npm - create-workframe - Versions diffs - 0.1.0 - Mend

create-workframe 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (415) hide show

package/workframe-api/internal_proxy_auth.py ADDED Viewed

@@ -0,0 +1,150 @@
+"""Shared auth for /internal/llm and /internal/action — network + optional proxy token."""
+from __future__ import annotations
+import hmac
+import ipaddress
+import os
+import secrets
+from http.server import BaseHTTPRequestHandler
+from pathlib import Path
+PROXY_TOKEN_ENV = "WORKFRAME_PROXY_TOKEN"
+PROXY_TOKEN_HEADER = "X-Workframe-Proxy-Token"
+PROFILE_HEADER = "X-Workframe-Profile"
+PROXY_TOKEN_FILE = ".proxy_token"
+SHARED_PROXY_TOKEN_PATH = Path("/run/workframe-proxy/token")
+_TOKEN: str | None = None
+_TOKEN_PATH: Path | None = None
+def _data_dir() -> Path:
+    return Path(
+        os.environ.get("WORKFRAME_API_DATA_DIR")
+        or os.environ.get("MISSION_DATA_DIR")
+        or Path(__file__).resolve().parent / "data"
+    )
+def _deployment_mode() -> str:
+    return (os.environ.get("WORKFRAME_DEPLOYMENT_MODE") or "trusted_team").strip().lower()
+def proxy_token_configured() -> bool:
+    return bool(_loaded_proxy_token())
+def _loaded_proxy_token() -> str:
+    global _TOKEN, _TOKEN_PATH
+    if _TOKEN is not None:
+        return _TOKEN
+    env = str(os.environ.get(PROXY_TOKEN_ENV) or "").strip()
+    if env:
+        _TOKEN = env
+        return _TOKEN
+    path = _data_dir() / PROXY_TOKEN_FILE
+    _TOKEN_PATH = path
+    if path.is_file():
+        _TOKEN = path.read_text(encoding="utf-8").strip()
+        return _TOKEN
+    _TOKEN = ""
+    return ""
+def _sync_shared_proxy_token(token: str) -> None:
+    value = str(token or "").strip()
+    if not value:
+        return
+    try:
+        SHARED_PROXY_TOKEN_PATH.parent.mkdir(parents=True, exist_ok=True)
+        SHARED_PROXY_TOKEN_PATH.write_text(value + "\n", encoding="utf-8")
+    except OSError:
+        pass
+def bootstrap_proxy_token(*, allow_generate_file: bool = True) -> str:
+    """Load proxy token from env or data dir; optionally create file for local dogfood."""
+    global _TOKEN
+    existing = str(os.environ.get(PROXY_TOKEN_ENV) or "").strip()
+    if existing:
+        _TOKEN = existing
+        _sync_shared_proxy_token(existing)
+        return existing
+    path = _data_dir() / PROXY_TOKEN_FILE
+    if path.is_file():
+        _TOKEN = path.read_text(encoding="utf-8").strip()
+        _sync_shared_proxy_token(_TOKEN)
