@agent-vm/gateway-interface 0.0.57 → 0.0.59
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +60 -14
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +34 -9
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -6,6 +6,19 @@ type GatewayType = (typeof gatewayTypeValues)[number];
|
|
|
6
6
|
declare function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string;
|
|
7
7
|
declare function buildToolSessionLabel(projectNamespace: string, zoneId: string, tcpSlot: number): string;
|
|
8
8
|
//#endregion
|
|
9
|
+
//#region src/audience.d.ts
|
|
10
|
+
declare const vmAudienceValues: readonly ["gateway", "tool-vm", "both"];
|
|
11
|
+
type VmAudience = (typeof vmAudienceValues)[number];
|
|
12
|
+
type RuntimeVmAudience = Exclude<VmAudience, 'both'>;
|
|
13
|
+
interface EgressHostConfig {
|
|
14
|
+
readonly host: string;
|
|
15
|
+
readonly audience: VmAudience;
|
|
16
|
+
}
|
|
17
|
+
declare const controllerVmHost = "controller.vm.host";
|
|
18
|
+
declare function targetsAudience(configAudience: VmAudience, runtimeAudience: RuntimeVmAudience): boolean;
|
|
19
|
+
declare function egressHostsForAudience(egressHosts: readonly EgressHostConfig[], runtimeAudience: RuntimeVmAudience): readonly string[];
|
|
20
|
+
declare function gatewayVmAllowedHosts(egressHosts: readonly EgressHostConfig[]): readonly string[];
|
|
21
|
+
//#endregion
|
|
9
22
|
//#region src/gateway-process-spec.d.ts
|
|
10
23
|
type GatewayHealthCheck = {
|
|
11
24
|
readonly type: 'http';
|
|
@@ -96,28 +109,54 @@ interface WorkerGatewayZoneGatewayConfig extends GatewayZoneBaseGatewayConfig {
|
|
|
96
109
|
readonly type: 'worker';
|
|
97
110
|
}
|
|
98
111
|
type GatewayZoneGatewayConfig = OpenClawGatewayZoneGatewayConfig | WorkerGatewayZoneGatewayConfig;
|
|
112
|
+
interface OnePasswordSecretSourceConfig {
|
|
113
|
+
readonly source: '1password';
|
|
114
|
+
readonly ref: string;
|
|
115
|
+
}
|
|
116
|
+
interface EnvironmentSecretSourceConfig {
|
|
117
|
+
readonly source: 'environment';
|
|
118
|
+
readonly envVar: string;
|
|
119
|
+
}
|
|
120
|
+
type SecretSourceConfig = OnePasswordSecretSourceConfig | EnvironmentSecretSourceConfig;
|
|
121
|
+
type EnvInjectedGatewaySecretConfig = SecretSourceConfig & {
|
|
122
|
+
readonly audience: 'gateway';
|
|
123
|
+
readonly injection: 'env';
|
|
124
|
+
};
|
|
125
|
+
type HttpMediatedGatewaySecretConfig = SecretSourceConfig & {
|
|
126
|
+
readonly audience: VmAudience;
|
|
127
|
+
readonly injection: 'http-mediation';
|
|
128
|
+
readonly hosts: readonly string[];
|
|
129
|
+
};
|
|
130
|
+
type GatewaySecretConfig = EnvInjectedGatewaySecretConfig | HttpMediatedGatewaySecretConfig;
|
|
99
131
|
/**
|
|
100
132
|
* Zone config as the lifecycle sees it.
|
|
101
133
|
* Decoupled from SystemConfig — the controller maps into this shape.
