@true-and-useful/janee 0.8.3 → 0.8.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +82 -2
- package/dist/cli/commands/add.d.ts +5 -0
- package/dist/cli/commands/add.d.ts.map +1 -1
- package/dist/cli/commands/add.js +91 -5
- package/dist/cli/commands/add.js.map +1 -1
- package/dist/cli/commands/serve-mcp.d.ts.map +1 -1
- package/dist/cli/commands/serve-mcp.js +41 -1
- package/dist/cli/commands/serve-mcp.js.map +1 -1
- package/dist/cli/commands/status.d.ts +4 -0
- package/dist/cli/commands/status.d.ts.map +1 -0
- package/dist/cli/commands/status.js +127 -0
- package/dist/cli/commands/status.js.map +1 -0
- package/dist/cli/config-yaml.d.ts +18 -0
- package/dist/cli/config-yaml.d.ts.map +1 -1
- package/dist/cli/config-yaml.js +28 -1
- package/dist/cli/config-yaml.js.map +1 -1
- package/dist/cli/index.js +11 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/core/agent-scope.d.ts +81 -0
- package/dist/core/agent-scope.d.ts.map +1 -0
- package/dist/core/agent-scope.js +146 -0
- package/dist/core/agent-scope.js.map +1 -0
- package/dist/core/exec.d.ts +86 -0
- package/dist/core/exec.d.ts.map +1 -0
- package/dist/core/exec.js +149 -0
- package/dist/core/exec.js.map +1 -0
- package/dist/core/health.d.ts +27 -0
- package/dist/core/health.d.ts.map +1 -0
- package/dist/core/health.js +73 -0
- package/dist/core/health.js.map +1 -0
- package/dist/core/mcp-server.d.ts +13 -0
- package/dist/core/mcp-server.d.ts.map +1 -1
- package/dist/core/mcp-server.js +299 -11
- package/dist/core/mcp-server.js.map +1 -1
- package/dist/core/sessions.d.ts.map +1 -1
- package/dist/core/sessions.js +11 -1
- package/dist/core/sessions.js.map +1 -1
- package/dist/providers/env.d.ts +27 -0
- package/dist/providers/env.d.ts.map +1 -0
- package/dist/providers/env.js +64 -0
- package/dist/providers/env.js.map +1 -0
- package/dist/providers/filesystem.d.ts +34 -0
- package/dist/providers/filesystem.d.ts.map +1 -0
- package/dist/providers/filesystem.js +143 -0
- package/dist/providers/filesystem.js.map +1 -0
- package/dist/providers/index.d.ts +25 -0
- package/dist/providers/index.d.ts.map +1 -0
- package/dist/providers/index.js +39 -0
- package/dist/providers/index.js.map +1 -0
- package/dist/providers/registry.d.ts +40 -0
- package/dist/providers/registry.d.ts.map +1 -0
- package/dist/providers/registry.js +113 -0
- package/dist/providers/registry.js.map +1 -0
- package/dist/providers/types.d.ts +137 -0
- package/dist/providers/types.d.ts.map +1 -0
- package/dist/providers/types.js +135 -0
- package/dist/providers/types.js.map +1 -0
- package/package.json +1 -1
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
* YAML configuration for Janee (new format)
|
|
3
3
|
* Supports capabilities + services model
|
|
4
4
|
*/
|
|
5
|
+
import { CredentialOwnership } from '../core/agent-scope';
|
|
5
6
|
export interface AuthConfig {
|
|
6
7
|
type: 'bearer' | 'hmac-mexc' | 'hmac-bybit' | 'hmac-okx' | 'headers' | 'service-account';
|
|
7
8
|
key?: string;
|
|
@@ -15,6 +16,8 @@ export interface AuthConfig {
|
|
|
15
16
|
export interface ServiceConfig {
|
|
16
17
|
baseUrl: string;
|
|
17
18
|
auth: AuthConfig;
|
|
19
|
+
/** Ownership metadata for agent-scoped credential access control */
|
|
20
|
+
ownership?: CredentialOwnership;
|
|
18
21
|
}
|
|
19
22
|
export interface CapabilityConfig {
|
|
20
23
|
service: string;
|
|
@@ -25,6 +28,11 @@ export interface CapabilityConfig {
|
|
|
25
28
|
allow?: string[];
|
|
26
29
|
deny?: string[];
|
|
27
30
|
};
|
|
31
|
+
mode?: 'proxy' | 'exec';
|
|
32
|
+
allowCommands?: string[];
|
|
33
|
+
env?: Record<string, string>;
|
|
34
|
+
workDir?: string;
|
|
35
|
+
timeout?: number;
|
|
28
36
|
}
|
|
29
37
|
export interface LLMConfig {
|
|
30
38
|
provider?: 'openai' | 'anthropic';
|
|
@@ -65,6 +73,16 @@ export declare function loadYAMLConfig(): JaneeYAMLConfig;
|
|
|
65
73
|
* Save YAML configuration
|
|
66
74
|
*/
|
|
67
75
|
export declare function saveYAMLConfig(config: JaneeYAMLConfig): void;
|
|
76
|
+
/**
|
|
77
|
+
* Persist a single service's ownership metadata to the YAML config file.
|
|
78
|
+
* Called after grant/revoke operations to ensure changes survive restarts.
|
|
79
|
+
*/
|
|
80
|
+
export declare function persistServiceOwnership(serviceName: string, ownership: CredentialOwnership): void;
|
|
81
|
+
/**
|
|
82
|
+
* Auto-assign ownership when a service is created via MCP (agent-initiated).
|
|
83
|
+
* This ensures agent-created credentials default to "agent-only" access.
