@cyanautomation/kaseki-agent 1.36.2 → 1.36.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/SecretsCommand.d.ts.map +1 -1
- package/dist/cli/commands/SecretsCommand.js +4 -3
- package/dist/cli/commands/SecretsCommand.js.map +1 -1
- package/dist/secrets/host-secrets-reader.d.ts +3 -11
- package/dist/secrets/host-secrets-reader.d.ts.map +1 -1
- package/dist/secrets/host-secrets-reader.js +24 -52
- package/dist/secrets/host-secrets-reader.js.map +1 -1
- package/package.json +1 -1
- package/scripts/startup-checks.sh +28 -29
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecretsCommand.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/SecretsCommand.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAiB7C,qBAAa,cAAe,SAAQ,WAAW;IACvC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"SecretsCommand.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/SecretsCommand.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAiB7C,qBAAa,cAAe,SAAQ,WAAW;IACvC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAmI9C,OAAO,CAAC,oBAAoB;IA6D5B,OAAO,CAAC,SAAS;IA4BjB,OAAO,CAAC,kBAAkB;IAW1B,OAAO,CAAC,QAAQ;IAOhB,OAAO,CAAC,QAAQ;CAOjB"}
|
|
@@ -108,7 +108,7 @@ export class SecretsCommand extends BaseCommand {
|
|
|
108
108
|
case 'help': {
|
|
109
109
|
console.log('🔐 Secrets Management\n');
|
|
110
110
|
console.log('Usage:');
|
|
111
|
-
console.log(' kaseki-agent secrets init Initialize
|
|
111
|
+
console.log(' kaseki-agent secrets init Initialize local secrets directory');
|
|
112
112
|
console.log(' kaseki-agent secrets set <KEY> <VALUE> Store a secret');
|
|
113
113
|
console.log(' kaseki-agent secrets get <KEY> [--show] Retrieve a secret');
|
|
114
114
|
console.log(' kaseki-agent secrets delete <KEY> Delete a secret');
|
|
@@ -121,8 +121,9 @@ export class SecretsCommand extends BaseCommand {
|
|
|
121
121
|
console.log(' github-app-client-id GitHub App Client ID');
|
|
122
122
|
console.log(' github-app-private-key GitHub App Private Key\n');
|
|
123
123
|
console.log('Storage:');
|
|
124
|
-
console.log(' - Uses
|
|
125
|
-
console.log(' -
|
|
124
|
+
console.log(' - Uses filesystem secret files only');
|
|
125
|
+
console.log(' - Docker hosts use KASEKI_HOST_SECRETS_DIR, usually /home/pi/secrets');
|
|
126
|
+
console.log(' - Local runs use ~/.kaseki/secrets/ with 0600 file permissions');
|
|
126
127
|
console.log(' - Keys are never exposed via environment variables');
|
|
127
128
|
return 0;
|
|
128
129
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecretsCommand.js","sourceRoot":"","sources":["../../../src/cli/commands/SecretsCommand.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;AAC3C,MAAM,0BAA0B,GAAG;IACjC,oBAAoB;IACpB,eAAe;IACf,sBAAsB;IACtB,wBAAwB;IACxB,iBAAiB;CACT,CAAC;AAEX,MAAM,OAAO,cAAe,SAAQ,WAAW;IAC7C,KAAK,CAAC,OAAO,CAAC,IAAc;QAC1B,IAAI,CAAC;YACH,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAElC,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;YAE5C,QAAQ,UAAU,EAAE,CAAC;gBACrB,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBACxD,4DAA4D;oBAC5D,IAAI,CAAC;wBACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;wBACrF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;4BAC3D,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;wBACzC,CAAC;6BAAM,CAAC;4BACN,OAAO,CAAC,GAAG,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;wBACnD,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,KAAK,EAAE,CAAC,CAAC;wBAC1D,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;oBACjF,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;oBAC9E,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;wBAC/B,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;wBAC/D,OAAO,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;wBAChF,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,MAAM,cAAc,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;oBACnD,OAAO,CAAC,GAAG,CAAC,oBAAoB,SAAS,EAAE,CAAC,CAAC;oBAC7C,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;wBACvD,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACvD,IAAI,KAAK,EAAE,CAAC;wBACV,gDAAgD;wBAChD,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;4BACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;wBACrB,CAAC;6BAAM,CAAC;4BACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,SAAS,EAAE,CAAC,CAAC;4BAC7C,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;wBACnD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,SAAS,EAAE,CAAC,CAAC;wBAC9C,OAAO,CAAC,CAAC;oBACX,CAAC;oBACD,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;wBAC1D,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,MAAM,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBACvC,OAAO,CAAC,GAAG,CAAC,qBAAqB,SAAS,EAAE,CAAC,CAAC;oBAC9C,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;oBAC5C,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;wBACvB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;wBACjC,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;oBACnC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;wBACjC,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;oBAC5B,CAAC;oBACD,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,IAAI,YAAY,CAAC,CAAC;oBAClD,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,QAAQ;oBACX,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;gBAE1C,KAAK,iBAAiB;oBACpB,OAAO,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBAEzC,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;oBACvC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACtB,OAAO,CAAC,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"SecretsCommand.js","sourceRoot":"","sources":["../../../src/cli/commands/SecretsCommand.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;AAC3C,MAAM,0BAA0B,GAAG;IACjC,oBAAoB;IACpB,eAAe;IACf,sBAAsB;IACtB,wBAAwB;IACxB,iBAAiB;CACT,CAAC;AAEX,MAAM,OAAO,cAAe,SAAQ,WAAW;IAC7C,KAAK,CAAC,OAAO,CAAC,IAAc;QAC1B,IAAI,CAAC;YACH,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAElC,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;YAE5C,QAAQ,UAAU,EAAE,CAAC;gBACrB,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBACxD,4DAA4D;oBAC5D,IAAI,CAAC;wBACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;wBACrF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;4BAC3D,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;wBACzC,CAAC;6BAAM,CAAC;4BACN,OAAO,CAAC,GAAG,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;wBACnD,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,KAAK,EAAE,CAAC,CAAC;wBAC1D,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;oBACjF,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;oBAC9E,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;wBAC/B,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;wBAC/D,OAAO,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;wBAChF,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,MAAM,cAAc,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;oBACnD,OAAO,CAAC,GAAG,CAAC,oBAAoB,SAAS,EAAE,CAAC,CAAC;oBAC7C,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;wBACvD,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACvD,IAAI,KAAK,EAAE,CAAC;wBACV,gDAAgD;wBAChD,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;4BACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;wBACrB,CAAC;6BAAM,CAAC;4BACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,SAAS,EAAE,CAAC,CAAC;4BAC7C,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;wBACnD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,SAAS,EAAE,CAAC,CAAC;wBAC9C,OAAO,CAAC,CAAC;oBACX,CAAC;oBACD,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;wBAC1D,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,MAAM,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBACvC,OAAO,CAAC,GAAG,CAAC,qBAAqB,SAAS,EAAE,CAAC,CAAC;oBAC9C,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;oBAC5C,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;wBACvB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;wBACjC,OAAO,CAAC,CAAC;oBACX,CAAC;oBAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;oBACnC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;wBACjC,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;oBAC5B,CAAC;oBACD,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,IAAI,YAAY,CAAC,CAAC;oBAClD,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED,KAAK,QAAQ;oBACX,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;gBAE1C,KAAK,iBAAiB;oBACpB,OAAO,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBAEzC,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;oBACvC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACtB,OAAO,CAAC,GAAG,CAAC,mFAAmF,CAAC,CAAC;oBACjG,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;oBAC7E,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;oBAChF,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;oBAC9E,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;oBACnF,OAAO,CAAC,GAAG,CAAC,mFAAmF,CAAC,CAAC;oBACjG,OAAO,CAAC,GAAG,CAAC,uFAAuF,CAAC,CAAC;oBACrG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;oBAC9B,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;oBAC1D,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBACrD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;oBAC5D,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;oBACjE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;oBACxB,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;oBACrD,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;oBACtF,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;oBAChF,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;oBACpE,OAAO,CAAC,CAAC;gBACX,CAAC;gBAED;oBACE,OAAO,CAAC,KAAK,CAAC,sBAAsB,GAAG,UAAU,CAAC,CAAC;oBACnD,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;oBAClD,OAAO,CAAC,CAAC;YACX,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;YACjD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,GAAY;QACvC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE,SAAS,CAAC,CAAC;QAC1I,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;QACtF,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,gBAAgB,CAAC;QACvE,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,YAAY,UAAU,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;YAClF,OAAO,CAAC,CAAC;QACX,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;YACnD,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YAClC,IAAI,EAAE,WAAW;YACjB,YAAY,EAAE,KAAK;YACnB,WAAW,EAAE,YAAY;YACzB,SAAS;YACT,YAAY;YACZ,GAAG;SACJ,CAAC,IAAI,MAAM,CAAC;QAEb,KAAK,MAAM,UAAU,IAAI,0BAA0B,EAAE,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YACrD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/B,OAAO,CAAC,IAAI,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;gBACvD,SAAS;YACX,CAAC;YAED,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;gBACnD,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC;YAED,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;gBAClC,IAAI,EAAE,MAAM;gBACZ,YAAY,EAAE,KAAK;gBACnB,WAAW,EAAE,YAAY;gBACzB,SAAS;gBACT,YAAY;gBACZ,GAAG;aACJ,CAAC,IAAI,MAAM,CAAC;QACf,CAAC;QAED,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,4DAA4D,YAAY,GAAG,CAAC,CAAC;QAC3F,CAAC;aAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,iDAAiD,UAAU,uCAAuC,CAAC,CAAC;QACpH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,SAAS,CAAC,QAAgB,EAAE,OAOnC;QACC,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC;QAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjF,MAAM,MAAM,GAAG,IAAI,KAAK,OAAO,CAAC,YAAY,CAAC;QAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,KAAK,OAAO,CAAC,WAAW,CAAC;QAE/C,IAAI,MAAM,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,OAAO,QAAQ,SAAS,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACxE,OAAO,CAAC,CAAC;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC;QACpB,IAAI,CAAC,MAAM;YAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM;YAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,qDAAqD,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5I,IAAI,CAAC,KAAK;YAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,mBAAmB,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;QAEzG,OAAO,CAAC,KAAK,CAAC,YAAY,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,CAAC;IACX,CAAC;IAEO,kBAAkB,CAAC,SAAiB,EAAE,GAAW;QACvD,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChF,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7F,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,SAAS,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAEO,QAAQ,CAAC,QAAgB,EAAE,SAAiB,EAAE,GAAW;QAC/D,IAAI,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAEO,QAAQ,CAAC,QAAgB,EAAE,IAAY;QAC7C,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;CACF"}
|
|
@@ -2,16 +2,12 @@
|
|
|
2
2
|
* Host-Based Secrets Reader (Simplified)
|
|
3
3
|
*
|
|
4
4
|
* Reads secrets from possible locations in order of preference:
|
|
5
|
-
* 1.
|
|
6
|
-
* 2.
|
|
5
|
+
* 1. Primary: /run/secrets/kaseki/{secretName} (one read-only host directory mount)
|
|
6
|
+
* 2. Legacy GitHub App mount: /run/secrets/{secretName}
|
|
7
7
|
* 3. Local dev: ~/.kaseki/secrets/{secretName} (single-run, local development)
|
|
8
8
|
*
|
|
9
|
-
* GitHub App secrets (github_app_id, github_app_client_id, github_app_private_key) are
|
|
10
|
-
* mounted at root level /run/secrets/ to align with run-kaseki.sh controller mounts.
|
|
11
|
-
* This ensures the job scheduler passes correct paths to worker containers.
|
|
12
|
-
*
|
|
13
9
|
* Logs which path is actually being used for transparency.
|
|
14
|
-
* No
|
|
10
|
+
* No secret values in environment variables.
|
|
15
11
|
* Includes stat-based caching for performance.
|
|
16
12
|
*/
|
|
17
13
|
/**
|
|
@@ -22,10 +18,6 @@ export declare function readHostSecret(secretName: string): string | null;
|
|
|
22
18
|
/**
|
|
23
19
|
* Resolve secret path from locations in priority order, with logging
|
|
24
20
|
* Returns the path string if found, null if not found in any location
|
|
25
|
-
*
|
|
26
|
-
* For GitHub App secrets: tries /run/secrets/{name} first (root level, matches run-kaseki.sh)
|
|
27
|
-
* For other secrets: tries /run/secrets/kaseki/{name} first (API service mount)
|
|
28
|
-
* Falls back to local dev directory for both types
|
|
29
21
|
*/
|
|
30
22
|
export declare function resolveHostSecretPath(secretName: string): string | null;
|
|
31
23
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"host-secrets-reader.d.ts","sourceRoot":"","sources":["../../src/secrets/host-secrets-reader.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"host-secrets-reader.d.ts","sourceRoot":"","sources":["../../src/secrets/host-secrets-reader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA+BH;;;GAGG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAMhE;AAMD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CA+BvE;AAoED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG;IACtD,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB,CASA;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAI5D"}
|
|
@@ -2,16 +2,12 @@
|
|
|
2
2
|
* Host-Based Secrets Reader (Simplified)
|
|
3
3
|
*
|
|
4
4
|
* Reads secrets from possible locations in order of preference:
|
|
5
|
-
* 1.
|
|
6
|
-
* 2.
|
|
5
|
+
* 1. Primary: /run/secrets/kaseki/{secretName} (one read-only host directory mount)
|
|
6
|
+
* 2. Legacy GitHub App mount: /run/secrets/{secretName}
|
|
7
7
|
* 3. Local dev: ~/.kaseki/secrets/{secretName} (single-run, local development)
|
|
8
8
|
*
|
|
9
|
-
* GitHub App secrets (github_app_id, github_app_client_id, github_app_private_key) are
|
|
10
|
-
* mounted at root level /run/secrets/ to align with run-kaseki.sh controller mounts.
|
|
11
|
-
* This ensures the job scheduler passes correct paths to worker containers.
|
|
12
|
-
*
|
|
13
9
|
* Logs which path is actually being used for transparency.
|
|
14
|
-
* No
|
|
10
|
+
* No secret values in environment variables.
|
|
15
11
|
* Includes stat-based caching for performance.
|
|
16
12
|
*/
|
|
17
13
|
import * as fs from 'fs';
|
|
@@ -43,63 +39,39 @@ export function readHostSecret(secretName) {
|
|
|
43
39
|
}
|
|
44
40
|
return readSecretFromPath(resolved);
|
|
45
41
|
}
|
|
46
|
-
/**
|
|
47
|
-
* Check if a secret is a GitHub App secret (mounted at root level)
|
|
48
|
-
*/
|
|
49
42
|
function isGitHubAppSecret(secretName) {
|
|
50
43
|
return ['github_app_id', 'github_app_client_id', 'github_app_private_key'].includes(secretName);
|
|
51
44
|
}
|
|
52
45
|
/**
|
|
53
46
|
* Resolve secret path from locations in priority order, with logging
|
|
54
47
|
* Returns the path string if found, null if not found in any location
|
|
55
|
-
*
|
|
56
|
-
* For GitHub App secrets: tries /run/secrets/{name} first (root level, matches run-kaseki.sh)
|
|
57
|
-
* For other secrets: tries /run/secrets/kaseki/{name} first (API service mount)
|
|
58
|
-
* Falls back to local dev directory for both types
|
|
59
48
|
*/
|
|
60
49
|
export function resolveHostSecretPath(secretName) {
|
|
61
50
|
validateSecretName(secretName);
|
|
62
|
-
const
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
}
|
|
73
|
-
// Try kaseki subdirectory (legacy API service path for compatibility)
|
|
74
|
-
if (fs.existsSync(kasekiSubdirPath)) {
|
|
75
|
-
logger.info(`⚠ Found ${secretName} at ${kasekiSubdirPath} (kaseki subdir, root level ${rootPath} not found)`);
|
|
76
|
-
return kasekiSubdirPath;
|
|
77
|
-
}
|
|
78
|
-
// Try fallback (local dev)
|
|
79
|
-
if (fs.existsSync(fallbackPath)) {
|
|
80
|
-
logger.info(`⚠ Found ${secretName} at ${fallbackPath} (local dev)`);
|
|
81
|
-
return fallbackPath;
|
|
82
|
-
}
|
|
83
|
-
logger.debug(`✗ Secret not found: ${secretName} (tried ${rootPath}, ${kasekiSubdirPath}, and ${fallbackPath})`);
|
|
84
|
-
return null;
|
|
51
|
+
const candidates = [
|
|
52
|
+
{
|
|
53
|
+
path: path.join(getPrimarySecretsDir(), secretName),
|
|
54
|
+
label: 'primary secrets directory',
|
|
55
|
+
},
|
|
56
|
+
];
|
|
57
|
+
if (isGitHubAppSecret(secretName)) {
|
|
58
|
+
candidates.push({
|
|
59
|
+
path: path.join('/run/secrets', secretName),
|
|
60
|
+
label: 'legacy root-level GitHub mount',
|
|
61
|
+
});
|
|
85
62
|
}
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
if (fs.existsSync(
|
|
92
|
-
logger.info(
|
|
93
|
-
return
|
|
63
|
+
candidates.push({
|
|
64
|
+
path: path.join(getFallbackSecretsDir(), secretName),
|
|
65
|
+
label: 'local dev',
|
|
66
|
+
});
|
|
67
|
+
for (const candidate of candidates) {
|
|
68
|
+
if (fs.existsSync(candidate.path)) {
|
|
69
|
+
logger.info(`Found ${secretName} at ${candidate.path} (${candidate.label})`);
|
|
70
|
+
return candidate.path;
|
|
94
71
|
}
|
|
95
|
-
// Try fallback (local dev)
|
|
96
|
-
if (fs.existsSync(fallbackPath)) {
|
|
97
|
-
logger.info(`⚠ Found ${secretName} at ${fallbackPath} (local dev, primary ${primaryPath} not found)`);
|
|
98
|
-
return fallbackPath;
|
|
99
|
-
}
|
|
100
|
-
logger.debug(`✗ Secret not found: ${secretName} (tried ${primaryPath} and ${fallbackPath})`);
|
|
101
|
-
return null;
|
|
102
72
|
}
|
|
73
|
+
logger.debug(`Secret not found: ${secretName} (tried ${candidates.map((candidate) => candidate.path).join(', ')})`);
|
|
74
|
+
return null;
|
|
103
75
|
}
|
|
104
76
|
/**
|
|
105
77
|
* Read a secret from a specific path with caching and logging.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"host-secrets-reader.js","sourceRoot":"","sources":["../../src/secrets/host-secrets-reader.