npm - @xopcai/xopc - Versions diffs - 0.0.27 → 0.0.29 - Mend

@xopcai/xopc 0.0.27 → 0.0.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (239) hide show

package/dist/src/gateway/agents-admin.js CHANGED Viewed

@@ -7,7 +7,7 @@ import { seedWorkspaceBootstrapFiles } from "../agent/context/workspace-seed.js"
 import { applyAgentConfig, findAgentEntryIndex, pruneAgentConfig, removeAgentDirsFromDisk } from "../commands/agents.config.js";
 import { GATEWAY_BUILTIN_TOOL_IDS } from "./agent-builtin-tools.js";
 import { join, resolve } from "node:path";
-import { mkdir, readFile, realpath, stat, writeFile } from "node:fs/promises";
+import { mkdir, readFile, realpath, stat, unlink, writeFile } from "node:fs/promises";
 //#region src/gateway/agents-admin.ts
 /**
 * Gateway REST helpers for multi-agent management.
@@ -29,7 +29,17 @@ function collectAgentIdsForList(cfg) {
 	ids.add(defaultId);
 	return [...ids];
 }
-function listGatewayAgents(cfg) {
+/** Extract `**Avatar:**` value from bootstrap IDENTITY.md (same line shape as the gateway console parser). */
+function extractAvatarFromIdentityMarkdown(content) {
+	for (const line of content.split("\n")) {
+		const match = line.match(/^[-*]\s+\*\*Avatar:\*\*\s*(.*)/i);
+		if (match) {
+			const v = match[1]?.trim() ?? "";
+			return v.length > 0 ? v : void 0;
+		}
+	}
+}
+async function listGatewayAgents(cfg) {
 	const defaultId = resolveDefaultAgentId(cfg);
 	const agents = [];
 	const defaultsSkills = cfg.agents?.defaults?.skills;
@@ -43,10 +53,15 @@ function listGatewayAgents(cfg) {
 		} : void 0;
 		const entrySkills = entry?.skills;
 		const entryDisable = entry?.tools?.disable ?? [];
+		let avatar;
+		try {
+			avatar = extractAvatarFromIdentityMarkdown(await readFile(join(resolveAgentBootstrapDir(cfg, id), WORKSPACE_FILES.IDENTITY), "utf-8"));
+		} catch {}
 		agents.push({
 			id,
 			...entry?.name?.trim() ? { name: entry.name.trim() } : {},
 			...entry?.description?.trim() ? { description: entry.description.trim() } : {},
+			...avatar ? { avatar } : {},
 			workspace: profile.resolvedWorkspacePath,
 			bootstrapDir: resolveAgentBootstrapDir(cfg, id),
 			...model ? { model } : {},
@@ -338,7 +353,153 @@ async function writeAgentBootstrapFile(cfg, agentId, name, content) {
 		}
 	};
 }
+const AGENT_AVATAR_MAX_BYTES = 512 * 1024;
+const AGENT_AVATAR_BASENAME = "agent-avatar";
+const AGENT_AVATAR_EXTENSIONS = [
+	".png",
+	".jpg",
+	".jpeg",
+	".webp"
+];
+function agentAvatarFilenames() {
+	return AGENT_AVATAR_EXTENSIONS.map((ext) => `${AGENT_AVATAR_BASENAME}${ext}`);
+}
+function mimeToExt(mime) {
+	const m = mime.toLowerCase().trim();
+	if (m === "image/png") return ".png";
+	if (m === "image/jpeg" || m === "image/jpg") return ".jpg";
+	if (m === "image/webp") return ".webp";
+	return null;
+}
+function detectImageMimeFromBytes(buf) {
+	if (buf.length >= 8 && buf[0] === 137 && buf[1] === 80 && buf[2] === 78 && buf[3] === 71) return "image/png";
+	if (buf.length >= 3 && buf[0] === 255 && buf[1] === 216 && buf[2] === 255) return "image/jpeg";
+	if (buf.length >= 12 && buf[0] === 82 && buf[1] === 73 && buf[2] === 70 && buf[3] === 70 && buf[8] === 87 && buf[9] === 69 && buf[10] === 66 && buf[11] === 80) return "image/webp";
+	return null;
+}
+function assertAgentExistsForAvatar(cfg, id) {
+	if (collectAgentIdsForList(cfg).every((x) => x !== id)) return {
+		ok: false,
+		error: `agent "${id}" not found`,
+		status: 404
+	};
+	return null;
+}
+async function readAgentAvatarFile(cfg, agentId) {
+	const missingAgent = assertAgentExistsForAvatar(cfg, agentId);
+	if (missingAgent) return missingAgent;
+	const id = normalizeAgentId(agentId);
+	const root = await bootstrapRootReal(cfg, id);
+	for (const name of agentAvatarFilenames()) {
+		const abs = resolveWorkspaceSafePath(root, name);
+		if (!abs) continue;
+		try {
+			const st = await stat(abs);
+			if (!st.isFile() || st.size <= 0 || st.size > AGENT_AVATAR_MAX_BYTES) continue;
+			const buffer = await readFile(abs);
+			const detected = detectImageMimeFromBytes(buffer);
+			if (!detected) continue;
+			return {
+				ok: true,
+				data: {
+					agentId: id,
+					buffer,
+					contentType: detected,
+					path: abs
+				}
+			};
+		} catch {}
+	}
+	return {
+		ok: false,
+		error: "avatar not found",
+		status: 404
+	};
+}
+async function writeAgentAvatarFromBase64(cfg, agentId, base64, mimeType) {
+	const missingAgent = assertAgentExistsForAvatar(cfg, agentId);
+	if (missingAgent) return missingAgent;
+	const id = normalizeAgentId(agentId);
+	const ext = mimeToExt(mimeType);
+	if (!ext) return {
+		ok: false,
+		error: "unsupported mimeType (use image/png, image/jpeg, or image/webp)",
+		status: 400
+	};
+	let raw;
+	try {
+		raw = Buffer.from(base64, "base64");
+	} catch {
+		return {
+			ok: false,
+			error: "invalid base64",
+			status: 400
+		};
+	}
+	if (raw.length === 0 || raw.length > AGENT_AVATAR_MAX_BYTES) return {
+		ok: false,
+		error: `avatar must be non-empty and at most ${AGENT_AVATAR_MAX_BYTES} bytes`,
+		status: 400
+	};
+	const detected = detectImageMimeFromBytes(raw);
+	if (!detected || !extMatchesDetectedMime(ext, detected)) return {
+		ok: false,
+		error: "file content does not match declared image type",
+		status: 400
+	};
+	const root = await bootstrapRootReal(cfg, id);
+	const rootReal = await bootstrapRootReal(cfg, id);
+	const targetName = `${AGENT_AVATAR_BASENAME}${ext}`;
+	const abs = resolveWorkspaceSafePath(root, targetName);
+	if (!abs || !isPathUnderWorkspace(rootReal, abs)) return {
+		ok: false,
+		error: "invalid path",
+		status: 400
+	};
+	for (const name of agentAvatarFilenames()) {
+		if (name === targetName) continue;
+		const other = resolveWorkspaceSafePath(root, name);
+		if (other && isPathUnderWorkspace(rootReal, other)) try {
+			await unlink(other);
+		} catch {}
+	}
+	await writeFile(abs, raw);
+	return {
+		ok: true,
+		data: {
+			agentId: id,
+			path: abs
+		}
+	};
+}
+function mimeToExtToMime(ext) {
+	if (ext === ".png") return "image/png";
+	if (ext === ".webp") return "image/webp";
+	return "image/jpeg";
+}
+function extMatchesDetectedMime(ext, detected) {
+	return detected === mimeToExtToMime(ext);
+}
+/** Remove any `agent-avatar.*` in the agent bootstrap dir. Idempotent: ok even when no file existed. */
+async function deleteAgentAvatarFile(cfg, agentId) {
+	const missingAgent = assertAgentExistsForAvatar(cfg, agentId);
+	if (missingAgent) return missingAgent;
+	const id = normalizeAgentId(agentId);
+	const root = await bootstrapRootReal(cfg, id);
+	const rootReal = await bootstrapRootReal(cfg, id);
+	for (const name of agentAvatarFilenames()) {
+		const abs = resolveWorkspaceSafePath(root, name);
+		if (!abs || !isPathUnderWorkspace(rootReal, abs)) continue;
+		try {
+			await unlink(abs);
+		} catch {}
+	}
+	return {
+		ok: true,
+		data: { agentId: id }
+	};
+}
 //#endregion
-export { finalizeCreateAgentDirs, listAgentBootstrapFiles, listGatewayAgents, prepareCreateAgent, prepareDeleteAgent, prepareUpdateAgent, readAgentBootstrapFile, runAfterDeletePurge, writeAgentBootstrapFile };
+export { deleteAgentAvatarFile, extractAvatarFromIdentityMarkdown, finalizeCreateAgentDirs, listAgentBootstrapFiles, listGatewayAgents, prepareCreateAgent, prepareDeleteAgent, prepareUpdateAgent, readAgentAvatarFile, readAgentBootstrapFile, runAfterDeletePurge, writeAgentAvatarFromBase64, writeAgentBootstrapFile };
 //# sourceMappingURL=agents-admin.js.map

