lucifer-gate 0.5.2 → 0.5.3-alpha.5.a3eaedc
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +46 -17
- package/dist/server/domains/command-gateway/api/register_execute_routes.js +86 -147
- package/dist/server/domains/command-gateway/api/register_execute_routes.js.map +1 -1
- package/dist/server/domains/command-gateway/config/gateway_config.js +37 -2
- package/dist/server/domains/command-gateway/config/gateway_config.js.map +1 -1
- package/dist/server/domains/command-gateway/repository/pending_request_store.js +3 -0
- package/dist/server/domains/command-gateway/repository/pending_request_store.js.map +1 -1
- package/dist/server/domains/command-gateway/service/execute_command.js +7 -3
- package/dist/server/domains/command-gateway/service/execute_command.js.map +1 -1
- package/dist/server/domains/command-gateway/service/resolve_alias.js +72 -0
- package/dist/server/domains/command-gateway/service/resolve_alias.js.map +1 -0
- package/dist/server/test/integration-setup.js +1 -0
- package/dist/server/test/integration-setup.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -53,6 +53,41 @@ Generated by `--init`, hand-editable:
|
|
|
53
53
|
|
|
54
54
|
Rules matched top-to-bottom, first match wins.
|
|
55
55
|
|
|
56
|
+
### Command aliases (optional)
|
|
57
|
+
|
|
58
|
+
`config/lucifer.json` may include an `aliases` map that points a name at a
|
|
59
|
+
script or executable on disk. When the incoming command matches an alias name
|
|
60
|
+
exactly, Lucifer runs the referenced file directly (no shell) with the
|
|
61
|
+
script's parent directory as the working directory. Callers supplying a `cwd`
|
|
62
|
+
have it ignored for alias invocations. If the name does not match an alias,
|
|
63
|
+
execution falls back to the normal shell path.
|
|
64
|
+
|
|
65
|
+
```json
|
|
66
|
+
{
|
|
67
|
+
"aliases": {
|
|
68
|
+
"deploy": { "path": "/opt/ops/deploy.sh", "type": "bash" },
|
|
69
|
+
"healthz": { "path": "/opt/ops/bin/healthz", "type": "elf" }
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
Supported `type` values:
|
|
75
|
+
|
|
76
|
+
- `bash` — launched via `bash -- <path>`. The `--` prevents a path that
|
|
77
|
+
happens to start with `-` from being interpreted as a bash option.
|
|
78
|
+
- `elf` — launched directly (must be executable and on a filesystem without
|
|
79
|
+
`noexec`).
|
|
80
|
+
|
|
81
|
+
Relative alias `path` values are resolved against the **config file's
|
|
82
|
+
directory**, not the daemon's working directory. So `"./scripts/deploy.sh"`
|
|
83
|
+
in `config/lucifer.json` always means `config/scripts/deploy.sh` regardless
|
|
84
|
+
of where the server was started from. Absolute paths are used as-is.
|
|
85
|
+
|
|
86
|
+
Command rules still apply to the alias name as sent by the caller (so you can
|
|
87
|
+
e.g. put `{ "prefix": "deploy", "action": "manual_approve" }` in
|
|
88
|
+
`command-rules.json`). Exact-string match only — an alias `deploy` does not
|
|
89
|
+
match `deploy --dry-run`; that falls through to the shell path.
|
|
90
|
+
|
|
56
91
|
## Production setup (with Telegram)
|
|
57
92
|
|
|
58
93
|
1. Create a Telegram bot via [@BotFather](https://t.me/BotFather) and get the token
|
|
@@ -94,7 +129,9 @@ git push origin main
|
|
|
94
129
|
|
|
95
130
|
### POST /api/v1/execute
|
|
96
131
|
|
|
97
|
-
Execute a command.
|
|
132
|
+
Execute a command. The endpoint is synchronous: it blocks until the command
|
|
133
|
+
reaches a terminal state (approved + executed, denied, or approval timed out)
|
|
134
|
+
and returns the full result in a single response.
|
|
98
135
|
|
|
99
136
|
```bash
|
|
100
137
|
curl -X POST http://localhost:3001/api/v1/execute \
|
|
@@ -103,25 +140,13 @@ curl -X POST http://localhost:3001/api/v1/execute \
|
|
|
103
140
|
-d '{"command":"git status"}'
|
|
104
141
|
```
|
|
105
142
|
|
|
106
|
-
|
|
107
|
-
```json
|
|
108
|
-
{ "requestId": "uuid", "status": "pending_approval" }
|
|
109
|
-
```
|
|
110
|
-
|
|
111
|
-
Response (sync, `?sync=true`):
|
|
143
|
+
Success response:
|
|
112
144
|
```json
|
|
113
145
|
{ "requestId": "uuid", "status": "completed", "exitCode": 0, "stdout": "...", "stderr": "", "durationMs": 42 }
|
|
114
146
|
```
|
|
115
147
|
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
Poll for result (requires same API key).
|
|
119
|
-
|
|
120
|
-
```json
|
|
121
|
-
{ "requestId": "uuid", "status": "completed", "exitCode": 0, "stdout": "...", "durationMs": 42 }
|
|
122
|
-
```
|
|
123
|
-
|
|
124
|
-
Status values: `pending_approval`, `approved`, `denied`, `executing`, `completed`, `failed`, `timed_out`, `expired`
|
|
148
|
+
Status values observable on success/failure paths: `completed`, `failed`,
|
|
149
|
+
`denied`, `timed_out`.
|
|
125
150
|
|
|
126
151
|
### Error responses
|
|
127
152
|
|
|
@@ -130,7 +155,11 @@ All errors return:
|
|
|
130
155
|
{ "code": "ERROR_CODE", "message": "Human readable", "retryable": true }
|
|
131
156
|
```
|
|
132
157
|
|
|
133
|
-
Codes: `MISSING_API_KEY`, `INVALID_API_KEY`, `IP_NOT_ALLOWED`, `RATE_LIMITED`,
|
|
158
|
+
Codes: `MISSING_API_KEY`, `INVALID_API_KEY`, `IP_NOT_ALLOWED`, `RATE_LIMITED`,
|
|
159
|
+
`COMMAND_DENIED`, `COMMAND_TOO_LONG`, `INVALID_CWD`, `DENIED`,
|
|
160
|
+
`DUPLICATE_IN_FLIGHT` (an identical command from this API key is already
|
|
161
|
+
awaiting approval — retry after it settles), `APPROVAL_TIMEOUT`,
|
|
162
|
+
`APPROVAL_ERROR`.
