repofence 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/core/pack-manager.js +5 -7
- package/dist/core/pack-public-key.js +13 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -151,6 +151,7 @@ Step-by-step: **[docs/RELEASE.md](docs/RELEASE.md)** (`npm version`, `npm publis
|
|
|
151
151
|
| `REPOFENCE_API_BASE_URL` | API host for the CLI (`auth`, `init`). Default normalizes to `…/api`. |
|
|
152
152
|
| `REPOFENCE_MOCK` | Set to `1` for mock API responses (no network). |
|
|
153
153
|
| `REPOFENCE_PACK_ID` | Pack id for `repofence init` (default: `core`). |
|
|
154
|
+
| `REPOFENCE_PUBLIC_KEY` | Optional. PEM or base64 public key to verify signed packs. If unset, the CLI uses its built-in public key. |
|
|
154
155
|
|
|
155
156
|
## Requirements
|
|
156
157
|
|
|
@@ -9,6 +9,7 @@ const os_1 = __importDefault(require("os"));
|
|
|
9
9
|
const path_1 = __importDefault(require("path"));
|
|
10
10
|
const crypto_1 = __importDefault(require("crypto"));
|
|
11
11
|
const tar_1 = __importDefault(require("tar"));
|
|
12
|
+
const pack_public_key_1 = require("./pack-public-key");
|
|
12
13
|
const defaultCommandsDir = () => process.env.REPOFENCE_COMMANDS_DIR || path_1.default.join(os_1.default.homedir(), '.cursor', 'commands');
|
|
13
14
|
const commandsDir = (baseDir) => baseDir || defaultCommandsDir();
|
|
14
15
|
const manifestPath = (baseDir) => path_1.default.join(commandsDir(baseDir), '.repofence-manifest.json');
|
|
@@ -151,13 +152,10 @@ const validateSignature = async (_pack) => {
|
|
|
151
152
|
const payloadToVerify = pack.archiveHash
|
|
152
153
|
? `${pack.manifestHash}:${pack.archiveHash}`
|
|
153
154
|
: pack.manifestHash;
|
|
154
|
-
const
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
const publicKeyPem = publicKeyEnv.includes('BEGIN')
|
|
159
|
-
? publicKeyEnv
|
|
160
|
-
: Buffer.from(publicKeyEnv, 'base64').toString('utf8');
|
|
155
|
+
const rawKey = process.env.REPOFENCE_PUBLIC_KEY?.trim() || pack_public_key_1.EMBEDDED_PACK_PUBLIC_KEY_PEM;
|
|
156
|
+
const publicKeyPem = rawKey.includes('BEGIN')
|
|
157
|
+
? rawKey
|
|
158
|
+
: Buffer.from(rawKey, 'base64').toString('utf8');
|
|
161
159
|
try {
|
|
162
160
|
const keyObject = crypto_1.default.createPublicKey(publicKeyPem);
|
|
163
161
|
const isValid = crypto_1.default.verify(null, Buffer.from(payloadToVerify), keyObject, Buffer.from(pack.signature, 'base64'));
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.EMBEDDED_PACK_PUBLIC_KEY_PEM = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Default Ed25519 public key for verifying signed packs from the Repofence API.
|
|
6
|
+
* Keep in sync with `public_key.pem` at the repo root (pair to backend REPOFENCE_SIGNING_KEY).
|
|
7
|
+
* Override with env REPOFENCE_PUBLIC_KEY for testing or key rotation.
|
|
8
|
+
*/
|
|
9
|
+
exports.EMBEDDED_PACK_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
|
|
10
|
+
LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QXlFQUpUZnhjN2JhVzg1dzdyM3V4YllOdWFaUk1vZTFlMmxjdmEybDdNTzBpYWs9Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=
|
|
11
|
+
-----END PUBLIC KEY-----
|
|
12
|
+
`;
|
|
13
|
+
//# sourceMappingURL=pack-public-key.js.map
|
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "repofence",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.7",
|
|
4
4
|
"description": "Repofence CLI (packs + backend auth)",
|
|
5
5
|
"main": "dist/cli.js",
|
|
6
6
|
"bin": {
|
|
7
|
-
"repofence": "dist/cli.js"
|
|
7
|
+
"repofence": "./dist/cli.js"
|
|
8
8
|
},
|
|
9
9
|
"files": [
|
|
10
10
|
"dist/**/*.js",
|