log-llm-config-staging 1.3.44

package/dist/log_config_files/runtime/compliance_check.js

@@ -0,0 +1,518 @@
+/**
+ * Compliance check: types and check runner entry point.
+ *
+ * Compliance is in-memory only (no compliance.json): runLocalRemediationComplianceCheck returns
+ * ComplianceStatus; the prompt gate and tests use that return value. Autofix may write config files
+ * and remediation_instructions.json via applyAutofixViolations / enforceRemediation.
+ *
+ * Prompt gate: compliance_prompt_gate runs runLocalRemediationComplianceCheck then applyAutofixViolations.
+ * Background: compliance_check_runner runs syncRemediations (network) then the same local check.
+ * Apply (autofix) is intentionally left to the gate on the next prompt — the background pass only
+ * downloads the latest manifest so the gate has fresh data to act on.
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { readVscdbItemTableJson } from '../readers/vscdb_reader.js';
+import { readRemediationInstructionsFile, writeRemediationInstructionsFile } from './management_storage.js';
+import { resolveRemediationConfigPath } from './remediation_config_path.js';
+import { complianceRunnerDiag, hookRunLog, logRemediationApplyFailure } from './hook_logger.js';
+import { loadEndpointBase } from '../sender/endpoint_config.js';
+import { resolveHardwareUuid, tryResolveHardwareUuid } from './hardware_uuid.js';
+import { buildDeferredCursorRestartCommand, enforceRemediation, fetchSync, isTrustedRestartCommandForAutofix, remediationFixSpec, reportAutofixApplied, syncRemediations, } from './remediation_sync.js';
+import { sendConfigFile } from '../sender/batch_sender.js';
+import { readStoredAuthKey } from '../auth/auth_key_store.js';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * ItemTable keys use slashes (e.g. cursorai/donotchange/privacyMode) and do not contain dots.
+ * Compliance setting_path is `${itemKey}.${nested.path}` — take the segment before the first `.`.
+ */
+export function itemTableKeyFromSettingPath(settingPath) {
+    const i = settingPath.indexOf('.');
+    return i === -1 ? settingPath : settingPath.slice(0, i);
+}
+/** Traverse a JSON object using dot-notation path. Returns undefined if any segment is missing. */
+export function getByPath(obj, path) {
+    const parts = path.split('.');
+    let current = obj;
+    for (const part of parts) {
+        if (current == null || typeof current !== 'object')
+            return undefined;
+        // Cursor composerState.modes4: non-numeric segment indexes by mode id (agent row is not always [0]).
+        if (Array.isArray(current) && !/^\d+$/.test(part)) {
+            const idx = current.findIndex((item) => item !== null &&
+                typeof item === 'object' &&
+                item.id === part);
+            current = idx >= 0 ? current[idx] : undefined;
+            continue;
+        }
+        current = current[part];
+    }
+    return current;
+}
+/** Deep-equal comparison via JSON serialisation (handles booleans, strings, numbers, null). */
+function deepEqual(a, b) {
+    return JSON.stringify(a) === JSON.stringify(b);
+}
+function isStringArray(v) {
+    return Array.isArray(v) && v.every((x) => typeof x === 'string');
+}
+function verifyOpsApplied(configJson, settingPath, ops) {
+    const parts = settingPath.split('.');
+    const leafKey = parts[parts.length - 1] ?? '';
+    const parentPath = parts.slice(0, -1).join('.');
+    const set = ops.set ?? {};
+    const add = ops.add ?? {};
+    const remove = ops.remove ?? {};
+    const keys = new Set([...Object.keys(set), ...Object.keys(add), ...Object.keys(remove)]);
+    // If ops targets a single leaf key, check at settingPath; otherwise treat keys as subkeys under parent.
