@lightharu/krouter 1.8.0

package/out-server/server/services/dashboardTunnel.js

@@ -0,0 +1,315 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDashboardTunnelRuntime = getDashboardTunnelRuntime;
+const child_process_1 = require("child_process");
+const fs_1 = require("fs");
+const path_1 = __importDefault(require("path"));
+const URL_RE = /https:\/\/[a-z0-9-]+\.trycloudflare\.com\b/i;
+const MAX_LOGS = 80;
+const PID_FILE = 'dashboard-tunnel-cloudflared.pid';
+function dataDir() {
+    return (process.env.KROUTER_DATA_DIR ||
+        process.env.KAM_DATA_DIR ||
+        process.env.KIRO_RUNTIME_DATA_DIR ||
+        process.env.KIRO_WEB_DATA_DIR ||
+        path_1.default.join(process.cwd(), '.web-data'));
+}
+function tunnelDir() {
+    return path_1.default.join(dataDir(), 'tunnel');
+}
+function pidPath() {
+    return path_1.default.join(tunnelDir(), PID_FILE);
+}
+function savePid(pid) {
+    if (!pid)
+        return;
+    (0, fs_1.mkdirSync)(tunnelDir(), { recursive: true });
+    (0, fs_1.writeFileSync)(pidPath(), String(pid), 'utf8');
+}
+function loadPid() {
+    try {
+        if (!(0, fs_1.existsSync)(pidPath()))
+            return undefined;
+        const pid = Number((0, fs_1.readFileSync)(pidPath(), 'utf8').trim());
+        return Number.isFinite(pid) && pid > 0 ? pid : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function clearPid() {
+    try {
+        if ((0, fs_1.existsSync)(pidPath()))
+            (0, fs_1.unlinkSync)(pidPath());
+    }
+    catch {
+        // best effort
+    }
+}
+function isPidAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function commandLineForPid(pid) {
+    if (process.platform === 'linux') {
+        try {
+            return (0, fs_1.readFileSync)(`/proc/${pid}/cmdline`, 'utf8').replace(/\0/g, ' ');
+        }
+        catch {
+            return '';
+        }
+    }
+    return '';
+}
+function killSavedCloudflaredPid() {
+    const pid = loadPid();
+    if (!pid)
+        return;
+    if (!isPidAlive(pid)) {
+        clearPid();
+        return;
+    }
+    const commandLine = commandLineForPid(pid);
+    if (commandLine && !/cloudflared/i.test(commandLine))
+        return;
+    try {
+        process.kill(pid, process.platform === 'win32' ? undefined : 'SIGTERM');
+    }
+    catch {
+        // best effort
+    }
+    clearPid();
+}
+function defaultTunnelTarget() {
+    return (process.env.DASHBOARD_TUNNEL_TARGET ||
+        process.env.KROUTER_DASHBOARD_TUNNEL_TARGET ||
+        process.env.KAM_DASHBOARD_TUNNEL_TARGET ||
+        process.env.KROUTER_DASHBOARD_URL ||
+        process.env.KAM_DASHBOARD_URL ||
+        process.env.PUBLIC_DASHBOARD_URL ||
+        process.env.DASHBOARD_URL ||
+        `http://127.0.0.1:${process.env.PORT || '4010'}`).trim();
+}
+function defaultCloudflaredBinary() {
+    return (process.env.CLOUDFLARED_BIN || process.env.KROUTER_CLOUDFLARED_BIN || process.env.KAM_CLOUDFLARED_BIN || 'cloudflared').trim();
+}
+function defaultHttpHostHeader(localUrl) {
+    const explicit = process.env.DASHBOARD_TUNNEL_HOST_HEADER || process.env.KROUTER_DASHBOARD_TUNNEL_HOST_HEADER || process.env.KAM_DASHBOARD_TUNNEL_HOST_HEADER || process.env.TUNNEL_HTTP_HOST_HEADER;
+    if (explicit !== undefined)
+        return explicit.trim();
+    try {
+        return new URL(localUrl).host;
+    }
+    catch {
+        return '';
+    }
+}
+function isHttpUrl(value) {
+    try {
+        const url = new URL(value);
+        return url.protocol === 'http:' || url.protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+}
+class DashboardTunnelRuntime {
+    process = null;
+    cleanupRegistered = false;
+    status = {
+        running: false,
+        requested: false,
+        localUrl: defaultTunnelTarget(),
+        httpHostHeader: defaultHttpHostHeader(defaultTunnelTarget()),
+        binary: defaultCloudflaredBinary(),
+        logs: []
