@openape/proxy 0.2.13 → 0.2.15

package/src/grants-client.ts

@@ -1,129 +0,0 @@
-import type { OpenApeGrant, GrantType } from '@openape/core'
-
-/**
- * Client for the IdP's grant management API.
- * Creates grant requests and polls for approval.
- */
-export class GrantsClient {
-  private idpUrl: string
-  private agentToken: string | undefined
-
-  constructor(idpUrl: string) {
-    this.idpUrl = idpUrl.replace(/\/$/, '')
-  }
-
-  setAgentToken(token: string): void {
-    this.agentToken = token
-  }
-
-  private headers(): Record<string, string> {
-    const h: Record<string, string> = { 'Content-Type': 'application/json' }
-    if (this.agentToken) {
-      h.Authorization = `Bearer ${this.agentToken}`
-    }
-    return h
-  }
-
-  /**
-   * Create a grant request on the IdP.
-   */
-  async requestGrant(opts: {
-    requester: string
-    targetHost: string
-    audience: string
-    grantType: GrantType
-    permissions?: string[]
-    reason?: string
-    requestHash?: string
-    duration?: number
-  }): Promise<OpenApeGrant> {
-    const res = await fetch(`${this.idpUrl}/api/grants`, {
-      method: 'POST',
-      headers: this.headers(),
-      body: JSON.stringify({
-        requester: opts.requester,
-        target_host: opts.targetHost,
-        audience: opts.audience,
-        grant_type: opts.grantType,
-        permissions: opts.permissions,
-        reason: opts.reason,
-        request_hash: opts.requestHash,
-        duration: opts.duration,
-      }),
-    })
-
-    if (!res.ok) {
-      throw new Error(`Grant request failed: ${res.status} ${await res.text()}`)
-    }
-
-    return res.json() as Promise<OpenApeGrant>
-  }
-
-  /**
-   * Poll a grant until it's approved, denied, or timeout.
-   */
-  async waitForApproval(
-    grantId: string,
-    timeoutMs: number = 300_000,
-    pollIntervalMs: number = 2_000,
-  ): Promise<OpenApeGrant> {
-    const deadline = Date.now() + timeoutMs
-
-    while (Date.now() < deadline) {
-      const res = await fetch(`${this.idpUrl}/api/grants/${grantId}`, {
-        headers: this.headers(),
-      })
-
-      if (!res.ok) {
-        throw new Error(`Grant poll failed: ${res.status}`)
-      }
-
-      const grant = await res.json() as OpenApeGrant
-      if (grant.status !== 'pending') {
-        return grant
-      }
-
-      await new Promise(r => setTimeout(r, pollIntervalMs))
-    }
-
-    throw new Error(`Grant approval timed out after ${timeoutMs}ms`)
-  }
-
-  /**
-   * Check if there's an existing approved grant for a host+audience+permissions combo.
-   * Ignores `once` grants (they're single-use).
-   */
-  async findExistingGrant(
-    requester: string,
-    targetHost: string,
-    audience: string,
-    permissions?: string[],
-  ): Promise<OpenApeGrant | null> {
-    const params = new URLSearchParams({
-      requester,
-      status: 'approved',
-    })
-
-    const res = await fetch(`${this.idpUrl}/api/grants?${params}`, {
-      headers: this.headers(),
-    })
-
-    if (!res.ok) return null
-
-    const grants = await res.json() as OpenApeGrant[]
-    const now = Math.floor(Date.now() / 1000)
-
-    return grants.find((g) => {
-      if (g.status !== 'approved') return false
-      if (g.expires_at && g.expires_at <= now) return false
-      if (g.request?.grant_type === 'once') return false
-      if (g.request?.target_host !== targetHost) return false
-      if (g.request?.audience !== audience) return false
-      if (permissions?.length && g.request?.permissions?.length) {
-        const grantedPerms = new Set(g.request.permissions)
-        if (!permissions.every(p => grantedPerms.has(p))) return false
-      }
-      return true
-    }) ?? null
-  }
-}

package/src/index.ts

@@ -1,69 +0,0 @@
-#!/usr/bin/env bun
-import { createServer } from 'node:http'
-import { parseArgs } from 'node:util'
-import { loadMultiAgentConfig } from './config.js'
-import { createNodeHandler } from './proxy.js'
-import { initAudit } from './audit.js'
-
-const { values } = parseArgs({
-  options: {
-    config: { type: 'string', short: 'c', default: 'config.toml' },
-    'dry-run': { type: 'boolean', default: false },
-    'mandatory-auth': { type: 'boolean', default: false },
-  },
-})
-
-const configPath = values.config!
-
-console.log(`[openape-proxy] Loading config from ${configPath}`)
-const config = loadMultiAgentConfig(configPath, {
-  mandatoryAuth: values['mandatory-auth'] || undefined,
-})
-
-// Init audit log
-initAudit(config.proxy.audit_log)
-
-if (values['dry-run']) {
-  console.log('[openape-proxy] DRY RUN mode — logging only, not blocking')
-  console.log('[openape-proxy] Config loaded:')
-  console.log(`  Listen: ${config.proxy.listen}`)
-  console.log(`  Default action: ${config.proxy.default_action}`)
-  console.log(`  Mandatory auth: ${config.proxy.mandatory_auth ?? false}`)
-  console.log(`  Agents: ${config.agents.length}`)
-  for (const agent of config.agents) {
-    const allowCount = agent.allow?.length ?? 0
-    const denyCount = agent.deny?.length ?? 0
-    const grantCount = agent.grant_required?.length ?? 0
-    console.log(`    ${agent.email} (${agent.idp_url}) — ${allowCount} allow, ${denyCount} deny, ${grantCount} grant`)
-  }
-  process.exit(0)
-}
-
-const handler = createNodeHandler(config)
-
-const port = Number.parseInt(config.proxy.listen.split(':')[1] || '9090')
-const hostname = config.proxy.listen.split(':')[0] || '127.0.0.1'
-
-const server = createServer(handler.handleRequest)
-server.on('connect', handler.handleConnect)
-
-server.listen(port, hostname, () => {
-  console.log(`[openape-proxy] Listening on http://${hostname}:${port}`)
-  console.log(`[openape-proxy] CONNECT tunneling enabled`)
-  console.log(`[openape-proxy] Mandatory auth: ${config.proxy.mandatory_auth ?? false}`)
-  console.log(`[openape-proxy] Agents: ${config.agents.map(a => a.email).join(', ')}`)
-  console.log(`[openape-proxy] Default action: ${config.proxy.default_action}`)
-})
-
-// Graceful shutdown
-process.on('SIGINT', () => {
-  console.log('\n[openape-proxy] Shutting down...')
-  server.close()
-  process.exit(0)
-})
-
-process.on('SIGTERM', () => {
-  console.log('[openape-proxy] Shutting down...')
-  server.close()
-  process.exit(0)
-})

package/src/matcher.ts

@@ -1,80 +0,0 @@
-import type { ProxyConfig, RuleAction, RuleEntry } from './types.js'
-
-/**
- * Match a glob pattern against a string.
- * Supports * (any segment) and ** (any number of segments).
- */
-function globMatch(pattern: string, value: string): boolean {
-  // Simple glob: convert * to regex
-  const regex = new RegExp(
-    `^${
-      pattern
-        .replace(/[.+^${}()|[\]\\]/g, '\\$&')  // escape regex chars except *
-        .replace(/\*\*/g, '<<<DOUBLESTAR>>>')
-        .replace(/\*/g, '[^/]*')
-        .replace(/<<<DOUBLESTAR>>>/g, '.*')
-    }$`,
-  )
-  return regex.test(value)
-}
-
-function matchesRule(rule: RuleEntry, domain: string, method: string, path: string): boolean {
-  // Domain match (supports wildcards like *.github.com)
-  if (!globMatch(rule.domain, domain)) return false
-
-  // Method match (if specified)
-  if (rule.methods && rule.methods.length > 0) {
-    if (!rule.methods.includes(method.toUpperCase())) return false
-  }
-
-  // Path match (if specified)
-  if (rule.path) {
-    if (!globMatch(rule.path, path)) return false
-  }
-
-  return true
-}
-
-/**
- * Evaluate rules in order: deny → allow → grant_required → default_action
- */
-export function evaluateRules(
-  config: ProxyConfig,
-  domain: string,
-  method: string,
-  path: string,
-): RuleAction {
-  // 1. Check deny list first
-  for (const rule of config.deny) {
-    if (matchesRule(rule, domain, method, path)) {
-      return { type: 'deny', note: rule.note }
-    }
-  }
-
-  // 2. Check allow list
-  for (const rule of config.allow) {
-    if (matchesRule(rule, domain, method, path)) {
-      return { type: 'allow' }
-    }
-  }
-
-  // 3. Check grant_required rules (most specific first)
-  for (const rule of config.grant_required) {
-    if (matchesRule(rule, domain, method, path)) {
-      return { type: 'grant_required', rule }
-    }
-  }
-
-  // 4. Default: treat as grant_required with 'once'
-  if (config.proxy.default_action === 'block') {
-    return { type: 'deny', note: 'No matching rule (default: block)' }
-  }
-
-  return {
-    type: 'grant_required',
-    rule: {
-      domain: '*',
-      grant_type: 'once',
-    },
-  }
-}

package/src/proxy.ts

@@ -1,401 +0,0 @@
-import type { IncomingMessage, ServerResponse } from 'node:http'
-import type { Socket } from 'node:net'
-import { createHash } from 'node:crypto'
-import type { AgentConfig, AuditEntry, MultiAgentProxyConfig, ProxyConfig } from './types.js'
-import { evaluateRules } from './matcher.js'
-import { AuthError, verifyAgentAuth } from './auth.js'
-import { GrantsClient } from './grants-client.js'
-import { writeAudit } from './audit.js'
-import { isPrivateOrLoopback } from './ssrf.js'
-import { handleConnect } from './connect.js'
-
-/**
- * Compute a request hash that uniquely identifies the intent.
- * hash = sha256(METHOD + " " + FULL_URL + "\n" + BODY)
- * This binds the grant to the exact request — no bait-and-switch.
- */
-async function computeRequestHash(method: string, targetUrl: string, body: ArrayBuffer | null): Promise<string> {
-  const hash = createHash('sha256')
-  hash.update(`${method} ${targetUrl}\n`)
-  if (body && body.byteLength > 0) {
-    hash.update(new Uint8Array(body))
-  }
-  return hash.digest('hex')
-}
-
-/** Legacy single-agent proxy */
-export function createProxy(config: ProxyConfig) {
-  const multiConfig: MultiAgentProxyConfig = {
-    proxy: {
-      listen: config.proxy.listen,
-      default_action: config.proxy.default_action,
-      audit_log: config.proxy.audit_log,
-      mandatory_auth: config.proxy.mandatory_auth,
-    },
-    agents: [{
-      email: config.proxy.agent_email,
-      idp_url: config.proxy.idp_url,
-      allow: config.allow,
-      deny: config.deny,
-      grant_required: config.grant_required,
-    }],
-  }
-  return createMultiAgentProxy(multiConfig)
-}
-
-/** Multi-agent proxy with SSRF protection and mandatory auth */
-export function createMultiAgentProxy(config: MultiAgentProxyConfig) {
-  const grantsClients = new Map<string, GrantsClient>()
-  for (const agent of config.agents) {
-    grantsClients.set(agent.email, new GrantsClient(agent.idp_url))
-  }
-
-  const mandatoryAuth = config.proxy.mandatory_auth ?? false
-
-  return {
-    port: Number.parseInt(config.proxy.listen.split(':')[1] || '9090'),
-    hostname: config.proxy.listen.split(':')[0] || '127.0.0.1',
-
-    async fetch(req: Request): Promise<Response> {
-      const url = new URL(req.url)
-      const startTime = Date.now()
-
-      // Health endpoint
-      if (url.pathname === '/healthz') {
-        return Response.json({
-          status: 'ok',
-          agents: config.agents.map(a => a.email),
-        })
-      }
-
-      // Parse target URL from the path
-      const targetUrl = url.pathname.slice(1) + url.search
-      let targetParsed: URL
-      try {
-        targetParsed = new URL(targetUrl)
-      }
-      catch {
-        return new Response(
-          'Invalid target URL. Send requests as: http://proxy:port/https://target.com/path',
-          { status: 400 },
-        )
-      }
-
-      const domain = targetParsed.hostname
-      const method = req.method
-      const path = targetParsed.pathname
-
-      // SSRF protection — block private/loopback IPs before any rule evaluation
-      if (await isPrivateOrLoopback(domain)) {
-        return new Response('Blocked: private/loopback IP', { status: 403 })
-      }
-
-      // Read body once (needed for hash + forwarding)
-      const bodyBuffer = req.body ? await req.arrayBuffer() : null
-
-      // Verify agent identity — find IdP URL from first agent (for JWKS verification)
-      // In multi-agent mode, we need the JWT to identify the agent first.
-      // We try verification against each agent's IdP until one succeeds.
-      let agentIdentity: { email: string, act: 'agent' } | null = null
-      try {
-        for (const agentConf of config.agents) {
-          agentIdentity = await verifyAgentAuth(
-            req.headers.get('proxy-authorization'),
-            agentConf.idp_url,
-            mandatoryAuth && config.agents.length === 1,
-          )
-          if (agentIdentity) break
-        }
-
-        // If mandatory auth and no identity found from any IdP
-        if (mandatoryAuth && !agentIdentity) {
-          throw new AuthError('JWT required')
-        }
-      }
-      catch (err) {
-        if (err instanceof AuthError) {
-          return new Response(`Unauthorized: ${err.message}`, { status: 401 })
-        }
-        throw err
-      }
-
-      // Find the matching agent config
-      const agentEmail = agentIdentity?.email
-      let agentConf: AgentConfig | undefined
-
-      if (agentEmail) {
-        agentConf = config.agents.find(a => a.email === agentEmail)
-        if (!agentConf) {
-          return new Response(`Forbidden: unknown agent ${agentEmail}`, { status: 403 })
-        }
-      }
-      else if (config.agents.length === 1) {
-        // Non-mandatory auth, single agent: use the only agent config
-        agentConf = config.agents[0]
-      }
-      else {
-        return new Response('Unauthorized: JWT required for multi-agent proxy', { status: 401 })
-      }
-
-      const effectiveEmail = agentEmail ?? agentConf.email
-      const grantsClient = grantsClients.get(agentConf.email)!
-
-      // Build a ProxyConfig-shaped object for evaluateRules
-      const rulesConfig: ProxyConfig = {
-        proxy: {
-          listen: config.proxy.listen,
-          idp_url: agentConf.idp_url,
-          agent_email: agentConf.email,
-          default_action: config.proxy.default_action,
-        },
-        allow: agentConf.allow ?? [],
-        deny: agentConf.deny ?? [],
-        grant_required: agentConf.grant_required ?? [],
-      }
-
-      // Evaluate rules
-      const action = evaluateRules(rulesConfig, domain, method, path)
-
-      const baseAudit: Omit<AuditEntry, 'action' | 'rule'> = {
-        ts: new Date().toISOString(),
-        agent: effectiveEmail,
-        domain,
-        method,
-        path,
-      }
-
-      // DENY
-      if (action.type === 'deny') {
-        writeAudit({ ...baseAudit, action: 'deny', rule: 'deny-list', grant_id: null })
-        return new Response(`Blocked: ${action.note || 'deny rule'}`, { status: 403 })
-      }
-
-      // ALLOW (no grant needed)
-      if (action.type === 'allow') {
-        writeAudit({ ...baseAudit, action: 'allow', rule: 'allow-list', grant_id: null })
-        return forwardRequest(req, targetUrl, bodyBuffer)
-      }
-
-      // GRANT REQUIRED
-      const rule = action.rule
-      const permissions = rule.permissions ?? [`${method.toLowerCase()}:${domain}`]
-
-      // Compute request hash — binds grant to exact method + URL + body
-      const requestHash = await computeRequestHash(method, targetUrl, bodyBuffer)
-
-      // Check for existing grant
-      const existing = await grantsClient.findExistingGrant(
-        effectiveEmail,
-        domain,
-        'proxy',
-        permissions,
-      ).catch(() => null)
-
-      if (existing) {
-        writeAudit({
-          ...baseAudit,
-          action: 'grant_approved',
-          rule: 'standing-grant',
-          grant_id: existing.id,
-          request_hash: requestHash,
-        })
-        return forwardRequest(req, targetUrl, bodyBuffer)
-      }
-
-      // No existing grant — behavior depends on default_action
-      if (config.proxy.default_action === 'block') {
-        writeAudit({ ...baseAudit, action: 'deny', rule: 'no-grant (block mode)', grant_id: null })
-        return new Response('No grant — blocked', { status: 403 })
-      }
-
-      if (config.proxy.default_action === 'request-async') {
-        // Create grant request, return 407 immediately
-        const grant = await grantsClient.requestGrant({
-          requester: effectiveEmail,
-          targetHost: domain,
-          audience: 'proxy',
-          grantType: rule.grant_type,
-          permissions,
-          reason: `${method} ${targetUrl}`,
-          requestHash,
-          duration: rule.duration,
-        }).catch(() => null)
-
-        writeAudit({
-          ...baseAudit,
-          action: 'grant_denied',
-          rule: 'grant_required (async)',
-          grant_id: grant?.id ?? null,
-        })
-
-        return new Response(
-          JSON.stringify({
-            error: 'Grant required',
-            grant_id: grant?.id,
-            message: 'Grant request created. Retry after approval.',
-          }),
-          { status: 407, headers: { 'Content-Type': 'application/json' } },
-        )
-      }
-
-      // BLOCKING mode: create grant request and wait
-      console.error(`[proxy] Requesting grant for ${method} ${domain}${path} — waiting for approval...`)
-
-      try {
-        const grant = await grantsClient.requestGrant({
-          requester: effectiveEmail,
-          targetHost: domain,
-          audience: 'proxy',
-          grantType: rule.grant_type,
-          permissions,
-          reason: `${method} ${targetUrl}`,
-          requestHash,
-          duration: rule.duration,
-        })
-
-        const approved = await grantsClient.waitForApproval(grant.id)
-
-        const waitedMs = Date.now() - startTime
-
-        if (approved.status === 'approved') {
-          writeAudit({
-            ...baseAudit,
-            action: 'grant_approved',
-            rule: 'grant_required',
-            grant_id: approved.id,
-            request_hash: requestHash,
-            waited_ms: waitedMs,
-          })
-          return forwardRequest(req, targetUrl, bodyBuffer)
-        }
-
-        writeAudit({
-          ...baseAudit,
-          action: 'grant_denied',
-          rule: 'grant_required',
-          grant_id: approved.id,
-          waited_ms: waitedMs,
-        })
-        return new Response(`Grant denied by ${approved.decided_by}`, { status: 403 })
-      }
-      catch (err) {
-        const msg = err instanceof Error ? err.message : 'Unknown error'
-        writeAudit({
-          ...baseAudit,
-          action: 'grant_timeout',
-          rule: 'grant_required',
-          error: msg,
-        })
-        return new Response(`Grant request failed: ${msg}`, { status: 504 })
-      }
-    },
-  }
-}
-
-/**
- * Create a node:http compatible handler for use with http.createServer().
- * Returns both a request handler and a CONNECT handler.
- */
-export function createNodeHandler(config: MultiAgentProxyConfig): {
-  handleRequest: (req: IncomingMessage, res: ServerResponse) => void
-  handleConnect: (req: IncomingMessage, socket: Socket, head: Buffer) => void
-} {
-  const proxy = createMultiAgentProxy(config)
-
-  return {
-    handleRequest(req: IncomingMessage, res: ServerResponse) {
-      // Convert IncomingMessage to Request and use existing fetch logic
-      const url = `http://${req.headers.host || 'localhost'}${req.url || '/'}`
-      const chunks: Buffer[] = []
-
-      req.on('data', (chunk: Buffer) => chunks.push(chunk))
-      req.on('end', async () => {
-        try {
-          const body = chunks.length > 0 ? Buffer.concat(chunks) : undefined
-          const headers = new Headers()
-          for (const [key, value] of Object.entries(req.headers)) {
-            if (value) {
-              headers.set(key, Array.isArray(value) ? value.join(', ') : value)
-            }
-          }
-
-          const request = new Request(url, {
-            method: req.method,
-            headers,
-            body: body && req.method !== 'GET' && req.method !== 'HEAD' ? body : undefined,
-            duplex: 'half',
-          } as RequestInit)
-
-          const response = await proxy.fetch(request)
-
-          res.writeHead(response.status, response.statusText, Object.fromEntries(response.headers))
-          if (response.body) {
-            const reader = response.body.getReader()
-            const pump = async (): Promise<void> => {
-              const { done, value } = await reader.read()
-              if (done) {
-                res.end()
-                return
-              }
-              res.write(value)
-              return pump()
-            }
-            await pump()
-          }
-          else {
-            res.end()
-          }
-        }
-        catch {
-          res.writeHead(502)
-          res.end('Proxy error')
-        }
-      })
-    },
-
-    handleConnect(req: IncomingMessage, socket: Socket, head: Buffer) {
-      handleConnect(config, req, socket, head)
-    },
-  }
-}
-
-/**
- * Forward a request to the target URL.
- * Strips proxy-specific headers, preserves the rest.
- */
-async function forwardRequest(originalReq: Request, targetUrl: string, cachedBody?: ArrayBuffer | null): Promise<Response> {
-  const headers = new Headers(originalReq.headers)
-  // Remove proxy-specific headers
-  headers.delete('proxy-authorization')
-  headers.delete('proxy-connection')
-  // Don't send host of the proxy
-  headers.delete('host')
-
-  const body = cachedBody && cachedBody.byteLength > 0 ? cachedBody : null
-
-  try {
-    const res = await fetch(targetUrl, {
-      method: originalReq.method,
-      headers,
-      body,
-      duplex: 'half',
-      redirect: 'manual',
-    })
-
-    // Stream the response back
-    const responseHeaders = new Headers(res.headers)
-    // Remove hop-by-hop headers
-    responseHeaders.delete('transfer-encoding')
-    responseHeaders.delete('connection')
-
-    return new Response(res.body, {
-      status: res.status,
-      statusText: res.statusText,
-      headers: responseHeaders,
-    })
-  }
-  catch (err) {
-    const msg = err instanceof Error ? err.message : 'Upstream error'
-    return new Response(`Proxy error: ${msg}`, { status: 502 })
-  }
-}