|
|
102
134
|
*/
|
|
103
135
|
interface GatewayZoneConfig {
|
|
104
136
|
readonly id: string;
|
|
137
|
+
readonly agents?: readonly GatewayZoneAgentConfig[];
|
|
105
138
|
readonly gateway: GatewayZoneGatewayConfig;
|
|
106
|
-
readonly
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
readonly source: 'environment';
|
|
113
|
-
readonly envVar: string;
|
|
114
|
-
readonly injection: 'env' | 'http-mediation';
|
|
115
|
-
readonly hosts?: readonly string[] | undefined;
|
|
116
|
-
}>;
|
|
117
|
-
readonly allowedHosts: readonly string[];
|
|
139
|
+
readonly mcp?: GatewayZoneMcpPortalConfig;
|
|
140
|
+
readonly runtimeMcpServers?: Readonly<Record<string, GatewayZoneMcpServerConfig>>;
|
|
141
|
+
readonly runtimeEnvironment?: Readonly<Record<string, string>>;
|
|
142
|
+
readonly runtimePluginConfigs?: Readonly<Record<string, Readonly<Record<string, unknown>>>>;
|
|
143
|
+
readonly secrets: Readonly<Record<string, GatewaySecretConfig>>;
|
|
144
|
+
readonly egressHosts: readonly EgressHostConfig[];
|
|
118
145
|
readonly websocketBypass: readonly string[];
|
|
119
146
|
readonly defaultToolVmProfile?: string;
|
|
120
147
|
}
|
|
148
|
+
interface GatewayZoneAgentConfig {
|
|
149
|
+
readonly id: string;
|
|
150
|
+
readonly toolVmProfile?: string | undefined;
|
|
151
|
+
}
|
|
152
|
+
interface GatewayZoneMcpPortalConfig {
|
|
153
|
+
readonly configDir: string;
|
|
154
|
+
}
|
|
155
|
+
interface GatewayZoneMcpServerConfig {
|
|
156
|
+
readonly headers?: Readonly<Record<string, string>>;
|
|
157
|
+
readonly transport: 'streamable-http';
|
|
158
|
+
readonly url: string;
|
|
159
|
+
}
|
|
121
160
|
interface BuildGatewayVmSpecOptions {
|
|
122
161
|
readonly controllerPort: number;
|
|
123
162
|
readonly gatewayCacheDir: string;
|
|
@@ -154,11 +193,18 @@ interface GatewayLifecycle {
|
|
|
154
193
|
}
|
|
155
194
|
//#endregion
|
|
156
195
|
//#region src/split-resolved-gateway-secrets.d.ts
|
|
157
|
-
interface
|
|
196
|
+
interface SplitResolvedSecretsResult {
|
|
158
197
|
readonly environmentSecrets: Record<string, string>;
|
|
159
198
|
readonly mediatedSecrets: Record<string, SecretSpec>;
|
|
160
199
|
}
|
|
200
|
+
type SecretInjectionConfig = GatewaySecretConfig;
|
|
201
|
+
interface SplitResolvedSecretsOptions {
|
|
202
|
+
readonly audience: RuntimeVmAudience;
|
|
203
|
+
readonly logPrefix?: string;
|
|
204
|
+
}
|
|
205
|
+
declare function splitResolvedSecretsByInjection(secretConfigs: Readonly<Record<string, SecretInjectionConfig>>, resolvedSecrets: Record<string, string>, options: SplitResolvedSecretsOptions): SplitResolvedSecretsResult;
|
|
206
|
+
