devframe 0.5.4 → 0.6.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{_shared-CUFqO4kJ.mjs → _shared-bWRzeSa0.mjs} +2 -3
- package/dist/adapters/build.d.mts +1 -1
- package/dist/adapters/build.mjs +7 -7
- package/dist/adapters/cli.d.mts +1 -1
- package/dist/adapters/cli.mjs +2 -2
- package/dist/adapters/dev.d.mts +8 -2
- package/dist/adapters/dev.mjs +1 -1
- package/dist/adapters/embedded.d.mts +1 -1
- package/dist/adapters/mcp.d.mts +1 -1
- package/dist/adapters/mcp.mjs +4 -4
- package/dist/client/index.d.mts +148 -6
- package/dist/client/index.mjs +257 -44
- package/dist/constants.d.mts +17 -1
- package/dist/constants.mjs +17 -1
- package/dist/context-3x_bgBgZ.mjs +48 -0
- package/dist/{context-DTRcO_UH.d.mts → context-o-TwncyP.d.mts} +1 -1
- package/dist/{dev-Cv43GfqM.mjs → dev-CSpLSEVh.mjs} +39 -13
- package/dist/{devframe-BuR6n9ZD.d.mts → devframe-BwfavB78.d.mts} +365 -15
- package/dist/{diagnostics-GitRGKbr.mjs → diagnostics-BXwBQmoN.mjs} +1 -1
- package/dist/{dump-9lKIJTLh.mjs → dump-DoXkj4ku.mjs} +1 -1
- package/dist/helpers/vite.d.mts +1 -1
- package/dist/helpers/vite.mjs +11 -11
- package/dist/{host-h3-Dgpgr1Ul.mjs → host-h3-C5SZlk03.mjs} +134 -6
- package/dist/{index-C7M1hnvL.d.mts → index-CxaPKDXX.d.mts} +2 -2
- package/dist/{index-DH2sBIwd.d.mts → index-DXHWuwJk.d.mts} +1 -1
- package/dist/index.d.mts +4 -4
- package/dist/index.mjs +1 -1
- package/dist/node/auth.d.mts +43 -23
- package/dist/node/auth.mjs +84 -37
- package/dist/node/hub-internals.d.mts +2 -2
- package/dist/node/hub-internals.mjs +2 -2
- package/dist/node/index.d.mts +22 -6
- package/dist/node/index.mjs +4 -4
- package/dist/recipes/open-helpers.d.mts +1 -1
- package/dist/recipes/open-helpers.mjs +3 -3
- package/dist/revoke-ENfxWkFK.mjs +79 -0
- package/dist/rpc/dump.d.mts +1 -1
- package/dist/rpc/dump.mjs +1 -1
- package/dist/rpc/index.d.mts +3 -3
- package/dist/rpc/index.mjs +4 -4
- package/dist/rpc/transports/ws-client.d.mts +1 -1
- package/dist/rpc/transports/ws-client.mjs +2 -2
- package/dist/rpc/transports/ws-server.d.mts +2 -2
- package/dist/rpc/transports/ws-server.mjs +124 -60
- package/dist/{serialization-BD_qXGjd.mjs → serialization-DpLXCy13.mjs} +1 -1
- package/dist/{server-wHlpcdZ9.d.mts → server-oju7PTi2.d.mts} +30 -3
- package/dist/{server-BBaBJaUL.mjs → server-wyY3zh67.mjs} +18 -14
- package/dist/{shared-state-u0y123fi.mjs → shared-state-D4PPieA0.mjs} +4 -4
- package/dist/{shared-state-BlBNYziY.mjs → storage-l2ezeend.mjs} +128 -6
- package/dist/types/index.d.mts +4 -4
- package/dist/{types-BkkQ0Txg.d.mts → types-DZEx4ffs.d.mts} +9 -1
- package/dist/utils/crypto-token.d.mts +24 -0
- package/dist/utils/crypto-token.mjs +45 -0
- package/dist/utils/events.d.mts +1 -1
- package/dist/utils/hash.mjs +1 -1
- package/dist/utils/launch-editor.mjs +1 -1
- package/dist/utils/open.mjs +1 -1
- package/dist/utils/scope.d.mts +11 -0
- package/dist/utils/scope.mjs +15 -0
- package/dist/utils/shared-state.d.mts +1 -1
- package/dist/utils/shared-state.mjs +1 -1
- package/dist/utils/streaming-channel.d.mts +1 -1
- package/dist/utils/structured-clone.mjs +1 -1
- package/dist/{ws-client-CVYX9niP.d.mts → ws-client-D0z0pOhn.d.mts} +1 -1
- package/dist/ws-server-BVVMDo2n.d.mts +103 -0
- package/package.json +12 -7
- package/skills/devframe/SKILL.md +123 -23
- package/skills/devframe/templates/counter-devframe.ts +14 -4
- package/skills/devframe/templates/spa-devframe.ts +13 -3
- package/skills/devframe/templates/vite-client.ts +3 -2
- package/dist/context-DaKmhhHY.mjs +0 -164
- package/dist/revoke-CL0LSAN9.mjs +0 -803
- package/dist/utils/human-id.d.mts +0 -8
- package/dist/utils/human-id.mjs +0 -769
- package/dist/ws-server-C1LjmRnp.d.mts +0 -61
- /package/dist/{define-CW9gLnyG.mjs → define-BLWPsH6y.mjs} +0 -0
- /package/dist/{diagnostics-reporter-CBBZwoMv.mjs → diagnostics-reporter-CsIG85Q5.mjs} +0 -0
- /package/dist/{hash-bwOD8RgU.mjs → hash-DFc5WwhO.mjs} +0 -0
- /package/dist/{launch-editor-BbNhtg7b.mjs → launch-editor-CgXBgviI.mjs} +0 -0
- /package/dist/{open-DiQn6zCH.mjs → open-Dusa2Zzd.mjs} +0 -0
- /package/dist/{structured-clone-PdCZwt7F.mjs → structured-clone-CeZOHvkd.mjs} +0 -0
- /package/dist/{structured-clone-jegjz0hM.mjs → structured-clone-XpHLZ8nr.mjs} +0 -0
- /package/dist/{transports-DTFoMUbE.mjs → transports-BmDVn4SF.mjs} +0 -0
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
import { t as devframeReporter } from "./diagnostics-reporter-
|
|
2
|
-
import { t as diagnostics } from "./diagnostics-
|
|
1
|
+
import { t as devframeReporter } from "./diagnostics-reporter-CsIG85Q5.mjs";
|
|
2
|
+
import { t as diagnostics } from "./diagnostics-BXwBQmoN.mjs";
|
|
3
3
|
import { RpcFunctionsCollectorBase } from "./rpc/index.mjs";
|
|
4
4
|
import { defineRpcFunction } from "./index.mjs";
|
|
5
|
-
import {
|
|
5
|
+
import { a as diagnostics$1, i as createEventEmitter, n as createSharedState, r as nanoid, t as createStorage } from "./storage-l2ezeend.mjs";
|
|
6
6
|
import { defineDiagnostics } from "nostics";
|
|
7
7
|
import { isatty } from "node:tty";
|
|
8
8
|
import { formatWithOptions, inspect } from "node:util";
|
|
9
9
|
import { existsSync } from "node:fs";
|
|
10
|
+
import { join } from "pathe";
|
|
10
11
|
import { homedir } from "node:os";
|
|
11
12
|
import process$1 from "node:process";
|
|
12
|
-
import { join } from "pathe";
|
|
13
13
|
//#region src/node/host-agent.ts
|
|
14
14
|
/**
|
|
15
15
|
* Framework-neutral host aggregating the agent-exposed surface of a
|
|
@@ -1240,6 +1240,123 @@ const BUILTIN_AGENT_RPC = [
|
|
|
1240
1240
|
})
|
|
1241
1241
|
];
|
|
1242
1242
|
//#endregion
|
|
1243
|
+
//#region src/utils/scope.ts
|
|
1244
|
+
/** Whether a name is already namespaced (contains a `:` separator). */
|
|
1245
|
+
function isQualifiedName(name) {
|
|
1246
|
+
return name.includes(":");
|
|
1247
|
+
}
|
|
1248
|
+
/**
|
|
1249
|
+
* Prefix a bare name with `<namespace>:`. Names that already contain a
|
|
1250
|
+
* `:` are returned unchanged, so callers can reference another scope's
|
|
1251
|
+
* ids explicitly (e.g. `ctx.rpc.call('other-plugin:fn')`).
