@generacy-ai/control-plane 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/git-credential-generacy.js +33 -77
- package/dist/bin/git-credential-generacy.js.map +1 -1
- package/dist/src/index.d.ts +1 -0
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +1 -0
- package/dist/src/index.js.map +1 -1
- package/dist/src/services/jit-git-token-client.d.ts +21 -0
- package/dist/src/services/jit-git-token-client.d.ts.map +1 -0
- package/dist/src/services/jit-git-token-client.js +105 -0
- package/dist/src/services/jit-git-token-client.js.map +1 -0
- package/package.json +1 -1
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import
|
|
2
|
+
import { createJitGitTokenClient, JitTokenError, } from '../src/services/jit-git-token-client.js';
|
|
3
3
|
const DEFAULT_SOCKET_PATH = '/run/generacy-control-plane/control.sock';
|
|
4
4
|
const EXIT_CODE_BY_CODE = {
|
|
5
5
|
CONTROL_SOCKET_UNREACHABLE: 2,
|
|
@@ -10,6 +10,7 @@ const EXIT_CODE_BY_CODE = {
|
|
|
10
10
|
CLOUD_UPSTREAM_ERROR: 7,
|
|
11
11
|
CLOUD_RESPONSE_INVALID: 8,
|
|
12
12
|
CREDENTIAL_NOT_CONFIGURED: 9,
|
|
13
|
+
RESPONSE_PARSE_ERROR: 8,
|
|
13
14
|
INTERNAL_ERROR: 1,
|
|
14
15
|
};
|
|
15
16
|
function exitErr(outcome) {
|
|
@@ -22,7 +23,6 @@ function readStdin() {
|
|
|
22
23
|
process.stdin.on('data', (c) => chunks.push(c));
|
|
23
24
|
process.stdin.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
|
|
24
25
|
process.stdin.on('error', reject);
|
|
25
|
-
// If stdin is closed before any data, 'end' fires naturally.
|
|
26
26
|
});
|
|
27
27
|
}
|
|
28
28
|
function parseInput(raw) {
|
|
@@ -42,93 +42,49 @@ function parseInput(raw) {
|
|
|
42
42
|
}
|
|
43
43
|
return attrs;
|
|
44
44
|
}
|
|
45
|
-
function
|
|
46
|
-
return
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
'content-type': 'application/json',
|
|
53
|
-
'content-length': '2',
|
|
54
|
-
},
|
|
55
|
-
}, (res) => {
|
|
56
|
-
const chunks = [];
|
|
57
|
-
res.on('data', (c) => chunks.push(c));
|
|
58
|
-
res.on('end', () => {
|
|
59
|
-
resolve({ status: res.statusCode ?? 0, body: Buffer.concat(chunks).toString('utf8') });
|
|
60
|
-
});
|
|
61
|
-
res.on('error', reject);
|
|
62
|
-
});
|
|
63
|
-
req.on('error', reject);
|
|
64
|
-
req.write('{}');
|
|
65
|
-
req.end();
|
|
66
|
-
});
|
|
45
|
+
function resolveSocketPath() {
|
|
46
|
+
return (process.env['GIT_TOKEN_SOCKET_PATH'] ??
|
|
47
|
+
process.env['CONTROL_PLANE_SOCKET_PATH'] ??
|
|
48
|
+
DEFAULT_SOCKET_PATH);
|
|
49
|
+
}
|
|
50
|
+
function mapJitErrorToExit(code) {
|
|
51
|
+
return EXIT_CODE_BY_CODE[code] ?? EXIT_CODE_BY_CODE.INTERNAL_ERROR;
|
|
67
52
|
}
|
|
68
53
|
async function runGet(socketPath, input) {
|
|
69
54
|
if (input.host !== 'github.com') {
|
|
70
55
|
// Defensive bypass — git's per-host config should already prevent this.