+    for (const k of keys) {
+        const targetPath = k === leafKey || (keys.size === 1 && (k === leafKey || k === ''))
+            ? settingPath
+            : parentPath
+                ? `${parentPath}.${k}`
+                : k;
+        if (Object.prototype.hasOwnProperty.call(set, k)) {
+            const cur = getByPath(configJson, targetPath);
+            const expected = set[k];
+            if (!deepEqual(cur, expected))
+                return { ok: false, expected: { op: 'set', path: targetPath, value: expected } };
+            continue;
+        }
+        const cur = getByPath(configJson, targetPath);
+        const curArr = isStringArray(cur) ? cur : [];
+        const toAdd = add[k] ?? [];
+        const toRemove = remove[k] ?? [];
+        for (const item of toRemove) {
+            if (curArr.includes(item)) {
+                return { ok: false, expected: { op: 'remove', path: targetPath, value: item } };
+            }
+        }
+        for (const item of toAdd) {
+            if (!curArr.includes(item)) {
+                return { ok: false, expected: { op: 'add', path: targetPath, value: item } };
+            }
+        }
+    }
+    return { ok: true, expected: null };
+}
+/** Plain JSON file or virtual `…/state.vscdb#itemKey` path for ItemTable-backed settings. */
+function loadRemediationConfigJson(configFilePath, checkSettingPaths = []) {
+    const resolvedPath = resolveRemediationConfigPath(configFilePath);
+    const hashIdx = resolvedPath.indexOf('#');
+    if (hashIdx >= 0) {
+        const dbPath = resolvedPath.slice(0, hashIdx);
+        const itemKeyFromPath = resolvedPath.slice(hashIdx + 1).trim();
+        if (!itemKeyFromPath)
+            return { ok: false, reason: 'empty_vscdb_key' };
+        if (!existsSync(dbPath))
+            return { ok: false, reason: 'db_not_found' };
+        const keys = new Set([itemKeyFromPath, ...checkSettingPaths.map(itemTableKeyFromSettingPath)].filter(Boolean));
+        const merged = {};
+        for (const k of keys) {
+            const wrapped = readVscdbItemTableJson(dbPath, k);
+            if (wrapped === null)
+                return { ok: false, reason: 'vscdb_read_failed' };
+            Object.assign(merged, wrapped);
+        }
+        return { ok: true, json: merged };
+    }
+    if (!existsSync(resolvedPath))
+        return { ok: false, reason: 'file_not_found' };
+    try {
+        return { ok: true, json: JSON.parse(readFileSync(resolvedPath, 'utf8')) };
+    }
+    catch {
+        return { ok: false, reason: 'parse_error' };
+    }
+}
+// ---------------------------------------------------------------------------
+// Check runner — Section 6: real per-check evaluation
+// ---------------------------------------------------------------------------
+/**
+ * Evaluate current on-disk configs against remediation_instructions.json only (no server).
+ * Returns status for prompt gating / callers; does not persist compliance.json.
+ */
+export function runLocalRemediationComplianceCheck() {
+    try {
+        const { remediations: rawEntries } = readRemediationInstructionsFile();
+        const entries = rawEntries;
+        if (entries.length === 0) {
+            hookRunLog('compliance_check: no remediation instructions present');
+            return { status: 'ok', checked_at: new Date().toISOString(), manifest_uuids: [], violations: [] };
+        }
+        const uuids = entries.map((e) => e.uuid);
+        const violations = [];
+        let skippedNoCompliance = 0;
+        let skippedNonJson = 0;
+        let skippedNoChecks = 0;
+        let skippedUnreadable = 0;
+        for (const entry of entries) {
+            const compliance = entry.fix ?? entry.compliance;
+            if (!compliance) {
+                skippedNoCompliance++;
+                continue;
+            }
+            if (compliance.file_format !== 'json') {
+                skippedNonJson++;
+                hookRunLog(`compliance_check: skipping non-json entry uuid=${entry.uuid}`);
+                continue;
+            }
+            const checks = compliance.checks ?? [];
+            if (checks.length === 0) {
+                skippedNoChecks++;
+                continue;
+            }
+            const loaded = loadRemediationConfigJson(entry.config_file_path, checks.map((c) => c.setting_path));
+            if (!loaded.ok) {
+                skippedUnreadable++;
+                const msg = loaded.reason === 'file_not_found'
+                    ? `compliance_check: config file not found, skipping uuid=${entry.uuid}`
+                    : loaded.reason === 'db_not_found'
+                        ? `compliance_check: vscdb file not found, skipping uuid=${entry.uuid}`
+                        : loaded.reason === 'vscdb_read_failed'
+                            ? `compliance_check: could not read vscdb (sqlite3 missing or invalid JSON?), skipping uuid=${entry.uuid}`
+                            : loaded.reason === 'empty_vscdb_key'
+                                ? `compliance_check: invalid vscdb path (empty # key), skipping uuid=${entry.uuid}`
+                                : `compliance_check: could not parse config file, skipping uuid=${entry.uuid}`;
+                hookRunLog(msg);
+                logRemediationApplyFailure('compliance_check_config_unreadable', {
+                    uuid: entry.uuid,
+                    config_file_path: entry.config_file_path,
+                    finding_formatted_id: compliance.finding_formatted_id,
+                    load_reason: loaded.reason,
+                    reason: 'cannot read config for compliance verify — remediation may not run until path/db is valid',
+                });
+                continue;
+            }
+            const configJson = loaded.json;
+            for (const check of checks) {
+                // Prefer ops-based verification (matches delta apply semantics; doesn't require full after snapshot).
