npm - @lobu/gateway - Versions diffs - 2.8.0 - Mend

@lobu/gateway 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (533) hide show

package/dist/api/index.d.ts +2 -0
package/dist/api/index.d.ts.map +1 -0
package/dist/api/index.js +6 -0
package/dist/api/index.js.map +1 -0
package/dist/api/platform.d.ts +92 -0
package/dist/api/platform.d.ts.map +1 -0
package/dist/api/platform.js +236 -0
package/dist/api/platform.js.map +1 -0
package/dist/api/response-renderer.d.ts +44 -0
package/dist/api/response-renderer.d.ts.map +1 -0
package/dist/api/response-renderer.js +123 -0
package/dist/api/response-renderer.js.map +1 -0
package/dist/auth/agent-metadata-store.d.ts +64 -0
package/dist/auth/agent-metadata-store.d.ts.map +1 -0
package/dist/auth/agent-metadata-store.js +115 -0
package/dist/auth/agent-metadata-store.js.map +1 -0
package/dist/auth/api-auth-middleware.d.ts +19 -0
package/dist/auth/api-auth-middleware.d.ts.map +1 -0
package/dist/auth/api-auth-middleware.js +61 -0
package/dist/auth/api-auth-middleware.js.map +1 -0
package/dist/auth/api-key-provider-module.d.ts +60 -0
package/dist/auth/api-key-provider-module.d.ts.map +1 -0
package/dist/auth/api-key-provider-module.js +148 -0
package/dist/auth/api-key-provider-module.js.map +1 -0
package/dist/auth/base-provider-module.d.ts +70 -0
package/dist/auth/base-provider-module.d.ts.map +1 -0
package/dist/auth/base-provider-module.js +118 -0
package/dist/auth/base-provider-module.js.map +1 -0
package/dist/auth/chatgpt/chatgpt-oauth-module.d.ts +34 -0
package/dist/auth/chatgpt/chatgpt-oauth-module.d.ts.map +1 -0
package/dist/auth/chatgpt/chatgpt-oauth-module.js +136 -0
package/dist/auth/chatgpt/chatgpt-oauth-module.js.map +1 -0
package/dist/auth/chatgpt/device-code-client.d.ts +40 -0
package/dist/auth/chatgpt/device-code-client.d.ts.map +1 -0
package/dist/auth/chatgpt/device-code-client.js +165 -0
package/dist/auth/chatgpt/device-code-client.js.map +1 -0
package/dist/auth/chatgpt/index.d.ts +2 -0
package/dist/auth/chatgpt/index.d.ts.map +1 -0
package/dist/auth/chatgpt/index.js +6 -0
package/dist/auth/chatgpt/index.js.map +1 -0
package/dist/auth/claude/oauth-module.d.ts +29 -0
package/dist/auth/claude/oauth-module.d.ts.map +1 -0
package/dist/auth/claude/oauth-module.js +201 -0
package/dist/auth/claude/oauth-module.js.map +1 -0
package/dist/auth/cli/token-service.d.ts +35 -0
package/dist/auth/cli/token-service.d.ts.map +1 -0
package/dist/auth/cli/token-service.js +171 -0
package/dist/auth/cli/token-service.js.map +1 -0
package/dist/auth/external/client.d.ts +65 -0
package/dist/auth/external/client.d.ts.map +1 -0
package/dist/auth/external/client.js +348 -0
package/dist/auth/external/client.js.map +1 -0
package/dist/auth/external/device-code-client.d.ts +41 -0
package/dist/auth/external/device-code-client.d.ts.map +1 -0
package/dist/auth/external/device-code-client.js +128 -0
package/dist/auth/external/device-code-client.js.map +1 -0
package/dist/auth/mcp/config-service.d.ts +70 -0
package/dist/auth/mcp/config-service.d.ts.map +1 -0
package/dist/auth/mcp/config-service.js +269 -0
package/dist/auth/mcp/config-service.js.map +1 -0
package/dist/auth/mcp/proxy.d.ts +68 -0
package/dist/auth/mcp/proxy.d.ts.map +1 -0
package/dist/auth/mcp/proxy.js +783 -0
package/dist/auth/mcp/proxy.js.map +1 -0
package/dist/auth/mcp/string-substitution.d.ts +11 -0
package/dist/auth/mcp/string-substitution.d.ts.map +1 -0
package/dist/auth/mcp/string-substitution.js +21 -0
package/dist/auth/mcp/string-substitution.js.map +1 -0
package/dist/auth/mcp/tool-cache.d.ts +26 -0
package/dist/auth/mcp/tool-cache.d.ts.map +1 -0
package/dist/auth/mcp/tool-cache.js +58 -0
package/dist/auth/mcp/tool-cache.js.map +1 -0
package/dist/auth/oauth/base-client.d.ts +54 -0
package/dist/auth/oauth/base-client.d.ts.map +1 -0
package/dist/auth/oauth/base-client.js +191 -0
package/dist/auth/oauth/base-client.js.map +1 -0
package/dist/auth/oauth/client.d.ts +35 -0
package/dist/auth/oauth/client.d.ts.map +1 -0
package/dist/auth/oauth/client.js +96 -0
package/dist/auth/oauth/client.js.map +1 -0
package/dist/auth/oauth/credentials.d.ts +8 -0
package/dist/auth/oauth/credentials.d.ts.map +1 -0
package/dist/auth/oauth/credentials.js +3 -0
package/dist/auth/oauth/credentials.js.map +1 -0
package/dist/auth/oauth/providers.d.ts +44 -0
package/dist/auth/oauth/providers.d.ts.map +1 -0
package/dist/auth/oauth/providers.js +37 -0
package/dist/auth/oauth/providers.js.map +1 -0
package/dist/auth/oauth/state-store.d.ts +62 -0
package/dist/auth/oauth/state-store.d.ts.map +1 -0
package/dist/auth/oauth/state-store.js +84 -0
package/dist/auth/oauth/state-store.js.map +1 -0
package/dist/auth/oauth-templates.d.ts +15 -0
package/dist/auth/oauth-templates.d.ts.map +1 -0
package/dist/auth/oauth-templates.js +161 -0
package/dist/auth/oauth-templates.js.map +1 -0
package/dist/auth/provider-catalog.d.ts +52 -0
package/dist/auth/provider-catalog.d.ts.map +1 -0
package/dist/auth/provider-catalog.js +155 -0
package/dist/auth/provider-catalog.js.map +1 -0
package/dist/auth/provider-model-options.d.ts +3 -0
package/dist/auth/provider-model-options.d.ts.map +1 -0
package/dist/auth/provider-model-options.js +29 -0
package/dist/auth/provider-model-options.js.map +1 -0
package/dist/auth/settings/agent-settings-store.d.ts +112 -0
package/dist/auth/settings/agent-settings-store.d.ts.map +1 -0
package/dist/auth/settings/agent-settings-store.js +376 -0
package/dist/auth/settings/agent-settings-store.js.map +1 -0
package/dist/auth/settings/auth-profiles-manager.d.ts +26 -0
package/dist/auth/settings/auth-profiles-manager.d.ts.map +1 -0
package/dist/auth/settings/auth-profiles-manager.js +146 -0
package/dist/auth/settings/auth-profiles-manager.js.map +1 -0
package/dist/auth/settings/index.d.ts +4 -0
package/dist/auth/settings/index.d.ts.map +1 -0
package/dist/auth/settings/index.js +9 -0
package/dist/auth/settings/index.js.map +1 -0
package/dist/auth/settings/model-preference-store.d.ts +25 -0
package/dist/auth/settings/model-preference-store.d.ts.map +1 -0
package/dist/auth/settings/model-preference-store.js +50 -0
package/dist/auth/settings/model-preference-store.js.map +1 -0
package/dist/auth/settings/model-selection.d.ts +11 -0
package/dist/auth/settings/model-selection.d.ts.map +1 -0
package/dist/auth/settings/model-selection.js +83 -0
package/dist/auth/settings/model-selection.js.map +1 -0
package/dist/auth/settings/resolved-settings-view.d.ts +45 -0
package/dist/auth/settings/resolved-settings-view.d.ts.map +1 -0
package/dist/auth/settings/resolved-settings-view.js +152 -0
package/dist/auth/settings/resolved-settings-view.js.map +1 -0
package/dist/auth/settings/template-utils.d.ts +3 -0
package/dist/auth/settings/template-utils.d.ts.map +1 -0
package/dist/auth/settings/template-utils.js +43 -0
package/dist/auth/settings/template-utils.js.map +1 -0
package/dist/auth/settings/token-service.d.ts +86 -0
package/dist/auth/settings/token-service.d.ts.map +1 -0
package/dist/auth/settings/token-service.js +3 -0
package/dist/auth/settings/token-service.js.map +1 -0
package/dist/auth/system-env-store.d.ts +26 -0
package/dist/auth/system-env-store.d.ts.map +1 -0
package/dist/auth/system-env-store.js +92 -0
package/dist/auth/system-env-store.js.map +1 -0
package/dist/auth/user-agents-store.d.ts +31 -0
package/dist/auth/user-agents-store.d.ts.map +1 -0
package/dist/auth/user-agents-store.js +54 -0
package/dist/auth/user-agents-store.js.map +1 -0
package/dist/channels/binding-service.d.ts +69 -0
package/dist/channels/binding-service.d.ts.map +1 -0
package/dist/channels/binding-service.js +144 -0
package/dist/channels/binding-service.js.map +1 -0
package/dist/channels/index.d.ts +2 -0
package/dist/channels/index.d.ts.map +1 -0
package/dist/channels/index.js +6 -0
package/dist/channels/index.js.map +1 -0
package/dist/cli/gateway.d.ts +31 -0
package/dist/cli/gateway.d.ts.map +1 -0
package/dist/cli/gateway.js +1062 -0
package/dist/cli/gateway.js.map +1 -0
package/dist/cli/index.d.ts +3 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +56 -0
package/dist/cli/index.js.map +1 -0
package/dist/commands/built-in-commands.d.ts +10 -0
package/dist/commands/built-in-commands.d.ts.map +1 -0
package/dist/commands/built-in-commands.js +63 -0
package/dist/commands/built-in-commands.js.map +1 -0
package/dist/commands/command-dispatcher.d.ts +25 -0
package/dist/commands/command-dispatcher.d.ts.map +1 -0
package/dist/commands/command-dispatcher.js +50 -0
package/dist/commands/command-dispatcher.js.map +1 -0
package/dist/commands/command-reply-adapters.d.ts +3 -0
package/dist/commands/command-reply-adapters.d.ts.map +1 -0
package/dist/commands/command-reply-adapters.js +60 -0
package/dist/commands/command-reply-adapters.js.map +1 -0
package/dist/config/file-loader.d.ts +23 -0
package/dist/config/file-loader.d.ts.map +1 -0
package/dist/config/file-loader.js +495 -0
package/dist/config/file-loader.js.map +1 -0
package/dist/config/index.d.ts +96 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +357 -0
package/dist/config/index.js.map +1 -0
package/dist/config/network-allowlist.d.ts +18 -0
package/dist/config/network-allowlist.d.ts.map +1 -0
package/dist/config/network-allowlist.js +60 -0
package/dist/config/network-allowlist.js.map +1 -0
package/dist/connections/chat-instance-manager.d.ts +107 -0
package/dist/connections/chat-instance-manager.d.ts.map +1 -0
package/dist/connections/chat-instance-manager.js +886 -0
package/dist/connections/chat-instance-manager.js.map +1 -0
package/dist/connections/chat-response-bridge.d.ts +31 -0
package/dist/connections/chat-response-bridge.d.ts.map +1 -0
package/dist/connections/chat-response-bridge.js +465 -0
package/dist/connections/chat-response-bridge.js.map +1 -0
package/dist/connections/index.d.ts +4 -0
package/dist/connections/index.d.ts.map +1 -0
package/dist/connections/index.js +8 -0
package/dist/connections/index.js.map +1 -0
package/dist/connections/interaction-bridge.d.ts +7 -0
package/dist/connections/interaction-bridge.d.ts.map +1 -0
package/dist/connections/interaction-bridge.js +593 -0
package/dist/connections/interaction-bridge.js.map +1 -0
package/dist/connections/message-handler-bridge.d.ts +21 -0
package/dist/connections/message-handler-bridge.d.ts.map +1 -0
package/dist/connections/message-handler-bridge.js +314 -0
package/dist/connections/message-handler-bridge.js.map +1 -0
package/dist/connections/platform-auth-methods.d.ts +5 -0
package/dist/connections/platform-auth-methods.d.ts.map +1 -0
package/dist/connections/platform-auth-methods.js +13 -0
package/dist/connections/platform-auth-methods.js.map +1 -0
package/dist/connections/types.d.ts +52 -0
package/dist/connections/types.d.ts.map +1 -0
package/dist/connections/types.js +20 -0
package/dist/connections/types.js.map +1 -0
package/dist/gateway/connection-manager.d.ts +87 -0
package/dist/gateway/connection-manager.d.ts.map +1 -0
package/dist/gateway/connection-manager.js +216 -0
package/dist/gateway/connection-manager.js.map +1 -0
package/dist/gateway/index.d.ts +71 -0
package/dist/gateway/index.d.ts.map +1 -0
package/dist/gateway/index.js +509 -0
package/dist/gateway/index.js.map +1 -0
package/dist/gateway/job-router.d.ts +60 -0
package/dist/gateway/job-router.d.ts.map +1 -0
package/dist/gateway/job-router.js +148 -0
package/dist/gateway/job-router.js.map +1 -0
package/dist/gateway-main.d.ts +81 -0
package/dist/gateway-main.d.ts.map +1 -0
package/dist/gateway-main.js +143 -0
package/dist/gateway-main.js.map +1 -0
package/dist/index.d.ts +16 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +64 -0
package/dist/index.js.map +1 -0
package/dist/infrastructure/queue/index.d.ts +8 -0
package/dist/infrastructure/queue/index.d.ts.map +1 -0
package/dist/infrastructure/queue/index.js +12 -0
package/dist/infrastructure/queue/index.js.map +1 -0
package/dist/infrastructure/queue/queue-producer.d.ts +68 -0
package/dist/infrastructure/queue/queue-producer.d.ts.map +1 -0
package/dist/infrastructure/queue/queue-producer.js +72 -0
package/dist/infrastructure/queue/queue-producer.js.map +1 -0
package/dist/infrastructure/queue/redis-queue.d.ts +45 -0
package/dist/infrastructure/queue/redis-queue.d.ts.map +1 -0
package/dist/infrastructure/queue/redis-queue.js +273 -0
package/dist/infrastructure/queue/redis-queue.js.map +1 -0
package/dist/infrastructure/queue/types.d.ts +107 -0
package/dist/infrastructure/queue/types.d.ts.map +1 -0
package/dist/infrastructure/queue/types.js +7 -0
package/dist/infrastructure/queue/types.js.map +1 -0
package/dist/infrastructure/redis/system-message-limiter.d.ts +35 -0
package/dist/infrastructure/redis/system-message-limiter.d.ts.map +1 -0
package/dist/infrastructure/redis/system-message-limiter.js +61 -0
package/dist/infrastructure/redis/system-message-limiter.js.map +1 -0
package/dist/interactions/config-request-store.d.ts +41 -0
package/dist/interactions/config-request-store.d.ts.map +1 -0
package/dist/interactions/config-request-store.js +103 -0
package/dist/interactions/config-request-store.js.map +1 -0
package/dist/interactions.d.ts +134 -0
package/dist/interactions.d.ts.map +1 -0
package/dist/interactions.js +175 -0
package/dist/interactions.js.map +1 -0
package/dist/lobu.d.ts +78 -0
package/dist/lobu.d.ts.map +1 -0
package/dist/lobu.js +248 -0
package/dist/lobu.js.map +1 -0
package/dist/metrics/prometheus.d.ts +6 -0
package/dist/metrics/prometheus.d.ts.map +1 -0
package/dist/metrics/prometheus.js +78 -0
package/dist/metrics/prometheus.js.map +1 -0
package/dist/modules/module-system.d.ts +82 -0
package/dist/modules/module-system.d.ts.map +1 -0
package/dist/modules/module-system.js +53 -0
package/dist/modules/module-system.js.map +1 -0
package/dist/orchestration/base-deployment-manager.d.ts +173 -0
package/dist/orchestration/base-deployment-manager.d.ts.map +1 -0
package/dist/orchestration/base-deployment-manager.js +553 -0
package/dist/orchestration/base-deployment-manager.js.map +1 -0
package/dist/orchestration/deployment-utils.d.ts +25 -0
package/dist/orchestration/deployment-utils.d.ts.map +1 -0
package/dist/orchestration/deployment-utils.js +65 -0
package/dist/orchestration/deployment-utils.js.map +1 -0
package/dist/orchestration/impl/docker-deployment.d.ts +43 -0
package/dist/orchestration/impl/docker-deployment.d.ts.map +1 -0
package/dist/orchestration/impl/docker-deployment.js +480 -0
package/dist/orchestration/impl/docker-deployment.js.map +1 -0
package/dist/orchestration/impl/embedded-deployment.d.ts +16 -0
package/dist/orchestration/impl/embedded-deployment.d.ts.map +1 -0
package/dist/orchestration/impl/embedded-deployment.js +195 -0
package/dist/orchestration/impl/embedded-deployment.js.map +1 -0
package/dist/orchestration/impl/index.d.ts +8 -0
package/dist/orchestration/impl/index.d.ts.map +1 -0
package/dist/orchestration/impl/index.js +14 -0
package/dist/orchestration/impl/index.js.map +1 -0
package/dist/orchestration/impl/k8s/deployment.d.ts +204 -0
package/dist/orchestration/impl/k8s/deployment.d.ts.map +1 -0
package/dist/orchestration/impl/k8s/deployment.js +620 -0
package/dist/orchestration/impl/k8s/deployment.js.map +1 -0
package/dist/orchestration/impl/k8s/helpers.d.ts +34 -0
package/dist/orchestration/impl/k8s/helpers.d.ts.map +1 -0
package/dist/orchestration/impl/k8s/helpers.js +377 -0
package/dist/orchestration/impl/k8s/helpers.js.map +1 -0
package/dist/orchestration/impl/k8s/index.d.ts +2 -0
package/dist/orchestration/impl/k8s/index.d.ts.map +1 -0
package/dist/orchestration/impl/k8s/index.js +6 -0
package/dist/orchestration/impl/k8s/index.js.map +1 -0
package/dist/orchestration/index.d.ts +53 -0
package/dist/orchestration/index.d.ts.map +1 -0
package/dist/orchestration/index.js +257 -0
package/dist/orchestration/index.js.map +1 -0
package/dist/orchestration/message-consumer.d.ts +49 -0
package/dist/orchestration/message-consumer.d.ts.map +1 -0
package/dist/orchestration/message-consumer.js +406 -0
package/dist/orchestration/message-consumer.js.map +1 -0
package/dist/orchestration/scheduled-wakeup.d.ts +110 -0
package/dist/orchestration/scheduled-wakeup.d.ts.map +1 -0
package/dist/orchestration/scheduled-wakeup.js +500 -0
package/dist/orchestration/scheduled-wakeup.js.map +1 -0
package/dist/permissions/approval-policy.d.ts +28 -0
package/dist/permissions/approval-policy.d.ts.map +1 -0
package/dist/permissions/approval-policy.js +33 -0
package/dist/permissions/approval-policy.js.map +1 -0
package/dist/permissions/grant-store.d.ts +52 -0
package/dist/permissions/grant-store.d.ts.map +1 -0
package/dist/permissions/grant-store.js +192 -0
package/dist/permissions/grant-store.js.map +1 -0
package/dist/platform/file-handler.d.ts +51 -0
package/dist/platform/file-handler.d.ts.map +1 -0
package/dist/platform/file-handler.js +6 -0
package/dist/platform/file-handler.js.map +1 -0
package/dist/platform/link-buttons.d.ts +21 -0
package/dist/platform/link-buttons.d.ts.map +1 -0
package/dist/platform/link-buttons.js +43 -0
package/dist/platform/link-buttons.js.map +1 -0
package/dist/platform/renderer-utils.d.ts +10 -0
package/dist/platform/renderer-utils.d.ts.map +1 -0
package/dist/platform/renderer-utils.js +42 -0
package/dist/platform/renderer-utils.js.map +1 -0
package/dist/platform/response-renderer.d.ts +66 -0
package/dist/platform/response-renderer.d.ts.map +1 -0
package/dist/platform/response-renderer.js +8 -0
package/dist/platform/response-renderer.js.map +1 -0
package/dist/platform/unified-thread-consumer.d.ts +41 -0
package/dist/platform/unified-thread-consumer.d.ts.map +1 -0
package/dist/platform/unified-thread-consumer.js +143 -0
package/dist/platform/unified-thread-consumer.js.map +1 -0
package/dist/platform.d.ts +255 -0
package/dist/platform.d.ts.map +1 -0
package/dist/platform.js +40 -0
package/dist/platform.js.map +1 -0
package/dist/proxy/http-proxy.d.ts +32 -0
package/dist/proxy/http-proxy.d.ts.map +1 -0
package/dist/proxy/http-proxy.js +636 -0
package/dist/proxy/http-proxy.js.map +1 -0
package/dist/proxy/proxy-manager.d.ts +13 -0
package/dist/proxy/proxy-manager.d.ts.map +1 -0
package/dist/proxy/proxy-manager.js +68 -0
package/dist/proxy/proxy-manager.js.map +1 -0
package/dist/proxy/secret-proxy.d.ts +78 -0
package/dist/proxy/secret-proxy.d.ts.map +1 -0
package/dist/proxy/secret-proxy.js +309 -0
package/dist/proxy/secret-proxy.js.map +1 -0
package/dist/proxy/token-refresh-job.d.ts +29 -0
package/dist/proxy/token-refresh-job.d.ts.map +1 -0
package/dist/proxy/token-refresh-job.js +104 -0
package/dist/proxy/token-refresh-job.js.map +1 -0
package/dist/routes/internal/audio.d.ts +14 -0
package/dist/routes/internal/audio.d.ts.map +1 -0
package/dist/routes/internal/audio.js +118 -0
package/dist/routes/internal/audio.js.map +1 -0
package/dist/routes/internal/device-auth.d.ts +42 -0
package/dist/routes/internal/device-auth.d.ts.map +1 -0
package/dist/routes/internal/device-auth.js +397 -0
package/dist/routes/internal/device-auth.js.map +1 -0
package/dist/routes/internal/files.d.ts +9 -0
package/dist/routes/internal/files.d.ts.map +1 -0
package/dist/routes/internal/files.js +175 -0
package/dist/routes/internal/files.js.map +1 -0
package/dist/routes/internal/history.d.ts +9 -0
package/dist/routes/internal/history.d.ts.map +1 -0
package/dist/routes/internal/history.js +55 -0
package/dist/routes/internal/history.js.map +1 -0
package/dist/routes/internal/images.d.ts +10 -0
package/dist/routes/internal/images.d.ts.map +1 -0
package/dist/routes/internal/images.js +101 -0
package/dist/routes/internal/images.js.map +1 -0
package/dist/routes/internal/interactions.d.ts +9 -0
package/dist/routes/internal/interactions.d.ts.map +1 -0
package/dist/routes/internal/interactions.js +53 -0
package/dist/routes/internal/interactions.js.map +1 -0
package/dist/routes/internal/middleware.d.ts +7 -0
package/dist/routes/internal/middleware.d.ts.map +1 -0
package/dist/routes/internal/middleware.js +24 -0
package/dist/routes/internal/middleware.js.map +1 -0
package/dist/routes/internal/schedule.d.ts +14 -0
package/dist/routes/internal/schedule.d.ts.map +1 -0
package/dist/routes/internal/schedule.js +169 -0
package/dist/routes/internal/schedule.js.map +1 -0
package/dist/routes/internal/types.d.ts +22 -0
package/dist/routes/internal/types.d.ts.map +1 -0
package/dist/routes/internal/types.js +6 -0
package/dist/routes/internal/types.js.map +1 -0
package/dist/routes/openapi-auto.d.ts +8 -0
package/dist/routes/openapi-auto.d.ts.map +1 -0
package/dist/routes/openapi-auto.js +196 -0
package/dist/routes/openapi-auto.js.map +1 -0
package/dist/routes/public/agent-access.d.ts +11 -0
package/dist/routes/public/agent-access.d.ts.map +1 -0
package/dist/routes/public/agent-access.js +11 -0
package/dist/routes/public/agent-access.js.map +1 -0
package/dist/routes/public/agent-config.d.ts +42 -0
package/dist/routes/public/agent-config.d.ts.map +1 -0
package/dist/routes/public/agent-config.js +415 -0
package/dist/routes/public/agent-config.js.map +1 -0
package/dist/routes/public/agent-history.d.ts +17 -0
package/dist/routes/public/agent-history.d.ts.map +1 -0
package/dist/routes/public/agent-history.js +335 -0
package/dist/routes/public/agent-history.js.map +1 -0
package/dist/routes/public/agent-schedules.d.ts +18 -0
package/dist/routes/public/agent-schedules.d.ts.map +1 -0
package/dist/routes/public/agent-schedules.js +242 -0
package/dist/routes/public/agent-schedules.js.map +1 -0
package/dist/routes/public/agent.d.ts +23 -0
package/dist/routes/public/agent.d.ts.map +1 -0
package/dist/routes/public/agent.js +864 -0
package/dist/routes/public/agent.js.map +1 -0
package/dist/routes/public/agents.d.ts +22 -0
package/dist/routes/public/agents.d.ts.map +1 -0
package/dist/routes/public/agents.js +257 -0
package/dist/routes/public/agents.js.map +1 -0
package/dist/routes/public/channels.d.ts +23 -0
package/dist/routes/public/channels.d.ts.map +1 -0
package/dist/routes/public/channels.js +131 -0
package/dist/routes/public/channels.js.map +1 -0
package/dist/routes/public/cli-auth.d.ts +12 -0
package/dist/routes/public/cli-auth.d.ts.map +1 -0
package/dist/routes/public/cli-auth.js +552 -0
package/dist/routes/public/cli-auth.js.map +1 -0
package/dist/routes/public/connections.d.ts +20 -0
package/dist/routes/public/connections.d.ts.map +1 -0
package/dist/routes/public/connections.js +464 -0
package/dist/routes/public/connections.js.map +1 -0
package/dist/routes/public/landing.d.ts +3 -0
package/dist/routes/public/landing.d.ts.map +1 -0
package/dist/routes/public/landing.js +17 -0
package/dist/routes/public/landing.js.map +1 -0
package/dist/routes/public/oauth.d.ts +24 -0
package/dist/routes/public/oauth.d.ts.map +1 -0
package/dist/routes/public/oauth.js +108 -0
package/dist/routes/public/oauth.js.map +1 -0
package/dist/routes/public/settings-auth.d.ts +28 -0
package/dist/routes/public/settings-auth.d.ts.map +1 -0
package/dist/routes/public/settings-auth.js +90 -0
package/dist/routes/public/settings-auth.js.map +1 -0
package/dist/routes/public/slack.d.ts +4 -0
package/dist/routes/public/slack.d.ts.map +1 -0
package/dist/routes/public/slack.js +119 -0
package/dist/routes/public/slack.js.map +1 -0
package/dist/routes/shared/agent-ownership.d.ts +15 -0
package/dist/routes/shared/agent-ownership.d.ts.map +1 -0
package/dist/routes/shared/agent-ownership.js +61 -0
package/dist/routes/shared/agent-ownership.js.map +1 -0
package/dist/routes/shared/token-verifier.d.ts +21 -0
package/dist/routes/shared/token-verifier.d.ts.map +1 -0
package/dist/routes/shared/token-verifier.js +25 -0
package/dist/routes/shared/token-verifier.js.map +1 -0
package/dist/services/core-services.d.ts +133 -0
package/dist/services/core-services.d.ts.map +1 -0
package/dist/services/core-services.js +728 -0
package/dist/services/core-services.js.map +1 -0
package/dist/services/image-generation-service.d.ts +38 -0
package/dist/services/image-generation-service.d.ts.map +1 -0
package/dist/services/image-generation-service.js +167 -0
package/dist/services/image-generation-service.js.map +1 -0
package/dist/services/instruction-service.d.ts +41 -0
package/dist/services/instruction-service.d.ts.map +1 -0
package/dist/services/instruction-service.js +252 -0
package/dist/services/instruction-service.js.map +1 -0
package/dist/services/mcp-registry.d.ts +31 -0
package/dist/services/mcp-registry.d.ts.map +1 -0
package/dist/services/mcp-registry.js +69 -0
package/dist/services/mcp-registry.js.map +1 -0
package/dist/services/platform-helpers.d.ts +47 -0
package/dist/services/platform-helpers.d.ts.map +1 -0
package/dist/services/platform-helpers.js +200 -0
package/dist/services/platform-helpers.js.map +1 -0
package/dist/services/session-manager.d.ts +72 -0
package/dist/services/session-manager.d.ts.map +1 -0
package/dist/services/session-manager.js +199 -0
package/dist/services/session-manager.js.map +1 -0
package/dist/services/settings-resolver.d.ts +25 -0
package/dist/services/settings-resolver.d.ts.map +1 -0
package/dist/services/settings-resolver.js +55 -0
package/dist/services/settings-resolver.js.map +1 -0
package/dist/services/system-config-resolver.d.ts +25 -0
package/dist/services/system-config-resolver.d.ts.map +1 -0
package/dist/services/system-config-resolver.js +73 -0
package/dist/services/system-config-resolver.js.map +1 -0
package/dist/services/system-skills-service.d.ts +38 -0
package/dist/services/system-skills-service.d.ts.map +1 -0
package/dist/services/system-skills-service.js +186 -0
package/dist/services/system-skills-service.js.map +1 -0
package/dist/services/transcription-service.d.ts +91 -0
package/dist/services/transcription-service.d.ts.map +1 -0
package/dist/services/transcription-service.js +465 -0
package/dist/services/transcription-service.js.map +1 -0
package/dist/session.d.ts +75 -0
package/dist/session.d.ts.map +1 -0
package/dist/session.js +19 -0
package/dist/session.js.map +1 -0
package/dist/spaces/index.d.ts +2 -0
package/dist/spaces/index.d.ts.map +1 -0
package/dist/spaces/index.js +18 -0
package/dist/spaces/index.js.map +1 -0
package/dist/spaces/space-resolver.d.ts +10 -0
package/dist/spaces/space-resolver.d.ts.map +1 -0
package/dist/spaces/space-resolver.js +17 -0
package/dist/spaces/space-resolver.js.map +1 -0
package/dist/stores/in-memory-agent-store.d.ts +57 -0
package/dist/stores/in-memory-agent-store.d.ts.map +1 -0
package/dist/stores/in-memory-agent-store.js +304 -0
package/dist/stores/in-memory-agent-store.js.map +1 -0
package/dist/stores/redis-agent-store.d.ts +57 -0
package/dist/stores/redis-agent-store.d.ts.map +1 -0
package/dist/stores/redis-agent-store.js +163 -0
package/dist/stores/redis-agent-store.js.map +1 -0
package/dist/utils/public-url.d.ts +6 -0
package/dist/utils/public-url.d.ts.map +1 -0
package/dist/utils/public-url.js +33 -0
package/dist/utils/public-url.js.map +1 -0
package/dist/utils/rate-limiter.d.ts +32 -0
package/dist/utils/rate-limiter.d.ts.map +1 -0
package/dist/utils/rate-limiter.js +56 -0
package/dist/utils/rate-limiter.js.map +1 -0
package/package.json +63 -0

package/dist/orchestration/impl/k8s/deployment.js ADDED Viewed

@@ -0,0 +1,620 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.K8sDeploymentManager = exports.IMAGE_PULL_FAILURE_REASONS = exports.WORKER_SECURITY = exports.LOBU_FINALIZER = void 0;
+const k8s = __importStar(require("@kubernetes/client-node"));
+const core_1 = require("@lobu/core");
+const base_deployment_manager_1 = require("../../base-deployment-manager");
+const deployment_utils_1 = require("../../deployment-utils");
+const helpers_1 = require("./helpers");
+exports.LOBU_FINALIZER = "lobu.io/cleanup";
+exports.WORKER_SECURITY = {
+    USER_ID: 1001,
+    GROUP_ID: 1001,
+    TMP_SIZE_LIMIT: "100Mi",
+};
+const WORKER_SELECTOR_LABELS = {
+    "app.kubernetes.io/name": deployment_utils_1.BASE_WORKER_LABELS["app.kubernetes.io/name"],
+    "app.kubernetes.io/component": deployment_utils_1.BASE_WORKER_LABELS["app.kubernetes.io/component"],
+};
+exports.IMAGE_PULL_FAILURE_REASONS = new Set([
+    "ImagePullBackOff",
+    "ErrImagePull",
+    "InvalidImageName",
+    "RegistryUnavailable",
+]);
+const logger = (0, core_1.createLogger)("k8s-deployment");
+class K8sDeploymentManager extends base_deployment_manager_1.BaseDeploymentManager {
+    constructor(config, moduleEnvVarsBuilder, providerModules = []) {
+        var _a, _b, _c;
+        super(config, moduleEnvVarsBuilder, providerModules);
+        this.informer = null;
+        this.informerInitializing = false;
+        const kc = new k8s.KubeConfig();
+        try {
+            // Try in-cluster config first, then fall back to default
+            if (process.env.KUBERNETES_SERVICE_HOST) {
+                try {
+                    kc.loadFromCluster();
+                }
+                catch (_clusterError) {
+                    kc.loadFromDefault();
+                }
+            }
+            else {
+                kc.loadFromDefault();
+            }
+            // For development environments, disable TLS verification to avoid certificate issues
+            if (process.env.NODE_ENV === "development" ||
+                ((_a = process.env.KUBERNETES_SERVICE_HOST) === null || _a === void 0 ? void 0 : _a.includes("127.0.0.1")) ||
+                ((_b = process.env.KUBERNETES_SERVICE_HOST) === null || _b === void 0 ? void 0 : _b.includes("192.168")) ||
+                ((_c = process.env.KUBERNETES_SERVICE_HOST) === null || _c === void 0 ? void 0 : _c.includes("localhost"))) {
+                const cluster = kc.getCurrentCluster();
+                if (cluster &&
+                    typeof cluster === "object" &&
+                    cluster.skipTLSVerify !== true) {
+                    // Safely set skipTLSVerify property with type checking
+                    Object.defineProperty(cluster, "skipTLSVerify", {
+                        value: true,
+                        writable: true,
+                        enumerable: true,
+                        configurable: true,
+                    });
+                }
+            }
+        }
+        catch (error) {
+            logger.error("❌ Failed to load Kubernetes config:", error);
+            throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `Failed to initialize Kubernetes client: ${error instanceof Error ? error.message : String(error)}`, { error }, true);
+        }
+        // Store KubeConfig for informer creation
+        this.kc = kc;
+        // Configure K8s API clients
+        this.appsV1Api = kc.makeApiClient(k8s.AppsV1Api);
+        this.coreV1Api = kc.makeApiClient(k8s.CoreV1Api);
+        this.nodeV1Api = kc.makeApiClient(k8s.NodeV1Api);
+        // API clients are already configured with authentication through makeApiClient
+        logger.info(`🔧 K8s client initialized for namespace: ${this.config.kubernetes.namespace}`);
