@cat-factory/server 0.6.0

package/dist/config/types.d.ts

@@ -0,0 +1,294 @@
+import type { AgentRouting } from '@cat-factory/agents';
+import type { ModelOption } from '@cat-factory/contracts';
+import type { DocumentSourceKind, ModelRef, TaskSourceKind } from '@cat-factory/kernel';
+import type { SpendPricing } from '@cat-factory/spend';
+export interface AgentsConfig {
+    routing: AgentRouting;
+    /**
+     * Resolve a block's selected model id to a concrete ref, honouring the
+     * direct/Cloudflare fallback based on which provider keys are configured.
+     */
+    resolveBlockModel: (modelId: string | undefined) => ModelRef | undefined;
+}
+export interface ExecutionConfig {
+    /** Human-decision park timeout passed to the workflow's waitForEvent. */
+    decisionTimeout: string;
+    /** How long the durable driver sleeps between polls of an async container job. */
+    jobPollInterval: string;
+    /** Safety bound on the number of polls before a long-running job is failed. */
+    jobMaxPolls: number;
+    /** How many consecutive status-read failures are tolerated before giving up a job. */
+    jobPollFailureTolerance: number;
+    /** How long the durable driver sleeps between polls of a `ci` step's CI status. */
+    ciPollInterval: string;
+    /** Safety bound on the number of CI polls before the gate is given up. */
+    ciMaxPolls: number;
+    /** Age ceiling for the instance-level container reaper (epoch-ms). */
+    containerMaxAgeMs: number;
+}
+export interface PrivilegedAppConfig {
+    appId: string;
+}
+export interface GitHubConfig {
+    enabled: boolean;
+    appId: string;
+    appSlug: string;
+    apiBase: string;
+    /** Browser redirect target after a successful connect (falls back to '/'). */
+    setupRedirectUrl: string;
+    /** HMAC secret for signing the install `state` (and verifying webhooks); '' when unset. */
+    webhookSecret: string;
+    /** Present only when a privileged App is configured AND its key is supplied. */
+    privilegedApp?: PrivilegedAppConfig;
+}
+/** Google OAuth credentials + (optional) endpoint overrides for "Login with Google". */
+export interface GoogleOAuthConfig {
+    clientId: string;
+    clientSecret: string;
+    /** Explicit redirect_uri; '' means derive `${origin}/auth/google/callback`. */
+    redirectUrl: string;
+    /** OAuth host (authorize/token); defaults to Google's. */
+    oauthBase?: string;
+    /** Userinfo API base; defaults to Google's. */
+    apiBase?: string;
+}
+export interface AuthConfig {
+    /** True when ANY login provider (GitHub OAuth / password / Google) is configured. */
+    enabled: boolean;
+    /** Local-dev/test ONLY: permit running with auth unconfigured (open API). */
+    devOpen: boolean;
+    /** GitHub OAuth is offered only when a client id/secret are set. */
+    githubEnabled: boolean;
+    clientId: string;
+    clientSecret: string;
+    sessionSecret: string;
+    /** REST API base for reading the user (shared with the GitHub integration). */
+    apiBase: string;
+    /** OAuth host (authorize/token endpoints). */
+    oauthBase: string;
+    /** Session token lifetime in milliseconds. */
+    sessionTtlMs: number;
+    /** Fixed post-login landing URL; '' means honour the request-provided one. */
+    successRedirectUrl: string;
+    /** Explicit OAuth redirect_uri; '' means derive it from the request origin. */
+    callbackUrl: string;
+    /** Lowercased GitHub logins permitted to sign in (OR with allowedOrgs). */
+    allowedLogins: string[];
+    /** Lowercased GitHub org logins whose members may sign in (OR with allowedLogins). */
+    allowedOrgs: string[];
+    /** Extra origins the post-login `redirect` query may target, beyond the request origin. */
+    allowedRedirectOrigins: string[];
+    /** Whether email/password signup + login is offered. */
+    passwordEnabled: boolean;
+    /** Google OAuth config, present only when configured. */
+    google?: GoogleOAuthConfig;
+    /**
+     * Lowercased email domains permitted to self-signup (password/Google) without an
+     * invite. Empty ⇒ new-user creation is invite-only (the default, fail-closed).
+     */
+    allowedEmailDomains: string[];
+}
+export interface EmailConfig {
+    /**
+     * Opt-in flag. Requires an encryption key (the per-account provider API key is
+     * sealed at rest, no plaintext fallback). When false the email module isn't
