run402 2.30.0 → 2.31.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +6 -0
- package/core-dist/operator-session.js +154 -0
- package/lib/operator.mjs +261 -0
- package/package.json +1 -1
- package/sdk/core-dist/operator-session.js +154 -0
- package/sdk/dist/index.d.ts +7 -0
- package/sdk/dist/index.d.ts.map +1 -1
- package/sdk/dist/index.js +7 -0
- package/sdk/dist/index.js.map +1 -1
- package/sdk/dist/namespaces/operator.d.ts +112 -0
- package/sdk/dist/namespaces/operator.d.ts.map +1 -0
- package/sdk/dist/namespaces/operator.js +107 -0
- package/sdk/dist/namespaces/operator.js.map +1 -0
package/cli.mjs
CHANGED
|
@@ -48,6 +48,7 @@ Commands:
|
|
|
48
48
|
billing Email billing accounts, Stripe tier checkout, email packs
|
|
49
49
|
contracts KMS contract wallets ($0.04/day rental + $0.000005/sign)
|
|
50
50
|
agent Manage agent identity (contact info)
|
|
51
|
+
operator Operator (human/email) session — login, then overview across your wallets
|
|
51
52
|
service Run402 service health and availability (status, health)
|
|
52
53
|
cache Inspect and invalidate the SSR origin cache (inspect, invalidate)
|
|
53
54
|
doctor Health and config diagnostics (machine-readable with --json)
|
|
@@ -244,6 +245,11 @@ switch (cmd) {
|
|
|
244
245
|
await run(sub, rest);
|
|
245
246
|
break;
|
|
246
247
|
}
|
|
248
|
+
case "operator": {
|
|
249
|
+
const { run } = await import("./lib/operator.mjs");
|
|
250
|
+
await run(sub, rest);
|
|
251
|
+
break;
|
|
252
|
+
}
|
|
247
253
|
case "auth": {
|
|
248
254
|
const { run } = await import("./lib/auth.mjs");
|
|
249
255
|
await run(sub, rest);
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync, statSync, rmSync } from "node:fs";
|
|
2
|
+
import { dirname, join } from "node:path";
|
|
3
|
+
import { randomBytes } from "node:crypto";
|
|
4
|
+
import { getConfigBaseDir } from "./config.js";
|
|
5
|
+
/**
|
|
6
|
+
* Path to the cached operator session: `{base}/operator-session.json`, at the
|
|
7
|
+
* BASE config dir — NOT the per-profile dir, because the session is email-
|
|
8
|
+
* scoped and shared across all local named wallets. `RUN402_OPERATOR_SESSION_PATH`
|
|
9
|
+
* overrides for testing, mirroring `RUN402_ALLOWANCE_PATH`.
|
|
10
|
+
*/
|
|
11
|
+
export function getOperatorSessionPath() {
|
|
12
|
+
return process.env.RUN402_OPERATOR_SESSION_PATH || join(getConfigBaseDir(), "operator-session.json");
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* If the session file is readable by group or other (any low 0o077 bit set),
|
|
16
|
+
* tighten it to 0600 and warn once on stderr — the bearer token is as sensitive
|
|
17
|
+
* as the allowance private key. Best-effort: POSIX-only, silent elsewhere.
|
|
18
|
+
* Mirrors the self-heal in `allowance.ts`.
|
|
19
|
+
*/
|
|
20
|
+
function selfHealPermissions(p) {
|
|
21
|
+
if (process.platform === "win32")
|
|
22
|
+
return;
|
|
23
|
+
try {
|
|
24
|
+
const mode = statSync(p).mode & 0o777;
|
|
25
|
+
if ((mode & 0o077) !== 0) {
|
|
26
|
+
chmodSync(p, 0o600);
|
|
27
|
+
process.stderr.write(`warning: tightened permissions on ${p} from ${mode.toString(8)} to 600 (was readable by other users).\n`);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
catch {
|
|
31
|
+
// Best-effort; never block a read on a chmod/stat failure.
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Load the cached operator session from disk.
|
|
36
|
+
*
|
|
37
|
+
* Returns `null` for the "no session cached" cases (file absent, unreadable, or
|
|
38
|
+
* unparseable JSON) — callers treat that as "not logged in" and point at
|
|
39
|
+
* `run402 operator login`. Throws a structured `Error` when the file parses as
|
|
40
|
+
* JSON but the shape is wrong, so a corrupted cache surfaces a clear fix-it
|
|
41
|
+
* instead of a downstream `TypeError`.
|
|
42
|
+
*/
|
|
43
|
+
export function readOperatorSession(path) {
|
|
44
|
+
const p = path ?? getOperatorSessionPath();
|
|
45
|
+
if (!existsSync(p))
|
|
46
|
+
return null;
|
|
47
|
+
selfHealPermissions(p);
|
|
48
|
+
let raw;
|
|
49
|
+
try {
|
|
50
|
+
raw = readFileSync(p, "utf-8");
|
|
51
|
+
}
|
|
52
|
+
catch {
|
|
53
|
+
return null;
|
|
54
|
+
}
|
|
55
|
+
let parsed;
|
|
56
|
+
try {
|
|
57
|
+
parsed = JSON.parse(raw);
|
|
58
|
+
}
|
|
59
|
+
catch {
|
|
60
|
+
// Unparseable input reads as "no session" rather than an error — consumers
|
|
61
|
+
// already handle null with a friendly "run 'run402 operator login'".
|
|
62
|
+
return null;
|
|
63
|
+
}
|
|
64
|
+
if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
65
|
+
throw new Error(`operator-session.json must contain a JSON object (got ${Array.isArray(parsed) ? "array" : parsed === null ? "null" : typeof parsed}). Delete the file and run 'run402 operator login' to recreate it.`);
|
|
66
|
+
}
|
|
67
|
+
const data = parsed;
|
|
68
|
+
if (typeof data.operator_session_token !== "string" || data.operator_session_token.length === 0) {
|
|
69
|
+
throw new Error("operator-session.json missing valid 'operator_session_token'. Run 'run402 operator login' to refresh it.");
|
|
70
|
+
}
|
|
71
|
+
if (typeof data.email !== "string" || data.email.length === 0) {
|
|
72
|
+
throw new Error("operator-session.json missing valid 'email'. Run 'run402 operator login' to refresh it.");
|
|
73
|
+
}
|
|
74
|
+
if (typeof data.expires_at !== "number" || !Number.isFinite(data.expires_at)) {
|
|
75
|
+
throw new Error("operator-session.json missing valid 'expires_at'. Run 'run402 operator login' to refresh it.");
|
|
76
|
+
}
|
|
77
|
+
if (!Array.isArray(data.wallets) || data.wallets.some((w) => typeof w !== "string")) {
|
|
78
|
+
throw new Error("operator-session.json has an invalid 'wallets' list. Run 'run402 operator login' to refresh it.");
|
|
79
|
+
}
|
|
80
|
+
return {
|
|
81
|
+
operator_session_token: data.operator_session_token,
|
|
82
|
+
token_type: typeof data.token_type === "string" ? data.token_type : "Bearer",
|
|
83
|
+
email: data.email,
|
|
84
|
+
wallets: data.wallets,
|
|
85
|
+
expires_at: data.expires_at,
|
|
86
|
+
absolute_expires_at: typeof data.absolute_expires_at === "string" ? data.absolute_expires_at : "",
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
/** Persist an operator session atomically (temp-file + rename), mode 0600. */
|
|
90
|
+
export function saveOperatorSession(data, path) {
|
|
91
|
+
const p = path ?? getOperatorSessionPath();
|
|
92
|
+
const dir = dirname(p);
|
|
93
|
+
mkdirSync(dir, { recursive: true });
|
|
94
|
+
const tmp = join(dir, `.operator-session.${randomBytes(4).toString("hex")}.tmp`);
|
|
95
|
+
writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
|
|
96
|
+
renameSync(tmp, p);
|
|
97
|
+
chmodSync(p, 0o600);
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Delete the cached operator session — the local half of `operator logout`.
|
|
101
|
+
* Best-effort and idempotent: a missing file is a no-op.
|
|
102
|
+
*/
|
|
103
|
+
export function clearOperatorSession(path) {
|
|
104
|
+
const p = path ?? getOperatorSessionPath();
|
|
105
|
+
try {
|
|
106
|
+
rmSync(p, { force: true });
|
|
107
|
+
}
|
|
108
|
+
catch {
|
|
109
|
+
// Best-effort: a failed unlink should never crash logout.
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Whether a cached session is past its usable life. The access token
|
|
114
|
+
* (`expires_at`, ~30m) always expires before the absolute cap (~12h), so
|
|
115
|
+
* checking it is sufficient; the absolute cap is honored defensively. A small
|
|
116
|
+
* skew buffer treats a session expiring within `skewMs` as already expired, so
|
|
117
|
+
* we never send a token that dies mid-flight.
|
|
118
|
+
*/
|
|
119
|
+
export function isOperatorSessionExpired(session, nowMs = Date.now(), skewMs = 10_000) {
|
|
120
|
+
if (nowMs + skewMs >= session.expires_at)
|
|
121
|
+
return true;
|
|
122
|
+
if (session.absolute_expires_at) {
|
|
123
|
+
const cap = Date.parse(session.absolute_expires_at);
|
|
124
|
+
if (Number.isFinite(cap) && nowMs + skewMs >= cap)
|
|
125
|
+
return true;
|
|
126
|
+
}
|
|
127
|
+
return false;
|
|
128
|
+
}
|
|
129
|
+
/**
|
|
130
|
+
* Read the cached session and return it only if still usable; `null` if absent
|
|
131
|
+
* or expired. The bearer fetch path and `operator overview` use this so an
|
|
132
|
+
* expired cache surfaces as "not logged in" instead of a server 401.
|
|
133
|
+
*/
|
|
134
|
+
export function loadLiveOperatorSession(path, nowMs = Date.now()) {
|
|
135
|
+
const s = readOperatorSession(path);
|
|
136
|
+
if (!s)
|
|
137
|
+
return null;
|
|
138
|
+
return isOperatorSessionExpired(s, nowMs) ? null : s;
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Map a gateway token payload (relative `expires_in`) into the cached shape
|
|
142
|
+
* (absolute `expires_at`). `nowMs` is injectable for deterministic tests.
|
|
143
|
+
*/
|
|
144
|
+
export function operatorSessionFromTokenResponse(resp, nowMs = Date.now()) {
|
|
145
|
+
return {
|
|
146
|
+
operator_session_token: resp.operator_session_token,
|
|
147
|
+
token_type: resp.token_type ?? "Bearer",
|
|
148
|
+
email: resp.email ?? "",
|
|
149
|
+
wallets: Array.isArray(resp.wallets) ? resp.wallets.filter((w) => typeof w === "string") : [],
|
|
150
|
+
expires_at: nowMs + (typeof resp.expires_in === "number" ? resp.expires_in : 0) * 1000,
|
|
151
|
+
absolute_expires_at: resp.absolute_expires_at ?? "",
|
|
152
|
+
};
|
|
153
|
+
}
|
|
154
|
+
//# sourceMappingURL=operator-session.js.map
|
package/lib/operator.mjs
ADDED
|
@@ -0,0 +1,261 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* run402 operator — the operator (human / email) session.
|
|
3
|
+
*
|
|
4
|
+
* The operator is YOU, the human, identified by email — distinct from the
|
|
5
|
+
* AGENT (your wallet / SIWX identity). One browser login spans every wallet
|
|
6
|
+
* that verified your email, so `operator overview` returns the cross-wallet
|
|
7
|
+
* union. For a single wallet's account state, use `run402 status`.
|
|
8
|
+
*
|
|
9
|
+
* Auth: browser-delegated device-authorization grant (RFC 8628, the
|
|
10
|
+
* `aws sso login` model). The CLI never performs WebAuthn — the browser does,
|
|
11
|
+
* via the existing magic-link / passkey flows — and the CLI brokers the
|
|
12
|
+
* resulting operator-session token, cached at the BASE config dir (shared
|
|
13
|
+
* across named wallets, since the session is email-scoped).
|
|
14
|
+
*
|
|
15
|
+
* Agent-first: JSON to stdout. `login` additionally prints the verification URL
|
|
16
|
+
* + user code to stderr (human-in-the-loop) and degrades gracefully when not a
|
|
17
|
+
* TTY. Gated on the gateway device-auth bridge (kychee-com/run402-private#443).
|
|
18
|
+
*/
|
|
19
|
+
|
|
20
|
+
import { setTimeout as sleep } from "node:timers/promises";
|
|
21
|
+
import { spawn } from "node:child_process";
|
|
22
|
+
import { fail, reportSdkError } from "./sdk-errors.mjs";
|
|
23
|
+
import { getSdk } from "./sdk.mjs";
|
|
24
|
+
import { normalizeArgv, hasHelp, assertKnownFlags } from "./argparse.mjs";
|
|
25
|
+
import {
|
|
26
|
+
saveOperatorSession,
|
|
27
|
+
clearOperatorSession,
|
|
28
|
+
loadLiveOperatorSession,
|
|
29
|
+
readOperatorSession,
|
|
30
|
+
isOperatorSessionExpired,
|
|
31
|
+
operatorSessionFromTokenResponse,
|
|
32
|
+
} from "../core-dist/operator-session.js";
|
|
33
|
+
|
|
34
|
+
const CLIENT_NAME = "run402 CLI";
|
|
35
|
+
|
|
36
|
+
const HELP = `run402 operator — operator (human / email) session
|
|
37
|
+
|
|
38
|
+
The operator is YOU, the human, identified by email — distinct from the agent
|
|
39
|
+
(your wallet). One browser login spans every wallet that verified your email.
|
|
40
|
+
For a single wallet's account state, use 'run402 status'.
|
|
41
|
+
|
|
42
|
+
Usage:
|
|
43
|
+
run402 operator login [--no-open]
|
|
44
|
+
run402 operator overview
|
|
45
|
+
run402 operator whoami
|
|
46
|
+
run402 operator logout
|
|
47
|
+
|
|
48
|
+
Subcommands:
|
|
49
|
+
login Sign in via the browser (device-authorization, like 'aws sso login')
|
|
50
|
+
overview Account view across ALL wallets controlling your email (requires login)
|
|
51
|
+
whoami Show the cached session (email, wallets, expiry) — local, no network
|
|
52
|
+
logout Revoke the session server-side and clear the local cache
|
|
53
|
+
|
|
54
|
+
Options:
|
|
55
|
+
--no-open (login) Do not auto-open the browser; just print the URL + code.
|
|
56
|
+
|
|
57
|
+
Notes:
|
|
58
|
+
- The session is cached at the base config dir, shared across named wallets.
|
|
59
|
+
- 'overview' requires 'login' and never falls back to a single wallet.
|
|
60
|
+
- JSON to stdout; 'login' prints the URL + code to stderr (human-in-the-loop).
|
|
61
|
+
`;
|
|
62
|
+
|
|
63
|
+
/** Shared output shape for `whoami` and the `login` success result. */
|
|
64
|
+
function sessionView(session, nowMs = Date.now()) {
|
|
65
|
+
return {
|
|
66
|
+
logged_in: true,
|
|
67
|
+
email: session.email,
|
|
68
|
+
wallets: session.wallets,
|
|
69
|
+
wallet_count: session.wallets.length,
|
|
70
|
+
expires_at: new Date(session.expires_at).toISOString(),
|
|
71
|
+
absolute_expires_at: session.absolute_expires_at || null,
|
|
72
|
+
expires_in_seconds: Math.max(0, Math.round((session.expires_at - nowMs) / 1000)),
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
/** Best-effort, cross-platform browser open. Never throws. */
|
|
77
|
+
function openBrowser(url) {
|
|
78
|
+
try {
|
|
79
|
+
let cmd;
|
|
80
|
+
let cmdArgs;
|
|
81
|
+
if (process.platform === "darwin") {
|
|
82
|
+
cmd = "open";
|
|
83
|
+
cmdArgs = [url];
|
|
84
|
+
} else if (process.platform === "win32") {
|
|
85
|
+
cmd = "cmd";
|
|
86
|
+
cmdArgs = ["/c", "start", "", url];
|
|
87
|
+
} else {
|
|
88
|
+
cmd = "xdg-open";
|
|
89
|
+
cmdArgs = [url];
|
|
90
|
+
}
|
|
91
|
+
const child = spawn(cmd, cmdArgs, { stdio: "ignore", detached: true });
|
|
92
|
+
child.on("error", () => {}); // ignore: the URL is also printed to stderr
|
|
93
|
+
child.unref();
|
|
94
|
+
} catch {
|
|
95
|
+
// Best-effort only — the human can always copy the printed URL.
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
async function login(args) {
|
|
100
|
+
assertKnownFlags(args, ["--help", "-h", "--no-open"]);
|
|
101
|
+
const noOpen = args.includes("--no-open");
|
|
102
|
+
const sdk = getSdk();
|
|
103
|
+
|
|
104
|
+
let start;
|
|
105
|
+
try {
|
|
106
|
+
start = await sdk.operator.deviceStart({ clientName: CLIENT_NAME });
|
|
107
|
+
} catch (err) {
|
|
108
|
+
return reportSdkError(err);
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
// Human-in-the-loop prompt → stderr, so stdout stays clean for the final JSON.
|
|
112
|
+
const target = start.verification_uri_complete || start.verification_uri;
|
|
113
|
+
process.stderr.write(
|
|
114
|
+
`\nTo authorize the ${CLIENT_NAME}, open:\n ${start.verification_uri}\n` +
|
|
115
|
+
`and enter the code: ${start.user_code}\n\n`,
|
|
116
|
+
);
|
|
117
|
+
if (!noOpen && process.stderr.isTTY) {
|
|
118
|
+
openBrowser(target);
|
|
119
|
+
process.stderr.write("(opening your browser…)\n\n");
|
|
120
|
+
}
|
|
121
|
+
process.stderr.write("Waiting for approval…\n");
|
|
122
|
+
|
|
123
|
+
// Poll loop — honor the server interval, back off on slow_down, and stop at
|
|
124
|
+
// the device-code deadline. if/else (not switch) so the sync scanner doesn't
|
|
125
|
+
// mistake the poll states for CLI subcommands.
|
|
126
|
+
let intervalMs = Math.max(1, Number(start.interval) || 5) * 1000;
|
|
127
|
+
const deadline = Date.now() + Math.max(1, Number(start.expires_in) || 600) * 1000;
|
|
128
|
+
|
|
129
|
+
while (Date.now() < deadline) {
|
|
130
|
+
await sleep(intervalMs);
|
|
131
|
+
let result;
|
|
132
|
+
try {
|
|
133
|
+
result = await sdk.operator.devicePoll(start.device_code);
|
|
134
|
+
} catch (err) {
|
|
135
|
+
return reportSdkError(err);
|
|
136
|
+
}
|
|
137
|
+
if (result.kind === "approved") {
|
|
138
|
+
const session = operatorSessionFromTokenResponse(result.session);
|
|
139
|
+
saveOperatorSession(session);
|
|
140
|
+
process.stderr.write(`\nSigned in as ${session.email}.\n`);
|
|
141
|
+
console.log(JSON.stringify(sessionView(session)));
|
|
142
|
+
return;
|
|
143
|
+
}
|
|
144
|
+
if (result.kind === "authorization_pending") continue;
|
|
145
|
+
if (result.kind === "slow_down") {
|
|
146
|
+
intervalMs += 5000;
|
|
147
|
+
continue;
|
|
148
|
+
}
|
|
149
|
+
if (result.kind === "access_denied") {
|
|
150
|
+
fail({
|
|
151
|
+
code: "OPERATOR_LOGIN_DENIED",
|
|
152
|
+
message: "Authorization was denied in the browser.",
|
|
153
|
+
hint: "Run 'run402 operator login' to try again.",
|
|
154
|
+
});
|
|
155
|
+
}
|
|
156
|
+
if (result.kind === "expired_token") {
|
|
157
|
+
fail({
|
|
158
|
+
code: "OPERATOR_LOGIN_EXPIRED",
|
|
159
|
+
message: "The device code expired before approval.",
|
|
160
|
+
hint: "Run 'run402 operator login' to get a fresh code.",
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
fail({ code: "OPERATOR_LOGIN_FAILED", message: `Unexpected device poll result: ${result.kind}` });
|
|
164
|
+
}
|
|
165
|
+
fail({
|
|
166
|
+
code: "OPERATOR_LOGIN_TIMEOUT",
|
|
167
|
+
message: "Timed out waiting for browser approval.",
|
|
168
|
+
hint: "Run 'run402 operator login' to try again.",
|
|
169
|
+
});
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
async function logout(args) {
|
|
173
|
+
assertKnownFlags(args, ["--help", "-h"]);
|
|
174
|
+
const session = loadLiveOperatorSession();
|
|
175
|
+
let revoked = false;
|
|
176
|
+
if (session) {
|
|
177
|
+
try {
|
|
178
|
+
await getSdk().operator.revoke({ token: session.operator_session_token });
|
|
179
|
+
revoked = true;
|
|
180
|
+
} catch {
|
|
181
|
+
// Best-effort: a failed server revoke (expired token, offline) must not
|
|
182
|
+
// block clearing the local cache. The local token is removed regardless.
|
|
183
|
+
revoked = false;
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
clearOperatorSession();
|
|
187
|
+
console.log(JSON.stringify({ revoked, cleared: true }));
|
|
188
|
+
}
|
|
189
|
+
|
|
190
|
+
async function overview(args) {
|
|
191
|
+
assertKnownFlags(args, ["--help", "-h"]);
|
|
192
|
+
const session = loadLiveOperatorSession();
|
|
193
|
+
if (!session) {
|
|
194
|
+
fail({
|
|
195
|
+
code: "OPERATOR_LOGIN_REQUIRED",
|
|
196
|
+
message: "No operator session. Run 'run402 operator login' to sign in.",
|
|
197
|
+
hint: "operator overview shows the union across all wallets controlling your email; for a single wallet use 'run402 status'.",
|
|
198
|
+
});
|
|
199
|
+
}
|
|
200
|
+
try {
|
|
201
|
+
const result = await getSdk().operator.overview({ token: session.operator_session_token });
|
|
202
|
+
console.log(JSON.stringify(result, null, 2));
|
|
203
|
+
} catch (err) {
|
|
204
|
+
// 401/403 means the session was revoked or expired server-side. Clear the
|
|
205
|
+
// stale cache and point at re-login instead of leaving a dead token behind.
|
|
206
|
+
if (err && (err.status === 401 || err.status === 403)) {
|
|
207
|
+
clearOperatorSession();
|
|
208
|
+
fail({
|
|
209
|
+
code: "OPERATOR_SESSION_INVALID",
|
|
210
|
+
message: "Operator session is no longer valid (revoked or expired).",
|
|
211
|
+
hint: "Run 'run402 operator login' to sign in again.",
|
|
212
|
+
});
|
|
213
|
+
}
|
|
214
|
+
reportSdkError(err);
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
|
|
218
|
+
async function whoami(args) {
|
|
219
|
+
assertKnownFlags(args, ["--help", "-h"]);
|
|
220
|
+
const now = Date.now();
|
|
221
|
+
const session = readOperatorSession();
|
|
222
|
+
if (!session) {
|
|
223
|
+
console.log(JSON.stringify({ logged_in: false, reason: "no_session", hint: "Run 'run402 operator login' to sign in." }));
|
|
224
|
+
process.exitCode = 1;
|
|
225
|
+
return;
|
|
226
|
+
}
|
|
227
|
+
if (isOperatorSessionExpired(session, now)) {
|
|
228
|
+
console.log(JSON.stringify({ logged_in: false, reason: "expired", email: session.email, hint: "Run 'run402 operator login' to sign in again." }));
|
|
229
|
+
process.exitCode = 1;
|
|
230
|
+
return;
|
|
231
|
+
}
|
|
232
|
+
console.log(JSON.stringify(sessionView(session, now)));
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
export async function run(sub, args = []) {
|
|
236
|
+
args = normalizeArgv(args);
|
|
237
|
+
if (!sub || sub === "--help" || sub === "-h" || hasHelp(args)) {
|
|
238
|
+
console.log(HELP);
|
|
239
|
+
process.exit(0);
|
|
240
|
+
}
|
|
241
|
+
switch (sub) {
|
|
242
|
+
case "login":
|
|
243
|
+
await login(args);
|
|
244
|
+
break;
|
|
245
|
+
case "logout":
|
|
246
|
+
await logout(args);
|
|
247
|
+
break;
|
|
248
|
+
case "overview":
|
|
249
|
+
await overview(args);
|
|
250
|
+
break;
|
|
251
|
+
case "whoami":
|
|
252
|
+
await whoami(args);
|
|
253
|
+
break;
|
|
254
|
+
default:
|
|
255
|
+
fail({
|
|
256
|
+
code: "BAD_USAGE",
|
|
257
|
+
message: `Unknown subcommand: operator ${sub}`,
|
|
258
|
+
hint: "Run 'run402 operator --help' for usage.",
|
|
259
|
+
});
|
|
260
|
+
}
|
|
261
|
+
}
|
package/package.json
CHANGED
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync, statSync, rmSync } from "node:fs";
|
|
2
|
+
import { dirname, join } from "node:path";
|
|
3
|
+
import { randomBytes } from "node:crypto";
|
|
4
|
+
import { getConfigBaseDir } from "./config.js";
|
|
5
|
+
/**
|
|
6
|
+
* Path to the cached operator session: `{base}/operator-session.json`, at the
|
|
7
|
+
* BASE config dir — NOT the per-profile dir, because the session is email-
|
|
8
|
+
* scoped and shared across all local named wallets. `RUN402_OPERATOR_SESSION_PATH`
|
|
9
|
+
* overrides for testing, mirroring `RUN402_ALLOWANCE_PATH`.
|
|
10
|
+
*/
|
|
11
|
+
export function getOperatorSessionPath() {
|
|
12
|
+
return process.env.RUN402_OPERATOR_SESSION_PATH || join(getConfigBaseDir(), "operator-session.json");
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* If the session file is readable by group or other (any low 0o077 bit set),
|
|
16
|
+
* tighten it to 0600 and warn once on stderr — the bearer token is as sensitive
|
|
17
|
+
* as the allowance private key. Best-effort: POSIX-only, silent elsewhere.
|
|
18
|
+
* Mirrors the self-heal in `allowance.ts`.
|
|
19
|
+
*/
|
|
20
|
+
function selfHealPermissions(p) {
|
|
21
|
+
if (process.platform === "win32")
|
|
22
|
+
return;
|
|
23
|
+
try {
|
|
24
|
+
const mode = statSync(p).mode & 0o777;
|
|
25
|
+
if ((mode & 0o077) !== 0) {
|
|
26
|
+
chmodSync(p, 0o600);
|
|
27
|
+
process.stderr.write(`warning: tightened permissions on ${p} from ${mode.toString(8)} to 600 (was readable by other users).\n`);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
catch {
|
|
31
|
+
// Best-effort; never block a read on a chmod/stat failure.
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Load the cached operator session from disk.
|
|
36
|
+
*
|
|
37
|
+
* Returns `null` for the "no session cached" cases (file absent, unreadable, or
|
|
38
|
+
* unparseable JSON) — callers treat that as "not logged in" and point at
|
|
39
|
+
* `run402 operator login`. Throws a structured `Error` when the file parses as
|
|
40
|
+
* JSON but the shape is wrong, so a corrupted cache surfaces a clear fix-it
|
|
41
|
+
* instead of a downstream `TypeError`.
|
|
42
|
+
*/
|
|
43
|
+
export function readOperatorSession(path) {
|
|
44
|
+
const p = path ?? getOperatorSessionPath();
|
|
45
|
+
if (!existsSync(p))
|
|
46
|
+
return null;
|
|
47
|
+
selfHealPermissions(p);
|
|
48
|
+
let raw;
|
|
49
|
+
try {
|
|
50
|
+
raw = readFileSync(p, "utf-8");
|
|
51
|
+
}
|
|
52
|
+
catch {
|
|
53
|
+
return null;
|
|
54
|
+
}
|
|
55
|
+
let parsed;
|
|
56
|
+
try {
|
|
57
|
+
parsed = JSON.parse(raw);
|
|
58
|
+
}
|
|
59
|
+
catch {
|
|
60
|
+
// Unparseable input reads as "no session" rather than an error — consumers
|
|
61
|
+
// already handle null with a friendly "run 'run402 operator login'".
