smol-symphony 0.2.0 → 0.3.0

package/dist/src/shell/interp/credential-defaults.js

@@ -0,0 +1,128 @@
+// FCIS rewrite — default IO providers for the host-only credential adapter (kind:
+// adapter). Holds the real side effects the {@link CredentialPort} threads in:
+// default host credential paths, JSON file reads, the flock(1) cross-process
+// refresh lock, and the claude/codex refresher spawns. Re-exported from
+// interp/credential.ts so callers stay untouched.
+//
+// NodeNext ESM, .js extensions on relative imports. Imports src/types ONLY (plus
+// real node builtins) per the shell rule.
+import path from 'node:path';
+import os from 'node:os';
+import { Buffer } from 'node:buffer';
+import { readFile, mkdir } from 'node:fs/promises';
+import { spawn } from 'node:child_process';
+// ─── default host paths ─────────────────────────────────────────────────────────
+export const defaultClaudeCredentialsPath = () => path.join(os.homedir(), '.claude', '.credentials.json');
+export const defaultCodexCredentialsPath = () => path.join(os.homedir(), '.codex', 'auth.json');
+export const defaultClaudeIdentityPath = () => path.join(os.homedir(), '.claude.json');
+export const defaultLockPath = () => path.join(os.homedir(), '.symphony', 'oauth', 'refresh.lock');
+/** Read+parse a JSON file; returns null on any IO/parse failure (warns once). */
+export async function readJsonFile(p, log) {
+    let raw;
+    try {
+        raw = await readFile(p, 'utf8');
+    }
+    catch (err) {
+        log.emit('warn', 'credential: cannot read credentials', { path: p, error: err.message });
+        return null;
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        log.emit('warn', 'credential: credentials JSON parse failed', { path: p, error: err.message });
+        return null;
+    }
+}
+// ─── flock(1) cross-process refresh lock ────────────────────────────────────────
+/**
+ * Default cross-process lock: spawn `flock(1)` holding LOCK_EX on `lockPath`. The
+ * child prints `READY` once the kernel grants the lock then blocks on stdin via
+ * `exec cat`; release closes stdin → cat EOFs → flock exits → the kernel releases
+ * the lock on FD close. `-o` closes the lock FD in the exec'd child so only the
+ * flock parent holds it. Ported verbatim from credential-extractors.ts.
+ */
+export function defaultFlockAcquire(lockPath) {
+    return async (timeoutMs) => {
+        await mkdir(path.dirname(lockPath), { recursive: true });
+        const child = spawn('flock', ['-x', '-o', lockPath, 'sh', '-c', 'echo READY; exec cat'], {
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        try {
+            await waitForFlockReady(child, timeoutMs);
+        }
+        catch (err) {
+            try {
+                child.kill('SIGKILL');
+            }
+            catch { /* ignore */ }
+            throw err;
+        }
+        return makeFlockRelease(child);
+    };
+}
+function waitForFlockReady(child, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        let settled = false;
+        let stdoutBuf = '';
+        let stderrBuf = '';
+        const timer = setTimeout(() => {
+            if (settled)
+                return;
+            settled = true;
+            reject(new Error('credential: refresh lock acquire timeout'));
+        }, timeoutMs);
+        const settle = (err) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            if (err)
+                reject(err);
+            else
+                resolve();
+        };
+        child.stdout?.on('data', (c) => { stdoutBuf += c.toString('utf8'); if (stdoutBuf.includes('READY'))
+            settle(null); });
+        child.stderr?.on('data', (c) => { stderrBuf += c.toString('utf8'); });
+        child.once('error', (err) => settle(err));
+        child.once('exit', (code, signal) => settle(new Error(`flock exited before ready (code=${code}, signal=${signal}, stderr=${stderrBuf.trim()})`)));
+    });
+}
+function makeFlockRelease(child) {
+    let released = false;
+    return async () => {
+        if (released)
+            return;
+        released = true;
+        try {
+            child.stdin?.end();
+        }
+        catch { /* ignore */ }
+        if (child.exitCode !== null || child.signalCode !== null)
+            return;
+        const sigterm = setTimeout(() => { try {
+            child.kill('SIGTERM');
+        }
+        catch { /* ignore */ } }, 2_000);
+        await new Promise((resolve) => child.once('exit', () => resolve()));
+        clearTimeout(sigterm);
+    };
+}
+// ─── default refreshers (claude -p / codex exec) ────────────────────────────────
+/** Spawn `claude -p ok` — Anthropic's own client refreshes + rewrites ~/.claude/.credentials.json. */
+export function defaultClaudeRefresher() {
+    return () => spawnExit('claude', ['-p', 'ok']);
+}
+/** Spawn `codex exec` — codex's own auth manager rotates ~/.codex/auth.json (issue 161). */
+export function defaultCodexRefresher() {
+    return () => spawnExit('codex', ['exec', '--skip-git-repo-check', '-s', 'read-only', 'ok']);
+}
+function spawnExit(cmd, args) {
+    return new Promise((resolve, reject) => {
+        const p = spawn(cmd, args, { stdio: 'ignore' });
+        p.once('error', reject);
+        p.once('exit', (code) => (code === 0 ? resolve() : reject(new Error(`${cmd} exited with code ${code ?? '<null>'}`))));
+    });
+}
+//# sourceMappingURL=credential-defaults.js.map

