npm - @agent-vm/gateway-interface - Versions diffs - 0.0.20 - Mend

@agent-vm/gateway-interface 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025-2026 Shravan Sunder
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,169 @@
+//#region src/gateway-runtime-contract.d.ts
+declare const gatewayTypeValues: readonly ["openclaw", "worker"];
+type GatewayType = (typeof gatewayTypeValues)[number];
+declare function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string;
+declare function buildToolSessionLabel(projectNamespace: string, zoneId: string, tcpSlot: number): string;
+//#endregion
+//#region ../gondolin-adapter/dist/index.d.ts
+//#endregion
+//#region src/types.d.ts
+interface SecretSpec {
+  readonly hosts: readonly string[];
+  readonly value: string;
+}
+type SecretRef = {
+  readonly source: '1password';
+  readonly ref: string;
+} | {
+  readonly source: 'environment';
+  readonly ref: string;
+};
+//#endregion
+//#region src/secret-resolver.d.ts
+interface SecretResolver {
+  resolve(ref: SecretRef): Promise<string>;
+  resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;
+}
+interface VfsMountSpec {
+  readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';
+  readonly hostPath?: string;
+  readonly shadowConfig?: {
+    readonly deny: readonly string[];
+    readonly tmpfs: readonly string[];
+  };
+}
+//#endregion
+//#region src/gateway-process-spec.d.ts
+type GatewayHealthCheck = {
+  readonly type: 'http';
+  readonly port: number;
+  readonly path: string;
+} | {
+  readonly type: 'command';
+  readonly command: string;
+};
+/**
+ * Everything about the process running inside the VM.
+ * Retained by the running gateway handle for logs, health, restart.
+ */
+interface GatewayProcessSpec {
+  readonly bootstrapCommand: string;
+  readonly startCommand: string;
+  readonly healthCheck: GatewayHealthCheck;
+  readonly guestListenPort: number;
+  readonly logPath: string;
+}
+//#endregion
+//#region src/gateway-vm-spec.d.ts
+/**
+ * Everything the controller needs to create the Gondolin VM.
+ * Lifecycle implementations own the full Gondolin-facing contract.
+ */
+interface GatewayVmSpec {
+  readonly environment: Record<string, string>;
+  readonly vfsMounts: Record<string, VfsMountSpec>;
+  readonly mediatedSecrets: Record<string, SecretSpec>;
+  readonly tcpHosts: Record<string, string>;
+  readonly allowedHosts: readonly string[];
+  readonly rootfsMode: 'readonly' | 'memory' | 'cow';
+  readonly sessionLabel: string;
+}
+//#endregion
+//#region src/gateway-lifecycle.d.ts
+/**
+ * Describes how to run interactive auth for a gateway type.
+ * Static property — available without a running VM.
+ */
+interface GatewayAuthConfig {
+  /**
+   * Shell command to list available auth providers inside the VM.
+   * Should output one provider name per line to stdout.
+   */
+  readonly listProvidersCommand: string;
+  /**
+   * Build the shell command for interactive auth login.
+   * The CLI passes this as the SSH remote command with -t (TTY).
+   */
+  readonly buildLoginCommand: (provider: string) => string;
+}
+/**
+ * Zone config as the lifecycle sees it.
+ * Decoupled from SystemConfig — the controller maps into this shape.
+ */
+interface GatewayZoneConfig {
+  readonly id: string;
+  readonly gateway: {
+    readonly type: GatewayType;
+    readonly memory: string;
+    readonly cpus: number;
+    readonly port: number;
+    readonly config: string;
+    readonly stateDir: string;
+    readonly workspaceDir: string;
+    readonly authProfilesRef?: {
+      readonly source: '1password';
+      readonly ref: string;
+    } | {
+      readonly source: 'environment';
+      readonly envVar: string;
+    } | undefined;
+  };
+  readonly secrets: Record<string, {
+    readonly source: '1password';
+    readonly ref: string;
+    readonly injection: 'env' | 'http-mediation';
+    readonly hosts?: readonly string[] | undefined;
+  } | {
+    readonly source: 'environment';
+    readonly envVar: string;
+    readonly injection: 'env' | 'http-mediation';
+    readonly hosts?: readonly string[] | undefined;
+  }>;
+  readonly allowedHosts: readonly string[];
+  readonly websocketBypass: readonly string[];
+  readonly toolProfile?: string;
+}
+interface BuildGatewayVmSpecOptions {
+  readonly controllerPort: number;
+  readonly projectNamespace: string;
+  readonly resolvedSecrets: Record<string, string>;
+  readonly tcpPool: {
+    readonly basePort: number;
+    readonly size: number;
+  };
+  readonly zone: GatewayZoneConfig;
+}
+interface GatewayLifecycle {
+  /**
+   * How to run interactive auth for this gateway type.
