labgate 0.5.2 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +48 -3
- package/dist/cli.js +322 -19
- package/dist/cli.js.map +1 -1
- package/dist/lib/audit.d.ts +5 -1
- package/dist/lib/audit.js +19 -3
- package/dist/lib/audit.js.map +1 -1
- package/dist/lib/config.d.ts +71 -2
- package/dist/lib/config.js +192 -8
- package/dist/lib/config.js.map +1 -1
- package/dist/lib/container.d.ts +54 -0
- package/dist/lib/container.js +650 -178
- package/dist/lib/container.js.map +1 -1
- package/dist/lib/init.js +22 -9
- package/dist/lib/init.js.map +1 -1
- package/dist/lib/license.d.ts +44 -0
- package/dist/lib/license.js +164 -0
- package/dist/lib/license.js.map +1 -0
- package/dist/lib/policy.d.ts +85 -0
- package/dist/lib/policy.js +321 -0
- package/dist/lib/policy.js.map +1 -0
- package/dist/lib/runtime.d.ts +2 -2
- package/dist/lib/runtime.js +19 -36
- package/dist/lib/runtime.js.map +1 -1
- package/dist/lib/slurm-db.d.ts +51 -0
- package/dist/lib/slurm-db.js +179 -0
- package/dist/lib/slurm-db.js.map +1 -0
- package/dist/lib/slurm-mcp.d.ts +12 -0
- package/dist/lib/slurm-mcp.js +347 -0
- package/dist/lib/slurm-mcp.js.map +1 -0
- package/dist/lib/slurm-poller.d.ts +36 -0
- package/dist/lib/slurm-poller.js +423 -0
- package/dist/lib/slurm-poller.js.map +1 -0
- package/dist/lib/test/integration-harness.d.ts +44 -0
- package/dist/lib/test/integration-harness.js +260 -0
- package/dist/lib/test/integration-harness.js.map +1 -0
- package/dist/lib/ui.d.ts +34 -1
- package/dist/lib/ui.html +3081 -356
- package/dist/lib/ui.js +2123 -108
- package/dist/lib/ui.js.map +1 -1
- package/package.json +11 -3
package/dist/lib/config.d.ts
CHANGED
|
@@ -1,8 +1,19 @@
|
|
|
1
|
+
import type { LicenseStatus } from './license.js';
|
|
1
2
|
export interface MountPath {
|
|
2
3
|
path: string;
|
|
3
4
|
mode: 'rw' | 'ro';
|
|
4
5
|
}
|
|
5
|
-
export
|
|
6
|
+
export interface Dataset {
|
|
7
|
+
/** Absolute host path to the dataset directory */
|
|
8
|
+
path: string;
|
|
9
|
+
/** Human-readable name, used as the mount basename under /datasets/ */
|
|
10
|
+
name: string;
|
|
11
|
+
/** Access mode (default: ro for datasets) */
|
|
12
|
+
mode: 'rw' | 'ro';
|
|
13
|
+
/** Optional brief description of what this dataset contains */
|
|
14
|
+
description?: string;
|
|
15
|
+
}
|
|
16
|
+
export type RuntimePreference = 'auto' | 'apptainer' | 'singularity' | 'docker';
|
|
6
17
|
export interface LabgateConfig {
|
|
7
18
|
/** Container runtime preference: auto detects best available */
|
|
8
19
|
runtime: RuntimePreference;
|
|
@@ -17,6 +28,8 @@ export interface LabgateConfig {
|
|
|
17
28
|
/** Glob patterns to block via empty overlays */
|
|
18
29
|
blocked_patterns: string[];
|
|
19
30
|
};
|
|
31
|
+
/** Named datasets mounted under /datasets/{name} in the container */
|
|
32
|
+
datasets: Dataset[];
|
|
20
33
|
/** Commands blocked inside the sandbox */
|
|
21
34
|
commands: {
|
|
22
35
|
blacklist: string[];
|
|
@@ -26,9 +39,15 @@ export interface LabgateConfig {
|
|
|
26
39
|
mode: 'none' | 'filtered' | 'host';
|
|
27
40
|
allowed_domains: string[];
|
|
28
41
|
};
|
|
29
|
-
/** SLURM
|
|
42
|
+
/** SLURM job tracking settings */
|
|
30
43
|
slurm: {
|
|
31
44
|
enabled: boolean;
|
|
45
|
+
/** Polling interval for squeue in seconds (default 5) */
|
|
46
|
+
poll_interval_seconds: number;
|
|
47
|
+
/** How far back sacct looks for completed jobs in hours (default 24) */
|
|
48
|
+
sacct_lookback_hours: number;
|
|
49
|
+
/** Enable MCP server for Claude Code to query SLURM jobs (default true) */
|
|
50
|
+
mcp_server: boolean;
|
|
32
51
|
};
|
|
33
52
|
/** Audit log settings */
|
|
34
53
|
audit: {
|
|
@@ -39,10 +58,60 @@ export interface LabgateConfig {
|
|
|
39
58
|
export declare const DEFAULT_CONFIG: LabgateConfig;
|
|
40
59
|
export declare const LABGATE_DIR: string;
|
|
41
60
|
export declare const CONFIG_FILE = "config.json";
|
|
61
|
+
export declare const PRIVATE_DIR_MODE = 448;
|
|
62
|
+
export declare const PRIVATE_FILE_MODE = 384;
|
|
63
|
+
export declare function ensurePrivateDir(path: string): void;
|
|
64
|
+
export declare function ensurePrivateFile(path: string): void;
|
|
42
65
|
export declare function getConfigPath(): string;
|
|
66
|
+
export declare function getUiSocketPath(): string;
|
|
43
67
|
export declare function getSandboxHome(): string;
|
|
44
68
|
export declare function getImagesDir(): string;
|
|
45
69
|
export declare function getEmptyDir(): string;
|
|
70
|
+
export declare function getSessionsDir(): string;
|
|
46
71
|
export declare function getLogDir(config: LabgateConfig): string;
|
|
72
|
+
export declare function getSlurmDbPath(): string;
|
|
47
73
|
export declare function validateConfig(config: LabgateConfig): string[];
|
|
48
74
|
export declare function loadConfig(): LabgateConfig;
|
|
75
|
+
export interface EffectiveConfig {
|
|
76
|
+
/** The final merged config used for runtime */
|
|
77
|
+
config: LabgateConfig;
|
|
78
|
+
/** Set of dot-notation field paths that are admin-locked */
|
|
79
|
+
lockedFields: Set<string>;
|
|
80
|
+
/** Items in array fields that are admin-locked (cannot be removed by user) */
|
|
81
|
+
lockedListItems: {
|
|
82
|
+
blocked_patterns: string[];
|
|
83
|
+
blacklist: string[];
|
|
84
|
+
allowed_domains: string[];
|
|
85
|
+
};
|
|
86
|
+
/** Constraints passed to the frontend for UI hints */
|
|
87
|
+
constraints: {
|
|
88
|
+
max_session_timeout_hours?: number;
|
|
89
|
+
allowed_images?: string[];
|
|
90
|
+
};
|
|
91
|
+
/** Whether enterprise mode is active */
|
|
92
|
+
enterprise: boolean;
|
|
93
|
+
/** Institution name from license/policy */
|
|
94
|
+
institution?: string;
|
|
95
|
+
/** Whether the current user is an admin */
|
|
96
|
+
isAdmin: boolean;
|
|
97
|
+
/** License status details */
|
|
98
|
+
licenseStatus?: LicenseStatus;
|
|
99
|
+
/** Policy object (for admin routes) */
|
|
100
|
+
policy?: unknown;
|
|
101
|
+
/** Shared sessions directory (from policy) */
|
|
102
|
+
sharedSessionsDir?: string;
|
|
103
|
+
/** Shared audit directory (from policy) */
|
|
104
|
+
sharedAuditDir?: string;
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Returns policy-locked field paths that conflict with a requested dot-notation key.
