log-llm-config-staging 1.4.0 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/log_config_files/runtime/compliance_check.js +4 -0
- package/dist/log_config_files/runtime/hook_type_for_request.js +3 -1
- package/dist/log_config_files/runtime/trusted_restarts.js +4 -0
- package/dist/log_sensitive_paths_audit.js +22 -3
- package/package.json +4 -4
- package/dist/log_config_files/runtime/npm_env_sanitize.js +0 -40
|
@@ -43,6 +43,8 @@ export function normalizeAgentToken(raw) {
|
|
|
43
43
|
return 'copilot';
|
|
44
44
|
if (s === 'opencode')
|
|
45
45
|
return 'opencode';
|
|
46
|
+
if (s === 'codex')
|
|
47
|
+
return 'codex';
|
|
46
48
|
return '';
|
|
47
49
|
}
|
|
48
50
|
function currentAgentFromEnv() {
|
|
@@ -58,6 +60,8 @@ function currentAgentFromEnv() {
|
|
|
58
60
|
return 'copilot';
|
|
59
61
|
if (hookType === 'opencode')
|
|
60
62
|
return 'opencode';
|
|
63
|
+
if (hookType === 'codex')
|
|
64
|
+
return 'codex';
|
|
61
65
|
return 'claude';
|
|
62
66
|
}
|
|
63
67
|
function targetsCurrentAgent(entry, agent) {
|
|
@@ -6,7 +6,7 @@ function normalizeToken(raw) {
|
|
|
6
6
|
return 'claude';
|
|
7
7
|
if (s === 'github_copilot')
|
|
8
8
|
return 'copilot';
|
|
9
|
-
if (s === 'cursor' || s === 'claude' || s === 'copilot' || s === 'opencode')
|
|
9
|
+
if (s === 'cursor' || s === 'claude' || s === 'copilot' || s === 'opencode' || s === 'codex')
|
|
10
10
|
return s;
|
|
11
11
|
// Legacy hooks set OPTIMUS_AGENT=Cursor (display casing)
|
|
12
12
|
if (raw.trim() === 'Cursor')
|
|
@@ -24,5 +24,7 @@ export function resolveHookTypeFromEnv(env = process.env) {
|
|
|
24
24
|
return 'copilot';
|
|
25
25
|
if (token === 'opencode')
|
|
26
26
|
return 'opencode';
|
|
27
|
+
if (token === 'codex')
|
|
28
|
+
return 'codex';
|
|
27
29
|
return 'claude';
|
|
28
30
|
}
|
|
@@ -36,6 +36,8 @@ function currentAgentFromEnv() {
|
|
|
36
36
|
return 'copilot';
|
|
37
37
|
if (override === 'opencode')
|
|
38
38
|
return 'opencode';
|
|
39
|
+
if (override === 'codex')
|
|
40
|
+
return 'codex';
|
|
39
41
|
if (override === 'claude' || override === 'claude_desktop')
|
|
40
42
|
return 'claude';
|
|
41
43
|
const hookType = normalizeAgentToken(process.env.OPTIMUS_HOOK_TYPE);
|
|
@@ -45,6 +47,8 @@ function currentAgentFromEnv() {
|
|
|
45
47
|
return 'copilot';
|
|
46
48
|
if (hookType === 'opencode')
|
|
47
49
|
return 'opencode';
|
|
50
|
+
if (hookType === 'codex')
|
|
51
|
+
return 'codex';
|
|
48
52
|
return 'claude';
|
|
49
53
|
}
|
|
50
54
|
/** Spawn each trusted command detached (same pattern as former compliance_prompt_gate fireRestartCommands). */
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
* Path templates are fetched from the backend (GET api/file-path-registry/sensitive-paths-audit-candidates/).
|
|
7
7
|
* The audit is sent with the rest of the config files in log_config_files (same auth, same batch).
|
|
8
8
|
*/
|
|
9
|
-
import { existsSync, writeFileSync, mkdirSync } from 'node:fs';
|
|
9
|
+
import { existsSync, writeFileSync, mkdirSync, statSync } from 'node:fs';
|
|
10
10
|
import { join } from 'node:path';
|
|
11
11
|
import { homedir } from 'node:os';
|
|
12
12
|
import { getSensitivePathsAuditCandidates } from './endpoint_client/index.js';
|
|
@@ -22,16 +22,35 @@ function expandPath(template, cwd) {
|
|
|
22
22
|
}
|
|
23
23
|
return join(cwd, template);
|
|
24
24
|
}
|
|
25
|
+
/** True when path exists: directories always qualify; files must be non-empty (size > 0). */
|
|
26
|
+
function shouldIncludeSensitivePath(resolved) {
|
|
27
|
+
if (!existsSync(resolved)) {
|
|
28
|
+
return false;
|
|
29
|
+
}
|
|
30
|
+
try {
|
|
31
|
+
const st = statSync(resolved);
|
|
32
|
+
if (st.isDirectory()) {
|
|
33
|
+
return true;
|
|
34
|
+
}
|
|
35
|
+
if (st.isFile()) {
|
|
36
|
+
return st.size > 0;
|
|
37
|
+
}
|
|
38
|
+
return false;
|
|
39
|
+
}
|
|
40
|
+
catch {
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
25
44
|
/**
|
|
26
45
|
* Write sensitive_paths_audit.txt under outputDir. pathTemplates from backend (~ = home).
