@h-rig/server 0.0.6-alpha.2 → 0.0.6-alpha.21

package/dist/src/server-helpers/github-api-session-index.js

@@ -0,0 +1,107 @@
+// @bun
+// packages/server/src/server-helpers/github-api-session-index.ts
+import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname as dirname2, resolve as resolve2 } from "path";
+
+// packages/server/src/server-helpers/github-user-namespace.ts
+import { dirname, isAbsolute, relative, resolve } from "path";
+function cleanString(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function resolveRemoteUserNamespacesRoot(projectRoot) {
+  const explicitRoot = cleanString(process.env.RIG_REMOTE_USER_NAMESPACE_ROOT);
+  if (explicitRoot)
+    return resolve(explicitRoot);
+  const stateDir = cleanString(process.env.RIG_STATE_DIR);
+  if (stateDir)
+    return resolve(dirname(resolve(stateDir)), "users");
+  return resolve(projectRoot, ".rig", "users");
+}
+
+// packages/server/src/server-helpers/github-api-session-index.ts
+function cleanString2(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function resolveGitHubApiSessionIndexFile(projectRoot) {
+  return resolve2(resolveRemoteUserNamespacesRoot(projectRoot), ".api-sessions.json");
+}
+function parseEntry(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value))
+    return null;
+  const record = value;
+  const token = cleanString2(record.token);
+  const namespaceKey = cleanString2(record.namespaceKey);
+  const namespaceRoot = cleanString2(record.namespaceRoot);
+  const authStateFile = cleanString2(record.authStateFile);
+  const checkoutBaseDir = cleanString2(record.checkoutBaseDir);
+  const snapshotBaseDir = cleanString2(record.snapshotBaseDir);
+  const createdAt = cleanString2(record.createdAt);
+  if (!token || !namespaceKey || !namespaceRoot || !authStateFile || !checkoutBaseDir || !snapshotBaseDir || !createdAt)
+    return null;
+  return {
+    token,
+    namespaceKey,
+    namespaceRoot,
+    authStateFile,
+    checkoutBaseDir,
+    snapshotBaseDir,
+    createdAt,
+    login: cleanString2(record.login),
+    userId: cleanString2(record.userId),
+    selectedRepo: cleanString2(record.selectedRepo)
+  };
+}
+function readIndex(indexFile) {
+  if (!existsSync(indexFile))
+    return [];
+  try {
+    const parsed = JSON.parse(readFileSync(indexFile, "utf8"));
+    return Array.isArray(parsed.sessions) ? parsed.sessions.flatMap((entry) => {
+      const parsedEntry = parseEntry(entry);
+      return parsedEntry ? [parsedEntry] : [];
+    }) : [];
+  } catch {
+    return [];
+  }
+}
+function writeIndex(indexFile, sessions) {
+  mkdirSync(dirname2(indexFile), { recursive: true });
+  writeFileSync(indexFile, `${JSON.stringify({ sessions }, null, 2)}
+`, { encoding: "utf8", mode: 384 });
+  try {
+    chmodSync(indexFile, 384);
+  } catch {}
+}
+function registerGitHubApiSession(input) {
+  const cleanToken = cleanString2(input.token);
+  if (!cleanToken)
+    throw new Error("GitHub API session token is required");
+  const indexFile = resolveGitHubApiSessionIndexFile(input.projectRoot);
+  const createdAt = new Date().toISOString();
+  const entry = {
+    token: cleanToken,
+    login: input.namespace.login,
+    userId: input.namespace.userId,
+    namespaceKey: input.namespace.key,
+    namespaceRoot: input.namespace.root,
+    authStateFile: input.namespace.authStateFile,
+    checkoutBaseDir: input.namespace.checkoutBaseDir,
+    snapshotBaseDir: input.namespace.snapshotBaseDir,
+    selectedRepo: cleanString2(input.selectedRepo),
+    createdAt
+  };
+  const previous = readIndex(indexFile).filter((session) => session.token !== cleanToken);
+  writeIndex(indexFile, [...previous.slice(-199), entry]);
+  return entry;
+}
+function readGitHubApiSession(input) {
+  const cleanToken = cleanString2(input.token);
+  if (!cleanToken)
+    return null;
+  return readIndex(resolveGitHubApiSessionIndexFile(input.projectRoot)).find((entry) => entry.token === cleanToken) ?? null;
+}
+export {
+  resolveGitHubApiSessionIndexFile,
+  registerGitHubApiSession,
+  readGitHubApiSession
+};

package/dist/src/server-helpers/github-auth-store.js

@@ -1,8 +1,8 @@
 // @bun
 // packages/server/src/server-helpers/github-auth-store.ts
 import { randomBytes } from "crypto";
-import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
-import { resolve as resolve2 } from "path";
+import { chmodSync, copyFileSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname as dirname2, resolve as resolve2 } from "path";
 