|
|
108
|
+
* A conflict exists for exact matches and parent/child path relationships.
|
|
109
|
+
*/
|
|
110
|
+
export declare function findLockedFieldConflicts(key: string, lockedFields: Iterable<string>): string[];
|
|
111
|
+
/**
|
|
112
|
+
* Load the effective config by merging: defaults → user config → admin policy.
|
|
113
|
+
* When no enterprise license is present, returns the user config without policy.
|
|
114
|
+
*
|
|
115
|
+
* This is the primary entry point that all runtime code should use.
|
|
116
|
+
*/
|
|
117
|
+
export declare function loadEffectiveConfig(): EffectiveConfig;
|
package/dist/lib/config.js
CHANGED
|
@@ -1,13 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.CONFIG_FILE = exports.LABGATE_DIR = exports.DEFAULT_CONFIG = void 0;
|
|
3
|
+
exports.PRIVATE_FILE_MODE = exports.PRIVATE_DIR_MODE = exports.CONFIG_FILE = exports.LABGATE_DIR = exports.DEFAULT_CONFIG = void 0;
|
|
4
|
+
exports.ensurePrivateDir = ensurePrivateDir;
|
|
5
|
+
exports.ensurePrivateFile = ensurePrivateFile;
|
|
4
6
|
exports.getConfigPath = getConfigPath;
|
|
7
|
+
exports.getUiSocketPath = getUiSocketPath;
|
|
5
8
|
exports.getSandboxHome = getSandboxHome;
|
|
6
9
|
exports.getImagesDir = getImagesDir;
|
|
7
10
|
exports.getEmptyDir = getEmptyDir;
|
|
11
|
+
exports.getSessionsDir = getSessionsDir;
|
|
8
12
|
exports.getLogDir = getLogDir;
|
|
13
|
+
exports.getSlurmDbPath = getSlurmDbPath;
|
|
9
14
|
exports.validateConfig = validateConfig;
|
|
10
15
|
exports.loadConfig = loadConfig;
|
|
16
|
+
exports.findLockedFieldConflicts = findLockedFieldConflicts;
|
|
17
|
+
exports.loadEffectiveConfig = loadEffectiveConfig;
|
|
11
18
|
const fs_1 = require("fs");
|
|
12
19
|
const path_1 = require("path");
|
|
13
20
|
const os_1 = require("os");
|
|
@@ -35,6 +42,7 @@ exports.DEFAULT_CONFIG = {
|
|
|
35
42
|
'**/secrets*',
|
|
36
43
|
],
|
|
37
44
|
},
|
|
45
|
+
datasets: [],
|
|
38
46
|
commands: {
|
|
39
47
|
blacklist: [
|
|
40
48
|
'ssh', 'scp', 'rsync',
|
|
@@ -59,6 +67,9 @@ exports.DEFAULT_CONFIG = {
|
|
|
59
67
|
},
|
|
60
68
|
slurm: {
|
|
61
69
|
enabled: false,
|
|
70
|
+
poll_interval_seconds: 5,
|
|
71
|
+
sacct_lookback_hours: 24,
|
|
72
|
+
mcp_server: true,
|
|
62
73
|
},
|
|
63
74
|
audit: {
|
|
64
75
|
enabled: true,
|
|
@@ -68,9 +79,31 @@ exports.DEFAULT_CONFIG = {
|
|
|
68
79
|
// ── Paths ─────────────────────────────────────────────────
|
|
69
80
|
exports.LABGATE_DIR = (0, path_1.join)((0, os_1.homedir)(), '.labgate');
|
|
70
81
|
exports.CONFIG_FILE = 'config.json';
|
|
82
|
+
exports.PRIVATE_DIR_MODE = 0o700;
|
|
83
|
+
exports.PRIVATE_FILE_MODE = 0o600;
|
|
84
|
+
function ensurePrivateDir(path) {
|
|
85
|
+
(0, fs_1.mkdirSync)(path, { recursive: true, mode: exports.PRIVATE_DIR_MODE });
|
|
86
|
+
try {
|
|
87
|
+
(0, fs_1.chmodSync)(path, exports.PRIVATE_DIR_MODE);
|
|
88
|
+
}
|
|
89
|
+
catch {
|
|
90
|
+
// Best effort; do not fail on filesystems that do not support chmod semantics.
