devframe 0.6.0-beta.1 → 0.6.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/dist/adapters/build.d.mts +1 -1
  2. package/dist/adapters/build.mjs +2 -2
  3. package/dist/adapters/cli.d.mts +1 -1
  4. package/dist/adapters/cli.mjs +1 -1
  5. package/dist/adapters/dev.d.mts +2 -2
  6. package/dist/adapters/dev.mjs +1 -1
  7. package/dist/adapters/embedded.d.mts +1 -1
  8. package/dist/adapters/mcp.d.mts +1 -1
  9. package/dist/adapters/mcp.mjs +3 -3
  10. package/dist/client/index.d.mts +2 -2
  11. package/dist/client/index.mjs +56 -22
  12. package/dist/constants.d.mts +24 -1
  13. package/dist/constants.mjs +26 -1
  14. package/dist/{context-o-TwncyP.d.mts → context-B_I9fMBc.d.mts} +1 -1
  15. package/dist/{context-3x_bgBgZ.mjs → context-CKJheEtf.mjs} +2 -2
  16. package/dist/{dev-CSpLSEVh.mjs → dev-DSxKFn-v.mjs} +4 -4
  17. package/dist/{devframe-BwfavB78.d.mts → devframe-DgvncQy2.d.mts} +20 -4
  18. package/dist/{dump-DoXkj4ku.mjs → dump-D09PZb7T.mjs} +14 -4
  19. package/dist/{hash-DFc5WwhO.mjs → hash-PAfnyu2k.mjs} +1 -1
  20. package/dist/helpers/vite.d.mts +1 -1
  21. package/dist/helpers/vite.mjs +2 -2
  22. package/dist/{host-h3-C5SZlk03.mjs → host-h3-Dsf-Tgwx.mjs} +37 -11
  23. package/dist/index-B4lNDq5v.d.mts +107 -0
  24. package/dist/{index-CxaPKDXX.d.mts → index-Dy6GFDRf.d.mts} +1 -0
  25. package/dist/index.d.mts +3 -3
  26. package/dist/{launch-editor-CgXBgviI.mjs → launch-editor-DIzaS5EG.mjs} +146 -56
  27. package/dist/node/auth.d.mts +2 -64
  28. package/dist/node/auth.mjs +2 -100
  29. package/dist/node/hub-internals.d.mts +2 -2
  30. package/dist/node/hub-internals.mjs +1 -1
  31. package/dist/node/index.d.mts +4 -4
  32. package/dist/node/index.mjs +3 -3
  33. package/dist/recipes/interactive-auth.d.mts +53 -0
  34. package/dist/recipes/interactive-auth.mjs +132 -0
  35. package/dist/recipes/open-helpers.mjs +2 -2
  36. package/dist/{revoke-ENfxWkFK.mjs → revoke-BtQDKTp7.mjs} +1 -1
  37. package/dist/rpc/dump.mjs +1 -1
  38. package/dist/rpc/index.d.mts +2 -2
  39. package/dist/rpc/index.mjs +4 -1
  40. package/dist/rpc/transports/ws-client.mjs +21 -8
  41. package/dist/rpc/transports/ws-server.d.mts +2 -2
  42. package/dist/rpc/transports/ws-server.mjs +36 -7
  43. package/dist/{server-wyY3zh67.mjs → server-BdN41ckC.mjs} +37 -4
  44. package/dist/server-DXPq8q0K.d.mts +121 -0
  45. package/dist/{shared-state-D4PPieA0.mjs → shared-state-QtMas0NG.mjs} +34 -4
  46. package/dist/state-WX3HT5a3.mjs +101 -0
  47. package/dist/{storage-l2ezeend.mjs → storage-yrUZaiib.mjs} +55 -6
  48. package/dist/types/index.d.mts +3 -3
  49. package/dist/utils/crypto-token.mjs +1 -1
  50. package/dist/utils/events.d.mts +1 -1
  51. package/dist/utils/hash.mjs +1 -1
  52. package/dist/utils/launch-editor.mjs +1 -1
  53. package/dist/utils/open.mjs +1 -1
  54. package/dist/utils/serve-static.mjs +2 -1
  55. package/dist/utils/shared-state.d.mts +1 -1
  56. package/dist/utils/shared-state.mjs +1 -1
  57. package/dist/utils/streaming-channel.d.mts +1 -1
  58. package/dist/utils/when.d.mts +1 -1
  59. package/dist/{ws-server-BVVMDo2n.d.mts → ws-server-Bc2wBHl-.d.mts} +17 -1
  60. package/package.json +10 -9
  61. package/dist/server-oju7PTi2.d.mts +0 -82
  62. package/dist/{open-Dusa2Zzd.mjs → open-Deb5xmIT.mjs} +1 -1
@@ -0,0 +1,107 @@
1
+ import { L as SharedState, h as DevframeNodeRpcSession, m as DevframeNodeContext } from "./devframe-DgvncQy2.mjs";
2
+ import { v as RpcFunctionDefinitionAny } from "./types-DZEx4ffs.mjs";
3
+ import { n as InternalAnonymousAuthStorage } from "./context-B_I9fMBc.mjs";
4
+ import { Peer } from "crossws";
5
+
6
+ //#region src/node/auth/handler.d.ts
7
+ /**
8
+ * A ready-made pre-auth RPC handler, as produced by
9
+ * `devframe/recipes/interactive-auth`'s `createInteractiveAuth`. Bundles
10
+ * everything a host adapter needs to wire an authenticated server:
11
+ * the handshake RPC functions, the resolver gate, the connect-time trust
12
+ * hook, and the startup banner.
