🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

@openparachute/scribe

Package Overview
Dependencies
Maintainers
1
Versions
19
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@openparachute/scribe - npm Package Compare versions

Comparing version
0.5.1-rc.1
to
0.5.1-rc.2
+2
-2
package.json
{
"name": "@openparachute/scribe",
"version": "0.5.1-rc.1",
"version": "0.5.1-rc.2",
"description": "Audio transcription + LLM cleanup. Whisper-compatible API for Parachute.",

@@ -35,3 +35,3 @@ "repository": {

"@modelcontextprotocol/sdk": "^1.29.0",
"@openparachute/scope-guard": "^0.2.0"
"@openparachute/scope-guard": "^0.5.0"
},

@@ -38,0 +38,0 @@ "devDependencies": {

@@ -42,2 +42,24 @@ /**

/**
* Parse the hub's legitimate-origin SET from a comma-separated env value
* (`PARACHUTE_HUB_ORIGINS`). Split on `,`, trim each entry, strip a trailing
* slash, drop empties, dedupe. These widen the accepted `iss` claim beyond the
* single canonical `getHubOrigin()` — see the multi-origin iss-set refactor
* (hub#692). The values must be the hub's OWN legitimate origins, published
* out-of-band by the hub/operator; never derived from a request Host header.
*
* Back-compat invariant: when `PARACHUTE_HUB_ORIGINS` is UNSET, this returns
* `[]`, and scope-guard collapses to the single canonical `hubOrigin` — the
* `iss` check is byte-identical to before this seam existed.
*/
export function parseHubOrigins(raw: string | undefined): string[] {
if (!raw) return [];
const seen = new Set<string>();
for (const part of raw.split(",")) {
const origin = part.trim().replace(/\/$/, "");
if (origin.length > 0) seen.add(origin);
}
return [...seen];
}
// Process-wide guard. The resolver form lets tests flip

@@ -48,3 +70,12 @@ // `PARACHUTE_HUB_ORIGIN` between cases — the lib re-resolves on every

// guard, shared across requests.
const guard = createScopeGuard({ hubOrigin: () => getHubOrigin() });
//
// `allowedIssuers` widens the accepted `iss` to the hub's full legitimate-origin
// set (one box reachable on several URLs at once). Unset env → `parseHubOrigins`
// returns `[]` → scope-guard collapses to the single canonical `hubOrigin`,
// byte-identical to before this seam existed. Re-evaluated per call so an
// operator widening the box's origins is picked up without a restart.
const guard = createScopeGuard({
hubOrigin: () => getHubOrigin(),
allowedIssuers: () => parseHubOrigins(process.env.PARACHUTE_HUB_ORIGINS),
});

@@ -51,0 +82,0 @@ /**