|
|
71
56
|
process.exit(0);
|
|
72
57
|
}
|
|
73
|
-
|
|
58
|
+
const client = createJitGitTokenClient({ socketPath });
|
|
59
|
+
let token;
|
|
74
60
|
try {
|
|
75
|
-
response = await
|
|
61
|
+
const response = await client.fetch();
|
|
62
|
+
token = response.token;
|
|
76
63
|
}
|
|
77
64
|
catch (err) {
|
|
78
|
-
|
|
79
|
-
exitErr({
|
|
80
|
-
code: 'CONTROL_SOCKET_UNREACHABLE',
|
|
81
|
-
message: `control socket at ${socketPath} unreachable (${cause})`,
|
|
82
|
-
exitCode: EXIT_CODE_BY_CODE.CONTROL_SOCKET_UNREACHABLE,
|
|
83
|
-
});
|
|
84
|
-
}
|
|
85
|
-
if (response.status >= 200 && response.status < 300) {
|
|
86
|
-
let parsed;
|
|
87
|
-
try {
|
|
88
|
-
parsed = JSON.parse(response.body);
|
|
89
|
-
}
|
|
90
|
-
catch {
|
|
91
|
-
exitErr({
|
|
92
|
-
code: 'CLOUD_RESPONSE_INVALID',
|
|
93
|
-
message: 'control-plane returned a non-JSON body on success',
|
|
94
|
-
exitCode: EXIT_CODE_BY_CODE.CLOUD_RESPONSE_INVALID,
|
|
95
|
-
});
|
|
96
|
-
}
|
|
97
|
-
if (typeof parsed.token !== 'string' || parsed.token.length === 0) {
|
|
65
|
+
if (err instanceof JitTokenError) {
|
|
98
66
|
exitErr({
|
|
99
|
-
code:
|
|
100
|
-
message:
|
|
101
|
-
exitCode:
|
|
67
|
+
code: err.code,
|
|
68
|
+
message: err.message,
|
|
69
|
+
exitCode: mapJitErrorToExit(err.code),
|
|
102
70
|
});
|
|
103
71
|
}
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
out.push('username=x-access-token');
|
|
110
|
-
out.push(`password=${parsed.token}`);
|
|
111
|
-
out.push(''); // trailing blank line
|
|
112
|
-
process.stdout.write(out.join('\n'));
|
|
113
|
-
process.exit(0);
|
|
114
|
-
}
|
|
115
|
-
// Non-2xx — extract code/message from error body if possible.
|
|
116
|
-
let code = 'INTERNAL_ERROR';
|
|
117
|
-
let message = `control-plane returned HTTP ${response.status}`;
|
|
118
|
-
try {
|
|
119
|
-
const errBody = JSON.parse(response.body);
|
|
120
|
-
if (typeof errBody.code === 'string' && errBody.code in EXIT_CODE_BY_CODE) {
|
|
121
|
-
code = errBody.code;
|
|
122
|
-
}
|
|
123
|
-
if (typeof errBody.error === 'string') {
|
|
124
|
-
message = errBody.error;
|
|
125
|
-
}
|
|
126
|
-
}
|
|
127
|
-
catch {
|
|
128
|
-
// Fall through to defaults.