+     * assembled and invitations return a shareable link instead of sending mail.
+     * The provider + API key + From address are onboarded per-account in the UI and
+     * stored in the DB — NOT read from env — so each org brings its own sender.
+     */
+    enabled: boolean;
+    /** Service-level master key (base64) backing provider-API-key encryption at rest. */
+    encryptionKey?: string;
+    /** Public base URL the invite-accept link points at (the SPA origin). */
+    appBaseUrl: string;
+}
+export interface DocumentsConfig {
+    /**
+     * Always on where the runtime serves documents: there is no enable flag, and an
+     * encryption key is mandatory (config load fails loudly without it). False only on
+     * facades that do not serve documents at all (e.g. the Node MVP).
+     */
+    enabled: boolean;
+    /** Which source providers to register (default: all). */
+    sources: DocumentSourceKind[];
+    /** 'llm' uses the agent model to plan structure; 'headings' forces the parser. */
+    planner: 'llm' | 'headings';
+    /** Service-level master key (base64) backing source-credential encryption at rest. */
+    encryptionKey?: string;
+}
+export interface TasksConfig {
+    /**
+     * Always on where the runtime serves task sources: there is no enable flag, and an
+     * encryption key is mandatory (config load fails loudly without it).
+     */
+    enabled: boolean;
+    /** Which source providers to register (default: all). */
+    sources: TaskSourceKind[];
+    /** Service-level master key (base64) backing source-credential encryption at rest. */
+    encryptionKey?: string;
+}
+export interface EnvironmentsConfig {
+    /** Opt-in flag. Requires an encryption key (no silent plaintext fallback). */
+    enabled: boolean;
+    /** Service-level master key (base64) backing credential encryption at rest. */
+    encryptionKey?: string;
+    /**
+     * Hostnames exempt from the strict public-https URL guard, for a TRUSTED in-house
+     * adapter pointing at an internal env platform on a private/VPN host. Each entry
+     * matches the URL hostname exactly, or as a dot suffix when it starts with `.`
+     * (`.internal`). Absent/empty => strict (no exemptions). Folds into the shared
+     * {@link UrlSafetyPolicy} via `resolveUrlSafetyPolicy`.
+     */
+    allowUrlHosts?: string[];
+    /** Permit `http` (not just `https`) for trusted provider/env URLs. */
+    allowHttpUrls?: boolean;
+}
+export interface RunnerPoolConfig {
+    /** Opt-in flag. Requires an encryption key (no silent plaintext fallback). */
+    enabled: boolean;
+    /** Service-level master key (base64) backing credential encryption at rest. */
+    encryptionKey?: string;
+    /** Hostnames exempt from the strict public-https URL guard (see EnvironmentsConfig). */
+    allowUrlHosts?: string[];
+    /** Permit `http` (not just `https`) for a trusted internal pool scheduler URL. */
+    allowHttpUrls?: boolean;
+}
+export interface DatadogConfig {
+    /**
+     * Opt-in flag (`DATADOG_ENABLED=true`). Requires an encryption key (the per-workspace
+     * API/app keys are sealed at rest, no silent plaintext fallback). When false the
+     * post-release-health gate is a pass-through and no release-health module is assembled.
+     */
+    enabled: boolean;
+    /** Service-level master key (base64) backing Datadog-credential encryption at rest. */
+    encryptionKey?: string;
+}
+export interface IncidentEnrichmentConfig {
+    /**
+     * PagerDuty incident-enrichment, present only when configured. Annotates (never
+     * re-alerts) an incident PagerDuty already opened with the on-call investigation.
+     */
+    pagerDuty?: {
+        apiToken: string;
+        fromEmail: string;
+    };
+    /** incident.io incident-enrichment, present only when configured. */
+    incidentIo?: {
+        apiKey: string;
+    };
+}
+export interface SlackConfig {
+    /**
+     * Opt-in flag. Requires an encryption key (the per-account bot token is sealed
+     * at rest, no silent plaintext fallback). When false the Slack module isn't
+     * assembled and no Slack channel is composed into the notification fan-out.
+     */
+    enabled: boolean;
+    /** Service-level master key (base64) backing bot-token encryption at rest. */
+    encryptionKey?: string;
+    /**
+     * Slack app OAuth credentials, present only when a Slack app was registered.