|
|
84
|
+
*/
|
|
85
|
+
export declare function createServiceWithOwnership(config: JaneeYAMLConfig, serviceName: string, service: ServiceConfig, creatingAgentId?: string): JaneeYAMLConfig;
|
|
68
86
|
/**
|
|
69
87
|
* Initialize new YAML config
|
|
70
88
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config-yaml.d.ts","sourceRoot":"","sources":["../../src/cli/config-yaml.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"config-yaml.d.ts","sourceRoot":"","sources":["../../src/cli/config-yaml.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH,OAAO,EAAE,mBAAmB,EAA8C,MAAM,qBAAqB,CAAC;AAEtG,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,GAAG,iBAAiB,CAAC;IACzF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,UAAU,CAAC;IACjB,oEAAoE;IACpE,SAAS,CAAC,EAAE,mBAAmB,CAAC;CACjC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE;QACN,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;IAEF,IAAI,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,EAAE,QAAQ,GAAG,WAAW,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,YAAY,CAAC;IACrB,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACxC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CAChD;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAgBD;;GAEG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AA0BD;;GAEG;AACH,wBAAgB,cAAc,IAAI,eAAe,CAwEhD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,eAAe,GAAG,IAAI,CAkC5D;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,GAAG,IAAI,CAOjG;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,eAAe,EACvB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,aAAa,EACtB,eAAe,CAAC,EAAE,MAAM,GACvB,eAAe,CAMjB;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,eAAe,CAuBhD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,UAAU,GACf,IAAI,CAcN;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,gBAAgB,GAC1B,IAAI,CAaN;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAyDpC"}
|
package/dist/cli/config-yaml.js
CHANGED
|
@@ -12,6 +12,8 @@ exports.getAuditDir = getAuditDir;
|
|
|
12
12
|
exports.hasYAMLConfig = hasYAMLConfig;
|
|
13
13
|
exports.loadYAMLConfig = loadYAMLConfig;
|
|
14
14
|
exports.saveYAMLConfig = saveYAMLConfig;
|
|
15
|
+
exports.persistServiceOwnership = persistServiceOwnership;
|
|
16
|
+
exports.createServiceWithOwnership = createServiceWithOwnership;
|
|
15
17
|
exports.initYAMLConfig = initYAMLConfig;
|
|
16
18
|
exports.addServiceYAML = addServiceYAML;
|
|
17
19
|
exports.addCapabilityYAML = addCapabilityYAML;
|
|
@@ -21,6 +23,7 @@ const path_1 = __importDefault(require("path"));
|
|
|
21
23
|
const os_1 = __importDefault(require("os"));
|
|
22
24
|
const js_yaml_1 = __importDefault(require("js-yaml"));
|
|
23
25
|
const crypto_1 = require("../core/crypto");
|
|
26
|
+
const agent_scope_1 = require("../core/agent-scope");
|
|
24
27
|
/**
|
|
25
28
|
* Get config directory path (dynamically computed for testability)
|
|
26
29
|
*/
|
|
@@ -149,6 +152,29 @@ function saveYAMLConfig(config) {
|
|
|
149
152
|
});
|
|
150
153
|
fs_1.default.writeFileSync(getConfigFileYAML(), yamlContent, { mode: 0o600 });
|
|
151
154
|
}
|
|
155
|
+
/**
|
|
156
|
+
* Persist a single service's ownership metadata to the YAML config file.
|
|
157
|
+
* Called after grant/revoke operations to ensure changes survive restarts.
|
|
158
|
+
*/
|
|
159
|
+
function persistServiceOwnership(serviceName, ownership) {
|
|
160
|
+
const config = loadYAMLConfig();
|
|
161
|
+
if (!config.services[serviceName]) {
|
|
162
|
+
throw new Error(`Service "${serviceName}" not found in config`);
|
|
163
|
+
}
|
|
164
|
+
config.services[serviceName].ownership = ownership;
|
|
165
|
+
saveYAMLConfig(config);
|
|
166
|
+
}
|
|
167
|
+
/**
|
|
168
|
+
* Auto-assign ownership when a service is created via MCP (agent-initiated).
|
|
169
|
+
* This ensures agent-created credentials default to "agent-only" access.
|
|
170
|
+
*/
|
|
171
|
+
function createServiceWithOwnership(config, serviceName, service, creatingAgentId) {
|
|
172
|
+
if (creatingAgentId) {
|
|
173
|
+
service.ownership = (0, agent_scope_1.agentCreatedOwnership)(creatingAgentId);
|
|
174
|
+
}
|
|
175
|
+
config.services[serviceName] = service;
|
|
176
|
+
return config;
|
|
177
|
+
}
|
|
152
178
|
/**
|
|
153
179
|
* Initialize new YAML config
|
|
154
180
|
*/
|
|
@@ -183,7 +209,8 @@ function addServiceYAML(name, baseUrl, auth) {
|
|
|
183
209
|
}
|
|
184
210
|
config.services[name] = {
|
|
185
211
|
baseUrl,
|
|
186
|
-
auth
|
|
212
|
+
auth,
|
|
213
|
+
ownership: (0, agent_scope_1.cliCreatedOwnership)()
|
|
187
214
|
};
|
|
188
215
|
saveYAMLConfig(config);
|
|
189
216
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config-yaml.js","sourceRoot":"","sources":["../../src/cli/config-yaml.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;
|
|
1
|
+
{"version":3,"file":"config-yaml.js","sourceRoot":"","sources":["../../src/cli/config-yaml.