lucifer-gate 0.5.3 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -0
- package/dist/server/domains/command-gateway/api/register_execute_routes.js +40 -2
- package/dist/server/domains/command-gateway/api/register_execute_routes.js.map +1 -1
- package/dist/server/domains/command-gateway/config/gateway_config.js +46 -22
- package/dist/server/domains/command-gateway/config/gateway_config.js.map +1 -1
- package/dist/server/domains/command-gateway/service/execute_command.js +10 -3
- package/dist/server/domains/command-gateway/service/execute_command.js.map +1 -1
- package/dist/server/domains/command-gateway/service/resolve_alias.js +72 -0
- package/dist/server/domains/command-gateway/service/resolve_alias.js.map +1 -0
- package/dist/server/test/integration-setup.js +1 -0
- package/dist/server/test/integration-setup.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -53,6 +53,41 @@ Generated by `--init`, hand-editable:
|
|
|
53
53
|
|
|
54
54
|
Rules matched top-to-bottom, first match wins.
|
|
55
55
|
|
|
56
|
+
### Command aliases (optional)
|
|
57
|
+
|
|
58
|
+
`config/lucifer.json` may include an `aliases` map that points a name at a
|
|
59
|
+
script or executable on disk. When the incoming command matches an alias name
|
|
60
|
+
exactly, Lucifer runs the referenced file directly (no shell) with the
|
|
61
|
+
script's parent directory as the working directory. Callers supplying a `cwd`
|
|
62
|
+
have it ignored for alias invocations. If the name does not match an alias,
|
|
63
|
+
execution falls back to the normal shell path.
|
|
64
|
+
|
|
65
|
+
```json
|
|
66
|
+
{
|
|
67
|
+
"aliases": {
|
|
68
|
+
"deploy": { "path": "/opt/ops/deploy.sh", "type": "bash" },
|
|
69
|
+
"healthz": { "path": "/opt/ops/bin/healthz", "type": "elf" }
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
Supported `type` values:
|
|
75
|
+
|
|
76
|
+
- `bash` — launched via `bash -- <path>`. The `--` prevents a path that
|
|
77
|
+
happens to start with `-` from being interpreted as a bash option.
|
|
78
|
+
- `elf` — launched directly (must be executable and on a filesystem without
|
|
79
|
+
`noexec`).
|
|
80
|
+
|
|
81
|
+
Relative alias `path` values are resolved against the **config file's
|
|
82
|
+
directory**, not the daemon's working directory. So `"./scripts/deploy.sh"`
|
|
83
|
+
in `config/lucifer.json` always means `config/scripts/deploy.sh` regardless
|
|
84
|
+
of where the server was started from. Absolute paths are used as-is.
|
|
85
|
+
|
|
86
|
+
Command rules still apply to the alias name as sent by the caller (so you can
|
|
87
|
+
e.g. put `{ "prefix": "deploy", "action": "manual_approve" }` in
|
|
88
|
+
`command-rules.json`). Exact-string match only — an alias `deploy` does not
|
|
89
|
+
match `deploy --dry-run`; that falls through to the shell path.
|
|
90
|
+
|
|
56
91
|
## Production setup (with Telegram)
|
|
57
92
|
|
|
58
93
|
1. Create a Telegram bot via [@BotFather](https://t.me/BotFather) and get the token
|
|
@@ -2,6 +2,7 @@ import { randomUUID } from 'node:crypto';
|
|
|
2
2
|
import { authenticateRequest, createRateLimiter } from '../service/authenticate_request.js';
|
|
3
3
|
import { analyzeCommandRisk } from '../service/analyze_command_risk.js';
|
|
4
4
|
import { executeCommand } from '../service/execute_command.js';
|
|
5
|
+
import { findAliasArgsBypass, resolveAlias } from '../service/resolve_alias.js';
|
|
5
6
|
import { createChildLogger } from '../../../lib/logger.js';
|
|
6
7
|
const log = createChildLogger('routes');
|
|
7
8
|
function validateExecuteInput(command, cwd) {
|
|
@@ -56,6 +57,36 @@ export function registerExecuteRoutes(deps) {
|
|
|
56
57
|
apiKeyName,
|
|
57
58
|
ip,
|
|
58
59
|
});
|
|
60
|
+
// Reject commands that start with an alias name but are not an exact
|
|
61
|
+
// alias invocation. Without this check, `"<alias> --arg"` or
|
|
62
|
+
// `"<alias>; rm -rf /"` would fail alias exact-match, fall through to the
|
|
63
|
+
// shell, and still be auto-approved by any prefix-based command rule that
|
|
64
|
+
// matches the alias name — shadow-bypassing the alias's shell-free
|
|
65
|
+
// execution guarantee. See ADR-009.
