@elizaos/shared 2.0.3-beta.2 → 2.0.3-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/app-hero-art.d.ts.map +1 -1
- package/app-hero-art.js +1 -7
- package/app-hero-art.js.map +1 -1
- package/config/app-config.d.ts +1 -1
- package/config/boot-config-store.d.ts +1 -4
- package/config/boot-config-store.d.ts.map +1 -1
- package/config/boot-config-store.js +1 -45
- package/config/boot-config-store.js.map +1 -1
- package/contracts/apps.d.ts +9 -2
- package/contracts/apps.d.ts.map +1 -1
- package/contracts/apps.js +10 -67
- package/contracts/apps.js.map +1 -1
- package/contracts/conversation-routes.d.ts +0 -4
- package/contracts/conversation-routes.d.ts.map +1 -1
- package/contracts/conversation-routes.js +0 -1
- package/contracts/conversation-routes.js.map +1 -1
- package/env-utils.d.ts +10 -1
- package/env-utils.d.ts.map +1 -1
- package/env-utils.js +7 -9
- package/env-utils.js.map +1 -1
- package/events.d.ts +2 -0
- package/events.d.ts.map +1 -0
- package/events.js +2 -0
- package/events.js.map +1 -0
- package/format-error.d.ts +5 -4
- package/format-error.d.ts.map +1 -1
- package/format-error.js +5 -6
- package/format-error.js.map +1 -1
- package/hardware-catalog/index.d.ts +3 -3
- package/hardware-catalog/index.d.ts.map +1 -1
- package/hardware-catalog/index.js +1 -1
- package/index.d.ts +4 -1
- package/index.d.ts.map +1 -1
- package/index.js +4 -1
- package/index.js.map +1 -1
- package/local-inference/catalog.d.ts +29 -4
- package/local-inference/catalog.d.ts.map +1 -1
- package/local-inference/catalog.js +126 -102
- package/local-inference/catalog.js.map +1 -1
- package/local-inference/device-fit.d.ts +73 -0
- package/local-inference/device-fit.d.ts.map +1 -0
- package/local-inference/device-fit.js +155 -0
- package/local-inference/device-fit.js.map +1 -0
- package/local-inference/hf-proxy.d.ts +43 -0
- package/local-inference/hf-proxy.d.ts.map +1 -0
- package/local-inference/hf-proxy.js +50 -0
- package/local-inference/hf-proxy.js.map +1 -0
- package/local-inference/hub-auth.d.ts +26 -0
- package/local-inference/hub-auth.d.ts.map +1 -0
- package/local-inference/hub-auth.js +48 -0
- package/local-inference/hub-auth.js.map +1 -0
- package/local-inference/index.d.ts +6 -1
- package/local-inference/index.d.ts.map +1 -1
- package/local-inference/index.js +6 -1
- package/local-inference/index.js.map +1 -1
- package/local-inference/routing-preferences.d.ts +5 -1
- package/local-inference/routing-preferences.d.ts.map +1 -1
- package/local-inference/routing-preferences.js +6 -0
- package/local-inference/routing-preferences.js.map +1 -1
- package/local-inference/runtime-class.d.ts +29 -0
- package/local-inference/runtime-class.d.ts.map +1 -0
- package/local-inference/runtime-class.js +30 -0
- package/local-inference/runtime-class.js.map +1 -0
- package/local-inference/types.d.ts +45 -7
- package/local-inference/types.d.ts.map +1 -1
- package/local-inference/voice-models.d.ts +4 -4
- package/local-inference/voice-models.d.ts.map +1 -1
- package/local-inference/voice-models.js +42 -19
- package/local-inference/voice-models.js.map +1 -1
- package/local-inference-gpu/gpu-profile-schema.d.ts +5 -5
- package/loopback-trust.d.ts +73 -0
- package/loopback-trust.d.ts.map +1 -0
- package/loopback-trust.js +241 -0
- package/loopback-trust.js.map +1 -0
- package/package.json +85 -4
- package/settings-debug.d.ts +5 -16
- package/settings-debug.d.ts.map +1 -1
- package/settings-debug.js +5 -118
- package/settings-debug.js.map +1 -1
- package/steward-session-client/index.d.ts +5 -27
- package/steward-session-client/index.d.ts.map +1 -1
- package/steward-session-client/index.js +5 -61
- package/steward-session-client/index.js.map +1 -1
- package/test-env-config.d.ts +81 -0
- package/test-env-config.d.ts.map +1 -0
- package/test-env-config.js +125 -0
- package/test-env-config.js.map +1 -0
- package/transcripts.d.ts +2 -0
- package/transcripts.d.ts.map +1 -1
- package/transcripts.js.map +1 -1
- package/utils/env.d.ts +1 -0
- package/utils/env.d.ts.map +1 -1
- package/utils/env.js +1 -10
- package/utils/env.js.map +1 -1
- package/utils/errors.d.ts +2 -1
- package/utils/errors.d.ts.map +1 -1
- package/utils/errors.js +2 -5
- package/utils/errors.js.map +1 -1
- package/utils/string-hash.d.ts +11 -0
- package/utils/string-hash.d.ts.map +1 -0
- package/utils/string-hash.js +17 -0
- package/utils/string-hash.js.map +1 -0
- package/view-hero-art.d.ts.map +1 -1
- package/view-hero-art.js +1 -7
- package/view-hero-art.js.map +1 -1
- package/voice/owner-inference.d.ts +57 -0
- package/voice/owner-inference.d.ts.map +1 -0
- package/voice/owner-inference.js +73 -0
- package/voice/owner-inference.js.map +1 -0
- package/voice/respond-gate.d.ts +88 -0
- package/voice/respond-gate.d.ts.map +1 -0
- package/voice/respond-gate.js +139 -0
- package/voice/respond-gate.js.map +1 -0
- package/voice-eot.d.ts +42 -0
- package/voice-eot.d.ts.map +1 -0
- package/voice-eot.js +158 -0
- package/voice-eot.js.map +1 -0
- package/voice.d.ts +2 -2
- package/voice.js +3 -3
|
@@ -0,0 +1,241 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Same-machine ("loopback") request trust evaluation.