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;AAqEH,oCAEC;AAmBD,kCAEC;AAKD,sCAEC;AA6BD,wCAwEC;AAKD,wCAkCC;AAMD,0DAOC;AAMD,gEAWC;AAKD,wCAuBC;AAKD,wCAkBC;AAKD,8CAgBC;AAKD,sCAyDC;AAjZD,4CAAoB;AACpB,gDAAwB;AACxB,4CAAoB;AACpB,sDAA2B;AAC3B,2CAAiF;AACjF,qDAAsG;AA2DtG;;GAEG;AACH,SAAgB,YAAY;IAC1B,OAAO,cAAI,CAAC,IAAI,CAAC,YAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW;IACzB,OAAO,cAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa;IAC3B,OAAO,YAAE,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CACjB,SAAiB,EACjB,SAAiB,EACjB,UAAmB,EACnB,gBAAwB;IAExB,IAAI,CAAC;QACH,OAAO,IAAA,sBAAa,EAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,qBAAqB,gBAAgB,IAAI;gBACzC,wEAAwE;gBACxE,gGAAgG,CACjG,CAAC;QACJ,CAAC;QACD,iCAAiC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc;IAC5B,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,iBAAiB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,iBAAI,CAAC,IAAI,CAAC,OAAO,CAAoB,CAAC;IAErD,oFAAoF;IACpF,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;IACxC,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;IAEhD,yCAAyC;IACzC,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,gBAAgB,IAAI,IAAI,CAAC;IAEjE,4BAA4B;IAC5B,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9D,MAAM,GAAG,GAAG,OAAwB,CAAC;QAErC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAC/C,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,UAAU,CACvB,GAAG,CAAC,IAAI,CAAC,GAAG,EACZ,MAAM,CAAC,SAAS,EAChB,gBAAgB,EAChB,6BAA6B,IAAI,GAAG,CACrC,CAAC;QACJ,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC3G,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,UAAU,CAC1B,GAAG,CAAC,IAAI,CAAC,MAAM,EACf,MAAM,CAAC,SAAS,EAChB,gBAAgB,EAChB,wBAAwB,IAAI,GAAG,CAChC,CAAC;YACJ,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACvB,GAAG,CAAC,IAAI,CAAC,SAAS,GAAG,UAAU,CAC7B,GAAG,CAAC,IAAI,CAAC,SAAS,EAClB,MAAM,CAAC,SAAS,EAChB,gBAAgB,EAChB,2BAA2B,IAAI,GAAG,CACnC,CAAC;YACJ,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACxB,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,UAAU,CAC9B,GAAG,CAAC,IAAI,CAAC,UAAU,EACnB,MAAM,CAAC,SAAS,EAChB,gBAAgB,EAChB,2BAA2B,IAAI,GAAG,CACnC,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3D,4BAA4B;YAC5B,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,UAAU,CACvC,WAAW,EACX,MAAM,CAAC,SAAS,EAChB,gBAAgB,EAChB,WAAW,UAAU,kBAAkB,IAAI,GAAG,CAC/C,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACvE,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,UAAU,CAC/B,GAAG,CAAC,IAAI,CAAC,WAAW,EACpB,MAAM,CAAC,SAAS,EAChB,gBAAgB,EAChB,4CAA4C,IAAI,GAAG,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAuB;IACpD,0CAA0C;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAEtD,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClE,MAAM,GAAG,GAAG,OAAwB,CAAC;QACrC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAC/C,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,IAAA,sBAAa,EAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/D,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC3G,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,IAAA,sBAAa,EAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACrE,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACvB,GAAG,CAAC,IAAI,CAAC,SAAS,GAAG,IAAA,sBAAa,EAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC3E,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACxB,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAA,sBAAa,EAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3D,4BAA4B;YAC5B,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvD,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,IAAA,sBAAa,EAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/F,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACvE,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,IAAA,sBAAa,EAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,iBAAI,CAAC,IAAI,CAAC,UAAU,EAAE;QACxC,MAAM,EAAE,CAAC;QACT,SAAS,EAAE,GAAG;KACf,CAAC,CAAC;IAEH,YAAE,CAAC,aAAa,CAAC,iBAAiB,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACtE,CAAC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CAAC,WAAmB,EAAE,SAA8B;IACzF,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,YAAY,WAAW,uBAAuB,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,SAAS,GAAG,SAAS,CAAC;IACnD,cAAc,CAAC,MAAM,CAAC,CAAC;AACzB,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B,CACxC,MAAuB,EACvB,WAAmB,EACnB,OAAsB,EACtB,eAAwB;IAExB,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,CAAC,SAAS,GAAG,IAAA,mCAAqB,EAAC,eAAe,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC;IACvC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc;IAC5B,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,EAAE,CAAC;QACnC,YAAE,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,YAAE,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,MAAM,GAAoB;QAC9B,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,IAAA,0BAAiB,GAAE;QAC9B,MAAM,EAAE;YACN,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,WAAW;YACjB,gBAAgB,EAAE,IAAI,CAAE,+CAA+C;SACxE;QACD,QAAQ,EAAE,EAAE;QACZ,YAAY,EAAE,EAAE;KACjB,CAAC;IAEF,cAAc,CAAC,MAAM,CAAC,CAAC;IACvB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,IAAY,EACZ,OAAe,EACf,IAAgB;IAEhB,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAEhC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,kBAAkB,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG;QACtB,OAAO;QACP,IAAI;QACJ,SAAS,EAAE,IAAA,iCAAmB,GAAE;KACjC,CAAC;IAEF,cAAc,CAAC,MAAM,CAAC,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAC/B,IAAY,EACZ,SAA2B;IAE3B,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAEhC,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,kBAAkB,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,YAAY,SAAS,CAAC,OAAO,aAAa,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;IACtC,cAAc,CAAC,MAAM,CAAC,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa;IAC3B,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,YAAE,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,uBAAuB;IACvB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,YAAE,CAAC,YAAY,CAAC,iBAAiB,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IAE3E,yBAAyB;IACzB,MAAM,SAAS,GAAoB;QACjC,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,MAAM,EAAE;YACN,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE,IAAI,IAAI,IAAI;YACtC,IAAI,EAAE,WAAW;SAClB;QACD,QAAQ,EAAE,EAAE;QACZ,YAAY,EAAE,EAAE;KACjB,CAAC;IAEF,mBAAmB;IACnB,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YACzC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;gBACjC,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,GAAG,EAAE,OAAO,CAAC,YAAY,CAAE,oBAAoB;iBAChD;aACF,CAAC;YAEF,6CAA6C;YAC7C,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;gBACrC,OAAO,EAAE,OAAO,CAAC,IAAI;gBACrB,GAAG,EAAE,IAAI;gBACT,WAAW,EAAE,IAAI;aAClB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,WAAW,GAAG,iBAAI,CAAC,IAAI,CAAC,SAAS,EAAE;QACvC,MAAM,EAAE,CAAC;QACT,SAAS,EAAE,GAAG;KACf,CAAC,CAAC;IAEH,YAAE,CAAC,aAAa,CAAC,iBAAiB,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEpE,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,4BAA4B,iBAAiB,EAAE,MAAM,CAAC,CAAC;IAEnE,oBAAoB;IACpB,YAAE,CAAC,UAAU,CAAC,iBAAiB,EAAE,EAAE,GAAG,iBAAiB,EAAE,MAAM,CAAC,CAAC;AACnE,CAAC"}