|
|
62
|
+
return null;
|
|
63
|
+
}
|
|
64
|
+
if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
65
|
+
throw new Error(`operator-session.json must contain a JSON object (got ${Array.isArray(parsed) ? "array" : parsed === null ? "null" : typeof parsed}). Delete the file and run 'run402 operator login' to recreate it.`);
|
|
66
|
+
}
|
|
67
|
+
const data = parsed;
|
|
68
|
+
if (typeof data.operator_session_token !== "string" || data.operator_session_token.length === 0) {
|
|
69
|
+
throw new Error("operator-session.json missing valid 'operator_session_token'. Run 'run402 operator login' to refresh it.");
|
|
70
|
+
}
|
|
71
|
+
if (typeof data.email !== "string" || data.email.length === 0) {
|
|
72
|
+
throw new Error("operator-session.json missing valid 'email'. Run 'run402 operator login' to refresh it.");
|
|
73
|
+
}
|
|
74
|
+
if (typeof data.expires_at !== "number" || !Number.isFinite(data.expires_at)) {
|
|
75
|
+
throw new Error("operator-session.json missing valid 'expires_at'. Run 'run402 operator login' to refresh it.");
|
|
76
|
+
}
|
|
77
|
+
if (!Array.isArray(data.wallets) || data.wallets.some((w) => typeof w !== "string")) {
|
|
78
|
+
throw new Error("operator-session.json has an invalid 'wallets' list. Run 'run402 operator login' to refresh it.");
|
|
79
|
+
}
|
|
80
|
+
return {
|
|
81
|
+
operator_session_token: data.operator_session_token,
|
|
82
|
+
token_type: typeof data.token_type === "string" ? data.token_type : "Bearer",
|
|
83
|
+
email: data.email,
|
|
84
|
+
wallets: data.wallets,
|
|
85
|
+
expires_at: data.expires_at,
|
|
86
|
+
absolute_expires_at: typeof data.absolute_expires_at === "string" ? data.absolute_expires_at : "",
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
/** Persist an operator session atomically (temp-file + rename), mode 0600. */
|
|
90
|
+
export function saveOperatorSession(data, path) {
|
|
91
|
+
const p = path ?? getOperatorSessionPath();
|
|
92
|
+
const dir = dirname(p);
|
|
93
|
+
mkdirSync(dir, { recursive: true });
|
|
94
|
+
const tmp = join(dir, `.operator-session.${randomBytes(4).toString("hex")}.tmp`);
|
|
95
|
+
writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
|
|
96
|
+
renameSync(tmp, p);
|
|
97
|
+
chmodSync(p, 0o600);
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Delete the cached operator session — the local half of `operator logout`.
|
|
101
|
+
* Best-effort and idempotent: a missing file is a no-op.
|
|
102
|
+
*/
|
|
103
|
+
export function clearOperatorSession(path) {
|
|
104
|
+
const p = path ?? getOperatorSessionPath();
|
|
105
|
+
try {
|
|
106
|
+
rmSync(p, { force: true });
|
|
107
|
+
}
|
|
108
|
+
catch {
|
|
109
|
+
// Best-effort: a failed unlink should never crash logout.
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Whether a cached session is past its usable life. The access token
|
|
114
|
+
* (`expires_at`, ~30m) always expires before the absolute cap (~12h), so
|
|
115
|
+
* checking it is sufficient; the absolute cap is honored defensively. A small
|
|
116
|
+
* skew buffer treats a session expiring within `skewMs` as already expired, so
|
|
117
|
+
* we never send a token that dies mid-flight.
|
|
118
|
+
*/
|
|
119
|
+
export function isOperatorSessionExpired(session, nowMs = Date.now(), skewMs = 10_000) {
|
|
120
|
+
if (nowMs + skewMs >= session.expires_at)
|
|
121
|
+
return true;
|
|
122
|
+
if (session.absolute_expires_at) {
|
|
123
|
+
const cap = Date.parse(session.absolute_expires_at);
|
|
124
|
+
if (Number.isFinite(cap) && nowMs + skewMs >= cap)
|
|
125
|
+
return true;
|
|
126
|
+
}
|
|
127
|
+
return false;
|
|
128
|
+
}
|
|
129
|
+
/**
|
|
130
|
+
* Read the cached session and return it only if still usable; `null` if absent
|
|
131
|
+
* or expired. The bearer fetch path and `operator overview` use this so an
|
|
132
|
+
* expired cache surfaces as "not logged in" instead of a server 401.
|
|
133
|
+
*/
|
|
134
|
+
export function loadLiveOperatorSession(path, nowMs = Date.now()) {
|
|
135
|
+
const s = readOperatorSession(path);
|
|
136
|
+
if (!s)
|
|
137
|
+
return null;
|
|
138
|
+
return isOperatorSessionExpired(s, nowMs) ? null : s;
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Map a gateway token payload (relative `expires_in`) into the cached shape
|
|
142
|
+
* (absolute `expires_at`). `nowMs` is injectable for deterministic tests.
|
|
143
|
+
*/
|
|
144
|
+
export function operatorSessionFromTokenResponse(resp, nowMs = Date.now()) {
|
|
145
|
+
return {
|
|
146
|
+
operator_session_token: resp.operator_session_token,
|
|
147
|
+
token_type: resp.token_type ?? "Bearer",
|
|
148
|
+
email: resp.email ?? "",
|
|
149
|
+
wallets: Array.isArray(resp.wallets) ? resp.wallets.filter((w) => typeof w === "string") : [],
|
|
150
|
+
expires_at: nowMs + (typeof resp.expires_in === "number" ? resp.expires_in : 0) * 1000,
|
|
151
|
+
absolute_expires_at: resp.absolute_expires_at ?? "",
|
|
152
|
+
};
|
|
153
|
+
}
|
|
154
|
+
//# sourceMappingURL=operator-session.js.map
|
package/sdk/dist/index.d.ts
CHANGED
|
@@ -29,6 +29,7 @@ import { Admin } from "./namespaces/admin.js";
|
|
|
29
29
|
import { Deploy } from "./namespaces/deploy.js";
|
|
30
30
|
import { Ci } from "./namespaces/ci.js";
|
|
31
31
|
import { Jobs } from "./namespaces/jobs.js";
|
|
32
|
+
import { Operator } from "./namespaces/operator.js";
|
|
32
33
|
import type { ContentSource, FileSet } from "./namespaces/deploy.types.js";
|
|
33
34
|
import { ScopedRun402 } from "./scoped.js";
|
|
34
35
|
export interface Run402Options {
|
|
@@ -76,6 +77,11 @@ export declare class Run402 {
|
|
|
76
77
|
readonly _applyEngine: Deploy;
|
|
77
78
|
readonly ci: Ci;
|
|
78
79
|
readonly jobs: Jobs;
|
|
80
|
+
/**
|
|
81
|
+
* The *human* (email) principal — browser-delegated operator session (RFC
|
|
82
|
+
* 8628 device flow), distinct from the agent's per-wallet SIWX identity.
|
|
83
|
+
*/
|
|
84
|
+
readonly operator: Operator;
|
|
79
85
|
constructor(opts: Run402Options);
|
|
80
86
|
/**
|
|
81
87
|
* Return a project-scoped sub-client where every project-id-bearing namespace
|
|
@@ -183,6 +189,7 @@ export type * from "./namespaces/domains.js";
|
|
|
183
189
|
export type * from "./namespaces/email.js";
|
|
184
190
|
export type * from "./namespaces/functions.types.js";
|
|
185
191
|
export type * from "./namespaces/jobs.js";
|
|
192
|
+
export type * from "./namespaces/operator.js";
|
|
186
193
|
export type * from "./namespaces/projects.types.js";
|
|
187
194
|
export type * from "./namespaces/secrets.js";
|
|
188
195
|
export type * from "./namespaces/sender-domain.js";
|
package/sdk/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,MAAM,WAAW,aAAa;IAC5B,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC;IAChB,mFAAmF;IACnF,WAAW,EAAE,mBAAmB,CAAC;IACjC;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACjC;AAED,qBAAa,MAAM;;IACjB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC;IAChB,QAAQ,CAAC,KAAK,EAAG,EAAE,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB;;;;;;OAMG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC;IAChB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,MAAM,WAAW,aAAa;IAC5B,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC;IAChB,mFAAmF;IACnF,WAAW,EAAE,mBAAmB,CAAC;IACjC;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACjC;AAED,qBAAa,MAAM;;IACjB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC;IAChB,QAAQ,CAAC,KAAK,EAAG,EAAE,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB;;;;;;OAMG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC;IAChB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;gBAIhB,IAAI,EAAE,aAAa;IAiE/B;;;;;;;;;;;;;;;;OAgBG;IACG,OAAO,CAAC,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAsBjD;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAKnD;;;;;;;;;OASG;IACG,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;CAiBhC;AAED,uCAAuC;AACvC,MAAM,WAAW,MAAM;IACrB,8EAA8E;IAC9E,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,+DAA+D;IAC/D,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,wDAAwD;IACxD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAO,CAEpE;AAED;;;GAGG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM,CAElD;AAED,OAAO,EACL,WAAW,EACX,eAAe,EACf,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,UAAU,EACV,cAAc,EACd,YAAY,EACZ,aAAa,EACb,qBAAqB,EACrB,sBAAsB,EACtB,aAAa,GACd,MAAM,aAAa,CAAC;AACrB,YAAY,EACV,qBAAqB,EACrB,oBAAoB,EACpB,eAAe,EACf,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,mBAAmB,YAAY,CAAC;AAChC,mBAAmB,kBAAkB,CAAC;AACtC,mBAAmB,aAAa,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,0BAA0B,EAC1B,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAC7B,mBAAmB,qBAAqB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,+BAA+B,EAC/B,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,EAAE,EACF,WAAW,EACX,wBAAwB,EACxB,0BAA0B,EAC1B,8BAA8B,EAC9B,qBAAqB,EACrB,4BAA4B,EAC5B,sBAAsB,EACtB,4BAA4B,EAC5B,0BAA0B,EAC1B,sBAAsB,EACtB,2BAA2B,EAC3B,eAAe,EACf,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,mBAAmB,uBAAuB,CAAC;AAC3C,mBAAmB,2BAA2B,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,mBAAmB,oBAAoB,CAAC;AACxC,mBAAmB,2BAA2B,CAAC;AAC/C,mBAAmB,sBAAsB,CAAC;AAC1C,mBAAmB,sBAAsB,CAAC;AAC1C,mBAAmB,yBAAyB,CAAC;AAC7C,mBAAmB,uBAAuB,CAAC;AAC3C,mBAAmB,8BAA8B,CAAC;AAClD,mBAAmB,0BAA0B,CAAC;AAC9C,mBAAmB,2BAA2B,CAAC;AAC/C,mBAAmB,8BAA8B,CAAC;AAClD,YAAY,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,mBAAmB,yBAAyB,CAAC;AAC7C,mBAAmB,uBAAuB,CAAC;AAC3C,mBAAmB,iCAAiC,CAAC;AACrD,mBAAmB,sBAAsB,CAAC;AAC1C,mBAAmB,0BAA0B,CAAC;AAC9C,mBAAmB,gCAAgC,CAAC;AACpD,mBAAmB,yBAAyB,CAAC;AAC7C,mBAAmB,+BAA+B,CAAC;AACnD,mBAAmB,yBAAyB,CAAC;AAC7C,mBAAmB,uBAAuB,CAAC;AAC3C,mBAAmB,4BAA4B,CAAC;AAChD,mBAAmB,sBAAsB,CAAC"}
|
package/sdk/dist/index.js
CHANGED
|
@@ -29,6 +29,7 @@ import { Admin } from "./namespaces/admin.js";
|
|
|
29
29
|
import { Deploy } from "./namespaces/deploy.js";
|
|
30
30
|
import { Ci } from "./namespaces/ci.js";
|
|
31
31
|
import { Jobs } from "./namespaces/jobs.js";
|
|
32
|
+
import { Operator } from "./namespaces/operator.js";
|
|
32
33
|
import { ScopedRun402 } from "./scoped.js";
|
|
33
34
|
import { LocalError } from "./errors.js";
|
|
34
35
|
export class Run402 {
|
|
@@ -63,6 +64,11 @@ export class Run402 {
|
|
|
63
64
|
_applyEngine;
|
|
64
65
|
ci;
|
|
65
66
|
jobs;
|
|
67
|
+
/**
|
|
68
|
+
* The *human* (email) principal — browser-delegated operator session (RFC
|
|
69
|
+
* 8628 device flow), distinct from the agent's per-wallet SIWX identity.
|
|
70
|
+
*/
|
|
71
|
+
operator;
|
|
66
72
|
#client;
|
|
67
73
|
constructor(opts) {
|
|
68
74
|
if (!opts || typeof opts !== "object") {
|
|
@@ -112,6 +118,7 @@ export class Run402 {
|
|
|
112
118
|
this._applyEngine = new Deploy(client);
|
|
113
119
|
this.ci = new Ci(client);
|
|
114
120
|
this.jobs = new Jobs(client);
|
|
121
|
+
this.operator = new Operator(client);
|
|
115
122
|
}
|
|
116
123
|
/**
|
|
117
124
|
* Return a project-scoped sub-client where every project-id-bearing namespace
|
package/sdk/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAkC,MAAM,aAAa,CAAC;AAE1E,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAkC,MAAM,aAAa,CAAC;AAE1E,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEpD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAezC,MAAM,OAAO,MAAM;IACR,QAAQ,CAAW;IACnB,MAAM,CAAS;IACf,SAAS,CAAY;IACrB,OAAO,CAAU;IACjB,KAAK,CAAQ;IACb,UAAU,CAAa;IACvB,OAAO,CAAU;IACjB,KAAK,CAAQ;IACb,OAAO,CAAU;IACjB,IAAI,CAAO;IACX,SAAS,CAAY;IACrB,EAAE,CAAK;IACP,KAAK,CAAM;IACX,IAAI,CAAO;IACX,YAAY,CAAe;IAC3B,OAAO,CAAU;IACjB,OAAO,CAAU;IACjB,IAAI,CAAO;IACX,KAAK,CAAQ;IACb,SAAS,CAAY;IACrB,KAAK,CAAQ;IACtB;;;;;;OAMG;IACM,YAAY,CAAS;IACrB,EAAE,CAAK;IACP,IAAI,CAAO;IACpB;;;OAGG;IACM,QAAQ,CAAW;IAEnB,OAAO,CAAS;IAEzB,YAAY,IAAmB;QAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,UAAU,CAClB,mCAAmC,EACnC,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,UAAU,CAClB,mDAAmD,EACnD,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,UAAU,CAClB,gKAAgK,EAChK,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IACE,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,KAAK,UAAU;YAC9C,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,KAAK,UAAU,EACjD,CAAC;YACD,MAAM,IAAI,UAAU,CAClB,+EAA+E,EAC/E,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAiB;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;YACtD,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;QACF,MAAM,MAAM,GAAW,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;QACzB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,OAAO,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,EAAE;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,OAAO,CAAC,EAAW;QACvB,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC;YACzD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,UAAU,CAClB,yIAAyI,EACzI,2BAA2B,CAC5B,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,UAAU,CAClB,yIAAyI,EACzI,2BAA2B,CAC5B,CAAC;YACJ,CAAC;YACD,UAAU,GAAG,MAAM,CAAC;QACtB,CAAC;QACD,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,UAAU,CAAC,EAAU;QACzB,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAG,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5F,IAAI,OAAO,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QACxC,IAAI,OAAO,IAAI,IAAI,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;YAC3C,OAAO,GAAG,CAAC,MAAM,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC;QACrE,CAAC;QACD,MAAM,aAAa,GAAG,KAAK,CAAC,gBAAgB;YAC1C,CAAC,CAAC,MAAM,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1C,CAAC,CAAC,IAAI,CAAC;QACT,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,IAAI,IAAI,IAAI;YAC5B,OAAO;YACP,KAAK,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI;YAC9B,aAAa,EAAE,aAAa,IAAI,IAAI;SACrC,CAAC;IACJ,CAAC;CACF;AAcD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,KAAK,CAAC,MAAqC;IACzD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,MAAM,CAAC,IAAmB;IACxC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,OAAO,EACL,WAAW,EACX,eAAe,EACf,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,UAAU,EACV,cAAc,EACd,YAAY,EACZ,aAAa,EACb,qBAAqB,EACrB,sBAAsB,EACtB,aAAa,GACd,MAAM,aAAa,CAAC;AAOrB,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,OAAO,EACL,sBAAsB,EACtB,0BAA0B,EAC1B,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,+BAA+B,EAC/B,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,EAAE,EACF,WAAW,EACX,wBAAwB,EACxB,0BAA0B,EAC1B,8BAA8B,EAC9B,qBAAqB,EACrB,4BAA4B,EAC5B,sBAAsB,EACtB,4BAA4B,EAC5B,0BAA0B,EAC1B,sBAAsB,EACtB,2BAA2B,EAC3B,eAAe,EACf,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `operator` namespace — the *human* (email) principal, distinct from the
|
|
3
|
+
* agent's per-wallet SIWX identity.