+     * Absent → manual bot-token onboarding still works; OAuth routes aren't offered.
+     */
+    oauth?: {
+        clientId: string;
+        clientSecret: string;
+        redirectUrl: string;
+    };
+}
+export interface RetentionConfig {
+    tokenUsageMs: number;
+    rateLimitMs: number;
+    commitMs: number;
+    /**
+     * LLM observability sink (full per-call prompt/response). Heavy, and only useful
+     * for recent debugging, so it is pruned aggressively (default 3 days).
+     */
+    llmCallMetricsMs: number;
+}
+export interface FragmentLibraryConfig {
+    /** Opt-in flag (`PROMPT_LIBRARY_ENABLED=true`); needs no encryption key. */
+    enabled: boolean;
+    /** Relevance selection mode: 'llm' ranks per run; 'deterministic' matches tags. */
+    selector: 'llm' | 'deterministic';
+}
+export interface ObservabilityConfig {
+    /**
+     * Whether the LLM observability sink persists the full prompt body with each
+     * metric. Default true. When false (`LLM_RECORD_PROMPTS=false`) the numeric
+     * telemetry (tokens, timing, finish reason, message/tool counts) is still recorded,
+     * but the prompt text is stored empty — for deployments that must not retain the
+     * (potentially sensitive) complete prompts sent to the model.
+     */
+    recordPrompts: boolean;
+}
+export interface LangfuseConfig {
+    /**
+     * Opt-in flag (`LANGFUSE_ENABLED=true`). Requires both keys; when false (or a key is
+     * missing) no Langfuse sink is built and there is no external emission. Off by default,
+     * exactly like every other opt-in integration (Slack, environments, runners).
+     */
+    enabled: boolean;
+    /** Langfuse public key (`pk-lf-…`). */
+    publicKey?: string;
+    /** Langfuse secret key (`sk-lf-…`). */
+    secretKey?: string;
+    /** Host of the Langfuse instance; defaults to Langfuse Cloud when omitted. */
+    baseUrl?: string;
+}
+export interface LocalModeConfig {
+    /**
+     * True on the local-mode facade (a single developer running the whole product on
+     * their own machine). Absent/false on the Worker and stock Node facades.
+     */
+    enabled: boolean;
+    /**
+     * When local mode is running WITHOUT a GitHub PAT, a github.com URL with the scopes
+     * local mode needs pre-selected, so the developer can create one in a single click.
+     * Absent once a PAT is configured. The SPA surfaces this as a dismissible banner so
+     * the warning isn't lost in the server console.
+     */
+    githubPatSetupUrl?: string;
+}
+export interface AppConfig {
+    agents: AgentsConfig;
+    /** The effective model picker catalog (each model's active flavour). */
+    models: ModelOption[];
+    execution: ExecutionConfig;
+    /** Pricing + budget for the spend safeguard. */
+    spend: SpendPricing;
+    /** GitHub integration config; `enabled` is false unless a GitHub App is set up. */
+    github: GitHubConfig;
+    /** "Login with GitHub" config; `enabled` is false unless an OAuth app is set up. */
+    auth: AuthConfig;
+    /** Document-source integration config; always on where the runtime serves documents. */
+    documents: DocumentsConfig;
+    /** Task-source integration config; always on where the runtime serves task sources. */
+    tasks: TasksConfig;
+    /** Environment provider integration config; `enabled` is false unless opted in. */
+    environments: EnvironmentsConfig;
+    /** Self-hosted runner-pool config; `enabled` is false unless opted in. */
+    runners: RunnerPoolConfig;
+    /** Slack notification-transport config; `enabled` is false unless opted in. */
+    slack: SlackConfig;
+    /** Datadog post-release-health config; `enabled` is false unless opted in. */
+    datadog: DatadogConfig;
+    /** Optional PagerDuty / incident.io incident-enrichment config (additive, opt-in). */
+    incidentEnrichment: IncidentEnrichmentConfig;
+    /** Transactional email config (invitations); `enabled` is false unless opted in. */
+    email: EmailConfig;
+    /** Retention windows for the unbounded ledgers/projections (epoch-ms ages). */
+    retention: RetentionConfig;
+    /** Prompt-fragment library config; `enabled` is false unless opted in (ADR 0006). */
+    fragmentLibrary: FragmentLibraryConfig;
+    /** LLM observability config (e.g. whether complete prompts are recorded). */
+    observability: ObservabilityConfig;