|
|
72
|
+
exitErr({
|
|
73
|
+
code: 'INTERNAL_ERROR',
|
|
74
|
+
message: err instanceof Error ? err.message : String(err),
|
|
75
|
+
exitCode: EXIT_CODE_BY_CODE.INTERNAL_ERROR,
|
|
76
|
+
});
|
|
129
77
|
}
|
|
130
|
-
const
|
|
131
|
-
|
|
78
|
+
const out = [];
|
|
79
|
+
if (input.protocol)
|
|
80
|
+
out.push(`protocol=${input.protocol}`);
|
|
81
|
+
if (input.host)
|
|
82
|
+
out.push(`host=${input.host}`);
|
|
83
|
+
out.push('username=x-access-token');
|
|
84
|
+
out.push(`password=${token}`);
|
|
85
|
+
out.push(''); // trailing blank line
|
|
86
|
+
process.stdout.write(out.join('\n'));
|
|
87
|
+
process.exit(0);
|
|
132
88
|
}
|
|
133
89
|
async function main() {
|
|
134
90
|
const action = process.argv[2];
|
|
@@ -144,7 +100,7 @@ async function main() {
|
|
|
144
100
|
process.exit(0);
|
|
145
101
|
}
|
|
146
102
|
const input = parseInput(raw);
|
|
147
|
-
const socketPath =
|
|
103
|
+
const socketPath = resolveSocketPath();
|
|
148
104
|
await runGet(socketPath, input);
|
|
149
105
|
}
|
|
150
106
|
main().catch((err) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"git-credential-generacy.js","sourceRoot":"","sources":["../../bin/git-credential-generacy.ts"],"names":[],"mappings":";AAEA,OAAO,
|
|
1
|
+
{"version":3,"file":"git-credential-generacy.js","sourceRoot":"","sources":["../../bin/git-credential-generacy.ts"],"names":[],"mappings":";AAEA,OAAO,EACL,uBAAuB,EACvB,aAAa,GAEd,MAAM,yCAAyC,CAAC;AAEjD,MAAM,mBAAmB,GAAG,0CAA0C,CAAC;AAUvE,MAAM,iBAAiB,GAA2B;IAChD,0BAA0B,EAAE,CAAC;IAC7B,uBAAuB,EAAE,CAAC;IAC1B,iBAAiB,EAAE,CAAC;IACpB,mBAAmB,EAAE,CAAC;IACtB,qBAAqB,EAAE,CAAC;IACxB,oBAAoB,EAAE,CAAC;IACvB,sBAAsB,EAAE,CAAC;IACzB,yBAAyB,EAAE,CAAC;IAC5B,oBAAoB,EAAE,CAAC;IACvB,cAAc,EAAE,CAAC;CAClB,CAAC;AAEF,SAAS,OAAO,CAAC,OAAqB;IACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC;IACnF,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC/E,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAOD,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,IAAI,IAAI,KAAK,EAAE;YAAE,MAAM;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,KAAK,CAAC,CAAC;YAAE,SAAS;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACjC,IAAI,GAAG,KAAK,UAAU;YAAE,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC;aAC1C,IAAI,GAAG,KAAK,MAAM;YAAE,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC;IAC9C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QACxC,mBAAmB,CACpB,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAuB;IAChD,OAAO,iBAAiB,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,cAAe,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,UAAkB,EAAE,KAAiB;IACzD,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAChC,wEAAwE;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,uBAAuB,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;IAEvD,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACtC,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YACjC,OAAO,CAAC;gBACN,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,QAAQ,EAAE,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC;aACtC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,CAAC;YACN,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;YACzD,QAAQ,EAAE,iBAAiB,CAAC,cAAe;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,KAAK,CAAC,QAAQ;QAAE,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC3D,IAAI,KAAK,CAAC,IAAI;QAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/C,GAAG,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACpC,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC,CAAC;IAC9B,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,sBAAsB;IACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAuB,CAAC;IACrD,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACjE,OAAO,CAAC;YACN,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,kBAAkB,MAAM,IAAI,QAAQ,EAAE;YAC/C,QAAQ,EAAE,iBAAiB,CAAC,cAAe;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC;IAE9B,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;IACvC,MAAM,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;AAClC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;IAC5B,mEAAmE;IACnE,OAAO,CAAC;QACN,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;QACzD,QAAQ,EAAE,iBAAiB,CAAC,cAAe;KAC5C,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/dist/src/index.d.ts
