log-llm-config-staging 1.3.89 → 1.3.92

package/dist/log_config_files/auth/auth_flow.js

@@ -6,10 +6,10 @@ import { OPT_AI_SEC_MANAGEMENT_REL } from '../../bootstrap_constants.js';
 import { hookRunLog } from '../runtime/hook_logger.js';
 const AUTH_KEY_RELATIVE_PATH = path.join(OPT_AI_SEC_MANAGEMENT_REL, 'auth_key.txt');
 /** Ensure authentication — verify stored key or request new one via handshake. */
-async function ensureAuthentication(hardwareUuid) {
+async function ensureAuthentication(hardwareUuid, endpointBase) {
     const key = await ensureTofuAuthentication({
         hardwareUuid,
-        endpointBase: loadEndpointBase(),
+        endpointBase: endpointBase ?? loadEndpointBase(),
         authRelativePath: AUTH_KEY_RELATIVE_PATH,
         postJson: (endpointUrl, body) => postStartupPayload(endpointUrl, body),
         onLog: (message) => {

package/dist/log_config_files/runtime/compliance_check.js

@@ -39,6 +39,8 @@ export function normalizeAgentToken(raw) {
         return 'claude';
     if (s === 'cursor')
         return 'cursor';
+    if (s === 'copilot')
+        return 'copilot';
     return '';
 }
 function currentAgentFromEnv() {
@@ -46,9 +48,13 @@ function currentAgentFromEnv() {
     const override = normalizeAgentToken(process.env.OPTIMUS_AGENT);
     if (override)
         return override;
-    // Backwards-compatible: hook wrappers set OPTIMUS_HOOK_TYPE to cursor|claude.
+    // Backwards-compatible: hook wrappers set OPTIMUS_HOOK_TYPE to cursor|claude|copilot.
     const hookType = normalizeAgentToken(process.env.OPTIMUS_HOOK_TYPE);
-    return hookType === 'cursor' ? 'cursor' : 'claude';
+    if (hookType === 'cursor')
+        return 'cursor';
+    if (hookType === 'copilot')
+        return 'copilot';
+    return 'claude';
 }
 function targetsCurrentAgent(entry, agent) {
     // Prefer top-level manifest field; fall back to embedded fix payload for older local files.

package/dist/log_config_files/runtime/main_runner.js

@@ -91,7 +91,7 @@ async function addSensitivePathsAudit(endpointBase, configFiles) {
 }
 async function sendAllConfigFiles(configFiles, worktreeReport, hardwareUuid, authKey) {
     const hookTypeRaw = (process.env.OPTIMUS_HOOK_TYPE || 'claude').toLowerCase();
-    const hookType = hookTypeRaw === 'cursor' ? 'cursor' : 'claude';
+    const hookType = hookTypeRaw === 'cursor' ? 'cursor' : hookTypeRaw === 'copilot' ? 'copilot' : 'claude';
     const manifest = configFiles.map((c) => canonicalCursorUserStateVscdbPath(c.file_path));
     const workspaceRepo = ensureWorkspaceRepoEnv(manifest);
     const hookRequestId = await sendHookRequestCreate(hardwareUuid, authKey, hookType, workspaceRepo);
@@ -132,7 +132,8 @@ async function main() {
     const endpointBase = loadEndpointBase();
     hookRunLog(`start endpoint=${endpointBase} hardware_uuid=${hardwareUuid}`);
     hookRunLog(`endpoint_source=${getEndpointSource()} cwd=${process.cwd()}`);
-    hookRunLog(`env: OPTIMUS_HOOK_TYPE=${process.env.OPTIMUS_HOOK_TYPE ? 'set' : 'unset'} OPTIMUS_PROJECT_DIR=${process.env.OPTIMUS_PROJECT_DIR ? 'set' : 'unset'} OPTIMUS_WORKSPACE_REPO=${process.env.OPTIMUS_WORKSPACE_REPO ? 'set' : 'unset'} OPTIMUS_ENDPOINT=${process.env.OPTIMUS_ENDPOINT ? 'set' : 'unset'}`);
+    const envForLog = (v) => (v && v.trim() ? v.trim() : 'unset');
+    hookRunLog(`env: OPTIMUS_HOOK_TYPE=${envForLog(process.env.OPTIMUS_HOOK_TYPE)} OPTIMUS_PROJECT_DIR=${envForLog(process.env.OPTIMUS_PROJECT_DIR)} OPTIMUS_WORKSPACE_REPO=${envForLog(process.env.OPTIMUS_WORKSPACE_REPO)} OPTIMUS_ENDPOINT=${envForLog(process.env.OPTIMUS_ENDPOINT)}`);
     let authKey;
     try {
         authKey = await ensureAuthentication(hardwareUuid);

package/dist/log_config_files/runtime/remediation_sync.js

@@ -158,12 +158,9 @@ function transferQuarantineForRetiredUuids(removed, added, retiredInstructions,
     if (changed)
         writeRemediationApplyTrackingFile(file);
 }
-async function ensureAuthKeyForMachine(machineUuid) {
-    const stored = readStoredAuthKey();
-    if (stored?.key)
-        return stored;
+async function ensureAuthKeyForMachine(endpointBase, machineUuid) {
     try {
-        return await ensureAuthentication(machineUuid);
+        return await ensureAuthentication(machineUuid, endpointBase);
     }
     catch (err) {
         hookRunLog(`remediation_sync: ensureAuthentication failed: ${err instanceof Error ? err.message : String(err)}`);
@@ -178,7 +175,7 @@ function buildSignedMachinePostBody(machineUuid, fields, authKey) {
 }
 export async function fetchSync(endpointBase, machineUuid, activeUuids, timeoutMs = 8000) {
     const sortedUuids = [...new Set(activeUuids.map((u) => u.trim()).filter(Boolean))].sort();
-    const authKey = await ensureAuthKeyForMachine(machineUuid);
+    const authKey = await ensureAuthKeyForMachine(endpointBase, machineUuid);
     if (!authKey) {
         hookRunLog('remediation_sync_post: no auth key, skipping');
         complianceRunnerDiag('remediation_sync_post: no auth key');
@@ -200,7 +197,10 @@ export async function fetchSync(endpointBase, machineUuid, activeUuids, timeoutM
         return null;
     }
     if (statusCode !== 200 || !responseBody) {
-        const line = `remediation_sync_post: url=${url} status=${statusCode} bytes=${responseBody?.length ?? 0}`;
+        const bodyHint = responseBody && responseBody.length < 500
+            ? ` body=${responseBody.replace(/\s+/g, ' ').trim()}`
+            : '';
+        const line = `remediation_sync_post: url=${url} status=${statusCode} bytes=${responseBody?.length ?? 0}${bodyHint}`;
         hookRunLog(line);
         complianceRunnerDiag(line);
         return null;
@@ -216,7 +216,7 @@ export async function fetchSync(endpointBase, machineUuid, activeUuids, timeoutM
 }
 async function fetchManifest(endpointBase, machineUuid, uuids, timeoutMs = 8000) {
     const sortedUuids = [...new Set(uuids.map((u) => u.trim()).filter(Boolean))].sort();
-    const authKey = await ensureAuthKeyForMachine(machineUuid);
+    const authKey = await ensureAuthKeyForMachine(endpointBase, machineUuid);
     if (!authKey) {
         hookRunLog('remediation_manifest_post: no auth key, skipping');
         complianceRunnerDiag('remediation_manifest_post: no auth key');

package/dist/log_config_files/runtime/trusted_restarts.js

@@ -32,10 +32,16 @@ function currentAgentFromEnv() {
     const override = normalizeAgentToken(process.env.OPTIMUS_AGENT);
     if (override === 'cursor')
         return 'cursor';
+    if (override === 'copilot')
+        return 'copilot';
     if (override === 'claude' || override === 'claude_desktop')
         return 'claude';
     const hookType = normalizeAgentToken(process.env.OPTIMUS_HOOK_TYPE);
-    return hookType === 'cursor' ? 'cursor' : 'claude';
+    if (hookType === 'cursor')
+        return 'cursor';
+    if (hookType === 'copilot')
+        return 'copilot';
+    return 'claude';
 }
 /** Spawn each trusted command detached (same pattern as former compliance_prompt_gate fireRestartCommands). */
 export function executeTrustedRestartCommands(commands) {

