npm - gitarsenal-cli - Versions diffs - 1.2.6 → 1.2.8 - Mend

gitarsenal-cli 1.2.6 → 1.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/python/README.md +6 -9
package/python/modal_proxy_service.py +6 -120
package/python/test_modalSandboxScript.py +7 -124

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "gitarsenal-cli",
-  "version": "1.2.6",
+  "version": "1.2.8",
   "description": "CLI tool for creating Modal sandboxes with GitHub repositories",
   "main": "index.js",
   "bin": {

package/python/README.md CHANGED Viewed

@@ -18,15 +18,12 @@ The GitArsenal CLI integrates with Modal for creating sandboxes and SSH containe
 For enhanced security, GitArsenal CLI now automatically cleans up Modal tokens after SSH containers are created. This ensures that your Modal token is not left in the environment or on disk after the container is started.
 The cleanup process:
-1. Removes real Modal token environment variables (MODAL_TOKEN_ID, MODAL_TOKEN, MODAL_TOKEN_SECRET)
-2. Deletes real Modal token files (.modal/token.json, .modal/token_alt.json, .modalconfig)
-3. Invalidates Modal sessions by removing session files and directories
-4. Creates corrupted token files that will cause Modal CLI authentication to fail
-5. Creates a wrapper script around the Modal CLI that specifically blocks the `modal shell` command
-6. Runs automatically after SSH container creation
-7. Runs on service shutdown via signal handlers
-This prevents potential token leakage when containers are shared or when the service is stopped, and ensures that users cannot continue to use Modal CLI commands like `modal shell` after the container is created.
+1. Removes Modal token environment variables (MODAL_TOKEN_ID, MODAL_TOKEN, MODAL_TOKEN_SECRET)
+2. Deletes the ~/.modal.toml file which contains the authentication token
+3. Runs automatically after SSH container creation
+4. Runs on service shutdown via signal handlers
+This simple but effective approach prevents potential token leakage when containers are shared or when the service is stopped, and ensures that users cannot continue to use Modal CLI commands like `modal shell` after the container is created.
 ## Usage

