git-daemon 0.1.1 → 0.1.3

package/.eslintrc.cjs

@@ -14,5 +14,5 @@ module.exports = {
   rules: {
     "@typescript-eslint/no-unused-vars": ["error", { argsIgnorePattern: "^_" }]
   },
-  ignorePatterns: ["dist/", "node_modules/"]
+  ignorePatterns: ["dist/", "node_modules/", "workspace/"]
 };

package/README.md

@@ -39,7 +39,34 @@ npm install
 npm run daemon
 ```
 
-The daemon listens on `http://127.0.0.1:8787` by default.
+The daemon listens on `http://127.0.0.1:8790` by default.
+
+## Setup workspace root
+
+```bash
+npm run setup
+```
+
+This prompts for an absolute workspace root path and saves it to your config. The prompt reads from the terminal directly (via `/dev/tty` on macOS/Linux) so it still works in many IDE run configurations.
+For development, you can also run `npm run setup:dev`.
+
+Non-interactive setup (no TTY):
+
+```bash
+GIT_DAEMON_WORKSPACE_ROOT=/absolute/path npm run setup
+```
+
+Or:
+
+```bash
+npm run setup -- --workspace=/absolute/path
+```
+
+Verbose logging options:
+
+- `GIT_DAEMON_LOG_STDOUT=1` to mirror logs to stdout
+- `GIT_DAEMON_LOG_PRETTY=0` to disable pretty formatting when stdout is enabled
+- `GIT_DAEMON_LOG_LEVEL=debug` to increase verbosity
 
 ## Pairing flow
 
@@ -51,7 +78,7 @@ Pairing is required before using protected endpoints.
 curl -H "Origin: https://app.example.com" \
   -H "Content-Type: application/json" \
   -d '{"step":"start"}' \
-  http://127.0.0.1:8787/v1/pair
+  http://127.0.0.1:8790/v1/pair
 ```
 
 2. Confirm pairing with the code:
@@ -60,7 +87,7 @@ curl -H "Origin: https://app.example.com" \
 curl -H "Origin: https://app.example.com" \
   -H "Content-Type: application/json" \
   -d '{"step":"confirm","code":"<CODE>"}' \
-  http://127.0.0.1:8787/v1/pair
+  http://127.0.0.1:8790/v1/pair
 ```
 
 The response includes `accessToken` to use as `Authorization: Bearer <token>`.
@@ -71,7 +98,7 @@ Check meta:
 
 ```bash
 curl -H "Origin: https://app.example.com" \
-  http://127.0.0.1:8787/v1/meta
+  http://127.0.0.1:8790/v1/meta
 ```
 
 Clone a repo (job):
@@ -82,7 +109,7 @@ curl -X POST \
   -H "Authorization: Bearer <TOKEN>" \
   -H "Content-Type: application/json" \
   -d '{"repoUrl":"git@github.com:owner/repo.git","destRelative":"owner/repo"}' \
-  http://127.0.0.1:8787/v1/git/clone
+  http://127.0.0.1:8790/v1/git/clone
 ```
 
 Stream job logs (SSE):
@@ -91,7 +118,7 @@ Stream job logs (SSE):
 curl -N \
   -H "Origin: https://app.example.com" \
   -H "Authorization: Bearer <TOKEN>" \
-  http://127.0.0.1:8787/v1/jobs/<JOB_ID>/stream
+  http://127.0.0.1:8790/v1/jobs/<JOB_ID>/stream
 ```
 
 ## Configuration

package/config.schema.json

@@ -35,7 +35,7 @@
           "type": "integer",
           "minimum": 1,
           "maximum": 65535,
-          "default": 8787
+          "default": 8790
         }
       }
     },

package/design.md

@@ -399,7 +399,7 @@ Same, except UI origin is localhost and allowlisted.
 
 ```bash
 curl -H "Origin: https://app.example.com" \
-     http://127.0.0.1:8787/v1/meta
+     http://127.0.0.1:8790/v1/meta
 ```
 
 ### Clone
@@ -410,7 +410,7 @@ curl -X POST \
   -H "Authorization: Bearer <TOKEN>" \
   -H "Content-Type: application/json" \
   -d '{"repoUrl":"git@github.com:owner/repo.git","destRelative":"owner/repo"}' \
-  http://127.0.0.1:8787/v1/git/clone
+  http://127.0.0.1:8790/v1/git/clone
 ```
 
 ### Stream job logs (SSE)
@@ -419,7 +419,7 @@ curl -X POST \
 curl -N \
   -H "Origin: https://app.example.com" \
   -H "Authorization: Bearer <TOKEN>" \
-  http://127.0.0.1:8787/v1/jobs/<JOB_ID>/stream
+  http://127.0.0.1:8790/v1/jobs/<JOB_ID>/stream
 ```
 
 ---

package/dist/app.js

@@ -0,0 +1,326 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createApp = void 0;
+const express_1 = __importDefault(require("express"));
+const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
+const fs_1 = require("fs");
+const path_1 = __importDefault(require("path"));
+const logger_1 = require("./logger");
+const security_1 = require("./security");
+const errors_1 = require("./errors");
+const validation_1 = require("./validation");
+const workspace_1 = require("./workspace");
+const git_1 = require("./git");
+const deps_1 = require("./deps");
+const os_1 = require("./os");
+const approvals_1 = require("./approvals");
+const parseBody = (schema, body, opts) => {
+    const parsed = schema.safeParse(body);
+    if (!parsed.success) {
+        if (opts?.repoUrl &&
+            parsed.error.issues.some((issue) => issue.path.includes("repoUrl"))) {
+            throw new errors_1.ApiError(422, (0, errors_1.errorBody)("invalid_repo_url", "Repository URL is invalid."));
+        }
+        throw new errors_1.ApiError(422, (0, errors_1.errorBody)("internal_error", "Invalid input."));
+    }
+    return parsed.data;
+};
+const rateLimitHandler = (_req, res) => {
+    const body = (0, errors_1.rateLimited)().body;
+    res.status(429).json(body);
+};
+const createApp = (ctx) => {
+    const app = (0, express_1.default)();
+    app.disable("x-powered-by");
+    app.use((0, logger_1.createHttpLogger)(ctx.logger));
+    app.use(express_1.default.json({ limit: "256kb" }));
+    app.use((0, security_1.loopbackGuard)());
+    app.use((0, security_1.hostGuard)());
+    app.use((0, security_1.originGuard)(ctx.config.originAllowlist));
+    app.use("/v1", (0, express_rate_limit_1.default)({
+        windowMs: 5 * 60 * 1000,
+        max: 300,
+        standardHeaders: true,
+        legacyHeaders: false,
+        handler: rateLimitHandler,
+    }));
+    app.get("/v1/meta", (_req, res) => {
+        const origin = (0, security_1.getOrigin)(_req);
+        const pairingRecord = ctx.tokenStore.getActiveToken(origin);
+        res.json({
+            version: ctx.version,
+            build: ctx.build,
+            pairing: {
+                required: true,
+                paired: Boolean(pairingRecord),
+            },
+            workspace: {
+                configured: Boolean(ctx.config.workspaceRoot),
+                root: ctx.config.workspaceRoot ?? undefined,
+            },
+            capabilities: ctx.capabilities,
+        });
+    });
+    app.post("/v1/pair", (0, express_rate_limit_1.default)({
+        windowMs: 10 * 60 * 1000,
+        max: 10,
+        standardHeaders: true,
+        legacyHeaders: false,
+        handler: rateLimitHandler,
+    }), async (req, res, next) => {
+        try {
+            const origin = (0, security_1.getOrigin)(req);
+            const payload = parseBody(validation_1.pairRequestSchema, req.body);
+            if (payload.step === "start") {
+                res.json(ctx.pairingManager.start(origin));
+                return;
+            }
+            const response = await ctx.pairingManager.confirm(origin, payload.code);
+            if (!response) {
+                throw new errors_1.ApiError(422, (0, errors_1.errorBody)("internal_error", "Invalid pairing code."));
+            }
+            res.json(response);
+        }
+        catch (err) {
+            next(err);
+        }
+    });
+    app.get("/v1/jobs/:id", (0, security_1.authGuard)(ctx.tokenStore), (req, res, next) => {
+        try {
+            const job = ctx.jobManager.get(req.params.id);
+            if (!job) {
+                throw (0, errors_1.jobNotFound)();
+            }
+            res.json(job.snapshot());
+        }
+        catch (err) {
+            next(err);
+        }
+    });
+    app.get("/v1/jobs/:id/stream", (0, security_1.authGuard)(ctx.tokenStore), (req, res, next) => {
+        const job = ctx.jobManager.get(req.params.id);
+        if (!job) {
+            next((0, errors_1.jobNotFound)());
+            return;
+        }
+        res.writeHead(200, {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+            "X-Accel-Buffering": "no",
+        });
+        res.flushHeaders?.();
+        const sendEvent = (event) => {
+            res.write(`data: ${JSON.stringify(event)}\n\n`);
+        };
+        const isTerminalState = (event) => {
+            if (!event || typeof event !== "object") {
+                return false;
+            }
+            const record = event;
+            return (record.type === "state" &&
+                (record.state === "done" ||
+                    record.state === "error" ||
+                    record.state === "cancelled"));
+        };
+        for (const event of job.events) {
+            sendEvent(event);
+            if (isTerminalState(event)) {
+                res.end();
+                return;
+            }
+        }
+        const listener = (event) => {
+            sendEvent(event);
+            if (isTerminalState(event)) {
+                job.emitter.off("event", listener);
+                res.end();
+            }
+        };
+        job.emitter.on("event", listener);
+        req.on("close", () => {
+            job.emitter.off("event", listener);
+        });
+    });
+    app.post("/v1/jobs/:id/cancel", (0, security_1.authGuard)(ctx.tokenStore), (req, res, next) => {
+        try {
+            const job = ctx.jobManager.get(req.params.id);
+            if (!job) {
+                throw (0, errors_1.jobNotFound)();
+            }
+            if (job.state !== "queued" && job.state !== "running") {
+                res
+                    .status(409)
+                    .json((0, errors_1.errorBody)("internal_error", "Job is not cancellable."));
+                return;
+            }
+            ctx.jobManager.cancel(job.id);
+            res.json({ accepted: true });
+        }
+        catch (err) {
+            next(err);
+        }
+    });
+    app.post("/v1/git/clone", (0, security_1.authGuard)(ctx.tokenStore), async (req, res, next) => {
+        try {
+            const payload = parseBody(validation_1.gitCloneRequestSchema, req.body, {
+                repoUrl: true,
+            });
+            const workspaceRoot = (0, workspace_1.ensureWorkspaceRoot)(ctx.config.workspaceRoot);
+            (0, workspace_1.ensureRelative)(payload.destRelative);
+            const destPath = await (0, workspace_1.resolveInsideWorkspace)(workspaceRoot, payload.destRelative, true);
+            try {
+                await fs_1.promises.access(destPath);
+                res
+                    .status(409)
+                    .json((0, errors_1.errorBody)("internal_error", "Destination already exists."));
+                return;
+            }
+            catch (err) {
+                if (err.code !== "ENOENT") {
+                    throw err;
+                }
+            }
+            await fs_1.promises.mkdir(path_1.default.dirname(destPath), { recursive: true });
+            const job = ctx.jobManager.enqueue(async (jobCtx) => {
+                await (0, git_1.cloneRepo)(jobCtx, workspaceRoot, payload.repoUrl, payload.destRelative, payload.options);
+            });
+            res.status(202).json({ jobId: job.id });
+        }
+        catch (err) {
+            next(err);
+        }
+    });
+    app.post("/v1/git/fetch", (0, security_1.authGuard)(ctx.tokenStore), async (req, res, next) => {
+        try {
+            const payload = parseBody(validation_1.gitFetchRequestSchema, req.body);
+            const workspaceRoot = (0, workspace_1.ensureWorkspaceRoot)(ctx.config.workspaceRoot);
+            await (0, git_1.resolveRepoPath)(workspaceRoot, payload.repoPath);
+            const job = ctx.jobManager.enqueue(async (jobCtx) => {
+                await (0, git_1.fetchRepo)(jobCtx, workspaceRoot, payload.repoPath, payload.remote, payload.prune);
+            });
+            res.status(202).json({ jobId: job.id });
+        }
+        catch (err) {
+            if (err instanceof git_1.RepoNotFoundError ||
+                err instanceof workspace_1.MissingPathError) {
+                next((0, errors_1.repoNotFound)());
+                return;
+            }
+            next(err);
+        }
+    });
+    app.get("/v1/git/status", (0, security_1.authGuard)(ctx.tokenStore), async (req, res, next) => {
+        try {
+            const { repoPath } = parseBody(validation_1.gitStatusQuerySchema, req.query);
+            const workspaceRoot = (0, workspace_1.ensureWorkspaceRoot)(ctx.config.workspaceRoot);
+            const status = await (0, git_1.getRepoStatus)(workspaceRoot, repoPath);
+            res.json(status);
+        }
+        catch (err) {
+            if (err instanceof git_1.RepoNotFoundError ||
+                err instanceof workspace_1.MissingPathError) {
+                next((0, errors_1.repoNotFound)());
+                return;
+            }
+            next(err);
+        }
+    });
+    app.post("/v1/os/open", (0, security_1.authGuard)(ctx.tokenStore), async (req, res, next) => {
+        try {
+            const origin = (0, security_1.getOrigin)(req);
+            const payload = parseBody(validation_1.osOpenRequestSchema, req.body);
+            const workspaceRoot = (0, workspace_1.ensureWorkspaceRoot)(ctx.config.workspaceRoot);
+            const resolved = await (0, workspace_1.resolveInsideWorkspace)(workspaceRoot, payload.path);
+            if (payload.target === "terminal") {
+                (0, approvals_1.requireApproval)(ctx.config, origin, resolved, "open-terminal", workspaceRoot);
+            }
+            if (payload.target === "vscode") {
+                (0, approvals_1.requireApproval)(ctx.config, origin, resolved, "open-vscode", workspaceRoot);
+            }
+            await (0, os_1.openTarget)(payload.target, resolved);
+            res.json({ ok: true });
+        }
+        catch (err) {
+            if (err instanceof workspace_1.MissingPathError) {
+                next((0, errors_1.pathNotFound)());
+                return;
+            }
+            next(err);
+        }
+    });
+    app.post("/v1/deps/install", (0, security_1.authGuard)(ctx.tokenStore), async (req, res, next) => {
+        try {
+            const origin = (0, security_1.getOrigin)(req);
+            const payload = parseBody(validation_1.depsInstallRequestSchema, req.body);
+            const workspaceRoot = (0, workspace_1.ensureWorkspaceRoot)(ctx.config.workspaceRoot);
+            const resolved = await (0, workspace_1.resolveInsideWorkspace)(workspaceRoot, payload.repoPath);
+            try {
+                await fs_1.promises.access(path_1.default.join(resolved, "package.json"));
+            }
+            catch {
+                throw (0, errors_1.repoNotFound)();
+            }
+            (0, approvals_1.requireApproval)(ctx.config, origin, resolved, "deps/install", workspaceRoot);
+            const job = ctx.jobManager.enqueue(async (jobCtx) => {
+                await (0, deps_1.installDeps)(jobCtx, workspaceRoot, {
+                    repoPath: payload.repoPath,
+                    manager: payload.manager ?? "auto",
+                    mode: payload.mode ?? "auto",
+                    safer: payload.safer ?? ctx.config.deps.defaultSafer,
+                });
+            });
+            res.status(202).json({ jobId: job.id });
+        }
+        catch (err) {
+            if (err instanceof workspace_1.MissingPathError) {
+                next((0, errors_1.pathNotFound)());
+                return;
+            }
+            next(err);
+        }
+    });
+    app.get("/v1/diagnostics", (0, security_1.authGuard)(ctx.tokenStore), (req, res, next) => {
+        try {
+            const summary = {
+                configVersion: ctx.config.configVersion,
+                server: ctx.config.server,
+                originAllowlist: ctx.config.originAllowlist,
+                workspaceRoot: ctx.config.workspaceRoot,
+                pairing: ctx.config.pairing,
+                jobs: ctx.config.jobs,
+                deps: ctx.config.deps,
+                logging: ctx.config.logging,
+            };
+            res.json({
+                config: summary,
+                recentErrors: [],
+                jobs: ctx.jobManager.listRecent(),
+                logTail: [],
+            });
+        }
+        catch (err) {
+            next(err);
+        }
+    });
+    app.use((err, _req, res, _next) => {
+        if (err instanceof errors_1.ApiError) {
+            res.status(err.status).json(err.body);
+            return;
+        }
+        if (err.type === "entity.too.large") {
+            res
+                .status(413)
+                .json((0, errors_1.errorBody)("request_too_large", "Request too large."));
+            return;
+        }
+        ctx.logger.error({ err }, "Unhandled error");
+        const fallback = (0, errors_1.internalError)();
+        res.status(fallback.status).json(fallback.body);
+    });
+    return app;
+};
+exports.createApp = createApp;

package/dist/approvals.js

@@ -0,0 +1,27 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireApproval = exports.hasApproval = void 0;
+const path_1 = __importDefault(require("path"));
+const errors_1 = require("./errors");
+const hasApproval = (config, origin, repoPath, capability, workspaceRoot) => config.approvals.entries.some((entry) => {
+    if (entry.origin !== origin || !entry.capabilities.includes(capability)) {
+        return false;
+    }
+    if (entry.repoPath === repoPath) {
+        return true;
+    }
+    if (workspaceRoot && !path_1.default.isAbsolute(entry.repoPath)) {
+        return path_1.default.resolve(workspaceRoot, entry.repoPath) === repoPath;
+    }
+    return false;
+});
+exports.hasApproval = hasApproval;
+const requireApproval = (config, origin, repoPath, capability, workspaceRoot) => {
+    if (!(0, exports.hasApproval)(config, origin, repoPath, capability, workspaceRoot)) {
+        throw (0, errors_1.capabilityNotGranted)();
+    }
+};
+exports.requireApproval = requireApproval;

package/dist/cli-test-clone.js

@@ -0,0 +1,122 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const http_1 = __importDefault(require("http"));
+const getEnv = (key, fallback) => process.env[key] || fallback;
+const ORIGIN = getEnv("ORIGIN", "https://app.example.com");
+const PORT = Number(getEnv("PORT", "8790"));
+const BASE = `http://127.0.0.1:${PORT}`;
+const REPO = getEnv("REPO_URL", "git@github.com:bunnybones1/git-daemon.git");
+const DEST = getEnv("DEST_RELATIVE", "bunnybones1/git-daemon");
+const requestJson = (path, body) => new Promise((resolve, reject) => {
+    const payload = JSON.stringify(body);
+    const req = http_1.default.request(`${BASE}${path}`, {
+        method: "POST",
+        headers: {
+            Origin: ORIGIN,
+            "Content-Type": "application/json",
+            "Content-Length": Buffer.byteLength(payload),
+        },
+    }, (res) => {
+        let raw = "";
+        res.setEncoding("utf8");
+        res.on("data", (chunk) => {
+            raw += chunk;
+        });
+        res.on("end", () => {
+            try {
+                const data = raw ? JSON.parse(raw) : {};
+                resolve({ status: res.statusCode || 0, data });
+            }
+            catch (err) {
+                reject(err);
+            }
+        });
+    });
+    req.on("error", reject);
+    req.write(payload);
+    req.end();
+});
+const requestJsonAuth = (path, token, body) => new Promise((resolve, reject) => {
+    const payload = JSON.stringify(body);
+    const req = http_1.default.request(`${BASE}${path}`, {
+        method: "POST",
+        headers: {
+            Origin: ORIGIN,
+            Authorization: `Bearer ${token}`,
+            "Content-Type": "application/json",
+            "Content-Length": Buffer.byteLength(payload),
+        },
+    }, (res) => {
+        let raw = "";
+        res.setEncoding("utf8");
+        res.on("data", (chunk) => {
+            raw += chunk;
+        });
+        res.on("end", () => {
+            try {
+                const data = raw ? JSON.parse(raw) : {};
+                resolve({ status: res.statusCode || 0, data });
+            }
+            catch (err) {
+                reject(err);
+            }
+        });
+    });
+    req.on("error", reject);
+    req.write(payload);
+    req.end();
+});
+const streamEvents = (jobId, token) => new Promise((resolve, reject) => {
+    const req = http_1.default.request(`${BASE}/v1/jobs/${jobId}/stream`, {
+        method: "GET",
+        headers: {
+            Origin: ORIGIN,
+            Authorization: `Bearer ${token}`,
+            Accept: "text/event-stream",
+        },
+    }, (res) => {
+        res.setEncoding("utf8");
+        res.on("data", (chunk) => {
+            process.stdout.write(chunk);
+        });
+        res.on("end", () => {
+            resolve();
+        });
+    });
+    req.on("error", reject);
+    req.end();
+});
+const main = async () => {
+    const start = await requestJson("/v1/pair", { step: "start" });
+    if (start.status !== 200 || !start.data.code) {
+        console.error("Pairing start failed", start.data);
+        process.exit(1);
+    }
+    const confirm = await requestJson("/v1/pair", {
+        step: "confirm",
+        code: start.data.code,
+    });
+    if (confirm.status !== 200 || !confirm.data.accessToken) {
+        console.error("Pairing confirm failed", confirm.data);
+        process.exit(1);
+    }
+    const token = confirm.data.accessToken;
+    const clone = await requestJsonAuth("/v1/git/clone", token, {
+        repoUrl: REPO,
+        destRelative: DEST,
+    });
+    if (clone.status !== 202 || !clone.data.jobId) {
+        console.error("Clone request failed", clone.data);
+        process.exit(1);
+    }
+    const jobId = clone.data.jobId;
+    console.log(`jobId=${jobId}`);
+    await streamEvents(jobId, token);
+};
+main().catch((err) => {
+    console.error("Test clone failed", err);
+    process.exit(1);
+});