@fenwave/agent 1.1.0

package/docker-actions/registry.js

@@ -0,0 +1,1100 @@
+import axios from "axios";
+import chalk from "chalk";
+import {
+  ECRClient,
+  DescribeRepositoriesCommand,
+  DescribeImagesCommand,
+} from "@aws-sdk/client-ecr";
+import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
+import { GoogleAuth } from "google-auth-library";
+import { formatSize, formatCreatedTime } from "../helper-functions.js";
+import registryStore from "../store/registryStore.js";
+
+async function handleRegistryAction(ws, action, payload) {
+  switch (action) {
+    case "fetchRegistries":
+      return await handleFetchRegistries(ws, payload);
+    case "connectRegistry":
+      return await handleConnectRegistry(ws, payload);
+    case "disconnectRegistry":
+      return await handleDisconnectRegistry(ws, payload);
+    case "renameRegistry":
+      return await handleRenameRegistry(ws, payload);
+    case "setActiveRegistry":
+      return await handleSetActiveRegistry(ws, payload);
+    case "fetchRegistryImages":
+      return await handleFetchRegistryImages(ws, payload);
+    default:
+      throw new Error(`Unknown registry action: ${action}`);
+  }
+}
+
+async function handleFetchRegistries(ws, payload = {}) {
+  try {
+    // Get all registries from persistent store
+    const registries = await registryStore.getAllRegistries();
+
+    ws.send(
+      JSON.stringify({
+        type: "registries",
+        registries,
+        requestId: payload.requestId,
+      })
+    );
+  } catch (error) {
+    console.error("Error fetching registries:", error);
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to fetch registries: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
+async function handleConnectRegistry(ws, payload) {
+  try {
+    const {
+      name,
+      url,
+      type,
+      username,
+      password,
+      accessKeyId,
+      secretAccessKey,
+      region,
+      sessionToken,
+      serviceAccountJson,
+      requestId,
+    } = payload;
+
+    // Basic URL validation
+    try {
+      new URL(url);
+    } catch (error) {
+      throw new Error(`Invalid registry URL: ${error.message}`);
+    }
+
+    let authenticationValid = false;
+    let errorMessage = "";
+    let extractedUsername = username;
+
+    try {
+      switch (type) {
+        case "docker-hub":
+          authenticationValid = await testDockerHubCredentials(
+            username,
+            password
+          );
+          break;
+
+        case "ecr":
+          const ecrResult = await testECRCredentials(
+            accessKeyId,
+            secretAccessKey,
+            region,
+            sessionToken
+          );
+          authenticationValid = ecrResult.success;
+          extractedUsername = ecrResult.username;
+          break;
+
+        case "gcr":
+          authenticationValid = await testGCRCredentials(
+            serviceAccountJson,
+            url
+          );
+          break;
+
+        case "acr":
+          authenticationValid = await testACRCredentials(
+            username,
+            password,
+            url
+          );
+          break;
+
+        case "custom":
+          authenticationValid = await testCustomRegistryCredentials(
+            username,
+            password,
+            url
+          );
+          break;
+
+        default:
+          throw new Error(`Unsupported registry type: ${type}`);
+      }
+    } catch (authError) {
+      authenticationValid = false;
+      errorMessage = authError.message;
+    }
+
+    if (!authenticationValid) {
+      throw new Error(
+        errorMessage || "Authentication failed: Invalid credentials"
+      );
+    }
+
+    // Generate a unique ID for the registry
+    const registryId = `reg-${Date.now()}`;
+
+    // Create registry object with proper credential storage and metadata
+    const registry = {
+      id: registryId,
+      name,
+      url,
+      type,
+      connected: true,
+      connectedAt: new Date().toISOString(),
+      // Store metadata at top level for API exposure
+      ...(type === "ecr" && {
+        username: extractedUsername,
+        region,
+      }),
+      ...(type === "gcr" &&
+        serviceAccountJson &&
+        (() => {
+          try {
+            const serviceAccount = JSON.parse(serviceAccountJson);
+            return { projectId: serviceAccount.project_id };
+          } catch (error) {
+            console.error("Error parsing service account JSON:", error);
+            return {};
+          }
+        })()),
+      ...(username && { username }),
+      credentials: {
+        // Store credentials based on registry type