package/dist/src/shell/interp/credential-defaults.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-defaults.js","sourceRoot":"","sources":["../../../../src/shell/interp/credential-defaults.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,+EAA+E;AAC/E,6EAA6E;AAC7E,wEAAwE;AACxE,kDAAkD;AAClD,EAAE;AACF,iFAAiF;AACjF,0CAA0C;AAE1C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAI9D,mFAAmF;AAEnF,MAAM,CAAC,MAAM,4BAA4B,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;AAClH,MAAM,CAAC,MAAM,2BAA2B,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;AACxG,MAAM,CAAC,MAAM,yBAAyB,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC;AAC/F,MAAM,CAAC,MAAM,eAAe,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;AAE3G,iFAAiF;AACjF,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,CAAS,EAAE,GAAgB;IAC5D,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,qCAAqC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACpG,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,2CAA2C,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1G,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mFAAmF;AAEnF;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,OAAO,KAAK,EAAE,SAAiB,EAAE,EAAE;QACjC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,CAAC,EAAE;YACvF,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,iBAAiB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAmB,EAAE,SAAiB;IAC/D,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;QAChE,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,MAAM,MAAM,GAAG,CAAC,GAAiB,EAAQ,EAAE;YACzC,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,GAAG;gBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;gBAAM,OAAO,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,GAAG,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7H,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,GAAG,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9E,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAClC,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAmC,IAAI,YAAY,MAAM,YAAY,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACjH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAmB;IAC3C,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,OAAO,KAAK,IAAI,EAAE;QAChB,IAAI,QAAQ;YAAE,OAAO;QACrB,QAAQ,GAAG,IAAI,CAAC;QAChB,IAAI,CAAC;YAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAClD,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,KAAK,IAAI;YAAE,OAAO;QACjE,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACnG,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC1E,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC,CAAC;AACJ,CAAC;AAED,mFAAmF;AAEnF,sGAAsG;AACtG,MAAM,UAAU,sBAAsB;IACpC,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,4FAA4F;AAC5F,MAAM,UAAU,qBAAqB;IACnC,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC;AAC9F,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,IAAc;IAC5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,GAAG,qBAAqB,IAAI,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACxH,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/src/shell/interp/credential-hooks.js

@@ -0,0 +1,149 @@
+// FCIS rewrite — Gondolin egress onRequest hooks + per-VM createHttpHooks builder
+// for the host-only credential adapter (kind: adapter). Standing egress audit, the
+// codex chatgpt-backend route swap, the hook chainer, and buildVmHttpHooks.
+// Re-exported from interp/credential.ts.
+//
+// NodeNext ESM, .js extensions on relative imports. Imports src/types ONLY (plus
+// the real Gondolin SDK) per the shell rule.
+import { createHttpHooks, } from '@earendil-works/gondolin';
+/**
+ * The codex METERED platform host the chatgpt-backend route redirects FROM. The route
+ * swap applies ONLY to this host (→ `route.host`) and to requests already aimed at the
+ * backend host (`route.host`, so the path rewrite + `chatgpt-account-id` header still
+ * attach); EVERY other egress host passes through untouched. Without this gate the hook
+ * host-rewrites all non-backend egress to chatgpt.com — which broke a codex VM's
+ * `mise install` egress to registry.npmjs.org / nodejs.org (403 "Invalid URL").
+ * RCA: docs/research/codex-route-hook-host-rewrite-rca.md.
+ */
+const CODEX_PLATFORM_HOST = 'api.openai.com';
+/**
+ * Egress audit. Logs method+host+path (NEVER query/headers — a token can ride
+ * either) for EVERY guest egress request, then delegates to `inner`. Gondolin runs
+ * onRequest BEFORE its allow/deny check, so this is the only host-side window into
+ * in-VM egress. Pure pass-through. Ported from credential-secrets.ts.
+ */
+export function makeEgressAuditHook(adapterId, allowedHosts, inner, log) {
+    return async (request) => {
+        try {
+            const u = new URL(request.url);
+            const host = u.hostname;
+            const allowed = allowedHosts.some((h) => host === h || host.endsWith(`.${h}`));
+            log.emit('info', 'egress request', { adapter: adapterId, method: request.method, host, path: u.pathname, allowed });
+        }
+        catch { /* logging must never break egress */ }
+        return inner ? inner(request) : undefined;
+    };
+}
+/**
+ * Apply a codex chatgpt-backend route (critic gap): swap host → chatgpt.com,
+ * rewrite `/v1/*` → `/backend-api/codex/*`, and attach `chatgpt-account-id` when
+ * present. The DECISION (codexUpstreamRoute over a TokenInfo) lives in core; this
+ * shell hook just rebuilds the outbound Request with the decided host/path/headers
+ * so a ChatGPT-OAuth subscription token reaches the backend that accepts it (the
+ * platform API 401s the missing `api.responses.write` scope). API-key creds get a
+ * null route → the request passes through unchanged.