+                if (check.ops) {
+                    const { ok, expected } = verifyOpsApplied(configJson, check.setting_path, check.ops);
+                    if (!ok) {
+                        hookRunLog(`compliance_check: VIOLATION uuid=${entry.uuid} path=${check.setting_path} expected=${JSON.stringify(expected)}`);
+                        violations.push({
+                            uuid: entry.uuid,
+                            finding_formatted_id: compliance.finding_formatted_id,
+                            setting_path: check.setting_path,
+                            description: check.description,
+                            finding_title: entry.finding_title,
+                            finding_description: entry.finding_description,
+                            severity: compliance.severity,
+                            autofix_allowed: compliance.autofix_allowed,
+                            config_file_path: entry.config_file_path,
+                            expected_value: expected,
+                            message: `[${compliance.finding_formatted_id}] ${entry.finding_title ?? compliance.description}\nDescription: ${entry.finding_description ?? compliance.description}\nHow to fix: Apply remediation ops for ${check.setting_path} in ${entry.config_file_path}`,
+                        });
+                    }
+                    continue;
+                }
+                // Backwards compat: old local files may still carry after snapshots.
+                const currentValue = getByPath(configJson, check.setting_path);
+                const leafKey = check.setting_path.split('.').pop();
+                const expectedValue = check.after?.[leafKey];
+                if (expectedValue === undefined)
+                    continue;
+                if (!deepEqual(currentValue, expectedValue)) {
+                    hookRunLog(`compliance_check: VIOLATION uuid=${entry.uuid} path=${check.setting_path} current=${JSON.stringify(currentValue)} expected=${JSON.stringify(expectedValue)}`);
+                    violations.push({
+                        uuid: entry.uuid,
+                        finding_formatted_id: compliance.finding_formatted_id,
+                        setting_path: check.setting_path,
+                        description: check.description,
+                        finding_title: entry.finding_title,
+                        finding_description: entry.finding_description,
+                        severity: compliance.severity,
+                        autofix_allowed: compliance.autofix_allowed,
+                        config_file_path: entry.config_file_path,
+                        expected_value: expectedValue,
+                        message: `[${compliance.finding_formatted_id}] ${entry.finding_title ?? compliance.description}\nDescription: ${entry.finding_description ?? compliance.description}\nHow to fix: Set ${check.setting_path} to ${JSON.stringify(expectedValue)} in ${entry.config_file_path}`,
+                    });
+                }
+            }
+        }
+        const status = {
+            status: violations.length > 0 ? 'fail' : 'ok',
+            checked_at: new Date().toISOString(),
+            manifest_uuids: uuids,
+            violations,
+        };
+        const skipParts = [];
+        if (skippedNoCompliance)
+            skipParts.push(`no_fix=${skippedNoCompliance}`);
+        if (skippedNonJson)
+            skipParts.push(`non_json=${skippedNonJson}`);
+        if (skippedNoChecks)
+            skipParts.push(`no_checks=${skippedNoChecks}`);
+        if (skippedUnreadable)
+            skipParts.push(`unreadable_config=${skippedUnreadable}`);
+        const skipSummary = skipParts.length > 0 ? ` skipped{${skipParts.join(' ')}}` : '';
+        hookRunLog(`compliance_check: done — status=${status.status} violations=${violations.length} manifest_entries=${uuids.length}${skipSummary}`);
+        if (skippedUnreadable > 0) {
+            complianceRunnerDiag(`compliance_check: ${skippedUnreadable} manifest row(s) skipped — vscdb/config unreadable (often DB locked while Cursor runs, or sqlite3/PATH). Autofix cannot evaluate until read succeeds.`);
+        }
+        return status;
+    }