CHANGED
|
@@ -4,6 +4,7 @@ export { ClusterStatusSchema, DeploymentModeSchema, ClusterVariantSchema, Cluste
|
|
|
4
4
|
export { initClusterState, updateClusterStatus, getClusterState, } from './state.js';
|
|
5
5
|
export { CodeServerProcessManager, getCodeServerManager, setCodeServerManager, loadOptionsFromEnv, DEFAULT_CODE_SERVER_BIN, DEFAULT_CODE_SERVER_SOCKET, DEFAULT_IDLE_TIMEOUT_MS, type CodeServerManager, type CodeServerManagerOptions, type CodeServerStartResult, type CodeServerStatus, } from './services/code-server-manager.js';
|
|
6
6
|
export { TunnelHandler, type RelayMessageSender, } from './services/tunnel-handler.js';
|
|
7
|
+
export { createJitGitTokenClient, JitTokenError, type JitGitTokenClient, type JitGitTokenClientOptions, type JitGitTokenResponse, type JitTokenErrorCode, } from './services/jit-git-token-client.js';
|
|
7
8
|
export { ControlPlaneError, sendError, type ControlPlaneErrorCode, type ControlPlaneErrorResponse, } from './errors.js';
|
|
8
9
|
export { ControlPlaneServer } from './server.js';
|
|
9
10
|
export { DockerEngineClient, type DockerEngineClientOptions, type ListContainersOptions, type CreateContainerResponse, type StreamContainerEventsOptions, } from './services/docker-engine-client.js';
|
package/dist/src/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGhF,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,4BAA4B,EAC5B,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,EAC3B,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,iBAAiB,GACvB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,GAChB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,GACtB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,aAAa,EACb,KAAK,kBAAkB,GACxB,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGhF,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,4BAA4B,EAC5B,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,EAC3B,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,iBAAiB,GACvB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,GAChB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,GACtB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,aAAa,EACb,KAAK,kBAAkB,GACxB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,uBAAuB,EACvB,aAAa,EACb,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,GACvB,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,KAAK,qBAAqB,EAC1B,KAAK,yBAAyB,GAC/B,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjD,OAAO,EACL,kBAAkB,EAClB,KAAK,yBAAyB,EAC9B,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,4BAA4B,GAClC,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EACL,KAAK,WAAW,EAChB,iBAAiB,EACjB,4BAA4B,GAC7B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EACL,KAAK,aAAa,EAClB,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,kCAAkC,CAAC"}
|
package/dist/src/index.js
CHANGED
|
@@ -5,6 +5,7 @@ export { initClusterState, updateClusterStatus, getClusterState, } from './state
|
|
|
5
5
|
// Services
|
|
6
6
|
export { CodeServerProcessManager, getCodeServerManager, setCodeServerManager, loadOptionsFromEnv, DEFAULT_CODE_SERVER_BIN, DEFAULT_CODE_SERVER_SOCKET, DEFAULT_IDLE_TIMEOUT_MS, } from './services/code-server-manager.js';
|
|
7
7
|
export { TunnelHandler, } from './services/tunnel-handler.js';
|
|
8
|
+
export { createJitGitTokenClient, JitTokenError, } from './services/jit-git-token-client.js';
|
|
8
9
|
// Errors
|
|
9
10
|
export { ControlPlaneError, sendError, } from './errors.js';
