npm - pando-ai - Versions diffs - 0.2.3 → 0.2.5 - Mend

pando-ai 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -26,8 +26,11 @@ npx -y pando-ai
 On a terminal this opens the **firewall console**: it detects whether `codex`
 and `claude` are protected, offers to install supervised launchers for any that
-aren't, and shows current status and policy. After installation you keep running
-`codex` and `claude` normally — Pando supervises each launch.
+aren't, and shows current status and policy. It also installs a persistent
+`~/.pando/bin/pando-ai` command shim, so future commands such as
+`pando-ai uninstall` work even when the first run came from `npx`. After
+installation you keep running `codex` and `claude` normally — Pando supervises
+each launch.
 ## How it works
@@ -117,6 +120,40 @@ context. Gateway mode is an additional full-wire layer for request/response
 inspection, memory, and provider-bound enforcement; hooks still run when the
 gateway is active.
+#### Enabling gateway mode
+Gateway mode starts only when Claude Code gateway credentials are present and
+`[proxy].claude = "enforce"`. Provide one of:
+```bash
+# Environment variable (highest precedence)
+export ANTHROPIC_API_KEY=sk-ant-...
+# …or an auth token
+export ANTHROPIC_AUTH_TOKEN=...
+```
+For local development you can keep the key in a git-ignored `.env` at the repo
+root and source it before launching:
+```bash
+# .env  (already git-ignored — never commit it)
+ANTHROPIC_API_KEY=sk-ant-...
+export $(grep -v '^#' .env | xargs)   # load it into the shell
+claude -p 'hello'                     # Pando supervises + routes via gateway
+```
+A `apiKeyHelper` configured in Claude Code settings works as well. With any of
+these present Pando logs `gateway listening on http://127.0.0.1:<port>
+(memory=off)` and sets `ANTHROPIC_BASE_URL` for the child `claude` process.
+Without them, Pando falls back to hooks-only enforcement over subscription OAuth.
+The gateway forwards the Anthropic Messages and OpenAI Responses APIs
+transparently, including compressed upstream responses: `fetch` decodes the
+`content-encoding` (gzip/brotli) before Pando inspects or rewrites the body, and
+the gateway emits the decoded, identity-encoded bytes — it never re-advertises a
+`content-encoding` it isn't sending.
 ### Provider proxy toggle
 Users can enable or disable the local provider proxy per supervised tool:
@@ -145,8 +182,9 @@ provider-bound gateway enforcement is disabled.
 ## Surfaces
 ```bash
-pando-ai                 # firewall console (TTY): status + proactive install
+pando-ai                 # firewall console (TTY): status, install, uninstall
 pando-ai install         # force a (re)install pass
+pando-ai uninstall       # remove Pando shims, managed PATH block, install state, and global npm install when detected
 pando-ai serve [path]    # stdio MCP server for MCP clients
 pando-ai serve-http      # HTTP MCP server
 pando-ai gateway         # run the firewall gateway in the foreground (debug)
@@ -158,6 +196,23 @@ pando-ai config set telemetry false
 `pando-ai launch codex|claude -- <args>` is the supervised launcher the shims
 call; you don't run it directly.
+## Uninstall
+To stop supervising `codex` and `claude`:
+```bash
+pando-ai uninstall
+```
+This removes Pando-owned `codex`/`claude` shims from `~/.pando/bin`, removes
+the Pando-owned `pando-ai` command shim, removes the managed PATH block from
+your shell startup file when present, and deletes `~/.pando/state.json` so
+declined/install state does not suppress future setup prompts. It does not
+delete policy files, logs, or other user data. If the command is running from a
+global npm install, it also removes that global `pando-ai` package
+automatically. `npx` runs are temporary, so there is no persistent npm package
+to remove in that case.
 ## MCP serve mode
 When invoked without a TTY (e.g. spawned by an MCP client) `pando-ai` starts the

package/bin/pando-ai.js CHANGED Viewed

@@ -29,10 +29,30 @@ const current = parseNodeVersion(process.version);
 if (!isSupportedNode(current)) {
   const detected = current ? `${current.major}.${current.minor}.${current.patch}` : process.version;
   console.error(
-    `[pando] pando-ai requires Node.js 22.5.0 or newer. Detected ${detected}.\n` +
-      "[pando] Upgrade Node, then re-run `npx -y pando-ai`.",
+    "\n" +
+      `[pando] pando-ai requires Node.js 22.5.0 or newer. Detected ${detected}.\n` +
+      "[pando] Please update Node.js, then re-run: npx -y pando-ai\n",
   );
   process.exit(1);
 }
+const originalEmitWarning = process.emitWarning;
+process.emitWarning = function pandoEmitWarning(warning, ...args) {
+  const text =
+    typeof warning === "string"
+      ? warning
+      : warning && typeof warning === "object" && "message" in warning
+        ? String(warning.message)
+        : "";
+  const type = typeof args[0] === "string" ? args[0] : undefined;
+  if (
+    type === "ExperimentalWarning" ||
+    text.includes("SQLite is an experimental feature") ||
+    text.includes("localStorage is not available")
+  ) {
+    return;
+  }
+  return originalEmitWarning.call(process, warning, ...args);
+};
 require("../dist/cli.js");