+ */
+export function makeCodexUpstreamRouteHook(resolveRoute) {
+    return (request) => {
+        const route = resolveRoute();
+        if (route === null)
+            return; // API-key credential: default platform route, untouched
+        let url;
+        try {
+            url = new URL(request.url);
+        }
+        catch {
+            return;
+        }
+        // Source-host gate: ONLY the metered platform host gets host-redirected to the
+        // backend; a request already at the backend host keeps its host but still gets the
+        // path rewrite + header; every OTHER host (npm, nodejs, the mise registry, …) passes
+        // through untouched (see CODEX_PLATFORM_HOST).
+        if (url.hostname !== CODEX_PLATFORM_HOST && url.hostname !== route.host)
+            return;
+        if (url.hostname === CODEX_PLATFORM_HOST) {
+            url.host = route.host;
+            url.hostname = route.host;
+        }
+        url.pathname = route.rewritePath(url.pathname);
+        const headers = new Headers(request.headers);
+        for (const [k, v] of Object.entries(route.extraHeaders))
+            headers.set(k, v);
+        // `duplex: 'half'` is required by undici/Node when a body stream is present; it
+        // is not in the lib `RequestInit` type, so the init object is cast at this seam.
+        const init = {
+            method: request.method,
+            headers,
+            body: request.body,
+            duplex: 'half',
+            redirect: request.redirect,
+        };
+        return new Request(url.toString(), init);
+    };
+}
+/**
+ * Egress request-side lazy refresh (issue 214). A pass-through `onRequest` hook that,
+ * for requests bound to one of the credential's substitution hosts, awaits `ensureFresh`
+ * (the registry's expiry-gated host refresh + fan-out) BEFORE returning — so when Gondolin
+ * substitutes the SecretManager value into the Authorization header, it injects the
+ * fresh token rather than the one that just expired in the refresh/request race.
+ *
+ * REQUEST-side ONLY: it never returns a Response and never buffers — so it cannot
+ * re-introduce the issue-135 streaming regression that an `onResponse` hook would (the
+ * NON-goal this issue pins). Other hosts pass straight through; refresh failures inside
+ * `ensureFresh` are swallowed (logging must never break egress).
+ */
+export function makeLazyRefreshHook(substitutionHosts, ensureFresh, log) {
+    return async (request) => {
+        try {
+            const host = new URL(request.url).hostname;
+            const onSubstitutionHost = substitutionHosts.some((h) => host === h || host.endsWith(`.${h}`));
+            if (onSubstitutionHost)
+                await ensureFresh();
+        }
+        catch (err) {
+            log.emit('warn', 'credential: lazy refresh hook error (egress continues)', { error: err.message });
+        }
+        // Pass-through: Gondolin substitutes the (now-fresh) secret value after this returns.
+    };
+}
+/** Chain two optional onRequest hooks; a Response/Request short-circuit from the first wins. */
+export function chainOnRequest(first, second) {
+    if (!first)
+        return second;
+    if (!second)
+        return first;
+    return async (request) => {
+        const r = await first(request);
+        if (r instanceof Response)
+            return r;
+        return second(r instanceof Request ? r : request);
+    };
+}
+/**
+ * Build the Gondolin `createHttpHooks` result for one adapter's VM. Wraps the
+ * adapter's optional guard in the egress-audit hook (standing observability).
+ *
+ * FIX (issue 135): NEVER register an `onResponse` hook — Gondolin only streams when
+ * `!onResponse` (`canStream = Boolean(body) && !httpHooks.onResponse`); with one set
+ * it FULLY BUFFERS every response, starving the in-VM streaming SDK → stream timeout
+ * → silent retry → ECONNRESET loop. The old onResponse was a pure billing-tell.
+ */
+export function buildVmHttpHooks(input, log) {
+    const allowedHosts = [...input.allowedHosts];
+    const onRequest = makeEgressAuditHook(input.adapterId, allowedHosts, input.onRequest, log);
+    const options = {
+        allowedHosts,
+        secrets: {
+            [input.secretName]: {
+                hosts: [...input.substitutionHosts],
+                // Seeded via updateSecret (registry seeds BEFORE first exec); never forwarded empty on the happy path.