+    /** Optional Langfuse trace-sink config; `enabled` is false unless opted in. */
+    langfuse: LangfuseConfig;
+    /**
+     * Local-mode facade signals surfaced to the SPA; present only on the local facade
+     * (the Worker/Node facades leave it undefined). Carries the missing-PAT setup prompt.
+     */
+    localMode?: LocalModeConfig;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/config/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACvF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAOtD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,YAAY,CAAA;IACrB;;;OAGG;IACH,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,QAAQ,GAAG,SAAS,CAAA;CACzE;AAED,MAAM,WAAW,eAAe;IAC9B,yEAAyE;IACzE,eAAe,EAAE,MAAM,CAAA;IACvB,kFAAkF;IAClF,eAAe,EAAE,MAAM,CAAA;IACvB,+EAA+E;IAC/E,WAAW,EAAE,MAAM,CAAA;IACnB,sFAAsF;IACtF,uBAAuB,EAAE,MAAM,CAAA;IAC/B,mFAAmF;IACnF,cAAc,EAAE,MAAM,CAAA;IACtB,0EAA0E;IAC1E,UAAU,EAAE,MAAM,CAAA;IAClB,sEAAsE;IACtE,iBAAiB,EAAE,MAAM,CAAA;CAC1B;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAA;IACxB,2FAA2F;IAC3F,aAAa,EAAE,MAAM,CAAA;IACrB,gFAAgF;IAChF,aAAa,CAAC,EAAE,mBAAmB,CAAA;CACpC;AAED,wFAAwF;AACxF,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,+EAA+E;IAC/E,WAAW,EAAE,MAAM,CAAA;IACnB,0DAA0D;IAC1D,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,qFAAqF;IACrF,OAAO,EAAE,OAAO,CAAA;IAChB,6EAA6E;IAC7E,OAAO,EAAE,OAAO,CAAA;IAChB,oEAAoE;IACpE,aAAa,EAAE,OAAO,CAAA;IACtB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,aAAa,EAAE,MAAM,CAAA;IACrB,+EAA+E;IAC/E,OAAO,EAAE,MAAM,CAAA;IACf,8CAA8C;IAC9C,SAAS,EAAE,MAAM,CAAA;IACjB,8CAA8C;IAC9C,YAAY,EAAE,MAAM,CAAA;IACpB,8EAA8E;IAC9E,kBAAkB,EAAE,MAAM,CAAA;IAC1B,+EAA+E;IAC/E,WAAW,EAAE,MAAM,CAAA;IACnB,2EAA2E;IAC3E,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,sFAAsF;IACtF,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,2FAA2F;IAC3F,sBAAsB,EAAE,MAAM,EAAE,CAAA;IAChC,wDAAwD;IACxD,eAAe,EAAE,OAAO,CAAA;IACxB,yDAAyD;IACzD,MAAM,CAAC,EAAE,iBAAiB,CAAA;IAC1B;;;OAGG;IACH,mBAAmB,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B;;;;;;OAMG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,qFAAqF;IACrF,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,yDAAyD;IACzD,OAAO,EAAE,kBAAkB,EAAE,CAAA;IAC7B,kFAAkF;IAClF,OAAO,EAAE,KAAK,GAAG,UAAU,CAAA;IAC3B,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,yDAAyD;IACzD,OAAO,EAAE,cAAc,EAAE,CAAA;IACzB,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,8EAA8E;IAC9E,OAAO,EAAE,OAAO,CAAA;IAChB,+EAA+E;IAC/E,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,sEAAsE;IACtE,aAAa,CAAC,EAAE,OAAO,CAAA;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,8EAA8E;IAC9E,OAAO,EAAE,OAAO,CAAA;IAChB,+EAA+E;IAC/E,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,wFAAwF;IACxF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,kFAAkF;IAClF,aAAa,CAAC,EAAE,OAAO,CAAA;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B;;;;OAIG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,uFAAuF;IACvF,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,wBAAwB;IACvC;;;OAGG;IACH,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAA;IACnD,qEAAqE;IACrE,UAAU,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAA;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB;;;OAGG;IACH,KAAK,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAA;CACxE;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB;;;OAGG;IACH,gBAAgB,EAAE,MAAM,CAAA;CACzB;AAED,MAAM,WAAW,qBAAqB;IACpC,4EAA4E;IAC5E,OAAO,EAAE,OAAO,CAAA;IAChB,mFAAmF;IACnF,QAAQ,EAAE,KAAK,GAAG,eAAe,CAAA;CAClC;AAED,MAAM,WAAW,mBAAmB;IAClC;;;;;;OAMG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B;;;;OAIG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,YAAY,CAAA;IACpB,wEAAwE;IACxE,MAAM,EAAE,WAAW,EAAE,CAAA;IACrB,SAAS,EAAE,eAAe,CAAA;IAC1B,gDAAgD;IAChD,KAAK,EAAE,YAAY,CAAA;IACnB,mFAAmF;IACnF,MAAM,EAAE,YAAY,CAAA;IACpB,oFAAoF;IACpF,IAAI,EAAE,UAAU,CAAA;IAChB,wFAAwF;IACxF,SAAS,EAAE,eAAe,CAAA;IAC1B,uFAAuF;IACvF,KAAK,EAAE,WAAW,CAAA;IAClB,mFAAmF;IACnF,YAAY,EAAE,kBAAkB,CAAA;IAChC,0EAA0E;IAC1E,OAAO,EAAE,gBAAgB,CAAA;IACzB,+EAA+E;IAC/E,KAAK,EAAE,WAAW,CAAA;IAClB,8EAA8E;IAC9E,OAAO,EAAE,aAAa,CAAA;IACtB,sFAAsF;IACtF,kBAAkB,EAAE,wBAAwB,CAAA;IAC5C,oFAAoF;IACpF,KAAK,EAAE,WAAW,CAAA;IAClB,+EAA+E;IAC/E,SAAS,EAAE,eAAe,CAAA;IAC1B,qFAAqF;IACrF,eAAe,EAAE,qBAAqB,CAAA;IACtC,6EAA6E;IAC7E,aAAa,EAAE,mBAAmB,CAAA;IAClC,+EAA+E;IAC/E,QAAQ,EAAE,cAAc,CAAA;IACxB;;;OAGG;IACH,SAAS,CAAC,EAAE,eAAe,CAAA;CAC5B"}

package/dist/config/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/config/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":""}

package/dist/config/url-safety.d.ts

@@ -0,0 +1,8 @@
+import type { UrlSafetyPolicy } from '@cat-factory/kernel';
+/** The per-integration config fields that widen the strict URL/host guard. */
+export interface UrlSafetyConfigSlice {
+    allowUrlHosts?: string[];
+    allowHttpUrls?: boolean;
+}
+export declare function resolveUrlSafetyPolicy(slice: UrlSafetyConfigSlice): UrlSafetyPolicy | undefined;
+//# sourceMappingURL=url-safety.d.ts.map

package/dist/config/url-safety.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-safety.d.ts","sourceRoot":"","sources":["../../src/config/url-safety.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAU1D,8EAA8E;AAC9E,MAAM,WAAW,oBAAoB;IACnC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,aAAa,CAAC,EAAE,OAAO,CAAA;CACxB;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,oBAAoB,GAAG,eAAe,GAAG,SAAS,CAQ/F"}

package/dist/config/url-safety.js

@@ -0,0 +1,11 @@
+export function resolveUrlSafetyPolicy(slice) {
+    const hosts = [...new Set((slice.allowUrlHosts ?? []).map((h) => h.trim()).filter(Boolean))];
+    const allowHttp = Boolean(slice.allowHttpUrls);
+    if (hosts.length === 0 && !allowHttp)
+        return undefined;
+    return {
+        schemes: allowHttp ? ['https', 'http'] : ['https'],
+        allowHosts: hosts,
+    };
+}
+//# sourceMappingURL=url-safety.js.map

package/dist/config/url-safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-safety.js","sourceRoot":"","sources":["../../src/config/url-safety.ts"],"names":[],"mappings":"AAgBA,MAAM,UAAU,sBAAsB,CAAC,KAA2B;IAChE,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;IAC5F,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;IAC9C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAA;IACtD,OAAO;QACL,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAClD,UAAU,EAAE,KAAK;KAClB,CAAA;AACH,CAAC"}

package/dist/containers/ContainerSessionService.d.ts

@@ -0,0 +1,67 @@
+import { TOKEN_AUDIENCE } from '../auth/signing.js';
+/** Claims carried by a container session token. */
+export interface ContainerSession {
+    /** Audience pin — always `llm-proxy`; rejected by the user-session verifier. */
+    aud: typeof TOKEN_AUDIENCE.container;
+    /** Workspace the run belongs to (spend is metered against it). */
+    workspaceId: string;
+    /**
+     * The workspace's owning account id, so the proxy can lease an account-scoped API
+     * key from the merged pool. Absent for a legacy/unscoped workspace.
+     */
+    accountId?: string;
+    /**
+     * The run initiator's `usr_*` id, so the proxy can also lease the initiator's own
+     * user-scoped API keys. Absent for system-initiated runs.
+     */
+    userId?: string;
+    /** Execution instance id (links proxied usage to the run). */
+    executionId: string;
+    /** Agent kind performing the work, for the spend ledger. */
+    agentKind: string;
+    /** Locked upstream provider id (e.g. `qwen`, `deepseek`, `moonshot`). */
+    provider: string;
+    /** Locked upstream model id (e.g. `qwen3-max`). */
+    model: string;
+    /** Absolute expiry, epoch ms. */
+    exp: number;
+}
+/**
+ * Default session lifetime. Must clear the harness job watchdog ceiling
+ * (`JOB_MAX_DURATION_MS`, default 60 min) PLUS the dispatch→container-boot lead
+ * (the token is minted at dispatch, before Pi starts), or a long but healthy step
+ * 401s mid-run once the token expires while the watchdog still considers it alive.
+ * 90 min = 60 min job + ~10 min boot lead + margin. The token is tightly scoped
+ * (audience `llm-proxy`, one workspace, one execution, locked provider+model), so a
+ * longer life is a small risk increase: a leak can only spend that run's metered
+ * budget on that one model. If you raise `JOB_MAX_DURATION_MS`, raise this too.
+ */
+export declare const DEFAULT_SESSION_TTL_MS: number;
+export interface MintInput {
+    workspaceId: string;
+    accountId?: string | null;
+    userId?: string | null;
+    executionId: string;
+    agentKind: string;
+    provider: string;
+    model: string;
+    /** Override the default TTL (ms). */
+    ttlMs?: number;
+}
+export declare class ContainerSessionService {
+    private readonly signer;
+    private readonly now;
+    constructor({ secret, now }: {
+        secret: string;
+        now?: () => number;
+    });
+    /** Mint a signed token for one run. */
+    mint(input: MintInput): Promise<string>;
+    /**
+     * Verify a bearer token, returning its claims or null when invalid/expired.
+     * Pins the `llm-proxy` audience so a user session token (same secret) cannot
+     * be used to drive the proxy, and vice-versa.
+     */
+    verify(token: string | null | undefined): Promise<ContainerSession | null>;
+}
+//# sourceMappingURL=ContainerSessionService.d.ts.map

package/dist/containers/ContainerSessionService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ContainerSessionService.d.ts","sourceRoot":"","sources":["../../src/containers/ContainerSessionService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,cAAc,EAAE,MAAM,oBAAoB,CAAA;AAS/D,mDAAmD;AACnD,MAAM,WAAW,gBAAgB;IAC/B,gFAAgF;IAChF,GAAG,EAAE,OAAO,cAAc,CAAC,SAAS,CAAA;IACpC,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAA;IACnB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,8DAA8D;IAC9D,WAAW,EAAE,MAAM,CAAA;IACnB,4DAA4D;IAC5D,SAAS,EAAE,MAAM,CAAA;IACjB,yEAAyE;IACzE,QAAQ,EAAE,MAAM,CAAA;IAChB,mDAAmD;IACnD,KAAK,EAAE,MAAM,CAAA;IACb,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,QAAiB,CAAA;AAEpD,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,qBAAa,uBAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAY;IACnC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAc;IAElC,YAAY,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;KAAE,EAGlE;IAED,uCAAuC;IACvC,IAAI,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAatC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAEzE;CACF"}

