log-llm-config 1.3.0 → 1.3.5

package/dist/compliance_prompt_gate.js

@@ -1,12 +1,16 @@
 /**
  * Synchronous pre-prompt gate: local compliance only (stdout = single JSON line for IDE hooks).
  * stderr must stay clean; logs go via hookRunLog (file).
+ *
+ * When autofix returns restart_commands, this process does not spawn them — the shell hook pipes
+ * the same JSON line to execute_trusted_restarts (TS allowlist + spawn).
  */
 import { applyAutofixViolations, pruneSatisfiedOneTimeRemediations, runLocalRemediationComplianceCheck, } from './log_config_files/runtime/compliance_check.js';
 import { existsSync, statSync } from 'node:fs';
-import { spawn } from 'node:child_process';
+import { pathToFileURL } from 'node:url';
+import { resolve } from 'node:path';
 import { getRemediationInstructionsPath } from './log_config_files/runtime/management_storage.js';
-import { hookLogSessionBanner, hookRunLog } from './log_config_files/runtime/hook_logger.js';
+import { hookLogSessionBanner } from './log_config_files/runtime/hook_logger.js';
 const MANIFEST_STALE_MS = 7 * 24 * 60 * 60 * 1000;
 function parseIde() {
     const eq = process.argv.find((a) => a.startsWith('--ide='));
@@ -44,13 +48,6 @@ function blockPayload(ide, violationMessage) {
     }
     return JSON.stringify({ continue: false, user_message: text });
 }
-function fireRestartCommands(commands) {
-    for (const cmd of commands) {
-        hookRunLog(`restart: firing command="${cmd}"`);
-        const child = spawn('sh', ['-c', cmd], { detached: true, stdio: 'ignore' });
-        child.unref();
-    }
-}
 function getManifestStalenessMs() {
     try {
         const path = getRemediationInstructionsPath();
@@ -63,7 +60,17 @@ function getManifestStalenessMs() {
         return null;
     }
 }
-const ide = parseIde();
+function isRunAsCliModule() {
+    const entry = process.argv[1];
+    if (!entry)
+        return false;
+    try {
+        return import.meta.url === pathToFileURL(resolve(entry)).href;
+    }
+    catch {
+        return false;
+    }
+}
 /** Short line for success dialog: finding title/sentence from manifest, not per-check remediation technical text. */
 function autofixDialogLine(v) {
     const title = v.finding_title?.trim();
@@ -76,7 +83,9 @@ function autofixDialogLine(v) {
     const short = d.length > 160 ? `${d.slice(0, 157)}…` : d;
     return `• [${v.finding_formatted_id}] ${short}`;
 }
-async function run() {
+/** Exported for tests; CLI invokes this only when {@link isRunAsCliModule} is true. */
+export async function runCompliancePromptGate() {
+    const ide = parseIde();
     hookLogSessionBanner('compliance_prompt_gate (before submit)');
     const status = runLocalRemediationComplianceCheck();
     if (status.status === 'fail' && status.violations.length > 0) {
@@ -88,28 +97,27 @@ async function run() {
             printAllowWithAdvisory(ide, advisory);
             return;
         }
-        const { fixed, restartCommands, failedViolations, reportPromises, deferredSqlitePending } = applyAutofixViolations(status.violations);
+        const { fixed, appliedViolations = [], restartCommands, failedViolations, reportPromises, deferredSqlitePending, } = applyAutofixViolations(status.violations);
         if (fixed > 0) {
             // Wait for all server reports before exiting so the POST lands.
             await Promise.allSettled(reportPromises);
+            // Deferred SQLite can leave recheck failing until restart; that must not hide a separate
+            // failed autofix (e.g. JSON remediation failed while vscdb was only queued).