|
|
4
|
+
*
|
|
5
|
+
* The human authenticates in the browser via an OAuth 2.0 device-authorization
|
|
6
|
+
* grant (RFC 8628, the `aws sso login` model): `deviceStart` returns a
|
|
7
|
+
* user-facing code + URL, the human approves it via the existing magic-link or
|
|
8
|
+
* passkey web flow, and `devicePoll` brokers the resulting operator-session
|
|
9
|
+
* token. `overview` reads the email-union account view with that token, and
|
|
10
|
+
* `revoke` ends the session server-side.
|
|
11
|
+
*
|
|
12
|
+
* Bearer auth is passed explicitly (`opts.token`) rather than sourced from a
|
|
13
|
+
* credential provider, because the operator session is a Node-only on-disk
|
|
14
|
+
* cache (`core/operator-session.ts`) and this namespace stays isomorphic. The
|
|
15
|
+
* `device*` endpoints are unauthenticated (the `device_code` in the body is the
|
|
16
|
+
* credential), so they send no auth headers.
|
|
17
|
+
*
|
|
18
|
+
* Gateway contract: kychee-com/run402-private#443 (RFC 8628 device-auth bridge).
|
|
19
|
+
*/
|
|
20
|
+
import type { Client } from "../kernel.js";
|
|
21
|
+
/** RFC 8628 device-authorization start response. */
|
|
22
|
+
export interface DeviceAuthStart {
|
|
23
|
+
device_code: string;
|
|
24
|
+
user_code: string;
|
|
25
|
+
verification_uri: string;
|
|
26
|
+
/** Pre-fills the user_code so the human can click straight through. */
|
|
27
|
+
verification_uri_complete?: string;
|
|
28
|
+
expires_in: number;
|
|
29
|
+
/** Minimum seconds between `devicePoll` calls. */
|
|
30
|
+
interval: number;
|
|
31
|
+
}
|
|
32
|
+
/** The operator-session token payload (wire shape; relative `expires_in`). */
|
|
33
|
+
export interface OperatorSessionToken {
|
|
34
|
+
operator_session_token: string;
|
|
35
|
+
token_type: string;
|
|
36
|
+
expires_in: number;
|
|
37
|
+
absolute_expires_at: string;
|
|
38
|
+
email: string;
|
|
39
|
+
wallets: string[];
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Result of one `devicePoll`. The non-approved states are the RFC 8628 token
|
|
43
|
+
* error codes — they are expected polling states, NOT thrown errors, so callers
|
|
44
|
+
* can run the poll loop without try/catch.
|
|
45
|
+
*/
|
|
46
|
+
export type DevicePollResult = {
|
|
47
|
+
kind: "approved";
|
|
48
|
+
session: OperatorSessionToken;
|
|
49
|
+
} | {
|
|
50
|
+
kind: "authorization_pending";
|
|
51
|
+
} | {
|
|
52
|
+
kind: "slow_down";
|
|
53
|
+
} | {
|
|
54
|
+
kind: "access_denied";
|
|
55
|
+
} | {
|
|
56
|
+
kind: "expired_token";
|
|
57
|
+
};
|
|
58
|
+
/**
|
|
59
|
+
* Account overview. Forward-compatible: the gateway owns the exact shape and
|
|
60
|
+
* may add fields, so unknown keys are preserved via the index signature.
|
|
61
|
+
* `scope.kind` is `"email"` for the operator-session (email-union) and
|
|
62
|
+
* `"wallet"` for a SIWX slice.
|
|
63
|
+
*/
|
|
64
|
+
export interface OperatorOverview {
|
|
65
|
+
scope?: {
|
|
66
|
+
kind?: "email" | "wallet" | string;
|
|
67
|
+
principal?: string;
|
|
68
|
+
};
|
|
69
|
+
rollup?: Record<string, unknown>;
|
|
70
|
+
billing_accounts?: unknown[];
|
|
71
|
+
wallets?: unknown[];
|
|
72
|
+
advisories?: unknown[];
|
|
73
|
+
[key: string]: unknown;
|
|
74
|
+
}
|
|
75
|
+
export declare class Operator {
|
|
76
|
+
private readonly client;
|
|
77
|
+
constructor(client: Client);
|
|
78
|
+
/**
|
|
79
|
+
* Begin the device-authorization flow. Unauthenticated. Returns the codes the
|
|
80
|
+
* CLI prints (`user_code` + `verification_uri`) plus the poll `interval` and
|
|
81
|
+
* `expires_in`.
|
|
82
|
+
*/
|
|
83
|
+
deviceStart(opts?: {
|
|
84
|
+
clientName?: string;
|
|
85
|
+
}): Promise<DeviceAuthStart>;
|
|
86
|
+
/**
|
|
87
|
+
* Poll once for approval. Bypasses the kernel's error mapping on purpose: the
|
|
88
|
+
* RFC 8628 error codes (`authorization_pending`, `slow_down`, ...) are normal
|
|
89
|
+
* polling states returned as data, not exceptions. Only an unexpected
|
|
90
|
+
* response shape throws.
|
|
91
|
+
*/
|
|
92
|
+
devicePoll(deviceCode: string): Promise<DevicePollResult>;
|
|
93
|
+
/**
|
|
94
|
+
* Fetch the account overview. With `opts.token` the request carries the
|
|
95
|
+
* operator-session bearer and returns the email-union; without it the request
|
|
96
|
+
* falls back to the credential provider's default auth (SIWX) and returns
|
|
97
|
+
* that wallet's slice. The CLI always passes a token (human-only surface); the
|
|
98
|
+
* SDK supports both because the gateway endpoint accepts both principals.
|
|
99
|
+
*/
|
|
100
|
+
overview(opts?: {
|
|
101
|
+
token?: string;
|
|
102
|
+
}): Promise<OperatorOverview>;
|
|
103
|
+
/**
|
|
104
|
+
* Revoke the operator session server-side (the server half of
|
|
105
|
+
* `operator logout`). Idempotent on the gateway; returns 204. The local cache
|
|
106
|
+
* is cleared separately by the CLI.