+        ...(type === "ecr" && {
+          accessKeyId,
+          secretAccessKey,
+          sessionToken,
+        }),
+        ...(type === "gcr" && { serviceAccountJson }),
+        ...(type === "docker-hub" && { username, password }),
+        ...(type === "acr" && { username, password }),
+        ...(type === "custom" && { username, password }),
+      },
+    };
+
+    // Store the registry persistently
+    await registryStore.upsertRegistry(registry);
+
+    console.log(`✅ Successfully connected to registry: ${name}`);
+
+    // Return registry with safe metadata (credentials excluded)
+    const { credentials, ...safeRegistry } = registry;
+
+    ws.send(
+      JSON.stringify({
+        type: "registryConnected",
+        registry: safeRegistry,
+        requestId,
+      })
+    );
+  } catch (error) {
+    console.error(chalk.red("❌ Error connecting to registry:", error));
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to connect to registry: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
+// Test Docker Hub credentials
+async function testDockerHubCredentials(username, password) {
+  const baseUrl = "https://hub.docker.com/v2";
+  try {
+    const tokenResponse = await axios.post(
+      `${baseUrl}/users/login/`,
+      {
+        username: username,
+        password: password,
+      },
+      {
+        headers: {
+          "Content-Type": "application/json",
+        },
+        timeout: 15000,
+      }
+    );
+
+    const token = tokenResponse.data?.token;
+    if (!token) {
+      throw new Error("No authentication token received");
+    }
+
+    // Fetch user repositories
+    const testResponse = await axios.get(
+      `${baseUrl}/repositories/${username}/`,
+      {
+        headers: {
+          Authorization: `JWT ${token}`,
+        },
+        params: {
+          page_size: 1,
+        },
+        timeout: 10000,
+      }
+    );
+
+    if (testResponse.status !== 200) {
+      throw new Error(`Unexpected response status: ${testResponse.status}`);
+    }
+
+    return true;
+  } catch (error) {
+    console.error(
+      chalk.red(`❌ Docker Hub authentication failed:`, error.message)
+    );
+
+    if (error.response?.status === 401) {
+      throw new Error(
+        error.response?.data?.detail || "Invalid username or password/token"
+      );
+    } else if (error.response?.status === 429) {
+      throw new Error("Rate limited by Docker Hub API");
+    } else if (error.code === "ECONNREFUSED" || error.code === "ENOTFOUND") {
+      throw new Error("Cannot connect to Docker Hub");
+    } else {
+      throw new Error(`Authentication test failed: ${error.message}`);
+    }
+  }
+}
+
+// Test ECR registry credentials
+async function testECRCredentials(
+  accessKeyId,
+  secretAccessKey,
+  region,
+  sessionToken
+) {
+  try {
+    if (!region || !region.match(/^[a-z0-9-]+$/)) {
+      throw new Error("Invalid AWS region format");
+    }
+
+    const credentials = {
+      accessKeyId,
+      secretAccessKey,
+      sessionToken,
+    };
+
+    const stsClient = new STSClient({ region, credentials });
+    const identity = await stsClient.send(new GetCallerIdentityCommand({}));
+
+    let username = "Unknown";
+    if (identity.Arn) {
+      const arnParts = identity.Arn.split("/");
+      if (arnParts.length > 0) {
+        username = arnParts[arnParts.length - 1];
+      }
+    }
+
+    const ecrClient = new ECRClient({ region, credentials });
+    const command = new DescribeRepositoriesCommand({ maxResults: 1 });
+
+    await ecrClient.send(command);
+
+    return { success: true, username };
+  } catch (error) {
+    console.error(
+      chalk.red(`❌ AWS authentication failed:`, error.name, ":", error.message)
+    );
+
+    switch (error.name) {
+      case "ExpiredTokenException":
+        throw new Error(
+          "AWS session has expired. Please use fresh credentials."
+        );
+      case "AccessDeniedException":
+      case "UnrecognizedClientException":
+        throw new Error("Invalid AWS credentials or insufficient permissions");
+      case "InvalidSignatureException":
+        throw new Error("Invalid AWS Secret Access Key");
+      case "ValidationException":
+        throw new Error("Invalid AWS region or parameter");
+      case "CredentialsProviderError":
+        throw new Error("AWS Access Key ID not found");
+      case "NetworkingError":
+        throw new Error("Cannot connect to AWS service");
+      case "TokenRefreshRequired":
+        throw new Error(
+          "AWS credentials need to be refreshed. Please use fresh credentials."
