npm - llng-mcp - Versions diffs - 0.1.0 - Mend

llng-mcp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

package/.github/workflows/ci.yml +77 -0
package/.prettierrc +7 -0
package/LICENSE +661 -0
package/README.md +502 -0
package/dist/__tests__/api-transport.test.d.ts +1 -0
package/dist/__tests__/api-transport.test.js +577 -0
package/dist/__tests__/api-transport.test.js.map +1 -0
package/dist/__tests__/config.test.d.ts +1 -0
package/dist/__tests__/config.test.js +472 -0
package/dist/__tests__/config.test.js.map +1 -0
package/dist/__tests__/integration/api-mode.test.d.ts +1 -0
package/dist/__tests__/integration/api-mode.test.js +199 -0
package/dist/__tests__/integration/api-mode.test.js.map +1 -0
package/dist/__tests__/integration/oidc-rp.test.d.ts +1 -0
package/dist/__tests__/integration/oidc-rp.test.js +120 -0
package/dist/__tests__/integration/oidc-rp.test.js.map +1 -0
package/dist/__tests__/integration/ssh-mode.test.d.ts +1 -0
package/dist/__tests__/integration/ssh-mode.test.js +101 -0
package/dist/__tests__/integration/ssh-mode.test.js.map +1 -0
package/dist/__tests__/k8s-transport.test.d.ts +1 -0
package/dist/__tests__/k8s-transport.test.js +254 -0
package/dist/__tests__/k8s-transport.test.js.map +1 -0
package/dist/__tests__/oidc-tools.test.d.ts +1 -0
package/dist/__tests__/oidc-tools.test.js +457 -0
package/dist/__tests__/oidc-tools.test.js.map +1 -0
package/dist/__tests__/registry.test.d.ts +1 -0
package/dist/__tests__/registry.test.js +96 -0
package/dist/__tests__/registry.test.js.map +1 -0
package/dist/__tests__/ssh-transport.test.d.ts +1 -0
package/dist/__tests__/ssh-transport.test.js +618 -0
package/dist/__tests__/ssh-transport.test.js.map +1 -0
package/dist/__tests__/tools.test.d.ts +1 -0
package/dist/__tests__/tools.test.js +525 -0
package/dist/__tests__/tools.test.js.map +1 -0
package/dist/config.d.ts +65 -0
package/dist/config.js +506 -0
package/dist/config.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.js +42 -0
package/dist/index.js.map +1 -0
package/dist/resources/documentation.d.ts +5 -0
package/dist/resources/documentation.js +56 -0
package/dist/resources/documentation.js.map +1 -0
package/dist/tools/cli-utilities.d.ts +3 -0
package/dist/tools/cli-utilities.js +187 -0
package/dist/tools/cli-utilities.js.map +1 -0
package/dist/tools/config.d.ts +6 -0
package/dist/tools/config.js +326 -0
package/dist/tools/config.js.map +1 -0
package/dist/tools/consents.d.ts +3 -0
package/dist/tools/consents.js +39 -0
package/dist/tools/consents.js.map +1 -0
package/dist/tools/instances.d.ts +3 -0
package/dist/tools/instances.js +14 -0
package/dist/tools/instances.js.map +1 -0
package/dist/tools/oidc-rp.d.ts +6 -0
package/dist/tools/oidc-rp.js +246 -0
package/dist/tools/oidc-rp.js.map +1 -0
package/dist/tools/oidc.d.ts +3 -0
package/dist/tools/oidc.js +343 -0
package/dist/tools/oidc.js.map +1 -0
package/dist/tools/secondfactors.d.ts +3 -0
package/dist/tools/secondfactors.js +62 -0
package/dist/tools/secondfactors.js.map +1 -0
package/dist/tools/sessions.d.ts +6 -0
package/dist/tools/sessions.js +300 -0
package/dist/tools/sessions.js.map +1 -0
package/dist/transport/api.d.ts +35 -0
package/dist/transport/api.js +327 -0
package/dist/transport/api.js.map +1 -0
package/dist/transport/interface.d.ts +50 -0
package/dist/transport/interface.js +2 -0
package/dist/transport/interface.js.map +1 -0
package/dist/transport/k8s.d.ts +41 -0
package/dist/transport/k8s.js +303 -0
package/dist/transport/k8s.js.map +1 -0
package/dist/transport/registry.d.ts +20 -0
package/dist/transport/registry.js +91 -0
package/dist/transport/registry.js.map +1 -0
package/dist/transport/ssh.d.ts +37 -0
package/dist/transport/ssh.js +353 -0
package/dist/transport/ssh.js.map +1 -0
package/docker-compose.test.yml +16 -0
package/eslint.config.js +21 -0
package/package.json +38 -0
package/src/__tests__/api-transport.test.ts +746 -0
package/src/__tests__/config.test.ts +587 -0
package/src/__tests__/integration/api-mode.test.ts +229 -0
package/src/__tests__/integration/oidc-rp.test.ts +138 -0