 // packages/server/src/server-helpers/server-paths.ts
 import { dirname, resolve } from "path";
@@ -58,6 +58,26 @@ function parseApiSessions(value) {
     }];
   });
 }
+function parsePendingDevice(value) {
+  if (!value || typeof value !== "object")
+    return null;
+  const record = value;
+  const pollId = cleanString(record.pollId);
+  const deviceCode = cleanString(record.deviceCode);
+  const expiresAt = cleanString(record.expiresAt);
+  const intervalSeconds = typeof record.intervalSeconds === "number" && Number.isFinite(record.intervalSeconds) ? Math.max(1, Math.floor(record.intervalSeconds)) : null;
+  if (!pollId || !deviceCode || !expiresAt || !intervalSeconds)
+    return null;
+  return { pollId, deviceCode, expiresAt, intervalSeconds };
+}
+function parsePendingDevices(value) {
+  if (!Array.isArray(value))
+    return [];
+  return value.flatMap((entry) => {
+    const pending = parsePendingDevice(entry);
+    return pending ? [pending] : [];
+  });
+}
 function readStoredAuth(stateFile) {
   if (!existsSync(stateFile))
     return {};
@@ -71,6 +91,7 @@ function readStoredAuth(stateFile) {
       selectedRepo: cleanString(parsed.selectedRepo),
       tokenSource: parsed.tokenSource === "oauth-device" || parsed.tokenSource === "manual-token" || parsed.tokenSource === "env" ? parsed.tokenSource : undefined,
       pendingDevice: parsePendingDevice(parsed.pendingDevice),
+      pendingDevices: parsePendingDevices(parsed.pendingDevices),
       apiSessions: parseApiSessions(parsed.apiSessions),
       updatedAt: cleanString(parsed.updatedAt) ?? undefined
     };
@@ -78,34 +99,36 @@ function readStoredAuth(stateFile) {
     return {};
   }
 }
-function parsePendingDevice(value) {
-  if (!value || typeof value !== "object")
-    return null;
-  const record = value;
-  const pollId = cleanString(record.pollId);
-  const deviceCode = cleanString(record.deviceCode);
-  const expiresAt = cleanString(record.expiresAt);
-  const intervalSeconds = typeof record.intervalSeconds === "number" && Number.isFinite(record.intervalSeconds) ? Math.max(1, Math.floor(record.intervalSeconds)) : null;
-  if (!pollId || !deviceCode || !expiresAt || !intervalSeconds)
-    return null;
-  return { pollId, deviceCode, expiresAt, intervalSeconds };
-}
 function newApiSessionToken() {
   return `rig_${randomBytes(32).toString("base64url")}`;
 }
 function writeStoredAuth(stateFile, payload) {
-  mkdirSync(resolve2(stateFile, ".."), { recursive: true });
+  mkdirSync(dirname2(stateFile), { recursive: true });
   writeFileSync(stateFile, `${JSON.stringify(payload, null, 2)}
 `, { encoding: "utf8", mode: 384 });
   try {
     chmodSync(stateFile, 384);
   } catch {}
 }
+function localProjectAuthStateFile(projectRoot) {
+  return resolve2(projectRoot, ".rig", "state", "github-auth.json");
+}
 function resolveGitHubAuthStateFile(projectRoot) {
   return resolve2(resolveServerAuthorityPaths(projectRoot).stateDir, "github-auth.json");
 }
-function createGitHubAuthStore(projectRoot) {
-  const stateFile = resolveGitHubAuthStateFile(projectRoot);
+function copyGitHubAuthStateToLocalProjectRoot(stateFile, projectRoot) {
+  const targetFile = localProjectAuthStateFile(projectRoot);
+  mkdirSync(dirname2(targetFile), { recursive: true });
