@undefineds.co/xpod 0.1.0-local.202602081751

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (970) hide show
  1. package/LICENSE +22 -0
  2. package/README.md +146 -0
  3. package/components/components.jsonld +72 -0
  4. package/components/context.jsonld +1635 -0
  5. package/config/bun.json +90 -0
  6. package/config/cli.json +260 -0
  7. package/config/cloud.json +469 -0
  8. package/config/extensions.local.initializer.json +23 -0
  9. package/config/local.json +261 -0
  10. package/config/logging/configurable.json +18 -0
  11. package/config/main.json +200 -0
  12. package/config/main.vanilla.json +6 -0
  13. package/config/resolver.json +347 -0
  14. package/config/search.json +66 -0
  15. package/config/seed.dev.json +29 -0
  16. package/config/seeds/admin.example.json +11 -0
  17. package/config/seeds/test.json +11 -0
  18. package/config/terminal.json +22 -0
  19. package/config/vector.json +35 -0
  20. package/config/xpod.base.json +155 -0
  21. package/config/xpod.cluster.json +419 -0
  22. package/config/xpod.json +233 -0
  23. package/dist/agents/AgentExecutorFactory.d.ts +67 -0
  24. package/dist/agents/AgentExecutorFactory.js +193 -0
  25. package/dist/agents/AgentExecutorFactory.js.map +1 -0
  26. package/dist/agents/AgentManager.d.ts +114 -0
  27. package/dist/agents/AgentManager.js +289 -0
  28. package/dist/agents/AgentManager.js.map +1 -0
  29. package/dist/agents/BaseAgentExecutor.d.ts +67 -0
  30. package/dist/agents/BaseAgentExecutor.js +101 -0
  31. package/dist/agents/BaseAgentExecutor.js.map +1 -0
  32. package/dist/agents/ClaudeExecutor.d.ts +63 -0
  33. package/dist/agents/ClaudeExecutor.js +335 -0
  34. package/dist/agents/ClaudeExecutor.js.map +1 -0
  35. package/dist/agents/CodeBuddyExecutor.d.ts +54 -0
  36. package/dist/agents/CodeBuddyExecutor.js +273 -0
  37. package/dist/agents/CodeBuddyExecutor.js.map +1 -0
  38. package/dist/agents/IndexAgent.d.ts +70 -0
  39. package/dist/agents/IndexAgent.js +417 -0
  40. package/dist/agents/IndexAgent.js.map +1 -0
  41. package/dist/agents/index.d.ts +22 -0
  42. package/dist/agents/index.js +48 -0
  43. package/dist/agents/index.js.map +1 -0
  44. package/dist/agents/schema/agent-config.d.ts +58 -0
  45. package/dist/agents/schema/agent-config.js +74 -0
  46. package/dist/agents/schema/agent-config.js.map +1 -0
  47. package/dist/agents/schema/tables.d.ts +46 -0
  48. package/dist/agents/schema/tables.js +64 -0
  49. package/dist/agents/schema/tables.js.map +1 -0
  50. package/dist/agents/types.d.ts +266 -0
  51. package/dist/agents/types.js +9 -0
  52. package/dist/agents/types.js.map +1 -0
  53. package/dist/ai/index.d.ts +5 -0
  54. package/dist/ai/index.js +22 -0
  55. package/dist/ai/index.js.map +1 -0
  56. package/dist/ai/schema/config.d.ts +27 -0
  57. package/dist/ai/schema/config.js +36 -0
  58. package/dist/ai/schema/config.js.map +1 -0
  59. package/dist/ai/schema/index.d.ts +8 -0
  60. package/dist/ai/schema/index.js +27 -0
  61. package/dist/ai/schema/index.js.map +1 -0
  62. package/dist/ai/schema/model.d.ts +40 -0
  63. package/dist/ai/schema/model.js +60 -0
  64. package/dist/ai/schema/model.js.map +1 -0
  65. package/dist/ai/schema/provider.d.ts +21 -0
  66. package/dist/ai/schema/provider.js +30 -0
  67. package/dist/ai/schema/provider.js.map +1 -0
  68. package/dist/ai/schema/types.d.ts +52 -0
  69. package/dist/ai/schema/types.js +62 -0
  70. package/dist/ai/schema/types.js.map +1 -0
  71. package/dist/ai/schema/vector-store.d.ts +53 -0
  72. package/dist/ai/schema/vector-store.js +65 -0
  73. package/dist/ai/schema/vector-store.js.map +1 -0
  74. package/dist/ai/service/CredentialReader.d.ts +7 -0
  75. package/dist/ai/service/CredentialReader.js +10 -0
  76. package/dist/ai/service/CredentialReader.js.map +1 -0
  77. package/dist/ai/service/CredentialReaderImpl.d.ts +6 -0
  78. package/dist/ai/service/CredentialReaderImpl.js +55 -0
  79. package/dist/ai/service/CredentialReaderImpl.js.map +1 -0
  80. package/dist/ai/service/EmbeddingService.d.ts +8 -0
  81. package/dist/ai/service/EmbeddingService.js +10 -0
  82. package/dist/ai/service/EmbeddingService.js.map +1 -0
  83. package/dist/ai/service/EmbeddingServiceImpl.d.ts +11 -0
  84. package/dist/ai/service/EmbeddingServiceImpl.js +73 -0
  85. package/dist/ai/service/EmbeddingServiceImpl.js.map +1 -0
  86. package/dist/ai/service/ProviderRegistry.d.ts +26 -0
  87. package/dist/ai/service/ProviderRegistry.js +10 -0
  88. package/dist/ai/service/ProviderRegistry.js.map +1 -0
  89. package/dist/ai/service/ProviderRegistryImpl.d.ts +14 -0
  90. package/dist/ai/service/ProviderRegistryImpl.js +112 -0
  91. package/dist/ai/service/ProviderRegistryImpl.js.map +1 -0
  92. package/dist/ai/service/index.d.ts +10 -0
  93. package/dist/ai/service/index.js +29 -0
  94. package/dist/ai/service/index.js.map +1 -0
  95. package/dist/ai/service/types.d.ts +12 -0
  96. package/dist/ai/service/types.js +6 -0
  97. package/dist/ai/service/types.js.map +1 -0
  98. package/dist/api/ApiServer.d.ts +77 -0
  99. package/dist/api/ApiServer.js +191 -0
  100. package/dist/api/ApiServer.js.map +1 -0
  101. package/dist/api/auth/AuthContext.d.ts +41 -0
  102. package/dist/api/auth/AuthContext.js +44 -0
  103. package/dist/api/auth/AuthContext.js.map +1 -0
  104. package/dist/api/auth/Authenticator.d.ts +23 -0
  105. package/dist/api/auth/Authenticator.js +3 -0
  106. package/dist/api/auth/Authenticator.js.map +1 -0
  107. package/dist/api/auth/ClientCredentialsAuthenticator.d.ts +56 -0
  108. package/dist/api/auth/ClientCredentialsAuthenticator.js +191 -0
  109. package/dist/api/auth/ClientCredentialsAuthenticator.js.map +1 -0
  110. package/dist/api/auth/MultiAuthenticator.d.ts +15 -0
  111. package/dist/api/auth/MultiAuthenticator.js +36 -0
  112. package/dist/api/auth/MultiAuthenticator.js.map +1 -0
  113. package/dist/api/auth/NodeTokenAuthenticator.d.ts +21 -0
  114. package/dist/api/auth/NodeTokenAuthenticator.js +124 -0
  115. package/dist/api/auth/NodeTokenAuthenticator.js.map +1 -0
  116. package/dist/api/auth/SolidTokenAuthenticator.d.ts +27 -0
  117. package/dist/api/auth/SolidTokenAuthenticator.js +144 -0
  118. package/dist/api/auth/SolidTokenAuthenticator.js.map +1 -0
  119. package/dist/api/auth/index.d.ts +5 -0
  120. package/dist/api/auth/index.js +23 -0
  121. package/dist/api/auth/index.js.map +1 -0
  122. package/dist/api/chatkit/ai-provider.d.ts +44 -0
  123. package/dist/api/chatkit/ai-provider.js +157 -0
  124. package/dist/api/chatkit/ai-provider.js.map +1 -0
  125. package/dist/api/chatkit/index.d.ts +11 -0
  126. package/dist/api/chatkit/index.js +44 -0
  127. package/dist/api/chatkit/index.js.map +1 -0
  128. package/dist/api/chatkit/pod-store.d.ts +154 -0
  129. package/dist/api/chatkit/pod-store.js +794 -0
  130. package/dist/api/chatkit/pod-store.js.map +1 -0
  131. package/dist/api/chatkit/schema.d.ts +139 -0
  132. package/dist/api/chatkit/schema.js +168 -0
  133. package/dist/api/chatkit/schema.js.map +1 -0
  134. package/dist/api/chatkit/service.d.ts +143 -0
  135. package/dist/api/chatkit/service.js +442 -0
  136. package/dist/api/chatkit/service.js.map +1 -0
  137. package/dist/api/chatkit/store.d.ts +63 -0
  138. package/dist/api/chatkit/store.js +178 -0
  139. package/dist/api/chatkit/store.js.map +1 -0
  140. package/dist/api/chatkit/types.d.ts +461 -0
  141. package/dist/api/chatkit/types.js +50 -0
  142. package/dist/api/chatkit/types.js.map +1 -0
  143. package/dist/api/container/cloud.d.ts +12 -0
  144. package/dist/api/container/cloud.js +97 -0
  145. package/dist/api/container/cloud.js.map +1 -0
  146. package/dist/api/container/common.d.ts +11 -0
  147. package/dist/api/container/common.js +82 -0
  148. package/dist/api/container/common.js.map +1 -0
  149. package/dist/api/container/index.d.ts +16 -0
  150. package/dist/api/container/index.js +90 -0
  151. package/dist/api/container/index.js.map +1 -0
  152. package/dist/api/container/local.d.ts +13 -0
  153. package/dist/api/container/local.js +197 -0
  154. package/dist/api/container/local.js.map +1 -0
  155. package/dist/api/container/routes.d.ts +11 -0
  156. package/dist/api/container/routes.js +129 -0
  157. package/dist/api/container/routes.js.map +1 -0
  158. package/dist/api/container/types.d.ts +92 -0
  159. package/dist/api/container/types.js +8 -0
  160. package/dist/api/container/types.js.map +1 -0
  161. package/dist/api/handlers/AdminHandler.d.ts +6 -0
  162. package/dist/api/handlers/AdminHandler.js +330 -0
  163. package/dist/api/handlers/AdminHandler.js.map +1 -0
  164. package/dist/api/handlers/ApiKeyHandler.d.ts +15 -0
  165. package/dist/api/handlers/ApiKeyHandler.js +159 -0
  166. package/dist/api/handlers/ApiKeyHandler.js.map +1 -0
  167. package/dist/api/handlers/ChatHandler.d.ts +60 -0
  168. package/dist/api/handlers/ChatHandler.js +230 -0
  169. package/dist/api/handlers/ChatHandler.js.map +1 -0
  170. package/dist/api/handlers/ChatKitHandler.d.ts +18 -0
  171. package/dist/api/handlers/ChatKitHandler.js +151 -0
  172. package/dist/api/handlers/ChatKitHandler.js.map +1 -0
  173. package/dist/api/handlers/DashboardHandler.d.ts +14 -0
  174. package/dist/api/handlers/DashboardHandler.js +117 -0
  175. package/dist/api/handlers/DashboardHandler.js.map +1 -0
  176. package/dist/api/handlers/DdnsHandler.d.ts +19 -0
  177. package/dist/api/handlers/DdnsHandler.js +306 -0
  178. package/dist/api/handlers/DdnsHandler.js.map +1 -0
  179. package/dist/api/handlers/DevHandler.d.ts +18 -0
  180. package/dist/api/handlers/DevHandler.js +276 -0
  181. package/dist/api/handlers/DevHandler.js.map +1 -0
  182. package/dist/api/handlers/NodeHandler.d.ts +16 -0
  183. package/dist/api/handlers/NodeHandler.js +190 -0
  184. package/dist/api/handlers/NodeHandler.js.map +1 -0
  185. package/dist/api/handlers/PodManagementHandler.d.ts +39 -0
  186. package/dist/api/handlers/PodManagementHandler.js +294 -0
  187. package/dist/api/handlers/PodManagementHandler.js.map +1 -0
  188. package/dist/api/handlers/QuotaHandler.d.ts +21 -0
  189. package/dist/api/handlers/QuotaHandler.js +209 -0
  190. package/dist/api/handlers/QuotaHandler.js.map +1 -0
  191. package/dist/api/handlers/SignalHandler.d.ts +13 -0
  192. package/dist/api/handlers/SignalHandler.js +122 -0
  193. package/dist/api/handlers/SignalHandler.js.map +1 -0
  194. package/dist/api/handlers/SubdomainClientHandler.d.ts +24 -0
  195. package/dist/api/handlers/SubdomainClientHandler.js +169 -0
  196. package/dist/api/handlers/SubdomainClientHandler.js.map +1 -0
  197. package/dist/api/handlers/SubdomainHandler.d.ts +17 -0
  198. package/dist/api/handlers/SubdomainHandler.js +312 -0
  199. package/dist/api/handlers/SubdomainHandler.js.map +1 -0
  200. package/dist/api/handlers/VectorHandler.d.ts +15 -0
  201. package/dist/api/handlers/VectorHandler.js +293 -0
  202. package/dist/api/handlers/VectorHandler.js.map +1 -0
  203. package/dist/api/handlers/VectorStoreHandler.d.ts +20 -0
  204. package/dist/api/handlers/VectorStoreHandler.js +348 -0
  205. package/dist/api/handlers/VectorStoreHandler.js.map +1 -0
  206. package/dist/api/handlers/VectorStoreWebhookHandler.d.ts +74 -0
  207. package/dist/api/handlers/VectorStoreWebhookHandler.js +121 -0
  208. package/dist/api/handlers/VectorStoreWebhookHandler.js.map +1 -0
  209. package/dist/api/handlers/WebIdProfileHandler.d.ts +14 -0
  210. package/dist/api/handlers/WebIdProfileHandler.js +204 -0
  211. package/dist/api/handlers/WebIdProfileHandler.js.map +1 -0
  212. package/dist/api/handlers/index.d.ts +11 -0
  213. package/dist/api/handlers/index.js +28 -0