|
|
66
|
+
const aliasBypass = findAliasArgsBypass(command, config.aliases);
|
|
67
|
+
if (aliasBypass) {
|
|
68
|
+
auditLog.append({
|
|
69
|
+
ts: new Date().toISOString(),
|
|
70
|
+
type: 'denied',
|
|
71
|
+
requestId,
|
|
72
|
+
command,
|
|
73
|
+
error: `alias '${aliasBypass}' does not accept arguments`,
|
|
74
|
+
});
|
|
75
|
+
res.status(403).json({
|
|
76
|
+
code: 'ALIAS_ARGS_NOT_SUPPORTED',
|
|
77
|
+
message: `Alias '${aliasBypass}' does not accept arguments in this version. Send '${aliasBypass}' exactly.`,
|
|
78
|
+
retryable: false,
|
|
79
|
+
});
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
// Resolve the alias once up front so audit entries for rule decisions,
|
|
83
|
+
// approval checks, and execution all carry `aliasPath`/`aliasType` when
|
|
84
|
+
// the command runs as an alias. `resolveAlias` is pure and cheap; the
|
|
85
|
+
// executor does its own lookup to stay self-contained.
|
|
86
|
+
const resolvedAlias = resolveAlias(command, config.aliases);
|
|
87
|
+
const aliasAudit = resolvedAlias
|
|
88
|
+
? { aliasPath: resolvedAlias.path, aliasType: resolvedAlias.type }
|
|
89
|
+
: {};
|
|
59
90
|
// Match against command rules
|
|
60
91
|
const ruleMatch = commandRulesStore.matchRule(command);
|
|
61
92
|
auditLog.append({
|
|
@@ -66,7 +97,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
66
97
|
ruleAction: ruleMatch.action,
|
|
67
98
|
});
|
|
68
99
|
if (ruleMatch.action === 'always_deny') {
|
|
69
|
-
auditLog.append({ ts: new Date().toISOString(), type: 'denied', requestId, command });
|
|
100
|
+
auditLog.append({ ts: new Date().toISOString(), type: 'denied', requestId, command, ...aliasAudit });
|
|
70
101
|
res.status(403).json({
|
|
71
102
|
code: 'COMMAND_DENIED',
|
|
72
103
|
message: 'Command is not permitted by policy',
|
|
@@ -75,7 +106,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
75
106
|
return;
|
|
76
107
|
}
|
|
77
108
|
if (ruleMatch.action === 'always_approve') {
|
|
78
|
-
auditLog.append({ ts: new Date().toISOString(), type: 'approved', requestId, command, duration: 'policy' });
|
|
109
|
+
auditLog.append({ ts: new Date().toISOString(), type: 'approved', requestId, command, duration: 'policy', ...aliasAudit });
|
|
79
110
|
const result = await executeCommand({
|
|
80
111
|
command,
|
|
81
112
|
requestId,
|
|
@@ -83,6 +114,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
83
114
|
timeoutMs: config.executionTimeoutSeconds * 1000,
|
|
84
115
|
maxOutputBytes: config.maxOutputBytes,
|
|
85
116
|
maxConcurrent: config.maxConcurrentExecutions,
|
|
117
|
+
aliases: config.aliases,
|
|
86
118
|
});
|
|
87
119
|
auditLog.append({
|
|
88
120
|
ts: new Date().toISOString(),
|
|
@@ -92,6 +124,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
92
124
|
exitCode: result.exitCode,
|
|
93
125
|
durationMs: result.durationMs,
|
|
94
126
|
error: result.error,
|
|
127
|
+
...aliasAudit,
|
|
95
128
|
});
|
|
96
129
|
res.json(result);
|
|
97
130
|
return;
|
|
@@ -105,6 +138,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
105
138
|
requestId,
|
|
106
139
|
command,
|
|
107
140
|
duration: 'cached',
|
|
141
|
+
...aliasAudit,
|
|
108
142
|
});
|
|
109
143
|
const result = await executeCommand({
|
|
110
144
|
command,
|
|
@@ -113,6 +147,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
113
147
|
timeoutMs: config.executionTimeoutSeconds * 1000,
|
|
114
148
|
maxOutputBytes: config.maxOutputBytes,
|
|
115
149
|
maxConcurrent: config.maxConcurrentExecutions,
|
|
150
|
+
aliases: config.aliases,
|
|
116
151
|
});
|
|
117
152
|
auditLog.append({
|
|
118
153
|
ts: new Date().toISOString(),
|
|
@@ -122,6 +157,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
122
157
|
exitCode: result.exitCode,
|
|
123
158
|
durationMs: result.durationMs,
|
|
124
159
|
error: result.error,
|
|
160
|
+
...aliasAudit,
|
|
125
161
|
});
|
|
126
162
|
res.json(result);
|
|
127
163
|
return;
|
|
@@ -205,6 +241,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
205
241
|
maxOutputBytes: config.maxOutputBytes,
|
|
206
242
|
maxConcurrent: config.maxConcurrentExecutions,
|
|
207
243
|
abortSignal: abortController.signal,
|
|
244
|
+
aliases: config.aliases,
|
|
208
245
|
});
|
|
209
246
|
auditLog.append({
|
|
210
247
|
ts: new Date().toISOString(),
|
|
@@ -214,6 +251,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
214
251
|
exitCode: result.exitCode,
|
|
215
252
|
durationMs: result.durationMs,
|
|
216
253
|
error: result.error,
|
|
254
|
+
...aliasAudit,
|
|
217
255
|
});
|
|
218
256
|
res.json(result);
|
|
219
257
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register_execute_routes.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/api/register_execute_routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AAOxC,SAAS,oBAAoB,CAAC,OAAgB,EAAE,GAAY;IAC1D,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,KAAK,EAAE;SAC7G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAC1B,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,KAAK,EAAE;SACtG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,sDAAsD,EAAE,SAAS,EAAE,KAAK,EAAE;aACjH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,MAAM,UAAU,qBAAqB,CAAC,IAAsB;IAC1D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC;IACxH,MAAM,WAAW,GAAG,iBAAiB,CACnC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAC1E,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACnE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;QAC9D,MAAM,EAAE,GAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACtH,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAA0C,CAAC;QAEpF,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,eAAe,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,yDAAyD;QACzD,MAAM,OAAO,GAAG,UAAW,CAAC;QAE5B,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC;QAE7C,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,SAAS;YACT,OAAO;YACP,UAAU;YACV,EAAE;SACH,CAAC,CAAC;QAEH,8BAA8B;QAC9B,MAAM,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACvD,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,YAAY;YAClB,SAAS;YACT,OAAO;YACP,UAAU,EAAE,SAAS,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,IAAI,SAAS,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"register_execute_routes.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/api/register_execute_routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AAOxC,SAAS,oBAAoB,CAAC,OAAgB,EAAE,GAAY;IAC1D,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,KAAK,EAAE;SAC7G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAC1B,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,KAAK,EAAE;SACtG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,sDAAsD,EAAE,SAAS,EAAE,KAAK,EAAE;aACjH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,MAAM,UAAU,qBAAqB,CAAC,IAAsB;IAC1D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC;IACxH,MAAM,WAAW,GAAG,iBAAiB,CACnC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAC1E,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACnE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;QAC9D,MAAM,EAAE,GAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACtH,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAA0C,CAAC;QAEpF,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,eAAe,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,yDAAyD;QACzD,MAAM,OAAO,GAAG,UAAW,CAAC;QAE5B,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC;QAE7C,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,SAAS;YACT,OAAO;YACP,UAAU;YACV,EAAE;SACH,CAAC,CAAC;QAEH,qEAAqE;QACrE,6DAA6D;QAC7D,0EAA0E;QAC1E,0EAA0E;QAC1E,mEAAmE;QACnE,oCAAoC;QACpC,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACjE,IAAI,WAAW,EAAE,CAAC;YAChB,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,QAAQ;gBACd,SAAS;gBACT,OAAO;gBACP,KAAK,EAAE,UAAU,WAAW,6BAA6B;aAC1D,CAAC,CAAC;YACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,0BAA0B;gBAChC,OAAO,EAAE,UAAU,WAAW,sDAAsD,WAAW,YAAY;gBAC3G,SAAS,EAAE,KAAK;aACO,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,uEAAuE;QACvE,wEAAwE;QACxE,sEAAsE;QACtE,uDAAuD;QACvD,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5D,MAAM,UAAU,GAAG,aAAa;YAC9B,CAAC,CAAC,EAAE,SAAS,EAAE,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,aAAa,CAAC,IAAI,EAAE;YAClE,CAAC,CAAC,EAAE,CAAC;QAEP,8BAA8B;QAC9B,MAAM,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACvD,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,YAAY;YAClB,SAAS;YACT,OAAO;YACP,UAAU,EAAE,SAAS,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,IAAI,SAAS,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;YACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,oCAAoC;gBAC7C,SAAS,EAAE,KAAK;aACO,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAC1C,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;YAC3H,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;gBAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjB,OAAO;QACT,CAAC;QAED,oDAAoD;QACpD,MAAM,gBAAgB,GAAG,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC7D,IAAI,gBAAgB,EAAE,CAAC;YACrB,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,gBAAgB;gBACtB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,QAAQ;gBAClB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;gBAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjB,OAAO;QACT,CAAC;QAED,8CAA8C;QAC9C,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAE9C,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,kEAAkE,CAAC,CAAC;QAEzG,kEAAkE;QAClE,oEAAoE;QACpE,sEAAsE;QACtE,sEAAsE;QACtE,wEAAwE;QACxE,uEAAuE;QACvE,IAAI,YAAY,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,qBAAqB;gBAC3B,OAAO,EAAE,8FAA8F;gBACvG,SAAS,EAAE,IAAI;aACQ,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,YAAY,CAAC,GAAG,CAAC;gBACf,SAAS;gBACT,OAAO;gBACP,UAAU;gBACV,EAAE;gBACF,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;gBACjB,MAAM,EAAE,GAAG,EAAE,GAAE,CAAC;gBAChB,eAAe;aAChB,CAAC,CAAC;YAEH,qEAAqE;YACrE,uEAAuE;YACvE,qEAAqE;YACrE,8BAA8B;YAC9B,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,IAAI,GAAG,CAAC,aAAa;oBAAE,OAAO;gBAC9B,eAAe,CAAC,KAAK,EAAE,CAAC;gBACxB,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACjC,CAAC,CAAC,CAAC;YAEH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBACxC,eAAe,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC;gBACjF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;oBAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,MAAM,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAC;gBAClG,CAAC,CAAC;gBACF,sEAAsE;gBACtE,mEAAmE;gBACnE,oEAAoE;gBACpE,2BAA2B;gBAC3B,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;oBAC/B,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACnC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;wBACrC,OAAO;oBACT,CAAC;oBACD,eAAe,CAAC,MAAM,CAAC,gBAAgB,CACrC,OAAO,EACP,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,EAC1C,EAAE,IAAI,EAAE,IAAI,EAAE,CACf,CAAC;gBACJ,CAAC,CAAC;aACH,CAAC,CAAC;YAEH,qEAAqE;YACrE,oEAAoE;YACpE,sEAAsE;YACtE,uEAAuE;YACvE,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEhC,IAAI,cAAc,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,MAAM,EAAE,QAAyB;oBACjC,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,oBAAoB;oBAC7B,SAAS,EAAE,KAAK;iBACjB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;gBAClC,OAAO;gBACP,SAAS;gBACT,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,uBAAuB,GAAG,IAAI;gBAChD,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,aAAa,EAAE,MAAM,CAAC,uBAAuB;gBAC7C,WAAW,EAAE,eAAe,CAAC,MAAM;gBACnC,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;YACH,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACrE,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChC,mEAAmE;gBACnE,qEAAqE;gBACrE,IAAI,CAAC;oBAAC,eAAe,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;gBACxE,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,4CAA4C,CAAC,CAAC;YACxE,CAAC;iBAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,MAAM,EAAE,WAA4B;oBACpC,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,gDAAgD;oBACzD,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,SAAS;oBACT,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,2BAA2B,OAAO,EAAE;oBAC7C,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,35 +1,40 @@
|
|
|
1
|
-
import { resolve } from 'node:path';
|
|
1
|
+
import { dirname, resolve } from 'node:path';
|
|
2
2
|
import { loadJsonConfig } from '../../../lib/json_config_loader.js';
|
|
3
3
|
function checkOptionalType(d, key, expectedType) {
|
|
4
4
|
return d[key] === undefined || typeof d[key] === expectedType;
|
|
5
5
|
}
|
|
6
|
+
function isAliasesConfig(value) {
|
|
7
|
+
if (typeof value !== 'object' || value === null || Array.isArray(value))
|
|
8
|
+
return false;
|
|
9
|
+
for (const entry of Object.values(value)) {
|
|
10
|
+
if (typeof entry !== 'object' || entry === null)
|
|
11
|
+
return false;
|
|
12
|
+
const e = entry;
|
|
13
|
+
if (typeof e.path !== 'string' || e.path.length === 0)
|
|
14
|
+
return false;
|
|
15
|
+
if (e.type !== 'bash' && e.type !== 'elf')
|
|
16
|
+
return false;
|
|
17
|
+
}
|
|
18
|
+
return true;
|
|
19
|
+
}
|
|
20
|
+
const optionalNumberKeys = [
|
|
21
|
+
'port', 'approvalTimeoutSeconds', 'executionTimeoutSeconds',
|
|
22
|
+
'maxConcurrentExecutions', 'maxOutputBytes', 'rateLimitPerMinute',
|
|
23
|
+
];
|
|
24
|
+
const optionalStringKeys = [
|
|
25
|
+
'dataDir', 'telegramChatId', 'adminSecretHash', 'adminSecretSalt', 'logFile',
|
|
26
|
+
];
|
|
6
27
|
function isLuciferConfig(data) {
|
|
7
28
|
if (typeof data !== 'object' || data === null)
|
|
8
29
|
return false;
|
|
9
30
|
const d = data;
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
if (!