type SplitResolvedGatewaySecretsResult = SplitResolvedSecretsResult;
|
|
161
207
|
declare function splitResolvedGatewaySecrets(zone: GatewayZoneConfig, resolvedSecrets: Record<string, string>): SplitResolvedGatewaySecretsResult;
|
|
162
208
|
//#endregion
|
|
163
|
-
export { type BuildGatewayVmSpecOptions, type GatewayAuthConfig, type GatewayHealthCheck, type GatewayLifecycle, type GatewayProcessSpec, type GatewayType, type GatewayVmSpec, type GatewayZoneConfig, type SplitResolvedGatewaySecretsResult, buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };
|
|
209
|
+
export { type BuildGatewayVmSpecOptions, type EgressHostConfig, type EnvInjectedGatewaySecretConfig, type GatewayAuthConfig, type GatewayHealthCheck, type GatewayLifecycle, type GatewayProcessSpec, type GatewaySecretConfig, type GatewayType, type GatewayVmSpec, type GatewayZoneAgentConfig, type GatewayZoneConfig, type GatewayZoneMcpPortalConfig, type HttpMediatedGatewaySecretConfig, type RuntimeVmAudience, type SecretInjectionConfig, type SplitResolvedGatewaySecretsResult, type SplitResolvedSecretsResult, type VmAudience, buildGatewaySessionLabel, buildToolSessionLabel, controllerVmHost, egressHostsForAudience, gatewayTypeValues, gatewayVmAllowedHosts, splitResolvedGatewaySecrets, splitResolvedSecretsByInjection, targetsAudience, vmAudienceValues };
|
|
164
210
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/gateway-runtime-contract.ts","../src/gateway-process-spec.ts","../src/gateway-vm-spec.ts","../src/gateway-lifecycle.ts","../src/split-resolved-gateway-secrets.ts"],"mappings":";;;cAAa,iBAAA;AAAA,KAED,WAAA,WAAsB,iBAAA;AAAA,iBAElB,wBAAA,CAAyB,gBAAA,UAA0B,MAAA;AAAA,iBAInD,qBAAA,CACf,gBAAA,UACA,MAAA,UACA,OAAA;;;
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/gateway-runtime-contract.ts","../src/audience.ts","../src/gateway-process-spec.ts","../src/gateway-vm-spec.ts","../src/gateway-lifecycle.ts","../src/split-resolved-gateway-secrets.ts"],"mappings":";;;cAAa,iBAAA;AAAA,KAED,WAAA,WAAsB,iBAAA;AAAA,iBAElB,wBAAA,CAAyB,gBAAA,UAA0B,MAAA;AAAA,iBAInD,qBAAA,CACf,gBAAA,UACA,MAAA,UACA,OAAA;;;cCXY,gBAAA;AAAA,KAED,UAAA,WAAqB,gBAAA;AAAA,KACrB,iBAAA,GAAoB,OAAA,CAAQ,UAAA;AAAA,UAEvB,gBAAA;EAAA,SACP,IAAA;EAAA,SACA,QAAA,EAAU,UAAA;AAAA;AAAA,cAGP,gBAAA;AAAA,iBAEG,eAAA,CACf,cAAA,EAAgB,UAAA,EAChB,eAAA,EAAiB,iBAAA;AAAA,iBAKF,sBAAA,CACf,WAAA,WAAsB,gBAAA,IACtB,eAAA,EAAiB,iBAAA;AAAA,iBAOF,qBAAA,CAAsB,WAAA,WAAsB,gBAAA;;;KC5BhD,kBAAA;EAAA,SACE,IAAA;EAAA,SAAuB,IAAA;EAAA,SAAuB,IAAA;AAAA;EAAA,SAC9C,IAAA;EAAA,SAA0B,OAAA;AAAA;AFAxC;;;;AAAA,UEMiB,kBAAA;EAAA,SACP,gBAAA;EAAA,SACA,YAAA;EAAA,SACA,WAAA,EAAa,kBAAA;EAAA,SACb,eAAA;EAAA,SACA,OAAA;AAAA;;;;;AFbV;;UGMiB,aAAA;EAAA,SACP,WAAA,EAAa,MAAA;EAAA,SACb,SAAA,EAAW,MAAA,SAAe,YAAA;EAAA,SAC1B,eAAA,EAAiB,MAAA,SAAe,UAAA;EAAA,SAChC,QAAA,EAAU,MAAA;EAAA,SACV,YAAA;EAAA,SACA,UAAA;EAAA,SACA,YAAA;AAAA;;;;;;AHXV;UISiB,iBAAA;;;;AJPjB;WIYU,oBAAA;;;;AJRV;WIcU,iBAAA,GACR,QAAA,UACA,OAAA;IAAA,SACU,UAAA;IAAA,SACA,UAAA;EAAA;AAAA;AAAA,UAKF,sBAAA;EAAA,SACA,MAAA;AAAA;AAAA,UAGA,iCAAA,SAA0C,sBAAA;EAAA,SAC1C,MAAA;EAAA,SACA,GAAA;AAAA;AAAA,UAGA,iCAAA,SAA0C,sBAAA;EAAA,SAC1C,MAAA;EAAA,SACA,MAAA;AAAA;AAAA,KAGE,uBAAA;AAAA,UAEK,gBAAA;EAAA,SACP,SAAA,EAAW,uBAAA;AAAA;AAAA,UAGX,4BAAA;EAAA,SACA,IAAA,EAAM,WAAA;EAAA,SACN,MAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,MAAA;EAAA,SACA,QAAA;EAAA,SACA,GAAA,EAAK,gBAAA;EAAA,SACL,eAAA,GACN,iCAAA,GACA,iCAAA;AAAA;AAAA,UAIM,gCAAA,SAAyC,4BAAA;EAAA,SACzC,IAAA;EAAA,SACA,YAAA;EAAA,SACA,mBAAA,GAAsB,QAAA,CAC9B,MAAA,SAAe,iCAAA,GAAoC,iCAAA;AAAA;AAAA,UAI3C,8BAAA,SAAuC,4BAAA;EAAA,SACvC,IAAA;AAAA;AAAA,KAGL,wBAAA,GAA2B,gCAAA,GAAmC,8BAAA;AAAA,UAEzD,6BAAA;EAAA,SACA,MAAA;EAAA,SACA,GAAA;AAAA;AAAA,UAGA,6BAAA;EAAA,SACA,MAAA;EAAA,SACA,MAAA;AAAA;AAAA,KAGL,kBAAA,GAAqB,6BAAA,GAAgC,6BAAA;AAAA,KAE9C,8BAAA,GAAiC,kBAAA;EAAA,SACnC,QAAA;EAAA,SACA,SAAA;AAAA;AAAA,KAGE,+BAAA,GAAkC,kBAAA;EAAA,SACpC,QAAA,EAAU,UAAA;EAAA,SACV,SAAA;EAAA,SACA,KAAA;AAAA;AAAA,KAGE,mBAAA,GAAsB,8BAAA,GAAiC,+BAAA;;;AH1EnE;;UGgFiB,iBAAA;EAAA,SACP,EAAA;EAAA,SACA,MAAA,YAAkB,sBAAA;EAAA,SAClB,OAAA,EAAS,wBAAA;EAAA,SACT,GAAA,GAAM,0BAAA;EAAA,SACN,iBAAA,GAAoB,QAAA,CAAS,MAAA,SAAe,0BAAA;EAAA,SAC5C,kBAAA,GAAqB,QAAA,CAAS,MAAA;EAAA,SAC9B,oBAAA,GAAuB,QAAA,CAAS,MAAA,SAAe,QAAA,CAAS,MAAA;EAAA,SACxD,OAAA,EAAS,QAAA,CAAS,MAAA,SAAe,mBAAA;EAAA,SACjC,WAAA,WAAsB,gBAAA;EAAA,SACtB,eAAA;EAAA,SACA,oBAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,EAAA;EAAA,SACA,aAAA;AAAA;AAAA,UAGO,0BAAA;EAAA,SACP,SAAA;AAAA;AAAA,UAGO,0BAAA;EAAA,SACP,OAAA,GAAU,QAAA,CAAS,MAAA;EAAA,SACnB,SAAA;EAAA,SACA,GAAA;AAAA;AAAA,UAGO,yBAAA;EAAA,SACP,cAAA;EAAA,SACA,eAAA;EAAA,SACA,gBAAA;EAAA,SACA,eAAA,EAAiB,MAAA;EAAA,SACjB,UAAA;EAAA,SACA,OAAA;IAAA,SACC,QAAA;IAAA,SACA,IAAA;EAAA;EAAA,SAED,IAAA,EAAM,iBAAA;AAAA;AAAA,UAGC,gBAAA;ED7IyB;;;;EAAA,SCkJhC,UAAA,GAAa,iBAAA;EDpJb;;;;EC0JT,WAAA,CAAY,OAAA,EAAS,yBAAA,GAA4B,aAAA;EDxJxC;;;;EC8JT,gBAAA,CACC,IAAA,EAAM,iBAAA,EACN,eAAA,EAAiB,MAAA,mBACf,kBAAA;ED/JM;;;;ECqKT,gBAAA,EAAkB,IAAA,EAAM,iBAAA,EAAmB,cAAA,EAAgB,cAAA,GAAiB,OAAA;AAAA;;;UC3K5D,0BAAA;EAAA,SACP,kBAAA,EAAoB,MAAA;EAAA,SACpB,eAAA,EAAiB,MAAA,SAAe,UAAA;AAAA;AAAA,KAG9B,qBAAA,GAAwB,mBAAA;AAAA,UAEnB,2BAAA;EAAA,SACP,QAAA,EAAU,iBAAA;EAAA,SACV,SAAA;AAAA;AAAA,iBAGM,+BAAA,CACf,aAAA,EAAe,QAAA,CAAS,MAAA,SAAe,qBAAA,IACvC,eAAA,EAAiB,MAAA,kBACjB,OAAA,EAAS,2BAAA,GACP,0BAAA;AAAA,KA2CS,iCAAA,GAAoC,0BAAA;AAAA,iBAEhC,2BAAA,CACf,IAAA,EAAM,iBAAA,EACN,eAAA,EAAiB,MAAA,mBACf,iCAAA"}
