npm - gitarsenal-cli - Versions diffs - 1.2.5 → 1.2.6 - Mend

gitarsenal-cli 1.2.5 → 1.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/python/README.md +3 -3
package/python/modal_proxy_service.py +65 -52
package/python/test_modalSandboxScript.py +71 -57

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "gitarsenal-cli",
-  "version": "1.2.5",
+  "version": "1.2.6",
   "description": "CLI tool for creating Modal sandboxes with GitHub repositories",
   "main": "index.js",
   "bin": {

package/python/README.md CHANGED Viewed

@@ -21,12 +21,12 @@ The cleanup process:
 1. Removes real Modal token environment variables (MODAL_TOKEN_ID, MODAL_TOKEN, MODAL_TOKEN_SECRET)
 2. Deletes real Modal token files (.modal/token.json, .modal/token_alt.json, .modalconfig)
 3. Invalidates Modal sessions by removing session files and directories
-4. Sets invalid Modal tokens using the `modal token set` command with a dedicated profile
-5. Falls back to manually setting placeholder tokens if the command fails
+4. Creates corrupted token files that will cause Modal CLI authentication to fail
+5. Creates a wrapper script around the Modal CLI that specifically blocks the `modal shell` command
 6. Runs automatically after SSH container creation
 7. Runs on service shutdown via signal handlers
-This prevents potential token leakage when containers are shared or when the service is stopped, while still allowing users to run basic Modal CLI commands. Any operations requiring authentication will fail, effectively logging the user out from Modal.
+This prevents potential token leakage when containers are shared or when the service is stopped, and ensures that users cannot continue to use Modal CLI commands like `modal shell` after the container is created.
 ## Usage