|
|
3
|
+
*
|
|
4
|
+
* This is a SECURITY BOUNDARY: it decides whether an unauthenticated HTTP
|
|
5
|
+
* request is allowed to act as the local dashboard owner. Previously the exact
|
|
6
|
+
* same logic was triplicated across `@elizaos/app-core` (`compat-route-shared`)
|
|
7
|
+
* and `@elizaos/agent` (`server-helpers-auth`), with subtly divergent env-policy
|
|
8
|
+
* gates and a non-equivalent `isLoopbackBindHost`. The divergence was a parity
|
|
9
|
+
* hazard, so the logic is unified here and parameterised so each consumer keeps
|
|
10
|
+
* its EXACT prior trust decisions.
|
|
11
|
+
*
|
|
12
|
+
* The two consumers differ ONLY in their policy gates, expressed via
|
|
13
|
+
* {@link LoopbackTrustOptions}:
|
|
14
|
+
* - app-core: requireLocalAuthEnv + devAuthBypassEnv, cloudCheck "env"
|
|
15
|
+
* (`ELIZA_CLOUD_PROVISIONED === "1"`).
|
|
16
|
+
* - agent: requireLocalAuthEnv (no dev bypass), cloudCheck "container"
|
|
17
|
+
* (`isCloudProvisionedContainer()` — flag AND a provisioning token).
|
|
18
|
+
*
|
|
19
|
+
* The host/origin classification (`isLoopbackBindHost`) is the canonical strict
|
|
20
|
+
* implementation from `runtime-env.ts` for BOTH consumers. For app-core this is
|
|
21
|
+
* byte-identical (it already imported the shared helper). For the agent this is
|
|
22
|
+
* a strict tightening in the safe direction: the agent's hand-rolled copy
|
|
23
|
+
* accepted any `127.*`-prefixed host string (e.g. the DNS-rebinding host
|
|
24
|
+
* `127.0.0.1.evil.com`), which the strict parser correctly rejects. The change
|
|
25
|
+
* can only ever turn a previously-trusted request into an untrusted one, never
|
|
26
|
+
* the reverse.
|
|
27
|
+
*/
|
|
28
|
+
import { isIP } from "node:net";
|
|
29
|
+
import { isCloudProvisionedContainer } from "./elizacloud/cloud-provisioning.js";
|
|
30
|
+
import { isLoopbackBindHost } from "./runtime-env.js";
|
|
31
|
+
function firstHeaderValue(value) {
|
|
32
|
+
if (typeof value === "string")
|
|
33
|
+
return value;
|
|
34
|
+
if (Array.isArray(value) && typeof value[0] === "string")
|
|
35
|
+
return value[0];
|
|
36
|
+
return null;
|
|
37
|
+
}
|
|
38
|
+
const CLIENT_IP_PROXY_HEADERS = new Set([
|
|
39
|
+
"forwarded",
|
|
40
|
+
"forwarded-for",
|
|
41
|
+
"x-forwarded",
|
|
42
|
+
"x-forwarded-for",
|
|
43
|
+
"x-original-forwarded-for",
|
|
44
|
+
"x-real-ip",
|
|
45
|
+
"x-client-ip",
|
|
46
|
+
"x-forwarded-client-ip",
|
|
47
|
+
"x-cluster-client-ip",
|
|
48
|
+
"cf-connecting-ip",
|
|
49
|
+
"true-client-ip",
|
|
50
|
+
"fastly-client-ip",
|
|
51
|
+
"x-appengine-user-ip",
|
|
52
|
+
"x-azure-clientip",
|
|
53
|
+
]);
|
|
54
|
+
function headerValues(value) {
|
|
55
|
+
if (typeof value === "string")
|
|
56
|
+
return [value];
|
|
57
|
+
if (Array.isArray(value)) {
|
|
58
|
+
return value.filter((item) => typeof item === "string");
|
|
59
|
+
}
|
|
60
|
+
return [];
|
|
61
|
+
}
|
|
62
|
+
function isClientIpProxyHeaderName(name) {
|
|
63
|
+
const normalized = name.toLowerCase();
|
|
64
|
+
return (CLIENT_IP_PROXY_HEADERS.has(normalized) ||
|
|
65
|
+
normalized.endsWith("-client-ip") ||
|
|
66
|
+
normalized.endsWith("-connecting-ip") ||
|
|
67
|
+
normalized.endsWith("-real-ip"));
|
|
68
|
+
}
|
|
69
|
+
function extractForwardedForCandidates(raw) {
|
|
70
|
+
const candidates = [];
|
|
71
|
+
const pattern = /(?:^|[;,])\s*for=(?:"([^"]*)"|([^;,]*))/gi;
|
|
72
|
+
for (const match of raw.matchAll(pattern)) {
|
|
73
|
+
candidates.push(match[1] ?? match[2] ?? "");
|
|
74
|
+
}
|
|
75
|
+
return candidates;
|
|
76
|
+
}
|
|
77
|
+
function extractProxyClientAddressCandidates(headerName, raw) {
|
|
78
|
+
if (headerName === "forwarded") {
|
|
79
|
+
return extractForwardedForCandidates(raw);
|
|
80
|
+
}
|
|
81
|
+
const forwardedCandidates = raw.toLowerCase().includes("for=")
|
|
82
|
+
? extractForwardedForCandidates(raw)
|
|
83
|
+
: [];
|
|
84
|
+
if (forwardedCandidates.length > 0)
|
|
85
|
+
return forwardedCandidates;
|
|
86
|
+
return raw.split(",");
|
|
87
|
+
}
|
|
88
|
+
function stripMatchingQuotes(value) {
|
|
89
|
+
const trimmed = value.trim();
|
|
90
|
+
if ((trimmed.startsWith('"') && trimmed.endsWith('"')) ||
|
|
91
|
+
(trimmed.startsWith("'") && trimmed.endsWith("'"))) {
|
|
92
|
+
return trimmed.slice(1, -1);
|
|
93
|
+
}
|
|
94
|
+
return trimmed;
|
|
95
|
+
}
|
|
96
|
+
function isNeutralProxyClientAddress(raw) {
|
|
97
|
+
const normalized = stripMatchingQuotes(raw).trim().toLowerCase();
|
|
98
|
+
return (!normalized ||
|
|
99
|
+
normalized === "unknown" ||
|
|
100
|
+
normalized === "null" ||
|
|
101
|
+
normalized.startsWith("_"));
|
|
102
|
+
}
|
|
103
|
+
