log-llm-config-staging 1.3.48 → 1.3.51

package/dist/compliance_prompt_gate.js

@@ -6,7 +6,7 @@
  * When autofix returns restart_commands, this process does not spawn them — the shell hook pipes
  * the same JSON line to execute_trusted_restarts (TS allowlist + spawn).
  */
-import { applyAutofixViolations, pruneSatisfiedOneTimeRemediations, runLocalRemediationComplianceCheck, } from './log_config_files/runtime/compliance_check.js';
+import { applyAutofixViolations, normalizeAgentToken, pruneSatisfiedOneTimeRemediations, runLocalRemediationComplianceCheck, } from './log_config_files/runtime/compliance_check.js';
 import { existsSync, statSync } from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import { basename } from 'node:path';
@@ -23,6 +23,18 @@ function parseIde() {
         return 'claude';
     return 'cursor';
 }
+function defaultAgentFromIde(ide) {
+    return ide === 'claude' ? 'claude' : 'cursor';
+}
+function parseAgent(ide) {
+    const eq = process.argv.find((a) => a.startsWith('--agent='));
+    if (eq) {
+        const normalized = normalizeAgentToken(eq.slice('--agent='.length));
+        if (normalized)
+            return normalized;
+    }
+    return defaultAgentFromIde(ide);
+}
 function printAllow(ide) {
     if (ide === 'claude')
         console.log('{}');
@@ -94,8 +106,9 @@ export async function runCompliancePromptGateCli() {
 /** Exported for tests; runs when `dist/compliance_prompt_gate.js` is the process entry (argv[1]). */
 export async function runCompliancePromptGate() {
     const ide = parseIde();
+    const agent = parseAgent(ide);
     hookLogSessionBanner('compliance_prompt_gate (before submit)');
-    const status = runLocalRemediationComplianceCheck();
+    const status = runLocalRemediationComplianceCheck(agent);
     if (status.status === 'fail' && status.violations.length > 0) {
         const staleMs = getManifestStalenessMs();
         if (staleMs !== null && staleMs > MANIFEST_STALE_MS) {
@@ -110,7 +123,7 @@ export async function runCompliancePromptGate() {
             printAllowWithAdvisory(ide, advisory);
             return;
         }
-        const { fixed, appliedViolations = [], restartCommands, failedViolations, reportPromises, deferredSqlitePending, } = applyAutofixViolations(status.violations);
+        const { fixed, appliedViolations = [], restartCommands, failedViolations, reportPromises, deferredSqlitePending, } = applyAutofixViolations(status.violations, agent);
         hookRunLog(`compliance_prompt_gate: autofix result ide=${ide} fixed=${fixed} applied=${appliedViolations.length} failed=${failedViolations.length} restart_commands=${restartCommands.length} deferred_sqlite_pending=${deferredSqlitePending}`);
         if (fixed > 0) {
             // Wait for all server reports before exiting so the POST lands.
@@ -129,7 +142,7 @@ export async function runCompliancePromptGate() {
                 console.log(blockPayload(ide, msg));
                 return;
             }
-            const recheck = runLocalRemediationComplianceCheck();
+            const recheck = runLocalRemediationComplianceCheck(agent);
             const recheckOk = recheck.status === 'ok' || recheck.violations.length === 0;
             // Cursor: tolerate a failing recheck only when SQLite updates are deferred (apply after restart).
             // Claude Code: JSON remediations are written immediately; merge/verify timing can still leave the
@@ -188,7 +201,7 @@ export async function runCompliancePromptGate() {
         return;
     }
     // No violations: clean up satisfied one-time remediations so they don't linger locally forever.
-    const pruned = pruneSatisfiedOneTimeRemediations();
+    const pruned = pruneSatisfiedOneTimeRemediations(agent);
     if (pruned.removed > 0) {
         await Promise.allSettled(pruned.reportPromises);
     }