|
|
1252
|
+
*/
|
|
1253
|
+
function qualifyName(namespace, name) {
|
|
1254
|
+
return isQualifiedName(name) ? name : `${namespace}:${name}`;
|
|
1255
|
+
}
|
|
1256
|
+
//#endregion
|
|
1257
|
+
//#region src/node/settings.ts
|
|
1258
|
+
const STORAGE_SCOPE = {
|
|
1259
|
+
global: "global",
|
|
1260
|
+
project: "workspace"
|
|
1261
|
+
};
|
|
1262
|
+
function createNodeSettingsStore(context, namespace, scope) {
|
|
1263
|
+
const stateKey = `devframe:settings:${scope}:${namespace}`;
|
|
1264
|
+
let statePromise;
|
|
1265
|
+
function store() {
|
|
1266
|
+
if (!statePromise) {
|
|
1267
|
+
const filepath = join(context.host.getStorageDir(STORAGE_SCOPE[scope]), "settings", `${namespace}.json`);
|
|
1268
|
+
statePromise = context.rpc.sharedState.get(stateKey, { sharedState: createStorage({
|
|
1269
|
+
filepath,
|
|
1270
|
+
initialValue: {}
|
|
1271
|
+
}) });
|
|
1272
|
+
}
|
|
1273
|
+
return statePromise;
|
|
1274
|
+
}
|
|
1275
|
+
return {
|
|
1276
|
+
async get(key) {
|
|
1277
|
+
return (await store()).value()[key];
|
|
1278
|
+
},
|
|
1279
|
+
async set(key, value) {
|
|
1280
|
+
(await store()).mutate((draft) => {
|
|
1281
|
+
draft[key] = value;
|
|
1282
|
+
});
|
|
1283
|
+
},
|
|
1284
|
+
async delete(key) {
|
|
1285
|
+
(await store()).mutate((draft) => {
|
|
1286
|
+
delete draft[key];
|
|
1287
|
+
});
|
|
1288
|
+
},
|
|
1289
|
+
async all() {
|
|
1290
|
+
return (await store()).value();
|
|
1291
|
+
},
|
|
1292
|
+
async onChange(fn) {
|
|
1293
|
+
return (await store()).on("updated", (full) => fn(full));
|
|
1294
|
+
}
|
|
1295
|
+
};
|
|
1296
|
+
}
|
|
1297
|
+
/**
|
|
1298
|
+
* Build the node-side `settings` surface for a scope namespace. `project`
|
|
1299
|
+
* persists under the host's `workspace` storage dir, `global` under its
|
|
1300
|
+
* `global` dir. Each is a file-backed, client-synced key-value store.
|
|
1301
|
+
*/
|
|
1302
|
+
function createNodeSettings(context, namespace) {
|
|
1303
|
+
return {
|
|
1304
|
+
global: createNodeSettingsStore(context, namespace, "global"),
|
|
1305
|
+
project: createNodeSettingsStore(context, namespace, "project")
|
|
1306
|
+
};
|
|
1307
|
+
}
|
|
1308
|
+
//#endregion
|
|
1309
|
+
//#region src/node/scope.ts
|
|
1310
|
+
function prefixDefinition(namespace, fn) {
|
|
1311
|
+
if (isQualifiedName(fn.name)) throw diagnostics$1.DF0034({
|
|
1312
|
+
namespace,
|
|
1313
|
+
name: fn.name
|
|
1314
|
+
});
|
|
1315
|
+
return {
|
|
1316
|
+
...fn,
|
|
1317
|
+
name: `${namespace}:${fn.name}`
|
|
1318
|
+
};
|
|
1319
|
+
}
|
|
1320
|
+
/**
|
|
1321
|
+
* Build a namespace-scoped view of a {@link DevframeNodeContext}. Every
|
|
1322
|
+
* RPC id, shared-state key, and streaming channel passed through the
|
|
1323
|
+
* returned `rpc` surface is auto-namespaced with `<namespace>:`.