function normalizeProxyClientIp(raw) {
|
|
104
|
+
let normalized = stripMatchingQuotes(raw).trim();
|
|
105
|
+
if (!normalized)
|
|
106
|
+
return null;
|
|
107
|
+
if (normalized.startsWith("[")) {
|
|
108
|
+
const close = normalized.indexOf("]");
|
|
109
|
+
if (close > 0) {
|
|
110
|
+
normalized = normalized.slice(1, close);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
else {
|
|
114
|
+
const ipv4HostPort = /^(\d{1,3}(?:\.\d{1,3}){3})(?::\d+)$/.exec(normalized);
|
|
115
|
+
if (ipv4HostPort?.[1]) {
|
|
116
|
+
normalized = ipv4HostPort[1];
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
const zoneIndex = normalized.indexOf("%");
|
|
120
|
+
if (zoneIndex >= 0) {
|
|
121
|
+
normalized = normalized.slice(0, zoneIndex);
|
|
122
|
+
}
|
|
123
|
+
normalized = normalized.trim().toLowerCase();
|
|
124
|
+
return isIP(normalized) ? normalized : null;
|
|
125
|
+
}
|
|
126
|
+
function isLoopbackProxyClientIp(ip) {
|
|
127
|
+
const normalized = ip.trim().toLowerCase();
|
|
128
|
+
return (normalized === "::1" ||
|
|
129
|
+
normalized === "0:0:0:0:0:0:0:1" ||
|
|
130
|
+
normalized.startsWith("127.") ||
|
|
131
|
+
normalized.startsWith("::ffff:127.") ||
|
|
132
|
+
normalized.startsWith("::ffff:0:127."));
|
|
133
|
+
}
|
|
134
|
+
/**
|
|
135
|
+
* True when any proxy-style client-IP header carries a non-loopback (or
|
|
136
|
+
* unparseable) address. A request that reaches a same-machine listener but
|
|
137
|
+
* advertises a remote client behind a proxy must NOT be granted local trust.
|
|
138
|
+
*/
|
|
139
|
+
export function proxyClientHeaderBlocksLocalTrust(headers) {
|
|
140
|
+
for (const [rawName, rawValue] of Object.entries(headers)) {
|
|
141
|
+
const headerName = rawName.toLowerCase();
|
|
142
|
+
if (!isClientIpProxyHeaderName(headerName))
|
|
143
|
+
continue;
|
|
144
|
+
for (const value of headerValues(rawValue)) {
|
|
145
|
+
for (const candidate of extractProxyClientAddressCandidates(headerName, value)) {
|
|
146
|
+
if (isNeutralProxyClientAddress(candidate))
|
|
147
|
+
continue;
|
|
148
|
+
const ip = normalizeProxyClientIp(candidate);
|
|
149
|
+
if (!ip || !isLoopbackProxyClientIp(ip))
|
|
150
|
+
return true;
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
return false;
|
|
155
|
+
}
|
|
156
|
+
/**
|
|
157
|
+
* True when the TCP peer address is a loopback address. Note this is stricter
|
|
158
|
+
* than {@link isLoopbackBindHost}: it matches only fully-normalised loopback
|
|
159
|
+
* addresses (no host:port or URL forms), since `socket.remoteAddress` is always
|
|
160
|
+
* a bare IP.
|
|
161
|
+
*/
|
|
162
|
+
export function isLoopbackRemoteAddress(remoteAddress) {
|
|
163
|
+
if (!remoteAddress)
|
|
164
|
+
return false;
|
|
165
|
+
const normalized = remoteAddress.trim().toLowerCase();
|
|
166
|
+
return (normalized === "127.0.0.1" ||
|
|
167
|
+
normalized === "::1" ||
|
|
168
|
+
normalized === "0:0:0:0:0:0:0:1" ||
|
|
169
|
+
normalized === "::ffff:127.0.0.1" ||
|
|
170
|
+
normalized === "::ffff:0:127.0.0.1");
|
|
171
|
+
}
|
|
172
|
+
const LOCAL_APP_PROTOCOLS = new Set([
|
|
173
|
+
"file:",
|
|
174
|
+
"app:",
|
|
175
|
+
"tauri:",
|
|
176
|
+
"capacitor:",
|
|
177
|
+
"capacitor-electron:",
|
|
178
|
+
"electrobun:",
|
|
179
|
+
]);
|
|
180
|
+
function isTrustedLocalOrigin(raw) {
|
|
181
|
+
const trimmed = raw.trim();
|
|
182
|
+
if (!trimmed || trimmed === "null")
|
|
183
|
+
return true;
|
|
184
|
+
try {
|
|
185
|
+
const parsed = new URL(trimmed);
|
|
186
|
+
if (LOCAL_APP_PROTOCOLS.has(parsed.protocol)) {
|
|
187
|
+
return true;
|
|
188
|
+
}
|
|
189
|
+
return isLoopbackBindHost(parsed.hostname);
|
|
190
|
+
}
|
|
191
|
+
catch {
|
|
192
|
+
return false;
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
function cloudBlocksLocalTrust(cloudCheck) {
|
|
196
|
+
if (cloudCheck === "container")
|
|
197
|
+
return isCloudProvisionedContainer();
|
|
198
|
+
return process.env.ELIZA_CLOUD_PROVISIONED === "1";
|
|
199
|
+
}
|
|
200
|
+
function localAuthRequired(options) {
|
|
201
|
+
if (!options.requireLocalAuthEnv)
|
|
202
|
+
return false;
|
|
203
|
+
if (options.devAuthBypassEnv &&
|
|
204
|
+
process.env.ELIZA_DEV_AUTH_BYPASS === "1" &&
|
|
205
|
+
(process.env.NODE_ENV === "development" || process.env.NODE_ENV === "dev")) {
|
|
206
|
+
return false;
|
|
207
|
+
}
|
|
208
|
+
return process.env.ELIZA_REQUIRE_LOCAL_AUTH === "1";
|
|
209
|
+
}
|
|
210
|
+
/**
|
|
211
|
+
* Same-machine dashboard access. Intentionally stricter than a bare
|
|
212
|
+
* `remoteAddress` check: the browser must also target a loopback Host and must
|
|
213
|
+
* not present cross-site browser metadata or proxy client-IP headers.
