opensip-cli 0.1.16 → 0.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap/bootstrap-diagnostics-buffer.d.ts +1 -0
- package/dist/bootstrap/bootstrap-diagnostics-buffer.d.ts.map +1 -1
- package/dist/bootstrap/bootstrap-diagnostics-buffer.js +1 -0
- package/dist/bootstrap/bootstrap-diagnostics-buffer.js.map +1 -1
- package/dist/bootstrap/build-per-run-scope.d.ts +7 -0
- package/dist/bootstrap/build-per-run-scope.d.ts.map +1 -1
- package/dist/bootstrap/build-per-run-scope.js +11 -23
- package/dist/bootstrap/build-per-run-scope.js.map +1 -1
- package/dist/bootstrap/discovery-diagnostics.d.ts +2 -1
- package/dist/bootstrap/discovery-diagnostics.d.ts.map +1 -1
- package/dist/bootstrap/discovery-diagnostics.js +5 -5
- package/dist/bootstrap/discovery-diagnostics.js.map +1 -1
- package/dist/bootstrap/execute-post-bailout-bootstrap.d.ts.map +1 -1
- package/dist/bootstrap/execute-post-bailout-bootstrap.js +103 -65
- package/dist/bootstrap/execute-post-bailout-bootstrap.js.map +1 -1
- package/dist/bootstrap/index.d.ts +3 -0
- package/dist/bootstrap/index.d.ts.map +1 -1
- package/dist/bootstrap/index.js +41 -23
- package/dist/bootstrap/index.js.map +1 -1
- package/dist/bootstrap/pre-action-runtime.d.ts +2 -0
- package/dist/bootstrap/pre-action-runtime.d.ts.map +1 -1
- package/dist/bootstrap/register-authored-tools.d.ts +7 -5
- package/dist/bootstrap/register-authored-tools.d.ts.map +1 -1
- package/dist/bootstrap/register-authored-tools.js +14 -9
- package/dist/bootstrap/register-authored-tools.js.map +1 -1
- package/dist/bootstrap/register-tools-discovery.d.ts +6 -1
- package/dist/bootstrap/register-tools-discovery.d.ts.map +1 -1
- package/dist/bootstrap/register-tools-discovery.js +17 -5
- package/dist/bootstrap/register-tools-discovery.js.map +1 -1
- package/dist/bootstrap/render.d.ts.map +1 -1
- package/dist/bootstrap/render.js +35 -11
- package/dist/bootstrap/render.js.map +1 -1
- package/dist/bootstrap/startup-timing.d.ts +16 -0
- package/dist/bootstrap/startup-timing.d.ts.map +1 -0
- package/dist/bootstrap/startup-timing.js +42 -0
- package/dist/bootstrap/startup-timing.js.map +1 -0
- package/dist/bootstrap/tool-trust.d.ts +46 -6
- package/dist/bootstrap/tool-trust.d.ts.map +1 -1
- package/dist/bootstrap/tool-trust.js +149 -7
- package/dist/bootstrap/tool-trust.js.map +1 -1
- package/dist/bootstrap/validate-tool.d.ts +2 -2
- package/dist/bootstrap/validate-tool.js +2 -2
- package/dist/commands/tools/create-templates.d.ts.map +1 -1
- package/dist/commands/tools/create-templates.js +7 -8
- package/dist/commands/tools/create-templates.js.map +1 -1
- package/dist/commands/tools/create.d.ts.map +1 -1
- package/dist/commands/tools/create.js +22 -6
- package/dist/commands/tools/create.js.map +1 -1
- package/dist/commands/tools/install.d.ts.map +1 -1
- package/dist/commands/tools/install.js +14 -4
- package/dist/commands/tools/install.js.map +1 -1
- package/dist/commands/tools/list.d.ts +1 -0
- package/dist/commands/tools/list.d.ts.map +1 -1
- package/dist/commands/tools/list.js +44 -7
- package/dist/commands/tools/list.js.map +1 -1
- package/dist/commands/tools/trust-config.d.ts +8 -0
- package/dist/commands/tools/trust-config.d.ts.map +1 -0
- package/dist/commands/tools/trust-config.js +64 -0
- package/dist/commands/tools/trust-config.js.map +1 -0
- package/dist/commands/tools/uninstall.d.ts.map +1 -1
- package/dist/commands/tools/uninstall.js +7 -0
- package/dist/commands/tools/uninstall.js.map +1 -1
- package/dist/env/host-env-specs.js +13 -13
- package/dist/env/host-env-specs.js.map +1 -1
- package/dist/error-handler.js +1 -1
- package/dist/error-handler.js.map +1 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/ui/views/tools-views.d.ts.map +1 -1
- package/dist/ui/views/tools-views.js +5 -3
- package/dist/ui/views/tools-views.js.map +1 -1
- package/package.json +34 -34
|
@@ -8,13 +8,13 @@
|
|
|
8
8
|
* rather than load-by-presence.
|
|
9
9
|
*
|
|
10
10
|
* Policy for launch (signed off): **deny-by-default for non-interactive
|
|
11
|
-
* runs; admit
|
|
12
|
-
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
11
|
+
* runs; admit when an explicit project/user action recorded trust.** Project
|
|
12
|
+
* authored tools use committed `tools.trusted`; managed npm installs use a
|
|
13
|
+
* per-host trust record; env allowlists remain override/incident-response
|
|
14
|
+
* mechanisms:
|
|
15
15
|
*
|
|
16
|
-
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="my-audit, my-lint"
|
|
17
|
-
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="*" #
|
|
16
|
+
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="my-audit, my-lint" # override by id
|
|
17
|
+
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="*" # override all
|
|
18
18
|
*
|
|
19
19
|
* The decision is made BEFORE the tool's module is imported: a disallowed
|
|
20
20
|
* project-local tool is fail-closed (exit 5) without its code ever running.
|
|
@@ -37,6 +37,46 @@ export declare const INSTALLED_TOOL_ALLOWLIST_ENV = "OPENSIP_CLI_ALLOW_INSTALLED
|
|
|
37
37
|
* honored.