+        );
+      default:
+        throw new Error(`Authentication test failed: ${error.message}`);
+    }
+  }
+}
+
+// Test GCR registry credentials
+async function testGCRCredentials(serviceAccountJson) {
+  try {
+    let serviceAccountKey;
+    try {
+      serviceAccountKey = JSON.parse(serviceAccountJson);
+    } catch (parseError) {
+      throw new Error("Invalid service account JSON format");
+    }
+
+    if (
+      !serviceAccountKey.type ||
+      serviceAccountKey.type !== "service_account"
+    ) {
+      throw new Error("Invalid service account type");
+    }
+    if (!serviceAccountKey.project_id) {
+      throw new Error("Missing project_id in service account");
+    }
+    if (!serviceAccountKey.private_key || !serviceAccountKey.client_email) {
+      throw new Error("Missing required credentials in service account");
+    }
+
+    const auth = new GoogleAuth({
+      credentials: serviceAccountKey,
+      scopes: ["https://www.googleapis.com/auth/cloud-platform"],
+    });
+
+    const authClient = await auth.getClient();
+    const accessToken = await authClient.getAccessToken();
+
+    if (!accessToken.token) {
+      throw new Error("Failed to obtain access token");
+    }
+
+    const projectId = serviceAccountKey.project_id;
+    const registryUrl = `https://gcr.io/v2/${projectId}/tags/list`;
+
+    const response = await axios.get(registryUrl, {
+      headers: {
+        Authorization: `Bearer ${accessToken.token}`,
+        Accept: "application/json",
+      },
+      timeout: 10000,
+    });
+
+    if (response.status === 200) {
+      return true;
+    } else {
+      throw new Error(`Unexpected response status: ${response.status}`);
+    }
+  } catch (error) {
+    console.error(chalk.red(`❌ GCR authentication failed:`, error.message));
+
+    if (error.response?.status === 401) {
+      throw new Error("Invalid service account credentials");
+    } else if (error.response?.status === 403) {
+      throw new Error(
+        "Service account lacks required permissions for Container Registry"
+      );
+    } else if (error.code === "ECONNREFUSED" || error.code === "ENOTFOUND") {
+      throw new Error("Cannot connect to Google Container Registry");
+    } else if (error.message.includes("JSON")) {
+      throw new Error("Invalid service account JSON format");
+    } else {
+      throw new Error(`GCR authentication test failed: ${error.message}`);
+    }
+  }
+}
+
+// Test ACR registry credentials
+async function testACRCredentials(username, password, url) {
+  try {
+    const registryName = url.replace("https://", "").replace(".azurecr.io", "");
+
+    const catalogUrl = `${url}/v2/_catalog`;
+
+    const response = await axios.get(catalogUrl, {
+      headers: {
+        Authorization: `Basic ${Buffer.from(`${username}:${password}`).toString(
+          "base64"
+        )}`,
+      },
+      timeout: 10000,
+    });
+
+    if (response.status === 200) {
+      return true;
+    } else {
+      throw new Error(`Unexpected response status: ${response.status}`);
+    }
+  } catch (error) {
+    console.error(chalk.red(`❌ ACR authentication failed:`, error.message));
+
+    if (error.response?.status === 401) {
+      throw new Error("Invalid username or password/token");
+    } else if (error.response?.status === 404) {
+      throw new Error("Registry not found or API not supported");
+    } else if (error.code === "ECONNREFUSED" || error.code === "ENOTFOUND") {
+      throw new Error("Cannot connect to Azure Container Registry");
+    } else {
+      throw new Error(`ACR authentication test failed: ${error.message}`);
+    }
+  }
+}
+
+// Test custom registry credentials
+async function testCustomRegistryCredentials(username, password, url) {
+  try {
+    const response = await axios.get(`${url}/v2/_catalog`, {
+      headers: {
+        Authorization: `Basic ${Buffer.from(`${username}:${password}`).toString(
+          "base64"
+        )}`,
+      },
+      timeout: 10000,
+    });
+
+    if (response.status === 200) {
+      return true;
+    } else {
+      throw new Error(`Unexpected response status: ${response.status}`);
+    }
+  } catch (error) {
+    console.error(
+      chalk.red(`❌ Custom registry authentication failed:`, error.message)
+    );
+
+    if (error.response?.status === 401) {
+      throw new Error("Invalid username or password/token");
+    } else if (error.response?.status === 404) {
+      throw new Error("Registry not found or API not supported");
