@awcp/transport-sshfs 0.0.0-dev-202601300724 → 0.0.0-dev-202601301521

package/dist/delegator/credential-manager.js

@@ -1,57 +1,51 @@
-import { unlink, mkdir, readFile, writeFile, appendFile, readdir } from 'node:fs/promises';
+import { unlink, mkdir, readFile, readdir, access, constants } from 'node:fs/promises';
 import { join } from 'node:path';
 import { spawn } from 'node:child_process';
 import { homedir } from 'node:os';
 const DEFAULT_KEY_DIR = join(homedir(), '.awcp', 'keys');
-/**
- * Marker prefix for AWCP-managed keys in authorized_keys
- */
-const AWCP_KEY_COMMENT_PREFIX = 'awcp-temp-key-';
 /**
  * SSH Credential Manager
  *
- * Manages temporary SSH keys for AWCP delegations.
- *
- * TODO [Security]: Consider SSH certificates with built-in expiry for production.
+ * Manages temporary SSH certificates for AWCP delegations.
+ * Uses SSH certificates with built-in expiry for automatic TTL enforcement.
  */
 export class CredentialManager {
     config;
     activeCredentials = new Map();
     constructor(config) {
-        this.config = config ?? {};
-    }
-    /**
-     * Get the path to authorized_keys file
-     */
-    getAuthorizedKeysPath() {
-        return this.config.authorizedKeysPath ?? join(homedir(), '.ssh', 'authorized_keys');
+        this.config = config;
     }
     /**
-     * Generate a temporary SSH key pair for a delegation
+     * Generate a temporary SSH key pair and sign certificate with TTL
      */
-    async generateCredential(delegationId, _ttlSeconds) {
+    async generateCredential(delegationId, ttlSeconds) {
+        // Ensure CA key exists (auto-generate if needed)
+        await this.ensureCaKey();
         const keyDir = this.config.keyDir ?? DEFAULT_KEY_DIR;
         await mkdir(keyDir, { recursive: true, mode: 0o700 });
-        const privateKeyPath = join(keyDir, `${delegationId}`);
+        const privateKeyPath = join(keyDir, delegationId);
         const publicKeyPath = join(keyDir, `${delegationId}.pub`);
-        // Generate key pair using ssh-keygen with AWCP marker comment
-        const keyComment = `${AWCP_KEY_COMMENT_PREFIX}${delegationId}`;
-        await this.execSshKeygen(privateKeyPath, keyComment);
-        // Read the generated keys
+        const certPath = join(keyDir, `${delegationId}-cert.pub`);
+        // Generate key pair
+        await this.execSshKeygen(privateKeyPath, `awcp-${delegationId}`);
+        // Sign certificate with CA (includes TTL)
+        await this.signCertificate(publicKeyPath, ttlSeconds, delegationId);
+        // Read the private key and certificate
         const privateKey = await readFile(privateKeyPath, 'utf-8');
-        const publicKey = await readFile(publicKeyPath, 'utf-8');
-        const credential = {
+        const certificate = await readFile(certPath, 'utf-8');
+        const credentialInfo = {
             privateKey,
-            publicKey,
             privateKeyPath,
             publicKeyPath,
+            certPath,
             delegationId,
         };
-        this.activeCredentials.set(delegationId, credential);
-        // Add public key to authorized_keys
-        await this.addToAuthorizedKeys(publicKey);
+        this.activeCredentials.set(delegationId, credentialInfo);
         return {
-            credential: privateKey,
+            credential: {
+                privateKey,
+                certificate,
+            },
             endpoint: {
                 host: this.config.sshHost ?? 'localhost',
                 port: this.config.sshPort ?? 22,
@@ -60,28 +54,42 @@ export class CredentialManager {
         };
     }
     /**
-     * Revoke a credential
+     * Ensure CA key exists, auto-generate if not present
      */
-    async revokeCredential(delegationId) {
-        const credential = this.activeCredentials.get(delegationId);
-        if (!credential) {
-            return;
-        }
-        // Remove from authorized_keys first
-        await this.removeFromAuthorizedKeys(delegationId);
-        // Remove key files
+    async ensureCaKey() {
         try {
-            await unlink(credential.privateKeyPath);
+            await access(this.config.caKeyPath, constants.R_OK);
+            return; // CA key exists
         }
         catch {
-            // Ignore errors if file doesn't exist
+            // CA key doesn't exist, generate it
         }
-        try {
-            await unlink(credential.publicKeyPath);
-        }
-        catch {
-            // Ignore errors if file doesn't exist
+        console.log(`[CredentialManager] CA key not found at ${this.config.caKeyPath}, generating...`);
+        const caDir = join(this.config.caKeyPath, '..');
+        await mkdir(caDir, { recursive: true, mode: 0o700 });
+        await this.execSshKeygen(this.config.caKeyPath, 'awcp-ca');
+        console.log(`[CredentialManager] CA key pair generated at ${this.config.caKeyPath}`);
+        console.log('');
+        console.log('  ⚠️  To enable SSH certificate authentication, add to /etc/ssh/sshd_config:');
+        console.log(`     TrustedUserCAKeys ${this.config.caKeyPath}.pub`);
+        console.log('');
+        console.log('  Then restart sshd:');