+        return _TOKEN
+    if not allow_generate_file or _deployment_mode() == "public_multi_user":
+        _TOKEN = ""
+        return ""
+    token = secrets.token_urlsafe(32)
+    path.parent.mkdir(parents=True, exist_ok=True)
+    path.write_text(token + "\n", encoding="utf-8")
+    # ponytail: gateway reads same token from shared compose volume when env unset
+    try:
+        SHARED_PROXY_TOKEN_PATH.parent.mkdir(parents=True, exist_ok=True)
+        SHARED_PROXY_TOKEN_PATH.write_text(token + "\n", encoding="utf-8")
+    except OSError:
+        pass
+    _TOKEN = token
+    return token
+def reset_proxy_token_for_tests() -> None:
+    global _TOKEN, _TOKEN_PATH
+    _TOKEN = None
+    _TOKEN_PATH = None
+def _client_ip(handler: BaseHTTPRequestHandler) -> str:
+    return str(handler.client_address[0] if handler.client_address else "").strip()
+def is_internal_client(host: str) -> bool:
+    """Private/docker callers only — not routable public addresses."""
+    addr = str(host or "").strip()
+    if not addr:
+        return False
+    if addr in {"127.0.0.1", "::1", "localhost"}:
+        return True
+    try:
+        ip = ipaddress.ip_address(addr.split("%", 1)[0])
+    except ValueError:
+        return False
+    return ip.is_private or ip.is_loopback
+def _header_token(handler: BaseHTTPRequestHandler) -> str:
+    return str(handler.headers.get(PROXY_TOKEN_HEADER) or "").strip()
+def authorize_internal_proxy(handler: BaseHTTPRequestHandler) -> tuple[bool, str]:
+    """Return (ok, error_code)."""
+    if not is_internal_client(_client_ip(handler)):
+        return False, "internal only"
+    expected = _loaded_proxy_token()
+    if not expected:
+        return True, ""
+    got = _header_token(handler)
+    if not got or not hmac.compare_digest(got, expected):
+        return False, "proxy token required"
+    return True, ""
+if __name__ == "__main__":
+    reset_proxy_token_for_tests()
+    os.environ[PROXY_TOKEN_ENV] = "test-proxy-token"
+    assert proxy_token_configured()
+    class _H:
+        client_address = ("172.19.0.2", 1234)
+        headers = {PROXY_TOKEN_HEADER: "test-proxy-token"}
+    ok, err = authorize_internal_proxy(_H())  # type: ignore[arg-type]
+    assert ok and not err
+    _H.headers = {}
+    ok, err = authorize_internal_proxy(_H())  # type: ignore[arg-type]
+    assert not ok and err == "proxy token required"
+    print("internal_proxy_auth ok")