|
|
13
|
-
return false;
|
|
14
|
-
if (!checkOptionalType(d, 'executionTimeoutSeconds', 'number'))
|
|
15
|
-
return false;
|
|
16
|
-
if (!checkOptionalType(d, 'maxConcurrentExecutions', 'number'))
|
|
17
|
-
return false;
|
|
18
|
-
if (!checkOptionalType(d, 'maxOutputBytes', 'number'))
|
|
19
|
-
return false;
|
|
20
|
-
if (!checkOptionalType(d, 'rateLimitPerMinute', 'number'))
|
|
31
|
+
const numbersValid = optionalNumberKeys.every((k) => checkOptionalType(d, k, 'number'));
|
|
32
|
+
const stringsValid = optionalStringKeys.every((k) => checkOptionalType(d, k, 'string'));
|
|
33
|
+
if (!numbersValid || !stringsValid)
|
|
21
34
|
return false;
|
|
22
35
|
if (d.onApprovalTimeout !== undefined && d.onApprovalTimeout !== 'deny' && d.onApprovalTimeout !== 'approve-with-warning')
|
|
23
36
|
return false;
|
|
24
|
-
if (!
|
|
25
|
-
return false;
|
|
26
|
-
if (!checkOptionalType(d, 'telegramChatId', 'string'))
|
|
27
|
-
return false;
|
|
28
|
-
if (!checkOptionalType(d, 'adminSecretHash', 'string'))
|
|
29
|
-
return false;
|
|
30
|
-
if (!checkOptionalType(d, 'adminSecretSalt', 'string'))
|
|
31
|
-
return false;
|
|
32
|
-
if (!checkOptionalType(d, 'logFile', 'string'))
|
|
37
|
+
if (d.aliases !== undefined && !isAliasesConfig(d.aliases))
|
|
33
38
|
return false;
|
|
34
39
|
return true;
|
|
35
40
|
}
|
|
@@ -44,18 +49,37 @@ const defaults = {
|
|
|
44
49
|
onApprovalTimeout: 'deny',
|
|
45
50
|
dataDir: './data',
|
|
46
51
|
};
|
|
52
|
+
/**
|
|
53
|
+
* Resolve each alias `path` against the config file's directory so relative
|
|
54
|
+
* paths in `lucifer.json` are stable regardless of the daemon's working
|
|
55
|
+
* directory. Absolute paths are returned unchanged.
|
|
56
|
+
*/
|
|
57
|
+
function normalizeAliasPaths(aliases, configDir) {
|
|
58
|
+
const out = {};
|
|
59
|
+
for (const [name, alias] of Object.entries(aliases)) {
|
|
60
|
+
out[name] = { ...alias, path: resolve(configDir, alias.path) };
|
|
61
|
+
}
|
|
62
|
+
return out;
|
|
63
|
+
}
|
|
47
64
|
export function loadGatewayConfig(configPath) {
|
|
48
65
|
if (!configPath) {
|
|
49
66
|
return { ...defaults };
|
|
50
67
|
}
|
|
51
68
|
const resolvedPath = resolve(configPath);
|
|
52
69
|
const loaded = loadJsonConfig(resolvedPath, isLuciferConfig);
|
|
53
|
-
|
|
70
|
+
const configDir = dirname(resolvedPath);
|
|
71
|
+
const result = {
|
|
54
72
|
...defaults,
|
|
55
73
|
...loaded,
|
|
56
74
|
port: loaded.port ?? defaults.port,
|
|
57
75
|
dataDir: loaded.dataDir ?? defaults.dataDir,
|
|
58
76
|
};
|
|
77
|
+
// Only set `aliases` when present so the config shape for
|
|
78
|
+
// alias-less projects stays identical to pre-feature behavior.
|
|
79
|
+
if (loaded.aliases) {
|
|
80
|
+
result.aliases = normalizeAliasPaths(loaded.aliases, configDir);
|
|
81
|
+
}
|
|
82
|
+
return result;
|
|
59
83
|
}
|
|
60
84
|
export function getTelegramToken() {
|
|
61
85
|
const token = process.env.LUCIFER_TELEGRAM_TOKEN;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway_config.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/config/gateway_config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway_config.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/config/gateway_config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEpE,SAAS,iBAAiB,CAAC,CAA0B,EAAE,GAAW,EAAE,YAAoB;IACtF,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,YAAY,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtF,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,EAAE,CAAC;QACpE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QAC9D,MAAM,CAAC,GAAG,KAAgC,CAAC;QAC3C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACpE,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,kBAAkB,GAAG;IACzB,MAAM,EAAE,wBAAwB,EAAE,yBAAyB;IAC3D,yBAAyB,EAAE,gBAAgB,EAAE,oBAAoB;CACzD,CAAC;AAEX,MAAM,kBAAkB,GAAG;IACzB,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,SAAS;CACpE,CAAC;AAEX,SAAS,eAAe,CAAC,IAAa;IACpC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC5D,MAAM,CAAC,GAAG,IAA+B,CAAC;IAE1C,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACxF,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACxF,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAC;IAEjD,IAAI,CAAC,CAAC,iBAAiB,KAAK,SAAS,IAAI,CAAC,CAAC,iBAAiB,KAAK,MAAM,IAAI,CAAC,CAAC,iBAAiB,KAAK,sBAAsB;QAAE,OAAO,KAAK,CAAC;IACxI,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IACzE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,QAAQ,GAAkB;IAC9B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI;IACtC,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;IACpD,sBAAsB,EAAE,GAAG;IAC3B,uBAAuB,EAAE,GAAG;IAC5B,uBAAuB,EAAE,CAAC;IAC1B,cAAc,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;IAChC,kBAAkB,EAAE,EAAE;IACtB,iBAAiB,EAAE,MAAM;IACzB,OAAO,EAAE,QAAQ;CAClB,CAAC;AAEF;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,OAAsB,EAAE,SAAiB;IACpE,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,UAAmB;IACnD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,GAAG,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,cAAc,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAExC,MAAM,MAAM,GAAkB;QAC5B,GAAG,QAAQ;QACX,GAAG,MAAM;QACT,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI;QAClC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;KAC5C,CAAC;IACF,0DAA0D;IAC1D,+DAA+D;IAC/D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,CAAC,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,2DAA2D;YAC3D,4DAA4D,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,4GAA4G;AAC5G,MAAM,UAAU,cAAc;IAC5B,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AAC1C,CAAC"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { spawn } from 'node:child_process';
|
|
2
|
+
import { resolveAlias } from './resolve_alias.js';
|
|
2
3
|
import { createChildLogger } from '../../../lib/logger.js';
|
|
3
4
|
const log = createChildLogger('executor');
|
|
4
5
|
let activeExecutions = 0;
|
|
5
6
|
export async function executeCommand(options) {
|
|
6
|
-
const { command, requestId, cwd, timeoutMs, maxOutputBytes, maxConcurrent, abortSignal } = options;
|
|
7
|
+
const { command, requestId, cwd, timeoutMs, maxOutputBytes, maxConcurrent, abortSignal, aliases } = options;
|
|
7
8
|
if (activeExecutions >= maxConcurrent) {
|
|
8
9
|
log.warn({ requestId, active: activeExecutions, max: maxConcurrent }, 'Max concurrent executions reached');
|
|
9
10
|
return {
|
|
@@ -14,10 +15,16 @@ export async function executeCommand(options) {
|
|
|
14
15
|
}
|
|
15
16
|
activeExecutions++;
|
|
16
17
|
const startTime = Date.now();
|
|
17
|
-
|
|
18
|
+
const resolved = resolveAlias(command, aliases);
|
|
19
|
+
log.info({ requestId, command, cwd, alias: resolved ? { cwd: resolved.cwd, bin: resolved.spawnCommand } : undefined }, 'Executing command');
|
|
18
20
|
try {
|
|
19
21
|
return await new Promise((resolve) => {
|
|
20
|
-
|
|
22
|
+
// This is a command gateway that intentionally executes user-supplied
|
|
23
|
+
// commands. Access is gated by API-key auth and configurable command
|
|
24
|
+
// rules (allow/deny lists). The spawn call below is by design.
|
|
25
|
+
const child = resolved
|
|
26
|
+
? spawn(resolved.spawnCommand, resolved.spawnArgs, { cwd: resolved.cwd, detached: true })
|
|
27
|
+
: spawn(command, { shell: true, cwd: cwd ?? process.cwd(), detached: true }); // NOSONAR -- intentional: this gateway executes user-supplied commands gated by API-key auth and command rules
|
|
21
28
|
let stdout = '';
|
|
22
29
|
let stderr = '';
|
|
23
30
|
let outputBytes = 0;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execute_command.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/service/execute_command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;AAE1C,IAAI,gBAAgB,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"execute_command.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/service/execute_command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;AAE1C,IAAI,gBAAgB,GAAG,CAAC,CAAC;AAazB,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAAuB;IAC1D,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5G,IAAI,gBAAgB,IAAI,aAAa,EAAE,CAAC;QACtC,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,aAAa,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC3G,OAAO;YACL,SAAS;YACT,MAAM,EAAE,QAAQ;YAChB,KAAK,EAAE,gDAAgD;SACxD,CAAC;IACJ,CAAC;IAED,gBAAgB,EAAE,CAAC;IACnB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,GAAG,CAAC,IAAI,CACN,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,EAC5G,mBAAmB,CACpB,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,MAAM,IAAI,OAAO,CAAkB,CAAC,OAAO,EAAE,EAAE;YACpD,sEAAsE;YACtE,qEAAqE;YACrE,+DAA+D;YAC/D,MAAM,KAAK,GAAG,QAAQ;gBACpB,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBACzF,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,+GAA+G;YAE/L,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,WAAW,GAAG,CAAC,CAAC;YACpB,IAAI,MAAM,GAAG,KAAK,CAAC;YAEnB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,GAAG,IAAI,CAAC;gBACd,IAAI,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAC9E,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,mBAAmB,CAAC,CAAC;YAC1D,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,MAAM,OAAO,GAAG,GAAG,EAAE;gBACnB,MAAM,GAAG,IAAI,CAAC;gBACd,IAAI,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAC9E,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,uCAAuC,CAAC,CAAC;YACnE,CAAC,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;oBACxB,IAAI,CAAC;wBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC;wBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAC9E,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,OAAO,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxC,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC5B,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;oBAClC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAC7B,CAAC;qBAAM,IAAI,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,GAAG,IAAI,CAAC;oBACd,IAAI,CAAC;wBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAI,EAAE,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC;wBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAAC,CAAC;oBAC9E,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE,wBAAwB,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxC,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC5B,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;oBAClC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAC7B,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACzB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,WAAW,EAAE,CAAC;oBAChB,WAAW,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACpD,CAAC;gBAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAE1C,IAAI,MAAM,IAAI,WAAW,GAAG,cAAc,EAAE,CAAC;oBAC3C,OAAO,CAAC;wBACN,SAAS;wBACT,MAAM,EAAE,QAAQ;wBAChB,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC;wBACvC,MAAM;wBACN,UAAU;wBACV,KAAK,EAAE,mBAAmB,cAAc,cAAc;qBACvD,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,CAAC;wBACN,SAAS;wBACT,MAAM,EAAE,WAAW;wBACnB,MAAM;wBACN,MAAM;wBACN,UAAU;wBACV,KAAK,EAAE,2BAA2B,SAAS,IAAI;qBAChD,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC;oBACN,SAAS;oBACT,MAAM,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;oBAC3C,QAAQ,EAAE,IAAI,IAAI,SAAS;oBAC3B,MAAM;oBACN,MAAM;oBACN,UAAU;iBACX,CAAC,CAAC;gBAEH,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,mBAAmB,CAAC,CAAC;YAC3E,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACxB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,WAAW,EAAE,CAAC;oBAChB,WAAW,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACpD,CAAC;gBACD,OAAO,CAAC;oBACN,SAAS;oBACT,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,sBAAsB,GAAG,CAAC,OAAO,EAAE;oBAC1C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;YAAS,CAAC;QACT,gBAAgB,EAAE,CAAC;IACrB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { dirname, resolve as resolvePath } from 'node:path';
|
|
2
|
+
/**
|
|
3
|
+
* Look up the given command in the aliases config. Exact match on the trimmed
|
|
4
|
+
* command string. Returns null when no alias matches (or no aliases are
|
|
5
|
+
* configured), which signals the caller to fall back to normal shell
|
|
6
|
+
* execution. `Object.hasOwn` guards against matching prototype properties
|
|
7
|
+
* like `constructor` or `toString`.
|
|
8
|
+
*/
|
|
9
|
+
export function resolveAlias(command, aliases) {
|
|
10
|
+
if (!aliases)
|
|
11
|
+
return null;
|
|
12
|
+
const key = command.trim();
|
|
13
|
+
if (!Object.hasOwn(aliases, key))
|
|
14
|
+
return null;
|
|
15
|
+
const alias = aliases[key];
|
|
16
|
+
const absolutePath = resolvePath(alias.path);
|
|
17
|
+
const cwd = dirname(absolutePath);
|
|
18
|
+
if (alias.type === 'bash') {
|
|
19
|
+
// `--` ends bash option parsing so a script path can never be
|
|
20
|
+
// misinterpreted as a flag. `resolvePath` always returns an absolute path,
|
|
21
|
+
// which makes this defense-in-depth rather than load-bearing, but cheap.
|
|
22
|
+
return {
|
|
23
|
+
path: absolutePath,
|
|
24
|
+
type: 'bash',
|
|
25
|
+
spawnCommand: 'bash',
|
|
26
|
+
spawnArgs: ['--', absolutePath],
|
|
27
|
+
cwd,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
// 'elf': execute the file directly
|
|
31
|
+
return {
|
|
32
|
+
path: absolutePath,
|
|
33
|
+
type: 'elf',
|
|
34
|
+
spawnCommand: absolutePath,
|
|
35
|
+
spawnArgs: [],
|
|
36
|
+
cwd,
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
// The leading run of identifier-like characters. Anything that a shell would
|
|
40
|
+
// treat as a word terminator (whitespace, `;`, `|`, `&`, `<`, `>`, `$`,
|
|
41
|
+
// backtick, quote, paren, backslash, newline) is not matched, so a caller
|
|
42
|
+
// cannot smuggle shell metacharacters into the first word.
|
|
43
|
+
const ALIAS_NAME_PREFIX = /^[A-Za-z0-9_.-]+/;
|
|
44
|
+
/**
|
|
45
|
+
* Detect whether a caller's command targets a configured alias but contains
|
|
46
|
+
* additional arguments or shell metacharacters beyond the alias name. Used by
|
|
47
|
+
* the route layer to refuse such requests outright.
