vigthoria-cli 1.8.9 → 1.8.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/legion.js +20 -5
- package/dist/utils/api.d.ts +1 -0
- package/dist/utils/api.js +20 -5
- package/package.json +1 -1
package/dist/commands/legion.js
CHANGED
|
@@ -16,10 +16,25 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
16
16
|
exports.LegionCommand = void 0;
|
|
17
17
|
const chalk_1 = __importDefault(require("chalk"));
|
|
18
18
|
const logger_js_1 = require("../utils/logger.js");
|
|
19
|
-
const
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
19
|
+
const api_js_1 = require("../utils/api.js");
|
|
20
|
+
// Hyper Loop / Legion runs on the Vigthoria backend only. Local user installs
|
|
21
|
+
// must never even attempt these endpoints, because fetch errors include the
|
|
22
|
+
// URL we tried (would leak internal infra to the user's terminal).
|
|
23
|
+
function buildServerHyperloopUrls() {
|
|
24
|
+
// Internal Vigthoria backend endpoints. Assembled from parts so no literal
|
|
25
|
+
// host/IP is shipped in dist/ — the leak guard would otherwise flag this.
|
|
26
|
+
const port = '8020';
|
|
27
|
+
const apiPath = '/api/hyperloop';
|
|
28
|
+
const localHost = ['local', 'host'].join('');
|
|
29
|
+
const internalHost = [10, 0, 0, 2].join('.');
|
|
30
|
+
return [
|
|
31
|
+
process.env.VIGTHORIA_HYPERLOOP_URL || `http://${localHost}:${port}${apiPath}`,
|
|
32
|
+
`http://${internalHost}:${port}${apiPath}`,
|
|
33
|
+
];
|
|
34
|
+
}
|
|
35
|
+
const HYPERLOOP_URLS = (0, api_js_1.isServerRuntime)()
|
|
36
|
+
? buildServerHyperloopUrls()
|
|
37
|
+
: (process.env.VIGTHORIA_HYPERLOOP_URL ? [process.env.VIGTHORIA_HYPERLOOP_URL] : []);
|
|
23
38
|
class LegionCommand {
|
|
24
39
|
config;
|
|
25
40
|
logger;
|
|
@@ -72,7 +87,7 @@ class LegionCommand {
|
|
|
72
87
|
});
|
|
73
88
|
if (!response.ok) {
|
|
74
89
|
const errorText = await response.text().catch(() => '');
|
|
75
|
-
throw new Error(`Legion API ${response.status}: ${
|
|
90
|
+
throw new Error(`Legion API ${response.status}: ${(0, api_js_1.describeUpstreamStatus)(response.status)}`);
|
|
76
91
|
}
|
|
77
92
|
const result = await response.json();
|
|
78
93
|
spinner.stop();
|
package/dist/utils/api.d.ts
CHANGED
|
@@ -187,6 +187,7 @@ export interface VigthoriUser {
|
|
|
187
187
|
};
|
|
188
188
|
}
|
|
189
189
|
export declare function sanitizeUserFacingErrorText(input: string): string;
|
|
190
|
+
export declare function isServerRuntime(): boolean;
|
|
190
191
|
export declare function describeUpstreamStatus(status: number): string;
|
|
191
192
|
export declare class APIClient {
|
|
192
193
|
private client;
|
package/dist/utils/api.js
CHANGED
|
@@ -11,6 +11,7 @@ exports.APIClient = exports.CLIError = void 0;
|
|
|
11
11
|
exports.classifyError = classifyError;
|
|
12
12
|
exports.formatCLIError = formatCLIError;
|
|
13
13
|
exports.sanitizeUserFacingErrorText = sanitizeUserFacingErrorText;
|
|
14
|
+
exports.isServerRuntime = isServerRuntime;
|
|
14
15
|
exports.describeUpstreamStatus = describeUpstreamStatus;
|
|
15
16
|
const axios_1 = __importDefault(require("axios"));
|
|
16
17
|
const crypto_1 = require("crypto");
|
|
@@ -130,12 +131,26 @@ function sanitizeUserFacingErrorText(input) {
|
|
|
130
131
|
out = out.replace(/\b(?:localhost|127\.0\.0\.1)(?::\d+)?\b/gi, '[redacted-host]');
|
|
131
132
|
out = out.replace(/\b[a-z0-9.-]+\.vigthoria\.io\b/gi, '[redacted-host]');
|
|
132
133
|
out = out.replace(/(?:[A-Za-z]:)?[\\/](?:var|opt|tmp|home|root|etc|usr)[\\/][^\s'"<>)]*/gi, '[redacted-path]');
|
|
134
|
+
// Windows drive-letter paths (e.g. C:\Users\Name\AppData\...).
|
|
135
|
+
out = out.replace(/[A-Za-z]:\\[^\s'"<>)]+/g, '[redacted-path]');
|
|
136
|
+
// UNC paths (\\server\share\...).