|
|
134
163
|
|
|
135
164
|
## CLI
|
|
136
165
|
|
|
@@ -2,18 +2,9 @@ import { randomUUID } from 'node:crypto';
|
|
|
2
2
|
import { authenticateRequest, createRateLimiter } from '../service/authenticate_request.js';
|
|
3
3
|
import { analyzeCommandRisk } from '../service/analyze_command_risk.js';
|
|
4
4
|
import { executeCommand } from '../service/execute_command.js';
|
|
5
|
+
import { findAliasArgsBypass, resolveAlias } from '../service/resolve_alias.js';
|
|
5
6
|
import { createChildLogger } from '../../../lib/logger.js';
|
|
6
7
|
const log = createChildLogger('routes');
|
|
7
|
-
const completedResults = new Map();
|
|
8
|
-
// Clean up completed results older than 10 minutes
|
|
9
|
-
setInterval(() => {
|
|
10
|
-
const cutoff = Date.now() - 10 * 60_000;
|
|
11
|
-
for (const [id, entry] of completedResults.entries()) {
|
|
12
|
-
if (entry.completedAt < cutoff) {
|
|
13
|
-
completedResults.delete(id);
|
|
14
|
-
}
|
|
15
|
-
}
|
|
16
|
-
}, 60_000);
|
|
17
8
|
function validateExecuteInput(command, cwd) {
|
|
18
9
|
if (!command || typeof command !== 'string') {
|
|
19
10
|
return {
|
|
@@ -58,7 +49,6 @@ export function registerExecuteRoutes(deps) {
|
|
|
58
49
|
}
|
|
59
50
|
const requestId = randomUUID();
|
|
60
51
|
const apiKeyName = authResult.keyConfig.name;
|
|
61
|
-
const isSync = req.query.sync === 'true';
|
|
62
52
|
auditLog.append({
|
|
63
53
|
ts: new Date().toISOString(),
|
|
64
54
|
type: 'request',
|
|
@@ -67,6 +57,36 @@ export function registerExecuteRoutes(deps) {
|
|
|
67
57
|
apiKeyName,
|
|
68
58
|
ip,
|
|
69
59
|
});
|
|
60
|
+
// Reject commands that start with an alias name but are not an exact
|
|
61
|
+
// alias invocation. Without this check, `"<alias> --arg"` or
|
|
62
|
+
// `"<alias>; rm -rf /"` would fail alias exact-match, fall through to the
|
|
63
|
+
// shell, and still be auto-approved by any prefix-based command rule that
|
|
64
|
+
// matches the alias name — shadow-bypassing the alias's shell-free
|
|
65
|
+
// execution guarantee. See ADR-009.
|
|
66
|
+
const aliasBypass = findAliasArgsBypass(command, config.aliases);
|
|
67
|
+
if (aliasBypass) {
|
|
68
|
+
auditLog.append({
|
|
69
|
+
ts: new Date().toISOString(),
|
|
70
|
+
type: 'denied',
|
|
71
|
+
requestId,
|
|
72
|
+
command,
|
|
73
|
+
error: `alias '${aliasBypass}' does not accept arguments`,
|
|
74
|
+
});
|
|
75
|
+
res.status(403).json({
|
|
76
|
+
code: 'ALIAS_ARGS_NOT_SUPPORTED',
|
|
77
|
+
message: `Alias '${aliasBypass}' does not accept arguments in this version. Send '${aliasBypass}' exactly.`,
|
|
78
|
+
retryable: false,
|
|
79
|
+
});
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
// Resolve the alias once up front so audit entries for rule decisions,
|
|
83
|
+
// approval checks, and execution all carry `aliasPath`/`aliasType` when
|
|
84
|
+
// the command runs as an alias. `resolveAlias` is pure and cheap; the
|
|
85
|
+
// executor does its own lookup to stay self-contained.
|
|
86
|
+
const resolvedAlias = resolveAlias(command, config.aliases);
|
|
87
|
+
const aliasAudit = resolvedAlias
|
|
88
|
+
? { aliasPath: resolvedAlias.path, aliasType: resolvedAlias.type }
|
|
89
|
+
: {};
|
|
70
90
|
// Match against command rules
|
|
71
91
|
const ruleMatch = commandRulesStore.matchRule(command);
|
|
72
92
|
auditLog.append({
|
|
@@ -77,7 +97,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
77
97
|
ruleAction: ruleMatch.action,
|
|
78
98
|
});
|
|
79
99
|
if (ruleMatch.action === 'always_deny') {
|
|
80
|
-
auditLog.append({ ts: new Date().toISOString(), type: 'denied', requestId, command });
|
|
100
|
+
auditLog.append({ ts: new Date().toISOString(), type: 'denied', requestId, command, ...aliasAudit });
|
|
81
101
|
res.status(403).json({
|
|
82
102
|
code: 'COMMAND_DENIED',
|
|
83
103
|
message: 'Command is not permitted by policy',
|
|
@@ -86,7 +106,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
86
106
|
return;
|
|
87
107
|
}
|
|
88
108
|
if (ruleMatch.action === 'always_approve') {
|
|
89
|
-
auditLog.append({ ts: new Date().toISOString(), type: 'approved', requestId, command, duration: 'policy' });
|
|
109
|
+
auditLog.append({ ts: new Date().toISOString(), type: 'approved', requestId, command, duration: 'policy', ...aliasAudit });
|
|
90
110
|
const result = await executeCommand({
|
|
91
111
|
command,
|
|
92
112
|
requestId,
|
|
@@ -94,6 +114,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
94
114
|
timeoutMs: config.executionTimeoutSeconds * 1000,
|
|
95
115
|
maxOutputBytes: config.maxOutputBytes,
|
|
96
116
|
maxConcurrent: config.maxConcurrentExecutions,
|
|
117
|
+
aliases: config.aliases,
|
|
97
118
|
});
|
|
98
119
|
auditLog.append({
|
|
99
120
|
ts: new Date().toISOString(),
|
|
@@ -103,6 +124,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
103
124
|
exitCode: result.exitCode,
|
|
104
125
|
durationMs: result.durationMs,
|
|
105
126
|
error: result.error,
|
|
127
|
+
...aliasAudit,
|
|
106
128
|
});
|
|
107
129
|
res.json(result);
|
|
108
130
|
return;
|
|
@@ -116,6 +138,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
116
138
|
requestId,
|
|
117
139
|
command,
|
|
118
140
|
duration: 'cached',
|
|
141
|
+
...aliasAudit,
|
|
119
142
|
});
|
|
120
143
|
const result = await executeCommand({
|
|
121
144
|
command,
|
|
@@ -124,6 +147,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
124
147
|
timeoutMs: config.executionTimeoutSeconds * 1000,
|
|
125
148
|
maxOutputBytes: config.maxOutputBytes,
|
|
126
149
|
maxConcurrent: config.maxConcurrentExecutions,
|
|
150
|
+
aliases: config.aliases,
|
|
127
151
|
});
|
|
128
152
|
auditLog.append({
|
|
129
153
|
ts: new Date().toISOString(),
|
|
@@ -133,6 +157,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
133
157
|
exitCode: result.exitCode,
|
|
134
158
|
durationMs: result.durationMs,
|
|
135
159
|
error: result.error,
|
|
160
|
+
...aliasAudit,
|
|
136
161
|
});
|
|
137
162
|
res.json(result);
|
|
138
163
|
return;
|
|
@@ -141,41 +166,17 @@ export function registerExecuteRoutes(deps) {
|
|
|
141
166
|
const riskAnalysis = analyzeCommandRisk(command);
|
|
142
167
|
const abortController = new AbortController();
|
|
143
168
|
log.info({ requestId, command, ip }, 'Command requires manual approval, forwarding to approval channel');
|
|
144
|
-
//
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
resolve: () => { },
|
|
156
|
-
reject: () => { },
|
|
157
|
-
abortController,
|
|
158
|
-
});
|
|
159
|
-
// Fire and forget the approval request + execution
|
|
160
|
-
processApprovalAsync({
|
|
161
|
-
requestId, command, apiKeyName, ip, cwd, riskAnalysis,
|
|
162
|
-
config, approvalChannel, pendingStore, auditLog, abortController,
|
|
163
|
-
});
|
|
164
|
-
}
|
|
165
|
-
res.status(202).json({
|
|
166
|
-
requestId: existingPending?.requestId ?? requestId,
|
|
167
|
-
status: 'pending_approval',
|
|
168
|
-
});
|
|
169
|
-
return;
|
|
170
|
-
}
|
|
171
|
-
// Sync mode: block until decision
|
|
172
|
-
if (existingPending) {
|
|
173
|
-
// Wait for the existing pending request to resolve
|
|
174
|
-
// For simplicity in sync mode, just wait for a bit then poll
|
|
175
|
-
res.status(202).json({
|
|
176
|
-
requestId: existingPending.requestId,
|
|
177
|
-
status: 'pending_approval',
|
|
178
|
-
message: 'Another request for the same command is pending. Poll for status.',
|
|
169
|
+
// Reject an identical command from the same API key that is still
|
|
170
|
+
// awaiting an approval decision — two parallel prompts for the same
|
|
171
|
+
// command would confuse the human approver. The pendingStore entry is
|
|
172
|
+
// cleared as soon as a decision is reached (below), so this gate does
|
|
173
|
+
// NOT apply while an approved command is executing; a concurrent caller
|
|
174
|
+
// will fall through to the normal `findApproval` cached-approval path.
|
|
175
|
+
if (pendingStore.findByCommand(command, apiKeyName)) {
|
|
176
|
+
res.status(409).json({
|
|
177
|
+
code: 'DUPLICATE_IN_FLIGHT',
|
|
178
|
+
message: 'An identical command from this API key is already awaiting approval. Retry after it settles.',
|
|
179
|
+
retryable: true,
|
|
179
180
|
});
|
|
180
181
|
return;
|
|
181
182
|
}
|
|
@@ -190,7 +191,13 @@ export function registerExecuteRoutes(deps) {
|
|
|
190
191
|
reject: () => { },
|
|
191
192
|
abortController,
|
|
192
193
|
});
|
|
193
|
-
|
|
194
|
+
// Abort execution if the client disconnects before we finish writing
|
|
195
|
+
// the response. `res.on('close')` fires for both premature disconnects
|
|
196
|
+
// and normal completion, so we gate on `res.writableEnded` to ignore
|
|
197
|
+
// the normal-completion case.
|
|
198
|
+
res.on('close', () => {
|
|
199
|
+
if (res.writableEnded)
|
|
200
|
+
return;
|
|
194
201
|
abortController.abort();
|
|
195
202
|
pendingStore.remove(requestId);
|
|
196
203
|
});
|
|
@@ -199,13 +206,29 @@ export function registerExecuteRoutes(deps) {
|
|
|
199
206
|
new Promise((_, reject) => {
|
|
200
207
|
setTimeout(() => reject(new Error('Approval timed out')), config.approvalTimeoutSeconds * 1000);
|
|
201
208
|
}),
|
|
209
|
+
// Bail out of the approval wait if the client disconnected. Otherwise
|
|
210
|
+
// the handler would continue awaiting the channel until either the
|
|
211
|
+
// approver acts or the approval timeout fires — orphaning work that
|
|
212
|
+
// nobody is listening for.
|
|
213
|
+
new Promise((_, reject) => {
|
|
214
|
+
if (abortController.signal.aborted) {
|
|
215
|
+
reject(new Error('Request aborted'));
|
|
216
|
+
return;
|
|
217
|
+
}
|
|
218
|
+
abortController.signal.addEventListener('abort', () => reject(new Error('Request aborted')), { once: true });
|
|
219
|
+
}),
|
|
202
220
|
]);
|
|
221
|
+
// Approval decision obtained — release the pending-store slot now so
|
|
222
|
+
// DUPLICATE_IN_FLIGHT only gates *awaiting-approval* duplicates and
|
|
223
|
+
// not in-flight execution. `release` (unlike `remove`) does not abort
|
|
224
|
+
// the live AbortController, which still guards the upcoming execution.
|
|
225
|
+
pendingStore.release(requestId);
|
|
203
226
|
if (approvalResult.decision === 'denied') {
|
|
204
227
|
res.status(403).json({
|
|
205
228
|
requestId,
|
|
206
229
|
status: 'denied',
|
|
207
230
|
code: 'DENIED',
|
|
208
|
-
message: 'Command was denied
|
|
231
|
+
message: 'Command was denied',
|
|
209
232
|
retryable: false,
|
|
210
233
|
});
|
|
211
234
|
return;
|
|
@@ -218,6 +241,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
218
241
|
maxOutputBytes: config.maxOutputBytes,
|
|
219
242
|
maxConcurrent: config.maxConcurrentExecutions,
|
|
220
243
|
abortSignal: abortController.signal,
|
|
244
|
+
aliases: config.aliases,
|
|
221
245
|
});
|
|
222
246
|
auditLog.append({
|
|
223
247
|
ts: new Date().toISOString(),
|
|
@@ -227,17 +251,27 @@ export function registerExecuteRoutes(deps) {
|
|
|
227
251
|
exitCode: result.exitCode,
|
|
228
252
|
durationMs: result.durationMs,
|
|
229
253
|
error: result.error,
|
|
254
|
+
...aliasAudit,
|
|
230
255
|
});
|
|
231
256
|
res.json(result);
|
|
232
257
|
}
|
|
233
258
|
catch (err) {
|
|
234
259
|
const message = err instanceof Error ? err.message : 'Unknown error';
|
|
235
|
-
if (message.includes('
|
|
260
|
+
if (message.includes('aborted')) {
|
|
261
|
+
// Client disconnected before a decision landed. Ask the channel to
|
|
262
|
+
// clean up any bot message / admin queue entry. No response to send.
|
|
263
|
+
try {
|
|
264
|
+
approvalChannel.cancel?.(requestId);
|
|
265
|
+
}
|
|
266
|
+
catch { /* best-effort */ }
|
|
267
|
+
log.info({ requestId }, 'Approval wait aborted by client disconnect');
|
|
268
|
+
}
|
|
269
|
+
else if (message.includes('timed out')) {
|
|
236
270
|
res.status(408).json({
|
|
237
271
|
requestId,
|
|
238
272
|
status: 'timed_out',
|
|
239
273
|
code: 'APPROVAL_TIMEOUT',
|
|
240
|
-
message: 'Approval timed out. No response from
|
|
274
|
+
message: 'Approval timed out. No response from approver.',
|
|
241
275
|
retryable: true,
|
|
242
276
|
});
|
|
243
277
|
}
|
|
@@ -254,100 +288,5 @@ export function registerExecuteRoutes(deps) {
|
|
|
254
288
|
pendingStore.remove(requestId);
|
|
255
289
|
}
|
|
256
290
|
});
|
|
257
|
-
router.get('/api/v1/status/:requestId', (req, res) => {
|
|
258
|
-
const requestId = Array.isArray(req.params.requestId) ? req.params.requestId[0] : req.params.requestId;
|
|
259
|
-
// Auth check: require valid API key for status queries
|
|
260
|
-
const rawKey = req.headers['x-api-key'];
|
|
261
|
-
const ip = req.headers['x-forwarded-for']?.split(',')[0]?.trim() ?? req.socket.remoteAddress ?? 'unknown';
|
|
262
|
-
const authResult = authenticateRequest(apiKeyStore, rateLimiter, rawKey, ip);
|
|
263
|
-
if (!authResult.ok) {
|
|
264
|
-
res.status(authResult.statusCode).json(authResult.error);
|
|
265
|
-
return;
|
|
266
|
-
}
|
|
267
|
-
// Check completed results cache
|
|
268
|
-
const completed = completedResults.get(requestId);
|
|
269
|
-
if (completed) {
|
|
270
|
-
res.json(completed.result);
|
|
271
|
-
return;
|
|
272
|
-
}
|
|
273
|
-
// Check pending store
|
|
274
|
-
const pending = pendingStore.get(requestId);
|
|
275
|
-
if (pending) {
|
|
276
|
-
// Scope check: only the same API key can query status
|
|
277
|
-
if (pending.apiKeyName !== authResult.keyConfig.name) {
|
|
278
|
-
res.status(404).json({
|
|
279
|
-
code: 'NOT_FOUND',
|
|
280
|
-
message: 'Request not found',
|
|
281
|
-
retryable: false,
|
|
282
|
-
});
|
|
283
|
-
return;
|
|
284
|
-
}
|
|
285
|
-
res.json({ requestId, status: 'pending_approval' });
|
|
286
|
-
return;
|
|
287
|
-
}
|
|
288
|
-
res.status(404).json({
|
|
289
|
-
code: 'NOT_FOUND',
|
|
290
|
-
message: 'Request not found or expired',
|
|
291
|
-
retryable: false,
|
|
292
|
-
});
|
|
293
|
-
});
|
|
294
|
-
}
|
|
295
|
-
async function processApprovalAsync(ctx) {
|
|
296
|
-
const { requestId, command, apiKeyName, ip, cwd, riskAnalysis, config, approvalChannel, pendingStore, auditLog, abortController } = ctx;
|
|
297
|
-
try {
|
|
298
|
-
const approvalResult = await Promise.race([
|
|
299
|
-
approvalChannel.requestApproval(command, apiKeyName, ip, requestId, riskAnalysis),
|
|
300
|
-
new Promise((_, reject) => {
|
|
301
|
-
setTimeout(() => reject(new Error('Approval timed out')), config.approvalTimeoutSeconds * 1000);
|
|
302
|
-
}),
|
|
303
|
-
]);
|
|
304
|
-
if (approvalResult.decision === 'denied') {
|
|
305
|
-
completedResults.set(requestId, {
|
|
306
|
-
result: { requestId, status: 'denied' },
|
|
307
|
-
completedAt: Date.now(),
|
|
308
|
-
});
|
|
309
|
-
return;
|
|
310
|
-
}
|
|
311
|
-
// Bridge the gap between approval resolve (which removes from pendingStore)
|
|
312
|
-
// and execution completion so status polling never returns 404.
|
|
313
|
-
completedResults.set(requestId, {
|
|
314
|
-
result: { requestId, status: 'executing' },
|
|
315
|
-
completedAt: Date.now(),
|
|
316
|
-
});
|
|
317
|
-
const result = await executeCommand({
|
|
318
|
-
command,
|
|
319
|
-
requestId,
|
|
320
|
-
cwd,
|
|
321
|
-
timeoutMs: config.executionTimeoutSeconds * 1000,
|
|
322
|
-
maxOutputBytes: config.maxOutputBytes,
|
|
323
|
-
maxConcurrent: config.maxConcurrentExecutions,
|
|
324
|
-
abortSignal: abortController.signal,
|
|
325
|
-
});
|
|
326
|
-
auditLog.append({
|
|
327
|
-
ts: new Date().toISOString(),
|
|
328
|
-
type: 'executed',
|
|
329
|
-
requestId,
|
|
330
|
-
command,
|
|
331
|
-
exitCode: result.exitCode,
|
|
332
|
-
durationMs: result.durationMs,
|
|
333
|
-
error: result.error,
|
|
334
|
-
});
|
|
335
|
-
completedResults.set(requestId, { result, completedAt: Date.now() });
|
|
336
|
-
}
|
|
337
|
-
catch (err) {
|
|
338
|
-
const message = err instanceof Error ? err.message : 'Unknown error';
|
|
339
|
-
log.error({ requestId, err: message }, 'Async approval/execution failed');
|
|
340
|
-
completedResults.set(requestId, {
|
|
341
|
-
result: {
|
|
342
|
-
requestId,
|
|
343
|
-
status: message.includes('timed out') ? 'timed_out' : 'failed',
|
|
344
|
-
error: message,
|
|
345
|
-
},
|
|
346
|
-
completedAt: Date.now(),
|
|
347
|
-
});
|
|
348
|
-
}
|
|
349
|
-
finally {
|
|
350
|
-
pendingStore.remove(requestId);
|
|
351
|
-
}
|
|
352
291
|
}
|
|
353
292
|
//# sourceMappingURL=register_execute_routes.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register_execute_routes.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/api/register_execute_routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AAOxC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA2B,CAAC;AAE5D,mDAAmD;AACnD,WAAW,CAAC,GAAG,EAAE;IACf,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;IACxC,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,gBAAgB,CAAC,OAAO,EAAE,EAAE,CAAC;QACrD,IAAI,KAAK,CAAC,WAAW,GAAG,MAAM,EAAE,CAAC;YAC/B,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;AACH,CAAC,EAAE,MAAM,CAAC,CAAC;AAOX,SAAS,oBAAoB,CAAC,OAAgB,EAAE,GAAY;IAC1D,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,KAAK,EAAE;SAC7G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAC1B,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,KAAK,EAAE;SACtG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,sDAAsD,EAAE,SAAS,EAAE,KAAK,EAAE;aACjH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,MAAM,UAAU,qBAAqB,CAAC,IAAsB;IAC1D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC;IACxH,MAAM,WAAW,GAAG,iBAAiB,CACnC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAC1E,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACnE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;QAC9D,MAAM,EAAE,GAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACtH,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAA0C,CAAC;QAEpF,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,eAAe,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,yDAAyD;QACzD,MAAM,OAAO,GAAG,UAAW,CAAC;QAE5B,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC;QAC7C,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC;QAEzC,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,SAAS;YACT,OAAO;YACP,UAAU;YACV,EAAE;SACH,CAAC,CAAC;QAEH,8BAA8B;QAC9B,MAAM,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACvD,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,YAAY;YAClB,SAAS;YACT,OAAO;YACP,UAAU,EAAE,SAAS,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,IAAI,SAAS,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YACtF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,oCAAoC;gBAC7C,SAAS,EAAE,KAAK;aACO,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAC1C,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC5G,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;aAC9C,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjB,OAAO;QACT,CAAC;QAED,oDAAoD;QACpD,MAAM,gBAAgB,GAAG,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC7D,IAAI,gBAAgB,EAAE,CAAC;YACrB,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,gBAAgB;gBACtB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;aAC9C,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjB,OAAO;QACT,CAAC;QAED,8CAA8C;QAC9C,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAE9C,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,kEAAkE,CAAC,CAAC;QAEzG,mEAAmE;QACnE,MAAM,eAAe,GAAG,YAAY,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAExE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,gEAAgE;YAChE,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,YAAY,CAAC,GAAG,CAAC;oBACf,SAAS;oBACT,OAAO;oBACP,UAAU;oBACV,EAAE;oBACF,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;oBACjB,MAAM,EAAE,GAAG,EAAE,GAAE,CAAC;oBAChB,eAAe;iBAChB,CAAC,CAAC;gBAEH,mDAAmD;gBACnD,oBAAoB,CAAC;oBACnB,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,YAAY;oBACrD,MAAM,EAAE,eAAe,EAAE,YAAY,EAAE,QAAQ,EAAE,eAAe;iBACjE,CAAC,CAAC;YACL,CAAC;YAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,SAAS;gBAClD,MAAM,EAAE,kBAAmC;aAC5C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,kCAAkC;QAClC,IAAI,eAAe,EAAE,CAAC;YACpB,mDAAmD;YACnD,6DAA6D;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,SAAS,EAAE,eAAe,CAAC,SAAS;gBACpC,MAAM,EAAE,kBAAmC;gBAC3C,OAAO,EAAE,mEAAmE;aAC7E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,YAAY,CAAC,GAAG,CAAC;gBACf,SAAS;gBACT,OAAO;gBACP,UAAU;gBACV,EAAE;gBACF,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;gBACjB,MAAM,EAAE,GAAG,EAAE,GAAE,CAAC;gBAChB,eAAe;aAChB,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,eAAe,CAAC,KAAK,EAAE,CAAC;gBACxB,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACjC,CAAC,CAAC,CAAC;YAEH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBACxC,eAAe,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC;gBACjF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;oBAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,MAAM,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAC;gBAClG,CAAC,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,cAAc,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,MAAM,EAAE,QAAyB;oBACjC,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,iCAAiC;oBAC1C,SAAS,EAAE,KAAK;iBACjB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;gBAC7C,WAAW,EAAE,eAAe,CAAC,MAAM;aACpC,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACrE,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,MAAM,EAAE,WAA4B;oBACpC,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,gDAAgD;oBACzD,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,2BAA2B,OAAO,EAAE;oBAC7C,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,2BAA2B,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACtE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC;QAEvG,uDAAuD;QACvD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;QAC9D,MAAM,EAAE,GAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACtH,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,OAAO,EAAE,CAAC;YACZ,sDAAsD;YACtD,IAAI,OAAO,CAAC,UAAU,KAAK,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;gBACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,mBAAmB;oBAC5B,SAAS,EAAE,KAAK;iBACO,CAAC,CAAC;gBAC3B,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,kBAAmC,EAAE,CAAC,CAAC;YACrE,OAAO;QACT,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,8BAA8B;YACvC,SAAS,EAAE,KAAK;SACO,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC;AAgBD,KAAK,UAAU,oBAAoB,CAAC,GAAyB;IAC3D,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,MAAM,EAAE,eAAe,EAAE,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,GAAG,CAAC;IACxI,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YACxC,eAAe,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC;YACjF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;gBAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,MAAM,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAC;YAClG,CAAC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,cAAc,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACzC,gBAAgB,CAAC,GAAG,CAAC,SAAS,EAAE;gBAC9B,MAAM,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE;gBACvC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;aACxB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,4EAA4E;QAC5E,gEAAgE;QAChE,gBAAgB,CAAC,GAAG,CAAC,SAAS,EAAE;YAC9B,MAAM,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE;YAC1C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;YAClC,OAAO;YACP,SAAS;YACT,GAAG;YACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;YAChD,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;YAC7C,WAAW,EAAE,eAAe,CAAC,MAAM;SACpC,CAAC,CAAC;QAEH,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,UAAU;YAChB,SAAS;YACT,OAAO;YACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,GAAG,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,iCAAiC,CAAC,CAAC;QAE1E,gBAAgB,CAAC,GAAG,CAAC,SAAS,EAAE;YAC9B,MAAM,EAAE;gBACN,SAAS;gBACT,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;gBAC9D,KAAK,EAAE,OAAO;aACf;YACD,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"register_execute_routes.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/api/register_execute_routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AAOxC,SAAS,oBAAoB,CAAC,OAAgB,EAAE,GAAY;IAC1D,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,KAAK,EAAE;SAC7G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAC1B,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,KAAK,EAAE;SACtG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,sDAAsD,EAAE,SAAS,EAAE,KAAK,EAAE;aACjH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,MAAM,UAAU,qBAAqB,CAAC,IAAsB;IAC1D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC;IACxH,MAAM,WAAW,GAAG,iBAAiB,CACnC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAC1E,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACnE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;QAC9D,MAAM,EAAE,GAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACtH,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAA0C,CAAC;QAEpF,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,eAAe,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,yDAAyD;QACzD,MAAM,OAAO,GAAG,UAAW,CAAC;QAE5B,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC;QAE7C,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,SAAS;YACT,OAAO;YACP,UAAU;YACV,EAAE;SACH,CAAC,CAAC;QAEH,qEAAqE;QACrE,6DAA6D;QAC7D,0EAA0E;QAC1E,0EAA0E;QAC1E,mEAAmE;QACnE,oCAAoC;QACpC,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACjE,IAAI,WAAW,EAAE,CAAC;YAChB,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,QAAQ;gBACd,SAAS;gBACT,OAAO;gBACP,KAAK,EAAE,UAAU,WAAW,6BAA6B;aAC1D,CAAC,CAAC;YACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,0BAA0B;gBAChC,OAAO,EAAE,UAAU,WAAW,sDAAsD,WAAW,YAAY;gBAC3G,SAAS,EAAE,KAAK;aACO,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,uEAAuE;QACvE,wEAAwE;QACxE,sEAAsE;QACtE,uDAAuD;QACvD,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5D,MAAM,UAAU,GAAG,aAAa;YAC9B,CAAC,CAAC,EAAE,SAAS,EAAE,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,aAAa,CAAC,IAAI,EAAE;YAClE,CAAC,CAAC,EAAE,CAAC;QAEP,8BAA8B;QAC9B,MAAM,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACvD,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,YAAY;YAClB,SAAS;YACT,OAAO;YACP,UAAU,EAAE,SAAS,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,IAAI,SAAS,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;YACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,oCAAoC;gBAC7C,SAAS,EAAE,KAAK;aACO,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAC1C,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;YAC3H,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;gBAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjB,OAAO;QACT,CAAC;QAED,oDAAoD;QACpD,MAAM,gBAAgB,GAAG,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC7D,IAAI,gBAAgB,EAAE,CAAC;YACrB,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,gBAAgB;gBACtB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,QAAQ;gBAClB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;gBAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjB,OAAO;QACT,CAAC;QAED,8CAA8C;QAC9C,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAE9C,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,kEAAkE,CAAC,CAAC;QAEzG,kEAAkE;QAClE,oEAAoE;QACpE,sEAAsE;QACtE,sEAAsE;QACtE,wEAAwE;QACxE,uEAAuE;QACvE,IAAI,YAAY,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,qBAAqB;gBAC3B,OAAO,EAAE,8FAA8F;gBACvG,SAAS,EAAE,IAAI;aACQ,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,YAAY,CAAC,GAAG,CAAC;gBACf,SAAS;gBACT,OAAO;gBACP,UAAU;gBACV,EAAE;gBACF,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;gBACjB,MAAM,EAAE,GAAG,EAAE,GAAE,CAAC;gBAChB,eAAe;aAChB,CAAC,CAAC;YAEH,qEAAqE;YACrE,uEAAuE;YACvE,qEAAqE;YACrE,8BAA8B;YAC9B,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,IAAI,GAAG,CAAC,aAAa;oBAAE,OAAO;gBAC9B,eAAe,CAAC,KAAK,EAAE,CAAC;gBACxB,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACjC,CAAC,CAAC,CAAC;YAEH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBACxC,eAAe,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC;gBACjF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;oBAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,MAAM,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAC;gBAClG,CAAC,CAAC;gBACF,sEAAsE;gBACtE,mEAAmE;gBACnE,oEAAoE;gBACpE,2BAA2B;gBAC3B,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;oBAC/B,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACnC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;wBACrC,OAAO;oBACT,CAAC;oBACD,eAAe,CAAC,MAAM,CAAC,gBAAgB,CACrC,OAAO,EACP,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,EAC1C,EAAE,IAAI,EAAE,IAAI,EAAE,CACf,CAAC;gBACJ,CAAC,CAAC;aACH,CAAC,CAAC;YAEH,qEAAqE;YACrE,oEAAoE;YACpE,sEAAsE;YACtE,uEAAuE;YACvE,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEhC,IAAI,cAAc,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,MAAM,EAAE,QAAyB;oBACjC,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,oBAAoB;oBAC7B,SAAS,EAAE,KAAK;iBACjB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;gBAC7C,WAAW,EAAE,eAAe,CAAC,MAAM;gBACnC,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACrE,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChC,mEAAmE;gBACnE,qEAAqE;gBACrE,IAAI,CAAC;oBAAC,eAAe,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;gBACxE,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,4CAA4C,CAAC,CAAC;YACxE,CAAC;iBAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,MAAM,EAAE,WAA4B;oBACpC,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,gDAAgD;oBACzD,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,2BAA2B,OAAO,EAAE;oBAC7C,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,8 +1,22 @@
|
|
|
1
|
-
import { resolve } from 'node:path';
|
|
1
|
+
import { dirname, resolve } from 'node:path';
|
|
2
2
|
import { loadJsonConfig } from '../../../lib/json_config_loader.js';
|
|
3
3
|
function checkOptionalType(d, key, expectedType) {
|
|
4
4
|
return d[key] === undefined || typeof d[key] === expectedType;
|
|
5
5
|
}
|
|
6
|
+
function isAliasesConfig(value) {
|
|
7
|
+
if (typeof value !== 'object' || value === null || Array.isArray(value))
|
|
8
|
+
return false;
|
|
9
|
+
for (const entry of Object.values(value)) {
|
|
10
|
+
if (typeof entry !== 'object' || entry === null)
|
|
11
|
+
return false;
|
|
12
|
+
const e = entry;
|
|
13
|
+
if (typeof e.path !== 'string' || e.path.length === 0)
|
|
14
|
+
return false;
|
|
15
|
+
if (e.type !== 'bash' && e.type !== 'elf')
|
|
16
|
+
return false;
|
|
17
|
+
}
|
|
18
|
+
return true;
|
|
19
|
+
}
|
|
6
20
|
function isLuciferConfig(data) {
|
|
7
21
|
if (typeof data !== 'object' || data === null)
|
|
8
22
|
return false;
|
|
@@ -31,6 +45,8 @@ function isLuciferConfig(data) {
|
|
|
31
45
|
return false;
|
|
32
46
|
if (!checkOptionalType(d, 'logFile', 'string'))
|
|
33
47
|
return false;
|
|
48
|
+
if (d.aliases !== undefined && !isAliasesConfig(d.aliases))
|
|
49
|
+
return false;
|
|
34
50
|
return true;
|
|
35
51
|
}
|
|
36
52
|
const defaults = {
|
|
@@ -44,18 +60,37 @@ const defaults = {
|
|
|
44
60
|
onApprovalTimeout: 'deny',
|
|
45
61
|
dataDir: './data',
|
|
46
62
|
};
|
|
63
|
+
/**
|
|
64
|
+
* Resolve each alias `path` against the config file's directory so relative
|
|
65
|
+
* paths in `lucifer.json` are stable regardless of the daemon's working
|
|
66
|
+
* directory. Absolute paths are returned unchanged.
|
|
67
|
+
*/
|
|
68
|
+
function normalizeAliasPaths(aliases, configDir) {
|
|
69
|
+
const out = {};
|
|
70
|
+
for (const [name, alias] of Object.entries(aliases)) {
|
|
71
|
+
out[name] = { ...alias, path: resolve(configDir, alias.path) };
|
|
72
|
+
}
|
|
73
|
+
return out;
|
|
74
|
+
}
|
|
47
75
|
export function loadGatewayConfig(configPath) {
|
|
48
76
|
if (!configPath) {
|
|
49
77
|
return { ...defaults };
|
|
50
78
|
}
|
|
51
79
|
const resolvedPath = resolve(configPath);
|
|
52
80
|
const loaded = loadJsonConfig(resolvedPath, isLuciferConfig);
|
|
53
|
-
|
|
81
|
+
const configDir = dirname(resolvedPath);
|
|
82
|
+
const result = {
|
|
54
83
|
...defaults,
|
|
55
84
|
...loaded,
|
|
56
85
|
port: loaded.port ?? defaults.port,
|
|
57
86
|
dataDir: loaded.dataDir ?? defaults.dataDir,
|
|
58
87
|
};
|
|
88
|
+
// Only set `aliases` when present so the config shape for
|
|
89
|
+
// alias-less projects stays identical to pre-feature behavior.
|
|
90
|
+
if (loaded.aliases) {
|
|
91
|
+
result.aliases = normalizeAliasPaths(loaded.aliases, configDir);
|
|
92
|
+
}
|
|
93
|
+
return result;
|
|
59
94
|
}
|
|
60
95
|
export function getTelegramToken() {
|
|
61
96
|
const token = process.env.LUCIFER_TELEGRAM_TOKEN;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway_config.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/config/gateway_config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway_config.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/config/gateway_config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEpE,SAAS,iBAAiB,CAAC,CAA0B,EAAE,GAAW,EAAE,YAAoB;IACtF,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,YAAY,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtF,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,EAAE,CAAC;QACpE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QAC9D,MAAM,CAAC,GAAG,KAAgC,CAAC;QAC3C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACpE,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,IAAa;IACpC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC5D,MAAM,CAAC,GAAG,IAA+B,CAAC;IAC1C,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,wBAAwB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5E,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,yBAAyB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,yBAAyB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,gBAAgB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACpE,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,oBAAoB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACxE,IAAI,CAAC,CAAC,iBAAiB,KAAK,SAAS,IAAI,CAAC,CAAC,iBAAiB,KAAK,MAAM,IAAI,CAAC,CAAC,iBAAiB,KAAK,sBAAsB;QAAE,OAAO,KAAK,CAAC;IACxI,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,gBAAgB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACpE,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,iBAAiB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACrE,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,iBAAiB,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACrE,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IACzE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,QAAQ,GAAkB;IAC9B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI;IACtC,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;IACpD,sBAAsB,EAAE,GAAG;IAC3B,uBAAuB,EAAE,GAAG;IAC5B,uBAAuB,EAAE,CAAC;IAC1B,cAAc,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;IAChC,kBAAkB,EAAE,EAAE;IACtB,iBAAiB,EAAE,MAAM;IACzB,OAAO,EAAE,QAAQ;CAClB,CAAC;AAEF;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,OAAsB,EAAE,SAAiB;IACpE,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,GAAG,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,cAAc,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAExC,MAAM,MAAM,GAAkB;QAC5B,GAAG,QAAQ;QACX,GAAG,MAAM;QACT,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI;QAClC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;KAC5C,CAAC;IACF,0DAA0D;IAC1D,+DAA+D;IAC/D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,CAAC,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,2DAA2D;YAC3D,4DAA4D,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,4GAA4G;AAC5G,MAAM,UAAU,cAAc;IAC5B,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AAC1C,CAAC"}
|
|
@@ -28,6 +28,9 @@ export function createPendingRequestStore() {
|
|
|
28
28
|
store.delete(requestId);
|
|
29
29
|
}
|
|
30
30
|
},
|
|
31
|
+
release(requestId) {
|
|
32
|
+
store.delete(requestId);
|
|
33
|
+
},
|
|
31
34
|
findByCommand(command, apiKeyName) {
|
|
32
35
|
for (const pending of store.values()) {
|
|
33
36
|
if (pending.command === command && pending.apiKeyName === apiKeyName) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pending_request_store.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/repository/pending_request_store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,kBAAkB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"pending_request_store.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/repository/pending_request_store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,kBAAkB,CAAC,CAAC;AAgBlD,MAAM,UAAU,yBAAyB;IACvC,MAAM,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEhD,OAAO;QACL,GAAG,CAAC,OAAuB;YACzB,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACtC,GAAG,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,uBAAuB,CAAC,CAAC;QACjG,CAAC;QAED,OAAO,CAAC,SAAiB,EAAE,QAA0B;YACnD,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACrC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,4CAA4C,CAAC,CAAC;gBACvE,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxB,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,0BAA0B,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,GAAG,CAAC,SAAiB;YACnB,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9B,CAAC;QAED,MAAM,CAAC,SAAiB;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;gBAChC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,OAAO,CAAC,SAAiB;YACvB,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;QAED,aAAa,CAAC,OAAe,EAAE,UAAkB;YAC/C,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBACrC,IAAI,OAAO,CAAC,OAAO,KAAK,OAAO,IAAI,OAAO,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;oBACrE,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,CAAC,QAAgB;YACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,OAAO,GAAG,CAAC,CAAC;YAChB,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;gBACxD,IAAI,GAAG,GAAG,QAAQ,EAAE,CAAC;oBACnB,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;oBAChD,OAAO,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;oBAChC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBACjB,OAAO,EAAE,CAAC;gBACZ,CAAC;YACH,CAAC;YACD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,mCAAmC,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,IAAI;YACF,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { spawn } from 'node:child_process';
|
|
2
|
+
import { resolveAlias } from './resolve_alias.js';
|
|
2
3
|
import { createChildLogger } from '../../../lib/logger.js';
|
|
3
4
|
const log = createChildLogger('executor');
|
|
4
5
|
let activeExecutions = 0;
|
|
5
6
|
export async function executeCommand(options) {
|
|
6
|
-
const { command, requestId, cwd, timeoutMs, maxOutputBytes, maxConcurrent, abortSignal } = options;
|
|
7
|
+
const { command, requestId, cwd, timeoutMs, maxOutputBytes, maxConcurrent, abortSignal, aliases } = options;
|
|
7
8
|
if (activeExecutions >= maxConcurrent) {
|
|
8
9
|
log.warn({ requestId, active: activeExecutions, max: maxConcurrent }, 'Max concurrent executions reached');
|
|
9
10
|
return {
|
|
@@ -14,10 +15,13 @@ export async function executeCommand(options) {
|
|
|
14
15
|
}
|
|
15
16
|
activeExecutions++;
|
|
16
17
|
const startTime = Date.now();
|
|
17
|
-
|
|
18
|
+
const resolved = resolveAlias(command, aliases);
|
|
19
|
+
log.info({ requestId, command, cwd, alias: resolved ? { cwd: resolved.cwd, bin: resolved.spawnCommand } : undefined }, 'Executing command');
|
|
18
20
|
try {
|
|
19
21
|
return await new Promise((resolve) => {
|
|
20
|
-
const child =
|
|
22
|
+
const child = resolved
|
|
23
|
+
? spawn(resolved.spawnCommand, resolved.spawnArgs, { cwd: resolved.cwd, detached: true })
|
|
24
|
+
: spawn(command, { shell: true, cwd: cwd ?? process.cwd(), detached: true });
|
|
21
25
|
let stdout = '';
|
|
22
26
|
let stderr = '';
|
|
23
27
|
let outputBytes = 0;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execute_command.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/service/execute_command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;AAE1C,IAAI,gBAAgB,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"execute_command.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/service/execute_command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;AAE1C,IAAI,gBAAgB,GAAG,CAAC,CAAC;AAazB,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAAuB;IAC1D,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5G,IAAI,gBAAgB,IAAI,aAAa,EAAE,CAAC;QACtC,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,aAAa,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC3G,OAAO;YACL,SAAS;YACT,MAAM,EAAE,QAAQ;YAChB,KAAK,EAAE,gDAAgD;SACxD,CAAC;IACJ,CAAC;IAED,gBAAgB,EAAE,CAAC;IACnB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,GAAG,CAAC,IAAI,CACN,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,EAC5G,mBAAmB,CACpB,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,MAAM,IAAI,OAAO,CAAkB,CAAC,OAAO,EAAE,EAAE;YACpD,MAAM,KAAK,GAAG,QAAQ;gBACpB,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBACzF,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YAE/E,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,WAAW,GAAG,CAAC,CAAC;YACpB,IAAI,MAAM,GAAG,KAAK,CAAC;YAEnB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,GAAG,IAAI,CAAC;gBACd,IAAI,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAC9E,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,mBAAmB,CAAC,CAAC;YAC1D,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,MAAM,OAAO,GAAG,GAAG,EAAE;gBACnB,MAAM,GAAG,IAAI,CAAC;gBACd,IAAI,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAC9E,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,uCAAuC,CAAC,CAAC;YACnE,CAAC,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;oBACxB,IAAI,CAAC;wBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC;wBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAC9E,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,OAAO,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxC,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC5B,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;oBAClC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAC7B,CAAC;qBAAM,IAAI,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,GAAG,IAAI,CAAC;oBACd,IAAI,CAAC;wBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC;wBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAC9E,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE,wBAAwB,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxC,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC5B,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;oBAClC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAC7B,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACzB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,WAAW,EAAE,CAAC;oBAChB,WAAW,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACpD,CAAC;gBAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAE1C,IAAI,MAAM,IAAI,WAAW,GAAG,cAAc,EAAE,CAAC;oBAC3C,OAAO,CAAC;wBACN,SAAS;wBACT,MAAM,EAAE,QAAQ;wBAChB,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC;wBACvC,MAAM;wBACN,UAAU;wBACV,KAAK,EAAE,mBAAmB,cAAc,cAAc;qBACvD,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,CAAC;wBACN,SAAS;wBACT,MAAM,EAAE,WAAW;wBACnB,MAAM;wBACN,MAAM;wBACN,UAAU;wBACV,KAAK,EAAE,2BAA2B,SAAS,IAAI;qBAChD,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC;oBACN,SAAS;oBACT,MAAM,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;oBAC3C,QAAQ,EAAE,IAAI,IAAI,SAAS;oBAC3B,MAAM;oBACN,MAAM;oBACN,UAAU;iBACX,CAAC,CAAC;gBAEH,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,mBAAmB,CAAC,CAAC;YAC3E,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACxB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,WAAW,EAAE,CAAC;oBAChB,WAAW,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACpD,CAAC;gBACD,OAAO,CAAC;oBACN,SAAS;oBACT,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,sBAAsB,GAAG,CAAC,OAAO,EAAE;oBAC1C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;YAAS,CAAC;QACT,gBAAgB,EAAE,CAAC;IACrB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { dirname, resolve as resolvePath } from 'node:path';
|
|
2
|
+
/**
|
|
3
|
+
* Look up the given command in the aliases config. Exact match on the trimmed
|
|
4
|
+
* command string. Returns null when no alias matches (or no aliases are
|
|
5
|
+
* configured), which signals the caller to fall back to normal shell
|
|
6
|
+
* execution. `Object.hasOwn` guards against matching prototype properties
|
|
7
|
+
* like `constructor` or `toString`.
