@agent-relay/cloud 0.1.0

package/dist/services/scaling-policy.js

@@ -0,0 +1,415 @@
+/**
+ * Scaling Policy Service
+ *
+ * Defines rules and policies for auto-scaling workspaces based on:
+ * - Memory pressure
+ * - Agent count
+ * - CPU usage
+ * - Trend analysis
+ *
+ * Policies are configurable per user/plan tier.
+ */
+import { EventEmitter } from 'events';
+// Default thresholds by plan
+const DEFAULT_THRESHOLDS = {
+    free: {
+        memoryWarningBytes: 256 * 1024 * 1024, // 256MB
+        memoryCriticalBytes: 512 * 1024 * 1024, // 512MB
+        memoryScaleUpBytes: 400 * 1024 * 1024, // 400MB (no auto-scale for free)
+        memoryGrowthRateWarning: 5 * 1024 * 1024, // 5MB/min
+        memoryGrowthRateScaleUp: 10 * 1024 * 1024, // 10MB/min
+        agentsPerWorkspaceWarning: 3,
+        agentsPerWorkspaceMax: 5,
+        cpuWarningPercent: 70,
+        cpuScaleUpPercent: 85,
+        evaluationWindowMs: 5 * 60 * 1000, // 5 minutes
+        cooldownMs: 30 * 60 * 1000, // 30 minutes (free tier)
+    },
+    pro: {
+        memoryWarningBytes: 512 * 1024 * 1024, // 512MB
+        memoryCriticalBytes: 1024 * 1024 * 1024, // 1GB
+        memoryScaleUpBytes: 768 * 1024 * 1024, // 768MB
+        memoryGrowthRateWarning: 10 * 1024 * 1024, // 10MB/min
+        memoryGrowthRateScaleUp: 20 * 1024 * 1024, // 20MB/min
+        agentsPerWorkspaceWarning: 8,
+        agentsPerWorkspaceMax: 15,
+        cpuWarningPercent: 75,
+        cpuScaleUpPercent: 90,
+        evaluationWindowMs: 3 * 60 * 1000, // 3 minutes
+        cooldownMs: 10 * 60 * 1000, // 10 minutes
+    },
+    team: {
+        memoryWarningBytes: 768 * 1024 * 1024, // 768MB
+        memoryCriticalBytes: 1.5 * 1024 * 1024 * 1024, // 1.5GB
+        memoryScaleUpBytes: 1024 * 1024 * 1024, // 1GB
+        memoryGrowthRateWarning: 15 * 1024 * 1024, // 15MB/min
+        memoryGrowthRateScaleUp: 30 * 1024 * 1024, // 30MB/min
+        agentsPerWorkspaceWarning: 15,
+        agentsPerWorkspaceMax: 25,
+        cpuWarningPercent: 80,
+        cpuScaleUpPercent: 92,
+        evaluationWindowMs: 2 * 60 * 1000, // 2 minutes
+        cooldownMs: 5 * 60 * 1000, // 5 minutes
+    },
+    enterprise: {
+        memoryWarningBytes: 1024 * 1024 * 1024, // 1GB
+        memoryCriticalBytes: 2 * 1024 * 1024 * 1024, // 2GB
+        memoryScaleUpBytes: 1.5 * 1024 * 1024 * 1024, // 1.5GB
+        memoryGrowthRateWarning: 20 * 1024 * 1024, // 20MB/min
+        memoryGrowthRateScaleUp: 50 * 1024 * 1024, // 50MB/min
+        agentsPerWorkspaceWarning: 25,
+        agentsPerWorkspaceMax: 50,
+        cpuWarningPercent: 85,
+        cpuScaleUpPercent: 95,
+        evaluationWindowMs: 1 * 60 * 1000, // 1 minute
+        cooldownMs: 2 * 60 * 1000, // 2 minutes
+    },
+};
+// Default policies - ordered by priority (higher = evaluated first)
+// In-workspace scaling is preferred over adding new workspaces (more efficient)
+const DEFAULT_POLICIES = [
+    // === In-Workspace Scaling (Higher Priority) ===
+    {
+        id: 'agent-limit-increase',
+        name: 'Increase Agent Limit',
+        description: 'Increase max agents when approaching limit within single workspace',
+        enabled: true,
+        priority: 150, // Higher priority - try this before adding workspaces
+        conditions: [
+            { metric: 'agent_count', operator: 'gte', value: 0.85 }, // 85% of max agents
+            { metric: 'workspace_count', operator: 'eq', value: 1 }, // Only 1 workspace
+        ],
+        action: { type: 'increase_agent_limit', percentage: 50 }, // Increase limit by 50%
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    {
+        id: 'workspace-resize-up',
+        name: 'Resize Workspace Up',
+        description: 'Vertically scale workspace when memory is high',
+        enabled: true,
+        priority: 140, // Higher priority than horizontal scaling
+        conditions: [
+            { metric: 'memory_usage', operator: 'gte', value: 0.75, duration: 120000 }, // 75% for 2min
+            { metric: 'workspace_count', operator: 'eq', value: 1 }, // Only 1 workspace
+        ],
+        action: { type: 'resize_up', percentage: 100 }, // Double resources
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    {
+        id: 'cpu-pressure-resize',
+        name: 'CPU Pressure Resize',
+        description: 'Resize workspace when CPU is consistently high',
+        enabled: true,
+        priority: 135,
+        conditions: [
+            { metric: 'cpu_usage', operator: 'gte', value: 0.85, duration: 180000 }, // 85% for 3min
+        ],