13
+ *
14
+ * `startHttpAndWs` accepts one of these directly via its `auth` option —
15
+ * see {@link https://devfra.me | devframe}'s server docs — or a host can
16
+ * wire the four pieces itself against a lower-level transport.
17
+ */
18
+ interface DevframeAuthHandler {
19
+ /**
20
+ * `anonymous:devframe:auth` + `anonymous:devframe:auth:exchange` (the
21
+ * handshake) and `devframe:auth:revoke` (self-revoke) — register these on
22
+ * the RPC host (e.g. `rpcHost.register(fn)` for each).
23
+ */
24
+ rpcFunctions: RpcFunctionDefinitionAny[];
25
+ /**
26
+ * Resolver gate: whether `methodName` is callable given `session`'s
27
+ * current trust state. Defaults to allowing any `anonymous:`-prefixed
28
+ * method (see `isAnonymousRpcMethod`) plus anything once the session is
29
+ * trusted.
30
+ */
31
+ authorize: (methodName: string, session: DevframeNodeRpcSession) => boolean;
32
+ /**
33
+ * Connect-time trust: reads a bearer token off the peer's upgrade request
34
+ * (an `Authorization: Bearer <token>` header, or a static/pre-shared
35
+ * token from `clientAuthTokens`) and, when valid, marks the session
36
+ * trusted immediately — before the client's own handshake call.
37
+ */
38
+ onConnect: (peer: Peer, session: DevframeNodeRpcSession) => void;
39
+ /**
40
+ * Print the current one-time code and its magic-link URL. Devframe stays
41
+ * headless — call this yourself once the server is listening. Safe to
42
+ * call repeatedly; it only prints once per code.
43
+ */
44
+ printBanner: () => void;
45
+ }
46
+ //#endregion
47
+ //#region src/node/auth/revoke.d.ts
48
+ /**
49
+ * Flip `isTrusted` to false on any live WS clients connected with `token`
50
+ * and broadcast the `auth:revoked` event so they can react.
51
+ *
52
+ * Shared between persisted-auth revocation and remote-dock token revocation.
53
+ */
54
+ declare function revokeActiveConnectionsForToken(context: DevframeNodeContext, token: string): Promise<void>;
55
+ /**
56
+ * Revoke an auth token: remove from storage and notify all connected clients
57
+ * using this token that they are no longer trusted.
58
+ */
59
+ declare function revokeAuthToken(context: DevframeNodeContext, storage: SharedState<InternalAnonymousAuthStorage>, token: string): Promise<void>;
60
+ //#endregion
61
+ //#region src/node/auth/state.d.ts
62
+ /**
63
+ * The current one-time authentication code. Display this to the user (e.g. in
64
+ * the dev-server terminal) so they can type it into the browser to authenticate.
65
+ */
66
+ declare function getTempAuthCode(): string;
67
+ /**
68
+ * Rotate the authentication code, resetting its expiry window and failed-attempt
69
+ * counter. Call this when a new authentication flow begins (e.g. when an
70
+ * untrusted client starts authenticating) so the displayed code is freshly
71
+ * valid for its full TTL.
72
+ */
73
+ declare function refreshTempAuthCode(): string;
74
+ /**
75
+ * Build a "magic link" authentication URL that embeds a one-time code (OTP) as
76
+ * a query parameter. Opening it authenticates the client without typing — print
77
+ * it on startup (devframe stays headless, so the host prints its own banner).
78
+ * Defaults to the current code; the link is subject to the same TTL.
79
+ */
80
+ declare function buildOtpAuthUrl(baseUrl: string, code?: string): string;
81
+ /**
82
+ * Re-authenticate a connection that presents a previously-issued bearer token.
83
+ * Returns `true` and marks the session trusted when the token is known.
84
+ *
85
+ * Used by the `anonymous:devframe:auth` handler so a client that already
86
+ * authenticated (token persisted in the browser) is trusted on reconnect
87
+ * without entering the code again.
88
+ */
89
+ declare function verifyAuthToken(token: string, session: DevframeNodeRpcSession, storage: SharedState<InternalAnonymousAuthStorage>): boolean;
90
+ /**
91
+ * Exchange a one-time authentication code for a fresh, node-issued bearer token.
92
+ *
93
+ * On success this mints a high-entropy token, records it in the trusted store,
94
+ * marks the calling session trusted, rotates the code, and returns the token
95
+ * for the client to persist. Returns `null` on any failure.
96
+ *
97
+ * Because the code is short and human-typed, verification is hardened against
98
+ * brute force: it enforces a time-to-live, compares in constant time, and
99
+ * rotates the code after {@link TEMP_AUTH_MAX_ATTEMPTS} failed attempts so an
100
+ * attacker cannot keep guessing against the same code.
101
+ */
102
+ declare function exchangeTempAuthCode(code: string, session: DevframeNodeRpcSession, info: {
103
+ ua: string;
104
+ origin: string;
105
+ }, storage: SharedState<InternalAnonymousAuthStorage>): string | null;
106
+ //#endregion
107
+ export { verifyAuthToken as a, DevframeAuthHandler as c, refreshTempAuthCode as i, exchangeTempAuthCode as n, revokeActiveConnectionsForToken as o, getTempAuthCode as r, revokeAuthToken as s, buildOtpAuthUrl as t };
@@ -16,6 +16,7 @@ declare class RpcCacheManager {
16
16
  constructor(options: RpcCacheOptions);
17
17
  updateOptions(options: Partial<RpcCacheOptions>): void;
18
18
  cached<T>(m: string, a: unknown[]): T | undefined;
19
+ has(m: string, a: unknown[]): boolean;
19
20
  apply(req: {
20
21
  m: string;
21
22
  a: unknown[];
package/dist/index.d.mts CHANGED
@@ -1,8 +1,8 @@
1
- import { $ as ScopedServerFunctions, G as DevframeScopedNodeContext, H as EntriesToObject, J as DevframeSettings, K as DevframeScopedNodeRpc, Q as ScopedClientFunctions, S as RpcStreamingHost, St as EventsMap, U as PartialWithoutId, W as Thenable, X as DevframeSettingsStore, Y as DevframeSettingsRegistry, Z as ScopedBroadcastOptions, _ as RpcFunctionsHost, _t as AgentToolInput, a as DevframeDuplicationStrategy, at as DevframeRpcSharedStates, b as RpcStreamingChannel, bt as EventEmitter, c as DevframeSpaOptions, ct as DevframeDiagnosticsDefinition, d as ConnectionMeta, dt as AgentHandle, et as ScopedSharedStates, f as ConnectionMetaWebsocket, ft as AgentManifest, g as RpcBroadcastOptions, gt as AgentTool, h as DevframeNodeRpcSession, ht as AgentResourceInput, i as DevframeDeploymentKind, it as DevframeRpcServerFunctions, l as DevframeWsOptions, lt as DevframeDiagnosticsHost, m as DevframeNodeContext, mt as AgentResourceContent, n as DevframeCliOptions, nt as DevframeViewHost, o as DevframeRuntime, ot as DevframeHost, p as DevframeCapabilities, pt as AgentResource, q as DevframeScopedStreamingHost, r as DevframeDefinition, rt as DevframeRpcClientFunctions, s as DevframeSetupInfo, st as DevframeDefineDiagnosticsOptions, t as DevframeBrowserContext, tt as SettingsForNamespace, u as defineDevframe, ut as DevframeDiagnosticsLogger, v as RpcSharedStateGetOptions, vt as DevframeAgentHost, x as RpcStreamingChannelOptions, xt as EventUnsubscribe, y as RpcSharedStateHost, yt as DevframeAgentHostEvents } from "./devframe-BwfavB78.mjs";
1
+ import { $ as ScopedServerFunctions, G as DevframeScopedNodeContext, H as EntriesToObject, J as DevframeSettings, K as DevframeScopedNodeRpc, Q as ScopedClientFunctions, S as RpcStreamingHost, St as EventsMap, U as PartialWithoutId, W as Thenable, X as DevframeSettingsStore, Y as DevframeSettingsRegistry, Z as ScopedBroadcastOptions, _ as RpcFunctionsHost, _t as AgentToolInput, a as DevframeDuplicationStrategy, at as DevframeRpcSharedStates, b as RpcStreamingChannel, bt as EventEmitter, c as DevframeSpaOptions, ct as DevframeDiagnosticsDefinition, d as ConnectionMeta, dt as AgentHandle, et as ScopedSharedStates, f as ConnectionMetaWebsocket, ft as AgentManifest, g as RpcBroadcastOptions, gt as AgentTool, h as DevframeNodeRpcSession, ht as AgentResourceInput, i as DevframeDeploymentKind, it as DevframeRpcServerFunctions, l as DevframeWsOptions, lt as DevframeDiagnosticsHost, m as DevframeNodeContext, mt as AgentResourceContent, n as DevframeCliOptions, nt as DevframeViewHost, o as DevframeRuntime, ot as DevframeHost, p as DevframeCapabilities, pt as AgentResource, q as DevframeScopedStreamingHost, r as DevframeDefinition, rt as DevframeRpcClientFunctions, s as DevframeSetupInfo, st as DevframeDefineDiagnosticsOptions, t as DevframeBrowserContext, tt as SettingsForNamespace, u as defineDevframe, ut as DevframeDiagnosticsLogger, v as RpcSharedStateGetOptions, vt as DevframeAgentHost, x as RpcStreamingChannelOptions, xt as EventUnsubscribe, y as RpcSharedStateHost, yt as DevframeAgentHostEvents } from "./devframe-DgvncQy2.mjs";
2
2
  import { C as RpcFunctionType, T as RpcReturnSchema, _ as RpcFunctionDefinition, g as RpcFunctionAgentOptions, i as RpcArgsSchema } from "./types-DZEx4ffs.mjs";
3
- import { t as DevframeNodeRpcSessionMeta } from "./ws-server-BVVMDo2n.mjs";
3
+ import { t as DevframeNodeRpcSessionMeta } from "./ws-server-Bc2wBHl-.mjs";
4
4
 
5
5
  //#region src/define.d.ts
6
6
  declare const defineRpcFunction: <NAME extends string, TYPE extends RpcFunctionType, ARGS extends any[], RETURN = void, const AS extends RpcArgsSchema | undefined = undefined, const RS extends RpcReturnSchema | undefined = undefined>(definition: RpcFunctionDefinition<NAME, TYPE, ARGS, RETURN, AS, RS, DevframeNodeContext>) => RpcFunctionDefinition<NAME, TYPE, ARGS, RETURN, AS, RS, DevframeNodeContext>;
7
7
  //#endregion
8