|
|
8
|
+
*/
|
|
9
|
+
export function resolveAlias(command, aliases) {
|
|
10
|
+
if (!aliases)
|
|
11
|
+
return null;
|
|
12
|
+
const key = command.trim();
|
|
13
|
+
if (!Object.hasOwn(aliases, key))
|
|
14
|
+
return null;
|
|
15
|
+
const alias = aliases[key];
|
|
16
|
+
const absolutePath = resolvePath(alias.path);
|
|
17
|
+
const cwd = dirname(absolutePath);
|
|
18
|
+
if (alias.type === 'bash') {
|
|
19
|
+
// `--` ends bash option parsing so a script path can never be
|
|
20
|
+
// misinterpreted as a flag. `resolvePath` always returns an absolute path,
|
|
21
|
+
// which makes this defense-in-depth rather than load-bearing, but cheap.
|
|
22
|
+
return {
|
|
23
|
+
path: absolutePath,
|
|
24
|
+
type: 'bash',
|
|
25
|
+
spawnCommand: 'bash',
|
|
26
|
+
spawnArgs: ['--', absolutePath],
|
|
27
|
+
cwd,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
// 'elf': execute the file directly
|
|
31
|
+
return {
|
|
32
|
+
path: absolutePath,
|
|
33
|
+
type: 'elf',
|
|
34
|
+
spawnCommand: absolutePath,
|
|
35
|
+
spawnArgs: [],
|
|
36
|
+
cwd,
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
// The leading run of identifier-like characters. Anything that a shell would
|
|
40
|
+
// treat as a word terminator (whitespace, `;`, `|`, `&`, `<`, `>`, `$`,
|
|
41
|
+
// backtick, quote, paren, backslash, newline) is not matched, so a caller
|
|
42
|
+
// cannot smuggle shell metacharacters into the first word.
|
|
43
|
+
const ALIAS_NAME_PREFIX = /^[A-Za-z0-9_.-]+/;
|
|
44
|
+
/**
|
|
45
|
+
* Detect whether a caller's command targets a configured alias but contains
|
|
46
|
+
* additional arguments or shell metacharacters beyond the alias name. Used by
|
|
47
|
+
* the route layer to refuse such requests outright.
|
|
48
|
+
*
|
|
49
|
+
* Without this check, a caller could bypass the alias's shell-free execution
|
|
50
|
+
* guarantee by sending `"<aliasName> --arg"` or `"<aliasName>; rm -rf /"`:
|
|
51
|
+
* exact alias resolution would fail, the command would fall through to the
|
|
52
|
+
* shell, and any prefix-based command rule matching the alias name would
|
|
53
|
+
* still grant approval. This function exposes the offending alias name so the
|
|
54
|
+
* route can audit and return a precise error code.
|
|
55
|
+
*
|
|
56
|
+
* Returns the alias name when a bypass is detected, or null otherwise.
|
|
57
|
+
*/
|
|
58
|
+
export function findAliasArgsBypass(command, aliases) {
|
|
59
|
+
if (!aliases)
|
|
60
|
+
return null;
|
|
61
|
+
const trimmed = command.trim();
|
|
62
|
+
const match = ALIAS_NAME_PREFIX.exec(trimmed);
|
|
63
|
+
const firstWord = match?.[0];
|
|
64
|
+
if (!firstWord)
|
|
65
|
+
return null;
|
|
66
|
+
if (!Object.hasOwn(aliases, firstWord))
|
|
67
|
+
return null;
|
|
68
|
+
if (trimmed === firstWord)
|
|
69
|
+
return null; // exact invocation, not a bypass
|
|
70
|
+
return firstWord;
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=resolve_alias.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve_alias.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/service/resolve_alias.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AAmB5D;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,OAAkC;IAElC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3B,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAElC,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC1B,8DAA8D;QAC9D,2EAA2E;QAC3E,yEAAyE;QACzE,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,MAAM;YACZ,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,CAAC,IAAI,EAAE,YAAY,CAAC;YAC/B,GAAG;SACJ,CAAC;IACJ,CAAC;IACD,mCAAmC;IACnC,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,YAAY;QAC1B,SAAS,EAAE,EAAE;QACb,GAAG;KACJ,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,wEAAwE;AACxE,0EAA0E;AAC1E,2DAA2D;AAC3D,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAE7C;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,OAAkC;IAElC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7B,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,CAAC,iCAAiC;IACzE,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -21,6 +21,7 @@ export function createTestAppContext(label, options) {
|
|
|
21
21
|
rateLimitPerMinute: 100,
|
|
22
22
|
onApprovalTimeout: 'deny',
|
|
23
23
|
dataDir: '../data',
|
|
24
|
+
...(options?.extraAliases ? { aliases: options.extraAliases } : {}),
|
|
24
25
|
}));
|
|
25
26
|
writeFileSync(join(configDir, 'api-keys.json'), JSON.stringify({
|
|
26
27
|
keys: [{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"integration-setup.js","sourceRoot":"","sources":["../../../server/src/test/integration-setup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,wDAAwD,CAAC;AAUpF,MAAM,UAAU,oBAAoB,CAClC,KAAa,EACb,
|
|
1
|
+
{"version":3,"file":"integration-setup.js","sourceRoot":"","sources":["../../../server/src/test/integration-setup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,wDAAwD,CAAC;AAUpF,MAAM,UAAU,oBAAoB,CAClC,KAAa,EACb,OAGC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,KAAK,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEtC,MAAM,OAAO,GAAG,OAAO,KAAK,QAAQ,CAAC;IACrC,MAAM,QAAQ,GAAG,GAAG,KAAK,eAAe,CAAC;IACzC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAE/C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IAEnD,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;QACvC,IAAI,EAAE,CAAC;QACP,sBAAsB,EAAE,CAAC;QACzB,uBAAuB,EAAE,EAAE;QAC3B,uBAAuB,EAAE,CAAC;QAC1B,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,GAAG;QACvB,iBAAiB,EAAE,MAAM;QACzB,OAAO,EAAE,SAAS;QAClB,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpE,CAAC,CAAC,CAAC;IAEJ,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;QAC7D,IAAI,EAAE,CAAC;gBACL,EAAE,EAAE,GAAG,KAAK,OAAO;gBACnB,IAAI,EAAE,KAAK;gBACX,OAAO,EAAE,QAAQ;gBACjB,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,EAAE;gBACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,MAAM,EAAE,IAAI;aACb,CAAC;KACH,CAAC,CAAC,CAAC;IAEJ,MAAM,KAAK,GAAG;QACZ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE;QAC7C,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,EAAE;QAC5C,GAAG,CAAC,OAAO,EAAE,UAAU,IAAI,EAAE,CAAC;KAC/B,CAAC;IAEF,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,oBAAoB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;QAClE,KAAK;QACL,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC,CAAC;IAEJ,MAAM,MAAM,GAAG,SAAS,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5D,OAAO;QACL,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,IAAI,EAAE,KAAK,IAAI,EAAE;YACf,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,OAAO;QACP,OAAO;KACR,CAAC;AACJ,CAAC"}
|