@undefineds.co/xpod 0.1.0-local.202602081751
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +22 -0
- package/README.md +146 -0
- package/components/components.jsonld +72 -0
- package/components/context.jsonld +1635 -0
- package/config/bun.json +90 -0
- package/config/cli.json +260 -0
- package/config/cloud.json +469 -0
- package/config/extensions.local.initializer.json +23 -0
- package/config/local.json +261 -0
- package/config/logging/configurable.json +18 -0
- package/config/main.json +200 -0
- package/config/main.vanilla.json +6 -0
- package/config/resolver.json +347 -0
- package/config/search.json +66 -0
- package/config/seed.dev.json +29 -0
- package/config/seeds/admin.example.json +11 -0
- package/config/seeds/test.json +11 -0
- package/config/terminal.json +22 -0
- package/config/vector.json +35 -0
- package/config/xpod.base.json +155 -0
- package/config/xpod.cluster.json +419 -0
- package/config/xpod.json +233 -0
- package/dist/agents/AgentExecutorFactory.d.ts +67 -0
- package/dist/agents/AgentExecutorFactory.js +193 -0
- package/dist/agents/AgentExecutorFactory.js.map +1 -0
- package/dist/agents/AgentManager.d.ts +114 -0
- package/dist/agents/AgentManager.js +289 -0
- package/dist/agents/AgentManager.js.map +1 -0
- package/dist/agents/BaseAgentExecutor.d.ts +67 -0
- package/dist/agents/BaseAgentExecutor.js +101 -0
- package/dist/agents/BaseAgentExecutor.js.map +1 -0
- package/dist/agents/ClaudeExecutor.d.ts +63 -0
- package/dist/agents/ClaudeExecutor.js +335 -0
- package/dist/agents/ClaudeExecutor.js.map +1 -0
- package/dist/agents/CodeBuddyExecutor.d.ts +54 -0
- package/dist/agents/CodeBuddyExecutor.js +273 -0
- package/dist/agents/CodeBuddyExecutor.js.map +1 -0
- package/dist/agents/IndexAgent.d.ts +70 -0
- package/dist/agents/IndexAgent.js +417 -0
- package/dist/agents/IndexAgent.js.map +1 -0
- package/dist/agents/index.d.ts +22 -0
- package/dist/agents/index.js +48 -0
- package/dist/agents/index.js.map +1 -0
- package/dist/agents/schema/agent-config.d.ts +58 -0
- package/dist/agents/schema/agent-config.js +74 -0
- package/dist/agents/schema/agent-config.js.map +1 -0
- package/dist/agents/schema/tables.d.ts +46 -0
- package/dist/agents/schema/tables.js +64 -0
- package/dist/agents/schema/tables.js.map +1 -0
- package/dist/agents/types.d.ts +266 -0
- package/dist/agents/types.js +9 -0
- package/dist/agents/types.js.map +1 -0
- package/dist/ai/index.d.ts +5 -0
- package/dist/ai/index.js +22 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/ai/schema/config.d.ts +27 -0
- package/dist/ai/schema/config.js +36 -0
- package/dist/ai/schema/config.js.map +1 -0
- package/dist/ai/schema/index.d.ts +8 -0
- package/dist/ai/schema/index.js +27 -0
- package/dist/ai/schema/index.js.map +1 -0
- package/dist/ai/schema/model.d.ts +40 -0
- package/dist/ai/schema/model.js +60 -0
- package/dist/ai/schema/model.js.map +1 -0
- package/dist/ai/schema/provider.d.ts +21 -0
- package/dist/ai/schema/provider.js +30 -0
- package/dist/ai/schema/provider.js.map +1 -0
- package/dist/ai/schema/types.d.ts +52 -0
- package/dist/ai/schema/types.js +62 -0
- package/dist/ai/schema/types.js.map +1 -0
- package/dist/ai/schema/vector-store.d.ts +53 -0
- package/dist/ai/schema/vector-store.js +65 -0
- package/dist/ai/schema/vector-store.js.map +1 -0
- package/dist/ai/service/CredentialReader.d.ts +7 -0
- package/dist/ai/service/CredentialReader.js +10 -0
- package/dist/ai/service/CredentialReader.js.map +1 -0
- package/dist/ai/service/CredentialReaderImpl.d.ts +6 -0
- package/dist/ai/service/CredentialReaderImpl.js +55 -0
- package/dist/ai/service/CredentialReaderImpl.js.map +1 -0
- package/dist/ai/service/EmbeddingService.d.ts +8 -0
- package/dist/ai/service/EmbeddingService.js +10 -0
- package/dist/ai/service/EmbeddingService.js.map +1 -0
- package/dist/ai/service/EmbeddingServiceImpl.d.ts +11 -0
- package/dist/ai/service/EmbeddingServiceImpl.js +73 -0
- package/dist/ai/service/EmbeddingServiceImpl.js.map +1 -0
- package/dist/ai/service/ProviderRegistry.d.ts +26 -0
- package/dist/ai/service/ProviderRegistry.js +10 -0
- package/dist/ai/service/ProviderRegistry.js.map +1 -0
- package/dist/ai/service/ProviderRegistryImpl.d.ts +14 -0
- package/dist/ai/service/ProviderRegistryImpl.js +112 -0
- package/dist/ai/service/ProviderRegistryImpl.js.map +1 -0
- package/dist/ai/service/index.d.ts +10 -0
- package/dist/ai/service/index.js +29 -0
- package/dist/ai/service/index.js.map +1 -0
- package/dist/ai/service/types.d.ts +12 -0
- package/dist/ai/service/types.js +6 -0
- package/dist/ai/service/types.js.map +1 -0
- package/dist/api/ApiServer.d.ts +77 -0
- package/dist/api/ApiServer.js +191 -0
- package/dist/api/ApiServer.js.map +1 -0
- package/dist/api/auth/AuthContext.d.ts +41 -0
- package/dist/api/auth/AuthContext.js +44 -0
- package/dist/api/auth/AuthContext.js.map +1 -0
- package/dist/api/auth/Authenticator.d.ts +23 -0
- package/dist/api/auth/Authenticator.js +3 -0
- package/dist/api/auth/Authenticator.js.map +1 -0
- package/dist/api/auth/ClientCredentialsAuthenticator.d.ts +56 -0
- package/dist/api/auth/ClientCredentialsAuthenticator.js +191 -0
- package/dist/api/auth/ClientCredentialsAuthenticator.js.map +1 -0
- package/dist/api/auth/MultiAuthenticator.d.ts +15 -0
- package/dist/api/auth/MultiAuthenticator.js +36 -0
- package/dist/api/auth/MultiAuthenticator.js.map +1 -0
- package/dist/api/auth/NodeTokenAuthenticator.d.ts +21 -0
- package/dist/api/auth/NodeTokenAuthenticator.js +124 -0
- package/dist/api/auth/NodeTokenAuthenticator.js.map +1 -0
- package/dist/api/auth/SolidTokenAuthenticator.d.ts +27 -0
- package/dist/api/auth/SolidTokenAuthenticator.js +144 -0
- package/dist/api/auth/SolidTokenAuthenticator.js.map +1 -0
- package/dist/api/auth/index.d.ts +5 -0
- package/dist/api/auth/index.js +23 -0
- package/dist/api/auth/index.js.map +1 -0
- package/dist/api/chatkit/ai-provider.d.ts +44 -0
- package/dist/api/chatkit/ai-provider.js +157 -0
- package/dist/api/chatkit/ai-provider.js.map +1 -0
- package/dist/api/chatkit/index.d.ts +11 -0
- package/dist/api/chatkit/index.js +44 -0
- package/dist/api/chatkit/index.js.map +1 -0
- package/dist/api/chatkit/pod-store.d.ts +154 -0
- package/dist/api/chatkit/pod-store.js +794 -0
- package/dist/api/chatkit/pod-store.js.map +1 -0
- package/dist/api/chatkit/schema.d.ts +139 -0
- package/dist/api/chatkit/schema.js +168 -0
- package/dist/api/chatkit/schema.js.map +1 -0
- package/dist/api/chatkit/service.d.ts +143 -0
- package/dist/api/chatkit/service.js +442 -0
- package/dist/api/chatkit/service.js.map +1 -0
- package/dist/api/chatkit/store.d.ts +63 -0
- package/dist/api/chatkit/store.js +178 -0
- package/dist/api/chatkit/store.js.map +1 -0
- package/dist/api/chatkit/types.d.ts +461 -0
- package/dist/api/chatkit/types.js +50 -0
- package/dist/api/chatkit/types.js.map +1 -0
- package/dist/api/container/cloud.d.ts +12 -0
- package/dist/api/container/cloud.js +97 -0
- package/dist/api/container/cloud.js.map +1 -0
- package/dist/api/container/common.d.ts +11 -0
- package/dist/api/container/common.js +82 -0
- package/dist/api/container/common.js.map +1 -0
- package/dist/api/container/index.d.ts +16 -0
- package/dist/api/container/index.js +90 -0
- package/dist/api/container/index.js.map +1 -0
- package/dist/api/container/local.d.ts +13 -0
- package/dist/api/container/local.js +197 -0
- package/dist/api/container/local.js.map +1 -0
- package/dist/api/container/routes.d.ts +11 -0
- package/dist/api/container/routes.js +129 -0
- package/dist/api/container/routes.js.map +1 -0
- package/dist/api/container/types.d.ts +92 -0
- package/dist/api/container/types.js +8 -0
- package/dist/api/container/types.js.map +1 -0
- package/dist/api/handlers/AdminHandler.d.ts +6 -0
- package/dist/api/handlers/AdminHandler.js +330 -0
- package/dist/api/handlers/AdminHandler.js.map +1 -0
- package/dist/api/handlers/ApiKeyHandler.d.ts +15 -0
- package/dist/api/handlers/ApiKeyHandler.js +159 -0
- package/dist/api/handlers/ApiKeyHandler.js.map +1 -0
- package/dist/api/handlers/ChatHandler.d.ts +60 -0
- package/dist/api/handlers/ChatHandler.js +230 -0
- package/dist/api/handlers/ChatHandler.js.map +1 -0
- package/dist/api/handlers/ChatKitHandler.d.ts +18 -0
- package/dist/api/handlers/ChatKitHandler.js +151 -0
- package/dist/api/handlers/ChatKitHandler.js.map +1 -0
- package/dist/api/handlers/DashboardHandler.d.ts +14 -0
- package/dist/api/handlers/DashboardHandler.js +117 -0
- package/dist/api/handlers/DashboardHandler.js.map +1 -0
- package/dist/api/handlers/DdnsHandler.d.ts +19 -0
- package/dist/api/handlers/DdnsHandler.js +306 -0
- package/dist/api/handlers/DdnsHandler.js.map +1 -0
- package/dist/api/handlers/DevHandler.d.ts +18 -0
- package/dist/api/handlers/DevHandler.js +276 -0
- package/dist/api/handlers/DevHandler.js.map +1 -0
- package/dist/api/handlers/NodeHandler.d.ts +16 -0
- package/dist/api/handlers/NodeHandler.js +190 -0
- package/dist/api/handlers/NodeHandler.js.map +1 -0
- package/dist/api/handlers/PodManagementHandler.d.ts +39 -0
- package/dist/api/handlers/PodManagementHandler.js +294 -0
- package/dist/api/handlers/PodManagementHandler.js.map +1 -0
- package/dist/api/handlers/QuotaHandler.d.ts +21 -0
- package/dist/api/handlers/QuotaHandler.js +209 -0
- package/dist/api/handlers/QuotaHandler.js.map +1 -0
- package/dist/api/handlers/SignalHandler.d.ts +13 -0
- package/dist/api/handlers/SignalHandler.js +122 -0
- package/dist/api/handlers/SignalHandler.js.map +1 -0
- package/dist/api/handlers/SubdomainClientHandler.d.ts +24 -0
- package/dist/api/handlers/SubdomainClientHandler.js +169 -0
- package/dist/api/handlers/SubdomainClientHandler.js.map +1 -0
- package/dist/api/handlers/SubdomainHandler.d.ts +17 -0
- package/dist/api/handlers/SubdomainHandler.js +312 -0
- package/dist/api/handlers/SubdomainHandler.js.map +1 -0
- package/dist/api/handlers/VectorHandler.d.ts +15 -0
- package/dist/api/handlers/VectorHandler.js +293 -0
- package/dist/api/handlers/VectorHandler.js.map +1 -0
- package/dist/api/handlers/VectorStoreHandler.d.ts +20 -0
- package/dist/api/handlers/VectorStoreHandler.js +348 -0
- package/dist/api/handlers/VectorStoreHandler.js.map +1 -0
- package/dist/api/handlers/VectorStoreWebhookHandler.d.ts +74 -0
- package/dist/api/handlers/VectorStoreWebhookHandler.js +121 -0
- package/dist/api/handlers/VectorStoreWebhookHandler.js.map +1 -0
- package/dist/api/handlers/WebIdProfileHandler.d.ts +14 -0
- package/dist/api/handlers/WebIdProfileHandler.js +204 -0
- package/dist/api/handlers/WebIdProfileHandler.js.map +1 -0
- package/dist/api/handlers/index.d.ts +11 -0
- package/dist/api/handlers/index.js +28 -0
- package/dist/api/handlers/index.js.map +1 -0
- package/dist/api/index.d.ts +12 -0
- package/dist/api/index.js +29 -0
- package/dist/api/index.js.map +1 -0
- package/dist/api/main.d.ts +14 -0
- package/dist/api/main.js +106 -0
- package/dist/api/main.js.map +1 -0
- package/dist/api/middleware/AuthMiddleware.d.ts +35 -0
- package/dist/api/middleware/AuthMiddleware.js +51 -0
- package/dist/api/middleware/AuthMiddleware.js.map +1 -0
- package/dist/api/middleware/index.d.ts +1 -0
- package/dist/api/middleware/index.js +18 -0
- package/dist/api/middleware/index.js.map +1 -0
- package/dist/api/models/model-provider.schema.d.ts +12 -0
- package/dist/api/models/model-provider.schema.js +21 -0