- export { AgentHandle, AgentManifest, AgentResource, AgentResourceContent, AgentResourceInput, AgentTool, AgentToolInput, ConnectionMeta, ConnectionMetaWebsocket, DevframeAgentHost, DevframeAgentHostEvents, DevframeBrowserContext, DevframeCapabilities, DevframeCliOptions, DevframeDefineDiagnosticsOptions, DevframeDefinition, DevframeDeploymentKind, DevframeDiagnosticsDefinition, DevframeDiagnosticsHost, DevframeDiagnosticsLogger, DevframeDuplicationStrategy, DevframeHost, DevframeNodeContext, DevframeNodeRpcSession, DevframeNodeRpcSessionMeta, DevframeRpcClientFunctions, DevframeRpcServerFunctions, DevframeRpcSharedStates, DevframeRuntime, DevframeScopedNodeContext, DevframeScopedNodeRpc, DevframeScopedStreamingHost, DevframeSettings, DevframeSettingsRegistry, DevframeSettingsStore, DevframeSetupInfo, DevframeSpaOptions, DevframeViewHost, DevframeWsOptions, EntriesToObject, EventEmitter, EventUnsubscribe, EventsMap, PartialWithoutId, RpcBroadcastOptions, RpcFunctionAgentOptions, RpcFunctionsHost, RpcSharedStateGetOptions, RpcSharedStateHost, RpcStreamingChannel, RpcStreamingChannelOptions, RpcStreamingHost, ScopedBroadcastOptions, ScopedClientFunctions, ScopedServerFunctions, ScopedSharedStates, SettingsForNamespace, Thenable, defineDevframe, defineRpcFunction };
8
+ export { type AgentHandle, type AgentManifest, type AgentResource, type AgentResourceContent, type AgentResourceInput, type AgentTool, type AgentToolInput, type ConnectionMeta, type ConnectionMetaWebsocket, type DevframeAgentHost, type DevframeAgentHostEvents, type DevframeBrowserContext, type DevframeCapabilities, type DevframeCliOptions, type DevframeDefineDiagnosticsOptions, type DevframeDefinition, type DevframeDeploymentKind, type DevframeDiagnosticsDefinition, type DevframeDiagnosticsHost, type DevframeDiagnosticsLogger, type DevframeDuplicationStrategy, type DevframeHost, type DevframeNodeContext, type DevframeNodeRpcSession, type DevframeNodeRpcSessionMeta, type DevframeRpcClientFunctions, type DevframeRpcServerFunctions, type DevframeRpcSharedStates, type DevframeRuntime, type DevframeScopedNodeContext, type DevframeScopedNodeRpc, type DevframeScopedStreamingHost, type DevframeSettings, type DevframeSettingsRegistry, type DevframeSettingsStore, type DevframeSetupInfo, type DevframeSpaOptions, type DevframeViewHost, type DevframeWsOptions, type EntriesToObject, type EventEmitter, type EventUnsubscribe, type EventsMap, type PartialWithoutId, type RpcBroadcastOptions, type RpcFunctionAgentOptions, type RpcFunctionsHost, type RpcSharedStateGetOptions, type RpcSharedStateHost, type RpcStreamingChannel, type RpcStreamingChannelOptions, type RpcStreamingHost, type ScopedBroadcastOptions, type ScopedClientFunctions, type ScopedServerFunctions, type ScopedSharedStates, type SettingsForNamespace, type Thenable, type defineDevframe, defineRpcFunction };
@@ -21,7 +21,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
21
21
  value: mod,
22
22
  enumerable: true
23
23
  }) : target, mod));
24
- var __require = /* @__PURE__ */ createRequire(import.meta.url);
24
+ var __require = /* #__PURE__ */ (() => createRequire(import.meta.url))();
25
25
  //#endregion
26
26
  //#region ../../node_modules/.pnpm/picocolors@1.1.1/node_modules/picocolors/picocolors.js
27
27
  var require_picocolors = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -91,21 +91,66 @@ var require_picocolors = /* @__PURE__ */ __commonJSMin(((exports, module) => {
91
91
  module.exports.createColors = createColors;
92
92
  }));
93
93
  //#endregion
94
- //#region ../../node_modules/.pnpm/shell-quote@1.8.3/node_modules/shell-quote/quote.js
94
+ //#region ../../node_modules/.pnpm/shell-quote@1.9.0/node_modules/shell-quote/quote.js
95
95
  var require_quote = /* @__PURE__ */ __commonJSMin(((exports, module) => {
96
+ /** @import { ControlOperator } from './parse' */
97
+ /** @type {ControlOperator['op'][]} */
98
+ var OPS = [
99
+ "||",
100
+ "&&",
101
+ ";;",
102
+ "|&",
103
+ "<(",
104
+ "<<<",
105
+ ">>",
106
+ ">&",
107
+ "<&",
108
+ "&",
109
+ ";",
110
+ "(",
111
+ ")",
112
+ "|",
113
+ "<",
114
+ ">"
115
+ ];
116
+ var LINE_TERMINATORS = /[\n\r\u2028\u2029]/;
117
+ var GLOB_SHELL_SPECIAL = /[\s#!"$&'():;<=>@\\^`|]/g;
118
+ /** @type {import('./quote')} */
96
119
  module.exports = function quote(xs) {
97
120
  return xs.map(function(s) {
98
121
  if (s === "") return "''";
99
- if (s && typeof s === "object") return s.op.replace(/(.)/g, "\\$1");
122
+ if (s && typeof s === "object") {
123
+ if ("op" in s && s.op === "glob") {
124
+ if (typeof s.pattern !== "string") throw new TypeError("glob token requires a string `pattern`");
125
+ if (LINE_TERMINATORS.test(s.pattern)) throw new TypeError("glob `pattern` must not contain line terminators");
126
+ return s.pattern.replace(GLOB_SHELL_SPECIAL, "\\$&");
127
+ }
128
+ if ("op" in s && typeof s.op === "string") {
129
+ if (OPS.indexOf(s.op) < 0) throw new TypeError("invalid `op` value: " + JSON.stringify(s.op));
130
+ return s.op.replace(/[\s\S]/g, "\\$&");
131
+ }
132
+ if ("comment" in s && typeof s.comment === "string") {
133
+ if (LINE_TERMINATORS.test(s.comment)) throw new TypeError("`comment` must not contain line terminators");
134
+ return "#" + s.comment;
135
+ }
136
+ throw new TypeError("unrecognized object token shape");
137
+ }
100
138
  if (/["\s\\]/.test(s) && !/'/.test(s)) return "'" + s.replace(/(['])/g, "\\$1") + "'";
101
139
  if (/["'\s]/.test(s)) return "\"" + s.replace(/(["\\$`!])/g, "\\$1") + "\"";
102
- return String(s).replace(/([A-Za-z]:)?([#!"$&'()*,:;<=>?@[\\\]^`{|}])/g, "$1\\$2");
140
+ return String(s).replace(/([A-Za-z]:)?([#!"$&'()*,:;<=>?@[\\\]^`{|}~])/g, "$1\\$2");
103
141
  }).join(" ");
104
142
  };
105
143
  }));
106
144
  //#endregion
107
- //#region ../../node_modules/.pnpm/shell-quote@1.8.3/node_modules/shell-quote/parse.js
145
+ //#region ../../node_modules/.pnpm/shell-quote@1.9.0/node_modules/shell-quote/parse.js
108
146
  var require_parse = /* @__PURE__ */ __commonJSMin(((exports, module) => {
147
+ /**
148
+ * @import {
149
+ * ControlOperator,
150
+ * Env,
151
+ * GlobPattern,
152
+ * ParseEntry,
153
+ * } from './parse' */
109
154
  var CONTROL = "(?:" + [
110
155
  "\\|\\|",
111
156
  "\\&\\&",
@@ -130,17 +175,26 @@ var require_parse = /* @__PURE__ */ __commonJSMin(((exports, module) => {
130
175
  var mult = 4294967296;
131
176
  for (var i = 0; i < 4; i++) TOKEN += (mult * Math.random()).toString(16);
132
177
  var startsWithToken = new RegExp("^" + TOKEN);
178
+ /**
179
+ * @param {string} s
180
+ * @param {RegExp} r
181
+ */
133
182
  function matchAll(s, r) {
134
183
  var origIndex = r.lastIndex;
135
184
  var matches = [];
136
185
  var matchObj;
137
186
  while (matchObj = r.exec(s)) {
138
- matches.push(matchObj);
187
+ matches[matches.length] = matchObj;
139
188
  if (r.lastIndex === matchObj.index) r.lastIndex += 1;
140
189
  }
141
190
  r.lastIndex = origIndex;
142
191
  return matches;
143
192
  }
193
+ /**
194
+ * @param {Env} env
195
+ * @param {string} pre
196
+ * @param {string} key
197
+ */
144
198
  function getVar(env, pre, key) {
145
199
  var r = typeof env === "function" ? env(key) : env[key];
146
200
  if (typeof r === "undefined" && key != "") r = "";
@@ -148,6 +202,12 @@ var require_parse = /* @__PURE__ */ __commonJSMin(((exports, module) => {
148
202
  if (typeof r === "object") return pre + TOKEN + JSON.stringify(r) + TOKEN;
149
203
  return pre + r;
150
204
  }
205
+ /**
206
+ * @param {string} string
207
+ * @param {Env} [env]
208
+ * @param {{ escape?: string }} [opts]
209
+ * @returns {ParseEntry[]}
210
+ */
151
211
  function parseInternal(string, env, opts) {
152
212
  if (!opts) opts = {};
153
213
  var BS = opts.escape || "\\";
@@ -160,14 +220,18 @@ var require_parse = /* @__PURE__ */ __commonJSMin(((exports, module) => {
160
220
  var s = match[0];
161
221
  if (!s || commented) return;
162
222
  if (controlRE.test(s)) return { op: s };
223
+ /** @type {string | boolean} */
163
224
  var quote = false;
164
225
  var esc = false;
165
226
  var out = "";
166
227
  var isGlob = false;
228
+ /** @type {number} */
167
229
  var i;
168
230
  function parseEnvVar() {
169
231
  i += 1;
232
+ /** @type {number | RegExpMatchArray | null} */
170
233
  var varend;
234
+ /** @type {string} */
171
235
  var varname;
172
236
  var char = s.charAt(i);
173
237
  if (char === "{") {
@@ -225,31 +289,42 @@ var require_parse = /* @__PURE__ */ __commonJSMin(((exports, module) => {
225
289
  };
226
290
  return out;
227
291
  }).reduce(function(prev, arg) {
228
- return typeof arg === "undefined" ? prev : prev.concat(arg);
292
+ if (typeof arg === "undefined") return prev;
293
+ /** @type {ParseEntry[]} */ [].concat(arg).forEach(function(entry) {
294
+ prev[prev.length] = entry;
295
+ });
296
+ return prev;
229
297
  }, []);
230
298
  }
299
+ /** @type {import('./parse')} */
231
300
  module.exports = function parse(s, env, opts) {
232
301
  var mapped = parseInternal(s, env, opts);
233
302
  if (typeof env !== "function") return mapped;
234
303
  return mapped.reduce(function(acc, s) {
235
- if (typeof s === "object") return acc.concat(s);
304
+ if (typeof s === "object") {
305
+ acc[acc.length] = s;
306
+ return acc;
307
+ }
236
308
  var xs = s.split(RegExp("(" + TOKEN + ".*?" + TOKEN + ")", "g"));
237
- if (xs.length === 1) return acc.concat(xs[0]);
238
- return acc.concat(xs.filter(Boolean).map(function(x) {
239
- if (startsWithToken.test(x)) return JSON.parse(x.split(TOKEN)[1]);
240
- return x;
241
- }));
309
+ if (xs.length === 1) {
310
+ acc[acc.length] = xs[0];
311
+ return acc;
312
+ }
313
+ xs.filter(Boolean).forEach(function(x) {
314
+ acc[acc.length] = startsWithToken.test(x) ? JSON.parse(x.split(TOKEN)[1]) : x;
315
+ });
316
+ return acc;
242
317
  }, []);
243
318
  };
244
319
  }));
245
320
  //#endregion
246
- //#region ../../node_modules/.pnpm/shell-quote@1.8.3/node_modules/shell-quote/index.js
321
+ //#region ../../node_modules/.pnpm/shell-quote@1.9.0/node_modules/shell-quote/index.js
247
322
  var require_shell_quote = /* @__PURE__ */ __commonJSMin(((exports) => {
248
323
  exports.quote = require_quote();
249
324
  exports.parse = require_parse();
250
325
  }));
251
326
  //#endregion
252
- //#region ../../node_modules/.pnpm/launch-editor@2.13.2/node_modules/launch-editor/editor-info/macos.js
327
+ //#region ../../node_modules/.pnpm/launch-editor@2.14.1/node_modules/launch-editor/editor-info/macos.js
253
328
  var require_macos = /* @__PURE__ */ __commonJSMin(((exports, module) => {
254
329
  module.exports = {
255
330
  "/Applications/Atom.app/Contents/MacOS/Atom": "atom",
@@ -284,7 +359,7 @@ var require_macos = /* @__PURE__ */ __commonJSMin(((exports, module) => {
284
359
  };
285
360
  }));
286
361
  //#endregion
287
- //#region ../../node_modules/.pnpm/launch-editor@2.13.2/node_modules/launch-editor/editor-info/linux.js
362
+ //#region ../../node_modules/.pnpm/launch-editor@2.14.1/node_modules/launch-editor/editor-info/linux.js
288
363
  var require_linux = /* @__PURE__ */ __commonJSMin(((exports, module) => {
289
364
  module.exports = {
290
365
  atom: "atom",
@@ -318,7 +393,7 @@ var require_linux = /* @__PURE__ */ __commonJSMin(((exports, module) => {
318
393
  };
319
394
  }));
320
395
  //#endregion
321
- //#region ../../node_modules/.pnpm/launch-editor@2.13.2/node_modules/launch-editor/editor-info/windows.js
396
+ //#region ../../node_modules/.pnpm/launch-editor@2.14.1/node_modules/launch-editor/editor-info/windows.js
322
397
  var require_windows = /* @__PURE__ */ __commonJSMin(((exports, module) => {
323
398
  module.exports = [
324
399
  "Brackets.exe",
@@ -351,7 +426,7 @@ var require_windows = /* @__PURE__ */ __commonJSMin(((exports, module) => {
351
426
  ];
352
427
  }));
353
428
  //#endregion
354
- //#region ../../node_modules/.pnpm/launch-editor@2.13.2/node_modules/launch-editor/guess.js
429
+ //#region ../../node_modules/.pnpm/launch-editor@2.14.1/node_modules/launch-editor/guess.js
355
430
  var require_guess = /* @__PURE__ */ __commonJSMin(((exports, module) => {
356
431
  const path$2 = __require("path");
357
432
  const shellQuote = require_shell_quote();
@@ -359,60 +434,74 @@ var require_guess = /* @__PURE__ */ __commonJSMin(((exports, module) => {
359
434
  const COMMON_EDITORS_MACOS = require_macos();
360
435
  const COMMON_EDITORS_LINUX = require_linux();
361
436
  const COMMON_EDITORS_WIN = require_windows();
362
- module.exports = function guessEditor(specifiedEditor) {
437
+ function getEditorFromMacProcesses(output) {
438
+ const processNames = Object.keys(COMMON_EDITORS_MACOS);
439
+ const processList = output.split("\n");
440
+ for (let i = 0; i < processNames.length; i++) {
441
+ const processName = processNames[i];
442
+ if (processList.includes(processName)) return COMMON_EDITORS_MACOS[processName];
443
+ const processNameWithoutApplications = processName.replace("/Applications", "");
444
+ if (output.indexOf(processNameWithoutApplications) !== -1) {
445
+ if (processName !== COMMON_EDITORS_MACOS[processName]) return COMMON_EDITORS_MACOS[processName];
446
+ const runningProcess = processList.find((procName) => procName.endsWith(processNameWithoutApplications));
447
+ if (runningProcess !== void 0) return runningProcess;
448
+ }
449
+ }
450
+ }
451
+ function getEditorFromWindowsProcesses(output) {
452
+ const runningProcesses = output.split("\r\n");
453
+ for (let i = 0; i < runningProcesses.length; i++) {
454
+ const fullProcessPath = runningProcesses[i].trim();
455
+ const shortProcessName = path$2.win32.basename(fullProcessPath);
456
+ if (COMMON_EDITORS_WIN.indexOf(shortProcessName) !== -1) return fullProcessPath;
457
+ }
458
+ }
459
+ function getEditorFromLinuxProcesses(output) {
460
+ const processNames = Object.keys(COMMON_EDITORS_LINUX);
461
+ for (let i = 0; i < processNames.length; i++) {
462
+ const processName = processNames[i];
463
+ if (output.indexOf(processName) !== -1) return COMMON_EDITORS_LINUX[processName];
464
+ }
465
+ }
466
+ function guessEditor(specifiedEditor) {
363
467
  if (specifiedEditor) return shellQuote.parse(specifiedEditor);
364
468
  if (process.env.LAUNCH_EDITOR) return [process.env.LAUNCH_EDITOR];
365
469
  if (process.versions.webcontainer) return [process.env.EDITOR || "code"];
366
470
  try {
367
471
  if (process.platform === "darwin") {
368
- const output = childProcess$1.execSync("ps x -o comm=", { stdio: [
472
+ const editor = getEditorFromMacProcesses(childProcess$1.execSync("ps x -o comm=", { stdio: [
369
473
  "pipe",
370
474
  "pipe",
371
475
  "ignore"
372
- ] }).toString();
373
- const processNames = Object.keys(COMMON_EDITORS_MACOS);
374
- const processList = output.split("\n");
375
- for (let i = 0; i < processNames.length; i++) {
376
- const processName = processNames[i];
377
- if (processList.includes(processName)) return [COMMON_EDITORS_MACOS[processName]];
378
- const processNameWithoutApplications = processName.replace("/Applications", "");
379
- if (output.indexOf(processNameWithoutApplications) !== -1) {
380
- if (processName !== COMMON_EDITORS_MACOS[processName]) return [COMMON_EDITORS_MACOS[processName]];
381
- const runningProcess = processList.find((procName) => procName.endsWith(processNameWithoutApplications));
382
- if (runningProcess !== void 0) return [runningProcess];
383
- }
384
- }
476
+ ] }).toString());
477
+ if (editor !== void 0) return [editor];
385
478
  } else if (process.platform === "win32") {
386
- const runningProcesses = childProcess$1.execSync("powershell -NoProfile -Command \"[Console]::OutputEncoding=[Text.Encoding]::UTF8;Get-CimInstance -Query \\\"select executablepath from win32_process where executablepath is not null\\\" | % { $_.ExecutablePath }\"", { stdio: [
479
+ const editor = getEditorFromWindowsProcesses(childProcess$1.execSync("powershell -NoProfile -Command \"[Console]::OutputEncoding=[Text.Encoding]::UTF8;Get-CimInstance -Query \\\"select executablepath from win32_process where executablepath is not null\\\" | % { $_.ExecutablePath }\"", { stdio: [
387
480
  "pipe",
388
481
  "pipe",
389
482
  "ignore"
390
- ] }).toString().split("\r\n");
391
- for (let i = 0; i < runningProcesses.length; i++) {
392
- const fullProcessPath = runningProcesses[i].trim();
393
- const shortProcessName = path$2.basename(fullProcessPath);
394
- if (COMMON_EDITORS_WIN.indexOf(shortProcessName) !== -1) return [fullProcessPath];
395
- }
483
+ ] }).toString());
484
+ if (editor !== void 0) return [editor];
396
485
  } else if (process.platform === "linux") {
397
- const output = childProcess$1.execSync("ps x --no-heading -o comm --sort=comm", { stdio: [
486
+ const editor = getEditorFromLinuxProcesses(childProcess$1.execSync("ps x --no-heading -o comm --sort=comm", { stdio: [
398
487
  "pipe",
399
488
  "pipe",
400
489
  "ignore"
401
- ] }).toString();
402
- const processNames = Object.keys(COMMON_EDITORS_LINUX);
403
- for (let i = 0; i < processNames.length; i++) {
404
- const processName = processNames[i];
405
- if (output.indexOf(processName) !== -1) return [COMMON_EDITORS_LINUX[processName]];
406
- }
490
+ ] }).toString());
491
+ if (editor !== void 0) return [editor];
407
492
  }
408
493
  } catch (ignoreError) {}
409
494
  if (process.env.VISUAL) return [process.env.VISUAL];
410
495
  else if (process.env.EDITOR) return [process.env.EDITOR];
411
496
  return [null];
412
- };
497
+ }
498
+ module.exports = guessEditor;
499
+ module.exports.getEditorFromMacProcesses = getEditorFromMacProcesses;
500
+ module.exports.getEditorFromWindowsProcesses = getEditorFromWindowsProcesses;
501
+ module.exports.getEditorFromLinuxProcesses = getEditorFromLinuxProcesses;
413
502
  }));
414
503
  //#endregion
415
- //#region ../../node_modules/.pnpm/launch-editor@2.13.2/node_modules/launch-editor/get-args.js
504
+ //#region ../../node_modules/.pnpm/launch-editor@2.14.1/node_modules/launch-editor/get-args.js
416
505
  var require_get_args = /* @__PURE__ */ __commonJSMin(((exports, module) => {
417
506
  const path$1 = __require("path");
418
507
  module.exports = function getArgumentsForPosition(editor, fileName, lineNumber, columnNumber = 1) {
@@ -540,11 +629,12 @@ var import_launch_editor = /* @__PURE__ */ __toESM((/* @__PURE__ */ __commonJSMi
540
629
  columnNumber: match && match[3]
541
630
  };
542
631
  }
543
- let _childProcess = null;
632
+ let currentChildProcess = null;
544
633
  function launchEditor(file, specifiedEditor, onErrorCallback) {
545
634
  const parsed = parseFile(file);
546
635
  let { fileName } = parsed;
547
636
  const { lineNumber, columnNumber } = parsed;
637
+ if (process.platform === "win32" && path.resolve(fileName).startsWith("\\\\")) return onErrorCallback(fileName, "UNC paths are not supported on Windows to avoid security issues. See https://github.com/vitejs/launch-editor/tree/main/packages/launch-editor#unc-paths-on-windows for details.");
548
638
  if (!fs.existsSync(fileName)) return;
549
639
  if (typeof specifiedEditor === "function") {
550
640
  onErrorCallback = specifiedEditor;
@@ -561,7 +651,7 @@ var import_launch_editor = /* @__PURE__ */ __toESM((/* @__PURE__ */ __commonJSMi
561
651
  const extraArgs = getArgumentsForPosition(editor, fileName, lineNumber, columnNumber);
562
652
  args.push.apply(args, extraArgs);
563
653
  } else args.push(fileName);
564
- if (_childProcess && isTerminalEditor(editor)) _childProcess.kill("SIGKILL");
654
+ if (currentChildProcess && isTerminalEditor(editor)) currentChildProcess.kill("SIGKILL");
565
655
  if (process.platform === "win32") {
566
656
  function escapeCmdArgs(cmdArgs) {
567
657
  return cmdArgs.replace(/([&|<>,;=^])/g, "^$1");
@@ -572,16 +662,16 @@ var import_launch_editor = /* @__PURE__ */ __toESM((/* @__PURE__ */ __commonJSMi
572
662
  return str;
573
663
  }
574
664
  const launchCommand = [editor, ...args.map(escapeCmdArgs)].map(doubleQuoteIfNeeded).join(" ");
575
- _childProcess = childProcess.exec(launchCommand, {
665
+ currentChildProcess = childProcess.exec(launchCommand, {
576
666
  stdio: "inherit",
577
667
  shell: true
578
668
  });
579
- } else _childProcess = childProcess.spawn(editor, args, { stdio: "inherit" });
580
- _childProcess.on("exit", function(errorCode) {
581
- _childProcess = null;
669
+ } else currentChildProcess = childProcess.spawn(editor, args, { stdio: "inherit" });
670
+ currentChildProcess.on("exit", function(errorCode) {
671
+ currentChildProcess = null;
582
672
  if (errorCode) onErrorCallback(fileName, "(code " + errorCode + ")");
583
673
  });
584
- _childProcess.on("error", function(error) {
674
+ currentChildProcess.on("error", function(error) {
585
675
  let { code, message } = error;
586
676
  if ("ENOENT" === code) message = `${message} ('${editor}' command does not exist in 'PATH')`;
587
677
  onErrorCallback(fileName, message);
@@ -1,64 +1,2 @@
1
- import { L as SharedState, h as DevframeNodeRpcSession, m as DevframeNodeContext } from "../devframe-BwfavB78.mjs";
2
- import { n as InternalAnonymousAuthStorage } from "../context-o-TwncyP.mjs";
3
-
4
- //#region src/node/auth/revoke.d.ts
5
- /**
6
- * Flip `isTrusted` to false on any live WS clients connected with `token`
7
- * and broadcast the `auth:revoked` event so they can react.
8
- *
9
- * Shared between persisted-auth revocation and remote-dock token revocation.
10
- */
11
- declare function revokeActiveConnectionsForToken(context: DevframeNodeContext, token: string): Promise<void>;
12
- /**
13
- * Revoke an auth token: remove from storage and notify all connected clients
14
- * using this token that they are no longer trusted.
15
- */
16
- declare function revokeAuthToken(context: DevframeNodeContext, storage: SharedState<InternalAnonymousAuthStorage>, token: string): Promise<void>;
17
- //#endregion
18
- //#region src/node/auth/state.d.ts
19
- /**
20
- * The current one-time authentication code. Display this to the user (e.g. in
21
- * the dev-server terminal) so they can type it into the browser to authenticate.
22
- */
23
- declare function getTempAuthCode(): string;
24
- /**
25
- * Rotate the authentication code, resetting its expiry window and failed-attempt
26
- * counter. Call this when a new authentication flow begins (e.g. when an
27
- * untrusted client starts authenticating) so the displayed code is freshly
28
- * valid for its full TTL.
29
- */
30
- declare function refreshTempAuthCode(): string;
31
- /**
32
- * Build a "magic link" authentication URL that embeds a one-time code (OTP) as
33
- * a query parameter. Opening it authenticates the client without typing — print
34
- * it on startup (devframe stays headless, so the host prints its own banner).
35
- * Defaults to the current code; the link is subject to the same TTL.
36
- */
37
- declare function buildOtpAuthUrl(baseUrl: string, code?: string): string;
38
- /**
39
- * Re-authenticate a connection that presents a previously-issued bearer token.
40
- * Returns `true` and marks the session trusted when the token is known.
41
- *
42
- * Used by the `devframe:anonymous:auth` handler so a client that already
43
- * authenticated (token persisted in the browser) is trusted on reconnect
44
- * without entering the code again.
45
- */
46
- declare function verifyAuthToken(token: string, session: DevframeNodeRpcSession, storage: SharedState<InternalAnonymousAuthStorage>): boolean;
47
- /**
48
- * Exchange a one-time authentication code for a fresh, node-issued bearer token.
49
- *
50
- * On success this mints a high-entropy token, records it in the trusted store,
51
- * marks the calling session trusted, rotates the code, and returns the token
52
- * for the client to persist. Returns `null` on any failure.
53
- *
54
- * Because the code is short and human-typed, verification is hardened against
55
- * brute force: it enforces a time-to-live, compares in constant time, and
56
- * rotates the code after {@link TEMP_AUTH_MAX_ATTEMPTS} failed attempts so an
57
- * attacker cannot keep guessing against the same code.
58
- */
59
- declare function exchangeTempAuthCode(code: string, session: DevframeNodeRpcSession, info: {
60
- ua: string;
61
- origin: string;
62
- }, storage: SharedState<InternalAnonymousAuthStorage>): string | null;
63
- //#endregion
64
- export { buildOtpAuthUrl, exchangeTempAuthCode, getTempAuthCode, refreshTempAuthCode, revokeActiveConnectionsForToken, revokeAuthToken, verifyAuthToken };
1
+ import { a as verifyAuthToken, c as DevframeAuthHandler, i as refreshTempAuthCode, n as exchangeTempAuthCode, o as revokeActiveConnectionsForToken, r as getTempAuthCode, s as revokeAuthToken, t as buildOtpAuthUrl } from "../index-B4lNDq5v.mjs";
2
+ export { DevframeAuthHandler, buildOtpAuthUrl, exchangeTempAuthCode, getTempAuthCode, refreshTempAuthCode, revokeActiveConnectionsForToken, revokeAuthToken, verifyAuthToken };