|
package/dist/cli/index.js
CHANGED
|
@@ -15,6 +15,7 @@ const logs_1 = require("./commands/logs");
|
|
|
15
15
|
const sessions_1 = require("./commands/sessions");
|
|
16
16
|
const revoke_1 = require("./commands/revoke");
|
|
17
17
|
const search_1 = require("./commands/search");
|
|
18
|
+
const status_1 = require("./commands/status");
|
|
18
19
|
const capability_1 = require("./commands/capability");
|
|
19
20
|
const fs_1 = require("fs");
|
|
20
21
|
const path_1 = require("path");
|
|
@@ -45,6 +46,11 @@ program
|
|
|
45
46
|
.option('--passphrase-from-env <var>', 'Read passphrase from environment variable')
|
|
46
47
|
.option('--credentials-file <path>', 'Path to service account JSON file (for service-account auth type)')
|
|
47
48
|
.option('--scope <scope...>', 'OAuth scope(s) for service-account auth type')
|
|
49
|
+
.option('--exec', 'Add as exec-mode service (CLI tool wrapper, RFC 0001)')
|
|
50
|
+
.option('--allow-commands <cmds...>', 'Allowed executables for exec mode (e.g., bird gh)')
|
|
51
|
+
.option('--env-map <mappings...>', 'Env var mappings (KEY=value or KEY={{credential}})')
|
|
52
|
+
.option('--work-dir <dir>', 'Working directory for exec-mode commands')
|
|
53
|
+
.option('--timeout <ms>', 'Max execution time in ms for exec mode (default: 30000)')
|
|
48
54
|
.option('--json', 'Output as JSON')
|
|
49
55
|
.action(add_1.addCommand);
|
|
50
56
|
program
|
|
@@ -82,6 +88,11 @@ program
|
|
|
82
88
|
.command('revoke <session>')
|
|
83
89
|
.description('Revoke a session immediately')
|
|
84
90
|
.action(revoke_1.revokeCommand);
|
|
91
|
+
program
|
|
92
|
+
.command('status')
|
|
93
|
+
.description('Show Janee configuration and health status')
|
|
94
|
+
.option('--json', 'Output as JSON')
|
|
95
|
+
.action(status_1.statusCommand);
|
|
85
96
|
program
|
|
86
97
|
.command('search [query]')
|
|
87
98
|
.description('Search the service directory')
|
package/dist/cli/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";;AAEA;;;GAGG;;AAEH,yCAAoC;AACpC,0CAA8C;AAC9C,wCAA4C;AAC5C,8CAAkD;AAClD,4CAAgD;AAChD,0CAA8C;AAC9C,0CAA8C;AAC9C,kDAAsD;AACtD,8CAAkD;AAClD,8CAAkD;AAClD,sDAK+B;AAC/B,2BAAkC;AAClC,+BAA4B;AAE5B,iCAAiC;AACjC,MAAM,eAAe,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;AAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;AACtE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,IAAI,OAAO,CAAC;AAE/C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,kCAAkC,CAAC;KAC/C,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,WAAW;AACX,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,iDAAiD,CAAC;KAC9D,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,oBAAoB,EAAE,0FAA0F,CAAC;KACxH,MAAM,CAAC,uBAAuB,EAAE,kCAAkC,CAAC;KACnE,MAAM,CAAC,2BAA2B,EAAE,2BAA2B,CAAC;KAChE,MAAM,CAAC,sBAAsB,EAAE,wCAAwC,CAAC;KACxE,MAAM,CAAC,yBAAyB,EAAE,2CAA2C,CAAC;KAC9E,MAAM,CAAC,6BAA6B,EAAE,2CAA2C,CAAC;KAClF,MAAM,CAAC,2BAA2B,EAAE,mEAAmE,CAAC;KACxG,MAAM,CAAC,oBAAoB,EAAE,8CAA8C,CAAC;KAC5E,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,gBAAU,CAAC,CAAC;AAEtB,OAAO;KACJ,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,WAAW,EAAE,0BAA0B,CAAC;KAC/C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,wBAAwB,EAAE,6BAA6B,EAAE,OAAO,CAAC;KACxE,MAAM,CAAC,qBAAqB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACnF,MAAM,CAAC,eAAe,EAAE,sCAAsC,EAAE,WAAW,CAAC;KAC5E,MAAM,CAAC,oBAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,0BAA0B,CAAC;KACvC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,iBAAiB,CAAC;KAC9B,MAAM,CAAC,cAAc,EAAE,0BAA0B,CAAC;KAClD,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,EAAE,IAAI,CAAC;KACpE,MAAM,CAAC,sBAAsB,EAAE,mBAAmB,CAAC;KACnD,MAAM,CAAC,QAAQ,EAAE,8CAA8C,CAAC;KAChE,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,sBAAsB,CAAC;KACnC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,0BAAe,CAAC,CAAC;AAE3B,OAAO;KACJ,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,gBAAgB,CAAC;KACzB,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,eAAe,EAAE,oCAAoC,CAAC;KAC7D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,IAAA,sBAAa,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAE7D,oCAAoC;AACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC;AAEtE,GAAG;KACA,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,uBAAuB,CAAC;KACpC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,kCAAqB,CAAC,CAAC;AAEjC,GAAG;KACA,OAAO,CAAC,YAAY,CAAC;KACrB,WAAW,CAAC,sBAAsB,CAAC;KACnC,cAAc,CAAC,yBAAyB,EAAE,gBAAgB,CAAC;KAC3D,MAAM,CAAC,sBAAsB,EAAE,qBAAqB,EAAE,IAAI,CAAC;KAC3D,MAAM,CAAC,gBAAgB,EAAE,uBAAuB,CAAC;KACjD,MAAM,CAAC,mBAAmB,EAAE,yBAAyB,CAAC;KACtD,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,CAAC;KAC1D,MAAM,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;KACvD,MAAM,CAAC,sBAAsB,EAAE,iCAAiC,CAAC;KACjE,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,iCAAoB,CAAC,CAAC;AAEhC,GAAG;KACA,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,sBAAsB,EAAE,4BAA4B,CAAC;KAC5D,MAAM,CAAC,gBAAgB,EAAE,qBAAqB,CAAC;KAC/C,MAAM,CAAC,mBAAmB,EAAE,sBAAsB,CAAC;KACnD,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,CAAC;KAC1D,MAAM,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;KACvD,MAAM,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