|
|
10
11
|
// Server
|
package/dist/src/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAIA,UAAU;AACV,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,4BAA4B,EAC5B,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,GAexB,MAAM,cAAc,CAAC;AAEtB,QAAQ;AACR,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,GAChB,MAAM,YAAY,CAAC;AAEpB,WAAW;AACX,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,uBAAuB,GAKxB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,aAAa,GAEd,MAAM,8BAA8B,CAAC;AAEtC,SAAS;AACT,OAAO,EACL,iBAAiB,EACjB,SAAS,GAGV,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,4CAA4C;AAC5C,OAAO,EACL,kBAAkB,GAKnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAEL,iBAAiB,EACjB,4BAA4B,GAC7B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAEL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,kCAAkC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAIA,UAAU;AACV,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,4BAA4B,EAC5B,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,GAexB,MAAM,cAAc,CAAC;AAEtB,QAAQ;AACR,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,GAChB,MAAM,YAAY,CAAC;AAEpB,WAAW;AACX,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,uBAAuB,GAKxB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,aAAa,GAEd,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GAKd,MAAM,oCAAoC,CAAC;AAE5C,SAAS;AACT,OAAO,EACL,iBAAiB,EACjB,SAAS,GAGV,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,4CAA4C;AAC5C,OAAO,EACL,kBAAkB,GAKnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAEL,iBAAiB,EACjB,4BAA4B,GAC7B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAEL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,kCAAkC,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export type JitTokenErrorCode = 'CLUSTER_API_KEY_MISSING' | 'CREDENTIAL_NOT_CONFIGURED' | 'CLOUD_UNREACHABLE' | 'CLOUD_AUTH_REJECTED' | 'CLOUD_REQUEST_INVALID' | 'CLOUD_UPSTREAM_ERROR' | 'CLOUD_RESPONSE_INVALID' | 'CONTROL_SOCKET_UNREACHABLE' | 'RESPONSE_PARSE_ERROR';
|
|
2
|
+
export declare class JitTokenError extends Error {
|
|
3
|
+
readonly code: JitTokenErrorCode;
|
|
4
|
+
readonly details?: Record<string, unknown>;
|
|
5
|
+
constructor(code: JitTokenErrorCode, message: string, details?: Record<string, unknown>);
|
|
6
|
+
}
|
|
7
|
+
export interface JitGitTokenResponse {
|
|
8
|
+
token: string;
|
|
9
|
+
expiresAt: Date;
|
|
10
|
+
}
|
|
11
|
+
export interface JitGitTokenClient {
|
|
12
|
+
fetch(credentialId?: string): Promise<JitGitTokenResponse>;
|
|
13
|
+
}
|
|
14
|
+
export interface JitGitTokenClientOptions {
|
|
15
|
+
socketPath: string;
|
|
16
|
+
logger?: {
|
|
17
|
+
warn(obj: Record<string, unknown>, msg: string): void;
|
|
18
|
+
};
|
|
19
|
+
}
|
|
20
|
+
export declare function createJitGitTokenClient(options: JitGitTokenClientOptions): JitGitTokenClient;
|
|
21
|
+
//# sourceMappingURL=jit-git-token-client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jit-git-token-client.d.ts","sourceRoot":"","sources":["../../../src/services/jit-git-token-client.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,iBAAiB,GACzB,yBAAyB,GACzB,2BAA2B,GAC3B,mBAAmB,GACnB,qBAAqB,GACrB,uBAAuB,GACvB,sBAAsB,GACtB,wBAAwB,GACxB,4BAA4B,GAC5B,sBAAsB,CAAC;AAc3B,qBAAa,aAAc,SAAQ,KAAK;IACtC,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAC;IACjC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE/B,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAQxF;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;CAC5D;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;CACpE;AAkCD,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB,GAAG,iBAAiB,CAgF5F"}
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
import http from 'node:http';
|
|
2
|
+
const KNOWN_ERROR_CODES = new Set([
|
|
3
|
+
'CLUSTER_API_KEY_MISSING',
|
|
4
|
+
'CREDENTIAL_NOT_CONFIGURED',
|
|
5
|
+
'CLOUD_UNREACHABLE',
