@openpalm/lib 0.11.0-beta.8 → 0.11.0-rc.1

package/src/control-plane/secrets-files.ts

@@ -0,0 +1,113 @@
+import { chmodSync, existsSync, mkdirSync, readdirSync, readFileSync, rmSync, statSync, writeFileSync } from 'node:fs';
+import { join, dirname, basename } from 'node:path';
+
+const SECRET_NAME_RE = /^[a-z0-9][a-z0-9_]{0,80}$/;
+const SECRETS_DIR_MODE = 0o700;
+const SECRET_FILE_MODE = 0o600;
+
+export function validateSecretName(name: string): void {
+  if (!SECRET_NAME_RE.test(name)) throw new Error(`Invalid secret name: ${name}`);
+}
+
+function resolveHomeDirFromStackDir(stackDir: string): string {
+  const parentDir = dirname(stackDir);
+  if (basename(stackDir) === 'stack' && basename(parentDir) === 'config') {
+    return dirname(parentDir);
+  }
+  return stackDir;
+}
+
+export function resolveSecretsDir(stackDir: string): string {
+  const dir = join(resolveHomeDirFromStackDir(stackDir), 'knowledge', 'secrets');
+  mkdirSync(dir, { recursive: true, mode: SECRETS_DIR_MODE });
+  chmodSync(dir, SECRETS_DIR_MODE);
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    if (entry.isFile()) chmodSync(join(dir, entry.name), SECRET_FILE_MODE);
+  }
+  return dir;
+}
+
+export function secretPath(stackDir: string, name: string): string {
+  validateSecretName(name);
+  return join(resolveSecretsDir(stackDir), name);
+}
+
+export function readSecret(stackDir: string, name: string): string | null {
+  const path = secretPath(stackDir, name);
+  if (!existsSync(path)) return null;
+  chmodSync(path, SECRET_FILE_MODE);
+  return readFileSync(path, 'utf-8');
+}
+
+export function writeSecret(stackDir: string, name: string, value: string): void {
+  const path = secretPath(stackDir, name);
+  writeFileSync(path, value, { mode: SECRET_FILE_MODE });
+  chmodSync(path, SECRET_FILE_MODE);
+}
+
+export function ensureSecret(stackDir: string, name: string, valueFactory: () => string): string {
+  const existing = readSecret(stackDir, name);
+  if (existing !== null) return existing;
+  const value = valueFactory();
+  writeSecret(stackDir, name, value);
+  return value;
+}
+
+export function removeSecret(stackDir: string, name: string): void {
+  rmSync(secretPath(stackDir, name), { force: true });
+}
+
+export function listSecretNames(stackDir: string): string[] {
+  const dir = resolveSecretsDir(stackDir);
+  return readdirSync(dir, { withFileTypes: true })
+    .filter((entry) => entry.isFile() && SECRET_NAME_RE.test(entry.name))
+    .map((entry) => entry.name)
+    .sort();
+}
+
+// ── Raw file access for the Secrets admin tab ──────────────────────────────
+// The admin Secrets tab is a plain file browser/editor for the secrets dir, so
+// it must reach files the strict SECRET_NAME_RE excludes (e.g. `auth.json`). The
+// filename guard below permits dots/dashes but is still traversal-safe (no path
+// separators, no `..`). Names are always basenames within the secrets dir.
+const SECRET_FILENAME_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
+
+export function assertSafeSecretFilename(name: string): void {
+  if (!SECRET_FILENAME_RE.test(name) || name.includes('..')) {
+    throw new Error(`Invalid secret file name: ${name}`);
+  }
+}
+
+export type SecretFileInfo = { name: string; size: number };
+
+/** List every regular file in the secrets dir (incl. auth.json), with byte size. */
+export function listSecretFiles(stackDir: string): SecretFileInfo[] {
+  const dir = resolveSecretsDir(stackDir);
+  return readdirSync(dir, { withFileTypes: true })
+    .filter((entry) => entry.isFile() && SECRET_FILENAME_RE.test(entry.name) && !entry.name.includes('..'))
+    .map((entry) => ({ name: entry.name, size: statSync(join(dir, entry.name)).size }))
+    .sort((a, b) => a.name.localeCompare(b.name));
+}
+
+/** Read a secrets-dir file by basename (raw contents), or null if absent. */
+export function readSecretFile(stackDir: string, name: string): string | null {
+  assertSafeSecretFilename(name);
+  const path = join(resolveSecretsDir(stackDir), name);
+  if (!existsSync(path)) return null;
+  chmodSync(path, SECRET_FILE_MODE);
+  return readFileSync(path, 'utf-8');
+}
+
+/** Write a secrets-dir file by basename (0600). */
+export function writeSecretFile(stackDir: string, name: string, value: string): void {
+  assertSafeSecretFilename(name);
+  const path = join(resolveSecretsDir(stackDir), name);
+  writeFileSync(path, value, { mode: SECRET_FILE_MODE });
+  chmodSync(path, SECRET_FILE_MODE);
+}
+
+/** Delete a secrets-dir file by basename. */
+export function removeSecretFile(stackDir: string, name: string): void {
+  assertSafeSecretFilename(name);
+  rmSync(join(resolveSecretsDir(stackDir), name), { force: true });
+}

package/src/control-plane/secrets.ts

@@ -1,11 +1,12 @@
 /** Secrets and capability key management. */
 import { mkdirSync, writeFileSync, readFileSync, existsSync, chmodSync, lstatSync, rmSync, renameSync } from "node:fs";
-import { randomBytes } from "node:crypto";
 import { createLogger } from "../logger.js";
 import { parseEnvFile, mergeEnvContent } from './env.js';
-import { migrateAuth0110 } from './migrate-0110.js';
 import type { ControlPlaneState } from "./types.js";
 import { resolveConfigDir } from "./home.js";
+import { authJsonPath as resolveAuthJsonPath, stackEnvPathFromStackDir } from "./paths.js";
+import { dirname } from "node:path";
+import { listSecretNames, readSecret, resolveSecretsDir, writeSecret } from './secrets-files.js';
 
 const OPENCODE_STARTER_CONFIG = JSON.stringify({ $schema: "https://opencode.ai/config.json" }, null, 2) + "\n";
 const logger = createLogger("secrets");
@@ -22,6 +23,22 @@ export const PLAIN_CONFIG_KEYS = new Set([
 const VAULT_DIR_MODE = 0o700;
 const VAULT_FILE_MODE = 0o600;
 
+export const SECRET_ENV_KEY_RE = /(?:^OP_UI_LOGIN_PASSWORD$|^OP_OPENCODE_PASSWORD$|_API_KEY$|_TOKEN$|_SECRET$|_PASSWORD$)/;
+const SECRET_LIKE_STACK_ENV_KEY_RE = /(SECRET|TOKEN|PASSWORD|API_KEY|PRIVATE_KEY|CLIENT_SECRET|AUTH_JSON|CREDENTIALS)/;
+const NON_SECRET_STACK_ENV_KEY_ALLOWLIST = new Set<string>();
+
+export function isSecretLikeStackEnvKey(key: string): boolean {
+  return SECRET_LIKE_STACK_ENV_KEY_RE.test(key) && !NON_SECRET_STACK_ENV_KEY_ALLOWLIST.has(key);
+}
+
+export function assertNoSecretLikeStackEnvKeys(updates: Record<string, string>): void {
+  for (const key of Object.keys(updates)) {
+    if (isSecretLikeStackEnvKey(key)) {
+      throw new Error(`Refusing to write secret-like key to stack.env: ${key}`);
+    }
+  }
+}
+
 function enforceVaultDirMode(vaultDir: string): void {
   mkdirSync(vaultDir, { recursive: true, mode: VAULT_DIR_MODE });
   try {
@@ -46,8 +63,39 @@ function writeVaultFile(path: string, content: string): void {
   }
 }
 
+export function stackSecretsDir(stackDir: string): string {
+  return resolveSecretsDir(stackDir);
+}
+
+export function stackSecretPath(stackDir: string, envKey: string): string {
+  return `${stackSecretsDir(stackDir)}/${envKey.toLowerCase()}`;
+}
+
+export function readStackSecretEnv(stackDir: string): Record<string, string> {
+  const out: Record<string, string> = {};
+  for (const name of listSecretNames(stackDir)) {
+    const envKey = name.toUpperCase();
+    try {
+      out[envKey] = (readSecret(stackDir, name) ?? '').replace(/[\r\n]+$/, '');
+    } catch {
+      // ignore unreadable secret files; callers treat missing values as absent
+    }
+  }
+  return out;
+}
+
+export function writeStackSecretEnv(state: ControlPlaneState, updates: Record<string, string>): void {
+  if (Object.keys(updates).length === 0) return;
+  resolveSecretsDir(state.stackDir);
+  for (const [envKey, value] of Object.entries(updates)) {
+    if (!/^[A-Z0-9_]+$/.test(envKey)) throw new Error(`Invalid secret env key: ${envKey}`);
+    writeSecret(state.stackDir, envKey.toLowerCase(), value.endsWith('\n') ? value : `${value}\n`);
+  }
+}
+
 function mergeVaultEnvFile(path: string, updates: Record<string, string>, uncomment = false): void {
   if (Object.keys(updates).length === 0) return;
+  assertNoSecretLikeStackEnvKeys(updates);
   const raw = existsSync(path) ? readFileSync(path, "utf-8") : "";
   let merged = mergeEnvContent(raw, updates, { uncomment });
   if (!merged.endsWith("\n")) merged += "\n";
@@ -55,88 +103,45 @@ function mergeVaultEnvFile(path: string, updates: Record<string, string>, uncomm
 }
 
 function ensureSystemSecrets(state: ControlPlaneState): void {
-  const systemEnvPath = `${state.stackDir}/stack.env`;
-  const existing = existsSync(systemEnvPath) ? parseEnvFile(systemEnvPath) : {};
+  const systemEnvPath = `${state.stashDir}/env/stack.env`;
+  enforceVaultDirMode(dirname(systemEnvPath));
   const updates: Record<string, string> = {};
 
-  // OP_UI_LOGIN_PASSWORD seeds the operator login secret. ensureSecrets
-  // generates a random fallback the first time so the stack is never
-  // installed with an empty password slot; the wizard / CLI install path
-  // overwrites it with the operator's chosen value via
-  // buildSystemSecretsFromSetup().
-  if (!existing.OP_UI_LOGIN_PASSWORD) {
-    updates.OP_UI_LOGIN_PASSWORD = randomBytes(32).toString("hex");
+  // Bootstrap only explicit host-provided overrides. Setup is allowed to be
+  // genuinely unconfigured until the wizard/CLI writes the chosen password.
+  if (process.env.OP_UI_LOGIN_PASSWORD) {
+    updates.OP_UI_LOGIN_PASSWORD = process.env.OP_UI_LOGIN_PASSWORD;
+  }
+  if (process.env.OP_OPENCODE_PASSWORD) {
+    updates.OP_OPENCODE_PASSWORD = process.env.OP_OPENCODE_PASSWORD;
   }
 
+  writeStackSecretEnv(state, updates);
+
   if (!existsSync(systemEnvPath)) {
-    const header = [
-      "# OpenPalm — Stack Configuration",
-      "# All secrets and configuration live here. Advanced users may edit directly.",
-      "",
-      "# ── Authentication ──────────────────────────────────────────────────",
-      "OP_UI_LOGIN_PASSWORD=",
-      "",
-      "# ── Service Auth ─────────────────────────────────────────────────────",
-      "OP_OPENCODE_PASSWORD=",
-      "",
-      "# ── Provider API Keys ────────────────────────────────────────────────",
-      "OPENAI_API_KEY=",
-      "OPENAI_BASE_URL=",
-      "ANTHROPIC_API_KEY=",
-      "GROQ_API_KEY=",
-      "MISTRAL_API_KEY=",
-      "GOOGLE_API_KEY=",
-      "MCP_API_KEY=",
-      "EMBEDDING_API_KEY=",
-      "LMSTUDIO_API_KEY=",
-      "",
-      "# ── Owner ────────────────────────────────────────────────────────────",
-      `OP_OWNER_NAME=${process.env.OP_OWNER_NAME ?? ""}`,
-      `OP_OWNER_EMAIL=${process.env.OP_OWNER_EMAIL ?? ""}`,
+      const header = [
+        "# OpenPalm — Stack Configuration",
+        "# Non-secret stack configuration only. File-based secrets live in knowledge/secrets/.",
+        "",
+        "# ── Authentication ──────────────────────────────────────────────────",
+        "OP_SETUP_COMPLETE=false",
       "",
     ].join("\n");
-    const content = mergeEnvContent(header, updates);
-    writeVaultFile(systemEnvPath, content.endsWith("\n") ? content : content + "\n");
+    writeVaultFile(systemEnvPath, header.endsWith("\n") ? header : header + "\n");
     return;
   }
-
-  mergeVaultEnvFile(systemEnvPath, updates, true);
 }
 
 export function ensureSecrets(state: ControlPlaneState): void {
   enforceVaultDirMode(state.stackDir);
 
-  // Migrate pre-0.11.0 installs (OP_UI_TOKEN/OP_ASSISTANT_TOKEN → OP_UI_LOGIN_PASSWORD)
-  // before any code path that reads OP_UI_LOGIN_PASSWORD sees an empty value.
-  migrateAuth0110(state);
-
   ensureSystemSecrets(state);
-  ensureGuardianEnv(state.stackDir);
-  ensureAuthJson(state.configDir);
+  ensureAuthJson(state);
 }
 
-/**
- * Ensure config/stack/guardian.env exists.
- * Channel HMAC secrets (CHANNEL_<NAME>_SECRET) live here exclusively.
- * This file is loaded by the guardian as an env_file and via GUARDIAN_SECRETS_PATH.
- */
-function ensureGuardianEnv(stackDir: string): void {
-  const guardianEnvPath = `${stackDir}/guardian.env`;
-  mkdirSync(stackDir, { recursive: true, mode: VAULT_DIR_MODE });
-  if (!existsSync(guardianEnvPath)) {
-    writeVaultFile(guardianEnvPath, [
-      "# Guardian channel HMAC secrets — managed by openpalm",
-      "# Each enabled channel gets a CHANNEL_<NAME>_SECRET entry.",
-      "",
-    ].join("\n"));
-  } else {
-    try { chmodSync(guardianEnvPath, VAULT_FILE_MODE); } catch { /* best-effort */ }
-  }
-}
-
-function ensureAuthJson(configDir: string): void {
-  const authJsonPath = `${configDir}/auth.json`;
-  mkdirSync(configDir, { recursive: true, mode: VAULT_DIR_MODE });
+function ensureAuthJson(state: ControlPlaneState): void {
+  const authJsonPath = resolveAuthJsonPath(state);
+  mkdirSync(dirname(authJsonPath), { recursive: true, mode: VAULT_DIR_MODE });
 
   if (existsSync(authJsonPath)) {
     try {
@@ -162,22 +167,24 @@ export function updateSecretsEnv(
   state: ControlPlaneState,
   updates: Record<string, string>
 ): void {
-  const stackEnvPath = `${state.stackDir}/stack.env`;
-  if (!existsSync(stackEnvPath)) {
-    throw new Error("config/stack/stack.env does not exist — run setup first");
+  const secretUpdates: Record<string, string> = {};
+  const stackUpdates: Record<string, string> = {};
+  for (const [key, value] of Object.entries(updates)) {
+    if (SECRET_ENV_KEY_RE.test(key)) secretUpdates[key] = value;
+    else stackUpdates[key] = value;
   }
-
-  mergeVaultEnvFile(stackEnvPath, updates, true);
+  writeStackSecretEnv(state, secretUpdates);
+  if (Object.keys(stackUpdates).length > 0) patchSecretsEnvFile(state.stackDir, stackUpdates);
 }
 
 /**
  * Merge-write provider API keys into OpenCode's auth.json at
- * `${configDir}/auth.json`. Each entry uses OpenCode's schema for
- * api-key auth: `{ <providerId>: { type: "api", key: "..." } }`.
+ * `${stackDir}/auth.json` (knowledge/secrets/auth.json). Each entry uses
+ * OpenCode's schema for api-key auth: `{ <providerId>: { type: "api", key } }`.
  *
- * This file is bind-mounted into the assistant container so the chat
- * assistant picks up new credentials on its next OpenCode restart —
- * see core.compose.yml.
+ * This file is bind-mounted into both the assistant and guardian containers
+ * so every OpenCode instance picks up new credentials on its next restart —
+ * see core.compose.yml (assistant) and channels.compose.yml (guardian).
  *
  * Existing entries (OAuth tokens, other providers) are preserved.
  * Empty values DELETE the corresponding entry.
@@ -188,8 +195,8 @@ export function writeAuthJsonProviderKeys(
 ): void {
   if (Object.keys(providerKeys).length === 0) return;
 
-  const authJsonPath = `${state.configDir}/auth.json`;
-  mkdirSync(state.configDir, { recursive: true, mode: VAULT_DIR_MODE });
+  const authJsonPath = resolveAuthJsonPath(state);
+  mkdirSync(dirname(authJsonPath), { recursive: true, mode: VAULT_DIR_MODE });
 
   let current: Record<string, unknown> = {};
   if (existsSync(authJsonPath)) {
@@ -227,16 +234,25 @@ export function writeAuthJsonProviderKeys(
   writeVaultFile(authJsonPath, JSON.stringify(current, null, 2) + "\n");
 }
 
-/** Read and parse config/stack/stack.env. Returns {} if the file does not exist. */
+/** Read and parse knowledge/env/stack.env. Returns {} if the file does not exist. */
 export function readStackEnv(stackDir: string): Record<string, string> {
-  return parseEnvFile(`${stackDir}/stack.env`);
+  const parsed = parseEnvFile(stackEnvPathFromStackDir(stackDir));
+  const nonSecret: Record<string, string> = {};
+  for (const [key, value] of Object.entries(parsed)) {
+    if (!isSecretLikeStackEnvKey(key)) nonSecret[key] = value;
+  }
+  return nonSecret;
+}
+
+export function readStackRuntimeEnv(stackDir: string): Record<string, string> {
+  return { ...readStackEnv(stackDir), ...readStackSecretEnv(stackDir) };
 }
 
 export function updateSystemSecretsEnv(
   state: ControlPlaneState,
   updates: Record<string, string>
 ): void {
-  const systemEnvPath = `${state.stackDir}/stack.env`;
+  const systemEnvPath = `${state.stashDir}/env/stack.env`;
   enforceVaultDirMode(state.stackDir);
   if (!existsSync(systemEnvPath)) {
     ensureSystemSecrets(state);
@@ -250,9 +266,20 @@ export function patchSecretsEnvFile(
 ): void {
   if (Object.keys(patches).length === 0) return;
 
-  const stackEnvPath = `${stackDir}/stack.env`;
-  enforceVaultDirMode(stackDir);
-  mkdirSync(stackDir, { recursive: true, mode: VAULT_DIR_MODE });
+  const stackPatches: Record<string, string> = {};
+  const secretPatches: Record<string, string> = {};
+  for (const [key, value] of Object.entries(patches)) {
+    if (SECRET_ENV_KEY_RE.test(key)) secretPatches[key] = value;
+    else stackPatches[key] = value;
+  }
+  if (Object.keys(secretPatches).length > 0) {
+    writeStackSecretEnv({ stackDir, homeDir: '', configDir: '', stashDir: '', workspaceDir: '', dataDir: '', services: {}, artifacts: { compose: '' }, artifactMeta: [] }, secretPatches);
+  }
+  if (Object.keys(stackPatches).length === 0) return;
+  assertNoSecretLikeStackEnvKeys(stackPatches);
+
+  const stackEnvPath = stackEnvPathFromStackDir(stackDir);
+  enforceVaultDirMode(dirname(stackEnvPath));
 
   let existingContent = "";
   try {
@@ -263,7 +290,7 @@ export function patchSecretsEnvFile(
     // start fresh
   }
 
-  let result = mergeEnvContent(existingContent, patches);
+  let result = mergeEnvContent(existingContent, stackPatches);
   if (!result.endsWith("\n")) result += "\n";
   writeVaultFile(stackEnvPath, result);
 }

package/src/control-plane/setup-config.schema.json

@@ -35,7 +35,7 @@
       "properties": {
         "uiLoginPassword": {
           "type": "string",
-          "description": "Operator login password for the OpenPalm UI. Persisted to stack.env as OP_UI_LOGIN_PASSWORD; the UI's op_session cookie value is compared against it on every authenticated request.",
+          "description": "Operator login password for the OpenPalm UI. Persisted as knowledge/secrets/op_ui_login_password; the UI's op_session cookie value is compared against it on every authenticated request.",
           "minLength": 8
         }
       }

package/src/control-plane/setup-status.ts

@@ -1,18 +1,13 @@
 import { parseEnvFile } from './env.js';
+import { stackEnvPathFromStackDir } from './paths.js';
 
 /**
- * Check if setup is complete by reading config/stack/stack.env.
+ * Check if setup is complete by reading knowledge/env/stack.env.
  *
- * Phase 4 of the auth/proxy refactor replaced the legacy `OP_UI_TOKEN`
- * sentinel with `OP_UI_LOGIN_PASSWORD`. The presence of a non-empty value
- * implies the operator (or the install wizard) has seeded the login
- * secret; `OP_SETUP_COMPLETE=true` is still authoritative when present.
+ * Only OP_SETUP_COMPLETE=true is authoritative. Secrets live in
+ * knowledge/secrets and are not completion sentinels.
  */
 export function isSetupComplete(stackDir: string): boolean {
-  const parsed = parseEnvFile(`${stackDir}/stack.env`);
-  if ("OP_SETUP_COMPLETE" in parsed) {
-    return parsed.OP_SETUP_COMPLETE.toLowerCase() === "true";
-  }
-
-  return (parsed.OP_UI_LOGIN_PASSWORD ?? "").length > 0;
+  const parsed = parseEnvFile(stackEnvPathFromStackDir(stackDir));
+  return parsed.OP_SETUP_COMPLETE === "true";
 }