|
|
214
|
+
*
|
|
215
|
+
* Each consumer supplies {@link LoopbackTrustOptions} matching its historical
|
|
216
|
+
* policy gates; the host/origin/proxy classification is identical for all.
|
|
217
|
+
*/
|
|
218
|
+
export function isTrustedLocalRequest(req, options) {
|
|
219
|
+
if (localAuthRequired(options))
|
|
220
|
+
return false;
|
|
221
|
+
if (cloudBlocksLocalTrust(options.cloudCheck))
|
|
222
|
+
return false;
|
|
223
|
+
if (!isLoopbackRemoteAddress(req.socket.remoteAddress))
|
|
224
|
+
return false;
|
|
225
|
+
if (proxyClientHeaderBlocksLocalTrust(req.headers))
|
|
226
|
+
return false;
|
|
227
|
+
const host = firstHeaderValue(req.headers.host);
|
|
228
|
+
if (host && !isLoopbackBindHost(host))
|
|
229
|
+
return false;
|
|
230
|
+
const secFetchSite = firstHeaderValue(req.headers["sec-fetch-site"])?.toLowerCase();
|
|
231
|
+
if (secFetchSite === "cross-site")
|
|
232
|
+
return false;
|
|
233
|
+
const origin = firstHeaderValue(req.headers.origin);
|
|
234
|
+
if (origin && !isTrustedLocalOrigin(origin))
|
|
235
|
+
return false;
|
|
236
|
+
const referer = firstHeaderValue(req.headers.referer);
|
|
237
|
+
if (!origin && referer && !isTrustedLocalOrigin(referer))
|
|
238
|
+
return false;
|
|
239
|
+
return true;
|
|
240
|
+
}
|
|
241
|
+
//# sourceMappingURL=loopback-trust.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loopback-trust.js","sourceRoot":"","sources":["../src/loopback-trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAyBtD,SAAS,gBAAgB,CAAC,KAAoC;IAC5D,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC;IACtC,WAAW;IACX,eAAe;IACf,aAAa;IACb,iBAAiB;IACjB,0BAA0B;IAC1B,WAAW;IACX,aAAa;IACb,uBAAuB;IACvB,qBAAqB;IACrB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,qBAAqB;IACrB,kBAAkB;CACnB,CAAC,CAAC;AAEH,SAAS,YAAY,CAAC,KAAoC;IACxD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,yBAAyB,CAAC,IAAY;IAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACtC,OAAO,CACL,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC;QACvC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC;QACjC,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACrC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAChC,CAAC;AACJ,CAAC;AAED,SAAS,6BAA6B,CAAC,GAAW;IAChD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,2CAA2C,CAAC;IAC5D,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1C,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,mCAAmC,CAC1C,UAAkB,EAClB,GAAW;IAEX,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;QAC/B,OAAO,6BAA6B,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,mBAAmB,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC5D,CAAC,CAAC,6BAA6B,CAAC,GAAG,CAAC;QACpC,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAE/D,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAClD,CAAC;QACD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,2BAA2B,CAAC,GAAW;IAC9C,MAAM,UAAU,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjE,OAAO,CACL,CAAC,UAAU;QACX,UAAU,KAAK,SAAS;QACxB,UAAU,KAAK,MAAM;QACrB,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAC3B,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAW;IACzC,IAAI,UAAU,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACjD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,YAAY,GAAG,qCAAqC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5E,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtB,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnB,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC9C,CAAC;IAED,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;AAC9C,CAAC;AAED,SAAS,uBAAuB,CAAC,EAAU;IACzC,MAAM,UAAU,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,OAAO,CACL,UAAU,KAAK,KAAK;QACpB,UAAU,KAAK,iBAAiB;QAChC,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC;QAC7B,UAAU,CAAC,UAAU,CAAC,aAAa,CAAC;QACpC,UAAU,CAAC,UAAU,CAAC,eAAe,CAAC,CACvC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iCAAiC,CAC/C,OAAiC;IAEjC,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC;YAAE,SAAS;QAErD,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,KAAK,MAAM,SAAS,IAAI,mCAAmC,CACzD,UAAU,EACV,KAAK,CACN,EAAE,CAAC;gBACF,IAAI,2BAA2B,CAAC,SAAS,CAAC;oBAAE,SAAS;gBACrD,MAAM,EAAE,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;gBAC7C,IAAI,CAAC,EAAE,IAAI,CAAC,uBAAuB,CAAC,EAAE,CAAC;oBAAE,OAAO,IAAI,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,aAAwC;IAExC,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtD,OAAO,CACL,UAAU,KAAK,WAAW;QAC1B,UAAU,KAAK,KAAK;QACpB,UAAU,KAAK,iBAAiB;QAChC,UAAU,KAAK,kBAAkB;QACjC,UAAU,KAAK,oBAAoB,CACpC,CAAC;AACJ,CAAC;AAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,OAAO;IACP,MAAM;IACN,QAAQ;IACR,YAAY;IACZ,qBAAqB;IACrB,aAAa;CACd,CAAC,CAAC;AAEH,SAAS,oBAAoB,CAAC,GAAW;IACvC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,UAA+B;IAC5D,IAAI,UAAU,KAAK,WAAW;QAAE,OAAO,2BAA2B,EAAE,CAAC;IACrE,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,GAAG,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,OAA6B;IACtD,IAAI,CAAC,OAAO,CAAC,mBAAmB;QAAE,OAAO,KAAK,CAAC;IAC/C,IACE,OAAO,CAAC,gBAAgB;QACxB,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,GAAG;QACzC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,KAAK,CAAC,EAC1E,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,GAAG,CAAC;AACtD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAqD,EACrD,OAA6B;IAE7B,IAAI,iBAAiB,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,qBAAqB,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5D,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAC;IACrE,IAAI,iCAAiC,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjE,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,IAAI,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAEpD,MAAM,YAAY,GAAG,gBAAgB,CACnC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAC9B,EAAE,WAAW,EAAE,CAAC;IACjB,IAAI,YAAY,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAEhD,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAE1D,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACtD,IAAI,CAAC,MAAM,IAAI,OAAO,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAEvE,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@elizaos/shared",
|
|
3
|
-
"version": "2.0.3-beta.
