@terminai/a2a-server 0.21.0

package/dist/src/http/deferredAuth.test.js

@@ -0,0 +1,45 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * Portions Copyright 2025 TerminaI Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+import { createMockConfig, TEST_REMOTE_TOKEN } from '../utils/testing_utils.js';
+const loadConfigSpy = vi.hoisted(() => vi.fn());
+vi.mock('../config/config.js', async (importOriginal) => {
+    const actual = await importOriginal();
+    return {
+        ...actual,
+        loadConfig: loadConfigSpy,
+    };
+});
+describe('deferred auth default (Task 18)', () => {
+    beforeEach(() => {
+        process.env['NODE_ENV'] = 'test';
+        process.env['GEMINI_WEB_REMOTE_TOKEN'] = TEST_REMOTE_TOKEN;
+        delete process.env['TERMINAI_A2A_DEFER_AUTH'];
+        delete process.env['GEMINI_A2A_DEFER_AUTH'];
+        delete process.env['TERMINAI_SIDECAR'];
+        loadConfigSpy.mockResolvedValue(createMockConfig({
+            refreshAuth: vi.fn().mockResolvedValue(undefined),
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            getWebRemoteRelayUrl: vi.fn().mockReturnValue(undefined),
+        }));
+    });
+    afterEach(() => {
+        delete process.env['GEMINI_WEB_REMOTE_TOKEN'];
+        delete process.env['TERMINAI_SIDECAR'];
+        vi.resetAllMocks();
+    });
+    it('enables deferLlmAuth when TERMINAI_SIDECAR=1', async () => {
+        process.env['TERMINAI_SIDECAR'] = '1';
+        const { createApp } = await import('./app.js');
+        await createApp();
+        // Signature: loadConfig(loadedSettings, extensionLoader, taskId, targetDir?, { deferLlmAuth })
+        const lastCall = loadConfigSpy.mock.calls.at(-1);
+        expect(lastCall?.[2]).toBe('a2a-server');
+        expect(lastCall?.[4]).toEqual({ deferLlmAuth: true });
+    });
+});
+//# sourceMappingURL=deferredAuth.test.js.map

package/dist/src/http/deferredAuth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deferredAuth.test.js","sourceRoot":"","sources":["../../../src/http/deferredAuth.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAGhF,MAAM,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAEhD,EAAE,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IACtD,MAAM,MAAM,GAAG,MAAM,cAAc,EAAwC,CAAC;IAC5E,OAAO;QACL,GAAG,MAAM;QACT,UAAU,EAAE,aAAa;KAC1B,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,GAAG,iBAAiB,CAAC;QAE3D,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAEvC,aAAa,CAAC,iBAAiB,CAC7B,gBAAgB,CAAC;YACf,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;YACjD,8DAA8D;YAC9D,oBAAoB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,SAAS,CAAC;SACzD,CAAW,CACb,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACvC,EAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,GAAG,CAAC;QACtC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QAE/C,MAAM,SAAS,EAAE,CAAC;QAElB,+FAA+F;QAC/F,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/http/endpoints.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * Portions Copyright 2025 TerminaI Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/http/endpoints.test.js

@@ -0,0 +1,149 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * Portions Copyright 2025 TerminaI Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest';
+import request from 'supertest';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { createApp, updateCoderAgentCardUrl } from './app.js';
+import { createAuthHeader, createMockConfig, createSignedHeaders, TEST_REMOTE_TOKEN, canListenOnLocalhost, listenOnLocalhost, closeServer, } from '../utils/testing_utils.js';
+import { debugLogger } from '@terminai/core';
+// Mock the logger to avoid polluting test output
+// Comment out to help debug
+vi.mock('../utils/logger.js', () => ({
+    logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn() },
+}));
+// Mock Task.create to avoid its complex setup
+vi.mock('../agent/task.js', () => {
+    class MockTask {
+        id;
+        contextId;
+        taskState = 'submitted';
+        config = {
+            getContentGeneratorConfig: vi
+                .fn()
+                .mockReturnValue({ model: 'gemini-pro' }),
+        };
+        geminiClient = {
+            initialize: vi.fn().mockResolvedValue(undefined),
+        };
+        constructor(id, contextId) {
+            this.id = id;
+            this.contextId = contextId;
+        }
+        static create = vi
+            .fn()
+            .mockImplementation((id, contextId) => Promise.resolve(new MockTask(id, contextId)));
+        getMetadata = vi.fn().mockImplementation(async () => ({
+            id: this.id,
+            contextId: this.contextId,
+            taskState: this.taskState,
+            model: 'gemini-pro',
+            mcpServers: [],
+            availableTools: [],
+        }));
+    }
+    return { Task: MockTask };
+});
+vi.mock('../config/config.js', async () => {
+    const actual = await vi.importActual('../config/config.js');
+    return {
+        ...actual,
+        loadConfig: vi
+            .fn()
+            .mockImplementation(async () => createMockConfig({})),
+    };
+});
+const CAN_LISTEN = await canListenOnLocalhost();
+const describeIfListen = CAN_LISTEN ? describe : describe.skip;
+describeIfListen('Agent Server Endpoints', () => {
+    let app;
+    let server;
+    let testWorkspace;
+    const createTask = (contextId) => request(app)
+        .post('/tasks')
+        .set(createSignedHeaders('POST', '/tasks', {
+        contextId,
+        agentSettings: {
+            kind: 'agent-settings',
+            workspacePath: testWorkspace,
+        },
+    }))
+        .set('Content-Type', 'application/json')
+        .send({
+        contextId,
+        agentSettings: {
+            kind: 'agent-settings',
+            workspacePath: testWorkspace,
+        },
+    });
+    beforeAll(async () => {
+        process.env['GEMINI_WEB_REMOTE_TOKEN'] = TEST_REMOTE_TOKEN;
+        // Create a unique temporary directory for the workspace to avoid conflicts
+        testWorkspace = fs.mkdtempSync(path.join(os.tmpdir(), 'gemini-agent-test-'));
+        app = await createApp();
+        server = await listenOnLocalhost(app);
+        const port = server.address().port;
+        updateCoderAgentCardUrl(port);
+    });
+    afterAll(async () => {
+        if (server) {
+            await closeServer(server);
+        }
+        delete process.env['GEMINI_WEB_REMOTE_TOKEN'];
+        if (testWorkspace) {
+            try {
+                fs.rmSync(testWorkspace, { recursive: true, force: true });
+            }
+            catch (e) {
+                debugLogger.warn(`Could not remove temp dir '${testWorkspace}':`, e);
+            }
+        }
+    });
+    it('should create a new task via POST /tasks', async () => {
+        const response = await createTask('test-context');
+        expect(response.status).toBe(201);
+        expect(response.body).toBeTypeOf('string'); // Should return the task ID
+    }, 7000);
+    it('should get metadata for a specific task via GET /tasks/:taskId/metadata', async () => {
+        const createResponse = await createTask('test-context-2');
+        const taskId = createResponse.body;
+        const response = await request(app)
+            .get(`/tasks/${taskId}/metadata`)
+            .set(createAuthHeader());
+        expect(response.status).toBe(200);
+        expect(response.body.metadata.id).toBe(taskId);
+    }, 6000);
+    it('should get metadata for all tasks via GET /tasks/metadata', async () => {
+        const createResponse = await createTask('test-context-3');
+        const taskId = createResponse.body;
+        const response = await request(app)
+            .get('/tasks/metadata')
+            .set(createAuthHeader());
+        expect(response.status).toBe(200);
+        expect(Array.isArray(response.body)).toBe(true);
+        expect(response.body.length).toBeGreaterThan(0);
+        const taskMetadata = response.body.find((m) => m.id === taskId);
+        expect(taskMetadata).toBeDefined();
+    });
+    it('should return 404 for a non-existent task', async () => {
+        const response = await request(app)
+            .get('/tasks/fake-task/metadata')
+            .set(createAuthHeader());
+        expect(response.status).toBe(404);
+    });
+    it('should return agent metadata via GET /.well-known/agent-card.json', async () => {
+        const response = await request(app)
+            .get('/.well-known/agent-card.json')
+            .set(createAuthHeader());
+        const port = server.address().port;
+        expect(response.status).toBe(200);
+        expect(response.body.name).toBe('Gemini SDLC Agent');
+        expect(response.body.url).toBe(`http://localhost:${port}/`);
+    });
+});
+//# sourceMappingURL=endpoints.test.js.map

package/dist/src/http/endpoints.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoints.test.js","sourceRoot":"","sources":["../../../src/http/endpoints.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACvE,OAAO,OAAO,MAAM,WAAW,CAAC;AAEhC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAI9B,OAAO,EAAE,SAAS,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAE9D,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,WAAW,GACZ,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,WAAW,EAAe,MAAM,gBAAgB,CAAC;AAE1D,iDAAiD;AACjD,4BAA4B;AAC5B,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,MAAM,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE;CACzD,CAAC,CAAC,CAAC;AAEJ,8CAA8C;AAC9C,EAAE,CAAC,IAAI,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAC/B,MAAM,QAAQ;QACZ,EAAE,CAAS;QACX,SAAS,CAAS;QAClB,SAAS,GAAG,WAAW,CAAC;QACxB,MAAM,GAAG;YACP,yBAAyB,EAAE,EAAE;iBAC1B,EAAE,EAAE;iBACJ,eAAe,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;SAC5C,CAAC;QACF,YAAY,GAAG;YACb,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;SACjD,CAAC;QACF,YAAY,EAAU,EAAE,SAAiB;YACvC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QACD,MAAM,CAAC,MAAM,GAAG,EAAE;aACf,EAAE,EAAE;aACJ,kBAAkB,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,EAAE,CACpC,OAAO,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAC7C,CAAC;QACJ,WAAW,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YACpD,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,KAAK,EAAE,YAAY;YACnB,UAAU,EAAE,EAAE;YACd,cAAc,EAAE,EAAE;SACnB,CAAC,CAAC,CAAC;;IAEN,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC,CAAC,CAAC;AAEH,EAAE,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,IAAI,EAAE;IACxC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,qBAAqB,CAAC,CAAC;IAC5D,OAAO;QACL,GAAG,MAAM;QACT,UAAU,EAAE,EAAE;aACX,EAAE,EAAE;aACJ,kBAAkB,CAAC,KAAK,IAAI,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAW,CAAC;KAClE,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,MAAM,oBAAoB,EAAE,CAAC;AAChD,MAAM,gBAAgB,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;AAE/D,gBAAgB,CAAC,wBAAwB,EAAE,GAAG,EAAE;IAC9C,IAAI,GAAoB,CAAC;IACzB,IAAI,MAAc,CAAC;IACnB,IAAI,aAAqB,CAAC;IAE1B,MAAM,UAAU,GAAG,CAAC,SAAiB,EAAE,EAAE,CACvC,OAAO,CAAC,GAAG,CAAC;SACT,IAAI,CAAC,QAAQ,CAAC;SACd,GAAG,CACF,mBAAmB,CAAC,MAAM,EAAE,QAAQ,EAAE;QACpC,SAAS;QACT,aAAa,EAAE;YACb,IAAI,EAAE,gBAAgB;YACtB,aAAa,EAAE,aAAa;SAC7B;KACF,CAAC,CACH;SACA,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC;SACvC,IAAI,CAAC;QACJ,SAAS;QACT,aAAa,EAAE;YACb,IAAI,EAAE,gBAAgB;YACtB,aAAa,EAAE,aAAa;SAC7B;KACF,CAAC,CAAC;IAEP,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,GAAG,iBAAiB,CAAC;QAC3D,2EAA2E;QAC3E,aAAa,GAAG,EAAE,CAAC,WAAW,CAC5B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,oBAAoB,CAAC,CAC7C,CAAC;QACF,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC;QACxB,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;QACtC,MAAM,IAAI,GAAI,MAAM,CAAC,OAAO,EAAkB,CAAC,IAAI,CAAC;QACpD,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;QAClB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QAE9C,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7D,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,WAAW,CAAC,IAAI,CAAC,8BAA8B,aAAa,IAAI,EAAE,CAAC,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,CAAC;QAClD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,4BAA4B;IAC1E,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC;QACnC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;aAChC,GAAG,CAAC,UAAU,MAAM,WAAW,CAAC;aAChC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC3B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC;QACnC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;aAChC,GAAG,CAAC,iBAAiB,CAAC;aACtB,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC3B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CACrC,CAAC,CAAe,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CACrC,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;aAChC,GAAG,CAAC,2BAA2B,CAAC;aAChC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC3B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;aAChC,GAAG,CAAC,8BAA8B,CAAC;aACnC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC3B,MAAM,IAAI,GAAI,MAAM,CAAC,OAAO,EAAkB,CAAC,IAAI,CAAC;QACpD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,oBAAoB,IAAI,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/http/llmAuthMiddleware.d.ts

@@ -0,0 +1,9 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * Portions Copyright 2025 TerminaI Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { Request, Response, NextFunction } from 'express';
+import { LlmAuthManager } from '../auth/llmAuthManager.js';
+export declare function createLlmAuthMiddleware(authManager: LlmAuthManager): (_req: Request, res: Response, next: NextFunction) => void;

package/dist/src/http/llmAuthMiddleware.js

@@ -0,0 +1,37 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * Portions Copyright 2025 TerminaI Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { LlmAuthManager } from '../auth/llmAuthManager.js';
+export function createLlmAuthMiddleware(authManager) {
+    return (_req, res, next) => {
+        void authManager
+            .getStatus()
+            .then((check) => {
+            if (check.status !== 'ok') {
+                res.status(503).json({
+                    error: 'Authentication required',
+                    code: 'AUTH_REQUIRED',
+                    details: check,
+                });
+                return;
+            }
+            next();
+        })
+            .catch((err) => {
+            // Fail closed: if status check fails, treat as auth required.
+            res.status(503).json({
+                error: 'Authentication required',
+                code: 'AUTH_REQUIRED',
+                details: {
+                    status: 'error',
+                    authType: null,
+                    message: err instanceof Error ? err.message : 'Auth status check failed',
+                },
+            });
+        });
+    };
+}
+//# sourceMappingURL=llmAuthMiddleware.js.map

package/dist/src/http/llmAuthMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llmAuthMiddleware.js","sourceRoot":"","sources":["../../../src/http/llmAuthMiddleware.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,MAAM,UAAU,uBAAuB,CAAC,WAA2B;IACjE,OAAO,CAAC,IAAa,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC1D,KAAK,WAAW;aACb,SAAS,EAAE;aACX,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACd,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;gBAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,yBAAyB;oBAChC,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,KAAK;iBACf,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,IAAI,EAAE,CAAC;QACT,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,8DAA8D;YAC9D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,yBAAyB;gBAChC,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE;oBACP,MAAM,EAAE,OAAO;oBACf,QAAQ,EAAE,IAAI;oBACd,OAAO,EACL,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,0BAA0B;iBAClE;aACF,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACJ,CAAC"}

package/dist/src/http/relay.d.ts

@@ -0,0 +1,28 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * Portions Copyright 2025 TerminaI Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { DefaultRequestHandler } from '@a2a-js/sdk/server';
+export type RelayEnvelope = {
+    v: 1 | 2;
+    type: 'HELLO' | 'HELLO_ACK' | 'PAIR' | 'PAIR_ACK' | 'RPC' | 'EVENT' | 'ERROR' | 'PING' | 'PONG' | 'CLOSE';
+    dir: 'c2h' | 'h2c';
+    seq: number;
+    ts: number;
+    epoch?: string;
+    payload: unknown;
+};
+export type RelayEnvelopeV1 = RelayEnvelope;
+export interface RelaySession {
+    sessionId: string;
+    key: Buffer;
+    shareUrl: string;
+    reconnectAttempts: number;
+    pairingRequired: boolean;
+    pairingCode?: string;
+}
+export declare function createRelaySession(relayUrl: string): RelaySession;
+export declare function connectToRelay(relayUrl: string, requestHandler: DefaultRequestHandler): Promise<void>;
+export declare function runRelayConnection(session: RelaySession, relayUrl: string, requestHandler: DefaultRequestHandler): Promise<void>;

package/dist/src/http/relay.js

@@ -0,0 +1,342 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * Portions Copyright 2025 TerminaI Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { WebSocket } from 'ws';
+import crypto from 'node:crypto';
+import { v4 as uuidv4 } from 'uuid';
+import { logger } from '../utils/logger.js';
+// Protocol version constants
+const PROTOCOL_VERSIONS = {
+    V1: 1,
+    V2: 2,
+};
+// Allow v1 fallback via environment variable (for transitional deployments)
+const ALLOW_INSECURE_V1 = process.env['ALLOW_INSECURE_RELAY_V1'] === 'true';
+export function createRelaySession(relayUrl) {
+    const sessionId = uuidv4();
+    // Generate 256-bit key for AES-GCM
+    const key = crypto.randomBytes(32);
+    const keyBase64 = key.toString('base64');
+    // Construct user-friendly URL (Key is in hash, so it's never sent to server)
+    // Default published Web Client URL: https://terminai.org/remote
+    const webClientUrl = process.env['GEMINI_WEB_CLIENT_URL'] || 'https://terminai.org/remote';
+    const pairingRequired = true; // Always require pairing for security
+    const pairingCode = Math.floor(100000 + Math.random() * 900000).toString(); // 6-digit code
+    const shareUrl = `${webClientUrl}#session=${sessionId}&key=${encodeURIComponent(keyBase64)}&relay=${encodeURIComponent(relayUrl)}`;
+    const printUrl = process.env['PRINT_RELAY_URL'] === 'true';
+    if (printUrl) {
+        logger.info(`[Relay] Remote Access URL: ${shareUrl}`);
+        logger.info('[Relay] (Share this URL securely. The key is in the hash and never verified by the server)');
+    }
+    else {
+        logger.info(JSON.stringify({
+            event: 'session_created',
+            sessionIdHash: sessionId.slice(0, 8),
+            pairingCodeRequired: pairingRequired,
+            timestamp: Date.now(),
+        }));
+    }
+    logger.info(`[Relay] Pairing Code: ${pairingCode} (required for first connection)`);
+    return {
+        sessionId,
+        key,
+        shareUrl,
+        reconnectAttempts: 0,
+        pairingRequired,
+        pairingCode,
+    };
+}
+export async function connectToRelay(relayUrl, requestHandler) {
+    const session = createRelaySession(relayUrl);
+    return runRelayConnection(session, relayUrl, requestHandler);
+}
+/**
+ * Build AAD string based on protocol version
+ */
+function buildAad(sessionId, dir, version, epoch) {
+    if (version === 2 && epoch) {
+        return `terminai-relay|v=2|session=${sessionId}|epoch=${epoch}|dir=${dir}`;
+    }
+    return `terminai-relay|v=1|session=${sessionId}|dir=${dir}`;
+}
+/**
+ * Encrypt an envelope for sending to client
+ */
+function encryptEnvelope(envelope, key, sessionId, version, epoch) {
+    const envelopeBuffer = Buffer.from(JSON.stringify(envelope), 'utf8');
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+    const aad = buildAad(sessionId, 'h2c', version, epoch);
+    cipher.setAAD(Buffer.from(aad, 'utf8'));
+    let ciphertext = cipher.update(envelopeBuffer);
+    ciphertext = Buffer.concat([ciphertext, cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return Buffer.concat([iv, tag, ciphertext]);
+}
+export async function runRelayConnection(session, relayUrl, requestHandler) {
+    // Create new connection state with fresh epoch
+    const connState = {
+        inboundMaxSeq: 0,
+        outboundSeq: 0,
+        handshakeState: 'WAIT_HELLO',
+        protocolVersion: 2, // Default to v2, will be negotiated in handshake
+        epoch: crypto.randomBytes(8).toString('hex'), // New epoch per connection
+    };
+    logger.info(JSON.stringify({
+        event: 'relay_connect_attempt',
+        sessionIdHash: session.sessionId.slice(0, 8),
+        epoch: connState.epoch.slice(0, 8),
+        timestamp: Date.now(),
+    }));
+    const ws = new WebSocket(`${relayUrl}?role=host&session=${session.sessionId}`);
+    ws.on('open', () => {
+        logger.info(JSON.stringify({
+            event: 'relay_connected',
+            sessionIdHash: session.sessionId.slice(0, 8),
+            timestamp: Date.now(),
+        }));
+        session.reconnectAttempts = 0;
+    });
+    ws.on('message', async (data) => {
+        try {
+            // Handle relay control messages (unencrypted JSON strings)
+            if (typeof data === 'string') {
+                try {
+                    const ctrl = JSON.parse(data);
+                    if (ctrl.type === 'RELAY_STATUS') {
+                        logger.info(JSON.stringify({
+                            event: 'relay_status',
+                            status: ctrl.status,
+                            sessionIdHash: session.sessionId.slice(0, 8),
+                            timestamp: Date.now(),
+                        }));
+                        // No action needed for now - client handles reconnect
+                    }
+                }
+                catch {
+                    // Not JSON, silently ignore
+                }
+                return;
+            }
+            // Encrypted messages must be Buffer
+            if (!Buffer.isBuffer(data)) {
+                return;
+            }
+            const iv = data.subarray(0, 12);
+            const ciphertext = data.subarray(12);
+            const tag = ciphertext.subarray(0, 16);
+            const actualCiphertext = ciphertext.subarray(16);
+            // For HELLO, we need to try both v1 and v2 AAD since we don't know client version yet
+            let envelope;
+            let usedVersion = 2;
+            // Try v2 AAD first (with epoch), then v1
+            const aadV2 = buildAad(session.sessionId, 'c2h', 2, connState.epoch);
+            const aadV1 = buildAad(session.sessionId, 'c2h', 1);
+            for (const { aad, version } of [
+                { aad: aadV2, version: 2 },
+                { aad: aadV1, version: 1 },
+            ]) {
+                try {
+                    const decipher = crypto.createDecipheriv('aes-256-gcm', session.key, iv);
+                    decipher.setAAD(Buffer.from(aad, 'utf8'));
+                    decipher.setAuthTag(tag);
+                    let decrypted = decipher.update(actualCiphertext);
+                    decrypted = Buffer.concat([decrypted, decipher.final()]);
+                    envelope = JSON.parse(decrypted.toString('utf8'));
+                    usedVersion = version;
+                    break;
+                }
+                catch {
+                    // Try next AAD
+                    continue;
+                }
+            }
+            if (!envelope) {
+                logger.warn(JSON.stringify({
+                    event: 'decrypt_failed',
+                    sessionIdHash: session.sessionId.slice(0, 8),
+                    timestamp: Date.now(),
+                }));
+                return;
+            }
+            // Validate envelope sequence
+            if (envelope.dir !== 'c2h' ||
+                envelope.seq !== connState.inboundMaxSeq + 1) {
+                logger.warn(JSON.stringify({
+                    event: 'invalid_envelope',
+                    reason: envelope.seq !== connState.inboundMaxSeq + 1
+                        ? 'seq_mismatch'
+                        : 'invalid_dir',
+                    expected: connState.inboundMaxSeq + 1,
+                    got: envelope.seq,
+                    sessionIdHash: session.sessionId.slice(0, 8),
+                    timestamp: Date.now(),
+                }));
+                return;
+            }
+            connState.inboundMaxSeq = envelope.seq;
+            if (envelope.type === 'HELLO') {
+                // Version negotiation
+                const clientProtocols = envelope.payload
+                    .protocols || [1];
+                const supportedVersions = ALLOW_INSECURE_V1
+                    ? [PROTOCOL_VERSIONS.V2, PROTOCOL_VERSIONS.V1]
+                    : [PROTOCOL_VERSIONS.V2];
+                const selectedVersion = supportedVersions.find((v) => clientProtocols.includes(v));
+                if (!selectedVersion) {
+                    // Client too old, send error
+                    const errorEnvelope = {
+                        v: usedVersion,
+                        type: 'ERROR',
+                        dir: 'h2c',
+                        seq: ++connState.outboundSeq,
+                        ts: Date.now(),
+                        payload: {
+                            code: 'VERSION_MISMATCH',
+                            message: 'Client too old, update required. Server requires protocol v2.',
+                        },
+                    };
+                    const errorPayload = encryptEnvelope(errorEnvelope, session.key, session.sessionId, usedVersion, connState.epoch);
+                    ws.send(errorPayload);
+                    ws.close(1002, 'Protocol version mismatch');
+                    return;
+                }
+                connState.protocolVersion = selectedVersion;
+                connState.handshakeState = 'READY';
+                const ackEnvelope = {
+                    v: selectedVersion,
+                    type: 'HELLO_ACK',
+                    dir: 'h2c',
+                    seq: ++connState.outboundSeq,
+                    ts: Date.now(),
+                    epoch: selectedVersion === 2 ? connState.epoch : undefined,
+                    payload: {
+                        selectedVersion,
+                        requiresPairing: session.pairingRequired,
+                        ...(selectedVersion === 2 ? { epoch: connState.epoch } : {}),
+                    },
+                };
+                const ackPayload = encryptEnvelope(ackEnvelope, session.key, session.sessionId, selectedVersion, selectedVersion === 2 ? connState.epoch : undefined);
+                ws.send(ackPayload);
+                logger.info(JSON.stringify({
+                    event: 'handshake_complete',
+                    protocolVersion: selectedVersion,
+                    sessionIdHash: session.sessionId.slice(0, 8),
+                    timestamp: Date.now(),
+                }));
+                return;
+            }
+            if (connState.handshakeState !== 'READY') {
+                logger.warn(JSON.stringify({
+                    event: 'message_before_handshake',
+                    sessionIdHash: session.sessionId.slice(0, 8),
+                    timestamp: Date.now(),
+                }));
+                return;
+            }
+            // For v2, validate epoch in subsequent messages
+            if (connState.protocolVersion === 2 &&
+                envelope.epoch !== connState.epoch) {
+                logger.warn(JSON.stringify({
+                    event: 'epoch_mismatch',
+                    sessionIdHash: session.sessionId.slice(0, 8),
+                    timestamp: Date.now(),
+                }));
+                return;
+            }
+            if (envelope.type === 'PAIR') {
+                const code = envelope.payload.code;
+                const success = code === session.pairingCode;
+                if (success) {
+                    session.pairingRequired = false;
+                    logger.info(JSON.stringify({
+                        event: 'pairing_success',
+                        sessionIdHash: session.sessionId.slice(0, 8),
+                        timestamp: Date.now(),
+                    }));
+                }
+                else {
+                    logger.warn(JSON.stringify({
+                        event: 'pairing_failure',
+                        sessionIdHash: session.sessionId.slice(0, 8),
+                        timestamp: Date.now(),
+                    }));
+                }
+                // Send pairing result back to client
+                const pairResultEnvelope = {
+                    v: connState.protocolVersion,
+                    type: success ? 'PAIR_ACK' : 'ERROR',
+                    dir: 'h2c',
+                    seq: ++connState.outboundSeq,
+                    ts: Date.now(),
+                    epoch: connState.protocolVersion === 2 ? connState.epoch : undefined,
+                    payload: {
+                        success,
+                        message: success ? 'Paired successfully' : 'Invalid pairing code',
+                    },
+                };
+                const pairResultPayload = encryptEnvelope(pairResultEnvelope, session.key, session.sessionId, connState.protocolVersion, connState.protocolVersion === 2 ? connState.epoch : undefined);
+                ws.send(pairResultPayload);
+                return;
+            }
+            if (envelope.type === 'RPC' && !session.pairingRequired) {
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                const result = await requestHandler.handle(envelope.payload);
+                let response;
+                if (result && typeof result[Symbol.asyncIterator] === 'function') {
+                    const responses = [];
+                    for await (const chunk of result) {
+                        responses.push(chunk);
+                    }
+                    response = responses[responses.length - 1];
+                }
+                else {
+                    response = result;
+                }
+                // Encrypt Response
+                const respEnvelope = {
+                    v: connState.protocolVersion,
+                    type: 'RPC',
+                    dir: 'h2c',
+                    seq: ++connState.outboundSeq,
+                    ts: Date.now(),
+                    epoch: connState.protocolVersion === 2 ? connState.epoch : undefined,
+                    payload: response,
+                };
+                const responsePayload = encryptEnvelope(respEnvelope, session.key, session.sessionId, connState.protocolVersion, connState.protocolVersion === 2 ? connState.epoch : undefined);
+                ws.send(responsePayload);
+            }
+        }
+        catch (e) {
+            logger.error(JSON.stringify({
+                event: 'relay_message_error',
+                sessionIdHash: session.sessionId.slice(0, 8),
+                error: e.message,
+                timestamp: Date.now(),
+            }));
+        }
+    });
+    ws.on('error', (e) => {
+        logger.error(JSON.stringify({
+            event: 'relay_ws_error',
+            sessionIdHash: session.sessionId.slice(0, 8),
+            error: e.message,
+            timestamp: Date.now(),
+        }));
+    });
+    ws.on('close', () => {
+        session.reconnectAttempts++;
+        const delay = Math.min(5000 * Math.pow(2, session.reconnectAttempts - 1), 60000);
+        logger.warn(JSON.stringify({
+            event: 'relay_disconnected',
+            sessionIdHash: session.sessionId.slice(0, 8),
+            retryDelay: delay,
+            timestamp: Date.now(),
+        }));
+        setTimeout(() => runRelayConnection(session, relayUrl, requestHandler), delay);
+    });
+}
+//# sourceMappingURL=relay.js.map