|
package/dist/index.js
CHANGED
|
@@ -7,31 +7,56 @@ function buildToolSessionLabel(projectNamespace, zoneId, tcpSlot) {
|
|
|
7
7
|
return `${projectNamespace}:${zoneId}:tool:${tcpSlot}`;
|
|
8
8
|
}
|
|
9
9
|
//#endregion
|
|
10
|
+
//#region src/audience.ts
|
|
11
|
+
const vmAudienceValues = [
|
|
12
|
+
"gateway",
|
|
13
|
+
"tool-vm",
|
|
14
|
+
"both"
|
|
15
|
+
];
|
|
16
|
+
const controllerVmHost = "controller.vm.host";
|
|
17
|
+
function targetsAudience(configAudience, runtimeAudience) {
|
|
18
|
+
return configAudience === runtimeAudience || configAudience === "both";
|
|
19
|
+
}
|
|
20
|
+
function egressHostsForAudience(egressHosts, runtimeAudience) {
|
|
21
|
+
return egressHosts.filter((egressHost) => targetsAudience(egressHost.audience, runtimeAudience)).map((egressHost) => egressHost.host);
|
|
22
|
+
}
|
|
23
|
+
function gatewayVmAllowedHosts(egressHosts) {
|
|
24
|
+
return Array.from(new Set([controllerVmHost, ...egressHostsForAudience(egressHosts, "gateway")]));
|
|
25
|
+
}
|
|
26
|
+
//#endregion
|
|
10
27
|
//#region src/split-resolved-gateway-secrets.ts
|
|
11
|
-
function
|
|
28
|
+
function splitResolvedSecretsByInjection(secretConfigs, resolvedSecrets, options) {
|
|
12
29
|
const environmentSecrets = {};
|
|
13
30
|
const mediatedSecrets = {};
|
|
31
|
+
const logPrefix = options.logPrefix ?? "split-resolved-secrets";
|
|
14
32
|
for (const [secretName, secretValue] of Object.entries(resolvedSecrets)) {
|
|
15
|
-
const secretConfig =
|
|
16
|
-
if (!secretConfig) {
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
if (secretConfig.injection === "http-mediation" && secretConfig.hosts) {
|
|
33
|
+
const secretConfig = secretConfigs[secretName];
|
|
34
|
+
if (!secretConfig) throw new Error(`[${logPrefix}] Secret '${secretName}' was resolved but has no matching secret config.`);
|
|
35
|
+
if (!targetsAudience(secretConfig.audience, options.audience)) continue;
|
|
36
|
+
if (secretConfig.injection === "http-mediation") {
|
|
37
|
+
if (secretConfig.hosts.length === 0) throw new Error(`[${logPrefix}] Secret '${secretName}' uses http-mediation but declares no hosts.`);
|
|
21
38
|
mediatedSecrets[secretName] = {
|
|
22
39
|
hosts: [...secretConfig.hosts],
|
|
23
40
|
value: secretValue
|
|
24
41
|
};
|
|
25
42
|
continue;
|
|
26
43
|
}
|
|
27
|
-
|
|
44
|
+
const envSecretAudience = secretConfig.audience;
|
|
45
|
+
if (envSecretAudience !== "gateway") throw new Error(`[${logPrefix}] Secret '${secretName}' uses env injection with non-gateway audience '${envSecretAudience}'.`);
|
|
46
|
+
