agent-relay 4.0.40 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +599 -197
- package/dist/packages/sdk/src/provisioner/local-jwks.d.ts +25 -0
- package/dist/packages/sdk/src/provisioner/local-jwks.d.ts.map +1 -0
- package/dist/packages/sdk/src/provisioner/local-jwks.js +70 -0
- package/dist/packages/sdk/src/provisioner/local-jwks.js.map +1 -0
- package/dist/packages/sdk/src/provisioner/token.d.ts +6 -3
- package/dist/packages/sdk/src/provisioner/token.d.ts.map +1 -1
- package/dist/packages/sdk/src/provisioner/token.js +11 -8
- package/dist/packages/sdk/src/provisioner/token.js.map +1 -1
- package/dist/src/cli/commands/on/provision.d.ts +2 -1
- package/dist/src/cli/commands/on/provision.d.ts.map +1 -1
- package/dist/src/cli/commands/on/provision.js +5 -4
- package/dist/src/cli/commands/on/provision.js.map +1 -1
- package/dist/src/cli/commands/on/services.d.ts +1 -0
- package/dist/src/cli/commands/on/services.d.ts.map +1 -1
- package/dist/src/cli/commands/on/services.js +9 -0
- package/dist/src/cli/commands/on/services.js.map +1 -1
- package/dist/src/cli/commands/on/start.d.ts +6 -3
- package/dist/src/cli/commands/on/start.d.ts.map +1 -1
- package/dist/src/cli/commands/on/start.js +310 -297
- package/dist/src/cli/commands/on/start.js.map +1 -1
- package/dist/src/cli/commands/on/token.d.ts +3 -1
- package/dist/src/cli/commands/on/token.d.ts.map +1 -1
- package/dist/src/cli/commands/on/token.js +3 -3
- package/dist/src/cli/commands/on/token.js.map +1 -1
- package/node_modules/@agent-relay/broker-darwin-arm64/README.md +11 -0
- package/node_modules/@agent-relay/broker-darwin-arm64/package.json +17 -0
- package/node_modules/@agent-relay/broker-darwin-x64/README.md +11 -0
- package/node_modules/@agent-relay/broker-darwin-x64/bin/.gitkeep +0 -0
- package/node_modules/@agent-relay/broker-darwin-x64/package.json +17 -0
- package/node_modules/@agent-relay/broker-linux-arm64/README.md +12 -0
- package/node_modules/@agent-relay/broker-linux-arm64/bin/.gitkeep +0 -0
- package/node_modules/@agent-relay/broker-linux-arm64/package.json +17 -0
- package/node_modules/@agent-relay/broker-linux-x64/README.md +12 -0
- package/node_modules/@agent-relay/broker-linux-x64/bin/.gitkeep +0 -0
- package/node_modules/@agent-relay/broker-linux-x64/package.json +17 -0
- package/node_modules/@agent-relay/broker-win32-x64/README.md +11 -0
- package/node_modules/@agent-relay/broker-win32-x64/bin/.gitkeep +0 -0
- package/node_modules/@agent-relay/broker-win32-x64/package.json +17 -0
- package/node_modules/@agent-relay/cloud/package.json +2 -2
- package/node_modules/@agent-relay/config/dist/cli-registry.generated.d.ts +353 -157
- package/node_modules/@agent-relay/config/dist/cli-registry.generated.d.ts.map +1 -1
- package/node_modules/@agent-relay/config/dist/cli-registry.generated.js +356 -160
- package/node_modules/@agent-relay/config/dist/cli-registry.generated.js.map +1 -1
- package/node_modules/@agent-relay/config/package.json +1 -1
- package/node_modules/@agent-relay/hooks/package.json +4 -4
- package/node_modules/@agent-relay/sdk/dist/broker-path.d.ts +18 -7
- package/node_modules/@agent-relay/sdk/dist/broker-path.d.ts.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/broker-path.js +92 -20
- package/node_modules/@agent-relay/sdk/dist/broker-path.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/client.d.ts.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/client.js +9 -2
- package/node_modules/@agent-relay/sdk/dist/client.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/__tests__/audit.test.js +2 -2
- package/node_modules/@agent-relay/sdk/dist/provisioner/__tests__/audit.test.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/__tests__/token-factory.test.js +29 -17
- package/node_modules/@agent-relay/sdk/dist/provisioner/__tests__/token-factory.test.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/__tests__/token.test.js +8 -3
- package/node_modules/@agent-relay/sdk/dist/provisioner/__tests__/token.test.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/index.d.ts +1 -0
- package/node_modules/@agent-relay/sdk/dist/provisioner/index.d.ts.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/index.js +5 -2
- package/node_modules/@agent-relay/sdk/dist/provisioner/index.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/local-jwks.d.ts +25 -0
- package/node_modules/@agent-relay/sdk/dist/provisioner/local-jwks.d.ts.map +1 -0
- package/node_modules/@agent-relay/sdk/dist/provisioner/local-jwks.js +70 -0
- package/node_modules/@agent-relay/sdk/dist/provisioner/local-jwks.js.map +1 -0
- package/node_modules/@agent-relay/sdk/dist/provisioner/token.d.ts +6 -3
- package/node_modules/@agent-relay/sdk/dist/provisioner/token.d.ts.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/token.js +11 -8
- package/node_modules/@agent-relay/sdk/dist/provisioner/token.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/provisioner/types.d.ts +3 -2
- package/node_modules/@agent-relay/sdk/dist/provisioner/types.d.ts.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/workflows/__tests__/sibling-links.test.d.ts +2 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/__tests__/sibling-links.test.d.ts.map +1 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/__tests__/sibling-links.test.js +166 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/__tests__/sibling-links.test.js.map +1 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/index.d.ts +2 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/index.d.ts.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/workflows/index.js +1 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/index.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/workflows/runner.d.ts.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/workflows/runner.js +18 -1
- package/node_modules/@agent-relay/sdk/dist/workflows/runner.js.map +1 -1
- package/node_modules/@agent-relay/sdk/dist/workflows/sibling-links.d.ts +100 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/sibling-links.d.ts.map +1 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/sibling-links.js +205 -0
- package/node_modules/@agent-relay/sdk/dist/workflows/sibling-links.js.map +1 -0
- package/node_modules/@agent-relay/sdk/package.json +10 -3
- package/node_modules/@agent-relay/telemetry/package.json +1 -1
- package/node_modules/@agent-relay/trajectory/package.json +2 -2
- package/node_modules/@agent-relay/user-directory/package.json +2 -2
- package/node_modules/@agent-relay/utils/package.json +2 -2
- package/node_modules/@aws-sdk/core/package.json +5 -5
- package/node_modules/@aws-sdk/credential-provider-env/package.json +2 -2
- package/node_modules/@aws-sdk/credential-provider-http/package.json +5 -5
- package/node_modules/@aws-sdk/credential-provider-ini/package.json +9 -9
- package/node_modules/@aws-sdk/credential-provider-login/package.json +3 -3
- package/node_modules/@aws-sdk/credential-provider-node/package.json +7 -7
- package/node_modules/@aws-sdk/credential-provider-process/package.json +2 -2
- package/node_modules/@aws-sdk/credential-provider-sso/package.json +4 -4
- package/node_modules/@aws-sdk/credential-provider-web-identity/package.json +3 -3
- package/node_modules/@aws-sdk/middleware-flexible-checksums/package.json +4 -4
- package/node_modules/@aws-sdk/middleware-sdk-s3/package.json +5 -5
- package/node_modules/@aws-sdk/middleware-user-agent/package.json +4 -4
- package/node_modules/@aws-sdk/nested-clients/package.json +14 -14
- package/node_modules/@aws-sdk/signature-v4-multi-region/package.json +2 -2
- package/node_modules/@aws-sdk/token-providers/package.json +3 -3
- package/node_modules/@aws-sdk/util-user-agent-node/package.json +2 -2
- package/node_modules/@aws-sdk/xml-builder/dist-cjs/xml-parser.js +0 -2
- package/node_modules/@aws-sdk/xml-builder/dist-es/xml-parser.js +0 -2
- package/node_modules/@aws-sdk/xml-builder/package.json +2 -2
- package/node_modules/@nodable/entities/README.md +41 -0
- package/node_modules/@nodable/entities/package.json +54 -0
- package/node_modules/@nodable/entities/src/EntityDecoder.js +543 -0
- package/node_modules/@nodable/entities/src/EntityEncoder.js +194 -0
- package/node_modules/@nodable/entities/src/entities.js +1177 -0
- package/node_modules/@nodable/entities/src/entityTries.js +49 -0
- package/node_modules/@nodable/entities/src/index.d.ts +264 -0
- package/node_modules/@nodable/entities/src/index.js +29 -0
- package/node_modules/@smithy/core/package.json +2 -2
- package/node_modules/@smithy/middleware-endpoint/package.json +3 -3
- package/node_modules/@smithy/middleware-retry/package.json +4 -4
- package/node_modules/@smithy/middleware-serde/package.json +2 -2
- package/node_modules/@smithy/node-http-handler/dist-cjs/index.js +27 -16
- package/node_modules/@smithy/node-http-handler/dist-es/http2/ClientHttp2SessionRef.js +5 -0
- package/node_modules/@smithy/node-http-handler/dist-es/node-http2-connection-manager.js +22 -16
- package/node_modules/@smithy/node-http-handler/dist-types/http2/ClientHttp2SessionRef.d.ts +4 -0
- package/node_modules/@smithy/node-http-handler/dist-types/node-http2-connection-manager.d.ts +2 -4
- package/node_modules/@smithy/node-http-handler/package.json +1 -1
- package/node_modules/@smithy/smithy-client/package.json +4 -4
- package/node_modules/@smithy/util-defaults-mode-browser/package.json +2 -2
- package/node_modules/@smithy/util-defaults-mode-node/package.json +2 -2
- package/node_modules/@smithy/util-retry/dist-cjs/index.js +20 -10
- package/node_modules/@smithy/util-retry/dist-es/StandardRetryStrategy.js +20 -10
- package/node_modules/@smithy/util-retry/dist-types/StandardRetryStrategy.d.ts +12 -4
- package/node_modules/@smithy/util-retry/package.json +1 -1
- package/node_modules/@smithy/util-stream/package.json +2 -2
- package/node_modules/fast-xml-parser/CHANGELOG.md +53 -0
- package/node_modules/fast-xml-parser/README.md +8 -28
- package/node_modules/fast-xml-parser/lib/fxbuilder.min.js +1 -1
- package/node_modules/fast-xml-parser/lib/fxbuilder.min.js.map +1 -1
- package/node_modules/fast-xml-parser/lib/fxp.cjs +1 -1
- package/node_modules/fast-xml-parser/lib/fxp.d.cts +172 -6
- package/node_modules/fast-xml-parser/lib/fxp.min.js +1 -1
- package/node_modules/fast-xml-parser/lib/fxp.min.js.map +1 -1
- package/node_modules/fast-xml-parser/lib/fxparser.min.js +1 -1
- package/node_modules/fast-xml-parser/lib/fxparser.min.js.map +1 -1
- package/node_modules/fast-xml-parser/package.json +5 -4
- package/node_modules/fast-xml-parser/src/fxp.d.ts +162 -3
- package/node_modules/fast-xml-parser/src/xmlparser/DocTypeReader.js +2 -5
- package/node_modules/fast-xml-parser/src/xmlparser/OptionsBuilder.js +15 -11
- package/node_modules/fast-xml-parser/src/xmlparser/OrderedObjParser.js +168 -244
- package/node_modules/fast-xml-parser/src/xmlparser/XMLParser.js +1 -1
- package/package.json +9 -10
- package/packages/cloud/package.json +2 -2
- package/packages/config/dist/cli-registry.generated.d.ts +353 -157
- package/packages/config/dist/cli-registry.generated.d.ts.map +1 -1
- package/packages/config/dist/cli-registry.generated.js +356 -160
- package/packages/config/dist/cli-registry.generated.js.map +1 -1
- package/packages/config/package.json +1 -1
- package/packages/hooks/package.json +4 -4
- package/packages/sdk/dist/broker-path.d.ts +18 -7
- package/packages/sdk/dist/broker-path.d.ts.map +1 -1
- package/packages/sdk/dist/broker-path.js +92 -20
- package/packages/sdk/dist/broker-path.js.map +1 -1
- package/packages/sdk/dist/client.d.ts.map +1 -1
- package/packages/sdk/dist/client.js +9 -2
- package/packages/sdk/dist/client.js.map +1 -1
- package/packages/sdk/dist/provisioner/__tests__/audit.test.js +2 -2
- package/packages/sdk/dist/provisioner/__tests__/audit.test.js.map +1 -1
- package/packages/sdk/dist/provisioner/__tests__/token-factory.test.js +29 -17
- package/packages/sdk/dist/provisioner/__tests__/token-factory.test.js.map +1 -1
- package/packages/sdk/dist/provisioner/__tests__/token.test.js +8 -3
- package/packages/sdk/dist/provisioner/__tests__/token.test.js.map +1 -1
- package/packages/sdk/dist/provisioner/index.d.ts +1 -0
- package/packages/sdk/dist/provisioner/index.d.ts.map +1 -1
- package/packages/sdk/dist/provisioner/index.js +5 -2
- package/packages/sdk/dist/provisioner/index.js.map +1 -1
- package/packages/sdk/dist/provisioner/local-jwks.d.ts +25 -0
- package/packages/sdk/dist/provisioner/local-jwks.d.ts.map +1 -0
- package/packages/sdk/dist/provisioner/local-jwks.js +70 -0
- package/packages/sdk/dist/provisioner/local-jwks.js.map +1 -0
- package/packages/sdk/dist/provisioner/token.d.ts +6 -3
- package/packages/sdk/dist/provisioner/token.d.ts.map +1 -1
- package/packages/sdk/dist/provisioner/token.js +11 -8
- package/packages/sdk/dist/provisioner/token.js.map +1 -1
- package/packages/sdk/dist/provisioner/types.d.ts +3 -2
- package/packages/sdk/dist/provisioner/types.d.ts.map +1 -1
- package/packages/sdk/dist/workflows/__tests__/sibling-links.test.d.ts +2 -0
- package/packages/sdk/dist/workflows/__tests__/sibling-links.test.d.ts.map +1 -0
- package/packages/sdk/dist/workflows/__tests__/sibling-links.test.js +166 -0
- package/packages/sdk/dist/workflows/__tests__/sibling-links.test.js.map +1 -0
- package/packages/sdk/dist/workflows/index.d.ts +2 -0
- package/packages/sdk/dist/workflows/index.d.ts.map +1 -1
- package/packages/sdk/dist/workflows/index.js +1 -0
- package/packages/sdk/dist/workflows/index.js.map +1 -1
- package/packages/sdk/dist/workflows/runner.d.ts.map +1 -1
- package/packages/sdk/dist/workflows/runner.js +18 -1
- package/packages/sdk/dist/workflows/runner.js.map +1 -1
- package/packages/sdk/dist/workflows/sibling-links.d.ts +100 -0
- package/packages/sdk/dist/workflows/sibling-links.d.ts.map +1 -0
- package/packages/sdk/dist/workflows/sibling-links.js +205 -0
- package/packages/sdk/dist/workflows/sibling-links.js.map +1 -0
- package/packages/sdk/package.json +10 -3
- package/packages/telemetry/package.json +1 -1
- package/packages/trajectory/package.json +2 -2
- package/packages/user-directory/package.json +2 -2
- package/packages/utils/package.json +2 -2
- package/scripts/postinstall.js +9 -146
- package/bin/agent-relay-broker-darwin-arm64 +0 -0
- package/bin/agent-relay-broker-darwin-x64 +0 -0
- package/bin/agent-relay-broker-linux-arm64 +0 -0
- package/bin/agent-relay-broker-linux-x64 +0 -0
- package/node_modules/fast-xml-parser/lib/pem.d.cts +0 -148
- package/node_modules/fast-xml-parser/src/pem.d.ts +0 -135
- /package/{bin → node_modules/@agent-relay/broker-darwin-arm64/bin}/.gitkeep +0 -0
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import assert from 'node:assert/strict';
|
|
2
|
-
import {
|
|
2
|
+
import { createPublicKey, createVerify } from 'node:crypto';
|
|
3
3
|
import test from 'node:test';
|
|
4
|
+
import { createLocalJwksKeyPair } from '../local-jwks.js';
|
|
4
5
|
import { DEFAULT_ADMIN_AGENT_NAME, DEFAULT_ADMIN_SCOPES, DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS, WorkflowTokenFactory, mintAgentToken, } from '../token.js';
|
|
5
6
|
function decodeJwtPart(value) {
|
|
6
7
|
return JSON.parse(Buffer.from(value, 'base64url').toString('utf8'));
|
|
@@ -16,9 +17,14 @@ function decodeJwt(token) {
|
|
|
16
17
|
signature,
|
|
17
18
|
};
|
|
18
19
|
}
|
|
20
|
+
function testSigningKey() {
|
|
21
|
+
const { privateKey, kid } = createLocalJwksKeyPair();
|
|
22
|
+
return { privateKey, kid };
|
|
23
|
+
}
|
|
19
24
|
test('mintAgentToken returns a valid JWT', () => {
|
|
25
|
+
const signingKey = testSigningKey();
|
|
20
26
|
const token = mintAgentToken({
|
|
21
|
-
|
|
27
|
+
...signingKey,
|
|
22
28
|
agentName: 'worker',
|
|
23
29
|
workspace: 'workspace-123',
|
|
24
30
|
scopes: ['relayfile:fs:read:/src/index.ts'],
|
|
@@ -27,13 +33,14 @@ test('mintAgentToken returns a valid JWT', () => {
|
|
|
27
33
|
const decoded = decodeJwt(token);
|
|
28
34
|
assert.equal(parts.length, 3);
|
|
29
35
|
assert.ok(parts.every((part) => /^[A-Za-z0-9_-]+$/u.test(part)));
|
|
30
|
-
assert.deepEqual(decoded.header, { alg: '
|
|
36
|
+
assert.deepEqual(decoded.header, { alg: 'RS256', typ: 'JWT', kid: signingKey.kid });
|
|
31
37
|
assert.equal(decoded.payload.sub, 'agent_worker');
|
|
32
38
|
});
|
|
33
39
|
test('mintAgentToken payload contains agent_name, workspace, and scopes', () => {
|
|
40
|
+
const signingKey = testSigningKey();
|
|
34
41
|
const scopes = ['relayfile:fs:read:/src/index.ts', 'relayfile:fs:write:/src/index.ts'];
|
|
35
42
|
const token = mintAgentToken({
|
|
36
|
-
|
|
43
|
+
...signingKey,
|
|
37
44
|
agentName: 'compiler',
|
|
38
45
|
workspace: 'workspace-abc',
|
|
39
46
|
scopes,
|
|
@@ -46,7 +53,7 @@ test('mintAgentToken payload contains agent_name, workspace, and scopes', () =>
|
|
|
46
53
|
});
|
|
47
54
|
test('mintAgentToken defaults expiry to 2 hours', () => {
|
|
48
55
|
const token = mintAgentToken({
|
|
49
|
-
|
|
56
|
+
...testSigningKey(),
|
|
50
57
|
agentName: 'worker',
|
|
51
58
|
workspace: 'workspace-123',
|
|
52
59
|
scopes: [],
|
|
@@ -57,7 +64,7 @@ test('mintAgentToken defaults expiry to 2 hours', () => {
|
|
|
57
64
|
});
|
|
58
65
|
test('mintAgentToken applies a custom TTL', () => {
|
|
59
66
|
const token = mintAgentToken({
|
|
60
|
-
|
|
67
|
+
...testSigningKey(),
|
|
61
68
|
agentName: 'worker',
|
|
62
69
|
workspace: 'workspace-123',
|
|
63
70
|
scopes: [],
|
|
@@ -67,7 +74,8 @@ test('mintAgentToken applies a custom TTL', () => {
|
|
|
67
74
|
assert.equal(payload.exp - payload.iat, 90);
|
|
68
75
|
});
|
|
69
76
|
test('WorkflowTokenFactory mintAdmin uses the default admin identity and scopes', () => {
|
|
70
|
-
const
|
|
77
|
+
const signingKey = testSigningKey();
|
|
78
|
+
const factory = new WorkflowTokenFactory(signingKey.privateKey, signingKey.kid, 'workspace-admin');
|
|
71
79
|
const token = factory.mintAdmin();
|
|
72
80
|
const { payload } = decodeJwt(token);
|
|
73
81
|
assert.equal(payload.agent_name, DEFAULT_ADMIN_AGENT_NAME);
|
|
@@ -75,25 +83,27 @@ test('WorkflowTokenFactory mintAdmin uses the default admin identity and scopes'
|
|
|
75
83
|
assert.deepEqual(payload.scopes, DEFAULT_ADMIN_SCOPES);
|
|
76
84
|
});
|
|
77
85
|
test('WorkflowTokenFactory getToken returns the token minted for an agent', () => {
|
|
78
|
-
const
|
|
86
|
+
const signingKey = testSigningKey();
|
|
87
|
+
const factory = new WorkflowTokenFactory(signingKey.privateKey, signingKey.kid, 'workspace-123');
|
|
79
88
|
const token = factory.mintForAgent('builder', ['relayfile:fs:read:/src/index.ts']);
|
|
80
89
|
assert.equal(factory.getToken('builder'), token);
|
|
81
90
|
});
|
|
82
91
|
test('WorkflowTokenFactory uses its configured TTL when minting agent tokens', () => {
|
|
83
|
-
const
|
|
92
|
+
const signingKey = testSigningKey();
|
|
93
|
+
const factory = new WorkflowTokenFactory(signingKey.privateKey, signingKey.kid, 'workspace-123', 45);
|
|
84
94
|
const token = factory.mintForAgent('builder', []);
|
|
85
95
|
const { payload } = decodeJwt(token);
|
|
86
96
|
assert.equal(payload.exp - payload.iat, 45);
|
|
87
97
|
});
|
|
88
98
|
test('mintAgentToken generates a unique JTI per token', () => {
|
|
89
99
|
const first = decodeJwt(mintAgentToken({
|
|
90
|
-
|
|
100
|
+
...testSigningKey(),
|
|
91
101
|
agentName: 'worker',
|
|
92
102
|
workspace: 'workspace-123',
|
|
93
103
|
scopes: [],
|
|
94
104
|
})).payload;
|
|
95
105
|
const second = decodeJwt(mintAgentToken({
|
|
96
|
-
|
|
106
|
+
...testSigningKey(),
|
|
97
107
|
agentName: 'worker',
|
|
98
108
|
workspace: 'workspace-123',
|
|
99
109
|
scopes: [],
|
|
@@ -104,7 +114,7 @@ test('mintAgentToken generates a unique JTI per token', () => {
|
|
|
104
114
|
});
|
|
105
115
|
test('mintAgentToken includes the expected audience claims', () => {
|
|
106
116
|
const token = mintAgentToken({
|
|
107
|
-
|
|
117
|
+
...testSigningKey(),
|
|
108
118
|
agentName: 'worker',
|
|
109
119
|
workspace: 'workspace-123',
|
|
110
120
|
scopes: [],
|
|
@@ -112,16 +122,18 @@ test('mintAgentToken includes the expected audience claims', () => {
|
|
|
112
122
|
const { payload } = decodeJwt(token);
|
|
113
123
|
assert.deepEqual(payload.aud, ['relayauth', 'relayfile']);
|
|
114
124
|
});
|
|
115
|
-
test('mintAgentToken signs tokens with
|
|
116
|
-
const
|
|
125
|
+
test('mintAgentToken signs tokens with RS256', () => {
|
|
126
|
+
const signingKey = testSigningKey();
|
|
117
127
|
const token = mintAgentToken({
|
|
118
|
-
|
|
128
|
+
...signingKey,
|
|
119
129
|
agentName: 'worker',
|
|
120
130
|
workspace: 'workspace-123',
|
|
121
131
|
scopes: ['relayfile:fs:read:/src/index.ts'],
|
|
122
132
|
});
|
|
123
133
|
const [header, payload, signature] = token.split('.');
|
|
124
|
-
const
|
|
125
|
-
|
|
134
|
+
const verifier = createVerify('RSA-SHA256');
|
|
135
|
+
verifier.update(`${header}.${payload}`);
|
|
136
|
+
verifier.end();
|
|
137
|
+
assert.equal(verifier.verify(createPublicKey(signingKey.privateKey), signature, 'base64url'), true);
|
|
126
138
|
});
|
|
127
139
|
//# sourceMappingURL=token-factory.test.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-factory.test.js","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token-factory.test.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"token-factory.test.js","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token-factory.test.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,kCAAkC,EAClC,oBAAoB,EACpB,cAAc,GAEf,MAAM,aAAa,CAAC;AAQrB,SAAS,aAAa,CAAI,KAAa;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;AAC3E,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACtD,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;IAClB,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;IACnB,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;IAErB,OAAO;QACL,MAAM,EAAE,aAAa,CAAY,MAAM,CAAC;QACxC,OAAO,EAAE,aAAa,CAAc,OAAO,CAAC;QAC5C,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,sBAAsB,EAAE,CAAC;IACrD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED,IAAI,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAC9C,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,UAAU;QACb,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,CAAC,iCAAiC,CAAC;KAC5C,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEjC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9B,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;IACpF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,mEAAmE,EAAE,GAAG,EAAE;IAC7E,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,MAAM,GAAG,CAAC,iCAAiC,EAAE,kCAAkC,CAAC,CAAC;IACvF,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,UAAU;QACb,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,eAAe;QAC1B,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAC3C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IACpD,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACrD,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;IAC5E,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,qCAAqC,EAAE,GAAG,EAAE;IAC/C,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;QACV,UAAU,EAAE,EAAE;KACf,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2EAA2E,EAAE,GAAG,EAAE;IACrF,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACnG,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAClC,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAC7C,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;AACzD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,qEAAqE,EAAE,GAAG,EAAE;IAC/E,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IACjG,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAEnF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,wEAAwE,EAAE,GAAG,EAAE;IAClF,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IACrG,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,iDAAiD,EAAE,GAAG,EAAE;IAC3D,MAAM,KAAK,GAAG,SAAS,CACrB,cAAc,CAAC;QACb,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CACH,CAAC,OAAO,CAAC;IACV,MAAM,MAAM,GAAG,SAAS,CACtB,cAAc,CAAC;QACb,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CACH,CAAC,OAAO,CAAC;IAEV,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,sDAAsD,EAAE,GAAG,EAAE;IAChE,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAErC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,wCAAwC,EAAE,GAAG,EAAE;IAClD,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,UAAU;QACb,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,CAAC,iCAAiC,CAAC;KAC5C,CAAC,CAAC;IAEH,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC5C,QAAQ,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC;IACxC,QAAQ,CAAC,GAAG,EAAE,CAAC;IAEf,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,SAAS,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC;AACtG,CAAC,CAAC,CAAC"}
|
|
@@ -1,13 +1,18 @@
|
|
|
1
1
|
import assert from 'node:assert/strict';
|
|
2
2
|
import test from 'node:test';
|
|
3
|
+
import { createLocalJwksKeyPair } from '../local-jwks.js';
|
|
3
4
|
import { DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS, mintAgentToken } from '../token.js';
|
|
4
5
|
function decodeJwtPayload(token) {
|
|
5
6
|
const [, payload] = token.split('.');
|
|
6
7
|
return JSON.parse(Buffer.from(payload, 'base64url').toString('utf8'));
|
|
7
8
|
}
|
|
9
|
+
function testSigningKey() {
|
|
10
|
+
const { privateKey, kid } = createLocalJwksKeyPair();
|
|
11
|
+
return { privateKey, kid };
|
|
12
|
+
}
|
|
8
13
|
test('mintAgentToken returns a valid JWT', () => {
|
|
9
14
|
const token = mintAgentToken({
|
|
10
|
-
|
|
15
|
+
...testSigningKey(),
|
|
11
16
|
agentName: 'worker',
|
|
12
17
|
workspace: 'workspace-123',
|
|
13
18
|
scopes: ['relayfile:fs:read:/src/index.ts'],
|
|
@@ -19,7 +24,7 @@ test('mintAgentToken returns a valid JWT', () => {
|
|
|
19
24
|
test('mintAgentToken payload contains agent_name, workspace, and scopes', () => {
|
|
20
25
|
const scopes = ['relayfile:fs:read:/src/index.ts', 'relayfile:fs:write:/src/index.ts'];
|
|
21
26
|
const token = mintAgentToken({
|
|
22
|
-
|
|
27
|
+
...testSigningKey(),
|
|
23
28
|
agentName: 'compiler',
|
|
24
29
|
workspace: 'workspace-abc',
|
|
25
30
|
scopes,
|
|
@@ -32,7 +37,7 @@ test('mintAgentToken payload contains agent_name, workspace, and scopes', () =>
|
|
|
32
37
|
});
|
|
33
38
|
test('mintAgentToken defaults expiry to 2 hours', () => {
|
|
34
39
|
const token = mintAgentToken({
|
|
35
|
-
|
|
40
|
+
...testSigningKey(),
|
|
36
41
|
agentName: 'worker',
|
|
37
42
|
workspace: 'workspace-123',
|
|
38
43
|
scopes: [],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.test.js","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token.test.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,kCAAkC,EAAE,cAAc,EAAoB,MAAM,aAAa,CAAC;AAEnG,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAgB,CAAC;AACvF,CAAC;AAED,IAAI,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAC9C,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,
|
|
1
|
+
{"version":3,"file":"token.test.js","sourceRoot":"","sources":["../../../src/provisioner/__tests__/token.test.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,kCAAkC,EAAE,cAAc,EAAoB,MAAM,aAAa,CAAC;AAEnG,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAgB,CAAC;AACvF,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,sBAAsB,EAAE,CAAC;IACrD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED,IAAI,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAC9C,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,CAAC,iCAAiC,CAAC;KAC5C,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9B,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,mEAAmE,EAAE,GAAG,EAAE;IAC7E,MAAM,MAAM,GAAG,CAAC,iCAAiC,EAAE,kCAAkC,CAAC,CAAC;IACvF,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,eAAe;QAC1B,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAC3C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IACpD,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACrD,MAAM,KAAK,GAAG,cAAc,CAAC;QAC3B,GAAG,cAAc,EAAE;QACnB,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;IAC5E,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/provisioner/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAKV,eAAe,EAEf,uBAAuB,EACxB,MAAM,YAAY,CAAC;AAEpB,cAAc,eAAe,CAAC;AAC9B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AA+F3B,wBAAsB,uBAAuB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,eAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/provisioner/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAKV,eAAe,EAEf,uBAAuB,EACxB,MAAM,YAAY,CAAC;AAEpB,cAAc,eAAe,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AA+F3B,wBAAsB,uBAAuB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,eAAe,CAAC,CAuNvG"}
|
|
@@ -6,6 +6,7 @@ import { ensureRelayfileMount } from './mount.js';
|
|
|
6
6
|
import { createWorkspaceIfNeeded, seedWorkspace, seedWorkflowAcls } from './seeder.js';
|
|
7
7
|
import { DEFAULT_ADMIN_AGENT_NAME, DEFAULT_ADMIN_SCOPES, mintAgentToken } from './token.js';
|
|
8
8
|
export * from './compiler.js';
|
|
9
|
+
export * from './local-jwks.js';
|
|
9
10
|
export * from './mount.js';
|
|
10
11
|
export * from './seeder.js';
|
|
11
12
|
export * from './token.js';
|
|
@@ -104,7 +105,8 @@ export async function provisionWorkflowAgents(config) {
|
|
|
104
105
|
permissions: agent.permissions,
|
|
105
106
|
});
|
|
106
107
|
const token = mintAgentToken({
|
|
107
|
-
|
|
108
|
+
privateKey: config.tokenSigningKey.privateKey,
|
|
109
|
+
kid: config.tokenSigningKey.kid,
|
|
108
110
|
agentName: agent.name,
|
|
109
111
|
workspace: config.workspace,
|
|
110
112
|
scopes: compiled.scopes,
|
|
@@ -128,7 +130,8 @@ export async function provisionWorkflowAgents(config) {
|
|
|
128
130
|
}
|
|
129
131
|
const adminScopes = [...(config.adminScopes ?? DEFAULT_ADMIN_SCOPES)];
|
|
130
132
|
const adminToken = mintAgentToken({
|
|
131
|
-
|
|
133
|
+
privateKey: config.tokenSigningKey.privateKey,
|
|
134
|
+
kid: config.tokenSigningKey.kid,
|
|
132
135
|
agentName: DEFAULT_ADMIN_AGENT_NAME,
|
|
133
136
|
workspace: config.workspace,
|
|
134
137
|
scopes: adminScopes,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/provisioner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,6BAA6B,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACvF,OAAO,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAW5F,cAAc,eAAe,CAAC;AAC9B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAQ3B,MAAM,kBAAkB,GAAG,eAAe,CAAC;AAE3C,SAAS,kBAAkB,CAAC,UAAkB;IAC5C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IAErC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACpE,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IACpF,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,aAAa,CAAC,MAA+B;IACpD,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;YACpD,IAAI;YACJ,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,YAAY;SAC/B,CAAC,CAAC,CAAC;IACN,CAAC;IAED,OAAO,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,IAAI;QACJ,WAAW,EAAE,EAAE;QACf,gBAAgB,EAAE,iBAAiB;KACpC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,YAAY,CAAC,YAAiD;IACrE,OAAO,YAAY,CAAC,MAAM,CACxB,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ;QACtD,SAAS,EAAE,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS;QACzD,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM;QAChD,YAAY,EAAE,OAAO,CAAC,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY;KACnE,CAAC,EACF;QACE,QAAQ,EAAE,CAAC;QACX,SAAS,EAAE,CAAC;QACZ,MAAM,EAAE,CAAC;QACT,YAAY,EAAE,CAAC;KAChB,CACF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,UAAkB,EAClB,IAAY,EACZ,KAAa,EACb,QAAkC,EAClC,UAAmB;IAEnB,OAAO;QACL,IAAI;QACJ,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAI,MAAM,CAAC;QACtE,KAAK;QACL,MAAM,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC5B,QAAQ;QACR,UAAU;KACX,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAO,KAAK,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAiD;IAC5E,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEtC,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC,IAAI,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,MAA+B;IAC3E,MAAM,KAAK,GAAG,IAAI,kBAAkB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,6BAA6B,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEnE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;QAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAA4D,CAAC;QACnF,MAAM,YAAY,GAAsB,EAAE,CAAC;QAC3C,MAAM,YAAY,GAA+B,EAAE,CAAC;QACpD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAoC,CAAC;QAEpE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,KAAK,CAAC,GAAG,CAAC;gBACR,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE;oBACP,MAAM,EAAE,KAAK,CAAC,gBAAgB;oBAC9B,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE;iBACtD;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,kBAAkB,CAAC;gBAClC,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,WAAW,EAAE,KAAK,CAAC,WAAW;aAC/B,CAAC,CAAC;YACH,MAAM,KAAK,GAAG,cAAc,CAAC;gBAC3B,MAAM,EAAE,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/provisioner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,6BAA6B,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACvF,OAAO,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAW5F,cAAc,eAAe,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAQ3B,MAAM,kBAAkB,GAAG,eAAe,CAAC;AAE3C,SAAS,kBAAkB,CAAC,UAAkB;IAC5C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IAErC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACpE,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IACpF,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,aAAa,CAAC,MAA+B;IACpD,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;YACpD,IAAI;YACJ,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,YAAY;SAC/B,CAAC,CAAC,CAAC;IACN,CAAC;IAED,OAAO,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,IAAI;QACJ,WAAW,EAAE,EAAE;QACf,gBAAgB,EAAE,iBAAiB;KACpC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,YAAY,CAAC,YAAiD;IACrE,OAAO,YAAY,CAAC,MAAM,CACxB,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ;QACtD,SAAS,EAAE,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS;QACzD,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM;QAChD,YAAY,EAAE,OAAO,CAAC,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY;KACnE,CAAC,EACF;QACE,QAAQ,EAAE,CAAC;QACX,SAAS,EAAE,CAAC;QACZ,MAAM,EAAE,CAAC;QACT,YAAY,EAAE,CAAC;KAChB,CACF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,UAAkB,EAClB,IAAY,EACZ,KAAa,EACb,QAAkC,EAClC,UAAmB;IAEnB,OAAO;QACL,IAAI;QACJ,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAI,MAAM,CAAC;QACtE,KAAK;QACL,MAAM,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC5B,QAAQ;QACR,UAAU;KACX,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAO,KAAK,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAiD;IAC5E,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEtC,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC,IAAI,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,MAA+B;IAC3E,MAAM,KAAK,GAAG,IAAI,kBAAkB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,6BAA6B,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEnE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;QAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAA4D,CAAC;QACnF,MAAM,YAAY,GAAsB,EAAE,CAAC;QAC3C,MAAM,YAAY,GAA+B,EAAE,CAAC;QACpD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAoC,CAAC;QAEpE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,KAAK,CAAC,GAAG,CAAC;gBACR,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE;oBACP,MAAM,EAAE,KAAK,CAAC,gBAAgB;oBAC9B,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE;iBACtD;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,kBAAkB,CAAC;gBAClC,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,WAAW,EAAE,KAAK,CAAC,WAAW;aAC/B,CAAC,CAAC;YACH,MAAM,KAAK,GAAG,cAAc,CAAC;gBAC3B,UAAU,EAAE,MAAM,CAAC,eAAe,CAAC,UAAU;gBAC7C,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;gBAC/B,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,UAAU,EAAE,MAAM,CAAC,eAAe;aACnC,CAAC,CAAC;YAEH,KAAK,CAAC,GAAG,CAAC;gBACR,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC,IAAI,MAAM,CAAC;oBACjF,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM;oBAClC,MAAM,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;oBAC5B,UAAU,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;iBAC3C;aACF,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC9B,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5B,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,oBAAoB,CAAC,CAAC,CAAC;QACtE,MAAM,UAAU,GAAG,cAAc,CAAC;YAChC,UAAU,EAAE,MAAM,CAAC,eAAe,CAAC,UAAU;YAC7C,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;YAC/B,SAAS,EAAE,wBAAwB;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,WAAW;YACnB,UAAU,EAAE,MAAM,CAAC,eAAe;SACnC,CAAC,CAAC;QAEH,KAAK,CAAC,GAAG,CAAC;YACR,SAAS,EAAE,wBAAwB;YACnC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,WAAW,CAAC,MAAM;gBAC9B,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;aAC3C;SACF,CAAC,CAAC;QAEH,IAAI,cAAc,GAAG,CAAC,CAAC;QACvB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,uBAAuB,CAAC,MAAM,CAAC,gBAAgB,EAAE,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACrF,KAAK,CAAC,GAAG,CAAC;gBACR,SAAS,EAAE,wBAAwB;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,IAAI,EAAE,WAAW;oBACjB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;iBAC1C;aACF,CAAC,CAAC;YAEH,eAAe,GAAG,MAAM,aAAa,CACnC,MAAM,CAAC,gBAAgB,EACvB,UAAU,EACV,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,WAAW,IAAI,EAAE,CACzB,CAAC;YACF,KAAK,CAAC,GAAG,CAAC;gBACR,SAAS,EAAE,wBAAwB;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,IAAI,EAAE,OAAO;oBACb,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;oBACrC,SAAS,EAAE,eAAe;iBAC3B;aACF,CAAC,CAAC;YAEH,MAAM,gBAAgB,CAAC;gBACrB,YAAY,EAAE,MAAM,CAAC,gBAAgB;gBACrC,UAAU;gBACV,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,MAAM,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;oBACzC,IAAI,EAAE,WAAW,CAAC,SAAS;oBAC3B,GAAG,EAAE,WAAW,CAAC,GAAG;iBACrB,CAAC,CAAC;aACJ,CAAC,CAAC;YACH,cAAc,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;YACnD,KAAK,CAAC,GAAG,CAAC;gBACR,SAAS,EAAE,wBAAwB;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,IAAI,EAAE,KAAK;oBACX,cAAc,EAAE,cAAc;oBAC9B,UAAU,EAAE,YAAY,CAAC,MAAM;iBAChC;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC9F,IAAI,CAAC;gBACH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACrC,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACjD,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACxB,SAAS;oBACX,CAAC;oBAED,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC;wBAC7C,UAAU,EAAE,MAAM,CAAC,eAAe;wBAClC,YAAY,EAAE,MAAM,CAAC,gBAAgB;wBACrC,SAAS,EAAE,MAAM,CAAC,SAAS;wBAC3B,KAAK;wBACL,UAAU,EAAE,IAAI,CAAC,IAAI,CACnB,SAAS,EACT,aAAa,qBAAqB,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,qBAAqB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAC5F;qBACF,CAAC,CAAC;oBAEH,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;oBACpC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CACzC,MAAM,CAAC,UAAU,EACjB,KAAK,CAAC,IAAI,EACV,KAAK,EACL,QAAQ,EACR,WAAW,CAAC,UAAU,CACvB,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;oBAC/B,IAAI,CAAC;wBACH,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;4BACrC,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;wBACrB,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,yDAAyD;oBAC3D,CAAC;gBACH,CAAC;gBACD,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,UAAU,CAAC;YACnB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACjD,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBAED,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,YAAY;YACpB,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;YAC7C,UAAU;YACV,eAAe;YACf,cAAc;YACd,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC;YACnC,MAAM;YACN,MAAM;YACN,MAAM;SACP,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACvE,OAAO,CAAC,IAAI,CAAC,uCAAuC,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { type KeyObject } from 'node:crypto';
|
|
2
|
+
export declare const RELAYAUTH_JWKS_URL_ENV = "RELAYAUTH_JWKS_URL";
|
|
3
|
+
export declare const RELAYAUTH_JWT_PRIVATE_KEY_PEM_ENV = "RELAYAUTH_JWT_PRIVATE_KEY_PEM";
|
|
4
|
+
export declare const RELAYAUTH_JWT_KID_ENV = "RELAYAUTH_JWT_KID";
|
|
5
|
+
export interface RsaPublicJwk {
|
|
6
|
+
kty: string;
|
|
7
|
+
n: string;
|
|
8
|
+
e: string;
|
|
9
|
+
}
|
|
10
|
+
export interface LocalJwksSigningKey {
|
|
11
|
+
privateKey: KeyObject;
|
|
12
|
+
kid: string;
|
|
13
|
+
}
|
|
14
|
+
export interface LocalJwksKeyPair extends LocalJwksSigningKey {
|
|
15
|
+
publicJwk: RsaPublicJwk;
|
|
16
|
+
}
|
|
17
|
+
export interface LocalJwks extends LocalJwksKeyPair {
|
|
18
|
+
jwksUrl: string;
|
|
19
|
+
shutdown: () => Promise<void>;
|
|
20
|
+
}
|
|
21
|
+
export declare function createLocalJwksKeyPair(): LocalJwksKeyPair;
|
|
22
|
+
export declare function exportPrivateKeyPem(privateKey: KeyObject): string;
|
|
23
|
+
export declare function importPrivateKeyPem(privateKeyPem: string): KeyObject;
|
|
24
|
+
export declare function createLocalJwks(): Promise<LocalJwks>;
|
|
25
|
+
//# sourceMappingURL=local-jwks.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"local-jwks.d.ts","sourceRoot":"","sources":["../../src/provisioner/local-jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,SAAS,EACf,MAAM,aAAa,CAAC;AAGrB,eAAO,MAAM,sBAAsB,uBAAuB,CAAC;AAC3D,eAAO,MAAM,iCAAiC,kCAAkC,CAAC;AACjF,eAAO,MAAM,qBAAqB,sBAAsB,CAAC;AAEzD,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,SAAS,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,gBAAiB,SAAQ,mBAAmB;IAC3D,SAAS,EAAE,YAAY,CAAC;CACzB;AAED,MAAM,WAAW,SAAU,SAAQ,gBAAgB;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/B;AAED,wBAAgB,sBAAsB,IAAI,gBAAgB,CAQzD;AAED,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,SAAS,GAAG,MAAM,CAEjE;AAED,wBAAgB,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,CAEpE;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,SAAS,CAAC,CAyC1D"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { createHash, createPrivateKey, generateKeyPairSync, } from 'node:crypto';
|
|
2
|
+
import { createServer as createHttpServer } from 'node:http';
|
|
3
|
+
export const RELAYAUTH_JWKS_URL_ENV = 'RELAYAUTH_JWKS_URL';
|
|
4
|
+
export const RELAYAUTH_JWT_PRIVATE_KEY_PEM_ENV = 'RELAYAUTH_JWT_PRIVATE_KEY_PEM';
|
|
5
|
+
export const RELAYAUTH_JWT_KID_ENV = 'RELAYAUTH_JWT_KID';
|
|
6
|
+
export function createLocalJwksKeyPair() {
|
|
7
|
+
const { privateKey, publicKey } = generateKeyPairSync('rsa', { modulusLength: 2048 });
|
|
8
|
+
const publicJwk = publicKey.export({ format: 'jwk' });
|
|
9
|
+
const kid = createHash('sha256')
|
|
10
|
+
.update(JSON.stringify({ e: publicJwk.e, kty: 'RSA', n: publicJwk.n }))
|
|
11
|
+
.digest('base64url');
|
|
12
|
+
return { privateKey, publicJwk, kid };
|
|
13
|
+
}
|
|
14
|
+
export function exportPrivateKeyPem(privateKey) {
|
|
15
|
+
return privateKey.export({ format: 'pem', type: 'pkcs8' }).toString();
|
|
16
|
+
}
|
|
17
|
+
export function importPrivateKeyPem(privateKeyPem) {
|
|
18
|
+
return createPrivateKey(privateKeyPem);
|
|
19
|
+
}
|
|
20
|
+
export async function createLocalJwks() {
|
|
21
|
+
const keyPair = createLocalJwksKeyPair();
|
|
22
|
+
const jwk = {
|
|
23
|
+
...keyPair.publicJwk,
|
|
24
|
+
kty: 'RSA',
|
|
25
|
+
alg: 'RS256',
|
|
26
|
+
use: 'sig',
|
|
27
|
+
kid: keyPair.kid,
|
|
28
|
+
};
|
|
29
|
+
const server = createHttpServer((_req, res) => {
|
|
30
|
+
res.writeHead(200, { 'content-type': 'application/json' });
|
|
31
|
+
res.end(JSON.stringify({ keys: [jwk] }));
|
|
32
|
+
});
|
|
33
|
+
await new Promise((resolve, reject) => {
|
|
34
|
+
server.once('error', reject);
|
|
35
|
+
server.listen(0, '127.0.0.1', () => {
|
|
36
|
+
server.off('error', reject);
|
|
37
|
+
resolve();
|
|
38
|
+
});
|
|
39
|
+
});
|
|
40
|
+
const address = server.address();
|
|
41
|
+
if (!address || typeof address === 'string') {
|
|
42
|
+
await closeServer(server);
|
|
43
|
+
throw new Error('local JWKS server did not bind to a TCP port');
|
|
44
|
+
}
|
|
45
|
+
server.unref();
|
|
46
|
+
let closed = false;
|
|
47
|
+
return {
|
|
48
|
+
...keyPair,
|
|
49
|
+
jwksUrl: `http://127.0.0.1:${address.port}/.well-known/jwks.json`,
|
|
50
|
+
shutdown: async () => {
|
|
51
|
+
if (closed) {
|
|
52
|
+
return;
|
|
53
|
+
}
|
|
54
|
+
closed = true;
|
|
55
|
+
await closeServer(server);
|
|
56
|
+
},
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
function closeServer(server) {
|
|
60
|
+
return new Promise((resolve, reject) => {
|
|
61
|
+
server.close((error) => {
|
|
62
|
+
if (error) {
|
|
63
|
+
reject(error);
|
|
64
|
+
return;
|
|
65
|
+
}
|
|
66
|
+
resolve();
|
|
67
|
+
});
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=local-jwks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"local-jwks.js","sourceRoot":"","sources":["../../src/provisioner/local-jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,mBAAmB,GAEpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,IAAI,gBAAgB,EAAe,MAAM,WAAW,CAAC;AAE1E,MAAM,CAAC,MAAM,sBAAsB,GAAG,oBAAoB,CAAC;AAC3D,MAAM,CAAC,MAAM,iCAAiC,GAAG,+BAA+B,CAAC;AACjF,MAAM,CAAC,MAAM,qBAAqB,GAAG,mBAAmB,CAAC;AAsBzD,MAAM,UAAU,sBAAsB;IACpC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACtF,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAiB,CAAC;IACtE,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC;SAC7B,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;SACtE,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,UAAqB;IACvD,OAAO,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,aAAqB;IACvD,OAAO,gBAAgB,CAAC,aAAa,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,OAAO,GAAG,sBAAsB,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG;QACV,GAAG,OAAO,CAAC,SAAS;QACpB,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,OAAO,CAAC,GAAG;KACjB,CAAC;IACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC5C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC5B,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;IACjC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,CAAC,KAAK,EAAE,CAAC;IACf,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,OAAO;QACL,GAAG,OAAO;QACV,OAAO,EAAE,oBAAoB,OAAO,CAAC,IAAI,wBAAwB;QACjE,QAAQ,EAAE,KAAK,IAAI,EAAE;YACnB,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;YACT,CAAC;YACD,MAAM,GAAG,IAAI,CAAC;YACd,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACrB,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { type KeyObject } from 'node:crypto';
|
|
1
2
|
export declare const DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS: number;
|
|
2
3
|
export declare const DEFAULT_ADMIN_AGENT_NAME = "relay-admin";
|
|
3
4
|
export declare const DEFAULT_ADMIN_SCOPES: string[];
|
|
@@ -18,7 +19,8 @@ export interface TokenClaims {
|
|
|
18
19
|
jti: string;
|
|
19
20
|
}
|
|
20
21
|
export interface MintAgentTokenOptions {
|
|
21
|
-
|
|
22
|
+
privateKey: KeyObject;
|
|
23
|
+
kid: string;
|
|
22
24
|
agentName: string;
|
|
23
25
|
workspace: string;
|
|
24
26
|
scopes: string[];
|
|
@@ -26,11 +28,12 @@ export interface MintAgentTokenOptions {
|
|
|
26
28
|
}
|
|
27
29
|
export declare function mintAgentToken(opts: MintAgentTokenOptions): string;
|
|
28
30
|
export declare class WorkflowTokenFactory {
|
|
29
|
-
private readonly
|
|
31
|
+
private readonly privateKey;
|
|
32
|
+
private readonly kid;
|
|
30
33
|
private readonly workspace;
|
|
31
34
|
private readonly tokens;
|
|
32
35
|
private readonly ttlSeconds;
|
|
33
|
-
constructor(
|
|
36
|
+
constructor(privateKey: KeyObject, kid: string, workspace: string, ttlSeconds?: number);
|
|
34
37
|
mintForAgent(agentName: string, scopes: string[], ttlSeconds?: number): string;
|
|
35
38
|
mintAdmin(ttlSeconds?: number): string;
|
|
36
39
|
getToken(agentName: string): string | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/provisioner/token.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/provisioner/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkC,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7E,eAAO,MAAM,kCAAkC,QAAc,CAAC;AAC9D,eAAO,MAAM,wBAAwB,gBAAgB,CAAC;AACtD,eAAO,MAAM,oBAAoB,UAShC,CAAC;AAEF,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,SAAS,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAcD,wBAAgB,cAAc,CAAC,IAAI,EAAE,qBAAqB,GAAG,MAAM,CAwBlE;AAED,qBAAa,oBAAoB;IAK7B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,GAAG;IACpB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAN5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA6B;IACpD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAGjB,UAAU,EAAE,SAAS,EACrB,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,EAClC,UAAU,SAAqC;IAKjD,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,UAAU,SAAkB,GAAG,MAAM;IAcvF,SAAS,CAAC,UAAU,SAAkB,GAAG,MAAM;IAI/C,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;CAGhD"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { randomUUID, sign as cryptoSign } from 'node:crypto';
|
|
2
2
|
export const DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS = 2 * 60 * 60;
|
|
3
3
|
export const DEFAULT_ADMIN_AGENT_NAME = 'relay-admin';
|
|
4
4
|
export const DEFAULT_ADMIN_SCOPES = [
|
|
@@ -11,7 +11,6 @@ export const DEFAULT_ADMIN_SCOPES = [
|
|
|
11
11
|
'ops:read',
|
|
12
12
|
'admin:read',
|
|
13
13
|
];
|
|
14
|
-
const JWT_HEADER = { alg: 'HS256', typ: 'JWT' };
|
|
15
14
|
function base64urlEncode(value) {
|
|
16
15
|
return Buffer.from(JSON.stringify(value)).toString('base64url');
|
|
17
16
|
}
|
|
@@ -23,6 +22,7 @@ function normalizeTtlSeconds(ttlSeconds) {
|
|
|
23
22
|
}
|
|
24
23
|
export function mintAgentToken(opts) {
|
|
25
24
|
const now = Math.floor(Date.now() / 1000);
|
|
25
|
+
const header = { alg: 'RS256', typ: 'JWT', kid: opts.kid };
|
|
26
26
|
const payload = {
|
|
27
27
|
sub: `agent_${opts.agentName}`,
|
|
28
28
|
org: 'org_relay',
|
|
@@ -39,23 +39,26 @@ export function mintAgentToken(opts) {
|
|
|
39
39
|
exp: now + normalizeTtlSeconds(opts.ttlSeconds),
|
|
40
40
|
jti: `tok-${now}-${randomUUID()}`,
|
|
41
41
|
};
|
|
42
|
-
const unsigned = `${base64urlEncode(
|
|
43
|
-
const signature =
|
|
42
|
+
const unsigned = `${base64urlEncode(header)}.${base64urlEncode(payload)}`;
|
|
43
|
+
const signature = cryptoSign('RSA-SHA256', Buffer.from(unsigned), opts.privateKey).toString('base64url');
|
|
44
44
|
return `${unsigned}.${signature}`;
|
|
45
45
|
}
|
|
46
46
|
export class WorkflowTokenFactory {
|
|
47
|
-
|
|
47
|
+
privateKey;
|
|
48
|
+
kid;
|
|
48
49
|
workspace;
|
|
49
50
|
tokens = new Map();
|
|
50
51
|
ttlSeconds;
|
|
51
|
-
constructor(
|
|
52
|
-
this.
|
|
52
|
+
constructor(privateKey, kid, workspace, ttlSeconds = DEFAULT_WORKFLOW_TOKEN_TTL_SECONDS) {
|
|
53
|
+
this.privateKey = privateKey;
|
|
54
|
+
this.kid = kid;
|
|
53
55
|
this.workspace = workspace;
|
|
54
56
|
this.ttlSeconds = normalizeTtlSeconds(ttlSeconds);
|
|
55
57
|
}
|
|
56
58
|
mintForAgent(agentName, scopes, ttlSeconds = this.ttlSeconds) {
|
|
57
59
|
const token = mintAgentToken({
|
|
58
|
-
|
|
60
|
+
privateKey: this.privateKey,
|
|
61
|
+
kid: this.kid,
|
|
59
62
|
workspace: this.workspace,
|
|
60
63
|
agentName,
|
|
61
64
|
scopes,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/provisioner/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/provisioner/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,IAAI,IAAI,UAAU,EAAkB,MAAM,aAAa,CAAC;AAE7E,MAAM,CAAC,MAAM,kCAAkC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;AAC9D,MAAM,CAAC,MAAM,wBAAwB,GAAG,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,sBAAsB;IACtB,oBAAoB;IACpB,iBAAiB;IACjB,SAAS;IACT,UAAU;IACV,cAAc;IACd,UAAU;IACV,YAAY;CACb,CAAC;AA4BF,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAmB;IAC9C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,kCAAkC,CAAC;IAC5C,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAA2B;IACxD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAW,CAAC;IACpE,MAAM,OAAO,GAAgB;QAC3B,GAAG,EAAE,SAAS,IAAI,CAAC,SAAS,EAAE;QAC9B,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,IAAI,CAAC,SAAS;QACnB,YAAY,EAAE,IAAI,CAAC,SAAS;QAC5B,UAAU,EAAE,IAAI,CAAC,SAAS;QAC1B,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACxB,SAAS,EAAE,aAAa;QACxB,YAAY,EAAE,CAAC,aAAa,CAAC;QAC7B,UAAU,EAAE,QAAQ;QACpB,GAAG,EAAE,iBAAiB;QACtB,GAAG,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;QAC/B,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC;QAC/C,GAAG,EAAE,OAAO,GAAG,IAAI,UAAU,EAAE,EAAE;KAClC,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IAC1E,MAAM,SAAS,GAAG,UAAU,CAAC,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAEzG,OAAO,GAAG,QAAQ,IAAI,SAAS,EAAE,CAAC;AACpC,CAAC;AAED,MAAM,OAAO,oBAAoB;IAKZ;IACA;IACA;IANF,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACnC,UAAU,CAAS;IAEpC,YACmB,UAAqB,EACrB,GAAW,EACX,SAAiB,EAClC,UAAU,GAAG,kCAAkC;QAH9B,eAAU,GAAV,UAAU,CAAW;QACrB,QAAG,GAAH,GAAG,CAAQ;QACX,cAAS,GAAT,SAAS,CAAQ;QAGlC,IAAI,CAAC,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IAED,YAAY,CAAC,SAAiB,EAAE,MAAgB,EAAE,UAAU,GAAG,IAAI,CAAC,UAAU;QAC5E,MAAM,KAAK,GAAG,cAAc,CAAC;YAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS;YACT,MAAM;YACN,UAAU;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU;QACpC,OAAO,IAAI,CAAC,YAAY,CAAC,wBAAwB,EAAE,oBAAoB,EAAE,UAAU,CAAC,CAAC;IACvF,CAAC;IAED,QAAQ,CAAC,SAAiB;QACxB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;CACF"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import type { AccessPreset, AgentPermissions, CompiledAgentPermissions, FilePermissions, PermissionSource } from '../workflows/types.js';
|
|
2
|
+
import type { LocalJwksSigningKey } from './local-jwks.js';
|
|
2
3
|
import type { MountHandle } from './mount.js';
|
|
3
4
|
/** Configuration for provisioning workflow agents. */
|
|
4
5
|
export interface WorkflowProvisionConfig {
|
|
5
|
-
/**
|
|
6
|
-
|
|
6
|
+
/** RS256 signing key used to mint JWT tokens. */
|
|
7
|
+
tokenSigningKey: LocalJwksSigningKey;
|
|
7
8
|
/** Workspace identifier (e.g. 'my-project'). */
|
|
8
9
|
workspace: string;
|
|
9
10
|
/** Absolute path to the project directory. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/provisioner/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,EACf,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAI9C,sDAAsD;AACtD,MAAM,WAAW,uBAAuB;IACtC,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/provisioner/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,wBAAwB,EACxB,eAAe,EACf,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAI9C,sDAAsD;AACtD,MAAM,WAAW,uBAAuB;IACtC,iDAAiD;IACjD,eAAe,EAAE,mBAAmB,CAAC;IAErC,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,UAAU,EAAE,MAAM,CAAC;IAEnB,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAE1C,yDAAyD;IACzD,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,kFAAkF;IAClF,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,0DAA0D;IAC1D,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB,2EAA2E;IAC3E,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAID,2EAA2E;AAC3E,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,8DAA8D;AAC9D,MAAM,WAAW,mBAAmB;IAClC,kBAAkB;IAClB,SAAS,EAAE,MAAM,CAAC;IAElB,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB,iEAAiE;IACjE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAE9B,4CAA4C;IAC5C,OAAO,EAAE,gBAAgB,CAAC;CAC3B;AAED,+CAA+C;AAC/C,MAAM,WAAW,oBAAoB;IACnC,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IAEb,wEAAwE;IACxE,SAAS,EAAE,MAAM,CAAC;IAElB,0BAA0B;IAC1B,KAAK,EAAE,MAAM,CAAC;IAEd,mCAAmC;IACnC,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB,8DAA8D;IAC9D,QAAQ,EAAE,wBAAwB,CAAC;IAEnC,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,gDAAgD;AAChD,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAEnD,uDAAuD;AACvD,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;AAErE,qDAAqD;AACrD,MAAM,WAAW,eAAe;IAC9B,8CAA8C;IAC9C,MAAM,EAAE,iBAAiB,CAAC;IAE1B,6DAA6D;IAC7D,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,sDAAsD;IACtD,UAAU,EAAE,MAAM,CAAC;IAEnB,yDAAyD;IACzD,eAAe,EAAE,MAAM,CAAC;IAExB,4CAA4C;IAC5C,cAAc,EAAE,MAAM,CAAC;IAEvB,2CAA2C;IAC3C,OAAO,EAAE,gBAAgB,CAAC;IAE1B,2CAA2C;IAC3C,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAEjC,oCAAoC;IACpC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE5B,uCAAuC;IACvC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CAC/B;AAID,2DAA2D;AAC3D,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,gBAAgB,CAAC;CAC/B;AAID,kCAAkC;AAClC,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CACpC;AAED,0CAA0C;AAC1C,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,mEAAmE;AACnE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,GAAG,WAAW,GAAG,QAAQ,CAAC,CAAC;CACtE;AAGD,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,eAAe,EAAE,gBAAgB,EAAE,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sibling-links.test.d.ts","sourceRoot":"","sources":["../../../src/workflows/__tests__/sibling-links.test.ts"],"names":[],"mappings":""}
|