+                value: '',
+                placeholder: input.placeholder,
+            },
+        },
+        onRequest,
+    };
+    return createHttpHooks(options);
+}
+//# sourceMappingURL=credential-hooks.js.map

package/dist/src/shell/interp/credential-hooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-hooks.js","sourceRoot":"","sources":["../../../../src/shell/interp/credential-hooks.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,mFAAmF;AACnF,4EAA4E;AAC5E,yCAAyC;AACzC,EAAE;AACF,iFAAiF;AACjF,6CAA6C;AAE7C,OAAO,EACL,eAAe,GAIhB,MAAM,0BAA0B,CAAC;AAIlC;;;;;;;;GAQG;AACH,MAAM,mBAAmB,GAAG,gBAAgB,CAAC;AAE7C;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,SAAuB,EACvB,YAA+B,EAC/B,KAAyC,EACzC,GAAgB;IAEhB,OAAO,KAAK,EAAE,OAAgB,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC;YACxB,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAC/E,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,gBAAgB,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACtH,CAAC;QAAC,MAAM,CAAC,CAAC,qCAAqC,CAAC,CAAC;QACjD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5C,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CACxC,YAA6C;IAE7C,OAAO,CAAC,OAAgB,EAAkB,EAAE;QAC1C,MAAM,KAAK,GAAG,YAAY,EAAE,CAAC;QAC7B,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,CAAC,wDAAwD;QACpF,IAAI,GAAQ,CAAC;QACb,IAAI,CAAC;YAAC,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO;QAAC,CAAC;QACrD,+EAA+E;QAC/E,mFAAmF;QACnF,qFAAqF;QACrF,+CAA+C;QAC/C,IAAI,GAAG,CAAC,QAAQ,KAAK,mBAAmB,IAAI,GAAG,CAAC,QAAQ,KAAK,KAAK,CAAC,IAAI;YAAE,OAAO;QAChF,IAAI,GAAG,CAAC,QAAQ,KAAK,mBAAmB,EAAE,CAAC;YACzC,GAAG,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;YACtB,GAAG,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;QAC5B,CAAC;QACD,GAAG,CAAC,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3E,gFAAgF;QAChF,iFAAiF;QACjF,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;SACD,CAAC;QAC5B,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,CAAC;IAC3C,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CACjC,iBAAoC,EACpC,WAAgC,EAChC,GAAgB;IAEhB,OAAO,KAAK,EAAE,OAAgB,EAAiB,EAAE;QAC/C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;YAC3C,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAC/F,IAAI,kBAAkB;gBAAE,MAAM,WAAW,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,wDAAwD,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAChH,CAAC;QACD,sFAAsF;IACxF,CAAC,CAAC;AACJ,CAAC;AAED,gGAAgG;AAChG,MAAM,UAAU,cAAc,CAC5B,KAAyC,EACzC,MAA0C;IAE1C,IAAI,CAAC,KAAK;QAAE,OAAO,MAAM,CAAC;IAC1B,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,OAAO,KAAK,EAAE,OAAgB,EAAE,EAAE;QAChC,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;QAC/B,IAAI,CAAC,YAAY,QAAQ;YAAE,OAAO,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC,CAAC,YAAY,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAwB,EAAE,GAAgB;IACzE,MAAM,YAAY,GAAG,CAAC,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,EAAE,YAAY,EAAE,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC3F,MAAM,OAAO,GAA2B;QACtC,YAAY;QACZ,OAAO,EAAE;YACP,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE;gBAClB,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,iBAAiB,CAAC;gBACnC,uGAAuG;gBACvG,KAAK,EAAE,EAAE;gBACT,WAAW,EAAE,KAAK,CAAC,WAAW;aAC/B;SACF;QACD,SAAS;KACV,CAAC;IACF,OAAO,eAAe,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC"}

package/dist/src/shell/interp/credential-registry.js

@@ -0,0 +1,226 @@
+// FCIS rewrite — live per-VM SecretManager registry (the §4.3 fan-out + proactive
+// expiresAt tick) + the periodic refresh ticker, for the host-only credential
+// adapter (kind: adapter). Re-exported from interp/credential.ts so callers stay
+// untouched.
+//
+// NodeNext ESM, .js extensions on relative imports. Imports src/types ONLY (plus
+// the real Gondolin SDK) per the shell rule.
+/**
+ * Owns the live per-VM SecretManagers + the cached latest value per adapter. The
+ * §4.3 fan-out contract: register seeds from the latest cached value before
+ * returning (so a VM created during a refresh never starts stale) and schedules a
+ * per-VM proactive `expiresAt` tick; pushToAll updates every live manager (dropping
+ * any torn down mid-push); refreshAdapter runs the host refresh, re-reads, and fans
+ * out. Ported faithfully from credential-secrets.CredentialSecretRegistry.
+ */
+/** Default proactive-refresh margin when the substrate doesn't override it (5 min). */
+const DEFAULT_REFRESH_MARGIN_MS = 5 * 60 * 1000;
+export class CredentialSecretRegistry {
+    entries = new Map();
+    cachedValue = new Map();
+    cacheSeq = new Map();
+    /** Latest known absolute expiry per adapter (null = unknown); drives the lazy refresh. */
+    cachedExpiresAt = new Map();
+    /** In-flight host refresh per adapter, so concurrent egress requests share one round-trip. */
+    inFlight = new Map();
+    seq = 0;
+    readToken;
+    refresh;
+    log;
+    now;
+    setTimer;
+    clearTimer;
+    refreshMarginMs;
+    constructor(opts) {
+        this.readToken = opts.readToken;
+        this.refresh = opts.refresh;
+        this.log = opts.log;
+        this.now = opts.now ?? (() => Date.now());
+        this.setTimer =
+            opts.setTimer ??