package/python/modal_proxy_service.py CHANGED Viewed

@@ -215,7 +215,7 @@ def cleanup_modal_token():
     logger.info("🧹 Cleaning up Modal token for security...")
     try:
-        # Remove real token from environment variables
+        # Remove token from environment variables
         if "MODAL_TOKEN_ID" in os.environ:
             del os.environ["MODAL_TOKEN_ID"]
             logger.info("✅ Removed MODAL_TOKEN_ID from environment")
@@ -228,127 +228,13 @@ def cleanup_modal_token():
             del os.environ["MODAL_TOKEN_SECRET"]
             logger.info("✅ Removed MODAL_TOKEN_SECRET from environment")
-        # Delete token files
+        # Delete ~/.modal.toml file
         from pathlib import Path
-        modal_dir = Path.home() / ".modal"
-        if modal_dir.exists():
-            # Delete token.json
-            token_file = modal_dir / "token.json"
-            if token_file.exists():
-                token_file.unlink()
-                logger.info(f"✅ Deleted token file at {token_file}")
-            # Delete token_alt.json if it exists
-            token_alt_file = modal_dir / "token_alt.json"
-            if token_alt_file.exists():
-                token_alt_file.unlink()
-                logger.info(f"✅ Deleted alternative token file at {token_alt_file}")
+        modal_toml = Path.home() / ".modal.toml"
+        if modal_toml.exists():
+            modal_toml.unlink()
+            logger.info(f"✅ Deleted Modal token file at {modal_toml}")
-        # Delete .modalconfig file
-        modalconfig_file = Path.home() / ".modalconfig"
-        if modalconfig_file.exists():
-            modalconfig_file.unlink()
-            logger.info(f"✅ Deleted .modalconfig file at {modalconfig_file}")
-        # Try to invalidate Modal sessions
-        try:
-            logger.info("🔑 Invalidating Modal sessions...")
-            # Try to directly modify Modal's session files
-            try:
-                # Check for session files in .modal directory
-                session_dir = modal_dir / "sessions"
-                if session_dir.exists():
-                    import shutil
-                    shutil.rmtree(session_dir)
-                    logger.info(f"✅ Removed Modal sessions directory at {session_dir}")
-                # Also check for any other potential session files
-                for file in os.listdir(modal_dir) if modal_dir.exists() else []:
-                    if "session" in file.lower() or "auth" in file.lower():
-                        file_path = modal_dir / file
-                        if file_path.is_file():
-                            file_path.unlink()
-                            logger.info(f"✅ Removed Modal session file: {file_path}")
-            except Exception as e:
-                logger.warning(f"⚠️ Error removing Modal sessions: {e}")
-        except Exception as e:
-            logger.warning(f"⚠️ Error during Modal session invalidation: {e}")
-        # Create corrupted token files that will cause Modal CLI to fail
-        try:
-            logger.info("🔒 Creating corrupted Modal token files...")
-            # Create .modal directory if it doesn't exist
-            if not modal_dir.exists():
-                modal_dir.mkdir(parents=True)
-                logger.info(f"✅ Created Modal directory at {modal_dir}")
-            # Create a corrupted token.json file
-            token_file = modal_dir / "token.json"
-            with open(token_file, 'w') as f:
-                f.write('{"corrupted": true, "message": "Token has been invalidated for security reasons"}')
-            logger.info(f"✅ Created corrupted token file at {token_file}")
-            # Create a corrupted .modalconfig file
-            modalconfig_file = Path.home() / ".modalconfig"
-            with open(modalconfig_file, 'w') as f:
-                f.write("# This file has been corrupted for security reasons\n")
-                f.write("corrupted = true\n")
-            logger.info(f"✅ Created corrupted .modalconfig file at {modalconfig_file}")
-            # Try to disable the modal shell command specifically
-            try:
-                # Find the modal executable path
-                result = subprocess.run(
-                    ["which", "modal"],
-                    capture_output=True,
-                    text=True
-                )
-                modal_path = result.stdout.strip()
-                if modal_path:
-                    logger.info(f"📍 Found Modal CLI at: {modal_path}")
-                    # Create a wrapper script that intercepts the shell command
-                    modal_shell_wrapper = """#!/bin/bash
-if [[ "$1" == "shell" ]]; then
-  echo "❌ Modal shell has been disabled for security reasons."
-  echo "Modal token has been removed after SSH container creation."
-  exit 1
-fi
-# Pass all other commands to the real modal CLI
-REAL_MODAL=$(which modal.real 2>/dev/null)
-if [ -n "$REAL_MODAL" ]; then
-  exec "$REAL_MODAL" "$@"
-else
-  echo "❌ Modal CLI has been disabled for security reasons."
-  echo "Modal token has been removed after SSH container creation."
-  exit 1
-fi
-"""
-                    # Rename the original modal executable
-                    os.rename(modal_path, f"{modal_path}.real")
-                    logger.info(f"✅ Renamed original Modal CLI to {modal_path}.real")
-                    # Create a new modal script
-                    with open(modal_path, 'w') as f:
-                        f.write(modal_shell_wrapper)
-                    # Make it executable
-                    os.chmod(modal_path, 0o755)
-                    logger.info(f"✅ Created Modal CLI wrapper at {modal_path}")
-                else:
-                    logger.warning("⚠️ Could not find Modal CLI path")
-            except Exception as e:
-                logger.warning(f"⚠️ Error creating Modal CLI wrapper: {e}")
-        except Exception as e:
-            logger.warning(f"⚠️ Error creating corrupted token files: {e}")
         logger.info("✅ Modal token cleanup completed successfully")
     except Exception as e:
         logger.error(f"❌ Error during Modal token cleanup: {e}")

