@tuent/sentinel 0.1.0

package/dist/chunk-CUJKNIKT.js

@@ -0,0 +1,62 @@
+// src/setup/pidManager.ts
+import { readFileSync, writeFileSync, unlinkSync, renameSync } from "fs";
+import { execSync } from "child_process";
+import { join } from "path";
+var PID_FILENAME = "sentinel-gateway.pid";
+function readPidFile(home) {
+  try {
+    const raw = readFileSync(join(home, ".dahlia", PID_FILENAME), "utf-8").trim();
+    const pid = parseInt(raw, 10);
+    return Number.isFinite(pid) && pid > 0 ? pid : null;
+  } catch {
+    return null;
+  }
+}
+function writePidFile(home, pid) {
+  const pidPath = join(home, ".dahlia", PID_FILENAME);
+  const tmpPath = pidPath + `.tmp.${process.pid}`;
+  writeFileSync(tmpPath, String(pid) + "\n", { mode: 384 });
+  renameSync(tmpPath, pidPath);
+}
+function removePidFile(home) {
+  try {
+    unlinkSync(join(home, ".dahlia", PID_FILENAME));
+  } catch {
+  }
+}
+function verifyPidIsGateway(pid) {
+  if (process.platform === "win32") {
+    throw new Error(
+      "PID validity check via 'ps' is not supported on Windows. macOS and Linux only for Sprint 5."
+    );
+  }
+  try {
+    const output = execSync(`ps -p ${pid} -o comm=`, {
+      stdio: "pipe",
+      encoding: "utf-8"
+    }).trim();
+    return output.includes("node");
+  } catch {
+    return false;
+  }
+}
+function acquireGatewayLock(home) {
+  const existingPid = readPidFile(home);
+  if (existingPid === null) {
+    return { reused: false, pid: null };
+  }
+  if (verifyPidIsGateway(existingPid)) {
+    return { reused: true, pid: existingPid };
+  }
+  removePidFile(home);
+  return { reused: false, pid: null };
+}
+
+export {
+  readPidFile,
+  writePidFile,
+  removePidFile,
+  verifyPidIsGateway,
+  acquireGatewayLock
+};
+//# sourceMappingURL=chunk-CUJKNIKT.js.map

package/dist/chunk-FMZWHT4M.js

@@ -0,0 +1,20 @@
+// src/setup/policyDiscovery.ts
+import { existsSync } from "fs";
+import { resolve, join, dirname } from "path";
+function discoverPolicy(startDir, home) {
+  let dir = resolve(startDir);
+  const homeAbs = resolve(home);
+  while (true) {
+    const candidate = join(dir, ".sentinel.yaml");
+    if (existsSync(candidate)) return candidate;
+    if (dir === homeAbs) return null;
+    const parent = dirname(dir);
+    if (parent === dir) return null;
+    dir = parent;
+  }
+}
+
+export {
+  discoverPolicy
+};
+//# sourceMappingURL=chunk-FMZWHT4M.js.map