+                ((cb, delayMs) => {
+                    const t = setTimeout(cb, delayMs);
+                    if (typeof t.unref === 'function')
+                        t.unref();
+                    return t;
+                });
+        this.clearTimer = opts.clearTimer ?? ((t) => clearTimeout(t));
+        this.refreshMarginMs = opts.refreshMarginMs ?? DEFAULT_REFRESH_MARGIN_MS;
+    }
+    async register(args) {
+        const key = `vm-${++this.seq}`;
+        const entry = { manager: args.manager, secretName: args.secretName, adapterId: args.adapterId, timer: null };
+        this.entries.set(key, entry);
+        const seqBefore = this.cacheSeq.get(args.adapterId) ?? 0;
+        const token = await this.safeReadToken(args.adapterId);
+        this.seedUnlessRotated(key, entry, args.adapterId, seqBefore, token);
+        if (token?.expiresAtMs != null)
+            this.scheduleProactive(key, entry, token.expiresAtMs);
+        return { key, deregister: () => this.deregister(key) };
+    }
+    deregister(key) {
+        const entry = this.entries.get(key);
+        if (!entry)
+            return;
+        if (entry.timer !== null) {
+            this.clearTimer(entry.timer);
+            entry.timer = null;
+        }
+        this.entries.delete(key);
+    }
+    size() {
+        return this.entries.size;
+    }
+    /** Push a fresh value to EVERY live manager for `adapterId` (cache first; drop the dead). */
+    pushToAll(adapterId, value) {
+        this.cachedValue.set(adapterId, value);
+        this.cacheSeq.set(adapterId, (this.cacheSeq.get(adapterId) ?? 0) + 1);
+        for (const [key, entry] of [...this.entries]) {
+            if (entry.adapterId !== adapterId)
+                continue;
+            this.applyToEntry(key, entry, value);
+        }
+    }
+    /**
+     * Run a host refresh for `adapterId`, re-read, fan out, and reschedule each VM's tick.
+     * Returns true when the host refresh SPAWN succeeded and a token was re-read; false on a
+     * GENUINE auth failure — the refresh threw (e.g. a revoked/expired refresh token that
+     * `claude -p ok` can't rotate, needing operator re-login) or no token could be re-read.
+     * The in-session 401 recovery (issue 214) keys its re-prompt-vs-end decision on this
+     * boolean — it ends the attempt only when the refresh itself failed. Either way the
+     * re-read value is still fanned out (a peer may have rotated the file under the shared
+     * flock). Concurrent callers share one host round-trip.
+     */
+    refreshAdapter(adapterId) {
+        const existing = this.inFlight.get(adapterId);
+        if (existing)
+            return existing;
+        const pending = this.runRefreshAndFanOut(adapterId).finally(() => {
+            if (this.inFlight.get(adapterId) === pending)
+                this.inFlight.delete(adapterId);
+        });
+        this.inFlight.set(adapterId, pending);
+        return pending;
+    }
+    async runRefreshAndFanOut(adapterId) {
+        let refreshOk = true;
+        try {
+            await this.refresh(adapterId);
+        }
+        catch (err) {
+            refreshOk = false;
+            this.log.emit('warn', 'credential: refresh failed', { adapter: adapterId, error: err.message });
+            // Fall through: re-read anyway — a peer may have rotated the file under the shared flock.
+        }
+        const token = await this.safeReadToken(adapterId);
+        if (token === null)
+            return false;
+        this.pushToAll(adapterId, token.accessToken);
+        this.cachedExpiresAt.set(adapterId, token.expiresAtMs ?? null);
+        if (token.expiresAtMs != null) {
+            for (const [key, entry] of [...this.entries]) {
+                if (entry.adapterId !== adapterId)
+                    continue;
+                this.scheduleProactive(key, entry, token.expiresAtMs);
+            }
+        }
+        return refreshOk;
+    }
+    /**
+     * Egress request-side lazy refresh (issue 214): called from the per-VM `onRequest`
+     * hook BEFORE Gondolin substitutes the secret value. If the cached token's expiry is
+     * KNOWN and within the refresh margin, await a host refresh + fan-out so the request
+     * proceeds on the fresh token. Expiry-unknown adapters are left to the proactive tick /
+     * ticker (refreshing on every request would hammer the host). Never throws.
