agent-relay 4.0.2 → 4.0.4

package/packages/sdk/dist/provisioner/__tests__/tar-seeder.test.js

@@ -0,0 +1,191 @@
+import fs from 'node:fs';
+import { tmpdir } from 'node:os';
+import path from 'node:path';
+import * as tar from 'tar';
+import { afterEach, describe, expect, it, vi } from 'vitest';
+const bulkWriteMock = vi.hoisted(() => vi.fn());
+const relayFileClientMock = vi.hoisted(() => vi.fn());
+const execSyncMock = vi.hoisted(() => vi.fn());
+vi.mock('@relayfile/sdk', () => ({
+    RelayFileClient: relayFileClientMock.mockImplementation(() => ({
+        bulkWrite: bulkWriteMock,
+    })),
+}));
+vi.mock('node:child_process', () => ({
+    execSync: execSyncMock,
+}));
+import { seedWorkspaceTar } from '../seeder.js';
+const tempDirs = [];
+function makeTempDir(prefix) {
+    const dir = fs.mkdtempSync(path.join(tmpdir(), prefix));
+    tempDirs.push(dir);
+    return dir;
+}
+function jsonResponse(payload, status = 200) {
+    return new Response(JSON.stringify(payload), {
+        status,
+        headers: { 'Content-Type': 'application/json' },
+    });
+}
+function listRelativeFiles(rootDir, currentDir = rootDir) {
+    const files = [];
+    const entries = fs.readdirSync(currentDir, { withFileTypes: true });
+    for (const entry of entries) {
+        const absolutePath = path.join(currentDir, entry.name);
+        if (entry.isDirectory()) {
+            files.push(...listRelativeFiles(rootDir, absolutePath));
+            continue;
+        }
+        if (entry.isFile()) {
+            files.push(path.relative(rootDir, absolutePath).split(path.sep).join('/'));
+        }
+    }
+    return files.sort((left, right) => left.localeCompare(right));
+}
+async function extractTarballEntries(body) {
+    const archiveDir = makeTempDir('relay-tar-archive-');
+    const extractDir = makeTempDir('relay-tar-extract-');
+    const archivePath = path.join(archiveDir, 'seed.tar.gz');
+    fs.writeFileSync(archivePath, Buffer.from(body));
+    await tar.extract({ file: archivePath, cwd: extractDir, gzip: true });
+    return listRelativeFiles(extractDir);
+}
+afterEach(() => {
+    bulkWriteMock.mockReset();
+    relayFileClientMock.mockClear();
+    execSyncMock.mockReset();
+    vi.restoreAllMocks();
+    vi.unstubAllGlobals();
+    for (const dir of tempDirs.splice(0)) {
+        fs.rmSync(dir, { recursive: true, force: true });
+    }
+});
+describe('seedWorkspaceTar', () => {
+    it('creates and uploads a tar.gz to the import endpoint and respects excludeDirs', async () => {
+        const projectDir = makeTempDir('relay-seed-project-');
+        fs.mkdirSync(path.join(projectDir, 'src'), { recursive: true });
+        fs.mkdirSync(path.join(projectDir, 'ignored'), { recursive: true });
+        fs.mkdirSync(path.join(projectDir, 'node_modules', 'left-pad'), { recursive: true });
+        fs.writeFileSync(path.join(projectDir, 'src', 'hello.txt'), 'hello world\n');
+        fs.writeFileSync(path.join(projectDir, 'src', 'data.bin'), Buffer.from([0xff, 0x00, 0xaa]));
+        fs.writeFileSync(path.join(projectDir, 'ignored', 'skip.txt'), 'skip me\n');
+        fs.writeFileSync(path.join(projectDir, 'node_modules', 'left-pad', 'index.js'), 'module.exports = 1;\n');
+        fs.writeFileSync(path.join(projectDir, '.relayfile-mount-state.json'), '{}\n');
+        execSyncMock.mockReturnValue([
+            'src/hello.txt',
+            'src/data.bin',
+            'ignored/skip.txt',
+            'node_modules/left-pad/index.js',
+            '.relayfile-mount-state.json',
+        ].join('\0'));
+        const fetchMock = vi.fn().mockResolvedValue(jsonResponse({ imported: 2 }));
