latchkey 2.6.0 → 2.7.0

package/dist/src/gateway/gatewayEndpoint.js

@@ -0,0 +1,297 @@
+/**
+ * HTTP handler for the `/gateway/<target-url>` proxy endpoint.
+ *
+ * Forwards the incoming HTTP request through latchkey's credential injection
+ * pipeline (via `curl`) to the target URL and streams the upstream response
+ * back to the client.
+ */
+import { mkdtempSync, readFileSync, rmSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+import { CredentialsExpiredError, NoCredentialsForServiceError, NoServiceForUrlError, prepareCurlInvocation, RequestNotPermittedError, UrlExtractionFailedError, } from '../curlInjection.js';
+import { PermissionCheckError } from '../permissions.js';
+import { ErrorMessages } from '../errorMessages.js';
+/**
+ * Headers that should not be forwarded between client and upstream (hop-by-hop).
+ */
+const HOP_BY_HOP_HEADERS = new Set([
+    'connection',
+    'keep-alive',
+    'proxy-authenticate',
+    'proxy-authorization',
+    'te',
+    'trailers',
+    'transfer-encoding',
+    'upgrade',
+    'host',
+]);
+export const GATEWAY_PATH_PREFIX = '/gateway/';
+export class BodyTooLargeError extends Error {
+    constructor() {
+        super(ErrorMessages.requestBodyTooLarge);
+        this.name = 'BodyTooLargeError';
+    }
+}
+function sendErrorResponse(response, statusCode, message) {
+    response.writeHead(statusCode, { 'Content-Type': 'application/json' });
+    response.end(JSON.stringify({ error: message }));
+}
+/**
+ * Send a 502 describing a failure of the upstream curl invocation. The
+ * error message is taken from curl's stderr when available, so callers see
+ * the actual failure reason (DNS, connection refused, TLS, ...) that an
+ * equivalent passthrough-mode call would have shown. When stderr is empty
+ * we fall back to a generic placeholder.
+ */
+function sendUpstreamCurlFailure(response, result) {
+    const stderrMessage = result.stderr.trim();
+    const message = stderrMessage === '' ? ErrorMessages.upstreamRequestFailed : stderrMessage;
+    sendErrorResponse(response, 502, message);
+}
+/**
+ * Extract the target URL from a raw gateway request URL.
+ * Strips the `/gateway/` prefix and returns the target URL.
+ * Returns null if the path doesn't start with `/gateway/` or the target URL is invalid.
+ */
+export function extractTargetUrl(rawUrl) {
+    const prefix = GATEWAY_PATH_PREFIX;
+    if (!rawUrl.startsWith(prefix)) {
+        return null;
+    }
+    const targetUrl = rawUrl.slice(prefix.length);
+    if (!targetUrl.startsWith('http://') && !targetUrl.startsWith('https://')) {
+        return null;
+    }
+    return targetUrl;
+}
+/**
+ * Build curl arguments from an HTTP request's components.
+ * Strips hop-by-hop headers and constructs a curl-compatible argument array.
+ */
+export function buildCurlArguments(method, headers, targetUrl, hasBody) {
+    const args = [];
+    if (method !== 'GET') {
+        args.push('-X', method);
+    }
+    for (const [name, value] of headers) {
+        if (HOP_BY_HOP_HEADERS.has(name.toLowerCase())) {
+            continue;
+        }
+        args.push('-H', `${name}: ${value}`);
+    }
+    if (hasBody) {
+        args.push('--data-binary', '@-');
+    }
+    args.push(targetUrl);
+    return args;
+}
+/**
+ * Parse response headers from curl's -D output.
+ * Returns the status code from the last status line and all response headers.
+ */
+export function parseResponseHeaders(headerDump) {
+    const headers = new Map();
+    let statusCode = 0;
+    // curl may output multiple status lines (e.g. 100 Continue, redirects).
+    // We parse from the beginning and reset on each new status line,
+    // so we end up with the headers from the final response.
