patchcord 0.5.30 → 0.5.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/patchcord.mjs +14 -6
- package/package.json +1 -1
package/bin/patchcord.mjs
CHANGED
|
@@ -124,12 +124,20 @@ if (cmd === "plugin-path") {
|
|
|
124
124
|
process.exit(1);
|
|
125
125
|
}
|
|
126
126
|
|
|
127
|
-
if (expectPrefix
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
127
|
+
if (expectPrefix) {
|
|
128
|
+
// Compare sha256(token) prefix, not raw token prefix. The dashboard
|
|
129
|
+
// never sees the plaintext token (we don't store it server-side
|
|
130
|
+
// anymore) — it has token_hash from the bearer_tokens row, slices
|
|
131
|
+
// the first N chars of that, and we hash locally to compare.
|
|
132
|
+
const { createHash } = await import("node:crypto");
|
|
133
|
+
const tokenHash = createHash("sha256").update(token).digest("hex");
|
|
134
|
+
if (!tokenHash.startsWith(expectPrefix)) {
|
|
135
|
+
console.error("✗ Token mismatch.");
|
|
136
|
+
console.error(` The dashboard issued this rename for a different agent than what's`);
|
|
137
|
+
console.error(` installed in ${dirname(mcpJson)}.`);
|
|
138
|
+
console.error(` Maybe you clicked Rename while looking at a different machine?`);
|
|
139
|
+
process.exit(2);
|
|
140
|
+
}
|
|
133
141
|
}
|
|
134
142
|
|
|
135
143
|
// Call the server. Use curl + -w for status code so we can distinguish
|