package/dist/containers/ContainerSessionService.js

@@ -0,0 +1,44 @@
+import { HmacSigner, TOKEN_AUDIENCE } from '../auth/signing.js';
+/**
+ * Default session lifetime. Must clear the harness job watchdog ceiling
+ * (`JOB_MAX_DURATION_MS`, default 60 min) PLUS the dispatch→container-boot lead
+ * (the token is minted at dispatch, before Pi starts), or a long but healthy step
+ * 401s mid-run once the token expires while the watchdog still considers it alive.
+ * 90 min = 60 min job + ~10 min boot lead + margin. The token is tightly scoped
+ * (audience `llm-proxy`, one workspace, one execution, locked provider+model), so a
+ * longer life is a small risk increase: a leak can only spend that run's metered
+ * budget on that one model. If you raise `JOB_MAX_DURATION_MS`, raise this too.
+ */
+export const DEFAULT_SESSION_TTL_MS = 90 * 60 * 1000;
+export class ContainerSessionService {
+    signer;
+    now;
+    constructor({ secret, now }) {
+        this.signer = new HmacSigner(secret);
+        this.now = now ?? (() => Date.now());
+    }
+    /** Mint a signed token for one run. */
+    mint(input) {
+        const session = {
+            aud: TOKEN_AUDIENCE.container,
+            workspaceId: input.workspaceId,
+            ...(input.accountId ? { accountId: input.accountId } : {}),
+            ...(input.userId ? { userId: input.userId } : {}),
+            executionId: input.executionId,
+            agentKind: input.agentKind,
+            provider: input.provider,
+            model: input.model,
+            exp: this.now() + (input.ttlMs ?? DEFAULT_SESSION_TTL_MS),
+        };
+        return this.signer.sign(session);
+    }
+    /**
+     * Verify a bearer token, returning its claims or null when invalid/expired.
+     * Pins the `llm-proxy` audience so a user session token (same secret) cannot
+     * be used to drive the proxy, and vice-versa.
+     */
+    verify(token) {
+        return this.signer.verify(token, { aud: TOKEN_AUDIENCE.container });
+    }
+}
+//# sourceMappingURL=ContainerSessionService.js.map

package/dist/containers/ContainerSessionService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ContainerSessionService.js","sourceRoot":"","sources":["../../src/containers/ContainerSessionService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AAqC/D;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AAcpD,MAAM,OAAO,uBAAuB;IACjB,MAAM,CAAY;IAClB,GAAG,CAAc;IAElC,YAAY,EAAE,MAAM,EAAE,GAAG,EAA0C;QACjE,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;IACtC,CAAC;IAED,uCAAuC;IACvC,IAAI,CAAC,KAAgB;QACnB,MAAM,OAAO,GAAqB;YAChC,GAAG,EAAE,cAAc,CAAC,SAAS;YAC7B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1D,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,sBAAsB,CAAC;SAC1D,CAAA;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAClC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAgC;QACrC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAmB,KAAK,EAAE,EAAE,GAAG,EAAE,cAAc,CAAC,SAAS,EAAE,CAAC,CAAA;IACvF,CAAC;CACF"}

package/dist/crypto/WebCryptoPasswordHasher.d.ts

@@ -0,0 +1,9 @@
+import type { PasswordHasher } from '@cat-factory/kernel';
+export declare class WebCryptoPasswordHasher implements PasswordHasher {
+    private readonly iterations;
+    constructor(iterations?: number);
+    hash(password: string): Promise<string>;
+    verify(password: string, stored: string): Promise<boolean>;
+    needsRehash(stored: string): boolean;
+}
+//# sourceMappingURL=WebCryptoPasswordHasher.d.ts.map

package/dist/crypto/WebCryptoPasswordHasher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"WebCryptoPasswordHasher.d.ts","sourceRoot":"","sources":["../../src/crypto/WebCryptoPasswordHasher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAqBzD,qBAAa,uBAAwB,YAAW,cAAc;IAChD,OAAO,CAAC,QAAQ,CAAC,UAAU;IAAvC,YAA6B,UAAU,GAAE,MAA2B,EAAI;IAElE,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAI5C;IAEK,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAK/D;IAED,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAInC;CACF"}