package/python/modal_proxy_service.py CHANGED Viewed

@@ -276,65 +276,78 @@ def cleanup_modal_token():
         except Exception as e:
             logger.warning(f"⚠️ Error during Modal session invalidation: {e}")
-        # Set invalid Modal tokens using the Modal CLI
+        # Create corrupted token files that will cause Modal CLI to fail
         try:
-            logger.info("🔄 Setting invalid Modal tokens...")
+            logger.info("🔒 Creating corrupted Modal token files...")
-            # Use modal token set command with invalid credentials
-            invalid_token_id = "ak-invalid-token-not-valid"
-            invalid_token_secret = "as-invalid-secret-not-valid"
-            profile = "gitarsenal"
+            # Create .modal directory if it doesn't exist
+            if not modal_dir.exists():
+                modal_dir.mkdir(parents=True)
+                logger.info(f"✅ Created Modal directory at {modal_dir}")
-            # Run the modal token set command
-            result = subprocess.run(
-                ["modal", "token", "set",
-                 "--token-id", invalid_token_id,
-                 "--token-secret", invalid_token_secret,
-                 f"--profile={profile}"],
-                capture_output=True,
-                text=True
-            )
+            # Create a corrupted token.json file
+            token_file = modal_dir / "token.json"
+            with open(token_file, 'w') as f:
+                f.write('{"corrupted": true, "message": "Token has been invalidated for security reasons"}')
+            logger.info(f"✅ Created corrupted token file at {token_file}")
-            if result.returncode == 0:
-                logger.info(f"✅ Successfully set invalid Modal tokens with profile '{profile}'")
-            else:
-                logger.warning(f"⚠️ Error setting invalid Modal tokens: {result.stderr}")
-                # Fall back to manually setting placeholder tokens
-                logger.info("🔄 Falling back to manually setting placeholder tokens...")
-                # Create .modal directory if it doesn't exist
-                if not modal_dir.exists():
-                    modal_dir.mkdir(parents=True)
-                    logger.info(f"✅ Created Modal directory at {modal_dir}")
-                # Set placeholder tokens in token.json
-                placeholder_token_id = "ak-placeholder-token-not-valid"
-                placeholder_token_secret = "as-placeholder-secret-not-valid"
-                # Create token.json with placeholder values
-                token_file = modal_dir / "token.json"
-                with open(token_file, 'w') as f:
-                    import json
-                    json.dump({
-                        "token_id": placeholder_token_id,
-                        "token_secret": placeholder_token_secret
-                    }, f)
-                logger.info(f"✅ Created placeholder token file at {token_file}")
-                # Create .modalconfig file with placeholder values
-                with open(modalconfig_file, 'w') as f:
-                    f.write(f"token_id = {placeholder_token_id}\n")
-                    f.write(f"token_secret = {placeholder_token_secret}\n")
-                logger.info(f"✅ Created placeholder .modalconfig file at {modalconfig_file}")
+            # Create a corrupted .modalconfig file
+            modalconfig_file = Path.home() / ".modalconfig"
+            with open(modalconfig_file, 'w') as f:
+                f.write("# This file has been corrupted for security reasons\n")
+                f.write("corrupted = true\n")
+            logger.info(f"✅ Created corrupted .modalconfig file at {modalconfig_file}")
+            # Try to disable the modal shell command specifically
+            try:
+                # Find the modal executable path
+                result = subprocess.run(
+                    ["which", "modal"],
+                    capture_output=True,
+                    text=True
+                )
+                modal_path = result.stdout.strip()
-                # Set placeholder values in environment variables
-                os.environ["MODAL_TOKEN_ID"] = placeholder_token_id
-                os.environ["MODAL_TOKEN_SECRET"] = placeholder_token_secret
-                logger.info("✅ Set placeholder tokens in environment variables")
+                if modal_path:
+                    logger.info(f"📍 Found Modal CLI at: {modal_path}")
+                    # Create a wrapper script that intercepts the shell command
+                    modal_shell_wrapper = """#!/bin/bash
+if [[ "$1" == "shell" ]]; then
+  echo "❌ Modal shell has been disabled for security reasons."
+  echo "Modal token has been removed after SSH container creation."
+  exit 1
+fi
+# Pass all other commands to the real modal CLI
+REAL_MODAL=$(which modal.real 2>/dev/null)
+if [ -n "$REAL_MODAL" ]; then
+  exec "$REAL_MODAL" "$@"
+else
+  echo "❌ Modal CLI has been disabled for security reasons."
+  echo "Modal token has been removed after SSH container creation."
+  exit 1
+fi
+"""
+                    # Rename the original modal executable
+                    os.rename(modal_path, f"{modal_path}.real")
+                    logger.info(f"✅ Renamed original Modal CLI to {modal_path}.real")
+                    # Create a new modal script
+                    with open(modal_path, 'w') as f:
+                        f.write(modal_shell_wrapper)
+                    # Make it executable
+                    os.chmod(modal_path, 0o755)
+                    logger.info(f"✅ Created Modal CLI wrapper at {modal_path}")
+                else:
+                    logger.warning("⚠️ Could not find Modal CLI path")
+            except Exception as e:
+                logger.warning(f"⚠️ Error creating Modal CLI wrapper: {e}")
         except Exception as e:
-            logger.warning(f"⚠️ Error setting invalid Modal tokens: {e}")
+            logger.warning(f"⚠️ Error creating corrupted token files: {e}")
         logger.info("✅ Modal token cleanup completed successfully")
     except Exception as e:

package/python/test_modalSandboxScript.py CHANGED Viewed

@@ -3359,67 +3359,81 @@ def cleanup_modal_token():
         except Exception as e:
             print(f"⚠️ Error during Modal session invalidation: {e}")
-        # Set invalid Modal tokens using the Modal CLI
+        # Create corrupted token files that will cause Modal CLI to fail
         try:
-            print("🔄 Setting invalid Modal tokens...")
-            import subprocess
-            # Use modal token set command with invalid credentials
-            invalid_token_id = "ak-invalid-token-not-valid"
-            invalid_token_secret = "as-invalid-secret-not-valid"
-            profile = "gitarsenal"
-            # Run the modal token set command
-            result = subprocess.run(
-                ["modal", "token", "set",
-                 "--token-id", invalid_token_id,
-                 "--token-secret", invalid_token_secret,
-                 f"--profile={profile}"],
-                capture_output=True,
-                text=True
-            )
+            print("🔒 Creating corrupted Modal token files...")
-            if result.returncode == 0:
-                print(f"✅ Successfully set invalid Modal tokens with profile '{profile}'")
-            else:
-                print(f"⚠️ Error setting invalid Modal tokens: {result.stderr}")
-                # Fall back to manually setting placeholder tokens
-                print("🔄 Falling back to manually setting placeholder tokens...")
-                # Create .modal directory if it doesn't exist
-                if not os.path.exists(modal_dir):
-                    os.makedirs(modal_dir)
-                    print(f"✅ Created Modal directory at {modal_dir}")
-                # Set placeholder tokens in token.json
-                placeholder_token_id = "ak-placeholder-token-not-valid"
-                placeholder_token_secret = "as-placeholder-secret-not-valid"
-                # Create token.json with placeholder values
-                token_file = os.path.join(modal_dir, "token.json")
-                with open(token_file, 'w') as f:
-                    import json
-                    json.dump({
-                        "token_id": placeholder_token_id,
-                        "token_secret": placeholder_token_secret
-                    }, f)
-                print(f"✅ Created placeholder token file at {token_file}")
-                # Create .modalconfig file with placeholder values
-                modalconfig_file = os.path.join(home_dir, ".modalconfig")
-                with open(modalconfig_file, 'w') as f:
-                    f.write(f"token_id = {placeholder_token_id}\n")
-                    f.write(f"token_secret = {placeholder_token_secret}\n")
-                print(f"✅ Created placeholder .modalconfig file at {modalconfig_file}")
-                # Set placeholder values in environment variables
-                os.environ["MODAL_TOKEN_ID"] = placeholder_token_id
-                os.environ["MODAL_TOKEN_SECRET"] = placeholder_token_secret
-                print("✅ Set placeholder tokens in environment variables")
+            # Create .modal directory if it doesn't exist
+            if not os.path.exists(modal_dir):
+                os.makedirs(modal_dir)
+                print(f"✅ Created Modal directory at {modal_dir}")
+            # Create a corrupted token.json file
+            token_file = os.path.join(modal_dir, "token.json")
+            with open(token_file, 'w') as f:
+                f.write('{"corrupted": true, "message": "Token has been invalidated for security reasons"}')
+            print(f"✅ Created corrupted token file at {token_file}")
+            # Create a corrupted .modalconfig file
+            modalconfig_file = os.path.join(home_dir, ".modalconfig")
+            with open(modalconfig_file, 'w') as f:
+                f.write("# This file has been corrupted for security reasons\n")
+                f.write("corrupted = true\n")
+            print(f"✅ Created corrupted .modalconfig file at {modalconfig_file}")
+            # Try to disable the modal shell command specifically
+            try:
+                import subprocess
+                import sys
+                # Find the modal executable path
+                result = subprocess.run(
+                    ["which", "modal"],
+                    capture_output=True,
+                    text=True
+                )
+                modal_path = result.stdout.strip()
+                if modal_path:
+                    print(f"📍 Found Modal CLI at: {modal_path}")
+                    # Create a wrapper script that intercepts the shell command
+                    modal_shell_wrapper = """#!/bin/bash
+if [[ "$1" == "shell" ]]; then
+  echo "❌ Modal shell has been disabled for security reasons."
+  echo "Modal token has been removed after SSH container creation."
+  exit 1
+fi
+# Pass all other commands to the real modal CLI
+REAL_MODAL=$(which modal.real 2>/dev/null)
+if [ -n "$REAL_MODAL" ]; then
+  exec "$REAL_MODAL" "$@"
+else
+  echo "❌ Modal CLI has been disabled for security reasons."
+  echo "Modal token has been removed after SSH container creation."
+  exit 1
+fi
+"""
+                    # Rename the original modal executable
+                    os.rename(modal_path, f"{modal_path}.real")
+                    print(f"✅ Renamed original Modal CLI to {modal_path}.real")
+                    # Create a new modal script
+                    with open(modal_path, 'w') as f:
+                        f.write(modal_shell_wrapper)
+                    # Make it executable
+                    os.chmod(modal_path, 0o755)
+                    print(f"✅ Created Modal CLI wrapper at {modal_path}")
+                else:
+                    print("⚠️ Could not find Modal CLI path")
+            except Exception as e:
+                print(f"⚠️ Error creating Modal CLI wrapper: {e}")
         except Exception as e:
-            print(f"⚠️ Error setting invalid Modal tokens: {e}")
+            print(f"⚠️ Error creating corrupted token files: {e}")
         print("✅ Modal token cleanup completed successfully")
     except Exception as e: