@lobu/core 7.1.0 → 7.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/capabilities.d.ts +1 -1
- package/dist/capabilities.d.ts.map +1 -1
- package/dist/capabilities.js +1 -0
- package/dist/capabilities.js.map +1 -1
- package/dist/worker/auth.d.ts +18 -0
- package/dist/worker/auth.d.ts.map +1 -1
- package/dist/worker/auth.js +13 -0
- package/dist/worker/auth.js.map +1 -1
- package/package.json +1 -1
package/dist/capabilities.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export type DevicePlatform = "macos" | "ios" | "chrome-extension" | (string & {});
|
|
2
|
-
export declare const BROWSER_CAPABILITIES: readonly ["browser.tabs", "browser.scripting", "browser.history", "browser.bookmarks", "browser.debugger"];
|
|
2
|
+
export declare const BROWSER_CAPABILITIES: readonly ["browser.tabs", "browser.scripting", "browser.history", "browser.bookmarks", "browser.downloads", "browser.debugger"];
|
|
3
3
|
export declare const OS_CAPABILITIES: readonly ["os.shell", "os.files", "os.notifications"];
|
|
4
4
|
export declare const IOS_CAPABILITIES: readonly ["ios.notifications", "ios.share-sheet", "ios.files"];
|
|
5
5
|
export declare const MAC_DEVICE_CAPABILITIES: readonly ["screentime", "local_directory", "healthkit", "photos", "whatsapp_local"];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../src/capabilities.ts"],"names":[],"mappings":"AAcA,MAAM,MAAM,cAAc,GACtB,OAAO,GACP,KAAK,GACL,kBAAkB,GAClB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAIlB,eAAO,MAAM,oBAAoB,
|
|
1
|
+
{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../src/capabilities.ts"],"names":[],"mappings":"AAcA,MAAM,MAAM,cAAc,GACtB,OAAO,GACP,KAAK,GACL,kBAAkB,GAClB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAIlB,eAAO,MAAM,oBAAoB,iIAQvB,CAAC;AAEX,eAAO,MAAM,eAAe,uDAIlB,CAAC;AAEX,eAAO,MAAM,gBAAgB,gEAInB,CAAC;AAMX,eAAO,MAAM,uBAAuB,qFAM1B,CAAC;AAYX,MAAM,WAAW,6BAA6B;IAC5C,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAOD,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACnC,QAAQ,EAAE,SAAS,MAAM,EAAE,GAC1B,6BAA6B,CAgB/B;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAE5E"}
|
package/dist/capabilities.js
CHANGED
package/dist/capabilities.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../src/capabilities.ts"],"names":[],"mappings":";AAAA,2DAA2D;AAC3D,EAAE;AACF,2EAA2E;AAC3E,0EAA0E;AAC1E,4EAA4E;AAC5E,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,4BAA4B;AAC5B,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,uDAAuD;;;
|
|
1
|
+
{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../src/capabilities.ts"],"names":[],"mappings":";AAAA,2DAA2D;AAC3D,EAAE;AACF,2EAA2E;AAC3E,0EAA0E;AAC1E,4EAA4E;AAC5E,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,4BAA4B;AAC5B,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,uDAAuD;;;AAgEvD,sDAmBC;AAED,0CAEC;AA/ED,6EAA6E;AAC7E,oDAAoD;AACvC,QAAA,oBAAoB,GAAG;IAClC,cAAc;IACd,mBAAmB;IACnB,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,kBAAkB;IAClB,wEAAwE;CAChE,CAAC;AAEE,QAAA,eAAe,GAAG;IAC7B,UAAU;IACV,UAAU;IACV,kBAAkB;CACV,CAAC;AAEE,QAAA,gBAAgB,GAAG;IAC9B,mBAAmB;IACnB,iBAAiB;IACjB,WAAW;CACH,CAAC;AAEX,0FAA0F;AAC1F,qEAAqE;AACrE,wEAAwE;AACxE,6BAA6B;AAChB,QAAA,uBAAuB,GAAG;IACrC,YAAY;IACZ,iBAAiB;IACjB,WAAW;IACX,QAAQ;IACR,gBAAgB;CACR,CAAC;AAEX,MAAM,kBAAkB,GAAsC;IAC5D,KAAK,EAAE;QACL,GAAG,uBAAe;QAClB,GAAG,4BAAoB;QACvB,GAAG,+BAAuB;KAC3B;IACD,GAAG,EAAE,wBAAgB;IACrB,kBAAkB,EAAE,4BAAoB;CACzC,CAAC;AAOF,8EAA8E;AAC9E,6EAA6E;AAC7E,wEAAwE;AACxE,6EAA6E;AAC7E,kDAAkD;AAClD,SAAgB,qBAAqB,CACnC,QAAmC,EACnC,QAA2B;IAE3B,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACpE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,CAAC;IACpD,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,eAAe,CAAC,QAAmC;IACjE,OAAO,CAAC,CAAC,QAAQ,IAAI,QAAQ,IAAI,kBAAkB,CAAC;AACtD,CAAC"}
|
package/dist/worker/auth.d.ts
CHANGED
|
@@ -24,6 +24,16 @@ export interface WorkerTokenData {
|
|
|
24
24
|
traceId?: string;
|
|
25
25
|
/** Unique token ID — enables targeted revocation. */
|
|
26
26
|
jti?: string;
|
|
27
|
+
/**
|
|
28
|
+
* Optional `runs.id` this token is scoped to. Present only on per-job
|
|
29
|
+
* tokens minted by the runs queue dispatcher at thread-message time;
|
|
30
|
+
* the deployment-lifetime WORKER_TOKEN minted at spawn time does NOT
|
|
31
|
+
* carry it. The snapshot route requires equality between this field
|
|
32
|
+
* and the request body's `runId` so a worker bearing a same-(org,
|
|
33
|
+
* agent, conv) token cannot POST under a different run's slot —
|
|
34
|
+
* codex round 2, finding A on PR #865.
|
|
35
|
+
*/
|
|
36
|
+
runId?: number;
|
|
27
37
|
}
|
|
28
38
|
export declare function generateWorkerToken(userId: string, conversationId: string, deploymentName: string, options: {
|
|
29
39
|
channelId: string;
|
|
@@ -34,6 +44,14 @@ export declare function generateWorkerToken(userId: string, conversationId: stri
|
|
|
34
44
|
platform?: string;
|
|
35
45
|
sessionKey?: string;
|
|
36
46
|
traceId?: string;
|
|
47
|
+
/**
|
|
48
|
+
* Bind the token to a single `runs.id`. Set only by the runs-queue
|
|
49
|
+
* dispatcher's per-job token mint (MessageConsumer.handleMessage on
|
|
50
|
+
* the gateway side). Long-lived deployment tokens must NOT pass this
|
|
51
|
+
* — they'd be wrong for subsequent runs. See WorkerTokenData.runId
|
|
52
|
+
* for the consumption contract.
|
|
53
|
+
*/
|
|
54
|
+
runId?: number;
|
|
37
55
|
}): string;
|
|
38
56
|
/**
|
|
39
57
|
* Verify and decrypt a worker authentication token
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":"AAMA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":"AAMA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;;;;;OAQG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE;IACP,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GACA,MAAM,CAuBR;AAaD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAiFvE"}
|
package/dist/worker/auth.js
CHANGED
|
@@ -24,6 +24,7 @@ function generateWorkerToken(userId, conversationId, deploymentName, options) {
|
|
|
24
24
|
sessionKey: options.sessionKey,
|
|
25
25
|
traceId: options.traceId,
|
|
26
26
|
jti: (0, node_crypto_1.randomUUID)(),
|
|
27
|
+
runId: options.runId,
|
|
27
28
|
};
|
|
28
29
|
return (0, encryption_1.encrypt)(JSON.stringify(payload));
|
|
29
30
|
}
|
|
@@ -61,6 +62,18 @@ function verifyWorkerToken(token) {
|
|
|
61
62
|
logger.error("Worker token rejected: missing or wrongly-typed required fields");
|
|
62
63
|
return null;
|
|
63
64
|
}
|
|
65
|
+
// `runId` is optional but must be a positive integer when present.
|
|
66
|
+
// A forged token with `runId: "*"` (or NaN, or negative) would pass
|
|
67
|
+
// the verification check and then defeat the snapshot route's
|
|
68
|
+
// equality check below if downstream code compared loosely.
|
|
69
|
+
if (data.runId !== undefined) {
|
|
70
|
+
if (typeof data.runId !== "number" ||
|
|
71
|
+
!Number.isInteger(data.runId) ||
|
|
72
|
+
data.runId <= 0) {
|
|
73
|
+
logger.error("Worker token rejected: runId must be a positive integer");
|
|
74
|
+
return null;
|
|
75
|
+
}
|
|
76
|
+
}
|
|
64
77
|
// Default TTL 2h (was 24h — a leaked token had no revocation path for a
|
|
65
78
|
// full day). Override via WORKER_TOKEN_TTL_MS. Clock-skew tolerance via
|
|
66
79
|
// WORKER_TOKEN_CLOCK_SKEW_MS. Tokens timestamped further in the future
|
package/dist/worker/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":";;AA6CA,kDA6CC;AAgBD,8CAiFC;AA3LD,6CAAyC;AACzC,sCAAyC;AACzC,oDAAuD;AAEvD,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,aAAa,CAAC,CAAC;AAyC3C,SAAgB,mBAAmB,CACjC,MAAc,EACd,cAAsB,EACtB,cAAsB,EACtB,OAiBC;IAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,OAAO,GAAoB;QAC/B,MAAM;QACN,cAAc;QACd,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,cAAc;QACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,GAAG,EAAE,IAAA,wBAAU,GAAE;QACjB,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC;IAEF,OAAO,IAAA,oBAAO,EAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAAY,EACZ,QAAgB,EAChB,SAAS,GAAG,KAAK;IAEjB,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvC,IAAI,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IACpD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,IAAA,oBAAO,EAAC,KAAK,CAAC,CAAC,CAAC;QAEnD,yEAAyE;QACzE,iEAAiE;QACjE,sEAAsE;QACtE,mCAAmC;QACnC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,GAAG,MAAyB,CAAC;QAEvC,IACE,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ;YACvC,CAAC,IAAI,CAAC,cAAc;YACpB,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ;YAC/B,CAAC,IAAI,CAAC,MAAM;YACZ,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ;YACvC,CAAC,IAAI,CAAC,cAAc;YACpB,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ;YAClC,CAAC,IAAI,CAAC,SAAS,EACf,CAAC;YACD,MAAM,CAAC,KAAK,CACV,iEAAiE,CAClE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,mEAAmE;QACnE,oEAAoE;QACpE,8DAA8D;QAC9D,4DAA4D;QAC5D,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,IACE,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;gBAC9B,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC7B,IAAI,CAAC,KAAK,IAAI,CAAC,EACf,CAAC;gBACD,MAAM,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,wEAAwE;QACxE,uEAAuE;QACvE,uEAAuE;QACvE,gCAAgC;QAChC,MAAM,GAAG,GAAG,mBAAmB,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,mBAAmB,CAChC,4BAA4B,EAC5B,EAAE,GAAG,IAAI,EACT,IAAI,CACL,CAAC;QACF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;QACxC,IAAI,GAAG,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,kEAAkE;QAClE,wEAAwE;QACxE,sEAAsE;QACtE,MAAM,CAAC,KAAK,CACV;YACE,GAAG,EACD,KAAK,YAAY,KAAK;gBACpB,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE;gBAC9C,CAAC,CAAC,KAAK;SACZ,EACD,uBAAuB,CACxB,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|