+   * Absent means the gateway type does not support interactive auth.
+   */
+  readonly authConfig?: GatewayAuthConfig | undefined;
+  /**
+   * Build the full VM spec — everything Gondolin needs to create the VM.
+   * Pure data assembly — no side effects.
+   */
+  buildVmSpec(options: BuildGatewayVmSpecOptions): GatewayVmSpec;
+  /**
+   * Build the process spec — everything about startup, health, and logging.
+   * Pure data assembly — no side effects.
+   */
+  buildProcessSpec(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): GatewayProcessSpec;
+  /**
+   * Optional hook to prepare host-side state before the VM boots.
+   * Example: writing auth-profiles.json from 1Password.
+   */
+  prepareHostState?(zone: GatewayZoneConfig, secretResolver: SecretResolver): Promise<void>;
+}
+//#endregion
+//#region src/split-resolved-gateway-secrets.d.ts
+interface SplitResolvedGatewaySecretsResult {
+  readonly environmentSecrets: Record<string, string>;
+  readonly mediatedSecrets: Record<string, SecretSpec>;
+}
+declare function splitResolvedGatewaySecrets(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): SplitResolvedGatewaySecretsResult;
+//#endregion
+export { type BuildGatewayVmSpecOptions, type GatewayAuthConfig, type GatewayHealthCheck, type GatewayLifecycle, type GatewayProcessSpec, type GatewayType, type GatewayVmSpec, type GatewayZoneConfig, type SplitResolvedGatewaySecretsResult, buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","names":["BuildConfig","BuildConfig$1","getDefaultBuildConfig","BuildImageOptions","BuildImageResult","BuildPipelineDependencies","Promise","computeBuildFingerprint","buildImage","parseMinimumZigVersion","resolveGondolinPackageJsonPath","resolveGondolinPackageSpec","ResolveGondolinMinimumZigVersionOptions","resolveGondolinMinimumZigVersion","WritableMountPolicy","RuntimeMountPolicyConfig","Record","Readonly","resolveGuestMountPath","validateWritableMount","validateRuntimeMountPolicy","PolicySources","normalizeHostname","dedupeStable","compilePolicy","SecretSpec","SecretRef","SecretResolverClient","SecretResolver","TokenSource","ExecFileOptions","ExecFileResult","resolveServiceAccountToken","CreateSecretResolverDependencies","createSecretResolver","createOpCliSecretResolver","Pick","ExecResult","IngressRoute","SshAccess","IngressAccess","ManagedVmInstance","ManagedVmDependencies","Request","Response","VfsMountSpec","CreateVmOptions","ManagedVm","createManagedVm","VolumeConfigEntry","ResolvedVolume","ensureVolumeDir","resolveVolumeDirs","writeFileAtomically"],"sources":["../src/gateway-runtime-contract.ts","../../gondolin-adapter/dist/index.d.ts","../src/gateway-process-spec.ts","../src/gateway-vm-spec.ts","../src/gateway-lifecycle.ts","../src/split-resolved-gateway-secrets.ts"],"sourcesContent":["import { BuildConfig, BuildConfig as BuildConfig$1, getDefaultBuildConfig } from \"@earendil-works/gondolin\";\n\n//#region src/build-pipeline.d.ts\ninterface BuildImageOptions {\n readonly buildConfig: BuildConfig$1;\n readonly cacheDir: string;\n /** Directory to resolve relative paths in buildConfig (e.g. postBuild.copy.src).