+        // Validate namespace exists and we have access
+        this.validateNamespace();
+        // Check runtime class availability on initialization (like Docker's gVisor check)
+        this.checkRuntimeClassAvailability();
+    }
+    /**
+     * Validate that the target namespace exists and we have access to it
+     */
+    async validateNamespace() {
+        const namespace = this.config.kubernetes.namespace;
+        try {
+            await this.coreV1Api.readNamespace(namespace);
+            logger.info(`✅ Namespace '${namespace}' validated`);
+        }
+        catch (error) {
+            const k8sError = error;
+            if (k8sError.statusCode === 404) {
+                logger.error(`❌ Namespace '${namespace}' does not exist. ` +
+                    `Create it with: kubectl create namespace ${namespace}`);
+                throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `Namespace '${namespace}' does not exist`, { namespace }, true);
+            }
+            else if (k8sError.statusCode === 403) {
+                // 403 Forbidden for namespace read is expected with namespace-scoped Roles
+                // The gateway can still create resources in the namespace without cluster-level namespace read permission
+                logger.info(`ℹ️  Namespace '${namespace}' access check skipped (namespace-scoped RBAC). ` +
+                    `Will validate via resource operations.`);
+                // Don't throw - we're running in this namespace so it exists
+            }
+            else {
+                logger.warn(`⚠️  Could not validate namespace '${namespace}': ${error instanceof Error ? error.message : String(error)}`);
+                // Don't throw - let operations fail with more specific errors
+            }
+        }
+    }
+    /**
+     * Check if the configured RuntimeClass exists in the cluster
+     * Similar to Docker's checkGvisorAvailability()
+     */
+    async checkRuntimeClassAvailability() {
+        const runtimeClassName = this.config.worker.runtimeClassName || "kata";
+        try {
+            await this.nodeV1Api.readRuntimeClass(runtimeClassName);
+            logger.info(`✅ RuntimeClass '${runtimeClassName}' verified and will be used for worker isolation`);
+        }
+        catch (error) {
+            const k8sError = error;
+            if (k8sError.statusCode === 404) {
+                logger.warn(`⚠️  RuntimeClass '${runtimeClassName}' not found in cluster. ` +
+                    `Workers will use default runtime. Consider installing ${runtimeClassName} for enhanced isolation.`);
+            }
+            else {
+                logger.warn(`⚠️  Failed to verify RuntimeClass '${runtimeClassName}': ${error instanceof Error ? error.message : String(error)}`);
+            }
+            // Clear runtime class if not available or verification failed (workers will use default)
+            this.config.worker.runtimeClassName = undefined;
+        }
+    }
+    getWorkerServiceAccountName() {
+        return this.config.worker.serviceAccountName || "lobu-worker";
+    }
+    getWorkerImagePullSecrets() {
+        const configured = this.config.worker.imagePullSecrets || [];
+        const names = configured.map((name) => name.trim()).filter(Boolean);
+        if (names.length === 0)
+            return undefined;
+        return names.map((name) => ({ name }));
+    }
+    getWorkerStartupTimeoutMs() {
+        var _a;
+        const timeoutSeconds = (_a = this.config.worker.startupTimeoutSeconds) !== null && _a !== void 0 ? _a : 90;
+        return Math.max(timeoutSeconds, 5) * 1000;
+    }
+    async listRawWorkerDeployments() {
+        var _a;
+        const k8sDeployments = await this.appsV1Api.listNamespacedDeployment(this.config.kubernetes.namespace, undefined, // pretty
+        undefined, // allowWatchBookmarks
+        undefined, // _continue
+        undefined, // fieldSelector
+        "app.kubernetes.io/component=worker" // labelSelector - only worker deployments
+        );
+        const response = k8sDeployments;
+        return ((_a = response.body) === null || _a === void 0 ? void 0 : _a.items) || [];
+    }
+    /**
+     * Validate that the worker image exists and is pullable
+     * Called on gateway startup to ensure workers can be created
+     */
+    async validateWorkerImage() {
+        const imageName = this.getWorkerImageReference();
+        logger.info(`ℹ️  Worker image configured: ${imageName} (pullPolicy: ${this.config.worker.image.pullPolicy || "Always"})`);
+        if (this.config.worker.image.pullPolicy === "Never") {
+            logger.warn(`⚠️  Worker image pullPolicy is 'Never'. Ensure image ${imageName} is pre-loaded on all nodes.`);
+            return;
+        }
+        await (0, helpers_1.runImagePullPreflight)(this.coreV1Api, this.config.kubernetes.namespace, imageName, this.config.worker.image.pullPolicy || "Always", this.getWorkerServiceAccountName(), this.getWorkerImagePullSecrets());
+    }
+    async reconcileWorkerDeploymentImages() {
+        await (0, helpers_1.reconcileWorkerDeploymentImages)(this.appsV1Api, this.config.kubernetes.namespace, this.getWorkerImageReference(), this.config.worker.image.pullPolicy || "Always", this.getWorkerServiceAccountName(), this.getWorkerImagePullSecrets(), () => this.listRawWorkerDeployments());
+    }
+    async listDeployments() {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+        try {
+            const now = Date.now();
+            const idleThresholdMinutes = this.config.worker.idleCleanupMinutes;
+            const veryOldDays = (0, deployment_utils_1.getVeryOldThresholdDays)(this.config);
+            const results = [];
+            for (const deployment of await this.listRawWorkerDeployments()) {
+                const deploymentName = ((_a = deployment.metadata) === null || _a === void 0 ? void 0 : _a.name) || "";
+                // Clean up orphaned finalizers on Terminating deployments (avoids extra API call)
+                if (((_b = deployment.metadata) === null || _b === void 0 ? void 0 : _b.deletionTimestamp) &&
+                    ((_d = (_c = deployment.metadata) === null || _c === void 0 ? void 0 : _c.finalizers) === null || _d === void 0 ? void 0 : _d.includes(exports.LOBU_FINALIZER))) {
+                    logger.info(`Removing orphaned finalizer from Terminating deployment ${deploymentName}`);
+                    (0, helpers_1.removeFinalizerFromResource)(this.appsV1Api, this.coreV1Api, this.config.kubernetes.namespace, "deployment", deploymentName).catch((err) => logger.warn(`Failed to remove orphaned finalizer from ${deploymentName}:`, err instanceof Error ? err.message : String(err)));
+                    continue; // Skip Terminating deployments from the active list
+                }
+                // Get last activity from annotations or fallback to creation time
+                const lastActivityStr = ((_f = (_e = deployment.metadata) === null || _e === void 0 ? void 0 : _e.annotations) === null || _f === void 0 ? void 0 : _f["lobu.io/last-activity"]) ||
+                    ((_h = (_g = deployment.metadata) === null || _g === void 0 ? void 0 : _g.annotations) === null || _h === void 0 ? void 0 : _h["lobu.io/created"]) ||
+                    ((_j = deployment.metadata) === null || _j === void 0 ? void 0 : _j.creationTimestamp);
+                const lastActivity = lastActivityStr
+                    ? new Date(lastActivityStr)
+                    : new Date();
+                const replicas = ((_k = deployment.spec) === null || _k === void 0 ? void 0 : _k.replicas) || 0;