|
|
3
|
+
"version": "2.0.3-beta.4",
|
|
4
4
|
"description": "Shared code for Eliza agent and app-core.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"sideEffects": false,
|
|
@@ -98,6 +98,16 @@
|
|
|
98
98
|
"import": "./steward-session-client/index.js",
|
|
99
99
|
"default": "./steward-session-client/index.js"
|
|
100
100
|
},
|
|
101
|
+
"./events": {
|
|
102
|
+
"types": "./events/index.d.ts",
|
|
103
|
+
"eliza-source": {
|
|
104
|
+
"types": "./events/index.d.ts",
|
|
105
|
+
"import": "./events/index.js",
|
|
106
|
+
"default": "./events/index.js"
|
|
107
|
+
},
|
|
108
|
+
"import": "./events/index.js",
|
|
109
|
+
"default": "./events/index.js"
|
|
110
|
+
},
|
|
101
111
|
"./utils/permission-deep-links": {
|
|
102
112
|
"types": "./utils/permission-deep-links.d.ts",
|
|
103
113
|
"eliza-source": {
|
|
@@ -108,6 +118,46 @@
|
|
|
108
118
|
"import": "./utils/permission-deep-links.js",
|
|
109
119
|
"default": "./utils/permission-deep-links.js"
|
|
110
120
|
},
|
|
121
|
+
"./utils/format": {
|
|
122
|
+
"types": "./utils/format.d.ts",
|
|
123
|
+
"eliza-source": {
|
|
124
|
+
"types": "./utils/format.d.ts",
|
|
125
|
+
"import": "./utils/format.js",
|
|
126
|
+
"default": "./utils/format.js"
|
|
127
|
+
},
|
|
128
|
+
"import": "./utils/format.js",
|
|
129
|
+
"default": "./utils/format.js"
|
|
130
|
+
},
|
|
131
|
+
"./utils/number-parsing": {
|
|
132
|
+
"types": "./utils/number-parsing.d.ts",
|
|
133
|
+
"eliza-source": {
|
|
134
|
+
"types": "./utils/number-parsing.d.ts",
|
|
135
|
+
"import": "./utils/number-parsing.js",
|
|
136
|
+
"default": "./utils/number-parsing.js"
|
|
137
|
+
},
|
|
138
|
+
"import": "./utils/number-parsing.js",
|
|
139
|
+
"default": "./utils/number-parsing.js"
|
|
140
|
+
},
|
|
141
|
+
"./config/config-catalog": {
|
|
142
|
+
"types": "./config/config-catalog.d.ts",
|
|
143
|
+
"eliza-source": {
|
|
144
|
+
"types": "./config/config-catalog.d.ts",
|
|
145
|
+
"import": "./config/config-catalog.js",
|
|
146
|
+
"default": "./config/config-catalog.js"
|
|
147
|
+
},
|
|
148
|
+
"import": "./config/config-catalog.js",
|
|
149
|
+
"default": "./config/config-catalog.js"
|
|
150
|
+
},
|
|
151
|
+
"./contracts/apps": {
|
|
152
|
+
"types": "./contracts/apps.d.ts",
|
|
153
|
+
"eliza-source": {
|
|
154
|
+
"types": "./contracts/apps.d.ts",
|
|
155
|
+
"import": "./contracts/apps.js",
|
|
156
|
+
"default": "./contracts/apps.js"
|
|
157
|
+
},
|
|
158
|
+
"import": "./contracts/apps.js",
|
|
159
|
+
"default": "./contracts/apps.js"
|
|
160
|
+
},
|
|
111
161
|
"./voice-wer": {
|
|
112
162
|
"types": "./voice-wer.d.ts",
|
|
113
163
|
"eliza-source": {
|
|
@@ -118,6 +168,36 @@
|
|
|
118
168
|
"import": "./voice-wer.js",
|
|
119
169
|
"default": "./voice-wer.js"
|
|
120
170
|
},
|
|
171
|
+
"./voice-eot": {
|
|
172
|
+
"types": "./voice-eot.d.ts",
|
|
173
|
+
"eliza-source": {
|
|
174
|
+
"types": "./voice-eot.d.ts",
|
|
175
|
+
"import": "./voice-eot.js",
|
|
176
|
+
"default": "./voice-eot.js"
|
|
177
|
+
},
|
|
178
|
+
"import": "./voice-eot.js",
|
|
179
|
+
"default": "./voice-eot.js"
|
|
180
|
+
},
|
|
181
|
+
"./voice/respond-gate": {
|
|
182
|
+
"types": "./voice/respond-gate.d.ts",
|
|
183
|
+
"eliza-source": {
|
|
184
|
+
"types": "./voice/respond-gate.d.ts",
|
|
185
|
+
"import": "./voice/respond-gate.js",
|
|
186
|
+
"default": "./voice/respond-gate.js"
|
|
187
|
+
},
|
|
188
|
+
"import": "./voice/respond-gate.js",
|
|
189
|
+
"default": "./voice/respond-gate.js"
|
|
190
|
+
},
|
|
191
|
+
"./voice/owner-inference": {
|
|
192
|
+
"types": "./voice/owner-inference.d.ts",
|
|
193
|
+
"eliza-source": {
|
|
194
|
+
"types": "./voice/owner-inference.d.ts",
|
|
195
|
+
"import": "./voice/owner-inference.js",
|
|
196
|
+
"default": "./voice/owner-inference.js"
|
|
197
|
+
},
|
|
198
|
+
"import": "./voice/owner-inference.js",
|
|
199
|
+
"default": "./voice/owner-inference.js"
|
|
200
|
+
},
|
|
121
201
|
"./transcripts": {
|
|
122
202
|
"types": "./transcripts.d.ts",
|
|
123
203
|
"eliza-source": {
|
|
@@ -147,8 +227,9 @@
|
|
|
147
227
|
"directory": "dist"
|
|
148
228
|
},
|
|
149
229
|
"dependencies": {
|
|
150
|
-
"@elizaos/contracts": "2.0.3-beta.