\n * Defaults to process.cwd() if not provided. */\n readonly configDir?: string;\n readonly fullReset?: boolean;\n readonly fingerprintInput?: unknown;\n}\ninterface BuildImageResult {\n readonly built: boolean;\n readonly fingerprint: string;\n readonly imagePath: string;\n}\ninterface BuildPipelineDependencies {\n readonly buildAssets?: (buildConfig: BuildConfig$1, outputDirectory: string, configDir?: string) => Promise<unknown>;\n readonly gondolinVersion?: string;\n}\ndeclare function computeBuildFingerprint(buildConfig: BuildConfig$1, gondolinVersion?: string, fingerprintInput?: unknown): string;\ndeclare function buildImage(options: BuildImageOptions, dependencies?: BuildPipelineDependencies): Promise<BuildImageResult>;\n//#endregion\n//#region src/gondolin-package.d.ts\ndeclare function parseMinimumZigVersion(rawContents: string): string;\ndeclare function resolveGondolinPackageJsonPath(): string;\ndeclare function resolveGondolinPackageSpec(): Promise<string>;\ninterface ResolveGondolinMinimumZigVersionOptions {\n readonly buildZigZonPath?: string;\n}\ndeclare function resolveGondolinMinimumZigVersion(options?: ResolveGondolinMinimumZigVersionOptions): Promise<string>;\n//#endregion\n//#region src/mount-policy.d.ts\ninterface WritableMountPolicy {\n readonly allowAuthWrite: boolean;\n readonly writableAllowedGuestPrefixes: readonly string[];\n}\ninterface RuntimeMountPolicyConfig {\n readonly extraMounts: Readonly<Record<string, string>>;\n readonly mountControls: WritableMountPolicy;\n}\ndeclare function resolveGuestMountPath(guestPath: string, workDir: string): string;\ndeclare function validateWritableMount(guestPath: string, policy: WritableMountPolicy, options: {\n readonly workDir: string;\n}): void;\ndeclare function validateRuntimeMountPolicy(config: RuntimeMountPolicyConfig, options: {\n readonly hostHome: string;\n readonly workDir: string;\n}): Promise<void>;\n//#endregion\n//#region src/policy-compiler.d.ts\ninterface PolicySources {\n readonly base: readonly string[];\n readonly profile: readonly string[];\n readonly extra: readonly string[];\n}\ndeclare function normalizeHostname(rawHostname: string): string;\ndeclare function dedupeStable(values: readonly string[]): string[];\ndeclare function compilePolicy(sources: PolicySources): string[];\n//#endregion\n//#region src/types.d.ts\ninterface SecretSpec {\n readonly hosts: readonly string[];\n readonly value: string;\n}\ntype SecretRef = {\n readonly source: '1password';\n readonly ref: string;\n} | {\n readonly source: 'environment';\n readonly ref: string;\n};\n//#endregion\n//#region src/secret-resolver.d.ts\ninterface SecretResolverClient {\n readonly secrets: {\n resolve(secretReference: string): Promise<string>;\n resolveAll(secretReferences: readonly string[]): Promise<unknown>;\n };\n}\ninterface SecretResolver {\n resolve(ref: SecretRef): Promise<string>;\n resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;\n}\ntype TokenSource = {\n readonly type: 'op-cli';\n readonly ref: string;\n} | {\n readonly type: 'env';\n readonly envVar?: string | undefined;\n} | {\n readonly type: 'keychain';\n readonly service: string;\n readonly account: string;\n};\ninterface