@agent-vm/gateway-interface 0.0.30 → 0.0.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +40 -16
- package/dist/index.d.ts.map +1 -1
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -6,6 +6,15 @@ declare function buildToolSessionLabel(projectNamespace: string, zoneId: string,
|
|
|
6
6
|
//#endregion
|
|
7
7
|
//#region ../gondolin-adapter/dist/index.d.ts
|
|
8
8
|
|
|
9
|
+
//#endregion
|
|
10
|
+
//#region src/pinned-realfs.d.ts
|
|
11
|
+
interface PinnedRealFsRoot {
|
|
12
|
+
readonly hostPath: string;
|
|
13
|
+
readonly realPath: string;
|
|
14
|
+
readonly fd: number;
|
|
15
|
+
readonly device: number;
|
|
16
|
+
readonly inode: number;
|
|
17
|
+
}
|
|
9
18
|
//#endregion
|
|
10
19
|
//#region src/types.d.ts
|
|
11
20
|
interface SecretSpec {
|
|
@@ -29,6 +38,7 @@ interface SecretResolver {
|
|
|
29
38
|
interface VfsMountSpec {
|
|
30
39
|
readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';
|
|
31
40
|
readonly hostPath?: string;
|
|
41
|
+
readonly pinnedHostRoot?: PinnedRealFsRoot;
|
|
32
42
|
readonly shadowConfig?: {
|
|
33
43
|
readonly deny: readonly string[];
|
|
34
44
|
readonly tmpfs: readonly string[];
|
|
@@ -91,28 +101,41 @@ interface GatewayAuthConfig {
|
|
|
91
101
|
readonly setDefault?: boolean;
|
|
92
102
|
}) => string;
|
|
93
103
|
}
|
|
104
|
+
interface GatewayAuthProfilesRef {
|
|
105
|
+
readonly source: '1password' | 'environment';
|
|
106
|
+
}
|
|
107
|
+
interface OnePasswordGatewayAuthProfilesRef extends GatewayAuthProfilesRef {
|
|
108
|
+
readonly source: '1password';
|
|
109
|
+
readonly ref: string;
|
|
110
|
+
}
|
|
111
|
+
interface EnvironmentGatewayAuthProfilesRef extends GatewayAuthProfilesRef {
|
|
112
|
+
readonly source: 'environment';
|
|
113
|
+
readonly envVar: string;
|
|
114
|
+
}
|
|
115
|
+
interface GatewayZoneBaseGatewayConfig {
|
|
116
|
+
readonly type: GatewayType;
|
|
117
|
+
readonly memory: string;
|
|
118
|
+
readonly cpus: number;
|
|
119
|
+
readonly port: number;
|
|
120
|
+
readonly config: string;
|
|
121
|
+
readonly stateDir: string;
|
|
122
|
+
readonly authProfilesRef?: OnePasswordGatewayAuthProfilesRef | EnvironmentGatewayAuthProfilesRef | undefined;
|
|
123
|
+
}
|
|
124
|
+
interface OpenClawGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {
|
|
125
|
+
readonly type: 'openclaw';
|
|
126
|
+
readonly zoneFilesDir: string;
|
|
127
|
+
}
|
|
128
|
+
interface WorkerGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {
|
|
129
|
+
readonly type: 'worker';
|
|
130
|
+
}
|
|
131
|
+
type GatewayZoneGatewayConfig = OpenClawGatewayZoneGatewayConfig | WorkerGatewayZoneGatewayConfig;
|
|
94
132
|
/**
|
|
95
133
|
* Zone config as the lifecycle sees it.
|
|
96
134
|
* Decoupled from SystemConfig — the controller maps into this shape.
|
|
97
135
|
*/
|
|
98
136
|
interface GatewayZoneConfig {
|
|
99
137
|
readonly id: string;
|
|
100
|
-
readonly gateway:
|
|
101
|
-
readonly type: GatewayType;
|
|
102
|
-
readonly memory: string;
|
|
103
|
-
readonly cpus: number;
|
|
104
|
-
readonly port: number;
|
|
105
|
-
readonly config: string;
|
|
106
|
-
readonly stateDir: string;
|
|
107
|
-
readonly workspaceDir: string;
|
|
108
|
-
readonly authProfilesRef?: {
|
|
109
|
-
readonly source: '1password';
|
|
110
|
-
readonly ref: string;
|
|
111
|
-
} | {
|
|
112
|
-
readonly source: 'environment';
|
|
113
|
-
readonly envVar: string;
|
|
114
|
-
} | undefined;
|
|
115
|
-
};
|
|
138
|
+
readonly gateway: GatewayZoneGatewayConfig;
|
|
116
139
|
readonly secrets: Record<string, {
|
|
117
140
|
readonly source: '1password';
|
|
118
141
|
readonly ref: string;
|
|
@@ -130,6 +153,7 @@ interface GatewayZoneConfig {
|
|
|
130
153
|
}
|
|
131
154
|
interface BuildGatewayVmSpecOptions {
|
|
132
155
|
readonly controllerPort: number;
|
|
156
|
+
readonly gatewayCacheDir: string;
|
|
133
157
|
readonly projectNamespace: string;
|
|
134
158
|
readonly resolvedSecrets: Record<string, string>;
|
|
135
159
|
readonly tcpPool: {