package/dist/src/gateway/agents-admin.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"agents-admin.js","names":["pathResolve"],"sources":["../../../src/gateway/agents-admin.ts"],"sourcesContent":["/*\n Gateway REST helpers for multi-agent management.\n /\n\nimport { mkdir, readFile, realpath, stat, writeFile } from 'node:fs/promises';\nimport { join, resolve as pathResolve } from 'node:path';\n\nimport {\n DEFAULT_AGENT_ID,\n listAgentEntries,\n normalizeAgentId,\n resolveAgentBootstrapDir,\n resolveAgentDir,\n resolveAgentWorkspaceDir,\n resolveDefaultAgentId,\n resolveUserPath,\n validateAgentIdForNewAgent,\n} from '../agent/agent-scope.js';\nimport { BOOTSTRAP_FILES } from '../agent/context/workspace.js';\nimport { seedWorkspaceBootstrapFiles } from '../agent/context/workspace-seed.js';\nimport {\n applyAgentConfig,\n findAgentEntryIndex,\n pruneAgentConfig,\n removeAgentDirsFromDisk,\n} from '../commands/agents.config.js';\nimport type { Config } from '../config/schema.js';\nimport { WORKSPACE_FILES } from '../config/paths.js';\nimport { resolveEffectiveAgentProfile } from '../config/agent-profile.js';\nimport { GATEWAY_BUILTIN_TOOL_IDS } from './agent-builtin-tools.js';\nimport { isPathUnderWorkspace, resolveWorkspaceSafePath } from './workspace-editor-path.js';\n\nconst EDITABLE_BOOTSTRAP_NAMES = new Set<string>([\n ...BOOTSTRAP_FILES,\n WORKSPACE_FILES.BOOTSTRAP,\n WORKSPACE_FILES.CONTEXT,\n WORKSPACE_FILES.SKILLS,\n]);\n\nexport type GatewayAgentRow = {\n id: string;\n name?: string;\n description?: string;\n workspace: string;\n bootstrapDir: string;\n model?: { primary?: string; fallbacks?: string[] };\n isDefault: boolean;\n skills: {\n defaults: string[];\n entry?: string[];\n effectiveAllowlist?: string[];\n };\n tools: {\n defaultsDisable: string[];\n entryDisable: string[];\n effectiveDisable: string[];\n };\n};\n\nexport type GatewayAgentsListResponse = {\n defaultId: string;\n agents: GatewayAgentRow[];\n builtinToolIds: string[];\n};\n\nfunction collectAgentIdsForList(cfg: Config): string[] {\n const entries = listAgentEntries(cfg).filter((e) => e.enabled !== false);\n const defaultId = resolveDefaultAgentId(cfg);\n if (entries.length === 0) {\n return [defaultId];\n }\n const ids = new Set<string>();\n for (const e of entries) {\n ids.add(normalizeAgentId(e.id));\n }\n ids.add(defaultId);\n return [...ids];\n}\n\nexport function listGatewayAgents(cfg: Config): GatewayAgentsListResponse {\n const defaultId = resolveDefaultAgentId(cfg);\n const agents: GatewayAgentRow[] = [];\n const defaultsSkills = cfg.agents?.defaults?.skills;\n const defaultsDisable = cfg.agents?.defaults?.tools?.disable ?? [];\n for (const id of collectAgentIdsForList(cfg)) {\n const profile = resolveEffectiveAgentProfile(cfg, id);\n const entry = listAgentEntries(cfg).find((e) => normalizeAgentId(e.id) === id);\n const model =\n profile.primaryModelRef \|\| profile.fallbacks.length > 0\n ? {\n ...(profile.primaryModelRef ? { primary: profile.primaryModelRef } : {}),\n ...(profile.fallbacks.length > 0 ? { fallbacks: profile.fallbacks } : {}),\n }\n : undefined;\n const entrySkills = entry?.skills;\n const entryDisable = entry?.tools?.disable ?? [];\n agents.push({\n id,\n ...(entry?.name?.trim() ? { name: entry.name.trim() } : {}),\n ...(entry?.description?.trim() ? { description: entry.description.trim() } : {}),\n workspace: profile.resolvedWorkspacePath,\n bootstrapDir: resolveAgentBootstrapDir(cfg, id),\n ...(model ? { model } : {}),\n isDefault: id === defaultId,\n skills: {\n defaults: defaultsSkills ? [...defaultsSkills] : [],\n ...(entrySkills !== undefined ? { entry: [...entrySkills] } : {}),\n ...(profile.skillsAllowlist !== undefined\n ? { effectiveAllowlist: [...profile.skillsAllowlist] }\n : {}),\n },\n tools: {\n defaultsDisable: [...defaultsDisable],\n entryDisable: [...entryDisable],\n effectiveDisable: [...profile.tools.disable].sort((a, b) => a.localeCompare(b)),\n },\n });\n }\n agents.sort((a, b) => a.id.localeCompare(b.id));\n return { defaultId, agents, builtinToolIds: [...GATEWAY_BUILTIN_TOOL_IDS] };\n}\n\nexport type CreateAgentBody = {\n /* Display name stored on the agent entry. /\n name: string;\n /* Optional id seed; normalized agent id defaults from `name` when omitted. /\n id?: string;\n workspace: string;\n model?: string;\n agentDir?: string;\n description?: string;\n};\n\nexport type AgentAdminHttpStatus = 400 \| 404 \| 409;\n\nexport type AgentAdminResult<T> =\n \| { ok: true; data: T }\n \| { ok: false; error: string; status?: AgentAdminHttpStatus };\n\nfunction requireNonMain(id: string): AgentAdminResult<never> \| null {\n if (normalizeAgentId(id) === DEFAULT_AGENT_ID) {\n return { ok: false, error: `\"${DEFAULT_AGENT_ID}\" is reserved`, status: 400 };\n }\n return null;\n}\n\nexport function prepareCreateAgent(\n cfg: Config,\n body: CreateAgentBody,\n): AgentAdminResult<{ nextConfig: Config; agentId: string; workspace: string }> {\n const name = body.name?.trim() ?? '';\n if (!name) {\n return { ok: false, error: 'name is required', status: 400 };\n }\n const workspace = body.workspace?.trim() ?? '';\n if (!workspace) {\n return { ok: false, error: 'workspace is required', status: 400 };\n }\n const idRes = validateAgentIdForNewAgent(body.id, name);\n if (idRes.ok === false) {\n return { ok: false, error: idRes.error, status: 400 };\n }\n const agentId = idRes.agentId;\n if (findAgentEntryIndex(listAgentEntries(cfg), agentId) >= 0) {\n return { ok: false, error: `agent \"${agentId}\" already exists`, status: 409 };\n }\n const wsAbs = resolveUserPath(workspace);\n let next = applyAgentConfig(cfg, {\n agentId,\n name,\n workspace: wsAbs,\n ...(body.model?.trim() ? { model: body.model.trim() } : {}),\n ...(body.agentDir?.trim() ? { agentDir: body.agentDir.trim() } : {}),\n ...(body.description?.trim() ? { description: body.description.trim() } : {}),\n });\n return { ok: true, data: { nextConfig: next, agentId, workspace: wsAbs } };\n}\n\nexport async function finalizeCreateAgentDirs(cfg: Config, agentId: string): Promise<void> {\n const wsPath = resolveAgentWorkspaceDir(cfg, agentId);\n const adPath = resolveAgentDir(cfg, agentId);\n const bootstrapPath = resolveAgentBootstrapDir(cfg, agentId);\n await mkdir(wsPath, { recursive: true });\n await mkdir(adPath, { recursive: true });\n await mkdir(join(adPath, 'credentials'), { recursive: true });\n await mkdir(bootstrapPath, { recursive: true });\n const id = normalizeAgentId(agentId);\n const entry = listAgentEntries(cfg).find((e) => normalizeAgentId(e.id) === id);\n const displayName = entry?.name?.trim() \|\| id;\n seedWorkspaceBootstrapFiles(bootstrapPath, { displayName });\n}\n\nexport type UpdateAgentBody = {\n name?: string;\n description?: string \| null;\n workspace?: string;\n model?: string \| null;\n agentDir?: string \| null;\n setDefault?: boolean;\n /* Replace `agents.list[].skills`; `null` removes the key (inherit defaults). /\n skills?: string[] \| null;\n /* Replace `agents.list[].tools.disable`; `null` clears entry-level disables. */\n toolsDisable?: string[] \| null;\n};\n\nexport function prepareUpdateAgent(\n cfg: Config,\n agentIdRaw: string,\n body: UpdateAgentBody,\n): AgentAdminResult<{ nextConfig: Config }> {\n const agentId = normalizeAgentId(agentIdRaw);\n let list = [...listAgentEntries(cfg)];\n let idx = findAgentEntryIndex(list, agentId);\n if (idx < 0 && agentId === resolveDefaultAgentId(cfg)) {\n list = [...list, { id: agentId, enabled: true as const }];\n idx = list.length - 1;\n }\n if (idx < 0) {\n return { ok: false, error: `agent \"${agentId}\" not found`, status: 404 };\n }\n\n type Entry = (typeof list)[number];\n const entry: Entry = { ...list[idx] };\n\n if (body.name !== undefined) {\n const n = body.name.trim();\n if (n) {\n entry.name = n;\n }\n }\n if (body.description !== undefined) {\n if (body.description === null \|\| String(body.description).trim() === '') {\n delete entry.description;\n } else {\n entry.description = String(body.description).trim();\n }\n }\n if (body.workspace !== undefined) {\n const w = body.workspace.trim();\n if (w) {\n entry.workspace = resolveUserPath(w);\n }\n }\n if (body.model !== undefined) {\n if (body.model === null \|\| String(body.model).trim() === '') {\n delete entry.model;\n } else {\n entry.model = String(body.model).trim() as Entry['model'];\n }\n }\n if (body.agentDir !== undefined) {\n if (body.agentDir === null \|\| String(body.agentDir).trim() === '') {\n delete entry.agentDir;\n } else {\n entry.agentDir = String(body.agentDir).trim();\n }\n }\n\n if (body.skills !== undefined) {\n if (body.skills === null) {\n delete entry.skills;\n } else {\n const next = body.skills.map((s) => String(s).trim()).filter(Boolean);\n if (next.length === 0) {\n entry.skills = [];\n } else {\n entry.skills = next;\n }\n }\n }\n\n if (body.toolsDisable !== undefined) {\n if (body.toolsDisable === null) {\n if (entry.tools) {\n delete entry.tools.disable;\n if (Object.keys(entry.tools).length === 0) {\n delete entry.tools;\n }\n }\n } else {\n const next = body.toolsDisable.map((s) => String(s).trim()).filter(Boolean);\n entry.tools = { ...entry.tools, disable: next };\n }\n }\n\n list[idx] = entry;\n let next: Config = {\n ...cfg,\n agents: {\n ...cfg.agents,\n list,\n },\n };\n\n if (body.setDefault === true) {\n next = {\n ...next,\n agents: {\n ...next.agents,\n default: agentId,\n },\n };\n }\n return { ok: true, data: { nextConfig: next } };\n}\n\nexport function prepareDeleteAgent(\n cfg: Config,\n agentIdRaw: string,\n): AgentAdminResult<{ nextConfig: Config; agentId: string }> {\n const agentId = normalizeAgentId(agentIdRaw);\n const reserved = requireNonMain(agentId);\n if (reserved) {\n return reserved;\n }\n if (findAgentEntryIndex(listAgentEntries(cfg), agentId) < 0) {\n return { ok: false, error: `agent \"${agentId}\" not found`, status: 404 };\n }\n const { config: pruned } = pruneAgentConfig(cfg, agentId);\n return { ok: true, data: { nextConfig: pruned, agentId } };\n}\n\nexport async function runAfterDeletePurge(cfg: Config, agentId: string): Promise<void> {\n await removeAgentDirsFromDisk(cfg, agentId);\n}\n\nexport type AgentFileEntry = {\n name: string;\n missing: boolean;\n size?: number;\n updatedAtMs?: number;\n};\n\nasync function bootstrapRootReal(cfg: Config, agentId: string): Promise<string> {\n const dir = resolveAgentBootstrapDir(cfg, agentId);\n await mkdir(dir, { recursive: true });\n try {\n return await realpath(dir);\n } catch {\n return pathResolve(dir);\n }\n}\n\nfunction assertAllowedFile(name: string): AgentAdminResult<never> \| null {\n if (!name \|\| name.includes('/') \|\| name.includes('\\\\') \|\| !EDITABLE_BOOTSTRAP_NAMES.has(name)) {\n return { ok: false, error: `unsupported file \"${name}\"`, status: 400 };\n }\n return null;\n}\n\nexport async function listAgentBootstrapFiles(\n cfg: Config,\n agentId: string,\n): Promise<AgentAdminResult<{ agentId: string; bootstrapDir: string; files: AgentFileEntry[] }>> {\n const id = normalizeAgentId(agentId);\n if (collectAgentIdsForList(cfg).every((x) => x !== id)) {\n return { ok: false, error: `agent \"${id}\" not found`, status: 404 };\n }\n const root = await bootstrapRootReal(cfg, id);\n const names = [...EDITABLE_BOOTSTRAP_NAMES];\n const files: AgentFileEntry[] = [];\n for (const name of names.sort((a, b) => a.localeCompare(b))) {\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs) {\n continue;\n }\n try {\n const st = await stat(abs);\n if (!st.isFile()) {\n continue;\n }\n files.push({\n name,\n missing: false,\n size: st.size,\n updatedAtMs: st.mtimeMs,\n });\n } catch {\n files.push({ name, missing: true });\n }\n }\n files.sort((a, b) => a.name.localeCompare(b.name));\n return { ok: true, data: { agentId: id, bootstrapDir: root, files } };\n}\n\nexport async function readAgentBootstrapFile(\n cfg: Config,\n agentId: string,\n name: string,\n): Promise<AgentAdminResult<{ agentId: string; content: string; path: string }>> {\n const bad = assertAllowedFile(name);\n if (bad) {\n return bad;\n }\n const id = normalizeAgentId(agentId);\n if (collectAgentIdsForList(cfg).every((x) => x !== id)) {\n return { ok: false, error: `agent \"${id}\" not found`, status: 404 };\n }\n const root = await bootstrapRootReal(cfg, id);\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs) {\n return { ok: false, error: 'invalid path', status: 400 };\n }\n try {\n const content = await readFile(abs, 'utf-8');\n return { ok: true, data: { agentId: id, content, path: abs } };\n } catch {\n return { ok: false, error: 'file not found', status: 404 };\n }\n}\n\nexport async function writeAgentBootstrapFile(\n cfg: Config,\n agentId: string,\n name: string,\n content: string,\n): Promise<AgentAdminResult<{ agentId: string; path: string }>> {\n const bad = assertAllowedFile(name);\n if (bad) {\n return bad;\n }\n const id = normalizeAgentId(agentId);\n if (collectAgentIdsForList(cfg).every((x) => x !== id)) {\n return { ok: false, error: `agent \"${id}\" not found`, status: 404 };\n }\n const root = await bootstrapRootReal(cfg, id);\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs) {\n return { ok: false, error: 'invalid path', status: 400 };\n }\n const rootReal = await bootstrapRootReal(cfg, id);\n if (!isPathUnderWorkspace(rootReal, abs)) {\n return { ok: false, error: 'path escapes bootstrap root', status: 400 };\n }\n await writeFile(abs, content, 'utf-8');\n return { ok: true, data: { agentId: id, path: abs } };\n}\n"],"mappings":";;;;;;;;;;;;;;kBAiBiC;YAUoB;AAKrD,MAAM,2BAA2B,IAAI,IAAY;CAC/C,GAAG;CACH,gBAAgB;CAChB,gBAAgB;CAChB,gBAAgB;CACjB,CAAC;AA4BF,SAAS,uBAAuB,KAAuB;CACrD,MAAM,UAAU,iBAAiB,IAAI,CAAC,QAAQ,MAAM,EAAE,YAAY,MAAM;CACxE,MAAM,YAAY,sBAAsB,IAAI;AAC5C,KAAI,QAAQ,WAAW,EACrB,QAAO,CAAC,UAAU;CAEpB,MAAM,sBAAM,IAAI,KAAa;AAC7B,MAAK,MAAM,KAAK,QACd,KAAI,IAAI,iBAAiB,EAAE,GAAG,CAAC;AAEjC,KAAI,IAAI,UAAU;AAClB,QAAO,CAAC,GAAG,IAAI;;AAGjB,SAAgB,kBAAkB,KAAwC;CACxE,MAAM,YAAY,sBAAsB,IAAI;CAC5C,MAAM,SAA4B,EAAE;CACpC,MAAM,iBAAiB,IAAI,QAAQ,UAAU;CAC7C,MAAM,kBAAkB,IAAI,QAAQ,UAAU,OAAO,WAAW,EAAE;AAClE,MAAK,MAAM,MAAM,uBAAuB,IAAI,EAAE;EAC5C,MAAM,UAAU,6BAA6B,KAAK,GAAG;EACrD,MAAM,QAAQ,iBAAiB,IAAI,CAAC,MAAM,MAAM,iBAAiB,EAAE,GAAG,KAAK,GAAG;EAC9E,MAAM,QACJ,QAAQ,mBAAmB,QAAQ,UAAU,SAAS,IAClD;GACE,GAAI,QAAQ,kBAAkB,EAAE,SAAS,QAAQ,iBAAiB,GAAG,EAAE;GACvE,GAAI,QAAQ,UAAU,SAAS,IAAI,EAAE,WAAW,QAAQ,WAAW,GAAG,EAAE;GACzE,GACD,KAAA;EACN,MAAM,cAAc,OAAO;EAC3B,MAAM,eAAe,OAAO,OAAO,WAAW,EAAE;AAChD,SAAO,KAAK;GACV;GACA,GAAI,OAAO,MAAM,MAAM,GAAG,EAAE,MAAM,MAAM,KAAK,MAAM,EAAE,GAAG,EAAE;GAC1D,GAAI,OAAO,aAAa,MAAM,GAAG,EAAE,aAAa,MAAM,YAAY,MAAM,EAAE,GAAG,EAAE;GAC/E,WAAW,QAAQ;GACnB,cAAc,yBAAyB,KAAK,GAAG;GAC/C,GAAI,QAAQ,EAAE,OAAO,GAAG,EAAE;GAC1B,WAAW,OAAO;GAClB,QAAQ;IACN,UAAU,iBAAiB,CAAC,GAAG,eAAe,GAAG,EAAE;IACnD,GAAI,gBAAgB,KAAA,IAAY,EAAE,OAAO,CAAC,GAAG,YAAY,EAAE,GAAG,EAAE;IAChE,GAAI,QAAQ,oBAAoB,KAAA,IAC5B,EAAE,oBAAoB,CAAC,GAAG,QAAQ,gBAAgB,EAAE,GACpD,EAAE;IACP;GACD,OAAO;IACL,iBAAiB,CAAC,GAAG,gBAAgB;IACrC,cAAc,CAAC,GAAG,aAAa;IAC/B,kBAAkB,CAAC,GAAG,QAAQ,MAAM,QAAQ,CAAC,MAAM,GAAG,MAAM,EAAE,cAAc,EAAE,CAAC;IAChF;GACF,CAAC;;AAEJ,QAAO,MAAM,GAAG,MAAM,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC;AAC/C,QAAO;EAAE;EAAW;EAAQ,gBAAgB,CAAC,GAAG,yBAAyB;EAAE;;AAoB7E,SAAS,eAAe,IAA4C;AAClE,KAAI,iBAAiB,GAAG,KAAA,OACtB,QAAO;EAAE,IAAI;EAAO,OAAO,IAAI,iBAAiB;EAAgB,QAAQ;EAAK;AAE/E,QAAO;;AAGT,SAAgB,mBACd,KACA,MAC8E;CAC9E,MAAM,OAAO,KAAK,MAAM,MAAM,IAAI;AAClC,KAAI,CAAC,KACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAoB,QAAQ;EAAK;CAE9D,MAAM,YAAY,KAAK,WAAW,MAAM,IAAI;AAC5C,KAAI,CAAC,UACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAyB,QAAQ;EAAK;CAEnE,MAAM,QAAQ,2BAA2B,KAAK,IAAI,KAAK;AACvD,KAAI,MAAM,OAAO,MACf,QAAO;EAAE,IAAI;EAAO,OAAO,MAAM;EAAO,QAAQ;EAAK;CAEvD,MAAM,UAAU,MAAM;AACtB,KAAI,oBAAoB,iBAAiB,IAAI,EAAE,QAAQ,IAAI,EACzD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,QAAQ;EAAmB,QAAQ;EAAK;CAE/E,MAAM,QAAQ,gBAAgB,UAAU;AASxC,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,YARhB,iBAAiB,KAAK;IAC/B;IACA;IACA,WAAW;IACX,GAAI,KAAK,OAAO,MAAM,GAAG,EAAE,OAAO,KAAK,MAAM,MAAM,EAAE,GAAG,EAAE;IAC1D,GAAI,KAAK,UAAU,MAAM,GAAG,EAAE,UAAU,KAAK,SAAS,MAAM,EAAE,GAAG,EAAE;IACnE,GAAI,KAAK,aAAa,MAAM,GAAG,EAAE,aAAa,KAAK,YAAY,MAAM,EAAE,GAAG,EAAE;IAC7E,CAC0C;GAAE;GAAS,WAAW;GAAO;EAAE;;AAG5E,eAAsB,wBAAwB,KAAa,SAAgC;CACzF,MAAM,SAAS,yBAAyB,KAAK,QAAQ;CACrD,MAAM,SAAS,gBAAgB,KAAK,QAAQ;CAC5C,MAAM,gBAAgB,yBAAyB,KAAK,QAAQ;AAC5D,OAAM,MAAM,QAAQ,EAAE,WAAW,MAAM,CAAC;AACxC,OAAM,MAAM,QAAQ,EAAE,WAAW,MAAM,CAAC;AACxC,OAAM,MAAM,KAAK,QAAQ,cAAc,EAAE,EAAE,WAAW,MAAM,CAAC;AAC7D,OAAM,MAAM,eAAe,EAAE,WAAW,MAAM,CAAC;CAC/C,MAAM,KAAK,iBAAiB,QAAQ;AAGpC,6BAA4B,eAAe,EAAE,aAF/B,iBAAiB,IAAI,CAAC,MAAM,MAAM,iBAAiB,EAAE,GAAG,KAAK,GAClD,EAAE,MAAM,MAAM,IAAI,IACe,CAAC;;AAgB7D,SAAgB,mBACd,KACA,YACA,MAC0C;CAC1C,MAAM,UAAU,iBAAiB,WAAW;CAC5C,IAAI,OAAO,CAAC,GAAG,iBAAiB,IAAI,CAAC;CACrC,IAAI,MAAM,oBAAoB,MAAM,QAAQ;AAC5C,KAAI,MAAM,KAAK,YAAY,sBAAsB,IAAI,EAAE;AACrD,SAAO,CAAC,GAAG,MAAM;GAAE,IAAI;GAAS,SAAS;GAAe,CAAC;AACzD,QAAM,KAAK,SAAS;;AAEtB,KAAI,MAAM,EACR,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,QAAQ;EAAc,QAAQ;EAAK;CAI1E,MAAM,QAAe,EAAE,GAAG,KAAK,MAAM;AAErC,KAAI,KAAK,SAAS,KAAA,GAAW;EAC3B,MAAM,IAAI,KAAK,KAAK,MAAM;AAC1B,MAAI,EACF,OAAM,OAAO;;AAGjB,KAAI,KAAK,gBAAgB,KAAA,EACvB,KAAI,KAAK,gBAAgB,QAAQ,OAAO,KAAK,YAAY,CAAC,MAAM,KAAK,GACnE,QAAO,MAAM;KAEb,OAAM,cAAc,OAAO,KAAK,YAAY,CAAC,MAAM;AAGvD,KAAI,KAAK,cAAc,KAAA,GAAW;EAChC,MAAM,IAAI,KAAK,UAAU,MAAM;AAC/B,MAAI,EACF,OAAM,YAAY,gBAAgB,EAAE;;AAGxC,KAAI,KAAK,UAAU,KAAA,EACjB,KAAI,KAAK,UAAU,QAAQ,OAAO,KAAK,MAAM,CAAC,MAAM,KAAK,GACvD,QAAO,MAAM;KAEb,OAAM,QAAQ,OAAO,KAAK,MAAM,CAAC,MAAM;AAG3C,KAAI,KAAK,aAAa,KAAA,EACpB,KAAI,KAAK,aAAa,QAAQ,OAAO,KAAK,SAAS,CAAC,MAAM,KAAK,GAC7D,QAAO,MAAM;KAEb,OAAM,WAAW,OAAO,KAAK,SAAS,CAAC,MAAM;AAIjD,KAAI,KAAK,WAAW,KAAA,EAClB,KAAI,KAAK,WAAW,KAClB,QAAO,MAAM;MACR;EACL,MAAM,OAAO,KAAK,OAAO,KAAK,MAAM,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,OAAO,QAAQ;AACrE,MAAI,KAAK,WAAW,EAClB,OAAM,SAAS,EAAE;MAEjB,OAAM,SAAS;;AAKrB,KAAI,KAAK,iBAAiB,KAAA,EACxB,KAAI,KAAK,iBAAiB;MACpB,MAAM,OAAO;AACf,UAAO,MAAM,MAAM;AACnB,OAAI,OAAO,KAAK,MAAM,MAAM,CAAC,WAAW,EACtC,QAAO,MAAM;;QAGZ;EACL,MAAM,OAAO,KAAK,aAAa,KAAK,MAAM,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,OAAO,QAAQ;AAC3E,QAAM,QAAQ;GAAE,GAAG,MAAM;GAAO,SAAS;GAAM;;AAInD,MAAK,OAAO;CACZ,IAAI,OAAe;EACjB,GAAG;EACH,QAAQ;GACN,GAAG,IAAI;GACP;GACD;EACF;AAED,KAAI,KAAK,eAAe,KACtB,QAAO;EACL,GAAG;EACH,QAAQ;GACN,GAAG,KAAK;GACR,SAAS;GACV;EACF;AAEH,QAAO;EAAE,IAAI;EAAM,MAAM,EAAE,YAAY,MAAM;EAAE;;AAGjD,SAAgB,mBACd,KACA,YAC2D;CAC3D,MAAM,UAAU,iBAAiB,WAAW;CAC5C,MAAM,WAAW,eAAe,QAAQ;AACxC,KAAI,SACF,QAAO;AAET,KAAI,oBAAoB,iBAAiB,IAAI,EAAE,QAAQ,GAAG,EACxD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,QAAQ;EAAc,QAAQ;EAAK;CAE1E,MAAM,EAAE,QAAQ,WAAW,iBAAiB,KAAK,QAAQ;AACzD,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,YAAY;GAAQ;GAAS;EAAE;;AAG5D,eAAsB,oBAAoB,KAAa,SAAgC;AACrF,OAAM,wBAAwB,KAAK,QAAQ;;AAU7C,eAAe,kBAAkB,KAAa,SAAkC;CAC9E,MAAM,MAAM,yBAAyB,KAAK,QAAQ;AAClD,OAAM,MAAM,KAAK,EAAE,WAAW,MAAM,CAAC;AACrC,KAAI;AACF,SAAO,MAAM,SAAS,IAAI;SACpB;AACN,SAAOA,QAAY,IAAI;;;AAI3B,SAAS,kBAAkB,MAA8C;AACvE,KAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,KAAK,IAAI,CAAC,yBAAyB,IAAI,KAAK,CAC3F,QAAO;EAAE,IAAI;EAAO,OAAO,qBAAqB,KAAK;EAAI,QAAQ;EAAK;AAExE,QAAO;;AAGT,eAAsB,wBACpB,KACA,SAC+F;CAC/F,MAAM,KAAK,iBAAiB,QAAQ;AACpC,KAAI,uBAAuB,IAAI,CAAC,OAAO,MAAM,MAAM,GAAG,CACpD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,GAAG;EAAc,QAAQ;EAAK;CAErE,MAAM,OAAO,MAAM,kBAAkB,KAAK,GAAG;CAC7C,MAAM,QAAQ,CAAC,GAAG,yBAAyB;CAC3C,MAAM,QAA0B,EAAE;AAClC,MAAK,MAAM,QAAQ,MAAM,MAAM,GAAG,MAAM,EAAE,cAAc,EAAE,CAAC,EAAE;EAC3D,MAAM,MAAM,yBAAyB,MAAM,KAAK;AAChD,MAAI,CAAC,IACH;AAEF,MAAI;GACF,MAAM,KAAK,MAAM,KAAK,IAAI;AAC1B,OAAI,CAAC,GAAG,QAAQ,CACd;AAEF,SAAM,KAAK;IACT;IACA,SAAS;IACT,MAAM,GAAG;IACT,aAAa,GAAG;IACjB,CAAC;UACI;AACN,SAAM,KAAK;IAAE;IAAM,SAAS;IAAM,CAAC;;;AAGvC,OAAM,MAAM,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,KAAK,CAAC;AAClD,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,SAAS;GAAI,cAAc;GAAM;GAAO;EAAE;;AAGvE,eAAsB,uBACpB,KACA,SACA,MAC+E;CAC/E,MAAM,MAAM,kBAAkB,KAAK;AACnC,KAAI,IACF,QAAO;CAET,MAAM,KAAK,iBAAiB,QAAQ;AACpC,KAAI,uBAAuB,IAAI,CAAC,OAAO,MAAM,MAAM,GAAG,CACpD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,GAAG;EAAc,QAAQ;EAAK;CAGrE,MAAM,MAAM,yBAAyB,MADlB,kBAAkB,KAAK,GAAG,EACF,KAAK;AAChD,KAAI,CAAC,IACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAgB,QAAQ;EAAK;AAE1D,KAAI;AAEF,SAAO;GAAE,IAAI;GAAM,MAAM;IAAE,SAAS;IAAI,SAAA,MADlB,SAAS,KAAK,QAAQ;IACK,MAAM;IAAK;GAAE;SACxD;AACN,SAAO;GAAE,IAAI;GAAO,OAAO;GAAkB,QAAQ;GAAK;;;AAI9D,eAAsB,wBACpB,KACA,SACA,MACA,SAC8D;CAC9D,MAAM,MAAM,kBAAkB,KAAK;AACnC,KAAI,IACF,QAAO;CAET,MAAM,KAAK,iBAAiB,QAAQ;AACpC,KAAI,uBAAuB,IAAI,CAAC,OAAO,MAAM,MAAM,GAAG,CACpD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,GAAG;EAAc,QAAQ;EAAK;CAGrE,MAAM,MAAM,yBAAyB,MADlB,kBAAkB,KAAK,GAAG,EACF,KAAK;AAChD,KAAI,CAAC,IACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAgB,QAAQ;EAAK;AAG1D,KAAI,CAAC,qBAAqB,MADH,kBAAkB,KAAK,GAAG,EACb,IAAI,CACtC,QAAO;EAAE,IAAI;EAAO,OAAO;EAA+B,QAAQ;EAAK;AAEzE,OAAM,UAAU,KAAK,SAAS,QAAQ;AACtC,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,SAAS;GAAI,MAAM;GAAK;EAAE"}
1	+ {"version":3,"file":"agents-admin.js","names":["pathResolve"],"sources":["../../../src/gateway/agents-admin.ts"],"sourcesContent":["/*\n Gateway REST helpers for multi-agent management.\n /\n\nimport { mkdir, readFile, realpath, stat, unlink, writeFile } from 'node:fs/promises';\nimport { join, resolve as pathResolve } from 'node:path';\n\nimport {\n DEFAULT_AGENT_ID,\n listAgentEntries,\n normalizeAgentId,\n resolveAgentBootstrapDir,\n resolveAgentDir,\n resolveAgentWorkspaceDir,\n resolveDefaultAgentId,\n resolveUserPath,\n validateAgentIdForNewAgent,\n} from '../agent/agent-scope.js';\nimport { BOOTSTRAP_FILES } from '../agent/context/workspace.js';\nimport { seedWorkspaceBootstrapFiles } from '../agent/context/workspace-seed.js';\nimport {\n applyAgentConfig,\n findAgentEntryIndex,\n pruneAgentConfig,\n removeAgentDirsFromDisk,\n} from '../commands/agents.config.js';\nimport type { Config } from '../config/schema.js';\nimport { WORKSPACE_FILES } from '../config/paths.js';\nimport { resolveEffectiveAgentProfile } from '../config/agent-profile.js';\nimport { GATEWAY_BUILTIN_TOOL_IDS } from './agent-builtin-tools.js';\nimport { isPathUnderWorkspace, resolveWorkspaceSafePath } from './workspace-editor-path.js';\n\nconst EDITABLE_BOOTSTRAP_NAMES = new Set<string>([\n ...BOOTSTRAP_FILES,\n WORKSPACE_FILES.BOOTSTRAP,\n WORKSPACE_FILES.CONTEXT,\n WORKSPACE_FILES.SKILLS,\n]);\n\nexport type GatewayAgentRow = {\n id: string;\n name?: string;\n description?: string;\n /* Value from `IDENTITY.md` Avatar: line when present (may be URL, `xopc:…`, etc.). /\n avatar?: string;\n workspace: string;\n bootstrapDir: string;\n model?: { primary?: string; fallbacks?: string[] };\n isDefault: boolean;\n skills: {\n defaults: string[];\n entry?: string[];\n effectiveAllowlist?: string[];\n };\n tools: {\n defaultsDisable: string[];\n entryDisable: string[];\n effectiveDisable: string[];\n };\n};\n\nexport type GatewayAgentsListResponse = {\n defaultId: string;\n agents: GatewayAgentRow[];\n builtinToolIds: string[];\n};\n\nfunction collectAgentIdsForList(cfg: Config): string[] {\n const entries = listAgentEntries(cfg).filter((e) => e.enabled !== false);\n const defaultId = resolveDefaultAgentId(cfg);\n if (entries.length === 0) {\n return [defaultId];\n }\n const ids = new Set<string>();\n for (const e of entries) {\n ids.add(normalizeAgentId(e.id));\n }\n ids.add(defaultId);\n return [...ids];\n}\n\n/* Extract `Avatar:` value from bootstrap IDENTITY.md (same line shape as the gateway console parser). /\nexport function extractAvatarFromIdentityMarkdown(content: string): string \| undefined {\n for (const line of content.split('\\n')) {\n const match = line.match(/^[-]\\s+\\\\Avatar:\\\\\\s(.)/i);\n if (match) {\n const v = match[1]?.trim() ?? '';\n return v.length > 0 ? v : undefined;\n }\n }\n return undefined;\n}\n\nexport async function listGatewayAgents(cfg: Config): Promise<GatewayAgentsListResponse> {\n const defaultId = resolveDefaultAgentId(cfg);\n const agents: GatewayAgentRow[] = [];\n const defaultsSkills = cfg.agents?.defaults?.skills;\n const defaultsDisable = cfg.agents?.defaults?.tools?.disable ?? [];\n for (const id of collectAgentIdsForList(cfg)) {\n const profile = resolveEffectiveAgentProfile(cfg, id);\n const entry = listAgentEntries(cfg).find((e) => normalizeAgentId(e.id) === id);\n const model =\n profile.primaryModelRef \|\| profile.fallbacks.length > 0\n ? {\n ...(profile.primaryModelRef ? { primary: profile.primaryModelRef } : {}),\n ...(profile.fallbacks.length > 0 ? { fallbacks: profile.fallbacks } : {}),\n }\n : undefined;\n const entrySkills = entry?.skills;\n const entryDisable = entry?.tools?.disable ?? [];\n let avatar: string \| undefined;\n try {\n const identityPath = join(resolveAgentBootstrapDir(cfg, id), WORKSPACE_FILES.IDENTITY);\n const content = await readFile(identityPath, 'utf-8');\n avatar = extractAvatarFromIdentityMarkdown(content);\n } catch {\n /* missing IDENTITY.md or unreadable /\n }\n agents.push({\n id,\n ...(entry?.name?.trim() ? { name: entry.name.trim() } : {}),\n ...(entry?.description?.trim() ? { description: entry.description.trim() } : {}),\n ...(avatar ? { avatar } : {}),\n workspace: profile.resolvedWorkspacePath,\n bootstrapDir: resolveAgentBootstrapDir(cfg, id),\n ...(model ? { model } : {}),\n isDefault: id === defaultId,\n skills: {\n defaults: defaultsSkills ? [...defaultsSkills] : [],\n ...(entrySkills !== undefined ? { entry: [...entrySkills] } : {}),\n ...(profile.skillsAllowlist !== undefined\n ? { effectiveAllowlist: [...profile.skillsAllowlist] }\n : {}),\n },\n tools: {\n defaultsDisable: [...defaultsDisable],\n entryDisable: [...entryDisable],\n effectiveDisable: [...profile.tools.disable].sort((a, b) => a.localeCompare(b)),\n },\n });\n }\n agents.sort((a, b) => a.id.localeCompare(b.id));\n return { defaultId, agents, builtinToolIds: [...GATEWAY_BUILTIN_TOOL_IDS] };\n}\n\nexport type CreateAgentBody = {\n /* Display name stored on the agent entry. /\n name: string;\n /* Optional id seed; normalized agent id defaults from `name` when omitted. /\n id?: string;\n workspace: string;\n model?: string;\n agentDir?: string;\n description?: string;\n};\n\nexport type AgentAdminHttpStatus = 400 \| 404 \| 409;\n\nexport type AgentAdminResult<T> =\n \| { ok: true; data: T }\n \| { ok: false; error: string; status?: AgentAdminHttpStatus };\n\nfunction requireNonMain(id: string): AgentAdminResult<never> \| null {\n if (normalizeAgentId(id) === DEFAULT_AGENT_ID) {\n return { ok: false, error: `\"${DEFAULT_AGENT_ID}\" is reserved`, status: 400 };\n }\n return null;\n}\n\nexport function prepareCreateAgent(\n cfg: Config,\n body: CreateAgentBody,\n): AgentAdminResult<{ nextConfig: Config; agentId: string; workspace: string }> {\n const name = body.name?.trim() ?? '';\n if (!name) {\n return { ok: false, error: 'name is required', status: 400 };\n }\n const workspace = body.workspace?.trim() ?? '';\n if (!workspace) {\n return { ok: false, error: 'workspace is required', status: 400 };\n }\n const idRes = validateAgentIdForNewAgent(body.id, name);\n if (idRes.ok === false) {\n return { ok: false, error: idRes.error, status: 400 };\n }\n const agentId = idRes.agentId;\n if (findAgentEntryIndex(listAgentEntries(cfg), agentId) >= 0) {\n return { ok: false, error: `agent \"${agentId}\" already exists`, status: 409 };\n }\n const wsAbs = resolveUserPath(workspace);\n let next = applyAgentConfig(cfg, {\n agentId,\n name,\n workspace: wsAbs,\n ...(body.model?.trim() ? { model: body.model.trim() } : {}),\n ...(body.agentDir?.trim() ? { agentDir: body.agentDir.trim() } : {}),\n ...(body.description?.trim() ? { description: body.description.trim() } : {}),\n });\n return { ok: true, data: { nextConfig: next, agentId, workspace: wsAbs } };\n}\n\nexport async function finalizeCreateAgentDirs(cfg: Config, agentId: string): Promise<void> {\n const wsPath = resolveAgentWorkspaceDir(cfg, agentId);\n const adPath = resolveAgentDir(cfg, agentId);\n const bootstrapPath = resolveAgentBootstrapDir(cfg, agentId);\n await mkdir(wsPath, { recursive: true });\n await mkdir(adPath, { recursive: true });\n await mkdir(join(adPath, 'credentials'), { recursive: true });\n await mkdir(bootstrapPath, { recursive: true });\n const id = normalizeAgentId(agentId);\n const entry = listAgentEntries(cfg).find((e) => normalizeAgentId(e.id) === id);\n const displayName = entry?.name?.trim() \|\| id;\n seedWorkspaceBootstrapFiles(bootstrapPath, { displayName });\n}\n\nexport type UpdateAgentBody = {\n name?: string;\n description?: string \| null;\n workspace?: string;\n model?: string \| null;\n agentDir?: string \| null;\n setDefault?: boolean;\n /* Replace `agents.list[].skills`; `null` removes the key (inherit defaults). /\n skills?: string[] \| null;\n /* Replace `agents.list[].tools.disable`; `null` clears entry-level disables. /\n toolsDisable?: string[] \| null;\n};\n\nexport function prepareUpdateAgent(\n cfg: Config,\n agentIdRaw: string,\n body: UpdateAgentBody,\n): AgentAdminResult<{ nextConfig: Config }> {\n const agentId = normalizeAgentId(agentIdRaw);\n let list = [...listAgentEntries(cfg)];\n let idx = findAgentEntryIndex(list, agentId);\n if (idx < 0 && agentId === resolveDefaultAgentId(cfg)) {\n list = [...list, { id: agentId, enabled: true as const }];\n idx = list.length - 1;\n }\n if (idx < 0) {\n return { ok: false, error: `agent \"${agentId}\" not found`, status: 404 };\n }\n\n type Entry = (typeof list)[number];\n const entry: Entry = { ...list[idx] };\n\n if (body.name !== undefined) {\n const n = body.name.trim();\n if (n) {\n entry.name = n;\n }\n }\n if (body.description !== undefined) {\n if (body.description === null \|\| String(body.description).trim() === '') {\n delete entry.description;\n } else {\n entry.description = String(body.description).trim();\n }\n }\n if (body.workspace !== undefined) {\n const w = body.workspace.trim();\n if (w) {\n entry.workspace = resolveUserPath(w);\n }\n }\n if (body.model !== undefined) {\n if (body.model === null \|\| String(body.model).trim() === '') {\n delete entry.model;\n } else {\n entry.model = String(body.model).trim() as Entry['model'];\n }\n }\n if (body.agentDir !== undefined) {\n if (body.agentDir === null \|\| String(body.agentDir).trim() === '') {\n delete entry.agentDir;\n } else {\n entry.agentDir = String(body.agentDir).trim();\n }\n }\n\n if (body.skills !== undefined) {\n if (body.skills === null) {\n delete entry.skills;\n } else {\n const next = body.skills.map((s) => String(s).trim()).filter(Boolean);\n if (next.length === 0) {\n entry.skills = [];\n } else {\n entry.skills = next;\n }\n }\n }\n\n if (body.toolsDisable !== undefined) {\n if (body.toolsDisable === null) {\n if (entry.tools) {\n delete entry.tools.disable;\n if (Object.keys(entry.tools).length === 0) {\n delete entry.tools;\n }\n }\n } else {\n const next = body.toolsDisable.map((s) => String(s).trim()).filter(Boolean);\n entry.tools = { ...entry.tools, disable: next };\n }\n }\n\n list[idx] = entry;\n let next: Config = {\n ...cfg,\n agents: {\n ...cfg.agents,\n list,\n },\n };\n\n if (body.setDefault === true) {\n next = {\n ...next,\n agents: {\n ...next.agents,\n default: agentId,\n },\n };\n }\n return { ok: true, data: { nextConfig: next } };\n}\n\nexport function prepareDeleteAgent(\n cfg: Config,\n agentIdRaw: string,\n): AgentAdminResult<{ nextConfig: Config; agentId: string }> {\n const agentId = normalizeAgentId(agentIdRaw);\n const reserved = requireNonMain(agentId);\n if (reserved) {\n return reserved;\n }\n if (findAgentEntryIndex(listAgentEntries(cfg), agentId) < 0) {\n return { ok: false, error: `agent \"${agentId}\" not found`, status: 404 };\n }\n const { config: pruned } = pruneAgentConfig(cfg, agentId);\n return { ok: true, data: { nextConfig: pruned, agentId } };\n}\n\nexport async function runAfterDeletePurge(cfg: Config, agentId: string): Promise<void> {\n await removeAgentDirsFromDisk(cfg, agentId);\n}\n\nexport type AgentFileEntry = {\n name: string;\n missing: boolean;\n size?: number;\n updatedAtMs?: number;\n};\n\nasync function bootstrapRootReal(cfg: Config, agentId: string): Promise<string> {\n const dir = resolveAgentBootstrapDir(cfg, agentId);\n await mkdir(dir, { recursive: true });\n try {\n return await realpath(dir);\n } catch {\n return pathResolve(dir);\n }\n}\n\nfunction assertAllowedFile(name: string): AgentAdminResult<never> \| null {\n if (!name \|\| name.includes('/') \|\| name.includes('\\\\') \|\| !EDITABLE_BOOTSTRAP_NAMES.has(name)) {\n return { ok: false, error: `unsupported file \"${name}\"`, status: 400 };\n }\n return null;\n}\n\nexport async function listAgentBootstrapFiles(\n cfg: Config,\n agentId: string,\n): Promise<AgentAdminResult<{ agentId: string; bootstrapDir: string; files: AgentFileEntry[] }>> {\n const id = normalizeAgentId(agentId);\n if (collectAgentIdsForList(cfg).every((x) => x !== id)) {\n return { ok: false, error: `agent \"${id}\" not found`, status: 404 };\n }\n const root = await bootstrapRootReal(cfg, id);\n const names = [...EDITABLE_BOOTSTRAP_NAMES];\n const files: AgentFileEntry[] = [];\n for (const name of names.sort((a, b) => a.localeCompare(b))) {\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs) {\n continue;\n }\n try {\n const st = await stat(abs);\n if (!st.isFile()) {\n continue;\n }\n files.push({\n name,\n missing: false,\n size: st.size,\n updatedAtMs: st.mtimeMs,\n });\n } catch {\n files.push({ name, missing: true });\n }\n }\n files.sort((a, b) => a.name.localeCompare(b.name));\n return { ok: true, data: { agentId: id, bootstrapDir: root, files } };\n}\n\nexport async function readAgentBootstrapFile(\n cfg: Config,\n agentId: string,\n name: string,\n): Promise<AgentAdminResult<{ agentId: string; content: string; path: string }>> {\n const bad = assertAllowedFile(name);\n if (bad) {\n return bad;\n }\n const id = normalizeAgentId(agentId);\n if (collectAgentIdsForList(cfg).every((x) => x !== id)) {\n return { ok: false, error: `agent \"${id}\" not found`, status: 404 };\n }\n const root = await bootstrapRootReal(cfg, id);\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs) {\n return { ok: false, error: 'invalid path', status: 400 };\n }\n try {\n const content = await readFile(abs, 'utf-8');\n return { ok: true, data: { agentId: id, content, path: abs } };\n } catch {\n return { ok: false, error: 'file not found', status: 404 };\n }\n}\n\nexport async function writeAgentBootstrapFile(\n cfg: Config,\n agentId: string,\n name: string,\n content: string,\n): Promise<AgentAdminResult<{ agentId: string; path: string }>> {\n const bad = assertAllowedFile(name);\n if (bad) {\n return bad;\n }\n const id = normalizeAgentId(agentId);\n if (collectAgentIdsForList(cfg).every((x) => x !== id)) {\n return { ok: false, error: `agent \"${id}\" not found`, status: 404 };\n }\n const root = await bootstrapRootReal(cfg, id);\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs) {\n return { ok: false, error: 'invalid path', status: 400 };\n }\n const rootReal = await bootstrapRootReal(cfg, id);\n if (!isPathUnderWorkspace(rootReal, abs)) {\n return { ok: false, error: 'path escapes bootstrap root', status: 400 };\n }\n await writeFile(abs, content, 'utf-8');\n return { ok: true, data: { agentId: id, path: abs } };\n}\n\n// ---------------------------------------------------------------------------\n// Binary agent avatar (bootstrap dir, not a markdown bootstrap file)\n// ---------------------------------------------------------------------------\n\nconst AGENT_AVATAR_MAX_BYTES = 512 1024;\nconst AGENT_AVATAR_BASENAME = 'agent-avatar';\n\nconst AGENT_AVATAR_EXTENSIONS = ['.png', '.jpg', '.jpeg', '.webp'] as const;\n\nfunction agentAvatarFilenames(): string[] {\n return AGENT_AVATAR_EXTENSIONS.map((ext) => `${AGENT_AVATAR_BASENAME}${ext}`);\n}\n\nfunction mimeToExt(mime: string): '.png' \| '.jpg' \| '.jpeg' \| '.webp' \| null {\n const m = mime.toLowerCase().trim();\n if (m === 'image/png') return '.png';\n if (m === 'image/jpeg' \|\| m === 'image/jpg') return '.jpg';\n if (m === 'image/webp') return '.webp';\n return null;\n}\n\nfunction detectImageMimeFromBytes(buf: Uint8Array): 'image/png' \| 'image/jpeg' \| 'image/webp' \| null {\n if (buf.length >= 8 && buf[0] === 0x89 && buf[1] === 0x50 && buf[2] === 0x4e && buf[3] === 0x47) {\n return 'image/png';\n }\n if (buf.length >= 3 && buf[0] === 0xff && buf[1] === 0xd8 && buf[2] === 0xff) {\n return 'image/jpeg';\n }\n if (\n buf.length >= 12 &&\n buf[0] === 0x52 &&\n buf[1] === 0x49 &&\n buf[2] === 0x46 &&\n buf[3] === 0x46 &&\n buf[8] === 0x57 &&\n buf[9] === 0x45 &&\n buf[10] === 0x42 &&\n buf[11] === 0x50\n ) {\n return 'image/webp';\n }\n return null;\n}\n\nfunction assertAgentExistsForAvatar(cfg: Config, id: string): AgentAdminResult<never> \| null {\n if (collectAgentIdsForList(cfg).every((x) => x !== id)) {\n return { ok: false, error: `agent \"${id}\" not found`, status: 404 };\n }\n return null;\n}\n\nexport async function readAgentAvatarFile(\n cfg: Config,\n agentId: string,\n): Promise<AgentAdminResult<{ agentId: string; buffer: Buffer; contentType: string; path: string }>> {\n const missingAgent = assertAgentExistsForAvatar(cfg, agentId);\n if (missingAgent) {\n return missingAgent;\n }\n const id = normalizeAgentId(agentId);\n const root = await bootstrapRootReal(cfg, id);\n for (const name of agentAvatarFilenames()) {\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs) {\n continue;\n }\n try {\n const st = await stat(abs);\n if (!st.isFile() \|\| st.size <= 0 \|\| st.size > AGENT_AVATAR_MAX_BYTES) {\n continue;\n }\n const buffer = await readFile(abs);\n const detected = detectImageMimeFromBytes(buffer);\n if (!detected) {\n continue;\n }\n return { ok: true, data: { agentId: id, buffer, contentType: detected, path: abs } };\n } catch {\n /* try next /\n }\n }\n return { ok: false, error: 'avatar not found', status: 404 };\n}\n\nexport async function writeAgentAvatarFromBase64(\n cfg: Config,\n agentId: string,\n base64: string,\n mimeType: string,\n): Promise<AgentAdminResult<{ agentId: string; path: string }>> {\n const missingAgent = assertAgentExistsForAvatar(cfg, agentId);\n if (missingAgent) {\n return missingAgent;\n }\n const id = normalizeAgentId(agentId);\n const ext = mimeToExt(mimeType);\n if (!ext) {\n return { ok: false, error: 'unsupported mimeType (use image/png, image/jpeg, or image/webp)', status: 400 };\n }\n let raw: Buffer;\n try {\n raw = Buffer.from(base64, 'base64');\n } catch {\n return { ok: false, error: 'invalid base64', status: 400 };\n }\n if (raw.length === 0 \|\| raw.length > AGENT_AVATAR_MAX_BYTES) {\n return { ok: false, error: `avatar must be non-empty and at most ${AGENT_AVATAR_MAX_BYTES} bytes`, status: 400 };\n }\n const detected = detectImageMimeFromBytes(raw);\n if (!detected \|\| !extMatchesDetectedMime(ext, detected)) {\n return { ok: false, error: 'file content does not match declared image type', status: 400 };\n }\n\n const root = await bootstrapRootReal(cfg, id);\n const rootReal = await bootstrapRootReal(cfg, id);\n const targetName = `${AGENT_AVATAR_BASENAME}${ext}`;\n const abs = resolveWorkspaceSafePath(root, targetName);\n if (!abs \|\| !isPathUnderWorkspace(rootReal, abs)) {\n return { ok: false, error: 'invalid path', status: 400 };\n }\n for (const name of agentAvatarFilenames()) {\n if (name === targetName) {\n continue;\n }\n const other = resolveWorkspaceSafePath(root, name);\n if (other && isPathUnderWorkspace(rootReal, other)) {\n try {\n await unlink(other);\n } catch {\n / absent /\n }\n }\n }\n await writeFile(abs, raw);\n return { ok: true, data: { agentId: id, path: abs } };\n}\n\nfunction mimeToExtToMime(ext: '.png' \| '.jpg' \| '.jpeg' \| '.webp'): 'image/png' \| 'image/jpeg' \| 'image/webp' {\n if (ext === '.png') return 'image/png';\n if (ext === '.webp') return 'image/webp';\n return 'image/jpeg';\n}\n\nfunction extMatchesDetectedMime(\n ext: '.png' \| '.jpg' \| '.jpeg' \| '.webp',\n detected: 'image/png' \| 'image/jpeg' \| 'image/webp',\n): boolean {\n return detected === mimeToExtToMime(ext);\n}\n\n/* Remove any `agent-avatar.` in the agent bootstrap dir. Idempotent: ok even when no file existed. /\nexport async function deleteAgentAvatarFile(cfg: Config, agentId: string): Promise<AgentAdminResult<{ agentId: string }>> {\n const missingAgent = assertAgentExistsForAvatar(cfg, agentId);\n if (missingAgent) {\n return missingAgent;\n }\n const id = normalizeAgentId(agentId);\n const root = await bootstrapRootReal(cfg, id);\n const rootReal = await bootstrapRootReal(cfg, id);\n for (const name of agentAvatarFilenames()) {\n const abs = resolveWorkspaceSafePath(root, name);\n if (!abs \|\| !isPathUnderWorkspace(rootReal, abs)) {\n continue;\n }\n try {\n await unlink(abs);\n } catch {\n /* absent */\n }\n }\n return { ok: true, data: { agentId: id } };\n}\n"],"mappings":";;;;;;;;;;;;;;kBAiBiC;YAUoB;AAKrD,MAAM,2BAA2B,IAAI,IAAY;CAC/C,GAAG;CACH,gBAAgB;CAChB,gBAAgB;CAChB,gBAAgB;CACjB,CAAC;AA8BF,SAAS,uBAAuB,KAAuB;CACrD,MAAM,UAAU,iBAAiB,IAAI,CAAC,QAAQ,MAAM,EAAE,YAAY,MAAM;CACxE,MAAM,YAAY,sBAAsB,IAAI;AAC5C,KAAI,QAAQ,WAAW,EACrB,QAAO,CAAC,UAAU;CAEpB,MAAM,sBAAM,IAAI,KAAa;AAC7B,MAAK,MAAM,KAAK,QACd,KAAI,IAAI,iBAAiB,EAAE,GAAG,CAAC;AAEjC,KAAI,IAAI,UAAU;AAClB,QAAO,CAAC,GAAG,IAAI;;;AAIjB,SAAgB,kCAAkC,SAAqC;AACrF,MAAK,MAAM,QAAQ,QAAQ,MAAM,KAAK,EAAE;EACtC,MAAM,QAAQ,KAAK,MAAM,kCAAkC;AAC3D,MAAI,OAAO;GACT,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI;AAC9B,UAAO,EAAE,SAAS,IAAI,IAAI,KAAA;;;;AAMhC,eAAsB,kBAAkB,KAAiD;CACvF,MAAM,YAAY,sBAAsB,IAAI;CAC5C,MAAM,SAA4B,EAAE;CACpC,MAAM,iBAAiB,IAAI,QAAQ,UAAU;CAC7C,MAAM,kBAAkB,IAAI,QAAQ,UAAU,OAAO,WAAW,EAAE;AAClE,MAAK,MAAM,MAAM,uBAAuB,IAAI,EAAE;EAC5C,MAAM,UAAU,6BAA6B,KAAK,GAAG;EACrD,MAAM,QAAQ,iBAAiB,IAAI,CAAC,MAAM,MAAM,iBAAiB,EAAE,GAAG,KAAK,GAAG;EAC9E,MAAM,QACJ,QAAQ,mBAAmB,QAAQ,UAAU,SAAS,IAClD;GACE,GAAI,QAAQ,kBAAkB,EAAE,SAAS,QAAQ,iBAAiB,GAAG,EAAE;GACvE,GAAI,QAAQ,UAAU,SAAS,IAAI,EAAE,WAAW,QAAQ,WAAW,GAAG,EAAE;GACzE,GACD,KAAA;EACN,MAAM,cAAc,OAAO;EAC3B,MAAM,eAAe,OAAO,OAAO,WAAW,EAAE;EAChD,IAAI;AACJ,MAAI;AAGF,YAAS,kCAAkC,MADrB,SADD,KAAK,yBAAyB,KAAK,GAAG,EAAE,gBAAgB,SAClC,EAAE,QAAQ,CACF;UAC7C;AAGR,SAAO,KAAK;GACV;GACA,GAAI,OAAO,MAAM,MAAM,GAAG,EAAE,MAAM,MAAM,KAAK,MAAM,EAAE,GAAG,EAAE;GAC1D,GAAI,OAAO,aAAa,MAAM,GAAG,EAAE,aAAa,MAAM,YAAY,MAAM,EAAE,GAAG,EAAE;GAC/E,GAAI,SAAS,EAAE,QAAQ,GAAG,EAAE;GAC5B,WAAW,QAAQ;GACnB,cAAc,yBAAyB,KAAK,GAAG;GAC/C,GAAI,QAAQ,EAAE,OAAO,GAAG,EAAE;GAC1B,WAAW,OAAO;GAClB,QAAQ;IACN,UAAU,iBAAiB,CAAC,GAAG,eAAe,GAAG,EAAE;IACnD,GAAI,gBAAgB,KAAA,IAAY,EAAE,OAAO,CAAC,GAAG,YAAY,EAAE,GAAG,EAAE;IAChE,GAAI,QAAQ,oBAAoB,KAAA,IAC5B,EAAE,oBAAoB,CAAC,GAAG,QAAQ,gBAAgB,EAAE,GACpD,EAAE;IACP;GACD,OAAO;IACL,iBAAiB,CAAC,GAAG,gBAAgB;IACrC,cAAc,CAAC,GAAG,aAAa;IAC/B,kBAAkB,CAAC,GAAG,QAAQ,MAAM,QAAQ,CAAC,MAAM,GAAG,MAAM,EAAE,cAAc,EAAE,CAAC;IAChF;GACF,CAAC;;AAEJ,QAAO,MAAM,GAAG,MAAM,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC;AAC/C,QAAO;EAAE;EAAW;EAAQ,gBAAgB,CAAC,GAAG,yBAAyB;EAAE;;AAoB7E,SAAS,eAAe,IAA4C;AAClE,KAAI,iBAAiB,GAAG,KAAA,OACtB,QAAO;EAAE,IAAI;EAAO,OAAO,IAAI,iBAAiB;EAAgB,QAAQ;EAAK;AAE/E,QAAO;;AAGT,SAAgB,mBACd,KACA,MAC8E;CAC9E,MAAM,OAAO,KAAK,MAAM,MAAM,IAAI;AAClC,KAAI,CAAC,KACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAoB,QAAQ;EAAK;CAE9D,MAAM,YAAY,KAAK,WAAW,MAAM,IAAI;AAC5C,KAAI,CAAC,UACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAyB,QAAQ;EAAK;CAEnE,MAAM,QAAQ,2BAA2B,KAAK,IAAI,KAAK;AACvD,KAAI,MAAM,OAAO,MACf,QAAO;EAAE,IAAI;EAAO,OAAO,MAAM;EAAO,QAAQ;EAAK;CAEvD,MAAM,UAAU,MAAM;AACtB,KAAI,oBAAoB,iBAAiB,IAAI,EAAE,QAAQ,IAAI,EACzD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,QAAQ;EAAmB,QAAQ;EAAK;CAE/E,MAAM,QAAQ,gBAAgB,UAAU;AASxC,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,YARhB,iBAAiB,KAAK;IAC/B;IACA;IACA,WAAW;IACX,GAAI,KAAK,OAAO,MAAM,GAAG,EAAE,OAAO,KAAK,MAAM,MAAM,EAAE,GAAG,EAAE;IAC1D,GAAI,KAAK,UAAU,MAAM,GAAG,EAAE,UAAU,KAAK,SAAS,MAAM,EAAE,GAAG,EAAE;IACnE,GAAI,KAAK,aAAa,MAAM,GAAG,EAAE,aAAa,KAAK,YAAY,MAAM,EAAE,GAAG,EAAE;IAC7E,CAC0C;GAAE;GAAS,WAAW;GAAO;EAAE;;AAG5E,eAAsB,wBAAwB,KAAa,SAAgC;CACzF,MAAM,SAAS,yBAAyB,KAAK,QAAQ;CACrD,MAAM,SAAS,gBAAgB,KAAK,QAAQ;CAC5C,MAAM,gBAAgB,yBAAyB,KAAK,QAAQ;AAC5D,OAAM,MAAM,QAAQ,EAAE,WAAW,MAAM,CAAC;AACxC,OAAM,MAAM,QAAQ,EAAE,WAAW,MAAM,CAAC;AACxC,OAAM,MAAM,KAAK,QAAQ,cAAc,EAAE,EAAE,WAAW,MAAM,CAAC;AAC7D,OAAM,MAAM,eAAe,EAAE,WAAW,MAAM,CAAC;CAC/C,MAAM,KAAK,iBAAiB,QAAQ;AAGpC,6BAA4B,eAAe,EAAE,aAF/B,iBAAiB,IAAI,CAAC,MAAM,MAAM,iBAAiB,EAAE,GAAG,KAAK,GAClD,EAAE,MAAM,MAAM,IAAI,IACe,CAAC;;AAgB7D,SAAgB,mBACd,KACA,YACA,MAC0C;CAC1C,MAAM,UAAU,iBAAiB,WAAW;CAC5C,IAAI,OAAO,CAAC,GAAG,iBAAiB,IAAI,CAAC;CACrC,IAAI,MAAM,oBAAoB,MAAM,QAAQ;AAC5C,KAAI,MAAM,KAAK,YAAY,sBAAsB,IAAI,EAAE;AACrD,SAAO,CAAC,GAAG,MAAM;GAAE,IAAI;GAAS,SAAS;GAAe,CAAC;AACzD,QAAM,KAAK,SAAS;;AAEtB,KAAI,MAAM,EACR,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,QAAQ;EAAc,QAAQ;EAAK;CAI1E,MAAM,QAAe,EAAE,GAAG,KAAK,MAAM;AAErC,KAAI,KAAK,SAAS,KAAA,GAAW;EAC3B,MAAM,IAAI,KAAK,KAAK,MAAM;AAC1B,MAAI,EACF,OAAM,OAAO;;AAGjB,KAAI,KAAK,gBAAgB,KAAA,EACvB,KAAI,KAAK,gBAAgB,QAAQ,OAAO,KAAK,YAAY,CAAC,MAAM,KAAK,GACnE,QAAO,MAAM;KAEb,OAAM,cAAc,OAAO,KAAK,YAAY,CAAC,MAAM;AAGvD,KAAI,KAAK,cAAc,KAAA,GAAW;EAChC,MAAM,IAAI,KAAK,UAAU,MAAM;AAC/B,MAAI,EACF,OAAM,YAAY,gBAAgB,EAAE;;AAGxC,KAAI,KAAK,UAAU,KAAA,EACjB,KAAI,KAAK,UAAU,QAAQ,OAAO,KAAK,MAAM,CAAC,MAAM,KAAK,GACvD,QAAO,MAAM;KAEb,OAAM,QAAQ,OAAO,KAAK,MAAM,CAAC,MAAM;AAG3C,KAAI,KAAK,aAAa,KAAA,EACpB,KAAI,KAAK,aAAa,QAAQ,OAAO,KAAK,SAAS,CAAC,MAAM,KAAK,GAC7D,QAAO,MAAM;KAEb,OAAM,WAAW,OAAO,KAAK,SAAS,CAAC,MAAM;AAIjD,KAAI,KAAK,WAAW,KAAA,EAClB,KAAI,KAAK,WAAW,KAClB,QAAO,MAAM;MACR;EACL,MAAM,OAAO,KAAK,OAAO,KAAK,MAAM,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,OAAO,QAAQ;AACrE,MAAI,KAAK,WAAW,EAClB,OAAM,SAAS,EAAE;MAEjB,OAAM,SAAS;;AAKrB,KAAI,KAAK,iBAAiB,KAAA,EACxB,KAAI,KAAK,iBAAiB;MACpB,MAAM,OAAO;AACf,UAAO,MAAM,MAAM;AACnB,OAAI,OAAO,KAAK,MAAM,MAAM,CAAC,WAAW,EACtC,QAAO,MAAM;;QAGZ;EACL,MAAM,OAAO,KAAK,aAAa,KAAK,MAAM,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,OAAO,QAAQ;AAC3E,QAAM,QAAQ;GAAE,GAAG,MAAM;GAAO,SAAS;GAAM;;AAInD,MAAK,OAAO;CACZ,IAAI,OAAe;EACjB,GAAG;EACH,QAAQ;GACN,GAAG,IAAI;GACP;GACD;EACF;AAED,KAAI,KAAK,eAAe,KACtB,QAAO;EACL,GAAG;EACH,QAAQ;GACN,GAAG,KAAK;GACR,SAAS;GACV;EACF;AAEH,QAAO;EAAE,IAAI;EAAM,MAAM,EAAE,YAAY,MAAM;EAAE;;AAGjD,SAAgB,mBACd,KACA,YAC2D;CAC3D,MAAM,UAAU,iBAAiB,WAAW;CAC5C,MAAM,WAAW,eAAe,QAAQ;AACxC,KAAI,SACF,QAAO;AAET,KAAI,oBAAoB,iBAAiB,IAAI,EAAE,QAAQ,GAAG,EACxD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,QAAQ;EAAc,QAAQ;EAAK;CAE1E,MAAM,EAAE,QAAQ,WAAW,iBAAiB,KAAK,QAAQ;AACzD,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,YAAY;GAAQ;GAAS;EAAE;;AAG5D,eAAsB,oBAAoB,KAAa,SAAgC;AACrF,OAAM,wBAAwB,KAAK,QAAQ;;AAU7C,eAAe,kBAAkB,KAAa,SAAkC;CAC9E,MAAM,MAAM,yBAAyB,KAAK,QAAQ;AAClD,OAAM,MAAM,KAAK,EAAE,WAAW,MAAM,CAAC;AACrC,KAAI;AACF,SAAO,MAAM,SAAS,IAAI;SACpB;AACN,SAAOA,QAAY,IAAI;;;AAI3B,SAAS,kBAAkB,MAA8C;AACvE,KAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,KAAK,IAAI,CAAC,yBAAyB,IAAI,KAAK,CAC3F,QAAO;EAAE,IAAI;EAAO,OAAO,qBAAqB,KAAK;EAAI,QAAQ;EAAK;AAExE,QAAO;;AAGT,eAAsB,wBACpB,KACA,SAC+F;CAC/F,MAAM,KAAK,iBAAiB,QAAQ;AACpC,KAAI,uBAAuB,IAAI,CAAC,OAAO,MAAM,MAAM,GAAG,CACpD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,GAAG;EAAc,QAAQ;EAAK;CAErE,MAAM,OAAO,MAAM,kBAAkB,KAAK,GAAG;CAC7C,MAAM,QAAQ,CAAC,GAAG,yBAAyB;CAC3C,MAAM,QAA0B,EAAE;AAClC,MAAK,MAAM,QAAQ,MAAM,MAAM,GAAG,MAAM,EAAE,cAAc,EAAE,CAAC,EAAE;EAC3D,MAAM,MAAM,yBAAyB,MAAM,KAAK;AAChD,MAAI,CAAC,IACH;AAEF,MAAI;GACF,MAAM,KAAK,MAAM,KAAK,IAAI;AAC1B,OAAI,CAAC,GAAG,QAAQ,CACd;AAEF,SAAM,KAAK;IACT;IACA,SAAS;IACT,MAAM,GAAG;IACT,aAAa,GAAG;IACjB,CAAC;UACI;AACN,SAAM,KAAK;IAAE;IAAM,SAAS;IAAM,CAAC;;;AAGvC,OAAM,MAAM,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,KAAK,CAAC;AAClD,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,SAAS;GAAI,cAAc;GAAM;GAAO;EAAE;;AAGvE,eAAsB,uBACpB,KACA,SACA,MAC+E;CAC/E,MAAM,MAAM,kBAAkB,KAAK;AACnC,KAAI,IACF,QAAO;CAET,MAAM,KAAK,iBAAiB,QAAQ;AACpC,KAAI,uBAAuB,IAAI,CAAC,OAAO,MAAM,MAAM,GAAG,CACpD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,GAAG;EAAc,QAAQ;EAAK;CAGrE,MAAM,MAAM,yBAAyB,MADlB,kBAAkB,KAAK,GAAG,EACF,KAAK;AAChD,KAAI,CAAC,IACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAgB,QAAQ;EAAK;AAE1D,KAAI;AAEF,SAAO;GAAE,IAAI;GAAM,MAAM;IAAE,SAAS;IAAI,SAAA,MADlB,SAAS,KAAK,QAAQ;IACK,MAAM;IAAK;GAAE;SACxD;AACN,SAAO;GAAE,IAAI;GAAO,OAAO;GAAkB,QAAQ;GAAK;;;AAI9D,eAAsB,wBACpB,KACA,SACA,MACA,SAC8D;CAC9D,MAAM,MAAM,kBAAkB,KAAK;AACnC,KAAI,IACF,QAAO;CAET,MAAM,KAAK,iBAAiB,QAAQ;AACpC,KAAI,uBAAuB,IAAI,CAAC,OAAO,MAAM,MAAM,GAAG,CACpD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,GAAG;EAAc,QAAQ;EAAK;CAGrE,MAAM,MAAM,yBAAyB,MADlB,kBAAkB,KAAK,GAAG,EACF,KAAK;AAChD,KAAI,CAAC,IACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAgB,QAAQ;EAAK;AAG1D,KAAI,CAAC,qBAAqB,MADH,kBAAkB,KAAK,GAAG,EACb,IAAI,CACtC,QAAO;EAAE,IAAI;EAAO,OAAO;EAA+B,QAAQ;EAAK;AAEzE,OAAM,UAAU,KAAK,SAAS,QAAQ;AACtC,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,SAAS;GAAI,MAAM;GAAK;EAAE;;AAOvD,MAAM,yBAAyB,MAAM;AACrC,MAAM,wBAAwB;AAE9B,MAAM,0BAA0B;CAAC;CAAQ;CAAQ;CAAS;CAAQ;AAElE,SAAS,uBAAiC;AACxC,QAAO,wBAAwB,KAAK,QAAQ,GAAG,wBAAwB,MAAM;;AAG/E,SAAS,UAAU,MAA0D;CAC3E,MAAM,IAAI,KAAK,aAAa,CAAC,MAAM;AACnC,KAAI,MAAM,YAAa,QAAO;AAC9B,KAAI,MAAM,gBAAgB,MAAM,YAAa,QAAO;AACpD,KAAI,MAAM,aAAc,QAAO;AAC/B,QAAO;;AAGT,SAAS,yBAAyB,KAAmE;AACnG,KAAI,IAAI,UAAU,KAAK,IAAI,OAAO,OAAQ,IAAI,OAAO,MAAQ,IAAI,OAAO,MAAQ,IAAI,OAAO,GACzF,QAAO;AAET,KAAI,IAAI,UAAU,KAAK,IAAI,OAAO,OAAQ,IAAI,OAAO,OAAQ,IAAI,OAAO,IACtE,QAAO;AAET,KACE,IAAI,UAAU,MACd,IAAI,OAAO,MACX,IAAI,OAAO,MACX,IAAI,OAAO,MACX,IAAI,OAAO,MACX,IAAI,OAAO,MACX,IAAI,OAAO,MACX,IAAI,QAAQ,MACZ,IAAI,QAAQ,GAEZ,QAAO;AAET,QAAO;;AAGT,SAAS,2BAA2B,KAAa,IAA4C;AAC3F,KAAI,uBAAuB,IAAI,CAAC,OAAO,MAAM,MAAM,GAAG,CACpD,QAAO;EAAE,IAAI;EAAO,OAAO,UAAU,GAAG;EAAc,QAAQ;EAAK;AAErE,QAAO;;AAGT,eAAsB,oBACpB,KACA,SACmG;CACnG,MAAM,eAAe,2BAA2B,KAAK,QAAQ;AAC7D,KAAI,aACF,QAAO;CAET,MAAM,KAAK,iBAAiB,QAAQ;CACpC,MAAM,OAAO,MAAM,kBAAkB,KAAK,GAAG;AAC7C,MAAK,MAAM,QAAQ,sBAAsB,EAAE;EACzC,MAAM,MAAM,yBAAyB,MAAM,KAAK;AAChD,MAAI,CAAC,IACH;AAEF,MAAI;GACF,MAAM,KAAK,MAAM,KAAK,IAAI;AAC1B,OAAI,CAAC,GAAG,QAAQ,IAAI,GAAG,QAAQ,KAAK,GAAG,OAAO,uBAC5C;GAEF,MAAM,SAAS,MAAM,SAAS,IAAI;GAClC,MAAM,WAAW,yBAAyB,OAAO;AACjD,OAAI,CAAC,SACH;AAEF,UAAO;IAAE,IAAI;IAAM,MAAM;KAAE,SAAS;KAAI;KAAQ,aAAa;KAAU,MAAM;KAAK;IAAE;UAC9E;;AAIV,QAAO;EAAE,IAAI;EAAO,OAAO;EAAoB,QAAQ;EAAK;;AAG9D,eAAsB,2BACpB,KACA,SACA,QACA,UAC8D;CAC9D,MAAM,eAAe,2BAA2B,KAAK,QAAQ;AAC7D,KAAI,aACF,QAAO;CAET,MAAM,KAAK,iBAAiB,QAAQ;CACpC,MAAM,MAAM,UAAU,SAAS;AAC/B,KAAI,CAAC,IACH,QAAO;EAAE,IAAI;EAAO,OAAO;EAAmE,QAAQ;EAAK;CAE7G,IAAI;AACJ,KAAI;AACF,QAAM,OAAO,KAAK,QAAQ,SAAS;SAC7B;AACN,SAAO;GAAE,IAAI;GAAO,OAAO;GAAkB,QAAQ;GAAK;;AAE5D,KAAI,IAAI,WAAW,KAAK,IAAI,SAAS,uBACnC,QAAO;EAAE,IAAI;EAAO,OAAO,wCAAwC,uBAAuB;EAAS,QAAQ;EAAK;CAElH,MAAM,WAAW,yBAAyB,IAAI;AAC9C,KAAI,CAAC,YAAY,CAAC,uBAAuB,KAAK,SAAS,CACrD,QAAO;EAAE,IAAI;EAAO,OAAO;EAAmD,QAAQ;EAAK;CAG7F,MAAM,OAAO,MAAM,kBAAkB,KAAK,GAAG;CAC7C,MAAM,WAAW,MAAM,kBAAkB,KAAK,GAAG;CACjD,MAAM,aAAa,GAAG,wBAAwB;CAC9C,MAAM,MAAM,yBAAyB,MAAM,WAAW;AACtD,KAAI,CAAC,OAAO,CAAC,qBAAqB,UAAU,IAAI,CAC9C,QAAO;EAAE,IAAI;EAAO,OAAO;EAAgB,QAAQ;EAAK;AAE1D,MAAK,MAAM,QAAQ,sBAAsB,EAAE;AACzC,MAAI,SAAS,WACX;EAEF,MAAM,QAAQ,yBAAyB,MAAM,KAAK;AAClD,MAAI,SAAS,qBAAqB,UAAU,MAAM,CAChD,KAAI;AACF,SAAM,OAAO,MAAM;UACb;;AAKZ,OAAM,UAAU,KAAK,IAAI;AACzB,QAAO;EAAE,IAAI;EAAM,MAAM;GAAE,SAAS;GAAI,MAAM;GAAK;EAAE;;AAGvD,SAAS,gBAAgB,KAAqF;AAC5G,KAAI,QAAQ,OAAQ,QAAO;AAC3B,KAAI,QAAQ,QAAS,QAAO;AAC5B,QAAO;;AAGT,SAAS,uBACP,KACA,UACS;AACT,QAAO,aAAa,gBAAgB,IAAI;;;AAI1C,eAAsB,sBAAsB,KAAa,SAAiE;CACxH,MAAM,eAAe,2BAA2B,KAAK,QAAQ;AAC7D,KAAI,aACF,QAAO;CAET,MAAM,KAAK,iBAAiB,QAAQ;CACpC,MAAM,OAAO,MAAM,kBAAkB,KAAK,GAAG;CAC7C,MAAM,WAAW,MAAM,kBAAkB,KAAK,GAAG;AACjD,MAAK,MAAM,QAAQ,sBAAsB,EAAE;EACzC,MAAM,MAAM,yBAAyB,MAAM,KAAK;AAChD,MAAI,CAAC,OAAO,CAAC,qBAAqB,UAAU,IAAI,CAC9C;AAEF,MAAI;AACF,SAAM,OAAO,IAAI;UACX;;AAIV,QAAO;EAAE,IAAI;EAAM,MAAM,EAAE,SAAS,IAAI;EAAE"}

package/dist/src/gateway/auth.d.ts CHANGED Viewed

@@ -1,10 +1,16 @@
 import type { GatewayAuthConfig } from '../config/schema.js';
 /**
  * Resolved gateway authentication configuration.
+ *
+ * Supports three modes:
+ * - `none`: no authentication (local dev only)
+ * - `token`: Bearer token authentication (default)
+ * - `password`: password-based authentication (for simpler setups)
  */
 export interface ResolvedGatewayAuth {
-    mode: 'none' | 'token';
+    mode: 'none' | 'token' | 'password';
     token?: string;
+    password?: string;
 }
 /**
  * Resolve gateway authentication configuration.
@@ -20,12 +26,20 @@ export declare function resolveGatewayAuth(params: {
 export declare function assertGatewayAuthConfigured(auth: ResolvedGatewayAuth): void;
 /**
  * Constant-time string comparison to prevent timing attacks.
+ *
+ * Uses `crypto.timingSafeEqual` with padding so both buffers always have
+ * the same byte length. The actual length is checked separately.
+ *
+ * @deprecated Use `safeEqualSecret` from `./security/secret-equal.js` directly.
  */
 export declare function safeCompare(a: string, b: string): boolean;
 /**
- * Validate token against configured auth.
+ * Validate a credential against configured auth using constant-time comparison.
+ *
+ * Works for both token and password modes — the caller extracts the credential
+ * from the appropriate transport (header, query param, etc.).
  */
-export declare function validateToken(auth: ResolvedGatewayAuth, providedToken?: string | null): boolean;
+export declare function validateToken(auth: ResolvedGatewayAuth, providedCredential?: string | null): boolean;
 /**
  * Extract token from request headers.
  * Supports: Authorization: Bearer <token>, X-Api-Key: <token>

package/dist/src/gateway/auth.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { safeEqualSecret } from "./security/secret-equal.js";
 import crypto from "crypto";
 //#region src/gateway/auth.ts
 /**
@@ -9,16 +10,26 @@ function resolveGatewayAuth(params) {
 	const config = params.authConfig ?? { mode: "token" };
 	const envMode = env.XOPC_GATEWAY_AUTH_MODE;
 	const envToken = env.XOPC_GATEWAY_TOKEN;
+	const envPassword = env.XOPC_GATEWAY_PASSWORD;
 	let mode = "token";
-	if (envMode === "none" || envMode === "token") mode = envMode;
-	else if (config.mode === "none") mode = "none";
+	if (envMode === "none" || envMode === "token" || envMode === "password") mode = envMode;
+	else if (config.mode === "none" || config.mode === "password") mode = config.mode;
+	const hasToken = Boolean(envToken || config.token);
+	const hasPassword = Boolean(envPassword || config.password);
+	if (hasToken && hasPassword) throw new Error("Invalid config: both gateway.auth.token and gateway.auth.password are set. Choose one authentication mode: \"token\" (Bearer header) or \"password\".");
 	let token;
-	if (envToken) token = envToken;
+	if (mode === "token") if (envToken) token = envToken;
 	else if (config.token) token = config.token;
-	else if (mode === "token") token = crypto.randomBytes(24).toString("hex");
+	else token = crypto.randomBytes(24).toString("hex");
+	let password;
+	if (mode === "password") {
+		if (envPassword) password = envPassword;
+		else if (config.password) password = config.password;
+	}
 	return {
 		mode,
-		token
+		token,
+		password
 	};
 }
 /**
@@ -26,26 +37,34 @@ function resolveGatewayAuth(params) {
 */
 function assertGatewayAuthConfigured(auth) {
 	if (auth.mode === "token" && !auth.token) throw new Error("Gateway auth mode is token, but no token was configured. Set gateway.auth.token in config or XOPC_GATEWAY_TOKEN environment variable.");
+	if (auth.mode === "password" && !auth.password) throw new Error("Gateway auth mode is password, but no password was configured. Set gateway.auth.password in config or XOPC_GATEWAY_PASSWORD environment variable.");
 }
 /**
 * Constant-time string comparison to prevent timing attacks.
+*
+* Uses `crypto.timingSafeEqual` with padding so both buffers always have
+* the same byte length. The actual length is checked separately.
+*
+* @deprecated Use `safeEqualSecret` from `./security/secret-equal.js` directly.
 */
 function safeCompare(a, b) {
-	const aBuf = Buffer.from(a, "utf8");
-	const bBuf = Buffer.from(b, "utf8");
-	if (aBuf.length === bBuf.length) return crypto.timingSafeEqual(aBuf, bBuf);
-	let result = aBuf.length ^ bBuf.length;
-	const maxLen = Math.max(aBuf.length, bBuf.length);
-	for (let i = 0; i < maxLen; i++) result |= aBuf[i % aBuf.length] ^ bBuf[i % bBuf.length];
-	return result === 0;
+	return safeEqualSecret(a, b);
 }
 /**
-* Validate token against configured auth.
+* Validate a credential against configured auth using constant-time comparison.
+*
+* Works for both token and password modes — the caller extracts the credential
+* from the appropriate transport (header, query param, etc.).
 */
-function validateToken(auth, providedToken) {
+function validateToken(auth, providedCredential) {
 	if (auth.mode === "none") return true;
-	if (!auth.token || !providedToken) return false;
-	return safeCompare(auth.token, providedToken);
+	if (!providedCredential) return false;
+	if (auth.mode === "password") {
+		if (!auth.password) return false;
+		return safeEqualSecret(auth.password, providedCredential);
+	}
+	if (!auth.token) return false;
+	return safeEqualSecret(auth.token, providedCredential);
 }
 /**
 * Extract token from request headers.

package/dist/src/gateway/auth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.js","names":[],"sources":["../../../src/gateway/auth.ts"],"sourcesContent":["import crypto from 'crypto';\nimport type { GatewayAuthConfig } from '../config/schema.js';\n\n/*\n Resolved gateway authentication configuration.\n /\nexport interface ResolvedGatewayAuth {\n mode: 'none' \| 'token';\n token?: string;\n}\n\n/\n Resolve gateway authentication configuration.\n * Priority: env vars > config > defaults\n /\nexport function resolveGatewayAuth(params: {\n authConfig?: GatewayAuthConfig \| null;\n env?: NodeJS.ProcessEnv;\n}): ResolvedGatewayAuth {\n const env = params.env ?? process.env;\n const config: GatewayAuthConfig = params.authConfig ?? { mode: 'token' };\n\n // Environment variables take precedence\n const envMode = env.XOPC_GATEWAY_AUTH_MODE;\n const envToken = env.XOPC_GATEWAY_TOKEN;\n\n // Resolve mode\n let mode: ResolvedGatewayAuth['mode'] = 'token';\n if (envMode === 'none' \|\| envMode === 'token') {\n mode = envMode;\n } else if (config.mode === 'none') {\n mode = '~~none~~';\n }\n\n // Resolve token\n let token: string \| undefined;\n if (envToken) {\n token = envToken;\n } else if (config.token) {\n token = config.token;\n } else ~~if (mode === 'token')~~ {\n // Auto-generate token if not provided\n token = crypto.randomBytes(24).toString('hex');\n }\n\n return { mode, token };\n}\n\n/\n Assert that gateway auth is properly configured.\n /\nexport function assertGatewayAuthConfigured(auth: ResolvedGatewayAuth): void {\n if (auth.mode === 'token' && !auth.token) {\n throw new Error(\n 'Gateway auth mode is token, but no token was configured. ' +\n 'Set gateway.auth.token in config or XOPC_GATEWAY_TOKEN environment variable.'\n );\n }\n}\n\n/\n Constant-time string comparison to prevent timing attacks.\n /\nexport ~~function~~ ~~safeCompare(a:~~ ~~string,~~ b: ~~string):~~ ~~boolean~~ {\n ~~const~~ ~~aBuf~~ = ~~Buffer~~.~~from(a,~~ ~~'utf8');\~~n ~~const~~ ~~bBuf~~ = ~~Buffer.~~from~~(b,~~ ~~'utf8');\~~n ~~\n if~~ (~~aBuf.length~~ ~~===~~ ~~bBuf.length~~) {\n return ~~crypto.timingSafeEqual~~(~~aBuf~~, ~~bBuf~~);\n }\n \n // ~~For~~ ~~different~~ ~~lengths\n let~~ ~~result~~ = ~~aBuf.length~~ ^ ~~bBuf.length;\n const~~ ~~maxLen~~ = ~~Math.max(aBuf.length, bBuf.length);\~~n ~~for~~ ~~(let~~ i = 0; i < ~~maxLen;~~ ~~i++)~~ ~~{\n result~~ \|= ~~(aBuf[i~~ % ~~aBuf.length]~~ ~~^ bBuf[i % bBuf.length]);\n }~~\n ~~return~~ ~~result~~ ~~===~~ ~~0;\n}\n\n/\n~~ ~~Validate~~ ~~token~~ ~~against~~ ~~configured~~ ~~auth~~.\n /\nexport function validateToken(auth: ResolvedGatewayAuth, ~~providedToken~~?: string \| null): boolean {\n if (auth.mode === 'none') {\n return true;\n }\n if (!auth.~~token~~ \|\| ~~!providedToken~~) {\n return false;\n }\n return ~~safeCompare~~(auth.token, ~~providedToken~~);\n}\n\n/\n Extract token from request headers.\n * Supports: Authorization: Bearer <token>, X-Api-Key: <token>\n */\nexport function extractToken(headers?: Record<string, string \| string[] \| undefined>): string \| undefined {\n if (!headers) return undefined;\n\n // Authorization: Bearer <token>\n const authHeader = headers.authorization;\n if (authHeader) {\n const value = Array.isArray(authHeader) ? authHeader[0] : authHeader;\n if (value?.startsWith('Bearer ')) {\n return value.slice(7);\n }\n }\n\n // X-Api-Key: <token>\n const apiKey = headers['x-api-key'];\n if (apiKey) {\n return Array.isArray(apiKey) ? apiKey[0] : apiKey;\n }\n\n return undefined;\n}\n"],"mappings":"~~;;;;;;AAeA~~,SAAgB,mBAAmB,QAGX;CACtB,MAAM,MAAM,OAAO,OAAO,QAAQ;CAClC,MAAM,SAA4B,OAAO,cAAc,EAAE,MAAM,SAAS;CAGxE,MAAM,UAAU,IAAI;CACpB,MAAM,WAAW,IAAI;~~CAGrB~~,IAAI,OAAoC;AACxC,KAAI,YAAY,UAAU,YAAY,~~QACpC~~,QAAO;UACE,OAAO,SAAS,~~OACzB~~,QAAO;~~CAIT~~,IAAI;AACJ,KAAI,SACF,SAAQ;UACC,OAAO,MAChB,SAAQ,OAAO;~~UACN~~,~~SAAS,QAElB,~~SAAQ,OAAO,YAAY,GAAG,CAAC,SAAS,MAAM;~~AAGhD~~,QAAO;EAAE;EAAM;EAAO;;;;;~~AAMxB~~,SAAgB,4BAA4B,MAAiC;AAC3E,KAAI,KAAK,SAAS,WAAW,CAAC,KAAK,MACjC,OAAM,IAAI,MACR,wIAED~~;;;;;AAOL,SAAgB,YAAY,GAAW,GAAoB~~;~~CACzD~~,~~MAAM~~,~~OAAO,OAAO,~~KAAK,~~GAAG~~,~~OAAO;CACnC~~,~~MAAM~~,~~OAAO~~,~~OAAO~~,~~KAAK~~,~~GAAG~~,~~OAAO;AAEnC~~,~~KAAI~~,~~KAAK~~,~~WAAW~~,~~KAAK~~,~~OACvB~~,QAAO,~~OAAO,~~gBAAgB,~~MAAM~~,~~KAAK;CAI3C~~,~~IAAI~~,~~SAAS~~,~~KAAK~~,~~SAAS,KAAK~~;~~CAChC~~,~~MAAM~~,~~SAAS,~~KAAK,~~IAAI~~,~~KAAK~~,~~QAAQ,KAAK,OAAO~~;~~AACjD~~,~~MAAK~~,~~IAAI~~,~~IAAI~~,~~GAAG~~,~~IAAI~~,~~QAAQ~~,~~IAC1B~~,~~WAAW~~,~~KAAK~~,~~IAAI~~,KAAK,~~UAAU~~,~~KAAK,IAAI,KAAK~~;~~AAEnD~~,~~QAAO~~,~~WAAW;;;;;AAMpB~~,~~SAAgB,cAAc,MAA2B,eAAwC;AAC/F,KAAI,~~KAAK,~~SAAS~~,~~OAChB~~,~~QAAO;AAET,~~KAAI,CAAC,KAAK,~~SAAS~~,~~CAAC,cAClB,~~QAAO;~~AAET~~,QAAO,~~YAAY~~,KAAK,OAAO,~~cAAc~~;;;;;;~~AAO/C~~,SAAgB,aAAa,SAA6E;AACxG,KAAI,CAAC,QAAS,QAAO,KAAA;CAGrB,MAAM,aAAa,QAAQ;AAC3B,KAAI,YAAY;EACd,MAAM,QAAQ,MAAM,QAAQ,WAAW,GAAG,WAAW,KAAK;AAC1D,MAAI,OAAO,WAAW,UAAU,CAC9B,QAAO,MAAM,MAAM,EAAE;;CAKzB,MAAM,SAAS,QAAQ;AACvB,KAAI,OACF,QAAO,MAAM,QAAQ,OAAO,GAAG,OAAO,KAAK"}
1	+ {"version":3,"file":"auth.js","names":[],"sources":["../../../src/gateway/auth.ts"],"sourcesContent":["import crypto from 'crypto';\nimport type { GatewayAuthConfig } from '../config/schema.js';\nimport { safeEqualSecret } from './security/secret-equal.js';\n\n/*\n Resolved gateway authentication configuration.\n \n Supports three modes:\n * - `none`: no authentication (local dev only)\n * - `token`: Bearer token authentication (default)\n * - `password`: password-based authentication (for simpler setups)\n /\nexport interface ResolvedGatewayAuth {\n mode: 'none' \| 'token' \| 'password';\n token?: string;\n password?: string;\n}\n\n/\n Resolve gateway authentication configuration.\n * Priority: env vars > config > defaults\n /\nexport function resolveGatewayAuth(params: {\n authConfig?: GatewayAuthConfig \| null;\n env?: NodeJS.ProcessEnv;\n}): ResolvedGatewayAuth {\n const env = params.env ?? process.env;\n const config: GatewayAuthConfig = params.authConfig ?? { mode: 'token' };\n\n // Environment variables take precedence\n const envMode = env.XOPC_GATEWAY_AUTH_MODE;\n const envToken = env.XOPC_GATEWAY_TOKEN;\n const envPassword = env.XOPC_GATEWAY_PASSWORD;\n\n // Resolve mode\n let mode: ResolvedGatewayAuth['mode'] = 'token';\n if (envMode === 'none' \|\| envMode === 'token' \|\| envMode === 'password') {\n mode = envMode;\n } else if (config.mode === 'none' \|\| config.mode === 'password') {\n mode = config.mode;\n }\n\n // Ambiguity detection: reject conflicting credential types\n const hasToken = Boolean(envToken \|\| config.token);\n const hasPassword = Boolean(envPassword \|\| config.password);\n if (hasToken && hasPassword) {\n throw new Error(\n 'Invalid config: both gateway.auth.token and gateway.auth.password are set. ' +\n 'Choose one authentication mode: \"token\" (Bearer header) or \"password\".',\n );\n }\n\n // Resolve token\n let token: string \| undefined;\n if (mode === 'token') {\n if (envToken) {\n token = envToken;\n } else if (config.token) {\n token = config.token;\n } else {\n // Auto-generate token if not provided\n token = crypto.randomBytes(24).toString('hex');\n }\n }\n\n // Resolve password\n let password: string \| undefined;\n if (mode === 'password') {\n if (envPassword) {\n password = envPassword;\n } else if (config.password) {\n password = config.password;\n }\n }\n\n return { mode, token, password };\n}\n\n/\n Assert that gateway auth is properly configured.\n /\nexport function assertGatewayAuthConfigured(auth: ResolvedGatewayAuth): void {\n if (auth.mode === 'token' && !auth.token) {\n throw new Error(\n 'Gateway auth mode is token, but no token was configured. ' +\n 'Set gateway.auth.token in config or XOPC_GATEWAY_TOKEN environment variable.',\n );\n }\n if (auth.mode === 'password' && !auth.password) {\n throw new Error(\n 'Gateway auth mode is password, but no password was configured. ' +\n 'Set gateway.auth.password in config or XOPC_GATEWAY_PASSWORD environment variable.',\n );\n }\n}\n\n/\n Constant-time string comparison to prevent timing attacks.\n \n Uses `crypto.timingSafeEqual` with padding so both buffers always have\n * the same byte length. The actual length is checked separately.\n \n @deprecated Use `safeEqualSecret` from `./security/secret-equal.js` directly.\n /\nexport function safeCompare(a: string, b: string): boolean {\n return safeEqualSecret(a, b);\n}\n\n/\n Validate a credential against configured auth using constant-time comparison.\n \n Works for both token and password modes — the caller extracts the credential\n * from the appropriate transport (header, query param, etc.).\n /\nexport function validateToken(auth: ResolvedGatewayAuth, providedCredential?: string \| null): boolean {\n if (auth.mode === 'none') {\n return true;\n }\n\n if (!providedCredential) {\n return false;\n }\n\n if (auth.mode === 'password') {\n if (!auth.password) return false;\n return safeEqualSecret(auth.password, providedCredential);\n }\n\n // Default: token mode\n if (!auth.token) return false;\n return safeEqualSecret(auth.token, providedCredential);\n}\n\n/\n Extract token from request headers.\n * Supports: Authorization: Bearer <token>, X-Api-Key: <token>\n */\nexport function extractToken(headers?: Record<string, string \| string[] \| undefined>): string \| undefined {\n if (!headers) return undefined;\n\n // Authorization: Bearer <token>\n const authHeader = headers.authorization;\n if (authHeader) {\n const value = Array.isArray(authHeader) ? authHeader[0] : authHeader;\n if (value?.startsWith('Bearer ')) {\n return value.slice(7);\n }\n }\n\n // X-Api-Key: <token>\n const apiKey = headers['x-api-key'];\n if (apiKey) {\n return Array.isArray(apiKey) ? apiKey[0] : apiKey;\n }\n\n return undefined;\n}\n"],"mappings":";;;;;;;AAsBA,SAAgB,mBAAmB,QAGX;CACtB,MAAM,MAAM,OAAO,OAAO,QAAQ;CAClC,MAAM,SAA4B,OAAO,cAAc,EAAE,MAAM,SAAS;CAGxE,MAAM,UAAU,IAAI;CACpB,MAAM,WAAW,IAAI;CACrB,MAAM,cAAc,IAAI;CAGxB,IAAI,OAAoC;AACxC,KAAI,YAAY,UAAU,YAAY,WAAW,YAAY,WAC3D,QAAO;UACE,OAAO,SAAS,UAAU,OAAO,SAAS,WACnD,QAAO,OAAO;CAIhB,MAAM,WAAW,QAAQ,YAAY,OAAO,MAAM;CAClD,MAAM,cAAc,QAAQ,eAAe,OAAO,SAAS;AAC3D,KAAI,YAAY,YACd,OAAM,IAAI,MACR,wJAED;CAIH,IAAI;AACJ,KAAI,SAAS,QACX,KAAI,SACF,SAAQ;UACC,OAAO,MAChB,SAAQ,OAAO;KAGf,SAAQ,OAAO,YAAY,GAAG,CAAC,SAAS,MAAM;CAKlD,IAAI;AACJ,KAAI,SAAS;MACP,YACF,YAAW;WACF,OAAO,SAChB,YAAW,OAAO;;AAItB,QAAO;EAAE;EAAM;EAAO;EAAU;;;;;AAMlC,SAAgB,4BAA4B,MAAiC;AAC3E,KAAI,KAAK,SAAS,WAAW,CAAC,KAAK,MACjC,OAAM,IAAI,MACR,wIAED;AAEH,KAAI,KAAK,SAAS,cAAc,CAAC,KAAK,SACpC,OAAM,IAAI,MACR,oJAED;;;;;;;;;;AAYL,SAAgB,YAAY,GAAW,GAAoB;AACzD,QAAO,gBAAgB,GAAG,EAAE;;;;;;;;AAS9B,SAAgB,cAAc,MAA2B,oBAA6C;AACpG,KAAI,KAAK,SAAS,OAChB,QAAO;AAGT,KAAI,CAAC,mBACH,QAAO;AAGT,KAAI,KAAK,SAAS,YAAY;AAC5B,MAAI,CAAC,KAAK,SAAU,QAAO;AAC3B,SAAO,gBAAgB,KAAK,UAAU,mBAAmB;;AAI3D,KAAI,CAAC,KAAK,MAAO,QAAO;AACxB,QAAO,gBAAgB,KAAK,OAAO,mBAAmB;;;;;;AAOxD,SAAgB,aAAa,SAA6E;AACxG,KAAI,CAAC,QAAS,QAAO,KAAA;CAGrB,MAAM,aAAa,QAAQ;AAC3B,KAAI,YAAY;EACd,MAAM,QAAQ,MAAM,QAAQ,WAAW,GAAG,WAAW,KAAK;AAC1D,MAAI,OAAO,WAAW,UAAU,CAC9B,QAAO,MAAM,MAAM,EAAE;;CAKzB,MAAM,SAAS,QAAQ;AACvB,KAAI,OACF,QAAO,MAAM,QAAQ,OAAO,GAAG,OAAO,KAAK"}

package/dist/src/gateway/hono/app.js CHANGED Viewed

@@ -1,7 +1,10 @@
 import { createLogger } from "../../utils/logger/index.js";
 import { init_logger } from "../../utils/logger.js";
 import { maxWebchatAgentRequestBodyBytes } from "../chat-limits.js";
+import { buildGatewayConsoleCspHeader } from "../security/csp.js";
+import { checkBrowserOrigin } from "../security/origin-check.js";
 import { auth } from "./middleware/auth.js";
+import { operatorScopes } from "./middleware/scopes.js";
 import { logContextMiddleware } from "./middleware/log-context.js";
 import { logger } from "./middleware/logger.js";
 import { registerPublicExtensionAssetRoutes } from "./routes/auth-registry-extensions.js";
@@ -57,6 +60,7 @@ function createHonoApp(config) {
 	app.use(logContextMiddleware());
 	app.use(logger());
 	app.use(cors(CORS_OPTIONS));
+	const gatewayConsoleCsp = buildGatewayConsoleCspHeader();
 	app.use(createMiddleware(async (c, next) => {
 		await next();
 		if (isExtensionGatewayUiAssetPath(c.req.path)) return;
@@ -65,7 +69,32 @@ function createHonoApp(config) {
 		c.header("Referrer-Policy", "strict-origin-when-cross-origin");
 		c.header("X-XSS-Protection", "1; mode=block");
 		c.header("Permissions-Policy", "camera=(), microphone=(self), geolocation=()");
-		c.header("Content-Security-Policy", "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'");
+		c.header("Content-Security-Policy", gatewayConsoleCsp);
+	}));
+	const allowedOrigins = Array.isArray(corsOrigin) ? corsOrigin : [corsOrigin];
+	app.use("/api/*", createMiddleware(async (c, next) => {
+		if (isExtensionGatewayUiAssetPath(c.req.path)) return next();
+		const origin = c.req.header("origin");
+		if (!origin) return next();
+		const result = checkBrowserOrigin({
+			requestHost: c.req.header("host"),
+			origin,
+			allowedOrigins,
+			allowHostHeaderOriginFallback: true,
+			isLocalClient: false
+		});
+		if (!result.ok) {
+			log.warn({
+				origin,
+				reason: "reason" in result ? result.reason : "unknown",
+				path: c.req.path
+			}, "Browser origin check failed");
+			return c.json({
+				error: "Forbidden",
+				message: "Origin not allowed"
+			}, 403);
+		}
+		return next();
 	}));
 	app.use("/api/skills/upload", bodyLimit({
 		maxSize: 10 * 1024 * 1024,
@@ -96,6 +125,7 @@ function createHonoApp(config) {
 		token,
 		getGatewayAuth: () => service.currentConfig.gateway?.auth
 	}));
+	authenticated.use(operatorScopes());
 	const strictRateLimiter = /* @__PURE__ */ new Map();
 	setInterval(() => {
 		for (const [ip, limiter] of strictRateLimiter.entries()) if (limiter.consume().remaining === 9) strictRateLimiter.delete(ip);

package/dist/src/gateway/hono/app.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"app.js","names":[],"sources":["../../../../src/gateway/hono/app.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport { cors } from 'hono/cors';\nimport { createMiddleware } from 'hono/factory';\nimport { bodyLimit } from 'hono/body-limit';\n\nimport { createFixedWindowRateLimiter } from '../../infra/rate-limit.js';\nimport { createLogger } from '../../utils/logger.js';\nimport type { GatewayService } from '../service.js';\nimport { maxWebchatAgentRequestBodyBytes } from '../chat-limits.js';\nimport { auth } from './middleware/auth.js';\nimport { logContextMiddleware } from './middleware/log-context.js';\nimport { logger } from './middleware/logger.js';\nimport { registerPublicExtensionAssetRoutes } from './routes/auth-registry-extensions.js';\nimport { registerAuthenticatedRoutes } from './routes/index.js';\nimport { registerPublicGatewayRoutes } from './routes/public-gateway.js';\n\nconst log = createLogger('HonoApp');\n\nexport interface HonoAppConfig {\n service: GatewayService;\n token?: string;\n}\n\n/*\n Extension sandbox HTML under `/api/extensions/:id/assets/` ships its own CSP\n (`frame-ancestors 'self'`). The global gateway middleware must not overwrite it\n * with `frame-ancestors 'none'` / `X-Frame-Options: DENY`, or the console cannot embed iframes.\n /\nexport function isExtensionGatewayUiAssetPath(path: string): boolean {\n return /^\\/api\\/extensions\\/[^/]+\\/assets\\//.test(path);\n}\n\nexport function createHonoApp(config: HonoAppConfig): Hono {\n const { service, token } = config;\n const app = new Hono();\n\n const gatewayPort = service.currentConfig.gateway.port ?? 18790;\n const configuredOrigins = service.currentConfig.gateway.corsOrigins;\n\n let corsOrigin: string \| string[];\n if (configuredOrigins && configuredOrigins.length > 0) {\n corsOrigin = configuredOrigins;\n } else {\n corsOrigin = [\n `http://localhost:${gatewayPort}`,\n `http://127.0.0.1:${gatewayPort}`,\n 'http://localhost:3000',\n 'http://127.0.0.1:3000',\n ];\n }\n\n const CORS_OPTIONS = {\n origin: corsOrigin,\n allowMethods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],\n allowHeaders: ['Content-Type', 'Authorization', 'Accept', 'X-Session-Id', 'Last-Event-ID'],\n credentials: true,\n maxAge: 86400,\n };\n\n app.use(logContextMiddleware());\n app.use(logger());\n app.use(cors(CORS_OPTIONS));\n\n app.use(createMiddleware(async (c, next) => {\n await next();\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return;\n }\n c.header('X-Frame-Options', 'DENY');\n c.header('X-Content-Type-Options', 'nosniff');\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin');\n c.header('X-XSS-Protection', '1; mode=block');\n // microphone=(self): allow same-origin chat voice (composer). microphone=() breaks packaged Electron loading the gateway SPA.\n c.header('Permissions-Policy', 'camera=(), microphone=(self), geolocation=()');\n c.header(\n 'Content-Security-Policy',\n \"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'\",\n );\n }));\n\n app.use('/api/skills/upload', bodyLimit({\n maxSize: 10 1024 * 1024,\n onError: (c) => {\n return c.json({ error: 'Skill package too large', maxSize: '10MB' }, 413);\n },\n }));\n\n const DEFAULT_API_BODY_MAX = 1 * 1024 * 1024;\n const WEBCHAT_AGENT_BODY_MAX = maxWebchatAgentRequestBodyBytes();\n\n app.use('/api/', async (c, next) => {\n const maxSize = c.req.path === '/api/agent' ? WEBCHAT_AGENT_BODY_MAX : DEFAULT_API_BODY_MAX;\n const maxSizeMb = Math.ceil(maxSize / (1024 1024));\n return bodyLimit({\n maxSize,\n onError: (ctx) =>\n ctx.json({ error: 'Request body too large', maxSize: `${maxSizeMb}MB` }, 413),\n })(c, next);\n });\n\n registerPublicGatewayRoutes(app, service);\n\n // Extension UI assets are served without auth: sandboxed iframes (no allow-same-origin)\n // have an opaque origin of `null` and cannot forward the ?token= from the parent HTML URL.\n // Security is enforced by the strict CSP (frame-ancestors 'self') on every response.\n registerPublicExtensionAssetRoutes(app, service);\n\n const authenticated = new Hono();\n authenticated.use(\n auth({\n token,\n getGatewayAuth: () => service.currentConfig.gateway?.auth,\n }),\n );\n\n const strictRateLimiter = new Map<string, ReturnType<typeof createFixedWindowRateLimiter>>();\n\n const RATE_LIMIT_CLEANUP_INTERVAL = 5 * 60 * 1000;\n setInterval(() => {\n for (const [ip, limiter] of strictRateLimiter.entries()) {\n const result = limiter.consume();\n if (result.remaining === 9) {\n strictRateLimiter.delete(ip);\n }\n }\n }, RATE_LIMIT_CLEANUP_INTERVAL);\n\n const strictRateLimitMiddleware = createMiddleware(async (c, next) => {\n /\n const clientIp = c.req.header('x-forwarded-for')?.split(',')[0]?.trim()\n ?? c.req.header('x-real-ip')\n ?? 'unknown';\n\n let limiter = strictRateLimiter.get(clientIp);\n if (!limiter) {\n limiter = createFixedWindowRateLimiter({ maxRequests: 10, windowMs: 60_000 });\n strictRateLimiter.set(clientIp, limiter);\n }\n\n const result = limiter.consume();\n if (!result.allowed) {\n c.header('Retry-After', String(Math.ceil(result.retryAfterMs / 1000)));\n return c.json({ error: 'Too many requests' }, 429);\n }\n\n c.header('X-RateLimit-Remaining', String(result.remaining));\n /\n await next();\n });\n\n const sseConfig = {\n service,\n maxSseConnections: service.currentConfig.gateway.maxSseConnections,\n };\n\n registerAuthenticatedRoutes(authenticated, {\n service,\n strictRateLimitMiddleware,\n sseConfig,\n });\n\n app.route('/', authenticated);\n\n app.notFound((c) => {\n return c.json({ error: 'Not found' }, 404);\n });\n\n app.onError((err, c) => {\n log.error({ err }, 'Hono error');\n return c.json({ error: 'Internal server error' }, 500);\n });\n\n return app;\n}\n"],"mappings":";;;;;;;;;;;;;;aAMqD;AAUrD,MAAM,MAAM,aAAa,UAAU;;;;;;AAYnC,SAAgB,8BAA8B,MAAuB;AACnE,QAAO,sCAAsC,KAAK,KAAK;;AAGzD,SAAgB,cAAc,QAA6B;CACzD,MAAM,EAAE,SAAS,UAAU;CAC3B,MAAM,MAAM,IAAI,MAAM;CAEtB,MAAM,cAAc,QAAQ,cAAc,QAAQ,QAAQ;CAC1D,MAAM,oBAAoB,QAAQ,cAAc,QAAQ;CAExD,IAAI;AACJ,KAAI,qBAAqB,kBAAkB,SAAS,EAClD,cAAa;KAEb,cAAa;EACX,oBAAoB;EACpB,oBAAoB;EACpB;EACA;EACD;CAGH,MAAM,eAAe;EACnB,QAAQ;EACR,cAAc;GAAC;GAAO;GAAQ;GAAS;GAAU;GAAU;EAC3D,cAAc;GAAC;GAAgB;GAAiB;GAAU;GAAgB;GAAgB;EAC1F,aAAa;EACb,QAAQ;EACT;AAED,KAAI,IAAI,sBAAsB,CAAC;AAC/B,KAAI,IAAI,QAAQ,CAAC;AACjB,KAAI,IAAI,KAAK,aAAa,CAAC;AAE3B,KAAI,IAAI,iBAAiB,OAAO,GAAG,SAAS;AAC1C,QAAM,MAAM;AACZ,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C;AAEF,IAAE,OAAO,mBAAmB,OAAO;AACnC,IAAE,OAAO,0BAA0B,UAAU;AAC7C,IAAE,OAAO,mBAAmB,kCAAkC;AAC9D,IAAE,OAAO,oBAAoB,gBAAgB;AAE7C,IAAE,OAAO,sBAAsB,+CAA+C;AAC9E,IAAE,OACA,2BACA,0KACD;GACD,CAAC;AAEH,KAAI,IAAI,sBAAsB,UAAU;EACtC,SAAS,KAAK,OAAO;EACrB,UAAU,MAAM;AACd,UAAO,EAAE,KAAK;IAAE,OAAO;IAA2B,SAAS;IAAQ,EAAE,IAAI;;EAE5E,CAAC,CAAC;CAEH,MAAM,uBAAuB,IAAI,OAAO;CACxC,MAAM,yBAAyB,iCAAiC;AAEhE,KAAI,IAAI,UAAU,OAAO,GAAG,SAAS;EACnC,MAAM,UAAU,EAAE,IAAI,SAAS,eAAe,yBAAyB;EACvE,MAAM,YAAY,KAAK,KAAK,WAAW,OAAO,MAAM;AACpD,SAAO,UAAU;GACf;GACA,UAAU,QACR,IAAI,KAAK;IAAE,OAAO;IAA0B,SAAS,GAAG,UAAU;IAAK,EAAE,IAAI;GAChF,CAAC,CAAC,GAAG,KAAK;GACX;AAEF,6BAA4B,KAAK,QAAQ;AAKzC,oCAAmC,KAAK,QAAQ;CAEhD,MAAM,gBAAgB,IAAI,MAAM;AAChC,eAAc,IACZ,KAAK;EACH;EACA,sBAAsB,QAAQ,cAAc,SAAS;EACtD,CAAC,CACH;CAED,MAAM,oCAAoB,IAAI,KAA8D;AAG5F,mBAAkB;AAChB,OAAK,MAAM,CAAC,IAAI,YAAY,kBAAkB,SAAS,CAErD,KADe,QAAQ,SACb,CAAC,cAAc,EACvB,mBAAkB,OAAO,GAAG;IALE,MAAS,IAQd;AA8B/B,6BAA4B,eAAe;EACzC;EACA,2BA9BgC,iBAAiB,OAAO,GAAG,SAAS;AAoBpE,SAAM,MAAM;IAUa;EACzB,WAAA;GAPA;GACA,mBAAmB,QAAQ,cAAc,QAAQ;GAMxC;EACV,CAAC;AAEF,KAAI,MAAM,KAAK,cAAc;AAE7B,KAAI,UAAU,MAAM;AAClB,SAAO,EAAE,KAAK,EAAE,OAAO,aAAa,EAAE,IAAI;GAC1C;AAEF,KAAI,SAAS,KAAK,MAAM;AACtB,MAAI,MAAM,EAAE,KAAK,EAAE,aAAa;AAChC,SAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;GACtD;AAEF,QAAO"}
1	+ {"version":3,"file":"app.js","names":[],"sources":["../../../../src/gateway/hono/app.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport { cors } from 'hono/cors';\nimport { createMiddleware } from 'hono/factory';\nimport { bodyLimit } from 'hono/body-limit';\n\nimport { createFixedWindowRateLimiter } from '../../infra/rate-limit.js';\nimport { createLogger } from '../../utils/logger.js';\nimport type { GatewayService } from '../service.js';\nimport { maxWebchatAgentRequestBodyBytes } from '../chat-limits.js';\nimport { buildGatewayConsoleCspHeader } from '../security/csp.js';\nimport { checkBrowserOrigin } from '../security/origin-check.js';\nimport { auth } from './middleware/auth.js';\nimport { operatorScopes } from './middleware/scopes.js';\nimport { logContextMiddleware } from './middleware/log-context.js';\nimport { logger } from './middleware/logger.js';\nimport { registerPublicExtensionAssetRoutes } from './routes/auth-registry-extensions.js';\nimport { registerAuthenticatedRoutes } from './routes/index.js';\nimport { registerPublicGatewayRoutes } from './routes/public-gateway.js';\n\nconst log = createLogger('HonoApp');\n\nexport interface HonoAppConfig {\n service: GatewayService;\n token?: string;\n}\n\n/*\n Extension sandbox HTML under `/api/extensions/:id/assets/` ships its own CSP\n (`frame-ancestors 'self'`). The global gateway middleware must not overwrite it\n * with `frame-ancestors 'none'` / `X-Frame-Options: DENY`, or the console cannot embed iframes.\n /\nexport function isExtensionGatewayUiAssetPath(path: string): boolean {\n return /^\\/api\\/extensions\\/[^/]+\\/assets\\//.test(path);\n}\n\nexport function createHonoApp(config: HonoAppConfig): Hono {\n const { service, token } = config;\n const app = new Hono();\n\n const gatewayPort = service.currentConfig.gateway.port ?? 18790;\n const configuredOrigins = service.currentConfig.gateway.corsOrigins;\n\n let corsOrigin: string \| string[];\n if (configuredOrigins && configuredOrigins.length > 0) {\n corsOrigin = configuredOrigins;\n } else {\n corsOrigin = [\n `http://localhost:${gatewayPort}`,\n `http://127.0.0.1:${gatewayPort}`,\n 'http://localhost:3000',\n 'http://127.0.0.1:3000',\n ];\n }\n\n const CORS_OPTIONS = {\n origin: corsOrigin,\n allowMethods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],\n allowHeaders: ['Content-Type', 'Authorization', 'Accept', 'X-Session-Id', 'Last-Event-ID'],\n credentials: true,\n maxAge: 86400,\n };\n\n app.use(logContextMiddleware());\n app.use(logger());\n app.use(cors(CORS_OPTIONS));\n\n // Build CSP header once at startup (no inline script hashes needed for SPA)\n const gatewayConsoleCsp = buildGatewayConsoleCspHeader();\n\n // Security headers middleware\n app.use(createMiddleware(async (c, next) => {\n await next();\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return;\n }\n c.header('X-Frame-Options', 'DENY');\n c.header('X-Content-Type-Options', 'nosniff');\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin');\n c.header('X-XSS-Protection', '1; mode=block');\n // microphone=(self): allow same-origin chat voice (composer). microphone=() breaks packaged Electron loading the gateway SPA.\n c.header('Permissions-Policy', 'camera=(), microphone=(self), geolocation=()');\n c.header('Content-Security-Policy', gatewayConsoleCsp);\n }));\n\n // Browser Origin check middleware for API routes (CSRF protection).\n // Non-browser requests (no Origin header) pass through — they are\n // authenticated by the token middleware instead.\n const allowedOrigins = Array.isArray(corsOrigin) ? corsOrigin : [corsOrigin];\n app.use('/api/', createMiddleware(async (c, next) => {\n // Sandboxed extension iframes (no allow-same-origin) send `Origin: null`.\n // `checkBrowserOrigin` rejects that; these routes rely on CSP instead\n // (`registerPublicExtensionAssetRoutes`).\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return next();\n }\n\n const origin = c.req.header('origin');\n if (!origin) {\n // Non-browser request (CLI, server-to-server) — skip origin check\n return next();\n }\n\n const result = checkBrowserOrigin({\n requestHost: c.req.header('host'),\n origin,\n allowedOrigins,\n allowHostHeaderOriginFallback: true,\n isLocalClient: false,\n });\n\n if (!result.ok) {\n log.warn(\n { origin, reason: 'reason' in result ? result.reason : 'unknown', path: c.req.path },\n 'Browser origin check failed',\n );\n return c.json({ error: 'Forbidden', message: 'Origin not allowed' }, 403);\n }\n\n return next();\n }));\n\n app.use('/api/skills/upload', bodyLimit({\n maxSize: 10 * 1024 * 1024,\n onError: (c) => {\n return c.json({ error: 'Skill package too large', maxSize: '10MB' }, 413);\n },\n }));\n\n const DEFAULT_API_BODY_MAX = 1 * 1024 * 1024;\n const WEBCHAT_AGENT_BODY_MAX = maxWebchatAgentRequestBodyBytes();\n\n app.use('/api/', async (c, next) => {\n const maxSize = c.req.path === '/api/agent' ? WEBCHAT_AGENT_BODY_MAX : DEFAULT_API_BODY_MAX;\n const maxSizeMb = Math.ceil(maxSize / (1024 1024));\n return bodyLimit({\n maxSize,\n onError: (ctx) =>\n ctx.json({ error: 'Request body too large', maxSize: `${maxSizeMb}MB` }, 413),\n })(c, next);\n });\n\n registerPublicGatewayRoutes(app, service);\n\n // Extension UI assets are served without auth: sandboxed iframes (no allow-same-origin)\n // have an opaque origin of `null` and cannot forward the ?token= from the parent HTML URL.\n // Security is enforced by the strict CSP (frame-ancestors 'self') on every response.\n registerPublicExtensionAssetRoutes(app, service);\n\n const authenticated = new Hono();\n authenticated.use(\n auth({\n token,\n getGatewayAuth: () => service.currentConfig.gateway?.auth,\n }),\n );\n authenticated.use(operatorScopes());\n\n const strictRateLimiter = new Map<string, ReturnType<typeof createFixedWindowRateLimiter>>();\n\n const RATE_LIMIT_CLEANUP_INTERVAL = 5 * 60 * 1000;\n setInterval(() => {\n for (const [ip, limiter] of strictRateLimiter.entries()) {\n const result = limiter.consume();\n if (result.remaining === 9) {\n strictRateLimiter.delete(ip);\n }\n }\n }, RATE_LIMIT_CLEANUP_INTERVAL);\n\n const strictRateLimitMiddleware = createMiddleware(async (c, next) => {\n /\n const clientIp = c.req.header('x-forwarded-for')?.split(',')[0]?.trim()\n ?? c.req.header('x-real-ip')\n ?? 'unknown';\n\n let limiter = strictRateLimiter.get(clientIp);\n if (!limiter) {\n limiter = createFixedWindowRateLimiter({ maxRequests: 10, windowMs: 60_000 });\n strictRateLimiter.set(clientIp, limiter);\n }\n\n const result = limiter.consume();\n if (!result.allowed) {\n c.header('Retry-After', String(Math.ceil(result.retryAfterMs / 1000)));\n return c.json({ error: 'Too many requests' }, 429);\n }\n\n c.header('X-RateLimit-Remaining', String(result.remaining));\n /\n await next();\n });\n\n const sseConfig = {\n service,\n maxSseConnections: service.currentConfig.gateway.maxSseConnections,\n };\n\n registerAuthenticatedRoutes(authenticated, {\n service,\n strictRateLimitMiddleware,\n sseConfig,\n });\n\n app.route('/', authenticated);\n\n app.notFound((c) => {\n return c.json({ error: 'Not found' }, 404);\n });\n\n app.onError((err, c) => {\n log.error({ err }, 'Hono error');\n return c.json({ error: 'Internal server error' }, 500);\n });\n\n return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;aAMqD;AAarD,MAAM,MAAM,aAAa,UAAU;;;;;;AAYnC,SAAgB,8BAA8B,MAAuB;AACnE,QAAO,sCAAsC,KAAK,KAAK;;AAGzD,SAAgB,cAAc,QAA6B;CACzD,MAAM,EAAE,SAAS,UAAU;CAC3B,MAAM,MAAM,IAAI,MAAM;CAEtB,MAAM,cAAc,QAAQ,cAAc,QAAQ,QAAQ;CAC1D,MAAM,oBAAoB,QAAQ,cAAc,QAAQ;CAExD,IAAI;AACJ,KAAI,qBAAqB,kBAAkB,SAAS,EAClD,cAAa;KAEb,cAAa;EACX,oBAAoB;EACpB,oBAAoB;EACpB;EACA;EACD;CAGH,MAAM,eAAe;EACnB,QAAQ;EACR,cAAc;GAAC;GAAO;GAAQ;GAAS;GAAU;GAAU;EAC3D,cAAc;GAAC;GAAgB;GAAiB;GAAU;GAAgB;GAAgB;EAC1F,aAAa;EACb,QAAQ;EACT;AAED,KAAI,IAAI,sBAAsB,CAAC;AAC/B,KAAI,IAAI,QAAQ,CAAC;AACjB,KAAI,IAAI,KAAK,aAAa,CAAC;CAG3B,MAAM,oBAAoB,8BAA8B;AAGxD,KAAI,IAAI,iBAAiB,OAAO,GAAG,SAAS;AAC1C,QAAM,MAAM;AACZ,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C;AAEF,IAAE,OAAO,mBAAmB,OAAO;AACnC,IAAE,OAAO,0BAA0B,UAAU;AAC7C,IAAE,OAAO,mBAAmB,kCAAkC;AAC9D,IAAE,OAAO,oBAAoB,gBAAgB;AAE7C,IAAE,OAAO,sBAAsB,+CAA+C;AAC9E,IAAE,OAAO,2BAA2B,kBAAkB;GACtD,CAAC;CAKH,MAAM,iBAAiB,MAAM,QAAQ,WAAW,GAAG,aAAa,CAAC,WAAW;AAC5E,KAAI,IAAI,UAAU,iBAAiB,OAAO,GAAG,SAAS;AAIpD,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C,QAAO,MAAM;EAGf,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;AACrC,MAAI,CAAC,OAEH,QAAO,MAAM;EAGf,MAAM,SAAS,mBAAmB;GAChC,aAAa,EAAE,IAAI,OAAO,OAAO;GACjC;GACA;GACA,+BAA+B;GAC/B,eAAe;GAChB,CAAC;AAEF,MAAI,CAAC,OAAO,IAAI;AACd,OAAI,KACF;IAAE;IAAQ,QAAQ,YAAY,SAAS,OAAO,SAAS;IAAW,MAAM,EAAE,IAAI;IAAM,EACpF,8BACD;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAa,SAAS;IAAsB,EAAE,IAAI;;AAG3E,SAAO,MAAM;GACb,CAAC;AAEH,KAAI,IAAI,sBAAsB,UAAU;EACtC,SAAS,KAAK,OAAO;EACrB,UAAU,MAAM;AACd,UAAO,EAAE,KAAK;IAAE,OAAO;IAA2B,SAAS;IAAQ,EAAE,IAAI;;EAE5E,CAAC,CAAC;CAEH,MAAM,uBAAuB,IAAI,OAAO;CACxC,MAAM,yBAAyB,iCAAiC;AAEhE,KAAI,IAAI,UAAU,OAAO,GAAG,SAAS;EACnC,MAAM,UAAU,EAAE,IAAI,SAAS,eAAe,yBAAyB;EACvE,MAAM,YAAY,KAAK,KAAK,WAAW,OAAO,MAAM;AACpD,SAAO,UAAU;GACf;GACA,UAAU,QACR,IAAI,KAAK;IAAE,OAAO;IAA0B,SAAS,GAAG,UAAU;IAAK,EAAE,IAAI;GAChF,CAAC,CAAC,GAAG,KAAK;GACX;AAEF,6BAA4B,KAAK,QAAQ;AAKzC,oCAAmC,KAAK,QAAQ;CAEhD,MAAM,gBAAgB,IAAI,MAAM;AAChC,eAAc,IACZ,KAAK;EACH;EACA,sBAAsB,QAAQ,cAAc,SAAS;EACtD,CAAC,CACH;AACD,eAAc,IAAI,gBAAgB,CAAC;CAEnC,MAAM,oCAAoB,IAAI,KAA8D;AAG5F,mBAAkB;AAChB,OAAK,MAAM,CAAC,IAAI,YAAY,kBAAkB,SAAS,CAErD,KADe,QAAQ,SACb,CAAC,cAAc,EACvB,mBAAkB,OAAO,GAAG;IALE,MAAS,IAQd;AA8B/B,6BAA4B,eAAe;EACzC;EACA,2BA9BgC,iBAAiB,OAAO,GAAG,SAAS;AAoBpE,SAAM,MAAM;IAUa;EACzB,WAAA;GAPA;GACA,mBAAmB,QAAQ,cAAc,QAAQ;GAMxC;EACV,CAAC;AAEF,KAAI,MAAM,KAAK,cAAc;AAE7B,KAAI,UAAU,MAAM;AAClB,SAAO,EAAE,KAAK,EAAE,OAAO,aAAa,EAAE,IAAI;GAC1C;AAEF,KAAI,SAAS,KAAK,MAAM;AACtB,MAAI,MAAM,EAAE,KAAK,EAAE,aAAa;AAChC,SAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;GACtD;AAEF,QAAO"}

package/dist/src/gateway/hono/lib/config-payload.d.ts CHANGED Viewed

@@ -124,7 +124,7 @@ export declare function buildSafeWebConfigPayload(service: GatewayService): Prom
         host: string;
         port: number;
         auth: {
-            mode: "none" | "token";
+            mode: "none" | "token" | "password";
             token: string;
         };
         heartbeat: {

package/dist/src/gateway/hono/middleware/auth.js CHANGED Viewed

@@ -1,16 +1,17 @@
 import { createLogger } from "../../../utils/logger/index.js";
 import { init_logger } from "../../../utils/logger.js";
+import { safeEqualSecret } from "../../security/secret-equal.js";
 import { getAuthFailureRateLimiter, getClientIpFromHeaders, isAuthRateLimitGloballyDisabled, resolveAuthRateLimitConfig } from "../../auth-rate-limit.js";
 import { createMiddleware } from "hono/factory";
 //#region src/gateway/hono/middleware/auth.ts
 init_logger();
 const log = createLogger("Hono:Auth");
 /**
-* Validate token from header or query parameter
+* Validate token using constant-time comparison to prevent timing attacks.
 */
 function validateToken(providedToken, expectedToken) {
 	if (!providedToken) return false;
-	return providedToken === expectedToken;
+	return safeEqualSecret(providedToken, expectedToken);
 }
 /**
 * Extract token from Authorization header
@@ -106,7 +107,7 @@ function validateWebSocketAuth(url, authHeader, expectedToken) {
 			error: "Missing authentication token"
 		};
 	}
-	if (!validateToken(providedToken, expectedToken)) {
+	if (!safeEqualSecret(providedToken, expectedToken)) {
 		log.warn({
 			path: url.pathname,
 			reason: "invalid_token"