+        vi.stubGlobal('fetch', fetchMock);
+        const imported = await seedWorkspaceTar('https://relayfile.example/', 'token', 'rw_demo', projectDir, [
+            'ignored',
+        ]);
+        expect(imported).toBe(2);
+        expect(fetchMock).toHaveBeenCalledTimes(1);
+        const [url, init] = fetchMock.mock.calls[0];
+        expect(String(url)).toContain('/v1/workspaces/rw_demo/fs/import');
+        expect(init.method).toBe('POST');
+        expect(init.headers).toMatchObject({
+            Authorization: 'Bearer token',
+            'Content-Type': 'application/gzip',
+            'X-Correlation-Id': expect.stringMatching(/^seed-tar-rw_demo-/),
+        });
+        expect(init.body).toBeInstanceOf(Uint8Array);
+        const entries = await extractTarballEntries(init.body);
+        expect(entries).toEqual(expect.arrayContaining(['src/data.bin', 'src/hello.txt']));
+        expect(entries).not.toContain('ignored/skip.txt');
+        expect(entries).not.toContain('node_modules/left-pad/index.js');
+        expect(entries).not.toContain('.relayfile-mount-state.json');
+    });
+    it('falls back to seedWorkspace when the import endpoint returns 404', async () => {
+        const projectDir = makeTempDir('relay-seed-project-');
+        fs.mkdirSync(path.join(projectDir, 'src'), { recursive: true });
+        fs.writeFileSync(path.join(projectDir, 'src', 'hello.txt'), 'hello fallback\n');
+        execSyncMock.mockReturnValue('src/hello.txt\0');
+        bulkWriteMock.mockRejectedValue({ status: undefined });
+        const fetchMock = vi
+            .fn()
+            .mockResolvedValueOnce(new Response('missing', { status: 404 }))
+            .mockResolvedValueOnce(jsonResponse({ written: 1, errorCount: 0, errors: [] }));
+        vi.stubGlobal('fetch', fetchMock);
+        const imported = await seedWorkspaceTar('https://relayfile.example/', 'token', 'rw_demo', projectDir, []);
+        expect(imported).toBe(1);
+        expect(fetchMock).toHaveBeenCalledTimes(2);
+        expect(String(fetchMock.mock.calls[0]?.[0])).toContain('/v1/workspaces/rw_demo/fs/import');
+        expect(String(fetchMock.mock.calls[1]?.[0])).toContain('/v1/workspaces/rw_demo/fs/bulk');
+        const payload = JSON.parse(String(fetchMock.mock.calls[1]?.[1].body));
+        expect(payload.files).toEqual([
+            { path: '/src/hello.txt', content: 'hello fallback\n', encoding: 'utf-8' },
+        ]);
+    });
+    it('throws on non-404 HTTP errors', async () => {
+        const projectDir = makeTempDir('relay-seed-project-');
+        fs.mkdirSync(path.join(projectDir, 'src'), { recursive: true });
+        fs.writeFileSync(path.join(projectDir, 'src', 'hello.txt'), 'hello\n');
+        execSyncMock.mockReturnValue('src/hello.txt\0');
+        const fetchMock = vi.fn().mockResolvedValue(new Response('boom', { status: 500 }));
+        vi.stubGlobal('fetch', fetchMock);
+        await expect(seedWorkspaceTar('https://relayfile.example/', 'token', 'rw_demo', projectDir, [])).rejects.toThrow('tar import failed for workspace rw_demo: HTTP 500 boom');
+    });
+    it('works for non-git directories via the directory-walk fallback path', async () => {
+        const projectDir = makeTempDir('relay-seed-project-');
+        fs.mkdirSync(path.join(projectDir, 'src'), { recursive: true });
+        fs.mkdirSync(path.join(projectDir, 'nested', 'docs'), { recursive: true });
+        fs.mkdirSync(path.join(projectDir, 'custom-ignore'), { recursive: true });
+        fs.mkdirSync(path.join(projectDir, 'node_modules', 'left-pad'), { recursive: true });
+        fs.writeFileSync(path.join(projectDir, 'src', 'app.ts'), 'export const app = true;\n');
+        fs.writeFileSync(path.join(projectDir, 'nested', 'docs', 'readme.md'), '# hello\n');
+        fs.writeFileSync(path.join(projectDir, 'custom-ignore', 'skip.txt'), 'skip\n');
+        fs.writeFileSync(path.join(projectDir, 'node_modules', 'left-pad', 'index.js'), 'module.exports = 1;\n');
+        fs.writeFileSync(path.join(projectDir, '.relayfile-mount-state.json'), '{}\n');
+        execSyncMock.mockImplementation(() => {
+            throw new Error('not a git repo');
+        });
+        const fetchMock = vi.fn().mockResolvedValue(jsonResponse({ imported: 2 }));
+        vi.stubGlobal('fetch', fetchMock);
+        const imported = await seedWorkspaceTar('https://relayfile.example/', 'token', 'rw_demo', projectDir, [
+            'custom-ignore',
+        ]);
+        expect(imported).toBe(2);
+        expect(fetchMock).toHaveBeenCalledTimes(1);
+        const [, init] = fetchMock.mock.calls[0];
+        const entries = await extractTarballEntries(init.body);
+        expect(entries).toEqual(expect.arrayContaining(['nested/docs/readme.md', 'src/app.ts']));
+        expect(entries).not.toContain('custom-ignore/skip.txt');
+        expect(entries).not.toContain('node_modules/left-pad/index.js');
+        expect(entries).not.toContain('.relayfile-mount-state.json');
+    });
+    it('includes untracked files returned by git ls-files and preserves gitignore filtering', async () => {
+        const projectDir = makeTempDir('relay-seed-project-');
+        fs.mkdirSync(path.join(projectDir, 'src'), { recursive: true });
+        fs.mkdirSync(path.join(projectDir, 'ignored-by-git'), { recursive: true });
+        fs.writeFileSync(path.join(projectDir, 'src', 'tracked.ts'), 'export const tracked = true;\n');
+        fs.writeFileSync(path.join(projectDir, 'src', 'draft.ts'), 'export const draft = true;\n');
+        fs.writeFileSync(path.join(projectDir, 'ignored-by-git', 'skip.txt'), 'skip\n');
+        execSyncMock.mockReturnValue(['src/tracked.ts', 'src/draft.ts'].join('\0'));
+        const fetchMock = vi.fn().mockResolvedValue(jsonResponse({ imported: 2 }));
+        vi.stubGlobal('fetch', fetchMock);
+        const imported = await seedWorkspaceTar('https://relayfile.example/', 'token', 'rw_demo', projectDir, []);
+        expect(imported).toBe(2);
+        expect(execSyncMock).toHaveBeenCalledWith('git ls-files -z --cached --others --exclude-standard', expect.objectContaining({ cwd: path.resolve(projectDir), encoding: 'utf-8' }));
+        const [, init] = fetchMock.mock.calls[0];
+        const entries = await extractTarballEntries(init.body);
+        expect(entries).toEqual(['src/draft.ts', 'src/tracked.ts']);
+        expect(entries).not.toContain('ignored-by-git/skip.txt');
+    });
+    it('does not fall back to a directory walk when git ls-files succeeds with no files', async () => {
+        const projectDir = makeTempDir('relay-seed-project-');
+        fs.mkdirSync(path.join(projectDir, 'ignored-by-git'), { recursive: true });
+        fs.writeFileSync(path.join(projectDir, 'ignored-by-git', 'skip.txt'), 'skip\n');
+        execSyncMock.mockReturnValue('');
+        const fetchMock = vi.fn().mockResolvedValue(jsonResponse({ imported: 0 }));
+        vi.stubGlobal('fetch', fetchMock);
+        const imported = await seedWorkspaceTar('https://relayfile.example/', 'token', 'rw_demo', projectDir, []);
+        expect(imported).toBe(0);
+        expect(fetchMock).not.toHaveBeenCalled();
+    });
+});
+//# sourceMappingURL=tar-seeder.test.js.map

package/packages/sdk/dist/provisioner/__tests__/tar-seeder.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tar-seeder.test.js","sourceRoot":"","sources":["../../../src/provisioner/__tests__/tar-seeder.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,KAAK,GAAG,MAAM,KAAK,CAAC;AAC3B,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE7D,MAAM,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAChD,MAAM,mBAAmB,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AACtD,MAAM,YAAY,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAE/C,EAAE,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/B,eAAe,EAAE,mBAAmB,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,CAAC;QAC7D,SAAS,EAAE,aAAa;KACzB,CAAC,CAAC;CACJ,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,QAAQ,EAAE,YAAY;CACvB,CAAC,CAAC,CAAC;AAEJ,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,QAAQ,GAAa,EAAE,CAAC;AAE9B,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACxD,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,OAAgB,EAAE,MAAM,GAAG,GAAG;IAClD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;QAC3C,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe,EAAE,UAAU,GAAG,OAAO;IAC9D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvD,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC;YACxD,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,IAAa;IAChD,MAAM,UAAU,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;IACrD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAEzD,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAkB,CAAC,CAAC,CAAC;IAC/D,MAAM,GAAG,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtE,OAAO,iBAAiB,CAAC,UAAU,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,CAAC,GAAG,EAAE;IACb,aAAa,CAAC,SAAS,EAAE,CAAC;IAC1B,mBAAmB,CAAC,SAAS,EAAE,CAAC;IAChC,YAAY,CAAC,SAAS,EAAE,CAAC;IACzB,EAAE,CAAC,eAAe,EAAE,CAAC;IACrB,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACtB,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,8EAA8E,EAAE,KAAK,IAAI,EAAE;QAC5F,MAAM,UAAU,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAErF,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,WAAW,CAAC,EAAE,eAAe,CAAC,CAAC;QAC7E,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5F,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,WAAW,CAAC,CAAC;QAC5E,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,uBAAuB,CAAC,CAAC;QACzG,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,6BAA6B,CAAC,EAAE,MAAM,CAAC,CAAC;QAE/E,YAAY,CAAC,eAAe,CAC1B;YACE,eAAe;YACf,cAAc;YACd,kBAAkB;YAClB,gCAAgC;YAChC,6BAA6B;SAC9B,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;QAEF,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,4BAA4B,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE;YACpG,SAAS;SACV,CAAC,CAAC;QAEH,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAE3C,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;QAClE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,aAAa,CAAC;YACjC,aAAa,EAAE,cAAc;YAC7B,cAAc,EAAE,kBAAkB;YAClC,kBAAkB,EAAE,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;SAChE,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAE7C,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;QACnF,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,MAAM,UAAU,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,WAAW,CAAC,EAAE,kBAAkB,CAAC,CAAC;QAEhF,YAAY,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;QAChD,aAAa,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAEvD,MAAM,SAAS,GAAG,EAAE;aACjB,EAAE,EAAE;aACJ,qBAAqB,CAAC,IAAI,QAAQ,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;aAC/D,qBAAqB,CAAC,YAAY,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAClF,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,4BAA4B,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;QAE1G,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;QAC3F,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAC;QAEzF,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACtE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC;YAC5B,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,EAAE;SAC3E,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,UAAU,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,WAAW,CAAC,EAAE,SAAS,CAAC,CAAC;QAEvE,YAAY,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;QAEhD,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACnF,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,MAAM,CACV,gBAAgB,CAAC,4BAA4B,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,CACnF,CAAC,OAAO,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,UAAU,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3E,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1E,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAErF,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,4BAA4B,CAAC,CAAC;QACvF,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,WAAW,CAAC,CAAC;QACpF,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/E,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,uBAAuB,CAAC,CAAC;QACzG,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,6BAA6B,CAAC,EAAE,MAAM,CAAC,CAAC;QAE/E,YAAY,CAAC,kBAAkB,CAAC,GAAG,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,4BAA4B,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE;YACpG,eAAe;SAChB,CAAC,CAAC;QAEH,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAE3C,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,uBAAuB,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qFAAqF,EAAE,KAAK,IAAI,EAAE;QACnG,MAAM,UAAU,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3E,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,YAAY,CAAC,EAAE,gCAAgC,CAAC,CAAC;QAC/F,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,8BAA8B,CAAC,CAAC;QAC3F,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;QAEhF,YAAY,CAAC,eAAe,CAAC,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAE5E,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,4BAA4B,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;QAE1G,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,sDAAsD,EACtD,MAAM,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAC9E,CAAC;QAEF,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iFAAiF,EAAE,KAAK,IAAI,EAAE;QAC/F,MAAM,UAAU,GAAG,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,EAAE,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;QAEhF,YAAY,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QAEjC,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,4BAA4B,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;QAE1G,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEzB,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/packages/sdk/dist/provisioner/__tests__/token-factory.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=token-factory.test.d.ts.map

package/packages/sdk/dist/provisioner/__tests__/token-factory.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-factory.test.d.ts","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token-factory.test.ts"],"names":[],"mappings":""}

package/packages/sdk/dist/provisioner/__tests__/token-factory.test.js

@@ -0,0 +1,127 @@
+import assert from 'node:assert/strict';
+import { createHmac } from 'node:crypto';
+import test from 'node:test';
+import { DEFAULT_ADMIN_AGENT_NAME, DEFAULT_ADMIN_SCOPES, DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS, WorkflowTokenFactory, mintAgentToken, } from '../token.js';
+function decodeJwtPart(value) {
+    return JSON.parse(Buffer.from(value, 'base64url').toString('utf8'));
+}
+function decodeJwt(token) {
+    const [header, payload, signature] = token.split('.');
+    assert.ok(header);
+    assert.ok(payload);
+    assert.ok(signature);
+    return {
+        header: decodeJwtPart(header),
+        payload: decodeJwtPart(payload),
+        signature,
+    };
+}
+test('mintAgentToken returns a valid JWT', () => {
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: ['relayfile:fs:read:/src/index.ts'],
+    });
+    const parts = token.split('.');
+    const decoded = decodeJwt(token);
+    assert.equal(parts.length, 3);
+    assert.ok(parts.every((part) => /^[A-Za-z0-9_-]+$/u.test(part)));
+    assert.deepEqual(decoded.header, { alg: 'HS256', typ: 'JWT' });
+    assert.equal(decoded.payload.sub, 'agent_worker');
+});
+test('mintAgentToken payload contains agent_name, workspace, and scopes', () => {
+    const scopes = ['relayfile:fs:read:/src/index.ts', 'relayfile:fs:write:/src/index.ts'];
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'compiler',
+        workspace: 'workspace-abc',
+        scopes,
+    });
+    const { payload } = decodeJwt(token);
+    assert.equal(payload.agent_name, 'compiler');
+    assert.equal(payload.wks, 'workspace-abc');
+    assert.equal(payload.workspace_id, 'workspace-abc');
+    assert.deepEqual(payload.scopes, scopes);
+});
+test('mintAgentToken defaults expiry to 2 hours', () => {
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: [],
+    });
+    const { payload } = decodeJwt(token);
+    assert.equal(payload.exp - payload.iat, DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS);
+    assert.equal(payload.exp - payload.iat, 2 * 60 * 60);
+});
+test('mintAgentToken applies a custom TTL', () => {
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: [],
+        ttlSeconds: 90,
+    });
+    const { payload } = decodeJwt(token);
+    assert.equal(payload.exp - payload.iat, 90);
+});
+test('WorkflowTokenFactory mintAdmin uses the default admin identity and scopes', () => {
+    const factory = new WorkflowTokenFactory('test-secret', 'workspace-admin');
+    const token = factory.mintAdmin();
+    const { payload } = decodeJwt(token);
+    assert.equal(payload.agent_name, DEFAULT_ADMIN_AGENT_NAME);
+    assert.equal(payload.wks, 'workspace-admin');
+    assert.deepEqual(payload.scopes, DEFAULT_ADMIN_SCOPES);
+});
+test('WorkflowTokenFactory getToken returns the token minted for an agent', () => {
+    const factory = new WorkflowTokenFactory('test-secret', 'workspace-123');
+    const token = factory.mintForAgent('builder', ['relayfile:fs:read:/src/index.ts']);
+    assert.equal(factory.getToken('builder'), token);
+});
+test('WorkflowTokenFactory uses its configured TTL when minting agent tokens', () => {
+    const factory = new WorkflowTokenFactory('test-secret', 'workspace-123', 45);
+    const token = factory.mintForAgent('builder', []);
+    const { payload } = decodeJwt(token);
+    assert.equal(payload.exp - payload.iat, 45);
+});
+test('mintAgentToken generates a unique JTI per token', () => {
+    const first = decodeJwt(mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: [],
+    })).payload;
+    const second = decodeJwt(mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: [],
+    })).payload;
+    assert.notEqual(first.jti, second.jti);
+    assert.match(first.jti, /^tok-\d+-/u);
+    assert.match(second.jti, /^tok-\d+-/u);
+});
+test('mintAgentToken includes the expected audience claims', () => {
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: [],
+    });
+    const { payload } = decodeJwt(token);
+    assert.deepEqual(payload.aud, ['relayauth', 'relayfile']);
+});
+test('mintAgentToken signs tokens with HMAC-SHA256', () => {
+    const secret = 'test-secret';
+    const token = mintAgentToken({
+        secret,
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: ['relayfile:fs:read:/src/index.ts'],
+    });
+    const [header, payload, signature] = token.split('.');
+    const expectedSignature = createHmac('sha256', secret).update(`${header}.${payload}`).digest('base64url');
+    assert.equal(signature, expectedSignature);
+});
+//# sourceMappingURL=token-factory.test.js.map

package/packages/sdk/dist/provisioner/__tests__/token-factory.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-factory.test.js","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token-factory.test.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,kCAAkC,EAClC,oBAAoB,EACpB,cAAc,GAEf,MAAM,aAAa,CAAC;AAOrB,SAAS,aAAa,CAAI,KAAa;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;AAC3E,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACtD,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;IAClB,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;IACnB,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;IAErB,OAAO;QACL,MAAM,EAAE,aAAa,CAAY,MAAM,CAAC;QACxC,OAAO,EAAE,aAAa,CAAc,OAAO,CAAC;QAC5C,SAAS;KACV,CAAC;AACJ,CAAC;AAED,IAAI,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAC9C,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,CAAC,iCAAiC,CAAC;KAC5C,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEjC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9B,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/D,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,mEAAmE,EAAE,GAAG,EAAE;IAC7E,MAAM,MAAM,GAAG,CAAC,iCAAiC,EAAE,kCAAkC,CAAC,CAAC;IACvF,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,eAAe;QAC1B,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAC3C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IACpD,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACrD,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;IAC5E,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,qCAAqC,EAAE,GAAG,EAAE;IAC/C,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;QACV,UAAU,EAAE,EAAE;KACf,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2EAA2E,EAAE,GAAG,EAAE;IACrF,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;IAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAClC,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAC7C,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;AACzD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,qEAAqE,EAAE,GAAG,EAAE;IAC/E,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;IACzE,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAEnF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,wEAAwE,EAAE,GAAG,EAAE;IAClF,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,aAAa,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,iDAAiD,EAAE,GAAG,EAAE;IAC3D,MAAM,KAAK,GAAG,SAAS,CACrB,cAAc,CAAC;QACb,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CACH,CAAC,OAAO,CAAC;IACV,MAAM,MAAM,GAAG,SAAS,CACtB,cAAc,CAAC;QACb,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CACH,CAAC,OAAO,CAAC;IAEV,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,sDAAsD,EAAE,GAAG,EAAE;IAChE,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,8CAA8C,EAAE,GAAG,EAAE;IACxD,MAAM,MAAM,GAAG,aAAa,CAAC;IAC7B,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,CAAC,iCAAiC,CAAC;KAC5C,CAAC,CAAC;IAEH,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACtD,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAE1G,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC"}

package/packages/sdk/dist/provisioner/__tests__/token.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=token.test.d.ts.map

package/packages/sdk/dist/provisioner/__tests__/token.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.test.d.ts","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token.test.ts"],"names":[],"mappings":""}

package/packages/sdk/dist/provisioner/__tests__/token.test.js

@@ -0,0 +1,44 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import { DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS, mintAgentToken } from '../token.js';
+function decodeJwtPayload(token) {
+    const [, payload] = token.split('.');
+    return JSON.parse(Buffer.from(payload, 'base64url').toString('utf8'));
+}
+test('mintAgentToken returns a valid JWT', () => {
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: ['relayfile:fs:read:/src/index.ts'],
+    });
+    const parts = token.split('.');
+    assert.equal(parts.length, 3);
+    assert.ok(parts.every((part) => /^[A-Za-z0-9_-]+$/u.test(part)));
+});
+test('mintAgentToken payload contains agent_name, workspace, and scopes', () => {
+    const scopes = ['relayfile:fs:read:/src/index.ts', 'relayfile:fs:write:/src/index.ts'];
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'compiler',
+        workspace: 'workspace-abc',
+        scopes,
+    });
+    const payload = decodeJwtPayload(token);
+    assert.equal(payload.agent_name, 'compiler');
+    assert.equal(payload.wks, 'workspace-abc');
+    assert.equal(payload.workspace_id, 'workspace-abc');
+    assert.deepEqual(payload.scopes, scopes);
+});
+test('mintAgentToken defaults expiry to 2 hours', () => {
+    const token = mintAgentToken({
+        secret: 'test-secret',
+        agentName: 'worker',
+        workspace: 'workspace-123',
+        scopes: [],
+    });
+    const payload = decodeJwtPayload(token);
+    assert.equal(payload.exp - payload.iat, DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS);
+    assert.equal(payload.exp - payload.iat, 2 * 60 * 60);
+});
+//# sourceMappingURL=token.test.js.map

package/packages/sdk/dist/provisioner/__tests__/token.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.test.js","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token.test.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,kCAAkC,EAAE,cAAc,EAAoB,MAAM,aAAa,CAAC;AAEnG,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAgB,CAAC;AACvF,CAAC;AAED,IAAI,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAC9C,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,CAAC,iCAAiC,CAAC;KAC5C,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9B,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,mEAAmE,EAAE,GAAG,EAAE;IAC7E,MAAM,MAAM,GAAG,CAAC,iCAAiC,EAAE,kCAAkC,CAAC,CAAC;IACvF,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,eAAe;QAC1B,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAC3C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IACpD,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACrD,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,MAAM,EAAE,aAAa;QACrB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;IAC5E,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC"}

package/packages/sdk/dist/provisioner/audit.d.ts

@@ -0,0 +1,19 @@
+export interface PermissionAuditEntry {
+    timestamp: string;
+    agentName: string;
+    action: string;
+    details: Record<string, unknown>;
+}
+export declare function getDefaultPermissionAuditPath(projectDir: string): string;
+export declare class PermissionAuditLog {
+    private readonly entries;
+    log(entry: Omit<PermissionAuditEntry, 'timestamp'> & {
+        timestamp?: string;
+    }): PermissionAuditEntry;
+    toJSON(): {
+        entries: PermissionAuditEntry[];
+    };
+    writeTo(filePath: string): Promise<void>;
+    summary(): string;
+}
+//# sourceMappingURL=audit.d.ts.map

package/packages/sdk/dist/provisioner/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/provisioner/audit.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAwCD,wBAAgB,6BAA6B,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAExE;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA8B;IAEtD,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,CAAC,GAAG;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,oBAAoB;IAYlG,MAAM,IAAI;QAAE,OAAO,EAAE,oBAAoB,EAAE,CAAA;KAAE;IAWvC,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9C,OAAO,IAAI,MAAM;CAoBlB"}

package/packages/sdk/dist/provisioner/audit.js

@@ -0,0 +1,74 @@
+import { mkdir, writeFile } from 'node:fs/promises';
+import path from 'node:path';
+const DEFAULT_PERMISSION_AUDIT_RELATIVE_PATH = path.join('.agent-relay', 'permission-audit.json');
+function isPlainObject(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+function sanitizeJsonValue(value, key) {
+    if (key && key.toLowerCase().includes('token')) {
+        return '[redacted]';
+    }
+    if (value === null ||
+        typeof value === 'string' ||
+        typeof value === 'number' ||
+        typeof value === 'boolean') {
+        return value;
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => sanitizeJsonValue(item));
+    }
+    if (isPlainObject(value)) {
+        return Object.fromEntries(Object.entries(value).map(([entryKey, entryValue]) => [
+            entryKey,
+            sanitizeJsonValue(entryValue, entryKey),
+        ]));
+    }
+    return String(value);
+}
+export function getDefaultPermissionAuditPath(projectDir) {
+    return path.resolve(projectDir, DEFAULT_PERMISSION_AUDIT_RELATIVE_PATH);
+}
+export class PermissionAuditLog {
+    entries = [];
+    log(entry) {
+        const storedEntry = {
+            timestamp: entry.timestamp ?? new Date().toISOString(),
+            agentName: entry.agentName,
+            action: entry.action,
+            details: sanitizeJsonValue(entry.details),
+        };
+        this.entries.push(storedEntry);
+        return storedEntry;
+    }
+    toJSON() {
+        return {
+            entries: this.entries.map((entry) => ({
+                timestamp: entry.timestamp,
+                agentName: entry.agentName,
+                action: entry.action,
+                details: { ...entry.details },
+            })),
+        };
+    }
+    async writeTo(filePath) {
+        await mkdir(path.dirname(filePath), { recursive: true });
+        await writeFile(filePath, `${JSON.stringify(this.toJSON(), null, 2)}\n`, 'utf8');
+    }
+    summary() {
+        if (this.entries.length === 0) {
+            return 'Permission audit: 0 entries';
+        }
+        const actionCounts = new Map();
+        const agentNames = new Set();
+        for (const entry of this.entries) {
+            actionCounts.set(entry.action, (actionCounts.get(entry.action) ?? 0) + 1);
+            agentNames.add(entry.agentName);
+        }
+        const actionSummary = [...actionCounts.entries()]
+            .sort(([left], [right]) => left.localeCompare(right))
+            .map(([action, count]) => `${action}=${count}`)
+            .join(', ');
+        return `Permission audit: ${this.entries.length} entr${this.entries.length === 1 ? 'y' : 'ies'} across ${agentNames.size} agent${agentNames.size === 1 ? '' : 's'} (${actionSummary})`;
+    }
+}
+//# sourceMappingURL=audit.js.map

package/packages/sdk/dist/provisioner/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/provisioner/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAW7B,MAAM,sCAAsC,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,uBAAuB,CAAC,CAAC;AAElG,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc,EAAE,GAAY;IACrD,IAAI,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IACE,KAAK,KAAK,IAAI;QACd,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,SAAS,EAC1B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC;YACpD,QAAQ;YACR,iBAAiB,CAAC,UAAU,EAAE,QAAQ,CAAC;SACxC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,UAAkB;IAC9D,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,sCAAsC,CAAC,CAAC;AAC1E,CAAC;AAED,MAAM,OAAO,kBAAkB;IACZ,OAAO,GAA2B,EAAE,CAAC;IAEtD,GAAG,CAAC,KAAuE;QACzE,MAAM,WAAW,GAAyB;YACxC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtD,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAA4B;SACrE,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBACpC,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE;aAC9B,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB;QAC5B,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACnF,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,6BAA6B,CAAC;QACvC,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QAErC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1E,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,CAAC,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC;aAC9C,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;aACpD,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC;aAC9C,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,OAAO,qBAAqB,IAAI,CAAC,OAAO,CAAC,MAAM,QAAQ,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,WAAW,UAAU,CAAC,IAAI,SAAS,UAAU,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,GAAG,CAAC;IACzL,CAAC;CACF"}

package/packages/sdk/dist/provisioner/compiler.d.ts

@@ -0,0 +1,23 @@
+import type { AgentPreset } from '../workflows/types.js';
+import type { AgentPermissions, CompiledAgentPermissions, CompileInput } from './types.js';
+type FileAction = 'read' | 'write';
+interface ExpandedPreset {
+    read: string[];
+    write: string[];
+    deny: string[];
+}
+export declare function defaultPermissionsForPreset(preset: AgentPreset | undefined): AgentPermissions;
+export declare function expandPreset(preset: AgentPermissions['access'], options?: {
+    projectDir?: string;
+    workdir?: string;
+}): ExpandedPreset;
+export declare function globsToScopes(globs: string[], action: FileAction): string[];
+export declare function compileAgentPermissions(input: CompileInput): CompiledAgentPermissions;
+export declare function mergeAcl(compilations: readonly CompiledAgentPermissions[]): Record<string, string[]>;
+export declare function resolveAgentPermissions(agentName: string, permissions: AgentPermissions | undefined, projectDir: string, workspace: string): CompiledAgentPermissions;
+export declare function compileAgentScopes(input: CompileInput): CompiledAgentPermissions;
+export declare function mergePermissionSources(dotfileScopes: string[], yamlScopes: string[], rawScopes: string[]): string[];
+export declare const expandAccessPreset: typeof expandPreset;
+export declare const globToScopes: (globs: string[], action: FileAction, _projectDir?: string) => string[];
+export {};
+//# sourceMappingURL=compiler.d.ts.map

package/packages/sdk/dist/provisioner/compiler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compiler.d.ts","sourceRoot":"","sources":["../../src/provisioner/compiler.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEzD,OAAO,KAAK,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,YAAY,EAAoB,MAAM,YAAY,CAAC;AAE7G,KAAK,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;AAEnC,UAAU,cAAc;IACtB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAqRD,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,CAY7F;AAED,wBAAgB,YAAY,CAC1B,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC,EAClC,OAAO,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAClD,cAAc,CAqBhB;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE,CAO3E;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,YAAY,GAAG,wBAAwB,CA4GrF;AAED,wBAAgB,QAAQ,CAAC,YAAY,EAAE,SAAS,wBAAwB,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAkBpG;AAED,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,gBAAgB,GAAG,SAAS,EACzC,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,GAChB,wBAAwB,CAO1B;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,YAAY,GAAG,wBAAwB,CAEhF;AAED,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,MAAM,EAAE,EACvB,UAAU,EAAE,MAAM,EAAE,EACpB,SAAS,EAAE,MAAM,EAAE,GAClB,MAAM,EAAE,CAEV;AAED,eAAO,MAAM,kBAAkB,qBAAe,CAAC;AAC/C,eAAO,MAAM,YAAY,GAAI,OAAO,MAAM,EAAE,EAAE,QAAQ,UAAU,EAAE,cAAc,MAAM,KAAG,MAAM,EACjE,CAAC"}