log-llm-config-staging 1.3.70 → 1.3.72
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* npm/npx --package=... sets lifecycle env vars that break unrelated scoped `npx @scope/pkg`
|
|
3
|
+
* (e.g. MCP servers). Strip before spawning shells that may reopen Cursor or run other npx.
|
|
4
|
+
*/
|
|
5
|
+
export const NPM_EXEC_POLLUTION_KEYS = [
|
|
6
|
+
'npm_command',
|
|
7
|
+
'npm_config_local_prefix',
|
|
8
|
+
'npm_config_package',
|
|
9
|
+
'npm_lifecycle_event',
|
|
10
|
+
'npm_lifecycle_script',
|
|
11
|
+
'npm_lifecycle_inject_node',
|
|
12
|
+
'npm_package_json',
|
|
13
|
+
'npm_execpath',
|
|
14
|
+
'npm_config_yes',
|
|
15
|
+
'npm_config_node_gyp',
|
|
16
|
+
'npm_config_npm_version',
|
|
17
|
+
'npm_config_user_agent',
|
|
18
|
+
'NPM_COMMAND',
|
|
19
|
+
'NPM_CONFIG_LOCAL_PREFIX',
|
|
20
|
+
'NPM_CONFIG_PACKAGE',
|
|
21
|
+
'NPM_LIFECYCLE_EVENT',
|
|
22
|
+
'NPM_LIFECYCLE_SCRIPT',
|
|
23
|
+
'NPM_EXECPATH',
|
|
24
|
+
'NPM_CONFIG_YES',
|
|
25
|
+
];
|
|
26
|
+
export function envWithoutNpmExecPollution(env) {
|
|
27
|
+
const clean = { ...env };
|
|
28
|
+
for (const key of NPM_EXEC_POLLUTION_KEYS) {
|
|
29
|
+
delete clean[key];
|
|
30
|
+
}
|
|
31
|
+
return clean;
|
|
32
|
+
}
|
|
33
|
+
/** Bash prefix: unset lifecycle vars before running npx in deferred restart shells. */
|
|
34
|
+
export const DEFERRED_RESTART_UNSET_NPM_ENV = 'unset npm_command npm_config_local_prefix npm_config_package npm_lifecycle_event ' +
|
|
35
|
+
'npm_lifecycle_script npm_lifecycle_inject_node npm_package_json npm_execpath npm_config_yes ' +
|
|
36
|
+
'npm_config_node_gyp npm_config_npm_version npm_config_user_agent ' +
|
|
37
|
+
'NPM_COMMAND NPM_CONFIG_LOCAL_PREFIX NPM_CONFIG_PACKAGE NPM_LIFECYCLE_EVENT NPM_LIFECYCLE_SCRIPT NPM_EXECPATH 2>/dev/null; ';
|
|
38
|
+
/** Bash wrapper for npx in deferred restart (env -u strips inherited npm exec state). */
|
|
39
|
+
export const DEFERRED_RESTART_NPX = 'env -u npm_command -u npm_config_local_prefix -u npm_config_package -u npm_lifecycle_event ' +
|
|
40
|
+
'-u npm_lifecycle_script -u npm_lifecycle_inject_node -u npm_package_json -u npm_execpath npx';
|
|
@@ -394,7 +394,7 @@ function assertSafeSqliteIdentifiersForItemTable(table, keyColumn, valueColumn)
|
|
|
394
394
|
const TRUSTED_CURSOR_SQLITE_DEFERRED_RESTART_COMMAND = 'REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd) && export REPO_ROOT && ' +
|
|
395
395
|
'CURSOR_PROJECT="${CURSOR_PROJECT_DIR:-$REPO_ROOT}" && export CURSOR_PROJECT && ' +
|
|
396
396
|