if (options.audience === "gateway") environmentSecrets[secretName] = secretValue;
|
|
28
47
|
}
|
|
29
48
|
return {
|
|
30
49
|
environmentSecrets,
|
|
31
50
|
mediatedSecrets
|
|
32
51
|
};
|
|
33
52
|
}
|
|
53
|
+
function splitResolvedGatewaySecrets(zone, resolvedSecrets) {
|
|
54
|
+
return splitResolvedSecretsByInjection(zone.secrets, resolvedSecrets, {
|
|
55
|
+
audience: "gateway",
|
|
56
|
+
logPrefix: "split-resolved-gateway-secrets"
|
|
57
|
+
});
|
|
58
|
+
}
|
|
34
59
|
//#endregion
|
|
35
|
-
export { buildGatewaySessionLabel, buildToolSessionLabel, gatewayTypeValues, splitResolvedGatewaySecrets };
|
|
60
|
+
export { buildGatewaySessionLabel, buildToolSessionLabel, controllerVmHost, egressHostsForAudience, gatewayTypeValues, gatewayVmAllowedHosts, splitResolvedGatewaySecrets, splitResolvedSecretsByInjection, targetsAudience, vmAudienceValues };
|
|
36
61
|
|
|
37
62
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":[],"sources":["../src/gateway-runtime-contract.ts","../src/split-resolved-gateway-secrets.ts"],"sourcesContent":["export const gatewayTypeValues = ['openclaw', 'worker'] as const;\n\nexport type GatewayType = (typeof gatewayTypeValues)[number];\n\nexport function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string {\n\treturn `${projectNamespace}:${zoneId}:gateway`;\n}\n\nexport function buildToolSessionLabel(\n\tprojectNamespace: string,\n\tzoneId: string,\n\ttcpSlot: number,\n): string {\n\treturn `${projectNamespace}:${zoneId}:tool:${tcpSlot}`;\n}\n","import type { SecretSpec } from '@agent-vm/gondolin-adapter';\n\nimport type { GatewayZoneConfig } from './gateway-lifecycle.js';\n\nexport interface
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../src/gateway-runtime-contract.ts","../src/audience.ts","../src/split-resolved-gateway-secrets.ts"],"sourcesContent":["export const gatewayTypeValues = ['openclaw', 'worker'] as const;\n\nexport type GatewayType = (typeof gatewayTypeValues)[number];\n\nexport function buildGatewaySessionLabel(projectNamespace: string, zoneId: string): string {\n\treturn `${projectNamespace}:${zoneId}:gateway`;\n}\n\nexport function buildToolSessionLabel(\n\tprojectNamespace: string,\n\tzoneId: string,\n\ttcpSlot: number,\n): string {\n\treturn `${projectNamespace}:${zoneId}:tool:${tcpSlot}`;\n}\n","export const vmAudienceValues = ['gateway', 'tool-vm', 'both'] as const;\n\nexport type VmAudience = (typeof vmAudienceValues)[number];\nexport type RuntimeVmAudience = Exclude<VmAudience, 'both'>;\n\nexport interface EgressHostConfig {\n\treadonly host: string;\n\treadonly audience: VmAudience;\n}\n\nexport const controllerVmHost = 'controller.vm.host';\n\nexport