  214. package/dist/api/handlers/index.js.map +1 -0
  215. package/dist/api/index.d.ts +12 -0
  216. package/dist/api/index.js +29 -0
  217. package/dist/api/index.js.map +1 -0
  218. package/dist/api/main.d.ts +14 -0
  219. package/dist/api/main.js +106 -0
  220. package/dist/api/main.js.map +1 -0
  221. package/dist/api/middleware/AuthMiddleware.d.ts +35 -0
  222. package/dist/api/middleware/AuthMiddleware.js +51 -0
  223. package/dist/api/middleware/AuthMiddleware.js.map +1 -0
  224. package/dist/api/middleware/index.d.ts +1 -0
  225. package/dist/api/middleware/index.js +18 -0
  226. package/dist/api/middleware/index.js.map +1 -0
  227. package/dist/api/models/model-provider.schema.d.ts +12 -0
  228. package/dist/api/models/model-provider.schema.js +21 -0
  229. package/dist/api/models/model-provider.schema.js.map +1 -0
  230. package/dist/api/models/namespaces.d.ts +9 -0
  231. package/dist/api/models/namespaces.js +34 -0
  232. package/dist/api/models/namespaces.js.map +1 -0
  233. package/dist/api/service/InternalPodService.d.ts +19 -0
  234. package/dist/api/service/InternalPodService.js +82 -0
  235. package/dist/api/service/InternalPodService.js.map +1 -0
  236. package/dist/api/service/VectorService.d.ts +156 -0
  237. package/dist/api/service/VectorService.js +202 -0
  238. package/dist/api/service/VectorService.js.map +1 -0
  239. package/dist/api/service/VectorStoreService.d.ts +262 -0
  240. package/dist/api/service/VectorStoreService.js +985 -0
  241. package/dist/api/service/VectorStoreService.js.map +1 -0
  242. package/dist/api/service/VercelChatService.d.ts +28 -0
  243. package/dist/api/service/VercelChatService.js +289 -0
  244. package/dist/api/service/VercelChatService.js.map +1 -0
  245. package/dist/api/store/DrizzleClientCredentialsStore.d.ts +56 -0
  246. package/dist/api/store/DrizzleClientCredentialsStore.js +145 -0
  247. package/dist/api/store/DrizzleClientCredentialsStore.js.map +1 -0
  248. package/dist/api/store/index.d.ts +1 -0
  249. package/dist/api/store/index.js +18 -0
  250. package/dist/api/store/index.js.map +1 -0
  251. package/dist/components/components.jsonld +88 -0
  252. package/dist/components/context.jsonld +1962 -0
  253. package/dist/credential/index.d.ts +1 -0
  254. package/dist/credential/index.js +18 -0
  255. package/dist/credential/index.js.map +1 -0
  256. package/dist/credential/schema/index.d.ts +2 -0
  257. package/dist/credential/schema/index.js +19 -0
  258. package/dist/credential/schema/index.js.map +1 -0
  259. package/dist/credential/schema/tables.d.ts +31 -0
  260. package/dist/credential/schema/tables.js +42 -0
  261. package/dist/credential/schema/tables.js.map +1 -0
  262. package/dist/credential/schema/types.d.ts +20 -0
  263. package/dist/credential/schema/types.js +26 -0
  264. package/dist/credential/schema/types.js.map +1 -0
  265. package/dist/dns/DnsProvider.d.ts +46 -0
  266. package/dist/dns/DnsProvider.js +3 -0
  267. package/dist/dns/DnsProvider.js.map +1 -0
  268. package/dist/dns/DnsProvider.jsonld +161 -0
  269. package/dist/dns/cloudflare/CloudflareDnsProvider.d.ts +51 -0
  270. package/dist/dns/cloudflare/CloudflareDnsProvider.js +227 -0
  271. package/dist/dns/cloudflare/CloudflareDnsProvider.js.map +1 -0
  272. package/dist/dns/cloudflare/index.d.ts +1 -0
  273. package/dist/dns/cloudflare/index.js +18 -0
  274. package/dist/dns/cloudflare/index.js.map +1 -0
  275. package/dist/dns/tencent/TencentDnsProvider.d.ts +42 -0
  276. package/dist/dns/tencent/TencentDnsProvider.js +221 -0
  277. package/dist/dns/tencent/TencentDnsProvider.js.map +1 -0
  278. package/dist/dns/tencent/TencentDnsProvider.jsonld +239 -0
  279. package/dist/document/Chunker.d.ts +64 -0
  280. package/dist/document/Chunker.js +8 -0
  281. package/dist/document/Chunker.js.map +1 -0
  282. package/dist/document/DocumentParser.d.ts +58 -0
  283. package/dist/document/DocumentParser.js +8 -0
  284. package/dist/document/DocumentParser.js.map +1 -0
  285. package/dist/document/HeadingChunker.d.ts +34 -0
  286. package/dist/document/HeadingChunker.js +182 -0
  287. package/dist/document/HeadingChunker.js.map +1 -0
  288. package/dist/document/JinaDocumentParser.d.ts +40 -0
  289. package/dist/document/JinaDocumentParser.js +129 -0
  290. package/dist/document/JinaDocumentParser.js.map +1 -0
  291. package/dist/document/index.d.ts +7 -0
  292. package/dist/document/index.js +26 -0
  293. package/dist/document/index.js.map +1 -0
  294. package/dist/edge/DdnsManager.d.ts +53 -0
  295. package/dist/edge/DdnsManager.js +153 -0
  296. package/dist/edge/DdnsManager.js.map +1 -0
  297. package/dist/edge/Dns01CertificateProvisioner.d.ts +27 -0
  298. package/dist/edge/Dns01CertificateProvisioner.js +160 -0
  299. package/dist/edge/Dns01CertificateProvisioner.js.map +1 -0
  300. package/dist/edge/Dns01CertificateProvisioner.jsonld +148 -0
  301. package/dist/edge/EdgeNodeAgent.d.ts +56 -0
  302. package/dist/edge/EdgeNodeAgent.js +230 -0
  303. package/dist/edge/EdgeNodeAgent.js.map +1 -0
  304. package/dist/edge/EdgeNodeAgent.jsonld +89 -0
  305. package/dist/edge/EdgeNodeAgentInitializer.d.ts +25 -0
  306. package/dist/edge/EdgeNodeAgentInitializer.js +64 -0
  307. package/dist/edge/EdgeNodeAgentInitializer.js.map +1 -0
  308. package/dist/edge/EdgeNodeCapabilityDetector.d.ts +98 -0
  309. package/dist/edge/EdgeNodeCapabilityDetector.js +425 -0
  310. package/dist/edge/EdgeNodeCapabilityDetector.js.map +1 -0
  311. package/dist/edge/EdgeNodeCertificateProvisioner.d.ts +3 -0
  312. package/dist/edge/EdgeNodeCertificateProvisioner.js +3 -0
  313. package/dist/edge/EdgeNodeCertificateProvisioner.js.map +1 -0
  314. package/dist/edge/EdgeNodeCertificateProvisioner.jsonld +21 -0
  315. package/dist/edge/EdgeNodeDnsCoordinator.d.ts +38 -0
  316. package/dist/edge/EdgeNodeDnsCoordinator.js +201 -0
  317. package/dist/edge/EdgeNodeDnsCoordinator.js.map +1 -0
  318. package/dist/edge/EdgeNodeDnsCoordinator.jsonld +212 -0
  319. package/dist/edge/EdgeNodeHealthProbeService.d.ts +25 -0
  320. package/dist/edge/EdgeNodeHealthProbeService.js +208 -0
  321. package/dist/edge/EdgeNodeHealthProbeService.js.map +1 -0
  322. package/dist/edge/EdgeNodeHealthProbeService.jsonld +176 -0
  323. package/dist/edge/EdgeNodeModeDetector.d.ts +50 -0
  324. package/dist/edge/EdgeNodeModeDetector.js +194 -0
  325. package/dist/edge/EdgeNodeModeDetector.js.map +1 -0
  326. package/dist/edge/EdgeNodeModeDetector.jsonld +114 -0
  327. package/dist/edge/EdgeNodeTunnelManager.d.ts +23 -0
  328. package/dist/edge/EdgeNodeTunnelManager.js +99 -0
  329. package/dist/edge/EdgeNodeTunnelManager.js.map +1 -0
  330. package/dist/edge/EdgeNodeTunnelManager.jsonld +128 -0
  331. package/dist/edge/FrpTunnelManager.d.ts +30 -0
  332. package/dist/edge/FrpTunnelManager.js +151 -0
  333. package/dist/edge/FrpTunnelManager.js.map +1 -0
  334. package/dist/edge/FrpTunnelManager.jsonld +192 -0
  335. package/dist/edge/LocalNetworkManager.d.ts +41 -0
  336. package/dist/edge/LocalNetworkManager.js +115 -0
  337. package/dist/edge/LocalNetworkManager.js.map +1 -0
  338. package/dist/edge/acme/AcmeCertificateManager.d.ts +65 -0
  339. package/dist/edge/acme/AcmeCertificateManager.js +233 -0
  340. package/dist/edge/acme/AcmeCertificateManager.js.map +1 -0
  341. package/dist/edge/acme/AcmeCertificateManager.jsonld +373 -0
  342. package/dist/edge/acme/ClusterCertificateManager.d.ts +40 -0
  343. package/dist/edge/acme/ClusterCertificateManager.js +184 -0
  344. package/dist/edge/acme/ClusterCertificateManager.js.map +1 -0
  345. package/dist/edge/acme/DnsChallengeClient.d.ts +15 -0
  346. package/dist/edge/acme/DnsChallengeClient.js +40 -0
  347. package/dist/edge/acme/DnsChallengeClient.js.map +1 -0
  348. package/dist/edge/acme/utils.d.ts +4 -0
  349. package/dist/edge/acme/utils.js +17 -0
  350. package/dist/edge/acme/utils.js.map +1 -0
  351. package/dist/edge/frp/FrpRelay.d.ts +11 -0
  352. package/dist/edge/frp/FrpRelay.js +29 -0
  353. package/dist/edge/frp/FrpRelay.js.map +1 -0
  354. package/dist/edge/frp/FrpcProcessManager.d.ts +51 -0
  355. package/dist/edge/frp/FrpcProcessManager.js +174 -0
  356. package/dist/edge/frp/FrpcProcessManager.js.map +1 -0
  357. package/dist/edge/interfaces/EdgeNodeTunnelManager.d.ts +6 -0
  358. package/dist/edge/interfaces/EdgeNodeTunnelManager.js +3 -0
  359. package/dist/edge/interfaces/EdgeNodeTunnelManager.js.map +1 -0
  360. package/dist/edge/interfaces/EdgeNodeTunnelManager.jsonld +21 -0
  361. package/dist/embedding/CredentialReader.d.ts +7 -0
  362. package/dist/embedding/CredentialReader.js +10 -0
  363. package/dist/embedding/CredentialReader.js.map +1 -0
  364. package/dist/embedding/CredentialReader.jsonld +22 -0
  365. package/dist/embedding/CredentialReaderImpl.d.ts +6 -0
  366. package/dist/embedding/CredentialReaderImpl.js +55 -0
  367. package/dist/embedding/CredentialReaderImpl.js.map +1 -0
  368. package/dist/embedding/CredentialReaderImpl.jsonld +31 -0
  369. package/dist/embedding/EmbeddingService.d.ts +8 -0
  370. package/dist/embedding/EmbeddingService.js +10 -0
  371. package/dist/embedding/EmbeddingService.js.map +1 -0
  372. package/dist/embedding/EmbeddingService.jsonld +26 -0
  373. package/dist/embedding/EmbeddingServiceImpl.d.ts +11 -0
  374. package/dist/embedding/EmbeddingServiceImpl.js +73 -0
  375. package/dist/embedding/EmbeddingServiceImpl.js.map +1 -0
  376. package/dist/embedding/EmbeddingServiceImpl.jsonld +53 -0
  377. package/dist/embedding/ProviderRegistry.d.ts +26 -0
  378. package/dist/embedding/ProviderRegistry.js +10 -0
  379. package/dist/embedding/ProviderRegistry.js.map +1 -0
  380. package/dist/embedding/ProviderRegistry.jsonld +30 -0
  381. package/dist/embedding/ProviderRegistryImpl.d.ts +14 -0
  382. package/dist/embedding/ProviderRegistryImpl.js +112 -0
  383. package/dist/embedding/ProviderRegistryImpl.js.map +1 -0
  384. package/dist/embedding/ProviderRegistryImpl.jsonld +40 -0
  385. package/dist/embedding/index.d.ts +5 -0
  386. package/dist/embedding/index.js +22 -0
  387. package/dist/embedding/index.js.map +1 -0
  388. package/dist/embedding/schema/index.d.ts +1 -0
  389. package/dist/embedding/schema/index.js +18 -0
  390. package/dist/embedding/schema/index.js.map +1 -0
  391. package/dist/embedding/schema/tables.d.ts +70 -0
  392. package/dist/embedding/schema/tables.js +102 -0
  393. package/dist/embedding/schema/tables.js.map +1 -0
  394. package/dist/embedding/types.d.ts +12 -0
  395. package/dist/embedding/types.js +6 -0
  396. package/dist/embedding/types.js.map +1 -0
  397. package/dist/gateway/port-finder.d.ts +4 -0
  398. package/dist/gateway/port-finder.js +15 -0
  399. package/dist/gateway/port-finder.js.map +1 -0
  400. package/dist/gateway/proxy.d.ts +22 -0
  401. package/dist/gateway/proxy.js +149 -0
  402. package/dist/gateway/proxy.js.map +1 -0
  403. package/dist/gateway/supervisor.d.ts +2 -0
  404. package/dist/gateway/supervisor.js +7 -0
  405. package/dist/gateway/supervisor.js.map +1 -0
  406. package/dist/gateway/types.d.ts +1 -0
  407. package/dist/gateway/types.js +3 -0
  408. package/dist/gateway/types.js.map +1 -0
  409. package/dist/http/AppStaticAssetHandler.d.ts +8 -0
  410. package/dist/http/AppStaticAssetHandler.js +27 -0
  411. package/dist/http/AppStaticAssetHandler.js.map +1 -0
  412. package/dist/http/AppStaticAssetHandler.jsonld +26 -0
  413. package/dist/http/ClusterIngressRouter.d.ts +93 -0
  414. package/dist/http/ClusterIngressRouter.js +355 -0
  415. package/dist/http/ClusterIngressRouter.js.map +1 -0
  416. package/dist/http/ClusterIngressRouter.jsonld +227 -0
