@spinabot/brigade 1.12.0 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (106) hide show
  1. package/README.md +20 -0
  2. package/convex/logs.d.ts +3 -3
  3. package/convex/memory.d.ts +21 -21
  4. package/convex/schema.d.ts +9 -9
  5. package/convex/skills.d.ts +3 -3
  6. package/dist/buildstamp.json +1 -1
  7. package/dist/cli/commands/config-cmd.d.ts +12 -19
  8. package/dist/cli/commands/config-cmd.d.ts.map +1 -1
  9. package/dist/cli/commands/config-cmd.js +14 -197
  10. package/dist/cli/commands/config-cmd.js.map +1 -1
  11. package/dist/cli/commands/connect.d.ts +6 -0
  12. package/dist/cli/commands/connect.d.ts.map +1 -1
  13. package/dist/cli/commands/connect.js +7 -0
  14. package/dist/cli/commands/connect.js.map +1 -1
  15. package/dist/cli/commands/doctor.d.ts.map +1 -1
  16. package/dist/cli/commands/doctor.js +2 -1
  17. package/dist/cli/commands/doctor.js.map +1 -1
  18. package/dist/cli/commands/expose.d.ts.map +1 -1
  19. package/dist/cli/commands/expose.js +22 -3
  20. package/dist/cli/commands/expose.js.map +1 -1
  21. package/dist/cli/commands/gateway.d.ts +12 -0
  22. package/dist/cli/commands/gateway.d.ts.map +1 -1
  23. package/dist/cli/commands/gateway.js +114 -2
  24. package/dist/cli/commands/gateway.js.map +1 -1
  25. package/dist/cli/commands/status.d.ts.map +1 -1
  26. package/dist/cli/commands/status.js +2 -1
  27. package/dist/cli/commands/status.js.map +1 -1
  28. package/dist/cli/program/build-program.d.ts.map +1 -1
  29. package/dist/cli/program/build-program.js +36 -0
  30. package/dist/cli/program/build-program.js.map +1 -1
  31. package/dist/config/io.d.ts +13 -0
  32. package/dist/config/io.d.ts.map +1 -1
  33. package/dist/config/io.js.map +1 -1
  34. package/dist/core/agents-crud-ops.d.ts +15 -0
  35. package/dist/core/agents-crud-ops.d.ts.map +1 -0
  36. package/dist/core/agents-crud-ops.js +27 -0
  37. package/dist/core/agents-crud-ops.js.map +1 -0
  38. package/dist/core/agents-ops.d.ts +43 -0
  39. package/dist/core/agents-ops.d.ts.map +1 -0
  40. package/dist/core/agents-ops.js +117 -0
  41. package/dist/core/agents-ops.js.map +1 -0
  42. package/dist/core/channels-ops.d.ts +30 -0
  43. package/dist/core/channels-ops.d.ts.map +1 -0
  44. package/dist/core/channels-ops.js +52 -0
  45. package/dist/core/channels-ops.js.map +1 -0
  46. package/dist/core/config-ops.d.ts +77 -0
  47. package/dist/core/config-ops.d.ts.map +1 -0
  48. package/dist/core/config-ops.js +241 -0
  49. package/dist/core/config-ops.js.map +1 -0
  50. package/dist/core/exec-ops.d.ts +48 -0
  51. package/dist/core/exec-ops.d.ts.map +1 -0
  52. package/dist/core/exec-ops.js +101 -0
  53. package/dist/core/exec-ops.js.map +1 -0
  54. package/dist/core/gateway-auth.d.ts +86 -0
  55. package/dist/core/gateway-auth.d.ts.map +1 -0
  56. package/dist/core/gateway-auth.js +156 -0
  57. package/dist/core/gateway-auth.js.map +1 -0
  58. package/dist/core/gateway-probe.d.ts +5 -0
  59. package/dist/core/gateway-probe.d.ts.map +1 -1
  60. package/dist/core/gateway-probe.js +2 -1
  61. package/dist/core/gateway-probe.js.map +1 -1
  62. package/dist/core/gateway-spawn.d.ts.map +1 -1
  63. package/dist/core/gateway-spawn.js +5 -2
  64. package/dist/core/gateway-spawn.js.map +1 -1
  65. package/dist/core/integrations-ops.d.ts +25 -0
  66. package/dist/core/integrations-ops.d.ts.map +1 -0
  67. package/dist/core/integrations-ops.js +40 -0
  68. package/dist/core/integrations-ops.js.map +1 -0
  69. package/dist/core/memory-ops.d.ts +20 -0
  70. package/dist/core/memory-ops.d.ts.map +1 -0
  71. package/dist/core/memory-ops.js +40 -0
  72. package/dist/core/memory-ops.js.map +1 -0
  73. package/dist/core/pairing-ops.d.ts +33 -0
  74. package/dist/core/pairing-ops.d.ts.map +1 -0
  75. package/dist/core/pairing-ops.js +78 -0
  76. package/dist/core/pairing-ops.js.map +1 -0
  77. package/dist/core/provider-ops.d.ts +17 -0
  78. package/dist/core/provider-ops.d.ts.map +1 -0
  79. package/dist/core/provider-ops.js +29 -0
  80. package/dist/core/provider-ops.js.map +1 -0
  81. package/dist/core/server.d.ts.map +1 -1
  82. package/dist/core/server.js +112 -1
  83. package/dist/core/server.js.map +1 -1
  84. package/dist/core/sessions-ops.d.ts +25 -0
  85. package/dist/core/sessions-ops.d.ts.map +1 -0
  86. package/dist/core/sessions-ops.js +77 -0
  87. package/dist/core/sessions-ops.js.map +1 -0
  88. package/dist/core/skills-ops.d.ts +14 -0
  89. package/dist/core/skills-ops.d.ts.map +1 -0
  90. package/dist/core/skills-ops.js +28 -0
  91. package/dist/core/skills-ops.js.map +1 -0
  92. package/dist/core/tunnel/auth-proxy.d.ts +3 -2
  93. package/dist/core/tunnel/auth-proxy.d.ts.map +1 -1
  94. package/dist/core/tunnel/auth-proxy.js +8 -34
  95. package/dist/core/tunnel/auth-proxy.js.map +1 -1
  96. package/dist/core/tunnel/manager.d.ts +4 -2
  97. package/dist/core/tunnel/manager.d.ts.map +1 -1
  98. package/dist/core/tunnel/manager.js +3 -2
  99. package/dist/core/tunnel/manager.js.map +1 -1
  100. package/dist/protocol/methods.d.ts +478 -0
  101. package/dist/protocol/methods.d.ts.map +1 -1
  102. package/dist/tui/client.d.ts +8 -0
  103. package/dist/tui/client.d.ts.map +1 -1
  104. package/dist/tui/client.js +5 -1
  105. package/dist/tui/client.js.map +1 -1
  106. package/package.json +1 -1
@@ -0,0 +1,101 @@
1
+ /**
2
+ * Exec-approval operations behind the `exec.*` gateway RPCs — the
3
+ * `brigade exec <list|allow|allow-pattern|remove|deny-test>` surface, reachable
4
+ * from a remote client.
5
+ *
6
+ * OPERATOR-SCOPED, per-agent: manages an agent's bash approval allowlist. NOT
7
+ * session-targeted — the operator manages exec trust for their OWN agents, the
8
+ * same posture as the already-allowlisted `exec-grant-skill` / `exec-allow-all`
9
+ * RPCs. No per-session access guard is needed (and the guard-sweep allowlists
10
+ * these by name for that reason).
11
+ *
12
+ * All structured returns (no console I/O) so the gateway can hand them straight
13
+ * back to a WS client. The underlying primitives in `exec-approvals.ts` are the
14
+ * SAME ones the CLI calls, so `brigade exec allow` and `exec.allow` over the
15
+ * wire behave identically — including the hard-deny safety net.
16
+ */
17
+ import { DEFAULT_AGENT_ID } from "../config/paths.js";
18
+ import { BrigadeApprovalRefusedError, decideApproval, getApprovalsFilePath, listApprovals, recordApproval, removeApproval, } from "./exec-approvals.js";
19
+ function resolveAgentId(agentId) {
20
+ const t = (agentId ?? "").trim();
21
+ return t.length > 0 ? t : DEFAULT_AGENT_ID;
22
+ }
23
+ export function handleExecList(params) {
24
+ const p = (params ?? {});
25
+ const agentId = resolveAgentId(p.agentId);
26
+ const { commands, patterns } = listApprovals(agentId);
27
+ return { agentId, filePath: getApprovalsFilePath(agentId), commands, patterns };
28
+ }
29
+ export function handleExecAllow(params) {
30
+ const p = (params ?? {});
31
+ const agentId = resolveAgentId(p.agentId);
32
+ const cmd = (p.command ?? "").trim();
33
+ if (!cmd)
34
+ return { ok: false, agentId, reason: "command is empty" };
35
+ if (decideApproval(cmd, agentId) === "deny") {
36
+ return { ok: false, agentId, value: cmd, reason: "matches a hard-deny pattern and cannot be allowlisted" };
37
+ }
38
+ try {
39
+ recordApproval(cmd, "exact", agentId);
40
+ }
41
+ catch (err) {
42
+ if (err instanceof BrigadeApprovalRefusedError)
43
+ return { ok: false, agentId, value: cmd, reason: err.message };
44
+ throw err;
45
+ }
46
+ return { ok: true, agentId, kind: "exact", value: cmd };
47
+ }
48
+ export function handleExecAllowPattern(params) {
49
+ const p = (params ?? {});
50
+ const agentId = resolveAgentId(p.agentId);
51
+ const pat = (p.pattern ?? "").trim();
52
+ if (!pat)
53
+ return { ok: false, agentId, reason: "pattern is empty" };
54
+ try {
55
+ new RegExp(pat);
56
+ }
57
+ catch (err) {
58
+ return { ok: false, agentId, value: pat, reason: `invalid regex: ${err.message}` };
59
+ }
60
+ try {
61
+ recordApproval(pat, "pattern", agentId);
62
+ }
63
+ catch (err) {
64
+ if (err instanceof BrigadeApprovalRefusedError)
65
+ return { ok: false, agentId, value: pat, reason: err.message };
66
+ throw err;
67
+ }
68
+ return { ok: true, agentId, kind: "pattern", value: pat };
69
+ }
70
+ export function handleExecRemove(params) {
71
+ const p = (params ?? {});
72
+ const agentId = resolveAgentId(p.agentId);
73
+ const value = (p.value ?? "").trim();
74
+ if (!value)
75
+ return { ok: false, agentId, removedCommands: 0, removedPatterns: 0, reason: "value is empty" };
76
+ let res;
77
+ try {
78
+ res = removeApproval(value, agentId);
79
+ }
80
+ catch (err) {
81
+ if (err instanceof BrigadeApprovalRefusedError) {
82
+ return { ok: false, agentId, removedCommands: 0, removedPatterns: 0, reason: err.message };
83
+ }
84
+ throw err;
85
+ }
86
+ const ok = res.removedCommands > 0 || res.removedPatterns > 0;
87
+ return {
88
+ ok,
89
+ agentId,
90
+ removedCommands: res.removedCommands,
91
+ removedPatterns: res.removedPatterns,
92
+ ...(ok ? {} : { reason: `"${value}" not found in commands or patterns` }),
93
+ };
94
+ }
95
+ export function handleExecDenyTest(params) {
96
+ const p = (params ?? {});
97
+ const agentId = resolveAgentId(p.agentId);
98
+ const cmd = (p.command ?? "").trim();
99
+ return { agentId, command: cmd, decision: cmd ? decideApproval(cmd, agentId) : "deny" };
100
+ }
101
+ //# sourceMappingURL=exec-ops.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"exec-ops.js","sourceRoot":"","sources":["../../src/core/exec-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAEN,2BAA2B,EAC3B,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,cAAc,GACd,MAAM,qBAAqB,CAAC;AAE7B,SAAS,cAAc,CAAC,OAAgB;IACvC,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACjC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAC5C,CAAC;AAQD,MAAM,UAAU,cAAc,CAAC,MAAe;IAC7C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACtD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,oBAAoB,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AACjF,CAAC;AASD,MAAM,UAAU,eAAe,CAAC,MAAe;IAC9C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAA2C,CAAC;IACnE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACpE,IAAI,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC;QAC7C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,uDAAuD,EAAE,CAAC;IAC5G,CAAC;IACD,IAAI,CAAC;QACJ,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,2BAA2B;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QAC/G,MAAM,GAAG,CAAC;IACX,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,MAAe;IACrD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAA2C,CAAC;IACnE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACpE,IAAI,CAAC;QACJ,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,kBAAmB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;IAC/F,CAAC;IACD,IAAI,CAAC;QACJ,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,2BAA2B;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QAC/G,MAAM,GAAG,CAAC;IACX,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;AAC3D,CAAC;AASD,MAAM,UAAU,gBAAgB,CAAC,MAAe;IAC/C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyC,CAAC;IACjE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC5G,IAAI,GAAyD,CAAC;IAC9D,IAAI,CAAC;QACJ,GAAG,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,2BAA2B,EAAE,CAAC;YAChD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QAC5F,CAAC;QACD,MAAM,GAAG,CAAC;IACX,CAAC;IACD,MAAM,EAAE,GAAG,GAAG,CAAC,eAAe,GAAG,CAAC,IAAI,GAAG,CAAC,eAAe,GAAG,CAAC,CAAC;IAC9D,OAAO;QACN,EAAE;QACF,OAAO;QACP,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,KAAK,qCAAqC,EAAE,CAAC;KACzE,CAAC;AACH,CAAC;AAOD,MAAM,UAAU,kBAAkB,CAAC,MAAe;IACjD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAA2C,CAAC;IACnE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;AACzF,CAAC"}
@@ -0,0 +1,86 @@
1
+ /**
2
+ * Optional, multi-token authentication for the Brigade gateway.
3
+ *
4
+ * The gateway is localhost-only and UNAUTHENTICATED by default: every local
5
+ * connection is the operator and is granted full scope (see the connection
6
+ * handler in `core/server.ts`). That is the right default for a single-user
7
+ * machine. When the operator configures one or more tokens — `gateway.auth`
8
+ * in brigade.json, or the `BRIGADE_GATEWAY_TOKENS` env var — the gateway flips
9
+ * to REQUIRING a valid token on every WebSocket connection, and `brigade
10
+ * expose`'s auth-proxy accepts those same tokens.
11
+ *
12
+ * MULTIPLE tokens are supported on purpose: hand a distinct token to each
13
+ * client/device, and revoke one without disturbing the others. Any token in
14
+ * the list is equally valid.
15
+ *
16
+ * A token may travel three ways so browsers, CLIs, and WebSocket libraries can
17
+ * all authenticate:
18
+ * - `Authorization: Bearer <token>`
19
+ * - `x-brigade-token: <token>` header
20
+ * - `?token=<token>` query string
21
+ *
22
+ * This module is the single source of truth shared by BOTH the gateway
23
+ * connection gate and the expose auth-proxy, so the two can never drift.
24
+ */
25
+ import type { IncomingHttpHeaders } from "node:http";
26
+ /** Header carrying a raw token (no `Bearer ` prefix). Brigade-native name. */
27
+ export declare const TOKEN_HEADER = "x-brigade-token";
28
+ /**
29
+ * Constant-time string equality. Returns `false` (never throws) when the
30
+ * candidate is missing or a different length — `timingSafeEqual` itself throws
31
+ * on length mismatch, so we guard that first. The length check is not itself
32
+ * constant-time, but a token's length is not the secret; its bytes are.
33
+ */
34
+ export declare function tokenMatches(expected: string, provided: string | undefined): boolean;
35
+ /**
36
+ * `true` when `provided` equals ANY token in the list. Every token is compared
37
+ * (no early `break`) so the elapsed time can't reveal which token matched, or
38
+ * how many tokens are configured.
39
+ */
40
+ export declare function matchesAnyToken(tokens: readonly string[], provided: string | undefined): boolean;
41
+ /** Pull a candidate token from the Authorization header, the token header, or `?token=`. */
42
+ export declare function extractToken(reqUrl: string | undefined, headers: IncomingHttpHeaders): string | undefined;
43
+ /** The auth slice of `gateway` config this module reads. */
44
+ export interface GatewayAuthConfig {
45
+ /** Explicit on/off override. `"none"` forces auth OFF even if tokens exist. */
46
+ mode?: "none" | "token" | "password";
47
+ /** Legacy single token (still honored, merged into the effective list). */
48
+ token?: string;
49
+ /** Multiple valid tokens. Any one authenticates a connection. */
50
+ tokens?: readonly string[];
51
+ password?: string;
52
+ }
53
+ /**
54
+ * Effective token list = `auth.token` (legacy single) ∪ `auth.tokens` ∪
55
+ * `BRIGADE_GATEWAY_TOKENS`, trimmed, blanks dropped, de-duplicated (order
56
+ * preserved). An empty result means the gateway stays unauthenticated.
57
+ */
58
+ export declare function resolveGatewayTokens(auth: GatewayAuthConfig | undefined, env?: NodeJS.ProcessEnv): string[];
59
+ /**
60
+ * Whether the gateway should ENFORCE a token. Auth is on when there is at
61
+ * least one effective token AND the operator hasn't explicitly set
62
+ * `auth.mode: "none"` (the off-switch). Returns the resolved token list too so
63
+ * callers don't resolve twice.
64
+ */
65
+ export declare function resolveGatewayAuth(auth: GatewayAuthConfig | undefined, env?: NodeJS.ProcessEnv): {
66
+ required: boolean;
67
+ tokens: string[];
68
+ };
69
+ /** A fresh URL-safe token (192 bits of entropy, base64url, no padding). */
70
+ export declare function generateGatewayToken(): string;
71
+ /** Mask a token for display — first 4 + last 4, the middle elided. */
72
+ export declare function maskToken(token: string): string;
73
+ /**
74
+ * Pick the token a LOCAL client should present to reach an authenticated
75
+ * gateway on this machine. Priority: explicit override (a `--token` flag) →
76
+ * the `BRIGADE_GATEWAY_TOKEN` env var → the first configured token. Returns
77
+ * `undefined` when the gateway is unauthenticated — there is simply nothing to
78
+ * send and the connection works exactly as before.
79
+ */
80
+ export declare function resolveClientToken(auth: GatewayAuthConfig | undefined, opts?: {
81
+ override?: string;
82
+ env?: NodeJS.ProcessEnv;
83
+ }): string | undefined;
84
+ /** `ws` connection headers carrying the token, if any (empty object otherwise). */
85
+ export declare function clientAuthHeaders(token: string | undefined): Record<string, string>;
86
+ //# sourceMappingURL=gateway-auth.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gateway-auth.d.ts","sourceRoot":"","sources":["../../src/core/gateway-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAErD,8EAA8E;AAC9E,eAAO,MAAM,YAAY,oBAAoB,CAAC;AAE9C;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAMpF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAOhG;AAED,4FAA4F;AAC5F,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE,OAAO,EAAE,mBAAmB,GAAG,MAAM,GAAG,SAAS,CAiBzG;AAWD,4DAA4D;AAC5D,MAAM,WAAW,iBAAiB;IACjC,+EAA+E;IAC/E,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,UAAU,CAAC;IACrC,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CACnC,IAAI,EAAE,iBAAiB,GAAG,SAAS,EACnC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAClC,MAAM,EAAE,CAeV;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CACjC,IAAI,EAAE,iBAAiB,GAAG,SAAS,EACnC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAClC;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAIzC;AAED,2EAA2E;AAC3E,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED,sEAAsE;AACtE,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAG/C;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CACjC,IAAI,EAAE,iBAAiB,GAAG,SAAS,EACnC,IAAI,GAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;CAAO,GACvD,MAAM,GAAG,SAAS,CAOpB;AAED,mFAAmF;AACnF,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAEnF"}
@@ -0,0 +1,156 @@
1
+ /**
2
+ * Optional, multi-token authentication for the Brigade gateway.
3
+ *
4
+ * The gateway is localhost-only and UNAUTHENTICATED by default: every local
5
+ * connection is the operator and is granted full scope (see the connection
6
+ * handler in `core/server.ts`). That is the right default for a single-user
7
+ * machine. When the operator configures one or more tokens — `gateway.auth`
8
+ * in brigade.json, or the `BRIGADE_GATEWAY_TOKENS` env var — the gateway flips
9
+ * to REQUIRING a valid token on every WebSocket connection, and `brigade
10
+ * expose`'s auth-proxy accepts those same tokens.
11
+ *
12
+ * MULTIPLE tokens are supported on purpose: hand a distinct token to each
13
+ * client/device, and revoke one without disturbing the others. Any token in
14
+ * the list is equally valid.
15
+ *
16
+ * A token may travel three ways so browsers, CLIs, and WebSocket libraries can
17
+ * all authenticate:
18
+ * - `Authorization: Bearer <token>`
19
+ * - `x-brigade-token: <token>` header
20
+ * - `?token=<token>` query string
21
+ *
22
+ * This module is the single source of truth shared by BOTH the gateway
23
+ * connection gate and the expose auth-proxy, so the two can never drift.
24
+ */
25
+ import { randomBytes, timingSafeEqual } from "node:crypto";
26
+ /** Header carrying a raw token (no `Bearer ` prefix). Brigade-native name. */
27
+ export const TOKEN_HEADER = "x-brigade-token";
28
+ /**
29
+ * Constant-time string equality. Returns `false` (never throws) when the
30
+ * candidate is missing or a different length — `timingSafeEqual` itself throws
31
+ * on length mismatch, so we guard that first. The length check is not itself
32
+ * constant-time, but a token's length is not the secret; its bytes are.
33
+ */
34
+ export function tokenMatches(expected, provided) {
35
+ if (!provided)
36
+ return false;
37
+ const a = Buffer.from(expected, "utf8");
38
+ const b = Buffer.from(provided, "utf8");
39
+ if (a.length !== b.length)
40
+ return false;
41
+ return timingSafeEqual(a, b);
42
+ }
43
+ /**
44
+ * `true` when `provided` equals ANY token in the list. Every token is compared
45
+ * (no early `break`) so the elapsed time can't reveal which token matched, or
46
+ * how many tokens are configured.
47
+ */
48
+ export function matchesAnyToken(tokens, provided) {
49
+ if (!provided)
50
+ return false;
51
+ let ok = false;
52
+ for (const t of tokens) {
53
+ if (tokenMatches(t, provided))
54
+ ok = true;
55
+ }
56
+ return ok;
57
+ }
58
+ /** Pull a candidate token from the Authorization header, the token header, or `?token=`. */
59
+ export function extractToken(reqUrl, headers) {
60
+ const auth = headers["authorization"];
61
+ if (typeof auth === "string" && auth.toLowerCase().startsWith("bearer ")) {
62
+ const t = auth.slice(7).trim();
63
+ if (t.length > 0)
64
+ return t;
65
+ }
66
+ const hdr = headers[TOKEN_HEADER];
67
+ if (typeof hdr === "string" && hdr.length > 0)
68
+ return hdr;
69
+ if (Array.isArray(hdr) && hdr.length > 0 && hdr[0])
70
+ return hdr[0];
71
+ if (reqUrl) {
72
+ const qIdx = reqUrl.indexOf("?");
73
+ if (qIdx >= 0) {
74
+ const t = new URLSearchParams(reqUrl.slice(qIdx + 1)).get("token");
75
+ if (t)
76
+ return t;
77
+ }
78
+ }
79
+ return undefined;
80
+ }
81
+ /** Split a `BRIGADE_GATEWAY_TOKENS` value on commas and/or whitespace. */
82
+ function splitEnvTokens(raw) {
83
+ if (!raw)
84
+ return [];
85
+ return raw
86
+ .split(/[\s,]+/)
87
+ .map((s) => s.trim())
88
+ .filter((s) => s.length > 0);
89
+ }
90
+ /**
91
+ * Effective token list = `auth.token` (legacy single) ∪ `auth.tokens` ∪
92
+ * `BRIGADE_GATEWAY_TOKENS`, trimmed, blanks dropped, de-duplicated (order
93
+ * preserved). An empty result means the gateway stays unauthenticated.
94
+ */
95
+ export function resolveGatewayTokens(auth, env = process.env) {
96
+ const out = [];
97
+ const seen = new Set();
98
+ const push = (t) => {
99
+ if (typeof t !== "string")
100
+ return;
101
+ const v = t.trim();
102
+ if (v.length > 0 && !seen.has(v)) {
103
+ seen.add(v);
104
+ out.push(v);
105
+ }
106
+ };
107
+ push(auth?.token);
108
+ for (const t of auth?.tokens ?? [])
109
+ push(t);
110
+ for (const t of splitEnvTokens(env.BRIGADE_GATEWAY_TOKENS))
111
+ push(t);
112
+ return out;
113
+ }
114
+ /**
115
+ * Whether the gateway should ENFORCE a token. Auth is on when there is at
116
+ * least one effective token AND the operator hasn't explicitly set
117
+ * `auth.mode: "none"` (the off-switch). Returns the resolved token list too so
118
+ * callers don't resolve twice.
119
+ */
120
+ export function resolveGatewayAuth(auth, env = process.env) {
121
+ const tokens = resolveGatewayTokens(auth, env);
122
+ const required = tokens.length > 0 && auth?.mode !== "none";
123
+ return { required, tokens };
124
+ }
125
+ /** A fresh URL-safe token (192 bits of entropy, base64url, no padding). */
126
+ export function generateGatewayToken() {
127
+ return randomBytes(24).toString("base64url");
128
+ }
129
+ /** Mask a token for display — first 4 + last 4, the middle elided. */
130
+ export function maskToken(token) {
131
+ if (token.length <= 8)
132
+ return "*".repeat(Math.max(token.length, 1));
133
+ return `${token.slice(0, 4)}…${token.slice(-4)}`;
134
+ }
135
+ /**
136
+ * Pick the token a LOCAL client should present to reach an authenticated
137
+ * gateway on this machine. Priority: explicit override (a `--token` flag) →
138
+ * the `BRIGADE_GATEWAY_TOKEN` env var → the first configured token. Returns
139
+ * `undefined` when the gateway is unauthenticated — there is simply nothing to
140
+ * send and the connection works exactly as before.
141
+ */
142
+ export function resolveClientToken(auth, opts = {}) {
143
+ const override = opts.override?.trim();
144
+ if (override)
145
+ return override;
146
+ const env = opts.env ?? process.env;
147
+ const single = env.BRIGADE_GATEWAY_TOKEN?.trim();
148
+ if (single)
149
+ return single;
150
+ return resolveGatewayTokens(auth, env)[0];
151
+ }
152
+ /** `ws` connection headers carrying the token, if any (empty object otherwise). */
153
+ export function clientAuthHeaders(token) {
154
+ return token ? { [TOKEN_HEADER]: token } : {};
155
+ }
156
+ //# sourceMappingURL=gateway-auth.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gateway-auth.js","sourceRoot":"","sources":["../../src/core/gateway-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG3D,8EAA8E;AAC9E,MAAM,CAAC,MAAM,YAAY,GAAG,iBAAiB,CAAC;AAE9C;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAA4B;IAC1E,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAyB,EAAE,QAA4B;IACtF,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,IAAI,EAAE,GAAG,KAAK,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,IAAI,YAAY,CAAC,CAAC,EAAE,QAAQ,CAAC;YAAE,EAAE,GAAG,IAAI,CAAC;IAC1C,CAAC;IACD,OAAO,EAAE,CAAC;AACX,CAAC;AAED,4FAA4F;AAC5F,MAAM,UAAU,YAAY,CAAC,MAA0B,EAAE,OAA4B;IACpF,MAAM,IAAI,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1E,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAClC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC1D,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;IAClE,IAAI,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnE,IAAI,CAAC;gBAAE,OAAO,CAAC,CAAC;QACjB,CAAC;IACF,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,0EAA0E;AAC1E,SAAS,cAAc,CAAC,GAAuB;IAC9C,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,GAAG;SACR,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC/B,CAAC;AAaD;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CACnC,IAAmC,EACnC,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,IAAI,GAAG,CAAC,CAAqB,EAAQ,EAAE;QAC5C,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACnB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,CAAC;IACF,CAAC,CAAC;IACF,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,MAAM,IAAI,EAAE;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,GAAG,CAAC;AACZ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CACjC,IAAmC,EACnC,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,MAAM,GAAG,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,EAAE,IAAI,KAAK,MAAM,CAAC;IAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AAC7B,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,oBAAoB;IACnC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC9C,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,SAAS,CAAC,KAAa;IACtC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAClD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CACjC,IAAmC,EACnC,OAAuD,EAAE;IAEzD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;IACvC,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,MAAM,GAAG,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,CAAC;IACjD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,OAAO,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,iBAAiB,CAAC,KAAyB;IAC1D,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC/C,CAAC"}
@@ -109,6 +109,11 @@ export interface GatewayProbeOptions {
109
109
  port?: number;
110
110
  /** Total wallclock budget. Default 1500ms — enough for a local boot, fast enough to keep `brigade status` snappy. */
111
111
  timeoutMs?: number;
112
+ /** Token for an authenticated gateway. Omit when unauthenticated (default).
113
+ * A missing/wrong token against an authed gateway surfaces as
114
+ * `errorKind: "auth"` (the handshake 401), which callers report as
115
+ * "up, but the token was rejected" rather than "down". */
116
+ token?: string;
112
117
  }
113
118
  /**
114
119
  * Open a WebSocket to the gateway and read its state-on-connect frame.
@@ -1 +1 @@
1
- {"version":3,"file":"gateway-probe.d.ts","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAUH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAE3D,eAAO,MAAM,gBAAgB,QAAwC,CAAC;AAEtE;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,QAA8C,CAAC;AAElF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,QAAS,CAAC;AAEjD,qEAAqE;AACrE,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAC;IACZ,mEAAmE;IACnE,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAwBxD;AAED;;;;;GAKG;AACH;yEACyE;AACzE,wBAAsB,aAAa,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAYhG;AAED,wBAAgB,iBAAiB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAkBrF;AAED,8DAA8D;AAC9D,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBxD;AAED;;;;GAIG;AACH,MAAM,MAAM,uBAAuB;AACjC,2DAA2D;AACzD,SAAS;AACX,gDAAgD;GAC9C,SAAS;AACX,kDAAkD;GAChD,KAAK;AACP,8EAA8E;GAC5E,MAAM;AACR,gCAAgC;GAC9B,KAAK;AACP,2CAA2C;GACzC,SAAS;AACX,8DAA8D;GAC5D,OAAO,CAAC;AAEZ,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,wEAAwE;IACxE,KAAK,CAAC,EAAE,oBAAoB,CAAC;IAC7B,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,SAAS,CAAC,EAAE,uBAAuB,CAAC;IACpC,yEAAyE;IACzE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,uBAAuB,CAa1E;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qHAAqH;IACrH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAMD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,GAAE,mBAAwB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA0D9F;AAED;;;;GAIG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAclD;AAED;;;;GAIG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBlD;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAQrE;AAED;8DAC8D;AAC9D,wBAAsB,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAYhF;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAOnD"}
1
+ {"version":3,"file":"gateway-probe.d.ts","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAUH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAG3D,eAAO,MAAM,gBAAgB,QAAwC,CAAC;AAEtE;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,QAA8C,CAAC;AAElF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,QAAS,CAAC;AAEjD,qEAAqE;AACrE,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAC;IACZ,mEAAmE;IACnE,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAwBxD;AAED;;;;;GAKG;AACH;yEACyE;AACzE,wBAAsB,aAAa,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAYhG;AAED,wBAAgB,iBAAiB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAkBrF;AAED,8DAA8D;AAC9D,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBxD;AAED;;;;GAIG;AACH,MAAM,MAAM,uBAAuB;AACjC,2DAA2D;AACzD,SAAS;AACX,gDAAgD;GAC9C,SAAS;AACX,kDAAkD;GAChD,KAAK;AACP,8EAA8E;GAC5E,MAAM;AACR,gCAAgC;GAC9B,KAAK;AACP,2CAA2C;GACzC,SAAS;AACX,8DAA8D;GAC5D,OAAO,CAAC;AAEZ,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,wEAAwE;IACxE,KAAK,CAAC,EAAE,oBAAoB,CAAC;IAC7B,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,SAAS,CAAC,EAAE,uBAAuB,CAAC;IACpC,yEAAyE;IACzE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,uBAAuB,CAa1E;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qHAAqH;IACrH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;+DAG2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,GAAE,mBAAwB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA0D9F;AAED;;;;GAIG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAclD;AAED;;;;GAIG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBlD;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAQrE;AAED;8DAC8D;AAC9D,wBAAsB,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAYhF;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAOnD"}
@@ -23,6 +23,7 @@ import * as path from "node:path";
23
23
  import { WebSocket } from "ws";
24
24
  import { BRIGADE_DIR } from "./config.js";
25
25
  import { tryGetRuntimeContext } from "../storage/runtime-context.js";
26
+ import { clientAuthHeaders } from "./gateway-auth.js";
26
27
  export const GATEWAY_PID_PATH = path.join(BRIGADE_DIR, "gateway.pid");
27
28
  /**
28
29
  * Out-of-process supervisor heartbeat. The gateway writes the file every
@@ -176,7 +177,7 @@ export async function probeGateway(opts = {}) {
176
177
  const start = Date.now();
177
178
  return await new Promise((resolve) => {
178
179
  let settled = false;
179
- const ws = new WebSocket(url, { handshakeTimeout: timeoutMs });
180
+ const ws = new WebSocket(url, { handshakeTimeout: timeoutMs, headers: clientAuthHeaders(opts.token) });
180
181
  const finish = (result) => {
181
182
  if (settled)
182
183
  return;
@@ -1 +1 @@
1
- {"version":3,"file":"gateway-probe.js","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAE/B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAGrE,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEtE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;AAElF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,MAAM,CAAC;AAYjD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,OAAO,GAAqB;QAChC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;QACd,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC;KAC9C,CAAC;IAEF,mEAAmE;IACnE,iEAAiE;IACjE,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;YAC/D,yDAAyD;QAC3D,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/E,MAAM,GAAG,GAAG,GAAG,sBAAsB,MAAM,CAAC;IAC5C,MAAM,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH;yEACyE;AACzE,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,YAAqB;IACvD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;QACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAiC,CAAC;YACrF,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,iBAAiB,CAAC,YAAY,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,YAAqB;IACrD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,IAAI,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA8B,CAAC;QAC5D,IACE,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ;YAC7B,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAC9B,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACnC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC;YAC3B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAChC,CAAC;YACD,OAAO,MAA0B,CAAC;QACpC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,8DAA8D;AAC9D,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,2EAA2E;IAC3E,0EAA0E;IAC1E,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;QACrE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAoCD;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAY;IAC/C,MAAM,GAAG,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACnF,4EAA4E;IAC5E,yCAAyC;IACzC,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,OAAO,SAAS,CAAC;IACnD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAC;IACxG,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,SAAS,CAAC;IAClF,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7G,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,4BAA4B,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9D,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1G,OAAO,OAAO,CAAC;AACjB,CAAC;AASD,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAChC,MAAM,YAAY,GAAG,WAAW,CAAC;AACjC,MAAM,YAAY,GAAG,IAAI,CAAC;AAE1B;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAA4B,EAAE;IAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACvD,MAAM,GAAG,GAAG,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,OAAO,MAAM,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,EAAE;QACvD,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,GAAG,EAAE,EAAE,gBAAgB,EAAE,SAAS,EAAE,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,CAAC,MAA0B,EAAQ,EAAE;YAClD,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,CAAC;gBACH,EAAE,CAAC,kBAAkB,EAAE,CAAC;gBACxB,sEAAsE;gBACtE,+DAA+D;gBAC/D,kEAAkE;gBAClE,mEAAmE;gBACnE,uEAAuE;gBACvE,uEAAuE;gBACvE,yDAAyD;gBACzD,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACzB,EAAE,CAAC,KAAK,EAAE,CAAC;YACb,CAAC;YAAC,MAAM,CAAC;gBACP,6DAA6D;YAC/D,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,mBAAmB,SAAS,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;QACnG,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACrB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC9F,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,qEAAqE;YACrE,qEAAqE;YACrE,mEAAmE;YACnE,oBAAoB;YACpB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC7E,IAAI,MAAM,EAAE,IAAI,KAAK,OAAO,IAAI,MAAM,EAAE,KAAK,KAAK,OAAO,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;oBAC7E,MAAM,CAAC;wBACL,SAAS,EAAE,IAAI;wBACf,GAAG;wBACH,KAAK,EAAE,MAAM,CAAC,OAA+B;wBAC7C,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;qBAC1B,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;YAClE,CAAC;YACD,MAAM,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,6DAA6D;IAC7D,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,sEAAsE;QACxE,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,MAAM,OAAO,CAAC,SAAS,CAAC,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;AACzE,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,6DAA6D;IAC7D,iEAAiE;IACjE,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,qEAAqE;QACvE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,YAAqB;IAC/C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,IAAI,gBAAgB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;8DAC8D;AAC9D,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,YAAqB;IACjD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;QACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC7C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAQ,GAA6B,CAAC,IAAI,KAAK,OAAO,CAAC;IACzD,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"gateway-probe.js","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAE/B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEtE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;AAElF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,MAAM,CAAC;AAYjD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,OAAO,GAAqB;QAChC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;QACd,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC;KAC9C,CAAC;IAEF,mEAAmE;IACnE,iEAAiE;IACjE,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;YAC/D,yDAAyD;QAC3D,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/E,MAAM,GAAG,GAAG,GAAG,sBAAsB,MAAM,CAAC;IAC5C,MAAM,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH;yEACyE;AACzE,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,YAAqB;IACvD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;QACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAiC,CAAC;YACrF,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,iBAAiB,CAAC,YAAY,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,YAAqB;IACrD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,IAAI,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA8B,CAAC;QAC5D,IACE,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ;YAC7B,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAC9B,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACnC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC;YAC3B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAChC,CAAC;YACD,OAAO,MAA0B,CAAC;QACpC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,8DAA8D;AAC9D,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,2EAA2E;IAC3E,0EAA0E;IAC1E,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;QACrE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAoCD;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAY;IAC/C,MAAM,GAAG,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACnF,4EAA4E;IAC5E,yCAAyC;IACzC,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,OAAO,SAAS,CAAC;IACnD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAC;IACxG,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,SAAS,CAAC;IAClF,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7G,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,4BAA4B,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9D,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1G,OAAO,OAAO,CAAC;AACjB,CAAC;AAcD,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAChC,MAAM,YAAY,GAAG,WAAW,CAAC;AACjC,MAAM,YAAY,GAAG,IAAI,CAAC;AAE1B;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAA4B,EAAE;IAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACvD,MAAM,GAAG,GAAG,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,OAAO,MAAM,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,EAAE;QACvD,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,GAAG,EAAE,EAAE,gBAAgB,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACvG,MAAM,MAAM,GAAG,CAAC,MAA0B,EAAQ,EAAE;YAClD,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,CAAC;gBACH,EAAE,CAAC,kBAAkB,EAAE,CAAC;gBACxB,sEAAsE;gBACtE,+DAA+D;gBAC/D,kEAAkE;gBAClE,mEAAmE;gBACnE,uEAAuE;gBACvE,uEAAuE;gBACvE,yDAAyD;gBACzD,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACzB,EAAE,CAAC,KAAK,EAAE,CAAC;YACb,CAAC;YAAC,MAAM,CAAC;gBACP,6DAA6D;YAC/D,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,mBAAmB,SAAS,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;QACnG,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACrB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC9F,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,qEAAqE;YACrE,qEAAqE;YACrE,mEAAmE;YACnE,oBAAoB;YACpB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC7E,IAAI,MAAM,EAAE,IAAI,KAAK,OAAO,IAAI,MAAM,EAAE,KAAK,KAAK,OAAO,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;oBAC7E,MAAM,CAAC;wBACL,SAAS,EAAE,IAAI;wBACf,GAAG;wBACH,KAAK,EAAE,MAAM,CAAC,OAA+B;wBAC7C,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;qBAC1B,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;YAClE,CAAC;YACD,MAAM,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,6DAA6D;IAC7D,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,sEAAsE;QACxE,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,MAAM,OAAO,CAAC,SAAS,CAAC,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;AACzE,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,6DAA6D;IAC7D,iEAAiE;IACjE,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,qEAAqE;QACvE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,YAAqB;IAC/C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,IAAI,gBAAgB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;8DAC8D;AAC9D,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,YAAqB;IACjD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;QACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC7C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAQ,GAA6B,CAAC,IAAI,KAAK,OAAO,CAAC;IACzD,CAAC;AACH,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"gateway-spawn.d.ts","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAaH,MAAM,WAAW,oBAAoB;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,sEAAsE;IACtE,cAAc,EAAE,OAAO,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACb;AAmED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,GAAE,oBAAyB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAqExG"}
1
+ {"version":3,"file":"gateway-spawn.d.ts","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAaH,MAAM,WAAW,oBAAoB;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,sEAAsE;IACtE,cAAc,EAAE,OAAO,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACb;AAmED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,GAAE,oBAAyB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAwExG"}
@@ -96,7 +96,10 @@ export async function ensureGatewayRunning(opts = {}) {
96
96
  const port = opts.port ?? (Number(process.env.BRIGADE_PORT) || DEFAULT_PORT);
97
97
  const timeoutMs = opts.spawnTimeoutMs ?? DEFAULT_SPAWN_TIMEOUT_MS;
98
98
  const existing = await probeGateway({ host, port, timeoutMs: PROBE_TIMEOUT_MS });
99
- if (existing.reachable)
99
+ // An authenticated gateway answers our token-less liveness probe with a 401
100
+ // (errorKind "auth") — that still proves a gateway is listening, so treat it
101
+ // as already-running instead of spawning a duplicate onto the held port.