|
|
151
|
-
"@elizaos/core": "2.0.3-beta.
|
|
230
|
+
"@elizaos/contracts": "2.0.3-beta.4",
|
|
231
|
+
"@elizaos/core": "2.0.3-beta.4",
|
|
232
|
+
"@elizaos/registry": "2.0.3-beta.4",
|
|
152
233
|
"chalk": "^5.3.0",
|
|
153
234
|
"drizzle-orm": "0.45.2",
|
|
154
235
|
"phonemizer": "^1.2.1",
|
|
@@ -160,5 +241,5 @@
|
|
|
160
241
|
"figlet": "^1.11.0"
|
|
161
242
|
},
|
|
162
243
|
"types": "./index.d.ts",
|
|
163
|
-
"gitHead": "
|
|
244
|
+
"gitHead": "f76f55793a0fb8d6b869dd8ddce03970de061e34"
|
|
164
245
|
}
|
package/settings-debug.d.ts
CHANGED
|
@@ -1,20 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Opt-in verbose logging for settings load / change / save flows.
|
|
3
|
-
*
|
|
3
|
+
*
|
|
4
|
+
* The canonical implementation lives in `@elizaos/core`. This module re-exports
|
|
5
|
+
* it so existing `@elizaos/shared` (and `@elizaos/shared/settings-debug`)
|
|
6
|
+
* importers keep resolving without maintaining a duplicate copy.
|
|
4
7
|
*/
|
|
5
|
-
|
|
6
|
-
* True when settings debug is enabled (Node: process.env; browser: import.meta.env from Vite define).
|
|
7
|
-
*/
|
|
8
|
-
export declare function isElizaSettingsDebugEnabled(options?: {
|
|
9
|
-
/** Node / Bun process.env */
|
|
10
|
-
env?: Record<string, string | undefined> | null;
|
|
11
|
-
/** Vite `import.meta.env` (pass only in browser bundles). */
|
|
12
|
-
importMetaEnv?: Record<string, unknown> | null;
|
|
13
|
-
}): boolean;
|
|
14
|
-
/**
|
|
15
|
-
* Deep-clone-ish snapshot safe to log (secrets masked). Not for security boundaries — debug only.
|
|
16
|
-
*/
|
|
17
|
-
export declare function sanitizeForSettingsDebug(value: unknown, depth?: number, seen?: WeakSet<object>): unknown;
|
|
18
|
-
/** Compact cloud slice for logs (no raw secrets). */
|
|
19
|
-
export declare function settingsDebugCloudSummary(cloud: Record<string, unknown> | null | undefined): Record<string, unknown>;
|
|
8
|
+
export { isElizaSettingsDebugEnabled, sanitizeForSettingsDebug, settingsDebugCloudSummary, } from "@elizaos/core";
|
|
20
9
|
//# sourceMappingURL=settings-debug.d.ts.map
|
package/settings-debug.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"settings-debug.d.ts","sourceRoot":"","sources":["../src/settings-debug.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"settings-debug.d.ts","sourceRoot":"","sources":["../src/settings-debug.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,eAAe,CAAC"}
|
package/settings-debug.js
CHANGED
|
@@ -1,122 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Opt-in verbose logging for settings load / change / save flows.
|
|
3
|
-
*
|
|
3
|
+
*
|
|
4
|
+
* The canonical implementation lives in `@elizaos/core`. This module re-exports
|
|
5
|
+
* it so existing `@elizaos/shared` (and `@elizaos/shared/settings-debug`)
|
|
6
|
+
* importers keep resolving without maintaining a duplicate copy.
|
|
4
7
|
*/
|
|
5
|
-
|
|
6
|
-
/** Keys whose values are always redacted in debug dumps. */
|
|
7
|
-
const SENSITIVE_KEY_RE = /(?:^|\.|_)(?:secret|password|token|apikey|api_key|privatekey|private_key|mnemonic|credential|authorization|bearer|cookie|sessionkey|session_id)(?:\.|_|$)|^apikey$|_api_key$|_key$/i;
|
|
8
|
-
const MAX_DEPTH = 14;
|
|
9
|
-
const MAX_ARRAY = 40;
|
|
10
|
-
const MAX_STRING = 120;
|
|
11
|
-
/**
|
|
12
|
-
* True when settings debug is enabled (Node: process.env; browser: import.meta.env from Vite define).