function targetsAudience(\n\tconfigAudience: VmAudience,\n\truntimeAudience: RuntimeVmAudience,\n): boolean {\n\treturn configAudience === runtimeAudience || configAudience === 'both';\n}\n\nexport function egressHostsForAudience(\n\tegressHosts: readonly EgressHostConfig[],\n\truntimeAudience: RuntimeVmAudience,\n): readonly string[] {\n\treturn egressHosts\n\t\t.filter((egressHost) => targetsAudience(egressHost.audience, runtimeAudience))\n\t\t.map((egressHost) => egressHost.host);\n}\n\nexport function gatewayVmAllowedHosts(egressHosts: readonly EgressHostConfig[]): readonly string[] {\n\treturn Array.from(new Set([controllerVmHost, ...egressHostsForAudience(egressHosts, 'gateway')]));\n}\n","import type { SecretSpec } from '@agent-vm/gondolin-adapter';\n\nimport { targetsAudience, type RuntimeVmAudience } from './audience.js';\nimport type { GatewaySecretConfig, GatewayZoneConfig } from './gateway-lifecycle.js';\n\nexport interface SplitResolvedSecretsResult {\n\treadonly environmentSecrets: Record<string, string>;\n\treadonly mediatedSecrets: Record<string, SecretSpec>;\n}\n\nexport type SecretInjectionConfig = GatewaySecretConfig;\n\nexport interface SplitResolvedSecretsOptions {\n\treadonly audience: RuntimeVmAudience;\n\treadonly logPrefix?: string;\n}\n\nexport function splitResolvedSecretsByInjection(\n\tsecretConfigs: Readonly<Record<string, SecretInjectionConfig>>,\n\tresolvedSecrets: Record<string, string>,\n\toptions: SplitResolvedSecretsOptions,\n): SplitResolvedSecretsResult {\n\tconst environmentSecrets: Record<string, string> = {};\n\tconst mediatedSecrets: Record<string, SecretSpec> = {};\n\tconst logPrefix = options.logPrefix ?? 'split-resolved-secrets';\n\n\tfor (const [secretName, secretValue] of Object.entries(resolvedSecrets)) {\n\t\tconst secretConfig = secretConfigs[secretName];\n\t\tif (!secretConfig) {\n\t\t\tthrow new Error(\n\t\t\t\t`[${logPrefix}] Secret '${secretName}' was resolved but has no matching secret config.`,\n\t\t\t);\n\t\t}\n\t\tif (!targetsAudience(secretConfig.audience, options.audience)) {\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (secretConfig.injection === 'http-mediation') {\n\t\t\tif (secretConfig.hosts.length === 0) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`[${logPrefix}] Secret '${secretName}' uses http-mediation but declares no hosts.`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tmediatedSecrets[secretName] = {\n\t\t\t\thosts: [...secretConfig.hosts],\n\t\t\t\tvalue: secretValue,\n\t\t\t};\n\t\t\tcontinue;\n\t\t}\n\n\t\tconst envSecretAudience = (secretConfig as { readonly audience: string }).audience;\n\t\tif (envSecretAudience !