|
|
38
38
|
*/
|
|
39
39
|
export declare const CAPABILITY_PACK_ALLOWLIST_ENV = "OPENSIP_CLI_ALLOW_CAPABILITY_PACKS";
|
|
40
|
+
export type ToolTrustReason = 'bundled' | 'managed-install' | 'project-config' | 'env' | 'user-global' | 'denied';
|
|
41
|
+
export interface InstalledToolTrustRecord {
|
|
42
|
+
readonly toolId: string;
|
|
43
|
+
readonly packageName: string;
|
|
44
|
+
readonly version?: string;
|
|
45
|
+
readonly manifestHash: string;
|
|
46
|
+
readonly installSourcePath: string;
|
|
47
|
+
readonly installedAt: string;
|
|
48
|
+
}
|
|
49
|
+
export interface InstalledToolTrustDecision {
|
|
50
|
+
readonly trusted: boolean;
|
|
51
|
+
readonly reason: ToolTrustReason;
|
|
52
|
+
}
|
|
53
|
+
export declare function trustedToolIdsFromConfigDocument(document: unknown): ReadonlySet<string>;
|
|
54
|
+
export declare function readProjectTrustedToolIds(configPath: string | undefined): ReadonlySet<string>;
|
|
55
|
+
export declare function recordInstalledToolTrust(args: {
|
|
56
|
+
readonly scope: 'global' | 'project';
|
|
57
|
+
readonly cwd: string;
|
|
58
|
+
readonly toolId: string;
|
|
59
|
+
readonly packageName: string;
|
|
60
|
+
readonly version?: string;
|
|
61
|
+
readonly manifestHash: string;
|
|
62
|
+
readonly installSourcePath: string;
|
|
63
|
+
readonly installedAt?: Date;
|
|
64
|
+
}): void;
|
|
65
|
+
export declare function removeInstalledToolTrust(args: {
|
|
66
|
+
readonly scope: 'global' | 'project';
|
|
67
|
+
readonly cwd: string;
|
|
68
|
+
readonly toolId: string;
|
|
69
|
+
readonly packageName: string;
|
|
70
|
+
}): void;
|
|
71
|
+
export declare function resolveInstalledToolTrust(args: {
|
|
72
|
+
readonly toolId: string;
|
|
73
|
+
readonly packageName: string;
|
|
74
|
+
readonly packageDir: string;
|
|
75
|
+
readonly manifestHash?: string;
|
|
76
|
+
readonly env?: NodeJS.ProcessEnv;
|
|
77
|
+
readonly projectRoot?: string;
|
|
78
|
+
readonly projectTrustedTools?: ReadonlySet<string>;
|
|
79
|
+
}): InstalledToolTrustDecision;
|
|
40
80
|
/**
|
|
41
81
|
* Decide whether a project-local executable tool with the given `id` is
|
|
42
82
|
* trusted to load, under the deny-by-default + allowlist-opt-in policy.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-trust.d.ts","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tool-trust.d.ts","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"AAYA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH;;;;GAIG;AACH,eAAO,MAAM,0BAA0B,oCAAoC,CAAC;AAE5E;;;;GAIG;AACH,eAAO,MAAM,4BAA4B,sCAAsC,CAAC;AAEhF;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,uCAAuC,CAAC;AAKlF,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,iBAAiB,GACjB,gBAAgB,GAChB,KAAK,GACL,aAAa,GACb,QAAQ,CAAC;AAEb,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAOD,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;CAClC;AA8CD,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAKvF;AAED,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAG7F;AA4CD,wBAAgB,wBAAwB,CAAC,IAAI,EAAE;IAC7C,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC;CAC7B,GAAG,IAAI,CAiBP;AAED,wBAAgB,wBAAwB,CAAC,IAAI,EAAE;IAC7C,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,GAAG,IAAI,CAWP;AA0CD,wBAAgB,yBAAyB,CAAC,IAAI,EAAE;IAC9C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACjC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,mBAAmB,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CACpD,GAAG,0BAA0B,CA4C7B;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,yBAAyB,CACvC,EAAE,EAAE,MAAM,EACV,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAIT;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAIhG;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,MAAM,EACnB,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAIT"}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
|
|
2
|
+
import { dirname, join } from 'node:path';
|
|
3
|
+
import { isPathInside, isPlainRecord, logger, readYamlFile, resolveProjectPaths, resolveUserPaths, } from '@opensip-cli/core';
|
|
2
4
|
/**
|
|
3
5
|
* tool-trust — executable-tool trust policies for project-local and installed
|
|
4
6
|
* npm tools (release launch, Phase 3 Task 3.2; audit remediation).
|
|
@@ -9,13 +11,13 @@ import { logger } from '@opensip-cli/core';
|
|
|
9
11
|
* rather than load-by-presence.
|
|
10
12
|
*
|
|
11
13
|
* Policy for launch (signed off): **deny-by-default for non-interactive
|
|
12
|
-
* runs; admit
|
|
13
|
-
*
|
|
14
|
-
*
|
|
15
|
-
*
|
|
14
|
+
* runs; admit when an explicit project/user action recorded trust.** Project
|
|
15
|
+
* authored tools use committed `tools.trusted`; managed npm installs use a
|
|
16
|
+
* per-host trust record; env allowlists remain override/incident-response
|
|
17
|
+
* mechanisms:
|
|
16
18
|
*
|
|
17
|
-
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="my-audit, my-lint"
|
|
18
|
-
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="*" #
|
|
19
|
+
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="my-audit, my-lint" # override by id
|
|
20
|
+
* OPENSIP_CLI_ALLOW_PROJECT_TOOLS="*" # override all
|
|
19
21
|
*
|
|
20
22
|
* The decision is made BEFORE the tool's module is imported: a disallowed
|
|
21
23
|
* project-local tool is fail-closed (exit 5) without its code ever running.
|
|
@@ -38,6 +40,8 @@ export const INSTALLED_TOOL_ALLOWLIST_ENV = 'OPENSIP_CLI_ALLOW_INSTALLED_TOOLS';
|
|
|
38
40
|
* honored.