package/dist/crypto/WebCryptoPasswordHasher.js

@@ -0,0 +1,67 @@
+import { base64url, base64urlToBytes, timingSafeEqual } from './encoding.js';
+// Password hashing for the email/password login provider, built on Web Crypto
+// (PBKDF2-HMAC-SHA256) so it runs identically on Cloudflare workerd and Node —
+// native argon2/bcrypt modules do NOT load in a Workers isolate, which would split
+// the runtimes. A random per-record salt + a high iteration count are embedded in a
+// self-describing PHC-like string so `verify` re-derives without external params:
+//
+//   pbkdf2-sha256$i=<iterations>$<base64url(salt)>$<base64url(hash)>
+//
+// `verify` is constant-time (timingSafeEqual) and fails closed on any malformed
+// stored value.
+// OWASP-recommended floor for PBKDF2-HMAC-SHA256 (2023). Paid once per login, not
+// per request.
+const DEFAULT_ITERATIONS = 210_000;
+const SALT_BYTES = 16;
+const HASH_BYTES = 32;
+const SCHEME = 'pbkdf2-sha256';
+export class WebCryptoPasswordHasher {
+    iterations;
+    constructor(iterations = DEFAULT_ITERATIONS) {
+        this.iterations = iterations;
+    }
+    async hash(password) {
+        const salt = crypto.getRandomValues(new Uint8Array(SALT_BYTES));
+        const derived = await deriveBits(password, salt, this.iterations);
+        return `${SCHEME}$i=${this.iterations}$${base64url(salt)}$${base64url(derived)}`;
+    }
+    async verify(password, stored) {
+        const parsed = parseStored(stored);
+        if (!parsed)
+            return false;
+        const derived = new Uint8Array(await deriveBits(password, parsed.salt, parsed.iterations));
+        return timingSafeEqual(derived, parsed.expected);
+    }
+    needsRehash(stored) {
+        const parsed = parseStored(stored);
+        // Unparseable ⇒ upgrade it; otherwise upgrade anything below the current cost.
+        return !parsed || parsed.iterations < this.iterations;
+    }
+}
+/** Parse a stored PHC-like value, or null on any malformed input (fail closed). */
+function parseStored(stored) {
+    const parts = stored.split('$');
+    if (parts.length !== 4 || parts[0] !== SCHEME)
+        return null;
+    const iterMatch = /^i=(\d+)$/.exec(parts[1]);
+    if (!iterMatch)
+        return null;
+    const iterations = Number(iterMatch[1]);
+    if (!Number.isInteger(iterations) || iterations < 1)
+        return null;
+    try {
+        return {
+            iterations,
+            salt: base64urlToBytes(parts[2]),
+            expected: base64urlToBytes(parts[3]),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+async function deriveBits(password, salt, iterations) {
+    const baseKey = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveBits']);
+    return crypto.subtle.deriveBits({ name: 'PBKDF2', hash: 'SHA-256', salt: salt, iterations }, baseKey, HASH_BYTES * 8);
+}
+//# sourceMappingURL=WebCryptoPasswordHasher.js.map

package/dist/crypto/WebCryptoPasswordHasher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"WebCryptoPasswordHasher.js","sourceRoot":"","sources":["../../src/crypto/WebCryptoPasswordHasher.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAE5E,8EAA8E;AAC9E,+EAA+E;AAC/E,mFAAmF;AACnF,oFAAoF;AACpF,kFAAkF;AAClF,EAAE;AACF,qEAAqE;AACrE,EAAE;AACF,gFAAgF;AAChF,gBAAgB;AAEhB,kFAAkF;AAClF,eAAe;AACf,MAAM,kBAAkB,GAAG,OAAO,CAAA;AAClC,MAAM,UAAU,GAAG,EAAE,CAAA;AACrB,MAAM,UAAU,GAAG,EAAE,CAAA;AACrB,MAAM,MAAM,GAAG,eAAe,CAAA;AAE9B,MAAM,OAAO,uBAAuB;IACL,UAAU;IAAvC,YAA6B,UAAU,GAAW,kBAAkB;0BAAvC,UAAU;IAAgC,CAAC;IAExE,KAAK,CAAC,IAAI,CAAC,QAAgB;QACzB,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;QAC/D,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;QACjE,OAAO,GAAG,MAAM,MAAM,IAAI,CAAC,UAAU,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,OAAO,CAAC,EAAE,CAAA;IAClF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,MAAc;QAC3C,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;QAClC,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QACzB,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,MAAM,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAA;QAC1F,OAAO,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;IAClD,CAAC;IAED,WAAW,CAAC,MAAc;QACxB,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;QAClC,+EAA+E;QAC/E,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAA;IACvD,CAAC;CACF;AAQD,mFAAmF;AACnF,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IAC1D,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAA;IAC7C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAA;IAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;IACvC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAChE,IAAI,CAAC;QACH,OAAO;YACL,UAAU;YACV,IAAI,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;YACjC,QAAQ,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;SACtC,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,QAAgB,EAChB,IAAgB,EAChB,UAAkB;IAElB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAA4B,EAC7D,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAA;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,UAAU,CAC7B,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAA+B,EAAE,UAAU,EAAE,EACtF,OAAO,EACP,UAAU,GAAG,CAAC,CACf,CAAA;AACH,CAAC"}

package/dist/crypto/WebCryptoPersonalSecretCipher.d.ts

@@ -0,0 +1,6 @@
+import type { PersonalSecretCipher } from '@cat-factory/kernel';
+export declare class WebCryptoPersonalSecretCipher implements PersonalSecretCipher {
+    seal(plaintext: string, password: string): Promise<string>;
+    open(envelope: string, password: string): Promise<string>;
+}
+//# sourceMappingURL=WebCryptoPersonalSecretCipher.d.ts.map

package/dist/crypto/WebCryptoPersonalSecretCipher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"WebCryptoPersonalSecretCipher.d.ts","sourceRoot":"","sources":["../../src/crypto/WebCryptoPersonalSecretCipher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAyB/D,qBAAa,6BAA8B,YAAW,oBAAoB;IAClE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAU/D;IAEK,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAgB9D;CACF"}