+    } else if (error.code === "ECONNREFUSED" || error.code === "ENOTFOUND") {
+      throw new Error("Cannot connect to registry");
+    } else {
+      throw new Error(`Authentication test failed: ${error.message}`);
+    }
+  }
+}
+
+async function handleDisconnectRegistry(ws, payload) {
+  try {
+    const { id, requestId } = payload;
+
+    if (!id) {
+      throw new Error("Registry ID is required");
+    }
+
+    // Get registry from store first to check if it exists
+    const registry = await registryStore.getRegistryWithCredentials(id);
+    if (!registry) {
+      throw new Error("Registry not found");
+    }
+
+    // Remove from persistent store
+    await registryStore.removeRegistry(id);
+
+    console.log(`✅ Successfully disconnected from registry: ${registry.name}`);
+
+    ws.send(
+      JSON.stringify({
+        type: "registryDisconnected",
+        id,
+        success: true,
+        requestId,
+      })
+    );
+  } catch (error) {
+    console.error("Error disconnecting registry:", error);
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to disconnect registry: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
+async function handleRenameRegistry(ws, payload) {
+  try {
+    const { id, newName, requestId } = payload;
+
+    if (!id) {
+      throw new Error("Registry ID is required");
+    }
+
+    if (!newName || newName.trim() === "") {
+      throw new Error("New name is required");
+    }
+
+    // Get registry from store first to check if it exists
+    const registry = await registryStore.getRegistryWithCredentials(id);
+    if (!registry) {
+      throw new Error("Registry not found");
+    }
+
+    const oldName = registry.name;
+
+    // Update the registry with the new name
+    const updatedRegistry = {
+      ...registry,
+      name: newName.trim(),
+    };
+
+    // Save the updated registry
+    await registryStore.upsertRegistry(updatedRegistry);
+
+    console.log(
+      `✅ Successfully renamed registry from: ${oldName} to: ${newName.trim()}`
+    );
+
+    // Return safe registry data (without credentials)
+    const { credentials, ...safeRegistry } = updatedRegistry;
+
+    ws.send(
+      JSON.stringify({
+        type: "registryRenamed",
+        registry: safeRegistry,
+        requestId,
+      })
+    );
+  } catch (error) {
+    console.error("Error renaming registry:", error);
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to rename registry: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
+async function handleSetActiveRegistry(ws, payload) {
+  try {
+    const { id, requestId } = payload;
+
+    if (!id) {
+      throw new Error("Registry ID is required");
+    }
+
+    // Set the active registry
+    const activeRegistry = await registryStore.setActiveRegistry(id);
+
+    if (!activeRegistry) {
+      throw new Error("Registry not found");
+    }
+
+    // Return safe registry data (without credentials)
+    const { credentials, ...safeRegistry } = activeRegistry;
+
+    ws.send(
+      JSON.stringify({
+        type: "activeRegistrySet",
+        registry: safeRegistry,
+        requestId,
+      })
+    );
+  } catch (error) {
+    console.error("Error setting active registry:", error);
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to set active registry: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
+async function handleFetchRegistryImages(ws, payload) {
+  try {
+    const { registryId, requestId } = payload;
+
+    // Get registry from persistent store
+    const registry = await registryStore.getRegistryWithCredentials(registryId);
+    if (!registry) {
+      throw new Error("Registry not found");
+    }
+
+    let formattedImages = [];
+
+    try {
+      switch (registry.type) {
+        case "docker-hub":
+          formattedImages = await fetchDockerHubImages(registry);
+          break;
+        case "ecr":
+          formattedImages = await fetchECRImages(registry);
+          break;
+        case "gcr":
+          formattedImages = await fetchGCRImages(registry);
+          break;
+        case "acr":
+          formattedImages = await fetchACRImages(registry);
+          break;
+        case "custom":
+          formattedImages = await fetchCustomRegistryImages(registry);
+          break;
+        default:
+          throw new Error(`Unsupported registry type: ${registry.type}`);
+      }
+    } catch (fetchError) {
+      console.error(