package/src/__tests__/integration/ssh-mode.test.ts +113 -0
package/src/__tests__/k8s-transport.test.ts +342 -0
package/src/__tests__/oidc-tools.test.ts +554 -0
package/src/__tests__/registry.test.ts +110 -0
package/src/__tests__/ssh-transport.test.ts +805 -0
package/src/__tests__/tools.test.ts +735 -0
package/src/config.ts +605 -0
package/src/index.ts +48 -0
package/src/resources/documentation.ts +65 -0
package/src/tools/cli-utilities.ts +207 -0
package/src/tools/config.ts +382 -0
package/src/tools/consents.ts +50 -0
package/src/tools/instances.ts +21 -0
package/src/tools/oidc-rp.ts +299 -0
package/src/tools/oidc.ts +434 -0
package/src/tools/secondfactors.ts +78 -0
package/src/tools/sessions.ts +342 -0
package/src/transport/api.ts +429 -0
package/src/transport/interface.ts +58 -0
package/src/transport/k8s.ts +367 -0
package/src/transport/registry.ts +105 -0
package/src/transport/ssh.ts +430 -0
package/tsconfig.json +16 -0
package/vitest.config.ts +8 -0
package/vitest.integration.config.ts +9 -0

package/src/__tests__/integration/api-mode.test.ts ADDED Viewed

@@ -0,0 +1,229 @@
+import { describe, it, expect, beforeAll } from "vitest";
+const BASE_URL = process.env.LLNG_TEST_URL || "http://localhost:19876";
+describe("API Transport Integration", () => {
+  let available = false;
+  let sessionCookie = "";
+  async function authenticate(): Promise<string | null> {
+    try {
+      // First, get the login form to extract CSRF token
+      const formResp = await fetch(`${BASE_URL}/`, {
+        headers: {
+          Host: "auth.example.com",
+        },
+      });
+      if (!formResp.ok) {
+        console.log("Failed to fetch login form:", formResp.status);
+        return null;
+      }
+      const html = await formResp.text();
+      // Extract CSRF token from the form
+      const tokenMatch = html.match(/name="token"\s+value="([^"]+)"/);
+      if (!tokenMatch) {
+        console.log("No CSRF token found in login form");
+        return null;
+      }
+      const token = tokenMatch[1];
+      if (!token) {
+        console.log("CSRF token is empty");
+        return null;
+      }
+      // Authenticate to portal as dwho/dwho (default demo user)
+      const resp = await fetch(`${BASE_URL}/`, {
+        method: "POST",
+        headers: {
+          Host: "auth.example.com",
+          "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: `user=dwho&password=dwho&token=${token}`,
+        redirect: "manual", // Don't follow redirects
+      });
+      // Should get 302 redirect with session cookie
+      if (resp.status !== 302 && resp.status !== 200) {
+        console.log("Auth failed with status:", resp.status);
+        return null;
+      }
+      // Extract lemonldap cookie
+      const setCookie = resp.headers.get("set-cookie");
+      if (!setCookie) {
+        console.log("No set-cookie header received");
+        return null;
+      }
+      const match = setCookie.match(/lemonldap=([^;]+)/);
+      if (!match) {
+        console.log("No lemonldap cookie found in:", setCookie);
+        return null;
+      }
+      return match[1];
+    } catch (e: unknown) {
+      console.log("Authentication error:", e instanceof Error ? e.message : String(e));
+      return null;
+    }
+  }
+  beforeAll(async () => {
+    // Check if LLNG portal is available and authenticate
+    try {
+      const resp = await fetch(`${BASE_URL}/`, {
+        headers: {
+          Host: "auth.example.com",
+        },
+      });
+      if (!resp.ok && resp.status !== 302) {
+        available = false;
+        return;
+      }
+      // Try to authenticate
+      const cookie = await authenticate();
+      if (cookie) {
+        sessionCookie = cookie;
+        available = true;
+      } else {
+        available = false;
+      }
+    } catch {
+      available = false;
+    }
+  });
+  it("should detect LLNG portal availability", () => {
+    if (!available) {
+      console.log("LLNG portal not available or auth failed - skipping API tests");