package/dist/log_config_files/runtime/compliance_check.js

@@ -20,6 +20,57 @@ import { resolveHardwareUuid, tryResolveHardwareUuid } from './hardware_uuid.js'
 import { buildDeferredCursorRestartCommand, enforceRemediation, fetchSync, isTrustedRestartCommandForAutofix, remediationFixSpec, reportAutofixApplied, syncRemediations, } from './remediation_sync.js';
 import { sendConfigFile } from '../sender/batch_sender.js';
 import { readStoredAuthKey } from '../auth/auth_key_store.js';
+/** Normalize manifest/env/CLI agent tokens to a known Agent, or '' if unrecognized. */
+export function normalizeAgentToken(raw) {
+    if (typeof raw !== 'string')
+        return '';
+    const s = raw.trim().toLowerCase();
+    if (!s)
+        return '';
+    if (s === 'claude-desktop')
+        return 'claude_desktop';
+    if (s === 'claude_desktop')
+        return 'claude_desktop';
+    if (s === 'claude')
+        return 'claude';
+    if (s === 'cursor')
+        return 'cursor';
+    return '';
+}
+function currentAgentFromEnv() {
+    // Allow explicit override for debugging / special launchers.
+    const override = normalizeAgentToken(process.env.OPTIMUS_AGENT);
+    if (override)
+        return override;
+    // Backwards-compatible: hook wrappers set OPTIMUS_HOOK_TYPE to cursor|claude.
+    const hookType = normalizeAgentToken(process.env.OPTIMUS_HOOK_TYPE);
+    return hookType === 'cursor' ? 'cursor' : 'claude';
+}
+function targetsCurrentAgent(entry, agent) {
+    // Prefer top-level manifest field; fall back to embedded fix payload for older local files.
+    const embedded = (entry.fix && typeof entry.fix === 'object'
+        ? entry.fix.target_agent
+        : null) ??
+        (entry.compliance && typeof entry.compliance === 'object'
+            ? entry.compliance.target_agent
+            : null);
+    const t = entry.target_agent ?? embedded;
+    // Backwards compat: missing/empty target_agent means "applies to all agents".
+    if (t === null || t === undefined)
+        return true;
+    if (typeof t !== 'string') {
+        complianceRunnerDiag(`Ignoring remediation with non-string target_agent: ${String(t)}`);
+        return false;
+    }
+    if (!t.trim())
+        return true;
+    const normalized = normalizeAgentToken(t);
+    if (!normalized) {
+        complianceRunnerDiag(`Ignoring remediation with unknown target_agent: ${t}`);
+        return false;
+    }
+    return normalized === agent;
+}
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -133,10 +184,10 @@ function loadRemediationConfigJson(configFilePath, checkSettingPaths = []) {
  * Evaluate current on-disk configs against remediation_instructions.json only (no server).
  * Returns status for prompt gating / callers; does not persist compliance.json.
  */
-export function runLocalRemediationComplianceCheck() {
+export function runLocalRemediationComplianceCheck(agent = 'cursor') {
     try {
         const { remediations: rawEntries } = readRemediationInstructionsFile();
-        const entries = rawEntries;
+        const entries = rawEntries.filter((e) => targetsCurrentAgent(e, agent));
         if (entries.length === 0) {
             hookRunLog('compliance_check: no remediation instructions present');
             return { status: 'ok', checked_at: new Date().toISOString(), manifest_uuids: [], violations: [] };
@@ -272,7 +323,7 @@ export function runLocalRemediationComplianceCheck() {
         return fallback;
     }
 }
-export function applyAutofixViolations(violations) {
+export function applyAutofixViolations(violations, agent = 'cursor') {
     for (const v of violations) {
         if (!v.autofix_allowed) {
             logRemediationApplyFailure('autofix_skipped_not_allowed', {
@@ -294,7 +345,8 @@ export function applyAutofixViolations(violations) {
             reportPromises: [],
         };
     const { remediations } = readRemediationInstructionsFile();
-    const byUuid = new Map(remediations.map((r) => [r.uuid, r]));
+    const scopedRemediations = remediations.filter((e) => targetsCurrentAgent(e, agent));
+    const byUuid = new Map(scopedRemediations.map((r) => [r.uuid, r]));
     let fixed = 0;
     const appliedViolations = [];
     const seen = new Set();
@@ -405,11 +457,17 @@ export function applyAutofixViolations(violations) {
         hookRunLog('autofix: deferred vscdb — restart command runs apply_deferred_vscdb.js then open -a Cursor');
     }
     if (oneTimeAppliedUuids.size > 0) {
-        const remaining = remediations.filter((r) => !oneTimeAppliedUuids.has(r.uuid));
+        // Only prune one-time remediations for this agent; keep other-agent remediations intact.
+        const remaining = remediations.filter((r) => {
+            if (!targetsCurrentAgent(r, agent))
+                return true;
+            return !oneTimeAppliedUuids.has(r.uuid);
+        });
         writeRemediationInstructionsFile({ remediations: remaining });
         hookRunLog(`autofix: removed ${oneTimeAppliedUuids.size} one-time remediation(s) from local store`);
         // Send a post-autofix heartbeat so the server sees the updated (reduced) UUID set immediately,
         // without waiting for the background runner (which may be locked out).
+        // Heartbeat should reflect the full local file state (including other-agent remediations that remain).
         const remainingUuids = remaining.map((r) => r.uuid);
         const hwHeartbeat = tryResolveHardwareUuid();
         if (hwHeartbeat) {
@@ -434,7 +492,7 @@ export function applyAutofixViolations(violations) {
  *
  * Returns number removed and any async report promises (heartbeat).
  */
-export function pruneSatisfiedOneTimeRemediations() {
+export function pruneSatisfiedOneTimeRemediations(agent = 'cursor') {
     const { remediations } = readRemediationInstructionsFile();
     if (!Array.isArray(remediations) || remediations.length === 0)
         return { removed: 0, reportPromises: [] };
@@ -442,6 +500,10 @@ export function pruneSatisfiedOneTimeRemediations() {
     let removed = 0;
     for (const raw of remediations) {
         const inst = raw;
+        if (!targetsCurrentAgent(inst, agent)) {
+            remaining.push(raw);
+            continue;
+        }
         if (inst.is_enforced) {
             remaining.push(raw);
             continue;
@@ -502,15 +564,16 @@ export function pruneSatisfiedOneTimeRemediations() {
  * a fresh manifest so the gate has up-to-date data when it runs.
  */
 export async function runComplianceCheck() {
+    const agent = currentAgentFromEnv();
     try {
         await syncRemediations(loadEndpointBase(), resolveHardwareUuid());
     }
     catch (err) {
         hookRunLog(`compliance_check: remediation_sync unexpected error: ${err instanceof Error ? err.message : String(err)}`);
     }
-    const status = runLocalRemediationComplianceCheck();
+    const status = runLocalRemediationComplianceCheck(agent);
     if (status.status === 'ok' || status.violations.length === 0) {
-        const pruned = pruneSatisfiedOneTimeRemediations();
+        const pruned = pruneSatisfiedOneTimeRemediations(agent);
         if (pruned.removed > 0) {
             await Promise.allSettled(pruned.reportPromises);
         }

