npm - @lobu/gateway - Versions diffs - 2.8.0 → 3.0.6 - Mend

@lobu/gateway 2.8.0 → 3.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/package.json +2 -2
package/src/__tests__/agent-config-routes.test.ts +254 -0
package/src/__tests__/agent-history-routes.test.ts +72 -0
package/src/__tests__/agent-routes.test.ts +68 -0
package/src/__tests__/agent-schedules-routes.test.ts +59 -0
package/src/__tests__/agent-settings-store.test.ts +323 -0
package/src/__tests__/chat-instance-manager-slack.test.ts +204 -0
package/src/__tests__/chat-response-bridge.test.ts +131 -0
package/src/__tests__/config-memory-plugins.test.ts +92 -0
package/src/__tests__/config-request-store.test.ts +127 -0
package/src/__tests__/connection-routes.test.ts +144 -0
package/src/__tests__/core-services-store-selection.test.ts +92 -0
package/src/__tests__/docker-deployment.test.ts +1211 -0
package/src/__tests__/embedded-deployment.test.ts +342 -0
package/src/__tests__/grant-store.test.ts +148 -0
package/src/__tests__/http-proxy.test.ts +281 -0
package/src/__tests__/instruction-service.test.ts +37 -0
package/src/__tests__/link-buttons.test.ts +112 -0
package/src/__tests__/lobu.test.ts +32 -0
package/src/__tests__/mcp-config-service.test.ts +347 -0
package/src/__tests__/mcp-proxy.test.ts +696 -0
package/src/__tests__/message-handler-bridge.test.ts +17 -0
package/src/__tests__/model-selection.test.ts +172 -0
package/src/__tests__/oauth-templates.test.ts +39 -0
package/src/__tests__/platform-adapter-slack-send.test.ts +114 -0
package/src/__tests__/platform-helpers-model-resolution.test.ts +253 -0
package/src/__tests__/provider-inheritance.test.ts +212 -0
package/src/__tests__/routes/cli-auth.test.ts +337 -0
package/src/__tests__/routes/interactions.test.ts +121 -0
package/src/__tests__/secret-proxy.test.ts +85 -0
package/src/__tests__/session-manager.test.ts +572 -0
package/src/__tests__/setup.ts +133 -0
package/src/__tests__/skill-and-mcp-registry.test.ts +203 -0
package/src/__tests__/slack-routes.test.ts +161 -0
package/src/__tests__/system-config-resolver.test.ts +75 -0
package/src/__tests__/system-message-limiter.test.ts +89 -0
package/src/__tests__/system-skills-service.test.ts +362 -0
package/src/__tests__/transcription-service.test.ts +222 -0
package/src/__tests__/utils/rate-limiter.test.ts +102 -0
package/src/__tests__/worker-connection-manager.test.ts +497 -0
package/src/__tests__/worker-job-router.test.ts +722 -0
package/src/api/index.ts +1 -0
package/src/api/platform.ts +292 -0
package/src/api/response-renderer.ts +157 -0
package/src/auth/agent-metadata-store.ts +168 -0
package/src/auth/api-auth-middleware.ts +69 -0
package/src/auth/api-key-provider-module.ts +213 -0
package/src/auth/base-provider-module.ts +201 -0
package/src/auth/chatgpt/chatgpt-oauth-module.ts +185 -0
package/src/auth/chatgpt/device-code-client.ts +218 -0
package/src/auth/chatgpt/index.ts +1 -0
package/src/auth/claude/oauth-module.ts +280 -0
package/src/auth/cli/token-service.ts +249 -0
package/src/auth/external/client.ts +560 -0
package/src/auth/external/device-code-client.ts +225 -0
package/src/auth/mcp/config-service.ts +392 -0
package/src/auth/mcp/proxy.ts +1088 -0
package/src/auth/mcp/string-substitution.ts +17 -0
package/src/auth/mcp/tool-cache.ts +90 -0
package/src/auth/oauth/base-client.ts +267 -0
package/src/auth/oauth/client.ts +153 -0
package/src/auth/oauth/credentials.ts +7 -0
package/src/auth/oauth/providers.ts +69 -0
package/src/auth/oauth/state-store.ts +150 -0
package/src/auth/oauth-templates.ts +179 -0
package/src/auth/provider-catalog.ts +220 -0
package/src/auth/provider-model-options.ts +41 -0
package/src/auth/settings/agent-settings-store.ts +565 -0
package/src/auth/settings/auth-profiles-manager.ts +216 -0
package/src/auth/settings/index.ts +12 -0
package/src/auth/settings/model-preference-store.ts +52 -0
package/src/auth/settings/model-selection.ts +135 -0
package/src/auth/settings/resolved-settings-view.ts +298 -0
package/src/auth/settings/template-utils.ts +44 -0
package/src/auth/settings/token-service.ts +88 -0
package/src/auth/system-env-store.ts +98 -0
package/src/auth/user-agents-store.ts +68 -0
package/src/channels/binding-service.ts +214 -0
package/src/channels/index.ts +4 -0
package/src/cli/gateway.ts +1304 -0
package/src/cli/index.ts +74 -0
package/src/commands/built-in-commands.ts +80 -0
package/src/commands/command-dispatcher.ts +94 -0
package/src/commands/command-reply-adapters.ts +27 -0
package/src/config/file-loader.ts +618 -0
package/src/config/index.ts +588 -0
package/src/config/network-allowlist.ts +71 -0
package/src/connections/chat-instance-manager.ts +1284 -0
package/src/connections/chat-response-bridge.ts +618 -0
package/src/connections/index.ts +7 -0
package/src/connections/interaction-bridge.ts +831 -0
package/src/connections/message-handler-bridge.ts +415 -0
package/src/connections/platform-auth-methods.ts +15 -0
package/src/connections/types.ts +84 -0
package/src/gateway/connection-manager.ts +291 -0
package/src/gateway/index.ts +700 -0
package/src/gateway/job-router.ts +201 -0
package/src/gateway-main.ts +200 -0
package/src/index.ts +41 -0
package/src/infrastructure/queue/index.ts +12 -0
package/src/infrastructure/queue/queue-producer.ts +148 -0
package/src/infrastructure/queue/redis-queue.ts +361 -0
package/src/infrastructure/queue/types.ts +133 -0
package/src/infrastructure/redis/system-message-limiter.ts +94 -0
package/src/interactions/config-request-store.ts +198 -0
package/src/interactions.ts +363 -0
package/src/lobu.ts +311 -0
package/src/metrics/prometheus.ts +159 -0
package/src/modules/module-system.ts +179 -0
package/src/orchestration/base-deployment-manager.ts +900 -0
package/src/orchestration/deployment-utils.ts +98 -0
package/src/orchestration/impl/docker-deployment.ts +620 -0
package/src/orchestration/impl/embedded-deployment.ts +268 -0
package/src/orchestration/impl/index.ts +8 -0
package/src/orchestration/impl/k8s/deployment.ts +1061 -0
package/src/orchestration/impl/k8s/helpers.ts +610 -0
package/src/orchestration/impl/k8s/index.ts +1 -0
package/src/orchestration/index.ts +333 -0
package/src/orchestration/message-consumer.ts +584 -0
package/src/orchestration/scheduled-wakeup.ts +704 -0
package/src/permissions/approval-policy.ts +36 -0
package/src/permissions/grant-store.ts +219 -0
package/src/platform/file-handler.ts +66 -0
package/src/platform/link-buttons.ts +57 -0
package/src/platform/renderer-utils.ts +44 -0
package/src/platform/response-renderer.ts +84 -0
package/src/platform/unified-thread-consumer.ts +187 -0
package/src/platform.ts +318 -0
package/src/proxy/http-proxy.ts +752 -0
package/src/proxy/proxy-manager.ts +81 -0
package/src/proxy/secret-proxy.ts +402 -0
package/src/proxy/token-refresh-job.ts +143 -0
package/src/routes/internal/audio.ts +141 -0
package/src/routes/internal/device-auth.ts +566 -0
package/src/routes/internal/files.ts +226 -0
package/src/routes/internal/history.ts +69 -0
package/src/routes/internal/images.ts +127 -0
package/src/routes/internal/interactions.ts +84 -0
package/src/routes/internal/middleware.ts +23 -0
package/src/routes/internal/schedule.ts +226 -0
package/src/routes/internal/types.ts +22 -0
package/src/routes/openapi-auto.ts +239 -0
package/src/routes/public/agent-access.ts +23 -0
package/src/routes/public/agent-config.ts +675 -0
package/src/routes/public/agent-history.ts +422 -0
package/src/routes/public/agent-schedules.ts +296 -0
package/src/routes/public/agent.ts +1086 -0
package/src/routes/public/agents.ts +373 -0
package/src/routes/public/channels.ts +191 -0
package/src/routes/public/cli-auth.ts +883 -0
package/src/routes/public/connections.ts +574 -0
package/src/routes/public/landing.ts +16 -0
package/src/routes/public/oauth.ts +147 -0