ExecFileOptions {\n readonly env?: Readonly<Record<string, string | undefined>>;\n}\ninterface ExecFileResult {\n readonly stdout: string;\n readonly stderr: string;\n}\ndeclare function resolveServiceAccountToken(source: TokenSource, dependencies?: {\n readonly execFileAsync?: (command: string, args: readonly string[], options?: ExecFileOptions) => Promise<ExecFileResult>;\n}): Promise<string>;\ninterface CreateSecretResolverDependencies {\n readonly createClient?: (config: {\n auth: string;\n integrationName: string;\n integrationVersion: string;\n }) => Promise<SecretResolverClient>;\n readonly execFileAsync?: (command: string, args: readonly string[], options?: ExecFileOptions) => Promise<ExecFileResult>;\n readonly integrationName?: string;\n readonly integrationVersion?: string;\n}\ndeclare function createSecretResolver(options: {\n readonly serviceAccountToken: string;\n}, dependencies?: CreateSecretResolverDependencies): Promise<SecretResolver>;\ndeclare function createOpCliSecretResolver(options: {\n readonly serviceAccountToken: string;\n}, dependencies?: Pick<CreateSecretResolverDependencies, 'execFileAsync'>): Promise<SecretResolver>;\n//#endregion\n//#region src/vm-adapter.d.ts\ninterface ExecResult {\n readonly exitCode: number;\n readonly stdout: string;\n readonly stderr: string;\n}\ninterface IngressRoute {\n readonly prefix: string;\n readonly port: number;\n readonly stripPrefix?: boolean;\n}\ninterface SshAccess {\n readonly host: string;\n readonly command?: string;\n readonly identityFile?: string;\n readonly port: number;\n readonly user?: string;\n}\ninterface IngressAccess {\n readonly host: string;\n readonly port: number;\n}\ninterface ManagedVmInstance {\n readonly id: string;\n exec(command: string): Promise<{\n readonly exitCode: number;\n readonly stdout?: string;\n readonly stderr?: string;\n }>;\n enableSsh(options?: unknown): Promise<SshAccess>;\n enableIngress(options?: unknown): Promise<IngressAccess>;\n setIngressRoutes(routes: readonly IngressRoute[]): void;\n close(): Promise<void>;\n}\ninterface ManagedVmDependencies {\n createVm(vmOptions: unknown): Promise<ManagedVmInstance>;\n createHttpHooks(options: {\n readonly allowedHosts: readonly string[];\n readonly secrets: Record<string, SecretSpec>;\n readonly onRequest?: (request: Request) => Promise<Request | Response | void>;\n readonly onResponse?: (response: Response) => Promise<Response | void>;\n }): {\n readonly env: Record<string, string>;\n readonly httpHooks: unknown;\n };\n createRealFsProvider(hostPath: string): unknown;\n createReadonlyProvider(provider: unknown): unknown;\n createMemoryProvider(): unknown;\n createShadowProvider(provider: unknown, options: unknown): unknown;\n createShadowPathPredicate(paths: readonly string[]): unknown;\n}\ninterface VfsMountSpec {\n readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';\n readonly hostPath?: string;\n readonly shadowConfig?: {\n readonly deny: readonly string[];\n readonly tmpfs: readonly string[];\n };\n}\ninterface CreateVmOptions {\n readonly imagePath: string;\n readonly memory: string;\n readonly cpus: number;\n readonly rootfsMode: 'readonly' | 