|
|
48
|
+
*
|
|
49
|
+
* Without this check, a caller could bypass the alias's shell-free execution
|
|
50
|
+
* guarantee by sending `"<aliasName> --arg"` or `"<aliasName>; rm -rf /"`:
|
|
51
|
+
* exact alias resolution would fail, the command would fall through to the
|
|
52
|
+
* shell, and any prefix-based command rule matching the alias name would
|
|
53
|
+
* still grant approval. This function exposes the offending alias name so the
|
|
54
|
+
* route can audit and return a precise error code.
|
|
55
|
+
*
|
|
56
|
+
* Returns the alias name when a bypass is detected, or null otherwise.
|
|
57
|
+
*/
|
|
58
|
+
export function findAliasArgsBypass(command, aliases) {
|
|
59
|
+
if (!aliases)
|
|
60
|
+
return null;
|
|
61
|
+
const trimmed = command.trim();
|
|
62
|
+
const match = ALIAS_NAME_PREFIX.exec(trimmed);
|
|
63
|
+
const firstWord = match?.[0];
|
|
64
|
+
if (!firstWord)
|
|
65
|
+
return null;
|
|
66
|
+
if (!Object.hasOwn(aliases, firstWord))
|
|
67
|
+
return null;
|
|
68
|
+
if (trimmed === firstWord)
|
|
69
|
+
return null; // exact invocation, not a bypass
|
|
70
|
+
return firstWord;
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=resolve_alias.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve_alias.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/service/resolve_alias.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AAmB5D;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,OAAkC;IAElC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3B,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAElC,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC1B,8DAA8D;QAC9D,2EAA2E;QAC3E,yEAAyE;QACzE,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,MAAM;YACZ,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,CAAC,IAAI,EAAE,YAAY,CAAC;YAC/B,GAAG;SACJ,CAAC;IACJ,CAAC;IACD,mCAAmC;IACnC,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,YAAY;QAC1B,SAAS,EAAE,EAAE;QACb,GAAG;KACJ,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,wEAAwE;AACxE,0EAA0E;AAC1E,2DAA2D;AAC3D,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAE7C;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,OAAkC;IAElC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7B,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,CAAC,iCAAiC;IACzE,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -21,6 +21,7 @@ export function createTestAppContext(label, options) {
|
|
|
21
21
|
rateLimitPerMinute: 100,
|
|
22
22
|
onApprovalTimeout: 'deny',
|
|
23
23
|
dataDir: '../data',
|
|
24
|
+
...(options?.extraAliases ? { aliases: options.extraAliases } : {}),
|
|
24
25
|
}));
|
|
25
26
|
writeFileSync(join(configDir, 'api-keys.json'), JSON.stringify({
|
|
26
27
|
keys: [{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"integration-setup.js","sourceRoot":"","sources":["../../../server/src/test/integration-setup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,wDAAwD,CAAC;AAUpF,MAAM,UAAU,oBAAoB,CAClC,KAAa,EACb,
|
|
1
|
+
{"version":3,"file":"integration-setup.js","sourceRoot":"","sources":["../../../server/src/test/integration-setup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,wDAAwD,CAAC;AAUpF,MAAM,UAAU,oBAAoB,CAClC,KAAa,EACb,OAGC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,KAAK,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEtC,MAAM,OAAO,GAAG,OAAO,KAAK,QAAQ,CAAC;IACrC,MAAM,QAAQ,GAAG,GAAG,KAAK,eAAe,CAAC;IACzC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAE/C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IAEnD,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;QACvC,IAAI,EAAE,CAAC;QACP,sBAAsB,EAAE,CAAC;QACzB,uBAAuB,EAAE,EAAE;QAC3B,uBAAuB,EAAE,CAAC;QAC1B,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,GAAG;QACvB,iBAAiB,EAAE,MAAM;QACzB,OAAO,EAAE,SAAS;QAClB,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpE,CAAC,CAAC,CAAC;IAEJ,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;QAC7D,IAAI,EAAE,CAAC;gBACL,EAAE,EAAE,GAAG,KAAK,OAAO;gBACnB,IAAI,EAAE,KAAK;gBACX,OAAO,EAAE,QAAQ;gBACjB,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,EAAE;gBACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,MAAM,EAAE,IAAI;aACb,CAAC;KACH,CAAC,CAAC,CAAC;IAEJ,MAAM,KAAK,GAAG;QACZ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE;QAC7C,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,EAAE;QAC5C,GAAG,CAAC,OAAO,EAAE,UAAU,IAAI,EAAE,CAAC;KAC/B,CAAC;IAEF,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,oBAAoB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;QAClE,KAAK;QACL,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC,CAAC;IAEJ,MAAM,MAAM,GAAG,SAAS,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5D,OAAO;QACL,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,IAAI,EAAE,KAAK,IAAI,EAAE;YACf,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,OAAO;QACP,OAAO;KACR,CAAC;AACJ,CAAC"}
|