+        console.log('     macOS:  sudo launchctl stop com.openssh.sshd');
+        console.log('     Linux:  sudo systemctl restart sshd');
+        console.log('');
+    }
+    /**
+     * Revoke a credential (delete key files, certificate expires automatically)
+     */
+    async revokeCredential(delegationId) {
+        const credential = this.activeCredentials.get(delegationId);
+        if (!credential) {
+            return;
         }
+        // Delete key and certificate files
+        await unlink(credential.privateKeyPath).catch(() => { });
+        await unlink(credential.publicKeyPath).catch(() => { });
+        await unlink(credential.certPath).catch(() => { });
         this.activeCredentials.delete(delegationId);
     }
     /**
@@ -98,30 +106,6 @@ export class CredentialManager {
             await this.revokeCredential(delegationId);
         }
     }
-    /**
-     * Clean up stale AWCP keys from authorized_keys (call on startup)
-     */
-    async cleanupStaleKeys() {
-        const authorizedKeysPath = this.getAuthorizedKeysPath();
-        try {
-            const content = await readFile(authorizedKeysPath, 'utf-8');
-            const lines = content.split('\n');
-            const cleanedLines = lines.filter(line => {
-                // Keep lines that don't have AWCP marker
-                return !line.includes(AWCP_KEY_COMMENT_PREFIX);
-            });
-            const removedCount = lines.length - cleanedLines.length;
-            if (removedCount > 0) {
-                await writeFile(authorizedKeysPath, cleanedLines.join('\n'));
-                console.log(`[CredentialManager] Cleaned up ${removedCount} stale AWCP keys from authorized_keys`);
-            }
-            return removedCount;
-        }
-        catch {
-            // File doesn't exist or can't be read, nothing to clean
-            return 0;
-        }
-    }
     /**
      * Clean up stale key files from key directory (call on startup)
      */
@@ -131,19 +115,14 @@ export class CredentialManager {
             const files = await readdir(keyDir);
             let removedCount = 0;
             for (const file of files) {
-                // Skip files that are currently active
-                const delegationId = file.replace(/\.pub$/, '');
+                // Extract delegation ID from filename
+                const delegationId = file.replace(/(-cert)?\.pub$/, '');
                 if (this.activeCredentials.has(delegationId)) {
                     continue;
                 }
                 // Remove stale key files
-                try {
-                    await unlink(join(keyDir, file));
-                    removedCount++;
-                }
-                catch {
-                    // Ignore errors
-                }
+                await unlink(join(keyDir, file)).catch(() => { });
+                removedCount++;
             }
             if (removedCount > 0) {
                 console.log(`[CredentialManager] Cleaned up ${removedCount} stale key files`);
@@ -156,35 +135,32 @@ export class CredentialManager {
         }
     }
     /**
-     * Add a public key to authorized_keys
+     * Sign public key with CA to create certificate with TTL
      */
-    async addToAuthorizedKeys(publicKey) {
-        const authorizedKeysPath = this.getAuthorizedKeysPath();
-        // Ensure .ssh directory exists
-        const sshDir = join(homedir(), '.ssh');
-        await mkdir(sshDir, { recursive: true, mode: 0o700 });
-        // Ensure the key ends with newline
-        const keyLine = publicKey.trim() + '\n';
-        // Append to authorized_keys
-        await appendFile(authorizedKeysPath, keyLine, { mode: 0o600 });
-    }
-    /**
-     * Remove a public key from authorized_keys by delegation ID
-     */
-    async removeFromAuthorizedKeys(delegationId) {
-        const authorizedKeysPath = this.getAuthorizedKeysPath();
-        const keyMarker = `${AWCP_KEY_COMMENT_PREFIX}${delegationId}`;
-        try {
-            const content = await readFile(authorizedKeysPath, 'utf-8');
-            const lines = content.split('\n');
-            // Filter out lines containing this delegation's key marker
-            const filteredLines = lines.filter(line => !line.includes(keyMarker));
-            // Write back
-            await writeFile(authorizedKeysPath, filteredLines.join('\n'), { mode: 0o600 });
-        }
-        catch {
-            // File doesn't exist or can't be read, nothing to remove
-        }
+    signCertificate(publicKeyPath, ttlSeconds, delegationId) {
+        return new Promise((resolve, reject) => {
+            const proc = spawn('ssh-keygen', [
+                '-s', this.config.caKeyPath,
+                '-I', `awcp-${delegationId}`,
+                '-n', this.config.sshUser ?? process.env['USER'] ?? 'awcp',
+                '-V', `+${ttlSeconds}s`,
+                '-q',
+                publicKeyPath,
+            ]);
+            let stderr = '';
+            proc.stderr.on('data', (data) => {
+                stderr += data.toString();
+            });
+            proc.on('close', (code) => {
+                if (code === 0) {