package/src/routes/public/settings-auth.ts +104 -0
package/src/routes/public/slack.ts +173 -0
package/src/routes/shared/agent-ownership.ts +101 -0
package/src/routes/shared/token-verifier.ts +34 -0
package/src/services/core-services.ts +1053 -0
package/src/services/image-generation-service.ts +257 -0
package/src/services/instruction-service.ts +318 -0
package/src/services/mcp-registry.ts +94 -0
package/src/services/platform-helpers.ts +287 -0
package/src/services/session-manager.ts +262 -0
package/src/services/settings-resolver.ts +74 -0
package/src/services/system-config-resolver.ts +90 -0
package/src/services/system-skills-service.ts +229 -0
package/src/services/transcription-service.ts +684 -0
package/src/session.ts +110 -0
package/src/spaces/index.ts +1 -0
package/src/spaces/space-resolver.ts +17 -0
package/src/stores/in-memory-agent-store.ts +403 -0
package/src/stores/redis-agent-store.ts +279 -0
package/src/utils/public-url.ts +44 -0
package/src/utils/rate-limiter.ts +94 -0
package/tsconfig.json +33 -0

package/src/auth/cli/token-service.ts ADDED Viewed

@@ -0,0 +1,249 @@
+import { randomBytes } from "node:crypto";
+import { createLogger, decrypt, encrypt } from "@lobu/core";
+import type Redis from "ioredis";
+const logger = createLogger("cli-token-service");
+const ACCESS_TOKEN_TTL_MS = 60 * 60 * 1000;
+const REFRESH_TOKEN_TTL_MS = 30 * 24 * 60 * 60 * 1000;
+interface CliAccessTokenPayload {
+  type: "cli-access";
+  sessionId: string;
+  userId: string;
+  email?: string;
+  name?: string;
+  exp: number;
+  iat: number;
+}
+interface CliRefreshTokenPayload {
+  type: "cli-refresh";
+  sessionId: string;
+  refreshTokenId: string;
+  exp: number;
+  iat: number;
+}
+interface CliSessionRecord {
+  sessionId: string;
+  userId: string;
+  email?: string;
+  name?: string;
+  refreshTokenId: string;
+  createdAt: number;
+  expiresAt: number;
+}
+export interface CliTokenIdentity {
+  userId: string;
+  email?: string;
+  name?: string;
+}
+export interface CliIssuedTokens {
+  accessToken: string;
+  refreshToken: string;
+  expiresAt: number;
+  user: CliTokenIdentity;
+}
+export interface CliAccessTokenIdentity extends CliTokenIdentity {
+  sessionId: string;
+  expiresAt: number;
+}
+export class CliTokenService {
+  constructor(private readonly redis: Redis) {}
+  async issueTokens(identity: CliTokenIdentity): Promise<CliIssuedTokens> {
+    const session = this.createSessionRecord(identity);
+    await this.saveSession(session);
+    return this.buildIssuedTokens(session);
+  }
+  async refreshTokens(refreshToken: string): Promise<CliIssuedTokens | null> {
+    const payload = this.parseRefreshToken(refreshToken);
+    if (!payload) {
+      return null;
+    }
+    const session = await this.getSession(payload.sessionId);
+    if (!session) {
+      logger.warn("CLI refresh rejected: session not found", {
+        sessionId: payload.sessionId,
+      });
+      return null;
+    }
+    if (session.refreshTokenId !== payload.refreshTokenId) {
+      logger.warn("CLI refresh rejected: token rotation mismatch", {
+        sessionId: payload.sessionId,
+      });
+      return null;
+    }
+    if (session.expiresAt <= Date.now()) {
+      logger.warn("CLI refresh rejected: session expired", {
+        sessionId: payload.sessionId,
+      });
+      await this.deleteSession(session.sessionId);
+      return null;
+    }
+    session.refreshTokenId = this.generateId();
+    await this.saveSession(session);
+    return this.buildIssuedTokens(session);
+  }
+  async verifyAccessToken(
+    accessToken: string
+  ): Promise<CliAccessTokenIdentity | null> {
+    const payload = this.parseAccessToken(accessToken);
+    if (!payload) {
+      return null;
+    }
+    const session = await this.getSession(payload.sessionId);
+    if (!session) {
+      logger.warn("CLI access token rejected: session not found", {