|
|
1324
|
+
*/
|
|
1325
|
+
function createScopedNodeContext(context, namespace) {
|
|
1326
|
+
const base = context.rpc;
|
|
1327
|
+
const rpc = {
|
|
1328
|
+
namespace,
|
|
1329
|
+
register(fn, force) {
|
|
1330
|
+
base.register(prefixDefinition(namespace, fn), force);
|
|
1331
|
+
},
|
|
1332
|
+
update(fn, force) {
|
|
1333
|
+
base.update(prefixDefinition(namespace, fn), force);
|
|
1334
|
+
},
|
|
1335
|
+
call: ((method, ...args) => base.invokeLocal(qualifyName(namespace, method), ...args)),
|
|
1336
|
+
broadcast: ((options) => base.broadcast({
|
|
1337
|
+
...options,
|
|
1338
|
+
method: qualifyName(namespace, options.method)
|
|
1339
|
+
})),
|
|
1340
|
+
sharedState: ((key, options) => base.sharedState.get(qualifyName(namespace, key), options)),
|
|
1341
|
+
streaming: { create: (name, opts) => base.streaming.create(qualifyName(namespace, name), opts) },
|
|
1342
|
+
getCurrentRpcSession: () => base.getCurrentRpcSession()
|
|
1343
|
+
};
|
|
1344
|
+
return {
|
|
1345
|
+
namespace,
|
|
1346
|
+
base: context,
|
|
1347
|
+
cwd: context.cwd,
|
|
1348
|
+
workspaceRoot: context.workspaceRoot,
|
|
1349
|
+
mode: context.mode,
|
|
1350
|
+
host: context.host,
|
|
1351
|
+
rpc,
|
|
1352
|
+
settings: createNodeSettings(context, namespace),
|
|
1353
|
+
views: context.views,
|
|
1354
|
+
diagnostics: context.diagnostics,
|
|
1355
|
+
agent: context.agent,
|
|
1356
|
+
scope: context.scope
|
|
1357
|
+
};
|
|
1358
|
+
}
|
|
1359
|
+
//#endregion
|
|
1243
1360
|
//#region src/node/context.ts
|
|
1244
1361
|
/**
|
|
1245
1362
|
* Framework- and build-tool-agnostic core of the Devframe node context.
|
|
@@ -1259,7 +1376,8 @@ async function createHostContext(options) {
|
|
|
1259
1376
|
rpc: void 0,
|
|
1260
1377
|
views: void 0,
|
|
1261
1378
|
diagnostics: void 0,
|
|
1262
|
-
agent: void 0
|
|
1379
|
+
agent: void 0,
|
|
1380
|
+
scope: void 0
|
|
1263
1381
|
};
|
|
1264
1382
|
const rpcHost = new RpcFunctionsHost(context);
|
|
1265
1383
|
const viewsHost = new DevframeViewHost(context);
|
|
@@ -1268,6 +1386,16 @@ async function createHostContext(options) {
|
|
|
1268
1386
|
context.views = viewsHost;
|
|
1269
1387
|
context.diagnostics = diagnosticsHost;
|
|
1270
1388
|
context.agent = new DevframeAgentHost(context);
|
|
1389
|
+
const scopedCache = /* @__PURE__ */ new Map();
|
|
1390
|
+
context.scope = ((namespace) => {
|
|
1391
|
+
if (!namespace) return context;
|
|
1392
|
+
let scoped = scopedCache.get(namespace);
|
|
1393
|
+
if (!scoped) {
|
|
1394
|
+
scoped = createScopedNodeContext(context, namespace);
|
|
1395
|
+
scopedCache.set(namespace, scoped);
|
|
1396
|
+
}
|
|
1397
|
+
return scoped;
|
|
1398
|
+
});
|
|
1271
1399
|
for (const fn of BUILTIN_AGENT_RPC) rpcHost.register(fn);
|
|
1272
1400
|
for (const fn of builtinRpcDeclarations) rpcHost.register(fn);
|
|
1273
1401
|
return context;
|
|
@@ -1293,4 +1421,4 @@ function createH3DevframeHost(options) {
|
|
|
1293
1421
|
};
|
|
1294
1422
|
}
|
|
1295
1423
|
//#endregion
|
|
1296
|
-
export {
|
|
1424
|
+
export { DevframeViewHost as a, createRpcSharedStateServerHost as c, createNodeSettings as i, DevframeDiagnosticsHost as l, createHostContext as n, RpcFunctionsHost as o, createScopedNodeContext as r, createRpcStreamingServerHost as s, createH3DevframeHost as t, DevframeAgentHost as u };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { C as
|
|
2
|
-
import { a as getDefinitionsWithDumps$1, c as StaticRpcDumpManifest$1, d as StaticRpcDumpManifestValue$1, f as StaticRpcDumpSerialization$1, i as dumpFunctions$1, l as StaticRpcDumpManifestQueryEntry$1, n as serializeDumpError$1, o as StaticRpcDumpCollection$1, p as collectStaticRpcDump$1, r as createClientFromDump$1, s as StaticRpcDumpFile$1, t as reviveDumpError$1, u as StaticRpcDumpManifestStaticEntry$1 } from "./index-
|
|
1
|
+
import { C as RpcFunctionType, S as RpcFunctionSetupResult, T as RpcReturnSchema, _ as RpcFunctionDefinition, i as RpcArgsSchema, v as RpcFunctionDefinitionAny, w as RpcFunctionsCollector } from "./types-DZEx4ffs.mjs";
|
|
2
|
+
import { a as getDefinitionsWithDumps$1, c as StaticRpcDumpManifest$1, d as StaticRpcDumpManifestValue$1, f as StaticRpcDumpSerialization$1, i as dumpFunctions$1, l as StaticRpcDumpManifestQueryEntry$1, n as serializeDumpError$1, o as StaticRpcDumpCollection$1, p as collectStaticRpcDump$1, r as createClientFromDump$1, s as StaticRpcDumpFile$1, t as reviveDumpError$1, u as StaticRpcDumpManifestStaticEntry$1 } from "./index-DXHWuwJk.mjs";
|
|
3
3
|
|
|
4
4
|
//#region src/rpc/cache.d.ts
|
|
5
5
|
interface RpcCacheOptions {
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { h as RpcDumpStore, l as RpcDumpClientOptions, m as RpcDumpRecordError, n as BirpcReturn, o as RpcDefinitionsToFunctions, u as RpcDumpCollectionOptions, v as RpcFunctionDefinitionAny } from "./types-DZEx4ffs.mjs";
|
|
2
2
|
|
|
3
3
|
//#region src/rpc/dump/static.d.ts
|
|
4
4
|
type StaticRpcDumpSerialization = 'json' | 'structured-clone';
|
package/dist/index.d.mts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { $ as
|
|
2
|
-
import {
|
|
3
|
-
import { t as DevframeNodeRpcSessionMeta } from "./ws-server-
|
|
1
|
+