|
|
39
41
|
*/
|
|
40
42
|
export const CAPABILITY_PACK_ALLOWLIST_ENV = 'OPENSIP_CLI_ALLOW_CAPABILITY_PACKS';
|
|
43
|
+
const TOOL_TRUST_FILE = 'tool-trust.json';
|
|
44
|
+
const TOOL_TRUST_SCHEMA_VERSION = 1;
|
|
41
45
|
/**
|
|
42
46
|
* Parse the allowlist env var into a set of permitted tool ids. Empty/
|
|
43
47
|
* unset ⇒ empty set (deny-by-default). The wildcard `'*'` admits all
|
|
@@ -71,6 +75,144 @@ function warnIgnoredCapabilityWildcard(allow) {
|
|
|
71
75
|
detail: 'OPENSIP_CLI_ALLOW_CAPABILITY_PACKS requires exact package names; wildcard * is ignored',
|
|
72
76
|
});
|
|
73
77
|
}
|
|
78
|
+
function stringArrayAt(record, key) {
|
|
79
|
+
const value = record[key];
|
|
80
|
+
return Array.isArray(value)
|
|
81
|
+
? value.filter((item) => typeof item === 'string')
|
|
82
|
+
: [];
|
|
83
|
+
}
|
|
84
|
+
export function trustedToolIdsFromConfigDocument(document) {
|
|
85
|
+
if (!isPlainRecord(document))
|
|
86
|
+
return new Set();
|
|
87
|
+
const tools = document.tools;
|
|
88
|
+
if (!isPlainRecord(tools))
|
|
89
|
+
return new Set();
|
|
90
|
+
return new Set(stringArrayAt(tools, 'trusted'));
|
|
91
|
+
}
|
|
92
|
+
export function readProjectTrustedToolIds(configPath) {
|
|
93
|
+
if (configPath === undefined)
|
|
94
|
+
return new Set();
|
|
95
|
+
return trustedToolIdsFromConfigDocument(readYamlFile(configPath));
|
|
96
|
+
}
|
|
97
|
+
function installedTrustFileForScope(scope, cwd) {
|
|
98
|
+
const hostDir = scope === 'project'
|
|
99
|
+
? resolveProjectPaths(cwd).pluginsDir('tool')
|
|
100
|
+
: resolveUserPaths().pluginsDir('tool');
|
|
101
|
+
return join(hostDir, TOOL_TRUST_FILE);
|
|
102
|
+
}
|
|
103
|
+
function readInstalledTrustFile(path) {
|
|
104
|
+
if (!existsSync(path))
|
|
105
|
+
return { schemaVersion: TOOL_TRUST_SCHEMA_VERSION, installedTools: [] };
|
|
106
|
+
try {
|
|
107
|
+
const parsed = JSON.parse(readFileSync(path, 'utf8'));
|
|
108
|
+
if (!isPlainRecord(parsed)) {
|
|
109
|
+
return { schemaVersion: TOOL_TRUST_SCHEMA_VERSION, installedTools: [] };
|
|
110
|
+
}
|
|
111
|
+
const records = Array.isArray(parsed.installedTools) ? parsed.installedTools : [];
|
|
112
|
+
return {
|
|
113
|
+
schemaVersion: TOOL_TRUST_SCHEMA_VERSION,
|
|
114
|
+
installedTools: records.filter(isInstalledToolTrustRecord),
|
|
115
|
+
};
|
|
116
|
+
}
|
|
117
|
+
catch {
|
|
118
|
+
return { schemaVersion: TOOL_TRUST_SCHEMA_VERSION, installedTools: [] };
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
function isInstalledToolTrustRecord(value) {
|
|
122
|
+
if (!isPlainRecord(value))
|
|
123
|
+
return false;
|
|
124
|
+
return (typeof value.toolId === 'string' &&
|
|
125
|
+
typeof value.packageName === 'string' &&
|
|
126
|
+
(value.version === undefined || typeof value.version === 'string') &&
|
|
127
|
+
typeof value.manifestHash === 'string' &&
|
|
128
|
+
typeof value.installSourcePath === 'string' &&
|
|
129
|
+
typeof value.installedAt === 'string');
|
|
130
|
+
}
|
|
131
|
+
function writeInstalledTrustFile(path, file) {
|
|
132
|
+
mkdirSync(dirname(path), { recursive: true });
|
|
133
|
+
writeFileSync(path, `${JSON.stringify(file, null, 2)}\n`, 'utf8');
|
|
134
|
+
}
|
|
135
|
+
export function recordInstalledToolTrust(args) {
|
|
136
|
+
const path = installedTrustFileForScope(args.scope, args.cwd);
|
|
137
|
+
const existing = readInstalledTrustFile(path).installedTools.filter((record) => !(record.toolId === args.toolId && record.packageName === args.packageName));
|
|
138
|
+
const record = {
|
|
139
|
+
toolId: args.toolId,
|
|
140
|
+
packageName: args.packageName,
|
|
141
|
+
...(args.version === undefined ? {} : { version: args.version }),
|
|
142
|
+
manifestHash: args.manifestHash,
|
|
143
|
+
installSourcePath: args.installSourcePath,
|
|
144
|
+
installedAt: (args.installedAt ?? new Date()).toISOString(),
|
|
145
|
+
};
|
|
146
|
+
writeInstalledTrustFile(path, {
|
|
147
|
+
schemaVersion: TOOL_TRUST_SCHEMA_VERSION,
|
|
148
|
+
installedTools: [...existing, record],
|
|
149
|
+
});
|
|
150
|
+
}
|
|
151
|
+
export function removeInstalledToolTrust(args) {
|
|
152
|
+
const path = installedTrustFileForScope(args.scope, args.cwd);
|
|
153
|
+
const existing = readInstalledTrustFile(path).installedTools;
|
|
154
|
+
const retained = existing.filter((record) => !(record.toolId === args.toolId && record.packageName === args.packageName));
|
|
155
|
+
if (retained.length === existing.length)
|
|
156
|
+
return;
|
|
157
|
+
writeInstalledTrustFile(path, {
|
|
158
|
+
schemaVersion: TOOL_TRUST_SCHEMA_VERSION,
|
|
159
|
+
installedTools: retained,
|
|
160
|
+
});
|
|
161
|
+
}
|
|
162
|
+
function recordMatchesInstalledTool(record, args) {
|
|
163
|
+
return (record.toolId === args.toolId &&
|
|
164
|
+
record.packageName === args.packageName &&
|
|
165
|
+
(args.manifestHash === undefined || record.manifestHash === args.manifestHash));
|
|
166
|
+
}
|
|
167
|
+
function hasMatchingManagedInstallTrust(args) {
|
|
168
|
+
const path = installedTrustFileForScope(args.scope, args.cwd);
|
|
169
|
+
return readInstalledTrustFile(path).installedTools.some((record) => recordMatchesInstalledTool(record, args));
|
|
170
|
+
}
|
|
171
|
+
function isPackageUnderManagedHost(args) {
|
|
172
|
+
const hostDir = args.scope === 'project'
|
|
173
|
+
? resolveProjectPaths(args.cwd).pluginsDir('tool')
|
|
174
|
+
: resolveUserPaths().pluginsDir('tool');
|
|
175
|
+
return isPathInside(args.packageDir, hostDir);
|
|
176
|
+
}
|
|
177
|
+
export function resolveInstalledToolTrust(args) {
|
|
178
|
+
if (isInstalledToolTrusted(args.toolId, args.env)) {
|
|
179
|
+
return { trusted: true, reason: 'env' };
|
|
180
|
+
}
|
|
181
|
+
if (args.projectRoot !== undefined &&
|
|
182
|
+
isPackageUnderManagedHost({
|
|
183
|
+
packageDir: args.packageDir,
|
|
184
|
+
scope: 'project',
|
|
185
|
+
cwd: args.projectRoot,
|
|
186
|
+
})) {
|
|
187
|
+
if (hasMatchingManagedInstallTrust({
|
|
188
|
+
scope: 'project',
|
|
189
|
+
cwd: args.projectRoot,
|
|
190
|
+
toolId: args.toolId,
|
|
191
|
+
packageName: args.packageName,
|
|
192
|
+
manifestHash: args.manifestHash,
|
|
193
|
+
})) {
|
|
194
|
+
return { trusted: true, reason: 'managed-install' };
|
|
195
|
+
}
|
|
196
|
+
if (args.projectTrustedTools?.has(args.toolId) === true) {
|
|
197
|
+
return { trusted: true, reason: 'project-config' };
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
if (isPackageUnderManagedHost({
|
|
201
|
+
packageDir: args.packageDir,
|
|
202
|
+
scope: 'global',
|
|
203
|
+
cwd: process.cwd(),
|
|
204
|
+
}) &&
|
|
205
|
+
hasMatchingManagedInstallTrust({
|
|
206
|
+
scope: 'global',
|
|
207
|
+
cwd: process.cwd(),
|
|
208
|
+
toolId: args.toolId,
|
|
209
|
+
packageName: args.packageName,
|
|
210
|
+
manifestHash: args.manifestHash,
|
|
211
|
+
})) {
|
|
212
|
+