+        `Error fetching images from registry ${registry.name}:`,
+        fetchError.message
+      );
+
+      ws.send(
+        JSON.stringify({
+          type: "error",
+          error: `Failed to fetch images from registry ${registry.name}: ${fetchError.message}`,
+          requestId,
+        })
+      );
+      return;
+    }
+
+    ws.send(
+      JSON.stringify({
+        type: "registryImages",
+        images: formattedImages,
+        requestId,
+      })
+    );
+  } catch (error) {
+    console.error("Error fetching registry images:", error);
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to fetch registry images: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
+// Helper function to fetch images from Docker Hub
+async function fetchDockerHubImages(registry) {
+  const baseUrl = "https://hub.docker.com/v2";
+  try {
+    const username = registry.credentials.username;
+    const password = registry.credentials.password;
+
+    const tokenResponse = await axios.post(
+      `${baseUrl}/users/login/`,
+      {
+        username: username,
+        password: password,
+      },
+      {
+        headers: {
+          "Content-Type": "application/json",
+        },
+        timeout: 15000,
+      }
+    );
+
+    const token = tokenResponse.data?.token;
+    if (!token) {
+      throw new Error(
+        "Failed to get authentication token - invalid credentials"
+      );
+    }
+
+    const reposResponse = await axios.get(
+      `${baseUrl}/repositories/${username}/`,
+      {
+        headers: {
+          Authorization: `JWT ${token}`,
+        },
+        params: {
+          page_size: 100,
+        },
+        timeout: 15000,
+      }
+    );
+
+    const repositories = reposResponse.data.results || [];
+    if (repositories.length === 0) {
+      console.warn(`⚠️ No repositories found for user: ${username}`);
+      return [];
+    }
+
+    const imagePromises = repositories.map(async (repo) => {
+      try {
+        const tagsResponse = await axios.get(
+          `${baseUrl}/repositories/${username}/${repo.name}/tags/`,
+          {
+            headers: {
+              Authorization: `JWT ${token}`,
+            },
+            params: {
+              page_size: 100,
+            },
+            timeout: 10000,
+          }
+        );
+
+        const tags = tagsResponse.data.results || [];
+
+        return tags.map((tag) => ({
+          id: `dh-${repo.name}-${tag.name}`,
+          name: `${username}/${repo.name}`,
+          tag: tag.name,
+          size: tag.full_size ? formatSize(tag.full_size) : "Unknown",
+          created: tag.last_updated
+            ? formatCreatedTime(new Date(tag.last_updated).getTime() / 1000)
+            : "Unknown",
+          registry: registry.id,
+          isPrivate: repo.is_private || false,
+          starCount: repo.star_count || 0,
+          pullCount: repo.pull_count || 0,
+          architecture: tag.images?.[0]?.architecture || "amd64",
+          os: tag.images?.[0]?.os || "linux",
+        }));
+      } catch (tagError) {
+        console.error(
+          chalk.red(
+            `❌ Error fetching tags for repository ${repo.name}:`,
+            tagError.message
+          )
+        );
+        return [];
+      }
+    });
+
+    const imageArrays = await Promise.all(imagePromises);
+    const allImages = imageArrays.flat().filter((image) => image);
+
+    return allImages;
+  } catch (error) {
+    console.error(chalk.red("❌ Error fetching Docker Hub images:", error));
+
+    if (error.response?.status === 401) {
+      throw new Error("Authentication failed: Invalid credentials");
+    } else if (error.response?.status === 429) {
+      throw new Error("Rate limited: Too many requests to Docker Hub API");
+    } else if (error.code === "ECONNREFUSED" || error.code === "ENOTFOUND") {
+      throw new Error("Cannot connect to Docker Hub");
+    } else {
+      throw new Error(`Docker Hub API error: ${error.message}`);
+    }
+  }
+}
+
+// Helper function to fetch images from AWS ECR
+async function fetchECRImages(registry) {
+  try {
+    const credentials = {
+      accessKeyId: registry.credentials.accessKeyId,
+      secretAccessKey: registry.credentials.secretAccessKey,
+      sessionToken: registry.credentials.sessionToken,
+    };
+
+    // Remove undefined values
+    Object.keys(credentials).forEach((key) => {
+      if (credentials[key] === undefined) {
+        delete credentials[key];
+      }
+    });
+