+    }
+    // Don't fail - just report availability
+  });
+  it("should access portal login page", async () => {
+    if (!available) return;
+    try {
+      const resp = await fetch(`${BASE_URL}/`, {
+        headers: {
+          Host: "auth.example.com",
+        },
+      });
+      expect(resp.ok).toBe(true);
+      const html = await resp.text();
+      // Should contain login form
+      expect(html).toContain("lemonldap-ng");
+    } catch (e: unknown) {
+      console.log("Portal access failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+  it("should authenticate as demo user", async () => {
+    if (!available) return;
+    expect(sessionCookie).toBeTruthy();
+    expect(sessionCookie.length).toBeGreaterThan(0);
+  });
+  it("should access manager API with session cookie", async () => {
+    if (!available) return;
+    try {
+      const resp = await fetch(`${BASE_URL}/confs/latest`, {
+        headers: {
+          Host: "manager.example.com",
+          Cookie: `lemonldap=${sessionCookie}`,
+        },
+      });
+      // Manager API requires specific group membership (e.g., "timelords" group)
+      // The demo user dwho might not have manager permissions by default
+      if (resp.status === 403) {
+        console.log(
+          "Manager API returned 403 - user lacks required permissions (expected for demo user)",
+        );
+        return; // Skip test gracefully
+      }
+      if (!resp.ok) {
+        const text = await resp.text();
+        console.log("Manager API response:", resp.status, text);
+        throw new Error(`Manager API returned ${resp.status}`);
+      }
+      const config = await resp.json();
+      // Should have cfgNum
+      expect(config.cfgNum).toBeDefined();
+      const cfgNum = typeof config.cfgNum === "string" ? parseInt(config.cfgNum) : config.cfgNum;
+      expect(cfgNum).toBeGreaterThan(0);
+      // Should have basic config keys
+      expect(config.portal).toBeDefined();
+      expect(config.domain).toBeDefined();
+    } catch (e: unknown) {
+      console.log("Manager API access failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+  it("should access manager REST API endpoints", async () => {
+    if (!available) return;
+    try {
+      // Test accessing configuration list
+      const resp = await fetch(`${BASE_URL}/confs`, {
+        headers: {
+          Host: "manager.example.com",
+          Cookie: `lemonldap=${sessionCookie}`,
+        },
+      });
+      // Manager REST API also requires permissions
+      if (resp.status === 403) {
+        console.log(
+          "REST API returned 403 - user lacks required permissions (expected for demo user)",
+        );
+        return;
+      }
+      if (!resp.ok) {
+        const text = await resp.text();
+        console.log("REST API response:", resp.status, text);
+        // Don't fail - might not be available in all deployments
+        return;
+      }
+      const data = await resp.json();
+      expect(Array.isArray(data) || typeof data === "object").toBe(true);
+    } catch (e: unknown) {
+      console.log("REST API access failed:", e instanceof Error ? e.message : String(e));
+      // Don't fail - REST API might not be enabled
+    }
+  });
+  it("should demonstrate that manager API requires authorization", async () => {
+    if (!available) return;
+    // Document the authorization requirements for the manager API
+    // In a real deployment, you would need:
+    // 1. A user account with manager permissions (e.g., member of "timelords" group)
+    // 2. Proper session cookie after authentication
+    // 3. Correct Host header for the manager vhost
+    //
+    // For testing purposes, SSH transport via docker exec is more reliable
+    // since CLI commands bypass web-based authorization checks
+    console.log(
+      'Manager API requires group membership (e.g., inGroup("timelords")) or specific user access',
+    );
+  });
+});

package/src/__tests__/integration/oidc-rp.test.ts ADDED Viewed

@@ -0,0 +1,138 @@
+import { describe, it, expect, beforeAll, afterAll } from "vitest";
+import { execSync } from "child_process";
+describe("OIDC RP Integration (via docker exec)", () => {
+  let available = false;
+  let containerName = "";
+  function dockerExec(cmd: string): string {
+    return execSync(`docker exec ${containerName} ${cmd}`, {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "ignore"], // capture stdout, ignore stderr
+    }).trim();
+  }
+  function dockerBash(script: string): string {
+    return dockerExec(`bash -c '${script.replace(/'/g, "'\\''")}'`);
+  }
+  beforeAll(async () => {
+    // Detect container name dynamically
+    try {
+      const output = execSync(
+        `docker ps --filter ancestor=yadd/lemonldap-ng-full --format '{{.Names}}'`,
+        { encoding: "utf-8" },
+      );
+      const name = output.trim().split("\n")[0];
+      if (name) {
+        containerName = name;
+        available = true;
+      }
+    } catch {
+      available = false;
+    }
+    if (!available) return;
+    // Set up OIDC RP configuration
+    try {
+      // Add hosts entry for auth.example.com
+      dockerBash("echo '127.0.0.1 auth.example.com' >> /etc/hosts");
+      // Enable OIDC issuer
+      dockerBash("lemonldap-ng-cli -yes 1 set issuerDBOpenIDConnectActivation 1 2>/dev/null");
+      // Generate signing keys
+      dockerBash("/usr/share/lemonldap-ng/bin/rotateOidcKeys 2>/dev/null");
+      // Create RP via CLI merge
+      const rpConfig = JSON.stringify({
+        oidcRPMetaDataOptions: {
+          "integ-test-rp": {
+            oidcRPMetaDataOptionsClientID: "integ-test-client",
+            oidcRPMetaDataOptionsRedirectUris: "http://localhost/callback",
+            oidcRPMetaDataOptionsPublic: 1,
+            oidcRPMetaDataOptionsBypassConsent: 1,
+            oidcRPMetaDataOptionsIDTokenSignAlg: "RS256",
+          },
+        },
+        oidcRPMetaDataExportedVars: {
+          "integ-test-rp": {
+            name: "cn",
+            preferred_username: "uid",
+            email: "mail",
+          },
+        },
+      });
+      dockerBash(
+        `echo '${rpConfig.replace(/'/g, "'\\''")}' | lemonldap-ng-cli -yes 1 merge - 2>/dev/null`,
+      );
+    } catch (e: unknown) {
+      console.log("OIDC setup failed:", e instanceof Error ? e.message : String(e));
+      available = false;
+    }
+  });
+  afterAll(async () => {
+    if (!available) return;
+    // Cleanup: remove RP configuration
+    try {
+      dockerBash("lemonldap-ng-cli -yes 1 delKey oidcRPMetaDataOptions integ-test-rp 2>/dev/null");
+      dockerBash(
+        "lemonldap-ng-cli -yes 1 delKey oidcRPMetaDataExportedVars integ-test-rp 2>/dev/null",
+      );
+    } catch (e: unknown) {
+      console.log("OIDC cleanup failed:", e instanceof Error ? e.message : String(e));
+    }
+  });
+  it("should detect Docker container availability", () => {
+    if (!available) {
+      console.log("LLNG container not available - skipping integration tests");
+    }
+    // Don't fail - just report availability
+  });
+  it("should add OIDC RP and verify config", async () => {
+    if (!available) return;
+    try {
+      const output = dockerBash(
+        "lemonldap-ng-cli -yes 1 get oidcRPMetaDataOptions/integ-test-rp 2>/dev/null",
+      );
+      // Verify the RP contains required fields
+      expect(output).toContain("oidcRPMetaDataOptionsClientID");
+      expect(output).toContain("oidcRPMetaDataOptionsIDTokenSignAlg");
+    } catch (e: unknown) {
+      console.log("OIDC RP verification failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+  it("should complete full OIDC flow via llng CLI", async () => {
+    if (!available) return;
+    try {
+      const flowScript = `
+        rm -f /root/.cache/llng-cookies && mkdir -p /root/.cache && \
+        llng --llng-url http://auth.example.com --login dwho --password dwho \
+          --client-id integ-test-client --pkce --redirect-uri "http://localhost/callback" \
+          user_info
+      `;
+      const output = dockerBash(flowScript);
+      // Parse JSON output and verify user info
+      const userInfo = JSON.parse(output);
+      expect(userInfo.sub).toBe("dwho");
+      expect(userInfo.email).toBe("dwho@badwolf.org");
+      expect(userInfo.name).toBe("Doctor Who");
+      expect(userInfo.preferred_username).toBe("dwho");
+    } catch (e: unknown) {
+      console.log("OIDC flow failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+});

package/src/__tests__/integration/ssh-mode.test.ts ADDED Viewed

@@ -0,0 +1,113 @@
+import { describe, it, expect, beforeAll } from "vitest";
+import { execSync } from "child_process";
+describe("SSH Transport Integration (via docker exec)", () => {
+  let available = false;
+  let containerName = "";
+  function dockerExec(cmd: string): string {
+    return execSync(`docker exec ${containerName} ${cmd}`, {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "ignore"], // capture stdout, ignore stderr
+    }).trim();
+  }
+  beforeAll(async () => {
+    // Detect container name dynamically
+    try {
+      const output = execSync(
+        `docker ps --filter ancestor=yadd/lemonldap-ng-full --format '{{.Names}}'`,
+        { encoding: "utf-8" },
+      );
+      const name = output.trim().split("\n")[0];
+      if (name) {
+        containerName = name;
+        available = true;
+      }
+    } catch {
+      available = false;
+    }
+  });
+  it("should detect Docker container availability", () => {
+    if (!available) {
+      console.log("LLNG container not available - skipping integration tests");
+    }
+    // Don't fail - just report availability
+  });
+  it("should get config info via info command", async () => {
+    if (!available) return;
+    try {
+      const output = dockerExec("lemonldap-ng-cli info");
+      // Parse text output - expect lines like "Num      : 1"
+      expect(output).toContain("Num");
+      expect(output).toContain("Author");
+      expect(output).toMatch(/Num\s+:\s+\d+/);
+    } catch (e: unknown) {
+      console.log("CLI info failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+  it("should get config values via get command", async () => {
+    if (!available) return;
+    try {
+      const output = dockerExec("lemonldap-ng-cli get portal domain");
+      // Parse "key = value" lines
+      const lines = output.split("\n");
+      expect(lines.length).toBeGreaterThan(0);
+      // Should contain portal and domain values
+      expect(output).toMatch(/portal\s+=\s+\S+/);
+      expect(output).toMatch(/domain\s+=\s+\S+/);
+    } catch (e: unknown) {
+      console.log("CLI get failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+  it("should export config via save command", async () => {
+    if (!available) return;
+    try {
+      const output = dockerExec("lemonldap-ng-cli save");
+      // save outputs JSON to stdout
+      const config = JSON.parse(output);
+      expect(config.cfgNum).toBeDefined();
+      // cfgNum might be a string or number
+      const cfgNum = typeof config.cfgNum === "string" ? parseInt(config.cfgNum) : config.cfgNum;
+      expect(cfgNum).toBeGreaterThan(0);
+    } catch (e: unknown) {
+      console.log("CLI save failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+  it.skip("should set config value via set command (requires interactive confirmation)", () => {
+    // The CLI 'set' command requires interactive confirmation
+    // and does not work non-interactively.
+  });
+  it("should search sessions via lemonldap-ng-sessions", async () => {
+    if (!available) return;
+    try {
+      // lemonldap-ng-sessions search returns JSON array (might be empty)
+      const output = dockerExec("lemonldap-ng-sessions search");
+      // Parse JSON - should be an array
+      const sessions = JSON.parse(output);
+      expect(Array.isArray(sessions)).toBe(true);
+    } catch (e: unknown) {
+      console.log("Sessions CLI failed:", e instanceof Error ? e.message : String(e));
+      throw e;
+    }
+  });
+});