+    catch (err) {
+        const emsg = err instanceof Error ? err.message : String(err);
+        const stack = err instanceof Error ? err.stack : undefined;
+        hookRunLog(`compliance_check: unexpected error: ${emsg}`);
+        logRemediationApplyFailure('compliance_check_exception', {
+            reason: 'runLocalRemediationComplianceCheck threw',
+            error: emsg,
+            stack: stack ?? '',
+        });
+        const fallback = {
+            status: 'ok',
+            checked_at: new Date().toISOString(),
+            manifest_uuids: [],
+            violations: [],
+        };
+        return fallback;
+    }
+}
+export function applyAutofixViolations(violations) {
+    for (const v of violations) {
+        if (!v.autofix_allowed) {
+            logRemediationApplyFailure('autofix_skipped_not_allowed', {
+                uuid: v.uuid,
+                finding_formatted_id: v.finding_formatted_id,
+                config_file_path: v.config_file_path,
+                setting_path: v.setting_path,
+                reason: 'autofix_allowed is false — policy/manual fix required',
+            });
+        }
+    }
+    const autofixable = violations.filter((v) => v.autofix_allowed);
+    if (autofixable.length === 0)
+        return {
+            fixed: 0,
+            appliedViolations: [],
+            restartCommands: [],
+            failedViolations: [],
+            reportPromises: [],
+        };
+    const { remediations } = readRemediationInstructionsFile();
+    const byUuid = new Map(remediations.map((r) => [r.uuid, r]));
+    let fixed = 0;
+    const appliedViolations = [];
+    const seen = new Set();
+    const restartCommands = [];
+    const failedViolations = [];
+    const reportPromises = [];
+    const oneTimeAppliedUuids = new Set();
+    let deferredSqlitePending = false;
+    for (const violation of autofixable) {
+        if (seen.has(violation.uuid))
+            continue;
+        const instruction = byUuid.get(violation.uuid);
+        if (!instruction) {
+            hookRunLog(`autofix: no instruction found for uuid=${violation.uuid}, skipping`);
+            logRemediationApplyFailure('autofix_no_local_instruction', {
+                uuid: violation.uuid,
+                finding_formatted_id: violation.finding_formatted_id,
+                config_file_path: violation.config_file_path,
+                setting_path: violation.setting_path,
+                reason: 'violation UUID not present in remediation_instructions.json remediations[]',
+            });
+            failedViolations.push(violation);
+            continue;
+        }
+        const inst = instruction;
+        const configPathForDisk = resolveRemediationConfigPath(inst.config_file_path);
+        complianceRunnerDiag(`autofix: calling enforceRemediation uuid=${inst.uuid} path=${configPathForDisk}`);
+        const er = enforceRemediation(inst);
+        if (!er.ok) {
+            failedViolations.push(violation);
+            continue;
+        }
+        if (er.deferredSqlite)
+            deferredSqlitePending = true;
+        seen.add(violation.uuid);
+        fixed++;
+        appliedViolations.push(violation);
+        hookRunLog(`autofix: applied uuid=${inst.uuid} path=${configPathForDisk}`);
+        reportPromises.push(reportAutofixApplied(inst.uuid, 'success'));
+        const authKey = readStoredAuthKey();
+        if (authKey) {
+            if (er.deferredSqlite && configPathForDisk.includes('#')) {
+                hookRunLog(`autofix: skip immediate vscdb upload (deferred until after restart) uuid=${inst.uuid}`);
+            }
+            else {
+                let updatedContent;
+                if (configPathForDisk.includes('#')) {
+                    const hi = configPathForDisk.indexOf('#');
+                    const dbPath = configPathForDisk.slice(0, hi);
+                    const itemKey = configPathForDisk.slice(hi + 1).trim();
+                    updatedContent =
+                        itemKey ? (readVscdbItemTableJson(dbPath, itemKey) ?? undefined) : undefined;
+                }
+                else {
+                    try {
+                        updatedContent = JSON.parse(readFileSync(configPathForDisk, 'utf8'));