+                results.push((0, deployment_utils_1.buildDeploymentInfoSummary)({
+                    deploymentName,
+                    lastActivity,
+                    now,
+                    idleThresholdMinutes,
+                    veryOldDays,
+                    replicas,
+                }));
+            }
+            return results;
+        }
+        catch (error) {
+            throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `Failed to list deployments: ${error instanceof Error ? error.message : String(error)}`, { error }, true);
+        }
+    }
+    async createDeployment(deploymentName, username, userId, messageData) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
+        // Extract traceparent for distributed tracing
+        const traceparent = (_a = messageData === null || messageData === void 0 ? void 0 : messageData.platformMetadata) === null || _a === void 0 ? void 0 : _a.traceparent;
+        logger.info({ traceparent, deploymentName, userId }, "Creating K8s deployment");
+        // Use agentId for PVC naming (shared across threads in same space)
+        const agentId = messageData === null || messageData === void 0 ? void 0 : messageData.agentId;
+        if (!agentId) {
+            throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, "Missing agentId in message payload");
+        }
+        const pvcName = `lobu-workspace-${agentId}`;
+        // Check if Nix packages are configured (need init container + subPath mounts)
+        const hasNixConfig = ((_d = (_c = (_b = messageData === null || messageData === void 0 ? void 0 : messageData.nixConfig) === null || _b === void 0 ? void 0 : _b.packages) === null || _c === void 0 ? void 0 : _c.length) !== null && _d !== void 0 ? _d : 0) > 0 ||
+            !!((_e = messageData === null || messageData === void 0 ? void 0 : messageData.nixConfig) === null || _e === void 0 ? void 0 : _e.flakeUrl);
+        // Use larger PVC when Nix packages are configured (Chromium etc. need space)
+        const pvcSize = hasNixConfig ? "5Gi" : undefined;
+        await (0, helpers_1.createPVC)(this.coreV1Api, this.config.kubernetes.namespace, pvcName, agentId, (_f = this.config.worker.persistence) === null || _f === void 0 ? void 0 : _f.storageClass, traceparent, pvcSize, (_g = this.config.worker.persistence) === null || _g === void 0 ? void 0 : _g.size);
+        // Get environment variables before creating the deployment spec
+        // Include secrets (same as Docker behavior) - secrets are passed via env vars
+        const envVars = await this.generateEnvironmentVariables(username, userId, deploymentName, messageData, true // Include secrets to match Docker behavior
+        );
+        const platform = (messageData === null || messageData === void 0 ? void 0 : messageData.platform) || "unknown";
+        const workerImage = this.getWorkerImageReference();
+        const deployment = {
+            apiVersion: "apps/v1",
+            kind: "Deployment",
+            metadata: {
+                name: deploymentName,
+                namespace: this.config.kubernetes.namespace,
+                labels: Object.assign(Object.assign({}, deployment_utils_1.BASE_WORKER_LABELS), { "lobu.io/platform": platform, "lobu.io/agent-id": agentId }),
+                annotations: {
+                    "lobu.io/status": "running",
+                    "lobu.io/created": new Date().toISOString(),
+                },
+                finalizers: [exports.LOBU_FINALIZER],
+            },
+            spec: {
+                replicas: 1,
+                selector: {
+                    matchLabels: Object.assign({}, WORKER_SELECTOR_LABELS),
+                },
+                template: {
+                    metadata: {
+                        annotations: Object.assign(Object.assign(Object.assign({}, (0, deployment_utils_1.resolvePlatformDeploymentMetadata)(messageData)), { "lobu.io/created": new Date().toISOString(), "lobu.io/agent-id": agentId }), (traceparent ? { "lobu.io/traceparent": traceparent } : {})),
+                        labels: Object.assign(Object.assign({}, deployment_utils_1.BASE_WORKER_LABELS), { "lobu.io/platform": platform }),
+                    },
+                    spec: Object.assign(Object.assign(Object.assign(Object.assign({ serviceAccountName: this.getWorkerServiceAccountName(), imagePullSecrets: this.getWorkerImagePullSecrets() }, (this.config.worker.runtimeClassName
+                        ? { runtimeClassName: this.config.worker.runtimeClassName }
+                        : {})), { securityContext: {
+                            fsGroup: exports.WORKER_SECURITY.GROUP_ID,
+                            fsGroupChangePolicy: "OnRootMismatch",
+                        } }), (hasNixConfig
+                        ? {
+                            initContainers: [
+                                {
+                                    name: "nix-bootstrap",
+                                    image: workerImage,
+                                    imagePullPolicy: this.config.worker.image.pullPolicy || "Always",
+                                    command: [
+                                        "bash",
+                                        "-c",
+                                        "if [ ! -f /workspace/.nix-bootstrapped ]; then " +
+                                            'echo "Bootstrapping Nix store to PVC..." && ' +
+                                            "cp -a /nix/store /workspace/.nix-store && " +
+                                            "cp -a /nix/var /workspace/.nix-var && " +
+                                            "mkdir -p /workspace/.nix-store/.nix-pvc-mounted && " +
+                                            "touch /workspace/.nix-bootstrapped && " +
+                                            'echo "Nix bootstrap complete"; ' +
+                                            'else echo "Nix store already bootstrapped"; fi',
+                                    ],
+                                    securityContext: {
+                                        runAsUser: exports.WORKER_SECURITY.USER_ID,
+                                        runAsGroup: exports.WORKER_SECURITY.GROUP_ID,
+                                    },
+                                    volumeMounts: [
+                                        {
+                                            name: "workspace",
+                                            mountPath: "/workspace",
+                                        },
+                                    ],
+                                },
+                            ],
+                        }
+                        : {})), { containers: [
+                            {
+                                name: "worker",
+                                image: workerImage,
+                                imagePullPolicy: this.config.worker.image.pullPolicy || "Always",
+                                securityContext: {
+                                    runAsUser: exports.WORKER_SECURITY.USER_ID,
+                                    runAsGroup: exports.WORKER_SECURITY.GROUP_ID,
+                                    runAsNonRoot: true,
+                                    // Enable read-only root filesystem for security (matches Docker behavior)
+                                    readOnlyRootFilesystem: true,
+                                    // Prevent privilege escalation
+                                    allowPrivilegeEscalation: false,
+                                    // Drop all capabilities (matches Docker CAP_DROP: ALL)