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"host-secrets-reader.js","sourceRoot":"","sources":["../../src/secrets/host-secrets-reader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;AAQvC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;AAElD;;GAEG;AACH,MAAM,oBAAoB,GAAG,GAAW,EAAE;IACxC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,qBAAqB,CAAC;AACjE,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAG,GAAW,EAAE;IACzC,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB;IAC/C,MAAM,QAAQ,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;IACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,iBAAiB,CAAC,UAAkB;IAC3C,OAAO,CAAC,eAAe,EAAE,sBAAsB,EAAE,wBAAwB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AAClG,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAkB;IACtD,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAE/B,MAAM,UAAU,GAAG;QACjB;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,UAAU,CAAC;YACnD,KAAK,EAAE,2BAA2B;SACnC;KACF,CAAC;IAEF,IAAI,iBAAiB,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,UAAU,CAAC;YAC3C,KAAK,EAAE,gCAAgC;SACxC,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CAAC,IAAI,CAAC;QACd,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC;QACpD,KAAK,EAAE,WAAW;KACnB,CAAC,CAAC;IAEH,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,SAAS,UAAU,OAAO,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,KAAK,GAAG,CAAC,CAAC;YAC7E,OAAO,SAAS,CAAC,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,qBAAqB,UAAU,WAAW,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpH,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACnC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,+BAA+B,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,iDAAiD,CACnH,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,sCAAsC,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,0CAA0C,CACnH,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,gCAAgC,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,mEAAmE,CACtI,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3E,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE;YACxB,KAAK;YACL,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACxE,MAAM,IAAI,KAAK,CACb,8BAA8B,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,QAAQ,EAAE,CAChF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,UAAkB;IAC5C,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,UAAU,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB,EAAE,IAAc;IAC1D,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC9D,OAAO,QAAQ,GAAG,SAAS,GAAG,IAAI,GAAG,YAAY,GAAG,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;AACtF,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkB;IAMnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,UAAU,CAAC,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC,CAAC;IAC7D,OAAO;QACL,MAAM;QACN,KAAK;QACL,OAAO,EAAE,MAAM,EAAE,yCAAyC;QAC1D,SAAS,EAAE,KAAK,EAAE,yCAAyC;KAC5D,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAC/B,MAAM,QAAQ,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,UAAU,CAAC,CAAC;AACnE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyanautomation/kaseki-agent",
|
|
3
|
-
"version": "1.36.
|
|
3
|
+
"version": "1.36.3",
|
|
4
4
|
"description": "Admin/helper/doctor toolbox and local API client for Kaseki diagnostics, setup, and API-backed coding-agent task workflows",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -237,50 +237,44 @@ check_github_app_secrets() {
|
|
|
237
237
|
fi
|
|
238
238
|
|
|
239
239
|
log_warn "GitHub App credentials are incomplete; default PR creation will not work"
|
|
240
|
-
log_info " Create: github_app_id, github_app_client_id, and github_app_private_key in
|
|
240
|
+
log_info " Create: github_app_id, github_app_client_id, and github_app_private_key in $KASEKI_SECRETS_DIR or run: kaseki-agent init"
|
|
241
241
|
return 3
|
|
242
242
|
}
|
|
243
243
|
|
|
244
|
-
# Verify GitHub App secrets are mounted at correct paths (Phase 2 fix validation)
|
|
245
|
-
# GitHub App secrets must be at /run/secrets/{name}, not /run/secrets/kaseki/{name}
|
|
246
244
|
check_github_app_secret_paths() {
|
|
247
|
-
log_info "Checking GitHub App secret mount paths
|
|
245
|
+
log_info "Checking GitHub App secret mount paths..."