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":["BuildConfig","BuildConfig$1","getDefaultBuildConfig","BuildImageOptions","BuildOutput","Uint8Array","BuildImageResult","BuildPipelineDependencies","Promise","computeBuildFingerprint","buildImage","parseMinimumZigVersion","resolveGondolinPackageJsonPath","resolveGondolinPackageSpec","ResolveGondolinMinimumZigVersionOptions","resolveGondolinMinimumZigVersion","WritableMountPolicy","RuntimeMountPolicyConfig","Record","Readonly","resolveGuestMountPath","validateWritableMount","validateRuntimeMountPolicy","PolicySources","normalizeHostname","dedupeStable","compilePolicy","SecretSpec","SecretRef","SecretResolverClient","SecretResolver","TokenSource","ExecFileOptions","ExecFileResult","resolveServiceAccountToken","CreateSecretResolverDependencies","createSecretResolver","createOpCliSecretResolver","Pick","ExecResult","IngressRoute","SshAccess","IngressAccess","ManagedVmInstance","ManagedVmDependencies","Request","Response","VfsMountSpec","CreateVmOptions","ManagedVm","createManagedVm","VolumeConfigEntry","ResolvedVolume","ensureVolumeDir","resolveVolumeDirs","writeFileAtomically"],"sources":["../src/gateway-runtime-contract.ts","../../gondolin-adapter/dist/index.d.ts","../src/gateway-process-spec.ts","../src/gateway-vm-spec.ts","../src/gateway-lifecycle.ts","../src/split-resolved-gateway-secrets.ts"],"sourcesContent":["import { BuildConfig, BuildConfig as BuildConfig$1, getDefaultBuildConfig } from \"@earendil-works/gondolin\";\n\n//#region src/build-pipeline.d.ts\ninterface BuildImageOptions {\n readonly buildConfig: BuildConfig$1;\n readonly cacheDir: string;\n /** Directory to resolve relative paths in buildConfig (e.g. postBuild.copy.src).\n * Defaults to process.cwd() if not provided. */\n readonly configDir?: string;\n readonly fullReset?: boolean;\n readonly fingerprintInput?: unknown;\n readonly output?: BuildOutput;\n}\ninterface BuildOutput {\n write(chunk: string | Uint8Array): boolean;\n}\ninterface BuildImageResult {\n readonly built: boolean;\n readonly fingerprint: string;\n readonly imagePath: string;\n}\ninterface BuildPipelineDependencies {\n readonly buildAssets?: (buildConfig: BuildConfig$1, outputDirectory: string, configDir?: string) => Promise<unknown>;\n readonly gondolinVersion?: string;\n}\ndeclare function computeBuildFingerprint(buildConfig: BuildConfig$1, gondolinVersion?: string, fingerprintInput?: unknown): string;\ndeclare function buildImage(options: BuildImageOptions, dependencies?: BuildPipelineDependencies): Promise<BuildImageResult>;\n//#endregion\n//#region src/gondolin-package.d.ts\ndeclare function parseMinimumZigVersion(rawContents: string): string;\ndeclare function resolveGondolinPackageJsonPath(): string;\ndeclare function resolveGondolinPackageSpec(): Promise<string>;\ninterface ResolveGondolinMinimumZigVersionOptions {\n readonly buildZigZonPath?: string;\n}\ndeclare function resolveGondolinMinimumZigVersion(options?: ResolveGondolinMinimumZigVersionOptions): Promise<string>;\n//#endregion\n//#region src/mount-policy.d.ts\ninterface WritableMountPolicy {\n readonly allowAuthWrite: boolean;\n readonly writableAllowedGuestPrefixes: readonly string[];\n}\ninterface RuntimeMountPolicyConfig {\n readonly extraMounts: Readonly<Record<string, string>>;\n readonly mountControls: WritableMountPolicy;\n}\ndeclare function resolveGuestMountPath(guestPath: string, workDir: string): string;\ndeclare function validateWritableMount(guestPath: string, policy: WritableMountPolicy, options: {\n readonly workDir: string;\n}): void;\ndeclare function validateRuntimeMountPolicy(config: RuntimeMountPolicyConfig, options: {\n readonly hostHome: string;\n readonly workDir: string;\n}): Promise<void>;\n//#endregion\n//#region src/policy-compiler.d.ts\ninterface PolicySources {\n readonly base: readonly string[];\n readonly profile: readonly string[];\n readonly extra: readonly string[];\n}\ndeclare function normalizeHostname(rawHostname: string): string;\ndeclare function dedupeStable(values: readonly string[]): string[];\ndeclare function compilePolicy(sources: PolicySources): string[];\n//#endregion\n//#region src/types.d.ts\ninterface SecretSpec {\n