'OPTIMUS_DEFERRED_LOG="${HOME}/opt-ai-sec/management/deferred_vscdb_restart.log" && mkdir -p "$(dirname "$OPTIMUS_DEFERRED_LOG")" && export OPTIMUS_DEFERRED_LOG && ' +
|
|
397
|
-
"nohup bash -c 'exec >>\"\$OPTIMUS_DEFERRED_LOG\" 2>&1; echo deferred_restart:begin ts=\$(date -u +%Y-%m-%dT%H:%M:%SZ) REPO_ROOT=\"\$REPO_ROOT\" CURSOR_PROJECT=\"\$CURSOR_PROJECT\"; sleep 2; STATIC_DEV_ENV=\"\$HOME/opt-ai-sec/management/optimus_dev.env\"; ENV_LABEL=\"\"; if [ -f \"\$STATIC_DEV_ENV\" ]; then ENV_LABEL=\$(grep -E \"^(environment|ENVIRONMENT|OPTIMUS_ENVIRONMENT)=\" \"\$STATIC_DEV_ENV\" 2>/dev/null | head -1 | cut -d\"=\" -f2- | tr \"[:upper:]\" \"[:lower:]\" | xargs); fi; if [ -z \"\$ENV_LABEL\" ] && [ -n \"\${OPTIMUS_ENVIRONMENT:-}\" ]; then ENV_LABEL=\$(printf \"%s\" \"\$OPTIMUS_ENVIRONMENT\" | tr \"[:upper:]\" \"[:lower:]\" | xargs); fi; [ -z \"\$ENV_LABEL\" ] && ENV_LABEL=\"production\"; NPX_BASE=\"\"; if [ -f \"\$STATIC_DEV_ENV\" ]; then _nb=\$(grep -E \"^npx=\" \"\$STATIC_DEV_ENV\" 2>/dev/null | head -1 | cut -d\"=\" -f2- | xargs); [ -n \"\$_nb\" ] && [ -d \"\$_nb\" ] && NPX_BASE=\"\$_nb\"; fi; p=\"\${npm_config_prefix:-\${NPM_CONFIG_PREFIX:-}}\"; gp=\"\${npm_config_global_prefix:-}\"; gc=\"\${npm_config_globalconfig:-}\"; if [[ \"\$p\" == *\"/Applications/Cursor.app/\"* ]] || [[ \"\$gp\" == *\"/Applications/Cursor.app/\"* ]] || [[ \"\$gc\" == *\"/Applications/Cursor.app/\"* ]]; then unset npm_config_prefix NPM_CONFIG_PREFIX npm_config_global_prefix npm_config_globalconfig npm_node_execpath 2>/dev/null; fi; APPLY_EC=0; if [ -f \"\$REPO_ROOT/dev_npx_packages/log-llm-config/dist/apply_deferred_vscdb.js\" ]; then echo deferred_restart:apply_via_dev_npx_packages; node \"\$REPO_ROOT/dev_npx_packages/log-llm-config/dist/apply_deferred_vscdb.js\"; APPLY_EC=\$?; elif [ \"\$ENV_LABEL\" = \"development\" ] && [ -n \"\$NPX_BASE\" ] && [ -f \"\$NPX_BASE/log-llm-config/dist/apply_deferred_vscdb.js\" ]; then echo deferred_restart:apply_via_optimus_npx_base; node \"\$NPX_BASE/log-llm-config/dist/apply_deferred_vscdb.js\"; APPLY_EC=\$?; elif command -v npx >/dev/null 2>&1; then echo deferred_restart:apply_via_npx env=\"\$ENV_LABEL\"; cd \"\$REPO_ROOT\" || true; if [ \"\$ENV_LABEL\" = \"staging\" ]; then npx --yes --package=log-llm-config-staging@latest apply-deferred-vscdb-staging; APPLY_EC=\$?; else npx --yes --package=log-llm-config@latest apply-deferred-vscdb; APPLY_EC=\$?; fi; else echo deferred_restart:no_npx; APPLY_EC=127; fi; echo deferred_restart:apply_exit=\$APPLY_EC; if [ \$APPLY_EC -ne 0 ]; then echo deferred_restart:APPLY_FAILED_see_messages_above; fi; echo deferred_restart:open_cursor; open -a Cursor \"\$CURSOR_PROJECT\"; echo deferred_restart:open_exit=\$?; echo deferred_restart:end ts=\$(date -u +%Y-%m-%dT%H:%M:%SZ)' >/dev/null 2>&1 & killall -9 Cursor";