;KACrD,MAAM,CAAC,qBAAqB,EAAE,oBAAoB,CAAC;KACnD,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC;KAC1C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,kCAAqB,CAAC,CAAC;AAEjC,GAAG;KACA,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,qBAAqB,CAAC;KAClC,MAAM,CAAC,WAAW,EAAE,0BAA0B,CAAC;KAC/C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,oCAAuB,CAAC,CAAC;AAEnC,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";;AAEA;;;GAGG;;AAEH,yCAAoC;AACpC,0CAA8C;AAC9C,wCAA4C;AAC5C,8CAAkD;AAClD,4CAAgD;AAChD,0CAA8C;AAC9C,0CAA8C;AAC9C,kDAAsD;AACtD,8CAAkD;AAClD,8CAAkD;AAClD,8CAAkD;AAClD,sDAK+B;AAC/B,2BAAkC;AAClC,+BAA4B;AAE5B,iCAAiC;AACjC,MAAM,eAAe,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;AAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;AACtE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,IAAI,OAAO,CAAC;AAE/C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,kCAAkC,CAAC;KAC/C,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,WAAW;AACX,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,iDAAiD,CAAC;KAC9D,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;KACpD,MAAM,CAAC,oBAAoB,EAAE,0FAA0F,CAAC;KACxH,MAAM,CAAC,uBAAuB,EAAE,kCAAkC,CAAC;KACnE,MAAM,CAAC,2BAA2B,EAAE,2BAA2B,CAAC;KAChE,MAAM,CAAC,sBAAsB,EAAE,wCAAwC,CAAC;KACxE,MAAM,CAAC,yBAAyB,EAAE,2CAA2C,CAAC;KAC9E,MAAM,CAAC,6BAA6B,EAAE,2CAA2C,CAAC;KAClF,MAAM,CAAC,2BAA2B,EAAE,mEAAmE,CAAC;KACxG,MAAM,CAAC,oBAAoB,EAAE,8CAA8C,CAAC;KAC5E,MAAM,CAAC,QAAQ,EAAE,uDAAuD,CAAC;KACzE,MAAM,CAAC,4BAA4B,EAAE,mDAAmD,CAAC;KACzF,MAAM,CAAC,yBAAyB,EAAE,oDAAoD,CAAC;KACvF,MAAM,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KACtE,MAAM,CAAC,gBAAgB,EAAE,yDAAyD,CAAC;KACnF,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,gBAAU,CAAC,CAAC;AAEtB,OAAO;KACJ,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,WAAW,EAAE,0BAA0B,CAAC;KAC/C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,wBAAwB,EAAE,6BAA6B,EAAE,OAAO,CAAC;KACxE,MAAM,CAAC,qBAAqB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACnF,MAAM,CAAC,eAAe,EAAE,sCAAsC,EAAE,WAAW,CAAC;KAC5E,MAAM,CAAC,oBAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,0BAA0B,CAAC;KACvC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,iBAAiB,CAAC;KAC9B,MAAM,CAAC,cAAc,EAAE,0BAA0B,CAAC;KAClD,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,EAAE,IAAI,CAAC;KACpE,MAAM,CAAC,sBAAsB,EAAE,mBAAmB,CAAC;KACnD,MAAM,CAAC,QAAQ,EAAE,8CAA8C,CAAC;KAChE,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,sBAAsB,CAAC;KACnC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,0BAAe,CAAC,CAAC;AAE3B,OAAO;KACJ,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,4CAA4C,CAAC;KACzD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,gBAAgB,CAAC;KACzB,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,eAAe,EAAE,oCAAoC,CAAC;KAC7D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,IAAA,sBAAa,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAE7D,oCAAoC;AACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC;AAEtE,GAAG;KACA,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,uBAAuB,CAAC;KACpC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,kCAAqB,CAAC,CAAC;AAEjC,GAAG;KACA,OAAO,CAAC,YAAY,CAAC;KACrB,WAAW,CAAC,sBAAsB,CAAC;KACnC,cAAc,CAAC,yBAAyB,EAAE,gBAAgB,CAAC;KAC3D,MAAM,CAAC,sBAAsB,EAAE,qBAAqB,EAAE,IAAI,CAAC;KAC3D,MAAM,CAAC,gBAAgB,EAAE,uBAAuB,CAAC;KACjD,MAAM,CAAC,mBAAmB,EAAE,yBAAyB,CAAC;KACtD,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,CAAC;KAC1D,MAAM,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;KACvD,MAAM,CAAC,sBAAsB,EAAE,iCAAiC,CAAC;KACjE,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,iCAAoB,CAAC,CAAC;AAEhC,GAAG;KACA,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,sBAAsB,EAAE,4BAA4B,CAAC;KAC5D,MAAM,CAAC,gBAAgB,EAAE,qBAAqB,CAAC;KAC/C,MAAM,CAAC,mBAAmB,EAAE,sBAAsB,CAAC;KACnD,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,CAAC;KAC1D,MAAM,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;KACvD,MAAM,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;KACrD,MAAM,CAAC,qBAAqB,EAAE,oBAAoB,CAAC;KACnD,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC;KAC1C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,kCAAqB,CAAC,CAAC;AAEjC,GAAG;KACA,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,qBAAqB,CAAC;KAClC,MAAM,CAAC,WAAW,EAAE,0BAA0B,CAAC;KAC/C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,oCAAuB,CAAC,CAAC;AAEnC,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Agent-scoped credential management for Janee
|
|
3
|
+
*
|
|
4
|
+
* When an agent creates a credential via MCP, it is automatically scoped
|
|
5
|
+
* to that agent. Other agents cannot access it unless the owner (or an admin)
|
|
6
|
+
* explicitly grants access.
|
|
7
|
+
*
|
|
8
|
+
* Access policies:
|
|
9
|
+
* - "agent-only": Only the creating agent can access (default for agent-created creds)
|
|
10
|
+
* - "all-agents": Any agent can access (default for CLI-created creds)
|
|
11
|
+
* - "shared": Specific agents listed in `sharedWith` can access
|
|
12
|
+
*
|
|
13
|
+
* ## Trust Model
|
|
14
|
+
*
|
|
15
|
+
* Agent identity is resolved from the MCP transport session rather than
|
|
16
|
+
* client-asserted tool arguments, when available. The resolution order is:
|
|
17
|
+
*
|
|
18
|
+
* 1. **Transport-bound identity** (preferred): The MCP session metadata
|
|
19
|
+
* (e.g., client certificate, OAuth token subject, or HTTP auth header)
|
|
20
|
+
* provides a verified agentId. This cannot be spoofed.
|
|
21
|
+
*
|
|
22
|
+
* 2. **Client-asserted identity** (fallback): If the transport doesn't carry
|
|
23
|
+
* identity, the agent can self-report via the `agentId` tool argument.
|
|
24
|
+
* This is useful for development/testing but should NOT be trusted in
|
|
25
|
+
* production multi-agent environments.