package/dist/log_config_files/runtime/remediation_sync.js

@@ -368,6 +368,14 @@ const TRUSTED_CURSOR_SQLITE_DEFERRED_RESTART_COMMAND = 'REPO_ROOT=$(git rev-pars
     "nohup bash -c 'exec >>\"\$OPTIMUS_DEFERRED_LOG\" 2>&1; echo deferred_restart:begin ts=\$(date -u +%Y-%m-%dT%H:%M:%SZ) REPO_ROOT=\"\$REPO_ROOT\" CURSOR_PROJECT=\"\$CURSOR_PROJECT\"; sleep 2; if [ -f \"\$REPO_ROOT/dev_npx_packages/log-llm-config/dist/apply_deferred_vscdb.js\" ]; then echo deferred_restart:apply_via_monorepo_node; node \"\$REPO_ROOT/dev_npx_packages/log-llm-config/dist/apply_deferred_vscdb.js\"; APPLY_EC=\$?; else echo deferred_restart:apply_via_npx; cd \"\$REPO_ROOT\" && npx --yes log-llm-config@latest apply-deferred-vscdb; APPLY_EC=\$?; fi; echo deferred_restart:apply_exit=\$APPLY_EC; if [ \$APPLY_EC -ne 0 ]; then echo deferred_restart:APPLY_FAILED_see_messages_above; fi; echo deferred_restart:open_cursor; open -a Cursor \"\$CURSOR_PROJECT\"; echo deferred_restart:open_exit=\$?; echo deferred_restart:end ts=\$(date -u +%Y-%m-%dT%H:%M:%SZ)' >/dev/null 2>&1 & killall -9 Cursor";
 const TRUSTED_CURSOR_JSON_SETTINGS_RESTART_COMMAND = 'CURSOR_PROJECT=$(git rev-parse --show-toplevel 2>/dev/null || pwd) && export CURSOR_PROJECT && nohup bash -c \'sleep 2 && open -a Cursor "$CURSOR_PROJECT"\' >/dev/null 2>&1 & killall -9 Cursor';
 const TRUSTED_CLAUDE_RESTART_COMMAND = "nohup bash -c 'sleep 2 && open -a Claude' >/dev/null 2>&1 & pkill -x 'Claude'";
+export function isClaudeRestartCommand(cmd) {
+    return cmd.trim() === TRUSTED_CLAUDE_RESTART_COMMAND;
+}
+export function isCursorRestartCommand(cmd) {
+    const t = cmd.trim();
+    return (t === TRUSTED_CURSOR_SQLITE_DEFERRED_RESTART_COMMAND ||
+        t === TRUSTED_CURSOR_JSON_SETTINGS_RESTART_COMMAND);
+}
 /**
  * Autofix restart_command allowlist: manifest strings are attacker-controlled if JSON is tampered.
  * SQLite-deferred Cursor path always uses {@link buildDeferredCursorRestartCommand}; manifests may still