- package/dist/api/models/model-provider.schema.js.map +1 -0
- package/dist/api/models/namespaces.d.ts +9 -0
- package/dist/api/models/namespaces.js +34 -0
- package/dist/api/models/namespaces.js.map +1 -0
- package/dist/api/service/InternalPodService.d.ts +19 -0
- package/dist/api/service/InternalPodService.js +82 -0
- package/dist/api/service/InternalPodService.js.map +1 -0
- package/dist/api/service/VectorService.d.ts +156 -0
- package/dist/api/service/VectorService.js +202 -0
- package/dist/api/service/VectorService.js.map +1 -0
- package/dist/api/service/VectorStoreService.d.ts +262 -0
- package/dist/api/service/VectorStoreService.js +985 -0
- package/dist/api/service/VectorStoreService.js.map +1 -0
- package/dist/api/service/VercelChatService.d.ts +28 -0
- package/dist/api/service/VercelChatService.js +289 -0
- package/dist/api/service/VercelChatService.js.map +1 -0
- package/dist/api/store/DrizzleClientCredentialsStore.d.ts +56 -0
- package/dist/api/store/DrizzleClientCredentialsStore.js +145 -0
- package/dist/api/store/DrizzleClientCredentialsStore.js.map +1 -0
- package/dist/api/store/index.d.ts +1 -0
- package/dist/api/store/index.js +18 -0
- package/dist/api/store/index.js.map +1 -0
- package/dist/components/components.jsonld +88 -0
- package/dist/components/context.jsonld +1962 -0
- package/dist/credential/index.d.ts +1 -0
- package/dist/credential/index.js +18 -0
- package/dist/credential/index.js.map +1 -0
- package/dist/credential/schema/index.d.ts +2 -0
- package/dist/credential/schema/index.js +19 -0
- package/dist/credential/schema/index.js.map +1 -0
- package/dist/credential/schema/tables.d.ts +31 -0
- package/dist/credential/schema/tables.js +42 -0
- package/dist/credential/schema/tables.js.map +1 -0
- package/dist/credential/schema/types.d.ts +20 -0
- package/dist/credential/schema/types.js +26 -0
- package/dist/credential/schema/types.js.map +1 -0
- package/dist/dns/DnsProvider.d.ts +46 -0
- package/dist/dns/DnsProvider.js +3 -0
- package/dist/dns/DnsProvider.js.map +1 -0
- package/dist/dns/DnsProvider.jsonld +161 -0
- package/dist/dns/cloudflare/CloudflareDnsProvider.d.ts +51 -0
- package/dist/dns/cloudflare/CloudflareDnsProvider.js +227 -0
- package/dist/dns/cloudflare/CloudflareDnsProvider.js.map +1 -0
- package/dist/dns/cloudflare/index.d.ts +1 -0
- package/dist/dns/cloudflare/index.js +18 -0
- package/dist/dns/cloudflare/index.js.map +1 -0
- package/dist/dns/tencent/TencentDnsProvider.d.ts +42 -0
- package/dist/dns/tencent/TencentDnsProvider.js +221 -0
- package/dist/dns/tencent/TencentDnsProvider.js.map +1 -0
- package/dist/dns/tencent/TencentDnsProvider.jsonld +239 -0
- package/dist/document/Chunker.d.ts +64 -0
- package/dist/document/Chunker.js +8 -0
- package/dist/document/Chunker.js.map +1 -0
- package/dist/document/DocumentParser.d.ts +58 -0
- package/dist/document/DocumentParser.js +8 -0
- package/dist/document/DocumentParser.js.map +1 -0
- package/dist/document/HeadingChunker.d.ts +34 -0
- package/dist/document/HeadingChunker.js +182 -0
- package/dist/document/HeadingChunker.js.map +1 -0
- package/dist/document/JinaDocumentParser.d.ts +40 -0
- package/dist/document/JinaDocumentParser.js +129 -0
- package/dist/document/JinaDocumentParser.js.map +1 -0
- package/dist/document/index.d.ts +7 -0
- package/dist/document/index.js +26 -0
- package/dist/document/index.js.map +1 -0
- package/dist/edge/DdnsManager.d.ts +53 -0
- package/dist/edge/DdnsManager.js +153 -0
- package/dist/edge/DdnsManager.js.map +1 -0
- package/dist/edge/Dns01CertificateProvisioner.d.ts +27 -0
- package/dist/edge/Dns01CertificateProvisioner.js +160 -0
- package/dist/edge/Dns01CertificateProvisioner.js.map +1 -0
- package/dist/edge/Dns01CertificateProvisioner.jsonld +148 -0
- package/dist/edge/EdgeNodeAgent.d.ts +56 -0
- package/dist/edge/EdgeNodeAgent.js +230 -0
- package/dist/edge/EdgeNodeAgent.js.map +1 -0
- package/dist/edge/EdgeNodeAgent.jsonld +89 -0
- package/dist/edge/EdgeNodeAgentInitializer.d.ts +25 -0
- package/dist/edge/EdgeNodeAgentInitializer.js +64 -0
- package/dist/edge/EdgeNodeAgentInitializer.js.map +1 -0
- package/dist/edge/EdgeNodeCapabilityDetector.d.ts +98 -0
- package/dist/edge/EdgeNodeCapabilityDetector.js +425 -0
- package/dist/edge/EdgeNodeCapabilityDetector.js.map +1 -0
- package/dist/edge/EdgeNodeCertificateProvisioner.d.ts +3 -0
- package/dist/edge/EdgeNodeCertificateProvisioner.js +3 -0
- package/dist/edge/EdgeNodeCertificateProvisioner.js.map +1 -0
- package/dist/edge/EdgeNodeCertificateProvisioner.jsonld +21 -0
- package/dist/edge/EdgeNodeDnsCoordinator.d.ts +38 -0
- package/dist/edge/EdgeNodeDnsCoordinator.js +201 -0
- package/dist/edge/EdgeNodeDnsCoordinator.js.map +1 -0
- package/dist/edge/EdgeNodeDnsCoordinator.jsonld +212 -0
- package/dist/edge/EdgeNodeHealthProbeService.d.ts +25 -0
- package/dist/edge/EdgeNodeHealthProbeService.js +208 -0
- package/dist/edge/EdgeNodeHealthProbeService.js.map +1 -0
- package/dist/edge/EdgeNodeHealthProbeService.jsonld +176 -0
- package/dist/edge/EdgeNodeModeDetector.d.ts +50 -0
- package/dist/edge/EdgeNodeModeDetector.js +194 -0
- package/dist/edge/EdgeNodeModeDetector.js.map +1 -0
- package/dist/edge/EdgeNodeModeDetector.jsonld +114 -0
- package/dist/edge/EdgeNodeTunnelManager.d.ts +23 -0
- package/dist/edge/EdgeNodeTunnelManager.js +99 -0
- package/dist/edge/EdgeNodeTunnelManager.js.map +1 -0
- package/dist/edge/EdgeNodeTunnelManager.jsonld +128 -0
- package/dist/edge/FrpTunnelManager.d.ts +30 -0
- package/dist/edge/FrpTunnelManager.js +151 -0
- package/dist/edge/FrpTunnelManager.js.map +1 -0
- package/dist/edge/FrpTunnelManager.jsonld +192 -0
- package/dist/edge/LocalNetworkManager.d.ts +41 -0
- package/dist/edge/LocalNetworkManager.js +115 -0
- package/dist/edge/LocalNetworkManager.js.map +1 -0
- package/dist/edge/acme/AcmeCertificateManager.d.ts +65 -0
- package/dist/edge/acme/AcmeCertificateManager.js +233 -0
- package/dist/edge/acme/AcmeCertificateManager.js.map +1 -0
- package/dist/edge/acme/AcmeCertificateManager.jsonld +373 -0
- package/dist/edge/acme/ClusterCertificateManager.d.ts +40 -0
- package/dist/edge/acme/ClusterCertificateManager.js +184 -0
- package/dist/edge/acme/ClusterCertificateManager.js.map +1 -0
- package/dist/edge/acme/DnsChallengeClient.d.ts +15 -0
- package/dist/edge/acme/DnsChallengeClient.js +40 -0
- package/dist/edge/acme/DnsChallengeClient.js.map +1 -0
- package/dist/edge/acme/utils.d.ts +4 -0
- package/dist/edge/acme/utils.js +17 -0
- package/dist/edge/acme/utils.js.map +1 -0
- package/dist/edge/frp/FrpRelay.d.ts +11 -0
- package/dist/edge/frp/FrpRelay.js +29 -0
- package/dist/edge/frp/FrpRelay.js.map +1 -0
- package/dist/edge/frp/FrpcProcessManager.d.ts +51 -0
- package/dist/edge/frp/FrpcProcessManager.js +174 -0
- package/dist/edge/frp/FrpcProcessManager.js.map +1 -0
- package/dist/edge/interfaces/EdgeNodeTunnelManager.d.ts +6 -0
- package/dist/edge/interfaces/EdgeNodeTunnelManager.js +3 -0
- package/dist/edge/interfaces/EdgeNodeTunnelManager.js.map +1 -0
- package/dist/edge/interfaces/EdgeNodeTunnelManager.jsonld +21 -0
- package/dist/embedding/CredentialReader.d.ts +7 -0
- package/dist/embedding/CredentialReader.js +10 -0
- package/dist/embedding/CredentialReader.js.map +1 -0
- package/dist/embedding/CredentialReader.jsonld +22 -0
- package/dist/embedding/CredentialReaderImpl.d.ts +6 -0
- package/dist/embedding/CredentialReaderImpl.js +55 -0
- package/dist/embedding/CredentialReaderImpl.js.map +1 -0
- package/dist/embedding/CredentialReaderImpl.jsonld +31 -0
- package/dist/embedding/EmbeddingService.d.ts +8 -0
- package/dist/embedding/EmbeddingService.js +10 -0
- package/dist/embedding/EmbeddingService.js.map +1 -0
- package/dist/embedding/EmbeddingService.jsonld +26 -0
- package/dist/embedding/EmbeddingServiceImpl.d.ts +11 -0
- package/dist/embedding/EmbeddingServiceImpl.js +73 -0
- package/dist/embedding/EmbeddingServiceImpl.js.map +1 -0
- package/dist/embedding/EmbeddingServiceImpl.jsonld +53 -0
- package/dist/embedding/ProviderRegistry.d.ts +26 -0
- package/dist/embedding/ProviderRegistry.js +10 -0
- package/dist/embedding/ProviderRegistry.js.map +1 -0
- package/dist/embedding/ProviderRegistry.jsonld +30 -0
- package/dist/embedding/ProviderRegistryImpl.d.ts +14 -0
- package/dist/embedding/ProviderRegistryImpl.js +112 -0
- package/dist/embedding/ProviderRegistryImpl.js.map +1 -0
- package/dist/embedding/ProviderRegistryImpl.jsonld +40 -0
- package/dist/embedding/index.d.ts +5 -0
- package/dist/embedding/index.js +22 -0
- package/dist/embedding/index.js.map +1 -0
- package/dist/embedding/schema/index.d.ts +1 -0
- package/dist/embedding/schema/index.js +18 -0
- package/dist/embedding/schema/index.js.map +1 -0
- package/dist/embedding/schema/tables.d.ts +70 -0
- package/dist/embedding/schema/tables.js +102 -0
- package/dist/embedding/schema/tables.js.map +1 -0
- package/dist/embedding/types.d.ts +12 -0
- package/dist/embedding/types.js +6 -0
- package/dist/embedding/types.js.map +1 -0
- package/dist/gateway/port-finder.d.ts +4 -0
- package/dist/gateway/port-finder.js +15 -0
- package/dist/gateway/port-finder.js.map +1 -0
- package/dist/gateway/proxy.d.ts +22 -0
- package/dist/gateway/proxy.js +149 -0
- package/dist/gateway/proxy.js.map +1 -0
- package/dist/gateway/supervisor.d.ts +2 -0
- package/dist/gateway/supervisor.js +7 -0
- package/dist/gateway/supervisor.js.map +1 -0
- package/dist/gateway/types.d.ts +1 -0
- package/dist/gateway/types.js +3 -0
- package/dist/gateway/types.js.map +1 -0
- package/dist/http/AppStaticAssetHandler.d.ts +8 -0
- package/dist/http/AppStaticAssetHandler.js +27 -0
- package/dist/http/AppStaticAssetHandler.js.map +1 -0
- package/dist/http/AppStaticAssetHandler.jsonld +26 -0
- package/dist/http/ClusterIngressRouter.d.ts +93 -0
- package/dist/http/ClusterIngressRouter.js +355 -0
- package/dist/http/ClusterIngressRouter.js.map +1 -0
- package/dist/http/ClusterIngressRouter.jsonld +227 -0
- package/dist/http/ClusterWebSocketConfigurator.d.ts +59 -0
- package/dist/http/ClusterWebSocketConfigurator.js +226 -0
- package/dist/http/ClusterWebSocketConfigurator.js.map +1 -0
- package/dist/http/ClusterWebSocketConfigurator.jsonld +145 -0
- package/dist/http/EdgeNodeDirectDebugHttpHandler.d.ts +25 -0
- package/dist/http/EdgeNodeDirectDebugHttpHandler.js +126 -0
- package/dist/http/EdgeNodeDirectDebugHttpHandler.js.map +1 -0
- package/dist/http/EdgeNodeDirectDebugHttpHandler.jsonld +151 -0
- package/dist/http/EdgeNodeProxyHttpHandler.d.ts +28 -0
- package/dist/http/EdgeNodeProxyHttpHandler.js +190 -0
- package/dist/http/EdgeNodeProxyHttpHandler.js.map +1 -0
- package/dist/http/EdgeNodeProxyHttpHandler.jsonld +162 -0
- package/dist/http/PodRoutingHttpHandler.d.ts +64 -0
- package/dist/http/PodRoutingHttpHandler.js +233 -0
- package/dist/http/PodRoutingHttpHandler.js.map +1 -0
- package/dist/http/PodRoutingHttpHandler.jsonld +171 -0
- package/dist/http/RequestIdHttpHandler.d.ts +15 -0
- package/dist/http/RequestIdHttpHandler.js +59 -0
- package/dist/http/RequestIdHttpHandler.js.map +1 -0
- package/dist/http/RouterHttpHandler.d.ts +21 -0
- package/dist/http/RouterHttpHandler.js +49 -0
- package/dist/http/RouterHttpHandler.js.map +1 -0
- package/dist/http/RouterHttpHandler.jsonld +80 -0
- package/dist/http/RouterHttpRoute.d.ts +6 -0
- package/dist/http/RouterHttpRoute.js +11 -0
- package/dist/http/RouterHttpRoute.js.map +1 -0
- package/dist/http/RouterHttpRoute.jsonld +48 -0
- package/dist/http/SignalInterceptHttpHandler.d.ts +24 -0
- package/dist/http/SignalInterceptHttpHandler.js +47 -0
- package/dist/http/SignalInterceptHttpHandler.js.map +1 -0
- package/dist/http/SignalInterceptHttpHandler.jsonld +103 -0
- package/dist/http/SubgraphSparqlHttpHandler.d.ts +70 -0
- package/dist/http/SubgraphSparqlHttpHandler.js +640 -0
- package/dist/http/SubgraphSparqlHttpHandler.js.map +1 -0
- package/dist/http/SubgraphSparqlHttpHandler.jsonld +363 -0
- package/dist/http/TracingHandler.d.ts +19 -0
- package/dist/http/TracingHandler.js +60 -0
- package/dist/http/TracingHandler.js.map +1 -0
- package/dist/http/TracingHandler.jsonld +37 -0
- package/dist/http/admin/EdgeNodeAdminHttpHandler.d.ts +45 -0
- package/dist/http/admin/EdgeNodeAdminHttpHandler.js +292 -0
- package/dist/http/admin/EdgeNodeAdminHttpHandler.js.map +1 -0
- package/dist/http/admin/EdgeNodeCertificateHttpHandler.d.ts +33 -0
- package/dist/http/admin/EdgeNodeCertificateHttpHandler.js +172 -0
- package/dist/http/admin/EdgeNodeCertificateHttpHandler.js.map +1 -0
- package/dist/http/admin/EdgeNodeCertificateHttpHandler.jsonld +182 -0
- package/dist/http/admin/EdgeNodeSignalHttpHandler.d.ts +71 -0
- package/dist/http/admin/EdgeNodeSignalHttpHandler.js +674 -0
- package/dist/http/admin/EdgeNodeSignalHttpHandler.js.map +1 -0
- package/dist/http/admin/EdgeNodeSignalHttpHandler.jsonld +406 -0
- package/dist/http/cluster/PodMigrationHttpHandler.d.ts +52 -0
- package/dist/http/cluster/PodMigrationHttpHandler.js +208 -0
- package/dist/http/cluster/PodMigrationHttpHandler.js.map +1 -0
- package/dist/http/cluster/PodMigrationHttpHandler.jsonld +169 -0
- package/dist/http/quota/QuotaAdminHttpHandler.d.ts +34 -0
- package/dist/http/quota/QuotaAdminHttpHandler.js +241 -0
- package/dist/http/quota/QuotaAdminHttpHandler.js.map +1 -0
- package/dist/http/quota/QuotaAdminHttpHandler.jsonld +171 -0
- package/dist/http/search/SearchHttpHandler.d.ts +59 -0
- package/dist/http/search/SearchHttpHandler.js +312 -0
- package/dist/http/search/SearchHttpHandler.js.map +1 -0
- package/dist/http/search/index.d.ts +1 -0
- package/dist/http/search/index.js +18 -0
- package/dist/http/search/index.js.map +1 -0
- package/dist/http/terminal/TerminalHttpHandler.d.ts +45 -0
- package/dist/http/terminal/TerminalHttpHandler.js +306 -0
- package/dist/http/terminal/TerminalHttpHandler.js.map +1 -0
- package/dist/http/terminal/TerminalHttpHandler.jsonld +232 -0
- package/dist/http/terminal/index.d.ts +1 -0
- package/dist/http/terminal/index.js +18 -0
- package/dist/http/terminal/index.js.map +1 -0
- package/dist/http/vector/VectorHttpHandler.d.ts +42 -0
- package/dist/http/vector/VectorHttpHandler.js +301 -0
- package/dist/http/vector/VectorHttpHandler.js.map +1 -0
- package/dist/http/vector/VectorHttpHandler.jsonld +157 -0
- package/dist/http/vector/index.d.ts +1 -0
- package/dist/http/vector/index.js +18 -0
- package/dist/http/vector/index.js.map +1 -0
- package/dist/ice/IceServerProvider.d.ts +85 -0
- package/dist/ice/IceServerProvider.js +122 -0
- package/dist/ice/IceServerProvider.js.map +1 -0
- package/dist/ice/index.d.ts +8 -0
- package/dist/ice/index.js +25 -0
- package/dist/ice/index.js.map +1 -0
- package/dist/identity/CenterNodeRegistrationService.d.ts +102 -0
- package/dist/identity/CenterNodeRegistrationService.js +266 -0
- package/dist/identity/CenterNodeRegistrationService.js.map +1 -0
- package/dist/identity/CenterNodeRegistrationService.jsonld +251 -0
- package/dist/identity/ReactAppViewHandler.d.ts +31 -0
- package/dist/identity/ReactAppViewHandler.js +79 -0
- package/dist/identity/ReactAppViewHandler.js.map +1 -0
- package/dist/identity/ReactAppViewHandler.jsonld +99 -0
- package/dist/identity/drizzle/AccountRepository.d.ts +31 -0
- package/dist/identity/drizzle/AccountRepository.js +130 -0
- package/dist/identity/drizzle/AccountRepository.js.map +1 -0
- package/dist/identity/drizzle/AccountRoleRepository.d.ts +23 -0
- package/dist/identity/drizzle/AccountRoleRepository.js +233 -0
- package/dist/identity/drizzle/AccountRoleRepository.js.map +1 -0
- package/dist/identity/drizzle/DdnsRepository.d.ts +87 -0
- package/dist/identity/drizzle/DdnsRepository.js +284 -0
- package/dist/identity/drizzle/DdnsRepository.js.map +1 -0
- package/dist/identity/drizzle/DrizzleIndexedStorage.d.ts +26 -0
- package/dist/identity/drizzle/DrizzleIndexedStorage.js +159 -0
- package/dist/identity/drizzle/DrizzleIndexedStorage.js.map +1 -0
- package/dist/identity/drizzle/DrizzleIndexedStorage.jsonld +130 -0
- package/dist/identity/drizzle/EdgeNodeRepository.d.ts +155 -0
- package/dist/identity/drizzle/EdgeNodeRepository.js +555 -0
- package/dist/identity/drizzle/EdgeNodeRepository.js.map +1 -0
- package/dist/identity/drizzle/PodLookupRepository.d.ts +59 -0
- package/dist/identity/drizzle/PodLookupRepository.js +153 -0
- package/dist/identity/drizzle/PodLookupRepository.js.map +1 -0
- package/dist/identity/drizzle/WebIdProfileRepository.d.ts +58 -0
- package/dist/identity/drizzle/WebIdProfileRepository.js +157 -0
- package/dist/identity/drizzle/WebIdProfileRepository.js.map +1 -0
- package/dist/identity/drizzle/db.d.ts +60 -0
- package/dist/identity/drizzle/db.js +269 -0
- package/dist/identity/drizzle/db.js.map +1 -0
- package/dist/identity/drizzle/schema.d.ts +1 -0
- package/dist/identity/drizzle/schema.js +20 -0
- package/dist/identity/drizzle/schema.js.map +1 -0
- package/dist/identity/drizzle/schema.pg.d.ts +20 -0
- package/dist/identity/drizzle/schema.pg.js +103 -0
- package/dist/identity/drizzle/schema.pg.js.map +1 -0
- package/dist/identity/drizzle/schema.sqlite.d.ts +872 -0
- package/dist/identity/drizzle/schema.sqlite.js +100 -0
- package/dist/identity/drizzle/schema.sqlite.js.map +1 -0
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.d.ts +43 -0
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js +92 -0
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js.map +1 -0
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld +122 -0
- package/dist/identity/oidc/AutoDetectOidcHandler.d.ts +55 -0
- package/dist/identity/oidc/AutoDetectOidcHandler.js +137 -0
- package/dist/identity/oidc/AutoDetectOidcHandler.js.map +1 -0
- package/dist/identity/oidc/AutoDetectOidcHandler.jsonld +138 -0
- package/dist/identity/oidc/DisabledIdentityProviderHandler.d.ts +51 -0
- package/dist/identity/oidc/DisabledIdentityProviderHandler.js +104 -0
- package/dist/identity/oidc/DisabledIdentityProviderHandler.js.map +1 -0
- package/dist/identity/oidc/DisabledIdentityProviderHandler.jsonld +111 -0
- package/dist/identity/oidc/DisabledOidcHandler.d.ts +55 -0
- package/dist/identity/oidc/DisabledOidcHandler.js +132 -0
- package/dist/identity/oidc/DisabledOidcHandler.js.map +1 -0
- package/dist/identity/oidc/DisabledOidcHandler.jsonld +157 -0
- package/dist/index.d.ts +80 -0
- package/dist/index.js +155 -0
- package/dist/index.js.map +1 -0
- package/dist/legacy/DrizzleClientCredentialsStore.d.ts +51 -0
- package/dist/legacy/DrizzleClientCredentialsStore.js +142 -0
- package/dist/legacy/DrizzleClientCredentialsStore.js.map +1 -0
- package/dist/legacy/DrizzleIndexedStorage.d.ts +26 -0
- package/dist/legacy/DrizzleIndexedStorage.js +159 -0
- package/dist/legacy/DrizzleIndexedStorage.js.map +1 -0
- package/dist/legacy/DrizzleQuotaService.d.ts +16 -0
- package/dist/legacy/DrizzleQuotaService.js +37 -0
- package/dist/legacy/DrizzleQuotaService.js.map +1 -0
- package/dist/libs/backends/index.d.ts +6 -0
- package/dist/libs/backends/index.js +31 -0
- package/dist/libs/backends/index.js.map +1 -0
- package/dist/libs/backends/sqlup.d.ts +44 -0
- package/dist/libs/backends/sqlup.js +437 -0
- package/dist/libs/backends/sqlup.js.map +1 -0
- package/dist/logging/ConfigurableLoggerFactory.d.ts +24 -0
- package/dist/logging/ConfigurableLoggerFactory.js +77 -0
- package/dist/logging/ConfigurableLoggerFactory.js.map +1 -0
- package/dist/logging/ConfigurableLoggerFactory.jsonld +169 -0
- package/dist/logging/LogContext.d.ts +5 -0
- package/dist/logging/LogContext.js +6 -0
- package/dist/logging/LogContext.js.map +1 -0
- package/dist/main.d.ts +2 -0
- package/dist/main.js +148 -0
- package/dist/main.js.map +1 -0
- package/dist/network/LocalNetworkDetector.d.ts +65 -0
- package/dist/network/LocalNetworkDetector.js +185 -0
- package/dist/network/LocalNetworkDetector.js.map +1 -0
- package/dist/network/index.d.ts +4 -0
- package/dist/network/index.js +21 -0
- package/dist/network/index.js.map +1 -0
- package/dist/pods/ReservedSuffixIdentifierGenerator.d.ts +13 -0
- package/dist/pods/ReservedSuffixIdentifierGenerator.js +26 -0
- package/dist/pods/ReservedSuffixIdentifierGenerator.js.map +1 -0
- package/dist/pods/ReservedSuffixIdentifierGenerator.jsonld +75 -0
- package/dist/quota/DefaultQuotaService.d.ts +16 -0
- package/dist/quota/DefaultQuotaService.js +37 -0
- package/dist/quota/DefaultQuotaService.js.map +1 -0
- package/dist/quota/DefaultQuotaService.jsonld +85 -0
- package/dist/quota/DrizzleQuotaService.d.ts +16 -0
- package/dist/quota/DrizzleQuotaService.js +37 -0
- package/dist/quota/DrizzleQuotaService.js.map +1 -0
- package/dist/quota/DrizzleQuotaService.jsonld +87 -0
- package/dist/quota/NoopQuotaService.d.ts +7 -0
- package/dist/quota/NoopQuotaService.js +15 -0
- package/dist/quota/NoopQuotaService.js.map +1 -0
- package/dist/quota/NoopQuotaService.jsonld +36 -0
- package/dist/quota/QuotaService.d.ts +6 -0
- package/dist/quota/QuotaService.js +3 -0
- package/dist/quota/QuotaService.js.map +1 -0
- package/dist/quota/QuotaService.jsonld +33 -0
- package/dist/sdk/SignalingClientAdapter.d.ts +38 -0
- package/dist/sdk/SignalingClientAdapter.js +99 -0
- package/dist/sdk/SignalingClientAdapter.js.map +1 -0
- package/dist/sdk/createFetch.d.ts +23 -0
- package/dist/sdk/createFetch.js +258 -0
- package/dist/sdk/createFetch.js.map +1 -0
- package/dist/sdk/index.d.ts +29 -0
- package/dist/sdk/index.js +34 -0
- package/dist/sdk/index.js.map +1 -0
- package/dist/sdk/xpodFetch.d.ts +112 -0
- package/dist/sdk/xpodFetch.js +251 -0
- package/dist/sdk/xpodFetch.js.map +1 -0
- package/dist/service/EdgeNodeCertificateService.d.ts +45 -0
- package/dist/service/EdgeNodeCertificateService.js +164 -0
- package/dist/service/EdgeNodeCertificateService.js.map +1 -0
- package/dist/service/EdgeNodeCertificateService.jsonld +216 -0
- package/dist/service/EdgeNodeHeartbeatService.d.ts +68 -0
- package/dist/service/EdgeNodeHeartbeatService.js +262 -0
- package/dist/service/EdgeNodeHeartbeatService.js.map +1 -0
- package/dist/service/PodMigrationService.d.ts +43 -0
- package/dist/service/PodMigrationService.js +72 -0
- package/dist/service/PodMigrationService.js.map +1 -0
- package/dist/service/PodMigrationService.jsonld +76 -0
- package/dist/signaling/SignalingClient.d.ts +142 -0
- package/dist/signaling/SignalingClient.js +305 -0
- package/dist/signaling/SignalingClient.js.map +1 -0
- package/dist/signaling/SignalingService.d.ts +104 -0
- package/dist/signaling/SignalingService.js +440 -0
- package/dist/signaling/SignalingService.js.map +1 -0
- package/dist/signaling/index.d.ts +11 -0
- package/dist/signaling/index.js +28 -0
- package/dist/signaling/index.js.map +1 -0
- package/dist/signaling/types.d.ts +237 -0
- package/dist/signaling/types.js +18 -0
- package/dist/signaling/types.js.map +1 -0
- package/dist/storage/DrizzleCompat.d.ts +15 -0
- package/dist/storage/DrizzleCompat.js +60 -0
- package/dist/storage/DrizzleCompat.js.map +1 -0
- package/dist/storage/LockingResourceStore.d.ts +8 -0
- package/dist/storage/LockingResourceStore.js +68 -0
- package/dist/storage/LockingResourceStore.js.map +1 -0
- package/dist/storage/MigratableDataAccessor.d.ts +63 -0
- package/dist/storage/MigratableDataAccessor.js +11 -0
- package/dist/storage/MigratableDataAccessor.js.map +1 -0
- package/dist/storage/MigratableDataAccessor.jsonld +60 -0
- package/dist/storage/ObservableResourceStore.d.ts +89 -0
- package/dist/storage/ObservableResourceStore.js +125 -0
- package/dist/storage/ObservableResourceStore.js.map +1 -0
- package/dist/storage/RepresentationPartialConvertingStore.d.ts +22 -0
- package/dist/storage/RepresentationPartialConvertingStore.js +94 -0
- package/dist/storage/RepresentationPartialConvertingStore.js.map +1 -0
- package/dist/storage/RepresentationPartialConvertingStore.jsonld +332 -0
- package/dist/storage/SparqlUpdateResourceStore.d.ts +30 -0
- package/dist/storage/SparqlUpdateResourceStore.js +292 -0
- package/dist/storage/SparqlUpdateResourceStore.js.map +1 -0
- package/dist/storage/SparqlUpdateResourceStore.jsonld +112 -0
- package/dist/storage/SqliteCompat.d.ts +60 -0
- package/dist/storage/SqliteCompat.js +158 -0
- package/dist/storage/SqliteCompat.js.map +1 -0
- package/dist/storage/accessors/MinioDataAccessor.d.ts +127 -0
- package/dist/storage/accessors/MinioDataAccessor.js +249 -0
- package/dist/storage/accessors/MinioDataAccessor.js.map +1 -0
- package/dist/storage/accessors/MinioDataAccessor.jsonld +138 -0
- package/dist/storage/accessors/MixDataAccessor.d.ts +43 -0
- package/dist/storage/accessors/MixDataAccessor.js +130 -0
- package/dist/storage/accessors/MixDataAccessor.js.map +1 -0
- package/dist/storage/accessors/MixDataAccessor.jsonld +101 -0
- package/dist/storage/accessors/QuadstoreSparqlDataAccessor.d.ts +146 -0
- package/dist/storage/accessors/QuadstoreSparqlDataAccessor.js +415 -0
- package/dist/storage/accessors/QuadstoreSparqlDataAccessor.js.map +1 -0
- package/dist/storage/accessors/QuadstoreSparqlDataAccessor.jsonld +180 -0
- package/dist/storage/accessors/QuintStoreSparqlDataAccessor.d.ts +95 -0
- package/dist/storage/accessors/QuintStoreSparqlDataAccessor.js +376 -0
- package/dist/storage/accessors/QuintStoreSparqlDataAccessor.js.map +1 -0
- package/dist/storage/accessors/QuintStoreSparqlDataAccessor.jsonld +168 -0
- package/dist/storage/accessors/TieredMinioDataAccessor.d.ts +150 -0
- package/dist/storage/accessors/TieredMinioDataAccessor.js +582 -0
- package/dist/storage/accessors/TieredMinioDataAccessor.js.map +1 -0
- package/dist/storage/accessors/TieredMinioDataAccessor.jsonld +333 -0
- package/dist/storage/database/PostgresPoolManager.d.ts +56 -0
- package/dist/storage/database/PostgresPoolManager.js +117 -0
- package/dist/storage/database/PostgresPoolManager.js.map +1 -0
- package/dist/storage/keyvalue/PostgresKeyValueStorage.d.ts +34 -0
- package/dist/storage/keyvalue/PostgresKeyValueStorage.js +146 -0
- package/dist/storage/keyvalue/PostgresKeyValueStorage.js.map +1 -0
- package/dist/storage/keyvalue/PostgresKeyValueStorage.jsonld +192 -0
- package/dist/storage/keyvalue/RedisKeyValueStorage.d.ts +30 -0
- package/dist/storage/keyvalue/RedisKeyValueStorage.js +133 -0
- package/dist/storage/keyvalue/RedisKeyValueStorage.js.map +1 -0
- package/dist/storage/keyvalue/RedisKeyValueStorage.jsonld +237 -0
- package/dist/storage/keyvalue/SqliteKeyValueStorage.d.ts +30 -0
- package/dist/storage/keyvalue/SqliteKeyValueStorage.js +164 -0
- package/dist/storage/keyvalue/SqliteKeyValueStorage.js.map +1 -0
- package/dist/storage/keyvalue/SqliteKeyValueStorage.jsonld +167 -0
- package/dist/storage/quint/BaseQuintStore.d.ts +80 -0
- package/dist/storage/quint/BaseQuintStore.js +535 -0
- package/dist/storage/quint/BaseQuintStore.js.map +1 -0
- package/dist/storage/quint/BaseQuintStore.jsonld +175 -0
- package/dist/storage/quint/PgQuintStore.d.ts +61 -0
- package/dist/storage/quint/PgQuintStore.drizzle.d.ts +45 -0
- package/dist/storage/quint/PgQuintStore.drizzle.js +327 -0
- package/dist/storage/quint/PgQuintStore.drizzle.js.map +1 -0
- package/dist/storage/quint/PgQuintStore.js +275 -0
- package/dist/storage/quint/PgQuintStore.js.map +1 -0
- package/dist/storage/quint/PgQuintStore.jsonld +258 -0
- package/dist/storage/quint/SqliteQuintStore.d.ts +55 -0
- package/dist/storage/quint/SqliteQuintStore.js +630 -0
- package/dist/storage/quint/SqliteQuintStore.js.map +1 -0
- package/dist/storage/quint/SqliteQuintStore.jsonld +157 -0
- package/dist/storage/quint/index.d.ts +11 -0
- package/dist/storage/quint/index.js +30 -0
- package/dist/storage/quint/index.js.map +1 -0
- package/dist/storage/quint/schema.d.ts +82 -0
- package/dist/storage/quint/schema.js +33 -0
- package/dist/storage/quint/schema.js.map +1 -0
- package/dist/storage/quint/serialization.d.ts +56 -0
- package/dist/storage/quint/serialization.js +198 -0
- package/dist/storage/quint/serialization.js.map +1 -0
- package/dist/storage/quint/types.d.ts +152 -0
- package/dist/storage/quint/types.js +27 -0
- package/dist/storage/quint/types.js.map +1 -0
- package/dist/storage/quint/types.jsonld +78 -0
- package/dist/storage/quota/PerAccountQuotaStrategy.d.ts +19 -0
- package/dist/storage/quota/PerAccountQuotaStrategy.js +63 -0
- package/dist/storage/quota/PerAccountQuotaStrategy.js.map +1 -0
- package/dist/storage/quota/PerAccountQuotaStrategy.jsonld +113 -0
- package/dist/storage/quota/UsageRepository.d.ts +46 -0
- package/dist/storage/quota/UsageRepository.js +278 -0
- package/dist/storage/quota/UsageRepository.js.map +1 -0
- package/dist/storage/quota/UsageTrackingStore.d.ts +37 -0
- package/dist/storage/quota/UsageTrackingStore.js +355 -0
- package/dist/storage/quota/UsageTrackingStore.js.map +1 -0
- package/dist/storage/quota/UsageTrackingStore.jsonld +193 -0
- package/dist/storage/sparql/AlgebraUtils.d.ts +48 -0
- package/dist/storage/sparql/AlgebraUtils.js +118 -0
- package/dist/storage/sparql/AlgebraUtils.js.map +1 -0
- package/dist/storage/sparql/ComunicaOptimizedEngine.d.ts +59 -0
- package/dist/storage/sparql/ComunicaOptimizedEngine.js +254 -0
- package/dist/storage/sparql/ComunicaOptimizedEngine.js.map +1 -0
- package/dist/storage/sparql/ComunicaQuintEngine.d.ts +134 -0
- package/dist/storage/sparql/ComunicaQuintEngine.js +727 -0
- package/dist/storage/sparql/ComunicaQuintEngine.js.map +1 -0
- package/dist/storage/sparql/ExpressionEvaluator.d.ts +54 -0
- package/dist/storage/sparql/ExpressionEvaluator.js +340 -0
- package/dist/storage/sparql/ExpressionEvaluator.js.map +1 -0
- package/dist/storage/sparql/FilterPushdownExtractor.d.ts +74 -0
- package/dist/storage/sparql/FilterPushdownExtractor.js +409 -0
- package/dist/storage/sparql/FilterPushdownExtractor.js.map +1 -0
- package/dist/storage/sparql/OptimizedQuadstoreEngine.d.ts +65 -0
- package/dist/storage/sparql/OptimizedQuadstoreEngine.js +327 -0
- package/dist/storage/sparql/OptimizedQuadstoreEngine.js.map +1 -0
- package/dist/storage/sparql/OptimizedQuadstoreSource.d.ts +46 -0
- package/dist/storage/sparql/OptimizedQuadstoreSource.js +118 -0
- package/dist/storage/sparql/OptimizedQuadstoreSource.js.map +1 -0
- package/dist/storage/sparql/PatternBuilder.d.ts +41 -0
- package/dist/storage/sparql/PatternBuilder.js +118 -0
- package/dist/storage/sparql/PatternBuilder.js.map +1 -0
- package/dist/storage/sparql/QueryOptimizer.d.ts +125 -0
- package/dist/storage/sparql/QueryOptimizer.js +363 -0
- package/dist/storage/sparql/QueryOptimizer.js.map +1 -0
- package/dist/storage/sparql/QuintEngine.d.ts +92 -0
- package/dist/storage/sparql/QuintEngine.js +150 -0
- package/dist/storage/sparql/QuintEngine.js.map +1 -0
- package/dist/storage/sparql/QuintQuerySource.d.ts +227 -0
- package/dist/storage/sparql/QuintQuerySource.js +918 -0
- package/dist/storage/sparql/QuintQuerySource.js.map +1 -0
- package/dist/storage/sparql/SimpleSparqlExecutor.d.ts +40 -0
- package/dist/storage/sparql/SimpleSparqlExecutor.js +131 -0
- package/dist/storage/sparql/SimpleSparqlExecutor.js.map +1 -0
- package/dist/storage/sparql/SubgraphQueryEngine.d.ts +74 -0
- package/dist/storage/sparql/SubgraphQueryEngine.js +248 -0
- package/dist/storage/sparql/SubgraphQueryEngine.js.map +1 -0
- package/dist/storage/sparql/SubgraphQueryEngine.jsonld +250 -0
- package/dist/storage/vector/PostgresVectorStore.d.ts +46 -0
- package/dist/storage/vector/PostgresVectorStore.js +291 -0
- package/dist/storage/vector/PostgresVectorStore.js.map +1 -0
- package/dist/storage/vector/PostgresVectorStore.jsonld +142 -0
- package/dist/storage/vector/SqliteVectorStore.d.ts +44 -0
- package/dist/storage/vector/SqliteVectorStore.js +282 -0
- package/dist/storage/vector/SqliteVectorStore.js.map +1 -0
- package/dist/storage/vector/SqliteVectorStore.jsonld +137 -0
- package/dist/storage/vector/VectorIndexingListener.d.ts +114 -0
- package/dist/storage/vector/VectorIndexingListener.js +351 -0
- package/dist/storage/vector/VectorIndexingListener.js.map +1 -0
- package/dist/storage/vector/VectorStore.d.ts +42 -0
- package/dist/storage/vector/VectorStore.js +50 -0
- package/dist/storage/vector/VectorStore.js.map +1 -0
- package/dist/storage/vector/VectorStore.jsonld +87 -0
- package/dist/storage/vector/VectorStoreInit.d.ts +28 -0
- package/dist/storage/vector/VectorStoreInit.js +104 -0
- package/dist/storage/vector/VectorStoreInit.js.map +1 -0
- package/dist/storage/vector/index.d.ts +5 -0
- package/dist/storage/vector/index.js +22 -0
- package/dist/storage/vector/index.js.map +1 -0
- package/dist/storage/vector/types.d.ts +39 -0
- package/dist/storage/vector/types.js +8 -0
- package/dist/storage/vector/types.js.map +1 -0
- package/dist/subdomain/SubdomainClient.d.ts +156 -0
- package/dist/subdomain/SubdomainClient.js +220 -0
- package/dist/subdomain/SubdomainClient.js.map +1 -0
- package/dist/subdomain/SubdomainService.d.ts +114 -0
- package/dist/subdomain/SubdomainService.js +212 -0
- package/dist/subdomain/SubdomainService.js.map +1 -0
- package/dist/subdomain/SubdomainService.jsonld +261 -0
- package/dist/subdomain/index.d.ts +2 -0
- package/dist/subdomain/index.js +9 -0
- package/dist/subdomain/index.js.map +1 -0
- package/dist/supervisor/Supervisor.d.ts +20 -0
- package/dist/supervisor/Supervisor.js +174 -0
- package/dist/supervisor/Supervisor.js.map +1 -0
- package/dist/supervisor/index.d.ts +2 -0
- package/dist/supervisor/index.js +6 -0
- package/dist/supervisor/index.js.map +1 -0
- package/dist/supervisor/types.d.ts +19 -0
- package/dist/supervisor/types.js +3 -0
- package/dist/supervisor/types.js.map +1 -0
- package/dist/task/DrizzleTaskQueue.d.ts +60 -0
- package/dist/task/DrizzleTaskQueue.js +171 -0
- package/dist/task/DrizzleTaskQueue.js.map +1 -0
- package/dist/task/TaskExecutor.d.ts +82 -0
- package/dist/task/TaskExecutor.js +198 -0
- package/dist/task/TaskExecutor.js.map +1 -0
- package/dist/task/index.d.ts +10 -0
- package/dist/task/index.js +20 -0
- package/dist/task/index.js.map +1 -0
- package/dist/task/schema.d.ts +53 -0
- package/dist/task/schema.js +71 -0
- package/dist/task/schema.js.map +1 -0
- package/dist/task/types.d.ts +186 -0
- package/dist/task/types.js +12 -0
- package/dist/task/types.js.map +1 -0
- package/dist/terminal/AclPermissionService.d.ts +28 -0
- package/dist/terminal/AclPermissionService.js +141 -0
- package/dist/terminal/AclPermissionService.js.map +1 -0
- package/dist/terminal/BubblewrapSandbox.d.ts +51 -0
- package/dist/terminal/BubblewrapSandbox.js +147 -0
- package/dist/terminal/BubblewrapSandbox.js.map +1 -0
- package/dist/terminal/TerminalSession.d.ts +33 -0
- package/dist/terminal/TerminalSession.js +164 -0
- package/dist/terminal/TerminalSession.js.map +1 -0
- package/dist/terminal/TerminalSessionManager.d.ts +69 -0
- package/dist/terminal/TerminalSessionManager.js +196 -0
- package/dist/terminal/TerminalSessionManager.js.map +1 -0
- package/dist/terminal/index.d.ts +5 -0
- package/dist/terminal/index.js +22 -0
- package/dist/terminal/index.js.map +1 -0
- package/dist/terminal/sandbox/BubblewrapSandbox.d.ts +8 -0
- package/dist/terminal/sandbox/BubblewrapSandbox.js +105 -0
- package/dist/terminal/sandbox/BubblewrapSandbox.js.map +1 -0
- package/dist/terminal/sandbox/MacOSSandbox.d.ts +19 -0
- package/dist/terminal/sandbox/MacOSSandbox.js +120 -0
- package/dist/terminal/sandbox/MacOSSandbox.js.map +1 -0
- package/dist/terminal/sandbox/index.d.ts +29 -0
- package/dist/terminal/sandbox/index.js +113 -0
- package/dist/terminal/sandbox/index.js.map +1 -0
- package/dist/terminal/sandbox/types.d.ts +38 -0
- package/dist/terminal/sandbox/types.js +3 -0
- package/dist/terminal/sandbox/types.js.map +1 -0
- package/dist/terminal/types.d.ts +80 -0
- package/dist/terminal/types.js +16 -0
- package/dist/terminal/types.js.map +1 -0
- package/dist/tunnel/CloudflareTunnelProvider.d.ts +120 -0
- package/dist/tunnel/CloudflareTunnelProvider.js +376 -0
- package/dist/tunnel/CloudflareTunnelProvider.js.map +1 -0
- package/dist/tunnel/CloudflareTunnelProvider.jsonld +204 -0
- package/dist/tunnel/LocalTunnelProvider.d.ts +85 -0
- package/dist/tunnel/LocalTunnelProvider.js +295 -0
- package/dist/tunnel/LocalTunnelProvider.js.map +1 -0
- package/dist/tunnel/LocalTunnelProvider.jsonld +142 -0
- package/dist/tunnel/SakuraFrpTunnelProvider.d.ts +59 -0
- package/dist/tunnel/SakuraFrpTunnelProvider.js +207 -0
- package/dist/tunnel/SakuraFrpTunnelProvider.js.map +1 -0
- package/dist/tunnel/TunnelProvider.d.ts +91 -0
- package/dist/tunnel/TunnelProvider.js +10 -0
- package/dist/tunnel/TunnelProvider.js.map +1 -0
- package/dist/tunnel/TunnelProvider.jsonld +144 -0
- package/dist/tunnel/index.d.ts +3 -0
- package/dist/tunnel/index.js +8 -0
- package/dist/tunnel/index.js.map +1 -0
- package/dist/util/LockContext.d.ts +3 -0
- package/dist/util/LockContext.js +6 -0
- package/dist/util/LockContext.js.map +1 -0
- package/dist/util/ResourceStoreFetch.d.ts +11 -0
- package/dist/util/ResourceStoreFetch.js +147 -0
- package/dist/util/ResourceStoreFetch.js.map +1 -0
- package/dist/util/database/DatabaseMaintenance.d.ts +23 -0
- package/dist/util/database/DatabaseMaintenance.js +82 -0
- package/dist/util/database/DatabaseMaintenance.js.map +1 -0
- package/dist/util/identifiers/ClusterIdentifierStrategy.d.ts +23 -0
- package/dist/util/identifiers/ClusterIdentifierStrategy.js +73 -0
- package/dist/util/identifiers/ClusterIdentifierStrategy.js.map +1 -0
- package/dist/util/identifiers/ClusterIdentifierStrategy.jsonld +90 -0
- package/dist/util/identifiers/MultiDomainIdentifierStrategy.d.ts +40 -0
- package/dist/util/identifiers/MultiDomainIdentifierStrategy.js +73 -0
- package/dist/util/identifiers/MultiDomainIdentifierStrategy.js.map +1 -0
- package/dist/util/identifiers/MultiDomainIdentifierStrategy.jsonld +90 -0
- package/dist/util/identifiers/PathBasedPodIdentifierStrategy.d.ts +78 -0
- package/dist/util/identifiers/PathBasedPodIdentifierStrategy.js +182 -0
- package/dist/util/identifiers/PathBasedPodIdentifierStrategy.js.map +1 -0
- package/dist/util/identifiers/PathBasedPodIdentifierStrategy.jsonld +88 -0
- package/dist/util/identifiers/SubdomainPodIdentifierStrategy.d.ts +68 -0
- package/dist/util/identifiers/SubdomainPodIdentifierStrategy.js +149 -0
- package/dist/util/identifiers/SubdomainPodIdentifierStrategy.js.map +1 -0
- package/dist/util/identifiers/SubdomainPodIdentifierStrategy.jsonld +84 -0
- package/dist/util/locking/DebugRedisLocker.d.ts +8 -0
- package/dist/util/locking/DebugRedisLocker.js +33 -0
- package/dist/util/locking/DebugRedisLocker.js.map +1 -0
- package/dist/util/logger.d.ts +13 -0
- package/dist/util/logger.js +36 -0
- package/dist/util/logger.js.map +1 -0
- package/dist/util/stream/BandwidthThrottleTransform.d.ts +8 -0
- package/dist/util/stream/BandwidthThrottleTransform.js +55 -0
- package/dist/util/stream/BandwidthThrottleTransform.js.map +1 -0
- package/dist/vocab/external.d.ts +216 -0
- package/dist/vocab/external.js +276 -0
- package/dist/vocab/external.js.map +1 -0
- package/dist/vocab/index.d.ts +26 -0
- package/dist/vocab/index.js +46 -0
- package/dist/vocab/index.js.map +1 -0
- package/dist/vocab/udfs.d.ts +184 -0
- package/dist/vocab/udfs.js +217 -0
- package/dist/vocab/udfs.js.map +1 -0
- package/dist/webrtc/WebRTCClient.d.ts +109 -0
- package/dist/webrtc/WebRTCClient.js +344 -0
- package/dist/webrtc/WebRTCClient.js.map +1 -0
- package/dist/webrtc/WebRTCPeerManager.d.ts +112 -0
- package/dist/webrtc/WebRTCPeerManager.js +289 -0
- package/dist/webrtc/WebRTCPeerManager.js.map +1 -0
- package/dist/webrtc/WeriftPeerConnectionFactory.d.ts +13 -0
- package/dist/webrtc/WeriftPeerConnectionFactory.js +255 -0
- package/dist/webrtc/WeriftPeerConnectionFactory.js.map +1 -0
- package/dist/webrtc/index.d.ts +13 -0
- package/dist/webrtc/index.js +30 -0
- package/dist/webrtc/index.js.map +1 -0
- package/dist/webrtc/types.d.ts +169 -0
- package/dist/webrtc/types.js +6 -0
- package/dist/webrtc/types.js.map +1 -0
- package/dist/xpod.single.cjs +826 -0
- package/dist/xpod.single.cjs.map +7 -0
- package/package.json +173 -0
- package/static/app/assets/index.css +1 -0
- package/static/app/assets/main.js +11 -0
- package/static/app/auth.html +21 -0
- package/static/app/index.html +14 -0
- package/static/app/vite.svg +1 -0
- package/static/dashboard/assets/dashboard-G96F8267.js +52 -0
- package/static/dashboard/assets/dashboard-PJyGDppf.css +1 -0
- package/static/dashboard/auth.html +21 -0
- package/static/dashboard/index.html +13 -0
- package/static/dashboard/vite.svg +1 -0
- package/static/landing/index.html +165 -0
- package/templates/identity/index.html.ejs +12 -0
- package/templates/identity/login.html.ejs +49 -0
- package/templates/identity/oidc/consent.html.ejs +103 -0
- package/templates/identity/password/forgot.html.ejs +49 -0
- package/templates/identity/password/login.html.ejs +58 -0
- package/templates/identity/password/register.html.ejs +65 -0
- package/templates/main.html.ejs +1 -0
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AclPermissionService = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* ACL Permission Service for Terminal Sidecar
|
|
6
|
+
*
|
|
7
|
+
* Queries Quadstore to check if a user has acl:Control permission
|
|
8
|
+
* on a resource, which is required for Terminal access.
|
|
9
|
+
*/
|
|
10
|
+
const global_logger_factory_1 = require("global-logger-factory");
|
|
11
|
+
const SubgraphQueryEngine_1 = require("../storage/sparql/SubgraphQueryEngine");
|
|
12
|
+
class AclPermissionService {
|
|
13
|
+
constructor(sparqlEndpoint) {
|
|
14
|
+
this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
|
|
15
|
+
this.sparqlEndpoint = sparqlEndpoint;
|
|
16
|
+
}
|
|
17
|
+
getEngine() {
|
|
18
|
+
if (!this.engine) {
|
|
19
|
+
if (!this.sparqlEndpoint) {
|
|
20
|
+
throw new Error('SPARQL endpoint not configured');
|
|
21
|
+
}
|
|
22
|
+
this.engine = new SubgraphQueryEngine_1.SubgraphQueryEngine(new SubgraphQueryEngine_1.QuadstoreSparqlEngine(this.sparqlEndpoint));
|
|
23
|
+
}
|
|
24
|
+
return this.engine;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Check if a user has acl:Control permission on a resource.
|
|
28
|
+
*
|
|
29
|
+
* Checks for:
|
|
30
|
+
* - Direct agent match: acl:agent <userId>
|
|
31
|
+
* - Public access: acl:agentClass foaf:Agent
|
|
32
|
+
* - Authenticated access: acl:agentClass acl:AuthenticatedAgent
|
|
33
|
+
*
|
|
34
|
+
* @param userId - The WebID of the user
|
|
35
|
+
* @param resourceUrl - The URL of the resource to check
|
|
36
|
+
* @returns true if user has Control permission
|
|
37
|
+
*/
|
|
38
|
+
async hasControlPermission(userId, resourceUrl) {
|
|
39
|
+
const engine = this.getEngine();
|
|
40
|
+
// Normalize resource URL (remove trailing slash for consistency)
|
|
41
|
+
const normalizedResource = resourceUrl.endsWith('/')
|
|
42
|
+
? resourceUrl.slice(0, -1)
|
|
43
|
+
: resourceUrl;
|
|
44
|
+
// Also check the container version (with trailing slash)
|
|
45
|
+
const containerResource = normalizedResource + '/';
|
|
46
|
+
const query = `
|
|
47
|
+
PREFIX acl: <http://www.w3.org/ns/auth/acl#>
|
|
48
|
+
PREFIX foaf: <http://xmlns.com/foaf/0.1/>
|
|
49
|
+
|
|
50
|
+
ASK {
|
|
51
|
+
?auth a acl:Authorization ;
|
|
52
|
+
acl:mode acl:Control .
|
|
53
|
+
|
|
54
|
+
# Match either the exact resource or container
|
|
55
|
+
{
|
|
56
|
+
?auth acl:accessTo <${normalizedResource}> .
|
|
57
|
+
} UNION {
|
|
58
|
+
?auth acl:accessTo <${containerResource}> .
|
|
59
|
+
} UNION {
|
|
60
|
+
?auth acl:default <${normalizedResource}> .
|
|
61
|
+
} UNION {
|
|
62
|
+
?auth acl:default <${containerResource}> .
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
# Match user by agent, agentClass, or agentGroup
|
|
66
|
+
{
|
|
67
|
+
?auth acl:agent <${userId}> .
|
|
68
|
+
} UNION {
|
|
69
|
+
?auth acl:agentClass foaf:Agent .
|
|
70
|
+
} UNION {
|
|
71
|
+
?auth acl:agentClass acl:AuthenticatedAgent .
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
`;
|
|
75
|
+
try {
|
|
76
|
+
const hasPermission = await engine.queryBoolean(query, resourceUrl);
|
|
77
|
+
this.logger.debug(`ACL check: user=${userId}, resource=${resourceUrl}, hasControl=${hasPermission}`);
|
|
78
|
+
return hasPermission;
|
|
79
|
+
}
|
|
80
|
+
catch (error) {
|
|
81
|
+
this.logger.error(`ACL query failed: ${error}`);
|
|
82
|
+
return false;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Get all resources where user has Control permission under a base path.
|
|
87
|
+
*
|
|
88
|
+
* @param userId - The WebID of the user
|
|
89
|
+
* @param basePath - The base path to search under
|
|
90
|
+
* @returns Array of resource URLs with Control permission
|
|
91
|
+
*/
|
|
92
|
+
async getControlledResources(userId, basePath) {
|
|
93
|
+
const engine = this.getEngine();
|
|
94
|
+
const query = `
|
|
95
|
+
PREFIX acl: <http://www.w3.org/ns/auth/acl#>
|
|
96
|
+
PREFIX foaf: <http://xmlns.com/foaf/0.1/>
|
|
97
|
+
|
|
98
|
+
SELECT DISTINCT ?resource WHERE {
|
|
99
|
+
?auth a acl:Authorization ;
|
|
100
|
+
acl:mode acl:Control .
|
|
101
|
+
|
|
102
|
+
# Get the resource
|
|
103
|
+
{
|
|
104
|
+
?auth acl:accessTo ?resource .
|
|
105
|
+
} UNION {
|
|
106
|
+
?auth acl:default ?resource .
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
# Filter by base path
|
|
110
|
+
FILTER(STRSTARTS(STR(?resource), "${basePath}"))
|
|
111
|
+
|
|
112
|
+
# Match user
|
|
113
|
+
{
|
|
114
|
+
?auth acl:agent <${userId}> .
|
|
115
|
+
} UNION {
|
|
116
|
+
?auth acl:agentClass foaf:Agent .
|
|
117
|
+
} UNION {
|
|
118
|
+
?auth acl:agentClass acl:AuthenticatedAgent .
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
`;
|
|
122
|
+
try {
|
|
123
|
+
const resources = [];
|
|
124
|
+
const stream = await engine.queryBindings(query, basePath);
|
|
125
|
+
for await (const binding of stream) {
|
|
126
|
+
const value = binding.get('resource');
|
|
127
|
+
if (value && typeof value === 'object' && 'value' in value) {
|
|
128
|
+
resources.push(value.value);
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
this.logger.debug(`Found ${resources.length} controlled resources for user=${userId} under ${basePath}`);
|
|
132
|
+
return resources;
|
|
133
|
+
}
|
|
134
|
+
catch (error) {
|
|
135
|
+
this.logger.error(`ACL query failed: ${error}`);
|
|
136
|
+
return [];
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
exports.AclPermissionService = AclPermissionService;
|
|
141
|
+
//# sourceMappingURL=AclPermissionService.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AclPermissionService.js","sourceRoot":"","sources":["../../src/terminal/AclPermissionService.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,iEAAqD;AACrD,+EAAmG;AAEnG,MAAa,oBAAoB;IAK/B,YAAmB,cAAuB;QAJvB,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAK7C,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAEO,SAAS;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACpD,CAAC;YACD,IAAI,CAAC,MAAM,GAAG,IAAI,yCAAmB,CAAC,IAAI,2CAAqB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACxF,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;;;;;;;OAWG;IACI,KAAK,CAAC,oBAAoB,CAAC,MAAc,EAAE,WAAmB;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAEhC,iEAAiE;QACjE,MAAM,kBAAkB,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;YAClD,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,CAAC,CAAC,WAAW,CAAC;QAEhB,yDAAyD;QACzD,MAAM,iBAAiB,GAAG,kBAAkB,GAAG,GAAG,CAAC;QAEnD,MAAM,KAAK,GAAG;;;;;;;;;;gCAUc,kBAAkB;;gCAElB,iBAAiB;;+BAElB,kBAAkB;;+BAElB,iBAAiB;;;;;6BAKnB,MAAM;;;;;;;KAO9B,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;YACpE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,MAAM,cAAc,WAAW,gBAAgB,aAAa,EAAE,CAAC,CAAC;YACrG,OAAO,aAAa,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,sBAAsB,CAAC,MAAc,EAAE,QAAgB;QAClE,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAEhC,MAAM,KAAK,GAAG;;;;;;;;;;;;;;;;4CAgB0B,QAAQ;;;;6BAIvB,MAAM;;;;;;;KAO9B,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,SAAS,GAAa,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAE3D,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,MAAM,EAAE,CAAC;gBACnC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACtC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK,EAAE,CAAC;oBAC3D,SAAS,CAAC,IAAI,CAAE,KAA2B,CAAC,KAAK,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,SAAS,CAAC,MAAM,kCAAkC,MAAM,UAAU,QAAQ,EAAE,CAAC,CAAC;YACzG,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA3ID,oDA2IC","sourcesContent":["/**\n * ACL Permission Service for Terminal Sidecar\n *\n * Queries Quadstore to check if a user has acl:Control permission\n * on a resource, which is required for Terminal access.\n */\nimport { getLoggerFor } from 'global-logger-factory';\nimport { SubgraphQueryEngine, QuadstoreSparqlEngine } from '../storage/sparql/SubgraphQueryEngine';\n\nexport class AclPermissionService {\n protected readonly logger = getLoggerFor(this);\n private engine?: SubgraphQueryEngine;\n private readonly sparqlEndpoint?: string;\n\n public constructor(sparqlEndpoint?: string) {\n this.sparqlEndpoint = sparqlEndpoint;\n }\n\n private getEngine(): SubgraphQueryEngine {\n if (!this.engine) {\n if (!this.sparqlEndpoint) {\n throw new Error('SPARQL endpoint not configured');\n }\n this.engine = new SubgraphQueryEngine(new QuadstoreSparqlEngine(this.sparqlEndpoint));\n }\n return this.engine;\n }\n\n /**\n * Check if a user has acl:Control permission on a resource.\n *\n * Checks for:\n * - Direct agent match: acl:agent <userId>\n * - Public access: acl:agentClass foaf:Agent\n * - Authenticated access: acl:agentClass acl:AuthenticatedAgent\n *\n * @param userId - The WebID of the user\n * @param resourceUrl - The URL of the resource to check\n * @returns true if user has Control permission\n */\n public async hasControlPermission(userId: string, resourceUrl: string): Promise<boolean> {\n const engine = this.getEngine();\n\n // Normalize resource URL (remove trailing slash for consistency)\n const normalizedResource = resourceUrl.endsWith('/')\n ? resourceUrl.slice(0, -1)\n : resourceUrl;\n\n // Also check the container version (with trailing slash)\n const containerResource = normalizedResource + '/';\n\n const query = `\n PREFIX acl: <http://www.w3.org/ns/auth/acl#>\n PREFIX foaf: <http://xmlns.com/foaf/0.1/>\n\n ASK {\n ?auth a acl:Authorization ;\n acl:mode acl:Control .\n\n # Match either the exact resource or container\n {\n ?auth acl:accessTo <${normalizedResource}> .\n } UNION {\n ?auth acl:accessTo <${containerResource}> .\n } UNION {\n ?auth acl:default <${normalizedResource}> .\n } UNION {\n ?auth acl:default <${containerResource}> .\n }\n\n # Match user by agent, agentClass, or agentGroup\n {\n ?auth acl:agent <${userId}> .\n } UNION {\n ?auth acl:agentClass foaf:Agent .\n } UNION {\n ?auth acl:agentClass acl:AuthenticatedAgent .\n }\n }\n `;\n\n try {\n const hasPermission = await engine.queryBoolean(query, resourceUrl);\n this.logger.debug(`ACL check: user=${userId}, resource=${resourceUrl}, hasControl=${hasPermission}`);\n return hasPermission;\n } catch (error) {\n this.logger.error(`ACL query failed: ${error}`);\n return false;\n }\n }\n\n /**\n * Get all resources where user has Control permission under a base path.\n *\n * @param userId - The WebID of the user\n * @param basePath - The base path to search under\n * @returns Array of resource URLs with Control permission\n */\n public async getControlledResources(userId: string, basePath: string): Promise<string[]> {\n const engine = this.getEngine();\n\n const query = `\n PREFIX acl: <http://www.w3.org/ns/auth/acl#>\n PREFIX foaf: <http://xmlns.com/foaf/0.1/>\n\n SELECT DISTINCT ?resource WHERE {\n ?auth a acl:Authorization ;\n acl:mode acl:Control .\n\n # Get the resource\n {\n ?auth acl:accessTo ?resource .\n } UNION {\n ?auth acl:default ?resource .\n }\n\n # Filter by base path\n FILTER(STRSTARTS(STR(?resource), \"${basePath}\"))\n\n # Match user\n {\n ?auth acl:agent <${userId}> .\n } UNION {\n ?auth acl:agentClass foaf:Agent .\n } UNION {\n ?auth acl:agentClass acl:AuthenticatedAgent .\n }\n }\n `;\n\n try {\n const resources: string[] = [];\n const stream = await engine.queryBindings(query, basePath);\n\n for await (const binding of stream) {\n const value = binding.get('resource');\n if (value && typeof value === 'object' && 'value' in value) {\n resources.push((value as { value: string }).value);\n }\n }\n\n this.logger.debug(`Found ${resources.length} controlled resources for user=${userId} under ${basePath}`);\n return resources;\n } catch (error) {\n this.logger.error(`ACL query failed: ${error}`);\n return [];\n }\n }\n}\n"]}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bubblewrap Sandbox for Terminal Sidecar
|
|
3
|
+
*
|
|
4
|
+
* Provides secure sandboxing using bubblewrap (bwrap) with:
|
|
5
|
+
* - Single directory bind mount (based on ACL Control permission)
|
|
6
|
+
* - Optional network isolation
|
|
7
|
+
* - Process isolation via Linux namespaces
|
|
8
|
+
*
|
|
9
|
+
* Note: bubblewrap is Linux-only. On other platforms, falls back to unsandboxed execution.
|
|
10
|
+
*/
|
|
11
|
+
import { ChildProcess } from 'child_process';
|
|
12
|
+
export interface SandboxConfig {
|
|
13
|
+
/** Working directory to bind mount (user must have acl:Control) */
|
|
14
|
+
workdir: string;
|
|
15
|
+
/** Command to execute inside sandbox */
|
|
16
|
+
command: string;
|
|
17
|
+
/** Command arguments */
|
|
18
|
+
args: string[];
|
|
19
|
+
/** Environment variables */
|
|
20
|
+
env: Record<string, string>;
|
|
21
|
+
/** Whether to isolate network (default: false) */
|
|
22
|
+
isolateNetwork?: boolean;
|
|
23
|
+
/** Additional read-only bind mounts (e.g., /usr, /lib) */
|
|
24
|
+
readonlyBinds?: string[];
|
|
25
|
+
/** PTY columns */
|
|
26
|
+
cols?: number;
|
|
27
|
+
/** PTY rows */
|
|
28
|
+
rows?: number;
|
|
29
|
+
}
|
|
30
|
+
export interface SandboxResult {
|
|
31
|
+
process: ChildProcess;
|
|
32
|
+
sandboxed: boolean;
|
|
33
|
+
}
|
|
34
|
+
export declare class BubblewrapSandbox {
|
|
35
|
+
protected readonly logger: import("global-logger-factory").Logger<unknown>;
|
|
36
|
+
private static readonly SYSTEM_PATHS;
|
|
37
|
+
/**
|
|
38
|
+
* Launch a sandboxed process.
|
|
39
|
+
*
|
|
40
|
+
* @param config - Sandbox configuration
|
|
41
|
+
* @returns The spawned process and whether it's sandboxed
|
|
42
|
+
*/
|
|
43
|
+
launch(config: SandboxConfig): SandboxResult;
|
|
44
|
+
private launchSandboxed;
|
|
45
|
+
private launchUnsandboxed;
|
|
46
|
+
private buildBwrapArgs;
|
|
47
|
+
/**
|
|
48
|
+
* Check if bubblewrap is available on this system.
|
|
49
|
+
*/
|
|
50
|
+
static isAvailable(): boolean;
|
|
51
|
+
}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BubblewrapSandbox = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Bubblewrap Sandbox for Terminal Sidecar
|
|
6
|
+
*
|
|
7
|
+
* Provides secure sandboxing using bubblewrap (bwrap) with:
|
|
8
|
+
* - Single directory bind mount (based on ACL Control permission)
|
|
9
|
+
* - Optional network isolation
|
|
10
|
+
* - Process isolation via Linux namespaces
|
|
11
|
+
*
|
|
12
|
+
* Note: bubblewrap is Linux-only. On other platforms, falls back to unsandboxed execution.
|
|
13
|
+
*/
|
|
14
|
+
const child_process_1 = require("child_process");
|
|
15
|
+
const fs_1 = require("fs");
|
|
16
|
+
const global_logger_factory_1 = require("global-logger-factory");
|
|
17
|
+
// Check if bubblewrap is available
|
|
18
|
+
let bwrapAvailable;
|
|
19
|
+
function isBwrapAvailable() {
|
|
20
|
+
if (bwrapAvailable === undefined) {
|
|
21
|
+
try {
|
|
22
|
+
const { execSync } = require('child_process');
|
|
23
|
+
execSync('which bwrap', { stdio: 'ignore' });
|
|
24
|
+
bwrapAvailable = true;
|
|
25
|
+
}
|
|
26
|
+
catch {
|
|
27
|
+
bwrapAvailable = false;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
return bwrapAvailable;
|
|
31
|
+
}
|
|
32
|
+
class BubblewrapSandbox {
|
|
33
|
+
constructor() {
|
|
34
|
+
this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Launch a sandboxed process.
|
|
38
|
+
*
|
|
39
|
+
* @param config - Sandbox configuration
|
|
40
|
+
* @returns The spawned process and whether it's sandboxed
|
|
41
|
+
*/
|
|
42
|
+
launch(config) {
|
|
43
|
+
if (!isBwrapAvailable()) {
|
|
44
|
+
this.logger.warn('bubblewrap not available, running without sandbox');
|
|
45
|
+
return this.launchUnsandboxed(config);
|
|
46
|
+
}
|
|
47
|
+
return this.launchSandboxed(config);
|
|
48
|
+
}
|
|
49
|
+
launchSandboxed(config) {
|
|
50
|
+
const bwrapArgs = this.buildBwrapArgs(config);
|
|
51
|
+
this.logger.info(`Launching sandboxed process: bwrap ${bwrapArgs.slice(0, 10).join(' ')}...`);
|
|
52
|
+
const process = (0, child_process_1.spawn)('bwrap', bwrapArgs, {
|
|
53
|
+
env: {
|
|
54
|
+
...config.env,
|
|
55
|
+
TERM: 'xterm-256color',
|
|
56
|
+
},
|
|
57
|
+
stdio: ['pipe', 'pipe', 'pipe'],
|
|
58
|
+
});
|
|
59
|
+
return { process, sandboxed: true };
|
|
60
|
+
}
|
|
61
|
+
launchUnsandboxed(config) {
|
|
62
|
+
this.logger.info(`Launching unsandboxed process: ${config.command} ${config.args.join(' ')}`);
|
|
63
|
+
const childProcess = (0, child_process_1.spawn)(config.command, config.args, {
|
|
64
|
+
cwd: config.workdir,
|
|
65
|
+
env: {
|
|
66
|
+
...globalThis.process.env,
|
|
67
|
+
...config.env,
|
|
68
|
+
TERM: 'xterm-256color',
|
|
69
|
+
},
|
|
70
|
+
stdio: ['pipe', 'pipe', 'pipe'],
|
|
71
|
+
});
|
|
72
|
+
return { process: childProcess, sandboxed: false };
|
|
73
|
+
}
|
|
74
|
+
buildBwrapArgs(config) {
|
|
75
|
+
const args = [];
|
|
76
|
+
// Unshare namespaces for isolation
|
|
77
|
+
args.push('--unshare-user');
|
|
78
|
+
args.push('--unshare-pid');
|
|
79
|
+
args.push('--unshare-uts');
|
|
80
|
+
args.push('--unshare-ipc');
|
|
81
|
+
args.push('--unshare-cgroup');
|
|
82
|
+
if (config.isolateNetwork) {
|
|
83
|
+
args.push('--unshare-net');
|
|
84
|
+
}
|
|
85
|
+
// Create new root filesystem
|
|
86
|
+
args.push('--die-with-parent');
|
|
87
|
+
// Mount essential system paths as read-only
|
|
88
|
+
for (const path of BubblewrapSandbox.SYSTEM_PATHS) {
|
|
89
|
+
if ((0, fs_1.existsSync)(path)) {
|
|
90
|
+
args.push('--ro-bind', path, path);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
// Mount /dev with basic devices
|
|
94
|
+
args.push('--dev', '/dev');
|
|
95
|
+
// Mount /proc
|
|
96
|
+
args.push('--proc', '/proc');
|
|
97
|
+
// Mount /tmp as tmpfs
|
|
98
|
+
args.push('--tmpfs', '/tmp');
|
|
99
|
+
// Mount home directory structure (empty)
|
|
100
|
+
args.push('--tmpfs', '/home');
|
|
101
|
+
// Additional read-only binds
|
|
102
|
+
if (config.readonlyBinds) {
|
|
103
|
+
for (const path of config.readonlyBinds) {
|
|
104
|
+
if ((0, fs_1.existsSync)(path)) {
|
|
105
|
+
args.push('--ro-bind', path, path);
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
// Mount the working directory with write access
|
|
110
|
+
// This is the key security control - only this directory is writable
|
|
111
|
+
args.push('--bind', config.workdir, config.workdir);
|
|
112
|
+
// Set working directory
|
|
113
|
+
args.push('--chdir', config.workdir);
|
|
114
|
+
// Set environment variables
|
|
115
|
+
for (const [key, value] of Object.entries(config.env)) {
|
|
116
|
+
args.push('--setenv', key, value);
|
|
117
|
+
}
|
|
118
|
+
// Always set TERM
|
|
119
|
+
args.push('--setenv', 'TERM', 'xterm-256color');
|
|
120
|
+
// The command to run
|
|
121
|
+
args.push(config.command);
|
|
122
|
+
args.push(...config.args);
|
|
123
|
+
return args;
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Check if bubblewrap is available on this system.
|
|
127
|
+
*/
|
|
128
|
+
static isAvailable() {
|
|
129
|
+
return isBwrapAvailable();
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
exports.BubblewrapSandbox = BubblewrapSandbox;
|
|
133
|
+
// Essential system paths that should be read-only mounted
|
|
134
|
+
BubblewrapSandbox.SYSTEM_PATHS = [
|
|
135
|
+
'/usr',
|
|
136
|
+
'/lib',
|
|
137
|
+
'/lib64',
|
|
138
|
+
'/bin',
|
|
139
|
+
'/sbin',
|
|
140
|
+
'/etc/resolv.conf',
|
|
141
|
+
'/etc/hosts',
|
|
142
|
+
'/etc/passwd',
|
|
143
|
+
'/etc/group',
|
|
144
|
+
'/etc/ssl',
|
|
145
|
+
'/etc/ca-certificates',
|
|
146
|
+
];
|
|
147
|
+
//# sourceMappingURL=BubblewrapSandbox.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"BubblewrapSandbox.js","sourceRoot":"","sources":["../../src/terminal/BubblewrapSandbox.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,iDAAoD;AACpD,2BAAgC;AAChC,iEAAqD;AA0BrD,mCAAmC;AACnC,IAAI,cAAmC,CAAC;AAExC,SAAS,gBAAgB;IACvB,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;YAC9C,QAAQ,CAAC,aAAa,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC7C,cAAc,GAAG,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,cAAc,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,MAAa,iBAAiB;IAA9B;QACqB,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;IAyIjD,CAAC;IAxHC;;;;;OAKG;IACI,MAAM,CAAC,MAAqB;QACjC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YACtE,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAEO,eAAe,CAAC,MAAqB;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAE9F,MAAM,OAAO,GAAG,IAAA,qBAAK,EAAC,OAAO,EAAE,SAAS,EAAE;YACxC,GAAG,EAAE;gBACH,GAAG,MAAM,CAAC,GAAG;gBACb,IAAI,EAAE,gBAAgB;aACvB;YACD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACtC,CAAC;IAEO,iBAAiB,CAAC,MAAqB;QAC7C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAE9F,MAAM,YAAY,GAAG,IAAA,qBAAK,EAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;YACtD,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,GAAG,EAAE;gBACH,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG;gBACzB,GAAG,MAAM,CAAC,GAAG;gBACb,IAAI,EAAE,gBAAgB;aACvB;YACD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACrD,CAAC;IAEO,cAAc,CAAC,MAAqB;QAC1C,MAAM,IAAI,GAAa,EAAE,CAAC;QAE1B,mCAAmC;QACnC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE9B,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAE/B,4CAA4C;QAC5C,KAAK,MAAM,IAAI,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC;YAClD,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAE3B,cAAc;QACd,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAE7B,sBAAsB;QACtB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAE7B,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE9B,6BAA6B;QAC7B,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACxC,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,qEAAqE;QACrE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAEpD,wBAAwB;QACxB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAErC,4BAA4B;QAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACpC,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;QAEhD,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAE1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,OAAO,gBAAgB,EAAE,CAAC;IAC5B,CAAC;;AAzIH,8CA0IC;AAvIC,0DAA0D;AAClC,8BAAY,GAAG;IACrC,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,OAAO;IACP,kBAAkB;IAClB,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,UAAU;IACV,sBAAsB;CACvB,AAZmC,CAYlC","sourcesContent":["/**\n * Bubblewrap Sandbox for Terminal Sidecar\n *\n * Provides secure sandboxing using bubblewrap (bwrap) with:\n * - Single directory bind mount (based on ACL Control permission)\n * - Optional network isolation\n * - Process isolation via Linux namespaces\n *\n * Note: bubblewrap is Linux-only. On other platforms, falls back to unsandboxed execution.\n */\nimport { spawn, ChildProcess } from 'child_process';\nimport { existsSync } from 'fs';\nimport { getLoggerFor } from 'global-logger-factory';\n\nexport interface SandboxConfig {\n /** Working directory to bind mount (user must have acl:Control) */\n workdir: string;\n /** Command to execute inside sandbox */\n command: string;\n /** Command arguments */\n args: string[];\n /** Environment variables */\n env: Record<string, string>;\n /** Whether to isolate network (default: false) */\n isolateNetwork?: boolean;\n /** Additional read-only bind mounts (e.g., /usr, /lib) */\n readonlyBinds?: string[];\n /** PTY columns */\n cols?: number;\n /** PTY rows */\n rows?: number;\n}\n\nexport interface SandboxResult {\n process: ChildProcess;\n sandboxed: boolean;\n}\n\n// Check if bubblewrap is available\nlet bwrapAvailable: boolean | undefined;\n\nfunction isBwrapAvailable(): boolean {\n if (bwrapAvailable === undefined) {\n try {\n const { execSync } = require('child_process');\n execSync('which bwrap', { stdio: 'ignore' });\n bwrapAvailable = true;\n } catch {\n bwrapAvailable = false;\n }\n }\n return bwrapAvailable;\n}\n\nexport class BubblewrapSandbox {\n protected readonly logger = getLoggerFor(this);\n\n // Essential system paths that should be read-only mounted\n private static readonly SYSTEM_PATHS = [\n '/usr',\n '/lib',\n '/lib64',\n '/bin',\n '/sbin',\n '/etc/resolv.conf',\n '/etc/hosts',\n '/etc/passwd',\n '/etc/group',\n '/etc/ssl',\n '/etc/ca-certificates',\n ];\n\n /**\n * Launch a sandboxed process.\n *\n * @param config - Sandbox configuration\n * @returns The spawned process and whether it's sandboxed\n */\n public launch(config: SandboxConfig): SandboxResult {\n if (!isBwrapAvailable()) {\n this.logger.warn('bubblewrap not available, running without sandbox');\n return this.launchUnsandboxed(config);\n }\n\n return this.launchSandboxed(config);\n }\n\n private launchSandboxed(config: SandboxConfig): SandboxResult {\n const bwrapArgs = this.buildBwrapArgs(config);\n\n this.logger.info(`Launching sandboxed process: bwrap ${bwrapArgs.slice(0, 10).join(' ')}...`);\n\n const process = spawn('bwrap', bwrapArgs, {\n env: {\n ...config.env,\n TERM: 'xterm-256color',\n },\n stdio: ['pipe', 'pipe', 'pipe'],\n });\n\n return { process, sandboxed: true };\n }\n\n private launchUnsandboxed(config: SandboxConfig): SandboxResult {\n this.logger.info(`Launching unsandboxed process: ${config.command} ${config.args.join(' ')}`);\n\n const childProcess = spawn(config.command, config.args, {\n cwd: config.workdir,\n env: {\n ...globalThis.process.env,\n ...config.env,\n TERM: 'xterm-256color',\n },\n stdio: ['pipe', 'pipe', 'pipe'],\n });\n\n return { process: childProcess, sandboxed: false };\n }\n\n private buildBwrapArgs(config: SandboxConfig): string[] {\n const args: string[] = [];\n\n // Unshare namespaces for isolation\n args.push('--unshare-user');\n args.push('--unshare-pid');\n args.push('--unshare-uts');\n args.push('--unshare-ipc');\n args.push('--unshare-cgroup');\n\n if (config.isolateNetwork) {\n args.push('--unshare-net');\n }\n\n // Create new root filesystem\n args.push('--die-with-parent');\n\n // Mount essential system paths as read-only\n for (const path of BubblewrapSandbox.SYSTEM_PATHS) {\n if (existsSync(path)) {\n args.push('--ro-bind', path, path);\n }\n }\n\n // Mount /dev with basic devices\n args.push('--dev', '/dev');\n\n // Mount /proc\n args.push('--proc', '/proc');\n\n // Mount /tmp as tmpfs\n args.push('--tmpfs', '/tmp');\n\n // Mount home directory structure (empty)\n args.push('--tmpfs', '/home');\n\n // Additional read-only binds\n if (config.readonlyBinds) {\n for (const path of config.readonlyBinds) {\n if (existsSync(path)) {\n args.push('--ro-bind', path, path);\n }\n }\n }\n\n // Mount the working directory with write access\n // This is the key security control - only this directory is writable\n args.push('--bind', config.workdir, config.workdir);\n\n // Set working directory\n args.push('--chdir', config.workdir);\n\n // Set environment variables\n for (const [key, value] of Object.entries(config.env)) {\n args.push('--setenv', key, value);\n }\n\n // Always set TERM\n args.push('--setenv', 'TERM', 'xterm-256color');\n\n // The command to run\n args.push(config.command);\n args.push(...config.args);\n\n return args;\n }\n\n /**\n * Check if bubblewrap is available on this system.\n */\n public static isAvailable(): boolean {\n return isBwrapAvailable();\n }\n}\n"]}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { EventEmitter } from 'events';
|
|
2
|
+
import type { Session, SessionStatus, SessionConfig } from './types';
|
|
3
|
+
export interface TerminalSessionEvents {
|
|
4
|
+
'data': (data: string) => void;
|
|
5
|
+
'exit': (code: number, signal?: string) => void;
|
|
6
|
+
'error': (error: Error) => void;
|
|
7
|
+
}
|
|
8
|
+
export declare class TerminalSession extends EventEmitter {
|
|
9
|
+
private readonly env;
|
|
10
|
+
protected readonly logger: import("global-logger-factory").Logger<unknown>;
|
|
11
|
+
readonly sessionId: string;
|
|
12
|
+
readonly userId: string;
|
|
13
|
+
readonly command: string;
|
|
14
|
+
readonly workdir: string;
|
|
15
|
+
readonly createdAt: Date;
|
|
16
|
+
readonly expiresAt: Date;
|
|
17
|
+
private _status;
|
|
18
|
+
private ptyProcess?;
|
|
19
|
+
private idleTimer?;
|
|
20
|
+
private sessionTimer?;
|
|
21
|
+
private readonly idleTimeout;
|
|
22
|
+
constructor(sessionId: string, userId: string, config: SessionConfig, env: Record<string, string>);
|
|
23
|
+
get status(): SessionStatus;
|
|
24
|
+
get pid(): number | undefined;
|
|
25
|
+
private start;
|
|
26
|
+
private resetIdleTimer;
|
|
27
|
+
write(data: string): void;
|
|
28
|
+
resize(cols: number, rows: number): void;
|
|
29
|
+
sendSignal(signal: string): void;
|
|
30
|
+
terminate(): void;
|
|
31
|
+
private cleanup;
|
|
32
|
+
toJSON(): Session;
|
|
33
|
+
}
|
|
@@ -0,0 +1,164 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.TerminalSession = void 0;
|
|
4
|
+
const events_1 = require("events");
|
|
5
|
+
const global_logger_factory_1 = require("global-logger-factory");
|
|
6
|
+
// node-pty is optional - will be loaded dynamically
|
|
7
|
+
let pty;
|
|
8
|
+
try {
|
|
9
|
+
pty = require('node-pty');
|
|
10
|
+
}
|
|
11
|
+
catch {
|
|
12
|
+
// node-pty not available
|
|
13
|
+
}
|
|
14
|
+
class TerminalSession extends events_1.EventEmitter {
|
|
15
|
+
constructor(sessionId, userId, config, env) {
|
|
16
|
+
super();
|
|
17
|
+
this.env = env;
|
|
18
|
+
this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
|
|
19
|
+
this._status = 'active';
|
|
20
|
+
if (!pty) {
|
|
21
|
+
throw new Error('node-pty is not available. Please install it: npm install node-pty');
|
|
22
|
+
}
|
|
23
|
+
this.sessionId = sessionId;
|
|
24
|
+
this.userId = userId;
|
|
25
|
+
this.command = config.command;
|
|
26
|
+
this.workdir = config.workdir;
|
|
27
|
+
this.createdAt = new Date();
|
|
28
|
+
this.expiresAt = new Date(Date.now() + config.timeout * 1000);
|
|
29
|
+
this.idleTimeout = 10 * 60 * 1000; // 10 minutes
|
|
30
|
+
this.start(config);
|
|
31
|
+
}
|
|
32
|
+
get status() {
|
|
33
|
+
return this._status;
|
|
34
|
+
}
|
|
35
|
+
get pid() {
|
|
36
|
+
return this.ptyProcess?.pid;
|
|
37
|
+
}
|
|
38
|
+
start(config) {
|
|
39
|
+
if (!pty) {
|
|
40
|
+
throw new Error('node-pty is not available');
|
|
41
|
+
}
|
|
42
|
+
this.logger.info(`Starting terminal session ${this.sessionId}: ${config.command} ${config.args.join(' ')}`);
|
|
43
|
+
try {
|
|
44
|
+
this.ptyProcess = pty.spawn(config.command, config.args, {
|
|
45
|
+
name: 'xterm-256color',
|
|
46
|
+
cols: 80,
|
|
47
|
+
rows: 24,
|
|
48
|
+
cwd: config.workdir,
|
|
49
|
+
env: {
|
|
50
|
+
...process.env,
|
|
51
|
+
...this.env,
|
|
52
|
+
TERM: 'xterm-256color',
|
|
53
|
+
},
|
|
54
|
+
});
|
|
55
|
+
this.ptyProcess.onData((data) => {
|
|
56
|
+
this.resetIdleTimer();
|
|
57
|
+
this.emit('data', data);
|
|
58
|
+
});
|
|
59
|
+
this.ptyProcess.onExit(({ exitCode, signal }) => {
|
|
60
|
+
this.logger.debug(`Terminal session ${this.sessionId} exited: code=${exitCode}, signal=${signal}`);
|
|
61
|
+
this._status = 'terminated';
|
|
62
|
+
this.cleanup();
|
|
63
|
+
this.emit('exit', exitCode, signal !== undefined ? String(signal) : undefined);
|
|
64
|
+
});
|
|
65
|
+
// Set session expiration timer
|
|
66
|
+
this.sessionTimer = setTimeout(() => {
|
|
67
|
+
this.logger.debug(`Terminal session ${this.sessionId} expired`);
|
|
68
|
+
this.terminate();
|
|
69
|
+
}, config.timeout * 1000);
|
|
70
|
+
// Start idle timer
|
|
71
|
+
this.resetIdleTimer();
|
|
72
|
+
}
|
|
73
|
+
catch (error) {
|
|
74
|
+
this.logger.error(`Failed to start terminal session ${this.sessionId}: ${error}`);
|
|
75
|
+
this._status = 'terminated';
|
|
76
|
+
this.emit('error', error);
|
|
77
|
+
throw error;
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
resetIdleTimer() {
|
|
81
|
+
if (this.idleTimer) {
|
|
82
|
+
clearTimeout(this.idleTimer);
|
|
83
|
+
}
|
|
84
|
+
this._status = 'active';
|
|
85
|
+
this.idleTimer = setTimeout(() => {
|
|
86
|
+
this.logger.debug(`Terminal session ${this.sessionId} idle timeout`);
|
|
87
|
+
this._status = 'idle';
|
|
88
|
+
// Don't terminate on idle, just mark as idle
|
|
89
|
+
// Could add auto-terminate after extended idle if needed
|
|
90
|
+
}, this.idleTimeout);
|
|
91
|
+
}
|
|
92
|
+
write(data) {
|
|
93
|
+
if (this._status === 'terminated') {
|
|
94
|
+
throw new Error('Session is terminated');
|
|
95
|
+
}
|
|
96
|
+
this.resetIdleTimer();
|
|
97
|
+
this.ptyProcess?.write(data);
|
|
98
|
+
}
|
|
99
|
+
resize(cols, rows) {
|
|
100
|
+
if (this._status === 'terminated') {
|
|
101
|
+
return;
|
|
102
|
+
}
|
|
103
|
+
this.ptyProcess?.resize(cols, rows);
|
|
104
|
+
}
|
|
105
|
+
sendSignal(signal) {
|
|
106
|
+
if (this._status === 'terminated' || !this.ptyProcess) {
|
|
107
|
+
return;
|
|
108
|
+
}
|
|
109
|
+
// node-pty doesn't have a direct signal method,
|
|
110
|
+
// but we can send control characters for common signals
|
|
111
|
+
switch (signal) {
|
|
112
|
+
case 'SIGINT':
|
|
113
|
+
this.ptyProcess.write('\x03'); // Ctrl+C
|
|
114
|
+
break;
|
|
115
|
+
case 'SIGTSTP':
|
|
116
|
+
this.ptyProcess.write('\x1a'); // Ctrl+Z
|
|
117
|
+
break;
|
|
118
|
+
case 'SIGQUIT':
|
|
119
|
+
this.ptyProcess.write('\x1c'); // Ctrl+\
|
|
120
|
+
break;
|
|
121
|
+
case 'SIGTERM':
|
|
122
|
+
case 'SIGKILL':
|
|
123
|
+
this.terminate();
|
|
124
|
+
break;
|
|
125
|
+
default:
|
|
126
|
+
this.logger.warn(`Unknown signal: ${signal}`);
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
terminate() {
|
|
130
|
+
if (this._status === 'terminated') {
|
|
131
|
+
return;
|
|
132
|
+
}
|
|
133
|
+
this.logger.debug(`Terminating terminal session ${this.sessionId}`);
|
|
134
|
+
this._status = 'terminated';
|
|
135
|
+
if (this.ptyProcess) {
|
|
136
|
+
this.ptyProcess.kill();
|
|
137
|
+
}
|
|
138
|
+
this.cleanup();
|
|
139
|
+
}
|
|
140
|
+
cleanup() {
|
|
141
|
+
if (this.idleTimer) {
|
|
142
|
+
clearTimeout(this.idleTimer);
|
|
143
|
+
this.idleTimer = undefined;
|
|
144
|
+
}
|
|
145
|
+
if (this.sessionTimer) {
|
|
146
|
+
clearTimeout(this.sessionTimer);
|
|
147
|
+
this.sessionTimer = undefined;
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
toJSON() {
|
|
151
|
+
return {
|
|
152
|
+
sessionId: this.sessionId,
|
|
153
|
+
userId: this.userId,
|
|
154
|
+
command: this.command,
|
|
155
|
+
workdir: this.workdir,
|
|
156
|
+
status: this._status,
|
|
157
|
+
createdAt: this.createdAt,
|
|
158
|
+
expiresAt: this.expiresAt,
|
|
159
|
+
ptyPid: this.pid,
|
|
160
|
+
};
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
exports.TerminalSession = TerminalSession;
|
|
164
|
+
//# sourceMappingURL=TerminalSession.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TerminalSession.js","sourceRoot":"","sources":["../../src/terminal/TerminalSession.ts"],"names":[],"mappings":";;;AAAA,mCAAsC;AACtC,iEAAqD;AAGrD,oDAAoD;AACpD,IAAI,GAA0C,CAAC;AAC/C,IAAI,CAAC;IACH,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAAC,MAAM,CAAC;IACP,yBAAyB;AAC3B,CAAC;AAQD,MAAa,eAAgB,SAAQ,qBAAY;IAgB/C,YACE,SAAiB,EACjB,MAAc,EACd,MAAqB,EACJ,GAA2B;QAE5C,KAAK,EAAE,CAAC;QAFS,QAAG,GAAH,GAAG,CAAwB;QAnB3B,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QASvC,YAAO,GAAkB,QAAQ,CAAC;QAcxC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;QAC9D,IAAI,CAAC,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;QAEhD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC;IAC9B,CAAC;IAEO,KAAK,CAAC,MAAqB;QACjC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,IAAI,CAAC,SAAS,KAAK,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAE5G,IAAI,CAAC;YACH,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;gBACvD,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,EAAE;gBACR,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,MAAM,CAAC,OAAO;gBACnB,GAAG,EAAE;oBACH,GAAG,OAAO,CAAC,GAAG;oBACd,GAAG,IAAI,CAAC,GAAG;oBACX,IAAI,EAAE,gBAAgB;iBACvB;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAY,EAAE,EAAE;gBACtC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAyC,EAAE,EAAE;gBACrF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,SAAS,iBAAiB,QAAQ,YAAY,MAAM,EAAE,CAAC,CAAC;gBACnG,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC;gBAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YACjF,CAAC,CAAC,CAAC;YAEH,+BAA+B;YAC/B,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;gBAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,SAAS,UAAU,CAAC,CAAC;gBAChE,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,CAAC,EAAE,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;YAE1B,mBAAmB;YACnB,IAAI,CAAC,cAAc,EAAE,CAAC;QAExB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,IAAI,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC,CAAC;YAClF,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC;YAC5B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAc,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,cAAc;QACpB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC;QAExB,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,SAAS,eAAe,CAAC,CAAC;YACrE,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;YACtB,6CAA6C;YAC7C,yDAAyD;QAC3D,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,IAAY;QACvB,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAEM,MAAM,CAAC,IAAY,EAAE,IAAY;QACtC,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;YAClC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;IAEM,UAAU,CAAC,MAAc;QAC9B,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACtD,OAAO;QACT,CAAC;QAED,iDAAiD;QACjD,wDAAwD;QACxD,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,QAAQ;gBACX,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACxC,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACxC,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACxC,MAAM;YACR,KAAK,SAAS,CAAC;YACf,KAAK,SAAS;gBACZ,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjB,MAAM;YACR;gBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAEM,SAAS;QACd,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;YAClC,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;QACpE,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC;QAE5B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAEO,OAAO;QACb,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAChC,CAAC;IACH,CAAC;IAEM,MAAM;QACX,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,GAAG;SACjB,CAAC;IACJ,CAAC;CACF;AA9LD,0CA8LC","sourcesContent":["import { EventEmitter } from 'events';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { Session, SessionStatus, SessionConfig } from './types';\n\n// node-pty is optional - will be loaded dynamically\nlet pty: typeof import('node-pty') | undefined;\ntry {\n pty = require('node-pty');\n} catch {\n // node-pty not available\n}\n\nexport interface TerminalSessionEvents {\n 'data': (data: string) => void;\n 'exit': (code: number, signal?: string) => void;\n 'error': (error: Error) => void;\n}\n\nexport class TerminalSession extends EventEmitter {\n protected readonly logger = getLoggerFor(this);\n \n public readonly sessionId: string;\n public readonly userId: string;\n public readonly command: string;\n public readonly workdir: string;\n public readonly createdAt: Date;\n public readonly expiresAt: Date;\n \n private _status: SessionStatus = 'active';\n private ptyProcess?: import('node-pty').IPty;\n private idleTimer?: NodeJS.Timeout;\n private sessionTimer?: NodeJS.Timeout;\n private readonly idleTimeout: number;\n\n constructor(\n sessionId: string,\n userId: string,\n config: SessionConfig,\n private readonly env: Record<string, string>,\n ) {\n super();\n \n if (!pty) {\n throw new Error('node-pty is not available. Please install it: npm install node-pty');\n }\n \n this.sessionId = sessionId;\n this.userId = userId;\n this.command = config.command;\n this.workdir = config.workdir;\n this.createdAt = new Date();\n this.expiresAt = new Date(Date.now() + config.timeout * 1000);\n this.idleTimeout = 10 * 60 * 1000; // 10 minutes\n \n this.start(config);\n }\n\n get status(): SessionStatus {\n return this._status;\n }\n\n get pid(): number | undefined {\n return this.ptyProcess?.pid;\n }\n\n private start(config: SessionConfig): void {\n if (!pty) {\n throw new Error('node-pty is not available');\n }\n \n this.logger.info(`Starting terminal session ${this.sessionId}: ${config.command} ${config.args.join(' ')}`);\n \n try {\n this.ptyProcess = pty.spawn(config.command, config.args, {\n name: 'xterm-256color',\n cols: 80,\n rows: 24,\n cwd: config.workdir,\n env: {\n ...process.env,\n ...this.env,\n TERM: 'xterm-256color',\n },\n });\n\n this.ptyProcess.onData((data: string) => {\n this.resetIdleTimer();\n this.emit('data', data);\n });\n\n this.ptyProcess.onExit(({ exitCode, signal }: { exitCode: number; signal?: number }) => {\n this.logger.debug(`Terminal session ${this.sessionId} exited: code=${exitCode}, signal=${signal}`);\n this._status = 'terminated';\n this.cleanup();\n this.emit('exit', exitCode, signal !== undefined ? String(signal) : undefined);\n });\n\n // Set session expiration timer\n this.sessionTimer = setTimeout(() => {\n this.logger.debug(`Terminal session ${this.sessionId} expired`);\n this.terminate();\n }, config.timeout * 1000);\n\n // Start idle timer\n this.resetIdleTimer();\n \n } catch (error) {\n this.logger.error(`Failed to start terminal session ${this.sessionId}: ${error}`);\n this._status = 'terminated';\n this.emit('error', error as Error);\n throw error;\n }\n }\n\n private resetIdleTimer(): void {\n if (this.idleTimer) {\n clearTimeout(this.idleTimer);\n }\n \n this._status = 'active';\n \n this.idleTimer = setTimeout(() => {\n this.logger.debug(`Terminal session ${this.sessionId} idle timeout`);\n this._status = 'idle';\n // Don't terminate on idle, just mark as idle\n // Could add auto-terminate after extended idle if needed\n }, this.idleTimeout);\n }\n\n public write(data: string): void {\n if (this._status === 'terminated') {\n throw new Error('Session is terminated');\n }\n this.resetIdleTimer();\n this.ptyProcess?.write(data);\n }\n\n public resize(cols: number, rows: number): void {\n if (this._status === 'terminated') {\n return;\n }\n this.ptyProcess?.resize(cols, rows);\n }\n\n public sendSignal(signal: string): void {\n if (this._status === 'terminated' || !this.ptyProcess) {\n return;\n }\n \n // node-pty doesn't have a direct signal method, \n // but we can send control characters for common signals\n switch (signal) {\n case 'SIGINT':\n this.ptyProcess.write('\\x03'); // Ctrl+C\n break;\n case 'SIGTSTP':\n this.ptyProcess.write('\\x1a'); // Ctrl+Z\n break;\n case 'SIGQUIT':\n this.ptyProcess.write('\\x1c'); // Ctrl+\\\n break;\n case 'SIGTERM':\n case 'SIGKILL':\n this.terminate();\n break;\n default:\n this.logger.warn(`Unknown signal: ${signal}`);\n }\n }\n\n public terminate(): void {\n if (this._status === 'terminated') {\n return;\n }\n \n this.logger.debug(`Terminating terminal session ${this.sessionId}`);\n this._status = 'terminated';\n \n if (this.ptyProcess) {\n this.ptyProcess.kill();\n }\n \n this.cleanup();\n }\n\n private cleanup(): void {\n if (this.idleTimer) {\n clearTimeout(this.idleTimer);\n this.idleTimer = undefined;\n }\n if (this.sessionTimer) {\n clearTimeout(this.sessionTimer);\n this.sessionTimer = undefined;\n }\n }\n\n public toJSON(): Session {\n return {\n sessionId: this.sessionId,\n userId: this.userId,\n command: this.command,\n workdir: this.workdir,\n status: this._status,\n createdAt: this.createdAt,\n expiresAt: this.expiresAt,\n ptyPid: this.pid,\n };\n }\n}\n"]}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
import { TerminalSession } from './TerminalSession';
|
|
2
|
+
import type { EnvRef, CreateSessionRequest } from './types';
|
|
3
|
+
export interface TerminalSessionManagerOptions {
|
|
4
|
+
/** Maximum sessions per user */
|
|
5
|
+
maxSessionsPerUser: number;
|
|
6
|
+
/** Maximum total sessions */
|
|
7
|
+
maxTotalSessions: number;
|
|
8
|
+
/** Default session timeout in seconds */
|
|
9
|
+
defaultTimeout: number;
|
|
10
|
+
/** Maximum session timeout in seconds */
|
|
11
|
+
maxTimeout: number;
|
|
12
|
+
/** Default working directory */
|
|
13
|
+
defaultWorkdir: string;
|
|
14
|
+
/** SPARQL endpoint for ACL queries */
|
|
15
|
+
sparqlEndpoint?: string;
|
|
16
|
+
/** Whether to require ACL Control permission (default: true) */
|
|
17
|
+
requireAclControl: boolean;
|
|
18
|
+
/** Base URL for mapping file paths to resource URLs */
|
|
19
|
+
baseUrl?: string;
|
|
20
|
+
/** File system root for mapping URLs to paths */
|
|
21
|
+
fileSystemRoot?: string;
|
|
22
|
+
}
|
|
23
|
+
export declare class TerminalSessionManager {
|
|
24
|
+
protected readonly logger: import("global-logger-factory").Logger<unknown>;
|
|
25
|
+
private readonly sessions;
|
|
26
|
+
private readonly userSessions;
|
|
27
|
+
private readonly options;
|
|
28
|
+
private readonly aclService?;
|
|
29
|
+
constructor(options?: Partial<TerminalSessionManagerOptions>);
|
|
30
|
+
/**
|
|
31
|
+
* Convert a file system path to a resource URL.
|
|
32
|
+
*/
|
|
33
|
+
private pathToUrl;
|
|
34
|
+
/**
|
|
35
|
+
* Check if user has acl:Control permission for the working directory.
|
|
36
|
+
*/
|
|
37
|
+
checkWorkdirPermission(userId: string, workdir: string): Promise<boolean>;
|
|
38
|
+
/**
|
|
39
|
+
* Create a new terminal session
|
|
40
|
+
*/
|
|
41
|
+
createSession(userId: string, request: CreateSessionRequest, secretResolver?: (ref: EnvRef) => Promise<string>): Promise<TerminalSession>;
|
|
42
|
+
/**
|
|
43
|
+
* Get a session by ID
|
|
44
|
+
*/
|
|
45
|
+
getSession(sessionId: string): TerminalSession | undefined;
|
|
46
|
+
/**
|
|
47
|
+
* Get all sessions for a user
|
|
48
|
+
*/
|
|
49
|
+
getUserSessions(userId: string): TerminalSession[];
|
|
50
|
+
/**
|
|
51
|
+
* Terminate a session
|
|
52
|
+
*/
|
|
53
|
+
terminateSession(sessionId: string): boolean;
|
|
54
|
+
/**
|
|
55
|
+
* Remove a session from tracking
|
|
56
|
+
*/
|
|
57
|
+
private removeSession;
|
|
58
|
+
/**
|
|
59
|
+
* Get session statistics
|
|
60
|
+
*/
|
|
61
|
+
getStats(): {
|
|
62
|
+
totalSessions: number;
|
|
63
|
+
activeUsers: number;
|
|
64
|
+
};
|
|
65
|
+
/**
|
|
66
|
+
* Terminate all sessions (for shutdown)
|
|
67
|
+
*/
|
|
68
|
+
terminateAll(): void;
|
|
69
|
+
}
|