|
|
26
|
+
*
|
|
27
|
+
* The `resolveAgentIdentity()` function implements this resolution order.
|
|
28
|
+
* Callers should always use it instead of reading `args.agentId` directly.
|
|
29
|
+
*/
|
|
30
|
+
export type AccessPolicy = 'agent-only' | 'all-agents' | 'shared';
|
|
31
|
+
export interface CredentialOwnership {
|
|
32
|
+
/** Agent ID that created the credential (undefined = created via CLI) */
|
|
33
|
+
createdBy?: string;
|
|
34
|
+
/** Access policy controlling who can use this credential */
|
|
35
|
+
accessPolicy: AccessPolicy;
|
|
36
|
+
/** List of agent IDs that can access (only used when policy is "shared") */
|
|
37
|
+
sharedWith?: string[];
|
|
38
|
+
/** Timestamp when the credential was created */
|
|
39
|
+
createdAt: string;
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Resolve agent identity from transport session + fallback to client assertion.
|
|
43
|
+
*
|
|
44
|
+
* In production, transport-bound identity (from session metadata) takes precedence
|
|
45
|
+
* over the client-asserted agentId argument. This prevents spoofing.
|
|
46
|
+
*
|
|
47
|
+
* @param session - MCP session object (may contain transport-bound identity)
|
|
48
|
+
* @param assertedAgentId - Client-asserted agentId from tool arguments (untrusted)
|
|
49
|
+
* @returns Resolved agent ID, or undefined if no identity available
|
|
50
|
+
*/
|
|
51
|
+
export declare function resolveAgentIdentity(session: {
|
|
52
|
+
agentId?: string;
|
|
53
|
+
metadata?: Record<string, unknown>;
|
|
54
|
+
} | undefined, assertedAgentId?: string): string | undefined;
|
|
55
|
+
/**
|
|
56
|
+
* Default ownership for credentials created via CLI (human admin)
|
|
57
|
+
*/
|
|
58
|
+
export declare function cliCreatedOwnership(): CredentialOwnership;
|
|
59
|
+
/**
|
|
60
|
+
* Default ownership for credentials created by an agent via MCP
|
|
61
|
+
*/
|
|
62
|
+
export declare function agentCreatedOwnership(agentId: string): CredentialOwnership;
|
|
63
|
+
/**
|
|
64
|
+
* Check whether an agent is allowed to access a credential
|
|
65
|
+
*
|
|
66
|
+
* Rules:
|
|
67
|
+
* 1. If no ownership metadata exists, allow access (backward compat)
|
|
68
|
+
* 2. "all-agents" policy: always allow
|
|
69
|
+
* 3. "agent-only" policy: only the creator
|
|
70
|
+
* 4. "shared" policy: creator + listed agents
|
|
71
|
+
*/
|
|
72
|
+
export declare function canAgentAccess(agentId: string | undefined, ownership: CredentialOwnership | undefined): boolean;
|
|
73
|
+
/**
|
|
74
|
+
* Grant access to another agent (changes policy to "shared" if needed)
|
|
75
|
+
*/
|
|
76
|
+
export declare function grantAccess(ownership: CredentialOwnership, targetAgentId: string): CredentialOwnership;
|
|
77
|
+
/**
|
|
78
|
+
* Revoke access from an agent
|
|
79
|
+
*/
|
|
80
|
+
export declare function revokeAccess(ownership: CredentialOwnership, targetAgentId: string): CredentialOwnership;
|
|
81
|
+
//# sourceMappingURL=agent-scope.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"agent-scope.d.ts","sourceRoot":"","sources":["../../src/core/agent-scope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,QAAQ,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,yEAAyE;IACzE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,YAAY,EAAE,YAAY,CAAC;IAC3B,4EAA4E;IAC5E,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAAG,SAAS,EAC7E,eAAe,CAAC,EAAE,MAAM,GACvB,MAAM,GAAG,SAAS,CAepB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,mBAAmB,CAKzD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB,CAM1E;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,mBAAmB,GAAG,SAAS,GACzC,OAAO,CAsBT;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,SAAS,EAAE,mBAAmB,EAC9B,aAAa,EAAE,MAAM,GACpB,mBAAmB,CAerB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,SAAS,EAAE,mBAAmB,EAC9B,aAAa,EAAE,MAAM,GACpB,mBAAmB,CAarB"}
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Agent-scoped credential management for Janee
|
|
4
|
+
*
|
|
5
|
+
* When an agent creates a credential via MCP, it is automatically scoped
|
|
6
|
+
* to that agent. Other agents cannot access it unless the owner (or an admin)
|
|
7
|
+
* explicitly grants access.
|
|
8
|
+
*
|
|
9
|
+
* Access policies:
|
|
10
|
+
* - "agent-only": Only the creating agent can access (default for agent-created creds)
|
|
11
|
+
* - "all-agents": Any agent can access (default for CLI-created creds)
|
|
12
|
+
* - "shared": Specific agents listed in `sharedWith` can access
|
|
13
|
+
*
|
|
14
|
+
* ## Trust Model
|
|
15
|
+
*
|
|
16
|
+
* Agent identity is resolved from the MCP transport session rather than
|
|
17
|
+
* client-asserted tool arguments, when available. The resolution order is:
|
|
18
|
+
*
|
|
19
|
+
* 1. **Transport-bound identity** (preferred): The MCP session metadata
|
|
20
|
+
* (e.g., client certificate, OAuth token subject, or HTTP auth header)
|
|
21
|
+
* provides a verified agentId. This cannot be spoofed.
|
|
22
|
+
*
|
|
23
|
+
* 2. **Client-asserted identity** (fallback): If the transport doesn't carry
|
|
24
|
+
* identity, the agent can self-report via the `agentId` tool argument.
|
|
25
|
+
* This is useful for development/testing but should NOT be trusted in
|
|
26
|
+
* production multi-agent environments.
|
|
27
|
+
*
|
|
28
|
+
* The `resolveAgentIdentity()` function implements this resolution order.
|
|
29
|
+
* Callers should always use it instead of reading `args.agentId` directly.
|
|
30
|
+
*/
|
|
31
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
32
|
+
exports.resolveAgentIdentity = resolveAgentIdentity;
|
|
33
|
+
exports.cliCreatedOwnership = cliCreatedOwnership;
|
|
34
|
+
exports.agentCreatedOwnership = agentCreatedOwnership;
|
|
35
|
+
exports.canAgentAccess = canAgentAccess;
|
|
36
|
+
exports.grantAccess = grantAccess;
|
|
37
|
+
exports.revokeAccess = revokeAccess;
|
|
38
|
+
/**
|
|
39
|
+
* Resolve agent identity from transport session + fallback to client assertion.
|
|
40
|
+
*
|
|
41
|
+
* In production, transport-bound identity (from session metadata) takes precedence
|
|
42
|
+
* over the client-asserted agentId argument. This prevents spoofing.
|
|
43
|
+
*
|
|
44
|
+
* @param session - MCP session object (may contain transport-bound identity)
|
|
45
|
+
* @param assertedAgentId - Client-asserted agentId from tool arguments (untrusted)
|
|
46
|
+
* @returns Resolved agent ID, or undefined if no identity available
|
|
47
|
+
*/
|
|
48
|
+
function resolveAgentIdentity(session, assertedAgentId) {
|
|
49
|
+
// Priority 1: Transport-bound identity from session metadata
|
|
50
|
+
// (set by authenticated MCP transports — OAuth, mTLS, signed tokens)
|
|
51
|
+
if (session?.metadata?.verifiedAgentId) {
|
|
52
|
+
return session.metadata.verifiedAgentId;
|
|
53
|
+
}
|
|
54
|
+
// Priority 2: Session-level agentId (set during session creation)
|
|
55
|
+
if (session?.agentId) {
|
|
56
|
+
return session.agentId;
|
|
57
|
+
}
|
|
58
|
+
// Priority 3 (fallback): Client-asserted identity from tool arguments.
|
|
59
|
+
// WARNING: This is spoofable. Only use in single-agent or dev environments.
|
|
60
|
+
return assertedAgentId;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Default ownership for credentials created via CLI (human admin)
|
|
64
|
+
*/
|
|
65
|
+
function cliCreatedOwnership() {
|
|
66
|
+
return {
|
|
67
|
+
accessPolicy: 'all-agents',
|
|
68
|
+
createdAt: new Date().toISOString()
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Default ownership for credentials created by an agent via MCP
|
|
73
|
+
*/
|
|
74
|
+
function agentCreatedOwnership(agentId) {
|
|
75
|
+
return {
|
|
76
|
+
createdBy: agentId,
|
|
77
|
+
accessPolicy: 'agent-only',
|
|
78
|
+
createdAt: new Date().toISOString()
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Check whether an agent is allowed to access a credential
|
|
83
|
+
*
|
|
84
|
+
* Rules:
|
|
85
|
+
* 1. If no ownership metadata exists, allow access (backward compat)
|
|
86
|
+
* 2. "all-agents" policy: always allow
|
|
87
|
+
* 3. "agent-only" policy: only the creator
|
|
88
|
+
* 4. "shared" policy: creator + listed agents
|
|
89
|
+
*/
|
|
90
|
+
function canAgentAccess(agentId, ownership) {
|
|
91
|
+
// No ownership metadata = legacy credential, allow all
|
|
92
|
+
if (!ownership)
|
|
93
|
+
return true;
|
|
94
|
+
// All-agents policy = unrestricted
|
|
95
|
+
if (ownership.accessPolicy === 'all-agents')
|
|
96
|
+
return true;
|
|
97
|
+
// Agent must identify themselves for restricted policies
|
|
98
|
+
if (!agentId)
|
|
99
|
+
return false;
|
|
100
|
+
// Agent-only: must be the creator
|
|
101
|
+
if (ownership.accessPolicy === 'agent-only') {
|
|
102
|
+
return ownership.createdBy === agentId;
|
|
103
|
+
}
|
|
104
|
+
// Shared: creator or in the shared list
|
|
105
|
+
if (ownership.accessPolicy === 'shared') {
|
|
106
|
+
if (ownership.createdBy === agentId)
|
|
107
|
+
return true;
|
|
108
|
+
return ownership.sharedWith?.includes(agentId) ?? false;
|
|
109
|
+
}
|
|
110
|
+
return false;
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Grant access to another agent (changes policy to "shared" if needed)
|
|
114
|
+
*/
|
|
115
|
+
function grantAccess(ownership, targetAgentId) {
|
|
116
|
+
const updated = { ...ownership };
|
|
117
|
+
if (updated.accessPolicy === 'agent-only') {
|
|
118
|
+
updated.accessPolicy = 'shared';
|
|
119
|
+
updated.sharedWith = [targetAgentId];
|
|
120
|
+
}
|
|
121
|
+
else if (updated.accessPolicy === 'shared') {
|
|
122
|
+
if (!updated.sharedWith)
|
|
123
|
+
updated.sharedWith = [];
|
|
124
|
+
if (!updated.sharedWith.includes(targetAgentId)) {
|
|
125
|
+
updated.sharedWith.push(targetAgentId);
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
// "all-agents" doesn't need grants
|
|
129
|
+
return updated;
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Revoke access from an agent
|
|
133
|
+
*/
|
|
134
|
+
function revokeAccess(ownership, targetAgentId) {
|
|
135
|
+
const updated = { ...ownership };
|
|
136
|
+
if (updated.accessPolicy === 'shared' && updated.sharedWith) {
|
|
137
|
+
updated.sharedWith = updated.sharedWith.filter(id => id !== targetAgentId);
|
|
138
|
+
// If no one is shared with, revert to agent-only
|
|
139
|
+
if (updated.sharedWith.length === 0) {
|
|
140
|
+
updated.accessPolicy = 'agent-only';
|
|
141
|
+
delete updated.sharedWith;
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
return updated;
|
|
145
|
+
}
|
|
146
|
+
//# sourceMappingURL=agent-scope.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"agent-scope.js","sourceRoot":"","sources":["../../src/core/agent-scope.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;;AAyBH,oDAkBC;AAKD,kDAKC;AAKD,sDAMC;AAWD,wCAyBC;AAKD,kCAkBC;AAKD,oCAgBC;AAjID;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAClC,OAA6E,EAC7E,eAAwB;IAExB,6DAA6D;IAC7D,qEAAqE;IACrE,IAAI,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;QACvC,OAAO,OAAO,CAAC,QAAQ,CAAC,eAAyB,CAAC;IACpD,CAAC;IAED,kEAAkE;IAClE,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,OAAO,CAAC;IACzB,CAAC;IAED,uEAAuE;IACvE,4EAA4E;IAC5E,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB;IACjC,OAAO;QACL,YAAY,EAAE,YAAY;QAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,OAAe;IACnD,OAAO;QACL,SAAS,EAAE,OAAO;QAClB,YAAY,EAAE,YAAY;QAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,cAAc,CAC5B,OAA2B,EAC3B,SAA0C;IAE1C,uDAAuD;IACvD,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,mCAAmC;IACnC,IAAI,SAAS,CAAC,YAAY,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC;IAEzD,yDAAyD;IACzD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,kCAAkC;IAClC,IAAI,SAAS,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;QAC5C,OAAO,SAAS,CAAC,SAAS,KAAK,OAAO,CAAC;IACzC,CAAC;IAED,wCAAwC;IACxC,IAAI,SAAS,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QACxC,IAAI,SAAS,CAAC,SAAS,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QACjD,OAAO,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC;IAC1D,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CACzB,SAA8B,EAC9B,aAAqB;IAErB,MAAM,OAAO,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;IAEjC,IAAI,OAAO,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;QAC1C,OAAO,CAAC,YAAY,GAAG,QAAQ,CAAC;QAChC,OAAO,CAAC,UAAU,GAAG,CAAC,aAAa,CAAC,CAAC;IACvC,CAAC;SAAM,IAAI,OAAO,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC7C,IAAI,CAAC,OAAO,CAAC,UAAU;YAAE,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QACjD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAChD,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IACD,mCAAmC;IAEnC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAC1B,SAA8B,EAC9B,aAAqB;IAErB,MAAM,OAAO,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;IAEjC,IAAI,OAAO,CAAC,YAAY,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QAC5D,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,aAAa,CAAC,CAAC;QAC3E,iDAAiD;QACjD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;YACpC,OAAO,OAAO,CAAC,UAAU,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secure CLI Execution for Janee (RFC 0001)
|
|
3
|
+
*
|
|
4
|
+
* Executes CLI commands with credentials injected via environment variables.
