npm - git-daemon - Versions diffs - 0.1.0 - Mend

git-daemon 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/.eslintrc.cjs +18 -0
package/README.md +143 -0
package/config.schema.json +180 -0
package/design.md +481 -0
package/logo.png +0 -0
package/openapi.yaml +678 -0
package/package.json +41 -0
package/src/app.ts +459 -0
package/src/approvals.ts +35 -0
package/src/config.ts +104 -0
package/src/context.ts +64 -0
package/src/daemon.ts +22 -0
package/src/deps.ts +134 -0
package/src/errors.ts +76 -0
package/src/git.ts +160 -0
package/src/jobs.ts +194 -0
package/src/logger.ts +26 -0
package/src/os.ts +45 -0
package/src/pairing.ts +52 -0
package/src/process.ts +55 -0
package/src/security.ts +80 -0
package/src/tokens.ts +95 -0
package/src/tools.ts +45 -0
package/src/types.ts +111 -0
package/src/typings/tree-kill.d.ts +9 -0
package/src/validation.ts +69 -0
package/src/workspace.ts +83 -0
package/tests/app.test.ts +122 -0
package/tsconfig.json +14 -0
package/vitest.config.ts +8 -0

package/src/app.ts ADDED Viewed

@@ -0,0 +1,459 @@
+import express from "express";
+import rateLimit from "express-rate-limit";
+import type { Logger } from "pino";
+import type { Request, Response, NextFunction } from "express";
+import { promises as fs } from "fs";
+import path from "path";
+import { createHttpLogger } from "./logger";
+import type { AppConfig, Capabilities } from "./types";
+import {
+  authGuard,
+  getOrigin,
+  hostGuard,
+  loopbackGuard,
+  originGuard,
+} from "./security";
+import {
+  errorBody,
+  ApiError,
+  internalError,
+  jobNotFound,
+  pathNotFound,
+  rateLimited,
+  repoNotFound,
+} from "./errors";
+import {
+  pairRequestSchema,
+  gitCloneRequestSchema,
+  gitFetchRequestSchema,
+  gitStatusQuerySchema,
+  osOpenRequestSchema,
+  depsInstallRequestSchema,
+} from "./validation";
+import {
+  ensureWorkspaceRoot,
+  resolveInsideWorkspace,
+  ensureRelative,
+  MissingPathError,
+} from "./workspace";
+import {
+  cloneRepo,
+  fetchRepo,
+  getRepoStatus,
+  RepoNotFoundError,
+  resolveRepoPath,
+} from "./git";
+import { installDeps } from "./deps";
+import { openTarget } from "./os";
+import type { TokenStore } from "./tokens";
+import type { PairingManager } from "./pairing";
+import type { JobManager } from "./jobs";
+import { requireApproval } from "./approvals";
+export type DaemonContext = {
+  config: AppConfig;
+  configDir: string;
+  tokenStore: TokenStore;
+  pairingManager: PairingManager;
+  jobManager: JobManager;
+  capabilities: Capabilities;
+  logger: Logger;
+  version: string;
+  build?: { commit?: string; date?: string };
+};
+const parseBody = <T>(
+  schema: {
+    safeParse: (
+      input: unknown,
+    ) =>
+      | { success: true; data: T }
+      | { success: false; error: { issues: { path: (string | number)[] }[] } };
+  },
+  body: unknown,
+  opts?: { repoUrl?: boolean },
+): T => {
+  const parsed = schema.safeParse(body);
+  if (!parsed.success) {
+    if (
+      opts?.repoUrl &&
+      parsed.error.issues.some((issue) => issue.path.includes("repoUrl"))
+    ) {
+      throw new ApiError(
+        422,
+        errorBody("invalid_repo_url", "Repository URL is invalid."),
+      );
+    }
+    throw new ApiError(422, errorBody("internal_error", "Invalid input."));
+  }
+  return parsed.data;
+};
+const rateLimitHandler = (_req: Request, res: Response) => {
+  const body = rateLimited().body;
+  res.status(429).json(body);
+};
+export const createApp = (ctx: DaemonContext) => {
+  const app = express();
+  app.disable("x-powered-by");
+  app.use(createHttpLogger(ctx.logger));
+  app.use(express.json({ limit: "256kb" }));
+  app.use(loopbackGuard());
+  app.use(hostGuard());
+  app.use(originGuard(ctx.config.originAllowlist));
+  app.use(
+    "/v1",
+    rateLimit({
+      windowMs: 5 * 60 * 1000,
+      max: 300,
+      standardHeaders: true,