+                    resolve();
+                }
+                else {
+                    reject(new Error(`Certificate signing failed: ${stderr}`));
+                }
+            });
+            proc.on('error', reject);
+        });
     }
     /**
      * Execute ssh-keygen to generate a key pair

package/dist/delegator/credential-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"credential-manager.js","sourceRoot":"","sources":["../../src/delegator/credential-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAkClC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,uBAAuB,GAAG,gBAAgB,CAAC;AAEjD;;;;;;GAMG;AACH,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAA0B;IAChC,iBAAiB,GAAG,IAAI,GAAG,EAA+B,CAAC;IAEnE,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,qBAAqB;QAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;IACtF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACtB,YAAoB,EACpB,WAAmB;QAKnB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,eAAe,CAAC;QACrD,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;QACvD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,MAAM,CAAC,CAAC;QAE1D,8DAA8D;QAC9D,MAAM,UAAU,GAAG,GAAG,uBAAuB,GAAG,YAAY,EAAE,CAAC;QAC/D,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QAErD,0BAA0B;QAC1B,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAEzD,MAAM,UAAU,GAAwB;YACtC,UAAU;YACV,SAAS;YACT,cAAc;YACd,aAAa;YACb,YAAY;SACb,CAAC;QAEF,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAErD,oCAAoC;QACpC,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAE1C,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,WAAW;gBACxC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE;gBAC/B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM;aAC3D;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,YAAoB;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC5D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO;QACT,CAAC;QAED,oCAAoC;QACpC,MAAM,IAAI,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC;QAElD,mBAAmB;QACnB,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,YAAoB;QAChC,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,EAAE,CAAC;YACzD,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;QACpB,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAExD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;YAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;gBACvC,yCAAyC;gBACzC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;YAExD,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBACrB,MAAM,SAAS,CAAC,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC7D,OAAO,CAAC,GAAG,CAAC,kCAAkC,YAAY,uCAAuC,CAAC,CAAC;YACrG,CAAC;YAED,OAAO,YAAY,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,wDAAwD;YACxD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB;QACxB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,eAAe,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,YAAY,GAAG,CAAC,CAAC;YAErB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,uCAAuC;gBACvC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;gBAChD,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC7C,SAAS;gBACX,CAAC;gBAED,yBAAyB;gBACzB,IAAI,CAAC;oBACH,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;oBACjC,YAAY,EAAE,CAAC;gBACjB,CAAC;gBAAC,MAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;YACH,CAAC;YAED,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,kCAAkC,YAAY,kBAAkB,CAAC,CAAC;YAChF,CAAC;YAED,OAAO,YAAY,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,4CAA4C;YAC5C,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACjD,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAExD,+BAA+B;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtD,mCAAmC;QACnC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC;QAExC,4BAA4B;QAC5B,MAAM,UAAU,CAAC,kBAAkB,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,wBAAwB,CAAC,YAAoB;QACzD,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACxD,MAAM,SAAS,GAAG,GAAG,uBAAuB,GAAG,YAAY,EAAE,CAAC;QAE9D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;YAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,2DAA2D;YAC3D,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;YAEtE,aAAa;YACb,MAAM,SAAS,CAAC,kBAAkB,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACjF,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;QAC3D,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAe,EAAE,OAAe;QACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,EAAE;gBAC/B,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,EAAE,EAAE,gBAAgB;gBAC1B,IAAI,EAAE,OAAO;aACd,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,MAAM,EAAE,CAAC,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}