readonly hosts: readonly string[];\n readonly value: string;\n}\ntype SecretRef = {\n readonly source: '1password';\n readonly ref: string;\n} | {\n readonly source: 'environment';\n readonly ref: string;\n};\n//#endregion\n//#region src/secret-resolver.d.ts\ninterface SecretResolverClient {\n readonly secrets: {\n resolve(secretReference: string): Promise<string>;\n resolveAll(secretReferences: readonly string[]): Promise<unknown>;\n };\n}\ninterface SecretResolver {\n resolve(ref: SecretRef): Promise<string>;\n resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;\n}\ntype TokenSource = {\n readonly type: 'op-cli';\n readonly ref: string;\n} | {\n readonly type: 'env';\n readonly envVar?: string | undefined;\n} | {\n readonly type: 'keychain';\n readonly service: string;\n readonly account: string;\n};\ninterface ExecFileOptions {\n readonly env?: Readonly<Record<string, string | undefined>>;\n}\ninterface ExecFileResult {\n readonly stdout: string;\n readonly stderr: string;\n}\ndeclare function resolveServiceAccountToken(source: TokenSource, dependencies?: {\n readonly execFileAsync?: (command: string, args: readonly string[], options?: ExecFileOptions) => Promise<ExecFileResult>;\n}): Promise<string>;\ninterface CreateSecretResolverDependencies {\n readonly createClient?: (config: {\n auth: string;\n integrationName: string;\n integrationVersion: string;\n }) => Promise<SecretResolverClient>;\n readonly execFileAsync?: (command: string, args: readonly string[], options?: ExecFileOptions) => Promise<ExecFileResult>;\n readonly integrationName?: string;\n readonly integrationVersion?: string;\n}\ndeclare function createSecretResolver(options: {\n readonly serviceAccountToken: string;\n}, dependencies?: CreateSecretResolverDependencies): Promise<SecretResolver>;\ndeclare function createOpCliSecretResolver(options: {\n readonly serviceAccountToken: string;\n}, dependencies?: Pick<CreateSecretResolverDependencies, 'execFileAsync'>): Promise<SecretResolver>;\n//#endregion\n//#region src/vm-adapter.d.ts\ninterface ExecResult {\n readonly exitCode: number;\n readonly stdout: string;\n readonly stderr: string;\n}\ninterface IngressRoute {\n readonly prefix: string;\n readonly port: number;\n readonly stripPrefix?: boolean;\n}\ninterface SshAccess {\n readonly host: string;\n readonly command?: string;\n readonly identityFile?: string;\n readonly port: number;\n readonly user?: string;\n}\ninterface IngressAccess {\n readonly host: string;\n readonly port: number;\n}\ninterface ManagedVmInstance {\n readonly id: string;\n exec(command: string): Promise<{\n readonly exitCode: number;\n readonly stdout?: string;\n readonly stderr?: string;\n }>;\n enableSsh(options?: unknown): Promise<SshAccess>;\n enableIngress(options?: unknown): Promise<IngressAccess>;\n setIngressRoutes(routes: readonly IngressRoute[]): void;\n close(): Promise<void>;\n}\ninterface ManagedVmDependencies {\n createVm(vmOptions: unknown): Promise<ManagedVmInstance>;\n createHttpHooks(options: {\n readonly allowedHosts: readonly string[];\n readonly secrets: Record<string, SecretSpec>;\n readonly onRequest?: (request: Request) => Promise<Request | Response | void>;\n readonly onResponse?: (response: Response) => Promise<Response | void>;\n }): {\n readonly env: Record<string, string>;\n readonly httpHooks: unknown;\n };\n createRealFsProvider(hostPath: string): unknown;\n createReadonlyProvider(provider: unknown): unknown;\n createMemoryProvider(): unknown;\n createShadowProvider(provider: unknown, options: unknown): unknown;\n createShadowPathPredicate(paths: readonly string[]): unknown;\n}\ninterface VfsMountSpec {\n readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';\n readonly hostPath?: string;\n readonly shadowConfig?: {\n readonly deny: readonly string[];\n readonly tmpfs: readonly string[];\n };\n}\ninterface CreateVmOptions {\n readonly imagePath: string;\n readonly memory: string;\n readonly cpus: number;\n readonly rootfsMode: 'readonly' | 'memory' | 'cow';\n readonly allowedHosts: readonly string[];\n readonly secrets: Record<string, SecretSpec>;\n readonly vfsMounts: Record<string, VfsMountSpec>;\n readonly tcpHosts?: Record<string, string>;\n readonly env?: Record<string, string>;\n readonly sessionLabel?: string;\n readonly onRequest?: (request: Request) => Promise<Request | Response | void>;\n readonly onResponse?: (response: Response) => Promise<Response | void>;\n}\ninterface ManagedVm {\n readonly id: string;\n exec(command: string): Promise<ExecResult>;\n enableSsh(options?: unknown): Promise<SshAccess>;\n enableIngress(options?: unknown): Promise<IngressAccess>;\n getVmInstance(): ManagedVmInstance;\n setIngressRoutes(routes: readonly IngressRoute[]): void;\n close(): Promise<void>;\n}\ndeclare function createManagedVm(options: CreateVmOptions, dependencies?: ManagedVmDependencies): Promise<ManagedVm>;\n//#endregion\n//#region src/volume-manager.d.ts\ninterface VolumeConfigEntry {\n readonly guestPath: string;\n}\ninterface ResolvedVolume {\n readonly hostDir: string;\n readonly guestPath: string;\n}\ndeclare function ensureVolumeDir(cacheBase: string, workspaceHash: string, volumeName: string): Promise<string>;\ndeclare function resolveVolumeDirs(cacheBase: string, workspaceHash: string, volumes: Readonly<Record<string, VolumeConfigEntry>>): Promise<Record<string, ResolvedVolume>>;\n//#endregion\n//#region src/write-file-atomically.d.ts\ndeclare function writeFileAtomically(filePath: string, content: string, options?: {\n readonly mode?: number;\n}): Promise<void>;\n//#endregion\nexport { type BuildConfig, BuildImageOptions, BuildImageResult, BuildOutput, CreateSecretResolverDependencies, CreateVmOptions, ExecFileOptions, ExecFileResult, ExecResult, IngressAccess, IngressRoute, ManagedVm, ManagedVmDependencies, ManagedVmInstance, PolicySources, ResolveGondolinMinimumZigVersionOptions, ResolvedVolume, RuntimeMountPolicyConfig, SecretRef, SecretResolver, SecretResolverClient, SecretSpec, SshAccess, TokenSource, VfsMountSpec, VolumeConfigEntry, WritableMountPolicy, buildImage, compilePolicy, computeBuildFingerprint, createManagedVm, createOpCliSecretResolver, createSecretResolver, dedupeStable, ensureVolumeDir, getDefaultBuildConfig, normalizeHostname, parseMinimumZigVersion, resolveGondolinMinimumZigVersion, resolveGondolinPackageJsonPath, resolveGondolinPackageSpec, resolveGuestMountPath, resolveServiceAccountToken, resolveVolumeDirs, validateRuntimeMountPolicy, validateWritableMount, writeFileAtomically };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";cAAa;AAAA,KAED,WAAA,GAFoD,CAAA,OAE9B,iBAF8B,CAAA,CAAA,MAAA,CAAA;AAEpD,iBAEI,wBAAA,CAFmC,gBAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAAA,MAAA;AAEnC,iBAIA,qBAAA,CAJwB,gBAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,EAAA,OAAA,EAAA,MAAA,CAAA,EAAA,MAAA;;;;;;UC8D9B2B,UAAAA;;;;KAILC,SAAAA;;;;;;;;;;UAeKE,cAAAA;eACKF,YAAYpB;mBACRU,eAAeU,aAAapB,QAAQU;;UA2F7C6B,YAAAA;;;;;;;;;;KClLE,kBAAA;EFAC,SAAA,IAAA,EAAA,MAAmD;EAEpD,SAAA,IAAA,EAAW,MAAA;EAEP,SAAA,IAAA,EAAA,MAAA;AAIhB,CAAA,GAAgB;;;;ACuDqC;AAGjC;AAgBwC;;AAIjCvC,UC9EV,kBAAA,CD8EUA;EACOoB,SAAAA,gBAAAA,EAAAA,MAAAA;EAAfV,SAAAA,YAAAA,EAAAA,MAAAA;EAAoCA,SAAAA,WAAAA,EC5EhC,kBD4EgCA;EAARV,SAAAA,eAAAA,EAAAA,MAAAA;EAAO,SAAA,OAAA,EAAA,MAAA;AAkF9B;;;ADzKxB;AAEA;AAEA;AAIA;UGFiB,aAAA;wBACM;sBACF,eAAe;EF0D1BmB,SAAAA,eAAU,EEzDO,MFyDP,CAAA,MAAA,EEzDsB,UFyDtB,CAAA;EAIfC,SAAAA,QAAS,EE5DM,MF4DN,CAAA,MAAA,EAAA,MAAA,CAAA;EAeJE,SAAAA,YAAc,EAAA,SAAA,MAAA,EAAA;EACTF,SAAAA,UAAAA,EAAAA,UAAAA,GAAAA,QAAAA,GAAAA,KAAAA;EAAYpB,SAAAA,YAAAA,EAAAA,MAAAA;;;;AD9E3B;;;;AC0DUmB,UGxDO,iBAAA,CHwDG;EAIfC;AAYuD;;;EAK1BA,SAAAA,oBAAAA,EAAAA,MAAAA;EAAfV;;;;EA2FT6B,SAAAA,iBAAY,EAAA,CAAA,QAAA,EAAA,MAAA,EAAA,QAAA,EAAA;;;;AClLtB;AAQA;;;;ACFiB,UC4BA,iBAAA,CD5Ba;EACP,SAAA,EAAA,EAAA,MAAA;EACa,SAAA,OAAA,EAAA;IAAf,SAAA,IAAA,EC6BJ,WD7BI;IACqB,SAAA,MAAA,EAAA,MAAA;IAAf,SAAA,IAAA,EAAA,MAAA;IACP,SAAA,IAAA,EAAA,MAAA;IAAM,SAAA,MAAA,EAAA,MAAA;;;;MCAT,SAAA,MAAiB,EAAA,WAAA;MAwBjB,SAAA,GAAiB,EAAA,MAAA;IAyCjB,CAAA,GAAA;MAWA,SAAA,MAAgB,EAAA,aAAA;MAKV,SAAA,MAAA,EAAA,MAAA;IAMD,CAAA,GAAA,SAAA;EAA4B,CAAA;EAO1C,SAAA,OAAA,EAjDW,MAiDX,CAAA,MAAA,EAAA;IACW,SAAA,MAAA,EAAA,WAAA;IACf