+    };
+    constructor() {
+        this.registerCleanup();
+    }
+    getStatus() {
+        if (this.process && this.process.exitCode === null && !this.process.killed) {
+            this.status.running = true;
+            this.status.pid = this.process.pid;
+        }
+        else if (this.process) {
+            this.process = null;
+            this.status.running = false;
+            delete this.status.pid;
+            delete this.status.publicUrl;
+        }
+        this.status.localUrl = this.status.localUrl || defaultTunnelTarget();
+        this.status.httpHostHeader = this.status.httpHostHeader || defaultHttpHostHeader(this.status.localUrl);
+        this.status.binary = this.status.binary || defaultCloudflaredBinary();
+        return { ...this.status, logs: [...this.status.logs] };
+    }
+    async start(input = {}) {
+        const existing = this.getStatus();
+        const localUrl = (input.localUrl || defaultTunnelTarget()).trim();
+        const binary = (input.binary || defaultCloudflaredBinary()).trim();
+        const httpHostHeader = (input.httpHostHeader || defaultHttpHostHeader(localUrl)).trim();
+        if (existing.running) {
+            if (existing.localUrl === localUrl && (existing.httpHostHeader || '') === httpHostHeader) {
+                return { success: true, status: existing };
+            }
+            await this.stop();
+        }
+        if (!isHttpUrl(localUrl)) {
+            const error = 'Tunnel target must be an HTTP/HTTPS URL.';
+            this.status = { ...this.status, localUrl, httpHostHeader, binary, requested: false, running: false, error };
+            return { success: false, status: this.getStatus(), error };
+        }
+        this.status = {
+            running: false,
+            requested: true,
+            localUrl,
+            httpHostHeader,
+            binary,
+            startedAt: Date.now(),
+            logs: [],
+            error: undefined
+        };
+        try {
+            killSavedCloudflaredPid();
+            const args = ['tunnel', '--url', localUrl];
+            if (httpHostHeader)
+                args.push('--http-host-header', httpHostHeader);
+            args.push('--no-autoupdate');
+            const child = (0, child_process_1.spawn)(binary, args, {
+                stdio: ['ignore', 'pipe', 'pipe'],
+                windowsHide: true
+            });
+            this.process = child;
+            this.status.pid = child.pid;
+            savePid(child.pid);
+            child.stdout?.on('data', chunk => this.appendOutput(String(chunk)));
+            child.stderr?.on('data', chunk => this.appendOutput(String(chunk)));
+            child.once('error', error => {
+                this.status.error = `Cannot start cloudflared: ${error.message}`;
+                this.status.running = false;
+                this.status.requested = false;
+                this.process = null;
+            });
+            child.once('exit', (code, signal) => {
+                if (loadPid() === child.pid)
+                    clearPid();
+                this.status.running = false;
+                this.status.requested = false;
+                delete this.status.pid;
+                delete this.status.publicUrl;
+                if (!this.status.error && code !== 0) {
+                    this.status.error = `cloudflared exited with ${signal || code}`;
+                }
+                this.process = null;
+            });
+            const detected = await this.waitForUrlOrExit(12000);
+            const status = this.getStatus();
+            if (!status.running && status.error)
+                return { success: false, status, error: status.error };
+            return {
+                success: true,
+                status,
+                error: detected ? undefined : 'Tunnel started, but public URL was not detected yet.'