|
|
107
|
+
*/
|
|
108
|
+
revoke(opts: {
|
|
109
|
+
token: string;
|
|
110
|
+
}): Promise<void>;
|
|
111
|
+
}
|
|
112
|
+
//# sourceMappingURL=operator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"operator.d.ts","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAG3C,oDAAoD;AACpD,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,uEAAuE;IACvE,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,8EAA8E;AAC9E,MAAM,WAAW,oBAAoB;IACnC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GACxB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,oBAAoB,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,uBAAuB,CAAA;CAAE,GACjC;IAAE,IAAI,EAAE,WAAW,CAAA;CAAE,GACrB;IAAE,IAAI,EAAE,eAAe,CAAA;CAAE,GACzB;IAAE,IAAI,EAAE,eAAe,CAAA;CAAE,CAAC;AAE9B;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AASD,qBAAa,QAAQ;IACP,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C;;;;OAIG;IACG,WAAW,CAAC,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,eAAe,CAAC;IAS/E;;;;;OAKG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAgC/D;;;;;;OAMG;IACG,QAAQ,CAAC,IAAI,GAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAaxE;;;;OAIG;IACG,MAAM,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAQrD"}
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `operator` namespace — the *human* (email) principal, distinct from the
|
|
3
|
+
* agent's per-wallet SIWX identity.
|
|
4
|
+
*
|
|
5
|
+
* The human authenticates in the browser via an OAuth 2.0 device-authorization
|
|
6
|
+
* grant (RFC 8628, the `aws sso login` model): `deviceStart` returns a
|
|
7
|
+
* user-facing code + URL, the human approves it via the existing magic-link or
|
|
8
|
+
* passkey web flow, and `devicePoll` brokers the resulting operator-session
|
|
9
|
+
* token. `overview` reads the email-union account view with that token, and
|
|
10
|
+
* `revoke` ends the session server-side.
|
|
11
|
+
*
|
|
12
|
+
* Bearer auth is passed explicitly (`opts.token`) rather than sourced from a
|
|
13
|
+
* credential provider, because the operator session is a Node-only on-disk
|
|
14
|
+
* cache (`core/operator-session.ts`) and this namespace stays isomorphic. The
|
|
15
|
+
* `device*` endpoints are unauthenticated (the `device_code` in the body is the
|
|
16
|
+
* credential), so they send no auth headers.
|
|
17
|
+
*
|
|
18
|
+
* Gateway contract: kychee-com/run402-private#443 (RFC 8628 device-auth bridge).
|
|
19
|
+
*/
|
|
20
|
+
import { ApiError, NetworkError } from "../errors.js";
|
|
21
|
+
const POLL_ERROR_CODES = new Set([
|
|
22
|
+
"authorization_pending",
|
|
23
|
+
"slow_down",
|
|
24
|
+
"access_denied",
|
|
25
|
+
"expired_token",
|
|
26
|
+
]);
|
|
27
|
+
export class Operator {
|
|
28
|
+
client;
|
|
29
|
+
constructor(client) {
|
|
30
|
+
this.client = client;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Begin the device-authorization flow. Unauthenticated. Returns the codes the
|
|
34
|
+
* CLI prints (`user_code` + `verification_uri`) plus the poll `interval` and
|
|
35
|
+
* `expires_in`.
|
|
36
|
+
*/
|
|
37
|
+
async deviceStart(opts = {}) {
|
|
38
|
+
return this.client.request("/agent/v1/operator/session/device", {
|
|
39
|
+
method: "POST",
|
|
40
|
+
body: opts.clientName ? { client_name: opts.clientName } : {},
|
|
41
|
+
withAuth: false,
|
|
42
|
+
context: "starting operator device authorization",
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Poll once for approval. Bypasses the kernel's error mapping on purpose: the
|
|
47
|
+
* RFC 8628 error codes (`authorization_pending`, `slow_down`, ...) are normal
|
|
48
|
+
* polling states returned as data, not exceptions. Only an unexpected
|
|
49
|
+
* response shape throws.
|
|
50
|
+
*/
|
|
51
|
+
async devicePoll(deviceCode) {
|
|
52
|
+
const url = `${this.client.apiBase}/agent/v1/operator/session/device/token`;
|
|
53
|
+
let res;
|
|
54
|
+
try {
|
|
55
|
+
res = await this.client.fetch(url, {
|
|
56
|
+
method: "POST",
|
|
57
|
+
headers: { "Content-Type": "application/json" },
|
|
58
|
+
body: JSON.stringify({ device_code: deviceCode }),
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
catch (err) {
|
|
62
|
+
throw new NetworkError(`Network error while polling operator device token: ${err.message}`, err, "polling operator device token");
|
|
63
|
+
}
|
|
64
|
+
const body = (await res.json().catch(() => null));
|
|
65
|
+
if (res.ok && body && typeof body.operator_session_token === "string") {
|
|
66
|
+
return { kind: "approved", session: body };
|
|
67
|
+
}
|
|
68
|
+
const error = body && typeof body.error === "string" ? body.error : null;
|
|
69
|
+
if (error && POLL_ERROR_CODES.has(error)) {
|
|
70
|
+
return { kind: error };
|
|
71
|
+
}
|
|
72
|
+
throw new ApiError(`Unexpected operator device-token response (HTTP ${res.status})`, res.status, body, "polling operator device token");
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Fetch the account overview. With `opts.token` the request carries the
|
|
76
|
+
* operator-session bearer and returns the email-union; without it the request
|
|
77
|
+
* falls back to the credential provider's default auth (SIWX) and returns
|
|
78
|
+
* that wallet's slice. The CLI always passes a token (human-only surface); the
|
|
79
|
+
* SDK supports both because the gateway endpoint accepts both principals.
|
|
80
|
+
*/
|
|
81
|
+
async overview(opts = {}) {
|
|
82
|
+
if (opts.token) {
|
|
83
|
+
return this.client.request("/agent/v1/operator/overview", {
|
|
84
|
+
headers: { Authorization: `Bearer ${opts.token}` },
|
|
85
|
+
withAuth: false,
|
|
86
|
+
context: "fetching operator overview",
|
|
87
|
+
});
|
|
88
|
+
}
|
|
89
|
+
return this.client.request("/agent/v1/operator/overview", {
|
|
90
|
+
context: "fetching operator overview",
|
|
91
|
+
});
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Revoke the operator session server-side (the server half of
|
|
95
|
+
* `operator logout`). Idempotent on the gateway; returns 204. The local cache
|
|
96
|
+
* is cleared separately by the CLI.
|
|
97
|
+
*/
|
|
98
|
+
async revoke(opts) {
|
|
99
|
+
await this.client.request("/agent/v1/operator/session/revoke", {
|
|
100
|
+
method: "POST",
|
|
101
|
+
headers: { Authorization: `Bearer ${opts.token}` },
|
|
102
|
+
withAuth: false,
|
|
103
|
+
context: "revoking operator session",
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
//# sourceMappingURL=operator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"operator.js","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAmDtD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,uBAAuB;IACvB,WAAW;IACX,eAAe;IACf,eAAe;CAChB,CAAC,CAAC;AAEH,MAAM,OAAO,QAAQ;IACU;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAAgC,EAAE;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAkB,mCAAmC,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE;YAC7D,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,wCAAwC;SAClD,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB;QACjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC;QAC5E,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,YAAY,CACpB,sDAAuD,GAAa,CAAC,OAAO,EAAE,EAC9E,GAAG,EACH,+BAA+B,CAChC,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACpF,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACtE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAuC,EAAE,CAAC;QAChF,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,KAAsD,EAAE,CAAC;QAC1E,CAAC;QACD,MAAM,IAAI,QAAQ,CAChB,mDAAmD,GAAG,CAAC,MAAM,GAAG,EAChE,GAAG,CAAC,MAAM,EACV,IAAI,EACJ,+BAA+B,CAChC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA2B,EAAE;QAC1C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;gBAC1E,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;gBAClD,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;YAC1E,OAAO,EAAE,4BAA4B;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,IAAuB;QAClC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAU,mCAAmC,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;YAClD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,2BAA2B;SACrC,CAAC,CAAC;IACL,CAAC;CACF"}
|