+                    }
+                    catch {
+                        updatedContent = undefined;
+                    }
+                }
+                if (updatedContent !== undefined) {
+                    const fileType = (inst.file_type ?? '').trim();
+                    if (fileType) {
+                        const hw = tryResolveHardwareUuid();
+                        if (hw) {
+                            reportPromises.push(sendConfigFile({ file_type: fileType, file_path: configPathForDisk, raw_content: updatedContent }, hw, authKey).then((sentOk) => {
+                                hookRunLog(`autofix: uploaded remediated file uuid=${inst.uuid} path=${configPathForDisk} ok=${sentOk}`);
+                            }));
+                        }
+                        else {
+                            hookRunLog(`autofix: skip upload uuid=${inst.uuid} (hardware UUID unavailable)`);
+                        }
+                    }
+                    else {
+                        hookRunLog(`autofix: skip upload uuid=${inst.uuid} — remediation_instructions.json missing file_type (re-sync manifest)`);
+                        logRemediationApplyFailure('autofix_post_apply_upload_skipped', {
+                            uuid: inst.uuid,
+                            config_file_path: inst.config_file_path,
+                            reason: 'file_type missing on instruction — server sync/manifest will not see applied file',
+                        });
+                    }
+                }
+            }
+        }
+        else {
+            hookRunLog(`autofix: skip re-upload uuid=${inst.uuid} (no stored auth key)`);
+        }
+        const spec = remediationFixSpec(inst);
+        if (spec?.restart_required && spec.restart_command) {
+            if (!er.deferredSqlite) {
+                if (isTrustedRestartCommandForAutofix(spec.restart_command)) {
+                    hookRunLog(`autofix: restart required uuid=${inst.uuid} command=${spec.restart_command}`);
+                    restartCommands.push(spec.restart_command);
+                }
+                else {
+                    hookRunLog(`autofix: restart command rejected (not an allowlisted template) uuid=${inst.uuid}`);
+                }
+            }
+        }
+        if (!inst.is_enforced) {
+            oneTimeAppliedUuids.add(inst.uuid);
+        }
+    }
+    if (deferredSqlitePending) {
+        restartCommands.length = 0;
+        restartCommands.push(buildDeferredCursorRestartCommand());
+        hookRunLog('autofix: deferred vscdb — restart command runs apply_deferred_vscdb.js then open -a Cursor');
+    }
+    if (oneTimeAppliedUuids.size > 0) {
+        const remaining = remediations.filter((r) => !oneTimeAppliedUuids.has(r.uuid));
+        writeRemediationInstructionsFile({ remediations: remaining });
+        hookRunLog(`autofix: removed ${oneTimeAppliedUuids.size} one-time remediation(s) from local store`);
+        // Send a post-autofix heartbeat so the server sees the updated (reduced) UUID set immediately,
+        // without waiting for the background runner (which may be locked out).
+        const remainingUuids = remaining.map((r) => r.uuid);
+        const hwHeartbeat = tryResolveHardwareUuid();
+        if (hwHeartbeat) {
+            reportPromises.push(fetchSync(loadEndpointBase(), hwHeartbeat, remainingUuids)
+                .then(() => hookRunLog(`autofix: post-autofix heartbeat sent uuids=${remainingUuids.length}`))
+                .catch(() => undefined));
+        }
+        else {
+            hookRunLog('autofix: skip post-autofix heartbeat (hardware UUID unavailable)');
+        }
+    }
+    if (fixed > 0) {
+        hookRunLog(`autofix: total_applied=${fixed}`);
+    }
+    return { fixed, appliedViolations, restartCommands, failedViolations, reportPromises, deferredSqlitePending };
+}
+/**
+ * Remove satisfied one-time remediations from local remediation_instructions.json.
+ *
+ * This handles the case where a user (or another tool) manually applied the change, so the
+ * instruction no longer needs to persist locally. Enforced remediations are never pruned.
+ *
+ * Returns number removed and any async report promises (heartbeat).