+            if (failedViolations.length > 0) {
+                const ids = failedViolations.map((v) => `[${v.finding_formatted_id}]`).join(', ');
+                const msg = `Auto-fix failed for ${ids} — please fix manually or contact your security team.\n\n${failedViolations[0]?.message ?? ''}`;
+                console.log(blockPayload(ide, msg));
+                return;
+            }
             const recheck = runLocalRemediationComplianceCheck();
             const recheckOk = recheck.status === 'ok' || recheck.violations.length === 0;
             if (deferredSqlitePending || recheckOk) {
-                const fixedViolations = status.violations.filter((v) => v.autofix_allowed);
-                const byUuid = new Map();
-                for (const v of fixedViolations) {
-                    if (!byUuid.has(v.uuid))
-                        byUuid.set(v.uuid, v);
-                }
-                const deduped = [...byUuid.values()];
-                const autofixMessage = `Optimus Security auto-fixed ${deduped.length} policy violation(s):\n${deduped.map((v) => autofixDialogLine(v)).join('\n')}`;
+                const autofixMessage = `Optimus Security auto-fixed ${fixed} policy violation(s):\n${appliedViolations.map((v) => autofixDialogLine(v)).join('\n')}`;
                 const payload = { __optimus_autofix: true, autofix_message: autofixMessage };
                 if (restartCommands.length > 0)
                     payload.restart_commands = restartCommands;
                 console.log(JSON.stringify(payload));
-                // Cursor: .cursor/hooks runs restart after the osascript dialog — avoid double SIGKILL here.
-                if (ide !== 'cursor')
-                    fireRestartCommands(restartCommands);
+                // Restarts: always executed by optimus-compliance-check.sh via execute_trusted_restarts (TS allowlist + spawn).
                 return;
             }
             const msg = recheck.violations[0]?.message ?? 'A security policy violation has been detected.';
@@ -133,4 +141,6 @@ async function run() {
     }
     printAllow(ide);
 }
-run().catch(() => printAllow(ide)).finally(() => process.exit(0));
+if (isRunAsCliModule()) {
+    runCompliancePromptGate().catch(() => printAllow(parseIde())).finally(() => process.exit(0));
+}

package/dist/execute_trusted_restarts.js

@@ -0,0 +1,56 @@
+/**
+ * CLI: read one JSON line from stdin (same shape as compliance_prompt_gate stdout for __optimus_autofix),
+ * parse restart_commands[], allowlist each in TS, spawn detached. Invoked by optimus-compliance-check.sh only.
+ * stderr stays quiet; failures logged via hookRunLog.
+ */
+import { readFileSync } from 'node:fs';
+import { pathToFileURL } from 'node:url';
+import { resolve } from 'node:path';
+import { hookRunLog } from './log_config_files/runtime/hook_logger.js';
+import { executeTrustedRestartCommands } from './log_config_files/runtime/trusted_restarts.js';
+function isRunAsCliModule() {
+    const entry = process.argv[1];
+    if (!entry)
+        return false;
+    try {
+        return import.meta.url === pathToFileURL(resolve(entry)).href;
+    }
+    catch {
+        return false;
+    }
+}
+function main() {
+    let raw;
+    try {
+        raw = readFileSync(0, 'utf8');
+    }
+    catch {
+        hookRunLog('execute_trusted_restarts: could not read stdin');
+        return;
+    }
+    const first = raw.trim().split(/\r?\n/)[0]?.trim() ?? '';
+    if (!first)
+        return;
+    let j;
+    try {
+        j = JSON.parse(first);
+    }
+    catch {
+        hookRunLog('execute_trusted_restarts: stdin is not valid JSON');
+        return;
+    }
+    const cmds = j.restart_commands;
+    if (!Array.isArray(cmds))
+        return;
+    const strings = cmds.filter((c) => typeof c === 'string');
+    executeTrustedRestartCommands(strings);
+}
+if (isRunAsCliModule()) {
+    try {
+        main();
+    }
+    catch (e) {
+        hookRunLog(`execute_trusted_restarts: ${e instanceof Error ? e.message : String(e)}`);
+    }
+    process.exit(0);
+}

package/dist/log_config_files/runtime/compliance_check.js

@@ -13,8 +13,8 @@ import { readVscdbItemTableJson } from '../readers/vscdb_reader.js';
 import { readRemediationInstructionsFile, writeRemediationInstructionsFile } from './management_storage.js';
 import { complianceRunnerDiag, hookRunLog } from './hook_logger.js';
 import { loadEndpointBase } from '../sender/endpoint_config.js';
-import { resolveHardwareUuid } from './hardware_uuid.js';
