@openpalm/lib 0.11.0-beta.10 → 0.11.0-beta.13

package/src/control-plane/secret-audit.test.ts

@@ -0,0 +1,159 @@
+import { afterEach, beforeEach, describe, expect, it } from 'bun:test';
+import { chmodSync, mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import {
+  auditComposeSecrets,
+  auditFileBasedSecrets,
+  auditSecretFilesystem,
+  auditStackEnv,
+  isSecretLikeKey,
+} from './secret-audit.js';
+
+let tempDir: string;
+
+beforeEach(() => {
+  tempDir = mkdtempSync(join(tmpdir(), 'secret-audit-test-'));
+});
+
+afterEach(() => {
+  rmSync(tempDir, { recursive: true, force: true });
+});
+
+describe('isSecretLikeKey', () => {
+  it('detects secret-like keys but allows file indirection keys', () => {
+    expect(isSecretLikeKey('OPENAI_API_KEY')).toBe(true);
+    expect(isSecretLikeKey('OP_UI_LOGIN_PASSWORD')).toBe(true);
+    expect(isSecretLikeKey('CHANNEL_CHAT_SECRET')).toBe(true);
+    expect(isSecretLikeKey('OPENAI_API_KEY_FILE')).toBe(false);
+    expect(isSecretLikeKey('OP_IMAGE_TAG')).toBe(false);
+  });
+});
+
+describe('auditStackEnv', () => {
+  it('rejects secret-like keys in stack.env', () => {
+    const issues = auditStackEnv({
+      OP_HOME: '/home/me/.openpalm',
+      OP_IMAGE_TAG: 'latest',
+      OPENAI_API_KEY: 'sk-test',
+      OP_UI_LOGIN_PASSWORD: 'secret',
+    });
+
+    expect(issues.map((entry) => entry.code)).toEqual([
+      'stack-env-secret-key',
+      'stack-env-secret-key',
+    ]);
+  });
+
+  it('accepts non-secret runtime configuration', () => {
+    expect(auditStackEnv({
+      OP_HOME: '/home/me/.openpalm',
+      OP_UID: '1000',
+      OP_GID: '1000',
+      OP_ASSISTANT_PORT: '3800',
+      OPENAI_BASE_URL: 'http://localhost:11434/v1',
+    })).toEqual([]);
+  });
+});
+
+describe('auditComposeSecrets', () => {
+  it('rejects service env_file and direct secret-like environment values', () => {
+    const issues = auditComposeSecrets(`
+services:
+  guardian:
+    env_file:
+      - ./service.env
+    environment:
+      OPENCODE_SERVER_PASSWORD: secret
+`);
+
+    expect(issues.map((entry) => entry.code)).toEqual([
+      'compose-service-env-file',
+      'compose-secret-env-var',
+    ]);
+  });
+
+  it('accepts *_FILE environment variables and in-boundary secret grants', () => {
+    const issues = auditComposeSecrets({
+      services: {
+        assistant: {
+          environment: {
+            OPENAI_API_KEY_FILE: '/run/secrets/provider_openai_api_key',
+          },
+          secrets: ['provider_openai_api_key'],
+        },
+        guardian: {
+          environment: ['GUARDIAN_CHANNEL_SECRET_FILE=/run/secrets/guardian_channel_secret'],
+          secrets: [{ source: 'guardian_channel_secret' }, { source: 'channel_chat_hmac' }],
+        },
+        chat: {
+          image: 'openpalm/channel:latest',
+          secrets: ['channel_chat_hmac'],
+        },
+      },
+    });
+
+    expect(issues).toEqual([]);
+  });
+
+  it('rejects cross-boundary secret grants', () => {
+    const issues = auditComposeSecrets({
+      services: {
+        assistant: { secrets: ['guardian_channel_secret'] },
+        chat: { image: 'openpalm/channel:latest', secrets: ['channel_slack_hmac'] },
+        guardian: { secrets: ['admin_session_key'] },
+      },
+    });
+
+    expect(issues.map((entry) => entry.code)).toEqual([
+      'compose-secret-boundary',
+      'compose-secret-boundary',
+      'compose-secret-boundary',
+    ]);
+  });
+});
+
+describe('auditSecretFilesystem', () => {
+  it('requires a 0700 secrets directory and 0600 secret files', () => {
+    const secretsDir = join(tempDir, 'config', 'stack', 'secrets');
+    mkdirSync(secretsDir, { recursive: true, mode: 0o700 });
+    chmodSync(secretsDir, 0o700);
+    const secretPath = join(secretsDir, 'provider_openai_api_key');
+    writeFileSync(secretPath, 'sk-test\n', { mode: 0o600 });
+    chmodSync(secretPath, 0o600);
+
+    expect(auditSecretFilesystem(secretsDir)).toEqual([]);
+  });
+
+  it('reports unsafe directory and file permissions', () => {
+    const secretsDir = join(tempDir, 'secrets');
+    mkdirSync(secretsDir, { recursive: true, mode: 0o755 });
+    chmodSync(secretsDir, 0o755);
+    const secretPath = join(secretsDir, 'admin_session_key');
+    writeFileSync(secretPath, 'secret\n', { mode: 0o644 });
+    chmodSync(secretPath, 0o644);
+
+    expect(auditSecretFilesystem(secretsDir).map((entry) => entry.code)).toEqual([
+      'secrets-dir-mode',
+      'secret-file-mode',
+    ]);
+  });
+});
+
+describe('auditFileBasedSecrets', () => {
+  it('combines stack env, compose, and filesystem checks', () => {
+    const secretsDir = join(tempDir, 'secrets');
+    mkdirSync(secretsDir, { recursive: true, mode: 0o700 });
+    chmodSync(secretsDir, 0o700);
+    writeFileSync(join(secretsDir, 'provider_openai_api_key'), 'sk-test\n', { mode: 0o600 });
+
+    const result = auditFileBasedSecrets({
+      stackEnvContent: 'OP_HOME=/tmp/openpalm\nOPENAI_API_KEY=bad\n',
+      composeConfig: 'services:\n  assistant:\n    environment:\n      OPENAI_API_KEY_FILE: /run/secrets/provider_openai_api_key\n',
+      secretsDir,
+    });
+
+    expect(result.ok).toBe(false);
+    expect(result.issues.map((entry) => entry.code)).toEqual(['stack-env-secret-key']);
+  });
+});

package/src/control-plane/secret-audit.ts

@@ -0,0 +1,255 @@
+import { existsSync, readdirSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+import { parse as parseYaml } from 'yaml';
+import { parseEnvContent, parseEnvFile } from './env.js';
+
+export type SecretAuditSeverity = 'error' | 'warning';
+
+export type SecretAuditIssue = {
+  severity: SecretAuditSeverity;
+  code: string;
+  message: string;
+  path?: string;
+};
+
+export type SecretAuditResult = {
+  ok: boolean;
+  issues: SecretAuditIssue[];
+};
+
+export type SecretAuditOptions = {
+  stackEnvPath?: string;
+  stackEnvContent?: string;
+  composeConfig?: string | unknown;
+  secretsDir?: string;
+};
+
+type ComposeService = {
+  image?: unknown;
+  env_file?: unknown;
+  environment?: unknown;
+  secrets?: unknown;
+  networks?: unknown;
+};
+
+type ComposeConfig = {
+  services?: Record<string, ComposeService>;
+};
+
+const SECRET_FILE_MODE = 0o600;
+const SECRET_DIR_MODE = 0o700;
+
+const NON_SECRET_STACK_KEYS = new Set([
+  'COMPOSE_PROJECT_NAME',
+  'OP_PROJECT_NAME',
+  'OP_HOME',
+  'OP_UID',
+  'OP_GID',
+  'OP_IMAGE_NAMESPACE',
+  'OP_IMAGE_TAG',
+  'OP_SETUP_COMPLETE',
+  'OP_ASSISTANT_BIND_ADDRESS',
+  'OP_ASSISTANT_PORT',
+  'OP_ASSISTANT_SSH_BIND_ADDRESS',
+  'OP_ASSISTANT_SSH_PORT',
+  'OPENCODE_ENABLE_SSH',
+  'OP_CHAT_BIND_ADDRESS',
+  'OP_CHAT_PORT',
+  'OP_API_BIND_ADDRESS',
+  'OP_API_PORT',
+  'OP_VOICE_BIND_ADDRESS',
+  'OP_VOICE_PORT',
+  'OP_OLLAMA_BIND_ADDRESS',
+  'OP_VOICE_PROFILE',
+  'OP_OLLAMA_PROFILE',
+  'OP_HOST_UI_PORT',
+  'OP_OWNER_NAME',
+  'OP_OWNER_EMAIL',
+  'OPENAI_BASE_URL',
+]);
+
+function issue(code: string, message: string, path?: string): SecretAuditIssue {
+  return { severity: 'error', code, message, path };
+}
+
+export function isSecretLikeKey(key: string): boolean {
+  const normalized = key.toUpperCase();
+  if (normalized.endsWith('_FILE')) return false;
+  return /(^|_)(SECRET|TOKEN|PASSWORD|PASS|API_KEY|PRIVATE_KEY|CREDENTIAL|CREDENTIALS)(_|$)/.test(normalized);
+}
+
+function parseComposeConfig(input: string | unknown): ComposeConfig {
+  if (typeof input === 'string') {
+    const parsed = parseYaml(input) as unknown;
+    return isRecord(parsed) ? parsed as ComposeConfig : {};
+  }
+  return isRecord(input) ? input as ComposeConfig : {};
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
+}
+
+function environmentEntries(environment: unknown): Array<[string, unknown]> {
+  if (Array.isArray(environment)) {
+    return environment.flatMap((entry) => {
+      if (typeof entry !== 'string') return [];
+      const eq = entry.indexOf('=');
+      return eq > 0 ? [[entry.slice(0, eq), entry.slice(eq + 1)] as [string, string]] : [[entry, '']];
+    });
+  }
+  if (isRecord(environment)) return Object.entries(environment);
+  return [];
+}
+
+function serviceSecrets(secrets: unknown): string[] {
+  if (!Array.isArray(secrets)) return [];
+  return secrets.flatMap((entry) => {
+    if (typeof entry === 'string') return [entry];
+    if (!isRecord(entry)) return [];
+    const source = entry.source ?? entry.target;
+    return typeof source === 'string' ? [source] : [];
+  });
+}
+
+function serviceNetworks(networks: unknown): string[] {
+  if (Array.isArray(networks)) return networks.filter((entry): entry is string => typeof entry === 'string');
+  if (isRecord(networks)) return Object.keys(networks);
+  return [];
+}
+
+function normalizedSecretName(name: string): string {
+  return name.toLowerCase().replace(/[^a-z0-9]+/g, '_').replace(/^_+|_+$/g, '');
+}
+
+function isChannelService(name: string, service: ComposeService): boolean {
+  const normalized = normalizedSecretName(name);
+  if (normalized.startsWith('channel_')) return true;
+  const image = typeof service.image === 'string' ? service.image.toLowerCase() : '';
+  if (image.includes('/channel') || image.endsWith(':channel') || image.includes('openpalm/channel')) return true;
+  return serviceNetworks(service.networks).includes('channel_lan') && name !== 'guardian';
+}
+
+function allowedSecretForService(serviceName: string, service: ComposeService, secretName: string): boolean {
+  const serviceId = normalizedSecretName(serviceName.replace(/^channel[-_]/i, ''));
+  const secretId = normalizedSecretName(secretName);
+
+  if (serviceName === 'assistant') {
+    return /^(assistant|opencode|provider|llm|embedding|akm|user)_/.test(secretId);
+  }
+  if (serviceName === 'guardian') {
+    return secretId.startsWith('guardian_') || secretId.startsWith('channel_');
+  }
+  if (serviceName === 'admin') {
+    return /^(admin|ui|openpalm)_/.test(secretId);
+  }
+  if (isChannelService(serviceName, service)) {
+    return secretId.startsWith(`channel_${serviceId}_`) || secretId.startsWith(`${serviceId}_`);
+  }
+  return secretId.startsWith(`${serviceId}_`);
+}
+
+export function auditStackEnv(env: Record<string, string>, label = 'stack.env'): SecretAuditIssue[] {
+  const issues: SecretAuditIssue[] = [];
+  for (const key of Object.keys(env)) {
+    if (NON_SECRET_STACK_KEYS.has(key)) continue;
+    if (isSecretLikeKey(key)) {
+      issues.push(issue(
+        'stack-env-secret-key',
+        `${label} must not contain secret-like key ${key}; store it as a file under knowledge/secrets and expose ${key}_FILE instead.`,
+        `${label}:${key}`,
+      ));
+    }
+  }
+  return issues;
+}
+
+export function auditComposeSecrets(composeConfig: string | unknown): SecretAuditIssue[] {
+  const compose = parseComposeConfig(composeConfig);
+  const issues: SecretAuditIssue[] = [];
+  for (const [serviceName, service] of Object.entries(compose.services ?? {})) {
+    if (service.env_file !== undefined) {
+      issues.push(issue(
+        'compose-service-env-file',
+        `service ${serviceName} must not use env_file; pass non-secrets explicitly and use Docker secrets for secret values.`,
+        `services.${serviceName}.env_file`,
+      ));
+    }
+
+    for (const [key] of environmentEntries(service.environment)) {
+      if (isSecretLikeKey(key)) {
+        issues.push(issue(
+          'compose-secret-env-var',
+          `service ${serviceName} environment key ${key} is secret-like; expose only ${key}_FILE.`,
+          `services.${serviceName}.environment.${key}`,
+        ));
+      }
+    }
+
+    for (const secretName of serviceSecrets(service.secrets)) {
+      if (!allowedSecretForService(serviceName, service, secretName)) {
+        issues.push(issue(
+          'compose-secret-boundary',
+          `service ${serviceName} is not allowed to mount secret ${secretName}.`,
+          `services.${serviceName}.secrets`,
+        ));
+      }
+    }
+  }
+  return issues;
+}
+
+export function auditSecretFilesystem(secretsDir: string): SecretAuditIssue[] {
+  const issues: SecretAuditIssue[] = [];
+  if (!existsSync(secretsDir)) {
+    issues.push(issue('secrets-dir-missing', `secrets directory does not exist: ${secretsDir}`, secretsDir));
+    return issues;
+  }
+
+  const dirStat = statSync(secretsDir);
+  if (!dirStat.isDirectory()) {
+    issues.push(issue('secrets-dir-not-directory', `secrets path is not a directory: ${secretsDir}`, secretsDir));
+    return issues;
+  }
+  if ((dirStat.mode & 0o777) !== SECRET_DIR_MODE) {
+    issues.push(issue('secrets-dir-mode', `secrets directory must be 0700, got ${formatMode(dirStat.mode)}.`, secretsDir));
+  }
+
+  for (const entry of readdirSync(secretsDir, { withFileTypes: true })) {
+    const path = join(secretsDir, entry.name);
+    if (entry.isDirectory()) {
+      issues.push(...auditSecretFilesystem(path));
+      continue;
+    }
+    if (!entry.isFile()) continue;
+    const fileStat = statSync(path);
+    if ((fileStat.mode & 0o777) !== SECRET_FILE_MODE) {
+      issues.push(issue('secret-file-mode', `secret file must be 0600, got ${formatMode(fileStat.mode)}.`, path));
+    }
+  }
+  return issues;
+}
+
+function formatMode(mode: number): string {
+  return `0${(mode & 0o777).toString(8)}`;
+}
+
+export function auditFileBasedSecrets(options: SecretAuditOptions): SecretAuditResult {
+  const issues: SecretAuditIssue[] = [];
+
+  if (options.stackEnvContent !== undefined) {
+    issues.push(...auditStackEnv(parseEnvContent(options.stackEnvContent), 'stack.env'));
+  } else if (options.stackEnvPath) {
+    issues.push(...auditStackEnv(parseEnvFile(options.stackEnvPath), options.stackEnvPath));
+  }
+
+  if (options.composeConfig !== undefined) {
+    issues.push(...auditComposeSecrets(options.composeConfig));
+  }
+
+  if (options.secretsDir) {
+    issues.push(...auditSecretFilesystem(options.secretsDir));
+  }
+
+  return { ok: issues.length === 0, issues };
+}

package/src/control-plane/secret-mappings.ts

@@ -62,7 +62,7 @@ type SecretIndexFile = {
 };
 
 function secretIndexPath(state: ControlPlaneState): string {
-  return `${state.stateDir}/secrets/plaintext-index.json`;
+  return `${state.dataDir}/secrets/plaintext-index.json`;
 }
 
 function normalizeIndexedKey(key: string): string {
@@ -144,7 +144,7 @@ export function readPlaintextSecretIndex(state: ControlPlaneState): SecretIndexF
 }
 
 export function writePlaintextSecretIndex(state: ControlPlaneState, index: SecretIndexFile): void {
-  const dir = `${state.stateDir}/secrets`;
+  const dir = `${state.dataDir}/secrets`;
   mkdirSync(dir, { recursive: true });
   writeFileSync(secretIndexPath(state), JSON.stringify(index, null, 2) + '\n');
 }

package/src/control-plane/secrets-files.test.ts

@@ -0,0 +1,60 @@
+import { describe, expect, it } from 'bun:test';
+import { mkdtempSync, mkdirSync, statSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+import { buildEnvFiles } from './config-persistence.js';
+import { assertNoSecretLikeStackEnvKeys, patchSecretsEnvFile } from './secrets.js';
+import { listSecretNames, readSecret, resolveSecretsDir, secretPath, writeSecret } from './secrets-files.js';
+import type { ControlPlaneState } from './types.js';
+
+function tempStackDir(): string {
+  return mkdtempSync(join(tmpdir(), 'openpalm-secrets-files-'));
+}
+
+describe('file-based control-plane secrets', () => {
+  it('creates the secrets directory and files with private permissions', () => {
+    const stackDir = tempStackDir();
+
+    writeSecret(stackDir, 'channel_chat_secret', 'value');
+
+    expect(resolveSecretsDir(stackDir)).toBe(join(stackDir, 'knowledge', 'secrets'));
+    expect(statSync(resolveSecretsDir(stackDir)).mode & 0o777).toBe(0o700);
+    expect(statSync(secretPath(stackDir, 'channel_chat_secret')).mode & 0o777).toBe(0o600);
+    expect(readSecret(stackDir, 'channel_chat_secret')).toBe('value');
+    expect(listSecretNames(stackDir)).toEqual(['channel_chat_secret']);
+  });
+
+  it('rejects invalid secret names', () => {
+    const stackDir = tempStackDir();
+
+    expect(() => writeSecret(stackDir, 'CHANNEL_CHAT_SECRET', 'value')).toThrow(/Invalid secret name/);
+    expect(() => writeSecret(stackDir, 'channel-chat-secret', 'value')).toThrow(/Invalid secret name/);
+  });
+
+  it('rejects secret-like stack.env keys', () => {
+    expect(() => assertNoSecretLikeStackEnvKeys({ OPENAI_API_KEY: 'sk-test' })).toThrow(/OPENAI_API_KEY/);
+    expect(() => assertNoSecretLikeStackEnvKeys({ OP_OWNER_NAME: 'Ada' })).not.toThrow();
+  });
+
+  it('does not include file-based secrets in compose env files', () => {
+    const stackDir = tempStackDir();
+    const stashDir = join(stackDir, 'knowledge');
+    const stackEnv = join(stashDir, 'env', 'stack.env');
+    mkdirSync(join(stashDir, 'env'), { recursive: true });
+    writeFileSync(stackEnv, 'OP_HOME=/tmp/openpalm\n');
+    writeSecret(stackDir, 'channel_chat_secret', 'value');
+    const state = { stackDir, stashDir } as ControlPlaneState;
+
+    expect(buildEnvFiles(state)).toEqual([stackEnv]);
+  });
+
+  it('routes secret patches to lower-case secret files instead of stack.env', () => {
+    const stackDir = tempStackDir();
+    writeFileSync(join(stackDir, 'stack.env'), 'OP_SETUP_COMPLETE=false\n');
+
+    patchSecretsEnvFile(stackDir, { OP_UI_LOGIN_PASSWORD: 'pw', OP_IMAGE_TAG: 'latest' });
+
+    expect(readSecret(stackDir, 'op_ui_login_password')).toBe('pw\n');
+    expect(listSecretNames(stackDir)).toContain('op_ui_login_password');
+  });
+});

package/src/control-plane/secrets-files.ts

@@ -0,0 +1,66 @@
+import { chmodSync, existsSync, mkdirSync, readdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { join, dirname, basename } from 'node:path';
+
+const SECRET_NAME_RE = /^[a-z0-9][a-z0-9_]{0,80}$/;
+const SECRETS_DIR_MODE = 0o700;
+const SECRET_FILE_MODE = 0o600;
+
+export function validateSecretName(name: string): void {
+  if (!SECRET_NAME_RE.test(name)) throw new Error(`Invalid secret name: ${name}`);
+}
+
+function resolveHomeDirFromStackDir(stackDir: string): string {
+  const parentDir = dirname(stackDir);
+  if (basename(stackDir) === 'stack' && basename(parentDir) === 'config') {
+    return dirname(parentDir);
+  }
+  return stackDir;
+}
+
+export function resolveSecretsDir(stackDir: string): string {
+  const dir = join(resolveHomeDirFromStackDir(stackDir), 'knowledge', 'secrets');
+  mkdirSync(dir, { recursive: true, mode: SECRETS_DIR_MODE });
+  chmodSync(dir, SECRETS_DIR_MODE);
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    if (entry.isFile()) chmodSync(join(dir, entry.name), SECRET_FILE_MODE);
+  }
+  return dir;
+}
+
+export function secretPath(stackDir: string, name: string): string {
+  validateSecretName(name);
+  return join(resolveSecretsDir(stackDir), name);
+}
+
+export function readSecret(stackDir: string, name: string): string | null {
+  const path = secretPath(stackDir, name);
+  if (!existsSync(path)) return null;
+  chmodSync(path, SECRET_FILE_MODE);
+  return readFileSync(path, 'utf-8');
+}
+
+export function writeSecret(stackDir: string, name: string, value: string): void {
+  const path = secretPath(stackDir, name);
+  writeFileSync(path, value, { mode: SECRET_FILE_MODE });
+  chmodSync(path, SECRET_FILE_MODE);
+}
+
+export function ensureSecret(stackDir: string, name: string, valueFactory: () => string): string {
+  const existing = readSecret(stackDir, name);
+  if (existing !== null) return existing;
+  const value = valueFactory();
+  writeSecret(stackDir, name, value);
+  return value;
+}
+
+export function removeSecret(stackDir: string, name: string): void {
+  rmSync(secretPath(stackDir, name), { force: true });
+}
+
+export function listSecretNames(stackDir: string): string[] {
+  const dir = resolveSecretsDir(stackDir);
+  return readdirSync(dir, { withFileTypes: true })
+    .filter((entry) => entry.isFile() && SECRET_NAME_RE.test(entry.name))
+    .map((entry) => entry.name)
+    .sort();
+}