|
|
27
|
-
* Lists one path per line for paths that exist. No file contents are read.
|
|
46
|
+
* Lists one path per line for paths that exist (files must be non-empty). No file contents are read.
|
|
28
47
|
* Overwrites the file on each run (same as hook_log.txt); does not append.
|
|
29
48
|
*/
|
|
30
49
|
export function writeSensitivePathsAudit(outputDir, pathTemplates, cwd = process.cwd()) {
|
|
31
50
|
const existing = [];
|
|
32
51
|
for (const template of pathTemplates) {
|
|
33
52
|
const resolved = expandPath(template, cwd);
|
|
34
|
-
if (
|
|
53
|
+
if (shouldIncludeSensitivePath(resolved)) {
|
|
35
54
|
existing.push(resolved);
|
|
36
55
|
}
|
|
37
56
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "log-llm-config-staging",
|
|
3
|
-
"version": "1.4.
|
|
3
|
+
"version": "1.4.2",
|
|
4
4
|
"description": "CLI helpers for logging hardware UUIDs and posting startup payloads to Optimus Security.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -49,11 +49,11 @@
|
|
|
49
49
|
},
|
|
50
50
|
"devDependencies": {
|
|
51
51
|
"@types/node": "^24.10.1",
|
|
52
|
-
"@vitest/coverage-v8": "^
|
|
53
|
-
"@vitest/ui": "^
|
|
52
|
+
"@vitest/coverage-v8": "^4.1.8",
|
|
53
|
+
"@vitest/ui": "^4.1.8",
|
|
54
54
|
"ts-node": "^10.9.2",
|
|
55
55
|
"typescript": "^5.4.5",
|
|
56
|
-
"vitest": "^
|
|
56
|
+
"vitest": "^4.1.8"
|
|
57
57
|
},
|
|
58
58
|
"dependencies": {
|
|
59
59
|
"axios": "^1.15.2",
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* npm/npx --package=... sets lifecycle env vars that break unrelated scoped `npx @scope/pkg`
|
|
3
|
-
* (e.g. MCP servers). Strip before spawning shells that may reopen Cursor or run other npx.
|
|
4
|
-
*/
|
|
5
|
-
export const NPM_EXEC_POLLUTION_KEYS = [
|
|
6
|
-
'npm_command',
|
|
7
|
-
'npm_config_local_prefix',
|
|
8
|
-
'npm_config_package',
|
|
9
|
-
'npm_lifecycle_event',
|
|
10
|
-
'npm_lifecycle_script',
|
|
11
|
-
'npm_lifecycle_inject_node',
|
|
12
|
-
'npm_package_json',
|
|
13
|
-
'npm_execpath',
|
|
14
|
-
'npm_config_yes',
|
|
15
|
-
'npm_config_node_gyp',
|
|
16
|
-
'npm_config_npm_version',
|
|
17
|
-
'npm_config_user_agent',
|
|
18
|
-
'NPM_COMMAND',
|
|
19
|
-
'NPM_CONFIG_LOCAL_PREFIX',
|
|
20
|
-
'NPM_CONFIG_PACKAGE',
|
|
21
|
-
'NPM_LIFECYCLE_EVENT',
|
|
22
|
-
'NPM_LIFECYCLE_SCRIPT',
|
|
23
|
-
'NPM_EXECPATH',
|
|
24
|
-
'NPM_CONFIG_YES',
|
|
25
|
-
];
|
|
26
|
-
export function envWithoutNpmExecPollution(env) {
|
|
27
|
-
const clean = { ...env };
|
|
28
|
-
for (const key of NPM_EXEC_POLLUTION_KEYS) {
|
|
29
|
-
delete clean[key];
|
|
30
|
-
}
|
|
31
|
-
return clean;
|
|
32
|
-
}
|
|
33
|
-
/** Bash prefix: unset lifecycle vars before running npx in deferred restart shells. */
|
|
34
|
-
export const DEFERRED_RESTART_UNSET_NPM_ENV = 'unset npm_command npm_config_local_prefix npm_config_package npm_lifecycle_event ' +
|
|
35
|
-
'npm_lifecycle_script npm_lifecycle_inject_node npm_package_json npm_execpath npm_config_yes ' +
|
|
36
|
-
'npm_config_node_gyp npm_config_npm_version npm_config_user_agent ' +
|
|
37
|
-
'NPM_COMMAND NPM_CONFIG_LOCAL_PREFIX NPM_CONFIG_PACKAGE NPM_LIFECYCLE_EVENT NPM_LIFECYCLE_SCRIPT NPM_EXECPATH 2>/dev/null; ';
|
|
38
|
-
/** Bash wrapper for npx in deferred restart (env -u strips inherited npm exec state). */
|
|
39
|
-
export const DEFERRED_RESTART_NPX = 'env -u npm_command -u npm_config_local_prefix -u npm_config_package -u npm_lifecycle_event ' +
|
|
40
|
-
'-u npm_lifecycle_script -u npm_lifecycle_inject_node -u npm_package_json -u npm_execpath npx';
|