package/dist/chunk-NUXSUSYY.js

@@ -0,0 +1,95 @@
+// src/auditTrailKeys.ts
+import {
+  createPublicKey,
+  generateKeyPairSync,
+  sign as cryptoSign,
+  verify as cryptoVerify
+} from "crypto";
+var ED25519_SPKI_HEADER = Buffer.from("302a300506032b6570032100", "hex");
+function generateKeyPair() {
+  const { privateKey, publicKey } = generateKeyPairSync("ed25519");
+  return { privateKey, publicKey };
+}
+async function saveKeyPair(privateKey, publicKey, keyDir) {
+  const { writeFile, mkdir, chmod } = await import("fs/promises");
+  await mkdir(keyDir, { recursive: true });
+  const privPath = `${keyDir}/signing.key`;
+  const pubPath = `${keyDir}/signing.pub`;
+  const privPem = privateKey.export({ type: "pkcs8", format: "pem" });
+  const pubPem = publicKey.export({ type: "spki", format: "pem" });
+  await writeFile(privPath, privPem, { mode: 384 });
+  await writeFile(pubPath, pubPem, { mode: 420 });
+  if (process.platform !== "win32") {
+    await chmod(privPath, 384);
+  }
+}
+async function loadKeyPair(keyDir) {
+  const { readFile } = await import("fs/promises");
+  const { createPrivateKey, createPublicKey: createPub } = await import("crypto");
+  const privPath = `${keyDir}/signing.key`;
+  const pubPath = `${keyDir}/signing.pub`;
+  let privPem;
+  let pubPem;
+  try {
+    privPem = await readFile(privPath, "utf-8");
+    pubPem = await readFile(pubPath, "utf-8");
+  } catch (err) {
+    if (err && typeof err === "object" && "code" in err && err.code === "ENOENT") {
+      return null;
+    }
+    throw new Error(`Failed to load signing keys from ${keyDir}: ${err}`, { cause: err });
+  }
+  try {
+    const privateKey = createPrivateKey({ key: privPem, format: "pem", type: "pkcs8" });
+    const publicKey = createPub({ key: pubPem, format: "pem", type: "spki" });
+    return { privateKey, publicKey };
+  } catch (err) {
+    throw new Error(`Corrupt signing keys in ${keyDir}: ${err}`, { cause: err });
+  }
+}
+async function getOrCreateKeyPair(keyDir) {
+  const existing = await loadKeyPair(keyDir);
+  if (existing) return existing;
+  const keyPair = generateKeyPair();
+  await saveKeyPair(keyPair.privateKey, keyPair.publicKey, keyDir);
+  return keyPair;
+}
+function publicKeyToBase64(publicKey) {
+  const spki = publicKey.export({ type: "spki", format: "der" });
+  const raw = spki.subarray(ED25519_SPKI_HEADER.length);
+  return raw.toString("base64");
+}
+function publicKeyFromBase64(b64) {
+  const raw = Buffer.from(b64, "base64");
+  const spki = Buffer.concat([ED25519_SPKI_HEADER, raw]);
+  return createPublicKey({ key: spki, format: "der", type: "spki" });
+}
+function signPayload(payload, privateKey) {
+  const signature = cryptoSign(null, Buffer.from(payload, "utf-8"), privateKey);
+  return signature.toString("base64");
+}
+function verifySignature(payload, signature, publicKeyB64) {
+  const publicKey = publicKeyFromBase64(publicKeyB64);
+  const sigBuf = Buffer.from(signature, "base64");
+  return cryptoVerify(null, Buffer.from(payload, "utf-8"), publicKey, sigBuf);
+}
+function reconstructSigningPayload(rawLine) {
+  const parsed = JSON.parse(rawLine);
+  delete parsed.signature;
+  delete parsed.signerPublicKey;
+  delete parsed.hash;
+  return JSON.stringify(parsed);
+}
+
+export {
+  generateKeyPair,
+  saveKeyPair,
+  loadKeyPair,
+  getOrCreateKeyPair,
+  publicKeyToBase64,
+  publicKeyFromBase64,
+  signPayload,
+  verifySignature,
+  reconstructSigningPayload
+};
+//# sourceMappingURL=chunk-NUXSUSYY.js.map