+ */
+export function pruneSatisfiedOneTimeRemediations() {
+    const { remediations } = readRemediationInstructionsFile();
+    if (!Array.isArray(remediations) || remediations.length === 0)
+        return { removed: 0, reportPromises: [] };
+    const remaining = [];
+    let removed = 0;
+    for (const raw of remediations) {
+        const inst = raw;
+        if (inst.is_enforced) {
+            remaining.push(raw);
+            continue;
+        }
+        const spec = remediationFixSpec(inst);
+        const checks = spec?.file_format === 'json' ? (spec.checks ?? []) : [];
+        if (checks.length === 0) {
+            remaining.push(raw);
+            continue;
+        }
+        const prLoaded = loadRemediationConfigJson(inst.config_file_path, checks.map((c) => c.setting_path));
+        if (!prLoaded.ok) {
+            remaining.push(raw);
+            continue;
+        }
+        const configJson = prLoaded.json;
+        // Only prune when every check is ops-based and currently satisfied.
+        let okAll = true;
+        for (const check of checks) {
+            if (!check.ops) {
+                okAll = false;
+                break;
+            }
+            const res = verifyOpsApplied(configJson, check.setting_path, check.ops);
+            if (!res.ok) {
+                okAll = false;
+                break;
+            }
+        }
+        if (okAll) {
+            removed++;
+            hookRunLog(`remediation_prune: satisfied one-time uuid=${inst.uuid} path=${inst.config_file_path}`);
+        }
+        else {
+            remaining.push(raw);
+        }
+    }
+    if (removed === 0)
+        return { removed: 0, reportPromises: [] };
+    writeRemediationInstructionsFile({ remediations: remaining });
+    hookRunLog(`remediation_prune: removed=${removed} remaining=${remaining.length}`);
+    const remainingUuids = remaining.map((r) => r.uuid);
+    const hw = tryResolveHardwareUuid();
+    const reportPromises = [];
+    if (hw) {
+        reportPromises.push(fetchSync(loadEndpointBase(), hw, remainingUuids)
+            .then(() => hookRunLog(`remediation_prune: post-prune heartbeat sent uuids=${remainingUuids.length}`))
+            .catch(() => undefined));
+    }
+    else {
+        hookRunLog('remediation_prune: skip post-prune heartbeat (hardware UUID unavailable)');
+    }
+    return { removed, reportPromises };
+}
+/**
+ * Background refresh: server sync for latest instructions, then the same local evaluation as the hook.
+ * Apply (autofix) is intentionally deferred to the gate on the next prompt — this pass only downloads
+ * a fresh manifest so the gate has up-to-date data when it runs.
+ */
+export async function runComplianceCheck() {
+    try {
+        await syncRemediations(loadEndpointBase(), resolveHardwareUuid());
+    }
+    catch (err) {
+        hookRunLog(`compliance_check: remediation_sync unexpected error: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const status = runLocalRemediationComplianceCheck();
+    if (status.status === 'ok' || status.violations.length === 0) {
+        const pruned = pruneSatisfiedOneTimeRemediations();
+        if (pruned.removed > 0) {
+            await Promise.allSettled(pruned.reportPromises);
+        }
+    }
+}

package/dist/log_config_files/runtime/hardware_uuid.js

@@ -0,0 +1,36 @@
+import { execSync } from 'node:child_process';
+/** Resolve hardware UUID from environment or system commands. */
+function resolveHardwareUuid() {
+    const envUuid = process.env.OPTIMUS_HARDWARE_UUID?.trim();
+    if (envUuid)
+        return envUuid;
+    try {
+        const ioregOutput = execSync('ioreg -rd1 -c IOPlatformExpertDevice', { encoding: 'utf8' }).trim();
+        const ioregMatch = ioregOutput.match(/"IOPlatformUUID"\s*=\s*"([^"]+)"/i);
+        if (ioregMatch?.[1])
+            return ioregMatch[1];
+    }
+    catch {
+        // try next method
+    }
+    try {
+        const profilerOutput = execSync('system_profiler SPHardwareDataType', { encoding: 'utf8' }).trim();
+        const profilerMatch = profilerOutput.match(/Hardware UUID:\s*([A-F0-9-]+)/i);
+        if (profilerMatch?.[1])
+            return profilerMatch[1];
+    }
+    catch {
+        // both methods failed
+    }
+    throw new Error('Unable to determine hardware UUID via ioreg or system_profiler.');
+}
+/** Same as {@link resolveHardwareUuid} but returns null when the host exposes no stable ID (e.g. Linux CI). */
+export function tryResolveHardwareUuid() {
+    try {
+        return resolveHardwareUuid();
+    }
+    catch {
+        return null;
+    }
+}
+export { resolveHardwareUuid };