+     */
+    async ensureFreshForRequest(adapterId) {
+        const expiresAt = this.cachedExpiresAt.get(adapterId);
+        if (expiresAt == null)
+            return; // unknown expiry → proactive tick owns it
+        if (expiresAt - this.now() > this.refreshMarginMs)
+            return; // still comfortably fresh
+        await this.refreshAdapter(adapterId);
+    }
+    seedUnlessRotated(key, entry, adapterId, seqBefore, token) {
+        if ((this.cacheSeq.get(adapterId) ?? 0) !== seqBefore)
+            return;
+        const seedValue = token?.accessToken ?? this.cachedValue.get(adapterId) ?? '';
+        if (token?.accessToken) {
+            this.cachedValue.set(adapterId, token.accessToken);
+            this.cachedExpiresAt.set(adapterId, token.expiresAtMs ?? null);
+        }
+        this.applyToEntry(key, entry, seedValue);
+    }
+    applyToEntry(key, entry, value) {
+        try {
+            entry.manager.updateSecret(entry.secretName, { value });
+        }
+        catch (err) {
+            this.log.emit('warn', 'credential: dropping dead secret manager', { adapter: entry.adapterId, error: err.message });
+            this.deregister(key);
+        }
+    }
+    async safeReadToken(adapterId) {
+        try {
+            return await this.readToken(adapterId);
+        }
+        catch (err) {
+            this.log.emit('warn', 'credential: readToken failed', { adapter: adapterId, error: err.message });
+            return null;
+        }
+    }
+    scheduleProactive(key, entry, expiresAtMs) {
+        if (entry.timer !== null) {
+            this.clearTimer(entry.timer);
+            entry.timer = null;
+        }
+        const delay = Math.max(0, expiresAtMs - this.now() - this.refreshMarginMs);
+        entry.timer = this.setTimer(() => {
+            entry.timer = null;
+            void this.refreshAdapter(entry.adapterId);
+        }, delay);
+    }
+}
+/** Periodic host-side refresh so a long idle window doesn't strand the access token. */
+export class CredentialTicker {
+    timer = null;
+    stopped = false;
+    intervalMs;
+    refreshAll;
+    log;
+    constructor(opts) {
+        this.intervalMs = opts.intervalMs;
+        this.refreshAll = opts.refreshAll;
+        this.log = opts.log;
+    }
+    start() {
+        if (this.timer || this.stopped)
+            return;
+        if (this.intervalMs <= 0) {
+            this.log.emit('info', 'credential ticker disabled (interval_ms <= 0)');
+            return;
+        }
+        this.timer = setInterval(() => void this.tick(), this.intervalMs);
+        if (typeof this.timer.unref === 'function')
+            this.timer.unref();
+        this.log.emit('info', 'credential ticker started', { interval_ms: this.intervalMs });
+    }
+    stop() {
+        this.stopped = true;
+        if (this.timer) {
+            clearInterval(this.timer);
+            this.timer = null;
+        }
+    }
+    async tick() {
+        if (this.stopped)
+            return;
+        try {
+            await this.refreshAll();
+        }
+        catch (err) {
+            this.log.emit('warn', 'credential ticker: refresh failed', { error: err.message });
+        }
+    }
+}
+//# sourceMappingURL=credential-registry.js.map

package/dist/src/shell/interp/credential-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-registry.js","sourceRoot":"","sources":["../../../../src/shell/interp/credential-registry.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,8EAA8E;AAC9E,iFAAiF;AACjF,aAAa;AACb,EAAE;AACF,iFAAiF;AACjF,6CAA6C;AAY7C;;;;;;;GAOG;AACH,uFAAuF;AACvF,MAAM,yBAAyB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEhD,MAAM,OAAO,wBAAwB;IAClB,OAAO,GAAG,IAAI,GAAG,EAAyB,CAAC;IAC3C,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC9C,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC5D,0FAA0F;IACzE,eAAe,GAAG,IAAI,GAAG,EAA+B,CAAC;IAC1E,8FAA8F;IAC7E,QAAQ,GAAG,IAAI,GAAG,EAAkC,CAAC;IAC9D,GAAG,GAAG,CAAC,CAAC;IACC,SAAS,CAAiD;IAC1D,OAAO,CAAqC;IAC5C,GAAG,CAAc;IACjB,GAAG,CAAe;IAClB,QAAQ,CAAsD;IAC9D,UAAU,CAA8B;IACxC,eAAe,CAAS;IAEzC,YAAY,IAAqC;QAC/C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC5B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACpB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ;YACX,IAAI,CAAC,QAAQ;gBACb,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,EAAE;oBACf,MAAM,CAAC,GAAG,UAAU,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;oBAClC,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,UAAU;wBAAE,CAAC,CAAC,KAAK,EAAE,CAAC;oBAC7C,OAAO,CAAC,CAAC;gBACX,CAAC,CAAC,CAAC;QACL,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,IAAI,yBAAyB,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAA6E;QAC1F,MAAM,GAAG,GAAG,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAkB,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC5H,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QACrE,IAAI,KAAK,EAAE,WAAW,IAAI,IAAI;YAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACtF,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;IACzD,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK;YAAE,OAAO;QACnB,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;QAAC,CAAC;QAC/E,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,6FAA6F;IAC7F,SAAS,CAAC,SAAuB,EAAE,KAAa;QAC9C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACtE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS;gBAAE,SAAS;YAC5C,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,cAAc,CAAC,SAAuB;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;YAC/D,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,OAAO;gBAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACtC,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