'memory' | 'cow';\n readonly allowedHosts: readonly string[];\n readonly secrets: Record<string, SecretSpec>;\n readonly vfsMounts: Record<string, VfsMountSpec>;\n readonly tcpHosts?: Record<string, string>;\n readonly env?: Record<string, string>;\n readonly sessionLabel?: string;\n readonly onRequest?: (request: Request) => Promise<Request | Response | void>;\n readonly onResponse?: (response: Response) => Promise<Response | void>;\n}\ninterface ManagedVm {\n readonly id: string;\n exec(command: string): Promise<ExecResult>;\n enableSsh(options?: unknown): Promise<SshAccess>;\n enableIngress(options?: unknown): Promise<IngressAccess>;\n getVmInstance(): ManagedVmInstance;\n setIngressRoutes(routes: readonly IngressRoute[]): void;\n close(): Promise<void>;\n}\ndeclare function createManagedVm(options: CreateVmOptions, dependencies?: ManagedVmDependencies): Promise<ManagedVm>;\n//#endregion\n//#region src/volume-manager.d.ts\ninterface VolumeConfigEntry {\n readonly guestPath: string;\n}\ninterface ResolvedVolume {\n readonly hostDir: string;\n readonly guestPath: string;\n}\ndeclare function ensureVolumeDir(cacheBase: string, workspaceHash: string, volumeName: string): Promise<string>;\ndeclare function resolveVolumeDirs(cacheBase: string, workspaceHash: string, volumes: Readonly<Record<string, VolumeConfigEntry>>): Promise<Record<string, ResolvedVolume>>;\n//#endregion\n//#region src/write-file-atomically.d.ts\ndeclare function writeFileAtomically(filePath: string, content: string, options?: {\n readonly mode?: number;\n}): Promise<void>;\n//#endregion\nexport { type BuildConfig, BuildImageOptions, BuildImageResult, CreateSecretResolverDependencies, CreateVmOptions, ExecFileOptions, ExecFileResult, ExecResult, IngressAccess, IngressRoute, ManagedVm, ManagedVmDependencies, ManagedVmInstance, PolicySources, ResolveGondolinMinimumZigVersionOptions, ResolvedVolume, RuntimeMountPolicyConfig, SecretRef, SecretResolver, SecretResolverClient, SecretSpec, SshAccess, TokenSource, VfsMountSpec, VolumeConfigEntry, WritableMountPolicy, buildImage, compilePolicy, computeBuildFingerprint, createManagedVm, createOpCliSecretResolver, createSecretResolver, dedupeStable, ensureVolumeDir, getDefaultBuildConfig, normalizeHostname, parseMinimumZigVersion, resolveGondolinMinimumZigVersion, resolveGondolinPackageJsonPath, resolveGondolinPackageSpec, resolveGuestMountPath, resolveServiceAccountToken, resolveVolumeDirs, validateRuntimeMountPolicy, validateWritableMount, writeFileAtomically };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";cAAa;AAAA,KAED,WAAA,GAFoD,CAAA,OAE9B,iBAF8B,CAAA,CAAA,MAAA,CAAA;AAEpD,iBAEI,wBAAA,CAFmC,gBAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAAA,MAAA;AAEnC,iBAIA,qBAAA,CAJwB,gBAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,EAAA,OAAA,EAAA,MAAA,CAAA,EAAA,MAAA;;;;AKKxC;;UJqDUyB,UAAAA,CInDQ;EACf,SAAA,KAAA,EAAA,SAAA,MAAA,EAAA;EAAiC,SAAA,KAAA,EAAA,MAAA;;KJsD/BC,SAAAA;;;;;;;;;;UAeKE,cAAAA;eACKF,YAAYpB;mBACRU,eAAeU,aAAapB,QAAQU;;UA2F7C6B,YAAAA;;;;;;;;;;KC9KE,kBAAA;EFAC,SAAA,IAAA,EAAA,MAAmD;EAEpD,SAAA,IAAA,EAAW,MAAA;EAEP,SAAA,IAAA,EAAA,MAAA;AAIhB,CAAA,GAAgB;;;;ACmDqC;AAGjC;AAgBwC;;AAIjCvC,UC