+    const lines = headerDump.split(/\r?\n/);
+    for (const line of lines) {
+        // Status line: "HTTP/1.1 200 OK" or "HTTP/2 200"
+        const statusMatch = /^HTTP\/[\d.]+ (\d+)/.exec(line);
+        if (statusMatch !== null) {
+            statusCode = parseInt(statusMatch[1], 10);
+            headers.clear();
+            continue;
+        }
+        // Header line: "Content-Type: application/json"
+        const colonIndex = line.indexOf(':');
+        if (colonIndex > 0) {
+            const name = line.slice(0, colonIndex).trim();
+            const value = line.slice(colonIndex + 1).trim();
+            const lowerName = name.toLowerCase();
+            const existing = headers.get(lowerName);
+            if (existing !== undefined) {
+                existing.push(value);
+            }
+            else {
+                headers.set(lowerName, [value]);
+            }
+        }
+    }
+    return { statusCode, headers };
+}
+/**
+ * Read the full request body, enforcing a size limit.
+ */
+function readRequestBody(request, maxBodySize) {
+    return new Promise((resolve, reject) => {
+        const contentLength = request.headers['content-length'];
+        if (contentLength !== undefined) {
+            const size = parseInt(contentLength, 10);
+            if (!isNaN(size) && size > maxBodySize) {
+                reject(new BodyTooLargeError());
+                return;
+            }
+        }
+        const chunks = [];
+        let totalSize = 0;
+        request.on('data', (chunk) => {
+            totalSize += chunk.length;
+            if (totalSize > maxBodySize) {
+                request.destroy();
+                reject(new BodyTooLargeError());
+                return;
+            }
+            chunks.push(chunk);
+        });
+        request.on('end', () => {
+            if (totalSize === 0) {
+                resolve(null);
+                return;
+            }
+            resolve(Buffer.concat(chunks));
+        });
+        request.on('error', reject);
+    });
+}
+/**
+ * Forward parsed upstream response to the client.
+ */
+function forwardResponse(response, parsed, body) {
+    for (const [name, values] of parsed.headers) {
+        if (HOP_BY_HOP_HEADERS.has(name)) {
+            continue;
+        }
+        if (values.length === 1) {
+            response.setHeader(name, values[0]);
+        }
+        else {
+            response.setHeader(name, [...values]);
+        }
+    }
+    response.writeHead(parsed.statusCode);
+    response.end(body);
+}
+/**
+ * Execute a proxied request through the credential injection pipeline.
+ */
+export async function handleGatewayRequest(request, response, targetUrl, deps, apiCredentialStore, options) {
+    // Read body
+    let body;
+    try {
+        body = await readRequestBody(request, options.maxBodySize);
+    }
+    catch (error) {
+        if (error instanceof BodyTooLargeError) {
+            const method = request.method ?? 'UNKNOWN';
+            deps.log(`${method} ${targetUrl} -> 413`);
+            sendErrorResponse(response, 413, error.message);
+            return;
+        }
+        throw error;
+    }
+    // Build curl arguments from the incoming request
+    const method = request.method ?? 'GET';
+    const headerMap = new Map();
+    const rawHeaders = request.rawHeaders;
+    for (let i = 0; i < rawHeaders.length; i += 2) {
+        const name = rawHeaders[i];
+        const value = rawHeaders[i + 1];
+        if (!HOP_BY_HOP_HEADERS.has(name.toLowerCase())) {
+            headerMap.set(name, value);
+        }
+    }
+    const curlArguments = buildCurlArguments(method, headerMap, targetUrl, body !== null);
+    let allArguments;
+    try {
+        allArguments = await prepareCurlInvocation(curlArguments, apiCredentialStore, {
+            registry: deps.registry,
+            checkPermission: deps.checkPermission,
+            permissionsConfigPath: deps.config.permissionsConfigPath,
+            permissionsDoNotUseBuiltinSchemas: deps.config.permissionsDoNotUseBuiltinSchemas,
+            passthroughUnknown: deps.config.passthroughUnknown,
+        });
+    }
+    catch (error) {
+        if (error instanceof RequestNotPermittedError) {
+            deps.log(`${method} ${targetUrl} -> 403`);
+            sendErrorResponse(response, 403, error.message);
+            return;
+        }
+        if (error instanceof PermissionCheckError) {
+            deps.log(`${method} ${targetUrl} -> 403`);
+            sendErrorResponse(response, 403, `Error: ${error.message}`);
+            return;
+        }
+        if (error instanceof UrlExtractionFailedError ||
+            error instanceof NoServiceForUrlError ||
+            error instanceof NoCredentialsForServiceError ||
+            error instanceof CredentialsExpiredError) {
+            deps.log(`${method} ${targetUrl} -> 400`);
+            sendErrorResponse(response, 400, error.message);
+            return;
+        }
+        throw error;
+    }
+    // Create temp directory for header dump
+    const tempDir = mkdtempSync(join(tmpdir(), 'latchkey-gw-'));
+    const headerFile = join(tempDir, 'headers');
+    try {
+        // Add curl flags for capturing response metadata. `-sS` silences the
+        // progress meter (which would otherwise pollute the captured response
+        // body) while still letting error messages reach stderr, so
+        // `sendUpstreamCurlFailure` can surface the real failure reason to the
+        // client instead of the generic fallback.
+        const curlArgs = ['-sS', '-D', headerFile, ...allArguments];
+        const result = await deps.runCurlAsync(curlArgs, {
+            stdin: body ?? undefined,
+        });
+        if (result.returncode !== 0) {
+            // Try to read headers in case curl got a response before failing
+            let headerDump;
+            try {
+                headerDump = readFileSync(headerFile, 'utf-8');
+            }
+            catch {
+                deps.log(`${method} ${targetUrl} -> 502`);
+                sendUpstreamCurlFailure(response, result);
+                return;
+            }
+            if (headerDump.trim() === '') {
+                deps.log(`${method} ${targetUrl} -> 502`);
+                sendUpstreamCurlFailure(response, result);
+                return;
+            }
+            // We got headers — forward whatever we have
+            const parsed = parseResponseHeaders(headerDump);
+            forwardResponse(response, parsed, result.stdout);
+            deps.log(`${method} ${targetUrl} -> ${String(parsed.statusCode)}`);
+            return;
+        }
+        // Read response headers
+        let headerDump;
+        try {
+            headerDump = readFileSync(headerFile, 'utf-8');
+        }
+        catch {
+            deps.log(`${method} ${targetUrl} -> 502`);
+            sendUpstreamCurlFailure(response, result);
+            return;
+        }
+        const parsed = parseResponseHeaders(headerDump);
+        const statusCode = parsed.statusCode || 200;
+        forwardResponse(response, { statusCode, headers: parsed.headers }, result.stdout);
+        deps.log(`${method} ${targetUrl} -> ${String(statusCode)}`);
+    }
+    finally {
+        // Clean up temp files
+        try {
+            rmSync(tempDir, { recursive: true, force: true });
+        }
+        catch {
+            // Ignore cleanup errors
+        }
+    }
+}
+//# sourceMappingURL=gatewayEndpoint.js.map

package/dist/src/gateway/gatewayEndpoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gatewayEndpoint.js","sourceRoot":"","sources":["../../../src/gateway/gatewayEndpoint.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAIjC,OAAO,EACL,uBAAuB,EACvB,4BAA4B,EAC5B,oBAAoB,EACpB,qBAAqB,EACrB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD;;GAEG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY;IACZ,YAAY;IACZ,oBAAoB;IACpB,qBAAqB;IACrB,IAAI;IACJ,UAAU;IACV,mBAAmB;IACnB,SAAS;IACT,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAE/C,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1C;QACE,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAQD,SAAS,iBAAiB,CACxB,QAA6B,EAC7B,UAAkB,EAClB,OAAe;IAEf,QAAQ,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACvE,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;GAMG;AACH,SAAS,uBAAuB,CAAC,QAA6B,EAAE,MAAuB;IACrF,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAG,aAAa,KAAK,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,qBAAqB,CAAC,CAAC,CAAC,aAAa,CAAC;IAC3F,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,MAAM,MAAM,GAAG,mBAAmB,CAAC;IACnC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAc,EACd,OAAoC,EACpC,SAAiB,EACjB,OAAgB;IAEhB,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACpC,IAAI,