|
|
13
|
-
*/
|
|
14
|
-
export function isElizaSettingsDebugEnabled(options) {
|
|
15
|
-
const im = options?.importMetaEnv;
|
|
16
|
-
if (im) {
|
|
17
|
-
if (isTruthyEnvValue(String(im.ELIZA_SETTINGS_DEBUG ?? "").trim()))
|
|
18
|
-
return true;
|
|
19
|
-
if (isTruthyEnvValue(String(im.VITE_ELIZA_SETTINGS_DEBUG ?? "").trim()))
|
|
20
|
-
return true;
|
|
21
|
-
}
|
|
22
|
-
const e = options?.env;
|
|
23
|
-
if (e) {
|
|
24
|
-
if (isTruthyEnvValue(e.ELIZA_SETTINGS_DEBUG))
|
|
25
|
-
return true;
|
|
26
|
-
if (isTruthyEnvValue(e.VITE_ELIZA_SETTINGS_DEBUG))
|
|
27
|
-
return true;
|
|
28
|
-
}
|
|
29
|
-
if (typeof process !== "undefined" && process.env) {
|
|
30
|
-
if (isTruthyEnvValue(process.env.ELIZA_SETTINGS_DEBUG))
|
|
31
|
-
return true;
|
|
32
|
-
if (isTruthyEnvValue(process.env.VITE_ELIZA_SETTINGS_DEBUG))
|
|
33
|
-
return true;
|
|
34
|
-
}
|
|
35
|
-
return false;
|
|
36
|
-
}
|
|
37
|
-
function maskString(s) {
|
|
38
|
-
const t = s.trim();
|
|
39
|
-
if (t.length <= 8)
|
|
40
|
-
return "[redacted:short]";
|
|
41
|
-
return `${t.slice(0, 4)}…${t.slice(-2)} (${t.length} chars)`;
|
|
42
|
-
}
|
|
43
|
-
function sanitizeDebugString(value) {
|
|
44
|
-
const trimmed = value.trim();
|
|
45
|
-
if (trimmed.length === 0)
|
|
46
|
-
return "";
|
|
47
|
-
if (trimmed.toUpperCase() === "[REDACTED]")
|
|
48
|
-
return "[REDACTED]";
|
|
49
|
-
if (trimmed.length > 48 || /^(sk-|pk_|Bearer\s)/i.test(trimmed)) {
|
|
50
|
-
return maskString(trimmed);
|
|
51
|
-
}
|
|
52
|
-
if (trimmed.length > MAX_STRING)
|
|
53
|
-
return `${trimmed.slice(0, MAX_STRING)}…`;
|
|
54
|
-
return trimmed;
|
|
55
|
-
}
|
|
56
|
-
function sanitizeDebugArray(value, depth, seen) {
|
|
57
|
-
const out = [];
|
|
58
|
-
const cap = Math.min(value.length, MAX_ARRAY);
|
|
59
|
-
for (let i = 0; i < cap; i++) {
|
|
60
|
-
out.push(sanitizeForSettingsDebug(value[i], depth + 1, seen));
|
|
61
|
-
}
|
|
62
|
-
if (value.length > cap) {
|
|
63
|
-
out.push(`… +${value.length - cap} more`);
|
|
64
|
-
}
|
|
65
|
-
return out;
|
|
66
|
-
}
|
|
67
|
-
function sanitizeSensitiveDebugValue(value) {
|
|
68
|
-
if (typeof value === "string" && value.trim())
|
|
69
|
-
return maskString(value);
|
|
70
|
-
if (value == null || value === "")
|
|
71
|
-
return value;
|
|
72
|
-
return "[redacted]";
|
|
73
|
-
}
|
|
74
|
-
function sanitizeDebugObject(value, depth, seen) {
|
|
75
|
-
const out = {};
|
|
76
|
-
for (const [key, item] of Object.entries(value)) {
|
|
77
|
-
out[key] = SENSITIVE_KEY_RE.test(key)
|
|
78
|
-
? sanitizeSensitiveDebugValue(item)
|
|
79
|
-
: sanitizeForSettingsDebug(item, depth + 1, seen);
|
|
80
|
-
}
|
|
81
|
-
return out;
|
|
82
|
-
}
|
|
83
|
-
/**
|
|
84
|
-
* Deep-clone-ish snapshot safe to log (secrets masked). Not for security boundaries — debug only.
|
|
85
|
-
*/
|
|
86
|
-
export function sanitizeForSettingsDebug(value, depth = 0, seen = new WeakSet()) {
|
|
87
|
-
if (depth > MAX_DEPTH)
|
|
88
|
-
return "[max-depth]";
|
|
89
|
-
if (value === null || value === undefined)
|
|
90
|
-
return value;
|
|
91
|
-
if (typeof value === "boolean" || typeof value === "number")
|
|
92
|
-
return value;
|
|
93
|
-
if (typeof value === "string")
|
|
94
|
-
return sanitizeDebugString(value);
|
|
95
|
-
if (typeof value === "bigint")
|
|
96
|
-
return String(value);
|
|
97
|
-
if (typeof value === "function")
|
|
98
|
-
return `[fn ${value.name || "anonymous"}]`;
|
|
99
|
-
if (typeof value !== "object")
|
|
100
|
-
return String(value);
|
|
101
|
-
if (seen.has(value))
|
|
102
|
-
return "[circular]";
|
|
103
|
-
seen.add(value);
|
|
104
|
-
if (Array.isArray(value)) {
|
|
105
|
-
return sanitizeDebugArray(value, depth, seen);
|
|
106
|
-
}
|
|
107
|
-
return sanitizeDebugObject(value, depth, seen);
|
|
108
|
-
}
|
|
109
|
-
/** Compact cloud slice for logs (no raw secrets). */
|
|
110
|
-
export function settingsDebugCloudSummary(cloud) {
|
|
111
|
-
if (!cloud || typeof cloud !== "object")
|
|
112
|
-
return { cloud: null };
|
|
113
|
-
const apiKey = cloud.apiKey;
|
|
114
|
-
return {
|
|
115
|
-
enabled: cloud.enabled,
|
|
116
|
-
inferenceMode: cloud.inferenceMode,
|
|
117
|
-
services: cloud.services,
|
|
118
|
-
baseUrl: cloud.baseUrl,
|
|
119
|
-
hasApiKey: typeof apiKey === "string" ? apiKey.trim().length > 0 : Boolean(apiKey),
|
|
120
|
-
};
|
|
121
|
-
}
|
|
8
|
+
export { isElizaSettingsDebugEnabled, sanitizeForSettingsDebug, settingsDebugCloudSummary, } from "@elizaos/core";
|
|
122
9
|
//# sourceMappingURL=settings-debug.js.map
|
package/settings-debug.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"settings-debug.js","sourceRoot":"","sources":["../src/settings-debug.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"settings-debug.js","sourceRoot":"","sources":["../src/settings-debug.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,eAAe,CAAC"}
|
|
@@ -16,13 +16,11 @@ export declare const STEWARD_TOKEN_KEY = "steward_session_token";
|
|
|
16
16
|
/**
|
|
17
17
|
* localStorage key for the Steward refresh token.