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
function ensurePrivateFile(path) {
|
|
94
|
+
try {
|
|
95
|
+
(0, fs_1.chmodSync)(path, exports.PRIVATE_FILE_MODE);
|
|
96
|
+
}
|
|
97
|
+
catch {
|
|
98
|
+
// Best effort; do not fail on filesystems that do not support chmod semantics.
|
|
99
|
+
}
|
|
100
|
+
}
|
|
71
101
|
function getConfigPath() {
|
|
72
102
|
return (0, path_1.join)(exports.LABGATE_DIR, exports.CONFIG_FILE);
|
|
73
103
|
}
|
|
104
|
+
function getUiSocketPath() {
|
|
105
|
+
return (0, path_1.join)(exports.LABGATE_DIR, 'ui.sock');
|
|
106
|
+
}
|
|
74
107
|
function getSandboxHome() {
|
|
75
108
|
return (0, path_1.join)(exports.LABGATE_DIR, 'ai-home');
|
|
76
109
|
}
|
|
@@ -80,19 +113,30 @@ function getImagesDir() {
|
|
|
80
113
|
function getEmptyDir() {
|
|
81
114
|
return (0, path_1.join)(exports.LABGATE_DIR, 'empty');
|
|
82
115
|
}
|
|
116
|
+
function getSessionsDir() {
|
|
117
|
+
return (0, path_1.join)(exports.LABGATE_DIR, 'sessions');
|
|
118
|
+
}
|
|
83
119
|
function getLogDir(config) {
|
|
84
120
|
return config.audit.log_dir.replace(/^~/, (0, os_1.homedir)());
|
|
85
121
|
}
|
|
122
|
+
function getSlurmDbPath() {
|
|
123
|
+
return (0, path_1.join)(exports.LABGATE_DIR, 'slurm.db');
|
|
124
|
+
}
|
|
86
125
|
// ── Deep clone helper ──────────────────────────────────────
|
|
87
126
|
function cloneConfig(config) {
|
|
88
127
|
return JSON.parse(JSON.stringify(config));
|
|
89
128
|
}
|
|
90
129
|
// ── Validation ────────────────────────────────────────────
|
|
91
|
-
const VALID_RUNTIMES = ['auto', 'apptainer', 'singularity', '
|
|
130
|
+
const VALID_RUNTIMES = ['auto', 'apptainer', 'singularity', 'docker'];
|
|
92
131
|
const VALID_NETWORK_MODES = ['none', 'filtered', 'host'];
|
|
93
132
|
const VALID_MOUNT_MODES = ['rw', 'ro'];
|
|
94
133
|
function validateConfig(config) {
|
|
95
134
|
const errors = [];
|
|
135
|
+
const networkMode = config.network?.mode;
|
|
136
|
+
const allowedDomains = config.network?.allowed_domains;
|
|
137
|
+
const blockedPatterns = config.filesystem?.blocked_patterns;
|
|
138
|
+
const extraPaths = config.filesystem?.extra_paths;
|
|
139
|
+
const blacklist = config.commands?.blacklist;
|
|
96
140
|
if (!VALID_RUNTIMES.includes(config.runtime)) {
|
|
97
141
|
errors.push(`Invalid runtime: "${config.runtime}". Must be one of: ${VALID_RUNTIMES.join(', ')}`);
|
|
98
142
|
}
|
|
@@ -102,16 +146,27 @@ function validateConfig(config) {
|
|
|
102
146
|
if (typeof config.session_timeout_hours !== 'number' || config.session_timeout_hours < 0) {
|
|
103
147
|
errors.push('session_timeout_hours must be a non-negative number');
|
|
104
148
|
}
|
|
105
|
-
if (!VALID_NETWORK_MODES.includes(
|
|
106
|
-
errors.push(`Invalid network.mode: "${
|
|
149
|
+
if (!VALID_NETWORK_MODES.includes(networkMode)) {
|
|
150
|
+
errors.push(`Invalid network.mode: "${networkMode}". Must be one of: ${VALID_NETWORK_MODES.join(', ')}`);
|
|
151
|
+
}
|
|
152
|
+
if (!Array.isArray(allowedDomains)) {
|
|
153
|
+
errors.push('network.allowed_domains must be an array');
|
|
107
154
|
}
|
|
108
|
-
if (!Array.isArray(
|
|
155
|
+
if (!Array.isArray(blockedPatterns)) {
|
|
109
156
|
errors.push('filesystem.blocked_patterns must be an array');
|
|
110
157
|
}
|
|
111
|
-
if (!Array.isArray(
|
|
158
|
+
if (!Array.isArray(extraPaths)) {
|
|
159
|
+
errors.push('filesystem.extra_paths must be an array');
|
|
160
|
+
}
|
|
161
|
+
if (!Array.isArray(blacklist)) {
|
|
112
162
|
errors.push('commands.blacklist must be an array');
|
|
113
163
|
}
|
|
114
|
-
|
|
164
|
+
const mounts = Array.isArray(extraPaths) ? extraPaths : [];
|
|
165
|
+
for (const mount of mounts) {
|
|
166
|
+
if (!mount || typeof mount !== 'object') {
|
|
167
|
+
errors.push('Each extra_paths entry must be an object with "path" and "mode"');
|
|
168
|
+
continue;
|
|
169
|
+
}
|
|
115
170
|
if (!mount.path || typeof mount.path !== 'string') {
|
|
116
171
|
errors.push('Each extra_paths entry must have a non-empty "path" string');
|
|
117
172
|
}
|
|
@@ -119,14 +174,60 @@ function validateConfig(config) {
|
|
|
119
174
|
errors.push(`Invalid mount mode "${mount.mode}" for path "${mount.path}". Must be "rw" or "ro"`);
|
|
120
175
|
}
|
|
121
176
|
}
|
|
177
|
+
// ── SLURM validation ─────────────────────────────────────
|
|
178
|
+
if (config.slurm) {
|
|
179
|
+
if (typeof config.slurm.poll_interval_seconds !== 'number' || config.slurm.poll_interval_seconds < 1) {
|
|
180
|
+
errors.push('slurm.poll_interval_seconds must be a number >= 1');
|
|
181
|
+
}
|
|
182
|
+
if (typeof config.slurm.sacct_lookback_hours !== 'number' || config.slurm.sacct_lookback_hours < 1) {
|
|
183
|
+
errors.push('slurm.sacct_lookback_hours must be a number >= 1');
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
// ── Dataset validation ────────────────────────────────────
|
|
187
|
+
const datasets = config.datasets;
|
|
188
|
+
if (!Array.isArray(datasets)) {
|
|
189
|
+
errors.push('datasets must be an array');
|
|
190
|
+
}
|
|
191
|
+
else {
|
|
192
|
+
const seenNames = new Set();
|
|
193
|
+
for (const ds of datasets) {
|
|
194
|
+
if (!ds || typeof ds !== 'object') {
|
|
195
|
+
errors.push('Each datasets entry must be an object with "path", "name", and "mode"');
|
|
196
|
+
continue;
|
|
197
|
+
}
|
|
198
|
+
if (!ds.path || typeof ds.path !== 'string') {
|
|
199
|
+
errors.push('Each datasets entry must have a non-empty "path" string');
|
|
200
|
+
}
|
|
201
|
+
if (!ds.name || typeof ds.name !== 'string') {
|
|
202
|
+
errors.push('Each datasets entry must have a non-empty "name" string');
|
|
203
|
+
}
|
|
204
|
+
else if (!/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/.test(ds.name)) {
|
|
205
|
+
errors.push(`Dataset name "${ds.name}" contains invalid characters. Use alphanumerics, hyphens, dots, underscores.`);
|
|
206
|
+
}
|
|
207
|
+
else if (seenNames.has(ds.name.toLowerCase())) {
|
|
208
|
+
errors.push(`Duplicate dataset name: "${ds.name}"`);
|
|
209
|
+
}
|
|
210
|
+
else {
|
|
211
|
+
seenNames.add(ds.name.toLowerCase());
|
|
212
|
+
}
|
|
213
|
+
if (!VALID_MOUNT_MODES.includes(ds.mode)) {
|
|
214
|
+
errors.push(`Invalid dataset mode "${ds.mode}" for "${ds.name}". Must be "rw" or "ro"`);
|
|
215
|
+
}
|
|
216
|
+
if (ds.description !== undefined && typeof ds.description !== 'string') {
|
|
217
|
+
errors.push(`Dataset description for "${ds.name}" must be a string`);
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
}
|
|
122
221
|
return errors;
|
|
123
222
|
}
|
|
124
223
|
// ── Loader ────────────────────────────────────────────────
|
|
125
224
|
function loadConfig() {
|
|
225
|
+
ensurePrivateDir(exports.LABGATE_DIR);
|
|
126
226
|
const configPath = getConfigPath();
|
|
127
227
|
if (!(0, fs_1.existsSync)(configPath)) {
|
|
128
228
|
return cloneConfig(exports.DEFAULT_CONFIG);
|
|
129
229
|
}
|
|
230
|
+
ensurePrivateFile(configPath);
|
|
130
231
|
try {
|
|
131
232
|
const rawText = (0, fs_1.readFileSync)(configPath, 'utf-8');
|
|
132
233
|
// Strip full-line // comments (our config uses them for documentation)
|
|
@@ -135,15 +236,21 @@ function loadConfig() {
|
|
|
135
236
|
.filter(line => !line.trimStart().startsWith('//'))
|
|
136
237
|
.join('\n');
|
|
137
238
|
const raw = JSON.parse(stripped);
|
|
239
|
+
const rawRuntime = raw.runtime;
|
|
240
|
+
const runtime = rawRuntime === 'podman' ? 'apptainer' : rawRuntime;
|
|
241
|
+
if (rawRuntime === 'podman') {
|
|
242
|
+
console.error('Warning: runtime "podman" is no longer supported. Using "apptainer".');
|
|
243
|
+
}
|
|
138
244
|
// Merge with defaults so missing fields get filled in
|
|
139
245
|
const config = {
|
|
140
|
-
runtime:
|
|
246
|
+
runtime: runtime ?? exports.DEFAULT_CONFIG.runtime,
|
|
141
247
|
image: raw.image ?? exports.DEFAULT_CONFIG.image,
|
|
142
248
|
session_timeout_hours: raw.session_timeout_hours ?? exports.DEFAULT_CONFIG.session_timeout_hours,
|
|
143
249
|
filesystem: {
|
|
144
250
|
extra_paths: raw.filesystem?.extra_paths ?? [...exports.DEFAULT_CONFIG.filesystem.extra_paths],
|
|
145
251
|
blocked_patterns: raw.filesystem?.blocked_patterns ?? [...exports.DEFAULT_CONFIG.filesystem.blocked_patterns],
|
|
146
252
|
},
|
|
253
|
+
datasets: Array.isArray(raw.datasets) ? raw.datasets : [],
|
|
147
254
|
commands: {
|
|
148
255
|
blacklist: raw.commands?.blacklist ?? [...exports.DEFAULT_CONFIG.commands.blacklist],
|
|
149
256
|
},
|
|
@@ -153,6 +260,9 @@ function loadConfig() {
|
|
|
153
260
|
},
|
|
154
261
|
slurm: {
|
|
155
262
|
enabled: raw.slurm?.enabled ?? exports.DEFAULT_CONFIG.slurm.enabled,
|
|
263
|
+
poll_interval_seconds: raw.slurm?.poll_interval_seconds ?? exports.DEFAULT_CONFIG.slurm.poll_interval_seconds,
|
|
264
|
+
sacct_lookback_hours: raw.slurm?.sacct_lookback_hours ?? exports.DEFAULT_CONFIG.slurm.sacct_lookback_hours,
|
|
265
|
+
mcp_server: raw.slurm?.mcp_server ?? exports.DEFAULT_CONFIG.slurm.mcp_server,
|
|
156
266
|
},
|
|
157
267
|
audit: {
|
|
158
268
|
enabled: raw.audit?.enabled ?? exports.DEFAULT_CONFIG.audit.enabled,
|
|
@@ -175,4 +285,78 @@ function loadConfig() {
|
|
|
175
285
|
return cloneConfig(exports.DEFAULT_CONFIG);
|
|
176
286
|
}
|
|
177
287
|
}
|
|
288
|
+
/**
|
|
289
|
+
* Returns policy-locked field paths that conflict with a requested dot-notation key.
|
|
290
|
+
* A conflict exists for exact matches and parent/child path relationships.
|
|
291
|
+
*/
|
|
292
|
+
function findLockedFieldConflicts(key, lockedFields) {
|
|
293
|
+
const normalized = (key || '').trim();
|
|
294
|
+
if (!normalized)
|
|
295
|
+
return [];
|
|
296
|
+
const conflicts = new Set();
|
|
297
|
+
for (const locked of lockedFields) {
|
|
298
|
+
if (locked === normalized ||
|
|
299
|
+
locked.startsWith(`${normalized}.`) ||
|
|
300
|
+
normalized.startsWith(`${locked}.`)) {
|
|
301
|
+
conflicts.add(locked);
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
return [...conflicts];
|
|
305
|
+
}
|
|
306
|
+
/**
|
|
307
|
+
* Load the effective config by merging: defaults → user config → admin policy.
|
|
308
|
+
* When no enterprise license is present, returns the user config without policy.
|
|
309
|
+
*
|
|
310
|
+
* This is the primary entry point that all runtime code should use.
|
|
311
|
+
*/
|
|
312
|
+
function loadEffectiveConfig() {
|
|
313
|
+
const userConfig = loadConfig();
|
|
314
|
+
// Lazy-import to avoid circular dependencies at module load time
|
|
315
|
+
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
|
316
|
+
const { validateLicense } = require('./license.js');
|
|
317
|
+
const { loadPolicy, mergeWithPolicy, checkIsAdmin } = require('./policy.js');
|
|
318
|
+
const licenseStatus = validateLicense();
|
|
319
|
+
// No valid enterprise license → community mode
|
|
320
|
+
if (!licenseStatus.valid || !licenseStatus.enterprise) {
|
|
321
|
+
return {
|
|
322
|
+
config: userConfig,
|
|
323
|
+
lockedFields: new Set(),
|
|
324
|
+
lockedListItems: { blocked_patterns: [], blacklist: [], allowed_domains: [] },
|
|
325
|
+
constraints: {},
|
|
326
|
+
enterprise: false,
|
|
327
|
+
isAdmin: false,
|
|
328
|
+
licenseStatus,
|
|
329
|
+
};
|
|
330
|
+
}
|
|
331
|
+
const policy = loadPolicy();
|
|
332
|
+
// License valid but no policy file → enterprise mode without policy constraints
|
|
333
|
+
if (!policy) {
|
|
334
|
+
return {
|
|
335
|
+
config: userConfig,
|
|
336
|
+
lockedFields: new Set(),
|
|
337
|
+
lockedListItems: { blocked_patterns: [], blacklist: [], allowed_domains: [] },
|
|
338
|
+
constraints: {},
|
|
339
|
+
enterprise: true,
|
|
340
|
+
institution: licenseStatus.payload?.institution,
|
|
341
|
+
isAdmin: false,
|
|
342
|
+
licenseStatus,
|
|
343
|
+
};
|
|
344
|
+
}
|
|
345
|
+
// Full enterprise mode: merge user config with policy
|
|
346
|
+
const merged = mergeWithPolicy(userConfig, policy);
|
|
347
|
+
const isAdmin = checkIsAdmin(policy);
|
|
348
|
+
return {
|
|
349
|
+
config: merged.config,
|
|
350
|
+
lockedFields: merged.lockedFields,
|
|
351
|
+
lockedListItems: merged.lockedListItems,
|
|
352
|
+
constraints: merged.constraints,
|
|
353
|
+
enterprise: true,
|
|
354
|
+
institution: policy.institution ?? licenseStatus.payload?.institution,
|
|
355
|
+
isAdmin,
|
|
356
|
+
licenseStatus,
|
|
357
|
+
policy,
|
|
358
|
+
sharedSessionsDir: policy.shared_sessions_dir,
|
|
359
|
+
sharedAuditDir: policy.shared_audit_dir,
|
|
360
|
+
};
|
|
361
|
+
}
|
|
178
362
|
//# sourceMappingURL=config.js.map
|
package/dist/lib/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":";;;AA0HA,sCAEC;AAED,wCAEC;AAED,oCAEC;AAED,kCAEC;AAED,8BAEC;AAcD,wCA+BC;AAID,gCAqDC;AAlPD,2BAA8C;AAC9C,+BAA4B;AAC5B,2BAA6B;AAoD7B,6DAA6D;AAEhD,QAAA,cAAc,GAAkB;IAC3C,OAAO,EAAE,MAAM;IAEf,KAAK,EAAE,gCAAgC;IAEvC,qBAAqB,EAAE,CAAC;IAExB,UAAU,EAAE;QACV,WAAW,EAAE,EAAE;QACf,gBAAgB,EAAE;YAChB,SAAS;YACT,WAAW;YACX,SAAS;YACT,mBAAmB;YACnB,WAAW;YACX,SAAS;YACT,WAAW;YACX,qBAAqB;YACrB,UAAU;YACV,UAAU;YACV,YAAY;YACZ,gBAAgB;YAChB,iBAAiB;YACjB,aAAa;SACd;KACF;IAED,QAAQ,EAAE;QACR,SAAS,EAAE;YACT,KAAK,EAAE,KAAK,EAAE,OAAO;YACrB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,UAAU;SACrB;KACF;IAED,OAAO,EAAE;QACP,IAAI,EAAE,MAAM;QACZ,eAAe,EAAE;YACf,mBAAmB;YACnB,gBAAgB;YAChB,UAAU;YACV,wBAAwB;YACxB,oBAAoB;YACpB,oBAAoB;YACpB,YAAY;SACb;KACF;IAED,KAAK,EAAE;QACL,OAAO,EAAE,KAAK;KACf;IAED,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,iBAAiB;KAC3B;CACF,CAAC;AAEF,6DAA6D;AAEhD,QAAA,WAAW,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,UAAU,CAAC,CAAC;AAC1C,QAAA,WAAW,GAAG,aAAa,CAAC;AAEzC,SAAgB,aAAa;IAC3B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,mBAAW,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,cAAc;IAC5B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,SAAS,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,WAAW;IACzB,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,SAAS,CAAC,MAAqB;IAC7C,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,IAAA,YAAO,GAAE,CAAC,CAAC;AACvD,CAAC;AAED,8DAA8D;AAE9D,SAAS,WAAW,CAAC,MAAqB;IACxC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,6DAA6D;AAE7D,MAAM,cAAc,GAAwB,CAAC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACrG,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAU,CAAC;AAClE,MAAM,iBAAiB,GAAG,CAAC,IAAI,EAAE,IAAI,CAAU,CAAC;AAEhD,SAAgB,cAAc,CAAC,MAAqB;IAClD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,OAAO,sBAAsB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpG,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,qBAAqB,KAAK,QAAQ,IAAI,MAAM,CAAC,qBAAqB,GAAG,CAAC,EAAE,CAAC;QACzF,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,CAAE,mBAAyC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9E,MAAM,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,OAAO,CAAC,IAAI,sBAAsB,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnH,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QAClD,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,CAAE,iBAAuC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,IAAI,eAAe,KAAK,CAAC,IAAI,yBAAyB,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,6DAA6D;AAE7D,SAAgB,UAAU;IACxB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,WAAW,CAAC,sBAAc,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,uEAAuE;QACvE,MAAM,QAAQ,GAAG,OAAO;aACrB,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;aAClD,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACjC,sDAAsD;QACtD,MAAM,MAAM,GAAkB;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,sBAAc,CAAC,OAAO;YAC9C,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,sBAAc,CAAC,KAAK;YACxC,qBAAqB,EAAE,GAAG,CAAC,qBAAqB,IAAI,sBAAc,CAAC,qBAAqB;YACxF,UAAU,EAAE;gBACV,WAAW,EAAE,GAAG,CAAC,UAAU,EAAE,WAAW,IAAI,CAAC,GAAG,sBAAc,CAAC,UAAU,CAAC,WAAW,CAAC;gBACtF,gBAAgB,EAAE,GAAG,CAAC,UAAU,EAAE,gBAAgB,IAAI,CAAC,GAAG,sBAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC;aACtG;YACD,QAAQ,EAAE;gBACR,SAAS,EAAE,GAAG,CAAC,QAAQ,EAAE,SAAS,IAAI,CAAC,GAAG,sBAAc,CAAC,QAAQ,CAAC,SAAS,CAAC;aAC7E;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,IAAI,sBAAc,CAAC,OAAO,CAAC,IAAI;gBACtD,eAAe,EAAE,GAAG,CAAC,OAAO,EAAE,eAAe,IAAI,CAAC,GAAG,sBAAc,CAAC,OAAO,CAAC,eAAe,CAAC;aAC7F;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;aAC5D;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;gBAC3D,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;aAC5D;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,8BAA8B,UAAU,GAAG,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,MAAM;gBAAE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAClD,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACvC,OAAO,WAAW,CAAC,sBAAc,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,4BAA4B,UAAU,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxE,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,OAAO,WAAW,CAAC,sBAAc,CAAC,CAAC;IACrC,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":";;;AAuJA,4CAOC;AAED,8CAMC;AAED,sCAEC;AAED,0CAEC;AAED,wCAEC;AAED,oCAEC;AAED,kCAEC;AAED,wCAEC;AAED,8BAEC;AAED,wCAEC;AAcD,wCAyFC;AAID,gCAgEC;AAwCD,4DAgBC;AAQD,kDAwDC;AAzeD,2BAAoE;AACpE,+BAA4B;AAC5B,2BAA6B;AA0E7B,6DAA6D;AAEhD,QAAA,cAAc,GAAkB;IAC3C,OAAO,EAAE,MAAM;IAEf,KAAK,EAAE,gCAAgC;IAEvC,qBAAqB,EAAE,CAAC;IAExB,UAAU,EAAE;QACV,WAAW,EAAE,EAAE;QACf,gBAAgB,EAAE;YAChB,SAAS;YACT,WAAW;YACX,SAAS;YACT,mBAAmB;YACnB,WAAW;YACX,SAAS;YACT,WAAW;YACX,qBAAqB;YACrB,UAAU;YACV,UAAU;YACV,YAAY;YACZ,gBAAgB;YAChB,iBAAiB;YACjB,aAAa;SACd;KACF;IAED,QAAQ,EAAE,EAAE;IAEZ,QAAQ,EAAE;QACR,SAAS,EAAE;YACT,KAAK,EAAE,KAAK,EAAE,OAAO;YACrB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,UAAU;SACrB;KACF;IAED,OAAO,EAAE;QACP,IAAI,EAAE,MAAM;QACZ,eAAe,EAAE;YACf,mBAAmB;YACnB,gBAAgB;YAChB,UAAU;YACV,wBAAwB;YACxB,oBAAoB;YACpB,oBAAoB;YACpB,YAAY;SACb;KACF;IAED,KAAK,EAAE;QACL,OAAO,EAAE,KAAK;QACd,qBAAqB,EAAE,CAAC;QACxB,oBAAoB,EAAE,EAAE;QACxB,UAAU,EAAE,IAAI;KACjB;IAED,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,iBAAiB;KAC3B;CACF,CAAC;AAEF,6DAA6D;AAEhD,QAAA,WAAW,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,UAAU,CAAC,CAAC;AAC1C,QAAA,WAAW,GAAG,aAAa,CAAC;AAC5B,QAAA,gBAAgB,GAAG,KAAK,CAAC;AACzB,QAAA,iBAAiB,GAAG,KAAK,CAAC;AAEvC,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,IAAA,cAAS,EAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,wBAAgB,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,IAAA,cAAS,EAAC,IAAI,EAAE,wBAAgB,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,+EAA+E;IACjF,CAAC;AACH,CAAC;AAED,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,IAAI,CAAC;QACH,IAAA,cAAS,EAAC,IAAI,EAAE,yBAAiB,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,+EAA+E;IACjF,CAAC;AACH,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,mBAAW,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,eAAe;IAC7B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,SAAS,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,cAAc;IAC5B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,SAAS,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,WAAW;IACzB,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,cAAc;IAC5B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,UAAU,CAAC,CAAC;AACvC,CAAC;AAED,SAAgB,SAAS,CAAC,MAAqB;IAC7C,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,IAAA,YAAO,GAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAgB,cAAc;IAC5B,OAAO,IAAA,WAAI,EAAC,mBAAW,EAAE,UAAU,CAAC,CAAC;AACvC,CAAC;AAED,8DAA8D;AAE9D,SAAS,WAAW,CAAC,MAAqB;IACxC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,6DAA6D;AAE7D,MAAM,cAAc,GAAwB,CAAC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;AAC3F,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAU,CAAC;AAClE,MAAM,iBAAiB,GAAG,CAAC,IAAI,EAAE,IAAI,CAAU,CAAC;AAEhD,SAAgB,cAAc,CAAC,MAAqB;IAClD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,WAAW,GAAI,MAAc,CAAC,OAAO,EAAE,IAAI,CAAC;IAClD,MAAM,cAAc,GAAI,MAAc,CAAC,OAAO,EAAE,eAAe,CAAC;IAChE,MAAM,eAAe,GAAI,MAAc,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACrE,MAAM,UAAU,GAAI,MAAc,CAAC,UAAU,EAAE,WAAW,CAAC;IAC3D,MAAM,SAAS,GAAI,MAAc,CAAC,QAAQ,EAAE,SAAS,CAAC;IAEtD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,OAAO,sBAAsB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpG,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,qBAAqB,KAAK,QAAQ,IAAI,MAAM,CAAC,qBAAqB,GAAG,CAAC,EAAE,CAAC;QACzF,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,CAAE,mBAAyC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,MAAM,CAAC,IAAI,CAAC,0BAA0B,WAAW,sBAAsB,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3G,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC/E,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,CAAE,iBAAuC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,IAAI,eAAe,KAAK,CAAC,IAAI,yBAAyB,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC,qBAAqB,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,qBAAqB,GAAG,CAAC,EAAE,CAAC;YACrG,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC,oBAAoB,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,oBAAoB,GAAG,CAAC,EAAE,CAAC;YACnG,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,QAAQ,GAAI,MAAc,CAAC,QAAQ,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;QACpC,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;gBACrF,SAAS;YACX,CAAC;YACD,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;YACzE,CAAC;YACD,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;YACzE,CAAC;iBAAM,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,IAAI,+EAA+E,CAAC,CAAC;YACvH,CAAC;iBAAM,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAChD,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACvC,CAAC;YACD,IAAI,CAAE,iBAAuC,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChE,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC,IAAI,yBAAyB,CAAC,CAAC;YAC1F,CAAC;YACD,IAAI,EAAE,CAAC,WAAW,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACvE,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,CAAC,IAAI,oBAAoB,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,6DAA6D;AAE7D,SAAgB,UAAU;IACxB,gBAAgB,CAAC,mBAAW,CAAC,CAAC;IAC9B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,WAAW,CAAC,sBAAc,CAAC,CAAC;IACrC,CAAC;IACD,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAE9B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,uEAAuE;QACvE,MAAM,QAAQ,GAAG,OAAO;aACrB,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;aAClD,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC;QAC/B,MAAM,OAAO,GAAG,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC;QACnE,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;QACxF,CAAC;QACD,sDAAsD;QACtD,MAAM,MAAM,GAAkB;YAC5B,OAAO,EAAE,OAAO,IAAI,sBAAc,CAAC,OAAO;YAC1C,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,sBAAc,CAAC,KAAK;YACxC,qBAAqB,EAAE,GAAG,CAAC,qBAAqB,IAAI,sBAAc,CAAC,qBAAqB;YACxF,UAAU,EAAE;gBACV,WAAW,EAAE,GAAG,CAAC,UAAU,EAAE,WAAW,IAAI,CAAC,GAAG,sBAAc,CAAC,UAAU,CAAC,WAAW,CAAC;gBACtF,gBAAgB,EAAE,GAAG,CAAC,UAAU,EAAE,gBAAgB,IAAI,CAAC,GAAG,sBAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC;aACtG;YACD,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YACzD,QAAQ,EAAE;gBACR,SAAS,EAAE,GAAG,CAAC,QAAQ,EAAE,SAAS,IAAI,CAAC,GAAG,sBAAc,CAAC,QAAQ,CAAC,SAAS,CAAC;aAC7E;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,IAAI,sBAAc,CAAC,OAAO,CAAC,IAAI;gBACtD,eAAe,EAAE,GAAG,CAAC,OAAO,EAAE,eAAe,IAAI,CAAC,GAAG,sBAAc,CAAC,OAAO,CAAC,eAAe,CAAC;aAC7F;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;gBAC3D,qBAAqB,EAAE,GAAG,CAAC,KAAK,EAAE,qBAAqB,IAAI,sBAAc,CAAC,KAAK,CAAC,qBAAqB;gBACrG,oBAAoB,EAAE,GAAG,CAAC,KAAK,EAAE,oBAAoB,IAAI,sBAAc,CAAC,KAAK,CAAC,oBAAoB;gBAClG,UAAU,EAAE,GAAG,CAAC,KAAK,EAAE,UAAU,IAAI,sBAAc,CAAC,KAAK,CAAC,UAAU;aACrE;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;gBAC3D,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,IAAI,sBAAc,CAAC,KAAK,CAAC,OAAO;aAC5D;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,8BAA8B,UAAU,GAAG,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,MAAM;gBAAE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAClD,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACvC,OAAO,WAAW,CAAC,sBAAc,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,4BAA4B,UAAU,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxE,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,OAAO,WAAW,CAAC,sBAAc,CAAC,CAAC;IACrC,CAAC;AACH,CAAC;AAoCD;;;GAGG;AACH,SAAgB,wBAAwB,CAAC,GAAW,EAAE,YAA8B;IAClF,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IACE,MAAM,KAAK,UAAU;YACrB,MAAM,CAAC,UAAU,CAAC,GAAG,UAAU,GAAG,CAAC;YACnC,UAAU,CAAC,UAAU,CAAC,GAAG,MAAM,GAAG,CAAC,EACnC,CAAC;YACD,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,SAAS,CAAC,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB;IACjC,MAAM,UAAU,GAAG,UAAU,EAAE,CAAC;IAEhC,iEAAiE;IACjE,8DAA8D;IAC9D,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,cAAc,CAAkC,CAAC;IACrF,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,aAAa,CAAiC,CAAC;IAE7G,MAAM,aAAa,GAAG,eAAe,EAAE,CAAC;IAExC,+CAA+C;IAC/C,IAAI,CAAC,aAAa,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,CAAC;QACtD,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,YAAY,EAAE,IAAI,GAAG,EAAE;YACvB,eAAe,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE;YAC7E,WAAW,EAAE,EAAE;YACf,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,KAAK;YACd,aAAa;SACd,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,gFAAgF;IAChF,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,YAAY,EAAE,IAAI,GAAG,EAAE;YACvB,eAAe,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE;YAC7E,WAAW,EAAE,EAAE;YACf,UAAU,EAAE,IAAI;YAChB,WAAW,EAAE,aAAa,CAAC,OAAO,EAAE,WAAW;YAC/C,OAAO,EAAE,KAAK;YACd,aAAa;SACd,CAAC;IACJ,CAAC;IAED,sDAAsD;IACtD,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAErC,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,eAAe,EAAE,MAAM,CAAC,eAAe;QACvC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,aAAa,CAAC,OAAO,EAAE,WAAW;QACrE,OAAO;QACP,aAAa;QACb,MAAM;QACN,iBAAiB,EAAE,MAAM,CAAC,mBAAmB;QAC7C,cAAc,EAAE,MAAM,CAAC,gBAAgB;KACxC,CAAC;AACJ,CAAC"}
|
package/dist/lib/container.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { execFileSync } from 'child_process';
|
|
1
2
|
import { LabgateConfig } from './config.js';
|
|
2
3
|
export interface SessionOpts {
|
|
3
4
|
agent: string;
|
|
@@ -7,13 +8,66 @@ export interface SessionOpts {
|
|
|
7
8
|
imageOverride?: string;
|
|
8
9
|
apiKey?: string;
|
|
9
10
|
footerMode?: 'off' | 'once' | 'sticky';
|
|
11
|
+
/** Enterprise: shared sessions dir for admin visibility */
|
|
12
|
+
sharedSessionsDir?: string;
|
|
13
|
+
/** Enterprise: shared audit dir for admin visibility */
|
|
14
|
+
sharedAuditDir?: string;
|
|
15
|
+
}
|
|
16
|
+
export interface SessionFileData {
|
|
17
|
+
id: string;
|
|
18
|
+
agent: string;
|
|
19
|
+
workdir: string;
|
|
20
|
+
node: string;
|
|
21
|
+
pid: number;
|
|
22
|
+
started: string;
|
|
23
|
+
network: string;
|
|
24
|
+
image: string;
|
|
25
|
+
/** Username of the session owner (for shared sessions dir) */
|
|
26
|
+
user?: string;
|
|
27
|
+
/** SHA-256 fingerprint of mount-affecting config at launch */
|
|
28
|
+
configFingerprint?: string;
|
|
10
29
|
}
|
|
30
|
+
/**
|
|
31
|
+
* Compute a deterministic fingerprint of mount-affecting config fields.
|
|
32
|
+
* Used to detect when running sessions need a restart after config changes.
|
|
33
|
+
* Only includes fields that are baked into container args at launch time
|
|
34
|
+
* and cannot be hot-reloaded (--bind, --volume, --network, image, runtime).
|
|
35
|
+
*/
|
|
36
|
+
export declare function computeMountFingerprint(config: LabgateConfig, imageOverride?: string): string;
|
|
11
37
|
/**
|
|
12
38
|
* Convert a container image URI to a local SIF filename.
|
|
13
39
|
* e.g. "docker.io/library/ubuntu:22.04" → "docker.io_library_ubuntu_22.04.sif"
|
|
14
40
|
*/
|
|
15
41
|
export declare function imageToSifName(image: string): string;
|
|
16
42
|
export declare function buildEntrypoint(agent: string): string;
|
|
43
|
+
/**
|
|
44
|
+
* Sets up OAuth browser handling. Always intercepts the URL via BROWSER
|
|
45
|
+
* hook. Behaviour depends on environment:
|
|
46
|
+
*
|
|
47
|
+
* 1. Local macOS: Open URL with `open`, copy with `pbcopy`.
|
|
48
|
+
* 2. Local Linux with display: Open with `xdg-open`.
|
|
49
|
+
* 3. SSH / headless: Copy URL to local clipboard via OSC 52 terminal
|
|
50
|
+
* escape sequence. Works in iTerm2, kitty, Windows Terminal, tmux, etc.
|
|
51
|
+
* Falls back to displaying the URL if OSC 52 is not supported.
|
|
52
|
+
*/
|
|
53
|
+
export interface BrowserHookOptions {
|
|
54
|
+
sandboxHomeOverride?: string;
|
|
55
|
+
forceRemote?: boolean;
|
|
56
|
+
platformOverride?: NodeJS.Platform;
|
|
57
|
+
execSync?: typeof execFileSync;
|
|
58
|
+
}
|
|
59
|
+
export declare function setupBrowserHook(options?: BrowserHookOptions): {
|
|
60
|
+
env: string[];
|
|
61
|
+
cleanup: () => void;
|
|
62
|
+
};
|
|
17
63
|
export declare function startSession(session: SessionOpts): Promise<void>;
|
|
18
64
|
export declare function listSessions(): Promise<void>;
|
|
19
65
|
export declare function stopSession(id: string): Promise<void>;
|
|
66
|
+
/**
|
|
67
|
+
* Restart a running session with fresh config.
|
|
68
|
+
* Stops the old process (via SIGTERM from session file), waits for cleanup,
|
|
69
|
+
* then relaunches the same agent/workdir with the current config.
|
|
70
|
+
*/
|
|
71
|
+
export declare function restartSession(id: string, opts: {
|
|
72
|
+
dryRun: boolean;
|
|
73
|
+
}): Promise<void>;
|