102
+ if (existing.reachable || existing.errorKind === "auth")
100
103
  return { alreadyRunning: true, host, port };
101
104
  opts.onStatus?.("starting Brigade service…");
102
105
  const child = spawnDetachedGateway(host, port);
@@ -133,7 +136,7 @@ export async function ensureGatewayRunning(opts = {}) {
133
136
  }
134
137
  await sleep(SPAWN_POLL_INTERVAL_MS);
135
138
  const probe = await probeGateway({ host, port, timeoutMs: PROBE_TIMEOUT_MS });
136
- if (probe.reachable)
139
+ if (probe.reachable || probe.errorKind === "auth")
137
140
  return { alreadyRunning: false, host, port };
138
141
  lastError = probe.error;
139
142
  }
@@ -1 +1 @@
1
- {"version":3,"file":"gateway-spawn.js","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,8EAA8E;AAC9E,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAkB9B,SAAS,KAAK,CAAC,EAAU;IACxB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,uBAAuB,CAAC,IAAY,EAAE,IAAY;IAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,IAAI,EAAE,CAAC;IAChE,IAAI,QAAQ,EAAE,CAAC;QACd,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjF,MAAM,GAAG,GAAW,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9B,MAAM,IAAI,GAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,+DAA+D;gBAC/D,+DAA+D;gBAC/D,iEAAiE;gBACjE,+DAA+D;gBAC/D,gEAAgE;gBAChE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC5B,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,4DAA4D;QAC7D,CAAC;IACF,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACd,oEAAoE;YACnE,mEAAmE;YACnE,sCAAsC,CACvC,CAAC;IACH,CAAC;IACD,OAAO;QACN,GAAG,EAAE,OAAO,CAAC,QAAQ;QACrB,IAAI,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC;KAClF,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY,EAAE,IAAY;IACvD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;QACvB,6DAA6D;QAC7D,qEAAqE;QACrE,sDAAsD;QACtD,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;KACnD,CAAC,CAAC;IACH,2EAA2E;IAC3E,0EAA0E;IAC1E,+DAA+D;AAChE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAA6B,EAAE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,IAAI,wBAAwB,CAAC;IAElE,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACjF,IAAI,QAAQ,CAAC,SAAS;QAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEpE,IAAI,CAAC,QAAQ,EAAE,CAAC,2BAA2B,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAE/C,wEAAwE;IACxE,0EAA0E;IAC1E,uEAAuE;IACvE,yEAAyE;IACzE,6EAA6E;IAC7E,0EAA0E;IAC1E,2EAA2E;IAC3E,IAAI,UAA6B,CAAC;IAClC,IAAI,SAA6E,CAAC;IAClF,MAAM,OAAO,GAAG,CAAC,GAAU,EAAQ,EAAE;QACpC,UAAU,GAAG,GAAG,CAAC;IAClB,CAAC,CAAC;IACF,MAAM,MAAM,GAAG,CAAC,IAAmB,EAAE,MAA6B,EAAQ,EAAE;QAC3E,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC9B,CAAC,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE3B,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACxC,IAAI,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC;QAC/B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YAC9B,IAAI,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACd,uCAAuC,UAAU,CAAC,OAAO,IAAI;oBAC5D,8CAA8C,CAC/C,CAAC;YACH,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACf,MAAM,MAAM,GACX,SAAS,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,aAAa,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU,SAAS,CAAC,MAAM,EAAE,CAAC;gBACvF,MAAM,IAAI,KAAK,CACd,qDAAqD,MAAM,KAAK;oBAC/D,oDAAoD;oBACpD,qDAAqD,CACtD,CAAC;YACH,CAAC;YACD,MAAM,KAAK,CAAC,sBAAsB,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC9E,IAAI,KAAK,CAAC,SAAS;gBAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAClE,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC;QACzB,CAAC;QACD,MAAM,IAAI,KAAK,CACd,iDAAiD,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG;YAC/E,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,2DAA2D,CAC5D,CAAC;IACH,CAAC;YAAS,CAAC;QACV,sEAAsE;QACtE,uEAAuE;QACvE,yEAAyE;QACzE,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACvC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,mEAAmE;QACnE,mEAAmE;QACnE,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC5B,KAAK,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;AACF,CAAC"}
1
+ {"version":3,"file":"gateway-spawn.js","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,8EAA8E;AAC9E,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAkB9B,SAAS,KAAK,CAAC,EAAU;IACxB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,uBAAuB,CAAC,IAAY,EAAE,IAAY;IAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,IAAI,EAAE,CAAC;IAChE,IAAI,QAAQ,EAAE,CAAC;QACd,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjF,MAAM,GAAG,GAAW,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9B,MAAM,IAAI,GAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,+DAA+D;gBAC/D,+DAA+D;gBAC/D,iEAAiE;gBACjE,+DAA+D;gBAC/D,gEAAgE;gBAChE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC5B,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,4DAA4D;QAC7D,CAAC;IACF,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACd,oEAAoE;YACnE,mEAAmE;YACnE,sCAAsC,CACvC,CAAC;IACH,CAAC;IACD,OAAO;QACN,GAAG,EAAE,OAAO,CAAC,QAAQ;QACrB,IAAI,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC;KAClF,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY,EAAE,IAAY;IACvD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;QACvB,6DAA6D;QAC7D,qEAAqE;QACrE,sDAAsD;QACtD,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;KACnD,CAAC,CAAC;IACH,2EAA2E;IAC3E,0EAA0E;IAC1E,+DAA+D;AAChE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAA6B,EAAE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,IAAI,wBAAwB,CAAC;IAElE,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACjF,4EAA4E;IAC5E,6EAA6E;IAC7E,yEAAyE;IACzE,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,KAAK,MAAM;QAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAErG,IAAI,CAAC,QAAQ,EAAE,CAAC,2BAA2B,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAE/C,wEAAwE;IACxE,0EAA0E;IAC1E,uEAAuE;IACvE,yEAAyE;IACzE,6EAA6E;IAC7E,0EAA0E;IAC1E,2EAA2E;IAC3E,IAAI,UAA6B,CAAC;IAClC,IAAI,SAA6E,CAAC;IAClF,MAAM,OAAO,GAAG,CAAC,GAAU,EAAQ,EAAE;QACpC,UAAU,GAAG,GAAG,CAAC;IAClB,CAAC,CAAC;IACF,MAAM,MAAM,GAAG,CAAC,IAAmB,EAAE,MAA6B,EAAQ,EAAE;QAC3E,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC9B,CAAC,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE3B,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACxC,IAAI,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC;QAC/B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YAC9B,IAAI,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACd,uCAAuC,UAAU,CAAC,OAAO,IAAI;oBAC5D,8CAA8C,CAC/C,CAAC;YACH,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACf,MAAM,MAAM,GACX,SAAS,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,aAAa,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU,SAAS,CAAC,MAAM,EAAE,CAAC;gBACvF,MAAM,IAAI,KAAK,CACd,qDAAqD,MAAM,KAAK;oBAC/D,oDAAoD;oBACpD,qDAAqD,CACtD,CAAC;YACH,CAAC;YACD,MAAM,KAAK,CAAC,sBAAsB,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC9E,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,KAAK,MAAM;gBAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAChG,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC;QACzB,CAAC;QACD,MAAM,IAAI,KAAK,CACd,iDAAiD,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG;YAC/E,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,2DAA2D,CAC5D,CAAC;IACH,CAAC;YAAS,CAAC;QACV,sEAAsE;QACtE,uEAAuE;QACvE,yEAAyE;QACzE,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACvC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,mEAAmE;QACnE,mEAAmE;QACnE,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC5B,KAAK,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;AACF,CAAC"}
@@ -0,0 +1,25 @@
1
+ /**
2
+ * Integration control behind the `composio` and `oauth` gateway RPCs — the
3
+ * Composio connector (1,000+ apps) and the DIY OAuth-2 authorize flow, reachable
4
+ * from a remote client.