,SAAA,GAAA,EAAA,MAAA;IAMqB,SAAA,SAAA,EAAA,KAAA,GAAA,gBAAA;IAAmC,SAAA,KAAA,CAAA,EAAA,SAAA,MAAA,EAAA,GAAA,SAAA;EAAiB,CAAA,GAAA;IAAO,SAAA,MAAA,EAAA,aAAA;;;;EC5GnE,CAAA,CAAA;EACa,SAAA,YAAA,EAAA,SAAA,MAAA,EAAA;EACY,SAAA,eAAA,EAAA,SAAA,MAAA,EAAA;EAAf,SAAA,WAAA,CAAA,EAAA,MAAA;;AAGX,UDkEC,yBAAA,CClE0B;EACpC,SAAA,cAAA,EAAA,MAAA;EACW,SAAA,gBAAA,EAAA,MAAA;EACf,SAAA,eAAA,EDkEwB,MClExB,CAAA,MAAA,EAAA,MAAA,CAAA;EAAiC,SAAA,OAAA,EAAA;;;;iBDuEpB;;UAGC,gBAAA;;;;;wBAKM;;;;;uBAMD,4BAA4B;;;;;yBAO1C,oCACW,yBACf;;;;;0BAMqB,mCAAmC,iBAAiB;;;;AJ9GjE,UKEK,iCAAA,CLFkC;EAEnC,SAAA,kBAAwB,EKCV,MLDU,CAAA,MAAA,EAAA,MAAA,CAAA;EAIxB,SAAA,eAAqB,EKFV,MLEU,CAAA,MAAA,EKFK,ULEL,CAAA;;iBKCrB,2BAAA,OACT,oCACW,yBACf"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":["BuildConfig","BuildConfig$1","CreateHttpHooksResult","EnableIngressOptions","EnableSshOptions","IngressRoute","IngressRoute$1","ShadowPredicate","ShadowProviderOptions","VMOptions","VirtualProvider","getDefaultBuildConfig","BuildImageOptions","BuildOutput","Uint8Array","BuildImageResult","BuildPipelineDependencies","Promise","computeBuildFingerprint","buildImage","parseMinimumZigVersion","resolveGondolinPackageJsonPath","resolveGondolinPackageSpec","ResolveGondolinMinimumZigVersionOptions","resolveGondolinMinimumZigVersion","WritableMountPolicy","RuntimeMountPolicyConfig","Record","Readonly","resolveGuestMountPath","validateWritableMount","validateRuntimeMountPolicy","PinnedRealFsRoot","CreatePinnedRealFsProviderOptions","pinRealFsRoot","closePinnedRealFsRoot","assertPinnedRealFsRoot","createPinnedRealFsProvider","PolicySources","normalizeHostname","dedupeStable","compilePolicy","SecretSpec","SecretRef","SecretResolverClient","SecretResolver","TokenSource","ExecFileOptions","ExecFileResult","resolveServiceAccountToken","CreateSecretResolverDependencies","createSecretResolver","createOpCliSecretResolver","Pick","ExecResult","SshAccess","IngressAccess","ManagedVmInstance","ManagedVmDependencies","Request","Response","VfsMountSpec","CreateVmOptions","ManagedVm","createManagedVm","VolumeConfigEntry","ResolvedVolume","ensureVolumeDir","resolveVolumeDirs","writeFileAtomically"],"sources":["../src/gateway-runtime-contract.ts","../../gondolin-adapter/dist/index.d.ts","../src/gateway-process-spec.ts","../src/gateway-vm-spec.ts","../src/gateway-lifecycle.ts","../src/split-resolved-gateway-secrets.ts"],"sourcesContent":["import { BuildConfig, BuildConfig as BuildConfig$1, CreateHttpHooksResult, EnableIngressOptions, EnableSshOptions, IngressRoute as IngressRoute$1, ShadowPredicate, ShadowProviderOptions, VMOptions, VirtualProvider, getDefaultBuildConfig } from \"@earendil-works/gondolin\";\n\n//#region src/build-pipeline.d.ts\ninterface BuildImageOptions {\n readonly buildConfig: BuildConfig$1;\n readonly cacheDir: string;\n /** Directory to resolve relative paths in buildConfig (e.g. postBuild.copy.src).\n * Defaults to process.cwd() if not provided. */\n readonly configDir?: string;\n readonly fullReset?: boolean;\n readonly fingerprintInput?: unknown;\n readonly output?: BuildOutput;\n}\ninterface BuildOutput {\n write(chunk: string | Uint8Array): boolean;\n}\ninterface BuildImageResult {\n readonly built: boolean;\n readonly fingerprint: string;\n readonly imagePath: string;\n}\ninterface BuildPipelineDependencies {\n readonly buildAssets?: (buildConfig: BuildConfig$1, outputDirectory: string, configDir?: string) => Promise<unknown>;\n readonly gondolinVersion?: string;\n}\ndeclare function computeBuildFingerprint(buildConfig: BuildConfig$1, gondolinVersion?: string, fingerprintInput?: unknown): string;\ndeclare function buildImage(options: BuildImageOptions, dependencies?: BuildPipelineDependencies): Promise<BuildImageResult>;\n//#endregion\n//#region src/gondolin-package.d.ts\ndeclare function parseMinimumZigVersion(rawContents: string): string;\ndeclare function resolveGondolinPackageJsonPath(): string;\ndeclare function resolveGondolinPackageSpec(): Promise<string>;\ninterface ResolveGondolinMinimumZigVersionOptions {\n readonly buildZigZonPath?: string;\n}\ndeclare function