@agent-relay/cloud 7.1.1 → 8.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api-client.d.ts.map +1 -1
- package/dist/api-client.js +2 -1
- package/dist/api-client.js.map +1 -1
- package/dist/audit.d.ts +19 -0
- package/dist/audit.d.ts.map +1 -0
- package/dist/audit.js +74 -0
- package/dist/audit.js.map +1 -0
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +13 -15
- package/dist/auth.js.map +1 -1
- package/dist/compiler.d.ts +23 -0
- package/dist/compiler.d.ts.map +1 -0
- package/dist/compiler.js +355 -0
- package/dist/compiler.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +7 -0
- package/dist/index.js.map +1 -1
- package/dist/local-jwks.d.ts +25 -0
- package/dist/local-jwks.d.ts.map +1 -0
- package/dist/local-jwks.js +70 -0
- package/dist/local-jwks.js.map +1 -0
- package/dist/permissions.d.ts +124 -0
- package/dist/permissions.d.ts.map +1 -0
- package/dist/permissions.js +9 -0
- package/dist/permissions.js.map +1 -0
- package/dist/provisioning-types.d.ts +25 -0
- package/dist/provisioning-types.d.ts.map +1 -0
- package/dist/provisioning-types.js +2 -0
- package/dist/provisioning-types.js.map +1 -0
- package/dist/telemetry-headers.d.ts +8 -0
- package/dist/telemetry-headers.d.ts.map +1 -0
- package/dist/telemetry-headers.js +72 -0
- package/dist/telemetry-headers.js.map +1 -0
- package/dist/token.d.ts +41 -0
- package/dist/token.d.ts.map +1 -0
- package/dist/token.js +77 -0
- package/dist/token.js.map +1 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +23 -3
package/dist/api-client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,qBAAqB,GAAG;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAYF,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,GAAG,CAE1D;AAED,qBAAa,cAAc;IAOb,OAAO,CAAC,QAAQ,CAAC,OAAO;IANpC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,oBAAoB,CAAS;IACrC,OAAO,CAAC,qBAAqB,CAAC,CAAS;IACvC,OAAO,CAAC,cAAc,CAA8B;gBAEvB,OAAO,EAAE,qBAAqB;IAO3D,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,cAAc,GAAG,IAAI;IAoB7D,QAAQ,IAAI,sBAAsB;IAU5B,KAAK,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC;IAoB3D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;YAcf,OAAO;YAgBP,SAAS;IA8BvB,OAAO,CAAC,YAAY;IAMpB,OAAO,CAAC,aAAa;CAQtB"}
|
package/dist/api-client.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { REFRESH_WINDOW_MS } from './types.js';
|
|
2
|
+
import { appendAgentRelayTelemetryHeaders } from './telemetry-headers.js';
|
|
2
3
|
function trimLeadingSlash(p) {
|
|
3
4
|
return p.replace(/^\/+/, '');
|
|
4
5
|
}
|
|
@@ -110,7 +111,7 @@ export class CloudApiClient {
|
|
|
110
111
|
buildHeaders(headers) {
|
|
111
112
|
const merged = new Headers(headers);
|
|
112
113
|
merged.set('Authorization', `Bearer ${this.accessToken}`);
|
|
113
|
-
return merged;
|
|
114
|
+
return appendAgentRelayTelemetryHeaders(merged);
|
|
114
115
|
}
|
|
115
116
|
shouldRefresh() {
|
|
116
117
|
const expiresAt = Date.parse(this.accessTokenExpiresAt);
|
package/dist/api-client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,gCAAgC,EAAE,MAAM,wBAAwB,CAAC;AAoB1E,SAAS,gBAAgB,CAAC,CAAS;IACjC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAS;IAClC,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAc,EAAE,CAAS;IACnD,OAAO,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,OAAO,cAAc;IAOI;IANrB,WAAW,CAAS;IACpB,YAAY,CAAS;IACrB,oBAAoB,CAAS;IAC7B,qBAAqB,CAAU;IAC/B,cAAc,GAAyB,IAAI,CAAC;IAEpD,YAA6B,OAA8B;QAA9B,YAAO,GAAP,OAAO,CAAuB;QACzD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,OAAO,CAAC,GAAsB;QACnC,MAAM,MAAM,GAAG,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,GAAG,CAAC,sBAAsB,EAAE,IAAI,EAAE,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,CAAC;QACzD,MAAM,oBAAoB,GAAG,GAAG,CAAC,iCAAiC,EAAE,IAAI,EAAE,CAAC;QAC3E,MAAM,qBAAqB,GAAG,GAAG,CAAC,kCAAkC,EAAE,IAAI,EAAE,CAAC;QAE7E,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,cAAc,CAAC;YACxB,MAAM;YACN,WAAW;YACX,YAAY;YACZ,oBAAoB;YACpB,qBAAqB;SACtB,CAAC,CAAC;IACL,CAAC;IAED,QAAQ;QACN,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,oBAAoB,EAAE,IAAI,CAAC,oBAAoB;YAC/C,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7F,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,CAAS,EAAE,OAAoB,EAAE;QAC3C,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QAErB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE;YAChE,GAAG,IAAI;YACP,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;SACzC,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEzB,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE;YAChD,GAAG,IAAI;YACP,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;SACzC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,2BAA2B,CAAC,EAAE;YAC1F,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;SACnD,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK;QACjC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,cAAc,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YAClD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,4BAA4B,CAAC,EAAE;YAC3F,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;SAC1D,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAKrC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,oBAAoB,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YACnF,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAC7D,CAAC;IAEO,YAAY,CAAC,OAAgC;QACnD,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1D,OAAO,gCAAgC,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IAEO,aAAa;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACxD,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,iBAAiB,CAAC;IACrD,CAAC;CACF"}
|
package/dist/audit.d.ts
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export interface PermissionAuditEntry {
|
|
2
|
+
timestamp: string;
|
|
3
|
+
agentName: string;
|
|
4
|
+
action: string;
|
|
5
|
+
details: Record<string, unknown>;
|
|
6
|
+
}
|
|
7
|
+
export declare function getDefaultPermissionAuditPath(projectDir: string): string;
|
|
8
|
+
export declare class PermissionAuditLog {
|
|
9
|
+
private readonly entries;
|
|
10
|
+
log(entry: Omit<PermissionAuditEntry, 'timestamp'> & {
|
|
11
|
+
timestamp?: string;
|
|
12
|
+
}): PermissionAuditEntry;
|
|
13
|
+
toJSON(): {
|
|
14
|
+
entries: PermissionAuditEntry[];
|
|
15
|
+
};
|
|
16
|
+
writeTo(filePath: string): Promise<void>;
|
|
17
|
+
summary(): string;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=audit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAwCD,wBAAgB,6BAA6B,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAExE;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA8B;IAEtD,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,CAAC,GAAG;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,oBAAoB;IAYlG,MAAM,IAAI;QAAE,OAAO,EAAE,oBAAoB,EAAE,CAAA;KAAE;IAWvC,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9C,OAAO,IAAI,MAAM;CAoBlB"}
|
package/dist/audit.js
ADDED
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import { mkdir, writeFile } from 'node:fs/promises';
|
|
2
|
+
import path from 'node:path';
|
|
3
|
+
const DEFAULT_PERMISSION_AUDIT_RELATIVE_PATH = path.join('.agentworkforce/relay', 'permission-audit.json');
|
|
4
|
+
function isPlainObject(value) {
|
|
5
|
+
return typeof value === 'object' && value !== null && !Array.isArray(value);
|
|
6
|
+
}
|
|
7
|
+
function sanitizeJsonValue(value, key) {
|
|
8
|
+
if (key && key.toLowerCase().includes('token')) {
|
|
9
|
+
return '[redacted]';
|
|
10
|
+
}
|
|
11
|
+
if (value === null ||
|
|
12
|
+
typeof value === 'string' ||
|
|
13
|
+
typeof value === 'number' ||
|
|
14
|
+
typeof value === 'boolean') {
|
|
15
|
+
return value;
|
|
16
|
+
}
|
|
17
|
+
if (Array.isArray(value)) {
|
|
18
|
+
return value.map((item) => sanitizeJsonValue(item));
|
|
19
|
+
}
|
|
20
|
+
if (isPlainObject(value)) {
|
|
21
|
+
return Object.fromEntries(Object.entries(value).map(([entryKey, entryValue]) => [
|
|
22
|
+
entryKey,
|
|
23
|
+
sanitizeJsonValue(entryValue, entryKey),
|
|
24
|
+
]));
|
|
25
|
+
}
|
|
26
|
+
return String(value);
|
|
27
|
+
}
|
|
28
|
+
export function getDefaultPermissionAuditPath(projectDir) {
|
|
29
|
+
return path.resolve(projectDir, DEFAULT_PERMISSION_AUDIT_RELATIVE_PATH);
|
|
30
|
+
}
|
|
31
|
+
export class PermissionAuditLog {
|
|
32
|
+
entries = [];
|
|
33
|
+
log(entry) {
|
|
34
|
+
const storedEntry = {
|
|
35
|
+
timestamp: entry.timestamp ?? new Date().toISOString(),
|
|
36
|
+
agentName: entry.agentName,
|
|
37
|
+
action: entry.action,
|
|
38
|
+
details: sanitizeJsonValue(entry.details),
|
|
39
|
+
};
|
|
40
|
+
this.entries.push(storedEntry);
|
|
41
|
+
return storedEntry;
|
|
42
|
+
}
|
|
43
|
+
toJSON() {
|
|
44
|
+
return {
|
|
45
|
+
entries: this.entries.map((entry) => ({
|
|
46
|
+
timestamp: entry.timestamp,
|
|
47
|
+
agentName: entry.agentName,
|
|
48
|
+
action: entry.action,
|
|
49
|
+
details: { ...entry.details },
|
|
50
|
+
})),
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
async writeTo(filePath) {
|
|
54
|
+
await mkdir(path.dirname(filePath), { recursive: true });
|
|
55
|
+
await writeFile(filePath, `${JSON.stringify(this.toJSON(), null, 2)}\n`, 'utf8');
|
|
56
|
+
}
|
|
57
|
+
summary() {
|
|
58
|
+
if (this.entries.length === 0) {
|
|
59
|
+
return 'Permission audit: 0 entries';
|
|
60
|
+
}
|
|
61
|
+
const actionCounts = new Map();
|
|
62
|
+
const agentNames = new Set();
|
|
63
|
+
for (const entry of this.entries) {
|
|
64
|
+
actionCounts.set(entry.action, (actionCounts.get(entry.action) ?? 0) + 1);
|
|
65
|
+
agentNames.add(entry.agentName);
|
|
66
|
+
}
|
|
67
|
+
const actionSummary = [...actionCounts.entries()]
|
|
68
|
+
.sort(([left], [right]) => left.localeCompare(right))
|
|
69
|
+
.map(([action, count]) => `${action}=${count}`)
|
|
70
|
+
.join(', ');
|
|
71
|
+
return `Permission audit: ${this.entries.length} entr${this.entries.length === 1 ? 'y' : 'ies'} across ${agentNames.size} agent${agentNames.size === 1 ? '' : 's'} (${actionSummary})`;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
//# sourceMappingURL=audit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAW7B,MAAM,sCAAsC,GAAG,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,uBAAuB,CAAC,CAAC;AAE3G,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc,EAAE,GAAY;IACrD,IAAI,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IACE,KAAK,KAAK,IAAI;QACd,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,SAAS,EAC1B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC;YACpD,QAAQ;YACR,iBAAiB,CAAC,UAAU,EAAE,QAAQ,CAAC;SACxC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,UAAkB;IAC9D,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,sCAAsC,CAAC,CAAC;AAC1E,CAAC;AAED,MAAM,OAAO,kBAAkB;IACZ,OAAO,GAA2B,EAAE,CAAC;IAEtD,GAAG,CAAC,KAAuE;QACzE,MAAM,WAAW,GAAyB;YACxC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtD,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAA4B;SACrE,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBACpC,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE;aAC9B,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB;QAC5B,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACnF,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,6BAA6B,CAAC;QACvC,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QAErC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1E,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,CAAC,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC;aAC9C,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;aACpD,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC;aAC9C,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,OAAO,qBAAqB,IAAI,CAAC,OAAO,CAAC,MAAM,QAAQ,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,WAAW,UAAU,CAAC,IAAI,SAAS,UAAU,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,GAAG,CAAC;IACzL,CAAC;CACF"}
|
