@saeed42/worktree-worker 1.3.5 → 1.4.1

package/dist/main.js

@@ -2,7 +2,7 @@
 
 // src/main.ts
 import { serve } from "@hono/node-server";
-import { Hono as Hono4 } from "hono";
+import { Hono as Hono5 } from "hono";
 import { cors } from "hono/cors";
 import { logger as honoLogger } from "hono/logger";
 import { secureHeaders } from "hono/secure-headers";
@@ -466,6 +466,48 @@ var GitService = class {
     const result = await this.exec(["remote", "get-url", remote], cwd);
     return result.code === 0 ? result.stdout.trim() : null;
   }
+  /**
+   * Configure git credential helper with token (temporary, for operations like worktree add)
+   * SECURITY: Token is stored in /tmp and should be cleared after operation
+   */
+  async configureCredentials(githubToken) {
+    const log = logger.child({ service: "git", operation: "configureCredentials" });
+    log.debug("Configuring git credentials");
+    await this.exec(["config", "--global", "credential.helper", "store --file=/tmp/.git-credentials"]);
+    await this.exec(["config", "--global", "core.askPass", ""]);
+    const { writeFile: writeFile2 } = await import("fs/promises");
+    const credLine = `https://x-access-token:${githubToken}@github.com
+`;
+    await writeFile2("/tmp/.git-credentials", credLine, { mode: 384 });
+    log.debug("Git credentials configured");
+  }
+  /**
+   * Clear git credentials (call after operations complete)
+   */
+  async clearCredentials() {
+    const log = logger.child({ service: "git", operation: "clearCredentials" });
+    log.debug("Clearing git credentials");
+    const { unlink: unlink2 } = await import("fs/promises");
+    try {
+      await unlink2("/tmp/.git-credentials");
+    } catch {
+    }
+    await this.exec(["config", "--global", "--unset", "credential.helper"]).catch(() => {
+    });
+    log.debug("Git credentials cleared");
+  }
+  /**
+   * Run an operation with temporary credentials
+   * SECURITY: Credentials are cleared after operation completes (success or failure)
+   */
+  async withCredentials(githubToken, operation) {
+    await this.configureCredentials(githubToken);
+    try {
+      return await operation();
+    } finally {
+      await this.clearCredentials();
+    }
+  }
 };
 var gitService = new GitService();
 
@@ -1472,8 +1514,146 @@ worktree.post("/worktrees/cleanup", async (c) => {
   }
 });
 
+// src/routes/git.routes.ts
+import { Hono as Hono4 } from "hono";
+import { z as z3 } from "zod";
+import * as fs from "fs/promises";
+var git = new Hono4();
+var gitConfigSchema = z3.object({
+  user: z3.object({
+    name: z3.string().min(1, "Name is required"),
+    email: z3.string().email("Valid email is required")
+  }).optional(),
+  credentials: z3.object({
+    githubToken: z3.string().min(1, "GitHub token is required")
+  }).optional()
+});
+git.post("/config", async (c) => {
+  const log = logger.child({ route: "git/config" });
+  try {
+    const body = await c.req.json().catch(() => ({}));
+    const parsed = gitConfigSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json(
+        { success: false, error: { code: "VALIDATION_ERROR", message: parsed.error.message } },
+        400
+      );
+    }
+    const { user, credentials } = parsed.data;
+    const configured = [];
+    if (user) {
+      log.info("Configuring git user identity", { name: user.name, email: user.email });
+      const nameResult = await gitService.exec(["config", "--global", "user.name", user.name]);
+      if (nameResult.code !== 0) {
+        log.error("Failed to set git user.name", { stderr: nameResult.stderr });
+        return c.json(
+          { success: false, error: { code: "GIT_CONFIG_ERROR", message: "Failed to set user.name" } },
+          500
+        );
+      }
+      const emailResult = await gitService.exec(["config", "--global", "user.email", user.email]);
+      if (emailResult.code !== 0) {
+        log.error("Failed to set git user.email", { stderr: emailResult.stderr });
+        return c.json(
+          { success: false, error: { code: "GIT_CONFIG_ERROR", message: "Failed to set user.email" } },
+          500
+        );
+      }
+      configured.push("user_configured");
+      log.debug("Git user identity configured successfully");
+    }
+    if (credentials?.githubToken) {
+      log.info("Configuring git credentials");
+      await gitService.exec([
+        "config",
+        "--global",
+        "credential.helper",
+        "store --file=/tmp/.git-credentials"
+      ]);
+      await gitService.exec(["config", "--global", "core.askPass", ""]);
+      const credLine = `https://x-access-token:${credentials.githubToken}@github.com
+`;
+      await fs.writeFile("/tmp/.git-credentials", credLine, { mode: 384 });
+      configured.push("credentials_configured");
+      log.debug("Git credentials configured successfully");
+    }
+    if (configured.length === 0) {
+      return c.json(
+        { success: false, error: { code: "NO_CONFIG", message: "No configuration provided" } },
+        400
+      );
+    }
+    return c.json({
+      success: true,
+      data: { configured }
+    });
+  } catch (err) {
+    const error = err;
+    log.error("Failed to configure git", { error: error.message });
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
+  }
+});
+git.get("/config", async (c) => {
+  const log = logger.child({ route: "git/config" });
+  try {
+    const nameResult = await gitService.exec(["config", "--global", "user.name"]);
+    const name = nameResult.code === 0 ? nameResult.stdout.trim() : null;
+    const emailResult = await gitService.exec(["config", "--global", "user.email"]);
+    const email = emailResult.code === 0 ? emailResult.stdout.trim() : null;
+    let credentialsConfigured = false;
+    try {
+      await fs.access("/tmp/.git-credentials");
+      credentialsConfigured = true;
+    } catch {
+    }
+    return c.json({
+      success: true,
+      data: {
+        user: {
+          name: name || null,
+          email: email || null
+        },
+        credentialsConfigured
+      }
+    });
+  } catch (err) {
+    const error = err;
+    log.error("Failed to get git config", { error: error.message });
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
+  }
+});
+git.delete("/config", async (c) => {
+  const log = logger.child({ route: "git/config" });
+  try {
+    await gitService.exec(["config", "--global", "--unset", "user.name"]);
+    await gitService.exec(["config", "--global", "--unset", "user.email"]);
+    try {
+      await fs.unlink("/tmp/.git-credentials");
+    } catch {
+    }
+    log.info("Git config cleared");
+    return c.json({
+      success: true,
+      data: { cleared: true }
+    });
+  } catch (err) {
+    const error = err;
+    log.error("Failed to clear git config", { error: error.message });
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
+  }
+});
+
 // src/main.ts
-var app = new Hono4();
+var app = new Hono5();
 app.use("*", secureHeaders());
 app.use(
   "*",
@@ -1504,6 +1684,7 @@ app.get("/", (c) => {
 });
 app.use("/v1/*", authMiddleware);
 app.route("/v1/repo", repo);
+app.route("/v1/git", git);
 app.route("/v1", worktree);
 app.onError((err, c) => {
   const requestId = c.req.header("X-Request-ID") || "unknown";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@saeed42/worktree-worker",
-  "version": "1.3.5",
+  "version": "1.4.1",
   "description": "Git worktree management service for AI agent trials",
   "type": "module",
   "main": "dist/main.js",