-import { buildDeferredCursorRestartCommand, enforceRemediation, fetchSync, remediationFixSpec, reportAutofixApplied, syncRemediations, } from './remediation_sync.js';
+import { resolveHardwareUuid, tryResolveHardwareUuid } from './hardware_uuid.js';
+import { buildDeferredCursorRestartCommand, enforceRemediation, fetchSync, isTrustedRestartCommandForAutofix, remediationFixSpec, reportAutofixApplied, syncRemediations, } from './remediation_sync.js';
 import { sendConfigFile } from '../sender/batch_sender.js';
 import { readStoredAuthKey } from '../auth/auth_key_store.js';
 // ---------------------------------------------------------------------------
@@ -221,10 +221,17 @@ export function runLocalRemediationComplianceCheck() {
 export function applyAutofixViolations(violations) {
     const autofixable = violations.filter((v) => v.autofix_allowed);
     if (autofixable.length === 0)
-        return { fixed: 0, restartCommands: [], failedViolations: [], reportPromises: [] };
+        return {
+            fixed: 0,
+            appliedViolations: [],
+            restartCommands: [],
+            failedViolations: [],
+            reportPromises: [],
+        };
     const { remediations } = readRemediationInstructionsFile();
     const byUuid = new Map(remediations.map((r) => [r.uuid, r]));
     let fixed = 0;
+    const appliedViolations = [];
     const seen = new Set();
     const restartCommands = [];
     const failedViolations = [];
@@ -251,6 +258,7 @@ export function applyAutofixViolations(violations) {
             deferredSqlitePending = true;
         seen.add(violation.uuid);
         fixed++;
+        appliedViolations.push(violation);
         hookRunLog(`autofix: applied uuid=${inst.uuid} path=${inst.config_file_path}`);
         reportPromises.push(reportAutofixApplied(inst.uuid, 'success'));
         const authKey = readStoredAuthKey();
@@ -278,9 +286,15 @@ export function applyAutofixViolations(violations) {
                 if (updatedContent !== undefined) {
                     const fileType = (inst.file_type ?? '').trim();
                     if (fileType) {
-                        reportPromises.push(sendConfigFile({ file_type: fileType, file_path: inst.config_file_path, raw_content: updatedContent }, resolveHardwareUuid(), authKey).then((sentOk) => {
-                            hookRunLog(`autofix: uploaded remediated file uuid=${inst.uuid} path=${inst.config_file_path} ok=${sentOk}`);
-                        }));
+                        const hw = tryResolveHardwareUuid();
+                        if (hw) {
+                            reportPromises.push(sendConfigFile({ file_type: fileType, file_path: inst.config_file_path, raw_content: updatedContent }, hw, authKey).then((sentOk) => {
+                                hookRunLog(`autofix: uploaded remediated file uuid=${inst.uuid} path=${inst.config_file_path} ok=${sentOk}`);
+                            }));
+                        }
+                        else {
+                            hookRunLog(`autofix: skip upload uuid=${inst.uuid} (hardware UUID unavailable)`);
+                        }
                     }
                     else {
                         hookRunLog(`autofix: skip upload uuid=${inst.uuid} — remediation_instructions.json missing file_type (re-sync manifest)`);
@@ -294,8 +308,13 @@ export function applyAutofixViolations(violations) {
         const spec = remediationFixSpec(inst);
         if (spec?.restart_required && spec.restart_command) {
             if (!er.deferredSqlite) {
-                hookRunLog(`autofix: restart required uuid=${inst.uuid} command=${spec.restart_command}`);
-                restartCommands.push(spec.restart_command);
+                if (isTrustedRestartCommandForAutofix(spec.restart_command)) {
+                    hookRunLog(`autofix: restart required uuid=${inst.uuid} command=${spec.restart_command}`);
+                    restartCommands.push(spec.restart_command);
+                }
+                else {
+                    hookRunLog(`autofix: restart command rejected (not an allowlisted template) uuid=${inst.uuid}`);
+                }
             }
         }
         if (!inst.is_enforced) {
@@ -314,14 +333,20 @@ export function applyAutofixViolations(violations) {
         // Send a post-autofix heartbeat so the server sees the updated (reduced) UUID set immediately,
         // without waiting for the background runner (which may be locked out).