package/dist/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AASA,OAAO,EAAqC,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAgEhF,wBAAsB,cAAc,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAarG;AAED,wBAAsB,eAAe,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CASrE;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAErD;AAmKD,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAgC7E;AASD,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAE,GAC5B,OAAO,CAAC,UAAU,CAAC,CA0BrB;AAqBD,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,UAAU,EAChB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,IAAI,EAAE,UAAU,CAAA;CAAE,CAAC,CAoBnD"}
|
package/dist/auth.js
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
|
+
import { randomUUID } from 'node:crypto';
|
|
1
2
|
import fs from 'node:fs/promises';
|
|
2
3
|
import http from 'node:http';
|
|
3
4
|
import os from 'node:os';
|
|
4
5
|
import path from 'node:path';
|
|
5
6
|
import { spawn } from 'node:child_process';
|
|
6
7
|
import { buildApiUrl } from './api-client.js';
|
|
8
|
+
import { appendAgentRelayTelemetryHeaders } from './telemetry-headers.js';
|
|
7
9
|
import { AUTH_FILE_PATH, REFRESH_WINDOW_MS } from './types.js';
|
|
8
10
|
const envBackedAuth = new WeakSet();
|
|
9
11
|
function markEnvBackedAuth(auth) {
|
|
@@ -106,7 +108,7 @@ function redirectToHostedCliAuthPage(response, apiUrl, options) {
|
|
|
106
108
|
response.end();
|
|
107
109
|
}
|
|
108
110
|
async function beginBrowserLogin(apiUrl) {
|
|
109
|
-
const state =
|
|
111
|
+
const state = randomUUID();
|
|
110
112
|
return new Promise((resolve, reject) => {
|
|
111
113
|
let settled = false;
|
|
112
114
|
const server = http.createServer((request, response) => {
|
|
@@ -120,15 +122,9 @@ async function beginBrowserLogin(apiUrl) {
|
|
|
120
122
|
// Validate state parameter first (CSRF protection) — this check
|
|
121
123
|
// must run unconditionally, before any user-controlled values.
|
|
122
124
|
if (returnedState !== state) {
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
});
|
|
127
|
-
if (!settled) {
|
|
128
|
-
settled = true;
|
|
129
|
-
server.close();
|
|
130
|
-
reject(new Error('Invalid state parameter in CLI login callback'));
|
|
131
|
-
}
|
|
125
|
+
response.statusCode = 400;
|
|
126
|
+
response.setHeader('content-type', 'text/plain; charset=utf-8');
|
|
127
|
+
response.end('Ignored invalid CLI login callback. Return to your terminal to continue login.');
|
|
132
128
|
return;
|
|
133
129
|
}
|
|
134
130
|
const error = requestUrl.searchParams.get('error');
|
|
@@ -269,13 +265,15 @@ export async function ensureAuthenticated(apiUrl, options) {
|
|
|
269
265
|
}
|
|
270
266
|
}
|
|
271
267
|
function apiFetch(apiUrl, accessToken, requestPath, init) {
|
|
268
|
+
const headers = new Headers(init.headers);
|
|
269
|
+
if (!headers.has('content-type')) {
|
|
270
|
+
headers.set('content-type', 'application/json');
|
|
271
|
+
}
|
|
272
|
+
headers.set('authorization', `Bearer ${accessToken}`);
|
|
273
|
+
appendAgentRelayTelemetryHeaders(headers);
|
|
272
274
|
return fetch(buildApiUrl(apiUrl, requestPath), {
|
|
273
275
|
...init,
|
|
274
|
-
headers
|
|
275
|
-
'content-type': 'application/json',
|
|
276
|
-
authorization: `Bearer ${accessToken}`,
|
|
277
|
-
...(init.headers ?? {}),
|
|
278
|
-
},
|
|
276
|
+
headers,
|
|
279
277
|
});
|
|
280
278
|
}
|
|
281
279
|
export async function authorizedApiFetch(auth, requestPath, init) {
|
package/dist/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAmB,MAAM,YAAY,CAAC;AAEhF,MAAM,aAAa,GAAG,IAAI,OAAO,EAAc,CAAC;AAEhD,SAAS,iBAAiB,CAAC,IAAgB;IACzC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACxB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB;IACvC,OAAO,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,WAAW,CAAC,MAAyB,OAAO,CAAC,GAAG;IACvD,MAAM,MAAM,GAAG,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACzC,MAAM,WAAW,GAAG,GAAG,CAAC,sBAAsB,EAAE,IAAI,EAAE,CAAC;IACvD,MAAM,YAAY,GAAG,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,CAAC;IACzD,MAAM,oBAAoB,GAAG,GAAG,CAAC,iCAAiC,EAAE,IAAI,EAAE,CAAC;IAE3E,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,iBAAiB,CAAC;QACvB,MAAM;QACN,WAAW;QACX,YAAY;QACZ,oBAAoB;KACrB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAEpF,OAAO,IAAI,KAAK,CACd,GAAG,OAAO,iLAAiL,EAC3L,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACtD,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,KAA4B,CAAC;IAC1C,OAAO,CACL,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ;QACpC,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ;QACrC,OAAO,IAAI,CAAC,oBAAoB,KAAK,QAAQ;QAC7C,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAyB,OAAO,CAAC,GAAG;IACvE,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;QAC3C,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAgB;IACpD,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QAC3C,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QACvE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,EAAE,CAAC,EAAE,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,aAAa,CAAC,oBAA4B;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnD,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,iBAAiB,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IAE/B,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,KAAK,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,2BAA2B,CAClC,QAAmD,EACnD,MAAc,EACd,OAGC;IAED,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IAC1D,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;IAED,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrD,QAAQ,CAAC,GAAG,EAAE,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAc;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAElC,OAAO,IAAI,OAAO,CAAa,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACjD,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YACrD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC;YAEnE,IAAI,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACxC,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;gBAC1B,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBAC1B,OAAO;YACT,CAAC;YAED,MAAM,aAAa,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE3D,gEAAgE;YAChE,+DAA+D;YAC/D,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;gBAC5B,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE;oBAC5C,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,yBAAyB;iBAClC,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;gBACrE,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnD,IAAI,KAAK,EAAE,CAAC;gBACV,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE;oBAC5C,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3B,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAChE,MAAM,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAClE,MAAM,oBAAoB,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACpF,MAAM,cAAc,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE9D,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,oBAAoB,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC9E,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE;oBAC5C,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,0EAA0E;iBACnF,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC,CAAC;gBACtE,CAAC;gBACD,OAAO;YACT,CAAC;YAED,2BAA2B,CAAC,QAAQ,EAAE,cAAc,EAAE;gBACpD,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,iBAAiB,cAAc,EAAE;aAC1C,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC;oBACN,WAAW;oBACX,YAAY;oBACZ,oBAAoB;oBACpB,MAAM,EAAE,cAAc;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;gBAC7D,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7E,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;YAC1D,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAE1C,OAAO,CAAC,GAAG,CAAC,oCAAoC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACvE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;YAE/E,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,CAAC;YAAC,MAAM,CAAC;gBACP,6DAA6D;YAC/D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,EAAE;YACd,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAgB;IACtD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,CAAC,EAAE;QACnF,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;KAC1D,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAIhD,CAAC;IAET,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,IAAI,CAAC,OAAO,EAAE,YAAY,IAAI,CAAC,OAAO,EAAE,oBAAoB,EAAE,CAAC;QACtG,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAe;QAC3B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;KACnD,CAAC;IAEF,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;IAChC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,MAAc;IAC5C,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAc,EACd,OAA6B;IAE7B,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,KAAK,IAAI,CAAC;IACtC,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAEtD,wEAAwE;IACxE,2EAA2E;IAC3E,4EAA4E;IAC5E,wEAAwE;IACxE,+CAA+C;IAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAChD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CACf,MAAc,EACd,WAAmB,EACnB,WAAmB,EACnB,IAAiB;IAEjB,OAAO,KAAK,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE;QAC7C,GAAG,IAAI;QACP,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;SACxB;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAgB,EAChB,WAAmB,EACnB,IAAiB;IAEjB,IAAI,UAAU,GAAG,IAAI,CAAC;IACtB,IAAI,QAAQ,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAE5F,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;YAChC,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,UAAU,GAAG,MAAM,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAED,QAAQ,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IACxF,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACxC,CAAC"}
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,gCAAgC,EAAE,MAAM,wBAAwB,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAmB,MAAM,YAAY,CAAC;AAEhF,MAAM,aAAa,GAAG,IAAI,OAAO,EAAc,CAAC;AAEhD,SAAS,iBAAiB,CAAC,IAAgB;IACzC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACxB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB;IACvC,OAAO,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,WAAW,CAAC,MAAyB,OAAO,CAAC,GAAG;IACvD,MAAM,MAAM,GAAG,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACzC,MAAM,WAAW,GAAG,GAAG,CAAC,sBAAsB,EAAE,IAAI,EAAE,CAAC;IACvD,MAAM,YAAY,GAAG,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,CAAC;IACzD,MAAM,oBAAoB,GAAG,GAAG,CAAC,iCAAiC,EAAE,IAAI,EAAE,CAAC;IAE3E,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,iBAAiB,CAAC;QACvB,MAAM;QACN,WAAW;QACX,YAAY;QACZ,oBAAoB;KACrB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAEpF,OAAO,IAAI,KAAK,CACd,GAAG,OAAO,iLAAiL,EAC3L,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CACtD,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,KAA4B,CAAC;IAC1C,OAAO,CACL,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ;QACpC,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ;QACrC,OAAO,IAAI,CAAC,oBAAoB,KAAK,QAAQ;QAC7C,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAyB,OAAO,CAAC,GAAG;IACvE,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;QAC3C,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAgB;IACpD,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QAC3C,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QACvE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,EAAE,CAAC,EAAE,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,aAAa,CAAC,oBAA4B;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnD,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,iBAAiB,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IAE/B,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,KAAK,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,2BAA2B,CAClC,QAAmD,EACnD,MAAc,EACd,OAGC;IAED,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IAC1D,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;IAED,