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/C,SAAS;QACX,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAErB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAkB;IAIrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC5C,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,wEAAwE;IACxE,iEAAiE;IACjE,yDAAyD;IACzD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,iDAAiD;QACjD,MAAM,WAAW,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,UAAU,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,SAAS;QACX,CAAC;QAED,gDAAgD;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAChD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACxC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,OAA6B,EAC7B,WAAmB;IAEnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACxD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,WAAW,EAAE,CAAC;gBACvC,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;YAC1B,IAAI,SAAS,GAAG,WAAW,EAAE,CAAC;gBAC5B,OAAO,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,QAA6B,EAC7B,MAA+E,EAC/E,IAAY;IAEZ,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC5C,IAAI,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,SAAS;QACX,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IACD,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACtC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAA6B,EAC7B,QAA6B,EAC7B,SAAiB,EACjB,IAAqB,EACrB,kBAAsC,EACtC,OAAuB;IAEvB,YAAY;IACZ,IAAI,IAAmB,CAAC;IACxB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC7D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,SAAS,CAAC;YAC3C,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,SAAS,CAAC,CAAC;YAC1C,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,iDAAiD;IACjD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;QACjC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAChD,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,KAAK,IAAI,CAAC,CAAC;IAEtF,IAAI,YAA+B,CAAC;IACpC,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,qBAAqB,CAAC,aAAa,EAAE,kBAAkB,EAAE;YAC5E,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,qBAAqB,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB;YACxD,iCAAiC,EAAE,IAAI,CAAC,MAAM,CAAC,iCAAiC;YAChF,kBAAkB,EAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB;SACnD,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,wBAAwB,EAAE,CAAC;YAC9C,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,SAAS,CAAC,CAAC;YAC1C,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QACD,IAAI,KAAK,YAAY,oBAAoB,EAAE,CAAC;YAC1C,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,SAAS,CAAC,CAAC;YAC1C,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QACD,IACE,KAAK,YAAY,wBAAwB;YACzC,KAAK,YAAY,oBAAoB;YACrC,KAAK,YAAY,4BAA4B;YAC7C,KAAK,YAAY,uBAAuB,EACxC,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,SAAS,CAAC,CAAC;YAC1C,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,wCAAwC;IACxC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAE5C,IAAI,CAAC;QACH,qEAAqE;QACrE,sEAAsE;QACtE,4DAA4D;QAC5D,uEAAuE;QACvE,0CAA0C;QAC1C,MAAM,QAAQ,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC,CAAC;QAE5D,MAAM,MAAM,GAAoB,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE;YAChE,KAAK,EAAE,IAAI,IAAI,SAAS;SACzB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC5B,iEAAiE;YACjE,IAAI,UAAkB,CAAC;YACvB,IAAI,CAAC;gBACH,UAAU,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACjD,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,SAAS,CAAC,CAAC;gBAC1C,uBAAuB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC7B,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,SAAS,CAAC,CAAC;gBAC1C,uBAAuB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;YAED,4CAA4C;YAC5C,MAAM,MAAM,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;YAChD,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,OAAO,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,IAAI,UAAkB,CAAC;QACvB,IAAI,CAAC;YACH,UAAU,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,SAAS,CAAC,CAAC;YAC1C,uBAAuB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;QAE5C,eAAe,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAClF,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,SAAS,OAAO,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC;YAAS,CAAC;QACT,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/src/gateway/latchkeyEndpoint.d.ts

@@ -0,0 +1,105 @@
+/**
+ * HTTP handler for the /latchkey/ RPC endpoint.
+ *
+ * Accepts POST requests with a JSON body containing a command and optional params.
+ * Dispatches to shared operation functions and returns a uniform response envelope.
+ */
+import * as http from 'node:http';
+import { z } from 'zod';
+import type { ApiCredentialStore } from '../apiCredentials/store.js';
+import type { CliDependencies } from '../cliCommands.js';
+import type { EncryptedStorage } from '../encryptedStorage.js';
+export declare const LatchkeyRequestSchema: z.ZodDiscriminatedUnion<"command", [z.ZodObject<{
+    command: z.ZodLiteral<"services list">;
+    params: z.ZodOptional<z.ZodObject<{
+        builtin: z.ZodOptional<z.ZodBoolean>;
+        viable: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        builtin?: boolean | undefined;
+        viable?: boolean | undefined;
+    }, {
+        builtin?: boolean | undefined;
+        viable?: boolean | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    command: "services list";
+    params?: {
+        builtin?: boolean | undefined;
+        viable?: boolean | undefined;
+    } | undefined;
+}, {
+    command: "services list";
+    params?: {
+        builtin?: boolean | undefined;
+        viable?: boolean | undefined;
+    } | undefined;
+}>, z.ZodObject<{
+    command: z.ZodLiteral<"services info">;
+    params: z.ZodObject<{
+        serviceName: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        serviceName: string;
+    }, {
+        serviceName: string;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    params: {
+        serviceName: string;
+    };
+    command: "services info";
+}, {
+    params: {
+        serviceName: string;
+    };
+    command: "services info";
+}>, z.ZodObject<{
+    command: z.ZodLiteral<"auth list">;
+    params: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
+}, "strip", z.ZodTypeAny, {
+    command: "auth list";
+    params?: {} | undefined;
+}, {
+    command: "auth list";
+    params?: {} | undefined;
+}>, z.ZodObject<{
+    command: z.ZodLiteral<"auth browser">;
+    params: z.ZodObject<{
+        serviceName: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        serviceName: string;
+    }, {
+        serviceName: string;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    params: {
+        serviceName: string;
+    };
+    command: "auth browser";
+}, {
+    params: {
+        serviceName: string;
+    };
+    command: "auth browser";
+}>, z.ZodObject<{
+    command: z.ZodLiteral<"auth browser-prepare">;
+    params: z.ZodObject<{
+        serviceName: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        serviceName: string;
+    }, {
+        serviceName: string;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    params: {
+        serviceName: string;
+    };
+    command: "auth browser-prepare";
+}, {
+    params: {
+        serviceName: string;
+    };
+    command: "auth browser-prepare";
+}>]>;
+export type LatchkeyRequest = z.infer<typeof LatchkeyRequestSchema>;
+export declare function handleLatchkeyRequest(request: http.IncomingMessage, response: http.ServerResponse, deps: CliDependencies, apiCredentialStore: ApiCredentialStore, encryptedStorage: EncryptedStorage): Promise<void>;
+//# sourceMappingURL=latchkeyEndpoint.d.ts.map

package/dist/src/gateway/latchkeyEndpoint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"latchkeyEndpoint.d.ts","sourceRoot":"","sources":["../../../src/gateway/latchkeyEndpoint.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAwD/D,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAMhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAoFpE,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,IAAI,CAAC,eAAe,EAC7B,QAAQ,EAAE,IAAI,CAAC,cAAc,EAC7B,IAAI,EAAE,eAAe,EACrB,kBAAkB,EAAE,kBAAkB,EACtC,gBAAgB,EAAE,gBAAgB,GACjC,OAAO,CAAC,IAAI,CAAC,CAuDf"}

package/dist/src/gateway/latchkeyEndpoint.js

@@ -0,0 +1,144 @@
+/**
+ * HTTP handler for the /latchkey/ RPC endpoint.
+ *
+ * Accepts POST requests with a JSON body containing a command and optional params.
+ * Dispatches to shared operation functions and returns a uniform response envelope.
+ */
+import { text } from 'node:stream/consumers';
+import { z } from 'zod';
+import { servicesList, servicesInfo, authList, authBrowser, authBrowserPrepare, UnknownServiceError, BrowserNotConfiguredError, PreparationRequiredError, } from '../sharedOperations.js';
+import { BrowserDisabledError, BrowserFlowsNotSupportedError, GraphicalEnvironmentNotFoundError, } from '../playwrightUtils.js';
+import { LoginCancelledError, LoginFailedError } from '../services/index.js';
+const serviceNameParamsMessage = "missing required argument 'service_name'";
+const serviceNameParams = z.object({
+    serviceName: z.string({ required_error: serviceNameParamsMessage }),
+}, { required_error: serviceNameParamsMessage });
+const ServicesListRequestSchema = z.object({
+    command: z.literal('services list'),
+    params: z
+        .object({
+        builtin: z.boolean().optional(),
+        viable: z.boolean().optional(),
+    })
+        .optional(),
+});
+const ServicesInfoRequestSchema = z.object({
+    command: z.literal('services info'),
+    params: serviceNameParams,
+});
+const AuthListRequestSchema = z.object({
+    command: z.literal('auth list'),
+    params: z.object({}).optional(),
+});
+const AuthBrowserRequestSchema = z.object({
+    command: z.literal('auth browser'),
+    params: serviceNameParams,
+});
+const AuthBrowserPrepareRequestSchema = z.object({
+    command: z.literal('auth browser-prepare'),
+    params: serviceNameParams,
+});
+export const LatchkeyRequestSchema = z.discriminatedUnion('command', [
+    ServicesListRequestSchema,
+    ServicesInfoRequestSchema,
+    AuthListRequestSchema,
+    AuthBrowserRequestSchema,
+    AuthBrowserPrepareRequestSchema,
+]);
+const KNOWN_ERROR_CLASSES = [
+    UnknownServiceError,
+    BrowserDisabledError,
+    GraphicalEnvironmentNotFoundError,
+    BrowserNotConfiguredError,
+    BrowserFlowsNotSupportedError,
+    PreparationRequiredError,
+    LoginCancelledError,
+    LoginFailedError,
+];
+function isKnownError(error) {
+    return KNOWN_ERROR_CLASSES.some((ErrorClass) => error instanceof ErrorClass);
+}
+function sendJsonResponse(response, statusCode, body) {
+    response.writeHead(statusCode, { 'Content-Type': 'application/json' });
+    response.end(JSON.stringify(body));
+}
+function sendSuccess(response, result) {
+    sendJsonResponse(response, 200, { result });
+}
+function sendErrorResponse(response, statusCode, message) {
+    sendJsonResponse(response, statusCode, { error: message });
+}
+function describeRequest(parsed) {
+    const command = parsed.command;
+    if ('params' in parsed && parsed.params && 'serviceName' in parsed.params) {
+        return `${command} ${parsed.params.serviceName}`;
+    }
+    return command;
+}
+async function dispatch(parsed, deps, apiCredentialStore, encryptedStorage) {
+    switch (parsed.command) {
+        case 'services list':
+            return servicesList(deps.registry, apiCredentialStore, deps.config, parsed.params ?? {});
+        case 'services info':
+            return servicesInfo(deps.registry, apiCredentialStore, deps.config, parsed.params.serviceName);
+        case 'auth list':
+            return authList(deps.registry, apiCredentialStore);
+        case 'auth browser':
+            await authBrowser(deps.registry, apiCredentialStore, encryptedStorage, deps.config, parsed.params.serviceName);
+            return null;
+        case 'auth browser-prepare':
+            return authBrowserPrepare(deps.registry, apiCredentialStore, encryptedStorage, deps.config, parsed.params.serviceName);
+    }
+}
+export async function handleLatchkeyRequest(request, response, deps, apiCredentialStore, encryptedStorage) {
+    if (request.method !== 'POST') {
+        sendErrorResponse(response, 405, 'Method not allowed. Use POST.');
+        return;
+    }
+    const bodyText = await text(request);
+    let bodyJson;
+    try {
+        bodyJson = JSON.parse(bodyText);
+    }
+    catch (error) {
+        if (error instanceof SyntaxError) {
+            sendErrorResponse(response, 400, `Invalid JSON: ${error.message}`);
+            return;
+        }
+        throw error;
+    }
+    const parseResult = LatchkeyRequestSchema.safeParse(bodyJson);
+    if (!parseResult.success) {
+        const message = parseResult.error.errors
+            .map((e) => {
+            if (e.code === 'invalid_union_discriminator') {
+                const received = bodyJson?.command;
+                if (typeof received === 'string') {
+                    return `unknown command '${received}'`;
+                }
+                return "missing required field 'command'";
+            }
+            return e.message;
+        })
+            .join('; ');
+        sendErrorResponse(response, 400, message);
+        return;
+    }
+    const parsed = parseResult.data;
+    const description = describeRequest(parsed);
+    try {
+        const result = await dispatch(parsed, deps, apiCredentialStore, encryptedStorage);
+        deps.log(`POST /latchkey/ ${description} -> 200`);
+        sendSuccess(response, result);
+    }
+    catch (error) {
+        if (isKnownError(error)) {
+            deps.log(`POST /latchkey/ ${description} -> 400 (error)`);
+            sendErrorResponse(response, 400, error.message);
+            return;
+        }
+        deps.errorLog(`Unexpected error handling POST /latchkey/ ${description}: ${error instanceof Error ? error.message : String(error)}`);
+        sendErrorResponse(response, 500, 'Internal error');
+    }
+}
+//# sourceMappingURL=latchkeyEndpoint.js.map

package/dist/src/gateway/latchkeyEndpoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"latchkeyEndpoint.js","sourceRoot":"","sources":["../../../src/gateway/latchkeyEndpoint.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,kBAAkB,EAClB,mBAAmB,EACnB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,oBAAoB,EACpB,6BAA6B,EAC7B,iCAAiC,GAClC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAE7E,MAAM,wBAAwB,GAAG,0CAA0C,CAAC;AAC5E,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAChC;IACE,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,cAAc,EAAE,wBAAwB,EAAE,CAAC;CACpE,EACD,EAAE,cAAc,EAAE,wBAAwB,EAAE,CAC7C,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IACnC,MAAM,EAAE,CAAC;SACN,MAAM,CAAC;QACN,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC/B,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAC/B,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IACnC,MAAM,EAAE,iBAAiB;CAC1B,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAC/B,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC;IAClC,MAAM,EAAE,iBAAiB;CAC1B,CAAC,CAAC;AAEH,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC;IAC1C,MAAM,EAAE,iBAAiB;CAC1B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,kBAAkB,CAAC,SAAS,EAAE;IACnE,yBAAyB;IACzB,yBAAyB;IACzB,qBAAqB;IACrB,wBAAwB;IACxB,+BAA+B;CAChC,CAAC,CAAC;AAIH,MAAM,mBAAmB,GAA0D;IACjF,mBAAmB;IACnB,oBAAoB;IACpB,iCAAiC;IACjC,yBAAyB;IACzB,6BAA6B;IAC7B,wBAAwB;IACxB,mBAAmB;IACnB,gBAAgB;CACjB,CAAC;AAEF,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,KAAK,YAAY,UAAU,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA6B,EAAE,UAAkB,EAAE,IAAa;IACxF,QAAQ,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACvE,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,WAAW,CAAC,QAA6B,EAAE,MAAe;IACjE,gBAAgB,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,iBAAiB,CACxB,QAA6B,EAC7B,UAAkB,EAClB,OAAe;IAEf,gBAAgB,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,eAAe,CAAC,MAAuB;IAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,IAAI,QAAQ,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,aAAa,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC1E,OAAO,GAAG,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IACnD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,MAAuB,EACvB,IAAqB,EACrB,kBAAsC,EACtC,gBAAkC;IAElC,QAAQ,MAAM,CAAC,OAAO,EAAE,CAAC;QACvB,KAAK,eAAe;YAClB,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QAE3F,KAAK,eAAe;YAClB,OAAO,YAAY,CACjB,IAAI,CAAC,QAAQ,EACb,kBAAkB,EAClB,IAAI,CAAC,MAAM,EACX,MAAM,CAAC,MAAM,CAAC,WAAW,CAC1B,CAAC;QAEJ,KAAK,WAAW;YACd,OAAO,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QAErD,KAAK,cAAc;YACjB,MAAM,WAAW,CACf,IAAI,CAAC,QAAQ,EACb,kBAAkB,EAClB,gBAAgB,EAChB,IAAI,CAAC,MAAM,EACX,MAAM,CAAC,MAAM,CAAC,WAAW,CAC1B,CAAC;YACF,OAAO,IAAI,CAAC;QAEd,KAAK,sBAAsB;YACzB,OAAO,kBAAkB,CACvB,IAAI,CAAC,QAAQ,EACb,kBAAkB,EAClB,gBAAgB,EAChB,IAAI,CAAC,MAAM,EACX,MAAM,CAAC,MAAM,CAAC,WAAW,CAC1B,CAAC;IACN,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAA6B,EAC7B,QAA6B,EAC7B,IAAqB,EACrB,kBAAsC,EACtC,gBAAkC;IAElC,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9B,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,+BAA+B,CAAC,CAAC;QAClE,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,QAAiB,CAAC;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YACjC,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,qBAAqB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM;aACrC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACT,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,QAAQ,GAAI,QAA2C,EAAE,OAAO,CAAC;gBACvE,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACjC,OAAO,oBAAoB,QAAQ,GAAG,CAAC;gBACzC,CAAC;gBACD,OAAO,kCAAkC,CAAC;YAC5C,CAAC;YACD,OAAO,CAAC,CAAC,OAAO,CAAC;QACnB,CAAC,CAAC;aACD,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC1C,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC;IAChC,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAE5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;QAClF,IAAI,CAAC,GAAG,CAAC,mBAAmB,WAAW,SAAS,CAAC,CAAC;QAClD,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,mBAAmB,WAAW,iBAAiB,CAAC,CAAC;YAC1D,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,QAAQ,CACX,6CAA6C,WAAW,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtH,CAAC;QACF,iBAAiB,CAAC,QAAQ,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;IACrD,CAAC;AACH,CAAC"}

package/dist/src/gateway/server.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Local HTTP gateway server.
+ *
+ * Routes incoming requests to either the `/gateway/<target-url>` proxy handler
+ * or the `/latchkey/` RPC endpoint.
+ */
+import * as http from 'node:http';
+import type { ApiCredentialStore } from '../apiCredentials/store.js';
+import type { CliDependencies } from '../cliCommands.js';
+import type { EncryptedStorage } from '../encryptedStorage.js';
+import { type GatewayOptions } from './gatewayEndpoint.js';
+export interface GatewayServer {
+    readonly server: http.Server;
+    readonly close: () => Promise<void>;
+}
+/**
+ * Start the gateway HTTP server.
+ */
+export declare function startGateway(deps: CliDependencies, apiCredentialStore: ApiCredentialStore, encryptedStorage: EncryptedStorage, options: GatewayOptions): Promise<GatewayServer>;
+//# sourceMappingURL=server.d.ts.map

package/dist/src/gateway/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/gateway/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE/D,OAAO,EAIL,KAAK,cAAc,EACpB,MAAM,sBAAsB,CAAC;AAY9B,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,IAAI,EAAE,eAAe,EACrB,kBAAkB,EAAE,kBAAkB,EACtC,gBAAgB,EAAE,gBAAgB,EAClC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,aAAa,CAAC,CAmGxB"}