@spinabot/brigade 1.13.0 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/convex/logs.d.ts +3 -3
- package/convex/memory.d.ts +21 -21
- package/convex/schema.d.ts +9 -9
- package/convex/skills.d.ts +3 -3
- package/dist/buildstamp.json +1 -1
- package/dist/cli/commands/config-cmd.d.ts +12 -19
- package/dist/cli/commands/config-cmd.d.ts.map +1 -1
- package/dist/cli/commands/config-cmd.js +14 -197
- package/dist/cli/commands/config-cmd.js.map +1 -1
- package/dist/core/agents-crud-ops.d.ts +15 -0
- package/dist/core/agents-crud-ops.d.ts.map +1 -0
- package/dist/core/agents-crud-ops.js +27 -0
- package/dist/core/agents-crud-ops.js.map +1 -0
- package/dist/core/agents-ops.d.ts +43 -0
- package/dist/core/agents-ops.d.ts.map +1 -0
- package/dist/core/agents-ops.js +117 -0
- package/dist/core/agents-ops.js.map +1 -0
- package/dist/core/channels-ops.d.ts +30 -0
- package/dist/core/channels-ops.d.ts.map +1 -0
- package/dist/core/channels-ops.js +52 -0
- package/dist/core/channels-ops.js.map +1 -0
- package/dist/core/config-ops.d.ts +77 -0
- package/dist/core/config-ops.d.ts.map +1 -0
- package/dist/core/config-ops.js +241 -0
- package/dist/core/config-ops.js.map +1 -0
- package/dist/core/exec-ops.d.ts +48 -0
- package/dist/core/exec-ops.d.ts.map +1 -0
- package/dist/core/exec-ops.js +101 -0
- package/dist/core/exec-ops.js.map +1 -0
- package/dist/core/integrations-ops.d.ts +25 -0
- package/dist/core/integrations-ops.d.ts.map +1 -0
- package/dist/core/integrations-ops.js +40 -0
- package/dist/core/integrations-ops.js.map +1 -0
- package/dist/core/memory-ops.d.ts +20 -0
- package/dist/core/memory-ops.d.ts.map +1 -0
- package/dist/core/memory-ops.js +40 -0
- package/dist/core/memory-ops.js.map +1 -0
- package/dist/core/pairing-ops.d.ts +33 -0
- package/dist/core/pairing-ops.d.ts.map +1 -0
- package/dist/core/pairing-ops.js +78 -0
- package/dist/core/pairing-ops.js.map +1 -0
- package/dist/core/provider-ops.d.ts +17 -0
- package/dist/core/provider-ops.d.ts.map +1 -0
- package/dist/core/provider-ops.js +29 -0
- package/dist/core/provider-ops.js.map +1 -0
- package/dist/core/server.d.ts.map +1 -1
- package/dist/core/server.js +91 -0
- package/dist/core/server.js.map +1 -1
- package/dist/core/sessions-ops.d.ts +25 -0
- package/dist/core/sessions-ops.d.ts.map +1 -0
- package/dist/core/sessions-ops.js +77 -0
- package/dist/core/sessions-ops.js.map +1 -0
- package/dist/core/skills-ops.d.ts +14 -0
- package/dist/core/skills-ops.d.ts.map +1 -0
- package/dist/core/skills-ops.js +28 -0
- package/dist/core/skills-ops.js.map +1 -0
- package/dist/protocol/methods.d.ts +478 -0
- package/dist/protocol/methods.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,241 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Config path operations — the pure logic behind `brigade config <get|set|
|
|
3
|
+
* unset|list|schema|validate>` AND the `config.*` gateway RPCs.
|
|
4
|
+
*
|
|
5
|
+
* Extracted from `cli/commands/config-cmd.ts` so the CLI and the gateway speak
|
|
6
|
+
* to ONE implementation: a remote client (web console) doing `config.set` and
|
|
7
|
+
* an operator doing `brigade config set` parse paths, redact secrets, and
|
|
8
|
+
* mutate brigade.json identically.
|
|
9
|
+
*
|
|
10
|
+
* The path helpers are pure (no I/O). The `handle*` functions are the gateway
|
|
11
|
+
* handlers: they read/write through the mode-aware `loadConfig`/`saveConfig`
|
|
12
|
+
* (filesystem OR Convex), so `config.*` works in both storage modes.
|
|
13
|
+
*
|
|
14
|
+
* Secret handling mirrors the CLI: any segment matching SENSITIVE_SEGMENT
|
|
15
|
+
* renders as `__BRIGADE_REDACTED__` in get/list output. Writes are NOT
|
|
16
|
+
* redacted (you can set a key you can't read back in plaintext), and the
|
|
17
|
+
* on-disk `${VAR}` restoration in `saveConfig` keeps resolved secrets off disk.
|
|
18
|
+
*/
|
|
19
|
+
import JSON5 from "json5";
|
|
20
|
+
import { BrigadeConfigSchema, collectBrigadeConfigErrors } from "./brigade-config.js";
|
|
21
|
+
import { loadConfig, saveConfig } from "./config.js";
|
|
22
|
+
export const REDACTED_SENTINEL = "__BRIGADE_REDACTED__";
|
|
23
|
+
const SENSITIVE_SEGMENT = /^(key|apikey|token|secret|password|refreshtoken|accesstoken)$/i;
|
|
24
|
+
/* ───────────────────────── path helpers ───────────────────────── */
|
|
25
|
+
/**
|
|
26
|
+
* Parse a config path into segments. Supports dot-notation
|
|
27
|
+
* (`agents.defaults.provider`), escaped dots (`keys.foo\.bar`), bracket array
|
|
28
|
+
* indices (`a.b[0]`), and bracket literal keys (`a["my.key"]`).