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrD,QAAQ,CAAC,GAAG,EAAE,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAc;IAC7C,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;IAE3B,OAAO,IAAI,OAAO,CAAa,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACjD,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YACrD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC;YAEnE,IAAI,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACxC,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;gBAC1B,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBAC1B,OAAO;YACT,CAAC;YAED,MAAM,aAAa,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE3D,gEAAgE;YAChE,+DAA+D;YAC/D,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;gBAC5B,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;gBAC1B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,2BAA2B,CAAC,CAAC;gBAChE,QAAQ,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAC;gBAC/F,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnD,IAAI,KAAK,EAAE,CAAC;gBACV,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE;oBAC5C,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3B,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAChE,MAAM,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAClE,MAAM,oBAAoB,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACpF,MAAM,cAAc,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE9D,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,oBAAoB,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC9E,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE;oBAC5C,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,0EAA0E;iBACnF,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC,CAAC;gBACtE,CAAC;gBACD,OAAO;YACT,CAAC;YAED,2BAA2B,CAAC,QAAQ,EAAE,cAAc,EAAE;gBACpD,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,iBAAiB,cAAc,EAAE;aAC1C,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC;oBACN,WAAW;oBACX,YAAY;oBACZ,oBAAoB;oBACpB,MAAM,EAAE,cAAc;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;gBAC7D,CAAC;gBACD,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7E,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;YAC1D,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YAClE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAE1C,OAAO,CAAC,GAAG,CAAC,oCAAoC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACvE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;YAE/E,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,CAAC;YAAC,MAAM,CAAC;gBACP,6DAA6D;YAC/D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,EAAE;YACd,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAgB;IACtD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,CAAC,EAAE;QACnF,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;KAC1D,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAIhD,CAAC;IAET,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,IAAI,CAAC,OAAO,EAAE,YAAY,IAAI,CAAC,OAAO,EAAE,oBAAoB,EAAE,CAAC;QACtG,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAe;QAC3B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;KACnD,CAAC;IAEF,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;IAChC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,MAAc;IAC5C,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAc,EACd,OAA6B;IAE7B,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,KAAK,IAAI,CAAC;IACtC,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAEtD,wEAAwE;IACxE,2EAA2E;IAC3E,4EAA4E;IAC5E,wEAAwE;IACxE,+CAA+C;IAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAChD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CACf,MAAc,EACd,WAAmB,EACnB,WAAmB,EACnB,IAAiB;IAEjB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,WAAW,EAAE,CAAC,CAAC;IACtD,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAE1C,OAAO,KAAK,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE;QAC7C,GAAG,IAAI;QACP,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAgB,EAChB,WAAmB,EACnB,IAAiB;IAEjB,IAAI,UAAU,GAAG,IAAI,CAAC;IACtB,IAAI,QAAQ,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAE5F,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;YAChC,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,UAAU,GAAG,MAAM,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAED,QAAQ,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IACxF,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACxC,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { AgentPreset } from './permissions.js';
|
|
2
|
+
import type { AgentPermissions, CompiledAgentPermissions, CompileInput } from './provisioning-types.js';
|
|
3
|
+
type FileAction = 'read' | 'write';
|
|
4
|
+
interface ExpandedPreset {
|
|
5
|
+
read: string[];
|
|
6
|
+
write: string[];
|
|
7
|
+
deny: string[];
|
|
8
|
+
}
|
|
9
|
+
export declare function defaultPermissionsForPreset(preset: AgentPreset | undefined): AgentPermissions;
|
|
10
|
+
export declare function expandPreset(preset: AgentPermissions['access'], options?: {
|
|
11
|
+
projectDir?: string;
|
|
12
|
+
workdir?: string;
|
|
13
|
+
}): ExpandedPreset;
|
|
14
|
+
export declare function globsToScopes(globs: string[], action: FileAction): string[];
|
|
15
|
+
export declare function compileAgentPermissions(input: CompileInput): CompiledAgentPermissions;
|
|
16
|
+
export declare function mergeAcl(compilations: readonly CompiledAgentPermissions[]): Record<string, string[]>;
|
|
17
|
+
export declare function resolveAgentPermissions(agentName: string, permissions: AgentPermissions | undefined, projectDir: string, workspace: string): CompiledAgentPermissions;
|
|
18
|
+
export declare function compileAgentScopes(input: CompileInput): CompiledAgentPermissions;
|
|
19
|
+
export declare function mergePermissionSources(dotfileScopes: string[], yamlScopes: string[], rawScopes: string[]): string[];
|
|
20
|
+
export declare const expandAccessPreset: typeof expandPreset;
|
|
21
|
+
