@vellumai/credential-executor 0.4.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Dockerfile +55 -0
- package/bun.lock +37 -0
- package/package.json +32 -0
- package/src/__tests__/command-executor.test.ts +1333 -0
- package/src/__tests__/command-validator.test.ts +708 -0
- package/src/__tests__/command-workspace.test.ts +997 -0
- package/src/__tests__/grant-store.test.ts +467 -0
- package/src/__tests__/http-executor.test.ts +1251 -0
- package/src/__tests__/http-policy.test.ts +970 -0
- package/src/__tests__/local-materializers.test.ts +826 -0
- package/src/__tests__/managed-materializers.test.ts +961 -0
- package/src/__tests__/toolstore.test.ts +539 -0
- package/src/__tests__/transport.test.ts +388 -0
- package/src/audit/store.ts +188 -0
- package/src/commands/auth-adapters.ts +169 -0
- package/src/commands/executor.ts +840 -0
- package/src/commands/output-scan.ts +157 -0
- package/src/commands/profiles.ts +282 -0
- package/src/commands/validator.ts +438 -0
- package/src/commands/workspace.ts +512 -0
- package/src/grants/index.ts +17 -0
- package/src/grants/persistent-store.ts +247 -0
- package/src/grants/rpc-handlers.ts +269 -0
- package/src/grants/temporary-store.ts +219 -0
- package/src/http/audit.ts +84 -0
- package/src/http/executor.ts +540 -0
- package/src/http/path-template.ts +179 -0
- package/src/http/policy.ts +256 -0
- package/src/http/response-filter.ts +233 -0
- package/src/index.ts +106 -0
- package/src/main.ts +263 -0
- package/src/managed-main.ts +420 -0
- package/src/materializers/local.ts +300 -0
- package/src/materializers/managed-platform.ts +270 -0
- package/src/paths.ts +137 -0
- package/src/server.ts +636 -0
- package/src/subjects/local.ts +177 -0
- package/src/subjects/managed.ts +290 -0
- package/src/toolstore/integrity.ts +94 -0
- package/src/toolstore/manifest.ts +154 -0
- package/src/toolstore/publish.ts +342 -0
- package/tsconfig.json +20 -0
package/Dockerfile
ADDED
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# Build stage
|
|
2
|
+
FROM debian:trixie@sha256:3615a749858a1cba49b408fb49c37093db813321355a9ab7c1f9f4836341e9db AS builder
|
|
3
|
+
|
|
4
|
+
WORKDIR /app
|
|
5
|
+
|
|
6
|
+
# Install build dependencies
|
|
7
|
+
RUN apt-get update && apt-get install -y \
|
|
8
|
+
curl \
|
|
9
|
+
unzip \
|
|
10
|
+
&& rm -rf /var/lib/apt/lists/*
|
|
11
|
+
|
|
12
|
+
# Install bun
|
|
13
|
+
RUN curl -fsSL https://bun.sh/install | bash
|
|
14
|
+
ENV PATH="/root/.bun/bin:${PATH}"
|
|
15
|
+
|
|
16
|
+
# Copy shared packages first (needed for repo-local dependencies)
|
|
17
|
+
COPY packages/ces-contracts ./packages/ces-contracts
|
|
18
|
+
COPY packages/credential-storage ./packages/credential-storage
|
|
19
|
+
COPY packages/egress-proxy ./packages/egress-proxy
|
|
20
|
+
|
|
21
|
+
# Install credential-executor dependencies with local package resolution
|
|
22
|
+
COPY credential-executor/package.json credential-executor/bun.lock* ./credential-executor/
|
|
23
|
+
RUN cd /app/credential-executor && bun install --frozen-lockfile
|
|
24
|
+
|
|
25
|
+
# Copy credential-executor source
|
|
26
|
+
COPY credential-executor ./credential-executor
|
|
27
|
+
|
|
28
|
+
# Runtime stage
|
|
29
|
+
FROM debian:trixie-slim@sha256:1d3c811171a08a5adaa4a163fbafd96b61b87aa871bbc7aa15431ac275d3d430 AS runner
|
|
30
|
+
|
|
31
|
+
WORKDIR /app/credential-executor
|
|
32
|
+
|
|
33
|
+
RUN apt-get update && apt-get install -y \
|
|
34
|
+
ca-certificates \
|
|
35
|
+
&& rm -rf /var/lib/apt/lists/*
|
|
36
|
+
|
|
37
|
+
# Copy bun binary from builder
|
|
38
|
+
COPY --from=builder /root/.bun/bin/bun /usr/local/bin/bun
|
|
39
|
+
RUN ln -sf /usr/local/bin/bun /usr/local/bin/bunx
|
|
40
|
+
|
|
41
|
+
# Create non-root user
|
|
42
|
+
RUN groupadd --system --gid 1001 ces && \
|
|
43
|
+
useradd --system --uid 1001 --gid ces --create-home ces
|
|
44
|
+
|
|
45
|
+
# Copy built app from builder
|
|
46
|
+
COPY --from=builder --chown=ces:ces /app /app
|
|
47
|
+
|
|
48
|
+
USER ces
|
|
49
|
+
|
|
50
|
+
EXPOSE 7841
|
|
51
|
+
|
|
52
|
+
ENV CES_MODE=managed
|
|
53
|
+
ENV CES_HEALTH_PORT=7841
|
|
54
|
+
|
|
55
|
+
CMD ["bun", "run", "src/managed-main.ts"]
|
package/bun.lock
ADDED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
{
|
|
2
|
+
"lockfileVersion": 1,
|
|
3
|
+
"configVersion": 1,
|
|
4
|
+
"workspaces": {
|
|
5
|
+
"": {
|
|
6
|
+
"name": "@vellumai/credential-executor",
|
|
7
|
+
"dependencies": {
|
|
8
|
+
"@vellumai/ces-contracts": "file:../packages/ces-contracts",
|
|
9
|
+
"@vellumai/credential-storage": "file:../packages/credential-storage",
|
|
10
|
+
"@vellumai/egress-proxy": "file:../packages/egress-proxy",
|
|
11
|
+
},
|
|
12
|
+
"devDependencies": {
|
|
13
|
+
"@types/bun": "^1.2.4",
|
|
14
|
+
"typescript": "^5.7.3",
|
|
15
|
+
},
|
|
16
|
+
},
|
|
17
|
+
},
|
|
18
|
+
"packages": {
|
|
19
|
+
"@types/bun": ["@types/bun@1.3.10", "", { "dependencies": { "bun-types": "1.3.10" } }, "sha512-0+rlrUrOrTSskibryHbvQkDOWRJwJZqZlxrUs1u4oOoTln8+WIXBPmAuCF35SWB2z4Zl3E84Nl/D0P7803nigQ=="],
|
|
20
|
+
|
|
21
|
+
"@types/node": ["@types/node@25.5.0", "", { "dependencies": { "undici-types": "~7.18.0" } }, "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw=="],
|
|
22
|
+
|
|
23
|
+
"@vellumai/ces-contracts": ["@vellumai/ces-contracts@file:../packages/ces-contracts", { "dependencies": { "zod": "^4.3.6" }, "devDependencies": { "@types/bun": "^1.2.4", "typescript": "^5.7.3" } }],
|
|
24
|
+
|
|
25
|
+
"@vellumai/credential-storage": ["@vellumai/credential-storage@file:../packages/credential-storage", { "devDependencies": { "@types/bun": "^1.2.4", "typescript": "^5.7.3" } }],
|
|
26
|
+
|
|
27
|
+
"@vellumai/egress-proxy": ["@vellumai/egress-proxy@file:../packages/egress-proxy", { "devDependencies": { "@types/bun": "^1.2.4", "typescript": "^5.7.3" } }],
|
|
28
|
+
|
|
29
|
+
"bun-types": ["bun-types@1.3.10", "", { "dependencies": { "@types/node": "*" } }, "sha512-tcpfCCl6XWo6nCVnpcVrxQ+9AYN1iqMIzgrSKYMB/fjLtV2eyAVEg7AxQJuCq/26R6HpKWykQXuSOq/21RYcbg=="],
|
|
30
|
+
|
|
31
|
+
"typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
|
|
32
|
+
|
|
33
|
+
"undici-types": ["undici-types@7.18.2", "", {}, "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w=="],
|
|
34
|
+
|
|
35
|
+
"zod": ["zod@4.3.6", "", {}, "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg=="],
|
|
36
|
+
}
|
|
37
|
+
}
|
package/package.json
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@vellumai/credential-executor",
|
|
3
|
+
"version": "0.4.55",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"exports": {
|
|
6
|
+
".": "./src/index.ts"
|
|
7
|
+
},
|
|
8
|
+
"bin": {
|
|
9
|
+
"credential-executor": "./src/main.ts",
|
|
10
|
+
"credential-executor-managed": "./src/managed-main.ts"
|
|
11
|
+
},
|
|
12
|
+
"scripts": {
|
|
13
|
+
"dev": "bun run src/main.ts",
|
|
14
|
+
"dev:managed": "CES_MODE=managed bun run src/managed-main.ts",
|
|
15
|
+
"typecheck": "bunx tsc --noEmit",
|
|
16
|
+
"test": "bun test src/"
|
|
17
|
+
},
|
|
18
|
+
"dependencies": {
|
|
19
|
+
"@vellumai/ces-contracts": "file:../packages/ces-contracts",
|
|
20
|
+
"@vellumai/credential-storage": "file:../packages/credential-storage",
|
|
21
|
+
"@vellumai/egress-proxy": "file:../packages/egress-proxy"
|
|
22
|
+
},
|
|
23
|
+
"bundledDependencies": [
|
|
24
|
+
"@vellumai/ces-contracts",
|
|
25
|
+
"@vellumai/credential-storage",
|
|
26
|
+
"@vellumai/egress-proxy"
|
|
27
|
+
],
|
|
28
|
+
"devDependencies": {
|
|
29
|
+
"@types/bun": "^1.2.4",
|
|
30
|
+
"typescript": "^5.7.3"
|
|
31
|
+
}
|
|
32
|
+
}
|