kozou 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -6
- package/dist/commands/dev-runtime.d.ts +8 -0
- package/dist/commands/dev-runtime.d.ts.map +1 -1
- package/dist/commands/dev-runtime.js +156 -4
- package/dist/commands/dev-runtime.js.map +1 -1
- package/dist/commands/dev.d.ts.map +1 -1
- package/dist/commands/dev.js +31 -13
- package/dist/commands/dev.js.map +1 -1
- package/dist/config.d.ts +1 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +37 -4
- package/dist/config.js.map +1 -1
- package/dist/templates/docker-compose.yml +20 -1
- package/dist/templates/env.example +1 -0
- package/package.json +7 -7
package/README.md
CHANGED
|
@@ -163,6 +163,8 @@ auth:
|
|
|
163
163
|
anonRole: web_anon # role for requests with no token (else 401)
|
|
164
164
|
ui:
|
|
165
165
|
role: app_admin # role the bundled Admin UI runs as (HS256)
|
|
166
|
+
claims: # extra claims minted into the UI token (HS256)
|
|
167
|
+
tenant_id: acme # for RLS policies reading request.jwt.claims
|
|
166
168
|
# token: ${KOZOU_ADAPTER_TOKEN} # RS256 / external IdP: supply a token instead
|
|
167
169
|
```
|
|
168
170
|
|
|
@@ -174,8 +176,10 @@ With no `auth:` block, the section is built instead from
|
|
|
174
176
|
`KOZOU_JWT_SECRET` / `KOZOU_JWT_PUBLIC_KEY` / `KOZOU_JWT_JWKS_URI` /
|
|
175
177
|
`KOZOU_JWT_ALGORITHMS` / `KOZOU_JWT_ISSUER` / `KOZOU_JWT_AUDIENCE` /
|
|
176
178
|
`KOZOU_JWT_ROLE_CLAIM` / `KOZOU_JWT_ALLOWED_ROLES` / `KOZOU_JWT_DEFAULT_ROLE` /
|
|
177
|
-
`KOZOU_JWT_ANON_ROLE` / `KOZOU_UI_ROLE` / `
|
|
178
|
-
and roles are comma-separated
|
|
179
|
+
`KOZOU_JWT_ANON_ROLE` / `KOZOU_UI_ROLE` / `KOZOU_UI_CLAIMS` /
|
|
180
|
+
`KOZOU_ADAPTER_TOKEN` (algorithms and roles are comma-separated;
|
|
181
|
+
`KOZOU_UI_CLAIMS` takes a JSON object and fails loudly at startup when
|
|
182
|
+
malformed). A role outside `allowedRoles` gets `403`. A request with
|
|
179
183
|
no token gets `401` unless `anonRole` is set, in which case it runs under
|
|
180
184
|
that role and your RLS policies decide what it sees (a present but invalid
|
|
181
185
|
token is always `401`). The login role of `database.url` must be `GRANT`ed
|
|
@@ -186,10 +190,18 @@ membership in every allowed role, and in `anonRole` when set.
|
|
|
186
190
|
The Admin UI calls `@kozou/api` server-side, so when `auth` is on it must
|
|
187
191
|
send a token too. Under **HS256** the CLI mints one for the UI claiming
|
|
188
192
|
`auth.ui.role` (or, if unset, no role — the API then applies `defaultRole`);
|
|
189
|
-
set `auth.ui.role` to the role the console should run as.
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
+
set `auth.ui.role` to the role the console should run as. RLS policies
|
|
194
|
+
usually need more than the role: `auth.ui.claims` (or `KOZOU_UI_CLAIMS`,
|
|
195
|
+
a JSON object) merges extra claims — a tenant id, an operator flag — into
|
|
196
|
+
the minted token, where `request.jwt.claims` makes them visible to your
|
|
197
|
+
policies. The merge is flat: the role claim is always controlled by
|
|
198
|
+
`auth.ui.role` (a colliding key is dropped with a startup warning), and
|
|
199
|
+
`iat` / configured `iss` / `aud` win likewise. These are *service-token*
|
|
200
|
+
claims — everyone who can reach the UI port acts with them. Under
|
|
201
|
+
**RS256** or an external identity provider the CLI cannot mint, so supply
|
|
202
|
+
a ready-made token via `auth.ui.token` (or the `KOZOU_ADAPTER_TOKEN` env);
|
|
203
|
+
without it the UI is rejected with `401` and the CLI logs how to fix it
|
|
204
|
+
(`auth.ui.claims` only applies to tokens the CLI mints itself).
|
|
193
205
|
The minted role must satisfy `allowedRoles` or the UI gets `403`.
|
|
194
206
|
|
|
195
207
|
## License
|
|
@@ -2,6 +2,9 @@ import type { KozouConfig } from '../config.js';
|
|
|
2
2
|
export declare function resolveAdminUiEntry(): string;
|
|
3
3
|
export declare function resolveOrigin(config: KozouConfig, env: NodeJS.ProcessEnv): string;
|
|
4
4
|
export declare function buildAdminUiEnv(config: KozouConfig, origin: string, baseEnv: NodeJS.ProcessEnv, apiAdapterUrl?: string, apiToken?: string): NodeJS.ProcessEnv;
|
|
5
|
+
export declare function describeApiAuth(auth: KozouConfig['auth']): string;
|
|
6
|
+
export type AdminUiExposure = 'unauthenticated' | 'service-token' | 'anon-role' | 'rejected';
|
|
7
|
+
export declare function classifyAdminUiExposure(auth: KozouConfig['auth'], tokenResult: AdminUiTokenResult | undefined, inhouseApi: boolean): AdminUiExposure;
|
|
5
8
|
export type ServiceTokenMinter = {
|
|
6
9
|
signServiceToken(opts: {
|
|
7
10
|
secret: string;
|
|
@@ -9,6 +12,7 @@ export type ServiceTokenMinter = {
|
|
|
9
12
|
role?: string;
|
|
10
13
|
issuer?: string;
|
|
11
14
|
audience?: string | string[];
|
|
15
|
+
claims?: Record<string, unknown>;
|
|
12
16
|
}): Promise<string>;
|
|
13
17
|
};
|
|
14
18
|
export type AdminUiTokenResult = {
|
|
@@ -16,6 +20,10 @@ export type AdminUiTokenResult = {
|
|
|
16
20
|
token?: string;
|
|
17
21
|
/** Operator-facing reason the UI will be rejected, when no usable token. */
|
|
18
22
|
warning?: string;
|
|
23
|
+
/** The resolver already knows the API will reject this token with 403
|
|
24
|
+
* (minted with no role and no defaultRole, or a role outside
|
|
25
|
+
* allowedRoles). Lets the exposure classification below stay honest. */
|
|
26
|
+
knownRejected?: boolean;
|
|
19
27
|
};
|
|
20
28
|
export declare function resolveAdminUiToken(config: KozouConfig, minter: ServiceTokenMinter, env: NodeJS.ProcessEnv): Promise<AdminUiTokenResult>;
|
|
21
29
|
//# sourceMappingURL=dev-runtime.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev-runtime.d.ts","sourceRoot":"","sources":["../../src/commands/dev-runtime.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAOhD,wBAAgB,mBAAmB,IAAI,MAAM,CAI5C;AAMD,wBAAgB,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAEjF;AAYD,wBAAgB,eAAe,CAC7B,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,CAAC,UAAU,EAC1B,aAAa,CAAC,EAAE,MAAM,EACtB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,CAAC,UAAU,
|
|
1
|
+
{"version":3,"file":"dev-runtime.d.ts","sourceRoot":"","sources":["../../src/commands/dev-runtime.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAOhD,wBAAgB,mBAAmB,IAAI,MAAM,CAI5C;AAMD,wBAAgB,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAEjF;AAYD,wBAAgB,eAAe,CAC7B,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,CAAC,UAAU,EAC1B,aAAa,CAAC,EAAE,MAAM,EACtB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,CAAC,UAAU,CAwCnB;AAqBD,wBAAgB,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,MAAM,CAyBjE;AAgBD,MAAM,MAAM,eAAe,GAAG,iBAAiB,GAAG,eAAe,GAAG,WAAW,GAAG,UAAU,CAAC;AAE7F,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,WAAW,CAAC,MAAM,CAAC,EACzB,WAAW,EAAE,kBAAkB,GAAG,SAAS,EAC3C,UAAU,EAAE,OAAO,GAClB,eAAe,CAQjB;AAID,MAAM,MAAM,kBAAkB,GAAG;IAC/B,gBAAgB,CAAC,IAAI,EAAE;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QAC7B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAClC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,yEAAyE;IACzE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4EAA4E;IAC5E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;6EAEyE;IACzE,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAWF,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,kBAAkB,EAC1B,GAAG,EAAE,MAAM,CAAC,UAAU,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAiE7B"}
|
|
@@ -41,6 +41,17 @@ export function buildAdminUiEnv(config, origin, baseEnv, apiAdapterUrl, apiToken
|
|
|
41
41
|
ORIGIN: origin,
|
|
42
42
|
NODE_ENV: 'production',
|
|
43
43
|
};
|
|
44
|
+
// JWT verifier / signing inputs and minting inputs are a CLI-process
|
|
45
|
+
// concern. The network-facing UI child only ever consumes KOZOU_ADAPTER_*,
|
|
46
|
+
// so the HS256 secret (or key / JWKS settings) and the UI token inputs
|
|
47
|
+
// (role name, claim values — which can carry tenant identifiers) must not
|
|
48
|
+
// extend into it — with the scaffold compose forwarding these variables
|
|
49
|
+
// they are present in the parent environment on the default path.
|
|
50
|
+
for (const key of Object.keys(env)) {
|
|
51
|
+
if (key.startsWith('KOZOU_JWT_') || key === 'KOZOU_UI_ROLE' || key === 'KOZOU_UI_CLAIMS') {
|
|
52
|
+
delete env[key];
|
|
53
|
+
}
|
|
54
|
+
}
|
|
44
55
|
if (apiAdapterUrl !== undefined) {
|
|
45
56
|
// In-house @kozou/api backend: point the UI at it and attach the token
|
|
46
57
|
// when one was resolved, clearing any inherited stale token otherwise.
|
|
@@ -64,6 +75,65 @@ export function buildAdminUiEnv(config, origin, baseEnv, apiAdapterUrl, apiToken
|
|
|
64
75
|
}
|
|
65
76
|
return env;
|
|
66
77
|
}
|
|
78
|
+
// Strip anything that could carry a credential out of a URL before it is
|
|
79
|
+
// written to a log: userinfo (https://user:pass@host/...), query (?token=...)
|
|
80
|
+
// and fragment. Keeps scheme + host + path, which is enough to recognize
|
|
81
|
+
// the endpoint.
|
|
82
|
+
function redactUrlForLog(raw) {
|
|
83
|
+
try {
|
|
84
|
+
const url = new URL(raw);
|
|
85
|
+
return `${url.origin}${url.pathname}`;
|
|
86
|
+
}
|
|
87
|
+
catch {
|
|
88
|
+
return '<invalid URL>';
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
// One unambiguous startup line about the in-house API's auth state, so a
|
|
92
|
+
// stack whose auth never reached the process (for instance env vars a
|
|
93
|
+
// compose file did not forward) is visible immediately instead of
|
|
94
|
+
// failing open silently. Never includes secret material: only the
|
|
95
|
+
// verification mode and the role configuration (the JWKS URL is redacted
|
|
96
|
+
// to scheme + host + path in case it embeds a credential).
|
|
97
|
+
export function describeApiAuth(auth) {
|
|
98
|
+
if (auth === undefined) {
|
|
99
|
+
return 'disabled (no JWT verification configured; requests run as the connection role)';
|
|
100
|
+
}
|
|
101
|
+
const mode = auth.jwt.secret !== undefined && auth.jwt.secret.length > 0
|
|
102
|
+
? 'HS256 (shared secret)'
|
|
103
|
+
: auth.jwt.jwksUri !== undefined && auth.jwt.jwksUri.length > 0
|
|
104
|
+
? `JWKS (${redactUrlForLog(auth.jwt.jwksUri)})`
|
|
105
|
+
: auth.jwt.publicKey !== undefined && auth.jwt.publicKey.length > 0
|
|
106
|
+
? 'static public key'
|
|
107
|
+
: 'misconfigured (auth set but no secret / publicKey / jwksUri)';
|
|
108
|
+
const parts = [mode];
|
|
109
|
+
if (auth.allowedRoles !== undefined && auth.allowedRoles.length > 0) {
|
|
110
|
+
parts.push(`allowedRoles=[${auth.allowedRoles.join(', ')}]`);
|
|
111
|
+
}
|
|
112
|
+
if (auth.defaultRole !== undefined)
|
|
113
|
+
parts.push(`defaultRole=${auth.defaultRole}`);
|
|
114
|
+
if (auth.anonRole !== undefined)
|
|
115
|
+
parts.push(`anonRole=${auth.anonRole}`);
|
|
116
|
+
if (auth.ui?.role !== undefined)
|
|
117
|
+
parts.push(`ui role=${auth.ui.role}`);
|
|
118
|
+
else if (auth.ui?.token !== undefined)
|
|
119
|
+
parts.push('ui token=supplied');
|
|
120
|
+
if (auth.ui?.claims !== undefined) {
|
|
121
|
+
// Key names only — values can carry tenant identifiers.
|
|
122
|
+
parts.push(`ui claims=[${Object.keys(auth.ui.claims).join(', ')}]`);
|
|
123
|
+
}
|
|
124
|
+
return parts.join(', ');
|
|
125
|
+
}
|
|
126
|
+
export function classifyAdminUiExposure(auth, tokenResult, inhouseApi) {
|
|
127
|
+
if (!inhouseApi || auth === undefined)
|
|
128
|
+
return 'unauthenticated';
|
|
129
|
+
const token = tokenResult?.token;
|
|
130
|
+
if (token !== undefined && token.length > 0) {
|
|
131
|
+
return tokenResult?.knownRejected === true ? 'rejected' : 'service-token';
|
|
132
|
+
}
|
|
133
|
+
if (auth.anonRole !== undefined && auth.anonRole.length > 0)
|
|
134
|
+
return 'anon-role';
|
|
135
|
+
return 'rejected';
|
|
136
|
+
}
|
|
67
137
|
// Decide what token (if any) the bundled Admin UI should send to @kozou/api,
|
|
68
138
|
// given the resolved config. Pure except for the injected minter:
|
|
69
139
|
// (a) an explicit token (auth.ui.token / KOZOU_ADAPTER_TOKEN) is passed
|
|
@@ -77,9 +147,15 @@ export async function resolveAdminUiToken(config, minter, env) {
|
|
|
77
147
|
const auth = config.auth;
|
|
78
148
|
if (auth === undefined)
|
|
79
149
|
return {}; // no auth -> the UI sends no token (unchanged)
|
|
150
|
+
const claims = auth.ui?.claims;
|
|
80
151
|
const supplied = auth.ui?.token ?? env.KOZOU_ADAPTER_TOKEN;
|
|
81
152
|
if (supplied !== undefined && supplied.length > 0) {
|
|
82
|
-
|
|
153
|
+
// claims only apply to a token the CLI mints itself.
|
|
154
|
+
const warning = claims !== undefined
|
|
155
|
+
? 'auth.ui.claims is ignored because a ready-made token is supplied ' +
|
|
156
|
+
'(auth.ui.token / KOZOU_ADAPTER_TOKEN); put the claims in that token instead.'
|
|
157
|
+
: undefined;
|
|
158
|
+
return warning !== undefined ? { token: supplied, warning } : { token: supplied };
|
|
83
159
|
}
|
|
84
160
|
const secret = auth.jwt.secret;
|
|
85
161
|
if (secret !== undefined && secret.length > 0) {
|
|
@@ -90,17 +166,93 @@ export async function resolveAdminUiToken(config, minter, env) {
|
|
|
90
166
|
role,
|
|
91
167
|
issuer: auth.jwt.issuer,
|
|
92
168
|
audience: auth.jwt.audience,
|
|
169
|
+
claims,
|
|
93
170
|
});
|
|
94
|
-
const
|
|
95
|
-
|
|
171
|
+
const warnings = [];
|
|
172
|
+
const reserved = reservedClaimCollisions(auth, claims);
|
|
173
|
+
if (reserved.length > 0) {
|
|
174
|
+
warnings.push(`auth.ui.claims key(s) ${reserved.map((k) => `"${k}"`).join(', ')} are ` +
|
|
175
|
+
'reserved and overridden by the auth config (the role claim, iat, ' +
|
|
176
|
+
'and iss/aud when configured).');
|
|
177
|
+
}
|
|
178
|
+
// exp/nbf pass through (an intentionally expiring UI token is allowed),
|
|
179
|
+
// but a value that provably fails verification — expired, not yet
|
|
180
|
+
// valid, or not a number — would 401 every UI request from the start.
|
|
181
|
+
const temporalWarning = temporalClaimsWarning(claims);
|
|
182
|
+
if (temporalWarning !== undefined)
|
|
183
|
+
warnings.push(temporalWarning);
|
|
184
|
+
const roleWarning = mintedRoleWarning(auth, role);
|
|
185
|
+
if (roleWarning !== undefined)
|
|
186
|
+
warnings.push(roleWarning);
|
|
187
|
+
if (warnings.length === 0)
|
|
188
|
+
return { token };
|
|
189
|
+
return {
|
|
190
|
+
token,
|
|
191
|
+
warning: warnings.join(' '),
|
|
192
|
+
...(roleWarning !== undefined || temporalWarning !== undefined
|
|
193
|
+
? { knownRejected: true }
|
|
194
|
+
: {}),
|
|
195
|
+
};
|
|
96
196
|
}
|
|
197
|
+
const claimsNote = claims !== undefined
|
|
198
|
+
? ' (auth.ui.claims is also unusable on this path — the CLI cannot mint)'
|
|
199
|
+
: '';
|
|
97
200
|
return {
|
|
98
201
|
warning: 'auth uses an RS256 public key, so the CLI cannot mint a token for the ' +
|
|
99
202
|
'bundled Admin UI; it will be rejected with 401. Set auth.ui.token (or ' +
|
|
100
203
|
'KOZOU_ADAPTER_TOKEN) to a token from your identity provider, or use an ' +
|
|
101
|
-
|
|
204
|
+
`HS256 secret so the CLI can mint one${claimsNote}.`,
|
|
102
205
|
};
|
|
103
206
|
}
|
|
207
|
+
// Keys in auth.ui.claims that the mint will override (or drop): the role
|
|
208
|
+
// claim is always reserved, `iat` is always set, and `iss`/`aud` are set
|
|
209
|
+
// when the auth config declares an issuer/audience. Surfaced as a startup
|
|
210
|
+
// warning so a colliding key is never a silent override.
|
|
211
|
+
function reservedClaimCollisions(auth, claims) {
|
|
212
|
+
if (claims === undefined)
|
|
213
|
+
return [];
|
|
214
|
+
const reserved = new Set([auth.roleClaim ?? 'role', 'iat']);
|
|
215
|
+
if (auth.jwt.issuer !== undefined)
|
|
216
|
+
reserved.add('iss');
|
|
217
|
+
if (auth.jwt.audience !== undefined)
|
|
218
|
+
reserved.add('aud');
|
|
219
|
+
return Object.keys(claims).filter((k) => reserved.has(k));
|
|
220
|
+
}
|
|
221
|
+
// `exp` / `nbf` in auth.ui.claims that provably make the minted token fail
|
|
222
|
+
// verification: already expired, not valid yet, or not a number (the
|
|
223
|
+
// verifier rejects malformed temporal claims). A well-formed future `exp`
|
|
224
|
+
// is intentional (an expiring UI token) and passes silently.
|
|
225
|
+
function temporalClaimsWarning(claims) {
|
|
226
|
+
if (claims === undefined)
|
|
227
|
+
return undefined;
|
|
228
|
+
const now = Math.floor(Date.now() / 1000);
|
|
229
|
+
// Finite numbers only: YAML parses `.nan` / `.inf` to NaN / Infinity,
|
|
230
|
+
// which survive a typeof check, serialize to null in the JWT payload,
|
|
231
|
+
// and fail verification.
|
|
232
|
+
if ('exp' in claims) {
|
|
233
|
+
const exp = claims.exp;
|
|
234
|
+
if (typeof exp !== 'number' || !Number.isFinite(exp)) {
|
|
235
|
+
return 'auth.ui.claims.exp is not a finite number (UNIX seconds), so ' +
|
|
236
|
+
'the API rejects the minted Admin UI token (401).';
|
|
237
|
+
}
|
|
238
|
+
if (exp <= now) {
|
|
239
|
+
return 'auth.ui.claims.exp is already in the past, so the API rejects ' +
|
|
240
|
+
'the minted Admin UI token (401).';
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
if ('nbf' in claims) {
|
|
244
|
+
const nbf = claims.nbf;
|
|
245
|
+
if (typeof nbf !== 'number' || !Number.isFinite(nbf)) {
|
|
246
|
+
return 'auth.ui.claims.nbf is not a finite number (UNIX seconds), so ' +
|
|
247
|
+
'the API rejects the minted Admin UI token (401).';
|
|
248
|
+
}
|
|
249
|
+
if (nbf > now) {
|
|
250
|
+
return 'auth.ui.claims.nbf is in the future, so the API rejects the ' +
|
|
251
|
+
'minted Admin UI token (401) until that time.';
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
return undefined;
|
|
255
|
+
}
|
|
104
256
|
// A minted Admin UI token will be rejected with 403 unless the API can
|
|
105
257
|
// resolve an allowed role for it. Surface that as a warning at startup
|
|
106
258
|
// rather than letting the UI fail opaquely.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev-runtime.js","sourceRoot":"","sources":["../../src/commands/dev-runtime.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,EAAE;AACF,kEAAkE;AAClE,wEAAwE;AACxE,wCAAwC;AAExC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAI1C,mEAAmE;AACnE,wEAAwE;AACxE,yEAAyE;AACzE,yEAAyE;AACzE,eAAe;AACf,MAAM,UAAU,mBAAmB;IACjC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AACzD,CAAC;AAED,sEAAsE;AACtE,yEAAyE;AACzE,wEAAwE;AACxE,gDAAgD;AAChD,MAAM,UAAU,aAAa,CAAC,MAAmB,EAAE,GAAsB;IACvE,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,IAAI,oBAAoB,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;AACvF,CAAC;AAED,uEAAuE;AACvE,oEAAoE;AACpE,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,wEAAwE;AACxE,6EAA6E;AAC7E,8EAA8E;AAC9E,8EAA8E;AAC9E,0BAA0B;AAC1B,MAAM,UAAU,eAAe,CAC7B,MAAmB,EACnB,MAAc,EACd,OAA0B,EAC1B,aAAsB,EACtB,QAAiB;IAEjB,MAAM,GAAG,GAAsB;QAC7B,GAAG,OAAO;QACV,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG;QACjC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC;QACnC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI;QAC3B,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,YAAY;KACvB,CAAC;IACF,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,uEAAuE;QACvE,uEAAuE;QACvE,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC;QAC/B,GAAG,CAAC,iBAAiB,GAAG,aAAa,CAAC;QACtC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,GAAG,CAAC,mBAAmB,GAAG,QAAQ,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,CAAC,mBAAmB,CAAC;QACjC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,wDAAwD;QACxD,OAAO,GAAG,CAAC,kBAAkB,CAAC;QAC9B,OAAO,GAAG,CAAC,mBAAmB,CAAC;QAC/B,GAAG,CAAC,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC;IAC7C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;
|
|
1
|
+
{"version":3,"file":"dev-runtime.js","sourceRoot":"","sources":["../../src/commands/dev-runtime.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,EAAE;AACF,kEAAkE;AAClE,wEAAwE;AACxE,wCAAwC;AAExC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAI1C,mEAAmE;AACnE,wEAAwE;AACxE,yEAAyE;AACzE,yEAAyE;AACzE,eAAe;AACf,MAAM,UAAU,mBAAmB;IACjC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AACzD,CAAC;AAED,sEAAsE;AACtE,yEAAyE;AACzE,wEAAwE;AACxE,gDAAgD;AAChD,MAAM,UAAU,aAAa,CAAC,MAAmB,EAAE,GAAsB;IACvE,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,IAAI,oBAAoB,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;AACvF,CAAC;AAED,uEAAuE;AACvE,oEAAoE;AACpE,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,wEAAwE;AACxE,6EAA6E;AAC7E,8EAA8E;AAC9E,8EAA8E;AAC9E,0BAA0B;AAC1B,MAAM,UAAU,eAAe,CAC7B,MAAmB,EACnB,MAAc,EACd,OAA0B,EAC1B,aAAsB,EACtB,QAAiB;IAEjB,MAAM,GAAG,GAAsB;QAC7B,GAAG,OAAO;QACV,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG;QACjC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC;QACnC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI;QAC3B,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,YAAY;KACvB,CAAC;IACF,qEAAqE;IACrE,2EAA2E;IAC3E,uEAAuE;IACvE,0EAA0E;IAC1E,wEAAwE;IACxE,kEAAkE;IAClE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,eAAe,IAAI,GAAG,KAAK,iBAAiB,EAAE,CAAC;YACzF,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,uEAAuE;QACvE,uEAAuE;QACvE,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC;QAC/B,GAAG,CAAC,iBAAiB,GAAG,aAAa,CAAC;QACtC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,GAAG,CAAC,mBAAmB,GAAG,QAAQ,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,CAAC,mBAAmB,CAAC;QACjC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,wDAAwD;QACxD,OAAO,GAAG,CAAC,kBAAkB,CAAC;QAC9B,OAAO,GAAG,CAAC,mBAAmB,CAAC;QAC/B,GAAG,CAAC,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC;IAC7C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,yEAAyE;AACzE,8EAA8E;AAC9E,yEAAyE;AACzE,gBAAgB;AAChB,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,eAAe,CAAC;IACzB,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,sEAAsE;AACtE,kEAAkE;AAClE,kEAAkE;AAClE,yEAAyE;AACzE,2DAA2D;AAC3D,MAAM,UAAU,eAAe,CAAC,IAAyB;IACvD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,gFAAgF,CAAC;IAC1F,CAAC;IACD,MAAM,IAAI,GACR,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;QACzD,CAAC,CAAC,uBAAuB;QACzB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YAC7D,CAAC,CAAC,SAAS,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG;YAC/C,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;gBACjE,CAAC,CAAC,mBAAmB;gBACrB,CAAC,CAAC,8DAA8D,CAAC;IACzE,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,CAAC;IACrB,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpE,KAAK,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAClF,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACzE,IAAI,IAAI,CAAC,EAAE,EAAE,IAAI,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;SAClE,IAAI,IAAI,CAAC,EAAE,EAAE,KAAK,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACvE,IAAI,IAAI,CAAC,EAAE,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;QAClC,wDAAwD;QACxD,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAkBD,MAAM,UAAU,uBAAuB,CACrC,IAAyB,EACzB,WAA2C,EAC3C,UAAmB;IAEnB,IAAI,CAAC,UAAU,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,iBAAiB,CAAC;IAChE,MAAM,KAAK,GAAG,WAAW,EAAE,KAAK,CAAC;IACjC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,OAAO,WAAW,EAAE,aAAa,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,eAAe,CAAC;IAC5E,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