|
|
397
|
+
"nohup bash -c 'exec >>\"\$OPTIMUS_DEFERRED_LOG\" 2>&1; echo deferred_restart:begin ts=\$(date -u +%Y-%m-%dT%H:%M:%SZ) REPO_ROOT=\"\$REPO_ROOT\" CURSOR_PROJECT=\"\$CURSOR_PROJECT\"; sleep 2; STATIC_DEV_ENV=\"\$HOME/opt-ai-sec/management/optimus_dev.env\"; ENV_LABEL=\"\"; if [ -f \"\$STATIC_DEV_ENV\" ]; then ENV_LABEL=\$(grep -E \"^(environment|ENVIRONMENT|OPTIMUS_ENVIRONMENT)=\" \"\$STATIC_DEV_ENV\" 2>/dev/null | head -1 | cut -d\"=\" -f2- | tr \"[:upper:]\" \"[:lower:]\" | xargs); fi; if [ -z \"\$ENV_LABEL\" ] && [ -n \"\${OPTIMUS_ENVIRONMENT:-}\" ]; then ENV_LABEL=\$(printf \"%s\" \"\$OPTIMUS_ENVIRONMENT\" | tr \"[:upper:]\" \"[:lower:]\" | xargs); fi; [ -z \"\$ENV_LABEL\" ] && ENV_LABEL=\"production\"; NPX_BASE=\"\"; if [ -f \"\$STATIC_DEV_ENV\" ]; then _nb=\$(grep -E \"^npx=\" \"\$STATIC_DEV_ENV\" 2>/dev/null | head -1 | cut -d\"=\" -f2- | xargs); [ -n \"\$_nb\" ] && [ -d \"\$_nb\" ] && NPX_BASE=\"\$_nb\"; fi; p=\"\${npm_config_prefix:-\${NPM_CONFIG_PREFIX:-}}\"; gp=\"\${npm_config_global_prefix:-}\"; gc=\"\${npm_config_globalconfig:-}\"; if [[ \"\$p\" == *\"/Applications/Cursor.app/\"* ]] || [[ \"\$gp\" == *\"/Applications/Cursor.app/\"* ]] || [[ \"\$gc\" == *\"/Applications/Cursor.app/\"* ]]; then unset npm_config_prefix NPM_CONFIG_PREFIX npm_config_global_prefix npm_config_globalconfig npm_node_execpath 2>/dev/null; fi; APPLY_EC=0; if [ -f \"\$REPO_ROOT/dev_npx_packages/log-llm-config/dist/apply_deferred_vscdb.js\" ]; then echo deferred_restart:apply_via_dev_npx_packages; node \"\$REPO_ROOT/dev_npx_packages/log-llm-config/dist/apply_deferred_vscdb.js\"; APPLY_EC=\$?; elif [ \"\$ENV_LABEL\" = \"development\" ] && [ -n \"\$NPX_BASE\" ] && [ -f \"\$NPX_BASE/log-llm-config/dist/apply_deferred_vscdb.js\" ]; then echo deferred_restart:apply_via_optimus_npx_base; node \"\$NPX_BASE/log-llm-config/dist/apply_deferred_vscdb.js\"; APPLY_EC=\$?; elif command -v npx >/dev/null 2>&1; then echo deferred_restart:apply_via_npx env=\"\$ENV_LABEL\"; cd \"\$REPO_ROOT\" || true; if [ \"\$ENV_LABEL\" = \"staging\" ]; then npx --yes --package=log-llm-config-staging@latest apply-deferred-vscdb-staging; APPLY_EC=\$?; else npx --yes --package=log-llm-config@latest apply-deferred-vscdb; APPLY_EC=\$?; fi; else echo deferred_restart:no_npx; APPLY_EC=127; fi; echo deferred_restart:apply_exit=\$APPLY_EC; if [ \$APPLY_EC -ne 0 ]; then echo deferred_restart:APPLY_FAILED_see_messages_above; fi; echo deferred_restart:open_cursor; env -u npm_config_package -u npm_lifecycle_event -u npm_lifecycle_script -u npm_config_local_prefix open -a Cursor \"\$CURSOR_PROJECT\"; echo deferred_restart:open_exit=\$?; echo deferred_restart:end ts=\$(date -u +%Y-%m-%dT%H:%M:%SZ)' >/dev/null 2>&1 & killall -9 Cursor";