|
|
248
246
|
|
|
249
247
|
local exit_code=0
|
|
250
|
-
local root_level_id root_level_client_id root_level_key
|
|
248
|
+
local root_level_id root_level_client_id root_level_key primary_id primary_client_id primary_key
|
|
251
249
|
|
|
252
250
|
root_level_id="/run/secrets/github_app_id"
|
|
253
251
|
root_level_client_id="/run/secrets/github_app_client_id"
|
|
254
252
|
root_level_key="/run/secrets/github_app_private_key"
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
log_info " Phase 2 fix: GitHub App secrets should be at root level (/run/secrets/github_app_id, not /run/secrets/kaseki/github_app_id)"
|
|
265
|
-
log_info " Update docker-compose.yml volume mounts or run: kaseki-agent init"
|
|
253
|
+
primary_id="$KASEKI_SECRETS_DIR/github_app_id"
|
|
254
|
+
primary_client_id="$KASEKI_SECRETS_DIR/github_app_client_id"
|
|
255
|
+
primary_key="$KASEKI_SECRETS_DIR/github_app_private_key"
|
|
256
|
+
|
|
257
|
+
if [ -r "$primary_id" ]; then
|
|
258
|
+
log_pass "GitHub App ID mounted in primary secrets directory: $primary_id"
|
|
259
|
+
elif [ -r "$root_level_id" ]; then
|
|
260
|
+
log_warn "GitHub App ID found at legacy root path: $root_level_id"
|
|
261
|
+
log_info " Prefer one directory mount at $KASEKI_SECRETS_DIR"
|
|
266
262
|
exit_code=3
|
|
267
263
|
fi
|
|
268
264
|
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
log_info " Phase 2 fix: GitHub App secrets should be at root level"
|
|
265
|
+
if [ -r "$primary_client_id" ]; then
|
|
266
|
+
log_pass "GitHub App Client ID mounted in primary secrets directory: $primary_client_id"
|
|
267
|
+
elif [ -r "$root_level_client_id" ]; then
|
|
268
|
+
log_warn "GitHub App Client ID found at legacy root path: $root_level_client_id"
|
|
269
|
+
log_info " Prefer one directory mount at $KASEKI_SECRETS_DIR"
|
|
275
270
|
exit_code=3
|
|
276
271
|
fi
|
|
277
272
|
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
log_info " Phase 2 fix: GitHub App secrets should be at root level"
|
|
273
|
+
if [ -r "$primary_key" ]; then
|
|
274
|
+
log_pass "GitHub App Private Key mounted in primary secrets directory: $primary_key"
|
|
275
|
+
elif [ -r "$root_level_key" ]; then
|
|
276
|
+
log_warn "GitHub App Private Key found at legacy root path: $root_level_key"
|
|
277
|
+
log_info " Prefer one directory mount at $KASEKI_SECRETS_DIR"
|
|
284
278
|
exit_code=3
|
|
285
279
|
fi
|
|
286
280
|
|
|
@@ -291,7 +285,7 @@ check_github_app_secret_paths() {
|
|
|
291
285
|
resolve_github_secret_file() {
|
|
292
286
|
local env_name="$1"
|
|
293
287
|
local default_name="$2"
|
|
294
|
-
local explicit_value canonical_path local_dev_path
|
|
288
|
+
local explicit_value canonical_path legacy_root_path local_dev_path
|
|
295
289
|
explicit_value="${!env_name:-}"
|
|
296
290
|
if [ -n "$explicit_value" ]; then
|
|
297
291
|
printf '%s' "$explicit_value"
|
|
@@ -302,6 +296,11 @@ resolve_github_secret_file() {
|
|
|
302
296
|
printf '%s' "$canonical_path"
|
|
303
297
|
return 0
|
|
304
298
|
fi
|
|
299
|
+
legacy_root_path="/run/secrets/$default_name"
|
|
300
|
+
if [ -r "$legacy_root_path" ]; then
|
|
301
|
+
printf '%s' "$legacy_root_path"
|
|
302
|
+
return 0
|
|
303
|
+
fi
|
|
305
304
|
if [ "$KASEKI_ALLOW_LOCAL_DEV_SECRET_FALLBACK" = "1" ]; then
|
|
306
305
|
local_dev_path="$HOME/.kaseki/secrets/$default_name"
|
|
307
306
|
if [ -r "$local_dev_path" ]; then
|