|
|
6
|
+
'CLOUD_AUTH_REJECTED',
|
|
7
|
+
'CLOUD_REQUEST_INVALID',
|
|
8
|
+
'CLOUD_UPSTREAM_ERROR',
|
|
9
|
+
'CLOUD_RESPONSE_INVALID',
|
|
10
|
+
'CONTROL_SOCKET_UNREACHABLE',
|
|
11
|
+
'RESPONSE_PARSE_ERROR',
|
|
12
|
+
]);
|
|
13
|
+
export class JitTokenError extends Error {
|
|
14
|
+
code;
|
|
15
|
+
details;
|
|
16
|
+
constructor(code, message, details) {
|
|
17
|
+
super(message);
|
|
18
|
+
this.name = 'JitTokenError';
|
|
19
|
+
this.code = code;
|
|
20
|
+
if (details !== undefined) {
|
|
21
|
+
this.details = details;
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
function postToControlSocket(socketPath, body) {
|
|
26
|
+
return new Promise((resolve, reject) => {
|
|
27
|
+
const req = http.request({
|
|
28
|
+
socketPath,
|
|
29
|
+
path: '/git-token',
|
|
30
|
+
method: 'POST',
|
|
31
|
+
headers: {
|
|
32
|
+
'content-type': 'application/json',
|
|
33
|
+
'content-length': Buffer.byteLength(body).toString(),
|
|
34
|
+
},
|
|
35
|
+
}, (res) => {
|
|
36
|
+
const chunks = [];
|
|
37
|
+
res.on('data', (c) => chunks.push(c));
|
|
38
|
+
res.on('end', () => {
|
|
39
|
+
resolve({ status: res.statusCode ?? 0, body: Buffer.concat(chunks).toString('utf8') });
|
|
40
|
+
});
|
|
41
|
+
res.on('error', reject);
|
|
42
|
+
});
|
|
43
|
+
req.on('error', reject);
|
|
44
|
+
req.write(body);
|
|
45
|
+
req.end();
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
export function createJitGitTokenClient(options) {
|
|
49
|
+
const { socketPath, logger } = options;
|
|
50
|
+
return {
|
|
51
|
+
async fetch(credentialId) {
|
|
52
|
+
const body = credentialId === undefined ? '{}' : JSON.stringify({ credentialId });
|
|
53
|
+
let response;
|
|
54
|
+
try {
|
|
55
|
+
response = await postToControlSocket(socketPath, body);
|
|
56
|
+
}
|
|
57
|
+
catch (err) {
|
|
58
|
+
const cause = err.code ?? err.message;
|
|
59
|
+
throw new JitTokenError('CONTROL_SOCKET_UNREACHABLE', `control socket at ${socketPath} unreachable (${cause})`, { cause });
|
|
60
|
+
}
|
|
61
|
+
if (response.status >= 200 && response.status < 300) {
|
|
62
|
+
let parsed;
|
|
63
|
+
try {
|
|
64
|
+
parsed = JSON.parse(response.body);
|
|
65
|
+
}
|
|
66
|
+
catch {
|
|
67
|
+
logger?.warn({ socketPath, status: response.status }, 'jit-git-token-client: non-JSON success body');
|
|
68
|
+
throw new JitTokenError('RESPONSE_PARSE_ERROR', 'control-plane returned a non-JSON body on success');
|
|
69
|
+
}
|
|
70
|
+
if (typeof parsed.token !== 'string' || parsed.token.length === 0) {
|
|
71
|
+
throw new JitTokenError('RESPONSE_PARSE_ERROR', 'control-plane response missing token');
|
|
72
|
+
}
|
|
73
|
+
if (typeof parsed.expiresAt !== 'string') {
|
|
74
|
+
throw new JitTokenError('RESPONSE_PARSE_ERROR', 'control-plane response missing expiresAt');
|
|
75
|
+
}
|
|
76
|
+
const expiresAtMs = Date.parse(parsed.expiresAt);
|
|
77
|
+
if (!Number.isFinite(expiresAtMs)) {
|
|
78
|
+
throw new JitTokenError('RESPONSE_PARSE_ERROR', `control-plane returned an unparseable expiresAt: ${parsed.expiresAt}`);
|
|
79
|
+
}
|
|
80
|
+
return { token: parsed.token, expiresAt: new Date(expiresAtMs) };
|
|
81
|
+
}
|
|
82
|
+
// Non-2xx — extract code/message from error body if possible.
|
|
83
|
+
let code = 'CLOUD_UPSTREAM_ERROR';
|
|
84
|
+
let message = `HTTP ${response.status}`;
|
|
85
|
+
let details;
|
|
86
|
+
try {
|
|
87
|
+
const errBody = JSON.parse(response.body);
|
|
88
|
+
if (typeof errBody.code === 'string' && KNOWN_ERROR_CODES.has(errBody.code)) {
|
|
89
|
+
code = errBody.code;
|
|
90
|
+
}
|
|
91
|
+
if (typeof errBody.error === 'string') {
|
|
92
|
+
message = errBody.error;
|
|
93
|
+
}
|
|
94
|
+
if (errBody.details && typeof errBody.details === 'object') {
|
|
95
|
+
details = errBody.details;
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
catch {
|
|
99
|
+
// Body was empty / not JSON — keep defaults.