|
|
398
398
|
const TRUSTED_CURSOR_JSON_SETTINGS_RESTART_COMMAND = 'CURSOR_PROJECT=$(git rev-parse --show-toplevel 2>/dev/null || pwd) && export CURSOR_PROJECT && nohup bash -c \'sleep 2 && open -a Cursor "$CURSOR_PROJECT"\' >/dev/null 2>&1 & killall -9 Cursor';
|
|
399
399
|
const TRUSTED_CLAUDE_RESTART_COMMAND = "nohup bash -c 'sleep 2 && open -a Claude' >/dev/null 2>&1 & pkill -x 'Claude'";
|
|
400
400
|
export function isClaudeRestartCommand(cmd) {
|
|
@@ -8,6 +8,20 @@ import { getDeferredVscdbRestartLogPath } from './management_storage.js';
|
|
|
8
8
|
import { normalizeAgentToken } from './compliance_check.js';
|
|
9
9
|
import { isClaudeRestartCommand, isCursorRestartCommand, isTrustedRestartCommandForAutofix } from './remediation_sync.js';
|
|
10
10
|
const FALLBACK_PATH = '/usr/bin:/bin:/usr/local/bin:/opt/homebrew/bin';
|
|
11
|
+
/** Vars set by `npx --package=...` that break unrelated scoped `npx @scope/pkg` after Cursor reopen. */
|
|
12
|
+
const NPM_RESTART_POLLUTION = [
|
|
13
|
+
'npm_config_package',
|
|
14
|
+
'npm_lifecycle_event',
|
|
15
|
+
'npm_lifecycle_script',
|
|
16
|
+
'npm_config_local_prefix',
|
|
17
|
+
];
|
|
18
|
+
function envForRestartSpawn(base) {
|
|
19
|
+
const env = { ...base };
|
|
20
|
+
for (const key of NPM_RESTART_POLLUTION) {
|
|
21
|
+
delete env[key];
|
|
22
|
+
}
|
|
23
|
+
return env;
|
|
24
|
+
}
|
|
11
25
|
function isDeferredVscdbRestart(cmd) {
|
|
12
26
|
return cmd.includes('OPTIMUS_DEFERRED_LOG') || cmd.includes('apply_deferred_vscdb');
|
|
13
27
|
}
|
|
@@ -61,12 +75,12 @@ export function executeTrustedRestartCommands(commands) {
|
|
|
61
75
|
const child = spawn('sh', ['-c', t], {
|
|
62
76
|
detached: true,
|
|
63
77
|
stdio: 'ignore',
|
|
64
|
-
env: {
|
|
78
|
+
env: envForRestartSpawn({
|
|
65
79
|
...process.env,
|
|
66
80
|
PATH: process.env.PATH && String(process.env.PATH).trim().length > 0
|
|
67
81
|
? process.env.PATH
|
|
68
82
|
: FALLBACK_PATH,
|
|
69
|
-
},
|
|
83
|
+
}),
|
|
70
84
|
});
|
|
71
85
|
child.on('error', (err) => {
|
|
72
86
|
const emsg = err instanceof Error ? err.message : String(err);
|
package/dist/tofu.js
CHANGED
|
@@ -2,37 +2,48 @@
|
|
|
2
2
|
* Tofu shim — centralises all imports from optimus-tofu-staging.