         const remainingUuids = remaining.map((r) => r.uuid);
-        reportPromises.push(fetchSync(loadEndpointBase(), resolveHardwareUuid(), remainingUuids)
-            .then(() => hookRunLog(`autofix: post-autofix heartbeat sent uuids=${remainingUuids.length}`))
-            .catch(() => undefined));
+        const hwHeartbeat = tryResolveHardwareUuid();
+        if (hwHeartbeat) {
+            reportPromises.push(fetchSync(loadEndpointBase(), hwHeartbeat, remainingUuids)
+                .then(() => hookRunLog(`autofix: post-autofix heartbeat sent uuids=${remainingUuids.length}`))
+                .catch(() => undefined));
+        }
+        else {
+            hookRunLog('autofix: skip post-autofix heartbeat (hardware UUID unavailable)');
+        }
     }
     if (fixed > 0) {
         hookRunLog(`autofix: total_applied=${fixed}`);
     }
-    return { fixed, restartCommands, failedViolations, reportPromises, deferredSqlitePending };
+    return { fixed, appliedViolations, restartCommands, failedViolations, reportPromises, deferredSqlitePending };
 }
 /**
  * Remove satisfied one-time remediations from local remediation_instructions.json.
@@ -381,11 +406,16 @@ export function pruneSatisfiedOneTimeRemediations() {
     writeRemediationInstructionsFile({ remediations: remaining });
     hookRunLog(`remediation_prune: removed=${removed} remaining=${remaining.length}`);
     const remainingUuids = remaining.map((r) => r.uuid);
-    const reportPromises = [
-        fetchSync(loadEndpointBase(), resolveHardwareUuid(), remainingUuids)
+    const hw = tryResolveHardwareUuid();
+    const reportPromises = [];
+    if (hw) {
+        reportPromises.push(fetchSync(loadEndpointBase(), hw, remainingUuids)
             .then(() => hookRunLog(`remediation_prune: post-prune heartbeat sent uuids=${remainingUuids.length}`))
-            .catch(() => undefined),
-    ];
+            .catch(() => undefined));
+    }
+    else {
+        hookRunLog('remediation_prune: skip post-prune heartbeat (hardware UUID unavailable)');
+    }
     return { removed, reportPromises };
 }
 /**

package/dist/log_config_files/runtime/hardware_uuid.js

@@ -24,4 +24,13 @@ function resolveHardwareUuid() {
     }
     throw new Error('Unable to determine hardware UUID via ioreg or system_profiler.');
 }
+/** Same as {@link resolveHardwareUuid} but returns null when the host exposes no stable ID (e.g. Linux CI). */
+export function tryResolveHardwareUuid() {
+    try {
+        return resolveHardwareUuid();
+    }
+    catch {
+        return null;
+    }
+}
 export { resolveHardwareUuid };

package/dist/log_config_files/runtime/remediation_sync.js

@@ -7,7 +7,7 @@ import { atomicWriteJson, getDeferredVscdbApplyPath, getFileCollectionVscdbContr
 import { readStoredAuthKey } from '../auth/auth_key_store.js';
 import { createSignature } from '../sender/signing.js';
 import { loadEndpointBase } from '../sender/endpoint_config.js';
-import { resolveHardwareUuid } from './hardware_uuid.js';
+import { tryResolveHardwareUuid } from './hardware_uuid.js';
 import { persistVscdbComposerContractFromPatternsResponse, readVscdbItemTableJson, } from '../readers/vscdb_reader.js';
 import { sendConfigFile } from '../sender/batch_sender.js';
 import { getFileCollectionPatterns } from '../../endpoint_client/registry_api.js';
@@ -319,6 +319,42 @@ function assertSqlite3Available() {
         return false;
     }
 }
+/**
+ * Unquoted SQLite identifiers must be [A-Za-z_][A-Za-z0-9_]* so values read from
+ * deferred_vscdb_apply.json cannot inject SQL via bogus table/column names.
