npm - unbound-cli - Versions diffs - 1.1.0 → 1.1.1 - Mend

unbound-cli 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "unbound-cli",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {

package/src/commands/setup.js CHANGED Viewed

@@ -332,6 +332,23 @@ function checkRoot(commandHint = 'setup mdm') {
   }
 }
+/**
+ * Returns true when the process has the privileges needed to touch system-level
+ * (MDM) configuration. On Windows, `net session` succeeds only when elevated, so
+ * it doubles as an Administrator check — this keeps nuke's scope (and the copy it
+ * shows) accurate instead of assuming admin.
+ */
+function hasRootPrivileges() {
+  if (process.platform === 'win32') {
+    try {
+      return spawnSync('net', ['session'], { stdio: 'ignore', windowsHide: true }).status === 0;
+    } catch {
+      return false;
+    }
+  }
+  return typeof process.getuid === 'function' && process.getuid() === 0;
+}
 /**
  * Runs a batch of tools sequentially with spinners.
  * Stops on first failure. Returns true if all succeeded.
@@ -839,52 +856,49 @@ Clear examples (no API key required):
     .command('nuke')
     .alias('uninstall')
     .description(
-      'Remove Unbound and start fresh. By default clears every user-level AND ' +
-      'MDM (system-level) tool configuration plus stored credentials (requires ' +
-      "root). Use --user to clear only this user's tools and credentials (no root)."
+      'Remove Unbound and start fresh: clears AI-tool configuration and deletes ' +
+      'stored credentials. Scope follows your privileges — run with sudo to also ' +
+      'remove MDM (system-level) config for all users; without root it clears only ' +
+      'the current user.'
     )
     .option('-y, --yes', 'Skip the confirmation prompt')
-    .option('--user', "Clear only THIS user's tool config and credentials — skip MDM (no root required)")
     .addHelpText('after', `
-Two modes:
-  Default (requires root)   Clears every user-level and MDM (system-level) tool
-                            config for all users on the device, then deletes
-                            credentials.
-  --user (no root)          Clears only the current user's tool config, then
-                            deletes credentials. Leaves MDM config untouched
-                            (removing system-level config needs root).
+Scope is chosen automatically from your privileges:
+  Run with sudo (root)   Clears every user-level AND MDM (system-level) tool
+                         config for all users on the device, then deletes
+                         credentials.
+  Run without root       Clears only the current user's tool config and
+                         credentials. MDM (system-level) config is skipped —
+                         re-run with sudo to remove it too.
 What it clears:
   - USER-level tool config — Cursor, GitHub Copilot, Claude Code (subscription +
-    gateway), Gemini CLI, Codex (subscription + gateway).                [both modes]
-  - MDM (system-level) tool config across all users on the device.    [default only]
-  - Stored credentials and settings (~/.unbound/config.json).            [both modes]
+    gateway), Gemini CLI, Codex (subscription + gateway).
+  - MDM (system-level) tool config across all users          [only when run as root]
+  - Stored credentials and settings (~/.unbound/config.json).
 After it finishes, run \`unbound login\` (or \`unbound onboard\`) to set things up
 fresh. Clearing never contacts the Unbound API, so no API key is needed.
 Examples:
-  $ sudo unbound nuke                       Remove everything on the device (asks to confirm)
-  $ sudo unbound nuke --yes                 Remove everything, no confirmation
-  $ unbound nuke --user                     Clear only your tools + credentials (no sudo)
-  $ unbound nuke --user --yes               Same, no confirmation
-  $ sudo unbound uninstall                  'uninstall' is an alias for 'nuke'
+  $ sudo unbound nuke              Remove everything on the device (asks to confirm)
+  $ sudo unbound nuke --yes        Remove everything, no confirmation
+  $ unbound nuke                   Clear just your tools + credentials (no sudo)
+  $ unbound nuke --yes             Same, no confirmation
+  $ unbound uninstall              'uninstall' is an alias for 'nuke'
 `)
     .action(async (opts) => {
       try {
-        // Root is only required for the MDM clears (system-level, all users).
-        // --user mode skips them, so it doesn't need root. On native Windows the
-        // Python MDM scripts do their own admin check, so skip the uid check there.
-        if (!opts.user && process.platform !== 'win32' && (typeof process.getuid !== 'function' || process.getuid() !== 0)) {
-          output.error('nuke removes system-level MDM config for all users, so it must run as root. Run with: sudo unbound nuke — or use `unbound nuke --user` to clear just your own tools and credentials without root.');
-          process.exitCode = 1;
-          return;
-        }
+        // Scope follows privileges: with root (or Windows Administrator) we also
+        // remove system-level MDM config for all users; otherwise we clear only
+        // this user. Detecting elevation up front keeps the confirmation honest
+        // (no promising MDM removal we can't perform).
+        const includeMdm = hasRootPrivileges();
         if (!opts.yes) {
-          output.warn(opts.user
-            ? 'This removes your user-level Unbound tool configuration and deletes your stored credentials.'
-            : 'This removes ALL Unbound tool configuration on this device (user-level and MDM) and deletes your stored credentials.');
+          output.warn(includeMdm
+            ? 'This removes ALL Unbound tool configuration on this device (user-level and MDM) and deletes your stored credentials.'
+            : 'This removes your user-level Unbound tool configuration and deletes your stored credentials. (MDM/system-level config needs root and will be skipped — re-run with sudo to remove it too.)');
           const ok = await confirm('Continue?');
           if (!ok) {
             output.info('Cancelled. Nothing was changed.');
@@ -902,11 +916,13 @@ Examples:
         const userTools = Object.keys(SETUP_TOOL_MAP).map(name => ({ name, ...SETUP_TOOL_MAP[name] }));
         const userFailed = await clearToolsBestEffort('user', userTools, { mdm: false, backendUrl, gatewayUrl, frontendUrl });
-        // MDM clears are skipped in --user mode (they need root and touch all users).
+        // MDM clears need root and touch all users — run them only when we have it.
         let mdmFailed = [];
-        if (!opts.user) {
+        if (includeMdm) {
           const mdmTools = Object.keys(MDM_TOOLS).map(name => ({ name, ...MDM_TOOLS[name] }));
           mdmFailed = await clearToolsBestEffort('mdm', mdmTools, { mdm: true, backendUrl, gatewayUrl });
+        } else {
+          output.info('Skipped MDM (system-level) config — that needs root. Re-run with sudo to remove it too.');
         }
         // Wipe credentials + settings last, regardless of tool-clear outcomes.
@@ -915,7 +931,7 @@ Examples:
         console.log('');
         const failed = [...userFailed, ...mdmFailed];
-        const scope = opts.user ? 'for your user' : 'on this device';
+        const scope = includeMdm ? 'on this device' : 'for your user';
         if (failed.length === 0) {
           output.success(`Unbound removed ${scope}. The CLI is back to a fresh state — run "unbound login" to start over.`);
         } else {

package/src/index.js CHANGED Viewed

@@ -82,8 +82,8 @@ TOOL SETUP
   $ unbound setup --all --clear            Remove config for every tool
   Full uninstall (all tools + credentials):
-  $ sudo unbound nuke                      Wipe everything on the device (MDM + user); requires root
-  $ unbound nuke --user                    Wipe just your tools + credentials (no sudo)
+  $ sudo unbound nuke                      Wipe everything on the device (MDM + user)
+  $ unbound nuke                           Wipe just your tools + credentials (no sudo)
 MDM SETUP (admin, requires root)
   $ sudo unbound setup mdm --admin-api-key KEY --all