package/workframe-api/llm_proxy.py ADDED Viewed

@@ -0,0 +1,277 @@
+"""Internal LLM proxy — Hermes sends lease tokens; API vault supplies upstream keys."""
+from __future__ import annotations
+import json
+import os
+import re
+import socket
+import ssl
+import urllib.error
+import urllib.request
+from typing import Any, Callable
+from http.server import BaseHTTPRequestHandler
+import internal_proxy_auth
+import turn_credentials
+LEASE_PREFIX = turn_credentials.LEASE_PREFIX
+UPSTREAM_BASE: dict[str, str] = {
+    "openrouter": "https://openrouter.ai/api/v1",
+    "openai": "https://api.openai.com/v1",
+    "anthropic": "https://api.anthropic.com",
+    "google": "https://generativelanguage.googleapis.com/v1beta",
+    "deepseek": "https://api.deepseek.com/v1",
+}
+PROXY_PATH_RE = re.compile(r"^/internal/llm/([a-z0-9_-]+)(/.*)?$", re.IGNORECASE)
+def normalize_upstream_path(base: str, subpath: str) -> str:
+    """Drop a leading /v1 when upstream base already ends with /v1.
+    Hermes uses model.base_url …/internal/llm/openrouter/v1; the OpenAI client
+    then requests …/v1/chat/completions, which we forward as subpath /v1/….
+    """
+    path = subpath if str(subpath or "").startswith("/") else f"/{subpath or ''}"
+    base_norm = str(base or "").rstrip("/")
+    if path == "/v1":
+        return ""
+    if path.startswith("/v1/") and base_norm.endswith("/v1"):
+        return path[3:]
+    return path
+def is_internal_client(host: str) -> bool:
+    """Allow docker/private callers only — not public browser origins."""
+    return internal_proxy_auth.is_internal_client(host)
+def authorize_internal_proxy(handler: BaseHTTPRequestHandler) -> tuple[bool, str]:
+    return internal_proxy_auth.authorize_internal_proxy(handler)
+def extract_profile_slug(headers: dict[str, str]) -> str:
+    return str(
+        headers.get(internal_proxy_auth.PROFILE_HEADER)
+        or headers.get("x-workframe-profile")
+        or ""
+    ).strip()
+def validate_lease_profile(
+    lease: dict[str, Any],
+    headers: dict[str, str],
+) -> tuple[bool, str, int]:
+    """Bind bearer lease to calling Hermes profile (0022 N2 / 0023 C1)."""
+    want = str(lease.get("profile_slug") or "").strip()
+    if not want:
+        return True, "", 0
+    got = extract_profile_slug(headers)
+    if not got:
+        return False, "profile header required", 403
+    if got != want:
+        return False, "profile mismatch", 403
+    return True, "", 0
+def extract_bearer(headers: dict[str, str]) -> str:
+    auth = str(headers.get("Authorization") or headers.get("authorization") or "").strip()
+    if auth.lower().startswith("bearer "):
+        return auth[7:].strip()
+    api_key = str(headers.get("X-Api-Key") or headers.get("x-api-key") or "").strip()
+    if api_key:
+        return api_key
+    return ""
+def upstream_auth_header(provider: str, secret: str) -> dict[str, str]:
+    provider = str(provider or "").strip().lower()
+    secret = str(secret or "").strip()
+    if provider == "anthropic":
+        return {"x-api-key": secret, "anthropic-version": "2023-06-01"}
+    if provider == "google":
+        return {"x-goog-api-key": secret}
+    return {"Authorization": f"Bearer {secret}"}
+def _error_response(status: int, error: str) -> tuple[int, dict[str, str], bytes]:
+    return status, {"Content-Type": "application/json"}, json.dumps({"error": error}).encode()
+def _build_upstream_request(
+    provider: str,
+    subpath: str,
+    method: str,
+    headers: dict[str, str],
+    body: bytes | None,
+    *,
+    resolve_secret: Callable[[str, str, str, str], tuple[str, str]],
+) -> tuple[urllib.request.Request | None, tuple[int, dict[str, str], bytes] | None]:
+    provider = str(provider or "").strip().lower()
+    base = UPSTREAM_BASE.get(provider)
+    if not base:
+        return None, _error_response(404, "unknown provider")
+    token = extract_bearer(headers)
+    lease = turn_credentials.validate_lease(token)
+    if not lease:
+        return None, _error_response(401, "invalid lease")
+    if str(lease.get("provider") or "").lower() != provider:
+        return None, _error_response(403, "provider mismatch")
+    ok_profile, profile_err, profile_status = validate_lease_profile(lease, headers)
+    if not ok_profile:
+        return None, _error_response(profile_status, profile_err)
+    _env_var, secret = turn_credentials.resolve_lease_secret(lease, resolve_secret)
+    if not secret:
+        return None, _error_response(402, "no credential")
+    path = normalize_upstream_path(base, subpath)
+    url = f"{base.rstrip('/')}{path}"
+    upstream_headers = {
+        k: v
+        for k, v in headers.items()
+        if k.lower() not in {
+            "host",
+            "connection",
+            "content-length",
+            "authorization",
+            "x-api-key",
+            "x-goog-api-key",
+        }
+    }
+    upstream_headers.update(upstream_auth_header(provider, secret))
+    req = urllib.request.Request(url, data=body, headers=upstream_headers, method=method.upper())
+    return req, None
+def forward_request(
+    provider: str,
+    subpath: str,
+    method: str,
+    headers: dict[str, str],
+    body: bytes | None,
+    *,
+    resolve_secret: Callable[[str, str, str, str], tuple[str, str]],
+) -> tuple[int, dict[str, str], bytes]:
+    req, error = _build_upstream_request(
+        provider,
+        subpath,
+        method,
+        headers,
+        body,
+        resolve_secret=resolve_secret,
+    )
+    if error:
+        return error
+    assert req is not None
+    try:
+        with urllib.request.urlopen(req, timeout=600) as resp:
+            resp_body = resp.read()
+            out_headers = {"Content-Type": resp.headers.get("Content-Type", "application/octet-stream")}
+            return resp.status, out_headers, resp_body
+    except urllib.error.HTTPError as exc:
+        raw = exc.read()
+        out_headers = {"Content-Type": exc.headers.get("Content-Type", "application/json")}
+        return exc.code, out_headers, raw
+def stream_request_to_handler(
+    handler: BaseHTTPRequestHandler,
+    provider: str,
+    subpath: str,
+    method: str,
+    headers: dict[str, str],
+    body: bytes | None,
+    *,
+    resolve_secret: Callable[[str, str, str, str], tuple[str, str]],
+) -> None:
+    req, error = _build_upstream_request(
+        provider,
+        subpath,
+        method,
+        headers,
+        body,
+        resolve_secret=resolve_secret,
+    )
+    if error:
+        status, out_headers, resp_body = error
+        handler.send_response(status)
+        for key, value in out_headers.items():
+            handler.send_header(key, value)
+        handler.end_headers()
+        handler.wfile.write(resp_body)
+        return
+    assert req is not None
+    try:
+        with urllib.request.urlopen(req, timeout=600) as resp:
+            content_type = resp.headers.get("Content-Type", "application/octet-stream")
+            handler.send_response(resp.status)
+            handler.send_header("Content-Type", content_type)
+            handler.end_headers()
+            if "text/event-stream" in content_type.lower():
+                while True:
+                    line = resp.readline()
+                    if not line:
+                        break
+                    handler.wfile.write(line)
+                    handler.wfile.flush()
+            else:
+                while True:
+                    chunk = resp.read(8192)
+                    if not chunk:
+                        break
+                    handler.wfile.write(chunk)
+                    handler.wfile.flush()
+    except urllib.error.HTTPError as exc:
+        raw = exc.read()
+        handler.send_response(exc.code)
+        handler.send_header("Content-Type", exc.headers.get("Content-Type", "application/json"))
+        handler.end_headers()
+        handler.wfile.write(raw)
+    except urllib.error.URLError as exc:
+        handler.send_response(502)
+        handler.send_header("Content-Type", "application/json")
+        handler.end_headers()
+        handler.wfile.write(json.dumps({"error": f"upstream unavailable: {exc}"}).encode())
+def handle_proxy_request(
+    handler: BaseHTTPRequestHandler,
+    path: str,
+    method: str,
+    body: bytes | None,
+    *,
+    resolve_secret: Callable[[str, str, str, str], tuple[str, str]],
+) -> bool:
+    """Return True if handled."""
+    ok, err = authorize_internal_proxy(handler)
+    if not ok:
+        handler.send_response(403)
+        handler.send_header("Content-Type", "application/json")
+        handler.end_headers()
+        handler.wfile.write(json.dumps({"error": err}).encode())
+        return True
+    match = PROXY_PATH_RE.match(path)
+    if not match:
+        return False
+    provider = match.group(1).lower()
+    subpath = match.group(2) or "/"
+    headers = {k: v for k, v in handler.headers.items()}
+    stream_request_to_handler(
+        handler,
+        provider,
+        subpath,
+        method,
+        headers,
+        body,
+        resolve_secret=resolve_secret,
+    )
+    return True