+                                    capabilities: {
+                                        drop: ["ALL"],
+                                    },
+                                },
+                                env: [
+                                    // Common environment variables from base class
+                                    // (includes HTTP_PROXY, HTTPS_PROXY, NO_PROXY, NODE_ENV, DEBUG)
+                                    ...Object.entries(envVars).map(([key, value]) => ({
+                                        name: key,
+                                        value: value,
+                                    })),
+                                    // Add traceparent for distributed tracing (passed to worker)
+                                    ...(traceparent
+                                        ? [{ name: "TRACEPARENT", value: traceparent }]
+                                        : []),
+                                ],
+                                resources: {
+                                    requests: this.config.worker.resources.requests,
+                                    limits: this.config.worker.resources.limits,
+                                },
+                                volumeMounts: [
+                                    {
+                                        name: "workspace",
+                                        mountPath: "/workspace",
+                                    },
+                                    // Tmpfs mounts for writable directories (matches Docker behavior)
+                                    {
+                                        name: "tmp",
+                                        mountPath: "/tmp",
+                                    },
+                                    // /dev/shm for shared memory (needed by Chromium and other apps)
+                                    {
+                                        name: "dshm",
+                                        mountPath: "/dev/shm",
+                                    },
+                                    // When Nix packages configured, mount PVC subpaths at /nix/store and /nix/var
+                                    ...(hasNixConfig
+                                        ? [
+                                            {
+                                                name: "workspace",
+                                                mountPath: "/nix/store",
+                                                subPath: ".nix-store",
+                                            },
+                                            {
+                                                name: "workspace",
+                                                mountPath: "/nix/var",
+                                                subPath: ".nix-var",
+                                            },
+                                        ]
+                                        : []),
+                                ],
+                            },
+                        ], volumes: [
+                            {
+                                name: "workspace",
+                                // Use per-deployment PVC for session persistence across scale-to-zero
+                                persistentVolumeClaim: {
+                                    claimName: pvcName,
+                                },
+                            },
+                            // Tmpfs volumes for temporary files (in-memory, matches Docker Tmpfs)
+                            {
+                                name: "tmp",
+                                emptyDir: {
+                                    medium: "Memory",
+                                    sizeLimit: exports.WORKER_SECURITY.TMP_SIZE_LIMIT,
+                                },
+                            },
+                            // Shared memory for Chromium and other apps requiring /dev/shm
+                            {
+                                name: "dshm",
+                                emptyDir: {
+                                    medium: "Memory",
+                                    sizeLimit: "256Mi",
+                                },
+                            },
+                        ] }),
+                },
+            },
+        };
+        // Create child span for worker creation (linked to parent via traceparent)
+        const workerSpan = (0, core_1.createChildSpan)("worker_creation", traceparent, {
+            "lobu.deployment_name": deploymentName,
+            "lobu.user_id": userId,
+            "lobu.agent_id": agentId,
+        });
+        logger.info({ traceparent, deploymentName }, "Submitting deployment to K8s API");
+        try {
+            const response = await this.appsV1Api.createNamespacedDeployment(this.config.kubernetes.namespace, deployment);
+            await (0, helpers_1.waitForWorkerReady)(this.appsV1Api, this.coreV1Api, this.config.kubernetes.namespace, deploymentName, this.getWorkerStartupTimeoutMs());
+            const statusResponse = response;
+            workerSpan === null || workerSpan === void 0 ? void 0 : workerSpan.setAttribute("http.status_code", ((_h = statusResponse.response) === null || _h === void 0 ? void 0 : _h.statusCode) || 0);
+            workerSpan === null || workerSpan === void 0 ? void 0 : workerSpan.setStatus({ code: core_1.SpanStatusCode.OK });
+            workerSpan === null || workerSpan === void 0 ? void 0 : workerSpan.end();
+            logger.info({ deploymentName, status: (_j = statusResponse.response) === null || _j === void 0 ? void 0 : _j.statusCode }, "Deployment created and worker became ready");
+        }
+        catch (error) {
+            const k8sError = error;
+            // Log detailed error information
+            logger.error(`❌ Failed to create deployment ${deploymentName}:`, {
+                statusCode: k8sError.statusCode,
+                message: k8sError.message,
+                body: k8sError.body,
+                response: (_k = k8sError.response) === null || _k === void 0 ? void 0 : _k.statusMessage,
+            });
+            // Clean up the PVC that was created before the deployment failed
+            try {
+                await this.coreV1Api.deleteNamespacedPersistentVolumeClaim(pvcName, this.config.kubernetes.namespace);
+                logger.info(`Cleaned up orphaned PVC ${pvcName} after deployment creation failure`);
+            }
+            catch (pvcCleanupError) {
+                const pvcError = pvcCleanupError;
+                if (pvcError.statusCode === 404) {
+                    logger.debug(`PVC ${pvcName} already deleted, skipping cleanup`);
+                }
+                else {
+                    logger.error(`Failed to clean up orphaned PVC ${pvcName}:`, pvcCleanupError instanceof Error
+                        ? pvcCleanupError.message
+                        : String(pvcCleanupError));
+                }
+            }
+            // End span with error
+            workerSpan === null || workerSpan === void 0 ? void 0 : workerSpan.setStatus({
+                code: core_1.SpanStatusCode.ERROR,
+                message: k8sError.message || "Deployment failed",
+            });
+            workerSpan === null || workerSpan === void 0 ? void 0 : workerSpan.end();
+            // Check for specific error conditions and throw OrchestratorError
+            if (k8sError.statusCode === 409) {
+                throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `Deployment ${deploymentName} already exists`, { deploymentName, statusCode: 409 }, false);
+            }
+            else if (k8sError.statusCode === 403) {
+                throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `Insufficient permissions to create deployment ${deploymentName}`, { deploymentName, statusCode: 403 }, true);
+            }
+            else if (k8sError.statusCode === 422) {
+                throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `Invalid deployment specification for ${deploymentName}: ${JSON.stringify(k8sError.body)}`, { deploymentName, statusCode: 422, body: k8sError.body }, true);
+            }
+            else if (((_l = k8sError.message) === null || _l === void 0 ? void 0 : _l.includes("timeout")) ||
+                k8sError.code === "ETIMEDOUT") {
+                throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `Timeout creating deployment ${deploymentName} - K8s API may be overloaded`, { deploymentName, code: k8sError.code }, true);
+            }
+            else {
+                throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_CREATE_FAILED, `HTTP request failed: ${k8sError.message || ((_m = k8sError.response) === null || _m === void 0 ? void 0 : _m.statusMessage) || "Unknown error"}`, { deploymentName, error }, true);
+            }
+        }
+    }
+    async scaleDeployment(deploymentName, replicas) {
+        var _a, _b;
+        try {
+            const deployment = await this.appsV1Api.readNamespacedDeployment(deploymentName, this.config.kubernetes.namespace);
+            if (((_b = (_a = deployment.body) === null || _a === void 0 ? void 0 : _a.spec) === null || _b === void 0 ? void 0 : _b.replicas) !== replicas) {
+                const patch = {
+                    metadata: {
+                        annotations: {
+                            "lobu.io/status": replicas > 0 ? "running" : "scaled-down",
+                        },
+                    },
+                    spec: {
+                        replicas: replicas,
+                    },
+                };
+                await this.appsV1Api.patchNamespacedDeployment(deploymentName, this.config.kubernetes.namespace, patch, undefined, undefined, undefined, undefined, undefined, {
+                    headers: {
+                        "Content-Type": "application/strategic-merge-patch+json",
+                    },
+                });
+            }
+            if (replicas > 0) {
+                await (0, helpers_1.waitForWorkerReady)(this.appsV1Api, this.coreV1Api, this.config.kubernetes.namespace, deploymentName, this.getWorkerStartupTimeoutMs());
+            }
+        }
+        catch (error) {
+            throw new core_1.OrchestratorError(core_1.ErrorCode.DEPLOYMENT_SCALE_FAILED, `Failed to scale deployment ${deploymentName}: ${error instanceof Error ? error.message : String(error)}`, { deploymentName, replicas, error }, true);
+        }
+    }
+    async deleteDeployment(deploymentName) {
+        // Remove our finalizer before deleting so the resource can be garbage-collected
+        await (0, helpers_1.removeFinalizerFromResource)(this.appsV1Api, this.coreV1Api, this.config.kubernetes.namespace, "deployment", deploymentName);
+        // Delete the deployment with propagation policy
+        try {
+            await this.appsV1Api.deleteNamespacedDeployment(deploymentName, this.config.kubernetes.namespace, undefined, undefined, undefined, undefined, "Foreground" // Wait for pods to terminate before returning
+            );
+            logger.info(`✅ Deleted deployment: ${deploymentName}`);
+        }
+        catch (error) {
+            const k8sError = error;
+            if (k8sError.statusCode === 404) {
+                logger.info(`⚠️  Deployment ${deploymentName} not found (already deleted)`);
+            }
+            else {
+                throw error;
+            }
+        }
+        // NOTE: Space PVCs are NOT deleted on deployment deletion
+        // They are shared across threads in the same space and persist
+        // for future conversations. Cleanup is done manually or via separate process.
+    }
+    /**
+     * Override reconcileDeployments to also clean up orphaned PVC finalizers.
+     * Deployment orphan cleanup is handled inside listDeployments() to avoid
+     * duplicate API calls (listDeployments already iterates raw K8s objects).
+     */
+    async reconcileDeployments() {
+        await this.reconcileWorkerDeploymentImages();
+        await (0, helpers_1.cleanupOrphanedPvcFinalizers)(this.appsV1Api, this.coreV1Api, this.config.kubernetes.namespace);
+        await super.reconcileDeployments();
+    }
+    async updateDeploymentActivity(deploymentName) {
+        try {
+            const timestamp = new Date().toISOString();
+            const patch = {
+                metadata: {
+                    annotations: {
+                        "lobu.io/last-activity": timestamp,
+                    },
+                },
+            };
+            await this.appsV1Api.patchNamespacedDeployment(deploymentName, this.config.kubernetes.namespace, patch, undefined, undefined, undefined, undefined, undefined, {
+                headers: { "Content-Type": "application/strategic-merge-patch+json" },
+            });
+        }
+        catch (error) {
+            logger.error(`❌ Failed to update activity for deployment ${deploymentName}:`, error instanceof Error ? error.message : String(error));
+            // Don't throw - activity tracking should not block message processing
+        }
+    }
+    getDispatcherHost() {
+        const dispatcherService = process.env.DISPATCHER_SERVICE_NAME || "lobu-dispatcher";
+        return `${dispatcherService}.${this.config.kubernetes.namespace}.svc.cluster.local`;
+    }
+    /**
+     * Start a watch-based informer for worker deployments.
+     * The informer maintains a local cache that is updated via K8s watch events,
+     * reducing the need for frequent list API calls.
+     */
+    async startInformer() {
+        if (this.informer || this.informerInitializing)
+            return;
+        this.informerInitializing = true;
+        const namespace = this.config.kubernetes.namespace;
+        const listFn = () => this.appsV1Api.listNamespacedDeployment(namespace, undefined, undefined, undefined, undefined, "app.kubernetes.io/component=worker");
+        try {
+            this.informer = k8s.makeInformer(this.kc, `/apis/apps/v1/namespaces/${namespace}/deployments`, listFn, "app.kubernetes.io/component=worker");
+            this.informer.on("error", (err) => {
+                logger.warn("Informer error, will auto-restart:", err instanceof Error ? err.message : String(err));
+            });
+            await this.informer.start();
+            logger.info("K8s deployment informer started");
+        }
+        catch (error) {
+            logger.warn("Failed to start informer, falling back to polling:", error instanceof Error ? error.message : String(error));
+            this.informer = null;
+        }
+        finally {
+            this.informerInitializing = false;
+        }
+    }
+    /**
+     * Stop the informer and clear the cache.
+     */
+    async stopInformer() {
+        if (this.informer) {
+            this.informer.stop();
+            this.informer = null;
+            logger.info("K8s deployment informer stopped");
+        }
+    }
+    /**
+     * Whether the informer is active and has a populated cache.
+     */
+    isInformerActive() {
+        return this.informer !== null;
+    }
+}
+exports.K8sDeploymentManager = K8sDeploymentManager;
+//# sourceMappingURL=deployment.js.map