package/python/test_modalSandboxScript.py CHANGED Viewed

@@ -3298,7 +3298,7 @@ def cleanup_modal_token():
     print("🧹 Cleaning up Modal token for security...")
     try:
-        # Remove real token from environment variables
+        # Remove token from environment variables
         if "MODAL_TOKEN_ID" in os.environ:
             del os.environ["MODAL_TOKEN_ID"]
             print("✅ Removed MODAL_TOKEN_ID from environment")
@@ -3311,130 +3311,13 @@ def cleanup_modal_token():
             del os.environ["MODAL_TOKEN_SECRET"]
             print("✅ Removed MODAL_TOKEN_SECRET from environment")
-        # Delete token files
+        # Delete ~/.modal.toml file
         home_dir = os.path.expanduser("~")
-        modal_dir = os.path.join(home_dir, ".modal")
-        if os.path.exists(modal_dir):
-            # Delete token.json
-            token_file = os.path.join(modal_dir, "token.json")
-            if os.path.exists(token_file):
-                os.remove(token_file)
-                print(f"✅ Deleted token file at {token_file}")
-            # Delete token_alt.json if it exists
-            token_alt_file = os.path.join(modal_dir, "token_alt.json")
-            if os.path.exists(token_alt_file):
-                os.remove(token_alt_file)
-                print(f"✅ Deleted alternative token file at {token_alt_file}")
-        # Delete .modalconfig file
-        modalconfig_file = os.path.join(home_dir, ".modalconfig")
-        if os.path.exists(modalconfig_file):
-            os.remove(modalconfig_file)
-            print(f"✅ Deleted .modalconfig file at {modalconfig_file}")
-        # Try to invalidate Modal sessions
-        try:
-            print("🔑 Invalidating Modal sessions...")
-            # Try to directly modify Modal's session files
-            try:
-                # Check for session files in .modal directory
-                session_dir = os.path.join(modal_dir, "sessions")
-                if os.path.exists(session_dir):
-                    import shutil
-                    shutil.rmtree(session_dir)
-                    print(f"✅ Removed Modal sessions directory at {session_dir}")
-                # Also check for any other potential session files
-                for file in os.listdir(modal_dir) if os.path.exists(modal_dir) else []:
-                    if "session" in file.lower() or "auth" in file.lower():
-                        file_path = os.path.join(modal_dir, file)
-                        if os.path.isfile(file_path):
-                            os.remove(file_path)
-                            print(f"✅ Removed Modal session file: {file_path}")
-            except Exception as e:
-                print(f"⚠️ Error removing Modal sessions: {e}")
-        except Exception as e:
-            print(f"⚠️ Error during Modal session invalidation: {e}")
-        # Create corrupted token files that will cause Modal CLI to fail
-        try:
-            print("🔒 Creating corrupted Modal token files...")
-            # Create .modal directory if it doesn't exist
-            if not os.path.exists(modal_dir):
-                os.makedirs(modal_dir)
-                print(f"✅ Created Modal directory at {modal_dir}")
-            # Create a corrupted token.json file
-            token_file = os.path.join(modal_dir, "token.json")
-            with open(token_file, 'w') as f:
-                f.write('{"corrupted": true, "message": "Token has been invalidated for security reasons"}')
-            print(f"✅ Created corrupted token file at {token_file}")
-            # Create a corrupted .modalconfig file
-            modalconfig_file = os.path.join(home_dir, ".modalconfig")
-            with open(modalconfig_file, 'w') as f:
-                f.write("# This file has been corrupted for security reasons\n")
-                f.write("corrupted = true\n")
-            print(f"✅ Created corrupted .modalconfig file at {modalconfig_file}")
-            # Try to disable the modal shell command specifically
-            try:
-                import subprocess
-                import sys
-                # Find the modal executable path
-                result = subprocess.run(
-                    ["which", "modal"],
-                    capture_output=True,
-                    text=True
-                )
-                modal_path = result.stdout.strip()
-                if modal_path:
-                    print(f"📍 Found Modal CLI at: {modal_path}")
-                    # Create a wrapper script that intercepts the shell command
-                    modal_shell_wrapper = """#!/bin/bash
-if [[ "$1" == "shell" ]]; then
-  echo "❌ Modal shell has been disabled for security reasons."
-  echo "Modal token has been removed after SSH container creation."
-  exit 1
-fi
-# Pass all other commands to the real modal CLI
-REAL_MODAL=$(which modal.real 2>/dev/null)
-if [ -n "$REAL_MODAL" ]; then
-  exec "$REAL_MODAL" "$@"
-else
-  echo "❌ Modal CLI has been disabled for security reasons."
-  echo "Modal token has been removed after SSH container creation."
-  exit 1
-fi
-"""
-                    # Rename the original modal executable
-                    os.rename(modal_path, f"{modal_path}.real")
-                    print(f"✅ Renamed original Modal CLI to {modal_path}.real")
-                    # Create a new modal script
-                    with open(modal_path, 'w') as f:
-                        f.write(modal_shell_wrapper)
-                    # Make it executable
-                    os.chmod(modal_path, 0o755)
-                    print(f"✅ Created Modal CLI wrapper at {modal_path}")
-                else:
-                    print("⚠️ Could not find Modal CLI path")
-            except Exception as e:
-                print(f"⚠️ Error creating Modal CLI wrapper: {e}")
-        except Exception as e:
-            print(f"⚠️ Error creating corrupted token files: {e}")
+        modal_toml = os.path.join(home_dir, ".modal.toml")
+        if os.path.exists(modal_toml):
+            os.remove(modal_toml)
+            print(f"✅ Deleted Modal token file at {modal_toml}")
         print("✅ Modal token cleanup completed successfully")
     except Exception as e:
         print(f"❌ Error during Modal token cleanup: {e}")