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : 'Failed to start tunnel';
+            this.status.running = false;
+            this.status.requested = false;
+            this.status.error = message;
+            this.process = null;
+            return { success: false, status: this.getStatus(), error: message };
+        }
+    }
+    async stop() {
+        const child = this.process;
+        if (!child || child.killed || child.exitCode !== null) {
+            this.process = null;
+            this.status.running = false;
+            this.status.requested = false;
+            delete this.status.pid;
+            return { success: true, status: this.getStatus() };
+        }
+        child.kill(process.platform === 'win32' ? undefined : 'SIGTERM');
+        await new Promise(resolve => setTimeout(resolve, 500));
+        if (child.exitCode === null && !child.killed)
+            child.kill('SIGKILL');
+        this.process = null;
+        this.status.running = false;
+        this.status.requested = false;
+        delete this.status.pid;
+        delete this.status.publicUrl;
+        clearPid();
+        return { success: true, status: this.getStatus() };
+    }
+    stopSync() {
+        const child = this.process;
+        if (child && child.exitCode === null && !child.killed) {
+            try {
+                child.kill(process.platform === 'win32' ? undefined : 'SIGTERM');
+            }
+            catch {
+                // best effort
+            }
+        }
+        else {
+            killSavedCloudflaredPid();
+        }
+        clearPid();
+    }
+    registerCleanup() {
+        if (this.cleanupRegistered)
+            return;
+        this.cleanupRegistered = true;
+        const cleanup = () => {
+            this.stopSync();
+            process.exit(0);
+        };
+        process.once('SIGINT', cleanup);
+        process.once('SIGTERM', cleanup);
+    }
+    appendOutput(output) {
+        for (const rawLine of output.split(/\r?\n/)) {
+            const line = rawLine.trim();
+            if (!line)
+                continue;
+            const match = line.match(URL_RE);
+            if (match) {
+                this.status.publicUrl = match[0];
+                this.status.running = true;
+            }
+            this.status.logs.push(line);
+            if (this.status.logs.length > MAX_LOGS) {
+                this.status.logs.splice(0, this.status.logs.length - MAX_LOGS);
+            }
+        }
+    }
+    waitForUrlOrExit(timeoutMs) {
+        return new Promise(resolve => {
+            const start = Date.now();
+            const timer = setInterval(() => {
+                if (this.status.publicUrl) {
+                    clearInterval(timer);
+                    resolve(true);
+                    return;
+                }
+                if (!this.process || this.process.exitCode !== null || Date.now() - start >= timeoutMs) {
+                    clearInterval(timer);
+                    resolve(Boolean(this.status.publicUrl));
+                }
+            }, 200);
+        });
+    }
+}
+const dashboardTunnelRuntime = new DashboardTunnelRuntime();
+function getDashboardTunnelRuntime() {
+    return dashboardTunnelRuntime;
+}

package/out-server/server/services/diagnostics.js

@@ -0,0 +1,326 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.proxyPoolValidate = proxyPoolValidate;
+exports.networkRouteValidate = networkRouteValidate;
+exports.proxyPoolDiagnoseChain = proxyPoolDiagnoseChain;
+exports.diagnoseAccountLiveness = diagnoseAccountLiveness;
+const undici_1 = require("undici");
+const chainProxy_1 = require("../../main/registration/chainProxy");
+const kiroApi_1 = require("../../main/proxy/kiroApi");
+const systemProxy_1 = require("../../main/proxy/systemProxy");
+const translator_1 = require("../../main/proxy/translator");
+const kiroAccounts_1 = require("./kiroAccounts");
+function compactErrorMessage(error, maxLength = 360) {
+    const raw = error instanceof Error ? error.message : String(error);
+    return raw.split('\n')[0].slice(0, maxLength);
+}
+function isAccountAuthBlocked(error) {
+    const message = (error instanceof Error ? error.message : String(error)).toLowerCase();
+    return message.includes('auth error 401')
+        || message.includes('auth error 403')
+        || message.includes('temporarily_suspended')
+        || message.includes('permanently_suspended')
+        || message.includes('accountsuspendedexception')
