lody 0.57.3 → 0.58.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -7,3 +7,9 @@ Orchestrate your coding agents, together:
7
7
  ```
8
8
  npx lody start
9
9
  ```
10
+
11
+ Install the CLI package:
12
+
13
+ ```
14
+ npm install -g lody@next
15
+ ```
@@ -0,0 +1,449 @@
1
+ import { v as validateBucketId, a as validateSpaceUuid, b as validateStreamPrefix, c as validateMailboxSegment, __tla as __tla_0 } from "../index.js";
2
+ import "fs";
3
+ import "path";
4
+ import "os";
5
+ import "crypto";
6
+ import "child_process";
7
+ import "util";
8
+ import "url";
9
+ import "module";
10
+ import "tty";
11
+ import "worker_threads";
12
+ import "events";
13
+ import "node:diagnostics_channel";
14
+ import "node:events";
15
+ import "diagnostics_channel";
16
+ import "node:net";
17
+ import "async_hooks";
18
+ import "node:child_process";
19
+ import "node:fs";
20
+ import "node:os";
21
+ import "node:path";
22
+ import "node:util";
23
+ import "node:readline";
24
+ import "node:worker_threads";
25
+ import "node:http";
26
+ import "node:https";
27
+ import "node:stream";
28
+ import "node:zlib";
29
+ import "node:tls";
30
+ import "node:process";
31
+ import "node:tty";
32
+ import "stream";
33
+ import "buffer";
34
+ import "zlib";
35
+ import "string_decoder";
36
+ import "http";
37
+ import "https";
38
+ import "node:crypto";
39
+ import "net";
40
+ import "tls";
41
+ import { __tla as __tla_1 } from "./loro_wasm_bg-BV-n7JyC.js";
42
+ import "assert";
43
+ import "fs/promises";
44
+ import "better-sqlite3";
45
+ import "perf_hooks";
46
+ import "node:module";
47
+ import "node:fs/promises";
48
+ import "node:stream/promises";
49
+ import "node:string_decoder";
50
+ import "node:assert";
51
+ import "node:buffer";
52
+ import "node:async_hooks";
53
+ import { __tla as __tla_2 } from "./share-link-U1EVLOdF.js";
54
+ import { __tla as __tla_3 } from "../index.js";
55
+ import { R, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z, A, B, C, D, E } from "./share-link-U1EVLOdF.js";
56
+ import { B as B2, C as C2, d as d2, D as D2, e as e2, f as f2, g as g2, h as h2, i as i2, j as j2, k as k2, l as l2, m as m2, n as n2, o as o2, p as p2, q as q2, r as r2, s as s2, t as t2, u as u2, w as w2, x as x2, y as y2, z as z2, A as A2, E as E2, F, G, H, I, J, K, L, M, N, O, P, Q, R as R2, S, T, U, V, W, X, Y, Z, _, $ } from "../index.js";
57
+ let createRolePermissions, isLocalScopedTokenClaimsV1, isScopedOperationAllowed;
58
+ let __tla = Promise.all([
59
+ (() => {
60
+ try {
61
+ return __tla_0;
62
+ } catch {
63
+ }
64
+ })(),
65
+ (() => {
66
+ try {
67
+ return __tla_1;
68
+ } catch {
69
+ }
70
+ })(),
71
+ (() => {
72
+ try {
73
+ return __tla_2;
74
+ } catch {
75
+ }
76
+ })(),
77
+ (() => {
78
+ try {
79
+ return __tla_3;
80
+ } catch {
81
+ }
82
+ })()
83
+ ]).then(async () => {
84
+ const LOCAL_SCOPED_RESOURCES = /* @__PURE__ */ new Set([
85
+ "meta",
86
+ "sys-session",
87
+ "sys-bootstrap-secret",
88
+ "doc:*",
89
+ "rpc:g2h",
