log-llm-config 0.1.2

package/README.md

@@ -0,0 +1,33 @@
+## log-llm-config
+
+CLI helpers for Optimus Security startup workflows.
+
+### Prerequisites
+
+- Node.js 18+
+- `OPTIMUS_ENDPOINT` defined in `optimus.env` (e.g. `http://localhost:8080/endpoint_security/`)
+
+### Commands
+
+#### `log_uuid`
+
+Collects the machine hardware UUID (or uses the `OPTIMUS_HARDWARE_UUID` env variable), prints it, and POSTs a startup payload to `OPTIMUS_ENDPOINT/startup/`. If the server responds with a key, it stores it at `~/opt-ai-sec/management/auth_key.txt`.
+
+```bash
+OPTIMUS_ENDPOINT=http://localhost:8080/endpoint_security/ \
+npx log-llm-config log_uuid
+```
+
+#### `log-llm-config`
+
+Legacy helper that logs local Optimus/Cursor configuration files to `configs.txt`.
+
+### Development
+
+```bash
+npm install
+npm run build
+```
+
+> Proprietary package. Do not publish to public registries.
+

package/dist/cli.js

@@ -0,0 +1,172 @@
+#!/usr/bin/env node
+const args = process.argv.slice(2);
+if (args[0] === 'log_uuid') {
+    await import('./log_uuid.js');
+    process.exit(0);
+}
+const fileCategories = [
+    {
+        label: 'Cursor: mcp.json',
+        targets: ['./.cursor/mcp.json', '$HOME/.cursor/mcp.json']
+    },
+    {
+        label: 'Claude: .mcp.json',
+        targets: ['./mcp.json', './.mcp.json', '/Library/Application Support/ClaudeCode/managed-mcp.json']
+    },
+    {
+        label: 'Claude: settings.json',
+        targets: [
+            './.claude/settings.json',
+            './.claude/settings.local.json',
+            '$HOME/.claude/settings.json',
+            '/Library/Application Support/ClaudeCode/managed-settings.json'
+        ]
+    },
+    {
+        label: 'Cursor: hooks.json',
+        targets: [
+            './.cursor/hooks.json',
+            '$HOME/.cursor/hooks.json',
+            '/Library/Application Support/Cursor/hooks.json'
+        ]
+    }
+];
+const sqliteCategories = [
+    {
+        label: 'Cursor: state.vscdb (composerState)',
+        dbPath: '$HOME/Library/Application Support/Cursor/User/globalStorage/state.vscdb',
+        table: 'ItemTable',
+        key: 'src.vs.platform.reactivestorage.browser.reactiveStorageServiceImpl.persistentStorage.applicationUser',
+        jsonPaths: [['composerState'], []]
+    }
+];
+const buildFileCategoryLines = (category) => [
+    `echo "===== ${category.label} ====="`,
+    'files=(',
+    ...category.targets.map((target) => `  "${target}"`),
+    ')',
+    'expanded_files=()',
+    'paths=()',
+    'display_paths=()',
+    'for f in "${files[@]}"; do',
+    '  expanded=$(eval echo "$f")',
+    '  expanded_dir=$(dirname "$expanded")',
+    '  expanded_base=$(basename "$expanded")',
+    '  abs_dir=$(cd "$expanded_dir" 2>/dev/null && pwd || echo "$expanded_dir")',
+    '  abs_path="$abs_dir/$expanded_base"',
+    '  expanded_files+=("$abs_path")',
+    '  relative_path="$(to_relative "$abs_path")"',
+    '  paths+=("$relative_path")',
+    '  display_paths+=("$relative_path")',
+    'done',
+    'echo ""',
+    'if [ ${#paths[@]} -gt 0 ]; then',
+    '  echo "Paths:"',
+    '  printf "%s\\n" "${paths[@]}" | awk \'!seen[$0]++\' | while IFS= read -r dir; do',
+    '    echo "$dir"',
+    '  done',
+    '  echo ""',
+    'else',
+    '  echo "Paths: (none)"',
+    'fi',
+    'echo ""',
+    'for idx in "${!expanded_files[@]}"; do',