+        || message.includes('temporarily suspended')
+        || message.includes('account suspended')
+        || message.includes('user id is temporarily suspended')
+        || message.includes('unusual user activity')
+        || message.includes('locked it as a security precaution')
+        || message.includes('restricted your ability to use kiro');
+}
+function isInvalidBearerToken(error) {
+    const message = (error instanceof Error ? error.message : String(error)).toLowerCase();
+    return message.includes('bearer token included in the request is invalid')
+        || message.includes('invalid bearer');
+}
+async function proxyPoolValidate(params) {
+    const { url, testUrl = 'https://api.ipify.org?format=json', timeoutMs = 8000, upstreamProxy } = params || {};
+    if (!url)
+        return { success: false, error: 'Missing proxy URL' };
+    let chainRelay = null;
+    let proxyForAgent = url;
+    if (upstreamProxy?.trim()) {
+        try {
+            chainRelay = new chainProxy_1.ChainProxyRelay(upstreamProxy.trim(), url);
+            proxyForAgent = await chainRelay.start();
+        }
+        catch (error) {
+            return { success: false, error: `Proxy chain failed to start: ${error instanceof Error ? error.message : String(error)}` };
+        }
+    }
+    const agent = (0, systemProxy_1.safeCreateProxyAgent)(proxyForAgent);
+    if (!agent) {
+        if (chainRelay)
+            await chainRelay.stop();
+        return { success: false, error: 'Unsupported proxy protocol or invalid proxy URL' };
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    const started = Date.now();
+    try {
+        const response = await (0, undici_1.fetch)(testUrl, {
+            method: 'GET',
+            dispatcher: agent,
+            signal: controller.signal,
+            headers: { 'User-Agent': 'KiroAccountManager-ProxyValidator/1.0' }
+        });
+        const latencyMs = Date.now() - started;
+        if (response.status < 200 || response.status >= 400)
+            return { success: false, latencyMs, error: `HTTP ${response.status}` };
+        const text = await response.text().catch(() => '');
+        return { success: true, latencyMs, externalIp: extractIp(response.headers.get('content-type') || '', text) };
+    }
+    catch (error) {
+        return {
+            success: false,
+            latencyMs: Date.now() - started,
+            error: controller.signal.aborted ? `Request timed out (${timeoutMs}ms)` : error instanceof Error ? error.message : String(error)
+        };
+    }
+    finally {
+        clearTimeout(timer);
+        if (chainRelay)
+            await chainRelay.stop();
+    }
+}
+async function networkRouteValidate(params) {
+    const testUrl = params?.testUrl || 'https://api.ipify.org?format=json';
+    const timeoutMs = params?.timeoutMs || 8000;
+    const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy
+        || process.env.HTTP_PROXY || process.env.http_proxy
+        || (0, systemProxy_1.getSystemProxy)();
+    const route = proxyUrl ? 'system-proxy' : 'direct-or-vpn';
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    const started = Date.now();
+    try {
+        const response = await (0, undici_1.fetch)(testUrl, {
+            method: 'GET',
+            dispatcher: (0, systemProxy_1.safeCreateProxyAgent)(proxyUrl) || undefined,
+            signal: controller.signal,
+            headers: { 'User-Agent': 'KiroAccountManager-NetworkValidator/1.0' }
+        });
+        const latencyMs = Date.now() - started;
+        if (response.status < 200 || response.status >= 400) {
+            return { success: false, latencyMs, route, error: `HTTP ${response.status}` };
+        }
+        const text = await response.text().catch(() => '');
+        const externalIp = extractIp(response.headers.get('content-type') || '', text);
+        return externalIp
+            ? { success: true, latencyMs, externalIp, route }
+            : { success: false, latencyMs, route, error: 'The network check succeeded but no exit IP was returned' };
+    }
+    catch (error) {
+        return {
+            success: false,
+            latencyMs: Date.now() - started,
+            route,
+            error: controller.signal.aborted ? `Request timed out (${timeoutMs}ms)` : error instanceof Error ? error.message : String(error)
+        };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+async function proxyPoolDiagnoseChain(params) {
+    const { targetUrl, upstreamProxy, testHost, testPort } = params || {};