+      legacyHeaders: false,
+      handler: rateLimitHandler,
+    }),
+  );
+  app.get("/v1/meta", (_req, res) => {
+    const origin = getOrigin(_req);
+    const pairingRecord = ctx.tokenStore.getActiveToken(origin);
+    res.json({
+      version: ctx.version,
+      build: ctx.build,
+      pairing: {
+        required: true,
+        paired: Boolean(pairingRecord),
+      },
+      workspace: {
+        configured: Boolean(ctx.config.workspaceRoot),
+        root: ctx.config.workspaceRoot ?? undefined,
+      },
+      capabilities: ctx.capabilities,
+    });
+  });
+  app.post(
+    "/v1/pair",
+    rateLimit({
+      windowMs: 10 * 60 * 1000,
+      max: 10,
+      standardHeaders: true,
+      legacyHeaders: false,
+      handler: rateLimitHandler,
+    }),
+    async (req, res, next) => {
+      try {
+        const origin = getOrigin(req);
+        const payload = parseBody(pairRequestSchema, req.body);
+        if (payload.step === "start") {
+          res.json(ctx.pairingManager.start(origin));
+          return;
+        }
+        const response = await ctx.pairingManager.confirm(origin, payload.code);
+        if (!response) {
+          throw new ApiError(
+            422,
+            errorBody("internal_error", "Invalid pairing code."),
+          );
+        }
+        res.json(response);
+      } catch (err) {
+        next(err);
+      }
+    },
+  );
+  app.get("/v1/jobs/:id", authGuard(ctx.tokenStore), (req, res, next) => {
+    try {
+      const job = ctx.jobManager.get(req.params.id);
+      if (!job) {
+        throw jobNotFound();
+      }
+      res.json(job.snapshot());
+    } catch (err) {
+      next(err);
+    }
+  });
+  app.get(
+    "/v1/jobs/:id/stream",
+    authGuard(ctx.tokenStore),
+    (req, res, next) => {
+      const job = ctx.jobManager.get(req.params.id);
+      if (!job) {
+        next(jobNotFound());
+        return;
+      }
+      res.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+        "X-Accel-Buffering": "no",
+      });
+      res.flushHeaders?.();
+      const sendEvent = (event: unknown) => {
+        res.write(`data: ${JSON.stringify(event)}\n\n`);
+      };
+      for (const event of job.events) {
+        sendEvent(event);
+      }
+      const listener = (event: unknown) => sendEvent(event);
+      job.emitter.on("event", listener);
+      req.on("close", () => {
+        job.emitter.off("event", listener);
+      });
+    },
+  );
+  app.post(
+    "/v1/jobs/:id/cancel",
+    authGuard(ctx.tokenStore),
+    (req, res, next) => {
+      try {
+        const job = ctx.jobManager.get(req.params.id);
+        if (!job) {
+          throw jobNotFound();
+        }
+        if (job.state !== "queued" && job.state !== "running") {
+          res
+            .status(409)
+            .json(errorBody("internal_error", "Job is not cancellable."));
+          return;
+        }
+        ctx.jobManager.cancel(job.id);
+        res.json({ accepted: true });
+      } catch (err) {
+        next(err);
+      }
+    },
+  );
+  app.post(
+    "/v1/git/clone",
+    authGuard(ctx.tokenStore),
+    async (req, res, next) => {
+      try {
+        const payload = parseBody(gitCloneRequestSchema, req.body, {
+          repoUrl: true,
+        });
+        const workspaceRoot = ensureWorkspaceRoot(ctx.config.workspaceRoot);
+        ensureRelative(payload.destRelative);
+        const destPath = await resolveInsideWorkspace(
+          workspaceRoot,
+          payload.destRelative,
+          true,
+        );
+        try {
+          await fs.access(destPath);
+          res
+            .status(409)
+            .json(errorBody("internal_error", "Destination already exists."));
+          return;
+        } catch (err) {
+          if ((err as NodeJS.ErrnoException).code !== "ENOENT") {
+            throw err;
+          }
+        }
+        await fs.mkdir(path.dirname(destPath), { recursive: true });
+        const job = ctx.jobManager.enqueue(async (jobCtx) => {
+          await cloneRepo(
+            jobCtx,
+            workspaceRoot,
+            payload.repoUrl,
+            payload.destRelative,
+            payload.options,
+          );
+        });
+        res.status(202).json({ jobId: job.id });
+      } catch (err) {
+        next(err);
+      }
+    },
+  );
+  app.post(
+    "/v1/git/fetch",
+    authGuard(ctx.tokenStore),
+    async (req, res, next) => {
+      try {
+        const payload = parseBody(gitFetchRequestSchema, req.body);
+        const workspaceRoot = ensureWorkspaceRoot(ctx.config.workspaceRoot);
+        await resolveRepoPath(workspaceRoot, payload.repoPath);
+        const job = ctx.jobManager.enqueue(async (jobCtx) => {
+          await fetchRepo(
+            jobCtx,
+            workspaceRoot,
+            payload.repoPath,
+            payload.remote,
+            payload.prune,
+          );
+        });
+        res.status(202).json({ jobId: job.id });
+      } catch (err) {
+        if (
+          err instanceof RepoNotFoundError ||
+          err instanceof MissingPathError
+        ) {
+          next(repoNotFound());
+          return;
+        }
+        next(err);
+      }
+    },
+  );
+  app.get(
+    "/v1/git/status",
+    authGuard(ctx.tokenStore),
+    async (req, res, next) => {
+      try {
+        const { repoPath } = parseBody(gitStatusQuerySchema, req.query);
+        const workspaceRoot = ensureWorkspaceRoot(ctx.config.workspaceRoot);
+        const status = await getRepoStatus(workspaceRoot, repoPath);
+        res.json(status);
+      } catch (err) {
+        if (
+          err instanceof RepoNotFoundError ||
+          err instanceof MissingPathError
+        ) {
+          next(repoNotFound());
+          return;
+        }
+        next(err);
+      }
+    },
+  );
+  app.post("/v1/os/open", authGuard(ctx.tokenStore), async (req, res, next) => {
+    try {
+      const origin = getOrigin(req);
+      const payload = parseBody(osOpenRequestSchema, req.body);
+      const workspaceRoot = ensureWorkspaceRoot(ctx.config.workspaceRoot);
+      const resolved = await resolveInsideWorkspace(
+        workspaceRoot,
+        payload.path,
+      );
+      if (payload.target === "terminal") {
+        requireApproval(
+          ctx.config,
+          origin,
+          resolved,
+          "open-terminal",
+          workspaceRoot,
+        );
+      }
+      if (payload.target === "vscode") {
+        requireApproval(
+          ctx.config,
+          origin,
+          resolved,
+          "open-vscode",
+          workspaceRoot,
+        );
+      }
+      await openTarget(payload.target, resolved);
+      res.json({ ok: true });
+    } catch (err) {
+      if (err instanceof MissingPathError) {
+        next(pathNotFound());
+        return;
+      }
+      next(err);
+    }
+  });
+  app.post(
+    "/v1/deps/install",
+    authGuard(ctx.tokenStore),
+    async (req, res, next) => {
+      try {
+        const origin = getOrigin(req);
+        const payload = parseBody(depsInstallRequestSchema, req.body);
+        const workspaceRoot = ensureWorkspaceRoot(ctx.config.workspaceRoot);
+        const resolved = await resolveInsideWorkspace(
+          workspaceRoot,
+          payload.repoPath,
+        );
+        try {
+          await fs.access(path.join(resolved, "package.json"));
+        } catch {
+          throw repoNotFound();
+        }
+        requireApproval(
+          ctx.config,
+          origin,
+          resolved,
+          "deps/install",
+          workspaceRoot,
+        );
+        const job = ctx.jobManager.enqueue(async (jobCtx) => {
+          await installDeps(jobCtx, workspaceRoot, {
+            repoPath: payload.repoPath,
+            manager: payload.manager ?? "auto",
+            mode: payload.mode ?? "auto",
+            safer: payload.safer ?? ctx.config.deps.defaultSafer,
+          });
+        });
+        res.status(202).json({ jobId: job.id });
+      } catch (err) {
+        if (err instanceof MissingPathError) {
+          next(pathNotFound());
+          return;
+        }
+        next(err);
+      }
+    },
+  );
+  app.get("/v1/diagnostics", authGuard(ctx.tokenStore), (req, res, next) => {
+    try {
+      const summary = {
+        configVersion: ctx.config.configVersion,
+        server: ctx.config.server,
+        originAllowlist: ctx.config.originAllowlist,
+        workspaceRoot: ctx.config.workspaceRoot,
+        pairing: ctx.config.pairing,
+        jobs: ctx.config.jobs,
+        deps: ctx.config.deps,
+        logging: ctx.config.logging,
+      };
+      res.json({
+        config: summary,
+        recentErrors: [],
+        jobs: ctx.jobManager.listRecent(),
+        logTail: [],
+      });
+    } catch (err) {
+      next(err);
+    }
+  });
+  app.use((err: unknown, _req: Request, res: Response, _next: NextFunction) => {
+    if (err instanceof ApiError) {
+      res.status(err.status).json(err.body);
+      return;
+    }
+    if ((err as { type?: string }).type === "entity.too.large") {
+      res
+        .status(413)
+        .json(errorBody("request_too_large", "Request too large."));
+      return;
+    }
+    ctx.logger.error({ err }, "Unhandled error");
+    const fallback = internalError();
+    res.status(fallback.status).json(fallback.body);
+  });
+  return app;
+};

package/src/approvals.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import path from "path";
+import type { AppConfig, Capability } from "./types";
+import { capabilityNotGranted } from "./errors";
+export const hasApproval = (
+  config: AppConfig,
+  origin: string,
+  repoPath: string,
+  capability: Capability,
+  workspaceRoot?: string | null,
+) =>
+  config.approvals.entries.some((entry) => {
+    if (entry.origin !== origin || !entry.capabilities.includes(capability)) {
+      return false;
+    }
+    if (entry.repoPath === repoPath) {
+      return true;
+    }
+    if (workspaceRoot && !path.isAbsolute(entry.repoPath)) {
+      return path.resolve(workspaceRoot, entry.repoPath) === repoPath;
+    }
+    return false;
+  });
+export const requireApproval = (
+  config: AppConfig,
+  origin: string,
+  repoPath: string,
+  capability: Capability,
+  workspaceRoot?: string | null,
+) => {
+  if (!hasApproval(config, origin, repoPath, capability, workspaceRoot)) {
+    throw capabilityNotGranted();
+  }
+};

package/src/config.ts ADDED Viewed

@@ -0,0 +1,104 @@
+import envPaths from "env-paths";
+import path from "path";
+import { promises as fs } from "fs";
+import type { AppConfig } from "./types";
+const CONFIG_VERSION = 1;
+const CONFIG_FILE = "config.json";
+const TOKENS_FILE = "tokens.json";
+export const getConfigDir = () => {
+  const override = process.env.GIT_DAEMON_CONFIG_DIR;
+  if (override) {
+    return override;
+  }
+  const paths = envPaths("Git Daemon", { suffix: "" });
+  return paths.config;
+};
+export const getConfigPath = (configDir: string) =>
+  path.join(configDir, CONFIG_FILE);
+export const getTokensPath = (configDir: string) =>
+  path.join(configDir, TOKENS_FILE);
+export const defaultConfig = (): AppConfig => ({
+  configVersion: CONFIG_VERSION,
+  server: {
+    host: "127.0.0.1",
+    port: 8787,
+  },
+  originAllowlist: ["https://app.example.com"],
+  workspaceRoot: null,
+  pairing: {
+    tokenTtlDays: 30,
+  },
+  jobs: {
+    maxConcurrent: 1,
+    timeoutSeconds: 3600,
+  },
+  deps: {
+    defaultSafer: true,
+  },
+  logging: {
+    directory: "logs",
+    maxFiles: 5,
+    maxBytes: 5 * 1024 * 1024,
+  },
+  approvals: {
+    entries: [],
+  },
+});
+export const ensureDir = async (dir: string) => {
+  await fs.mkdir(dir, { recursive: true });
+};
+export const loadConfig = async (configDir: string): Promise<AppConfig> => {
+  await ensureDir(configDir);
+  const configPath = getConfigPath(configDir);
+  try {
+    const raw = await fs.readFile(configPath, "utf8");
+    const data = JSON.parse(raw) as AppConfig;
+    return {
+      ...defaultConfig(),
+      ...data,
+      server: {
+        ...defaultConfig().server,
+        ...data.server,
+      },
+      pairing: {
+        ...defaultConfig().pairing,
+        ...data.pairing,
+      },
+      jobs: {
+        ...defaultConfig().jobs,
+        ...data.jobs,
+      },
+      deps: {
+        ...defaultConfig().deps,
+        ...data.deps,
+      },
+      logging: {
+        ...defaultConfig().logging,
+        ...data.logging,
+      },
+      approvals: {
+        entries: data.approvals?.entries ?? [],
+      },
+    };
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code !== "ENOENT") {
+      throw err;
+    }
+    const config = defaultConfig();
+    await saveConfig(configDir, config);
+    return config;
+  }
+};
+export const saveConfig = async (configDir: string, config: AppConfig) => {
+  const configPath = getConfigPath(configDir);
+  await ensureDir(configDir);
+  await fs.writeFile(configPath, JSON.stringify(config, null, 2));
+};

package/src/context.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import path from "path";
+import { promises as fs } from "fs";
+import { createLogger } from "./logger";
+import { detectCapabilities } from "./tools";
+import { getConfigDir, loadConfig } from "./config";
+import { TokenStore } from "./tokens";
+import { PairingManager } from "./pairing";
+import { JobManager } from "./jobs";
+import type { DaemonContext } from "./app";
+const readPackageVersion = async () => {
+  try {
+    const pkgPath = path.resolve(__dirname, "..", "package.json");
+    const raw = await fs.readFile(pkgPath, "utf8");
+    const parsed = JSON.parse(raw) as { version?: string };
+    return parsed.version ?? "0.0.0";
+  } catch {
+    return "0.0.0";
+  }
+};
+export const createContext = async (): Promise<DaemonContext> => {
+  const configDir = getConfigDir();
+  const config = await loadConfig(configDir);
+  if (!config.originAllowlist.length) {
+    throw new Error("originAllowlist must contain at least one entry.");
+  }
+  if (config.server.host !== "127.0.0.1") {
+    throw new Error("Server host must be 127.0.0.1 for loopback-only binding.");
+  }
+  const tokenStore = new TokenStore(configDir);
+  await tokenStore.load();
+  const logger = await createLogger(configDir, config.logging);
+  const capabilities = await detectCapabilities();
+  const pairingManager = new PairingManager(
+    tokenStore,
+    config.pairing.tokenTtlDays,
+  );
+  const jobManager = new JobManager(
+    config.jobs.maxConcurrent,
+    config.jobs.timeoutSeconds,
+  );
+  const version = await readPackageVersion();
+  const build = {
+    commit: process.env.GIT_DAEMON_BUILD_COMMIT,
+    date: process.env.GIT_DAEMON_BUILD_DATE,
+  };
+  return {
+    config,
+    configDir,
+    tokenStore,
+    pairingManager,
+    jobManager,
+    capabilities,
+    logger,
+    version,
+    build,
+  };
+};

package/src/daemon.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { createContext } from "./context";
+import { createApp } from "./app";
+const start = async () => {
+  const ctx = await createContext();
+  const app = createApp(ctx);
+  app.listen(ctx.config.server.port, ctx.config.server.host, () => {
+    ctx.logger.info(
+      {
+        host: ctx.config.server.host,
+        port: ctx.config.server.port,
+      },
+      "Git Daemon listening",
+    );
+  });
+};
+start().catch((err) => {
+  console.error("Failed to start Git Daemon", err);
+  process.exit(1);
+});