+    '  expanded="${expanded_files[$idx]}"',
+    '  display="${display_paths[$idx]}"',
+    '  if [ -f "$expanded" ]; then',
+    `    echo "===== ${category.label}: $display ====="`,
+    '    cat "$expanded"',
+    '  else',
+    `    echo "===== ${category.label}: missing: $display ====="`,
+    '  fi',
+    'done',
+    'echo ""'
+];
+const buildSqliteCategoryLines = (category) => {
+    const jsonPathsLiteral = JSON.stringify(category.jsonPaths);
+    return [
+        `echo "===== ${category.label} ====="`,
+        `db_path="${category.dbPath}"`,
+        'expanded=$(eval echo "$db_path")',
+        'if [ -f "$expanded" ]; then',
+        '  if command -v sqlite3 >/dev/null 2>&1; then',
+        '    echo "===== $expanded ====="',
+        `    query_result=$(sqlite3 "$expanded" "SELECT value FROM ${category.table} WHERE key='${category.key}'")`,
+        '    if [ -n "$query_result" ]; then',
+        `      echo "===== key: ${category.key} ====="`,
+        `      LOG_CONFIG_JSON_VALUE="$query_result" python3 - <<'PY'`,
+        'import json',
+        'import os',
+        '',
+        'raw = os.environ.get("LOG_CONFIG_JSON_VALUE", "")',
+        'if not raw:',
+        '    print("{}")',
+        '    raise SystemExit',
+        `paths = ${jsonPathsLiteral}`,
+        'try:',
+        '    data = json.loads(raw)',
+        'except json.JSONDecodeError as exc:',
+        '    print(f"failed to parse JSON: {exc}")',
+        '    raise SystemExit',
+        'def walk(obj, path):',
+        '    cur = obj',
+        '    for segment in path:',
+        '        if isinstance(cur, dict):',
+        '            cur = cur.get(segment)',
+        '        else:',
+        '            return None',
+        '    return cur',
+        'selected_value = None',
+        'selected_label = None',
+        'for path in paths:',
+        '    value = walk(data, path)',
+        '    if value is not None:',
+        '        selected_value = value',
+        '        selected_label = ".".join(path) if path else "root"',
+        '        break',
+        'if selected_value is None:',
+        '    print("{}")',
+        'else:',
+        '    print(f"[path: {selected_label}]")',
+        '    print(json.dumps(selected_value, indent=2, sort_keys=True))',
+        'PY',
+        '    else',
+        `      echo "===== key not found: ${category.key} ====="`,
+        '    fi',
+        '  else',
+        '    echo "===== sqlite3 not found; skipping ====="',
+        '  fi',
+        'else',
+        '  echo "===== missing: $expanded ====="',
+        'fi',
+        'echo ""'
+    ];
+};
+const scriptLines = [
+    '#!/usr/bin/env bash',
+    'set -euo pipefail',
+    'output_file="$(pwd)/configs.txt"',
+    ': > "$output_file"',
+    'exec >"$output_file"',
+    'exec 2>&1',
+    '',
+    'repo_root="$(pwd)"',
+    'to_relative() {',
+    '  local path="$1"',
+    '  if [[ "$path" == "$repo_root"* ]]; then',
+    '    local suffix="${path#"$repo_root"}"',
+    '    if [ -z "$suffix" ]; then',
+    '      echo "<project_root>"',
+    '    else',
+    '      echo "<project_root>${suffix}"',
+    '    fi',
+    '  else',
+    '    echo "$path"',
+    '  fi',
+    '}',
+    '',
+    ...fileCategories.flatMap(buildFileCategoryLines),
+    ...sqliteCategories.flatMap(buildSqliteCategoryLines)
+];
+console.log(scriptLines.join('\n'));
+export {};