+{"version":3,"file":"credential-manager.js","sourceRoot":"","sources":["../../src/delegator/credential-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAIlC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAA0B;IAChC,iBAAiB,GAAG,IAAI,GAAG,EAA+B,CAAC;IAEnE,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACtB,YAAoB,EACpB,UAAkB;QAKlB,iDAAiD;QACjD,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEzB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,eAAe,CAAC;QACrD,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAClD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,WAAW,CAAC,CAAC;QAE1D,oBAAoB;QACpB,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,QAAQ,YAAY,EAAE,CAAC,CAAC;QAEjE,0CAA0C;QAC1C,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;QAEpE,uCAAuC;QACvC,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC3D,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAEtD,MAAM,cAAc,GAAwB;YAC1C,UAAU;YACV,cAAc;YACd,aAAa;YACb,QAAQ;YACR,YAAY;SACb,CAAC;QAEF,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QAEzD,OAAO;YACL,UAAU,EAAE;gBACV,UAAU;gBACV,WAAW;aACZ;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,WAAW;gBACxC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE;gBAC/B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM;aAC3D;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW;QACvB,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;YACpD,OAAO,CAAC,gBAAgB;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,2CAA2C,IAAI,CAAC,MAAM,CAAC,SAAS,iBAAiB,CAAC,CAAC;QAE/F,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,MAAM,KAAK,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAErD,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAE3D,OAAO,CAAC,GAAG,CAAC,gDAAgD,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;QAC5F,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,CAAC,MAAM,CAAC,SAAS,MAAM,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,YAAoB;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC5D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO;QACT,CAAC;QAED,mCAAmC;QACnC,MAAM,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACvD,MAAM,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAElD,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,YAAoB;QAChC,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,EAAE,CAAC;YACzD,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB;QACxB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,eAAe,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,YAAY,GAAG,CAAC,CAAC;YAErB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,sCAAsC;gBACtC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;gBACxD,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC7C,SAAS;gBACX,CAAC;gBAED,yBAAyB;gBACzB,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACjD,YAAY,EAAE,CAAC;YACjB,CAAC;YAED,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,kCAAkC,YAAY,kBAAkB,CAAC,CAAC;YAChF,CAAC;YAED,OAAO,YAAY,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,4CAA4C;YAC5C,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe,CACrB,aAAqB,EACrB,UAAkB,EAClB,YAAoB;QAEpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,EAAE;gBAC/B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC3B,IAAI,EAAE,QAAQ,YAAY,EAAE;gBAC5B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM;gBAC1D,IAAI,EAAE,IAAI,UAAU,GAAG;gBACvB,IAAI;gBACJ,aAAa;aACd,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,+BAA+B,MAAM,EAAE,CAAC,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAe,EAAE,OAAe;QACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,EAAE;gBAC/B,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,EAAE,EAAE,gBAAgB;gBAC1B,IAAI,EAAE,OAAO;aACd,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,MAAM,EAAE,CAAC,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/delegator/index.d.ts

@@ -1,2 +1,2 @@
-export { CredentialManager, type CredentialManagerConfig, type GeneratedCredential } from './credential-manager.js';
+export { CredentialManager } from './credential-manager.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/delegator/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/delegator/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,uBAAuB,EAAE,KAAK,mBAAmB,EAAE,MAAM,yBAAyB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/delegator/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/delegator/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/delegator/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAA0D,MAAM,yBAAyB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/delegator/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/executor/index.d.ts

@@ -1,2 +1,2 @@
-export { SshfsMountClient, type SshfsMountConfig, type MountParams } from './sshfs-client.js';
+export { SshfsMountClient, DEFAULT_TEMP_KEY_DIR, buildSshfsArgs } from './sshfs-client.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/executor/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/executor/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,KAAK,gBAAgB,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/executor/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/executor/index.js

@@ -1,2 +1,2 @@
-export { SshfsMountClient } from './sshfs-client.js';
+export { SshfsMountClient, DEFAULT_TEMP_KEY_DIR, buildSshfsArgs } from './sshfs-client.js';
 //# sourceMappingURL=index.js.map

package/dist/executor/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/executor/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2C,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/executor/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/executor/sshfs-client.d.ts