|
|
18
18
|
*
|
|
19
|
-
*
|
|
20
|
-
*
|
|
21
|
-
* `/api/auth/steward-nonce-exchange`).
|
|
22
|
-
*
|
|
23
|
-
*
|
|
24
|
-
* before the rollout can still drain their stale value via
|
|
25
|
-
* `clearStoredStewardToken()`. Do NOT add new readers/writers.
|
|
19
|
+
* Refresh tokens are persisted only as the HttpOnly `steward-refresh-token`
|
|
20
|
+
* cookie (set by `/api/auth/steward-session` and
|
|
21
|
+
* `/api/auth/steward-nonce-exchange`). This key is retained solely so
|
|
22
|
+
* `clearStoredStewardToken()` can drain the stale localStorage value left in
|
|
23
|
+
* tabs opened before the cookie-only rollout. Do NOT read or write it.
|
|
26
24
|
*/
|
|
27
25
|
export declare const STEWARD_REFRESH_TOKEN_KEY = "steward_refresh_token";
|
|
28
26
|
/** Non-HttpOnly cookie set to "1" while the server-side session is live. */
|
|
@@ -85,26 +83,6 @@ export interface ClearOpts {
|
|
|
85
83
|
}
|
|
86
84
|
export declare function readStoredStewardToken(): string | null;
|
|
87
85
|
export declare function writeStoredStewardToken(token: string): void;
|
|
88
|
-
/**
|
|
89
|
-
* @deprecated The refresh token is now persisted only as the HttpOnly
|
|
90
|
-
* `steward-refresh-token` cookie. Reading it from localStorage is XSS-
|
|
91
|
-
* reachable and contradicts the cookie-only model. Callers should POST to
|
|
92
|
-
* `STEWARD_REFRESH_ENDPOINT` with `credentials: "include"` instead — the
|
|
93
|
-
* server reads the cookie and mints fresh tokens with no body payload.
|
|
94
|
-
* This helper is retained for one release window so legacy tabs can still
|
|
95
|
-
* be cleaned up via `clearStoredStewardToken()`; it will be removed once
|
|
96
|
-
* `os-homepage` and `cloud-frontend` have shipped the cookie-only flow.
|
|
97
|
-
*/
|
|
98
|
-
export declare function readStoredStewardRefreshToken(): string | null;
|
|
99
|
-
/**
|
|
100
|
-
* @deprecated Writing the refresh token to localStorage defeats the
|
|
101
|
-
* HttpOnly-cookie protection the server already provides. The cookie is
|
|
102
|
-
* set by `/api/auth/steward-session` and `/api/auth/steward-nonce-exchange`
|
|
103
|
-
* — there is no longer any reason for the browser to hold a copy. This
|
|
104
|
-
* helper intentionally does not write and is kept only for one release
|
|
105
|
-
* window; after that it will be deleted.
|
|
106
|
-
*/
|
|
107
|
-
export declare function writeStoredStewardRefreshToken(_token: string): void;
|
|
108
86
|
export declare function clearStoredStewardToken(): void;
|
|
109
87
|
/**
|
|
110
88
|
* Returns true when the non-HttpOnly `steward-authed=1` marker cookie is
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/steward-session-client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,2DAA2D;AAC3D,eAAO,MAAM,iBAAiB,0BAA0B,CAAC;AAEzD
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/steward-session-client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,2DAA2D;AAC3D,eAAO,MAAM,iBAAiB,0BAA0B,CAAC;AAEzD;;;;;;;;GAQG;AACH,eAAO,MAAM,yBAAyB,0BAA0B,CAAC;AAEjE,4EAA4E;AAC5E,eAAO,MAAM,qBAAqB,mBAAmB,CAAC;AAEtD,uDAAuD;AACvD,eAAO,MAAM,iBAAiB,eAAe,CAAC;AAE9C,wEAAwE;AACxE,eAAO,MAAM,wBAAwB,8BAA8B,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,+BAA+B,qCACR,CAAC;AAErC;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,8BAA8B,CAAC;AAMpE,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,IAAI,CAAC;IACT,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,GAC/B,eAAe,GACf,eAAe,GACf,uBAAuB,GACvB,0BAA0B,GAC1B,gBAAgB,GAGhB,cAAc,GACd,cAAc,GACd,cAAc,GACd,wBAAwB,GACxB,sBAAsB,GACtB,8BAA8B,GAC9B,kBAAkB,CAAC;AAEvB,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,uBAAuB,GAAG,MAAM,GAAG,IAAI,CAAC;gBAGrD,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,uBAAuB,GAAG,MAAM,GAAG,IAAI;CAOhD;AAED,MAAM,WAAW,QAAQ;IACvB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAED,MAAM,WAAW,SAAS;IACxB,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAMD,wBAAgB,sBAAsB,IAAI,MAAM,GAAG,IAAI,CAOtD;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAQ3D;AAED,wBAAgB,uBAAuB,IAAI,IAAI,CAQ9C;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,OAAO,CAKhD;AAgBD;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,EAC5B,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,sBAAsB,CAAC,CA2BjC;AAMD,MAAM,WAAW,2BAA2B;IAC1C,0DAA0D;IAC1D,IAAI,EAAE,MAAM,CAAC;IACb;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,4BAA6B,SAAQ,sBAAsB;IAC1E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,uBAAwB,SAAQ,QAAQ;IACvD,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,uBAA4B,GACjC,OAAO,CAAC,4BAA4B,CAAC,CAwBvC;AAED;;;;GAIG;AACH,OAAO,EACL,6BAA6B,EAC7B,0BAA0B,EAC1B,0BAA0B,EAC1B,qBAAqB,EACrB,2BAA2B,EAC3B,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,wBAAgB,mBAAmB,CAAC,IAAI,GAAE,SAAc,GAAG,IAAI,CAS9D"}
|