return { trusted: true, reason: 'managed-install' };
|
|
213
|
+
}
|
|
214
|
+
return { trusted: false, reason: 'denied' };
|
|
215
|
+
}
|
|
74
216
|
/**
|
|
75
217
|
* Decide whether a project-local executable tool with the given `id` is
|
|
76
218
|
* trusted to load, under the deny-by-default + allowlist-opt-in policy.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-trust.js","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"tool-trust.js","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,YAAY,EACZ,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,iCAAiC,CAAC;AAE5E;;;;GAIG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,mCAAmC,CAAC;AAEhF;;;;GAIG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,oCAAoC,CAAC;AAElF,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAC1C,MAAM,yBAAyB,GAAG,CAAC,CAAC;AA6BpC;;;;GAIG;AACH,SAAS,cAAc,CAAC,GAAuB;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAC3B,OAAO,IAAI,GAAG,CACZ,GAAG;SACA,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAc,EAAE,KAA0B;IACvE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO;IAC5B,MAAM,CAAC,IAAI,CAAC;QACV,GAAG,EAAE,8BAA8B;QACnC,MAAM;QACN,UAAU,EAAE,IAAI;QAChB,MAAM,EACJ,qGAAqG;YACrG,6CAA6C;KAChD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,6BAA6B,CAAC,KAA0B;IAC/D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO;IAC5B,MAAM,CAAC,IAAI,CAAC;QACV,GAAG,EAAE,uCAAuC;QAC5C,MAAM,EAAE,6BAA6B;QACrC,MAAM,EACJ,wFAAwF;KAC3F,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,MAA+B,EAAE,GAAW;IACjE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC;QAClE,CAAC,CAAC,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,gCAAgC,CAAC,QAAiB;IAChE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;IAC7B,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAC5C,OAAO,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,UAA8B;IACtE,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAC/C,OAAO,gCAAgC,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,0BAA0B,CAAC,KAA2B,EAAE,GAAW;IAC1E,MAAM,OAAO,GACX,KAAK,KAAK,SAAS;QACjB,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC;QAC7C,CAAC,CAAC,gBAAgB,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC5C,OAAO,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC/F,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAY,CAAC;QACjE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;QAC1E,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,OAAO;YACL,aAAa,EAAE,yBAAyB;YACxC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,0BAA0B,CAAC;SAC3D,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,CACL,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ;QAChC,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ;QACrC,CAAC,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC;QAClE,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ;QACtC,OAAO,KAAK,CAAC,iBAAiB,KAAK,QAAQ;QAC3C,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,CACtC,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY,EAAE,IAA4B;IACzE,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,IASxC;IACC,MAAM,IAAI,GAAG,0BAA0B,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,CACjE,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAAC,CACxF,CAAC;IACF,MAAM,MAAM,GAA6B;QACvC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;QAChE,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;QACzC,WAAW,EAAE,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;KAC5D,CAAC;IACF,uBAAuB,CAAC,IAAI,EAAE;QAC5B,aAAa,EAAE,yBAAyB;QACxC,cAAc,EAAE,CAAC,GAAG,QAAQ,EAAE,MAAM,CAAC;KACtC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,IAKxC;IACC,MAAM,IAAI,GAAG,0BAA0B,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC;IAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAC9B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAAC,CACxF,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO;IAChD,uBAAuB,CAAC,IAAI,EAAE;QAC5B,aAAa,EAAE,yBAAyB;QACxC,cAAc,EAAE,QAAQ;KACzB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,0BAA0B,CACjC,MAAgC,EAChC,IAIC;IAED,OAAO,CACL,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;QAC7B,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW;QACvC,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,MAAM,CAAC,YAAY,KAAK,IAAI,CAAC,YAAY,CAAC,CAC/E,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B,CAAC,IAMvC;IACC,MAAM,IAAI,GAAG,0BAA0B,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9D,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACjE,0BAA0B,CAAC,MAAM,EAAE,IAAI,CAAC,CACzC,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAAC,IAIlC;IACC,MAAM,OAAO,GACX,IAAI,CAAC,KAAK,KAAK,SAAS;QACtB,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC;QAClD,CAAC,CAAC,gBAAgB,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,IAQzC;IACC,IAAI,sBAAsB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAClD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC1C,CAAC;IACD,IACE,IAAI,CAAC,WAAW,KAAK,SAAS;QAC9B,yBAAyB,CAAC;YACxB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,IAAI,CAAC,WAAW;SACtB,CAAC,EACF,CAAC;QACD,IACE,8BAA8B,CAAC;YAC7B,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,IAAI,CAAC,WAAW;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,EACF,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACtD,CAAC;QACD,IAAI,IAAI,CAAC,mBAAmB,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IACD,IACE,yBAAyB,CAAC;QACxB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,KAAK,EAAE,QAAQ;QACf,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;KACnB,CAAC;QACF,8BAA8B,CAAC;YAC7B,KAAK,EAAE,QAAQ;YACf,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,EACF,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACtD,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,yBAAyB,CACvC,EAAU,EACV,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;IAC9D,qBAAqB,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;IACzD,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CAAC,EAAU,EAAE,MAAyB,OAAO,CAAC,GAAG;IACrF,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC;IAChE,qBAAqB,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;IAC3D,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,WAAmB,EACnB,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC,CAAC;IACjE,6BAA6B,CAAC,KAAK,CAAC,CAAC;IACrC,OAAO,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAChC,CAAC"}
|
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
* tool's module is imported. The compatibility gate (`admitTool`) and the
|
|
16
16
|
* project-local TRUST gate (`admitProjectLocalTool`, deny-by-default) run
|
|
17
17
|
* on the STATIC manifest *before* import — so a project-local executable
|
|
18
|
-
* tool that is not
|
|
19
|
-
*
|
|
18
|
+
* tool that is not trusted is fail-closed without its code ever running, and
|
|
19
|
+
* never reaches `isValidTool`.