+ */
+function isSafeSqliteIdentifier(ident) {
+    return /^[A-Za-z_][A-Za-z0-9_]*$/.test(ident);
+}
+function assertSafeSqliteIdentifiersForItemTable(table, keyColumn, valueColumn) {
+    if (isSafeSqliteIdentifier(table) && isSafeSqliteIdentifier(keyColumn) && isSafeSqliteIdentifier(valueColumn)) {
+        return true;
+    }
+    hookRunLog(`sqlite_update: rejected unsafe SQL identifier(s) table=${table} key_column=${keyColumn} value_column=${valueColumn}`);
+    complianceRunnerDiag('sqlite_update: rejected unsafe SQL identifier(s)');
+    return false;
+}
+/**
+ * Autofix restart_command allowlist: manifest strings are attacker-controlled if JSON is tampered.
+ * Deferred vscdb path always uses buildDeferredCursorRestartCommand(); this guards non-deferred restarts.
+ */
+export function isTrustedRestartCommandForAutofix(cmd) {
+    const t = cmd.trim();
+    if (!t)
+        return false;
+    const deferredPrefix = 'REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd) && export REPO_ROOT CURSOR_PROJECT="$REPO_ROOT" && ';
+    const legacyCursorPrefix = 'CURSOR_PROJECT=$(git rev-parse --show-toplevel 2>/dev/null || pwd) && export CURSOR_PROJECT && ';
+    const legacyCursorSnippet = 'nohup bash -c \'sleep 2 && open -a Cursor "$CURSOR_PROJECT"\'';
+    const deferred = t.startsWith(deferredPrefix) &&
+        (t.includes('apply_deferred_vscdb') || t.includes('apply-deferred-vscdb')) &&
+        t.includes('killall -9 Cursor') &&
+        t.includes('open -a Cursor');
+    const legacyCursor = t.startsWith(legacyCursorPrefix) &&
+        t.includes(legacyCursorSnippet) &&
+        t.includes('killall -9 Cursor');
+    const claude = t.startsWith("nohup bash -c 'sleep 2 && open -a Claude'") && t.includes("pkill -x 'Claude'");
+    return deferred || legacyCursor || claude;
+}
 /** Legacy Cursor: dedicated ItemTable row `composerState`. Current Cursor: nested under reactive `applicationUser` blob. */
 function cursorVscdbHasUsableComposerStateRow(dbPath, sqliteOp) {
     const raw = sqliteSelectValueCell(dbPath, sqliteOp.table, sqliteOp.key_column, sqliteOp.value_column, 'composerState').trim();
@@ -374,6 +410,25 @@ function resolveCursorComposerSqliteOp(dbPath, sqliteOp) {
     return sqliteOp;
 }
 /** Apply sqlite merge: dot-path, or array match where `json_path` is `…container.arrayKey` (e.g. `modes4` or `composerState.modes4`). */
+/** ItemTable keys that store a JSON primitive; map to one field for merge + serialize. */
+const CURSOR_SCALAR_ITEMTABLE_FIELDS = {
+    'cursor/thirdPartyExtensibilityEnabled': 'thirdPartyExtensibilityEnabled',
+    'cursorai/donotchange/privacyMode': 'privacyMode',
+    'cursor/autoOpenLocalhostUrls': 'autoOpenLocalhostUrls',
+};
+function coerceScalarForItemTableField(parsed) {
+    if (typeof parsed === 'boolean')
+        return parsed;
+    if (typeof parsed === 'string') {
+        const lower = parsed.trim().toLowerCase();
+        if (lower === 'true' || lower === '1' || lower === 'yes')
+            return true;
+        return false;
+    }
+    if (typeof parsed === 'number' && !Number.isNaN(parsed))
+        return parsed !== 0;
+    return undefined;
+}
 /**
  * ItemTable values are sometimes bare JSON booleans for toggle keys; sqlite merge expects an object root.