import { $ as ScopedServerFunctions, G as DevframeScopedNodeContext, H as EntriesToObject, J as DevframeSettings, K as DevframeScopedNodeRpc, Q as ScopedClientFunctions, S as RpcStreamingHost, St as EventsMap, U as PartialWithoutId, W as Thenable, X as DevframeSettingsStore, Y as DevframeSettingsRegistry, Z as ScopedBroadcastOptions, _ as RpcFunctionsHost, _t as AgentToolInput, a as DevframeDuplicationStrategy, at as DevframeRpcSharedStates, b as RpcStreamingChannel, bt as EventEmitter, c as DevframeSpaOptions, ct as DevframeDiagnosticsDefinition, d as ConnectionMeta, dt as AgentHandle, et as ScopedSharedStates, f as ConnectionMetaWebsocket, ft as AgentManifest, g as RpcBroadcastOptions, gt as AgentTool, h as DevframeNodeRpcSession, ht as AgentResourceInput, i as DevframeDeploymentKind, it as DevframeRpcServerFunctions, l as DevframeWsOptions, lt as DevframeDiagnosticsHost, m as DevframeNodeContext, mt as AgentResourceContent, n as DevframeCliOptions, nt as DevframeViewHost, o as DevframeRuntime, ot as DevframeHost, p as DevframeCapabilities, pt as AgentResource, q as DevframeScopedStreamingHost, r as DevframeDefinition, rt as DevframeRpcClientFunctions, s as DevframeSetupInfo, st as DevframeDefineDiagnosticsOptions, t as DevframeBrowserContext, tt as SettingsForNamespace, u as defineDevframe, ut as DevframeDiagnosticsLogger, v as RpcSharedStateGetOptions, vt as DevframeAgentHost, x as RpcStreamingChannelOptions, xt as EventUnsubscribe, y as RpcSharedStateHost, yt as DevframeAgentHostEvents } from "./devframe-BwfavB78.mjs";
|
|
2
|
+
import { C as RpcFunctionType, T as RpcReturnSchema, _ as RpcFunctionDefinition, g as RpcFunctionAgentOptions, i as RpcArgsSchema } from "./types-DZEx4ffs.mjs";
|
|
3
|
+
import { t as DevframeNodeRpcSessionMeta } from "./ws-server-BVVMDo2n.mjs";
|
|
4
4
|
|
|
5
5
|
//#region src/define.d.ts
|
|
6
6
|
declare const defineRpcFunction: <NAME extends string, TYPE extends RpcFunctionType, ARGS extends any[], RETURN = void, const AS extends RpcArgsSchema | undefined = undefined, const RS extends RpcReturnSchema | undefined = undefined>(definition: RpcFunctionDefinition<NAME, TYPE, ARGS, RETURN, AS, RS, DevframeNodeContext>) => RpcFunctionDefinition<NAME, TYPE, ARGS, RETURN, AS, RS, DevframeNodeContext>;
|
|
7
7
|
//#endregion
|
|
8
|
-
export { AgentHandle, AgentManifest, AgentResource, AgentResourceContent, AgentResourceInput, AgentTool, AgentToolInput, ConnectionMeta, DevframeAgentHost, DevframeAgentHostEvents, DevframeBrowserContext, DevframeCapabilities, DevframeCliOptions, DevframeDefineDiagnosticsOptions, DevframeDefinition, DevframeDeploymentKind, DevframeDiagnosticsDefinition, DevframeDiagnosticsHost, DevframeDiagnosticsLogger, DevframeHost, DevframeNodeContext, DevframeNodeRpcSession, DevframeNodeRpcSessionMeta, DevframeRpcClientFunctions, DevframeRpcServerFunctions, DevframeRpcSharedStates, DevframeRuntime, DevframeSetupInfo, DevframeSpaOptions, DevframeViewHost, EntriesToObject, EventEmitter, EventUnsubscribe, EventsMap, PartialWithoutId, RpcBroadcastOptions, RpcFunctionAgentOptions, RpcFunctionsHost, RpcSharedStateGetOptions, RpcSharedStateHost, RpcStreamingChannel, RpcStreamingChannelOptions, RpcStreamingHost, Thenable, defineDevframe, defineRpcFunction };
|
|
8
|
+
export { AgentHandle, AgentManifest, AgentResource, AgentResourceContent, AgentResourceInput, AgentTool, AgentToolInput, ConnectionMeta, ConnectionMetaWebsocket, DevframeAgentHost, DevframeAgentHostEvents, DevframeBrowserContext, DevframeCapabilities, DevframeCliOptions, DevframeDefineDiagnosticsOptions, DevframeDefinition, DevframeDeploymentKind, DevframeDiagnosticsDefinition, DevframeDiagnosticsHost, DevframeDiagnosticsLogger, DevframeDuplicationStrategy, DevframeHost, DevframeNodeContext, DevframeNodeRpcSession, DevframeNodeRpcSessionMeta, DevframeRpcClientFunctions, DevframeRpcServerFunctions, DevframeRpcSharedStates, DevframeRuntime, DevframeScopedNodeContext, DevframeScopedNodeRpc, DevframeScopedStreamingHost, DevframeSettings, DevframeSettingsRegistry, DevframeSettingsStore, DevframeSetupInfo, DevframeSpaOptions, DevframeViewHost, DevframeWsOptions, EntriesToObject, EventEmitter, EventUnsubscribe, EventsMap, PartialWithoutId, RpcBroadcastOptions, RpcFunctionAgentOptions, RpcFunctionsHost, RpcSharedStateGetOptions, RpcSharedStateHost, RpcStreamingChannel, RpcStreamingChannelOptions, RpcStreamingHost, ScopedBroadcastOptions, ScopedClientFunctions, ScopedServerFunctions, ScopedSharedStates, SettingsForNamespace, Thenable, defineDevframe, defineRpcFunction };
|
package/dist/index.mjs
CHANGED
package/dist/node/auth.d.mts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { n as InternalAnonymousAuthStorage } from "../context-
|
|
1
|
+
import { L as SharedState, h as DevframeNodeRpcSession, m as DevframeNodeContext } from "../devframe-BwfavB78.mjs";
|
|
2
|
+
import { n as InternalAnonymousAuthStorage } from "../context-o-TwncyP.mjs";
|
|
3
3
|
|
|
4
4
|
//#region src/node/auth/revoke.d.ts
|
|
5
5
|
/**
|
|
@@ -16,29 +16,49 @@ declare function revokeActiveConnectionsForToken(context: DevframeNodeContext, t
|
|
|
16
16
|
declare function revokeAuthToken(context: DevframeNodeContext, storage: SharedState<InternalAnonymousAuthStorage>, token: string): Promise<void>;
|
|
17
17
|
//#endregion
|
|
18
18
|
//#region src/node/auth/state.d.ts
|
|
19
|
-
interface PendingAuthRequest {
|
|
20
|
-
clientAuthToken: string;
|
|
21
|
-
session: DevframeNodeRpcSession;
|
|
22
|
-
ua: string;
|
|
23
|
-
origin: string;
|
|
24
|
-
resolve: (result: {
|
|
25
|
-
isTrusted: boolean;
|
|
26
|
-
}) => void;
|
|
27
|
-
abortController: AbortController;
|
|
28
|
-
timeout: ReturnType<typeof setTimeout>;
|
|
29
|
-
}
|
|
30
|
-
declare function getTempAuthToken(): string;
|
|
31
|
-
declare function refreshTempAuthToken(): string;
|
|
32
|
-
declare function getPendingAuth(): PendingAuthRequest | null;
|
|
33
|
-
declare function setPendingAuth(request: PendingAuthRequest | null): void;
|
|
34
19
|
/**
|
|
35
|
-
*
|
|
20
|
+
* The current one-time authentication code. Display this to the user (e.g. in
|
|
21
|
+
* the dev-server terminal) so they can type it into the browser to authenticate.
|
|
22
|
+
*/
|
|
23
|
+
declare function getTempAuthCode(): string;
|
|
24
|
+
/**
|
|
25
|
+
* Rotate the authentication code, resetting its expiry window and failed-attempt
|
|
26
|
+
* counter. Call this when a new authentication flow begins (e.g. when an
|
|
27
|
+
* untrusted client starts authenticating) so the displayed code is freshly
|
|
28
|
+
* valid for its full TTL.
|
|
36
29
|
*/
|
|
37
|
-
declare function
|
|
30
|
+
declare function refreshTempAuthCode(): string;
|
|
38
31
|
/**
|
|
39
|
-
*
|
|
40
|
-
*
|
|
32
|
+
* Build a "magic link" authentication URL that embeds a one-time code (OTP) as
|
|
33
|
+
* a query parameter. Opening it authenticates the client without typing — print
|
|
34
|
+
* it on startup (devframe stays headless, so the host prints its own banner).
|
|
35
|
+
* Defaults to the current code; the link is subject to the same TTL.
|
|
36
|
+
*/
|
|
37
|
+
declare function buildOtpAuthUrl(baseUrl: string, code?: string): string;
|
|
38
|
+
/**
|
|
39
|
+
* Re-authenticate a connection that presents a previously-issued bearer token.
|
|
40
|
+
* Returns `true` and marks the session trusted when the token is known.
|
|
41
|
+
*
|
|
42
|
+
* Used by the `devframe:anonymous:auth` handler so a client that already
|
|
43
|
+
* authenticated (token persisted in the browser) is trusted on reconnect
|
|
44
|
+
* without entering the code again.
|
|
41
45
|
*/
|
|
42
|
-
declare function
|
|
46
|
+
declare function verifyAuthToken(token: string, session: DevframeNodeRpcSession, storage: SharedState<InternalAnonymousAuthStorage>): boolean;
|
|
47
|
+
/**
|
|
48
|
+
* Exchange a one-time authentication code for a fresh, node-issued bearer token.
|
|
49
|
+
*
|
|
50
|
+
* On success this mints a high-entropy token, records it in the trusted store,
|
|
51
|
+
* marks the calling session trusted, rotates the code, and returns the token
|
|
52
|
+
* for the client to persist. Returns `null` on any failure.
|
|
53
|
+
*
|
|
54
|
+
* Because the code is short and human-typed, verification is hardened against
|
|
55
|
+
* brute force: it enforces a time-to-live, compares in constant time, and
|
|
56
|
+
* rotates the code after {@link TEMP_AUTH_MAX_ATTEMPTS} failed attempts so an
|
|
57
|
+
* attacker cannot keep guessing against the same code.
|
|
58
|
+
*/
|
|
59
|
+
declare function exchangeTempAuthCode(code: string, session: DevframeNodeRpcSession, info: {
|
|
60
|
+
ua: string;
|
|
61
|
+
origin: string;
|
|
62
|
+
}, storage: SharedState<InternalAnonymousAuthStorage>): string | null;
|
|
43
63
|
//#endregion
|
|
44
|
-
export {
|
|
64
|
+
export { buildOtpAuthUrl, exchangeTempAuthCode, getTempAuthCode, refreshTempAuthCode, revokeActiveConnectionsForToken, revokeAuthToken, verifyAuthToken };
|
package/dist/node/auth.mjs
CHANGED
|
@@ -1,54 +1,101 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { DEVFRAME_OTP_URL_PARAM } from "../constants.mjs";
|
|
2
|
+
import { a as timingSafeEqual, i as randomToken, n as revokeAuthToken, r as randomDigits, t as revokeActiveConnectionsForToken } from "../revoke-ENfxWkFK.mjs";
|
|
2
3
|
//#region src/node/auth/state.ts
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
4
|
+
/** Number of decimal digits in a human-typed one-time authentication code. */
|
|
5
|
+
const TEMP_AUTH_CODE_LENGTH = 6;
|
|
6
|
+
/**
|
|
7
|
+
* How long an authentication code stays valid after it is (re)generated. A
|
|
8
|
+
* 6-digit code only has ~20 bits of entropy, so a short lifetime plus the
|
|
9
|
+
* attempt cap below are what keep it brute-force resistant.
|
|
10
|
+
*/
|
|
11
|
+
const TEMP_AUTH_CODE_TTL = 5 * 6e4;
|
|
12
|
+
/** Failed attempts allowed against a single code before it is rotated. */
|
|
13
|
+
const TEMP_AUTH_MAX_ATTEMPTS = 5;
|
|
14
|
+
let tempAuthCode = generateTempCode();
|
|
15
|
+
let tempAuthCodeExpiresAt = Date.now() + TEMP_AUTH_CODE_TTL;
|
|
16
|
+
let tempAuthFailedAttempts = 0;
|
|
17
|
+
function generateTempCode() {
|
|
18
|
+
return randomDigits(TEMP_AUTH_CODE_LENGTH);
|
|
10
19
|
}
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
20
|
+
/**
|
|
21
|
+
* The current one-time authentication code. Display this to the user (e.g. in
|
|
22
|
+
* the dev-server terminal) so they can type it into the browser to authenticate.
|
|
23
|
+
*/
|
|
24
|
+
function getTempAuthCode() {
|
|
25
|
+
return tempAuthCode;
|
|
14
26
|
}
|
|
15
|
-
|
|
16
|
-
|
|
27
|
+
/**
|
|
28
|
+
* Rotate the authentication code, resetting its expiry window and failed-attempt
|
|
29
|
+
* counter. Call this when a new authentication flow begins (e.g. when an
|
|
30
|
+
* untrusted client starts authenticating) so the displayed code is freshly
|
|
31
|
+
* valid for its full TTL.
|
|
32
|
+
*/
|
|
33
|
+
function refreshTempAuthCode() {
|
|
34
|
+
tempAuthCode = generateTempCode();
|
|
35
|
+
tempAuthCodeExpiresAt = Date.now() + TEMP_AUTH_CODE_TTL;
|
|
36
|
+
tempAuthFailedAttempts = 0;
|
|
37
|
+
return tempAuthCode;
|
|
17
38
|
}
|
|
18
|
-
|
|
19
|
-
|
|
39
|
+
/**
|
|
40
|
+
* Build a "magic link" authentication URL that embeds a one-time code (OTP) as
|
|
41
|
+
* a query parameter. Opening it authenticates the client without typing — print
|
|
42
|
+
* it on startup (devframe stays headless, so the host prints its own banner).
|
|
43
|
+
* Defaults to the current code; the link is subject to the same TTL.
|
|
44
|
+
*/
|
|
45
|
+
function buildOtpAuthUrl(baseUrl, code = tempAuthCode) {
|
|
46
|
+
const url = new URL(baseUrl);
|
|
47
|
+
url.searchParams.set(DEVFRAME_OTP_URL_PARAM, code);
|
|
48
|
+
return url.href;
|
|
20
49
|
}
|
|
21
50
|
/**
|
|
22
|
-
*
|
|
51
|
+
* Re-authenticate a connection that presents a previously-issued bearer token.
|
|
52
|
+
* Returns `true` and marks the session trusted when the token is known.
|
|
53
|
+
*
|
|
54
|
+
* Used by the `devframe:anonymous:auth` handler so a client that already
|
|
55
|
+
* authenticated (token persisted in the browser) is trusted on reconnect
|
|
56
|
+
* without entering the code again.
|
|
23
57
|
*/
|
|
24
|
-
function
|
|
25
|
-
if (
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
}
|
|
58
|
+
function verifyAuthToken(token, session, storage) {
|
|
59
|
+
if (!token || !storage.value().trusted[token]) return false;
|
|
60
|
+
session.meta.clientAuthToken = token;
|
|
61
|
+
session.meta.isTrusted = true;
|
|
62
|
+
return true;
|
|
30
63
|
}
|
|
31
64
|
/**
|
|
32
|
-
*
|
|
33
|
-
*
|
|
65
|
+
* Exchange a one-time authentication code for a fresh, node-issued bearer token.
|
|
66
|
+
*
|
|
67
|
+
* On success this mints a high-entropy token, records it in the trusted store,
|
|
68
|
+
* marks the calling session trusted, rotates the code, and returns the token
|
|
69
|
+
* for the client to persist. Returns `null` on any failure.
|
|
70
|
+
*
|
|
71
|
+
* Because the code is short and human-typed, verification is hardened against
|
|
72
|
+
* brute force: it enforces a time-to-live, compares in constant time, and
|
|
73
|
+
* rotates the code after {@link TEMP_AUTH_MAX_ATTEMPTS} failed attempts so an
|
|
74
|
+
* attacker cannot keep guessing against the same code.
|
|
34
75
|
*/
|
|
35
|
-
function
|
|
36
|
-
if (
|
|
37
|
-
|
|
76
|
+
function exchangeTempAuthCode(code, session, info, storage) {
|
|
77
|
+
if (Date.now() > tempAuthCodeExpiresAt) {
|
|
78
|
+
refreshTempAuthCode();
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
if (!timingSafeEqual(code, tempAuthCode)) {
|
|
82
|
+
tempAuthFailedAttempts += 1;
|
|
83
|
+
if (tempAuthFailedAttempts >= TEMP_AUTH_MAX_ATTEMPTS) refreshTempAuthCode();
|
|
84
|
+
return null;
|
|
85
|
+
}
|
|
86
|
+
const authToken = randomToken();
|
|
38
87
|
storage.mutate((state) => {
|
|
39
|
-
state.trusted[
|
|
40
|
-
authToken
|
|
41
|
-
ua,
|
|
42
|
-
origin,
|
|
88
|
+
state.trusted[authToken] = {
|
|
89
|
+
authToken,
|
|
90
|
+
ua: info.ua,
|
|
91
|
+
origin: info.origin,
|
|
43
92
|
timestamp: Date.now()
|
|
44
93
|
};
|
|
45
94
|
});
|
|
46
|
-
session.meta.clientAuthToken =
|
|
95
|
+
session.meta.clientAuthToken = authToken;
|
|
47
96
|
session.meta.isTrusted = true;
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
refreshTempAuthToken();
|
|
51
|
-
return clientAuthToken;
|
|
97
|
+
refreshTempAuthCode();
|
|
98
|
+
return authToken;
|
|
52
99
|
}
|
|
53
100
|
//#endregion
|
|
54
|
-
export {
|
|
101
|
+
export { buildOtpAuthUrl, exchangeTempAuthCode, getTempAuthCode, refreshTempAuthCode, revokeActiveConnectionsForToken, revokeAuthToken, verifyAuthToken };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { i as DevframeDeploymentKind, r as DevframeDefinition } from "../devframe-
|
|
2
|
-
import { a as internalContextMap, i as getInternalContext, n as InternalAnonymousAuthStorage, r as RemoteTokenRecord, t as DevframeInternalContext } from "../context-
|
|
1
|
+
import { i as DevframeDeploymentKind, r as DevframeDefinition } from "../devframe-BwfavB78.mjs";
|
|
2
|
+
import { a as internalContextMap, i as getInternalContext, n as InternalAnonymousAuthStorage, r as RemoteTokenRecord, t as DevframeInternalContext } from "../context-o-TwncyP.mjs";
|
|
3
3
|
|
|
4
4
|
//#region src/adapters/_shared.d.ts
|
|
5
5
|
/**
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { n as internalContextMap, t as getInternalContext } from "../context-
|
|
2
|
-
import { n as resolveBasePath, t as normalizeBasePath } from "../_shared-
|
|
1
|
+
import { n as internalContextMap, t as getInternalContext } from "../context-3x_bgBgZ.mjs";
|
|
2
|
+
import { n as resolveBasePath, t as normalizeBasePath } from "../_shared-bWRzeSa0.mjs";
|
|
3
3
|
export { getInternalContext, internalContextMap, normalizeBasePath, resolveBasePath };
|
package/dist/node/index.d.mts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import { S as RpcFunctionsCollectorBase } from "../index-
|
|
4
|
-
import { t as DevframeNodeRpcSessionMeta } from "../ws-server-
|
|
5
|
-
import { n as StartedServer, r as startHttpAndWs, t as StartHttpAndWsOptions } from "../server-
|
|
1
|
+
import { G as DevframeScopedNodeContext, J as DevframeSettings, L as SharedState, S as RpcStreamingHost, _ as RpcFunctionsHost$1, _t as AgentToolInput, bt as EventEmitter, dt as AgentHandle, ft as AgentManifest, g as RpcBroadcastOptions, gt as AgentTool, h as DevframeNodeRpcSession, ht as AgentResourceInput, it as DevframeRpcServerFunctions, lt as DevframeDiagnosticsHost$1, m as DevframeNodeContext, mt as AgentResourceContent, nt as DevframeViewHost$1, ot as DevframeHost, pt as AgentResource, rt as DevframeRpcClientFunctions, ut as DevframeDiagnosticsLogger, vt as DevframeAgentHost$1, y as RpcSharedStateHost, yt as DevframeAgentHostEvents } from "../devframe-BwfavB78.mjs";
|
|
2
|
+
import { v as RpcFunctionDefinitionAny } from "../types-DZEx4ffs.mjs";
|
|
3
|
+
import { S as RpcFunctionsCollectorBase } from "../index-CxaPKDXX.mjs";
|
|
4
|
+
import { t as DevframeNodeRpcSessionMeta } from "../ws-server-BVVMDo2n.mjs";
|
|
5
|
+
import { n as StartedServer, r as startHttpAndWs, t as StartHttpAndWsOptions } from "../server-oju7PTi2.mjs";
|
|
6
6
|
import { BirpcGroup } from "birpc";
|
|
7
7
|
import { AsyncLocalStorage } from "node:async_hooks";
|
|
8
8
|
|
|
@@ -156,6 +156,22 @@ declare function createRpcSharedStateServerHost(rpc: RpcFunctionsHost$1): RpcSha
|
|
|
156
156
|
*/
|
|
157
157
|
declare function createRpcStreamingServerHost(rpc: RpcFunctionsHost$1): RpcStreamingHost;
|
|
158
158
|
//#endregion
|
|
159
|
+
//#region src/node/scope.d.ts
|
|
160
|
+
/**
|
|
161
|
+
* Build a namespace-scoped view of a {@link DevframeNodeContext}. Every
|
|
162
|
+
* RPC id, shared-state key, and streaming channel passed through the
|
|
163
|
+
* returned `rpc` surface is auto-namespaced with `<namespace>:`.
|
|
164
|
+
*/
|
|
165
|
+
declare function createScopedNodeContext<NS extends string = string>(context: DevframeNodeContext, namespace: NS): DevframeScopedNodeContext<NS>;
|
|
166
|
+
//#endregion
|
|
167
|
+
//#region src/node/settings.d.ts
|
|
168
|
+
/**
|
|
169
|
+
* Build the node-side `settings` surface for a scope namespace. `project`
|
|
170
|
+
* persists under the host's `workspace` storage dir, `global` under its
|
|
171
|
+
* `global` dir. Each is a file-backed, client-synced key-value store.
|
|
172
|
+
*/
|
|
173
|
+
declare function createNodeSettings<T extends Record<string, any> = Record<string, any>>(context: DevframeNodeContext, namespace: string): DevframeSettings<T>;
|
|
174
|
+
//#endregion
|
|
159
175
|
//#region src/node/storage.d.ts
|
|
160
176
|
interface CreateStorageOptions<T extends object> {
|
|
161
177
|
filepath: string;
|
|
@@ -169,4 +185,4 @@ declare function createStorage<T extends object>(options: CreateStorageOptions<T
|
|
|
169
185
|
declare function isObject(value: unknown): value is Record<string, any>;
|
|
170
186
|
declare function normalizeHttpServerUrl(host: string, port: number | string): string;
|
|
171
187
|
//#endregion
|
|
172
|
-
export { CreateH3DevframeHostOptions, CreateHostContextOptions, CreateStorageOptions, DevframeAgentHost, DevframeDiagnosticsHost, DevframeViewHost, RpcFunctionsHost, StartHttpAndWsOptions, StartedServer, createH3DevframeHost, createHostContext, createRpcSharedStateServerHost, createRpcStreamingServerHost, createStorage, isObject, normalizeHttpServerUrl, startHttpAndWs };
|
|
188
|
+
export { CreateH3DevframeHostOptions, CreateHostContextOptions, CreateStorageOptions, DevframeAgentHost, DevframeDiagnosticsHost, DevframeViewHost, RpcFunctionsHost, StartHttpAndWsOptions, StartedServer, createH3DevframeHost, createHostContext, createNodeSettings, createRpcSharedStateServerHost, createRpcStreamingServerHost, createScopedNodeContext, createStorage, isObject, normalizeHttpServerUrl, startHttpAndWs };
|
package/dist/node/index.mjs
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { r as
|
|
3
|
-
import { t as startHttpAndWs } from "../server-
|
|
1
|
+
import { t as createStorage } from "../storage-l2ezeend.mjs";
|
|
2
|
+
import { a as DevframeViewHost, c as createRpcSharedStateServerHost, i as createNodeSettings, l as DevframeDiagnosticsHost, n as createHostContext, o as RpcFunctionsHost, r as createScopedNodeContext, s as createRpcStreamingServerHost, t as createH3DevframeHost, u as DevframeAgentHost } from "../host-h3-C5SZlk03.mjs";
|
|
3
|
+
import { t as startHttpAndWs } from "../server-wyY3zh67.mjs";
|
|
4
4
|
import { isIP } from "node:net";
|
|
5
5
|
//#region src/node/utils.ts
|
|
6
6
|
function isObject(value) {
|
|
@@ -10,4 +10,4 @@ function normalizeHttpServerUrl(host, port) {
|
|
|
10
10
|
return `http://${host === "127.0.0.1" ? "localhost" : isIP(host) === 6 ? `[${host}]` : host}:${port}`;
|
|
11
11
|
}
|
|
12
12
|
//#endregion
|
|
13
|
-
export { DevframeAgentHost, DevframeDiagnosticsHost, DevframeViewHost, RpcFunctionsHost, createH3DevframeHost, createHostContext, createRpcSharedStateServerHost, createRpcStreamingServerHost, createStorage, isObject, normalizeHttpServerUrl, startHttpAndWs };
|
|
13
|
+
export { DevframeAgentHost, DevframeDiagnosticsHost, DevframeViewHost, RpcFunctionsHost, createH3DevframeHost, createHostContext, createNodeSettings, createRpcSharedStateServerHost, createRpcStreamingServerHost, createScopedNodeContext, createStorage, isObject, normalizeHttpServerUrl, startHttpAndWs };
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { E as Thenable, S as RpcFunctionSetupResult, c as RpcDump, g as RpcFunctionAgentOptions } from "../types-DZEx4ffs.mjs";
|
|
2
2
|
import * as v from "valibot";
|
|
3
3
|
|
|
4
4
|
//#region src/recipes/open-helpers.d.ts
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { t as launchEditor } from "../launch-editor-
|
|
2
|
-
import { n as defineRpcFunction } from "../define-
|
|
3
|
-
import { t as open } from "../open-
|
|
1
|
+
import { t as launchEditor } from "../launch-editor-CgXBgviI.mjs";
|
|
2
|
+
import { n as defineRpcFunction } from "../define-BLWPsH6y.mjs";
|
|
3
|
+
import { t as open } from "../open-Dusa2Zzd.mjs";
|
|
4
4
|
import * as v from "valibot";
|
|
5
5
|
//#region src/recipes/open-helpers.ts
|
|
6
6
|
/**
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
//#region src/utils/crypto-token.ts
|
|
2
|
+
const HEX = "0123456789abcdef";
|
|
3
|
+
/**
|
|
4
|
+
* Generate a high-entropy, URL-safe (hex) random token suitable for use as a
|
|
5
|
+
* bearer credential — e.g. the persistent client auth token or an ephemeral
|
|
6
|
+
* remote-dock token. Defaults to 16 bytes (128 bits) of entropy.
|
|
7
|
+
*/
|
|
8
|
+
function randomToken(byteLength = 16) {
|
|
9
|
+
const bytes = new Uint8Array(byteLength);
|
|
10
|
+
globalThis.crypto.getRandomValues(bytes);
|
|
11
|
+
let out = "";
|
|
12
|
+
for (let i = 0; i < bytes.length; i++) out += HEX[bytes[i] >> 4] + HEX[bytes[i] & 15];
|
|
13
|
+
return out;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Generate a uniformly-distributed string of decimal digits using rejection
|
|
17
|
+
* sampling to avoid modulo bias. Intended for short, human-typed one-time
|
|
18
|
+
* codes (e.g. a 6-digit authentication code). Leading zeros are preserved.
|
|
19
|
+
*/
|
|
20
|
+
function randomDigits(length) {
|
|
21
|
+
const limit = 250;
|
|
22
|
+
const buf = new Uint8Array(1);
|
|
23
|
+
let out = "";
|
|
24
|
+
while (out.length < length) {
|
|
25
|
+
globalThis.crypto.getRandomValues(buf);
|
|
26
|
+
if (buf[0] < limit) out += String(buf[0] % 10);
|
|
27
|
+
}
|
|
28
|
+
return out;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Constant-time string equality. Compares every character so the comparison
|
|
32
|
+
* time does not depend on the position of the first mismatch, mitigating
|
|
33
|
+
* timing side-channels when verifying secrets.
|
|
34
|
+
*
|
|
35
|
+
* Length is treated as public (it short-circuits on differing lengths), which
|
|
36
|
+
* is appropriate for fixed-length codes and tokens.
|
|
37
|
+
*/
|
|
38
|
+
function timingSafeEqual(a, b) {
|
|
39
|
+
if (a.length !== b.length) return false;
|
|
40
|
+
let mismatch = 0;
|
|
41
|
+
for (let i = 0; i < a.length; i++) mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
|
|
42
|
+
return mismatch === 0;
|
|
43
|
+
}
|
|
44
|
+
//#endregion
|
|
45
|
+
//#region src/node/auth/revoke.ts
|
|
46
|
+
/**
|
|
47
|
+
* Flip `isTrusted` to false on any live WS clients connected with `token`
|
|
48
|
+
* and broadcast the `auth:revoked` event so they can react.
|
|
49
|
+
*
|
|
50
|
+
* Shared between persisted-auth revocation and remote-dock token revocation.
|
|
51
|
+
*/
|
|
52
|
+
async function revokeActiveConnectionsForToken(context, token) {
|
|
53
|
+
const rpcHost = context.rpc;
|
|
54
|
+
if (!rpcHost?._rpcGroup) return;
|
|
55
|
+
const affectedSessionIds = /* @__PURE__ */ new Set();
|
|
56
|
+
for (const client of rpcHost._rpcGroup.clients) if (client.$meta.clientAuthToken === token) {
|
|
57
|
+
affectedSessionIds.add(client.$meta.id);
|
|
58
|
+
client.$meta.isTrusted = false;
|
|
59
|
+
client.$meta.clientAuthToken = void 0;
|
|
60
|
+
}
|
|
61
|
+
if (affectedSessionIds.size === 0) return;
|
|
62
|
+
await rpcHost.broadcast({
|
|
63
|
+
method: "devframe:auth:revoked",
|
|
64
|
+
args: [],
|
|
65
|
+
filter: (client) => affectedSessionIds.has(client.$meta.id)
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Revoke an auth token: remove from storage and notify all connected clients
|
|
70
|
+
* using this token that they are no longer trusted.
|
|
71
|
+
*/
|
|
72
|
+
async function revokeAuthToken(context, storage, token) {
|
|
73
|
+
storage.mutate((state) => {
|
|
74
|
+
delete state.trusted[token];
|
|
75
|
+
});
|
|
76
|
+
await revokeActiveConnectionsForToken(context, token);
|
|
77
|
+
}
|
|
78
|
+
//#endregion
|
|
79
|
+
export { timingSafeEqual as a, randomToken as i, revokeAuthToken as n, randomDigits as r, revokeActiveConnectionsForToken as t };
|
package/dist/rpc/dump.d.mts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as getDefinitionsWithDumps, c as StaticRpcDumpManifest, d as StaticRpcDumpManifestValue, f as StaticRpcDumpSerialization, i as dumpFunctions, l as StaticRpcDumpManifestQueryEntry, n as serializeDumpError, o as StaticRpcDumpCollection, p as collectStaticRpcDump, r as createClientFromDump, s as StaticRpcDumpFile, t as reviveDumpError, u as StaticRpcDumpManifestStaticEntry } from "../index-
|
|
1
|
+
import { a as getDefinitionsWithDumps, c as StaticRpcDumpManifest, d as StaticRpcDumpManifestValue, f as StaticRpcDumpSerialization, i as dumpFunctions, l as StaticRpcDumpManifestQueryEntry, n as serializeDumpError, o as StaticRpcDumpCollection, p as collectStaticRpcDump, r as createClientFromDump, s as StaticRpcDumpFile, t as reviveDumpError, u as StaticRpcDumpManifestStaticEntry } from "../index-DXHWuwJk.mjs";
|
|
2
2
|
export { StaticRpcDumpCollection, StaticRpcDumpFile, StaticRpcDumpManifest, StaticRpcDumpManifestQueryEntry, StaticRpcDumpManifestStaticEntry, StaticRpcDumpManifestValue, StaticRpcDumpSerialization, collectStaticRpcDump, createClientFromDump, dumpFunctions, getDefinitionsWithDumps, reviveDumpError, serializeDumpError };
|
package/dist/rpc/dump.mjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as dumpFunctions, c as serializeDumpError, i as createClientFromDump, o as getDefinitionsWithDumps, s as reviveDumpError, t as collectStaticRpcDump } from "../dump-
|
|
1
|
+
import { a as dumpFunctions, c as serializeDumpError, i as createClientFromDump, o as getDefinitionsWithDumps, s as reviveDumpError, t as collectStaticRpcDump } from "../dump-DoXkj4ku.mjs";
|
|
2
2
|
export { collectStaticRpcDump, createClientFromDump, dumpFunctions, getDefinitionsWithDumps, reviveDumpError, serializeDumpError };
|