|
|
20
20
|
*/
|
|
21
21
|
import { type Tool } from '@opensip-cli/core';
|
|
22
22
|
/**
|
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
* tool's module is imported. The compatibility gate (`admitTool`) and the
|
|
16
16
|
* project-local TRUST gate (`admitProjectLocalTool`, deny-by-default) run
|
|
17
17
|
* on the STATIC manifest *before* import — so a project-local executable
|
|
18
|
-
* tool that is not
|
|
19
|
-
*
|
|
18
|
+
* tool that is not trusted is fail-closed without its code ever running, and
|
|
19
|
+
* never reaches `isValidTool`.
|
|
20
20
|
*/
|
|
21
21
|
import { validateCommandSpec, validateToolIdentity } from '@opensip-cli/core';
|
|
22
22
|
/** Top-level hook keys removed in the tool-author-simplify contract. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-templates.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/create-templates.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,UAAU,CAAC;AAE5D,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,SAAS,oBAAoB,EAAE,CAAC;IAChD,QAAQ,CAAC,SAAS,EAAE,SAAS,MAAM,EAAE,CAAC;CACvC;AAED,MAAM,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,qBAAqB,KAAK,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"create-templates.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/create-templates.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,UAAU,CAAC;AAE5D,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,SAAS,oBAAoB,EAAE,CAAC;IAChD,QAAQ,CAAC,SAAS,EAAE,SAAS,MAAM,EAAE,CAAC;CACvC;AAED,MAAM,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,qBAAqB,KAAK,oBAAoB,CAAC;AA0NpF,eAAO,MAAM,sBAAsB,EAAE,SAAS,mBAAmB,EAA+B,CAAC;AAEjG,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,mBAAmB,CAEjF;AAED,eAAO,MAAM,+BAA+B,EAAE,MAAM,CAAC,mBAAmB,EAAE,gBAAgB,CAyBzF,CAAC"}
|
|
@@ -38,7 +38,7 @@ function minimalJsRuntime(ctx) {
|
|
|
38
38
|
return {
|
|
39
39
|
type: 'text-lines',
|
|
40
40
|
title: '${ctx.toolId}',
|
|
41
|
-
lines: ['Your project-local tool is ready —
|
|
41
|
+
lines: ['Your project-local tool is ready — validate it, then run opensip ${ctx.commandName}.'],
|
|
42
42
|
};
|
|
43
43
|
} catch (error) {
|
|
44
44
|
// The host normalizes any caught value; return after reporting so this
|
|
@@ -55,7 +55,6 @@ function minimalJsRuntime(ctx) {
|
|
|
55
55
|
function minimalJsNextSteps(ctx) {
|
|
56
56
|
const toolDir = `opensip-cli/tools/${ctx.toolId}`;
|
|
57
57
|
return [
|
|
58
|
-
`export OPENSIP_CLI_ALLOW_PROJECT_TOOLS='${ctx.toolId}'`,
|
|
59
58
|
`opensip tools validate ${toolDir}`,
|
|
60
59
|
`opensip ${ctx.commandName}`,
|
|
61
60
|
'Run logs land under opensip-cli/.runtime/logs/ when the host configures logging.',
|
|
@@ -89,7 +88,7 @@ export const tool = createTool({
|
|
|
89
88
|
return {
|
|
90
89
|
type: 'text-lines',
|
|
91
90
|
title: '${ctx.toolId}',
|
|
92
|
-
lines: ['Your typed project-local tool is ready — build, validate,
|
|
91
|
+
lines: ['Your typed project-local tool is ready — build, validate, then run.'],
|
|
93
92
|
};
|
|
94
93
|
} catch (error) {
|
|
95
94
|
// The host normalizes any caught value; return after reporting so this
|
|
@@ -169,16 +168,17 @@ pnpm test
|
|
|
169
168
|
opensip tools validate ${toolDir} --install-deps
|
|
170
169
|
\`\`\`
|
|
171
170
|
|
|
172
|
-
##
|
|
171
|
+
## Trust and run
|
|
173
172
|
|
|
174
|
-
Project-local tools are executable code and deny-by-default until
|
|
173
|
+
Project-local tools are executable code and deny-by-default until trusted. The
|
|
174
|
+
scaffold command adds this tool id to \`tools.trusted\` in
|
|
175
|
+
\`opensip-cli.config.yml\`.
|
|
175
176
|
|
|
176
177
|
\`\`\`bash
|
|
177
|
-
export OPENSIP_CLI_ALLOW_PROJECT_TOOLS='${ctx.toolId}'
|
|
178
178
|
opensip ${ctx.commandName}
|
|
179
179
|
\`\`\`
|
|
180
180
|
|
|
181
|
-
|
|
181
|
+
Use \`OPENSIP_CLI_ALLOW_PROJECT_TOOLS\` only as an incident-response override.
|
|
182
182
|
Run logs land under \`opensip-cli/.runtime/logs/\` when the host configures logging.
|
|
183
183
|
Validation executes candidate code in a child process; it is not a security sandbox.