package/dist/log_uuid/auth_key_store.js

@@ -1,9 +1,9 @@
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import path from 'node:path';
 import { OPT_AI_SEC_MANAGEMENT_REL } from '../bootstrap_constants.js';
+import { loadEndpointBase } from '../log_config_files/sender/endpoint_config.js';
+import { buildStartupEndpointUrl, normalizeBaseUrl } from '../tofu.js';
 const AUTH_KEY_RELATIVE_PATH = path.join(OPT_AI_SEC_MANAGEMENT_REL, 'auth_key.txt');
-const OPTIMUS_ENV_FILENAME = 'optimus_dev.env';
-const STARTUP_ENDPOINT_SUFFIX = '/endpoint_security/startup/';
 const getAuthKeyPath = () => {
     const homeDir = process.env.HOME || process.env.USERPROFILE;
     if (!homeDir)
@@ -34,38 +34,4 @@ const readStoredAuthKey = () => {
     }
     return null;
 };
-const loadEndpointBase = () => {
-    const DEFAULT_ENDPOINT = 'https://demo.optimuslabs.io/';
-    const fromEnv = process.env.OPTIMUS_ENDPOINT?.trim();
-    if (fromEnv)
-        return fromEnv;
-    const envPath = path.join(process.cwd(), OPTIMUS_ENV_FILENAME);
-    try {
-        if (!existsSync(envPath))
-            return DEFAULT_ENDPOINT;
-        const envContent = readFileSync(envPath, 'utf8');
-        for (const line of envContent.split(/\r?\n/)) {
-            const trimmed = line.trim();
-            if (!trimmed || trimmed.startsWith('#'))
-                continue;
-            const [key, ...rest] = trimmed.split('=');
-            if (key === 'OPTIMUS_ENDPOINT') {
-                const value = rest.join('=').trim();
-                if (value)
-                    return value;
-            }
-        }
-    }
-    catch { /* fall back to default */ }
-    return DEFAULT_ENDPOINT;
-};
-const normalizeBaseUrl = (rawUrl) => {
-    let base = rawUrl.trim();
-    if (!base)
-        throw new Error('OPTIMUS_ENDPOINT is empty');
-    base = base.replace(/\/+$/, '');
-    base = base.replace(/\/(optimus_security|endpoint_security)$/i, '');
-    return base;
-};
-const buildStartupEndpointUrl = (baseUrl) => `${normalizeBaseUrl(baseUrl)}${STARTUP_ENDPOINT_SUFFIX}`;
-export { getAuthKeyPath, writeAuthKey, readStoredAuthKey, loadEndpointBase, normalizeBaseUrl, buildStartupEndpointUrl };
+export { getAuthKeyPath, writeAuthKey, readStoredAuthKey, loadEndpointBase, normalizeBaseUrl, buildStartupEndpointUrl, };

package/dist/tofu.js

@@ -19,4 +19,4 @@ const useLocalTofu = shouldUseLocalTofuDist(localTofuPath);
 const tofu = (useLocalTofu
     ? await import(localTofuPath)
     : await import("optimus-tofu-staging"));
-export const { loadEndpointBase, buildStartupEndpointUrl, createSignature, persistAuthKey, readStoredAuthKey, ensureAuthentication, getEndpointSource, canonicalizePayload, getAuthKeyPath, } = tofu;
+export const { loadEndpointBase, normalizeBaseUrl, buildStartupEndpointUrl, createSignature, persistAuthKey, readStoredAuthKey, ensureAuthentication, getEndpointSource, canonicalizePayload, getAuthKeyPath, } = tofu;

package/dist/tofu_environment.js

@@ -7,21 +7,25 @@ export function managementEnvPath() {
         return null;
     return path.join(home, 'opt-ai-sec', 'management', 'optimus_dev.env');
 }
-/** Resolve optimus environment label (file wins over shell OPTIMUS_ENVIRONMENT). */
+/**
+ * Staging package: default staging when no management file (promotion rewrites to production).
+ * File present → environment= line in file, then OPTIMUS_ENVIRONMENT, then staging.
+ */
 export function readEnvironment() {
     const envPath = managementEnvPath();
     if (!envPath) {
         return 'staging';
     }
+    let content;
     try {
-        const content = readFileSync(envPath, 'utf8');
-        const match = content.match(/^(?:environment|ENVIRONMENT|OPTIMUS_ENVIRONMENT)\s*=\s*(.+)/m);
-        if (match)
-            return match[1].trim().toLowerCase();
+        content = readFileSync(envPath, 'utf8');
     }
     catch {
         return 'staging';
     }
+    const match = content?.match(/^(?:environment|ENVIRONMENT|OPTIMUS_ENVIRONMENT)\s*=\s*(.+)/m);
+    if (match)
+        return match[1].trim().toLowerCase();
     const fromEnv = process.env.OPTIMUS_ENVIRONMENT?.trim().toLowerCase();
     if (fromEnv)
         return fromEnv;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "log-llm-config-staging",
-  "version": "1.3.89",
+  "version": "1.3.92",
   "description": "CLI helpers for logging hardware UUIDs and posting startup payloads to Optimus Security.",
   "type": "module",
   "bin": {
@@ -58,6 +58,6 @@
   "dependencies": {
     "axios": "^1.15.2",
     "canonicalize": "^2.1.0",
-    "optimus-tofu-staging": "^0.1.15"
+    "optimus-tofu-staging": "^0.1.17"
   }
 }