  * Maps known scalar roots to the policy-shaped object before applying updates.
@@ -382,44 +437,11 @@ function coerceItemTableValueToObjectRoot(targetKey, parsed) {
     if (parsed !== null && typeof parsed === 'object' && !Array.isArray(parsed)) {
         return parsed;
     }
-    if (targetKey === 'cursor/thirdPartyExtensibilityEnabled') {
-        if (typeof parsed === 'boolean') {
-            return { thirdPartyExtensibilityEnabled: parsed };
-        }
-        if (typeof parsed === 'string') {
-            const lower = parsed.trim().toLowerCase();
-            const b = lower === 'true' || lower === '1' || lower === 'yes';
-            return { thirdPartyExtensibilityEnabled: b };
-        }
-        if (typeof parsed === 'number' && !Number.isNaN(parsed)) {
-            return { thirdPartyExtensibilityEnabled: parsed !== 0 };
-        }
-    }
-    if (targetKey === 'cursorai/donotchange/privacyMode') {
-        if (typeof parsed === 'boolean') {
-            return { privacyMode: parsed };
-        }
-        if (typeof parsed === 'string') {
-            const lower = parsed.trim().toLowerCase();
-            const b = lower === 'true' || lower === '1' || lower === 'yes';
-            return { privacyMode: b };
-        }
-        if (typeof parsed === 'number' && !Number.isNaN(parsed)) {
-            return { privacyMode: parsed !== 0 };
-        }
-    }
-    if (targetKey === 'cursor/autoOpenLocalhostUrls') {
-        if (typeof parsed === 'boolean') {
-            return { autoOpenLocalhostUrls: parsed };
-        }
-        if (typeof parsed === 'string') {
-            const lower = parsed.trim().toLowerCase();
-            const b = lower === 'true' || lower === '1' || lower === 'yes';
-            return { autoOpenLocalhostUrls: b };
-        }
-        if (typeof parsed === 'number' && !Number.isNaN(parsed)) {
-            return { autoOpenLocalhostUrls: parsed !== 0 };
-        }
+    const field = CURSOR_SCALAR_ITEMTABLE_FIELDS[targetKey];
+    if (field) {
+        const b = coerceScalarForItemTableField(parsed);
+        if (b !== undefined)
+            return { [field]: b };
     }
     return {};
 }
@@ -428,30 +450,11 @@ function coerceItemTableValueToObjectRoot(targetKey, parsed) {
  * object can be ignored or overwritten on launch; match the native primitive shape when disabling.