|
|
184
184
|
`;
|
|
@@ -190,7 +190,6 @@ function tsLocalNextSteps(ctx) {
|
|
|
190
190
|
'pnpm run build',
|
|
191
191
|
'pnpm test',
|
|
192
192
|
`opensip tools validate ${toolDir} --install-deps`,
|
|
193
|
-
`export OPENSIP_CLI_ALLOW_PROJECT_TOOLS='${ctx.toolId}'`,
|
|
194
193
|
`opensip ${ctx.commandName}`,
|
|
195
194
|
'Validation executes candidate code in a child process; it is not a security sandbox.',
|
|
196
195
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-templates.js","sourceRoot":"","sources":["../../../src/commands/tools/create-templates.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAsB3B,MAAM,oBAAoB,GAAG,kBAAkB,CAC7C,IAAI,GAAG,CAAC,+BAA+B,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAC/D,CAAC;AAEF,SAAS,aAAa,CAAC,GAA0B,EAAE,IAAY;IAC7D,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,GAAG,CAAC,MAAM;QACd,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE;QAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,IAAI,EAAE,GAAG,CAAC,MAAM;QAChB,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,kBAAkB;QAC9B,IAAI;QACJ,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;KACxE,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAA0B,EAAE,IAAY;IAC5D,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;AAClE,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA0B;IAClD,OAAO;uBACc,GAAG,CAAC,MAAM;;WAEtB,GAAG,CAAC,QAAQ;aACV,GAAG,CAAC,MAAM;;;;;;eAMR,GAAG,CAAC,WAAW;0BACJ,GAAG,CAAC,MAAM;;;;;kCAKF,GAAG,CAAC,MAAM,yBAAyB,GAAG,CAAC,MAAM;;;;sBAIzD,GAAG,CAAC,MAAM;
|
|
1
|
+
{"version":3,"file":"create-templates.js","sourceRoot":"","sources":["../../../src/commands/tools/create-templates.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAsB3B,MAAM,oBAAoB,GAAG,kBAAkB,CAC7C,IAAI,GAAG,CAAC,+BAA+B,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAC/D,CAAC;AAEF,SAAS,aAAa,CAAC,GAA0B,EAAE,IAAY;IAC7D,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,GAAG,CAAC,MAAM;QACd,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE;QAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,IAAI,EAAE,GAAG,CAAC,MAAM;QAChB,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,kBAAkB;QAC9B,IAAI;QACJ,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;KACxE,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAA0B,EAAE,IAAY;IAC5D,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;AAClE,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA0B;IAClD,OAAO;uBACc,GAAG,CAAC,MAAM;;WAEtB,GAAG,CAAC,QAAQ;aACV,GAAG,CAAC,MAAM;;;;;;eAMR,GAAG,CAAC,WAAW;0BACJ,GAAG,CAAC,MAAM;;;;;kCAKF,GAAG,CAAC,MAAM,yBAAyB,GAAG,CAAC,MAAM;;;;sBAIzD,GAAG,CAAC,MAAM;wFACwD,GAAG,CAAC,WAAW;;;;;;;;;;;;CAYtG,CAAC;AACF,CAAC;AAED,SAAS,kBAAkB,CAAC,GAA0B;IACpD,MAAM,OAAO,GAAG,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC;IAClD,OAAO;QACL,0BAA0B,OAAO,EAAE;QACnC,WAAW,GAAG,CAAC,WAAW,EAAE;QAC5B,kFAAkF;QAClF,sFAAsF;KACvF,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,GAA0B;IAChD,OAAO;;gCAEuB,GAAG,CAAC,MAAM;;;;;;;uBAOnB,GAAG,CAAC,MAAM;;WAEtB,GAAG,CAAC,QAAQ;;;;;wBAKC,GAAG,CAAC,MAAM;;;;;yBAKT,GAAG,CAAC,MAAM;;;;oBAIf,GAAG,CAAC,MAAM;;;;;;;;;;;;CAY7B,CAAC;AACF,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA0B;IAClD,OAAO;;;;YAIG,GAAG,CAAC,MAAM;;uCAEiB,GAAG,CAAC,MAAM;qCACZ,GAAG,CAAC,QAAQ;oEACmB,GAAG,CAAC,WAAW;;;;CAIlF,CAAC;AACF,CAAC;AAED,SAAS,kBAAkB,CAAC,GAA0B;IACpD,OAAO,GAAG,IAAI,CAAC,SAAS,CACtB;QACE,IAAI,EAAE,qBAAqB,GAAG,CAAC,MAAM,EAAE;QACvC,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE;YACP,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE,yCAAyC;SACpD;QACD,YAAY,EAAE;YACZ,mBAAmB,EAAE,IAAI,oBAAoB,EAAE;SAChD;QACD,eAAe,EAAE;YACf,aAAa,EAAE,UAAU;YACzB,UAAU,EAAE,QAAQ;YACpB,MAAM,EAAE,QAAQ;SACjB;KACF,EACD,IAAI,EACJ,CAAC,CACF,IAAI,CAAC;AACR,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,GAAG,IAAI,CAAC,SAAS,CACtB;QACE,eAAe,EAAE;YACf,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,UAAU;YAClB,gBAAgB,EAAE,UAAU;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,IAAI;YACZ,WAAW,EAAE,IAAI;YACjB,YAAY,EAAE,IAAI;SACnB;QACD,OAAO,EAAE,CAAC,aAAa,CAAC;KACzB,EACD,IAAI,EACJ,CAAC,CACF,IAAI,CAAC;AACR,CAAC;AAED,SAAS,aAAa,CAAC,GAA0B;IAC/C,MAAM,OAAO,GAAG,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC;IAClD,OAAO,KAAK,GAAG,CAAC,MAAM;;;;;;;KAOnB,OAAO;;;;yBAIa,OAAO;;;;;;;;;;UAUtB,GAAG,CAAC,WAAW;;;;;;CAMxB,CAAC;AACF,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA0B;IAClD,MAAM,OAAO,GAAG,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC;IAClD,OAAO;QACL,MAAM,OAAO,kBAAkB;QAC/B,gBAAgB;QAChB,WAAW;QACX,0BAA0B,OAAO,iBAAiB;QAClD,WAAW,GAAG,CAAC,WAAW,EAAE;QAC5B,sFAAsF;KACvF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,sBAAsB,GAAmC,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;AAEjG,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,OAAQ,sBAA4C,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,+BAA+B,GAAkD;IAC5F,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,KAAK,EAAE;YACL;gBACE,YAAY,EAAE,2BAA2B;gBACzC,OAAO,EAAE,YAAY,CAAC,GAAG,EAAE,aAAa,CAAC;aAC1C;YACD,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAAE;SAC9D;QACD,SAAS,EAAE,kBAAkB,CAAC,GAAG,CAAC;KACnC,CAAC;IACF,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACpB,KAAK,EAAE;YACL;gBACE,YAAY,EAAE,2BAA2B;gBACzC,OAAO,EAAE,YAAY,CAAC,GAAG,EAAE,iBAAiB,CAAC;aAC9C;YACD,EAAE,YAAY,EAAE,cAAc,EAAE,OAAO,EAAE,kBAAkB,CAAC,GAAG,CAAC,EAAE;YAClE,EAAE,YAAY,EAAE,eAAe,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE;YAC7D,EAAE,YAAY,EAAE,cAAc,EAAE,OAAO,EAAE,cAAc,CAAC,GAAG,CAAC,EAAE;YAC9D,EAAE,YAAY,EAAE,mBAAmB,EAAE,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAAE;YACrE,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE;SAC3D;QACD,SAAS,EAAE,gBAAgB,CAAC,GAAG,CAAC;KACjC,CAAC;CACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/create.ts"],"names":[],"mappings":"AAMA,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/create.ts"],"names":[],"mappings":"AAMA,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,eAAO,MAAM,eAAe,QAAsB,CAAC;AAGnD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,mBAAmB,CAAC;CACzC;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,gBAAgB,GAAG,iBAAiB,CA8EtE"}
|
|
@@ -3,7 +3,9 @@ import { join } from 'node:path';
|
|
|
3
3
|
import { resolveProjectPaths } from '@opensip-cli/core';
|
|
4
4
|
import { writeTemplateFiles } from './create-template-writer.js';
|
|
5
5
|
import { isToolsCreateTemplate, TOOLS_CREATE_TEMPLATE_RENDERERS, } from './create-templates.js';
|
|
6
|
+
import { addTrustedToolToConfig } from './trust-config.js';
|
|
6
7
|
export const TOOL_ID_PATTERN = /^[a-z][a-z0-9-]*$/;
|
|
8
|
+
const TOOLS_CREATE = 'tools-create';
|
|
7
9
|
/**
|
|
8
10
|
* Scaffold a project-local Tool under `<project>/opensip-cli/tools/<id>/`.
