Summary
lunel-cli downloads a native PTY helper from GitHub Releases and executes it without verifying a checksum or signature.
This means the npm package itself is not the full trust boundary: a later network fetch determines which native binary is executed on the user's machine.
Affected code
cli/src/index.ts
downloadPtyBinary()ensurePtyBinaryReady()ensurePtyProcess()
Current behavior
On startup, if the PTY helper is not already present in the local config directory, the CLI:
- downloads a platform-specific executable from GitHub Releases
- writes it to disk
- marks it executable
- spawns it
The code currently checks only that the HTTP request succeeded. It does not verify:
- a pinned SHA-256 checksum
- a detached signature
- a signed manifest
- an OS-level code signature / notarization gate before execution
Why this matters
Even if the published npm tarball is trustworthy, the runtime still depends on an out-of-band binary fetch. Without integrity verification, users are trusting:
- GitHub release asset contents
- release account security
- transport / infra in the middle
- any local tampering with the cached PTY binary after first download
This is especially sensitive because the fetched artifact is a native executable that is immediately run.
Additional concern
ensurePtyBinaryReady() appears to trust any already-cached PTY binary if the file exists. There is no revalidation on subsequent runs. So if the cached file is replaced locally, future executions will run it automatically.
Recommended fix
At minimum:
- publish SHA-256 checksums for PTY assets per version / platform
- pin the expected hash in the CLI for the matching release asset
- verify the downloaded file before chmod + exec
- fail closed on mismatch
Better long-term options:
- signed checksum manifest
- code signing / notarization where supported
- versioned cache layout keyed by exact CLI/PTy asset version
- optional revalidation of cached binaries on launch
Suggested acceptance criteria
- downloads are hash-verified before execution
- cached binaries are versioned and/or verified before reuse
- checksum mismatch causes a hard failure with a clear error
- docs explain the trust model for the PTY helper
Summary
lunel-clidownloads a native PTY helper from GitHub Releases and executes it without verifying a checksum or signature.This means the npm package itself is not the full trust boundary: a later network fetch determines which native binary is executed on the user's machine.
Affected code
cli/src/index.tsdownloadPtyBinary()ensurePtyBinaryReady()ensurePtyProcess()Current behavior
On startup, if the PTY helper is not already present in the local config directory, the CLI:
The code currently checks only that the HTTP request succeeded. It does not verify:
Why this matters
Even if the published npm tarball is trustworthy, the runtime still depends on an out-of-band binary fetch. Without integrity verification, users are trusting:
This is especially sensitive because the fetched artifact is a native executable that is immediately run.
Additional concern
ensurePtyBinaryReady()appears to trust any already-cached PTY binary if the file exists. There is no revalidation on subsequent runs. So if the cached file is replaced locally, future executions will run it automatically.Recommended fix
At minimum:
Better long-term options:
Suggested acceptance criteria