resolveGondolinMinimumZigVersion(options?: ResolveGondolinMinimumZigVersionOptions): Promise<string>;\n//#endregion\n//#region src/mount-policy.d.ts\ninterface WritableMountPolicy {\n readonly allowAuthWrite: boolean;\n readonly writableAllowedGuestPrefixes: readonly string[];\n}\ninterface RuntimeMountPolicyConfig {\n readonly extraMounts: Readonly<Record<string, string>>;\n readonly mountControls: WritableMountPolicy;\n}\ndeclare function resolveGuestMountPath(guestPath: string, workDir: string): string;\ndeclare function validateWritableMount(guestPath: string, policy: WritableMountPolicy, options: {\n readonly workDir: string;\n}): void;\ndeclare function validateRuntimeMountPolicy(config: RuntimeMountPolicyConfig, options: {\n readonly hostHome: string;\n readonly workDir: string;\n}): Promise<void>;\n//#endregion\n//#region src/pinned-realfs.d.ts\ninterface PinnedRealFsRoot {\n readonly hostPath: string;\n readonly realPath: string;\n readonly fd: number;\n readonly device: number;\n readonly inode: number;\n}\ninterface CreatePinnedRealFsProviderOptions {\n readonly root: PinnedRealFsRoot;\n readonly createRealFsProvider: (hostPath: string) => VirtualProvider;\n}\ndeclare function pinRealFsRoot(hostPath: string): PinnedRealFsRoot;\ndeclare function closePinnedRealFsRoot(root: PinnedRealFsRoot): void;\ndeclare function assertPinnedRealFsRoot(root: PinnedRealFsRoot): void;\ndeclare function createPinnedRealFsProvider(options: CreatePinnedRealFsProviderOptions): VirtualProvider;\n//#endregion\n//#region src/policy-compiler.d.ts\ninterface PolicySources {\n readonly base: readonly string[];\n readonly profile: readonly string[];\n readonly extra: readonly string[];\n}\ndeclare function normalizeHostname(rawHostname: string): string;\ndeclare function dedupeStable(values: readonly string[]): string[];\ndeclare function compilePolicy(sources: PolicySources): string[];\n//#endregion\n//#region src/types.d.ts\ninterface SecretSpec {\n readonly hosts: readonly string[];\n readonly value: string;\n}\ntype SecretRef = {\n readonly source: '1password';\n readonly ref: string;\n} | {\n readonly source: 'environment';\n readonly ref: string;\n};\n//#endregion\n//#region src/secret-resolver.d.ts\ninterface SecretResolverClient {\n readonly secrets: {\n resolve(secretReference: string): Promise<string>;\n resolveAll(secretReferences: readonly string[]): Promise<unknown>;\n };\n}\ninterface SecretResolver {\n resolve(ref: SecretRef): Promise<string>;\n resolveAll(refs: Record<string, SecretRef>): Promise<Record<string, string>>;\n}\ntype TokenSource = {\n readonly type: 'op-cli';\n readonly ref: string;\n} | {\n readonly type: 'env';\n readonly envVar?: string | undefined;\n} | {\n readonly type: 'keychain';\n readonly service: string;\n readonly account: string;\n};\ninterface ExecFileOptions {\n readonly env?: Readonly<Record<string, string | undefined>>;\n}\ninterface ExecFileResult {\n readonly stdout: string;\n readonly stderr: string;\n}\ndeclare function resolveServiceAccountToken(source: TokenSource, dependencies?: {\n readonly execFileAsync?: (command: string, args: readonly string[], options?: ExecFileOptions) => Promise<ExecFileResult>;\n}): Promise<string>;\ninterface CreateSecretResolverDependencies {\n readonly createClient?: (config: {\n auth: string;\n integrationName: string;\n integrationVersion: string;\n }) => Promise<SecretResolverClient>;\n readonly execFileAsync?: (command: string, args: readonly string[], options?: ExecFileOptions) => Promise<ExecFileResult>;\n readonly integrationName?: string;\n readonly integrationVersion?: string;\n}\ndeclare function createSecretResolver(options: {\n readonly serviceAccountToken: string;\n}, dependencies?: CreateSecretResolverDependencies): Promise<SecretResolver>;\ndeclare function createOpCliSecretResolver(options: {\n readonly serviceAccountToken: string;\n}, dependencies?: Pick<CreateSecretResolverDependencies, 'execFileAsync'>): Promise<SecretResolver>;\n//#endregion\n//#region src/vm-adapter.d.ts\ninterface ExecResult {\n readonly exitCode: number;\n readonly