  */
 function serializeItemTableValueForWrite(targetKey, root) {
-    if (targetKey === 'cursor/thirdPartyExtensibilityEnabled') {
+    const field = CURSOR_SCALAR_ITEMTABLE_FIELDS[targetKey];
+    if (field) {
         const keys = Object.keys(root);
-        if (keys.length === 1 && keys[0] === 'thirdPartyExtensibilityEnabled') {
-            const v = root.thirdPartyExtensibilityEnabled;
-            if (typeof v === 'boolean')
-                return v ? 'true' : 'false';
-            if (typeof v === 'number' && !Number.isNaN(v))
-                return v !== 0 ? 'true' : 'false';
-        }
-    }
-    if (targetKey === 'cursorai/donotchange/privacyMode') {
-        const keys = Object.keys(root);
-        if (keys.length === 1 && keys[0] === 'privacyMode') {
-            const v = root.privacyMode;
-            if (typeof v === 'boolean')
-                return v ? 'true' : 'false';
-            if (typeof v === 'number' && !Number.isNaN(v))
-                return v !== 0 ? 'true' : 'false';
-        }
-    }
-    if (targetKey === 'cursor/autoOpenLocalhostUrls') {
-        const keys = Object.keys(root);
-        if (keys.length === 1 && keys[0] === 'autoOpenLocalhostUrls') {
-            const v = root.autoOpenLocalhostUrls;
+        if (keys.length === 1 && keys[0] === field) {
+            const v = root[field];
             if (typeof v === 'boolean')
                 return v ? 'true' : 'false';
             if (typeof v === 'number' && !Number.isNaN(v))
@@ -580,6 +583,9 @@ function mergeJsonAtSqlitePath(currentJson, json_path, updates) {
     }
 }
 function sqliteSelectValueCell(dbPath, table, key_column, value_column, target_key) {
+    if (!assertSafeSqliteIdentifiersForItemTable(table, key_column, value_column)) {
+        return '';
+    }
     const safeName = target_key.replace(/'/g, "''");
     const script = `.timeout 60000\nSELECT ${value_column} FROM ${table} WHERE ${key_column}='${safeName}';\n`;
     return execFileSync('sqlite3', ['-noheader', dbPath], {
@@ -663,6 +669,9 @@ export async function applyDeferredVscdbFromDisk() {
                 hookRunLog(`deferred_vscdb: database missing ${it.dbPath}`);
                 return false;
             }
+            if (!assertSafeSqliteIdentifiersForItemTable(it.table, it.key_column, it.value_column)) {
+                return false;
+            }
             const safeJson = it.new_value_json.replace(/'/g, "''");
             const safeName = it.target_key.replace(/'/g, "''");
             const sql = `UPDATE ${it.table} SET ${it.value_column}='${safeJson}' WHERE ${it.key_column}='${safeName}';`;
@@ -691,7 +700,12 @@ export async function applyDeferredVscdbFromDisk() {
                 hookRunLog(`deferred_vscdb: post-apply read failed path=${u.file_path}`);
                 continue;
             }
-            const sent = await sendConfigFile({ file_type: u.file_type, file_path: u.file_path, raw_content: rawContent }, resolveHardwareUuid(), authKey);
+            const hw = tryResolveHardwareUuid();
+            if (!hw) {
+                hookRunLog(`deferred_vscdb: skip post-apply upload (hardware UUID unavailable) path=${u.file_path}`);
+                continue;
+            }
+            const sent = await sendConfigFile({ file_type: u.file_type, file_path: u.file_path, raw_content: rawContent }, hw, authKey);
             hookRunLog(`deferred_vscdb: post-apply upload path=${u.file_path} ok=${sent}`);
         }
         unlinkSync(path);
@@ -702,7 +716,13 @@ export async function applyDeferredVscdbFromDisk() {
         return false;
     }
 }
-/** macOS Cursor: SIGKILL, apply queued vscdb writes, reopen project. */
+/**
+ * macOS Cursor: SIGKILL, apply queued vscdb writes, reopen project.
+ *
+ * When `restart_required` implies deferred state.vscdb, `applyAutofixViolations` replaces any
+ * `restart_command` from remediation specs with this string (see compliance_check.ts). Spec JSON
+ * still documents a simpler Cursor reopen for non-code readers; that template is not executed on the deferred path.
+ */
 export function buildDeferredCursorRestartCommand() {
     // Prefer monorepo path when hooks run from optimus-secure-fdn; otherwise `npx -p log-llm-config apply-deferred-vscdb`
     // (package bin) so published installs work without a local npx_packages copy.