,SAAuB;QACvD,IAAI,SAAS,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,GAAG,KAAK,CAAC;YAClB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3G,0FAA0F;QAC5F,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QACjC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QAC7C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,CAAC;QAC/D,IAAI,KAAK,CAAC,WAAW,IAAI,IAAI,EAAE,CAAC;YAC9B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7C,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS;oBAAE,SAAS;gBAC5C,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,qBAAqB,CAAC,SAAuB;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtD,IAAI,SAAS,IAAI,IAAI;YAAE,OAAO,CAAC,0CAA0C;QACzE,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe;YAAE,OAAO,CAAC,0BAA0B;QACrF,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACvC,CAAC;IAEO,iBAAiB,CACvB,GAAW,EACX,KAAoB,EACpB,SAAuB,EACvB,SAAiB,EACjB,KAAuB;QAEvB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,SAAS;YAAE,OAAO;QAC9D,MAAM,SAAS,GAAG,KAAK,EAAE,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC9E,IAAI,KAAK,EAAE,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IAC3C,CAAC;IAEO,YAAY,CAAC,GAAW,EAAE,KAAoB,EAAE,KAAa;QACnE,IAAI,CAAC;YACH,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,0CAA0C,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/H,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,SAAuB;QACjD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,8BAA8B,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7G,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,GAAW,EAAE,KAAoB,EAAE,WAAmB;QAC9E,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;QAAC,CAAC;QAC/E,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;QAC3E,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE;YAC/B,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;YACnB,KAAK,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC,EAAE,KAAK,CAAC,CAAC;IACZ,CAAC;CACF;AAED,wFAAwF;AACxF,MAAM,OAAO,gBAAgB;IACnB,KAAK,GAA0B,IAAI,CAAC;IACpC,OAAO,GAAG,KAAK,CAAC;IACP,UAAU,CAAS;IACnB,UAAU,CAAsB;IAChC,GAAG,CAAc;IAElC,YAAY,IAA6B;QACvC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACtB,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACvC,IAAI,IAAI,CAAC,UAAU,IAAI,CAAC,EAAE,CAAC;YAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,+CAA+C,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAC7G,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAClE,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,UAAU;YAAE,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/D,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,2BAA2B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,IAAI;QACF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAAC,CAAC;IACnE,CAAC;IAEO,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,mCAAmC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAChG,CAAC;IACH,CAAC;CACF"}

package/dist/src/shell/interp/credential.js

@@ -0,0 +1,103 @@
+// FCIS rewrite — host-only credential adapter (kind: adapter).
+//
+// Interprets the CredentialEffect family by implementing the {@link CredentialPort}
+// from src/types/ports. The host stays the SOLE owner of the durable refresh token;
+// the guest only ever sees a token-shaped placeholder that Gondolin substitutes at
+// egress (TLS-MITM).
+//
+// This is the IMPURE half of the original src/agent/credential-secrets.ts +
+// credential-extractors.ts + credential-ticker.ts. The PURE half (token/JWT
+// extraction, placeholder-JWT assembly, host-identity extraction, allowlist union,
+// codexUpstreamRoute decision) lives in src/core/credential and is wired in by the
+// composition root, which passes the pure deciders into this adapter as injected
+// function deps — so this file imports from src/types ONLY (plus the real Gondolin
+// SDK + node builtins + its credential-* shell siblings), per the shell rule.
+//
+// The cohesive IO providers / hooks / registry live in sibling files that
+// consumers import DIRECTLY (no barrel re-export here):
+//   - credential-defaults.ts: default paths, readJsonFile, flock, refreshers
+//   - credential-hooks.ts:    egress audit, codex route, builder
+//   - credential-registry.ts: the per-VM SecretManager registry + the refresh ticker
+//
+// NodeNext ESM, .js extensions on relative imports. Keep THIN — decisions live in core.
+import { defaultClaudeCredentialsPath, defaultCodexCredentialsPath, defaultClaudeIdentityPath, defaultLockPath, defaultFlockAcquire, defaultClaudeRefresher, defaultCodexRefresher, readJsonFile, } from './credential-defaults.js';
+function resolvePaths(opts) {
+    return {
+        claudeCredsPath: opts.claudeCredentialsPath ?? defaultClaudeCredentialsPath(),
+        codexCredsPath: opts.codexCredentialsPath ?? defaultCodexCredentialsPath(),
+        claudeIdentityPath: opts.claudeIdentityPath ?? defaultClaudeIdentityPath(),
+        codexIdentityPath: opts.codexIdentityPath ?? defaultCodexCredentialsPath(),
+    };
+}
+function resolveProviders(opts) {
+    return {
+        env: opts.env ?? process.env,
+        lockTimeoutMs: opts.lockAcquireTimeoutMs ?? 90_000,
+        acquireLock: opts.lockAcquire ?? defaultFlockAcquire(opts.lockPath ?? defaultLockPath()),
+        claudeRefresher: opts.claudeRefresher ?? defaultClaudeRefresher(),
+        codexRefresher: opts.codexRefresher ?? defaultCodexRefresher(),
+    };
+}
+function resolveConfig(opts) {
+    return { ...resolvePaths(opts), ...resolveProviders(opts) };
+}
+/**
+ * The host-only CredentialPort over real files + flock + refresher spawns. Probe
+ * does the file READ here, then hands the parsed JSON to the injected PURE
+ * extractor — keeping every decision in core.
+ */
+export class GondolinCredentialAdapter {
+    acquireLock;
+    pure;
+    log;
+    cfg;
+    constructor(opts) {
+        this.pure = opts.pure;
+        this.log = opts.log;
+        this.cfg = resolveConfig(opts);
+        this.acquireLock = this.cfg.acquireLock;
+    }
+    async probe(adapter) {
+        switch (adapter) {
+            case 'claude':
+                return this.pure.extractClaudeToken(await readJsonFile(this.cfg.claudeCredsPath, this.log));
+            case 'codex':
+                return (this.pure.extractCodexToken(await readJsonFile(this.cfg.codexCredsPath, this.log)) ??
+                    this.pure.codexEnvFallback(this.cfg.env));
+        }
+    }
+    async readClaudeIdentity() {
+        return this.pure.extractClaudeIdentity(await readJsonFile(this.cfg.claudeIdentityPath, this.log));
+    }
+    async readCodexIdentity() {
+        return this.pure.extractCodexMetadata(await readJsonFile(this.cfg.codexIdentityPath, this.log));
+    }
+    /** Refresh under the shared flock (fail-closed: never run the refresher unserialized). */
+    async refresh(adapter) {
+        await this.underLock(() => this.runRefresh(adapter));
+    }
+    async runRefresh(adapter) {
+        if (adapter === 'claude')
+            return this.cfg.claudeRefresher();
+        return this.cfg.codexRefresher();
+    }
+    async underLock(fn) {
+        let release = null;
+        try {
+            release = await this.acquireLock(this.cfg.lockTimeoutMs);
+        }
+        catch (err) {
+            // Fail closed: never run the refresher unserialized (would race a peer on the
+            // same creds file). The caller re-reads the cache and picks up the peer's rotation.
+            this.log.emit('warn', 'credential: lock acquire failed; skipping refresh', { error: err.message });
+            throw new Error('credential: refresh lock acquire timeout');
+        }
+        try {
+            await fn();
+        }
+        finally {
+            await release().catch((err) => this.log.emit('warn', 'credential: lock release error', { error: err.message }));
+        }
+    }
+}
+//# sourceMappingURL=credential.js.map

package/dist/src/shell/interp/credential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential.js","sourceRoot":"","sources":["../../../../src/shell/interp/credential.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,EAAE;AACF,oFAAoF;AACpF,oFAAoF;AACpF,mFAAmF;AACnF,qBAAqB;AACrB,EAAE;AACF,4EAA4E;AAC5E,4EAA4E;AAC5E,mFAAmF;AACnF,mFAAmF;AACnF,iFAAiF;AACjF,mFAAmF;AACnF,8EAA8E;AAC9E,EAAE;AACF,0EAA0E;AAC1E,wDAAwD;AACxD,6EAA6E;AAC7E,iEAAiE;AACjE,qFAAqF;AACrF,EAAE;AACF,wFAAwF;AAexF,OAAO,EACL,4BAA4B,EAC5B,2BAA2B,EAC3B,yBAAyB,EACzB,eAAe,EACf,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,YAAY,GACb,MAAM,0BAA0B,CAAC;AAiBlC,SAAS,YAAY,CAAC,IAAsC;IAG1D,OAAO;QACL,eAAe,EAAE,IAAI,CAAC,qBAAqB,IAAI,4BAA4B,EAAE;QAC7E,cAAc,EAAE,IAAI,CAAC,oBAAoB,IAAI,2BAA2B,EAAE;QAC1E,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,IAAI,yBAAyB,EAAE;QAC1E,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,IAAI,2BAA2B,EAAE;KAC3E,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAsC;IAG9D,OAAO;QACL,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG;QAC5B,aAAa,EAAE,IAAI,CAAC,oBAAoB,IAAI,MAAM;QAClD,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,IAAI,eAAe,EAAE,CAAC;QACxF,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,sBAAsB,EAAE;QACjE,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,qBAAqB,EAAE;KAC/D,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAsC;IAC3D,OAAO,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,yBAAyB;IAC3B,WAAW,CAAc;IAEjB,IAAI,CAAqB;IACzB,GAAG,CAAc;IACjB,GAAG,CAAiB;IAErC,YAAY,IAAsC;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACpB,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,OAAqB;QAC/B,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9F,KAAK,OAAO;gBACV,OAAO,CACL,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;oBAClF,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CACzC,CAAC;QACN,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,OAAO,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACpG,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,OAAO,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAClG,CAAC;IAED,0FAA0F;IAC1F,KAAK,CAAC,OAAO,CAAC,OAAqB;QACjC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;IACvD,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,OAAqB;QAC5C,IAAI,OAAO,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,EAAuB;QAC7C,IAAI,OAAO,GAAiC,IAAI,CAAC;QACjD,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,8EAA8E;YAC9E,oFAAoF;YACpF,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,mDAAmD,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9G,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,EAAE,CAAC;QACb,CAAC;gBAAS,CAAC;YACT,MAAM,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,gCAAgC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC7H,CAAC;IACH,CAAC;CACF"}