1EV,kBAAA,CD0EUA;EACOoB,SAAAA,gBAAAA,EAAAA,MAAAA;EAAfV,SAAAA,YAAAA,EAAAA,MAAAA;EAAoCA,SAAAA,WAAAA,ECxEhC,kBDwEgCA;EAARV,SAAAA,eAAAA,EAAAA,MAAAA;EAAO,SAAA,OAAA,EAAA,MAAA;AAkF9B;;;ADrKxB;AAEA;AAEA;AAIA;UGFiB,aAAA;wBACM;sBACF,eAAe;EFsD1BmB,SAAAA,eAAU,EErDO,MFqDP,CAAA,MAAA,EErDsB,UFqDtB,CAAA;EAIfC,SAAAA,QAAS,EExDM,MFwDN,CAAA,MAAA,EAAA,MAAA,CAAA;EAeJE,SAAAA,YAAc,EAAA,SAAA,MAAA,EAAA;EACTF,SAAAA,UAAAA,EAAAA,UAAAA,GAAAA,QAAAA,GAAAA,KAAAA;EAAYpB,SAAAA,YAAAA,EAAAA,MAAAA;;;;AD1E3B;;;;ACsDUmB,UGpDO,iBAAA,CHoDG;EAIfC;AAYuD;;;EAK1BA,SAAAA,oBAAAA,EAAAA,MAAAA;EAAfV;;;;EA2FT6B,SAAAA,iBAAY,EAAA,CAAA,QAAA,EAAA,MAAA,EAAA,GAAA,MAAA;;;;AC9KtB;AAQA;UEoBiB,iBAAA;;;IDtBA,SAAA,IAAa,ECyBb,WDzBa;IACP,SAAA,MAAA,EAAA,MAAA;IACa,SAAA,IAAA,EAAA,MAAA;IAAf,SAAA,IAAA,EAAA,MAAA;IACqB,SAAA,MAAA,EAAA,MAAA;IAAf,SAAA,QAAA,EAAA,MAAA;IACP,SAAA,YAAA,EAAA,MAAA;IAAM,SAAA,eAAA,CAAA,EAAA;;;;MCAT,SAAA,MAAiB,EAAA,aAAA;MAkBjB,SAAA,MAAiB,EAAA,MAGjB;IAsCA,CAAA,GAAA,SAAA;EAWA,CAAA;EAKM,SAAA,OAAA,EApCJ,MAoCI,CAAA,MAAA,EAAA;IAMD,SAAA,MAAA,EAAA,WAAA;IAA4B,SAAA,GAAA,EAAA,MAAA;IAO1C,SAAA,SAAA,EAAA,KAAA,GAAA,gBAAA;IACW,SAAA,KAAA,CAAA,EAAA,SAAA,MAAA,EAAA,GAAA,SAAA;EACf,CAAA,GAAA;IAMqB,SAAA,MAAA,EAAA,aAAA;IAAmC,SAAA,MAAA,EAAA,MAAA;IAAiB,SAAA,SAAA,EAAA,KAAA,GAAA,gBAAA;IAAO,SAAA,KAAA,CAAA,EAAA,SAAA,MAAA,EAAA,GAAA,SAAA;;;;ECtGnE,SAAA,WAAA,CAAA,EAAA,MAAA;;AAEyB,UD+DzB,yBAAA,CC/DyB;EAAf,SAAA,cAAA,EAAA,MAAA;EAAM,SAAA,gBAAA,EAAA,MAAA;EAGjB,SAAA,eAAA,ED+DW,MC/DgB,CAAA,MAAA,EAAA,MAAA,CAAA;EACpC,SAAA,OAAA,EAAA;IACW,SAAA,QAAA,EAAA,MAAA;IACf,SAAA,IAAA,EAAA,MAAA;EAAiC,CAAA;iBDiEpB;;UAGC,gBAAA;;;;;wBAKM;;;;;uBAMD,4BAA4B;;;;;yBAO1C,oCACW,yBACf;;;;;0BAMqB,mCAAmC,iBAAiB;;;;AJxGjE,UKEK,iCAAA,CLFkC;EAEnC,SAAA,kBAAwB,EKCV,MLDU,CAAA,MAAA,EAAA,MAAA,CAAA;EAIxB,SAAA,eAAqB,EKFV,MLEU,CAAA,MAAA,EKFK,ULEL,CAAA;;iBKCrB,2BAAA,OACT,oCACW,yBACf"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,38 @@
+//#region src/gateway-runtime-contract.ts
+const gatewayTypeValues = ["openclaw", "worker"];
+function buildGatewaySessionLabel(projectNamespace, zoneId) {
+	return `${projectNamespace}:${zoneId}:gateway`;
+}
+function buildToolSessionLabel(projectNamespace, zoneId, tcpSlot) {
+	return `${projectNamespace}:${zoneId}:tool:${tcpSlot}`;
+}
+//#endregion
+//#region src/split-resolved-gateway-secrets.ts
+function splitResolvedGatewaySecrets(zone, resolvedSecrets) {
+	const environmentSecrets = {};
+	const mediatedSecrets = {};
+	for (const [secretName, secretValue] of Object.entries(resolvedSecrets)) {
+		const secretConfig = zone.secrets[secretName];
+		if (!secretConfig) {
+			process.stderr.write(`[split-resolved-gateway-secrets] Secret '${secretName}' was resolved but has no matching zone secret config.\n`);
+			continue;
+		}
+		if (secretConfig.injection === "http-mediation" && secretConfig.hosts) {
+			mediatedSecrets[secretName] = {
+				hosts: [...secretConfig.hosts],
+				value: secretValue
+			};
+			continue;
+		}
+		environmentSecrets[secretName] = secretValue;
+	}
+	return {
+		environmentSecrets,
+		mediatedSecrets
+	};
+}
+//#endregion
+export { buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":["environmentSecrets: Record<string, string>","mediatedSecrets: Record<string, SecretSpec>"],"sources":["../src/gateway-runtime-contract.ts","../src/split-resolved-gateway-secrets.ts"],"sourcesContent":["export const gatewayTypeValues = ['openclaw', 'worker'] as const;\n\nexport type GatewayType = (typeof gatewayTypeValues)[number];\n\nexport function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string {\n\treturn `${projectNamespace}:${zoneId}:gateway`;\n}\n\nexport function buildToolSessionLabel(\n\tprojectNamespace: string,\n\tzoneId: string,\n\ttcpSlot: number,\n): string {\n\treturn `${projectNamespace}:${zoneId}:tool:${tcpSlot}`;\n}\n","import type { SecretSpec } from '@agent-vm/gondolin-adapter';\n\nimport type { GatewayZoneConfig } from './gateway-lifecycle.js';\n\nexport interface SplitResolvedGatewaySecretsResult {\n\treadonly environmentSecrets: Record<string, string>;\n\treadonly mediatedSecrets: Record<string, SecretSpec>;\n}\n\nexport function splitResolvedGatewaySecrets(\n\tzone: GatewayZoneConfig,\n\tresolvedSecrets: Record<string, string>,\n): SplitResolvedGatewaySecretsResult {\n\tconst environmentSecrets: Record<string, string> = {};\n\tconst mediatedSecrets: Record<string, SecretSpec> = {};\n\n\tfor (const [secretName, secretValue] of Object.entries(resolvedSecrets)) {\n\t\tconst secretConfig = zone.secrets[secretName];\n\t\tif (!secretConfig) {\n\t\t\tprocess.stderr.write(\n\t\t\t\t`[split-resolved-gateway-secrets] Secret '${secretName}' was resolved but has no matching zone secret config.\\n`,\n\t\t\t);\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (secretConfig.injection === 'http-mediation' && secretConfig.hosts) {\n\t\t\tmediatedSecrets[secretName] = {\n\t\t\t\thosts: [...secretConfig.hosts],\n\t\t\t\tvalue: secretValue,\n\t\t\t};\n\t\t\tcontinue;\n\t\t}\n\n\t\tenvironmentSecrets[secretName] = secretValue;\n\t}\n\n\treturn { environmentSecrets, mediatedSecrets };\n}\n"],"mappings":";AAAA,MAAa,oBAAoB,CAAC,YAAY,SAAS;AAIvD,SAAgB,yBAAyB,kBAA0B,QAAwB;AAC1F,QAAO,GAAG,iBAAiB,GAAG,OAAO;;AAGtC,SAAgB,sBACf,kBACA,QACA,SACS;AACT,QAAO,GAAG,iBAAiB,GAAG,OAAO,QAAQ;;;;;ACJ9C,SAAgB,4BACf,MACA,iBACoC;CACpC,MAAMA,qBAA6C,EAAE;CACrD,MAAMC,kBAA8C,EAAE;AAEtD,MAAK,MAAM,CAAC,YAAY,gBAAgB,OAAO,QAAQ,gBAAgB,EAAE;EACxE,MAAM,eAAe,KAAK,QAAQ;AAClC,MAAI,CAAC,cAAc;AAClB,WAAQ,OAAO,MACd,4CAA4C,WAAW,0DACvD;AACD;;AAGD,MAAI,aAAa,cAAc,oBAAoB,aAAa,OAAO;AACtE,mBAAgB,cAAc;IAC7B,OAAO,CAAC,GAAG,aAAa,MAAM;IAC9B,OAAO;IACP;AACD;;AAGD,qBAAmB,cAAc;;AAGlC,QAAO;EAAE;EAAoB;EAAiB"}

package/package.json ADDED Viewed

@@ -0,0 +1,38 @@
+{
+  "name": "@agent-vm/gateway-interface",
+  "version": "0.0.20",
+  "description": "Shared TypeScript interfaces for VM gateway lifecycles, VmSpec, and ProcessSpec.",
+  "homepage": "https://github.com/ShravanSunder/agent-vm#readme",
+  "bugs": {
+    "url": "https://github.com/ShravanSunder/agent-vm/issues"
+  },
+  "license": "MIT",
+  "author": "Shravan Sunder <ShravanSunder@users.noreply.github.com>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ShravanSunder/agent-vm.git",
+    "directory": "packages/gateway-interface"
+  },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@agent-vm/gondolin-adapter": "0.0.20"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  }
+}