== 'gateway') {\n\t\t\tthrow new Error(\n\t\t\t\t`[${logPrefix}] Secret '${secretName}' uses env injection with non-gateway audience '${envSecretAudience}'.`,\n\t\t\t);\n\t\t}\n\t\tif (options.audience === 'gateway') {\n\t\t\tenvironmentSecrets[secretName] = secretValue;\n\t\t}\n\t}\n\n\treturn { environmentSecrets, mediatedSecrets };\n}\n\nexport type SplitResolvedGatewaySecretsResult = SplitResolvedSecretsResult;\n\nexport function splitResolvedGatewaySecrets(\n\tzone: GatewayZoneConfig,\n\tresolvedSecrets: Record<string, string>,\n): SplitResolvedGatewaySecretsResult {\n\treturn splitResolvedSecretsByInjection(zone.secrets, resolvedSecrets, {\n\t\taudience: 'gateway',\n\t\tlogPrefix: 'split-resolved-gateway-secrets',\n\t});\n}\n"],"mappings":";AAAA,MAAa,oBAAoB,CAAC,YAAY,SAAS;AAIvD,SAAgB,yBAAyB,kBAA0B,QAAwB;CAC1F,OAAO,GAAG,iBAAiB,GAAG,OAAO;;AAGtC,SAAgB,sBACf,kBACA,QACA,SACS;CACT,OAAO,GAAG,iBAAiB,GAAG,OAAO,QAAQ;;;;ACb9C,MAAa,mBAAmB;CAAC;CAAW;CAAW;CAAO;AAU9D,MAAa,mBAAmB;AAEhC,SAAgB,gBACf,gBACA,iBACU;CACV,OAAO,mBAAmB,mBAAmB,mBAAmB;;AAGjE,SAAgB,uBACf,aACA,iBACoB;CACpB,OAAO,YACL,QAAQ,eAAe,gBAAgB,WAAW,UAAU,gBAAgB,CAAC,CAC7E,KAAK,eAAe,WAAW,KAAK;;AAGvC,SAAgB,sBAAsB,aAA6D;CAClG,OAAO,MAAM,KAAK,IAAI,IAAI,CAAC,kBAAkB,GAAG,uBAAuB,aAAa,UAAU,CAAC,CAAC,CAAC;;;;ACZlG,SAAgB,gCACf,eACA,iBACA,SAC6B;CAC7B,MAAM,qBAA6C,EAAE;CACrD,MAAM,kBAA8C,EAAE;CACtD,MAAM,YAAY,QAAQ,aAAa;CAEvC,KAAK,MAAM,CAAC,YAAY,gBAAgB,OAAO,QAAQ,gBAAgB,EAAE;EACxE,MAAM,eAAe,cAAc;EACnC,IAAI,CAAC,cACJ,MAAM,IAAI,MACT,IAAI,UAAU,YAAY,WAAW,mDACrC;EAEF,IAAI,CAAC,gBAAgB,aAAa,UAAU,QAAQ,SAAS,EAC5D;EAGD,IAAI,aAAa,cAAc,kBAAkB;GAChD,IAAI,aAAa,MAAM,WAAW,GACjC,MAAM,IAAI,MACT,IAAI,UAAU,YAAY,WAAW,8CACrC;GAEF,gBAAgB,cAAc;IAC7B,OAAO,CAAC,GAAG,aAAa,MAAM;IAC9B,OAAO;IACP;GACD;;EAGD,MAAM,oBAAqB,aAA+C;EAC1E,IAAI,sBAAsB,WACzB,MAAM,IAAI,MACT,IAAI,UAAU,YAAY,WAAW,kDAAkD,kBAAkB,IACzG;EAEF,IAAI,QAAQ,aAAa,WACxB,mBAAmB,cAAc;;CAInC,OAAO;EAAE;EAAoB;EAAiB;;AAK/C,SAAgB,4BACf,MACA,iBACoC;CACpC,OAAO,gCAAgC,KAAK,SAAS,iBAAiB;EACrE,UAAU;EACV,WAAW;EACX,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agent-vm/gateway-interface",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.59",
|
|
4
4
|
"description": "Shared TypeScript interfaces for VM gateway lifecycles, VmSpec, and ProcessSpec.",
|
|
5
5
|
"homepage": "https://github.com/ShravanSunder/agent-vm#readme",
|
|
6
6
|
"bugs": {
|
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
"access": "public"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@agent-vm/gondolin-adapter": "0.0.
|
|
32
|
+
"@agent-vm/gondolin-adapter": "0.0.59"
|
|
33
33
|
},
|
|
34
34
|
"scripts": {
|
|
35
35
|
"build": "tsdown",
|