package/dist/chunk-PDWWRZXF.js

@@ -0,0 +1,238 @@
+// src/adapters/logAdapter.ts
+import { homedir } from "os";
+function resolveHome(filePath) {
+  if (filePath.startsWith("~/")) {
+    return homedir() + filePath.slice(1);
+  }
+  return filePath;
+}
+var LogAdapter = class {
+  agentId;
+  logPath;
+  format;
+  fieldMapping;
+  pollIntervalMs;
+  lastReadPosition = 0;
+  pendingFragment = "";
+  running = false;
+  polling = false;
+  pollTimer = null;
+  onEvent = null;
+  readExisting;
+  stateDir;
+  constructor(agentId, logPath, options) {
+    this.agentId = agentId;
+    this.logPath = resolveHome(logPath);
+    this.format = options?.format ?? "json-lines";
+    this.fieldMapping = options?.fieldMapping;
+    this.pollIntervalMs = options?.pollIntervalMs ?? 2e3;
+    this.readExisting = options?.readExisting ?? false;
+    this.stateDir = options?.stateDir;
+  }
+  async start(onEvent) {
+    if (this.running) return;
+    this.onEvent = onEvent;
+    this.running = true;
+    const savedPosition = await this.loadCursor();
+    if (savedPosition !== null) {
+      this.lastReadPosition = savedPosition;
+    } else if (!this.readExisting) {
+      const { stat } = await import("fs/promises");
+      try {
+        const info = await stat(this.logPath);
+        this.lastReadPosition = info.size;
+      } catch {
+        this.lastReadPosition = 0;
+      }
+    } else {
+      this.lastReadPosition = 0;
+    }
+    this.pollTimer = setInterval(() => this.poll(), this.pollIntervalMs);
+    console.log(`LogAdapter watching ${this.logPath} for agent ${this.agentId}`);
+  }
+  async stop() {
+    if (this.pollTimer !== null) {
+      clearInterval(this.pollTimer);
+      this.pollTimer = null;
+    }
+    await this.saveCursor();
+    this.running = false;
+    this.onEvent = null;
+    console.log(`LogAdapter stopped for agent ${this.agentId}`);
+  }
+  async poll() {
+    if (!this.running || this.polling) return;
+    this.polling = true;
+    try {
+      const lines = await this.readNewLines();
+      for (const line of lines) {
+        if (!this.running) break;
+        const event = this.parseLine(line);
+        if (event) {
+          try {
+            this.onEvent?.(event);
+          } catch (err) {
+            console.warn(`Error in onEvent callback: ${err}`);
+          }
+        }
+      }
+    } catch (err) {
+      console.warn(`LogAdapter poll error: ${err}`);
+    } finally {
+      this.polling = false;
+    }
+  }
+  async readNewLines() {
+    const { stat, open } = await import("fs/promises");
+    let info;
+    try {
+      info = await stat(this.logPath);
+    } catch {
+      return [];
+    }
+    const size = info.size;
+    if (size < this.lastReadPosition) {
+      this.lastReadPosition = 0;
+      this.pendingFragment = "";
+    }
+    if (size === this.lastReadPosition) {
+      return [];
+    }
+    const MAX_READ_CHUNK = 5 * 1024 * 1024;
+    const bytesToRead = Math.min(size - this.lastReadPosition, MAX_READ_CHUNK);
+    const buffer = Buffer.alloc(bytesToRead);
+    let handle;
+    let bytesActuallyRead;
+    try {
+      handle = await open(this.logPath, "r");
+      const result = await handle.read(buffer, 0, bytesToRead, this.lastReadPosition);
+      bytesActuallyRead = result.bytesRead;
+    } catch {
+      return [];
+    } finally {
+      await handle?.close();
+    }
+    this.lastReadPosition += bytesActuallyRead;
+    const raw = this.pendingFragment + buffer.toString("utf-8", 0, bytesActuallyRead);
+    const segments = raw.split("\n");
+    this.pendingFragment = segments.pop() ?? "";
+    return segments.filter((l) => l.length > 0);
+  }
+  parseLine(line) {
+    if (this.format === "csv") {
+      return this.parseCsvLine(line);
+    }
+    return this.parseJsonLine(line);
+  }
+  parseJsonLine(line) {
+    let obj;
+    try {
+      obj = JSON.parse(line);
+    } catch {
+      console.warn(`Failed to parse JSON line: ${line}`);
+      return null;
+    }
+    if (this.fieldMapping) {
+      const remapped = { ...obj };
+      for (const [eventKey, sourceKey] of Object.entries(this.fieldMapping)) {
+        if (sourceKey in obj) {
+          remapped[eventKey] = obj[sourceKey];
+        }
+      }
+      obj = remapped;
+    }
+    obj.agentId = this.agentId;
+    if (!obj.agentName) obj.agentName = this.agentId;
+    if (!obj.agentRole) obj.agentRole = "unknown";
+    if (typeof obj.action !== "string" || typeof obj.timestamp !== "string") {
+      console.warn(`Missing required fields in log line: ${line}`);
+      return null;
+    }
+    let targets;
+    let primaryTarget;
+    if (Array.isArray(obj.targets) && obj.targets.length > 0) {
+      targets = obj.targets.map(String);
+      primaryTarget = targets[0];
+    } else if (typeof obj.target === "string") {
+      targets = [obj.target];
+      primaryTarget = obj.target;
+    } else {
+      console.warn(`Missing required fields in log line: ${line}`);
+      return null;
+    }
+    return {
+      ...obj,
+      agentId: String(obj.agentId),
+      agentName: String(obj.agentName),
+      agentRole: String(obj.agentRole),
+      action: obj.action,
+      targets,
+      primaryTarget,
+      schemaVersion: 2,
+      timestamp: obj.timestamp
+    };
+  }
+  get cursorPath() {
+    if (!this.stateDir) return null;
+    return `${this.stateDir}/log-cursor.json`;
+  }
+  async loadCursor() {
+    const path = this.cursorPath;
+    if (!path) return null;
+    try {
+      const { readFile } = await import("fs/promises");
+      const raw = await readFile(path, "utf-8");
+      const data = JSON.parse(raw);
+      if (data.logPath === this.logPath) return data.position;
+    } catch {
+    }
+    return null;
+  }
+  async saveCursor() {
+    const path = this.cursorPath;
+    if (!path) return;
+    try {
+      const { writeFile, mkdir } = await import("fs/promises");
+      await mkdir(this.stateDir, { recursive: true });
+      await writeFile(
+        path,
+        JSON.stringify({ position: this.lastReadPosition, logPath: this.logPath }) + "\n"
+      );
+    } catch (err) {
+      console.warn(`Failed to save log cursor: ${err}`);
+    }
+  }
+  parseCsvLine(line) {
+    const parts = line.split(",");
+    if (parts.length < 3) {
+      console.warn(`CSV line has too few columns: ${line}`);
+      return null;
+    }
+    const [timestamp, action, target, ...rest] = parts;
+    const metadataRaw = rest.join(",").trim();
+    let metadata;
+    if (metadataRaw) {
+      try {
+        metadata = JSON.parse(metadataRaw);
+      } catch {
+      }
+    }
+    const trimmedTarget = target.trim();
+    return {
+      agentId: this.agentId,
+      agentName: this.agentId,
+      agentRole: "unknown",
+      action: action.trim(),
+      targets: [trimmedTarget],
+      primaryTarget: trimmedTarget,
+      schemaVersion: 2,
+      timestamp: timestamp.trim(),
+      metadata
+    };
+  }
+};
+
+export {
+  LogAdapter
+};
+//# sourceMappingURL=chunk-PDWWRZXF.js.map