90
+ "rpc:h2g:own",
91
+ "rpc:h2g:*",
92
+ "ephemeral:*",
93
+ "blob:*",
94
+ "snapshot:*"
95
+ ]);
96
+ const LOCAL_SCOPED_OPERATIONS = /* @__PURE__ */ new Set([
97
+ "create",
98
+ "read",
99
+ "append",
100
+ "delete",
101
+ "head",
102
+ "upload",
103
+ "download",
104
+ "upload_snapshot",
105
+ "read_snapshot"
106
+ ]);
107
+ isLocalScopedTokenClaimsV1 = function(value) {
108
+ if (!value || typeof value !== "object" || Array.isArray(value)) return false;
109
+ const claims = value;
110
+ if (claims.v !== 1 || claims.iss !== "loro-code-collab-test-gateway" || claims.aud !== "loro-code-collab-streams" || !isLocalScopedRole(claims.role) || typeof claims.bucketId !== "string" || typeof claims.spaceUuid !== "string" || typeof claims.streamPrefix !== "string" || typeof claims.peerId !== "string" || typeof claims.exp !== "number" || !Number.isSafeInteger(claims.exp) || claims.exp < 0 || !Array.isArray(claims.permissions)) {
111
+ return false;
112
+ }
113
+ if (claims.inviteId !== void 0 && typeof claims.inviteId !== "string") {
114
+ return false;
115
+ }
116
+ try {
117
+ validateBucketId(claims.bucketId);
118
+ validateSpaceUuid(claims.spaceUuid);
119
+ validateStreamPrefix(claims.streamPrefix);
120
+ validateMailboxSegment(claims.peerId, "peerId");
121
+ } catch {
122
+ return false;
123
+ }
124
+ return claims.permissions.every((permission) => {
125
+ if (!permission || typeof permission !== "object" || Array.isArray(permission)) {
126
+ return false;
127
+ }
128
+ const candidate = permission;
129
+ return typeof candidate.resource === "string" && LOCAL_SCOPED_RESOURCES.has(candidate.resource) && Array.isArray(candidate.ops) && candidate.ops.length > 0 && candidate.ops.every((operation) => typeof operation === "string" && LOCAL_SCOPED_OPERATIONS.has(operation));
130
+ });
131
+ };
132
+ isScopedOperationAllowed = function(claims, request) {
133
+ const now = request.nowSeconds ?? Math.floor(Date.now() / 1e3);
134
+ if (claims.v !== 1) return false;
135
+ if (claims.iss !== "loro-code-collab-test-gateway") return false;
136
+ if (claims.aud !== "loro-code-collab-streams") return false;
137
+ if (claims.bucketId !== request.bucketId) return false;
138
+ if (claims.spaceUuid !== request.spaceUuid) return false;
139
+ if (claims.exp <= now) return false;
140
+ if (request.resource === "rpc:h2g:own" && request.peerId !== claims.peerId) {
141
+ return false;
142
+ }
143
+ return claims.permissions.some((permission) => resourceAllows(permission.resource, request.resource) && permission.ops.includes(request.operation));
144
+ };
145
+ createRolePermissions = function(role) {
146
+ if (role === "host") {
147
+ return [
148
+ {
149
+ resource: "meta",
150
+ ops: [
151
+ "create",
152
+ "read",
153
+ "append",
154
+ "delete",
155
+ "head"
156
+ ]
157
+ },
158
+ {
159
+ resource: "sys-session",
160
+ ops: [
161
+ "create",
162
+ "read",
163
+ "append",
164
+ "delete",
165
+ "head"
166
+ ]
167
+ },
168
+ {
169
+ resource: "sys-bootstrap-secret",
170
+ ops: [
171
+ "create",
172
+ "read",
173
+ "append",
174
+ "delete",
175
+ "head"
176
+ ]
177
+ },
178
+ {
179
+ resource: "doc:*",
180
+ ops: [
181
+ "create",
182
+ "read",
183
+ "append",
184
+ "delete",
185
+ "head"
186
+ ]
187
+ },
188
+ {
189
+ resource: "rpc:g2h",
190
+ ops: [
191
+ "create",
192
+ "read",
193
+ "head"
194
+ ]
195
+ },
196
+ {
197
+ resource: "rpc:h2g:*",
198
+ ops: [
199
+ "create",
200
+ "append",
201
+ "delete",
202
+ "head"
203
+ ]
204
+ },
205
+ {
206
+ resource: "ephemeral:*",
207
+ ops: [
208
+ "read",
209
+ "append"
210
+ ]
211
+ },
212
+ {
213
+ resource: "blob:*",
214
+ ops: [
215
+ "upload",
216
+ "download",
217
+ "head"
218
+ ]
219
+ },
220
+ {
221
+ resource: "snapshot:*",
222
+ ops: [
223
+ "upload_snapshot",
224
+ "read_snapshot"
225
+ ]
226
+ }
227
+ ];
228
+ }
229
+ if (role === "write") {
230
+ return [
231
+ {
232
+ resource: "meta",
233
+ ops: [
234
+ "read",
235
+ "head"
236
+ ]
237
+ },
238
+ {
239
+ resource: "sys-session",
240
+ ops: [
241
+ "read",
242
+ "head"
243
+ ]
244
+ },
245
+ {
246
+ resource: "doc:*",
247
+ ops: [
248
+ "create",
249
+ "read",
250
+ "append",
251
+ "head"
252
+ ]
253
+ },
254
+ {
255
+ resource: "rpc:g2h",
256
+ ops: [
257
+ "append"
258
+ ]
259
+ },
260
+ {
261
+ resource: "rpc:h2g:own",
262
+ ops: [
263
+ "create",
264
+ "read",
265
+ "head"
266
+ ]
267
+ },
268
+ {
269
+ resource: "ephemeral:*",
270
+ ops: [
271
+ "read",
272
+ "append"
273
+ ]
274
+ },
275
+ {
276
+ resource: "blob:*",
277
+ ops: [
278
+ "download",
279
+ "head"
280
+ ]
281
+ },
282
+ {
283
+ resource: "snapshot:*",
284
+ ops: [
285
+ "read_snapshot"
286
+ ]
287
+ }
288
+ ];
289
+ }
290
+ return [
291
+ {
292
+ resource: "meta",
293
+ ops: [
294
+ "read",
295
+ "head"
296
+ ]
297
+ },
298
+ {
299
+ resource: "sys-session",
300
+ ops: [
301
+ "read",
302
+ "head"
303
+ ]
304
+ },
305
+ {
306
+ resource: "doc:*",
307
+ ops: [
308
+ "create",
309
+ "read",
310
+ "head"
311
+ ]
312
+ },
313
+ {
314
+ resource: "rpc:g2h",
315
+ ops: [
316
+ "append"
317
+ ]
318
+ },
319
+ {
320
+ resource: "rpc:h2g:own",
321
+ ops: [
322
+ "create",
323
+ "read",
324
+ "head"
325
+ ]
326
+ },
327
+ {
328
+ resource: "ephemeral:*",
329
+ ops: [
330
+ "read",
331
+ "append"
332
+ ]
333
+ },
334
+ {
335
+ resource: "blob:*",
336
+ ops: [
337
+ "download",
338
+ "head"
339
+ ]
340
+ },
341
+ {
342
+ resource: "snapshot:*",
343
+ ops: [
344
+ "read_snapshot"
345
+ ]
346
+ }
347
+ ];
348
+ };
349
+ function isLocalScopedRole(value) {
350
+ return value === "host" || value === "write" || value === "read";
351
+ }
352
+ function resourceAllows(granted, requested) {
353
+ if (granted === requested) return true;
354
+ if (granted === "rpc:h2g:*" && requested === "rpc:h2g:own") return true;
355
+ return false;
356
+ }
357
+ });
358
+ export {
359
+ B2 as BLOB_CODE_COLLAB_FEATURES_V1,
360
+ C2 as CORE_CODE_COLLAB_FEATURES_V1,
361
+ d2 as CodeSessionError,
362
+ D2 as DEFAULT_CODE_COLLAB_FEATURES_V1,
363
+ R as REQUIRED_CORE_CODE_COLLAB_FEATURES_V1,
364
+ __tla,
365
+ a as assertCompatibleSessionStateV1,
366
+ b as assertSessionNotExpiredV1,
367
+ c as assertShareLinkMatchesSessionStateV1,
368
+ e2 as base64urlDecode,
369
+ f2 as base64urlEncode,
370
+ d as buildBlobEnvelopeAadV1,
371
+ e as buildEphemeralEnvelopeAadV1,
372
+ g2 as buildHostPresenceSigningPayload,
373
+ h2 as buildRpcEnvelopeAadV1,
374
+ i2 as buildRpcSigningPayload,
375
+ j2 as buildStreamPrefix,
376
+ k2 as canonicalJson,
377
+ l2 as computeBlobDigest,
378
+ f as computeEphemeralStateKeyV1,
379
+ m2 as createCodeCollabNamespace,
380
+ g as createCursorStateV1,
381
+ h as createEncryptedEphemeralStateEnvelopeV1,
382
+ i as createHostPresenceV1,
383
+ n2 as createHostRpcCancelV1,
384
+ o2 as createHostRpcRequestV1,
385
+ j as createInitialSessionStateV1,
386
+ k as createKeyId,
387
+ l as createParticipantPresenceV1,
388
+ createRolePermissions,
389
+ p2 as createRpcCapabilityProof,
390
+ m as createSelectionStateV1,
391
+ n as createShareLinkSecretV1,
392
+ o as decryptBlobObjectV1,
393
+ q2 as decryptEnvelopeV1,
394
+ p as decryptEphemeralPayloadV1,
395
+ r2 as decryptHostRpcMessageV1,
396
+ s2 as deriveSessionKeyBytes,
397
+ q as encryptBlobObjectV1,
398
+ t2 as encryptEnvelopeV1,
399
+ r as encryptEphemeralPayloadV1,
400
+ u2 as encryptHostRpcMessageV1,
401
+ w2 as generateContentKey,
402
+ s as generateHostSessionSecretsV1,
403
+ x2 as generatePreferredSigningPrivateKey,
404
+ y2 as generateSigningPrivateKey,
405
+ z2 as importSigningPrivateKey,
406
+ A2 as importVerifierKey,
407
+ E2 as isCanonicalJsonValue,
408
+ isLocalScopedTokenClaimsV1,
409
+ isScopedOperationAllowed,
410
+ F as normalizeCanonicalJsonValue,
411
+ G as paramsHash,
412
+ t as parseCursorStateV1,
413
+ u as parseEncryptedBlobObjectV1,
414
+ v as parseHostPresenceV1,
415
+ H as parseHostRpcMessageV1,
416
+ w as parseParticipantPresenceV1,
417
+ x as parseSelectionStateV1,
418
+ y as parseShareLinkV1,
419
+ I as randomBytes,
420
+ J as requiredRpcCapabilityV1,
421
+ z as serializeEncryptedBlobObjectV1,
422
+ A as serializeShareLinkV1,
423
+ K as sha256Base64Url,
424
+ L as signBytes,
425
+ M as signCanonicalPayload,
426
+ N as signHostPresence,
427
+ O as timingSafeEqualBytes,
428
+ B as unwrapEncryptedEphemeralStateEnvelopeV1,
429
+ P as utf8Decode,
430
+ Q as utf8Encode,
431
+ R2 as validateBlobPathPrefix,
432
+ validateBucketId,
433
+ validateMailboxSegment,
434
+ S as validateSerializedSigningPrivateKey,
435
+ T as validateSerializedVerifierKey,
436
+ C as validateShareLinkSecretV1,
437
+ D as validateShareServerUrl,
438
+ validateSpaceUuid,
439
+ U as validateStreamId,
440
+ validateStreamPrefix,
441
+ V as verifierFromPrivateKey,
442
+ W as verifyBytes,
443
+ X as verifyCanonicalPayload,
444
+ Y as verifyHostPresence,
445
+ E as verifyHostPresenceV1,
446
+ Z as verifyHostRpcCancelV1,
447
+ _ as verifyHostRpcRequestV1,
448
+ $ as verifyRpcCapabilityProof
449
+ };