|
|
9
11
|
*/
|
|
@@ -12,7 +14,7 @@ export function toolsCreate(input) {
|
|
|
12
14
|
const template = input.template ?? 'minimal-js';
|
|
13
15
|
if (!TOOL_ID_PATTERN.test(toolId)) {
|
|
14
16
|
return {
|
|
15
|
-
type:
|
|
17
|
+
type: TOOLS_CREATE,
|
|
16
18
|
toolId,
|
|
17
19
|
dir: '',
|
|
18
20
|
files: [],
|
|
@@ -22,7 +24,7 @@ export function toolsCreate(input) {
|
|
|
22
24
|
}
|
|
23
25
|
if (!isToolsCreateTemplate(template)) {
|
|
24
26
|
return {
|
|
25
|
-
type:
|
|
27
|
+
type: TOOLS_CREATE,
|
|
26
28
|
toolId,
|
|
27
29
|
template,
|
|
28
30
|
dir: '',
|
|
@@ -32,7 +34,8 @@ export function toolsCreate(input) {
|
|
|
32
34
|
};
|
|
33
35
|
}
|
|
34
36
|
const commandName = toolId;
|
|
35
|
-
const
|
|
37
|
+
const projectPaths = resolveProjectPaths(input.projectRoot);
|
|
38
|
+
const toolDir = join(projectPaths.authoredToolsDir, toolId);
|
|
36
39
|
const stableId = randomUUID();
|
|
37
40
|
const rendered = TOOLS_CREATE_TEMPLATE_RENDERERS[template]({
|
|
38
41
|
toolId,
|
|
@@ -46,7 +49,7 @@ export function toolsCreate(input) {
|
|
|
46
49
|
});
|
|
47
50
|
if (!writeResult.success) {
|
|
48
51
|
return {
|
|
49
|
-
type:
|
|
52
|
+
type: TOOLS_CREATE,
|
|
50
53
|
toolId,
|
|
51
54
|
template,
|
|
52
55
|
dir: toolDir,
|
|
@@ -55,14 +58,27 @@ export function toolsCreate(input) {
|
|
|
55
58
|
error: writeResult.error,
|
|
56
59
|
};
|
|
57
60
|
}
|
|
61
|
+
try {
|
|
62
|
+
addTrustedToolToConfig(projectPaths.configFile, toolId);
|
|
63
|
+
}
|
|
64
|
+
catch (error) {
|
|
65
|
+
return {
|
|
66
|
+
type: TOOLS_CREATE,
|
|
67
|
+
toolId,
|
|
68
|
+
template,
|
|
69
|
+
dir: toolDir,
|
|
70
|
+
files: writeResult.files,
|
|
71
|
+
success: false,
|
|
72
|
+
error: error instanceof Error ? error.message : String(error),
|
|
73
|
+
};
|
|
74
|
+
}
|
|
58
75
|
return {
|
|
59
|
-
type:
|
|
76
|
+
type: TOOLS_CREATE,
|
|
60
77
|
toolId,
|
|
61
78
|
template,
|
|
62
79
|
dir: toolDir,
|
|
63
80
|
files: writeResult.files,
|
|
64
81
|
success: true,
|
|
65
|
-
hint: `export OPENSIP_CLI_ALLOW_PROJECT_TOOLS='${toolId}'`,
|
|
66
82
|
nextSteps: rendered.nextSteps,
|
|
67
83
|
};
|
|
68
84
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../src/commands/tools/create.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EACL,qBAAqB,EACrB,+BAA+B,GAEhC,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../src/commands/tools/create.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EACL,qBAAqB,EACrB,+BAA+B,GAEhC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAI3D,MAAM,CAAC,MAAM,eAAe,GAAG,mBAAmB,CAAC;AACnD,MAAM,YAAY,GAAG,cAAuB,CAAC;AAS7C;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAuB;IACjD,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,YAAY,CAAC;IAEhD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,GAAG,EAAE,EAAE;YACP,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,iDAAiD;SACzD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,QAAQ;YACR,GAAG,EAAE,EAAE;YACP,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,qBAAqB,MAAM,CAAC,QAAQ,CAAC,mCAAmC;SAChF,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC;IAC3B,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,UAAU,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM;QACN,QAAQ;QACR,WAAW;KACZ,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,kBAAkB,CAAC;QACrC,OAAO;QACP,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,KAAK,EAAE,KAAK,CAAC,KAAK;KACnB,CAAC,CAAC;IAEH,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,QAAQ;YACR,GAAG,EAAE,OAAO;YACZ,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,WAAW,CAAC,KAAK;SACzB,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,sBAAsB,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM;YACN,QAAQ;YACR,GAAG,EAAE,OAAO;YACZ,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,QAAQ;QACR,GAAG,EAAE,OAAO;QACZ,KAAK,EAAE,WAAW,CAAC,KAAK;QACxB,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,QAAQ,CAAC,SAAS;KAC9B,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"install.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/install.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"install.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/install.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAUH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAGjE,wCAAwC;AACxC,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,4EAA4E;IAC5E,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B;AAmBD,mFAAmF;AACnF,wBAAsB,YAAY,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAgFzF"}
|
|
@@ -13,6 +13,7 @@
|
|
|
13
13
|
*/
|
|
14
14
|
import { execFileSync } from 'node:child_process';
|
|
15
15
|
import { admitToolPackage } from '../../bootstrap/admit-tool-package.js';
|
|
16
|
+
import { recordInstalledToolTrust } from '../../bootstrap/tool-trust.js';
|
|
16
17
|
import { addToolPlugin } from '../plugin-host-ops.js';
|
|
17
18
|
import { runToolValidation } from './validate.js';
|
|
18
19
|
/** Pack the staged package dir into a tarball beside it; returns the tarball path. */
|
|
@@ -29,10 +30,7 @@ function installNextSteps(manifest) {
|
|
|
29
30
|
if (manifest === undefined)
|
|
30
31
|
return undefined;
|
|
31
32
|
const commandName = manifest.commands[0]?.name;
|
|
32
|
-
return [
|
|
33
|
-
`export OPENSIP_CLI_ALLOW_INSTALLED_TOOLS='${manifest.id}'`,
|
|
34
|
-
...(commandName === undefined ? [] : [`opensip ${commandName}`]),
|
|
35
|
-
];
|
|
33
|
+
return commandName === undefined ? [] : [`opensip ${commandName}`];
|
|
36
34
|
}
|
|
37
35
|
/** Stage, validate, and (on a `passed` verdict only) activate one tool package. */
|
|
38