export declare const globToScopes: (globs: string[], action: FileAction, _projectDir?: string) => string[];
|
|
22
|
+
export {};
|
|
23
|
+
//# sourceMappingURL=compiler.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compiler.d.ts","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,KAAK,EACV,gBAAgB,EAChB,wBAAwB,EACxB,YAAY,EAEb,MAAM,yBAAyB,CAAC;AAEjC,KAAK,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;AAEnC,UAAU,cAAc;IACtB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAqRD,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,CAY7F;AAED,wBAAgB,YAAY,CAC1B,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EAClC,OAAO,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAClD,cAAc,CAqBhB;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE,CAO3E;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,YAAY,GAAG,wBAAwB,CA4GrF;AAED,wBAAgB,QAAQ,CAAC,YAAY,EAAE,SAAS,wBAAwB,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAkBpG;AAED,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,gBAAgB,GAAG,SAAS,EACzC,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,GAChB,wBAAwB,CAO1B;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,YAAY,GAAG,wBAAwB,CAEhF;AAED,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,MAAM,EAAE,EACvB,UAAU,EAAE,MAAM,EAAE,EACpB,SAAS,EAAE,MAAM,EAAE,GAClB,MAAM,EAAE,CAEV;AAED,eAAO,MAAM,kBAAkB,qBAAe,CAAC;AAC/C,eAAO,MAAM,YAAY,GAAI,OAAO,MAAM,EAAE,EAAE,QAAQ,UAAU,EAAE,cAAc,MAAM,KAAG,MAAM,EACjE,CAAC"}
|
package/dist/compiler.js
ADDED
|
@@ -0,0 +1,355 @@
|
|
|
1
|
+
import ignore from 'ignore';
|
|
2
|
+
import { existsSync, readdirSync, readFileSync } from 'node:fs';
|
|
3
|
+
import path from 'node:path';
|
|
4
|
+
const SKIPPED_DIRS = new Set(['.git', '.relay', 'node_modules']);
|
|
5
|
+
function cleanPatterns(content) {
|
|
6
|
+
return content
|
|
7
|
+
.split(/\r?\n/u)
|
|
8
|
+
.map((line) => line.trim())
|
|
9
|
+
.filter((line) => line !== '' && !line.startsWith('#'));
|
|
10
|
+
}
|
|
11
|
+
function unique(values) {
|
|
12
|
+
const seen = new Set();
|
|
13
|
+
const result = [];
|
|
14
|
+
for (const value of values) {
|
|
15
|
+
const normalized = String(value ?? '').trim();
|
|
16
|
+
if (normalized === '' || seen.has(normalized)) {
|
|
17
|
+
continue;
|
|
18
|
+
}
|
|
19
|
+
seen.add(normalized);
|
|
20
|
+
result.push(normalized);
|
|
21
|
+
}
|
|
22
|
+
return result;
|
|
23
|
+
}
|
|
24
|
+
function normalizeRelativePath(value) {
|
|
25
|
+
return String(value ?? '')
|
|
26
|
+
.trim()
|
|
27
|
+
.replace(/\\/gu, '/')
|
|
28
|
+
.replace(/^\.\/+/u, '')
|
|
29
|
+
.replace(/^\/+/u, '')
|
|
30
|
+
.replace(/\/+/gu, '/');
|
|
31
|
+
}
|
|
32
|
+
function normalizeRelayPath(value) {
|
|
33
|
+
const normalized = normalizeRelativePath(value);
|
|
34
|
+
return normalized === '' ? '/' : `/${normalized}`;
|
|
35
|
+
}
|
|
36
|
+
function normalizeAclDir(relativeDir) {
|
|
37
|
+
const normalized = normalizeRelativePath(relativeDir);
|
|
38
|
+
return normalized === '' || normalized === '.' ? '/' : `/${normalized}`;
|
|
39
|
+
}
|
|
40
|
+
function readPatternFile(filePath) {
|
|
41
|
+
if (!existsSync(filePath)) {
|
|
42
|
+
return [];
|
|
43
|
+
}
|
|
44
|
+
return cleanPatterns(readFileSync(filePath, 'utf8'));
|
|
45
|
+
}
|
|
46
|
+
function createMatcher(patterns) {
|
|
47
|
+
const matcher = ignore();
|
|
48
|
+
if (patterns.length > 0) {
|
|
49
|
+
matcher.add([...patterns]);
|
|
50
|
+
}
|
|
51
|
+
return matcher;
|
|
52
|
+
}
|
|
53
|
+
function loadDotfileRules(projectDir, agentName) {
|
|
54
|
+
const resolvedProjectDir = path.resolve(projectDir);
|
|
55
|
+
return {
|
|
56
|
+
deny: unique([
|
|
57
|
+
...readPatternFile(path.join(resolvedProjectDir, '.agentignore')),
|
|
58
|
+
...readPatternFile(path.join(resolvedProjectDir, `.${agentName}.agentignore`)),
|
|
59
|
+
]),
|
|
60
|
+
readonly: unique([
|
|
61
|
+
...readPatternFile(path.join(resolvedProjectDir, '.agentreadonly')),
|
|
62
|
+
...readPatternFile(path.join(resolvedProjectDir, `.${agentName}.agentreadonly`)),
|
|
63
|
+
]),
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
function normalizeFileRules(permissions) {
|
|
67
|
+
return {
|
|
68
|
+
read: unique(permissions.files?.read ?? []),
|
|
69
|
+
write: unique(permissions.files?.write ?? []),
|
|
70
|
+
deny: unique(permissions.files?.deny ?? []),
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
function resolveScopedWorkdirPatterns(projectDir, workdir) {
|
|
74
|
+
if (!workdir) {
|
|
75
|
+
return undefined;
|
|
76
|
+
}
|
|
77
|
+
const resolvedProjectDir = path.resolve(projectDir);
|
|
78
|
+
const resolvedWorkdir = path.resolve(resolvedProjectDir, workdir);
|
|
79
|
+
const relativeWorkdir = normalizeRelativePath(path.relative(resolvedProjectDir, resolvedWorkdir));
|
|
80
|
+
if (relativeWorkdir === '' || relativeWorkdir === '.') {
|
|
81
|
+
return undefined;
|
|
82
|
+
}
|
|
83
|
+
if (relativeWorkdir === '..' || relativeWorkdir.startsWith('../')) {
|
|
84
|
+
return [];
|
|
85
|
+
}
|
|
86
|
+
return unique([relativeWorkdir, `${relativeWorkdir}/**`]);
|
|
87
|
+
}
|
|
88
|
+
function matchesAny(relativePath, matcher) {
|
|
89
|
+
return matcher.ignores(normalizeRelativePath(relativePath));
|
|
90
|
+
}
|
|
91
|
+
function walkProjectFiles(projectDir, currentDir = projectDir, files = []) {
|
|
92
|
+
const entries = readdirSync(currentDir, { withFileTypes: true }).sort((left, right) => left.name.localeCompare(right.name));
|
|
93
|
+
for (const entry of entries) {
|
|
94
|
+
if (entry.isDirectory() && SKIPPED_DIRS.has(entry.name)) {
|
|
95
|
+
continue;
|
|
96
|
+
}
|
|
97
|
+
const fullPath = path.join(currentDir, entry.name);
|
|
98
|
+
const relativePath = normalizeRelativePath(path.relative(projectDir, fullPath));
|
|
99
|
+
if (entry.isDirectory()) {
|
|
100
|
+
walkProjectFiles(projectDir, fullPath, files);
|
|
101
|
+
continue;
|
|
102
|
+
}
|
|
103
|
+
files.push(relativePath);
|
|
104
|
+
}
|
|
105
|
+
return files;
|
|
106
|
+
}
|