package/dist/log_config_files/runtime/trusted_restarts.js

@@ -5,13 +5,26 @@
 import { spawn } from 'node:child_process';
 import { appendComplianceRunnerLine, hookRunLog } from './hook_logger.js';
 import { getDeferredVscdbRestartLogPath } from './management_storage.js';
-import { isTrustedRestartCommandForAutofix } from './remediation_sync.js';
+import { normalizeAgentToken } from './compliance_check.js';
+import { isClaudeRestartCommand, isCursorRestartCommand, isTrustedRestartCommandForAutofix } from './remediation_sync.js';
 const FALLBACK_PATH = '/usr/bin:/bin:/usr/local/bin:/opt/homebrew/bin';
 function isDeferredVscdbRestart(cmd) {
     return cmd.includes('OPTIMUS_DEFERRED_LOG') || cmd.includes('apply_deferred_vscdb');
 }
+function currentAgentFromEnv() {
+    // Keep restart scoping consistent with remediation scoping:
+    // prefer OPTIMUS_AGENT override, then fall back to OPTIMUS_HOOK_TYPE.
+    const override = normalizeAgentToken(process.env.OPTIMUS_AGENT);
+    if (override === 'cursor')
+        return 'cursor';
+    if (override === 'claude' || override === 'claude_desktop')
+        return 'claude';
+    const hookType = normalizeAgentToken(process.env.OPTIMUS_HOOK_TYPE);
+    return hookType === 'cursor' ? 'cursor' : 'claude';
+}
 /** Spawn each trusted command detached (same pattern as former compliance_prompt_gate fireRestartCommands). */
 export function executeTrustedRestartCommands(commands) {
+    const agent = currentAgentFromEnv();
     for (const cmd of commands) {
         const t = cmd.trim();
         if (!t)
@@ -22,6 +35,19 @@ export function executeTrustedRestartCommands(commands) {
             appendComplianceRunnerLine('RESTART', msg);
             continue;
         }
+        // Safety: never restart the wrong app for the current hook type.
+        if (agent === 'cursor' && isClaudeRestartCommand(t)) {
+            const msg = 'rejected_claude_restart_in_cursor_hook';
+            hookRunLog(`execute_trusted_restarts: ${msg}`);
+            appendComplianceRunnerLine('RESTART', msg);
+            continue;
+        }
+        if (agent === 'claude' && isCursorRestartCommand(t)) {
+            const msg = 'rejected_cursor_restart_in_claude_hook';
+            hookRunLog(`execute_trusted_restarts: ${msg}`);
+            appendComplianceRunnerLine('RESTART', msg);
+            continue;
+        }
         const deferred = isDeferredVscdbRestart(t);
         const detailPath = getDeferredVscdbRestartLogPath();
         if (deferred) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "log-llm-config-staging",
-  "version": "1.3.48",
+  "version": "1.3.51",
   "description": "CLI helpers for logging hardware UUIDs and posting startup payloads to Optimus Security.",
   "type": "module",
   "bin": {