,WAAW,CAAC;IAChF,OAAO,UAAU,CAAC;AACpB,CAAC;AA0BD,6EAA6E;AAC7E,kEAAkE;AAClE,0EAA0E;AAC1E,6EAA6E;AAC7E,cAAc;AACd,4EAA4E;AAC5E,yEAAyE;AACzE,6EAA6E;AAC7E,kDAAkD;AAClD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAmB,EACnB,MAA0B,EAC1B,GAAsB;IAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACzB,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC,CAAC,+CAA+C;IAElF,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC;IAE/B,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE,EAAE,KAAK,IAAI,GAAG,CAAC,mBAAmB,CAAC;IAC3D,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,qDAAqD;QACrD,MAAM,OAAO,GACX,MAAM,KAAK,SAAS;YAClB,CAAC,CAAC,mEAAmE;gBACnE,8EAA8E;YAChF,CAAC,CAAC,SAAS,CAAC;QAChB,OAAO,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACpF,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;IAC/B,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC;QAC3B,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;YAC1C,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,IAAI;YACJ,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM;YACvB,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ;YAC3B,MAAM;SACP,CAAC,CAAC;QACH,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,uBAAuB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACvD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CACX,yBAAyB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO;gBACtE,mEAAmE;gBACnE,+BAA+B,CAClC,CAAC;QACJ,CAAC;QACD,wEAAwE;QACxE,kEAAkE;QAClE,sEAAsE;QACtE,MAAM,eAAe,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,eAAe,KAAK,SAAS;YAAE,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAClE,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAClD,IAAI,WAAW,KAAK,SAAS;YAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5C,OAAO;YACL,KAAK;YACL,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3B,GAAG,CAAC,WAAW,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS;gBAC5D,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE;gBACzB,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GACd,MAAM,KAAK,SAAS;QAClB,CAAC,CAAC,uEAAuE;QACzE,CAAC,CAAC,EAAE,CAAC;IACT,OAAO;QACL,OAAO,EACL,wEAAwE;YACxE,wEAAwE;YACxE,yEAAyE;YACzE,uCAAuC,UAAU,GAAG;KACvD,CAAC;AACJ,CAAC;AAED,yEAAyE;AACzE,yEAAyE;AACzE,0EAA0E;AAC1E,yDAAyD;AACzD,SAAS,uBAAuB,CAC9B,IAAsC,EACtC,MAA2C;IAE3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAS,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;IACpE,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,SAAS;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACvD,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,SAAS;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,2EAA2E;AAC3E,qEAAqE;AACrE,0EAA0E;AAC1E,6DAA6D;AAC7D,SAAS,qBAAqB,CAC5B,MAA2C;IAE3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,sEAAsE;IACtE,sEAAsE;IACtE,yBAAyB;IACzB,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACvB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,OAAO,+DAA+D;gBACpE,kDAAkD,CAAC;QACvD,CAAC;QACD,IAAI,GAAG,IAAI,GAAG,EAAE,CAAC;YACf,OAAO,gEAAgE;gBACrE,kCAAkC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACvB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,OAAO,+DAA+D;gBACpE,kDAAkD,CAAC;QACvD,CAAC;QACD,IAAI,GAAG,GAAG,GAAG,EAAE,CAAC;YACd,OAAO,8DAA8D;gBACnE,8CAA8C,CAAC;QACnD,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,uEAAuE;AACvE,uEAAuE;AACvE,4CAA4C;AAC5C,SAAS,iBAAiB,CACxB,IAAsC,EACtC,IAAwB;IAExB,MAAM,SAAS,GAAG,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC;IAClF,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,OAAO,iEAAiE;YACtE,wEAAwE;YACxE,+DAA+D,CAAC;IACpE,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9E,OAAO,8BAA8B,SAAS,+BAA+B;YAC3E,oEAAoE;YACpE,eAAe,CAAC;IACpB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../../src/commands/dev.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../../src/commands/dev.ts"],"names":[],"mappings":"AAqCA,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;iFAC6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AA8FF,wBAAsB,UAAU,CAAC,IAAI,GAAE,UAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA2HrE"}
|
package/dist/commands/dev.js
CHANGED
|
@@ -8,8 +8,9 @@
|
|
|
8
8
|
// startHttpServer (spec §7.1).
|
|
9
9
|
//
|
|
10
10
|
// Both default to 0.0.0.0 (spec §9.1, so `docker compose` port mapping
|
|
11
|
-
// works); a loud warning fires on a non-loopback bind because
|
|
12
|
-
//
|
|
11
|
+
// works); a loud warning fires on a non-loopback bind because the UI and
|
|
12
|
+
// MCP listeners have no authentication of their own (the in-house API may
|
|
13
|
+
// enforce JWT auth; the Admin UI warning distinguishes that case).
|
|
13
14
|
//
|
|
14
15
|
// The Admin UI is an adapter-node (SvelteKit) server: without ORIGIN it
|
|
15
16
|
// assumes https and rejects every form POST over plain http with a 403.
|
|
@@ -20,7 +21,7 @@ import { existsSync } from 'node:fs';
|
|
|
20
21
|
import { SchemaCache, startHttpServer, isLoopbackHost } from '@kozou/mcp';
|
|
21
22
|
import { loadConfig, ADAPTER_KINDS } from '../config.js';
|
|
22
23
|
import { PACKAGE_VERSION } from '../version.js';
|
|
23
|
-
import { buildAdminUiEnv, resolveAdminUiEntry, resolveAdminUiToken, resolveOrigin, } from './dev-runtime.js';
|
|
24
|
+
import { buildAdminUiEnv, classifyAdminUiExposure, describeApiAuth, resolveAdminUiEntry, resolveAdminUiToken, resolveOrigin, } from './dev-runtime.js';
|
|
24
25
|
const PREFIX = '[kozou dev]';
|
|
25
26
|
// The in-house @kozou/api server is reached only by the Admin UI's
|
|
26
27
|
// server-side fetch (same host), so bind it to loopback — no need to
|
|
@@ -77,13 +78,27 @@ async function startInhouseApi(config, port) {
|
|
|
77
78
|
},
|
|
78
79
|
};
|
|
79
80
|
}
|
|
80
|
-
|
|
81
|
+
// Warn when a surface with no authentication of its own binds beyond
|
|
82
|
+
// loopback. The Admin UI never has a login of its own; what varies is how
|
|
83
|
+
// the API behind it treats the UI's requests, so the warning states the
|
|
84
|
+
// resolved exposure mode instead of implying nothing (or everything) is
|
|
85
|
+
// protected.
|
|
86
|
+
function warnIfPublic(label, host, exposure) {
|
|
81
87
|
if (isLoopbackHost(host))
|
|
82
88
|
return;
|
|
89
|
+
const detail = {
|
|
90
|
+
unauthenticated: `${PREFIX} It has NO authentication. Anyone who can reach ${host} can use it.\n`,
|
|
91
|
+
'service-token': `${PREFIX} The API behind it verifies JWTs, but ${label} itself has no login —\n` +
|
|
92
|
+
`${PREFIX} anyone who can reach ${host} acts with its service token.\n`,
|
|
93
|
+
'anon-role': `${PREFIX} The API behind it verifies JWTs and ${label} holds no token, so\n` +
|
|
94
|
+
`${PREFIX} anyone who can reach ${host} acts as the anonymous role.\n`,
|
|
95
|
+
rejected: `${PREFIX} The API behind it verifies JWTs and ${label} holds no usable token,\n` +
|
|
96
|
+
`${PREFIX} so the API rejects its requests; the port itself stays reachable.\n`,
|
|
97
|
+
};
|
|
83
98
|
process.stderr.write(`${PREFIX} WARNING: ${label} bound to non-loopback host "${host}".\n` +
|
|
84
|
-
|
|
85
|
-
`${PREFIX}
|
|
86
|
-
`${PREFIX}
|
|
99
|
+
detail[exposure] +
|
|
100
|
+
`${PREFIX} This is expected inside docker compose; avoid it on an untrusted\n` +
|
|
101
|
+
`${PREFIX} network or put an auth proxy in front.\n`);
|
|
87
102
|
}
|
|
88
103
|
export async function devCommand(opts = {}) {
|
|
89
104
|
if (opts.adapter !== undefined && !ADAPTER_KINDS.includes(opts.adapter)) {
|
|
@@ -109,20 +124,23 @@ export async function devCommand(opts = {}) {
|
|
|
109
124
|
: null;
|
|
110
125
|
if (api) {
|
|
111
126
|
process.stderr.write(`${PREFIX} in-house @kozou/api on ${api.url}\n`);
|
|
127
|
+
// State the auth mode unambiguously: a stack whose KOZOU_JWT_* env never
|
|
128
|
+
// reached this process fails open, and this line is what surfaces it.
|
|
129
|
+
process.stderr.write(`${PREFIX} api auth: ${describeApiAuth(config.auth)}\n`);
|
|
112
130
|
}
|
|
113
131
|
// When the in-house API enforces auth, resolve the token the bundled Admin
|
|
114
132
|
// UI presents to it: a minted HS256 token, a supplied RS256 / external one,
|
|
115
133
|
// or none (with a warning) when neither is available. @kozou/api is already
|
|
116
134
|
// imported (startInhouseApi succeeded), so this dynamic import is cached.
|
|
117
|
-
let
|
|
135
|
+
let tokenResult;
|
|
118
136
|
if (api && config.auth) {
|
|
119
137
|
const apiModule = await import('@kozou/api');
|
|
120
|
-
|
|
121
|
-
if (
|
|
122
|
-
process.stderr.write(`${PREFIX} WARNING: ${
|
|
138
|
+
tokenResult = await resolveAdminUiToken(config, apiModule, process.env);
|
|
139
|
+
if (tokenResult.warning) {
|
|
140
|
+
process.stderr.write(`${PREFIX} WARNING: ${tokenResult.warning}\n`);
|
|
123
141
|
}
|
|
124
|
-
apiToken = resolved.token;
|
|
125
142
|
}
|
|
143
|
+
const apiToken = tokenResult?.token;
|
|
126
144
|
const cache = new SchemaCache({
|
|
127
145
|
connection: config.database.url,
|
|
128
146
|
schemas: config.database.schemas,
|
|
@@ -136,7 +154,7 @@ export async function devCommand(opts = {}) {
|
|
|
136
154
|
logPrefix: `${PREFIX} mcp`,
|
|
137
155
|
});
|
|
138
156
|
// 2. Admin UI, as a child process.
|
|
139
|
-
warnIfPublic('Admin UI', config.server.ui.host);
|
|
157
|
+
warnIfPublic('Admin UI', config.server.ui.host, classifyAdminUiExposure(config.auth, tokenResult, api !== null));
|
|
140
158
|
const origin = resolveOrigin(config, process.env);
|
|
141
159
|
const child = spawn('node', [adminUiEntry], {
|
|
142
160
|
env: buildAdminUiEnv(config, origin, process.env, api?.url, apiToken),
|
package/dist/commands/dev.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev.js","sourceRoot":"","sources":["../../src/commands/dev.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,EAAE;AACF,sEAAsE;AACtE,wEAAwE;AACxE,uEAAuE;AACvE,iEAAiE;AACjE,sEAAsE;AACtE,mCAAmC;AACnC,EAAE;AACF,uEAAuE;AACvE,
|
|
1
|
+
{"version":3,"file":"dev.js","sourceRoot":"","sources":["../../src/commands/dev.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,EAAE;AACF,sEAAsE;AACtE,wEAAwE;AACxE,uEAAuE;AACvE,iEAAiE;AACjE,sEAAsE;AACtE,mCAAmC;AACnC,EAAE;AACF,uEAAuE;AACvE,yEAAyE;AACzE,0EAA0E;AAC1E,mEAAmE;AACnE,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,oEAAoE;AACpE,oEAAoE;AAEpE,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE1E,OAAO,EAAE,UAAU,EAAoB,aAAa,EAAoB,MAAM,cAAc,CAAC;AAC7F,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,eAAe,EACf,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,GAGd,MAAM,kBAAkB,CAAC;AAW1B,MAAM,MAAM,GAAG,aAAa,CAAC;AAE7B,mEAAmE;AACnE,qEAAqE;AACrE,2CAA2C;AAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC;AAC7B,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAI9B,kEAAkE;AAClE,uEAAuE;AACvE,yEAAyE;AACzE,2EAA2E;AAC3E,iEAAiE;AACjE,KAAK,UAAU,eAAe,CAAC,MAAmB,EAAE,IAAY;IAC9D,IAAI,SAAsC,CAAC;IAC3C,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,GAAG,MAAM,gEAAgE;YACvE,yEAAyE;YACzE,4DAA4D;YAC5D,yEAAyE;YACzE,gEAAgE,CACnE,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACzD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAC3D,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAE3C,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC;QAC3B,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG;QAC/B,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;KACjC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;IACpE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,cAAc,CAAC;QAC5C,MAAM;QACN,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,IAAY,EAAE,MAAkB,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE;QAC7E,yEAAyE;QACzE,0EAA0E;QAC1E,iEAAiE;QACjE,sDAAsD;QACtD,IAAI;QACJ,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI,EAAE,QAAQ;QACd,IAAI;QACJ,mEAAmE;QACnE,qEAAqE;QACrE,OAAO,EAAE,eAAe;QACxB,SAAS,EAAE,GAAG,MAAM,MAAM;KAC3B,CAAC,CAAC;IAEH,OAAO;QACL,GAAG,EAAE,UAAU,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE;QACxC,KAAK,EAAE,KAAK,IAAI,EAAE;YAChB,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;YACrB,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QACnB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,0EAA0E;AAC1E,wEAAwE;AACxE,wEAAwE;AACxE,aAAa;AACb,SAAS,YAAY,CAAC,KAAa,EAAE,IAAY,EAAE,QAAyB;IAC1E,IAAI,cAAc,CAAC,IAAI,CAAC;QAAE,OAAO;IACjC,MAAM,MAAM,GAAoC;QAC9C,eAAe,EAAE,GAAG,MAAM,mDAAmD,IAAI,gBAAgB;QACjG,eAAe,EACb,GAAG,MAAM,yCAAyC,KAAK,0BAA0B;YACjF,GAAG,MAAM,yBAAyB,IAAI,iCAAiC;QACzE,WAAW,EACT,GAAG,MAAM,wCAAwC,KAAK,uBAAuB;YAC7E,GAAG,MAAM,yBAAyB,IAAI,gCAAgC;QACxE,QAAQ,EACN,GAAG,MAAM,wCAAwC,KAAK,2BAA2B;YACjF,GAAG,MAAM,sEAAsE;KAClF,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,GAAG,MAAM,aAAa,KAAK,gCAAgC,IAAI,MAAM;QACnE,MAAM,CAAC,QAAQ,CAAC;QAChB,GAAG,MAAM,qEAAqE;QAC9E,GAAG,MAAM,2CAA2C,CACvD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAmB,EAAE;IACpD,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,CAAE,aAAmC,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/F,MAAM,IAAI,KAAK,CACb,GAAG,MAAM,uBAAuB,IAAI,CAAC,OAAO,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAC5F,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAEvD,2EAA2E;IAC3E,2EAA2E;IAC3E,0EAA0E;IAC1E,MAAM,WAAW,GAAiB,IAAI,CAAC,OAAmC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;IAClG,MAAM,aAAa,GAAG,WAAW,KAAK,KAAK,CAAC;IAE5C,MAAM,YAAY,GAAG,mBAAmB,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,GAAG,MAAM,gCAAgC,YAAY,IAAI;YACvD,yEAAyE;YACzE,4EAA4E,CAC/E,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,2EAA2E;IAC3E,yBAAyB;IACzB,MAAM,GAAG,GAAsB,aAAa;QAC1C,CAAC,CAAC,MAAM,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,IAAI,gBAAgB,CAAC;QACjE,CAAC,CAAC,IAAI,CAAC;IACT,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,2BAA2B,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QACtE,yEAAyE;QACzE,sEAAsE;QACtE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,cAAc,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChF,CAAC;IAED,2EAA2E;IAC3E,4EAA4E;IAC5E,4EAA4E;IAC5E,0EAA0E;IAC1E,IAAI,WAA2C,CAAC;IAChD,IAAI,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAC7C,WAAW,GAAG,MAAM,mBAAmB,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACxE,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,aAAa,WAAW,CAAC,OAAO,IAAI,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,EAAE,KAAK,CAAC;IAEpC,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;QAC5B,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG;QAC/B,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;QAChC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;KAC1B,CAAC,CAAC;IAEH,8DAA8D;IAC9D,yDAAyD;IACzD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE;QACvC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI;QACjC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI;QACjC,SAAS,EAAE,GAAG,MAAM,MAAM;KAC3B,CAAC,CAAC;IAEH,mCAAmC;IACnC,YAAY,CACV,UAAU,EACV,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EACrB,uBAAuB,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,KAAK,IAAI,CAAC,CAChE,CAAC;IACF,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,YAAY,CAAC,EAAE;QAC1C,GAAG,EAAE,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC;QACrE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IACrF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IAErF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,GAAG,MAAM,uBAAuB,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9E,YAAY,MAAM,KAAK,CAC1B,CAAC;IAEF,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,aAAa,GAAG,GAAqB,EAAE,CAC3C,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAE3E,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,IAAI,YAAY,GAAG,KAAK,CAAC;QAEzB,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAQ,EAAE;YACxC,IAAI,YAAY;gBAAE,OAAO;YACzB,YAAY,GAAG,IAAI,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,MAAM,mBAAmB,CAAC,CAAC;YAC7D,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC;gBACzD,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;YACD,KAAK,aAAa,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC;QAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACxD,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;QAE1D,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YAChC,IAAI,YAAY;gBAAE,OAAO;YACzB,iEAAiE;YACjE,yCAAyC;YACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,GAAG,MAAM,0BAA0B,IAAI,IAAI,MAAM,YAAY,MAAM,IAAI,MAAM,KAAK,CACnF,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC;YAC7B,YAAY,GAAG,IAAI,CAAC;YACpB,KAAK,aAAa,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,8BAA8B,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;YAC7E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/config.d.ts
CHANGED
|
@@ -52,6 +52,7 @@ declare const configSchema: z.ZodObject<{
|
|
|
52
52
|
ui: z.ZodOptional<z.ZodObject<{
|
|
53
53
|
role: z.ZodOptional<z.ZodString>;
|
|
54
54
|
token: z.ZodOptional<z.ZodString>;
|
|
55
|
+
claims: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
55
56
|
}, z.core.$strip>>;
|
|
56
57
|
}, z.core.$strip>>;
|
|
57
58
|
}, z.core.$strip>;
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA2CxB,eAAO,MAAM,aAAa,+BAAgC,CAAC;AAC3D,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA2CxB,eAAO,MAAM,aAAa,+BAAgC,CAAC;AAC3D,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AA+DzD,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAOhB,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAIvD,MAAM,MAAM,gBAAgB,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjE,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;gBACrB,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE;CAMjF;AAMD,MAAM,MAAM,iBAAiB,GAAG;IAC9B,+EAA+E;IAC/E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wEAAwE;IACxE,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAyIF,wBAAsB,UAAU,CAAC,IAAI,GAAE,iBAAsB,GAAG,OAAO,CAAC,WAAW,CAAC,CA6CnF"}
|
package/dist/config.js
CHANGED
|
@@ -87,11 +87,14 @@ const jwtAuthSchema = z.object({
|
|
|
87
87
|
});
|
|
88
88
|
// How the bundled Admin UI authenticates to @kozou/api when auth is on. This
|
|
89
89
|
// is a CLI-only concern (not part of @kozou/api's AuthConfig): under HS256 the
|
|
90
|
-
// CLI mints a token claiming `role
|
|
91
|
-
//
|
|
90
|
+
// CLI mints a token claiming `role` plus the optional `claims` (for RLS
|
|
91
|
+
// policies that read request.jwt.claims beyond the role, e.g. a tenant id);
|
|
92
|
+
// for RS256 / an external IdP it cannot mint, so `token` carries a
|
|
93
|
+
// ready-made one through to the UI instead.
|
|
92
94
|
const authUiSchema = z.object({
|
|
93
95
|
role: z.string().min(1).optional(),
|
|
94
96
|
token: z.string().min(1).optional(),
|
|
97
|
+
claims: z.record(z.string(), z.unknown()).optional(),
|
|
95
98
|
});
|
|
96
99
|
const authSchema = z.object({
|
|
97
100
|
jwt: jwtAuthSchema,
|
|
@@ -227,17 +230,47 @@ function injectAuthFromEnv(raw, env) {
|
|
|
227
230
|
if (env.KOZOU_JWT_CLAIMS_GUC)
|
|
228
231
|
auth.claimsGuc = env.KOZOU_JWT_CLAIMS_GUC;
|
|
229
232
|
// How the bundled Admin UI authenticates: KOZOU_UI_ROLE names the role the
|
|
230
|
-
// CLI mints an HS256 token for;
|
|
231
|
-
//
|
|
233
|
+
// CLI mints an HS256 token for; KOZOU_UI_CLAIMS is a JSON object of extra
|
|
234
|
+
// claims to mint into it; KOZOU_ADAPTER_TOKEN supplies a ready-made token
|
|
235
|
+
// (RS256 / external IdP, where the CLI cannot mint).
|
|
232
236
|
const ui = {};
|
|
233
237
|
if (env.KOZOU_UI_ROLE)
|
|
234
238
|
ui.role = env.KOZOU_UI_ROLE;
|
|
239
|
+
if (env.KOZOU_UI_CLAIMS)
|
|
240
|
+
ui.claims = parseUiClaimsEnv(env.KOZOU_UI_CLAIMS);
|
|
235
241
|
if (env.KOZOU_ADAPTER_TOKEN)
|
|
236
242
|
ui.token = env.KOZOU_ADAPTER_TOKEN;
|
|
237
243
|
if (Object.keys(ui).length > 0)
|
|
238
244
|
auth.ui = ui;
|
|
239
245
|
return { ...obj, auth };
|
|
240
246
|
}
|
|
247
|
+
// KOZOU_UI_CLAIMS must be a JSON object. A malformed value fails loudly at
|
|
248
|
+
// startup — silently minting a token without the expected claims would be
|
|
249
|
+
// the same silent-misconfiguration class as unforwarded auth env vars
|
|
250
|
+
// (every RLS policy keyed on a claim would just see nothing).
|
|
251
|
+
function parseUiClaimsEnv(raw) {
|
|
252
|
+
// The CLI surfaces only the top-level error message, so the actionable
|
|
253
|
+
// detail (which env var, what is wrong with it) must live there — not
|
|
254
|
+
// just in the structured issues.
|
|
255
|
+
let parsed;
|
|
256
|
+
try {
|
|
257
|
+
parsed = JSON.parse(raw);
|
|
258
|
+
}
|
|
259
|
+
catch (err) {
|
|
260
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
261
|
+
const detail = `KOZOU_UI_CLAIMS is not valid JSON: ${message}`;
|
|
262
|
+
throw new KozouConfigError(`Invalid kozou config: ${detail}`, null, [
|
|
263
|
+
{ path: 'auth.ui.claims', message: detail },
|
|
264
|
+
]);
|
|
265
|
+
}
|
|
266
|
+
if (parsed === null || typeof parsed !== 'object' || Array.isArray(parsed)) {
|
|
267
|
+
const detail = 'KOZOU_UI_CLAIMS must be a JSON object, e.g. {"tenant_id":"acme"}.';
|
|
268
|
+
throw new KozouConfigError(`Invalid kozou config: ${detail}`, null, [
|
|
269
|
+
{ path: 'auth.ui.claims', message: detail },
|
|
270
|
+
]);
|
|
271
|
+
}
|
|
272
|
+
return parsed;
|
|
273
|
+
}
|
|
241
274
|
export async function loadConfig(opts = {}) {
|
|
242
275
|
const env = opts.env ?? process.env;
|
|
243
276
|
const requestedPath = opts.path ?? DEFAULT_CONFIG_PATH;
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,4BAA4B;AAC5B,EAAE;AACF,4EAA4E;AAC5E,wEAAwE;AACxE,4EAA4E;AAC5E,8EAA8E;AAC9E,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,4EAA4E;AAC5E,+EAA+E;AAC/E,6EAA6E;AAE7E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,8EAA8E;AAE9E,2EAA2E;AAC3E,4EAA4E;AAC5E,0EAA0E;AAC1E,wEAAwE;AACxE,uEAAuE;AACvE,kEAAkE;AAElE,MAAM,cAAc,GAAG,CAAC;KACrB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACvD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CAC3C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACvD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CAC3C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,eAAe,GAAG,CAAC;KACtB,MAAM,CAAC;IACN,IAAI,EAAE,mBAAmB;IACzB,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CAClC,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,YAAY,GAAG,CAAC;KACnB,MAAM,CAAC;IACN,EAAE,EAAE,cAAc;IAClB,GAAG,EAAE,eAAe;CACrB,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,+EAA+E;AAC/E,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,WAAW,CAAU,CAAC;AAG3D,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC1C,yEAAyE;IACzE,4DAA4D;IAC5D,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC;CACxD,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CAC1C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,WAAW,GAAG,CAAC;KAClB,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;CAC/C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kEAAkE,CAAC;IAC1F,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC;CACxD,CAAC,CAAC;AAEH,4EAA4E;AAC5E,wEAAwE;AACxE,wEAAwE;AACxE,4DAA4D;AAC5D,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrC,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC9E,CAAC,CAAC;AAEH,6EAA6E;AAC7E,+EAA+E;AAC/E,2EAA2E;AAC3E,uEAAuE;AACvE,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1B,GAAG,EAAE,aAAa;IAClB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,EAAE,EAAE,YAAY,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,QAAQ,EAAE,cAAc;IACxB,MAAM,EAAE,YAAY;IACpB,OAAO,EAAE,aAAa;IACtB,OAAO,EAAE,aAAa;IACtB,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,UAAU,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAQH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAChC,MAAM,CAAqB;IAC3B,QAAQ,CAAgB;IACjC,YAAY,OAAe,EAAE,QAAuB,EAAE,MAA0B;QAC9E,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED,6EAA6E;AAE7E,MAAM,mBAAmB,GAAG,mBAAmB,CAAC;AAchD,oEAAoE;AACpE,wEAAwE;AACxE,6EAA6E;AAC7E,MAAM,YAAY,GAAG,oDAAoD,CAAC;AAE1E,SAAS,aAAa,CAAC,KAAc,EAAE,GAAsB;IAC3D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,OAAO,CAClB,YAAY,EACZ,CAAC,KAAK,EAAE,IAAwB,EAAE,QAAiB,EAAE,EAAE;YACrD,iEAAiE;YACjE,kEAAkE;YAClE,uCAAuC;YACvC,IAAI,KAAK,KAAK,IAAI;gBAAE,OAAO,GAAG,CAAC;YAC/B,gEAAgE;YAChE,iEAAiE;YACjE,+DAA+D;YAC/D,gDAAgD;YAChD,MAAM,CAAC,GAAG,GAAG,CAAC,IAAc,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,CAAC,CAAC;YAC9B,IAAI,QAAQ,KAAK,SAAS;gBAAE,OAAO,QAAQ,CAAC;YAC5C,OAAO,EAAE,CAAC;QACZ,CAAC,CACF,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAAC,GAAY,EAAE,GAAsB;IACpE,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC;IAChC,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,EAAE;QAAE,OAAO,GAAG,CAAC;IAEtD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,QAAQ,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,EAAE,GAAG,QAAmC,CAAC;QAC/C,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,CAAC,GAAG,KAAK,EAAE,EAAE,CAAC;YAC1C,OAAO,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,KAAyB;IAC1C,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,MAAM,KAAK,GAAG,KAAK;SAChB,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC;AAED,8EAA8E;AAC9E,2EAA2E;AAC3E,2EAA2E;AAC3E,SAAS,iBAAiB,CAAC,GAAY,EAAE,GAAsB;IAC7D,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC,CAAC,kCAAkC;IAE1E,MAAM,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAC;IACpC,MAAM,SAAS,GAAG,GAAG,CAAC,oBAAoB,CAAC;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,kBAAkB,CAAC;IACvC,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC,CAAC,sCAAsC;IAEzF,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,IAAI,MAAM;QAAE,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC;IAChC,IAAI,SAAS;QAAE,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC;IACzC,IAAI,OAAO;QAAE,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;IACnC,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACvD,IAAI,UAAU;QAAE,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC;IAC5C,IAAI,GAAG,CAAC,gBAAgB;QAAE,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAC;IAC5D,IAAI,GAAG,CAAC,kBAAkB;QAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,kBAAkB,CAAC;IAElE,MAAM,IAAI,GAA4B,EAAE,GAAG,EAAE,CAAC;IAC9C,IAAI,GAAG,CAAC,oBAAoB;QAAE,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,oBAAoB,CAAC;IACxE,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IAC5D,IAAI,YAAY;QAAE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnD,IAAI,GAAG,CAAC,sBAAsB;QAAE,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,sBAAsB,CAAC;IAC9E,IAAI,GAAG,CAAC,mBAAmB;QAAE,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,mBAAmB,CAAC;IACrE,IAAI,GAAG,CAAC,oBAAoB;QAAE,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,oBAAoB,CAAC;IAExE,2EAA2E;IAC3E,0EAA0E;IAC1E,2DAA2D;IAC3D,MAAM,EAAE,GAA4B,EAAE,CAAC;IACvC,IAAI,GAAG,CAAC,aAAa;QAAE,EAAE,CAAC,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;IACnD,IAAI,GAAG,CAAC,mBAAmB;QAAE,EAAE,CAAC,KAAK,GAAG,GAAG,CAAC,mBAAmB,CAAC;IAChE,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IAC7C,OAAO,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAA0B,EAAE;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,IAAI,mBAAmB,CAAC;IACvD,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC;QACvC,CAAC,CAAC,aAAa;QACf,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,CAAC,CAAC;IAE1C,IAAI,GAAG,GAAY,EAAE,CAAC;IACtB,IAAI,UAAU,GAAkB,IAAI,CAAC;IACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,IAAI,gBAAgB,CACxB,iCAAiC,OAAO,EAAE,EAC1C,OAAO,EACP,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAC9B,CAAC;QACJ,CAAC;QACD,UAAU,GAAG,OAAO,CAAC;IACvB,CAAC;IAED,wEAAwE;IACxE,MAAM,aAAa,GAAG,wBAAwB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,aAAa,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACnD,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAElD,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,IAAI,gBAAgB,CACxB,yBAAyB,GAAG,CAAC,MAAM,CAAC,MAAM,WAAW,EACrD,UAAU,EACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACrB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ;gBAClC,OAAO,EAAE,CAAC,CAAC,OAAO;aACnB,CAAC,CAAC,CACJ,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,4BAA4B;AAC5B,EAAE;AACF,4EAA4E;AAC5E,wEAAwE;AACxE,4EAA4E;AAC5E,8EAA8E;AAC9E,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,4EAA4E;AAC5E,+EAA+E;AAC/E,6EAA6E;AAE7E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,8EAA8E;AAE9E,2EAA2E;AAC3E,4EAA4E;AAC5E,0EAA0E;AAC1E,wEAAwE;AACxE,uEAAuE;AACvE,kEAAkE;AAElE,MAAM,cAAc,GAAG,CAAC;KACrB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACvD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CAC3C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACvD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CAC3C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,eAAe,GAAG,CAAC;KACtB,MAAM,CAAC;IACN,IAAI,EAAE,mBAAmB;IACzB,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CAClC,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,YAAY,GAAG,CAAC;KACnB,MAAM,CAAC;IACN,EAAE,EAAE,cAAc;IAClB,GAAG,EAAE,eAAe;CACrB,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,+EAA+E;AAC/E,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,WAAW,CAAU,CAAC;AAG3D,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC1C,yEAAyE;IACzE,4DAA4D;IAC5D,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC;CACxD,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CAC1C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,WAAW,GAAG,CAAC;KAClB,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;CAC/C,CAAC;KACD,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhB,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kEAAkE,CAAC;IAC1F,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC;CACxD,CAAC,CAAC;AAEH,4EAA4E;AAC5E,wEAAwE;AACxE,wEAAwE;AACxE,4DAA4D;AAC5D,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrC,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC9E,CAAC,CAAC;AAEH,6EAA6E;AAC7E,+EAA+E;AAC/E,wEAAwE;AACxE,4EAA4E;AAC5E,mEAAmE;AACnE,4CAA4C;AAC5C,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1B,GAAG,EAAE,aAAa;IAClB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,EAAE,EAAE,YAAY,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,QAAQ,EAAE,cAAc;IACxB,MAAM,EAAE,YAAY;IACpB,OAAO,EAAE,aAAa;IACtB,OAAO,EAAE,aAAa;IACtB,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,UAAU,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAQH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAChC,MAAM,CAAqB;IAC3B,QAAQ,CAAgB;IACjC,YAAY,OAAe,EAAE,QAAuB,EAAE,MAA0B;QAC9E,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED,6EAA6E;AAE7E,MAAM,mBAAmB,GAAG,mBAAmB,CAAC;AAchD,oEAAoE;AACpE,wEAAwE;AACxE,6EAA6E;AAC7E,MAAM,YAAY,GAAG,oDAAoD,CAAC;AAE1E,SAAS,aAAa,CAAC,KAAc,EAAE,GAAsB;IAC3D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,OAAO,CAClB,YAAY,EACZ,CAAC,KAAK,EAAE,IAAwB,EAAE,QAAiB,EAAE,EAAE;YACrD,iEAAiE;YACjE,kEAAkE;YAClE,uCAAuC;YACvC,IAAI,KAAK,KAAK,IAAI;gBAAE,OAAO,GAAG,CAAC;YAC/B,gEAAgE;YAChE,iEAAiE;YACjE,+DAA+D;YAC/D,gDAAgD;YAChD,MAAM,CAAC,GAAG,GAAG,CAAC,IAAc,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,CAAC,CAAC;YAC9B,IAAI,QAAQ,KAAK,SAAS;gBAAE,OAAO,QAAQ,CAAC;YAC5C,OAAO,EAAE,CAAC;QACZ,CAAC,CACF,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAAC,GAAY,EAAE,GAAsB;IACpE,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC;IAChC,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,EAAE;QAAE,OAAO,GAAG,CAAC;IAEtD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,QAAQ,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,EAAE,GAAG,QAAmC,CAAC;QAC/C,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,CAAC,GAAG,KAAK,EAAE,EAAE,CAAC;YAC1C,OAAO,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,KAAyB;IAC1C,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,MAAM,KAAK,GAAG,KAAK;SAChB,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC;AAED,8EAA8E;AAC9E,2EAA2E;AAC3E,2EAA2E;AAC3E,SAAS,iBAAiB,CAAC,GAAY,EAAE,GAAsB;IAC7D,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC,CAAC,kCAAkC;IAE1E,MAAM,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAC;IACpC,MAAM,SAAS,GAAG,GAAG,CAAC,oBAAoB,CAAC;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,kBAAkB,CAAC;IACvC,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC,CAAC,sCAAsC;IAEzF,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,IAAI,MAAM;QAAE,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC;IAChC,IAAI,SAAS;QAAE,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC;IACzC,IAAI,OAAO;QAAE,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;IACnC,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACvD,IAAI,UAAU;QAAE,GAAG,CAAC,UAAU,GAAG,UAAU,CAAC;IAC5C,IAAI,GAAG,CAAC,gBAAgB;QAAE,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAC;IAC5D,IAAI,GAAG,CAAC,kBAAkB;QAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,kBAAkB,CAAC;IAElE,MAAM,IAAI,GAA4B,EAAE,GAAG,EAAE,CAAC;IAC9C,IAAI,GAAG,CAAC,oBAAoB;QAAE,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,oBAAoB,CAAC;IACxE,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IAC5D,IAAI,YAAY;QAAE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnD,IAAI,GAAG,CAAC,sBAAsB;QAAE,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,sBAAsB,CAAC;IAC9E,IAAI,GAAG,CAAC,mBAAmB;QAAE,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,mBAAmB,CAAC;IACrE,IAAI,GAAG,CAAC,oBAAoB;QAAE,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,oBAAoB,CAAC;IAExE,2EAA2E;IAC3E,0EAA0E;IAC1E,0EAA0E;IAC1E,qDAAqD;IACrD,MAAM,EAAE,GAA4B,EAAE,CAAC;IACvC,IAAI,GAAG,CAAC,aAAa;QAAE,EAAE,CAAC,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC;IACnD,IAAI,GAAG,CAAC,eAAe;QAAE,EAAE,CAAC,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,GAAG,CAAC,mBAAmB;QAAE,EAAE,CAAC,KAAK,GAAG,GAAG,CAAC,mBAAmB,CAAC;IAChE,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IAC7C,OAAO,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,2EAA2E;AAC3E,0EAA0E;AAC1E,sEAAsE;AACtE,8DAA8D;AAC9D,SAAS,gBAAgB,CAAC,GAAW;IACnC,uEAAuE;IACvE,sEAAsE;IACtE,iCAAiC;IACjC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,sCAAsC,OAAO,EAAE,CAAC;QAC/D,MAAM,IAAI,gBAAgB,CAAC,yBAAyB,MAAM,EAAE,EAAE,IAAI,EAAE;YAClE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,MAAM,MAAM,GAAG,mEAAmE,CAAC;QACnF,MAAM,IAAI,gBAAgB,CAAC,yBAAyB,MAAM,EAAE,EAAE,IAAI,EAAE;YAClE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAA0B,EAAE;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,IAAI,mBAAmB,CAAC;IACvD,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC;QACvC,CAAC,CAAC,aAAa;QACf,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,CAAC,CAAC;IAE1C,IAAI,GAAG,GAAY,EAAE,CAAC;IACtB,IAAI,UAAU,GAAkB,IAAI,CAAC;IACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,IAAI,gBAAgB,CACxB,iCAAiC,OAAO,EAAE,EAC1C,OAAO,EACP,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAC9B,CAAC;QACJ,CAAC;QACD,UAAU,GAAG,OAAO,CAAC;IACvB,CAAC;IAED,wEAAwE;IACxE,MAAM,aAAa,GAAG,wBAAwB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,aAAa,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACnD,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAElD,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,IAAI,gBAAgB,CACxB,yBAAyB,GAAG,CAAC,MAAM,CAAC,MAAM,WAAW,EACrD,UAAU,EACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACrB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ;gBAClC,OAAO,EAAE,CAAC,CAAC,OAAO;aACnB,CAAC,CAAC,CACJ,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}
|
|
@@ -34,7 +34,7 @@ services:
|
|
|
34
34
|
# `kozou dev` spawns the bundled @kozou/svelte-ui Admin UI, the MCP HTTP
|
|
35
35
|
# server, and Kozou's in-house REST backend (all in-process). Each binds
|
|
36
36
|
# 0.0.0.0 inside the container so the port mappings below reach your host.
|
|
37
|
-
image: ghcr.io/kozou-dev/kozou:v1.
|
|
37
|
+
image: ghcr.io/kozou-dev/kozou:v1.2.0
|
|
38
38
|
command: ["dev"]
|
|
39
39
|
environment:
|
|
40
40
|
DATABASE_URL: postgres://${POSTGRES_USER:-kozou}:${POSTGRES_PASSWORD:-kozou}@postgres:5432/${POSTGRES_DB:-kozou}
|
|
@@ -44,6 +44,25 @@ services:
|
|
|
44
44
|
# Set it to the exact URL you open in the browser; override if you
|
|
45
45
|
# publish the Admin UI on a different host or port.
|
|
46
46
|
ORIGIN: ${KOZOU_ORIGIN:-http://localhost:3333}
|
|
47
|
+
# JWT auth (see .env.example). Compose reads .env for ${VAR}
|
|
48
|
+
# interpolation only, so every variable must be forwarded here
|
|
49
|
+
# explicitly to reach the container. An empty value means unset:
|
|
50
|
+
# kozou treats empty auth variables as absent, so leaving these
|
|
51
|
+
# blank keeps auth off (it never means "HS256 with empty secret").
|
|
52
|
+
KOZOU_JWT_SECRET: ${KOZOU_JWT_SECRET:-}
|
|
53
|
+
KOZOU_JWT_PUBLIC_KEY: ${KOZOU_JWT_PUBLIC_KEY:-}
|
|
54
|
+
KOZOU_JWT_JWKS_URI: ${KOZOU_JWT_JWKS_URI:-}
|
|
55
|
+
KOZOU_JWT_ALGORITHMS: ${KOZOU_JWT_ALGORITHMS:-}
|
|
56
|
+
KOZOU_JWT_ISSUER: ${KOZOU_JWT_ISSUER:-}
|
|
57
|
+
KOZOU_JWT_AUDIENCE: ${KOZOU_JWT_AUDIENCE:-}
|
|
58
|
+
KOZOU_JWT_ROLE_CLAIM: ${KOZOU_JWT_ROLE_CLAIM:-}
|
|
59
|
+
KOZOU_JWT_ALLOWED_ROLES: ${KOZOU_JWT_ALLOWED_ROLES:-}
|
|
60
|
+
KOZOU_JWT_DEFAULT_ROLE: ${KOZOU_JWT_DEFAULT_ROLE:-}
|
|
61
|
+
KOZOU_JWT_ANON_ROLE: ${KOZOU_JWT_ANON_ROLE:-}
|
|
62
|
+
KOZOU_JWT_CLAIMS_GUC: ${KOZOU_JWT_CLAIMS_GUC:-}
|
|
63
|
+
KOZOU_UI_ROLE: ${KOZOU_UI_ROLE:-}
|
|
64
|
+
KOZOU_UI_CLAIMS: ${KOZOU_UI_CLAIMS:-}
|
|
65
|
+
KOZOU_ADAPTER_TOKEN: ${KOZOU_ADAPTER_TOKEN:-}
|
|
47
66
|
depends_on:
|
|
48
67
|
postgres:
|
|
49
68
|
condition: service_healthy
|
|
@@ -25,4 +25,5 @@ KOZOU_ORIGIN=http://localhost:3333
|
|
|
25
25
|
# KOZOU_JWT_JWKS_URI=https://your-idp/.well-known/jwks.json # Auth0 / Clerk / Supabase
|
|
26
26
|
# KOZOU_JWT_ANON_ROLE=web_anon # role for requests with no token (else 401)
|
|
27
27
|
# KOZOU_UI_ROLE=app_admin # role the bundled Admin UI runs as (HS256)
|
|
28
|
+
# KOZOU_UI_CLAIMS={"tenant_id":"acme"} # extra claims minted into the UI token (HS256, JSON object)
|
|
28
29
|
# KOZOU_ADAPTER_TOKEN= # RS256 / external IdP: a ready-made UI token
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "kozou",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.2.0",
|
|
4
4
|
"description": "Kozou CLI: scaffolding, schema introspection, and MCP server entry points.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"repository": {
|
|
@@ -38,11 +38,11 @@
|
|
|
38
38
|
"pg": "^8.13.0",
|
|
39
39
|
"yaml": "^2.9.0",
|
|
40
40
|
"zod": "^4.4.3",
|
|
41
|
-
"@kozou/api": "1.
|
|
42
|
-
"@kozou/core": "1.
|
|
43
|
-
"@kozou/mcp": "1.
|
|
44
|
-
"@kozou/
|
|
45
|
-
"@kozou/
|
|
41
|
+
"@kozou/api": "1.2.0",
|
|
42
|
+
"@kozou/core": "1.2.0",
|
|
43
|
+
"@kozou/mcp": "1.2.0",
|
|
44
|
+
"@kozou/introspect": "1.2.0",
|
|
45
|
+
"@kozou/svelte-ui": "1.2.0"
|
|
46
46
|
},
|
|
47
47
|
"devDependencies": {
|
|
48
48
|
"@modelcontextprotocol/sdk": "^1.0.0",
|
|
@@ -51,7 +51,7 @@
|
|
|
51
51
|
"@types/pg": "^8.11.10",
|
|
52
52
|
"testcontainers": "^12.0.0",
|
|
53
53
|
"tsx": "^4.19.0",
|
|
54
|
-
"@kozou/codegen": "1.
|
|
54
|
+
"@kozou/codegen": "1.2.0"
|
|
55
55
|
},
|
|
56
56
|
"scripts": {
|
|
57
57
|
"typecheck": "tsc --noEmit",
|