package/workframe-api/oidc_jwt.py ADDED Viewed

@@ -0,0 +1,108 @@
+"""Minimal OIDC id_token verification (RS256 + JWKS) — no extra dependencies."""
+from __future__ import annotations
+import base64
+import json
+import time
+import urllib.error
+import urllib.request
+from typing import Any
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
+_JWKS_CACHE: dict[str, tuple[float, dict[str, Any]]] = {}
+_JWKS_TTL = 3600.0
+def _b64url_decode(raw: str) -> bytes:
+    padded = raw + "=" * (-len(raw) % 4)
+    return base64.urlsafe_b64decode(padded.encode("ascii"))
+def _jwk_to_rsa(key: dict[str, Any]) -> RSAPublicKey:
+    n = int.from_bytes(_b64url_decode(str(key["n"])), "big")
+    e = int.from_bytes(_b64url_decode(str(key["e"])), "big")
+    return rsa.RSAPublicNumbers(e, n).public_key()
+def _fetch_jwks(jwks_url: str) -> dict[str, Any]:
+    now = time.time()
+    cached = _JWKS_CACHE.get(jwks_url)
+    if cached and cached[0] > now:
+        return cached[1]
+    req = urllib.request.Request(jwks_url, headers={"Accept": "application/json"})
+    with urllib.request.urlopen(req, timeout=15) as resp:
+        payload = json.loads(resp.read().decode("utf-8"))
+    if not isinstance(payload, dict):
+        raise ValueError("invalid jwks")
+    _JWKS_CACHE[jwks_url] = (now + _JWKS_TTL, payload)
+    return payload
+def verify_rs256_id_token(
+    token: str,
+    *,
+    audience: str,
+    issuer: str | tuple[str, ...] = (),
+    jwks_url: str,
+    clock_skew: int = 60,
+) -> dict[str, Any]:
+    parts = str(token or "").split(".")
+    if len(parts) != 3:
+        raise ValueError("invalid id_token")
+    header = json.loads(_b64url_decode(parts[0]))
+    payload = json.loads(_b64url_decode(parts[1]))
+    if str(header.get("alg") or "") != "RS256":
+        raise ValueError("unsupported jwt alg")
+    kid = str(header.get("kid") or "")
+    jwks = _fetch_jwks(jwks_url)
+    keys = jwks.get("keys") if isinstance(jwks.get("keys"), list) else []
+    pub: RSAPublicKey | None = None
+    for entry in keys:
+        if not isinstance(entry, dict):
+            continue
+        if kid and str(entry.get("kid") or "") != kid:
+            continue
+        if str(entry.get("kty") or "") != "RSA":
+            continue
+        pub = _jwk_to_rsa(entry)
+        break
+    if pub is None:
+        raise ValueError("jwks key not found")
+    signing_input = f"{parts[0]}.{parts[1]}".encode("ascii")
+    signature = _b64url_decode(parts[2])
+    pub.verify(signature, signing_input, padding.PKCS1v15(), hashes.SHA256())
+    now = int(time.time())
+    exp = int(payload.get("exp") or 0)
+    if exp and now > exp + clock_skew:
+        raise ValueError("id_token expired")
+    iat = int(payload.get("iat") or 0)
+    if iat and now + clock_skew < iat:
+        raise ValueError("id_token not yet valid")
+    iss = str(payload.get("iss") or "")
+    allowed_iss = issuer or ()
+    if allowed_iss and iss not in allowed_iss:
+        raise ValueError("issuer mismatch")
+    aud = payload.get("aud")
+    aud_ok = audience in (aud if isinstance(aud, list) else [aud])
+    if not aud_ok:
+        raise ValueError("audience mismatch")
+    if not isinstance(payload, dict):
+        raise ValueError("invalid claims")
+    return payload
+def verify_google_id_token(token: str, client_id: str) -> dict[str, Any]:
+    return verify_rs256_id_token(
+        token,
+        audience=str(client_id or "").strip(),
+        issuer=("https://accounts.google.com", "accounts.google.com"),
+        jwks_url="https://www.googleapis.com/oauth2/v3/certs",
+    )

package/workframe-api/package.json ADDED Viewed

@@ -0,0 +1,13 @@
+{
+  "name": "@workframe/workframe-api",
+  "version": "0.1.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "python3 server.py",
+    "start": "python3 server.py",
+    "test": "python3 -m unittest discover -s tests",
+    "typecheck": "python3 -m py_compile server.py zk_auth.py email_sender.py",
+    "build": "python3 -m py_compile server.py zk_auth.py email_sender.py"
+  }
+}