1100,7 +1102,7 @@ function requirePrBeforeStop(ctx: PolicyContext): PolicyResult {
       const ahead = execFileSync(
         "git",
         ["log", `origin/${baseBranch}..HEAD`, "--oneline"],
-        { cwd, encoding: "utf8", timeout: 5000 },
+        { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 },
       ).trim();
       if (!ahead) {
@@ -1113,7 +1115,7 @@ function requirePrBeforeStop(ctx: PolicyContext): PolicyResult {
       const diff = execFileSync(
         "git",
         ["diff", "--stat", `origin/${baseBranch}`, "HEAD"],
-        { cwd, encoding: "utf8", timeout: 5000 },
+        { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 },
       ).trim();
       if (!diff) {
@@ -1128,7 +1130,7 @@ function requirePrBeforeStop(ctx: PolicyContext): PolicyResult {
     try {
       prJson = execSync("gh pr view --json number,url,state", {
         cwd,
-        encoding: "utf8",
+        encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
         timeout: 15000,
       }).trim();
     } catch {
@@ -1151,13 +1153,13 @@ function requirePrBeforeStop(ctx: PolicyContext): PolicyResult {
       try {
         execFileSync("git", ["fetch", "origin", `+refs/heads/${baseBranch}:refs/remotes/origin/${baseBranch}`], {
           cwd,
-          encoding: "utf8",
+          encoding: "utf8", stdio: ["pipe", "pipe", "pipe"],
           timeout: 10000,
         });
         const freshAhead = execFileSync(
           "git",
           ["log", `origin/${baseBranch}..HEAD`, "--oneline"],
-          { cwd, encoding: "utf8", timeout: 5000 },
+          { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 },
         ).trim();
         if (!freshAhead) {
           return allow(`PR #${pr.number} was merged; branch is up to date with ${baseBranch}.`);
@@ -1165,7 +1167,7 @@ function requirePrBeforeStop(ctx: PolicyContext): PolicyResult {
         const freshDiff = execFileSync(
           "git",
           ["diff", "--stat", `origin/${baseBranch}`, "HEAD"],
-          { cwd, encoding: "utf8", timeout: 5000 },
+          { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 },
         ).trim();
         if (!freshDiff) {
           return allow(`PR #${pr.number} was merged; no file changes vs ${baseBranch}.`);
@@ -1190,7 +1192,7 @@ function requireCiGreenBeforeStop(ctx: PolicyContext): PolicyResult {
   try {
     // Check if gh CLI is available
     try {
-      execSync("gh --version", { cwd, encoding: "utf8", timeout: 3000 });
+      execSync("gh --version", { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 3000 });
     } catch {
       return allow("GitHub CLI (gh) not installed, skipping CI check.");
     }
@@ -1204,7 +1206,7 @@ function requireCiGreenBeforeStop(ctx: PolicyContext): PolicyResult {
       const runsJson = execFileSync(
         "gh",
         ["run", "list", "--branch", branch, "--limit", "5", "--json", "status,conclusion,name"],
-        { cwd, encoding: "utf8", timeout: 15000 },
+        { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 15000 },
       ).trim();
       if (runsJson && runsJson !== "[]") {

package/.next/standalone/src/hooks/handler.ts CHANGED Viewed

@@ -148,26 +148,46 @@ export async function handleHookEvent(eventType: string): Promise<number> {
   }
   // Persist activity to disk (visible in /policies activity tab)
+  const activityEntry = {
+    timestamp: Date.now(),
+    eventType,
+    toolName: (parsed.tool_name as string) ?? null,
+    policyName: result.policyName,
+    policyNames: result.policyNames,
+    decision: result.decision,
+    reason: result.reason,
+    durationMs,
+    sessionId: session.sessionId,
+    transcriptPath: session.transcriptPath,
+    cwd: session.cwd,
+    permissionMode: session.permissionMode,
+    hookEventName: session.hookEventName,
+  };
   try {
-    persistHookActivity({
-      timestamp: Date.now(),
-      eventType,
-      toolName: (parsed.tool_name as string) ?? null,
-      policyName: result.policyName,
-      policyNames: result.policyNames,
-      decision: result.decision,
-      reason: result.reason,
-      durationMs,
-      sessionId: session.sessionId,
-      transcriptPath: session.transcriptPath,
-      cwd: session.cwd,
-      permissionMode: session.permissionMode,
-      hookEventName: session.hookEventName,
-    });
+    persistHookActivity(activityEntry);
   } catch {
     hookLogWarn("activity persistence failed");
   }
+  // Enqueue for server relay — fire-and-forget, never blocks hook.
+  // queue.ts is a no-op if the user is not logged in (no auth.json), and
+  // sanitizes the entry before persisting (drops toolInput/transcriptPath,
+  // hashes cwd, redacts known secret patterns in `reason`).
+  try {
+    const { appendToServerQueue } = await import("../relay/queue");
+    appendToServerQueue(activityEntry);
+  } catch {
+    // Server queue is best-effort; fail-open
+  }
+  // Lazy-start relay daemon if user is logged in — ~1ms when already running
+  try {
+    const { ensureRelayRunning } = await import("../relay/daemon");
+    ensureRelayRunning();
+  } catch {
+    // Relay is best-effort; hook must succeed regardless
+  }
   // Fire PostHog telemetry for decisions that affect Claude's behavior
   if (result.decision === "deny" || result.decision === "instruct") {
     try {