+    if (!targetUrl)
+        return { success: false, error: 'Missing target proxy URL' };
+    if (!upstreamProxy)
+        return { success: false, error: 'Missing upstream proxy URL' };
+    try {
+        const relay = new chainProxy_1.ChainProxyRelay(upstreamProxy, targetUrl);
+        return { success: true, diagnose: await relay.diagnose(testHost, testPort) };
+    }
+    catch (error) {
+        return { success: false, error: error instanceof Error ? error.message : String(error) };
+    }
+}
+async function diagnoseAccountLiveness(params) {
+    const account = params?.account;
+    const model = (params?.model || 'claude-sonnet-4.5').trim();
+    const message = (params?.message || 'Hi, reply with "pong" only.').trim();
+    const timeoutMs = params?.timeoutMs ?? 45000;
+    const started = Date.now();
+    if (!account?.accessToken)
+        return { success: false, latencyMs: 0, model, error: 'Account is missing accessToken' };
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    let resolvedProfileArn;
+    let runCredentialCheck;
+    try {
+        let accessToken = account.accessToken;
+        const refreshAccessToken = async () => {
+            if (!account.refreshToken)
+                return null;
+            const refreshed = await (0, kiroAccounts_1.refreshTokenByMethod)({
+                refreshToken: account.refreshToken,
+                clientId: account.clientId,
+                clientSecret: account.clientSecret,
+                region: account.region || 'us-east-1',
+                authMethod: account.authMethod,
+                provider: account.provider,
+                machineId: account.machineId
+            }).catch(() => null);
+            return refreshed?.success && refreshed.accessToken ? refreshed.accessToken : null;
+        };
+        const needsRefresh = account.refreshToken && (!account.expiresAt || account.expiresAt - Date.now() < 60000);
+        if (needsRefresh) {
+            const refreshedAccessToken = await refreshAccessToken();
+            if (refreshedAccessToken)
+                accessToken = refreshedAccessToken;
+        }
+        const proxyAccount = {
+            id: account.id || 'diagnose',
+            email: account.email,
+            accessToken,
+            refreshToken: account.refreshToken,
+            clientId: account.clientId,
+            clientSecret: account.clientSecret,
+            region: account.region || 'us-east-1',
+            authMethod: account.authMethod,
+            provider: account.provider,
+            profileArn: account.profileArn,
+            machineId: account.machineId,
+            proxyUrl: account.proxyUrl,
+            expiresAt: account.expiresAt
+        };
+        resolvedProfileArn = await (0, kiroAccounts_1.resolveStreamingProfileArn)({
+            accessToken,
+            profileArn: account.profileArn,
+            machineId: account.machineId,
+            region: account.region || 'us-east-1',
+            authMethod: account.authMethod,
+            provider: account.provider
+        }).catch(() => undefined);
+        resolvedProfileArn = resolvedProfileArn || (0, kiroApi_1.resolveProfileArn)(proxyAccount);
+        runCredentialCheck = async (fallbackReason, options) => {
+            if (account.refreshToken) {
+                const verified = await (0, kiroAccounts_1.verifyAccountCredentials)({
+                    refreshToken: account.refreshToken,
+                    clientId: account.clientId,
+                    clientSecret: account.clientSecret,
+                    region: account.region || 'us-east-1',
+                    authMethod: account.authMethod,
+                    provider: account.provider,
+                    profileArn: account.profileArn,
+                    machineId: account.machineId
+                });
+                if (!verified.success) {
+                    return {
+                        success: false,
+                        latencyMs: Date.now() - started,
+                        model: 'credential-check',
+                        error: verified.error || 'Credential check failed'
+                    };
+                }
+                const usage = verified.data?.usage;
+                const email = verified.data?.email || account.email || 'unknown';
+                const quota = usage ? `, usage ${usage.current ?? 0}/${usage.limit ?? 0}` : '';
+                const message = `${fallbackReason ? `${fallbackReason} ` : ''}Credential and quota check passed for ${email}${quota}.`;