|
107
|
+
function buildSources(dotfileRules, preset, presetRules, fileRules, rawScopes, inherited) {
|
|
108
|
+
const sources = [];
|
|
109
|
+
if (inherited && (dotfileRules.deny.length > 0 || dotfileRules.readonly.length > 0)) {
|
|
110
|
+
sources.push({
|
|
111
|
+
type: 'dotfile',
|
|
112
|
+
label: 'dotfiles',
|
|
113
|
+
ruleCount: dotfileRules.deny.length + dotfileRules.readonly.length,
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
if (presetRules.read.length > 0 || presetRules.write.length > 0 || presetRules.deny.length > 0) {
|
|
117
|
+
sources.push({
|
|
118
|
+
type: 'preset',
|
|
119
|
+
label: `access: ${preset ?? 'readwrite'}`,
|
|
120
|
+
ruleCount: presetRules.read.length + presetRules.write.length + presetRules.deny.length,
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
if (fileRules.read.length > 0 || fileRules.write.length > 0 || fileRules.deny.length > 0) {
|
|
124
|
+
sources.push({
|
|
125
|
+
type: 'yaml',
|
|
126
|
+
label: 'permissions.files',
|
|
127
|
+
ruleCount: fileRules.read.length + fileRules.write.length + fileRules.deny.length,
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
if (rawScopes.length > 0) {
|
|
131
|
+
sources.push({
|
|
132
|
+
type: 'scope',
|
|
133
|
+
label: 'permissions.scopes',
|
|
134
|
+
ruleCount: rawScopes.length,
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
return sources;
|
|
138
|
+
}
|
|
139
|
+
function buildAcl(agentName, readonlyPaths, readwritePaths, deniedPaths) {
|
|
140
|
+
const aclMap = new Map();
|
|
141
|
+
const addRule = (relativePath, rule) => {
|
|
142
|
+
const aclDir = normalizeAclDir(path.posix.dirname(normalizeRelativePath(relativePath)));
|
|
143
|
+
const rules = aclMap.get(aclDir) ?? new Set();
|
|
144
|
+
rules.add(rule);
|
|
145
|
+
aclMap.set(aclDir, rules);
|
|
146
|
+
};
|
|
147
|
+
for (const relativePath of readonlyPaths) {
|
|
148
|
+
addRule(relativePath, 'read');
|
|
149
|
+
}
|
|
150
|
+
for (const relativePath of readwritePaths) {
|
|
151
|
+
addRule(relativePath, 'read');
|
|
152
|
+
addRule(relativePath, 'write');
|
|
153
|
+
}
|
|
154
|
+
const deniedDirs = new Map();
|
|
155
|
+
for (const relativePath of deniedPaths) {
|
|
156
|
+
const aclDir = normalizeAclDir(path.posix.dirname(normalizeRelativePath(relativePath)));
|
|
157
|
+
const summary = deniedDirs.get(aclDir) ?? { denied: 0, allowed: 0 };
|
|
158
|
+
summary.denied += 1;
|
|
159
|
+
deniedDirs.set(aclDir, summary);
|
|
160
|
+
}
|
|
161
|
+
for (const relativePath of [...readonlyPaths, ...readwritePaths]) {
|
|
162
|
+
const aclDir = normalizeAclDir(path.posix.dirname(normalizeRelativePath(relativePath)));
|
|
163
|
+
const summary = deniedDirs.get(aclDir) ?? { denied: 0, allowed: 0 };
|
|
164
|
+
summary.allowed += 1;
|
|
165
|
+
deniedDirs.set(aclDir, summary);
|
|
166
|
+
}
|
|
167
|
+
for (const [aclDir, summary] of deniedDirs.entries()) {
|
|
168
|
+
if (summary.denied > 0 && summary.allowed === 0) {
|
|
169
|
+
const rules = aclMap.get(aclDir) ?? new Set();
|
|
170
|
+
rules.add(`deny:agent:${agentName}`);
|
|
171
|
+
aclMap.set(aclDir, rules);
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
return Object.fromEntries([...aclMap.entries()]
|
|
175
|
+
.sort(([left], [right]) => left.localeCompare(right))
|
|
176
|
+
.map(([aclDir, rules]) => [aclDir, [...rules].sort()]));
|
|
177
|
+
}
|
|
178
|
+
function pathsToScopes(paths, action) {
|
|
179
|
+
return unique([...paths]
|
|
180
|
+
.map((relativePath) => normalizeRelativePath(relativePath))
|
|
181
|
+
.filter((relativePath) => relativePath !== '')
|
|
182
|
+
.sort((left, right) => left.localeCompare(right))
|
|
183
|
+
.map((relativePath) => `relayfile:fs:${action}:${normalizeRelayPath(relativePath)}`));
|
|
184
|
+
}
|
|
185
|
+
function buildReadonlyPatterns(presetRules, dotfileRules, fileRules) {
|
|
186
|
+
const presetReadonly = presetRules.write.length === 0 ? presetRules.read : [];
|
|
187
|
+
const yamlReadonly = fileRules.read.filter((pattern) => !fileRules.write.includes(pattern));
|
|
188
|
+
return unique([...dotfileRules.readonly, ...presetReadonly, ...yamlReadonly]);
|
|
189
|
+
}
|
|
190
|
+
function buildReadwritePatterns(presetRules, fileRules) {
|
|
191
|
+
return unique([...presetRules.write, ...fileRules.write]);
|
|
192
|
+
}
|
|
193
|
+
function buildDeniedPatterns(dotfileRules, fileRules) {
|
|
194
|
+
return unique([...dotfileRules.deny, ...fileRules.deny]);
|
|
195
|
+
}
|
|
196
|
+
export function defaultPermissionsForPreset(preset) {
|
|
197
|
+
switch (preset) {
|
|
198
|
+
case 'lead':
|
|
199
|
+
return { access: 'full' };
|
|
200
|
+
case 'reviewer':
|
|
201
|
+
case 'analyst':
|
|
202
|
+
return { access: 'readonly' };
|
|
203
|
+
case 'worker':
|
|
204
|
+
return { access: 'readwrite' };
|
|
205
|
+
default:
|
|
206
|
+
return {};
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
export function expandPreset(preset, options) {
|
|
210
|
+
const scopedWorkdirPatterns = preset === 'readwrite' && options?.projectDir
|
|
211
|
+
? resolveScopedWorkdirPatterns(options.projectDir, options.workdir)
|
|
212
|
+
: undefined;
|
|
213
|
+
switch (preset ?? 'readwrite') {
|
|
214
|
+
case 'readonly':
|
|
215
|
+
return { read: ['**'], write: [], deny: [] };
|
|
216
|
+
case 'restricted':
|
|
217
|
+
return { read: [], write: [], deny: [] };
|
|
218
|
+
case 'full':
|
|
219
|
+
return { read: ['**'], write: ['**'], deny: [] };
|
|
220
|
+
case 'readwrite':
|
|
221
|
+
default:
|
|
222
|
+
return {
|
|
223
|
+
read: scopedWorkdirPatterns ?? ['**'],
|
|
224
|
+
write: scopedWorkdirPatterns ?? ['**'],
|
|
225
|
+
deny: [],
|
|
226
|
+
};
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
export function globsToScopes(globs, action) {
|
|
230
|
+
return unique(globs
|
|
231
|
+
.map((glob) => normalizeRelativePath(glob))
|
|
232
|
+
.filter((glob) => glob !== '')
|
|
233
|
+
.map((glob) => `relayfile:fs:${action}:${normalizeRelayPath(glob)}`));