@@ -1,28 +1,10 @@
+import { type SshCredential } from '@awcp/core';
+import type { SshfsMountConfig, MountParams, ActiveMount } from '../types.js';
+export declare const DEFAULT_TEMP_KEY_DIR = "/tmp/awcp/client-keys";
 /**
- * SSHFS Mount Client configuration
+ * Build SSHFS command arguments
  */
-export interface SshfsMountConfig {
-    /** Directory to store temporary key files */
-    tempKeyDir?: string;
-    /** Additional sshfs options */
-    defaultOptions?: Record<string, string>;
-    /** Timeout for mount operation in ms (default: 30000) */
-    mountTimeout?: number;
-}
-/**
- * Mount parameters
- */
-export interface MountParams {
-    endpoint: {
-        host: string;
-        port: number;
-        user: string;
-    };
-    exportLocator: string;
-    credential: string;
-    mountPoint: string;
-    options?: Record<string, string>;
-}
+export declare function buildSshfsArgs(params: MountParams, keyPath: string, certPath: string, defaultOptions?: Record<string, string>): string[];
 /**
  * SSHFS Mount Client
  *
@@ -32,6 +14,10 @@ export declare class SshfsMountClient {
     private config;
     private activeMounts;
     constructor(config?: SshfsMountConfig);
+    /**
+     * Get active mounts (for testing)
+     */
+    getActiveMounts(): Map<string, ActiveMount>;
     /**
      * Check if sshfs is available
      */
@@ -40,6 +26,17 @@ export declare class SshfsMountClient {
         version?: string;
         error?: string;
     }>;
+    /**
+     * Write credential files to disk
+     */
+    writeCredentialFiles(tempKeyDir: string, credential: SshCredential): Promise<{
+        keyPath: string;
+        certPath: string;
+    }>;
+    /**
+     * Clean up credential files
+     */
+    cleanupCredentialFiles(keyPath: string, certPath: string): Promise<void>;
     /**
      * Mount a remote filesystem
      */

package/dist/executor/sshfs-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sshfs-client.d.ts","sourceRoot":"","sources":["../../src/executor/sshfs-client.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,6CAA6C;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAcD;;;;GAIG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,YAAY,CAAkC;gBAE1C,MAAM,CAAC,EAAE,gBAAgB;IAIrC;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAoC1F;;OAEG;IACG,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IA+D/C;;OAEG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgChD;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUrD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAMjC,OAAO,CAAC,SAAS;IAyDjB,OAAO,CAAC,WAAW;CAepB"}
+{"version":3,"file":"sshfs-client.d.ts","sourceRoot":"","sources":["../../src/executor/sshfs-client.ts"],"names":[],"mappings":"AAGA,OAAO,EAA4C,KAAK,aAAa,EAAE,MAAM,YAAY,CAAC;AAC1F,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE9E,eAAO,MAAM,oBAAoB,0BAA0B,CAAC;AAG5D;;GAEG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,WAAW,EACnB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACtC,MAAM,EAAE,CA4BV;AAED;;;;GAIG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,YAAY,CAAkC;gBAE1C,MAAM,CAAC,EAAE,gBAAgB;IAIrC;;OAEG;IACH,eAAe,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC;IAI3C;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAoC1F;;OAEG;IACG,oBAAoB,CACxB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,aAAa,GACxB,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAWjD;;OAEG;IACG,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9E;;OAEG;IACG,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAmC/C;;OAEG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgChD;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUrD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAMjC,OAAO,CAAC,SAAS;IAyDjB,OAAO,CAAC,WAAW;CAepB"}

package/dist/executor/sshfs-client.js

@@ -2,8 +2,36 @@ import { spawn } from 'node:child_process';
 import { writeFile, unlink, mkdir, stat } from 'node:fs/promises';
 import { join } from 'node:path';
 import { MountFailedError, DependencyMissingError } from '@awcp/core';
-const DEFAULT_TEMP_KEY_DIR = '/tmp/awcp/client-keys';
+export const DEFAULT_TEMP_KEY_DIR = '/tmp/awcp/client-keys';
 const DEFAULT_MOUNT_TIMEOUT = 30000;
+/**
+ * Build SSHFS command arguments
+ */
+export function buildSshfsArgs(params, keyPath, certPath, defaultOptions) {
+    const { host, port, user } = params.endpoint;
+    const remoteSpec = `${user}@${host}:${params.exportLocator}`;
+    const options = {
+        ...defaultOptions,
+        ...params.options,
+    };
+    const args = [
+        remoteSpec,
+        params.mountPoint,
+        '-o', `IdentityFile=${keyPath}`,
+        '-o', `CertificateFile=${certPath}`,
+        '-o', `Port=${port}`,
+        '-o', 'StrictHostKeyChecking=no',
+        '-o', 'UserKnownHostsFile=/dev/null',
+        '-o', 'reconnect',
+        '-o', 'ServerAliveInterval=15',
+        '-o', 'ServerAliveCountMax=3',
+        '-o', 'noappledouble',
+    ];
+    for (const [key, value] of Object.entries(options)) {
+        args.push('-o', `${key}=${value}`);
+    }
+    return args;
+}
 /**
  * SSHFS Mount Client
  *
@@ -15,6 +43,12 @@ export class SshfsMountClient {