@@ -798,6 +818,9 @@ function applyOrQueueSqliteJsonUpdate(configPath, sqliteOp, deferred) {
             return false;
         sqliteOp = resolveCursorComposerSqliteOp(dbPath, sqliteOp);
         const { table, key_column, value_column, target_key } = sqliteOp;
+        if (!assertSafeSqliteIdentifiersForItemTable(table, key_column, value_column)) {
+            return false;
+        }
         const safeName = target_key.replace(/'/g, "''");
         let currentJson = {};
         try {
@@ -932,7 +955,11 @@ export function reportAutofixApplied(remediationUuid, result) {
         hookRunLog(`autofix_report: no auth key available, skipping report for uuid=${remediationUuid}`);
         return Promise.resolve();
     }
-    const hardwareUuid = resolveHardwareUuid();
+    const hardwareUuid = tryResolveHardwareUuid();
+    if (!hardwareUuid) {
+        hookRunLog(`autofix_report: hardware UUID unavailable, skipping report for uuid=${remediationUuid}`);
+        return Promise.resolve();
+    }
     const endpointBase = loadEndpointBase();
     const url = `${resolveOrigin(endpointBase)}/endpoint_security/api/autofix-applied/`;
     const payload = { hardware_uuid: hardwareUuid, remediation_uuid: remediationUuid, result };

package/dist/log_config_files/runtime/trusted_restarts.js

@@ -0,0 +1,22 @@
+/**
+ * Execute autofix restart_command strings only if allowlisted (same rules as gate enqueue).
+ * Used by the compliance shell hook via execute_trusted_restarts CLI — single place for allowlist + spawn.
+ */
+import { spawn } from 'node:child_process';
+import { hookRunLog } from './hook_logger.js';
+import { isTrustedRestartCommandForAutofix } from './remediation_sync.js';
+/** Spawn each trusted command detached (same pattern as former compliance_prompt_gate fireRestartCommands). */
+export function executeTrustedRestartCommands(commands) {
+    for (const cmd of commands) {
+        const t = cmd.trim();
+        if (!t)
+            continue;
+        if (!isTrustedRestartCommandForAutofix(cmd)) {
+            hookRunLog(`execute_trusted_restarts: rejected (not allowlisted) prefix=${t.slice(0, 120)}`);
+            continue;
+        }
+        hookRunLog(`execute_trusted_restarts: firing command="${t}"`);
+        const child = spawn('sh', ['-c', t], { detached: true, stdio: 'ignore' });
+        child.unref();
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "log-llm-config",
-  "version": "1.3.0",
+  "version": "1.3.5",
   "description": "CLI helpers for logging hardware UUIDs and posting startup payloads to Optimus Security.",
   "type": "module",
   "bin": {
@@ -8,13 +8,15 @@
     "log_uuid": "dist/log_uuid/index.js",
     "log_config_files": "dist/log_config_files/index.js",
     "log_sensitive_paths_audit": "dist/log_sensitive_paths_audit.js",
-    "apply-deferred-vscdb": "dist/apply_deferred_vscdb.js"
+    "apply-deferred-vscdb": "dist/apply_deferred_vscdb.js",
+    "execute-trusted-restarts": "dist/execute_trusted_restarts.js"
   },
   "scripts": {
     "build": "tsc -p tsconfig.json",
     "dev": "ts-node src/cli.ts",
     "lint": "eslint \"src/**/*.ts\"",
     "prepare": "npm run build",
+    "pretest": "npm run build",
     "test": "vitest run",
     "test:watch": "vitest"
   },
@@ -44,11 +46,11 @@
   },
   "devDependencies": {
     "@types/node": "^24.10.1",
-    "@vitest/coverage-v8": "^4.1.1",
-    "@vitest/ui": "^4.0.15",
+    "@vitest/coverage-v8": "^3.2.4",
+    "@vitest/ui": "^3.2.4",
     "ts-node": "^10.9.2",
     "typescript": "^5.4.5",
-    "vitest": "^4.0.15"
+    "vitest": "^3.2.4"
   },
   "dependencies": {
     "axios": "^1.13.5",