|
|
3
3
|
*
|
|
4
4
|
* Reads ~/opt-ai-sec/management/optimus_dev.env at startup:
|
|
5
|
-
* -
|
|
6
|
-
* -
|
|
5
|
+
* - No file / unreadable → staging (ignores OPTIMUS_ENVIRONMENT).
|
|
6
|
+
* - File present → environment= line in file, then OPTIMUS_ENVIRONMENT, then staging.
|
|
7
|
+
* - environment=development + local dist present → loads sibling optimus-tofu dist
|
|
8
|
+
* - staging / production / npx installs → published optimus-tofu-staging npm package
|
|
7
9
|
*
|
|
8
10
|
* All other source files import from this module, never directly from
|
|
9
11
|
* "optimus-tofu-staging", so the conditional lives in exactly one place.
|
|
10
12
|
*/
|
|
11
|
-
import { readFileSync } from "fs";
|
|
13
|
+
import { existsSync, readFileSync } from "fs";
|
|
12
14
|
import { homedir } from "os";
|
|
13
15
|
import path from "path";
|
|
14
16
|
import { fileURLToPath } from "url";
|
|
17
|
+
function managementEnvPath() {
|
|
18
|
+
const home = homedir();
|
|
19
|
+
if (!home)
|
|
20
|
+
return null;
|
|
21
|
+
return path.join(home, "opt-ai-sec", "management", "optimus_dev.env");
|
|
22
|
+
}
|
|
15
23
|
function readEnvironment() {
|
|
16
|
-
const
|
|
17
|
-
if (
|
|
18
|
-
return
|
|
24
|
+
const envPath = managementEnvPath();
|
|
25
|
+
if (!envPath) {
|
|
26
|
+
return "staging";
|
|
27
|
+
}
|
|
19
28
|
try {
|
|
20
|
-
const content = readFileSync(
|
|
29
|
+
const content = readFileSync(envPath, "utf8");
|
|
21
30
|
const match = content.match(/^(?:environment|ENVIRONMENT|OPTIMUS_ENVIRONMENT)\s*=\s*(.+)/m);
|
|
22
31
|
if (match)
|
|
23
32
|
return match[1].trim().toLowerCase();
|
|
24
33
|
}
|
|
25
34
|
catch {
|
|
26
|
-
// file
|
|
35
|
+
// No management file: this staging package defaults to staging (promotion rewrites to production).
|
|
36
|
+
return "staging";
|
|
27
37
|
}
|
|
28
|
-
|
|
38
|
+
const fromEnv = process.env.OPTIMUS_ENVIRONMENT?.trim().toLowerCase();
|
|
39
|
+
if (fromEnv)
|
|
40
|
+
return fromEnv;
|
|
41
|
+
return "staging";
|
|
29
42
|
}
|
|
30
43
|
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
31
|
-
const isDevelopment = readEnvironment() === "development";
|
|
32
|
-
// In development: resolve local optimus-tofu dist relative to this file.
|
|
33
|
-
// dist/tofu.js → ../.. → npx_packages/staging/ → optimus-tofu/dist/index.js
|
|
34
44
|
const localTofuPath = path.join(__dirname, "../../optimus-tofu/dist/index.js");
|
|
35
|
-
const
|
|
45
|
+
const useLocalTofu = readEnvironment() === "development" && existsSync(localTofuPath);
|
|
46
|
+
const tofu = (useLocalTofu
|
|
36
47
|
? await import(localTofuPath)
|
|
37
48
|
: await import("optimus-tofu-staging"));
|
|
38
49
|
export const { loadEndpointBase, buildStartupEndpointUrl, createSignature, persistAuthKey, readStoredAuthKey, ensureAuthentication, getEndpointSource, canonicalizePayload, getAuthKeyPath, } = tofu;
|