     constructor(config) {
         this.config = config ?? {};
     }
+    /**
+     * Get active mounts (for testing)
+     */
+    getActiveMounts() {
+        return this.activeMounts;
+    }
     /**
      * Check if sshfs is available
      */
@@ -51,6 +85,24 @@ export class SshfsMountClient {
             });
         });
     }
+    /**
+     * Write credential files to disk
+     */
+    async writeCredentialFiles(tempKeyDir, credential) {
+        await mkdir(tempKeyDir, { recursive: true });
+        const keyPath = join(tempKeyDir, `mount-${Date.now()}`);
+        const certPath = `${keyPath}-cert.pub`;
+        await writeFile(keyPath, credential.privateKey, { mode: 0o600 });
+        await writeFile(certPath, credential.certificate, { mode: 0o644 });
+        return { keyPath, certPath };
+    }
+    /**
+     * Clean up credential files
+     */
+    async cleanupCredentialFiles(keyPath, certPath) {
+        await unlink(keyPath).catch(() => { });
+        await unlink(certPath).catch(() => { });
+    }
     /**
      * Mount a remote filesystem
      */
@@ -61,34 +113,9 @@ export class SshfsMountClient {
             throw new DependencyMissingError('sshfs', 'Install sshfs: brew install macfuse && brew install sshfs (macOS) or apt install sshfs (Linux)');
         }
         const tempKeyDir = this.config.tempKeyDir ?? DEFAULT_TEMP_KEY_DIR;
-        await mkdir(tempKeyDir, { recursive: true });
-        // Write credential to temp file
-        const keyPath = join(tempKeyDir, `mount-${Date.now()}`);
-        await writeFile(keyPath, params.credential, { mode: 0o600 });
+        const { keyPath, certPath } = await this.writeCredentialFiles(tempKeyDir, params.credential);
         try {
-            // Build sshfs command
-            const { host, port, user } = params.endpoint;
-            const remoteSpec = `${user}@${host}:${params.exportLocator}`;
-            const options = {
-                ...this.config.defaultOptions,
-                ...params.options,
-            };
-            const args = [
-                remoteSpec,
-                params.mountPoint,
-                '-o', `IdentityFile=${keyPath}`,
-                '-o', `Port=${port}`,
-                '-o', 'StrictHostKeyChecking=no',
-                '-o', 'UserKnownHostsFile=/dev/null',
-                '-o', 'reconnect',
-                '-o', 'ServerAliveInterval=15',
-                '-o', 'ServerAliveCountMax=3',
-                '-o', 'noappledouble', // Prevent macOS ._* metadata files
-            ];
-            // Add custom options
-            for (const [key, value] of Object.entries(options)) {
-                args.push('-o', `${key}=${value}`);
-            }
+            const args = buildSshfsArgs(params, keyPath, certPath, this.config.defaultOptions);
             console.log(`[SSHFS] Mounting: sshfs ${args.join(' ')}`);
             // Execute mount (SSHFS will daemonize and exit immediately on success)
             await this.execMount(args, params.mountPoint);
@@ -96,11 +123,12 @@ export class SshfsMountClient {
             this.activeMounts.set(params.mountPoint, {
                 mountPoint: params.mountPoint,
                 keyPath,
+                certPath,
             });
         }
         catch (error) {
-            // Cleanup key on failure
-            await unlink(keyPath).catch(() => { });
+            // Cleanup key and cert on failure
+            await this.cleanupCredentialFiles(keyPath, certPath);
             throw error;
         }
     }
@@ -129,9 +157,9 @@ export class SshfsMountClient {
         if (!success) {
             console.warn(`Failed to unmount ${mountPoint}, may need manual cleanup`);
         }
-        // Cleanup
+        // Cleanup key and certificate files
         if (activeMount) {
-            await unlink(activeMount.keyPath).catch(() => { });
+            await this.cleanupCredentialFiles(activeMount.keyPath, activeMount.certPath);
             this.activeMounts.delete(mountPoint);
         }
     }

package/dist/executor/sshfs-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"sshfs-client.js","sourceRoot":"","sources":["../../src/executor/sshfs-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAsCtE,MAAM,oBAAoB,GAAG,uBAAuB,CAAC;AACrD,MAAM,qBAAqB,GAAG,KAAK,CAAC;AAEpC;;;;GAIG;AACH,MAAM,OAAO,gBAAgB;IACnB,MAAM,CAAmB;IACzB,YAAY,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEtD,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;YAE3C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3C,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;oBAC5D,OAAO,CAAC;wBACN,SAAS,EAAE,IAAI;wBACf,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;qBAC3B,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC;wBACN,SAAS,EAAE,KAAK;wBAChB,KAAK,EAAE,iBAAiB;qBACzB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACpB,OAAO,CAAC;oBACN,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,yBAAyB;iBACjC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,MAAmB;QAC7B,mBAAmB;QACnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9C,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,sBAAsB,CAC9B,OAAO,EACP,gGAAgG,CACjG,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,oBAAoB,CAAC;QAClE,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7C,gCAAgC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAE7D,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC7C,MAAM,UAAU,GAAG,GAAG,IAAI,IAAI,IAAI,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YAE7D,MAAM,OAAO,GAAG;gBACd,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc;gBAC7B,GAAG,MAAM,CAAC,OAAO;aAClB,CAAC;YAEF,MAAM,IAAI,GAAG;gBACX,UAAU;gBACV,MAAM,CAAC,UAAU;gBACjB,IAAI,EAAE,gBAAgB,OAAO,EAAE;gBAC/B,IAAI,EAAE,QAAQ,IAAI,EAAE;gBACpB,IAAI,EAAE,0BAA0B;gBAChC,IAAI,EAAE,8BAA8B;gBACpC,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,wBAAwB;gBAC9B,IAAI,EAAE,uBAAuB;gBAC7B,IAAI,EAAE,eAAe,EAAG,mCAAmC;aAC5D,CAAC;YAEF,qBAAqB;YACrB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEzD,uEAAuE;YACvE,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;YAE9C,qBAAqB;YACrB,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE;gBACvC,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO;aACR,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yBAAyB;YACzB,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACtC,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,UAAkB;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAEtD,gCAAgC;QAChC,MAAM,eAAe,GAAG;YACtB,CAAC,QAAQ,EAAE,UAAU,CAAC;YACtB,CAAC,YAAY,EAAE,IAAI,EAAE,UAAU,CAAC;YAChC,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,QAAQ;SAC9C,CAAC;QAEF,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9C,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,kBAAkB;YACpB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,qBAAqB,UAAU,2BAA2B,CAAC,CAAC;QAC3E,CAAC;QAED,UAAU;QACV,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAClD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC;YACH,iDAAiD;YACjD,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,IAAc,EAAE,UAAkB;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,qBAAqB,CAAC;QAElE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,8EAA8E;YAC9E,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;gBAChC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;gBAClC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACZ,iCAAiC;gBACjC,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBACjC,CAAC;gBAAC,MAAM,CAAC;oBACP,+BAA+B;gBACjC,CAAC;gBACD,MAAM,CAAC,IAAI,gBAAgB,CAAC,uBAAuB,OAAO,IAAI,CAAC,CAAC,CAAC;YACnE,CAAC,EAAE,OAAO,CAAC,CAAC;YAEZ,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;gBAC9B,YAAY,CAAC,KAAK,CAAC,CAAC;gBAEpB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,MAAM,IAAI,0BAA0B,IAAI,EAAE,CAAC,CAAC,CAAC;oBACzE,OAAO;gBACT,CAAC;gBAED,8CAA8C;gBAC9C,yCAAyC;gBACzC,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;oBACzC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;oBAEtD,IAAI,SAAS,CAAC,GAAG,KAAK,UAAU,CAAC,GAAG,EAAE,CAAC;wBACrC,0CAA0C;wBAC1C,OAAO,EAAE,CAAC;oBACZ,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,gBAAgB,CAAC,qCAAqC,CAAC,CAAC,CAAC;oBACtE,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBACzB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,GAAW,EAAE,IAAc;QAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAE9B,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,GAAG,qBAAqB,IAAI,EAAE,CAAC,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}
+{"version":3,"file":"sshfs-client.js","sourceRoot":"","sources":["../../src/executor/sshfs-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAsB,MAAM,YAAY,CAAC;AAG1F,MAAM,CAAC,MAAM,oBAAoB,GAAG,uBAAuB,CAAC;AAC5D,MAAM,qBAAqB,GAAG,KAAK,CAAC;AAEpC;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAmB,EACnB,OAAe,EACf,QAAgB,EAChB,cAAuC;IAEvC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;IAC7C,MAAM,UAAU,GAAG,GAAG,IAAI,IAAI,IAAI,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;IAE7D,MAAM,OAAO,GAAG;QACd,GAAG,cAAc;QACjB,GAAG,MAAM,CAAC,OAAO;KAClB,CAAC;IAEF,MAAM,IAAI,GAAG;QACX,UAAU;QACV,MAAM,CAAC,UAAU;QACjB,IAAI,EAAE,gBAAgB,OAAO,EAAE;QAC/B,IAAI,EAAE,mBAAmB,QAAQ,EAAE;QACnC,IAAI,EAAE,QAAQ,IAAI,EAAE;QACpB,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,8BAA8B;QACpC,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,eAAe;KACtB,CAAC;IAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,gBAAgB;IACnB,MAAM,CAAmB;IACzB,YAAY,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEtD,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;YAE3C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3C,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;oBAC5D,OAAO,CAAC;wBACN,SAAS,EAAE,IAAI;wBACf,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;qBAC3B,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC;wBACN,SAAS,EAAE,KAAK;wBAChB,KAAK,EAAE,iBAAiB;qBACzB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACpB,OAAO,CAAC;oBACN,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,yBAAyB;iBACjC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CACxB,UAAkB,EAClB,UAAyB;QAEzB,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7C,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,GAAG,OAAO,WAAW,CAAC;QACvC,MAAM,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACjE,MAAM,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEnE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,OAAe,EAAE,QAAgB;QAC5D,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACtC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,MAAmB;QAC7B,mBAAmB;QACnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9C,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,sBAAsB,CAC9B,OAAO,EACP,gGAAgG,CACjG,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,oBAAoB,CAAC;QAClE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAE7F,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YAEnF,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEzD,uEAAuE;YACvE,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;YAE9C,qBAAqB;YACrB,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE;gBACvC,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO;gBACP,QAAQ;aACT,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,kCAAkC;YAClC,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACrD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,UAAkB;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAEtD,gCAAgC;QAChC,MAAM,eAAe,GAAG;YACtB,CAAC,QAAQ,EAAE,UAAU,CAAC;YACtB,CAAC,YAAY,EAAE,IAAI,EAAE,UAAU,CAAC;YAChC,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,QAAQ;SAC9C,CAAC;QAEF,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9C,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,kBAAkB;YACpB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,qBAAqB,UAAU,2BAA2B,CAAC,CAAC;QAC3E,CAAC;QAED,oCAAoC;QACpC,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,OAAO,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC;YACH,iDAAiD;YACjD,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,IAAc,EAAE,UAAkB;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,qBAAqB,CAAC;QAElE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,8EAA8E;YAC9E,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;gBAChC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;gBAClC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACZ,iCAAiC;gBACjC,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBACjC,CAAC;gBAAC,MAAM,CAAC;oBACP,+BAA+B;gBACjC,CAAC;gBACD,MAAM,CAAC,IAAI,gBAAgB,CAAC,uBAAuB,OAAO,IAAI,CAAC,CAAC,CAAC;YACnE,CAAC,EAAE,OAAO,CAAC,CAAC;YAEZ,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;gBAC9B,YAAY,CAAC,KAAK,CAAC,CAAC;gBAEpB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,MAAM,IAAI,0BAA0B,IAAI,EAAE,CAAC,CAAC,CAAC;oBACzE,OAAO;gBACT,CAAC;gBAED,8CAA8C;gBAC9C,yCAAyC;gBACzC,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;oBACzC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;oBAEtD,IAAI,SAAS,CAAC,GAAG,KAAK,UAAU,CAAC,GAAG,EAAE,CAAC;wBACrC,0CAA0C;wBAC1C,OAAO,EAAE,CAAC;oBACZ,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,gBAAgB,CAAC,qCAAqC,CAAC,CAAC,CAAC;oBACtE,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,gBAAgB,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBACzB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,GAAW,EAAE,IAAc;QAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAE9B,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,GAAG,qBAAqB,IAAI,EAAE,CAAC,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/index.d.ts

@@ -3,6 +3,8 @@
  *
  * SSHFS Transport implementation for AWCP data plane
  */
-export { CredentialManager, type CredentialManagerConfig, type GeneratedCredential, } from './delegator/index.js';
-export { SshfsMountClient, type SshfsMountConfig, type MountParams, } from './executor/index.js';
+export { SshfsTransport } from './sshfs-transport.js';
+export type { SshfsTransportConfig, SshfsDelegatorConfig, SshfsExecutorConfig, CredentialManagerConfig, GeneratedCredential, SshfsMountConfig, MountParams, ActiveMount, SshfsMountInfo, SshCredential, SshEndpoint, } from './types.js';
+export { CredentialManager } from './delegator/index.js';
+export { SshfsMountClient, DEFAULT_TEMP_KEY_DIR, buildSshfsArgs } from './executor/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,GACzB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,KAAK,WAAW,GACjB,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGtD,YAAY,EACV,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,EACvB,mBAAmB,EACnB,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,aAAa,EACb,WAAW,GACZ,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/index.js

@@ -3,8 +3,9 @@
  *
  * SSHFS Transport implementation for AWCP data plane
  */
-// Delegator-side exports
-export { CredentialManager, } from './delegator/index.js';
-// Executor-side exports
-export { SshfsMountClient, } from './executor/index.js';
+// Main transport adapter
+export { SshfsTransport } from './sshfs-transport.js';
+// Lower-level components (for advanced use cases)
+export { CredentialManager } from './delegator/index.js';
+export { SshfsMountClient, DEFAULT_TEMP_KEY_DIR, buildSshfsArgs } from './executor/index.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,yBAAyB;AACzB,OAAO,EACL,iBAAiB,GAGlB,MAAM,sBAAsB,CAAC;AAE9B,wBAAwB;AACxB,OAAO,EACL,gBAAgB,GAGjB,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,yBAAyB;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAiBtD,kDAAkD;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC"}