+                return {
+                    success: options?.success ?? true,
+                    latencyMs: Date.now() - started,
+                    model: 'credential-check',
+                    profileArn: verified.data?.profileArn,
+                    ...(options?.success === false ? { error: message } : { content: message })
+                };
+            }
+            const message = `${fallbackReason ? `${fallbackReason} ` : ''}The account has an access token, but no refresh token was available for quota verification.`;
+            return {
+                success: options?.success ?? true,
+                latencyMs: Date.now() - started,
+                model: 'credential-check',
+                profileArn: resolvedProfileArn,
+                ...(options?.success === false ? { error: message } : { content: message })
+            };
+        };
+        if (!resolvedProfileArn) {
+            return await runCredentialCheck('No usable streaming profileArn is available for this account, so model chat was skipped.', { success: false });
+        }
+        proxyAccount.profileArn = resolvedProfileArn;
+        const request = {
+            model,
+            messages: [{ role: 'user', content: message }],
+            stream: false,
+            max_tokens: 64
+        };
+        let result = null;
+        try {
+            result = await (0, kiroApi_1.callKiroApi)(proxyAccount, (0, translator_1.openaiToKiro)(request, resolvedProfileArn), controller.signal);
+        }
+        catch (error) {
+            if (!controller.signal.aborted && account.refreshToken && isInvalidBearerToken(error)) {
+                const refreshedAccessToken = await refreshAccessToken();
+                if (refreshedAccessToken) {
+                    proxyAccount.accessToken = refreshedAccessToken;
+                    result = await (0, kiroApi_1.callKiroApi)(proxyAccount, (0, translator_1.openaiToKiro)(request, resolvedProfileArn), controller.signal);
+                }
+                else {
+                    throw error;
+                }
+            }
+            else {
+                throw error;
+            }
+        }
+        if (!result) {
+            throw new Error('Model liveness did not return a result');
+        }
+        return {
+            success: true,
+            latencyMs: Date.now() - started,
+            model,
+            profileArn: resolvedProfileArn,
+            content: result.content.trim().slice(0, 500),
+            usage: {
+                inputTokens: result.usage.inputTokens || 0,
+                outputTokens: result.usage.outputTokens || 0,
+                credits: result.usage.credits || 0
+            }
+        };
+    }
+    catch (error) {
+        try {
+            if (!controller.signal.aborted && runCredentialCheck && (0, kiroApi_1.isPlaceholderProfileArn)(resolvedProfileArn)) {
+                const detail = compactErrorMessage(error);
+                if (isAccountAuthBlocked(error)) {
+                    return {
+                        success: false,
+                        latencyMs: Date.now() - started,
+                        model,
+                        error: `Model liveness failed: ${detail}`
+                    };
+                }
+                return await runCredentialCheck(`Builder ID model liveness fallback: Kiro did not accept the fixed placeholder profileArn (${detail}).`, { success: false });
+            }
+            throw error;
+        }
+        catch (fallbackError) {
+            return {
+                success: false,
+                latencyMs: Date.now() - started,
+                model,
+                error: controller.signal.aborted ? `Timed out (${timeoutMs}ms)` : fallbackError instanceof Error ? fallbackError.message : String(fallbackError)
+            };
+        }
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+function extractIp(contentType, text) {
+    if (contentType.includes('json') || text.trimStart().startsWith('{')) {
+        try {
+            const body = JSON.parse(text);
+            const raw = body.ip ?? body.query ?? body.origin ?? body.ipAddress ?? '';
+            const match = String(raw).match(/\b\d{1,3}(?:\.\d{1,3}){3}\b/);
+            if (match)
+                return match[0];
+        }
+        catch {
+            // Fall back to text extraction below.
+        }
+    }
+    return text.match(/\b\d{1,3}(?:\.\d{1,3}){3}\b/)?.[0];
+}