5
+ *
6
+ * Both reuse the owner-scoped tools (ctx-free execute; owner-gating is a session
7
+ * wrapper). Operator-scoped (allowlisted in the guard-sweep). Action-based,
8
+ * mirroring the tools 1:1.
9
+ *
10
+ * REMOTE NOTES:
11
+ * - `composio` is fully remote-capable: Composio HOSTS the OAuth callback, so
12
+ * `connect` returns a click-link the operator opens anywhere and the gateway
13
+ * just polls `status` — no gateway loopback involved.
14
+ * - `oauth` is the DIY loopback flow: `start` opens a 127.0.0.1 listener ON THE
15
+ * GATEWAY HOST with a loopback redirect_uri, so the round-trip only completes
16
+ * when the operator's browser can reach the GATEWAY's loopback (local to the
17
+ * gateway, or tunneled). A pure-remote browser would hit its OWN loopback.
18
+ * `status`/`token` work remotely. For remote app integrations prefer
19
+ * `composio`.
20
+ */
21
+ /** `composio` — Composio connector: set-key/apps/connect/status/search/execute/disconnect/refresh. */
22
+ export declare function handleComposio(params: unknown): Promise<unknown>;
23
+ /** `oauth` — DIY OAuth-2 authorize: start/await/cancel/status/token (see loopback caveat above). */
24
+ export declare function handleOauth(params: unknown): Promise<unknown>;
25
+ //# sourceMappingURL=integrations-ops.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"integrations-ops.d.ts","sourceRoot":"","sources":["../../src/core/integrations-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAMH,sGAAsG;AACtG,wBAAsB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAMtE;AAED,oGAAoG;AACpG,wBAAsB,WAAW,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAMnE"}
@@ -0,0 +1,40 @@
1
+ /**
2
+ * Integration control behind the `composio` and `oauth` gateway RPCs — the
3
+ * Composio connector (1,000+ apps) and the DIY OAuth-2 authorize flow, reachable
4
+ * from a remote client.
5
+ *
6
+ * Both reuse the owner-scoped tools (ctx-free execute; owner-gating is a session
7
+ * wrapper). Operator-scoped (allowlisted in the guard-sweep). Action-based,
8
+ * mirroring the tools 1:1.
9
+ *
10
+ * REMOTE NOTES:
11
+ * - `composio` is fully remote-capable: Composio HOSTS the OAuth callback, so
12
+ * `connect` returns a click-link the operator opens anywhere and the gateway
13
+ * just polls `status` — no gateway loopback involved.
14
+ * - `oauth` is the DIY loopback flow: `start` opens a 127.0.0.1 listener ON THE
15
+ * GATEWAY HOST with a loopback redirect_uri, so the round-trip only completes
16
+ * when the operator's browser can reach the GATEWAY's loopback (local to the
17
+ * gateway, or tunneled). A pure-remote browser would hit its OWN loopback.
18
+ * `status`/`token` work remotely. For remote app integrations prefer
19
+ * `composio`.
20
+ */
21
+ import { DEFAULT_AGENT_ID } from "../agents/routing/session-key.js";
22
+ import { makeComposioTool } from "../agents/tools/composio-tool.js";
23
+ import { makeOAuthAuthorizeTool } from "../agents/tools/oauth-authorize-tool.js";
24
+ /** `composio` — Composio connector: set-key/apps/connect/status/search/execute/disconnect/refresh. */
25
+ export async function handleComposio(params) {
26
+ const p = (params ?? {});
27
+ const agentId = (p.agentId ?? "").trim() || DEFAULT_AGENT_ID;
28
+ const tool = makeComposioTool({ agentId });
29
+ const res = await tool.execute("gateway", params);
30
+ return res.details;
31
+ }
32
+ /** `oauth` — DIY OAuth-2 authorize: start/await/cancel/status/token (see loopback caveat above). */
33
+ export async function handleOauth(params) {
34
+ const p = (params ?? {});
35
+ const agentId = (p.agentId ?? "").trim() || DEFAULT_AGENT_ID;
36
+ const tool = makeOAuthAuthorizeTool({ agentId });
37
+ const res = await tool.execute("gateway", params);
38
+ return res.details;
39
+ }
40
+ //# sourceMappingURL=integrations-ops.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"integrations-ops.js","sourceRoot":"","sources":["../../src/core/integrations-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,sGAAsG;AACtG,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAe;IACnD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,gBAAgB,CAAC;IAC7D,MAAM,IAAI,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAe,CAAC,CAAC;IAC3D,OAAO,GAAG,CAAC,OAAO,CAAC;AACpB,CAAC;AAED,oGAAoG;AACpG,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAe;IAChD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,gBAAgB,CAAC;IAC7D,MAAM,IAAI,GAAG,sBAAsB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAe,CAAC,CAAC;IAC3D,OAAO,GAAG,CAAC,OAAO,CAAC;AACpB,CAAC"}
@@ -0,0 +1,20 @@
1
+ /**
2
+ * Memory (Tideline) write + governance behind the `memory.*` gateway RPCs — the
3
+ * write_memory + manage_memory surface, reachable from a remote client.
4
+ *
5
+ * Memory lives in `facts.jsonl` (a store, NOT brigade.json), so `config.set`
6
+ * cannot reach it — these RPCs are the only typed remote path to MUTATE memory.
7
+ * READ is already covered by the `memory-query` (list/search/inspect/stats) and
8
+ * `memory-graph` RPCs.
9
+ *
10
+ * OPERATOR-SCOPED: operates on the OWNER origin over the agent's workspace,
11
+ * exactly like the tools (filesystem AND Convex modes). Reuses the SAME
12
+ * write_memory / manage_memory tool logic — their `execute()` is pure (owner-
13
+ * gating is a session wrapper, not inside execute), so invoking them with an
14
+ * owner scope from the gateway is correct and byte-identical to a turn.
15
+ */
16
+ /** `memory.write` — persist a durable fact. Params mirror the write_memory tool. */
17
+ export declare function handleMemoryWrite(params: unknown): Promise<unknown>;
18
+ /** `memory.manage` — dream/purge/inspect/export/retention/vault/retract/restore/relink. */
19
+ export declare function handleMemoryManage(params: unknown): Promise<unknown>;
20
+ //# sourceMappingURL=memory-ops.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"memory-ops.d.ts","sourceRoot":"","sources":["../../src/core/memory-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAYH,oFAAoF;AACpF,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAMzE;AAED,2FAA2F;AAC3F,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAM1E"}