package/dist/endpoint_client.js

@@ -0,0 +1,75 @@
+import http from 'node:http';
+import https from 'node:https';
+import { URL } from 'node:url';
+export const postStartupPayload = async (endpointUrl, body, timeoutMs = 5000) => {
+    const url = new URL(endpointUrl);
+    const isHttps = url.protocol === 'https:';
+    const payload = JSON.stringify(body);
+    console.log('Sending payload to endpoint:', endpointUrl, payload);
+    const requestOptions = {
+        hostname: url.hostname,
+        port: url.port || (isHttps ? 443 : 80),
+        path: `${url.pathname}${url.search}`,
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(payload).toString(),
+        },
+        timeout: timeoutMs,
+    };
+    const transport = isHttps ? https.request : http.request;
+    return new Promise((resolve, reject) => {
+        const req = transport(requestOptions, (res) => {
+            let responseBody = '';
+            res.setEncoding('utf8');
+            res.on('data', (chunk) => {
+                responseBody += chunk;
+            });
+            res.on('end', () => {
+                if (!responseBody) {
+                    resolve({ status: 'error', message: 'Empty response from endpoint' });
+                    return;
+                }
+                console.log('Raw endpoint response body:', responseBody);
+                try {
+                    const parsed = JSON.parse(responseBody);
+                    resolve(parsed);
+                }
+                catch (error) {
+                    reject(new Error(`Failed to parse endpoint response (${error.message}): ${responseBody}`));
+                }
+            });
+        });
+        req.on('error', (error) => {
+            reject(error);
+        });
+        req.write(payload);
+        req.end();
+    });
+};
+export const classifyEndpointResponse = (response) => {
+    if (response.status === 'key_issued' && response.key) {
+        return {
+            branch: 'key_issued',
+            message: 'Server issued a new symmetric key; store it for future signatures.',
+            key: response.key,
+            keyId: response.key_id,
+        };
+    }
+    if (response.status === 'accepted' && response.signature_valid) {
+        return {
+            branch: 'accepted',
+            message: 'Startup payload accepted and signature verified.',
+        };
+    }
+    if (response.status === 'error' && response.error) {
+        return {
+            branch: 'error',
+            message: response.error,
+        };
+    }
+    return {
+        branch: 'error',
+        message: response.message || 'Endpoint returned an unexpected response.',
+    };
+};

package/dist/log_uuid.js

@@ -0,0 +1,192 @@
+#!/usr/bin/env node
+import { execSync } from 'node:child_process';
+import { mkdirSync, readFileSync, writeFileSync, existsSync } from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import { classifyEndpointResponse, postStartupPayload } from './endpoint_client.js';
+const AUTH_KEY_RELATIVE_PATH = path.join('opt-ai-sec', 'management', 'auth_key.txt');
+const OPTIMUS_ENV_FILENAME = 'optimus.env';
+const STARTUP_ENDPOINT_PATH = 'startup/';
+const readCommandOutput = (command) => {
+    try {
+        return execSync(command, {
+            encoding: 'utf8',
+            stdio: ['ignore', 'pipe', 'ignore'],
+        }).trim();
+    }
+    catch {
+        return '';
+    }
+};
+const readHardwareUuidFromCommands = () => {
+    const ioregOutput = readCommandOutput('ioreg -rd1 -c IOPlatformExpertDevice');
+    const ioregMatch = ioregOutput.match(/"IOPlatformUUID"\\s*=\\s*"([^"]+)"/i);
+    if (ioregMatch && ioregMatch[1]) {
+        return ioregMatch[1];
+    }
+    const profilerOutput = readCommandOutput('system_profiler SPHardwareDataType');
+    const profilerMatch = profilerOutput.match(/Hardware UUID:\\s*([A-F0-9-]+)/i);
+    if (profilerMatch && profilerMatch[1]) {
+        return profilerMatch[1];
+    }
+    throw new Error('Unable to determine hardware UUID via ioreg or system_profiler.');
+};
+const resolveHardwareUuid = () => {
+    const envUuid = process.env.OPTIMUS_HARDWARE_UUID?.trim();
+    if (envUuid) {
+        return envUuid;
+    }
+    return readHardwareUuidFromCommands();
+};
+const getMetadata = () => ({
+    github_username: process.env.GITHUB_USER || process.env.GH_USER || '',
+    org_identifier: process.env.GITHUB_ORG || '',
+    repo_identifier: process.env.GITHUB_REPOSITORY || '',
+    branch: process.env.GITHUB_REF_NAME || process.env.BRANCH_NAME || '',
+    commit_sha: process.env.GITHUB_SHA || '',
+});
+const getAuthKeyPath = () => {
+    const homeDir = process.env.HOME || process.env.USERPROFILE;
+    if (!homeDir) {
+        return null;
+    }
+    return path.join(homeDir, AUTH_KEY_RELATIVE_PATH);
+};
+const writeAuthKey = (key, keyId, hardwareUuid) => {
+    const authPath = getAuthKeyPath();
+    if (!authPath) {
+        console.warn('Unable to determine home directory; cannot store auth key.');
+        return;
+    }
+    const authDir = path.dirname(authPath);
+    mkdirSync(authDir, { recursive: true, mode: 0o700 });
+    const payload = {
+        key,
+        key_id: keyId ?? null,
+        hardware_uuid: hardwareUuid,
+        stored_at: new Date().toISOString(),
+    };
+    writeFileSync(authPath, JSON.stringify(payload, null, 2), { encoding: 'utf8', mode: 0o600 });
+    console.log(`Stored auth key at ${authPath}`);
+};
+const readStoredAuthKey = () => {
+    const authPath = getAuthKeyPath();
+    if (!authPath || !existsSync(authPath)) {
+        return null;
+    }
+    try {
+        const raw = readFileSync(authPath, 'utf8');
+        const parsed = JSON.parse(raw);
+        if (parsed?.key && parsed?.hardware_uuid) {
+            return parsed;
+        }
+    }
+    catch (error) {
+        console.warn(`Unable to read stored auth key: ${error.message}`);
+    }
+    return null;
+};
+const loadEndpointBase = () => {
+    const envPath = path.join(process.cwd(), OPTIMUS_ENV_FILENAME);
+    try {
+        const envContent = readFileSync(envPath, 'utf8');
+        const lines = envContent.split(/\r?\n/);
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith('#')) {
+                continue;
+            }
+            const [key, ...rest] = trimmed.split('=');
+            if (key === 'OPTIMUS_ENDPOINT') {
+                const value = rest.join('=').trim();
+                if (value) {
+                    return value;
+                }
+            }
+        }
+    }
+    catch {
+        // Ignore missing or unreadable optimus.env
+    }
+    return undefined;
+};
+const buildStartupEndpointUrl = (baseUrl) => {
+    const trimmed = baseUrl.replace(/\/+$/, '');
+    return `${trimmed}/${STARTUP_ENDPOINT_PATH}`;
+};
+const canonicalizeValue = (value) => {
+    if (Array.isArray(value)) {
+        return value.map(canonicalizeValue);
+    }
+    if (value && typeof value === 'object') {
+        const sortedKeys = Object.keys(value).sort();
+        const result = {};
+        for (const key of sortedKeys) {
+            result[key] = canonicalizeValue(value[key]);
+        }
+        return result;
+    }
+    return value;
+};
+const canonicalStringify = (value) => {
+    return JSON.stringify(canonicalizeValue(value));
+};
+const createSignature = (payloadSummary, keyHex) => {
+    const canonicalPayload = canonicalStringify(payloadSummary);
+    const keyBuffer = Buffer.from(keyHex, 'hex');
+    return crypto.createHmac('sha256', keyBuffer).update(canonicalPayload).digest('hex');
+};
+const maybeSendToEndpoint = async (hardwareUuid, timestamp) => {
+    const baseUrl = loadEndpointBase();
+    if (!baseUrl) {
+        console.log('OPTIMUS_ENDPOINT not set in optimus.env; skipping endpoint handshake.');
+        return;
+    }
+    const startupEndpointUrl = buildStartupEndpointUrl(baseUrl);
+    const payloadSummary = {
+        timestamp,
+        directory: process.cwd(),
+        hardware_uuid: hardwareUuid,
+    };
+    const requestBody = {
+        hardware_uuid: hardwareUuid,
+        payload: payloadSummary,
+        metadata: getMetadata(),
+        scan_timestamp: timestamp,
+    };
+    const storedKey = readStoredAuthKey();
+    const requestPayload = { ...requestBody };
+    if (storedKey && storedKey.key && storedKey.hardware_uuid === hardwareUuid) {
+        requestPayload.signature = createSignature(payloadSummary, storedKey.key);
+        console.log('Using stored auth key to sign startup payload.');
+    }
+    else if (storedKey && storedKey.hardware_uuid !== hardwareUuid) {
+        console.warn('Stored auth key hardware UUID mismatch; requesting new key from server.');
+    }
+    else {
+        console.log('No stored auth key found; requesting new key from server.');
+    }
+    try {
+        const response = await postStartupPayload(startupEndpointUrl, requestPayload);
+        const result = classifyEndpointResponse(response);
+        console.log(result.message);
+        if (result.branch === 'key_issued' && result.key) {
+            writeAuthKey(result.key, result.keyId, hardwareUuid);
+        }
+    }
+    catch (error) {
+        console.error(`Failed to contact endpoint: ${error.message}`);
+    }
+};
+const main = async () => {
+    const timestamp = new Date().toISOString();
+    try {
+        const hardwareUuid = resolveHardwareUuid();
+        await maybeSendToEndpoint(hardwareUuid, timestamp);
+    }
+    catch (error) {
+        console.error(`Unable to log hardware UUID: ${error.message}`);
+        process.exitCode = 1;
+    }
+};
+void main();

package/dist/log_uuid_helper.js

@@ -0,0 +1,30 @@
+export const buildLogUuidScriptLines = () => [
+    '#!/usr/bin/env bash',
+    'set -euo pipefail',
+    '',
+    'output_file="$(pwd)/uuid.txt"',
+    'timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")',
+    'if command -v ioreg >/dev/null 2>&1; then',
+    '  uuid_value=$(ioreg -rd1 -c IOPlatformExpertDevice | awk \'/IOPlatformUUID/ {gsub(/\\"/, "", $3); print $3}\')',
+    'elif command -v system_profiler >/dev/null 2>&1; then',
+    '  uuid_value=$(system_profiler SPHardwareDataType | awk \'/Hardware UUID/ {print $3}\')',
+    'else',
+    '  echo "Unable to locate hardware UUID utilities (ioreg/system_profiler)" >&2',
+    '  exit 1',
+    'fi',
+    '',
+    'if [ -z "$uuid_value" ]; then',
+    '  echo "Hardware UUID could not be determined" >&2',
+    '  exit 1',
+    'fi',
+    '',
+    'cat <<EOF | tee "$output_file"',
+    '===== Optimus UUID =====',
+    'Timestamp: $timestamp',
+    'Directory: $(pwd)',
+    'UUID: $uuid_value',
+    'EOF',
+    '',
+    'echo "UUID details saved to $output_file"'
+];
+export const renderLogUuidScript = () => buildLogUuidScriptLines().join('\n');

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "log-llm-config",
+  "version": "0.1.2",
+  "description": "CLI helpers for logging hardware UUIDs and posting startup payloads to Optimus Security.",
+  "type": "module",
+  "bin": {
+    "log-llm-config": "./dist/cli.js",
+    "log_uuid": "./dist/log_uuid.js"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "dev": "ts-node src/cli.ts",
+    "lint": "eslint \"src/**/*.ts\"",
+    "prepare": "npm run build"
+  },
+  "keywords": [
+    "mcp",
+    "config",
+    "logging",
+    "npx"
+  ],
+  "author": "",
+  "license": "UNLICENSED",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/optimuslabs-io/optimus-secure-fdn.git",
+    "directory": "npx_packages/log-llm-config"
+  },
+  "bugs": {
+    "url": "https://github.com/optimuslabs-io/optimus-secure-fdn/issues"
+  },
+  "homepage": "https://github.com/optimuslabs-io/optimus-secure-fdn/tree/main/npx_packages/log-llm-config#readme",
+  "files": [
+    "dist/**/*",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.30",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.4.5"
+  }
+}