package/dist/crypto/WebCryptoPersonalSecretCipher.js

@@ -0,0 +1,57 @@
+import { base64url, base64urlToBytes } from './encoding.js';
+// The SECOND, password-derived encryption layer for individual-usage subscriptions
+// (see the PersonalSecretCipher port). A key is derived from the user's personal
+// password via PBKDF2-HMAC-SHA256 (random per-record salt) and used for AES-256-GCM.
+// No master key is involved — only the password the user types — so the resulting
+// envelope is undecryptable without it. The system SecretCipher is layered on top of
+// this envelope at rest, so recovering a credential needs BOTH the system key AND the
+// user's password.
+//
+//   envelope = "pv1." + base64url(salt) + "." + base64url(iv) + "." + base64url(MAGIC|plaintext sealed)
+//
+// A fixed MAGIC prefix is sealed with the plaintext so a wrong password is detected
+// deterministically (in addition to the GCM auth tag), surfaced to the caller as a
+// thrown error which the service maps to a `wrong_password` credential error.
+const VERSION = 'pv1';
+const SALT_BYTES = 16;
+const IV_BYTES = 12;
+// OWASP-recommended floor for PBKDF2-HMAC-SHA256 (2023). Runs once per unlock, not per
+// step, so the cost is paid at task start/retry only.
+const PBKDF2_ITERATIONS = 210_000;
+const MAGIC = 'cfpers1:';
+export class WebCryptoPersonalSecretCipher {
+    async seal(plaintext, password) {
+        const salt = crypto.getRandomValues(new Uint8Array(SALT_BYTES));
+        const iv = crypto.getRandomValues(new Uint8Array(IV_BYTES));
+        const key = await deriveKey(password, salt);
+        const sealed = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, new TextEncoder().encode(MAGIC + plaintext));
+        return [VERSION, base64url(salt), base64url(iv), base64url(new Uint8Array(sealed))].join('.');
+    }
+    async open(envelope, password) {
+        const parts = envelope.split('.');
+        if (parts.length !== 4 || parts[0] !== VERSION) {
+            throw new Error('Invalid personal secret envelope');
+        }
+        const salt = base64urlToBytes(parts[1]);
+        const iv = base64urlToBytes(parts[2]);
+        const ciphertext = base64urlToBytes(parts[3]);
+        const key = await deriveKey(password, salt);
+        // A wrong password fails the GCM auth tag and throws here.
+        const plain = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext);
+        const text = new TextDecoder().decode(plain);
+        if (!text.startsWith(MAGIC)) {
+            throw new Error('Personal secret failed integrity check');
+        }
+        return text.slice(MAGIC.length);
+    }
+}
+async function deriveKey(password, salt) {
+    const baseKey = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveKey']);
+    return crypto.subtle.deriveKey({
+        name: 'PBKDF2',
+        hash: 'SHA-256',
+        salt: salt,
+        iterations: PBKDF2_ITERATIONS,
+    }, baseKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
+}
+//# sourceMappingURL=WebCryptoPersonalSecretCipher.js.map

package/dist/crypto/WebCryptoPersonalSecretCipher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"WebCryptoPersonalSecretCipher.js","sourceRoot":"","sources":["../../src/crypto/WebCryptoPersonalSecretCipher.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAA;AAE3D,mFAAmF;AACnF,iFAAiF;AACjF,qFAAqF;AACrF,kFAAkF;AAClF,qFAAqF;AACrF,sFAAsF;AACtF,mBAAmB;AACnB,EAAE;AACF,wGAAwG;AACxG,EAAE;AACF,oFAAoF;AACpF,mFAAmF;AACnF,8EAA8E;AAE9E,MAAM,OAAO,GAAG,KAAK,CAAA;AACrB,MAAM,UAAU,GAAG,EAAE,CAAA;AACrB,MAAM,QAAQ,GAAG,EAAE,CAAA;AACnB,uFAAuF;AACvF,sDAAsD;AACtD,MAAM,iBAAiB,GAAG,OAAO,CAAA;AACjC,MAAM,KAAK,GAAG,UAAU,CAAA;AAExB,MAAM,OAAO,6BAA6B;IACxC,KAAK,CAAC,IAAI,CAAC,SAAiB,EAAE,QAAgB;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;QAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAA;QAC3D,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC3C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACxC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,GAAG,EACH,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,GAAG,SAAS,CAAC,CAC5C,CAAA;QACD,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC/F,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,QAAgB;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAE,CAA4B,CAAA;QACnE,MAAM,EAAE,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAE,CAA4B,CAAA;QACjE,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAE,CAA4B,CAAA;QACzE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC3C,2DAA2D;QAC3D,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,CAAA;QACnF,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC5C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;QAC3D,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACjC,CAAC;CACF;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,IAAgB;IACzD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAA4B,EAC7D,QAAQ,EACR,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAA;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,IAA+B;QACrC,UAAU,EAAE,iBAAiB;KAC9B,EACD,OAAO,EACP,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAA;AACH,CAAC"}