  417. package/dist/http/ClusterWebSocketConfigurator.d.ts +59 -0
  418. package/dist/http/ClusterWebSocketConfigurator.js +226 -0
  419. package/dist/http/ClusterWebSocketConfigurator.js.map +1 -0
  420. package/dist/http/ClusterWebSocketConfigurator.jsonld +145 -0
  421. package/dist/http/EdgeNodeDirectDebugHttpHandler.d.ts +25 -0
  422. package/dist/http/EdgeNodeDirectDebugHttpHandler.js +126 -0
  423. package/dist/http/EdgeNodeDirectDebugHttpHandler.js.map +1 -0
  424. package/dist/http/EdgeNodeDirectDebugHttpHandler.jsonld +151 -0
  425. package/dist/http/EdgeNodeProxyHttpHandler.d.ts +28 -0
  426. package/dist/http/EdgeNodeProxyHttpHandler.js +190 -0
  427. package/dist/http/EdgeNodeProxyHttpHandler.js.map +1 -0
  428. package/dist/http/EdgeNodeProxyHttpHandler.jsonld +162 -0
  429. package/dist/http/PodRoutingHttpHandler.d.ts +64 -0
  430. package/dist/http/PodRoutingHttpHandler.js +233 -0
  431. package/dist/http/PodRoutingHttpHandler.js.map +1 -0
  432. package/dist/http/PodRoutingHttpHandler.jsonld +171 -0
  433. package/dist/http/RequestIdHttpHandler.d.ts +15 -0
  434. package/dist/http/RequestIdHttpHandler.js +59 -0
  435. package/dist/http/RequestIdHttpHandler.js.map +1 -0
  436. package/dist/http/RouterHttpHandler.d.ts +21 -0
  437. package/dist/http/RouterHttpHandler.js +49 -0
  438. package/dist/http/RouterHttpHandler.js.map +1 -0
  439. package/dist/http/RouterHttpHandler.jsonld +80 -0
  440. package/dist/http/RouterHttpRoute.d.ts +6 -0
  441. package/dist/http/RouterHttpRoute.js +11 -0
  442. package/dist/http/RouterHttpRoute.js.map +1 -0
  443. package/dist/http/RouterHttpRoute.jsonld +48 -0
  444. package/dist/http/SignalInterceptHttpHandler.d.ts +24 -0
  445. package/dist/http/SignalInterceptHttpHandler.js +47 -0
  446. package/dist/http/SignalInterceptHttpHandler.js.map +1 -0
  447. package/dist/http/SignalInterceptHttpHandler.jsonld +103 -0
  448. package/dist/http/SubgraphSparqlHttpHandler.d.ts +70 -0
  449. package/dist/http/SubgraphSparqlHttpHandler.js +640 -0
  450. package/dist/http/SubgraphSparqlHttpHandler.js.map +1 -0
  451. package/dist/http/SubgraphSparqlHttpHandler.jsonld +363 -0
  452. package/dist/http/TracingHandler.d.ts +19 -0
  453. package/dist/http/TracingHandler.js +60 -0
  454. package/dist/http/TracingHandler.js.map +1 -0
  455. package/dist/http/TracingHandler.jsonld +37 -0
  456. package/dist/http/admin/EdgeNodeAdminHttpHandler.d.ts +45 -0
  457. package/dist/http/admin/EdgeNodeAdminHttpHandler.js +292 -0
  458. package/dist/http/admin/EdgeNodeAdminHttpHandler.js.map +1 -0
  459. package/dist/http/admin/EdgeNodeCertificateHttpHandler.d.ts +33 -0
  460. package/dist/http/admin/EdgeNodeCertificateHttpHandler.js +172 -0
  461. package/dist/http/admin/EdgeNodeCertificateHttpHandler.js.map +1 -0
  462. package/dist/http/admin/EdgeNodeCertificateHttpHandler.jsonld +182 -0
  463. package/dist/http/admin/EdgeNodeSignalHttpHandler.d.ts +71 -0
  464. package/dist/http/admin/EdgeNodeSignalHttpHandler.js +674 -0
  465. package/dist/http/admin/EdgeNodeSignalHttpHandler.js.map +1 -0
  466. package/dist/http/admin/EdgeNodeSignalHttpHandler.jsonld +406 -0
  467. package/dist/http/cluster/PodMigrationHttpHandler.d.ts +52 -0
  468. package/dist/http/cluster/PodMigrationHttpHandler.js +208 -0
  469. package/dist/http/cluster/PodMigrationHttpHandler.js.map +1 -0
  470. package/dist/http/cluster/PodMigrationHttpHandler.jsonld +169 -0
  471. package/dist/http/quota/QuotaAdminHttpHandler.d.ts +34 -0
  472. package/dist/http/quota/QuotaAdminHttpHandler.js +241 -0
  473. package/dist/http/quota/QuotaAdminHttpHandler.js.map +1 -0
  474. package/dist/http/quota/QuotaAdminHttpHandler.jsonld +171 -0
  475. package/dist/http/search/SearchHttpHandler.d.ts +59 -0
  476. package/dist/http/search/SearchHttpHandler.js +312 -0
  477. package/dist/http/search/SearchHttpHandler.js.map +1 -0
  478. package/dist/http/search/index.d.ts +1 -0
  479. package/dist/http/search/index.js +18 -0
  480. package/dist/http/search/index.js.map +1 -0
  481. package/dist/http/terminal/TerminalHttpHandler.d.ts +45 -0
  482. package/dist/http/terminal/TerminalHttpHandler.js +306 -0
  483. package/dist/http/terminal/TerminalHttpHandler.js.map +1 -0
  484. package/dist/http/terminal/TerminalHttpHandler.jsonld +232 -0
  485. package/dist/http/terminal/index.d.ts +1 -0
  486. package/dist/http/terminal/index.js +18 -0
  487. package/dist/http/terminal/index.js.map +1 -0
  488. package/dist/http/vector/VectorHttpHandler.d.ts +42 -0
  489. package/dist/http/vector/VectorHttpHandler.js +301 -0
  490. package/dist/http/vector/VectorHttpHandler.js.map +1 -0
  491. package/dist/http/vector/VectorHttpHandler.jsonld +157 -0
  492. package/dist/http/vector/index.d.ts +1 -0
  493. package/dist/http/vector/index.js +18 -0
  494. package/dist/http/vector/index.js.map +1 -0
  495. package/dist/ice/IceServerProvider.d.ts +85 -0
  496. package/dist/ice/IceServerProvider.js +122 -0
  497. package/dist/ice/IceServerProvider.js.map +1 -0
  498. package/dist/ice/index.d.ts +8 -0
  499. package/dist/ice/index.js +25 -0
  500. package/dist/ice/index.js.map +1 -0
  501. package/dist/identity/CenterNodeRegistrationService.d.ts +102 -0
  502. package/dist/identity/CenterNodeRegistrationService.js +266 -0
  503. package/dist/identity/CenterNodeRegistrationService.js.map +1 -0
  504. package/dist/identity/CenterNodeRegistrationService.jsonld +251 -0
  505. package/dist/identity/ReactAppViewHandler.d.ts +31 -0
  506. package/dist/identity/ReactAppViewHandler.js +79 -0
  507. package/dist/identity/ReactAppViewHandler.js.map +1 -0
  508. package/dist/identity/ReactAppViewHandler.jsonld +99 -0
  509. package/dist/identity/drizzle/AccountRepository.d.ts +31 -0
  510. package/dist/identity/drizzle/AccountRepository.js +130 -0
  511. package/dist/identity/drizzle/AccountRepository.js.map +1 -0
  512. package/dist/identity/drizzle/AccountRoleRepository.d.ts +23 -0
  513. package/dist/identity/drizzle/AccountRoleRepository.js +233 -0
  514. package/dist/identity/drizzle/AccountRoleRepository.js.map +1 -0
  515. package/dist/identity/drizzle/DdnsRepository.d.ts +87 -0
  516. package/dist/identity/drizzle/DdnsRepository.js +284 -0
  517. package/dist/identity/drizzle/DdnsRepository.js.map +1 -0
  518. package/dist/identity/drizzle/DrizzleIndexedStorage.d.ts +26 -0
  519. package/dist/identity/drizzle/DrizzleIndexedStorage.js +159 -0
  520. package/dist/identity/drizzle/DrizzleIndexedStorage.js.map +1 -0
  521. package/dist/identity/drizzle/DrizzleIndexedStorage.jsonld +130 -0
  522. package/dist/identity/drizzle/EdgeNodeRepository.d.ts +155 -0
  523. package/dist/identity/drizzle/EdgeNodeRepository.js +555 -0
  524. package/dist/identity/drizzle/EdgeNodeRepository.js.map +1 -0
  525. package/dist/identity/drizzle/PodLookupRepository.d.ts +59 -0
  526. package/dist/identity/drizzle/PodLookupRepository.js +153 -0
  527. package/dist/identity/drizzle/PodLookupRepository.js.map +1 -0
  528. package/dist/identity/drizzle/WebIdProfileRepository.d.ts +58 -0
  529. package/dist/identity/drizzle/WebIdProfileRepository.js +157 -0
  530. package/dist/identity/drizzle/WebIdProfileRepository.js.map +1 -0
  531. package/dist/identity/drizzle/db.d.ts +60 -0
  532. package/dist/identity/drizzle/db.js +269 -0
  533. package/dist/identity/drizzle/db.js.map +1 -0
  534. package/dist/identity/drizzle/schema.d.ts +1 -0
  535. package/dist/identity/drizzle/schema.js +20 -0
  536. package/dist/identity/drizzle/schema.js.map +1 -0
  537. package/dist/identity/drizzle/schema.pg.d.ts +20 -0
  538. package/dist/identity/drizzle/schema.pg.js +103 -0
  539. package/dist/identity/drizzle/schema.pg.js.map +1 -0
  540. package/dist/identity/drizzle/schema.sqlite.d.ts +872 -0
  541. package/dist/identity/drizzle/schema.sqlite.js +100 -0
  542. package/dist/identity/drizzle/schema.sqlite.js.map +1 -0
  543. package/dist/identity/oidc/AutoDetectIdentityProviderHandler.d.ts +43 -0
  544. package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js +92 -0
  545. package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js.map +1 -0
  546. package/dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld +122 -0
  547. package/dist/identity/oidc/AutoDetectOidcHandler.d.ts +55 -0
  548. package/dist/identity/oidc/AutoDetectOidcHandler.js +137 -0
  549. package/dist/identity/oidc/AutoDetectOidcHandler.js.map +1 -0
  550. package/dist/identity/oidc/AutoDetectOidcHandler.jsonld +138 -0
  551. package/dist/identity/oidc/DisabledIdentityProviderHandler.d.ts +51 -0
  552. package/dist/identity/oidc/DisabledIdentityProviderHandler.js +104 -0
  553. package/dist/identity/oidc/DisabledIdentityProviderHandler.js.map +1 -0
  554. package/dist/identity/oidc/DisabledIdentityProviderHandler.jsonld +111 -0
  555. package/dist/identity/oidc/DisabledOidcHandler.d.ts +55 -0
  556. package/dist/identity/oidc/DisabledOidcHandler.js +132 -0
  557. package/dist/identity/oidc/DisabledOidcHandler.js.map +1 -0
  558. package/dist/identity/oidc/DisabledOidcHandler.jsonld +157 -0
  559. package/dist/index.d.ts +80 -0
  560. package/dist/index.js +155 -0
  561. package/dist/index.js.map +1 -0
  562. package/dist/legacy/DrizzleClientCredentialsStore.d.ts +51 -0
  563. package/dist/legacy/DrizzleClientCredentialsStore.js +142 -0
  564. package/dist/legacy/DrizzleClientCredentialsStore.js.map +1 -0
  565. package/dist/legacy/DrizzleIndexedStorage.d.ts +26 -0
  566. package/dist/legacy/DrizzleIndexedStorage.js +159 -0
  567. package/dist/legacy/DrizzleIndexedStorage.js.map +1 -0
  568. package/dist/legacy/DrizzleQuotaService.d.ts +16 -0
  569. package/dist/legacy/DrizzleQuotaService.js +37 -0
  570. package/dist/legacy/DrizzleQuotaService.js.map +1 -0
  571. package/dist/libs/backends/index.d.ts +6 -0
  572. package/dist/libs/backends/index.js +31 -0
  573. package/dist/libs/backends/index.js.map +1 -0
  574. package/dist/libs/backends/sqlup.d.ts +44 -0
  575. package/dist/libs/backends/sqlup.js +437 -0
  576. package/dist/libs/backends/sqlup.js.map +1 -0
  577. package/dist/logging/ConfigurableLoggerFactory.d.ts +24 -0
  578. package/dist/logging/ConfigurableLoggerFactory.js +77 -0
  579. package/dist/logging/ConfigurableLoggerFactory.js.map +1 -0
  580. package/dist/logging/ConfigurableLoggerFactory.jsonld +169 -0
  581. package/dist/logging/LogContext.d.ts +5 -0
  582. package/dist/logging/LogContext.js +6 -0
  583. package/dist/logging/LogContext.js.map +1 -0
  584. package/dist/main.d.ts +2 -0
  585. package/dist/main.js +148 -0
  586. package/dist/main.js.map +1 -0
  587. package/dist/network/LocalNetworkDetector.d.ts +65 -0
  588. package/dist/network/LocalNetworkDetector.js +185 -0
  589. package/dist/network/LocalNetworkDetector.js.map +1 -0
  590. package/dist/network/index.d.ts +4 -0
  591. package/dist/network/index.js +21 -0
  592. package/dist/network/index.js.map +1 -0
  593. package/dist/pods/ReservedSuffixIdentifierGenerator.d.ts +13 -0
  594. package/dist/pods/ReservedSuffixIdentifierGenerator.js +26 -0
  595. package/dist/pods/ReservedSuffixIdentifierGenerator.js.map +1 -0
  596. package/dist/pods/ReservedSuffixIdentifierGenerator.jsonld +75 -0
  597. package/dist/quota/DefaultQuotaService.d.ts +16 -0
  598. package/dist/quota/DefaultQuotaService.js +37 -0
  599. package/dist/quota/DefaultQuotaService.js.map +1 -0
  600. package/dist/quota/DefaultQuotaService.jsonld +85 -0
  601. package/dist/quota/DrizzleQuotaService.d.ts +16 -0
  602. package/dist/quota/DrizzleQuotaService.js +37 -0
  603. package/dist/quota/DrizzleQuotaService.js.map +1 -0
  604. package/dist/quota/DrizzleQuotaService.jsonld +87 -0
  605. package/dist/quota/NoopQuotaService.d.ts +7 -0
  606. package/dist/quota/NoopQuotaService.js +15 -0
  607. package/dist/quota/NoopQuotaService.js.map +1 -0
  608. package/dist/quota/NoopQuotaService.jsonld +36 -0
  609. package/dist/quota/QuotaService.d.ts +6 -0
  610. package/dist/quota/QuotaService.js +3 -0
  611. package/dist/quota/QuotaService.js.map +1 -0
  612. package/dist/quota/QuotaService.jsonld +33 -0
  613. package/dist/sdk/SignalingClientAdapter.d.ts +38 -0
  614. package/dist/sdk/SignalingClientAdapter.js +99 -0
  615. package/dist/sdk/SignalingClientAdapter.js.map +1 -0
  616. package/dist/sdk/createFetch.d.ts +23 -0
  617. package/dist/sdk/createFetch.js +258 -0
  618. package/dist/sdk/createFetch.js.map +1 -0
  619. package/dist/sdk/index.d.ts +29 -0
  620. package/dist/sdk/index.js +34 -0
  621. package/dist/sdk/index.js.map +1 -0
  622. package/dist/sdk/xpodFetch.d.ts +112 -0
  623. package/dist/sdk/xpodFetch.js +251 -0
  624. package/dist/sdk/xpodFetch.js.map +1 -0
  625. package/dist/service/EdgeNodeCertificateService.d.ts +45 -0
  626. package/dist/service/EdgeNodeCertificateService.js +164 -0
  627. package/dist/service/EdgeNodeCertificateService.js.map +1 -0
  628. package/dist/service/EdgeNodeCertificateService.jsonld +216 -0
  629. package/dist/service/EdgeNodeHeartbeatService.d.ts +68 -0
  630. package/dist/service/EdgeNodeHeartbeatService.js +262 -0
  631. package/dist/service/EdgeNodeHeartbeatService.js.map +1 -0
  632. package/dist/service/PodMigrationService.d.ts +43 -0
  633. package/dist/service/PodMigrationService.js +72 -0
  634. package/dist/service/PodMigrationService.js.map +1 -0
  635. package/dist/service/PodMigrationService.jsonld +76 -0
  636. package/dist/signaling/SignalingClient.d.ts +142 -0
  637. package/dist/signaling/SignalingClient.js +305 -0
  638. package/dist/signaling/SignalingClient.js.map +1 -0
  639. package/dist/signaling/SignalingService.d.ts +104 -0
  640. package/dist/signaling/SignalingService.js +440 -0
  641. package/dist/signaling/SignalingService.js.map +1 -0
  642. package/dist/signaling/index.d.ts +11 -0
  643. package/dist/signaling/index.js +28 -0
  644. package/dist/signaling/index.js.map +1 -0
  645. package/dist/signaling/types.d.ts +237 -0
  646. package/dist/signaling/types.js +18 -0
  647. package/dist/signaling/types.js.map +1 -0
  648. package/dist/storage/DrizzleCompat.d.ts +15 -0
  649. package/dist/storage/DrizzleCompat.js +60 -0
  650. package/dist/storage/DrizzleCompat.js.map +1 -0
  651. package/dist/storage/LockingResourceStore.d.ts +8 -0
  652. package/dist/storage/LockingResourceStore.js +68 -0
  653. package/dist/storage/LockingResourceStore.js.map +1 -0
  654. package/dist/storage/MigratableDataAccessor.d.ts +63 -0
  655. package/dist/storage/MigratableDataAccessor.js +11 -0
  656. package/dist/storage/MigratableDataAccessor.js.map +1 -0
  657. package/dist/storage/MigratableDataAccessor.jsonld +60 -0
  658. package/dist/storage/ObservableResourceStore.d.ts +89 -0
  659. package/dist/storage/ObservableResourceStore.js +125 -0
  660. package/dist/storage/ObservableResourceStore.js.map +1 -0
  661. package/dist/storage/RepresentationPartialConvertingStore.d.ts +22 -0
  662. package/dist/storage/RepresentationPartialConvertingStore.js +94 -0
  663. package/dist/storage/RepresentationPartialConvertingStore.js.map +1 -0
  664. package/dist/storage/RepresentationPartialConvertingStore.jsonld +332 -0
  665. package/dist/storage/SparqlUpdateResourceStore.d.ts +30 -0
  666. package/dist/storage/SparqlUpdateResourceStore.js +292 -0
  667. package/dist/storage/SparqlUpdateResourceStore.js.map +1 -0
  668. package/dist/storage/SparqlUpdateResourceStore.jsonld +112 -0
  669. package/dist/storage/SqliteCompat.d.ts +60 -0
  670. package/dist/storage/SqliteCompat.js +158 -0
  671. package/dist/storage/SqliteCompat.js.map +1 -0
  672. package/dist/storage/accessors/MinioDataAccessor.d.ts +127 -0
  673. package/dist/storage/accessors/MinioDataAccessor.js +249 -0
  674. package/dist/storage/accessors/MinioDataAccessor.js.map +1 -0
  675. package/dist/storage/accessors/MinioDataAccessor.jsonld +138 -0
  676. package/dist/storage/accessors/MixDataAccessor.d.ts +43 -0
  677. package/dist/storage/accessors/MixDataAccessor.js +130 -0
  678. package/dist/storage/accessors/MixDataAccessor.js.map +1 -0
  679. package/dist/storage/accessors/MixDataAccessor.jsonld +101 -0
  680. package/dist/storage/accessors/QuadstoreSparqlDataAccessor.d.ts +146 -0
  681. package/dist/storage/accessors/QuadstoreSparqlDataAccessor.js +415 -0
  682. package/dist/storage/accessors/QuadstoreSparqlDataAccessor.js.map +1 -0
  683. package/dist/storage/accessors/QuadstoreSparqlDataAccessor.jsonld +180 -0
  684. package/dist/storage/accessors/QuintStoreSparqlDataAccessor.d.ts +95 -0
  685. package/dist/storage/accessors/QuintStoreSparqlDataAccessor.js +376 -0
  686. package/dist/storage/accessors/QuintStoreSparqlDataAccessor.js.map +1 -0
  687. package/dist/storage/accessors/QuintStoreSparqlDataAccessor.jsonld +168 -0
  688. package/dist/storage/accessors/TieredMinioDataAccessor.d.ts +150 -0
  689. package/dist/storage/accessors/TieredMinioDataAccessor.js +582 -0
  690. package/dist/storage/accessors/TieredMinioDataAccessor.js.map +1 -0
  691. package/dist/storage/accessors/TieredMinioDataAccessor.jsonld +333 -0
  692. package/dist/storage/database/PostgresPoolManager.d.ts +56 -0
  693. package/dist/storage/database/PostgresPoolManager.js +117 -0
  694. package/dist/storage/database/PostgresPoolManager.js.map +1 -0
  695. package/dist/storage/keyvalue/PostgresKeyValueStorage.d.ts +34 -0
  696. package/dist/storage/keyvalue/PostgresKeyValueStorage.js +146 -0
  697. package/dist/storage/keyvalue/PostgresKeyValueStorage.js.map +1 -0
  698. package/dist/storage/keyvalue/PostgresKeyValueStorage.jsonld +192 -0
  699. package/dist/storage/keyvalue/RedisKeyValueStorage.d.ts +30 -0
  700. package/dist/storage/keyvalue/RedisKeyValueStorage.js +133 -0
  701. package/dist/storage/keyvalue/RedisKeyValueStorage.js.map +1 -0
  702. package/dist/storage/keyvalue/RedisKeyValueStorage.jsonld +237 -0
  703. package/dist/storage/keyvalue/SqliteKeyValueStorage.d.ts +30 -0
  704. package/dist/storage/keyvalue/SqliteKeyValueStorage.js +164 -0
  705. package/dist/storage/keyvalue/SqliteKeyValueStorage.js.map +1 -0
  706. package/dist/storage/keyvalue/SqliteKeyValueStorage.jsonld +167 -0
  707. package/dist/storage/quint/BaseQuintStore.d.ts +80 -0
  708. package/dist/storage/quint/BaseQuintStore.js +535 -0
  709. package/dist/storage/quint/BaseQuintStore.js.map +1 -0
  710. package/dist/storage/quint/BaseQuintStore.jsonld +175 -0
  711. package/dist/storage/quint/PgQuintStore.d.ts +61 -0
  712. package/dist/storage/quint/PgQuintStore.drizzle.d.ts +45 -0
  713. package/dist/storage/quint/PgQuintStore.drizzle.js +327 -0
  714. package/dist/storage/quint/PgQuintStore.drizzle.js.map +1 -0
  715. package/dist/storage/quint/PgQuintStore.js +275 -0
  716. package/dist/storage/quint/PgQuintStore.js.map +1 -0
  717. package/dist/storage/quint/PgQuintStore.jsonld +258 -0
  718. package/dist/storage/quint/SqliteQuintStore.d.ts +55 -0
  719. package/dist/storage/quint/SqliteQuintStore.js +630 -0
  720. package/dist/storage/quint/SqliteQuintStore.js.map +1 -0
  721. package/dist/storage/quint/SqliteQuintStore.jsonld +157 -0
  722. package/dist/storage/quint/index.d.ts +11 -0
  723. package/dist/storage/quint/index.js +30 -0
  724. package/dist/storage/quint/index.js.map +1 -0
  725. package/dist/storage/quint/schema.d.ts +82 -0
  726. package/dist/storage/quint/schema.js +33 -0
  727. package/dist/storage/quint/schema.js.map +1 -0
  728. package/dist/storage/quint/serialization.d.ts +56 -0
  729. package/dist/storage/quint/serialization.js +198 -0
  730. package/dist/storage/quint/serialization.js.map +1 -0
  731. package/dist/storage/quint/types.d.ts +152 -0
  732. package/dist/storage/quint/types.js +27 -0
  733. package/dist/storage/quint/types.js.map +1 -0
  734. package/dist/storage/quint/types.jsonld +78 -0
  735. package/dist/storage/quota/PerAccountQuotaStrategy.d.ts +19 -0
  736. package/dist/storage/quota/PerAccountQuotaStrategy.js +63 -0
  737. package/dist/storage/quota/PerAccountQuotaStrategy.js.map +1 -0
  738. package/dist/storage/quota/PerAccountQuotaStrategy.jsonld +113 -0
  739. package/dist/storage/quota/UsageRepository.d.ts +46 -0
  740. package/dist/storage/quota/UsageRepository.js +278 -0
  741. package/dist/storage/quota/UsageRepository.js.map +1 -0
  742. package/dist/storage/quota/UsageTrackingStore.d.ts +37 -0
  743. package/dist/storage/quota/UsageTrackingStore.js +355 -0
  744. package/dist/storage/quota/UsageTrackingStore.js.map +1 -0
  745. package/dist/storage/quota/UsageTrackingStore.jsonld +193 -0
  746. package/dist/storage/sparql/AlgebraUtils.d.ts +48 -0
  747. package/dist/storage/sparql/AlgebraUtils.js +118 -0
  748. package/dist/storage/sparql/AlgebraUtils.js.map +1 -0
  749. package/dist/storage/sparql/ComunicaOptimizedEngine.d.ts +59 -0
  750. package/dist/storage/sparql/ComunicaOptimizedEngine.js +254 -0
  751. package/dist/storage/sparql/ComunicaOptimizedEngine.js.map +1 -0
  752. package/dist/storage/sparql/ComunicaQuintEngine.d.ts +134 -0
  753. package/dist/storage/sparql/ComunicaQuintEngine.js +727 -0
  754. package/dist/storage/sparql/ComunicaQuintEngine.js.map +1 -0
  755. package/dist/storage/sparql/ExpressionEvaluator.d.ts +54 -0
  756. package/dist/storage/sparql/ExpressionEvaluator.js +340 -0
  757. package/dist/storage/sparql/ExpressionEvaluator.js.map +1 -0
  758. package/dist/storage/sparql/FilterPushdownExtractor.d.ts +74 -0
  759. package/dist/storage/sparql/FilterPushdownExtractor.js +409 -0
  760. package/dist/storage/sparql/FilterPushdownExtractor.js.map +1 -0
  761. package/dist/storage/sparql/OptimizedQuadstoreEngine.d.ts +65 -0
  762. package/dist/storage/sparql/OptimizedQuadstoreEngine.js +327 -0
  763. package/dist/storage/sparql/OptimizedQuadstoreEngine.js.map +1 -0
  764. package/dist/storage/sparql/OptimizedQuadstoreSource.d.ts +46 -0
  765. package/dist/storage/sparql/OptimizedQuadstoreSource.js +118 -0
  766. package/dist/storage/sparql/OptimizedQuadstoreSource.js.map +1 -0
  767. package/dist/storage/sparql/PatternBuilder.d.ts +41 -0
  768. package/dist/storage/sparql/PatternBuilder.js +118 -0
  769. package/dist/storage/sparql/PatternBuilder.js.map +1 -0
  770. package/dist/storage/sparql/QueryOptimizer.d.ts +125 -0
  771. package/dist/storage/sparql/QueryOptimizer.js +363 -0
  772. package/dist/storage/sparql/QueryOptimizer.js.map +1 -0
  773. package/dist/storage/sparql/QuintEngine.d.ts +92 -0
  774. package/dist/storage/sparql/QuintEngine.js +150 -0
  775. package/dist/storage/sparql/QuintEngine.js.map +1 -0
  776. package/dist/storage/sparql/QuintQuerySource.d.ts +227 -0
  777. package/dist/storage/sparql/QuintQuerySource.js +918 -0
  778. package/dist/storage/sparql/QuintQuerySource.js.map +1 -0
  779. package/dist/storage/sparql/SimpleSparqlExecutor.d.ts +40 -0
  780. package/dist/storage/sparql/SimpleSparqlExecutor.js +131 -0
  781. package/dist/storage/sparql/SimpleSparqlExecutor.js.map +1 -0
  782. package/dist/storage/sparql/SubgraphQueryEngine.d.ts +74 -0
  783. package/dist/storage/sparql/SubgraphQueryEngine.js +248 -0
  784. package/dist/storage/sparql/SubgraphQueryEngine.js.map +1 -0
  785. package/dist/storage/sparql/SubgraphQueryEngine.jsonld +250 -0
  786. package/dist/storage/vector/PostgresVectorStore.d.ts +46 -0
  787. package/dist/storage/vector/PostgresVectorStore.js +291 -0
  788. package/dist/storage/vector/PostgresVectorStore.js.map +1 -0
  789. package/dist/storage/vector/PostgresVectorStore.jsonld +142 -0
  790. package/dist/storage/vector/SqliteVectorStore.d.ts +44 -0
  791. package/dist/storage/vector/SqliteVectorStore.js +282 -0
  792. package/dist/storage/vector/SqliteVectorStore.js.map +1 -0
  793. package/dist/storage/vector/SqliteVectorStore.jsonld +137 -0
  794. package/dist/storage/vector/VectorIndexingListener.d.ts +114 -0
  795. package/dist/storage/vector/VectorIndexingListener.js +351 -0
  796. package/dist/storage/vector/VectorIndexingListener.js.map +1 -0
  797. package/dist/storage/vector/VectorStore.d.ts +42 -0
  798. package/dist/storage/vector/VectorStore.js +50 -0
  799. package/dist/storage/vector/VectorStore.js.map +1 -0
  800. package/dist/storage/vector/VectorStore.jsonld +87 -0
  801. package/dist/storage/vector/VectorStoreInit.d.ts +28 -0
  802. package/dist/storage/vector/VectorStoreInit.js +104 -0
  803. package/dist/storage/vector/VectorStoreInit.js.map +1 -0
  804. package/dist/storage/vector/index.d.ts +5 -0
  805. package/dist/storage/vector/index.js +22 -0
  806. package/dist/storage/vector/index.js.map +1 -0
  807. package/dist/storage/vector/types.d.ts +39 -0
  808. package/dist/storage/vector/types.js +8 -0
  809. package/dist/storage/vector/types.js.map +1 -0
  810. package/dist/subdomain/SubdomainClient.d.ts +156 -0
  811. package/dist/subdomain/SubdomainClient.js +220 -0
  812. package/dist/subdomain/SubdomainClient.js.map +1 -0
  813. package/dist/subdomain/SubdomainService.d.ts +114 -0
  814. package/dist/subdomain/SubdomainService.js +212 -0
  815. package/dist/subdomain/SubdomainService.js.map +1 -0
  816. package/dist/subdomain/SubdomainService.jsonld +261 -0
  817. package/dist/subdomain/index.d.ts +2 -0
  818. package/dist/subdomain/index.js +9 -0
  819. package/dist/subdomain/index.js.map +1 -0
  820. package/dist/supervisor/Supervisor.d.ts +20 -0
  821. package/dist/supervisor/Supervisor.js +174 -0
  822. package/dist/supervisor/Supervisor.js.map +1 -0
  823. package/dist/supervisor/index.d.ts +2 -0
  824. package/dist/supervisor/index.js +6 -0
  825. package/dist/supervisor/index.js.map +1 -0
  826. package/dist/supervisor/types.d.ts +19 -0
  827. package/dist/supervisor/types.js +3 -0
  828. package/dist/supervisor/types.js.map +1 -0
  829. package/dist/task/DrizzleTaskQueue.d.ts +60 -0
  830. package/dist/task/DrizzleTaskQueue.js +171 -0
  831. package/dist/task/DrizzleTaskQueue.js.map +1 -0
  832. package/dist/task/TaskExecutor.d.ts +82 -0
  833. package/dist/task/TaskExecutor.js +198 -0
  834. package/dist/task/TaskExecutor.js.map +1 -0
  835. package/dist/task/index.d.ts +10 -0
  836. package/dist/task/index.js +20 -0
  837. package/dist/task/index.js.map +1 -0
  838. package/dist/task/schema.d.ts +53 -0
  839. package/dist/task/schema.js +71 -0
  840. package/dist/task/schema.js.map +1 -0
  841. package/dist/task/types.d.ts +186 -0
  842. package/dist/task/types.js +12 -0
  843. package/dist/task/types.js.map +1 -0
  844. package/dist/terminal/AclPermissionService.d.ts +28 -0
  845. package/dist/terminal/AclPermissionService.js +141 -0
  846. package/dist/terminal/AclPermissionService.js.map +1 -0
  847. package/dist/terminal/BubblewrapSandbox.d.ts +51 -0
  848. package/dist/terminal/BubblewrapSandbox.js +147 -0
  849. package/dist/terminal/BubblewrapSandbox.js.map +1 -0
  850. package/dist/terminal/TerminalSession.d.ts +33 -0
  851. package/dist/terminal/TerminalSession.js +164 -0
  852. package/dist/terminal/TerminalSession.js.map +1 -0
  853. package/dist/terminal/TerminalSessionManager.d.ts +69 -0
  854. package/dist/terminal/TerminalSessionManager.js +196 -0
  855. package/dist/terminal/TerminalSessionManager.js.map +1 -0
  856. package/dist/terminal/index.d.ts +5 -0
  857. package/dist/terminal/index.js +22 -0
  858. package/dist/terminal/index.js.map +1 -0
  859. package/dist/terminal/sandbox/BubblewrapSandbox.d.ts +8 -0
  860. package/dist/terminal/sandbox/BubblewrapSandbox.js +105 -0
  861. package/dist/terminal/sandbox/BubblewrapSandbox.js.map +1 -0
  862. package/dist/terminal/sandbox/MacOSSandbox.d.ts +19 -0
  863. package/dist/terminal/sandbox/MacOSSandbox.js +120 -0
  864. package/dist/terminal/sandbox/MacOSSandbox.js.map +1 -0
  865. package/dist/terminal/sandbox/index.d.ts +29 -0
  866. package/dist/terminal/sandbox/index.js +113 -0
  867. package/dist/terminal/sandbox/index.js.map +1 -0
  868. package/dist/terminal/sandbox/types.d.ts +38 -0
  869. package/dist/terminal/sandbox/types.js +3 -0
  870. package/dist/terminal/sandbox/types.js.map +1 -0
  871. package/dist/terminal/types.d.ts +80 -0
  872. package/dist/terminal/types.js +16 -0
  873. package/dist/terminal/types.js.map +1 -0
  874. package/dist/tunnel/CloudflareTunnelProvider.d.ts +120 -0
  875. package/dist/tunnel/CloudflareTunnelProvider.js +376 -0
  876. package/dist/tunnel/CloudflareTunnelProvider.js.map +1 -0
  877. package/dist/tunnel/CloudflareTunnelProvider.jsonld +204 -0
  878. package/dist/tunnel/LocalTunnelProvider.d.ts +85 -0
  879. package/dist/tunnel/LocalTunnelProvider.js +295 -0
  880. package/dist/tunnel/LocalTunnelProvider.js.map +1 -0
  881. package/dist/tunnel/LocalTunnelProvider.jsonld +142 -0
  882. package/dist/tunnel/SakuraFrpTunnelProvider.d.ts +59 -0
  883. package/dist/tunnel/SakuraFrpTunnelProvider.js +207 -0
  884. package/dist/tunnel/SakuraFrpTunnelProvider.js.map +1 -0
  885. package/dist/tunnel/TunnelProvider.d.ts +91 -0
  886. package/dist/tunnel/TunnelProvider.js +10 -0
  887. package/dist/tunnel/TunnelProvider.js.map +1 -0
  888. package/dist/tunnel/TunnelProvider.jsonld +144 -0
  889. package/dist/tunnel/index.d.ts +3 -0
  890. package/dist/tunnel/index.js +8 -0
  891. package/dist/tunnel/index.js.map +1 -0
  892. package/dist/util/LockContext.d.ts +3 -0
  893. package/dist/util/LockContext.js +6 -0
  894. package/dist/util/LockContext.js.map +1 -0
  895. package/dist/util/ResourceStoreFetch.d.ts +11 -0
  896. package/dist/util/ResourceStoreFetch.js +147 -0
  897. package/dist/util/ResourceStoreFetch.js.map +1 -0
  898. package/dist/util/database/DatabaseMaintenance.d.ts +23 -0
  899. package/dist/util/database/DatabaseMaintenance.js +82 -0
  900. package/dist/util/database/DatabaseMaintenance.js.map +1 -0
  901. package/dist/util/identifiers/ClusterIdentifierStrategy.d.ts +23 -0
  902. package/dist/util/identifiers/ClusterIdentifierStrategy.js +73 -0
  903. package/dist/util/identifiers/ClusterIdentifierStrategy.js.map +1 -0
  904. package/dist/util/identifiers/ClusterIdentifierStrategy.jsonld +90 -0
  905. package/dist/util/identifiers/MultiDomainIdentifierStrategy.d.ts +40 -0
  906. package/dist/util/identifiers/MultiDomainIdentifierStrategy.js +73 -0
  907. package/dist/util/identifiers/MultiDomainIdentifierStrategy.js.map +1 -0
  908. package/dist/util/identifiers/MultiDomainIdentifierStrategy.jsonld +90 -0
  909. package/dist/util/identifiers/PathBasedPodIdentifierStrategy.d.ts +78 -0
  910. package/dist/util/identifiers/PathBasedPodIdentifierStrategy.js +182 -0
  911. package/dist/util/identifiers/PathBasedPodIdentifierStrategy.js.map +1 -0
  912. package/dist/util/identifiers/PathBasedPodIdentifierStrategy.jsonld +88 -0
  913. package/dist/util/identifiers/SubdomainPodIdentifierStrategy.d.ts +68 -0
  914. package/dist/util/identifiers/SubdomainPodIdentifierStrategy.js +149 -0
  915. package/dist/util/identifiers/SubdomainPodIdentifierStrategy.js.map +1 -0
  916. package/dist/util/identifiers/SubdomainPodIdentifierStrategy.jsonld +84 -0
  917. package/dist/util/locking/DebugRedisLocker.d.ts +8 -0
  918. package/dist/util/locking/DebugRedisLocker.js +33 -0
  919. package/dist/util/locking/DebugRedisLocker.js.map +1 -0
  920. package/dist/util/logger.d.ts +13 -0
  921. package/dist/util/logger.js +36 -0
  922. package/dist/util/logger.js.map +1 -0
  923. package/dist/util/stream/BandwidthThrottleTransform.d.ts +8 -0
  924. package/dist/util/stream/BandwidthThrottleTransform.js +55 -0
  925. package/dist/util/stream/BandwidthThrottleTransform.js.map +1 -0
  926. package/dist/vocab/external.d.ts +216 -0
  927. package/dist/vocab/external.js +276 -0
  928. package/dist/vocab/external.js.map +1 -0
  929. package/dist/vocab/index.d.ts +26 -0
  930. package/dist/vocab/index.js +46 -0
  931. package/dist/vocab/index.js.map +1 -0
  932. package/dist/vocab/udfs.d.ts +184 -0
  933. package/dist/vocab/udfs.js +217 -0
  934. package/dist/vocab/udfs.js.map +1 -0
  935. package/dist/webrtc/WebRTCClient.d.ts +109 -0
  936. package/dist/webrtc/WebRTCClient.js +344 -0
  937. package/dist/webrtc/WebRTCClient.js.map +1 -0
  938. package/dist/webrtc/WebRTCPeerManager.d.ts +112 -0
  939. package/dist/webrtc/WebRTCPeerManager.js +289 -0
  940. package/dist/webrtc/WebRTCPeerManager.js.map +1 -0
  941. package/dist/webrtc/WeriftPeerConnectionFactory.d.ts +13 -0
  942. package/dist/webrtc/WeriftPeerConnectionFactory.js +255 -0
  943. package/dist/webrtc/WeriftPeerConnectionFactory.js.map +1 -0
  944. package/dist/webrtc/index.d.ts +13 -0
  945. package/dist/webrtc/index.js +30 -0
  946. package/dist/webrtc/index.js.map +1 -0
  947. package/dist/webrtc/types.d.ts +169 -0
  948. package/dist/webrtc/types.js +6 -0
  949. package/dist/webrtc/types.js.map +1 -0
  950. package/dist/xpod.single.cjs +826 -0
  951. package/dist/xpod.single.cjs.map +7 -0
  952. package/package.json +173 -0
  953. package/static/app/assets/index.css +1 -0
  954. package/static/app/assets/main.js +11 -0
  955. package/static/app/auth.html +21 -0
  956. package/static/app/index.html +14 -0
  957. package/static/app/vite.svg +1 -0
  958. package/static/dashboard/assets/dashboard-G96F8267.js +52 -0
  959. package/static/dashboard/assets/dashboard-PJyGDppf.css +1 -0
  960. package/static/dashboard/auth.html +21 -0
  961. package/static/dashboard/index.html +13 -0
  962. package/static/dashboard/vite.svg +1 -0
  963. package/static/landing/index.html +165 -0
  964. package/templates/identity/index.html.ejs +12 -0
  965. package/templates/identity/login.html.ejs +49 -0
  966. package/templates/identity/oidc/consent.html.ejs +103 -0
  967. package/templates/identity/password/forgot.html.ejs +49 -0
  968. package/templates/identity/password/login.html.ejs +58 -0
  969. package/templates/identity/password/register.html.ejs +65 -0
  970. package/templates/main.html.ejs +1 -0
package/dist/terminal/TerminalSessionManager.js ADDED
@@ -0,0 +1,196 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.TerminalSessionManager = void 0;
4
+ const crypto_1 = require("crypto");
5
+ const global_logger_factory_1 = require("global-logger-factory");
6
+ const TerminalSession_1 = require("./TerminalSession");
7
+ const AclPermissionService_1 = require("./AclPermissionService");
8
+ const types_1 = require("./types");
9
+ const DEFAULT_OPTIONS = {
10
+ maxSessionsPerUser: 5,
11
+ maxTotalSessions: 100,
12
+ defaultTimeout: 3600, // 1 hour
13
+ maxTimeout: 86400, // 24 hours
14
+ defaultWorkdir: '/workspace',
15
+ requireAclControl: true,
16
+ };
17
+ class TerminalSessionManager {
18
+ constructor(options = {}) {
19
+ this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
20
+ this.sessions = new Map();
21
+ this.userSessions = new Map();
22
+ this.options = { ...DEFAULT_OPTIONS, ...options };
23
+ // Initialize ACL service if SPARQL endpoint is provided
24
+ if (this.options.sparqlEndpoint) {
25
+ this.aclService = new AclPermissionService_1.AclPermissionService(this.options.sparqlEndpoint);
26
+ }
27
+ }
28
+ /**
29
+ * Convert a file system path to a resource URL.
30
+ */
31
+ pathToUrl(path) {
32
+ if (!this.options.baseUrl || !this.options.fileSystemRoot) {
33
+ return undefined;
34
+ }
35
+ const root = this.options.fileSystemRoot.endsWith('/')
36
+ ? this.options.fileSystemRoot.slice(0, -1)
37
+ : this.options.fileSystemRoot;
38
+ if (!path.startsWith(root)) {
39
+ return undefined;
40
+ }
41
+ const relativePath = path.slice(root.length);
42
+ const baseUrl = this.options.baseUrl.endsWith('/')
43
+ ? this.options.baseUrl.slice(0, -1)
44
+ : this.options.baseUrl;
45
+ return baseUrl + relativePath;
46
+ }
47
+ /**
48
+ * Check if user has acl:Control permission for the working directory.
49
+ */
50
+ async checkWorkdirPermission(userId, workdir) {
51
+ if (!this.options.requireAclControl) {
52
+ return true;
53
+ }
54
+ if (!this.aclService) {
55
+ this.logger.warn('ACL service not configured, skipping permission check');
56
+ return true;
57
+ }
58
+ const resourceUrl = this.pathToUrl(workdir);
59
+ if (!resourceUrl) {
60
+ this.logger.warn(`Cannot map workdir to URL: ${workdir}`);
61
+ return false;
62
+ }
63
+ return this.aclService.hasControlPermission(userId, resourceUrl);
64
+ }
65
+ /**
66
+ * Create a new terminal session
67
+ */
68
+ async createSession(userId, request, secretResolver) {
69
+ // Validate command is trusted
70
+ if (!(0, types_1.isTrustedAgent)(request.command)) {
71
+ throw new Error(`Untrusted command: ${request.command}. Allowed: ${types_1.TRUSTED_AGENTS.join(', ')}`);
72
+ }
73
+ const workdir = request.workdir ?? this.options.defaultWorkdir;
74
+ // Check ACL Control permission
75
+ const hasPermission = await this.checkWorkdirPermission(userId, workdir);
76
+ if (!hasPermission) {
77
+ throw new Error(`Permission denied: acl:Control required for workdir ${workdir}`);
78
+ }
79
+ // Check limits
80
+ if (this.sessions.size >= this.options.maxTotalSessions) {
81
+ throw new Error('Maximum total sessions reached');
82
+ }
83
+ const userSessionIds = this.userSessions.get(userId) ?? new Set();
84
+ if (userSessionIds.size >= this.options.maxSessionsPerUser) {
85
+ throw new Error(`Maximum sessions per user reached (${this.options.maxSessionsPerUser})`);
86
+ }
87
+ // Resolve environment variables
88
+ const env = {};
89
+ if (request.env) {
90
+ for (const [key, value] of Object.entries(request.env)) {
91
+ if (typeof value === 'string') {
92
+ env[key] = value;
93
+ }
94
+ else if (secretResolver) {
95
+ try {
96
+ env[key] = await secretResolver(value);
97
+ }
98
+ catch (error) {
99
+ this.logger.warn(`Failed to resolve secret for ${key}: ${error}`);
100
+ }
101
+ }
102
+ }
103
+ }
104
+ // Build session config
105
+ const sessionId = `sess_${(0, crypto_1.randomUUID)().replace(/-/g, '').slice(0, 12)}`;
106
+ const timeout = Math.min(request.timeout ?? this.options.defaultTimeout, this.options.maxTimeout);
107
+ const config = {
108
+ command: request.command,
109
+ args: request.args ?? [],
110
+ workdir,
111
+ env: request.env ?? {},
112
+ timeout,
113
+ };
114
+ // Create session
115
+ const session = new TerminalSession_1.TerminalSession(sessionId, userId, config, env);
116
+ // Track session
117
+ this.sessions.set(sessionId, session);
118
+ if (!this.userSessions.has(userId)) {
119
+ this.userSessions.set(userId, new Set());
120
+ }
121
+ this.userSessions.get(userId).add(sessionId);
122
+ // Clean up on exit
123
+ session.on('exit', () => {
124
+ this.removeSession(sessionId);
125
+ });
126
+ this.logger.info(`Created terminal session ${sessionId} for user ${userId} in ${workdir}`);
127
+ return session;
128
+ }
129
+ /**
130
+ * Get a session by ID
131
+ */
132
+ getSession(sessionId) {
133
+ return this.sessions.get(sessionId);
134
+ }
135
+ /**
136
+ * Get all sessions for a user
137
+ */
138
+ getUserSessions(userId) {
139
+ const sessionIds = this.userSessions.get(userId);
140
+ if (!sessionIds) {
141
+ return [];
142
+ }
143
+ return Array.from(sessionIds)
144
+ .map(id => this.sessions.get(id))
145
+ .filter((s) => s !== undefined);
146
+ }
147
+ /**
148
+ * Terminate a session
149
+ */
150
+ terminateSession(sessionId) {
151
+ const session = this.sessions.get(sessionId);
152
+ if (!session) {
153
+ return false;
154
+ }
155
+ session.terminate();
156
+ return true;
157
+ }
158
+ /**
159
+ * Remove a session from tracking
160
+ */
161
+ removeSession(sessionId) {
162
+ const session = this.sessions.get(sessionId);
163
+ if (session) {
164
+ this.sessions.delete(sessionId);
165
+ const userSessionIds = this.userSessions.get(session.userId);
166
+ if (userSessionIds) {
167
+ userSessionIds.delete(sessionId);
168
+ if (userSessionIds.size === 0) {
169
+ this.userSessions.delete(session.userId);
170
+ }
171
+ }
172
+ this.logger.debug(`Removed terminal session ${sessionId}`);
173
+ }
174
+ }
175
+ /**
176
+ * Get session statistics
177
+ */
178
+ getStats() {
179
+ return {
180
+ totalSessions: this.sessions.size,
181
+ activeUsers: this.userSessions.size,
182
+ };
183
+ }
184
+ /**
185
+ * Terminate all sessions (for shutdown)
186
+ */
187
+ terminateAll() {
188
+ for (const session of this.sessions.values()) {
189
+ session.terminate();
190
+ }
191
+ this.sessions.clear();
192
+ this.userSessions.clear();
193
+ }
194
+ }
195
+ exports.TerminalSessionManager = TerminalSessionManager;
196
+ //# sourceMappingURL=TerminalSessionManager.js.map
package/dist/terminal/TerminalSessionManager.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"TerminalSessionManager.js","sourceRoot":"","sources":["../../src/terminal/TerminalSessionManager.ts"],"names":[],"mappings":";;;AAAA,mCAAoC;AACpC,iEAAqD;AACrD,uDAAoD;AACpD,iEAA8D;AAE9D,mCAAyD;AAuBzD,MAAM,eAAe,GAAkC;IACrD,kBAAkB,EAAE,CAAC;IACrB,gBAAgB,EAAE,GAAG;IACrB,cAAc,EAAE,IAAI,EAAE,SAAS;IAC/B,UAAU,EAAE,KAAK,EAAE,WAAW;IAC9B,cAAc,EAAE,YAAY;IAC5B,iBAAiB,EAAE,IAAI;CACxB,CAAC;AAEF,MAAa,sBAAsB;IAQjC,YAAY,UAAkD,EAAE;QAP7C,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAE9B,aAAQ,GAAG,IAAI,GAAG,EAA2B,CAAC;QAC9C,iBAAY,GAAG,IAAI,GAAG,EAAuB,CAAC;QAK7D,IAAI,CAAC,OAAO,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,OAAO,EAAE,CAAC;QAElD,wDAAwD;QACxD,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC,UAAU,GAAG,IAAI,2CAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,IAAY;QAC5B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAC1D,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAEhC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;YAChD,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACnC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;QAEzB,OAAO,OAAO,GAAG,YAAY,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,MAAc,EAAE,OAAe;QAC1D,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YAC1E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC;YAC1D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,MAAc,EACd,OAA6B,EAC7B,cAAiD;QAEjD,8BAA8B;QAC9B,IAAI,CAAC,IAAA,sBAAc,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,sBAAsB,OAAO,CAAC,OAAO,cAAc,sBAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC/E,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAE/D,+BAA+B;QAC/B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,uDAAuD,OAAO,EAAE,CACjE,CAAC;QACJ,CAAC;QAED,eAAe;QACf,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;QAClE,IAAI,cAAc,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,sCAAsC,IAAI,CAAC,OAAO,CAAC,kBAAkB,GAAG,CAAC,CAAC;QAC5F,CAAC;QAED,gCAAgC;QAChC,MAAM,GAAG,GAA2B,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC9B,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBACnB,CAAC;qBAAM,IAAI,cAAc,EAAE,CAAC;oBAC1B,IAAI,CAAC;wBACH,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;oBACzC,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC;oBACpE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,MAAM,SAAS,GAAG,QAAQ,IAAA,mBAAU,GAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACxE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CACtB,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,EAC9C,IAAI,CAAC,OAAO,CAAC,UAAU,CACxB,CAAC;QAEF,MAAM,MAAM,GAAkB;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,EAAE;YACxB,OAAO;YACP,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,EAAE;YACtB,OAAO;SACR,CAAC;QAEF,iBAAiB;QACjB,MAAM,OAAO,GAAG,IAAI,iCAAe,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;QAEpE,gBAAgB;QAChB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE9C,mBAAmB;QACnB,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACtB,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,SAAS,aAAa,MAAM,OAAO,OAAO,EAAE,CAAC,CAAC;QAC3F,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,SAAiB;QAC1B,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAc;QAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;aAC1B,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,EAAwB,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,CAAC,SAAS,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,SAAiB;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC7D,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACjC,IAAI,cAAc,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBAC9B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC3C,CAAC;YACH,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,SAAS,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO;YACL,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YACjC,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,YAAY;QACV,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC7C,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IAC5B,CAAC;CACF;AA1ND,wDA0NC","sourcesContent":["import { randomUUID } from 'crypto';\nimport { getLoggerFor } from 'global-logger-factory';\nimport { TerminalSession } from './TerminalSession';\nimport { AclPermissionService } from './AclPermissionService';\nimport type { SessionConfig, Session, EnvRef, CreateSessionRequest } from './types';\nimport { isTrustedAgent, TRUSTED_AGENTS } from './types';\n\nexport interface TerminalSessionManagerOptions {\n /** Maximum sessions per user */\n maxSessionsPerUser: number;\n /** Maximum total sessions */\n maxTotalSessions: number;\n /** Default session timeout in seconds */\n defaultTimeout: number;\n /** Maximum session timeout in seconds */\n maxTimeout: number;\n /** Default working directory */\n defaultWorkdir: string;\n /** SPARQL endpoint for ACL queries */\n sparqlEndpoint?: string;\n /** Whether to require ACL Control permission (default: true) */\n requireAclControl: boolean;\n /** Base URL for mapping file paths to resource URLs */\n baseUrl?: string;\n /** File system root for mapping URLs to paths */\n fileSystemRoot?: string;\n}\n\nconst DEFAULT_OPTIONS: TerminalSessionManagerOptions = {\n maxSessionsPerUser: 5,\n maxTotalSessions: 100,\n defaultTimeout: 3600, // 1 hour\n maxTimeout: 86400, // 24 hours\n defaultWorkdir: '/workspace',\n requireAclControl: true,\n};\n\nexport class TerminalSessionManager {\n protected readonly logger = getLoggerFor(this);\n\n private readonly sessions = new Map<string, TerminalSession>();\n private readonly userSessions = new Map<string, Set<string>>();\n private readonly options: TerminalSessionManagerOptions;\n private readonly aclService?: AclPermissionService;\n\n constructor(options: Partial<TerminalSessionManagerOptions> = {}) {\n this.options = { ...DEFAULT_OPTIONS, ...options };\n\n // Initialize ACL service if SPARQL endpoint is provided\n if (this.options.sparqlEndpoint) {\n this.aclService = new AclPermissionService(this.options.sparqlEndpoint);\n }\n }\n\n /**\n * Convert a file system path to a resource URL.\n */\n private pathToUrl(path: string): string | undefined {\n if (!this.options.baseUrl || !this.options.fileSystemRoot) {\n return undefined;\n }\n\n const root = this.options.fileSystemRoot.endsWith('/')\n ? this.options.fileSystemRoot.slice(0, -1)\n : this.options.fileSystemRoot;\n\n if (!path.startsWith(root)) {\n return undefined;\n }\n\n const relativePath = path.slice(root.length);\n const baseUrl = this.options.baseUrl.endsWith('/')\n ? this.options.baseUrl.slice(0, -1)\n : this.options.baseUrl;\n\n return baseUrl + relativePath;\n }\n\n /**\n * Check if user has acl:Control permission for the working directory.\n */\n async checkWorkdirPermission(userId: string, workdir: string): Promise<boolean> {\n if (!this.options.requireAclControl) {\n return true;\n }\n\n if (!this.aclService) {\n this.logger.warn('ACL service not configured, skipping permission check');\n return true;\n }\n\n const resourceUrl = this.pathToUrl(workdir);\n if (!resourceUrl) {\n this.logger.warn(`Cannot map workdir to URL: ${workdir}`);\n return false;\n }\n\n return this.aclService.hasControlPermission(userId, resourceUrl);\n }\n\n /**\n * Create a new terminal session\n */\n async createSession(\n userId: string,\n request: CreateSessionRequest,\n secretResolver?: (ref: EnvRef) => Promise<string>,\n ): Promise<TerminalSession> {\n // Validate command is trusted\n if (!isTrustedAgent(request.command)) {\n throw new Error(\n `Untrusted command: ${request.command}. Allowed: ${TRUSTED_AGENTS.join(', ')}`\n );\n }\n\n const workdir = request.workdir ?? this.options.defaultWorkdir;\n\n // Check ACL Control permission\n const hasPermission = await this.checkWorkdirPermission(userId, workdir);\n if (!hasPermission) {\n throw new Error(\n `Permission denied: acl:Control required for workdir ${workdir}`\n );\n }\n\n // Check limits\n if (this.sessions.size >= this.options.maxTotalSessions) {\n throw new Error('Maximum total sessions reached');\n }\n\n const userSessionIds = this.userSessions.get(userId) ?? new Set();\n if (userSessionIds.size >= this.options.maxSessionsPerUser) {\n throw new Error(`Maximum sessions per user reached (${this.options.maxSessionsPerUser})`);\n }\n\n // Resolve environment variables\n const env: Record<string, string> = {};\n if (request.env) {\n for (const [key, value] of Object.entries(request.env)) {\n if (typeof value === 'string') {\n env[key] = value;\n } else if (secretResolver) {\n try {\n env[key] = await secretResolver(value);\n } catch (error) {\n this.logger.warn(`Failed to resolve secret for ${key}: ${error}`);\n }\n }\n }\n }\n\n // Build session config\n const sessionId = `sess_${randomUUID().replace(/-/g, '').slice(0, 12)}`;\n const timeout = Math.min(\n request.timeout ?? this.options.defaultTimeout,\n this.options.maxTimeout\n );\n\n const config: SessionConfig = {\n command: request.command,\n args: request.args ?? [],\n workdir,\n env: request.env ?? {},\n timeout,\n };\n\n // Create session\n const session = new TerminalSession(sessionId, userId, config, env);\n\n // Track session\n this.sessions.set(sessionId, session);\n if (!this.userSessions.has(userId)) {\n this.userSessions.set(userId, new Set());\n }\n this.userSessions.get(userId)!.add(sessionId);\n\n // Clean up on exit\n session.on('exit', () => {\n this.removeSession(sessionId);\n });\n\n this.logger.info(`Created terminal session ${sessionId} for user ${userId} in ${workdir}`);\n return session;\n }\n\n /**\n * Get a session by ID\n */\n getSession(sessionId: string): TerminalSession | undefined {\n return this.sessions.get(sessionId);\n }\n\n /**\n * Get all sessions for a user\n */\n getUserSessions(userId: string): TerminalSession[] {\n const sessionIds = this.userSessions.get(userId);\n if (!sessionIds) {\n return [];\n }\n return Array.from(sessionIds)\n .map(id => this.sessions.get(id))\n .filter((s): s is TerminalSession => s !== undefined);\n }\n\n /**\n * Terminate a session\n */\n terminateSession(sessionId: string): boolean {\n const session = this.sessions.get(sessionId);\n if (!session) {\n return false;\n }\n session.terminate();\n return true;\n }\n\n /**\n * Remove a session from tracking\n */\n private removeSession(sessionId: string): void {\n const session = this.sessions.get(sessionId);\n if (session) {\n this.sessions.delete(sessionId);\n const userSessionIds = this.userSessions.get(session.userId);\n if (userSessionIds) {\n userSessionIds.delete(sessionId);\n if (userSessionIds.size === 0) {\n this.userSessions.delete(session.userId);\n }\n }\n this.logger.debug(`Removed terminal session ${sessionId}`);\n }\n }\n\n /**\n * Get session statistics\n */\n getStats(): { totalSessions: number; activeUsers: number } {\n return {\n totalSessions: this.sessions.size,\n activeUsers: this.userSessions.size,\n };\n }\n\n /**\n * Terminate all sessions (for shutdown)\n */\n terminateAll(): void {\n for (const session of this.sessions.values()) {\n session.terminate();\n }\n this.sessions.clear();\n this.userSessions.clear();\n }\n}\n"]}
package/dist/terminal/index.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ export * from './types';
2
+ export * from './TerminalSession';
3
+ export * from './TerminalSessionManager';
4
+ export * from './AclPermissionService';
5
+ export * from './sandbox/index';
package/dist/terminal/index.js ADDED
@@ -0,0 +1,22 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
+ };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ __exportStar(require("./types"), exports);
18
+ __exportStar(require("./TerminalSession"), exports);
19
+ __exportStar(require("./TerminalSessionManager"), exports);
20
+ __exportStar(require("./AclPermissionService"), exports);
21
+ __exportStar(require("./sandbox/index"), exports);
22
+ //# sourceMappingURL=index.js.map
package/dist/terminal/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/terminal/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,oDAAkC;AAClC,2DAAyC;AACzC,yDAAuC;AACvC,kDAAgC","sourcesContent":["export * from './types';\nexport * from './TerminalSession';\nexport * from './TerminalSessionManager';\nexport * from './AclPermissionService';\nexport * from './sandbox/index';\n"]}
package/dist/terminal/sandbox/BubblewrapSandbox.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ import type { Sandbox, SandboxConfig, SandboxResult } from './types';
2
+ export declare class BubblewrapSandbox implements Sandbox {
3
+ protected readonly logger: import("global-logger-factory").Logger<unknown>;
4
+ private static readonly SYSTEM_PATHS;
5
+ isAvailable(): boolean;
6
+ launch(config: SandboxConfig): SandboxResult;
7
+ private buildArgs;
8
+ }
package/dist/terminal/sandbox/BubblewrapSandbox.js ADDED
@@ -0,0 +1,105 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.BubblewrapSandbox = void 0;
4
+ /**
5
+ * Bubblewrap Sandbox (Linux)
6
+ *
7
+ * Uses Linux namespaces via bubblewrap for process isolation.
8
+ */
9
+ const child_process_1 = require("child_process");
10
+ const fs_1 = require("fs");
11
+ const child_process_2 = require("child_process");
12
+ const global_logger_factory_1 = require("global-logger-factory");
13
+ let bwrapAvailable;
14
+ class BubblewrapSandbox {
15
+ constructor() {
16
+ this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
17
+ }
18
+ isAvailable() {
19
+ if (bwrapAvailable === undefined) {
20
+ try {
21
+ (0, child_process_2.execSync)('which bwrap', { stdio: 'ignore' });
22
+ bwrapAvailable = true;
23
+ }
24
+ catch {
25
+ bwrapAvailable = false;
26
+ }
27
+ }
28
+ return bwrapAvailable;
29
+ }
30
+ launch(config) {
31
+ const args = this.buildArgs(config);
32
+ this.logger.info(`Launching bubblewrap sandbox: ${config.command}`);
33
+ const childProcess = (0, child_process_1.spawn)('bwrap', args, {
34
+ env: {
35
+ ...config.env,
36
+ TERM: 'xterm-256color',
37
+ },
38
+ stdio: ['pipe', 'pipe', 'pipe'],
39
+ });
40
+ return {
41
+ process: childProcess,
42
+ sandboxed: true,
43
+ technology: 'bubblewrap',
44
+ };
45
+ }
46
+ buildArgs(config) {
47
+ const args = [];
48
+ // Unshare namespaces for isolation
49
+ args.push('--unshare-user');
50
+ args.push('--unshare-pid');
51
+ args.push('--unshare-uts');
52
+ args.push('--unshare-ipc');
53
+ args.push('--unshare-cgroup');
54
+ if (config.isolateNetwork) {
55
+ args.push('--unshare-net');
56
+ }
57
+ args.push('--die-with-parent');
58
+ // Mount essential system paths as read-only
59
+ for (const path of BubblewrapSandbox.SYSTEM_PATHS) {
60
+ if ((0, fs_1.existsSync)(path)) {
61
+ args.push('--ro-bind', path, path);
62
+ }
63
+ }
64
+ // Mount /dev, /proc, /tmp
65
+ args.push('--dev', '/dev');
66
+ args.push('--proc', '/proc');
67
+ args.push('--tmpfs', '/tmp');
68
+ args.push('--tmpfs', '/home');
69
+ // Additional read-only paths
70
+ if (config.readonlyPaths) {
71
+ for (const path of config.readonlyPaths) {
72
+ if ((0, fs_1.existsSync)(path)) {
73
+ args.push('--ro-bind', path, path);
74
+ }
75
+ }
76
+ }
77
+ // Mount the working directory with write access
78
+ args.push('--bind', config.workdir, config.workdir);
79
+ args.push('--chdir', config.workdir);
80
+ // Environment variables
81
+ for (const [key, value] of Object.entries(config.env)) {
82
+ args.push('--setenv', key, value);
83
+ }
84
+ args.push('--setenv', 'TERM', 'xterm-256color');
85
+ // Command
86
+ args.push(config.command);
87
+ args.push(...config.args);
88
+ return args;
89
+ }
90
+ }
91
+ exports.BubblewrapSandbox = BubblewrapSandbox;
92
+ BubblewrapSandbox.SYSTEM_PATHS = [
93
+ '/usr',
94
+ '/lib',
95
+ '/lib64',
96
+ '/bin',
97
+ '/sbin',
98
+ '/etc/resolv.conf',
99
+ '/etc/hosts',
100
+ '/etc/passwd',
101
+ '/etc/group',
102
+ '/etc/ssl',
103
+ '/etc/ca-certificates',
104
+ ];
105
+ //# sourceMappingURL=BubblewrapSandbox.js.map
package/dist/terminal/sandbox/BubblewrapSandbox.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"BubblewrapSandbox.js","sourceRoot":"","sources":["../../../src/terminal/sandbox/BubblewrapSandbox.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,iDAAsC;AACtC,2BAAgC;AAChC,iDAAyC;AACzC,iEAAqD;AAGrD,IAAI,cAAmC,CAAC;AAExC,MAAa,iBAAiB;IAA9B;QACqB,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;IAsGjD,CAAC;IAtFQ,WAAW;QAChB,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAC7C,cAAc,GAAG,IAAI,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc,GAAG,KAAK,CAAC;YACzB,CAAC;QACH,CAAC;QACD,OAAO,cAAc,CAAC;IACxB,CAAC;IAEM,MAAM,CAAC,MAAqB;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAEpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAEpE,MAAM,YAAY,GAAG,IAAA,qBAAK,EAAC,OAAO,EAAE,IAAI,EAAE;YACxC,GAAG,EAAE;gBACH,GAAG,MAAM,CAAC,GAAG;gBACb,IAAI,EAAE,gBAAgB;aACvB;YACD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,YAAY;YACrB,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,YAAY;SACzB,CAAC;IACJ,CAAC;IAEO,SAAS,CAAC,MAAqB;QACrC,MAAM,IAAI,GAAa,EAAE,CAAC;QAE1B,mCAAmC;QACnC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE9B,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAE/B,4CAA4C;QAC5C,KAAK,MAAM,IAAI,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC;YAClD,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE9B,6BAA6B;QAC7B,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACxC,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAErC,wBAAwB;QACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;QAEhD,UAAU;QACV,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAE1B,OAAO,IAAI,CAAC;IACd,CAAC;;AAtGH,8CAuGC;AApGyB,8BAAY,GAAG;IACrC,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,OAAO;IACP,kBAAkB;IAClB,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,UAAU;IACV,sBAAsB;CACvB,AAZmC,CAYlC","sourcesContent":["/**\n * Bubblewrap Sandbox (Linux)\n *\n * Uses Linux namespaces via bubblewrap for process isolation.\n */\nimport { spawn } from 'child_process';\nimport { existsSync } from 'fs';\nimport { execSync } from 'child_process';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { Sandbox, SandboxConfig, SandboxResult } from './types';\n\nlet bwrapAvailable: boolean | undefined;\n\nexport class BubblewrapSandbox implements Sandbox {\n protected readonly logger = getLoggerFor(this);\n\n private static readonly SYSTEM_PATHS = [\n '/usr',\n '/lib',\n '/lib64',\n '/bin',\n '/sbin',\n '/etc/resolv.conf',\n '/etc/hosts',\n '/etc/passwd',\n '/etc/group',\n '/etc/ssl',\n '/etc/ca-certificates',\n ];\n\n public isAvailable(): boolean {\n if (bwrapAvailable === undefined) {\n try {\n execSync('which bwrap', { stdio: 'ignore' });\n bwrapAvailable = true;\n } catch {\n bwrapAvailable = false;\n }\n }\n return bwrapAvailable;\n }\n\n public launch(config: SandboxConfig): SandboxResult {\n const args = this.buildArgs(config);\n\n this.logger.info(`Launching bubblewrap sandbox: ${config.command}`);\n\n const childProcess = spawn('bwrap', args, {\n env: {\n ...config.env,\n TERM: 'xterm-256color',\n },\n stdio: ['pipe', 'pipe', 'pipe'],\n });\n\n return {\n process: childProcess,\n sandboxed: true,\n technology: 'bubblewrap',\n };\n }\n\n private buildArgs(config: SandboxConfig): string[] {\n const args: string[] = [];\n\n // Unshare namespaces for isolation\n args.push('--unshare-user');\n args.push('--unshare-pid');\n args.push('--unshare-uts');\n args.push('--unshare-ipc');\n args.push('--unshare-cgroup');\n\n if (config.isolateNetwork) {\n args.push('--unshare-net');\n }\n\n args.push('--die-with-parent');\n\n // Mount essential system paths as read-only\n for (const path of BubblewrapSandbox.SYSTEM_PATHS) {\n if (existsSync(path)) {\n args.push('--ro-bind', path, path);\n }\n }\n\n // Mount /dev, /proc, /tmp\n args.push('--dev', '/dev');\n args.push('--proc', '/proc');\n args.push('--tmpfs', '/tmp');\n args.push('--tmpfs', '/home');\n\n // Additional read-only paths\n if (config.readonlyPaths) {\n for (const path of config.readonlyPaths) {\n if (existsSync(path)) {\n args.push('--ro-bind', path, path);\n }\n }\n }\n\n // Mount the working directory with write access\n args.push('--bind', config.workdir, config.workdir);\n args.push('--chdir', config.workdir);\n\n // Environment variables\n for (const [key, value] of Object.entries(config.env)) {\n args.push('--setenv', key, value);\n }\n args.push('--setenv', 'TERM', 'xterm-256color');\n\n // Command\n args.push(config.command);\n args.push(...config.args);\n\n return args;\n }\n}\n"]}
package/dist/terminal/sandbox/MacOSSandbox.d.ts ADDED
@@ -0,0 +1,19 @@
1
+ import type { Sandbox, SandboxConfig, SandboxResult } from './types';
2
+ export declare class MacOSSandbox implements Sandbox {
3
+ protected readonly logger: import("global-logger-factory").Logger<unknown>;
4
+ isAvailable(): boolean;
5
+ launch(config: SandboxConfig): SandboxResult;
6
+ /**
7
+ * Create a Seatbelt profile for the sandbox.
8
+ *
9
+ * Strategy: Allow most operations by default, then deny writes outside workdir.
10
+ * This is more robust than deny-by-default which breaks many macOS subsystems.
11
+ *
12
+ * Profile:
13
+ * - Allow default (reading, processes, etc.)
14
+ * - Deny writes to root filesystem
15
+ * - Allow writes only to: workdir, temp dirs, var/folders
16
+ * - Optionally deny network
17
+ */
18
+ private createProfile;
19
+ }
package/dist/terminal/sandbox/MacOSSandbox.js ADDED
@@ -0,0 +1,120 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.MacOSSandbox = void 0;
4
+ /**
5
+ * macOS Sandbox (sandbox-exec / Seatbelt)
6
+ *
7
+ * Uses macOS sandbox-exec with Seatbelt profiles for process isolation.
8
+ */
9
+ const child_process_1 = require("child_process");
10
+ const fs_1 = require("fs");
11
+ const os_1 = require("os");
12
+ const path_1 = require("path");
13
+ const crypto_1 = require("crypto");
14
+ const global_logger_factory_1 = require("global-logger-factory");
15
+ let sandboxExecAvailable;
16
+ class MacOSSandbox {
17
+ constructor() {
18
+ this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
19
+ }
20
+ isAvailable() {
21
+ if (sandboxExecAvailable === undefined) {
22
+ try {
23
+ // Check if we're on macOS and sandbox-exec exists
24
+ if (process.platform !== 'darwin') {
25
+ sandboxExecAvailable = false;
26
+ }
27
+ else {
28
+ (0, child_process_1.execSync)('which sandbox-exec', { stdio: 'ignore' });
29
+ sandboxExecAvailable = true;
30
+ }
31
+ }
32
+ catch {
33
+ sandboxExecAvailable = false;
34
+ }
35
+ }
36
+ return sandboxExecAvailable;
37
+ }
38
+ launch(config) {
39
+ const profilePath = this.createProfile(config);
40
+ this.logger.info(`Launching macOS sandbox: ${config.command}`);
41
+ const childProcess = (0, child_process_1.spawn)('sandbox-exec', ['-f', profilePath, config.command, ...config.args], {
42
+ cwd: config.workdir,
43
+ env: {
44
+ ...process.env,
45
+ ...config.env,
46
+ TERM: 'xterm-256color',
47
+ },
48
+ stdio: ['pipe', 'pipe', 'pipe'],
49
+ });
50
+ // Clean up profile after process exits
51
+ childProcess.on('exit', () => {
52
+ try {
53
+ (0, fs_1.unlinkSync)(profilePath);
54
+ }
55
+ catch {
56
+ // Ignore cleanup errors
57
+ }
58
+ });
59
+ return {
60
+ process: childProcess,
61
+ sandboxed: true,
62
+ technology: 'sandbox-exec',
63
+ };
64
+ }
65
+ /**
66
+ * Create a Seatbelt profile for the sandbox.
67
+ *
68
+ * Strategy: Allow most operations by default, then deny writes outside workdir.
69
+ * This is more robust than deny-by-default which breaks many macOS subsystems.
70
+ *
71
+ * Profile:
72
+ * - Allow default (reading, processes, etc.)
73
+ * - Deny writes to root filesystem
74
+ * - Allow writes only to: workdir, temp dirs, var/folders
75
+ * - Optionally deny network
76
+ */
77
+ createProfile(config) {
78
+ const profileId = (0, crypto_1.randomUUID)().replace(/-/g, '').slice(0, 8);
79
+ const profilePath = (0, path_1.join)((0, os_1.tmpdir)(), `xpod-sandbox-${profileId}.sb`);
80
+ const rules = [
81
+ '(version 1)',
82
+ '',
83
+ '; Allow most operations by default (macOS needs many subsystems)',
84
+ '(allow default)',
85
+ '',
86
+ '; Deny writes to the entire filesystem by default',
87
+ '(deny file-write* (subpath "/"))',
88
+ '',
89
+ '; Allow writes to workdir',
90
+ `(allow file-write* (subpath "${config.workdir}"))`,
91
+ '',
92
+ '; Allow writes to temp directories',
93
+ '(allow file-write* (subpath "/private/tmp"))',
94
+ '(allow file-write* (subpath "/tmp"))',
95
+ `(allow file-write* (subpath "${(0, os_1.tmpdir)()}"))`,
96
+ '(allow file-write* (subpath "/var/folders"))',
97
+ '(allow file-write* (subpath "/private/var/folders"))',
98
+ ];
99
+ // Network isolation
100
+ if (config.isolateNetwork) {
101
+ rules.push('');
102
+ rules.push('; Deny network access');
103
+ rules.push('(deny network*)');
104
+ }
105
+ // Additional read-only paths (already readable by default)
106
+ if (config.readonlyPaths) {
107
+ rules.push('');
108
+ rules.push('; Additional read-only paths (already allowed by default)');
109
+ for (const p of config.readonlyPaths) {
110
+ rules.push(`; readonly: ${p}`);
111
+ }
112
+ }
113
+ const profile = rules.join('\n');
114
+ (0, fs_1.writeFileSync)(profilePath, profile);
115
+ this.logger.debug(`Created sandbox profile: ${profilePath}`);
116
+ return profilePath;
117
+ }
118
+ }
119
+ exports.MacOSSandbox = MacOSSandbox;
120
+ //# sourceMappingURL=MacOSSandbox.js.map
package/dist/terminal/sandbox/MacOSSandbox.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"MacOSSandbox.js","sourceRoot":"","sources":["../../../src/terminal/sandbox/MacOSSandbox.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,iDAAgD;AAChD,2BAA+C;AAC/C,2BAA4B;AAC5B,+BAA4B;AAC5B,mCAAoC;AACpC,iEAAqD;AAGrD,IAAI,oBAAyC,CAAC;AAE9C,MAAa,YAAY;IAAzB;QACqB,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;IA4GjD,CAAC;IA1GQ,WAAW;QAChB,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACvC,IAAI,CAAC;gBACH,kDAAkD;gBAClD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAClC,oBAAoB,GAAG,KAAK,CAAC;gBAC/B,CAAC;qBAAM,CAAC;oBACN,IAAA,wBAAQ,EAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;oBACpD,oBAAoB,GAAG,IAAI,CAAC;gBAC9B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oBAAoB,GAAG,KAAK,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAEM,MAAM,CAAC,MAAqB;QACjC,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/D,MAAM,YAAY,GAAG,IAAA,qBAAK,EAAC,cAAc,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE;YAC9F,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,GAAG,MAAM,CAAC,GAAG;gBACb,IAAI,EAAE,gBAAgB;aACvB;YACD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,uCAAuC;QACvC,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC;gBACH,IAAA,eAAU,EAAC,WAAW,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,YAAY;YACrB,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,cAAc;SAC3B,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACK,aAAa,CAAC,MAAqB;QACzC,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,IAAA,WAAM,GAAE,EAAE,gBAAgB,SAAS,KAAK,CAAC,CAAC;QAEnE,MAAM,KAAK,GAAa;YACtB,aAAa;YACb,EAAE;YACF,kEAAkE;YAClE,iBAAiB;YACjB,EAAE;YACF,mDAAmD;YACnD,kCAAkC;YAClC,EAAE;YACF,2BAA2B;YAC3B,gCAAgC,MAAM,CAAC,OAAO,KAAK;YACnD,EAAE;YACF,oCAAoC;YACpC,8CAA8C;YAC9C,sCAAsC;YACtC,gCAAgC,IAAA,WAAM,GAAE,KAAK;YAC7C,8CAA8C;YAC9C,sDAAsD;SACvD,CAAC;QAEF,oBAAoB;QACpB,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAChC,CAAC;QAED,2DAA2D;QAC3D,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;YACxE,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACrC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAA,kBAAa,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEpC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,WAAW,EAAE,CAAC,CAAC;QAC7D,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AA7GD,oCA6GC","sourcesContent":["/**\n * macOS Sandbox (sandbox-exec / Seatbelt)\n *\n * Uses macOS sandbox-exec with Seatbelt profiles for process isolation.\n */\nimport { spawn, execSync } from 'child_process';\nimport { writeFileSync, unlinkSync } from 'fs';\nimport { tmpdir } from 'os';\nimport { join } from 'path';\nimport { randomUUID } from 'crypto';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { Sandbox, SandboxConfig, SandboxResult } from './types';\n\nlet sandboxExecAvailable: boolean | undefined;\n\nexport class MacOSSandbox implements Sandbox {\n protected readonly logger = getLoggerFor(this);\n\n public isAvailable(): boolean {\n if (sandboxExecAvailable === undefined) {\n try {\n // Check if we're on macOS and sandbox-exec exists\n if (process.platform !== 'darwin') {\n sandboxExecAvailable = false;\n } else {\n execSync('which sandbox-exec', { stdio: 'ignore' });\n sandboxExecAvailable = true;\n }\n } catch {\n sandboxExecAvailable = false;\n }\n }\n return sandboxExecAvailable;\n }\n\n public launch(config: SandboxConfig): SandboxResult {\n const profilePath = this.createProfile(config);\n\n this.logger.info(`Launching macOS sandbox: ${config.command}`);\n\n const childProcess = spawn('sandbox-exec', ['-f', profilePath, config.command, ...config.args], {\n cwd: config.workdir,\n env: {\n ...process.env,\n ...config.env,\n TERM: 'xterm-256color',\n },\n stdio: ['pipe', 'pipe', 'pipe'],\n });\n\n // Clean up profile after process exits\n childProcess.on('exit', () => {\n try {\n unlinkSync(profilePath);\n } catch {\n // Ignore cleanup errors\n }\n });\n\n return {\n process: childProcess,\n sandboxed: true,\n technology: 'sandbox-exec',\n };\n }\n\n /**\n * Create a Seatbelt profile for the sandbox.\n *\n * Strategy: Allow most operations by default, then deny writes outside workdir.\n * This is more robust than deny-by-default which breaks many macOS subsystems.\n *\n * Profile:\n * - Allow default (reading, processes, etc.)\n * - Deny writes to root filesystem\n * - Allow writes only to: workdir, temp dirs, var/folders\n * - Optionally deny network\n */\n private createProfile(config: SandboxConfig): string {\n const profileId = randomUUID().replace(/-/g, '').slice(0, 8);\n const profilePath = join(tmpdir(), `xpod-sandbox-${profileId}.sb`);\n\n const rules: string[] = [\n '(version 1)',\n '',\n '; Allow most operations by default (macOS needs many subsystems)',\n '(allow default)',\n '',\n '; Deny writes to the entire filesystem by default',\n '(deny file-write* (subpath \"/\"))',\n '',\n '; Allow writes to workdir',\n `(allow file-write* (subpath \"${config.workdir}\"))`,\n '',\n '; Allow writes to temp directories',\n '(allow file-write* (subpath \"/private/tmp\"))',\n '(allow file-write* (subpath \"/tmp\"))',\n `(allow file-write* (subpath \"${tmpdir()}\"))`,\n '(allow file-write* (subpath \"/var/folders\"))',\n '(allow file-write* (subpath \"/private/var/folders\"))',\n ];\n\n // Network isolation\n if (config.isolateNetwork) {\n rules.push('');\n rules.push('; Deny network access');\n rules.push('(deny network*)');\n }\n\n // Additional read-only paths (already readable by default)\n if (config.readonlyPaths) {\n rules.push('');\n rules.push('; Additional read-only paths (already allowed by default)');\n for (const p of config.readonlyPaths) {\n rules.push(`; readonly: ${p}`);\n }\n }\n\n const profile = rules.join('\\n');\n writeFileSync(profilePath, profile);\n\n this.logger.debug(`Created sandbox profile: ${profilePath}`);\n return profilePath;\n }\n}\n"]}
package/dist/terminal/sandbox/index.d.ts ADDED
@@ -0,0 +1,29 @@
1
+ import type { Sandbox, SandboxConfig, SandboxResult } from './types';
2
+ export * from './types';
3
+ export { BubblewrapSandbox } from './BubblewrapSandbox';
4
+ export { MacOSSandbox } from './MacOSSandbox';
5
+ /**
6
+ * Sandbox Factory
7
+ */
8
+ export declare class SandboxFactory {
9
+ protected static readonly logger: import("global-logger-factory").Logger<unknown>;
10
+ private static bubblewrap;
11
+ private static macos;
12
+ private static noSandbox;
13
+ /**
14
+ * Get the best available sandbox for the current platform.
15
+ */
16
+ static getSandbox(): Sandbox;
17
+ /**
18
+ * Launch a sandboxed process.
19
+ */
20
+ static launch(config: SandboxConfig): SandboxResult;
21
+ /**
22
+ * Check if sandbox is available.
23
+ */
24
+ static isAvailable(): boolean;
25
+ /**
26
+ * Get the sandbox technology name.
27
+ */
28
+ static getTechnology(): 'bubblewrap' | 'sandbox-exec' | 'none';
29
+ }