|
|
29
|
+
*/
|
|
30
|
+
export function parsePath(raw) {
|
|
31
|
+
const trimmed = raw.trim();
|
|
32
|
+
if (trimmed.length === 0) {
|
|
33
|
+
throw new Error("config path is empty");
|
|
34
|
+
}
|
|
35
|
+
const segments = [];
|
|
36
|
+
let buf = "";
|
|
37
|
+
for (let i = 0; i < trimmed.length; i++) {
|
|
38
|
+
const ch = trimmed[i];
|
|
39
|
+
if (ch === "\\" && trimmed[i + 1] === ".") {
|
|
40
|
+
buf += ".";
|
|
41
|
+
i++;
|
|
42
|
+
continue;
|
|
43
|
+
}
|
|
44
|
+
if (ch === ".") {
|
|
45
|
+
if (buf.length === 0) {
|
|
46
|
+
throw new Error(`empty segment in config path "${raw}"`);
|
|
47
|
+
}
|
|
48
|
+
segments.push(buf);
|
|
49
|
+
buf = "";
|
|
50
|
+
continue;
|
|
51
|
+
}
|
|
52
|
+
if (ch === "[") {
|
|
53
|
+
if (buf.length > 0) {
|
|
54
|
+
segments.push(buf);
|
|
55
|
+
buf = "";
|
|
56
|
+
}
|
|
57
|
+
const close = trimmed.indexOf("]", i);
|
|
58
|
+
if (close === -1) {
|
|
59
|
+
throw new Error(`unclosed "[" in config path "${raw}"`);
|
|
60
|
+
}
|
|
61
|
+
let inside = trimmed.slice(i + 1, close).trim();
|
|
62
|
+
if ((inside.startsWith('"') && inside.endsWith('"')) ||
|
|
63
|
+
(inside.startsWith("'") && inside.endsWith("'"))) {
|
|
64
|
+
inside = inside.slice(1, -1);
|
|
65
|
+
}
|
|
66
|
+
if (inside.length === 0) {
|
|
67
|
+
throw new Error(`empty bracket segment in config path "${raw}"`);
|
|
68
|
+
}
|
|
69
|
+
segments.push(inside);
|
|
70
|
+
i = close;
|
|
71
|
+
continue;
|
|
72
|
+
}
|
|
73
|
+
buf += ch;
|
|
74
|
+
}
|
|
75
|
+
if (buf.length > 0)
|
|
76
|
+
segments.push(buf);
|
|
77
|
+
if (segments.length === 0) {
|
|
78
|
+
throw new Error(`unable to parse config path "${raw}"`);
|
|
79
|
+
}
|
|
80
|
+
return segments;
|
|
81
|
+
}
|
|
82
|
+
/** True iff the segment looks like a non-negative integer (array index). */
|
|
83
|
+
function isIndexSegment(seg) {
|
|
84
|
+
return /^[0-9]+$/.test(seg);
|
|
85
|
+
}
|
|
86
|
+
export function getNested(root, segments) {
|
|
87
|
+
let cur = root;
|
|
88
|
+
for (const seg of segments) {
|
|
89
|
+
if (cur === null || cur === undefined)
|
|
90
|
+
return undefined;
|
|
91
|
+
if (Array.isArray(cur) && isIndexSegment(seg)) {
|
|
92
|
+
cur = cur[Number(seg)];
|
|
93
|
+
continue;
|
|
94
|
+
}
|
|
95
|
+
if (typeof cur !== "object")
|
|
96
|
+
return undefined;
|
|
97
|
+
cur = cur[seg];
|
|
98
|
+
}
|
|
99
|
+
return cur;
|
|
100
|
+
}
|
|
101
|
+
export function setNested(root, segments, value) {
|
|
102
|
+
// biome-ignore lint/suspicious/noExplicitAny: walking an untyped config tree.
|
|
103
|
+
let cur = root;
|
|
104
|
+
for (let i = 0; i < segments.length - 1; i++) {
|
|
105
|
+
const seg = segments[i] ?? "";
|
|
106
|
+
const nextSeg = segments[i + 1] ?? "";
|
|
107
|
+
const wantArray = isIndexSegment(nextSeg);
|
|
108
|
+
const existing = Array.isArray(cur) && isIndexSegment(seg) ? cur[Number(seg)] : cur[seg];
|
|
109
|
+
if (existing === undefined || existing === null || typeof existing !== "object") {
|
|
110
|
+
const fresh = wantArray ? [] : {};
|
|
111
|
+
if (Array.isArray(cur) && isIndexSegment(seg)) {
|
|
112
|
+
cur[Number(seg)] = fresh;
|
|
113
|
+
}
|
|
114
|
+
else {
|
|
115
|
+
cur[seg] = fresh;
|
|
116
|
+
}
|
|
117
|
+
cur = fresh;
|
|
118
|
+
}
|
|
119
|
+
else {
|
|
120
|
+
cur = Array.isArray(cur) && isIndexSegment(seg) ? cur[Number(seg)] : cur[seg];
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
const tail = segments[segments.length - 1] ?? "";
|
|
124
|
+
if (Array.isArray(cur) && isIndexSegment(tail)) {
|
|
125
|
+
cur[Number(tail)] = value;
|
|
126
|
+
}
|
|
127
|
+
else {
|
|
128
|
+
cur[tail] = value;
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
export function deleteNested(root, segments) {
|
|
132
|
+
// biome-ignore lint/suspicious/noExplicitAny: walking an untyped config tree.
|
|
133
|
+
let cur = root;
|
|
134
|
+
for (let i = 0; i < segments.length - 1; i++) {
|
|
135
|
+
const seg = segments[i] ?? "";
|
|
136
|
+
const next = Array.isArray(cur) && isIndexSegment(seg) ? cur[Number(seg)] : cur?.[seg];
|
|
137
|
+
if (next === undefined || next === null || typeof next !== "object")
|
|
138
|
+
return false;
|
|
139
|
+
cur = next;
|
|
140
|
+
}
|
|
141
|
+
const tail = segments[segments.length - 1] ?? "";
|
|
142
|
+
if (Array.isArray(cur) && isIndexSegment(tail)) {
|
|
143
|
+
const idx = Number(tail);
|
|
144
|
+
if (idx < cur.length) {
|
|
145
|
+
cur.splice(idx, 1);
|
|
146
|
+
return true;
|
|
147
|
+
}
|
|
148
|
+
return false;
|
|
149
|
+
}
|
|
150
|
+
if (cur && typeof cur === "object" && tail in cur) {
|
|
151
|
+
delete cur[tail];
|
|
152
|
+
return true;
|
|
153
|
+
}
|
|
154
|
+
return false;
|
|
155
|
+
}
|
|
156
|
+
/** JSON5-parse a CLI string value, falling back to the raw string. */
|
|
157
|
+
export function parseConfigValue(raw, opts = {}) {
|
|
158
|
+
if (opts.strictJson) {
|
|
159
|
+
return JSON.parse(raw);
|
|
160
|
+
}
|
|
161
|
+
try {
|
|
162
|
+
return JSON5.parse(raw);
|
|
163
|
+
}
|
|
164
|
+
catch {
|
|
165
|
+
return raw;
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
/** Deep-redact any string value whose key looks secret. */
|
|
169
|
+
export function redactDeep(value) {
|
|
170
|
+
if (value === null || typeof value !== "object")
|
|
171
|
+
return value;
|
|
172
|
+
if (Array.isArray(value))
|
|
173
|
+
return value.map((v) => redactDeep(v));
|
|
174
|
+
const out = {};
|
|
175
|
+
for (const [k, v] of Object.entries(value)) {
|
|
176
|
+
if (SENSITIVE_SEGMENT.test(k) && typeof v === "string" && v.length > 0) {
|
|
177
|
+
out[k] = REDACTED_SENTINEL;
|
|
178
|
+
}
|
|
179
|
+
else {
|
|
180
|
+
out[k] = redactDeep(v);
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
return out;
|
|
184
|
+
}
|
|
185
|
+
/* ───────────────────── structured operations ──────────────────── */
|
|
186
|
+
/** Read a redacted value at `rawPath`. `found:false` when the key is absent. */
|
|
187
|
+
export function configGetValue(cfg, rawPath) {
|
|
188
|
+
const value = getNested(cfg, parsePath(rawPath));
|
|
189
|
+
if (value === undefined)
|
|
190
|
+
return { found: false };
|
|
191
|
+
return { found: true, value: redactDeep(value) };
|
|
192
|
+
}
|
|
193
|
+
/** Mutate `cfg` in place: set `rawPath` to `value`. */
|
|
194
|
+
export function configSetValue(cfg, rawPath, value) {
|
|
195
|
+
setNested(cfg, parsePath(rawPath), value);
|
|
196
|
+
}
|
|
197
|
+
/** Mutate `cfg` in place: remove `rawPath`. Returns whether anything was removed. */
|
|
198
|
+
export function configUnsetValue(cfg, rawPath) {
|
|
199
|
+
return deleteNested(cfg, parsePath(rawPath));
|
|
200
|
+
}
|
|
201
|
+
export function handleConfigGet(params) {
|
|
202
|
+
const p = (params ?? {});
|
|
203
|
+
const rawPath = (p.path ?? "").trim();
|
|
204
|
+
if (!rawPath)
|
|
205
|
+
throw new Error("config.get: missing 'path'");
|
|
206
|
+
return configGetValue(loadConfig(), rawPath);
|
|
207
|
+
}
|
|
208
|
+
export function handleConfigSet(params) {
|
|
209
|
+
const p = (params ?? {});
|
|
210
|
+
const rawPath = (p.path ?? "").trim();
|
|
211
|
+
if (!rawPath)
|
|
212
|
+
throw new Error("config.set: missing 'path'");
|
|
213
|
+
const cfg = loadConfig();
|
|
214
|
+
configSetValue(cfg, rawPath, p.value);
|
|
215
|
+
saveConfig(cfg);
|
|
216
|
+
return { ok: true, path: rawPath, value: redactDeep(p.value) };
|
|
217
|
+
}
|
|
218
|
+
export function handleConfigUnset(params) {
|
|
219
|
+
const p = (params ?? {});
|
|
220
|
+
const rawPath = (p.path ?? "").trim();
|
|
221
|
+
if (!rawPath)
|
|
222
|
+
throw new Error("config.unset: missing 'path'");
|
|
223
|
+
const cfg = loadConfig();
|
|
224
|
+
const removed = configUnsetValue(cfg, rawPath);
|
|
225
|
+
if (removed)
|
|
226
|
+
saveConfig(cfg);
|
|
227
|
+
return { ok: removed, path: rawPath, removed };
|
|
228
|
+
}
|
|
229
|
+
export function handleConfigList(params) {
|
|
230
|
+
const p = (params ?? {});
|
|
231
|
+
const cfg = loadConfig();
|
|
232
|
+
return { config: p.redact === false ? cfg : redactDeep(cfg) };
|
|
233
|
+
}
|
|
234
|
+
export function handleConfigSchema(_params) {
|
|
235
|
+
return { schema: BrigadeConfigSchema };
|
|
236
|
+
}
|
|
237
|
+
export function handleConfigValidate(_params) {
|
|
238
|
+
const issues = collectBrigadeConfigErrors(loadConfig());
|
|
239
|
+
return { valid: issues.length === 0, issues };
|
|
240
|
+
}
|
|
241
|
+
//# sourceMappingURL=config-ops.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config-ops.js","sourceRoot":"","sources":["../../src/core/config-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErD,MAAM,CAAC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AACxD,MAAM,iBAAiB,GAAG,gEAAgE,CAAC;AAE3F,sEAAsE;AAEtE;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,GAAW;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,EAAE,KAAK,IAAI,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC3C,GAAG,IAAI,GAAG,CAAC;YACX,CAAC,EAAE,CAAC;YACJ,SAAS;QACV,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAChB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,GAAG,CAAC,CAAC;YAC1D,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,GAAG,EAAE,CAAC;YACT,SAAS;QACV,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAChB,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,GAAG,EAAE,CAAC;YACV,CAAC;YACD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACtC,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,GAAG,CAAC,CAAC;YACzD,CAAC;YACD,IAAI,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YAChD,IACC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAChD,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC/C,CAAC;gBACF,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,GAAG,CAAC,CAAC;YAClE,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtB,CAAC,GAAG,KAAK,CAAC;YACV,SAAS;QACV,CAAC;QACD,GAAG,IAAI,EAAE,CAAC;IACX,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,GAAG,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED,4EAA4E;AAC5E,SAAS,cAAc,CAAC,GAAW;IAClC,OAAO,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAa,EAAE,QAAkB;IAC1D,IAAI,GAAG,GAAY,IAAI,CAAC;IACxB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QACxD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,SAAS;QACV,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAC9C,GAAG,GAAI,GAA+B,CAAC,GAAG,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,GAAG,CAAC;AACZ,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAA6B,EAAE,QAAkB,EAAE,KAAc;IAC1F,8EAA8E;IAC9E,IAAI,GAAG,GAAQ,IAAI,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzF,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjF,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;YAC1B,CAAC;iBAAM,CAAC;gBACP,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAClB,CAAC;YACD,GAAG,GAAG,KAAK,CAAC;QACb,CAAC;aAAM,CAAC;YACP,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/E,CAAC;IACF,CAAC;IACD,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACjD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC;IAC3B,CAAC;SAAM,CAAC;QACP,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACnB,CAAC;AACF,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAA6B,EAAE,QAAkB;IAC7E,8EAA8E;IAC9E,IAAI,GAAG,GAAQ,IAAI,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACvF,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAClF,GAAG,GAAG,IAAI,CAAC;IACZ,CAAC;IACD,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACjD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,GAAG,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;YACtB,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IACD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;QACnD,OAAO,GAAG,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,gBAAgB,CAAC,GAAW,EAAE,OAAiC,EAAE;IAChF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IACD,IAAI,CAAC;QACJ,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,GAAG,CAAC;IACZ,CAAC;AACF,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,UAAU,CAAC,KAAc;IACxC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5C,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxE,GAAG,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAAC;QAC5B,CAAC;aAAM,CAAC;YACP,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC;IACF,CAAC;IACD,OAAO,GAAG,CAAC;AACZ,CAAC;AAED,sEAAsE;AAEtE,gFAAgF;AAChF,MAAM,UAAU,cAAc,CAAC,GAAY,EAAE,OAAe;IAC3D,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACjD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,cAAc,CAAC,GAA4B,EAAE,OAAe,EAAE,KAAc;IAC3F,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,gBAAgB,CAAC,GAA4B,EAAE,OAAe;IAC7E,OAAO,YAAY,CAAC,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AAC9C,CAAC;AAmCD,MAAM,UAAU,eAAe,CAAC,MAAe;IAC9C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAsB,CAAC;IAC9C,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAC5D,OAAO,cAAc,CAAC,UAAU,EAA6B,EAAE,OAAO,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAe;IAC9C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAuC,CAAC;IAC/D,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,UAAU,EAA6B,CAAC;IACpD,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;IACtC,UAAU,CAAC,GAAY,CAAC,CAAC;IACzB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAChD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAsB,CAAC;IAC9C,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC9D,MAAM,GAAG,GAAG,UAAU,EAA6B,CAAC;IACpD,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC/C,IAAI,OAAO;QAAE,UAAU,CAAC,GAAY,CAAC,CAAC;IACtC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAe;IAC/C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,GAAG,GAAG,UAAU,EAA6B,CAAC;IACpD,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAiB;IACnD,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAiB;IACrD,MAAM,MAAM,GAAG,0BAA0B,CAAC,UAAU,EAAE,CAAC,CAAC;IACxD,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAC/C,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Exec-approval operations behind the `exec.*` gateway RPCs — the
|
|
3
|
+
* `brigade exec <list|allow|allow-pattern|remove|deny-test>` surface, reachable
|
|
4
|
+
* from a remote client.
|
|
5
|
+
*
|
|
6
|
+
* OPERATOR-SCOPED, per-agent: manages an agent's bash approval allowlist. NOT
|
|
7
|
+
* session-targeted — the operator manages exec trust for their OWN agents, the
|
|
8
|
+
* same posture as the already-allowlisted `exec-grant-skill` / `exec-allow-all`
|
|
9
|
+
* RPCs. No per-session access guard is needed (and the guard-sweep allowlists
|
|
10
|
+
* these by name for that reason).
|
|
11
|
+
*
|
|
12
|
+
* All structured returns (no console I/O) so the gateway can hand them straight
|
|
13
|
+
* back to a WS client. The underlying primitives in `exec-approvals.ts` are the
|
|
14
|
+
* SAME ones the CLI calls, so `brigade exec allow` and `exec.allow` over the
|
|
15
|
+
* wire behave identically — including the hard-deny safety net.
|
|
16
|
+
*/
|
|
17
|
+
import { type ApprovalDecision } from "./exec-approvals.js";
|
|
18
|
+
export interface ExecListResult {
|
|
19
|
+
agentId: string;
|
|
20
|
+
filePath: string;
|
|
21
|
+
commands: string[];
|
|
22
|
+
patterns: string[];
|
|
23
|
+
}
|
|
24
|
+
export declare function handleExecList(params: unknown): ExecListResult;
|
|
25
|
+
export interface ExecMutateResult {
|
|
26
|
+
ok: boolean;
|
|
27
|
+
agentId: string;
|
|
28
|
+
kind?: "exact" | "pattern";
|
|
29
|
+
value?: string;
|
|
30
|
+
reason?: string;
|
|
31
|
+
}
|
|
32
|
+
export declare function handleExecAllow(params: unknown): ExecMutateResult;
|
|
33
|
+
export declare function handleExecAllowPattern(params: unknown): ExecMutateResult;
|
|
34
|
+
export interface ExecRemoveResult {
|
|
35
|
+
ok: boolean;
|
|
36
|
+
agentId: string;
|
|
37
|
+
removedCommands: number;
|
|
38
|
+
removedPatterns: number;
|
|
39
|
+
reason?: string;
|
|
40
|
+
}
|
|
41
|
+
export declare function handleExecRemove(params: unknown): ExecRemoveResult;
|
|
42
|
+
export interface ExecDenyTestResult {
|
|
43
|
+
agentId: string;
|
|
44
|
+
command: string;
|
|
45
|
+
decision: ApprovalDecision;
|
|
46
|
+
}
|
|
47
|
+
export declare function handleExecDenyTest(params: unknown): ExecDenyTestResult;
|
|
48
|
+
//# sourceMappingURL=exec-ops.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exec-ops.d.ts","sourceRoot":"","sources":["../../src/core/exec-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACN,KAAK,gBAAgB,EAOrB,MAAM,qBAAqB,CAAC;AAO7B,MAAM,WAAW,cAAc;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACnB;AACD,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,cAAc,CAK9D;AAED,MAAM,WAAW,gBAAgB;IAChC,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AACD,wBAAgB,eAAe,CAAC,MAAM,EAAE,OAAO,GAAG,gBAAgB,CAejE;AAED,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,OAAO,GAAG,gBAAgB,CAiBxE;AAED,MAAM,WAAW,gBAAgB;IAChC,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AACD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,OAAO,GAAG,gBAAgB,CAsBlE;AAED,MAAM,WAAW,kBAAkB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,gBAAgB,CAAC;CAC3B;AACD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,kBAAkB,CAKtE"}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Exec-approval operations behind the `exec.*` gateway RPCs — the
|
|
3
|
+
* `brigade exec <list|allow|allow-pattern|remove|deny-test>` surface, reachable
|
|
4
|
+
* from a remote client.
|
|
5
|
+
*
|
|
6
|
+
* OPERATOR-SCOPED, per-agent: manages an agent's bash approval allowlist. NOT
|
|
7
|
+
* session-targeted — the operator manages exec trust for their OWN agents, the
|
|
8
|
+
* same posture as the already-allowlisted `exec-grant-skill` / `exec-allow-all`
|
|
9
|
+
* RPCs. No per-session access guard is needed (and the guard-sweep allowlists
|
|
10
|
+
* these by name for that reason).
|
|
11
|
+
*
|
|
12
|
+
* All structured returns (no console I/O) so the gateway can hand them straight
|
|
13
|
+
* back to a WS client. The underlying primitives in `exec-approvals.ts` are the
|
|
14
|
+
* SAME ones the CLI calls, so `brigade exec allow` and `exec.allow` over the
|
|
15
|
+
* wire behave identically — including the hard-deny safety net.
|
|
16
|
+
*/
|
|
17
|
+
import { DEFAULT_AGENT_ID } from "../config/paths.js";
|
|
18
|
+
import { BrigadeApprovalRefusedError, decideApproval, getApprovalsFilePath, listApprovals, recordApproval, removeApproval, } from "./exec-approvals.js";
|
|
19
|
+
function resolveAgentId(agentId) {
|
|
20
|
+
const t = (agentId ?? "").trim();
|
|
21
|
+
return t.length > 0 ? t : DEFAULT_AGENT_ID;
|
|
22
|
+
}
|
|
23
|
+
export function handleExecList(params) {
|
|
24
|
+
const p = (params ?? {});
|
|
25
|
+
const agentId = resolveAgentId(p.agentId);
|
|
26
|
+
const { commands, patterns } = listApprovals(agentId);
|
|
27
|
+
return { agentId, filePath: getApprovalsFilePath(agentId), commands, patterns };
|
|
28
|
+
}
|
|
29
|
+
export function handleExecAllow(params) {
|
|
30
|
+
const p = (params ?? {});
|
|
31
|
+
const agentId = resolveAgentId(p.agentId);
|
|
32
|
+
const cmd = (p.command ?? "").trim();
|
|
33
|
+
if (!cmd)
|
|
34
|
+
return { ok: false, agentId, reason: "command is empty" };
|
|
35
|
+
if (decideApproval(cmd, agentId) === "deny") {
|
|
36
|
+
return { ok: false, agentId, value: cmd, reason: "matches a hard-deny pattern and cannot be allowlisted" };
|
|
37
|
+
}
|
|
38
|
+
try {
|
|
39
|
+
recordApproval(cmd, "exact", agentId);
|
|
40
|
+
}
|
|
41
|
+
catch (err) {
|
|
42
|
+
if (err instanceof BrigadeApprovalRefusedError)
|
|
43
|
+
return { ok: false, agentId, value: cmd, reason: err.message };
|
|
44
|
+
throw err;
|
|
45
|
+
}
|
|
46
|
+
return { ok: true, agentId, kind: "exact", value: cmd };
|
|
47
|
+
}
|
|
48
|
+
export function handleExecAllowPattern(params) {
|
|
49
|
+
const p = (params ?? {});
|
|
50
|
+
const agentId = resolveAgentId(p.agentId);
|
|
51
|
+
const pat = (p.pattern ?? "").trim();
|
|
52
|
+
if (!pat)
|
|
53
|
+
return { ok: false, agentId, reason: "pattern is empty" };
|
|
54
|
+
try {
|
|
55
|
+
new RegExp(pat);
|
|
56
|
+
}
|
|
57
|
+
catch (err) {
|
|
58
|
+
return { ok: false, agentId, value: pat, reason: `invalid regex: ${err.message}` };
|
|
59
|
+
}
|
|
60
|
+
try {
|
|
61
|
+
recordApproval(pat, "pattern", agentId);
|
|
62
|
+
}
|
|
63
|
+
catch (err) {
|
|
64
|
+
if (err instanceof BrigadeApprovalRefusedError)
|
|
65
|
+
return { ok: false, agentId, value: pat, reason: err.message };
|
|
66
|
+
throw err;
|
|
67
|
+
}
|
|
68
|
+
return { ok: true, agentId, kind: "pattern", value: pat };
|
|
69
|
+
}
|
|
70
|
+
export function handleExecRemove(params) {
|
|
71
|
+
const p = (params ?? {});
|
|
72
|
+
const agentId = resolveAgentId(p.agentId);
|
|
73
|
+
const value = (p.value ?? "").trim();
|
|
74
|
+
if (!value)
|
|
75
|
+
return { ok: false, agentId, removedCommands: 0, removedPatterns: 0, reason: "value is empty" };
|
|
76
|
+
let res;
|
|
77
|
+
try {
|
|
78
|
+
res = removeApproval(value, agentId);
|
|
79
|
+
}
|
|
80
|
+
catch (err) {
|
|
81
|
+
if (err instanceof BrigadeApprovalRefusedError) {
|
|
82
|
+
return { ok: false, agentId, removedCommands: 0, removedPatterns: 0, reason: err.message };
|
|
83
|
+
}
|
|
84
|
+
throw err;
|
|
85
|
+
}
|
|
86
|
+
const ok = res.removedCommands > 0 || res.removedPatterns > 0;
|
|
87
|
+
return {
|
|
88
|
+
ok,
|
|
89
|
+
agentId,
|
|
90
|
+
removedCommands: res.removedCommands,
|
|
91
|
+
removedPatterns: res.removedPatterns,
|
|
92
|
+
...(ok ? {} : { reason: `"${value}" not found in commands or patterns` }),
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
export function handleExecDenyTest(params) {
|
|
96
|
+
const p = (params ?? {});
|
|
97
|
+
const agentId = resolveAgentId(p.agentId);
|
|
98
|
+
const cmd = (p.command ?? "").trim();
|
|
99
|
+
return { agentId, command: cmd, decision: cmd ? decideApproval(cmd, agentId) : "deny" };
|
|
100
|
+
}
|
|
101
|
+
//# sourceMappingURL=exec-ops.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exec-ops.js","sourceRoot":"","sources":["../../src/core/exec-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAEN,2BAA2B,EAC3B,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,cAAc,GACd,MAAM,qBAAqB,CAAC;AAE7B,SAAS,cAAc,CAAC,OAAgB;IACvC,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACjC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAC5C,CAAC;AAQD,MAAM,UAAU,cAAc,CAAC,MAAe;IAC7C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACtD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,oBAAoB,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AACjF,CAAC;AASD,MAAM,UAAU,eAAe,CAAC,MAAe;IAC9C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAA2C,CAAC;IACnE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACpE,IAAI,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC;QAC7C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,uDAAuD,EAAE,CAAC;IAC5G,CAAC;IACD,IAAI,CAAC;QACJ,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,2BAA2B;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QAC/G,MAAM,GAAG,CAAC;IACX,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,MAAe;IACrD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAA2C,CAAC;IACnE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACpE,IAAI,CAAC;QACJ,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,kBAAmB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;IAC/F,CAAC;IACD,IAAI,CAAC;QACJ,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,2BAA2B;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QAC/G,MAAM,GAAG,CAAC;IACX,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;AAC3D,CAAC;AASD,MAAM,UAAU,gBAAgB,CAAC,MAAe;IAC/C,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyC,CAAC;IACjE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC5G,IAAI,GAAyD,CAAC;IAC9D,IAAI,CAAC;QACJ,GAAG,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,IAAI,GAAG,YAAY,2BAA2B,EAAE,CAAC;YAChD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QAC5F,CAAC;QACD,MAAM,GAAG,CAAC;IACX,CAAC;IACD,MAAM,EAAE,GAAG,GAAG,CAAC,eAAe,GAAG,CAAC,IAAI,GAAG,CAAC,eAAe,GAAG,CAAC,CAAC;IAC9D,OAAO;QACN,EAAE;QACF,OAAO;QACP,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,KAAK,qCAAqC,EAAE,CAAC;KACzE,CAAC;AACH,CAAC;AAOD,MAAM,UAAU,kBAAkB,CAAC,MAAe;IACjD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAA2C,CAAC;IACnE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;AACzF,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Integration control behind the `composio` and `oauth` gateway RPCs — the
|
|
3
|
+
* Composio connector (1,000+ apps) and the DIY OAuth-2 authorize flow, reachable
|
|
4
|
+
* from a remote client.
|
|
5
|
+
*
|
|
6
|
+
* Both reuse the owner-scoped tools (ctx-free execute; owner-gating is a session
|
|
7
|
+
* wrapper). Operator-scoped (allowlisted in the guard-sweep). Action-based,
|
|
8
|
+
* mirroring the tools 1:1.
|
|
9
|
+
*
|
|
10
|
+
* REMOTE NOTES:
|
|
11
|
+
* - `composio` is fully remote-capable: Composio HOSTS the OAuth callback, so
|
|
12
|
+
* `connect` returns a click-link the operator opens anywhere and the gateway
|
|
13
|
+
* just polls `status` — no gateway loopback involved.
|
|
14
|
+
* - `oauth` is the DIY loopback flow: `start` opens a 127.0.0.1 listener ON THE
|
|
15
|
+
* GATEWAY HOST with a loopback redirect_uri, so the round-trip only completes
|
|
16
|
+
* when the operator's browser can reach the GATEWAY's loopback (local to the
|
|
17
|
+
* gateway, or tunneled). A pure-remote browser would hit its OWN loopback.
|
|
18
|
+
* `status`/`token` work remotely. For remote app integrations prefer
|
|
19
|
+
* `composio`.
|
|
20
|
+
*/
|
|
21
|
+
/** `composio` — Composio connector: set-key/apps/connect/status/search/execute/disconnect/refresh. */
|
|
22
|
+
export declare function handleComposio(params: unknown): Promise<unknown>;
|
|
23
|
+
/** `oauth` — DIY OAuth-2 authorize: start/await/cancel/status/token (see loopback caveat above). */
|
|
24
|
+
export declare function handleOauth(params: unknown): Promise<unknown>;
|
|
25
|
+
//# sourceMappingURL=integrations-ops.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"integrations-ops.d.ts","sourceRoot":"","sources":["../../src/core/integrations-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAMH,sGAAsG;AACtG,wBAAsB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAMtE;AAED,oGAAoG;AACpG,wBAAsB,WAAW,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAMnE"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Integration control behind the `composio` and `oauth` gateway RPCs — the
|
|
3
|
+
* Composio connector (1,000+ apps) and the DIY OAuth-2 authorize flow, reachable
|
|
4
|
+
* from a remote client.
|
|
5
|
+
*
|
|
6
|
+
* Both reuse the owner-scoped tools (ctx-free execute; owner-gating is a session
|
|
7
|
+
* wrapper). Operator-scoped (allowlisted in the guard-sweep). Action-based,
|
|
8
|
+
* mirroring the tools 1:1.
|
|
9
|
+
*
|
|
10
|
+
* REMOTE NOTES:
|
|
11
|
+
* - `composio` is fully remote-capable: Composio HOSTS the OAuth callback, so
|
|
12
|
+
* `connect` returns a click-link the operator opens anywhere and the gateway
|
|
13
|
+
* just polls `status` — no gateway loopback involved.
|
|
14
|
+
* - `oauth` is the DIY loopback flow: `start` opens a 127.0.0.1 listener ON THE
|
|
15
|
+
* GATEWAY HOST with a loopback redirect_uri, so the round-trip only completes
|
|
16
|
+
* when the operator's browser can reach the GATEWAY's loopback (local to the
|
|
17
|
+
* gateway, or tunneled). A pure-remote browser would hit its OWN loopback.
|
|
18
|
+
* `status`/`token` work remotely. For remote app integrations prefer
|
|
19
|
+
* `composio`.
|
|
20
|
+
*/
|
|
21
|
+
import { DEFAULT_AGENT_ID } from "../agents/routing/session-key.js";
|
|
22
|
+
import { makeComposioTool } from "../agents/tools/composio-tool.js";
|
|
23
|
+
import { makeOAuthAuthorizeTool } from "../agents/tools/oauth-authorize-tool.js";
|
|
24
|
+
/** `composio` — Composio connector: set-key/apps/connect/status/search/execute/disconnect/refresh. */
|
|
25
|
+
export async function handleComposio(params) {
|
|
26
|
+
const p = (params ?? {});
|
|
27
|
+
const agentId = (p.agentId ?? "").trim() || DEFAULT_AGENT_ID;
|
|
28
|
+
const tool = makeComposioTool({ agentId });
|
|
29
|
+
const res = await tool.execute("gateway", params);
|
|
30
|
+
return res.details;
|
|
31
|
+
}
|
|
32
|
+
/** `oauth` — DIY OAuth-2 authorize: start/await/cancel/status/token (see loopback caveat above). */
|
|
33
|
+
export async function handleOauth(params) {
|
|
34
|
+
const p = (params ?? {});
|
|
35
|
+
const agentId = (p.agentId ?? "").trim() || DEFAULT_AGENT_ID;
|
|
36
|
+
const tool = makeOAuthAuthorizeTool({ agentId });
|
|
37
|
+
const res = await tool.execute("gateway", params);
|
|
38
|
+
return res.details;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=integrations-ops.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"integrations-ops.js","sourceRoot":"","sources":["../../src/core/integrations-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEjF,sGAAsG;AACtG,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAe;IACnD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,gBAAgB,CAAC;IAC7D,MAAM,IAAI,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAe,CAAC,CAAC;IAC3D,OAAO,GAAG,CAAC,OAAO,CAAC;AACpB,CAAC;AAED,oGAAoG;AACpG,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAe;IAChD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,gBAAgB,CAAC;IAC7D,MAAM,IAAI,GAAG,sBAAsB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAe,CAAC,CAAC;IAC3D,OAAO,GAAG,CAAC,OAAO,CAAC;AACpB,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Memory (Tideline) write + governance behind the `memory.*` gateway RPCs — the
|
|
3
|
+
* write_memory + manage_memory surface, reachable from a remote client.
|
|
4
|
+
*
|
|
5
|
+
* Memory lives in `facts.jsonl` (a store, NOT brigade.json), so `config.set`
|
|
6
|
+
* cannot reach it — these RPCs are the only typed remote path to MUTATE memory.
|
|
7
|
+
* READ is already covered by the `memory-query` (list/search/inspect/stats) and
|
|
8
|
+
* `memory-graph` RPCs.
|
|
9
|
+
*
|
|
10
|
+
* OPERATOR-SCOPED: operates on the OWNER origin over the agent's workspace,
|
|
11
|
+
* exactly like the tools (filesystem AND Convex modes). Reuses the SAME
|
|
12
|
+
* write_memory / manage_memory tool logic — their `execute()` is pure (owner-
|
|
13
|
+
* gating is a session wrapper, not inside execute), so invoking them with an
|
|
14
|
+
* owner scope from the gateway is correct and byte-identical to a turn.
|
|
15
|
+
*/
|
|
16
|
+
/** `memory.write` — persist a durable fact. Params mirror the write_memory tool. */
|
|
17
|
+
export declare function handleMemoryWrite(params: unknown): Promise<unknown>;
|
|
18
|
+
/** `memory.manage` — dream/purge/inspect/export/retention/vault/retract/restore/relink. */
|
|
19
|
+
export declare function handleMemoryManage(params: unknown): Promise<unknown>;
|
|
20
|
+
//# sourceMappingURL=memory-ops.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memory-ops.d.ts","sourceRoot":"","sources":["../../src/core/memory-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAYH,oFAAoF;AACpF,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAMzE;AAED,2FAA2F;AAC3F,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAM1E"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Memory (Tideline) write + governance behind the `memory.*` gateway RPCs — the
|
|
3
|
+
* write_memory + manage_memory surface, reachable from a remote client.
|
|
4
|
+
*
|
|
5
|
+
* Memory lives in `facts.jsonl` (a store, NOT brigade.json), so `config.set`
|
|
6
|
+
* cannot reach it — these RPCs are the only typed remote path to MUTATE memory.
|
|
7
|
+
* READ is already covered by the `memory-query` (list/search/inspect/stats) and
|
|
8
|
+
* `memory-graph` RPCs.
|
|
9
|
+
*
|
|
10
|
+
* OPERATOR-SCOPED: operates on the OWNER origin over the agent's workspace,
|
|
11
|
+
* exactly like the tools (filesystem AND Convex modes). Reuses the SAME
|
|
12
|
+
* write_memory / manage_memory tool logic — their `execute()` is pure (owner-
|
|
13
|
+
* gating is a session wrapper, not inside execute), so invoking them with an
|
|
14
|
+
* owner scope from the gateway is correct and byte-identical to a turn.
|
|
15
|
+
*/
|
|
16
|
+
import { FactStore } from "../agents/memory/records.js";
|
|
17
|
+
import { makeManageMemoryTool } from "../agents/tools/manage-memory-tool.js";
|
|
18
|
+
import { makeWriteMemoryTool } from "../agents/tools/memory-tools.js";
|
|
19
|
+
import { DEFAULT_AGENT_ID, resolveAgentWorkspaceDir } from "../config/paths.js";
|
|
20
|
+
function workspaceFor(agentId) {
|
|
21
|
+
const id = (agentId ?? "").trim() || DEFAULT_AGENT_ID;
|
|
22
|
+
return resolveAgentWorkspaceDir(id);
|
|
23
|
+
}
|
|
24
|
+
/** `memory.write` — persist a durable fact. Params mirror the write_memory tool. */
|
|
25
|
+
export async function handleMemoryWrite(params) {
|
|
26
|
+
const p = (params ?? {});
|
|
27
|
+
const store = new FactStore(workspaceFor(p.agentId));
|
|
28
|
+
const tool = makeWriteMemoryTool(store, { senderIsOwner: true });
|
|
29
|
+
const res = await tool.execute("gateway", params);
|
|
30
|
+
return res.details;
|
|
31
|
+
}
|
|
32
|
+
/** `memory.manage` — dream/purge/inspect/export/retention/vault/retract/restore/relink. */
|
|
33
|
+
export async function handleMemoryManage(params) {
|
|
34
|
+
const p = (params ?? {});
|
|
35
|
+
const agentId = (p.agentId ?? "").trim() || DEFAULT_AGENT_ID;
|
|
36
|
+
const tool = makeManageMemoryTool(workspaceFor(agentId), { agentId });
|
|
37
|
+
const res = await tool.execute("gateway", params);
|
|
38
|
+
return res.details;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=memory-ops.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memory-ops.js","sourceRoot":"","sources":["../../src/core/memory-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAEhF,SAAS,YAAY,CAAC,OAAgB;IACrC,MAAM,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,gBAAgB,CAAC;IACtD,OAAO,wBAAwB,CAAC,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,oFAAoF;AACpF,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAAe;IACtD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,mBAAmB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAe,CAAC,CAAC;IAC3D,OAAO,GAAG,CAAC,OAAO,CAAC;AACpB,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAe;IACvD,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAyB,CAAC;IACjD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,gBAAgB,CAAC;IAC7D,MAAM,IAAI,GAAG,oBAAoB,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IACtE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAe,CAAC,CAAC;IAC3D,OAAO,GAAG,CAAC,OAAO,CAAC;AACpB,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Channel pairing operations behind the `pairing.*` gateway RPCs — the
|
|
3
|
+
* `brigade pairing <list|approve|revoke>` surface, reachable from a remote
|
|
4
|
+
* client.
|
|
5
|
+
*
|
|
6
|
+
* OPERATOR-SCOPED channel access control (approve/deny strangers who DM the
|
|
7
|
+
* bot). Per-channel, never a per-session target, so no per-session guard. The
|
|
8
|
+
* RPCs REQUIRE an explicit `channel` (no CLI-style auto-pick) — a client knows
|
|
9
|
+
* the channel from `system.capabilities`. Reuses the SAME access-control
|
|
10
|
+
* primitives the CLI calls, including the owner-bootstrap + in-channel notify
|
|
11
|
+
* on approve.
|
|
12
|
+
*/
|
|
13
|
+
import { readPendingPairings } from "../agents/channels/access-control/index.js";
|
|
14
|
+
export type PairingListResult = {
|
|
15
|
+
channel: string;
|
|
16
|
+
pending: ReturnType<typeof readPendingPairings>;
|
|
17
|
+
};
|
|
18
|
+
export declare function handlePairingList(params: unknown): PairingListResult;
|
|
19
|
+
export interface PairingApproveResult {
|
|
20
|
+
ok: boolean;
|
|
21
|
+
channel: string;
|
|
22
|
+
sender?: string;
|
|
23
|
+
owner?: boolean;
|
|
24
|
+
reason?: string;
|
|
25
|
+
}
|
|
26
|
+
export declare function handlePairingApprove(params: unknown): Promise<PairingApproveResult>;
|
|
27
|
+
export interface PairingRevokeResult {
|
|
28
|
+
ok: boolean;
|
|
29
|
+
channel: string;
|
|
30
|
+
reason?: string;
|
|
31
|
+
}
|
|
32
|
+
export declare function handlePairingRevoke(params: unknown): PairingRevokeResult;
|
|
33
|
+
//# sourceMappingURL=pairing-ops.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pairing-ops.d.ts","sourceRoot":"","sources":["../../src/core/pairing-ops.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAGN,mBAAmB,EAGnB,MAAM,4CAA4C,CAAC;AAqBpD,MAAM,MAAM,iBAAiB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC;CAChD,CAAC;AACF,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,OAAO,GAAG,iBAAiB,CAKpE;AAED,MAAM,WAAW,oBAAoB;IACpC,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AACD,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC,CA0BzF;AAED,MAAM,WAAW,mBAAmB;IACnC,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AACD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,OAAO,GAAG,mBAAmB,CAQxE"}
|