+        sessionId: payload.sessionId,
+      });
+      return null;
+    }
+    if (session.expiresAt <= Date.now()) {
+      logger.warn("CLI access token rejected: session expired", {
+        sessionId: payload.sessionId,
+      });
+      await this.deleteSession(session.sessionId);
+      return null;
+    }
+    return {
+      sessionId: session.sessionId,
+      userId: session.userId,
+      email: session.email,
+      name: session.name,
+      expiresAt: payload.exp,
+    };
+  }
+  async revokeSessionByRefreshToken(refreshToken: string): Promise<void> {
+    const payload = this.parseRefreshToken(refreshToken);
+    if (!payload) {
+      return;
+    }
+    await this.deleteSession(payload.sessionId);
+  }
+  private buildIssuedTokens(session: CliSessionRecord): CliIssuedTokens {
+    const accessPayload: CliAccessTokenPayload = {
+      type: "cli-access",
+      sessionId: session.sessionId,
+      userId: session.userId,
+      email: session.email,
+      name: session.name,
+      iat: Date.now(),
+      exp: Date.now() + ACCESS_TOKEN_TTL_MS,
+    };
+    const refreshPayload: CliRefreshTokenPayload = {
+      type: "cli-refresh",
+      sessionId: session.sessionId,
+      refreshTokenId: session.refreshTokenId,
+      iat: Date.now(),
+      exp: session.expiresAt,
+    };
+    return {
+      accessToken: encrypt(JSON.stringify(accessPayload)),
+      refreshToken: encrypt(JSON.stringify(refreshPayload)),
+      expiresAt: accessPayload.exp,
+      user: {
+        userId: session.userId,
+        email: session.email,
+        name: session.name,
+      },
+    };
+  }
+  private createSessionRecord(identity: CliTokenIdentity): CliSessionRecord {
+    const now = Date.now();
+    return {
+      sessionId: this.generateId(),
+      userId: identity.userId,
+      email: identity.email,
+      name: identity.name,
+      refreshTokenId: this.generateId(),
+      createdAt: now,
+      expiresAt: now + REFRESH_TOKEN_TTL_MS,
+    };
+  }
+  private async saveSession(session: CliSessionRecord): Promise<void> {
+    const ttlSeconds = Math.max(
+      1,
+      Math.ceil((session.expiresAt - Date.now()) / 1000)
+    );
+    await this.redis.setex(
+      this.getSessionKey(session.sessionId),
+      ttlSeconds,
+      JSON.stringify(session)
+    );
+  }
+  private async getSession(
+    sessionId: string
+  ): Promise<CliSessionRecord | null> {
+    const raw = await this.redis.get(this.getSessionKey(sessionId));
+    if (!raw) {
+      return null;
+    }
+    try {
+      return JSON.parse(raw) as CliSessionRecord;
+    } catch (error) {
+      logger.error("Failed to parse CLI session", { sessionId, error });
+      await this.deleteSession(sessionId);
+      return null;
+    }
+  }
+  private async deleteSession(sessionId: string): Promise<void> {
+    await this.redis.del(this.getSessionKey(sessionId));
+  }
+  private parseAccessToken(token: string): CliAccessTokenPayload | null {
+    return this.parseToken<CliAccessTokenPayload>(token, "cli-access");
+  }
+  private parseRefreshToken(token: string): CliRefreshTokenPayload | null {
+    return this.parseToken<CliRefreshTokenPayload>(token, "cli-refresh");
+  }
+  private parseToken<T extends { type: string; exp: number }>(
+    token: string,
+    expectedType: string
+  ): T | null {
+    try {
+      const payload = JSON.parse(decrypt(token)) as T;
+      if (payload.type !== expectedType) {
+        return null;
+      }
+      if (typeof payload.exp !== "number" || payload.exp <= Date.now()) {
+        return null;
+      }
+      return payload;
+    } catch {
+      return null;
+    }
+  }
+  private getSessionKey(sessionId: string): string {
+    return `cli:auth:session:${sessionId}`;
+  }
+  private generateId(): string {
+    return randomBytes(24).toString("base64url");
+  }
+}