+  if (existsSync(stateFile)) {
+    copyFileSync(stateFile, targetFile);
+    try {
+      chmodSync(targetFile, 384);
+    } catch {}
+    return;
+  }
+  writeStoredAuth(targetFile, {});
+}
+function createGitHubAuthStoreFromStateFile(stateFile) {
   return {
     stateFile,
     status(options) {
@@ -135,6 +158,7 @@ function createGitHubAuthStore(projectRoot) {
         scopes: input.scopes ?? [],
         selectedRepo: input.selectedRepo ?? previous.selectedRepo ?? null,
         pendingDevice: null,
+        pendingDevices: [],
         apiSessions: previous.apiSessions ?? [],
         updatedAt: new Date().toISOString()
       });
@@ -163,15 +187,24 @@ function createGitHubAuthStore(projectRoot) {
       const session = (previous.apiSessions ?? []).find((candidate) => candidate.token === clean);
       return session ? { login: cleanString(session.login), userId: cleanString(session.userId) } : null;
     },
-    copyToProjectRoot(projectRoot2) {
-      const targetFile = resolveGitHubAuthStateFile(projectRoot2);
+    copyToProjectRoot(projectRoot) {
+      const targetFile = resolveGitHubAuthStateFile(projectRoot);
       writeStoredAuth(targetFile, readStoredAuth(stateFile));
     },
+    copyToLocalProjectRoot(projectRoot) {
+      copyGitHubAuthStateToLocalProjectRoot(stateFile, projectRoot);
+    },
     savePendingDevice(input) {
       const previous = readStoredAuth(stateFile);
+      const pendingDevices = [
+        ...previous.pendingDevice ? [previous.pendingDevice] : [],
+        ...previous.pendingDevices ?? [],
+        input
+      ].filter((entry, index, entries) => entries.findIndex((candidate) => candidate.pollId === entry.pollId) === index);
       writeStoredAuth(stateFile, {
         ...previous,
-        pendingDevice: input,
+        pendingDevice: null,
+        pendingDevices,
         updatedAt: new Date().toISOString()
       });
     },
@@ -184,24 +217,35 @@ function createGitHubAuthStore(projectRoot) {
       });
     },
     readPendingDevice(pollId) {
-      const pending = readStoredAuth(stateFile).pendingDevice ?? null;
-      if (!pending || pending.pollId !== pollId)
+      const previous = readStoredAuth(stateFile);
+      const pending = [
+        ...previous.pendingDevice ? [previous.pendingDevice] : [],
+        ...previous.pendingDevices ?? []
+      ].find((entry) => entry.pollId === pollId) ?? null;
+      if (!pending)
         return null;
       if (Date.parse(pending.expiresAt) <= Date.now())
         return null;
       return pending;
     },
-    clearPendingDevice() {
+    clearPendingDevice(pollId) {
       const previous = readStoredAuth(stateFile);
+      const remaining = pollId ? (previous.pendingDevices ?? []).filter((entry) => entry.pollId !== pollId) : [];
       writeStoredAuth(stateFile, {
         ...previous,
         pendingDevice: null,
+        pendingDevices: remaining,
         updatedAt: new Date().toISOString()
       });
     }
   };
 }
+function createGitHubAuthStore(projectRoot) {
+  return createGitHubAuthStoreFromStateFile(resolveGitHubAuthStateFile(projectRoot));
+}
 export {
   resolveGitHubAuthStateFile,
-  createGitHubAuthStore
+  createGitHubAuthStoreFromStateFile,
+  createGitHubAuthStore,
+  copyGitHubAuthStateToLocalProjectRoot
 };