|
|
100
|
+
}
|
|
101
|
+
throw new JitTokenError(code, message, details);
|
|
102
|
+
},
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
//# sourceMappingURL=jit-git-token-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jit-git-token-client.js","sourceRoot":"","sources":["../../../src/services/jit-git-token-client.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAa7B,MAAM,iBAAiB,GAAmC,IAAI,GAAG,CAAoB;IACnF,yBAAyB;IACzB,2BAA2B;IAC3B,mBAAmB;IACnB,qBAAqB;IACrB,uBAAuB;IACvB,sBAAsB;IACtB,wBAAwB;IACxB,4BAA4B;IAC5B,sBAAsB;CACvB,CAAC,CAAC;AAEH,MAAM,OAAO,aAAc,SAAQ,KAAK;IAC7B,IAAI,CAAoB;IACxB,OAAO,CAA2B;IAE3C,YAAY,IAAuB,EAAE,OAAe,EAAE,OAAiC;QACrF,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACzB,CAAC;IACH,CAAC;CACF;AAqBD,SAAS,mBAAmB,CAAC,UAAkB,EAAE,IAAY;IAC3D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CACtB;YACE,UAAU;YACV,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;aACrD;SACF,EACD,CAAC,GAAG,EAAE,EAAE;YACN,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACzF,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1B,CAAC,CACF,CAAC;QACF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChB,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEvC,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,YAAqB;YAC/B,MAAM,IAAI,GAAG,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;YAElF,IAAI,QAAwB,CAAC;YAC7B,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YACzD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,KAAK,GAAI,GAA6B,CAAC,IAAI,IAAK,GAAa,CAAC,OAAO,CAAC;gBAC5E,MAAM,IAAI,aAAa,CACrB,4BAA4B,EAC5B,qBAAqB,UAAU,iBAAiB,KAAK,GAAG,EACxD,EAAE,KAAK,EAAE,CACV,CAAC;YACJ,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACpD,IAAI,MAAgD,CAAC;gBACrD,IAAI,CAAC;oBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAkB,CAAC;gBACtD,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,EAAE,IAAI,CACV,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,EACvC,6CAA6C,CAC9C,CAAC;oBACF,MAAM,IAAI,aAAa,CACrB,sBAAsB,EACtB,mDAAmD,CACpD,CAAC;gBACJ,CAAC;gBACD,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAClE,MAAM,IAAI,aAAa,CACrB,sBAAsB,EACtB,sCAAsC,CACvC,CAAC;gBACJ,CAAC;gBACD,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;oBACzC,MAAM,IAAI,aAAa,CACrB,sBAAsB,EACtB,0CAA0C,CAC3C,CAAC;gBACJ,CAAC;gBACD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;oBAClC,MAAM,IAAI,aAAa,CACrB,sBAAsB,EACtB,oDAAoD,MAAM,CAAC,SAAS,EAAE,CACvE,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACnE,CAAC;YAED,8DAA8D;YAC9D,IAAI,IAAI,GAAsB,sBAAsB,CAAC;YACrD,IAAI,OAAO,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YACxC,IAAI,OAA4C,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAIvC,CAAC;gBACF,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAyB,CAAC,EAAE,CAAC;oBACjG,IAAI,GAAG,OAAO,CAAC,IAAyB,CAAC;gBAC3C,CAAC;gBACD,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACtC,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC;gBAC1B,CAAC;gBACD,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAC3D,OAAO,GAAG,OAAO,CAAC,OAAkC,CAAC;gBACvD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;YAC/C,CAAC;YACD,MAAM,IAAI,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED