aws-runtime-bridge 1.0.1 → 1.0.2

package/dist/services/runtime-binding.js

@@ -0,0 +1,131 @@
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { getRuntimeHomeDir } from "../config.js";
+import { createLogger } from "../utils/logger.js";
+const log = createLogger("runtime-binding");
+const TOKEN_HASH_ALGORITHM = "sha256";
+const pairingCode = generatePairingCode();
+function generatePairingCode() {
+    const value = crypto.randomInt(0, 1_000_000);
+    return String(value)
+        .padStart(6, "0")
+        .replace(/(\d{3})(\d{3})/, "$1-$2");
+}
+function bindingDir() {
+    return path.join(getRuntimeHomeDir(), ".agentswork", "runtime-bridge");
+}
+function bindingFile() {
+    return path.join(bindingDir(), "binding.json");
+}
+function hashToken(token) {
+    return crypto
+        .createHash(TOKEN_HASH_ALGORITHM)
+        .update(token, "utf8")
+        .digest("hex");
+}
+function safeEqual(a, b) {
+    const left = Buffer.from(a, "hex");
+    const right = Buffer.from(b, "hex");
+    if (left.length !== right.length) {
+        return false;
+    }
+    return crypto.timingSafeEqual(left, right);
+}
+function normalizeToken(token) {
+    return String(token || "").trim();
+}
+export function getRuntimePairingCode() {
+    return pairingCode;
+}
+export function getRuntimeBindingFilePath() {
+    return bindingFile();
+}
+export function loadRuntimeBinding() {
+    try {
+        const raw = fs.readFileSync(bindingFile(), "utf8");
+        const parsed = JSON.parse(raw);
+        if (parsed?.status === "paired" && parsed.tokenHash) {
+            return parsed;
+        }
+    }
+    catch {
+        // Missing or invalid binding file means the bridge is unpaired.
+    }
+    return { status: "unpaired" };
+}
+export function getRuntimeBindingPublicState() {
+    const state = loadRuntimeBinding();
+    const { tokenHash: _tokenHash, accessToken: _accessToken, ...publicState } = state;
+    return {
+        ...publicState,
+        paired: state.status === "paired",
+    };
+}
+export function hasRuntimeBinding() {
+    const state = loadRuntimeBinding();
+    return state.status === "paired" && Boolean(state.tokenHash);
+}
+export function validateRuntimeBindingToken(token) {
+    const candidate = normalizeToken(token);
+    if (!candidate) {
+        return false;
+    }
+    const state = loadRuntimeBinding();
+    if (state.status !== "paired" || !state.tokenHash) {
+        return false;
+    }
+    return safeEqual(hashToken(candidate), state.tokenHash);
+}
+export function getRuntimeAccessToken() {
+    const state = loadRuntimeBinding();
+    if (state.status !== "paired") {
+        return undefined;
+    }
+    return normalizeToken(state.accessToken) || undefined;
+}
+export function validateRuntimePairingCode(code) {
+    return String(code || "").trim() === pairingCode;
+}
+export function saveRuntimeBinding(input) {
+    const accessToken = normalizeToken(input.accessToken);
+    if (accessToken.length < 16) {
+        throw new Error("accessToken must be at least 16 characters");
+    }
+    const previous = loadRuntimeBinding();
+    const now = new Date().toISOString();
+    const next = {
+        status: "paired",
+        instanceId: input.instanceId
+            ? String(input.instanceId)
+            : previous.instanceId,
+        schedulerBaseUrl: input.schedulerBaseUrl
+            ? String(input.schedulerBaseUrl)
+            : previous.schedulerBaseUrl,
+        accessToken,
+        tokenHash: hashToken(accessToken),
+        createdAt: previous.createdAt || now,
+        updatedAt: now,
+    };
+    fs.mkdirSync(bindingDir(), { recursive: true });
+    fs.writeFileSync(bindingFile(), `${JSON.stringify(next, null, 2)}\n`, {
+        encoding: "utf8",
+        mode: 0o600,
+    });
+    log.info(`[runtime-bridge] runtime binding saved: ${bindingFile()}`);
+    return next;
+}
+export function clearRuntimeBinding() {
+    const current = loadRuntimeBinding();
+    const revokedState = {
+        ...current,
+        status: "unpaired",
+        accessToken: undefined,
+        tokenHash: undefined,
+        revokedAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+    };
+    fs.mkdirSync(bindingDir(), { recursive: true });
+    fs.writeFileSync(bindingFile(), `${JSON.stringify(revokedState, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
+    log.info("[runtime-bridge] runtime binding cleared");
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aws-runtime-bridge",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "AgentsWorkStudio runtime bridge service for machine-level agent runtime integration",
   "type": "module",
   "main": "dist/index.js",