|
|
5
|
+
* The agent specifies the command to run but never sees the actual credential.
|
|
6
|
+
* Janee's core security property is preserved: agent never sees the key.
|
|
7
|
+
*/
|
|
8
|
+
export interface ExecCapability {
|
|
9
|
+
service: string;
|
|
10
|
+
mode: 'exec';
|
|
11
|
+
allowCommands: string[];
|
|
12
|
+
env: Record<string, string>;
|
|
13
|
+
workDir?: string;
|
|
14
|
+
ttl: string;
|
|
15
|
+
autoApprove?: boolean;
|
|
16
|
+
requiresReason?: boolean;
|
|
17
|
+
timeout?: number;
|
|
18
|
+
}
|
|
19
|
+
export interface ExecRequest {
|
|
20
|
+
capability: string;
|
|
21
|
+
command: string[];
|
|
22
|
+
stdin?: string;
|
|
23
|
+
}
|
|
24
|
+
export interface ExecResult {
|
|
25
|
+
stdout: string;
|
|
26
|
+
stderr: string;
|
|
27
|
+
exitCode: number;
|
|
28
|
+
executionTimeMs: number;
|
|
29
|
+
}
|
|
30
|
+
export interface ExecAuditEvent {
|
|
31
|
+
id: string;
|
|
32
|
+
timestamp: string;
|
|
33
|
+
type: 'cli_execution';
|
|
34
|
+
service: string;
|
|
35
|
+
capability: string;
|
|
36
|
+
command: string[];
|
|
37
|
+
exitCode: number;
|
|
38
|
+
executionTimeMs: number;
|
|
39
|
+
stdout: string;
|
|
40
|
+
stderr: string;
|
|
41
|
+
denied?: boolean;
|
|
42
|
+
denyReason?: string;
|
|
43
|
+
reason?: string;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Validate that a command is allowed by the capability's whitelist
|
|
47
|
+
*/
|
|
48
|
+
export declare function validateCommand(command: string[], allowCommands: string[]): {
|
|
49
|
+
allowed: boolean;
|
|
50
|
+
reason?: string;
|
|
51
|
+
};
|
|
52
|
+
/**
|
|
53
|
+
* Build environment variables for command execution.
|
|
54
|
+
* Replaces {{credential}} placeholders with the actual secret.
|
|
55
|
+
* Replaces {{apiKey}} and {{apiSecret}} for HMAC-style auth.
|
|
56
|
+
*/
|
|
57
|
+
export declare function buildExecEnv(envTemplate: Record<string, string>, credential: string, extraCredentials?: {
|
|
58
|
+
apiKey?: string;
|
|
59
|
+
apiSecret?: string;
|
|
60
|
+
passphrase?: string;
|
|
61
|
+
}): Record<string, string>;
|
|
62
|
+
/**
|
|
63
|
+
* Scrub credential values from output strings.
|
|
64
|
+
* Prevents accidental credential leakage in stdout/stderr.
|
|
65
|
+
*/
|
|
66
|
+
export declare function scrubCredentials(output: string, credential: string, extraCredentials?: {
|
|
67
|
+
apiKey?: string;
|
|
68
|
+
apiSecret?: string;
|
|
69
|
+
passphrase?: string;
|
|
70
|
+
}): string;
|
|
71
|
+
/**
|
|
72
|
+
* Execute a CLI command with injected credentials.
|
|
73
|
+
* Returns stdout/stderr/exitCode without exposing the credential.
|
|
74
|
+
*/
|
|
75
|
+
export declare function executeCommand(command: string[], injectedEnv: Record<string, string>, options: {
|
|
76
|
+
workDir?: string;
|
|
77
|
+
timeout?: number;
|
|
78
|
+
stdin?: string;
|
|
79
|
+
credential: string;
|
|
80
|
+
extraCredentials?: {
|
|
81
|
+
apiKey?: string;
|
|
82
|
+
apiSecret?: string;
|
|
83
|
+
passphrase?: string;
|
|
84
|
+
};
|
|
85
|
+
}): Promise<ExecResult>;
|
|
86
|
+
//# sourceMappingURL=exec.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/core/exec.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,eAAe,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EAAE,EACjB,aAAa,EAAE,MAAM,EAAE,GACtB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CA0BvC;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAC1B,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,UAAU,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9E,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBxB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9E,MAAM,CAmBR;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EAAE,EACjB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,OAAO,EAAE;IACP,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACjF,GACA,OAAO,CAAC,UAAU,CAAC,CAuErB"}
|