stdout: string;\n readonly stderr: string;\n}\ntype IngressRoute = IngressRoute$1;\ninterface SshAccess {\n readonly host: string;\n readonly command?: string;\n readonly identityFile?: string;\n readonly port: number;\n readonly user?: string;\n}\ninterface IngressAccess {\n readonly host: string;\n readonly port: number;\n}\ninterface ManagedVmInstance {\n readonly id: string;\n exec(command: string): Promise<{\n readonly exitCode: number;\n readonly stdout?: string;\n readonly stderr?: string;\n }>;\n enableSsh(options?: EnableSshOptions): Promise<SshAccess>;\n enableIngress(options?: EnableIngressOptions): Promise<IngressAccess>;\n setIngressRoutes(routes: readonly IngressRoute[]): void;\n close(): Promise<void>;\n}\ninterface ManagedVmDependencies {\n createVm(vmOptions: VMOptions): Promise<ManagedVmInstance>;\n createHttpHooks(options: {\n readonly allowedHosts: readonly string[];\n readonly secrets: Record<string, SecretSpec>;\n readonly onRequest?: (request: Request) => Promise<Request | Response | void>;\n readonly onResponse?: (response: Response) => Promise<Response | void>;\n }): Pick<CreateHttpHooksResult, 'env' | 'httpHooks'>;\n closePinnedRealFsRoot(root: PinnedRealFsRoot): void;\n createPinnedRealFsProvider(root: PinnedRealFsRoot): VirtualProvider;\n createRealFsProvider(hostPath: string): VirtualProvider;\n createReadonlyProvider(provider: VirtualProvider): VirtualProvider;\n createMemoryProvider(): VirtualProvider;\n createShadowProvider(provider: VirtualProvider, options: ShadowProviderOptions): VirtualProvider;\n createShadowPathPredicate(paths: readonly string[]): ShadowPredicate;\n}\ninterface VfsMountSpec {\n readonly kind: 'realfs' | 'realfs-readonly' | 'memory' | 'shadow';\n readonly hostPath?: string;\n readonly pinnedHostRoot?: PinnedRealFsRoot;\n readonly shadowConfig?: {\n readonly deny: readonly string[];\n readonly tmpfs: readonly string[];\n };\n}\ninterface CreateVmOptions {\n readonly imagePath: string;\n readonly memory: string;\n readonly cpus: number;\n readonly rootfsMode: 'readonly' | 'memory' | 'cow';\n readonly allowedHosts: readonly string[];\n readonly secrets: Record<string, SecretSpec>;\n readonly vfsMounts: Record<string, VfsMountSpec>;\n readonly tcpHosts?: Record<string, string>;\n readonly env?: Record<string, string>;\n readonly sessionLabel?: string;\n readonly onRequest?: (request: Request) => Promise<Request | Response | void>;\n readonly onResponse?: (response: Response) => Promise<Response | void>;\n}\ninterface ManagedVm {\n readonly id: string;\n exec(command: string): Promise<ExecResult>;\n enableSsh(options?: EnableSshOptions): Promise<SshAccess>;\n enableIngress(options?: EnableIngressOptions): Promise<IngressAccess>;\n getVmInstance(): ManagedVmInstance;\n setIngressRoutes(routes: readonly IngressRoute[]): void;\n close(): Promise<void>;\n}\ndeclare function createManagedVm(options: CreateVmOptions, dependencies?: ManagedVmDependencies): Promise<ManagedVm>;\n//#endregion\n//#region src/volume-manager.d.ts\ninterface VolumeConfigEntry {\n readonly guestPath: string;\n}\ninterface ResolvedVolume {\n readonly hostDir: string;\n readonly guestPath: string;\n}\ndeclare function ensureVolumeDir(cacheBase: string, workspaceHash: string, volumeName: string): Promise<string>;\ndeclare function resolveVolumeDirs(cacheBase: string, workspaceHash: string, volumes: Readonly<Record<string, VolumeConfigEntry>>): Promise<Record<string, ResolvedVolume>>;\n//#endregion\n//#region src/write-file-atomically.d.ts\ndeclare function writeFileAtomically(filePath: string, content: string, options?: {\n readonly mode?: number;\n}): Promise<void>;\n//#endregion\nexport { type