+        action: { type: 'resize_up', percentage: 50 }, // 50% more resources
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    {
+        id: 'workspace-resize-down',
+        name: 'Resize Workspace Down',
+        description: 'Reduce workspace resources when underutilized',
+        enabled: true,
+        priority: 45, // Lower priority
+        conditions: [
+            { metric: 'memory_usage', operator: 'lt', value: 0.15, duration: 900000 }, // Under 15% for 15min
+            { metric: 'cpu_usage', operator: 'lt', value: 0.1, duration: 900000 }, // Under 10% CPU
+        ],
+        action: { type: 'resize_down', percentage: 50 }, // Halve resources
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    // === Horizontal Scaling (Add/Remove Workspaces) ===
+    {
+        id: 'memory-pressure-scale-up',
+        name: 'Memory Pressure Scale Up',
+        description: 'Add workspace when memory exceeds threshold across all workspaces',
+        enabled: true,
+        priority: 100,
+        conditions: [
+            { metric: 'memory_usage', operator: 'gte', value: 0.8, duration: 60000 }, // 80% for 1min
+        ],
+        action: { type: 'scale_up', targetCount: 1 },
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    {
+        id: 'memory-trend-scale-up',
+        name: 'Memory Trend Scale Up',
+        description: 'Add workspace when memory growth rate is high',
+        enabled: true,
+        priority: 90,
+        conditions: [
+            { metric: 'memory_trend', operator: 'gte', value: 1.0, duration: 180000 }, // At threshold for 3min
+        ],
+        action: { type: 'scale_up', targetCount: 1 },
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    {
+        id: 'agent-count-scale-up',
+        name: 'Agent Count Scale Up',
+        description: 'Add workspace when agent count is high across all workspaces',
+        enabled: true,
+        priority: 80,
+        conditions: [
+            { metric: 'agent_count', operator: 'gte', value: 0.9 }, // 90% of max agents
+            { metric: 'workspace_count', operator: 'gte', value: 1 }, // Already tried in-workspace scaling
+        ],
+        action: { type: 'scale_up', targetCount: 1 },
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    // === Rebalancing ===
+    {
+        id: 'agent-rebalance',
+        name: 'Agent Rebalance',
+        description: 'Redistribute agents when load is uneven across workspaces',
+        enabled: true,
+        priority: 60,
+        conditions: [
+            { metric: 'workspace_count', operator: 'gte', value: 2 }, // Multiple workspaces
+        ],
+        action: { type: 'rebalance' },
+        maxInstances: 10,
+        minInstances: 1,
+    },
+    // === Scale Down ===
+    {
+        id: 'low-usage-scale-down',
+        name: 'Low Usage Scale Down',
+        description: 'Remove workspace when usage is low',
+        enabled: true,
+        priority: 50,
+        conditions: [
+            { metric: 'memory_usage', operator: 'lt', value: 0.2, duration: 600000 }, // Under 20% for 10min
+            { metric: 'workspace_count', operator: 'gt', value: 1 }, // More than 1 workspace
+        ],
+        action: { type: 'scale_down', targetCount: 1 },
+        maxInstances: 10,
+        minInstances: 1,
+    },
+];
+export class ScalingPolicyService extends EventEmitter {
+    thresholds = new Map();
+    policies = new Map();
+    conditionHistory = new Map();
+    constructor() {
+        super();
+        // Initialize with defaults
+        for (const [plan, thresholds] of Object.entries(DEFAULT_THRESHOLDS)) {
+            this.thresholds.set(plan, thresholds);
+        }
+    }
+    /**
+     * Get thresholds for a plan tier
+     */
+    getThresholds(plan) {
+        return this.thresholds.get(plan) || this.thresholds.get('free');
+    }
+    /**
+     * Set custom thresholds for a plan
+     */
+    setThresholds(plan, thresholds) {
+        const current = this.getThresholds(plan);
+        this.thresholds.set(plan, { ...current, ...thresholds });
+    }
+    /**
+     * Get policies for a user (default + custom)
+     */
+    getPolicies(userId) {
+        const userPolicies = this.policies.get(userId) || [];
+        return [...DEFAULT_POLICIES, ...userPolicies].sort((a, b) => b.priority - a.priority);
+    }
+    /**
+     * Add custom policy for a user
+     */
+    addPolicy(userId, policy) {
+        const existing = this.policies.get(userId) || [];
+        existing.push(policy);
+        this.policies.set(userId, existing);
+    }
+    /**
+     * Evaluate scaling decision based on current context
+     */
+    evaluate(context) {
+        const thresholds = this.getThresholds(context.plan);
+        const policies = this.getPolicies(context.userId);
+        // Calculate aggregate metrics
+        const metrics = this.calculateAggregateMetrics(context, thresholds);
+        // Check cooldown
+        if (context.lastScalingAction) {
+            const timeSinceLastScale = Date.now() - context.lastScalingAction.getTime();
+            if (timeSinceLastScale < thresholds.cooldownMs) {
+                return {
+                    shouldScale: false,
+                    action: null,
+                    reason: `Cooldown active (${Math.round((thresholds.cooldownMs - timeSinceLastScale) / 1000)}s remaining)`,
+                    triggeredPolicy: null,
+                    metrics,
+                    timestamp: new Date(),
+                };
+            }
+        }
+        // Evaluate policies in priority order
+        for (const policy of policies) {
+            if (!policy.enabled)
+                continue;
+            const conditionsMet = this.evaluateConditions(policy.conditions, metrics, thresholds, context.userId);
+            if (conditionsMet) {
+                // Check instance limits for horizontal scaling only
+                if (policy.action.type === 'scale_up') {
+                    // Block if at workspace limit (for adding new workspaces)
+                    if (context.currentWorkspaceCount >= context.maxWorkspaces) {
+                        continue; // Try next policy (could be in-workspace scaling)
+                    }
+                    if (context.currentWorkspaceCount >= policy.maxInstances) {
+                        continue;
+                    }
+                }
+                if (policy.action.type === 'scale_down' && context.currentWorkspaceCount <= policy.minInstances) {
+                    continue;
+                }
+                this.emit('scaling_decision', {
+                    userId: context.userId,
+                    policy: policy.id,
+                    action: policy.action,
+                    metrics,
+                });
+                return {
+                    shouldScale: true,
+                    action: policy.action,
+                    reason: policy.description,
+                    triggeredPolicy: policy.id,
+                    metrics,
+                    timestamp: new Date(),
+                };
+            }
+        }
+        return {
+            shouldScale: false,
+            action: null,
+            reason: 'No scaling conditions met',
+            triggeredPolicy: null,
+            metrics,
+            timestamp: new Date(),
+        };
+    }
+    /**
+     * Calculate aggregate metrics from workspace metrics
+     */
+    calculateAggregateMetrics(context, thresholds) {
+        const workspaces = context.workspaceMetrics;
+        if (workspaces.length === 0) {
+            return {
+                memory_usage: 0,
+                memory_trend: 0,
+                agent_count: 0,
+                cpu_usage: 0,
+                workspace_count: 0,
+                total_memory_bytes: 0,
+                total_agents: 0,
+            };
+        }
+        const totalMemory = workspaces.reduce((sum, w) => sum + w.totalMemoryBytes, 0);
+        const avgTrend = workspaces.reduce((sum, w) => sum + w.memoryTrendPerMinute, 0) / workspaces.length;
+        const totalAgents = workspaces.reduce((sum, w) => sum + w.agentCount, 0);
+        const avgCpu = workspaces.reduce((sum, w) => sum + w.cpuPercent, 0) / workspaces.length;
+        // Normalized metrics (0-1 scale relative to thresholds)
+        return {
+            memory_usage: totalMemory / (thresholds.memoryScaleUpBytes * workspaces.length),
+            memory_trend: avgTrend / thresholds.memoryGrowthRateScaleUp,
+            agent_count: totalAgents / (thresholds.agentsPerWorkspaceMax * workspaces.length),
+            cpu_usage: avgCpu / thresholds.cpuScaleUpPercent,
+            workspace_count: context.currentWorkspaceCount,
+            total_memory_bytes: totalMemory,
+            total_agents: totalAgents,
+        };
+    }
+    /**
+     * Evaluate conditions with duration support
+     */
+    evaluateConditions(conditions, metrics, thresholds, userId) {
+        for (const condition of conditions) {
+            const metricValue = metrics[condition.metric];
+            if (metricValue === undefined)
+                continue;
+            const conditionMet = this.compareValues(metricValue, condition.operator, condition.value);
+            if (condition.duration) {
+                // Track condition history for duration-based evaluation
+                const historyKey = `${userId}:${condition.metric}`;
+                const history = this.conditionHistory.get(historyKey) || [];
+                // Add current value
+                history.push({ timestamp: new Date(), value: metricValue });
+                // Clean old entries
+                const cutoff = Date.now() - condition.duration;
+                const recentHistory = history.filter((h) => h.timestamp.getTime() > cutoff);
+                this.conditionHistory.set(historyKey, recentHistory);
+                // Check if condition has been met for the full duration
+                if (recentHistory.length === 0)
+                    return false;
+                const allMet = recentHistory.every((h) => this.compareValues(h.value, condition.operator, condition.value));
+                // Also check if we have enough history
+                const oldestEntry = recentHistory[0].timestamp.getTime();
+                const hasEnoughHistory = Date.now() - oldestEntry >= condition.duration * 0.8; // 80% of duration
+                if (!allMet || !hasEnoughHistory)
+                    return false;
+            }
+            else {
+                if (!conditionMet)
+                    return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Compare values based on operator
+     */
+    compareValues(actual, operator, target) {
+        switch (operator) {
+            case 'gt':
+                return actual > target;
+            case 'gte':
+                return actual >= target;
+            case 'lt':
+                return actual < target;
+            case 'lte':
+                return actual <= target;
+            case 'eq':
+                return actual === target;
+            default:
+                return false;
+        }
+    }
+    /**
+     * Get max workspaces for a plan
+     */
+    getMaxWorkspaces(plan) {
+        switch (plan) {
+            case 'free':
+                return 1;
+            case 'pro':
+                return 3;
+            case 'team':
+                return 10;
+            case 'enterprise':
+                return 50;
+            default:
+                return 1;
+        }
+    }
+}
+// Singleton instance
+let _scalingPolicyService = null;
+export function getScalingPolicyService() {
+    if (!_scalingPolicyService) {
+        _scalingPolicyService = new ScalingPolicyService();
+    }
+    return _scalingPolicyService;
+}
+//# sourceMappingURL=scaling-policy.js.map

package/dist/services/scaling-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scaling-policy.js","sourceRoot":"","sources":["../../src/services/scaling-policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAiGtC,6BAA6B;AAC7B,MAAM,kBAAkB,GAAsC;IAC5D,IAAI,EAAE;QACJ,kBAAkB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QAC/C,mBAAmB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QAChD,kBAAkB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,iCAAiC;QACxE,uBAAuB,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI,EAAE,UAAU;QACpD,uBAAuB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,WAAW;QACtD,yBAAyB,EAAE,CAAC;QAC5B,qBAAqB,EAAE,CAAC;QACxB,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,EAAE;QACrB,kBAAkB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;QAC/C,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,yBAAyB;KACtD;IACD,GAAG,EAAE;QACH,kBAAkB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QAC/C,mBAAmB,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,MAAM;QAC/C,kBAAkB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QAC/C,uBAAuB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,WAAW;QACtD,uBAAuB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,WAAW;QACtD,yBAAyB,EAAE,CAAC;QAC5B,qBAAqB,EAAE,EAAE;QACzB,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,EAAE;QACrB,kBAAkB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;QAC/C,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;KAC1C;IACD,IAAI,EAAE;QACJ,kBAAkB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QAC/C,mBAAmB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QACvD,kBAAkB,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,MAAM;QAC9C,uBAAuB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,WAAW;QACtD,uBAAuB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,WAAW;QACtD,yBAAyB,EAAE,EAAE;QAC7B,qBAAqB,EAAE,EAAE;QACzB,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,EAAE;QACrB,kBAAkB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;QAC/C,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;KACxC;IACD,UAAU,EAAE;QACV,kBAAkB,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,MAAM;QAC9C,mBAAmB,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,MAAM;QACnD,kBAAkB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QACtD,uBAAuB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,WAAW;QACtD,uBAAuB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,WAAW;QACtD,yBAAyB,EAAE,EAAE;QAC7B,qBAAqB,EAAE,EAAE;QACzB,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,EAAE;QACrB,kBAAkB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;QAC9C,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;KACxC;CACF,CAAC;AAEF,oEAAoE;AACpE,gFAAgF;AAChF,MAAM,gBAAgB,GAAoB;IACxC,iDAAiD;IACjD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,oEAAoE;QACjF,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG,EAAE,sDAAsD;QACrE,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,oBAAoB;YAC7E,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,mBAAmB;SAC7E;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,wBAAwB;QAClF,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG,EAAE,0CAA0C;QACzD,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,eAAe;YAC3F,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,mBAAmB;SAC7E;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,EAAE,EAAE,mBAAmB;QACnE,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,eAAe;SACzF;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,qBAAqB;QACpE,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,+CAA+C;QAC5D,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE,EAAE,iBAAiB;QAC/B,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,sBAAsB;YACjG,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,gBAAgB;SACxF;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,kBAAkB;QACnE,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IAED,qDAAqD;IACrD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,eAAe;SAC1F;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,EAAE;QAC5C,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,+CAA+C;QAC5D,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE;QACZ,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,wBAAwB;SACpG;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,EAAE;QAC5C,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,8DAA8D;QAC3E,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE;QACZ,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,oBAAoB;YAC5E,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,qCAAqC;SAChG;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,EAAE;QAC5C,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IAED,sBAAsB;IACtB;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE;QACZ,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,sBAAsB;SACjF;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;QAC7B,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,oCAAoC;QACjD,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE;QACZ,UAAU,EAAE;YACV,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,sBAAsB;YAChG,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,wBAAwB;SAClF;QACD,MAAM,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,EAAE;QAC9C,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,CAAC;KAChB;CACF,CAAC;AAEF,MAAM,OAAO,oBAAqB,SAAQ,YAAY;IAC5C,UAAU,GAAmC,IAAI,GAAG,EAAE,CAAC;IACvD,QAAQ,GAAiC,IAAI,GAAG,EAAE,CAAC;IACnD,gBAAgB,GAAsD,IAAI,GAAG,EAAE,CAAC;IAExF;QACE,KAAK,EAAE,CAAC;QACR,2BAA2B;QAC3B,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACpE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAY;QACxB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAY,EAAE,UAAsC;QAChE,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,MAAc;QACxB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACrD,OAAO,CAAC,GAAG,gBAAgB,EAAE,GAAG,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxF,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAAc,EAAE,MAAqB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjD,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAA2B;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,8BAA8B;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,yBAAyB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEpE,iBAAiB;QACjB,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC9B,MAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,OAAO,EAAE,CAAC;YAC5E,IAAI,kBAAkB,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;gBAC/C,OAAO;oBACL,WAAW,EAAE,KAAK;oBAClB,MAAM,EAAE,IAAI;oBACZ,MAAM,EAAE,oBAAoB,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,GAAG,kBAAkB,CAAC,GAAG,IAAI,CAAC,cAAc;oBACzG,eAAe,EAAE,IAAI;oBACrB,OAAO;oBACP,SAAS,EAAE,IAAI,IAAI,EAAE;iBACtB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,SAAS;YAE9B,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAEtG,IAAI,aAAa,EAAE,CAAC;gBAClB,oDAAoD;gBACpD,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBACtC,0DAA0D;oBAC1D,IAAI,OAAO,CAAC,qBAAqB,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;wBAC3D,SAAS,CAAC,kDAAkD;oBAC9D,CAAC;oBACD,IAAI,OAAO,CAAC,qBAAqB,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBACzD,SAAS;oBACX,CAAC;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,OAAO,CAAC,qBAAqB,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;oBAChG,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,MAAM,EAAE,MAAM,CAAC,EAAE;oBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,OAAO;iBACR,CAAC,CAAC;gBAEH,OAAO;oBACL,WAAW,EAAE,IAAI;oBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM,EAAE,MAAM,CAAC,WAAW;oBAC1B,eAAe,EAAE,MAAM,CAAC,EAAE;oBAC1B,OAAO;oBACP,SAAS,EAAE,IAAI,IAAI,EAAE;iBACtB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,2BAA2B;YACnC,eAAe,EAAE,IAAI;YACrB,OAAO;YACP,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,yBAAyB,CAC/B,OAA2B,EAC3B,UAA6B;QAE7B,MAAM,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAE5C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO;gBACL,YAAY,EAAE,CAAC;gBACf,YAAY,EAAE,CAAC;gBACf,WAAW,EAAE,CAAC;gBACd,SAAS,EAAE,CAAC;gBACZ,eAAe,EAAE,CAAC;gBAClB,kBAAkB,EAAE,CAAC;gBACrB,YAAY,EAAE,CAAC;aAChB,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QAC/E,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,oBAAoB,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC;QACpG,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC;QAExF,wDAAwD;QACxD,OAAO;YACL,YAAY,EAAE,WAAW,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,UAAU,CAAC,MAAM,CAAC;YAC/E,YAAY,EAAE,QAAQ,GAAG,UAAU,CAAC,uBAAuB;YAC3D,WAAW,EAAE,WAAW,GAAG,CAAC,UAAU,CAAC,qBAAqB,GAAG,UAAU,CAAC,MAAM,CAAC;YACjF,SAAS,EAAE,MAAM,GAAG,UAAU,CAAC,iBAAiB;YAChD,eAAe,EAAE,OAAO,CAAC,qBAAqB;YAC9C,kBAAkB,EAAE,WAAW;YAC/B,YAAY,EAAE,WAAW;SAC1B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,UAA8B,EAC9B,OAA+B,EAC/B,UAA6B,EAC7B,MAAc;QAEd,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,WAAW,KAAK,SAAS;gBAAE,SAAS;YAExC,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAE1F,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;gBACvB,wDAAwD;gBACxD,MAAM,UAAU,GAAG,GAAG,MAAM,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;gBACnD,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBAE5D,oBAAoB;gBACpB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;gBAE5D,oBAAoB;gBACpB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC;gBAC/C,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,CAAC;gBAC5E,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;gBAErD,wDAAwD;gBACxD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,KAAK,CAAC;gBAE7C,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CACjE,CAAC;gBAEF,uCAAuC;gBACvC,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,IAAI,SAAS,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,kBAAkB;gBAEjG,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB;oBAAE,OAAO,KAAK,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,YAAY;oBAAE,OAAO,KAAK,CAAC;YAClC,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,MAAc,EAAE,QAAgB,EAAE,MAAc;QACpE,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,IAAI;gBACP,OAAO,MAAM,GAAG,MAAM,CAAC;YACzB,KAAK,KAAK;gBACR,OAAO,MAAM,IAAI,MAAM,CAAC;YAC1B,KAAK,IAAI;gBACP,OAAO,MAAM,GAAG,MAAM,CAAC;YACzB,KAAK,KAAK;gBACR,OAAO,MAAM,IAAI,MAAM,CAAC;YAC1B,KAAK,IAAI;gBACP,OAAO,MAAM,KAAK,MAAM,CAAC;YAC3B;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY;QAC3B,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,MAAM;gBACT,OAAO,CAAC,CAAC;YACX,KAAK,KAAK;gBACR,OAAO,CAAC,CAAC;YACX,KAAK,MAAM;gBACT,OAAO,EAAE,CAAC;YACZ,KAAK,YAAY;gBACf,OAAO,EAAE,CAAC;YACZ;gBACE,OAAO,CAAC,CAAC;QACb,CAAC;IACH,CAAC;CACF;AAED,qBAAqB;AACrB,IAAI,qBAAqB,GAAgC,IAAI,CAAC;AAE9D,MAAM,UAAU,uBAAuB;IACrC,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,IAAI,oBAAoB,EAAE,CAAC;IACrD,CAAC;IACD,OAAO,qBAAqB,CAAC;AAC/B,CAAC"}

package/dist/services/ssh-security.d.ts

@@ -0,0 +1,31 @@
+/**
+ * SSH Security Utilities
+ *
+ * Provides secure SSH password derivation for workspace containers.
+ * Uses a deterministic approach based on workspace ID + secret salt,
+ * ensuring each workspace has a unique password without storage.
+ */
+/**
+ * Derive a unique SSH password for a workspace.
+ *
+ * Uses SHA-256 hash of (workspaceId + salt) to generate a deterministic
+ * but unique password for each workspace. This approach:
+ * - Ensures each workspace has a unique password
+ * - Requires no database storage
+ * - Produces consistent results across cloud server and container
+ *
+ * SECURITY: Set SSH_PASSWORD_SALT environment variable in production!
+ * The default salt is insecure and should never be used in production.
+ *
+ * @param workspaceId - The workspace UUID
+ * @returns A 24-character hex password (96 bits of entropy)
+ */
+export declare function deriveSshPassword(workspaceId: string): string;
+/**
+ * Validate that SSH security is properly configured.
+ * Call this at server startup to catch configuration issues early.
+ *
+ * @returns true if properly configured, false otherwise
+ */
+export declare function validateSshSecurityConfig(): boolean;
+//# sourceMappingURL=ssh-security.d.ts.map

package/dist/services/ssh-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-security.d.ts","sourceRoot":"","sources":["../../src/services/ssh-security.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAsB7D;AAED;;;;;GAKG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAoBnD"}

package/dist/services/ssh-security.js

@@ -0,0 +1,63 @@
+/**
+ * SSH Security Utilities
+ *
+ * Provides secure SSH password derivation for workspace containers.
+ * Uses a deterministic approach based on workspace ID + secret salt,
+ * ensuring each workspace has a unique password without storage.
+ */
+import * as crypto from 'crypto';
+const DEFAULT_SALT = 'default-salt-change-in-prod';
+/**
+ * Derive a unique SSH password for a workspace.
+ *
+ * Uses SHA-256 hash of (workspaceId + salt) to generate a deterministic
+ * but unique password for each workspace. This approach:
+ * - Ensures each workspace has a unique password
+ * - Requires no database storage
+ * - Produces consistent results across cloud server and container
+ *
+ * SECURITY: Set SSH_PASSWORD_SALT environment variable in production!
+ * The default salt is insecure and should never be used in production.
+ *
+ * @param workspaceId - The workspace UUID
+ * @returns A 24-character hex password (96 bits of entropy)
+ */
+export function deriveSshPassword(workspaceId) {
+    const salt = process.env.SSH_PASSWORD_SALT;
+    // Warn if using default salt in production
+    if (!salt) {
+        const isProduction = process.env.NODE_ENV === 'production' || process.env.FLY_APP_NAME;
+        if (isProduction) {
+            console.warn('[SECURITY WARNING] SSH_PASSWORD_SALT is not set! ' +
+                'Using default salt is INSECURE in production. ' +
+                'Set SSH_PASSWORD_SALT to a random 32+ character secret.');
+        }
+    }
+    const effectiveSalt = salt || DEFAULT_SALT;
+    return crypto
+        .createHash('sha256')
+        .update(`${workspaceId}:${effectiveSalt}`)
+        .digest('hex')
+        .substring(0, 24); // 24 hex chars = 96 bits of entropy
+}
+/**
+ * Validate that SSH security is properly configured.
+ * Call this at server startup to catch configuration issues early.
+ *
+ * @returns true if properly configured, false otherwise
+ */
+export function validateSshSecurityConfig() {
+    const salt = process.env.SSH_PASSWORD_SALT;
+    const isProduction = process.env.NODE_ENV === 'production' || process.env.FLY_APP_NAME;
+    if (isProduction && !salt) {
+        console.error('[SECURITY ERROR] SSH_PASSWORD_SALT must be set in production! ' +
+            'Generate one with: openssl rand -hex 32');
+        return false;
+    }
+    if (salt && salt.length < 16) {
+        console.warn('[SECURITY WARNING] SSH_PASSWORD_SALT should be at least 16 characters. ' +
+            'Current length: ' + salt.length);
+    }
+    return true;
+}
+//# sourceMappingURL=ssh-security.js.map

package/dist/services/ssh-security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-security.js","sourceRoot":"","sources":["../../src/services/ssh-security.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,MAAM,YAAY,GAAG,6BAA6B,CAAC;AAEnD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB;IACnD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAE3C,2CAA2C;IAC3C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QACvF,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CACV,mDAAmD;gBACnD,gDAAgD;gBAChD,yDAAyD,CAC1D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,IAAI,YAAY,CAAC;IAE3C,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,GAAG,WAAW,IAAI,aAAa,EAAE,CAAC;SACzC,MAAM,CAAC,KAAK,CAAC;SACb,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oCAAoC;AAC3D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC3C,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAEvF,IAAI,YAAY,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CACX,gEAAgE;YAChE,yCAAyC,CAC1C,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CACV,yEAAyE;YACzE,kBAAkB,GAAG,IAAI,CAAC,MAAM,CACjC,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/services/workspace-keepalive.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Workspace Keepalive Service
+ *
+ * Prevents Fly.io from idling workspace machines that have active agents running.
+ *
+ * Problem: Fly.io uses request-based concurrency tracking to determine when to
+ * idle a machine. If a Claude agent is running but no HTTP requests are coming
+ * in (e.g., no one has the dashboard open), Fly.io may idle the machine.
+ *
+ * Solution: The cloud server periodically pings workspace machines that have
+ * active agents. This inbound HTTP request counts as activity for Fly.io's
+ * idle detection, keeping the machine awake.
+ *
+ * Flow:
+ * 1. Daemons report their running agents via heartbeat
+ * 2. This service queries for workspaces with active agents
+ * 3. Pings each workspace's /keep-alive endpoint
+ * 4. Workspace stays awake as long as agents are active
+ */
+import { EventEmitter } from 'events';
+export interface WorkspaceKeepaliveConfig {
+    /** How often to ping active workspaces (default: 60s) */
+    pingIntervalMs: number;
+    /** Request timeout for keep-alive pings (default: 5s) */
+    requestTimeoutMs: number;
+    /** Consider daemon stale if last heartbeat older than this (default: 2 min) */
+    staleThresholdMs: number;
+    /** Enable verbose logging (default: false) */
+    verbose: boolean;
+}
+export interface KeepaliveStats {
+    lastRun: Date | null;
+    totalPings: number;
+    successfulPings: number;
+    failedPings: number;
+    activeWorkspaces: number;
+}
+export declare class WorkspaceKeepaliveService extends EventEmitter {
+    private config;
+    private pingTimer;
+    private stats;
+    constructor(config?: Partial<WorkspaceKeepaliveConfig>);
+    /**
+     * Start the keepalive service
+     */
+    start(): void;
+    /**
+     * Stop the keepalive service
+     */
+    stop(): void;
+    /**
+     * Get current statistics
+     */
+    getStats(): KeepaliveStats;
+    /**
+     * Find workspaces with active agents and ping them
+     */
+    pingActiveWorkspaces(): Promise<void>;
+    /**
+     * Find all workspaces that have daemons with active agents
+     */
+    private findWorkspacesWithActiveAgents;
+    /**
+     * Ping a single workspace's keep-alive endpoint
+     */
+    private pingWorkspace;
+}
+/**
+ * Get or create the keepalive service singleton
+ */
+export declare function getWorkspaceKeepaliveService(config?: Partial<WorkspaceKeepaliveConfig>): WorkspaceKeepaliveService;
+/**
+ * Create a new keepalive service (for testing)
+ */
+export declare function createWorkspaceKeepaliveService(config?: Partial<WorkspaceKeepaliveConfig>): WorkspaceKeepaliveService;
+//# sourceMappingURL=workspace-keepalive.d.ts.map

package/dist/services/workspace-keepalive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workspace-keepalive.d.ts","sourceRoot":"","sources":["../../src/services/workspace-keepalive.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAGtC,MAAM,WAAW,wBAAwB;IACvC,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,gBAAgB,EAAE,MAAM,CAAC;IACzB,+EAA+E;IAC/E,gBAAgB,EAAE,MAAM,CAAC;IACzB,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAiBD,qBAAa,yBAA0B,SAAQ,YAAY;IACzD,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,SAAS,CAA+C;IAChE,OAAO,CAAC,KAAK,CAMX;gBAEU,MAAM,GAAE,OAAO,CAAC,wBAAwB,CAAM;IAK1D;;OAEG;IACH,KAAK,IAAI,IAAI;IAsBb;;OAEG;IACH,IAAI,IAAI,IAAI;IAQZ;;OAEG;IACH,QAAQ,IAAI,cAAc;IAI1B;;OAEG;IACG,oBAAoB,IAAI,OAAO,CAAC,IAAI,CAAC;IAsD3C;;OAEG;YACW,8BAA8B;IAgD5C;;OAEG;YACW,aAAa;CA6C5B;AAKD;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,GACzC,yBAAyB,CAK3B;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,GACzC,yBAAyB,CAE3B"}