+    const ecr = new ECRClient({
+      region: registry.region,
+      credentials,
+    });
+
+    const reposResult = await ecr.send(
+      new DescribeRepositoriesCommand({
+        maxResults: 100,
+      })
+    );
+
+    const repositories = reposResult.repositories || [];
+
+    if (repositories.length === 0) {
+      return [];
+    }
+
+    const imagePromises = repositories.map(async (repo) => {
+      try {
+        const imagesResult = await ecr.send(
+          new DescribeImagesCommand({
+            repositoryName: repo.repositoryName,
+            maxResults: 100,
+          })
+        );
+
+        const images = imagesResult.imageDetails || [];
+
+        return images.map((image) => {
+          const tags = image.imageTags || ["<untagged>"];
+          const primaryTag = tags[0];
+
+          return {
+            id: `ecr-${repo.repositoryName}-${primaryTag}`,
+            name: `${registry.url.replace("https://", "")}/${
+              repo.repositoryName
+            }`,
+            tag: primaryTag,
+            size: image.imageSizeInBytes
+              ? formatSize(image.imageSizeInBytes)
+              : "Unknown",
+            created: image.imagePushedAt
+              ? formatCreatedTime(image.imagePushedAt.getTime() / 1000)
+              : "Unknown",
+            registry: registry.id,
+            isPrivate: true,
+            pullCount: 0,
+            starCount: 0,
+            architecture: "amd64",
+            os: "linux",
+          };
+        });
+      } catch (imageError) {
+        console.error(
+          chalk.red(
+            `❌ Error fetching images for repository ${repo.repositoryName}:`,
+            imageError.message
+          )
+        );
+        return [];
+      }
+    });
+
+    const imageArrays = await Promise.all(imagePromises);
+    const allImages = imageArrays.flat().filter((image) => image);
+
+    return allImages;
+  } catch (error) {
+    console.error(chalk.red("❌ Error fetching ECR images:", error));
+
+    // Handle expired token specifically
+    if (error.code === "ExpiredTokenException") {
+      throw new Error(
+        "AWS session has expired. Please reconnect your ECR registry with fresh credentials."
+      );
+    } else if (
+      error.code === "UnauthorizedOperation" ||
+      error.code === "AccessDenied"
+    ) {
+      throw new Error("Insufficient permissions to access ECR repositories");
+    } else if (error.code === "InvalidUserID.NotFound") {
+      throw new Error("Invalid AWS credentials");
+    } else if (error.code === "TokenRefreshRequired") {
+      throw new Error(
+        "AWS credentials need to be refreshed. Please reconnect your ECR registry."
+      );
+    } else {
+      throw new Error(`ECR API error: ${error.message}`);
+    }
+  }
+}
+
+//! TO BE ENHANCED IN THE FUTURE
+// Helper function to fetch images from Google GCR
+async function fetchGCRImages(registry) {
+  try {
+    const serviceAccountKey = JSON.parse(
+      registry.credentials.serviceAccountJson
+    );
+    const projectId = serviceAccountKey.project_id;
+
+    const auth = new GoogleAuth({
+      credentials: serviceAccountKey,
+      scopes: ["https://www.googleapis.com/auth/cloud-platform"],
+    });
+
+    const authClient = await auth.getClient();
+    const accessToken = await authClient.getAccessToken();
+
+    const catalogUrl = `https://gcr.io/v2/${projectId}/tags/list`;
+
+    const catalogResponse = await axios.get(catalogUrl, {
+      headers: {
+        Authorization: `Bearer ${accessToken.token}`,
+        Accept: "application/json",
+      },
+      timeout: 15000,
+    });
+
+    const repositories = catalogResponse.data.child || [];
+
+    if (repositories.length === 0) {
+      return [];
+    }
+
+    const imagePromises = repositories.slice(0, 20).map(async (repoName) => {
+      try {
+        const tagsUrl = `https://gcr.io/v2/${projectId}/${repoName}/tags/list`;
+
+        const tagsResponse = await axios.get(tagsUrl, {
+          headers: {
+            Authorization: `Bearer ${accessToken.token}`,
+            Accept: "application/json",
+          },
+          timeout: 10000,
+        });
+
+        const tags = tagsResponse.data.tags || [];
+
+        return tags.slice(0, 5).map((tag) => ({
+          id: `gcr-${repoName}-${tag}`,
+          name: `gcr.io/${projectId}/${repoName}`,
+          tag: tag,
+          size: "Unknown",
+          created: "Unknown",
+          registry: registry.id,
+          isPrivate: true,
+          pullCount: 0,
+          starCount: 0,
+          architecture: "amd64",
+          os: "linux",
+        }));
+      } catch (tagError) {
+        console.error(
+          chalk.red(
+            `❌ Error fetching tags for repository ${repoName}:`,
+            tagError.message
+          )
+        );
+        return [];
+      }
+    });
+
+    const imageArrays = await Promise.all(imagePromises);
+    const allImages = imageArrays.flat().filter((image) => image);
+
+    return allImages;
+  } catch (error) {
+    console.error(chalk.red("❌ Error fetching GCR images:", error));
+
+    if (error.response?.status === 401) {
+      throw new Error("Invalid service account credentials");
+    } else if (error.response?.status === 403) {
+      throw new Error("Service account lacks required permissions");
+    } else {
+      throw new Error(`GCR API error: ${error.message}`);
+    }
+  }
+}
+
+//! TO BE ENHANCED IN THE FUTURE
+// Helper function to fetch images from Azure ACR
+async function fetchACRImages(registry) {
+  try {
+    const registryName = registry.url
+      .replace("https://", "")
+      .replace(".azurecr.io", "");
+
+    const catalogUrl = `${registry.url}/v2/_catalog`;
+
+    const catalogResponse = await axios.get(catalogUrl, {
+      headers: {
+        Authorization: `Basic ${Buffer.from(
+          `${registry.credentials.username}:${registry.credentials.password}`
+        ).toString("base64")}`,
+      },
+      timeout: 15000,
+    });
+
+    const repositories = catalogResponse.data.repositories || [];
+
+    if (repositories.length === 0) {
+      return [];
+    }
+
+    const imagePromises = repositories.slice(0, 20).map(async (repoName) => {
+      try {
+        const tagsUrl = `${registry.url}/v2/${repoName}/tags/list`;
+
+        const tagsResponse = await axios.get(tagsUrl, {
+          headers: {
+            Authorization: `Basic ${Buffer.from(
+              `${registry.credentials.username}:${registry.credentials.password}`
+            ).toString("base64")}`,
+          },
+          timeout: 10000,
+        });
+
+        const tags = tagsResponse.data.tags || [];
+
+        return tags.slice(0, 5).map((tag) => ({
+          id: `acr-${repoName}-${tag}`,
+          name: `${registryName}.azurecr.io/${repoName}`,
+          tag: tag,
+          size: "Unknown",
+          created: "Unknown",
+          registry: registry.id,
+          isPrivate: true,
+          pullCount: 0,
+          starCount: 0,
+          architecture: "amd64",
+          os: "linux",
+        }));
+      } catch (tagError) {
+        console.error(
+          chalk.red(
+            `❌ Error fetching tags for repository ${repoName}:`,
+            tagError.message
+          )
+        );
+        return [];
+      }
+    });
+
+    const imageArrays = await Promise.all(imagePromises);
+    const allImages = imageArrays.flat().filter((image) => image);
+
+    return allImages;
+  } catch (error) {
+    console.error(chalk.red("❌ Error fetching ACR images:", error));
+
+    if (error.response?.status === 401) {
+      throw new Error("Invalid username or password/token");
+    } else if (error.response?.status === 404) {
+      throw new Error("Registry not found");
+    } else {
+      throw new Error(`ACR API error: ${error.message}`);
+    }
+  }
+}
+
+//! TO BE ENHANCED IN THE FUTURE
+// Helper function to fetch images from custom registry
+async function fetchCustomRegistryImages(registry) {
+  try {
+    const apiUrl = `${registry.url}/v2/_catalog`;
+
+    const response = await fetch(apiUrl, {
+      headers: {
+        Authorization: `Basic ${Buffer.from(
+          `${registry.credentials.username}:${registry.credentials.password}`
+        ).toString("base64")}`,
+      },
+    });
+
+    if (!response.ok) {
+      throw new Error(
+        `Registry API error: ${response.status} ${response.statusText}`
+      );
+    }
+
+    const data = await response.json();
+
+    const repositories = data.repositories || [];
+
+    return repositories.map((repo, index) => ({
+      id: `custom-${index}-${repo}`,
+      name: repo,
+      tag: "latest",
+      size: "Unknown",
+      created: "Unknown",
+      registry: registry.id,
+    }));
+  } catch (error) {
+    console.error("Error fetching custom registry images:", error);
+    throw error;
+  }
+}
+
+export default { handleRegistryAction };
+
+export { handleRegistryAction };