package/dist/src/server-helpers/github-project-status-sync.js

@@ -116,6 +116,7 @@ var DEFAULT_PROJECT_STATUSES = {
   running: "In Progress",
   prOpen: "In Review",
   ciFixing: "In Review",
+  merging: "Merging",
   done: "Done",
   needsAttention: "Needs Attention"
 };
@@ -129,6 +130,8 @@ function lifecycleStatusForTaskStatus(status) {
     return "prOpen";
   if (normalized === "ci_fixing" || normalized === "fixing")
     return "ciFixing";
+  if (normalized === "merging" || normalized === "merge")
+    return "merging";
   if (normalized === "failed" || normalized === "needs_attention" || normalized === "blocked")
     return "needsAttention";
   if (normalized === "in_progress" || normalized === "running" || normalized === "ready" || normalized === "open")

package/dist/src/server-helpers/github-user-namespace.js

@@ -0,0 +1,102 @@
+// @bun
+// packages/server/src/server-helpers/github-user-namespace.ts
+import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname, isAbsolute, relative, resolve } from "path";
+function cleanString(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function sanitizePathSegment(value) {
+  return value.trim().toLowerCase().replace(/[^a-z0-9._-]/g, "-").replace(/^-+|-+$/g, "").slice(0, 96);
+}
+function deriveGitHubUserNamespaceKey(identity) {
+  const userId = cleanString(identity.userId);
+  if (userId) {
+    const safeId = sanitizePathSegment(userId);
+    if (safeId)
+      return `ghu-${safeId}`;
+  }
+  const login = cleanString(identity.login);
+  if (login) {
+    const safeLogin = sanitizePathSegment(login);
+    if (safeLogin)
+      return `ghu-login-${safeLogin}`;
+  }
+  throw new Error("GitHub user namespace requires a user id or login");
+}
+function resolveRemoteUserNamespacesRoot(projectRoot) {
+  const explicitRoot = cleanString(process.env.RIG_REMOTE_USER_NAMESPACE_ROOT);
+  if (explicitRoot)
+    return resolve(explicitRoot);
+  const stateDir = cleanString(process.env.RIG_STATE_DIR);
+  if (stateDir)
+    return resolve(dirname(resolve(stateDir)), "users");
+  return resolve(projectRoot, ".rig", "users");
+}
+function resolveRemoteUserNamespace(projectRoot, identity) {
+  const key = deriveGitHubUserNamespaceKey(identity);
+  const root = resolve(resolveRemoteUserNamespacesRoot(projectRoot), key);
+  const stateDir = resolve(root, ".rig", "state");
+  return {
+    key,
+    userId: cleanString(identity.userId),
+    login: cleanString(identity.login),
+    root,
+    stateDir,
+    authStateFile: resolve(stateDir, "github-auth.json"),
+    metadataFile: resolve(stateDir, "user-namespace.json"),
+    checkoutBaseDir: resolve(root, "remote-checkouts"),
+    snapshotBaseDir: resolve(root, "remote-snapshots")
+  };
+}
+function serializeRemoteUserNamespace(namespace) {
+  return {
+    key: namespace.key,
+    userId: namespace.userId,
+    login: namespace.login,
+    root: namespace.root,
+    checkoutBaseDir: namespace.checkoutBaseDir,
+    snapshotBaseDir: namespace.snapshotBaseDir
+  };
+}
+function isPathInsideNamespace(namespaceRoot, candidatePath) {
+  const root = resolve(namespaceRoot);
+  const candidate = resolve(candidatePath);
+  const rel = relative(root, candidate);
+  return rel === "" || !rel.startsWith("..") && !isAbsolute(rel);
+}
+function writeRemoteUserNamespaceMetadata(namespace) {
+  mkdirSync(namespace.stateDir, { recursive: true });
+  const previous = (() => {
+    if (!existsSync(namespace.metadataFile))
+      return null;
+    try {
+      const parsed = JSON.parse(readFileSync(namespace.metadataFile, "utf8"));
+      return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null;
+    } catch {
+      return null;
+    }
+  })();
+  const now = new Date().toISOString();
+  writeFileSync(namespace.metadataFile, `${JSON.stringify({
+    key: namespace.key,
+    userId: namespace.userId,
+    login: namespace.login,
+    root: namespace.root,
+    checkoutBaseDir: namespace.checkoutBaseDir,
+    snapshotBaseDir: namespace.snapshotBaseDir,
+    createdAt: typeof previous?.createdAt === "string" ? previous.createdAt : now,
+    updatedAt: now
+  }, null, 2)}
+`, { encoding: "utf8", mode: 384 });
+  try {
+    chmodSync(namespace.metadataFile, 384);
+  } catch {}
+}
+export {
+  writeRemoteUserNamespaceMetadata,
+  serializeRemoteUserNamespace,
+  resolveRemoteUserNamespacesRoot,
+  resolveRemoteUserNamespace,
+  isPathInsideNamespace,
+  deriveGitHubUserNamespaceKey
+};