|
|
234
|
+
}
|
|
235
|
+
export function compileAgentPermissions(input) {
|
|
236
|
+
const permissions = input.permissions ?? {};
|
|
237
|
+
const effectiveAccess = permissions.access ?? 'readwrite';
|
|
238
|
+
const inherited = effectiveAccess !== 'full' && permissions.inherit !== false;
|
|
239
|
+
const projectDir = path.resolve(input.projectDir);
|
|
240
|
+
const scopedInput = input;
|
|
241
|
+
const dotfileRules = inherited ? loadDotfileRules(projectDir, input.agentName) : { deny: [], readonly: [] };
|
|
242
|
+
const presetRules = expandPreset(effectiveAccess, {
|
|
243
|
+
projectDir,
|
|
244
|
+
workdir: scopedInput.workdir,
|
|
245
|
+
});
|
|
246
|
+
const fileRules = normalizeFileRules(permissions);
|
|
247
|
+
const rawScopes = unique(permissions.scopes ?? []);
|
|
248
|
+
const dotDenyMatcher = createMatcher(dotfileRules.deny);
|
|
249
|
+
const dotReadonlyMatcher = createMatcher(dotfileRules.readonly);
|
|
250
|
+
const presetReadMatcher = createMatcher(presetRules.read);
|
|
251
|
+
const presetWriteMatcher = createMatcher(presetRules.write);
|
|
252
|
+
const fileReadMatcher = createMatcher(fileRules.read);
|
|
253
|
+
const fileWriteMatcher = createMatcher(fileRules.write);
|
|
254
|
+
const fileDenyMatcher = createMatcher(fileRules.deny);
|
|
255
|
+
const readonlyPaths = [];
|
|
256
|
+
const readwritePaths = [];
|
|
257
|
+
const deniedPaths = [];
|
|
258
|
+
for (const relativePath of walkProjectFiles(projectDir)) {
|
|
259
|
+
const dotDenied = inherited && matchesAny(relativePath, dotDenyMatcher);
|
|
260
|
+
const dotReadonly = inherited && !dotDenied && matchesAny(relativePath, dotReadonlyMatcher);
|
|
261
|
+
const yamlRead = matchesAny(relativePath, fileReadMatcher);
|
|
262
|
+
const yamlWrite = matchesAny(relativePath, fileWriteMatcher);
|
|
263
|
+
const yamlDeny = matchesAny(relativePath, fileDenyMatcher);
|
|
264
|
+
const explicitYamlGrant = yamlRead || yamlWrite;
|
|
265
|
+
if (yamlDeny) {
|
|
266
|
+
deniedPaths.push(relativePath);
|
|
267
|
+
continue;
|
|
268
|
+
}
|
|
269
|
+
if (dotDenied && !explicitYamlGrant) {
|
|
270
|
+
deniedPaths.push(relativePath);
|
|
271
|
+
continue;
|
|
272
|
+
}
|
|
273
|
+
const presetRead = matchesAny(relativePath, presetReadMatcher);
|
|
274
|
+
const presetWrite = matchesAny(relativePath, presetWriteMatcher);
|
|
275
|
+
const canRead = explicitYamlGrant || presetRead || presetWrite;
|
|
276
|
+
let canWrite = yamlWrite || presetWrite;
|
|
277
|
+
if (dotReadonly && !yamlWrite) {
|
|
278
|
+
canWrite = false;
|
|
279
|
+
}
|
|
280
|
+
if (canWrite) {
|
|
281
|
+
readwritePaths.push(relativePath);
|
|
282
|
+
continue;
|
|
283
|
+
}
|
|
284
|
+
if (canRead) {
|
|
285
|
+
readonlyPaths.push(relativePath);
|
|
286
|
+
continue;
|
|
287
|
+
}
|
|
288
|
+
deniedPaths.push(relativePath);
|
|
289
|
+
}
|
|
290
|
+
readonlyPaths.sort((left, right) => left.localeCompare(right));
|
|
291
|
+
readwritePaths.sort((left, right) => left.localeCompare(right));
|
|
292
|
+
deniedPaths.sort((left, right) => left.localeCompare(right));
|
|
293
|
+
const readonlyPatterns = buildReadonlyPatterns(presetRules, dotfileRules, fileRules);
|
|
294
|
+
const readwritePatterns = buildReadwritePatterns(presetRules, fileRules);
|
|
295
|
+
const deniedPatterns = buildDeniedPatterns(dotfileRules, fileRules);
|
|
296
|
+
const scopes = mergePermissionSources([
|
|
297
|
+
...pathsToScopes([...readonlyPaths, ...readwritePaths], 'read'),
|
|
298
|
+
...pathsToScopes(readwritePaths, 'write'),
|
|
299
|
+
], [], rawScopes);
|
|
300
|
+
return {
|
|
301
|
+
agentName: input.agentName,
|
|
302
|
+
workspace: input.workspace,
|
|
303
|
+
effectiveAccess,
|
|
304
|
+
inherited,
|
|
305
|
+
sources: buildSources(dotfileRules, effectiveAccess, presetRules, fileRules, rawScopes, inherited),
|
|
306
|
+
readonlyPatterns,
|
|
307
|
+
readwritePatterns,
|
|
308
|
+
deniedPatterns,
|
|
309
|
+
readonlyPaths,
|
|
310
|
+
readwritePaths,
|
|
311
|
+
deniedPaths,
|
|
312
|
+
scopes,
|
|
313
|
+
network: permissions.network,
|
|
314
|
+
exec: permissions.exec ? [...permissions.exec] : undefined,
|
|
315
|
+
acl: buildAcl(input.agentName, readonlyPaths, readwritePaths, deniedPaths),
|
|
316
|
+
summary: {
|
|
317
|
+
readonly: readonlyPaths.length,
|
|
318
|
+
readwrite: readwritePaths.length,
|
|
319
|
+
denied: deniedPaths.length,
|
|
320
|
+
customScopes: rawScopes.length,
|
|
321
|
+
},
|
|
322
|
+
};
|
|
323
|
+
}
|
|
324
|
+
export function mergeAcl(compilations) {
|
|
325
|
+
const merged = new Map();
|
|
326
|
+
for (const compilation of compilations) {
|
|
327
|
+
for (const [directory, rules] of Object.entries(compilation.acl)) {
|
|
328
|
+
const bucket = merged.get(directory) ?? new Set();
|
|
329
|
+
for (const rule of rules) {
|
|
330
|
+
bucket.add(rule);
|
|
331
|
+
}
|
|
332
|
+
merged.set(directory, bucket);
|
|
333
|
+
}
|
|
334
|
+
}
|
|
335
|
+
return Object.fromEntries([...merged.entries()]
|
|
336
|
+
.sort(([left], [right]) => left.localeCompare(right))
|
|
337
|
+
.map(([directory, rules]) => [directory, [...rules].sort()]));
|
|
338
|
+
}
|
|
339
|
+
export function resolveAgentPermissions(agentName, permissions, projectDir, workspace) {
|
|
340
|
+
return compileAgentPermissions({
|
|
341
|
+
agentName,
|
|
342
|
+
workspace,
|
|
343
|
+
projectDir,
|
|
344
|
+
permissions: permissions ?? {},
|
|
345
|
+
});
|
|
346
|
+
}
|
|
347
|
+
export function compileAgentScopes(input) {
|
|
348
|
+
return compileAgentPermissions(input);
|
|
349
|
+
}
|
|
350
|
+
export function mergePermissionSources(dotfileScopes, yamlScopes, rawScopes) {
|
|
351
|
+
return unique([...dotfileScopes, ...yamlScopes, ...rawScopes]);
|
|
352
|
+
}
|
|
353
|
+
export const expandAccessPreset = expandPreset;
|
|
354
|
+
export const globToScopes = (globs, action, _projectDir) => globsToScopes(globs, action);
|
|
355
|
+
//# sourceMappingURL=compiler.js.map
|