BuildConfig, BuildImageOptions, BuildImageResult, BuildOutput, CreatePinnedRealFsProviderOptions, CreateSecretResolverDependencies, CreateVmOptions, ExecFileOptions, ExecFileResult, ExecResult, IngressAccess, IngressRoute, ManagedVm, ManagedVmDependencies, ManagedVmInstance, PinnedRealFsRoot, PolicySources, ResolveGondolinMinimumZigVersionOptions, ResolvedVolume, RuntimeMountPolicyConfig, SecretRef, SecretResolver, SecretResolverClient, SecretSpec, SshAccess, TokenSource, VfsMountSpec, VolumeConfigEntry, WritableMountPolicy, assertPinnedRealFsRoot, buildImage, closePinnedRealFsRoot, compilePolicy, computeBuildFingerprint, createManagedVm, createOpCliSecretResolver, createPinnedRealFsProvider, createSecretResolver, dedupeStable, ensureVolumeDir, getDefaultBuildConfig, normalizeHostname, parseMinimumZigVersion, pinRealFsRoot, resolveGondolinMinimumZigVersion, resolveGondolinPackageJsonPath, resolveGondolinPackageSpec, resolveGuestMountPath, resolveServiceAccountToken, resolveVolumeDirs, validateRuntimeMountPolicy, validateWritableMount, writeFileAtomically };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";cAAa;AAAA,KAED,WAAA,GAFoD,CAAA,OAE9B,iBAF8B,CAAA,CAAA,MAAA,CAAA;AAEpD,iBAEI,wBAAA,CAFmC,gBAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAAA,MAAA;AAEnC,iBAIA,qBAAA,CAJwB,gBAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,EAAA,OAAA,EAAA,MAAA,CAAA,EAAA,MAAA;;;;;;UCoD9BgC,gBAAAA,CG8DwC;EAO1C,SAAA,QAAA,EAAA,MAAA;EACW,SAAA,QAAA,EAAA,MAAA;EACf,SAAA,EAAA,EAAA,MAAA;EAMqB,SAAA,MAAA,EAAA,MAAA;EAAmC,SAAA,KAAA,EAAA,MAAA;;;;UHlDlDU,UAAAA;;;;KAILC,SAAAA;;;;;;;;;;UAeKE,cAAAA;eACKF,YAAY1B;mBACRU,eAAegB,aAAa1B,QAAQU;;UAsF7CkC,YAAAA;;;4BAGkB7B;;;;;;;;KCjMhB,kBAAA;EFAC,SAAA,IAAA,EAAA,MAAmD;EAEpD,SAAA,IAAA,EAAW,MAAA;EAEP,SAAA,IAAA,EAAA,MAAA;AAIhB,CAAA,GAAgB;;;;AC6CL;AA2B0C;AAGjC;AAgBwC;AAI7CW,UC/FE,kBAAA,CD+FFA;EAAY1B,SAAAA,gBAAAA,EAAAA,MAAAA;EACO0B,SAAAA,YAAAA,EAAAA,MAAAA;EAAfhB,SAAAA,WAAAA,EC7FI,kBD6FJA;EAAoCA,SAAAA,eAAAA,EAAAA,MAAAA;EAARV,SAAAA,OAAAA,EAAAA,MAAAA;;;;ADxG/C;AAEA;AAEA;AAIA;UGFiB,aAAA;wBACM;sBACF,eAAe;EFgD1Be,SAAAA,eAAgB,EE/CC,MF+CD,CAAA,MAAA,EE/CgB,UF+ChB,CAAA;EA2BhBU,SAAAA,QAAU,EEzEA,MFyEA,CAAA,MAAA,EAAA,MAAA,CAAA;EAIfC,SAAAA,YAAS,EAAA,SAAA,MAAA,EAAA;EAeJE,SAAAA,UAAc,EAAA,UAAA,GAAA,QAAA,GAAA,KAAA;EACTF,SAAAA,YAAAA,EAAAA,MAAAA;;;;AD/Ff;;;;ACgDUX,UG9CO,iBAAA,CH8CS;EA2BhBU;AAAU;AAgBwC;;EAIjCzB,SAAAA,oBAAAA,EAAAA,MAAAA;EACO0B;;;;EAAoB,SAAA,iBAAA,EAAA,CAAA,QAAA,EAAA,MAAA,EAAA,QAAA,EAAA;IAsF5CkB,SAAAA,UAAY,CAAA,EAAA,OAGM7B;;;;ACjM5B,UE8BU,sBAAA,CF9BoB;EAQb,SAAA,MAAA,EAAA,WAAkB,GAAA,aAGZ;;UEuBb,iCAAA,SAA0C;;ED5BnC,SAAA,GAAA,EAAA,MAAa;;UCiCpB,iCAAA,SAA0C,sBD/BhB,CAAA;EAAf,SAAA,MAAA,EAAA,aAAA;EACqB,SAAA,MAAA,EAAA,MAAA;;UCmChC,4BAAA,CDlCU;EAAM,SAAA,IAAA,ECmCV,WDnCU;;;;ECAT,SAAA,MAAA,EAAA,MAAiB;EAoBxB,SAAA,QAAA,EAAA,MAAsB;EAItB,SAAA,eAAA,CAAA,EAkBN,iCAlBgD,GAmBhD,iCAnBsE,GAAA,SAAA;AAAA;AAKA,UAkBhE,gCAAA,SAAyC,4BAbb,CAAA;EACtB,SAAA,IAAA,EAAA,UAAA;EAOZ,SAAA,YAAA,EAAA,MAAA;;UAUM,8BAAA,SAAuC,4BATZ,CAAA;EAI3B,SAAA,IAAA,EAAA,QAAA;AAAqE;AAKF,KAIxE,wBAAA,GAA2B,gCAAA,GAAmC,8BAAA;AAMnE;AAuBA;AAYA;;AAWsB,UA9CL,iBAAA,CA8CK;EAA4B,SAAA,EAAA,EAAA,MAAA;EAO1C,SAAA,OAAA,EAnDW,wBAmDX;EACW,SAAA,OAAA,EAnDA,MAmDA,CAAA,MAAA,EAAA;IACf,SAAA,MAAA,EAAA,WAAA;IAMqB,SAAA,GAAA,EAAA,MAAA;IAAmC,SAAA,SAAA,EAAA,KAAA,GAAA,gBAAA;IAAiB,SAAA,KAAA,CAAA,EAAA,SAAA,MAAA,EAAA,GAAA,SAAA;EAAO,CAAA,GAAA;;;;ICjInE,SAAA,KAAA,CAAA,EAAA,SAAA,MAAiC,EAAA,GAAA,SAAA;EACpB,CAAA,CAAA;EACY,SAAA,YAAA,EAAA,SAAA,MAAA,EAAA;EAAf,SAAA,eAAA,EAAA,SAAA,MAAA,EAAA;EAAM,SAAA,WAAA,CAAA,EAAA,MAAA;AAGjC;AACO,UDqFU,yBAAA,CCrFV;EACW,SAAA,cAAA,EAAA,MAAA;EACf,SAAA,eAAA,EAAA,MAAA;EAAiC,SAAA,gBAAA,EAAA,MAAA;4BDuFT;;;;;iBAKX;;UAGC,gBAAA;;;;;wBAKM;;;;;uBAMD,4BAA4B;;;;;yBAO1C,oCACW,yBACf;;;;;0BAMqB,mCAAmC,iBAAiB;;;;AJnIjE,UKEK,iCAAA,CLFkC;EAEnC,SAAA,kBAAwB,EKCV,MLDU,CAAA,MAAA,EAAA,MAAA,CAAA;EAIxB,SAAA,eAAqB,EKFV,MLEU,CAAA,MAAA,EKFK,ULEL,CAAA;;iBKCrB,2BAAA,OACT,oCACW,yBACf"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agent-vm/gateway-interface",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.32",
|
|
4
4
|
"description": "Shared TypeScript interfaces for VM gateway lifecycles, VmSpec, and ProcessSpec.",
|
|
5
5
|
"homepage": "https://github.com/ShravanSunder/agent-vm#readme",
|
|
6
6
|
"bugs": {
|
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
"access": "public"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@agent-vm/gondolin-adapter": "0.0.
|
|
32
|
+
"@agent-vm/gondolin-adapter": "0.0.32"
|
|
33
33
|
},
|
|
34
34
|
"scripts": {
|
|
35
35
|
"build": "tsdown",
|