36
|
export async function toolsInstall(opts) {
|
|
@@ -80,6 +78,17 @@ export async function toolsInstall(opts) {
|
|
|
80
78
|
explicitlyRequested: true,
|
|
81
79
|
staticOnly: true,
|
|
82
80
|
});
|
|
81
|
+
if (report.manifest !== undefined && report.provenance !== undefined) {
|
|
82
|
+
recordInstalledToolTrust({
|
|
83
|
+
scope,
|
|
84
|
+
cwd: opts.cwd,
|
|
85
|
+
toolId: report.manifest.id,
|
|
86
|
+
packageName: activation.packageName,
|
|
87
|
+
version: report.manifest.version,
|
|
88
|
+
manifestHash: report.provenance.manifestHash,
|
|
89
|
+
installSourcePath: stagedPkgDir,
|
|
90
|
+
});
|
|
91
|
+
}
|
|
83
92
|
return {
|
|
84
93
|
type: 'tools-install',
|
|
85
94
|
spec: opts.spec,
|
|
@@ -91,6 +100,7 @@ export async function toolsInstall(opts) {
|
|
|
91
100
|
: {
|
|
92
101
|
toolId: report.manifest.id,
|
|
93
102
|
version: report.manifest.version,
|
|
103
|
+
trustReason: 'managed-install',
|
|
94
104
|
nextSteps: installNextSteps(report.manifest),
|
|
95
105
|
}),
|
|
96
106
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"install.js","sourceRoot":"","sources":["../../../src/commands/tools/install.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAalD,sFAAsF;AACtF,SAAS,aAAa,CAAC,YAAoB;IACzC,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE;QACjF,GAAG,EAAE,YAAY;QACjB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC;KAC1C,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACzD,OAAO,GAAG,YAAY,IAAI,IAAI,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAwC;IAChE,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC7C,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC;IAC/C,OAAO
|
|
1
|
+
{"version":3,"file":"install.js","sourceRoot":"","sources":["../../../src/commands/tools/install.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAalD,sFAAsF;AACtF,SAAS,aAAa,CAAC,YAAoB;IACzC,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE;QACjF,GAAG,EAAE,YAAY;QACjB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC;KAC1C,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACzD,OAAO,GAAG,YAAY,IAAI,IAAI,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAwC;IAChE,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC7C,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC;IAC/C,OAAO,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,WAAW,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,mFAAmF;AACnF,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAyB;IAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC3D,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,MAAM,iBAAiB,CAC/D,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,EACrD,EAAE,UAAU,EAAE,IAAI,EAAE,CACrB,CAAC;IACF,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,OAAO,EAAE,KAAK;gBACd,KAAK;gBACL,UAAU,EAAE,MAAM;aACnB,CAAC;QACJ,CAAC;QACD,yGAAyG;QACzG,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,OAAO,EAAE,KAAK;gBACd,KAAK;gBACL,UAAU,EAAE,MAAM;gBAClB,KAAK,EAAE,0DAA0D;aAClE,CAAC;QACJ,CAAC;QAED,0EAA0E;QAC1E,MAAM,OAAO,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;QAC3E,IAAI,UAAU,CAAC,IAAI,KAAK,YAAY,IAAI,UAAU,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YACpE,MAAM,KAAK,GACT,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,IAAI,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC;YAC1F,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,OAAO,EAAE,KAAK;gBACd,KAAK;gBACL,UAAU,EAAE,MAAM;gBAClB,KAAK;aACN,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;YACpC,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,WAAW;YACnB,mBAAmB,EAAE,IAAI;YACzB,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACrE,wBAAwB,CAAC;gBACvB,KAAK;gBACL,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE;gBAC1B,WAAW,EAAE,UAAU,CAAC,WAAW;gBACnC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;gBAChC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,YAAY;gBAC5C,iBAAiB,EAAE,YAAY;aAChC,CAAC,CAAC;QACL,CAAC;QACD,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI;YACb,KAAK;YACL,UAAU,EAAE,MAAM;YAClB,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS;gBAC/B,CAAC,CAAC,EAAE;gBACJ,CAAC,CAAC;oBACE,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE;oBAC1B,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;oBAChC,WAAW,EAAE,iBAAiB;oBAC9B,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC;iBAC7C,CAAC;SACP,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}
|
|
@@ -35,6 +35,7 @@ export interface ToolsListOptions {
|
|
|
35
35
|
*/
|
|
36
36
|
readonly provenance?: readonly ToolProvenance[];
|
|
37
37
|
readonly manifests?: readonly ToolPluginManifest[];
|
|
38
|
+
readonly env?: NodeJS.ProcessEnv;
|
|
38
39
|
}
|
|
39
40
|
/** Build the effective tool inventory. Read-only; never imports a runtime. */
|
|
40
41
|
export declare function toolsList(opts: ToolsListOptions): ToolsListResult;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/list.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAIH,OAAO,
|
|
1
|
+
{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../../src/commands/tools/list.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAIH,OAAO,EAML,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACpB,MAAM,mBAAmB,CAAC;AAQ3B,OAAO,KAAK,EAAE,eAAe,EAAgB,MAAM,wBAAwB,CAAC;AAK5E,qCAAqC;AACrC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,mFAAmF;IACnF,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,cAAc,EAAE,CAAC;IAChD,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACnD,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CAClC;AA6BD,8EAA8E;AAC9E,wBAAgB,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,eAAe,CA2BjE"}
|