Lines 1-31javascript
3 * @argosvix/cli — agent-driven onboarding CLI.
5 * npx @argosvix/cli init Browser approval → scoped key issuance → SDK install +
6 * .env + MCP config + test event, all automatic
7 * npx @argosvix/cli login Re-authenticate and rewrite the key in .env
8 * npx @argosvix/cli doctor Setup diagnostics
10 * Zero-dep (Node built-ins only).
12import { createServer } from "node:http";
13import { spawn } from "node:child_process";
14import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
HighSandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L11 16 * Write files containing the API key as owner read/write only (0o600). Previously
17 * mcp.json / the Claude Desktop config / .env were written with default permissions
18 * (world-readable), letting other users on the same machine read the key. Since
19 * writeFileSync's mode never tightens permissions on an existing file, we also
20 * chmod after writing (a no-op on Windows).
22function writeSecretFile(path, content) {
23 writeFileSync(path, content, { encoding: "utf8", mode: 0o600 });
25 chmodSync(path, 0o600);
28 /* chmod is unavailable on Windows / some filesystems — best-effort */
31import { homedir, platform } from "node:os";