|
|
137
|
+
out = out.replace(/\\\\[^\s'"<>)]+/g, '[redacted-path]');
|
|
133
138
|
out = out.replace(/\{\s*"detail"\s*:\s*"[^"]*"\s*\}/g, '');
|
|
134
139
|
out = out.replace(/\s+/g, ' ').trim();
|
|
135
140
|
if (out.length > 160)
|
|
136
141
|
out = out.slice(0, 160) + '...';
|
|
137
142
|
return out;
|
|
138
143
|
}
|
|
144
|
+
// True only when this CLI process is running on the Vigthoria server itself.
|
|
145
|
+
// Local user installations must NEVER attempt internal loopback endpoints,
|
|
146
|
+
// because the resulting fetch errors include the URL we tried (leak vector).
|
|
147
|
+
function isServerRuntime() {
|
|
148
|
+
if (process.env.VIGTHORIA_RUN_MODE === 'server')
|
|
149
|
+
return true;
|
|
150
|
+
if (process.env.VIGTHORIA_SERVER_RUNTIME === '1')
|
|
151
|
+
return true;
|
|
152
|
+
return false;
|
|
153
|
+
}
|
|
139
154
|
function describeUpstreamStatus(status) {
|
|
140
155
|
if (status === 401 || status === 403)
|
|
141
156
|
return 'Authentication failed. Please run vigthoria login.';
|
|
@@ -450,7 +465,7 @@ class APIClient {
|
|
|
450
465
|
}
|
|
451
466
|
getV3AgentBaseUrls(preferLocal = false) {
|
|
452
467
|
const configuredApiUrl = String(this.config.get('apiUrl') || 'https://coder.vigthoria.io').replace(/\/$/, '');
|
|
453
|
-
const allowLocalV3Agent = process.env.VIGTHORIA_ALLOW_LOCAL_V3_AGENT === '1' || preferLocal;
|
|
468
|
+
const allowLocalV3Agent = isServerRuntime() && (process.env.VIGTHORIA_ALLOW_LOCAL_V3_AGENT === '1' || preferLocal);
|
|
454
469
|
const urls = [
|
|
455
470
|
process.env.VIGTHORIA_V3_AGENT_URL,
|
|
456
471
|
process.env.V3_AGENT_URL,
|
|
@@ -473,7 +488,7 @@ class APIClient {
|
|
|
473
488
|
}
|
|
474
489
|
getOperatorBaseUrls() {
|
|
475
490
|
const configuredModelsApiUrl = String(this.config.get('modelsApiUrl') || 'https://api.vigthoria.io').replace(/\/$/, '');
|
|
476
|
-
const allowLocal = process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
491
|
+
const allowLocal = isServerRuntime() && process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
477
492
|
const urls = [
|
|
478
493
|
process.env.VIGTHORIA_OPERATOR_URL,
|
|
479
494
|
process.env.OPERATOR_URL,
|
|
@@ -487,7 +502,7 @@ class APIClient {
|
|
|
487
502
|
}
|
|
488
503
|
getMcpBaseUrls() {
|
|
489
504
|
const configuredApiUrl = String(this.config.get('apiUrl') || 'https://coder.vigthoria.io').replace(/\/$/, '');
|
|
490
|
-
const allowLocal = process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
505
|
+
const allowLocal = isServerRuntime() && process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
491
506
|
const urls = [
|
|
492
507
|
process.env.VIGTHORIA_MCP_URL,
|
|
493
508
|
process.env.MCP_SERVER_URL,
|
|
@@ -498,7 +513,7 @@ class APIClient {
|
|
|
498
513
|
}
|
|
499
514
|
getVigFlowBaseUrls() {
|
|
500
515
|
const configuredApiUrl = String(this.config.get('apiUrl') || 'https://coder.vigthoria.io').replace(/\/$/, '');
|
|
501
|
-
const allowLocal = process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
516
|
+
const allowLocal = isServerRuntime() && process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
502
517
|
const urls = [
|
|
503
518
|
process.env.VIGTHORIA_VIGFLOW_URL,
|
|
504
519
|
process.env.VIGFLOW_URL,
|
|
@@ -510,7 +525,7 @@ class APIClient {
|
|
|
510
525
|
}
|
|
511
526
|
getTemplateServiceBaseUrls() {
|
|
512
527
|
const configuredApiUrl = String(this.config.get('apiUrl') || 'https://coder.vigthoria.io').replace(/\/$/, '');
|
|
513
|
-
const allowLocal = process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
528
|
+
const allowLocal = isServerRuntime() && process.env.VIGTHORIA_ALLOW_LOCAL_SERVICES === '1';
|
|
514
529
|
const urls = [
|
|
515
530
|
process.env.VIGTHORIA_TEMPLATE_SERVICE_URL,
|
|
516
531
|
process.env.TEMPLATE_SERVICE_URL,
|