smol-symphony 0.3.3 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/WORKFLOW.template.yaml +34 -2
- package/assets/symphony-mise.system.toml +6 -0
- package/dist/core/credential/adapter-config.js +28 -0
- package/dist/core/credential/adapter-config.js.map +1 -1
- package/dist/core/credential/availability.js +44 -1
- package/dist/core/credential/availability.js.map +1 -1
- package/dist/core/credential/extract.js +34 -0
- package/dist/core/credential/extract.js.map +1 -1
- package/dist/core/credential/fake-creds.js +39 -2
- package/dist/core/credential/fake-creds.js.map +1 -1
- package/dist/core/credential/shape.js +19 -0
- package/dist/core/credential/shape.js.map +1 -1
- package/dist/core/mcp/pi-extension.js +124 -0
- package/dist/core/mcp/pi-extension.js.map +1 -0
- package/dist/core/workflow/validate.js +2 -2
- package/dist/core/workflow/validate.js.map +1 -1
- package/dist/shell/adapter/adapter-registry.js +23 -1
- package/dist/shell/adapter/adapter-registry.js.map +1 -1
- package/dist/shell/adapter/doctor.js +6 -0
- package/dist/shell/adapter/doctor.js.map +1 -1
- package/dist/shell/adapter/workflow-loader.js +20 -1
- package/dist/shell/adapter/workflow-loader.js.map +1 -1
- package/dist/shell/interp/credential-defaults.js +83 -1
- package/dist/shell/interp/credential-defaults.js.map +1 -1
- package/dist/shell/interp/credential.js +10 -1
- package/dist/shell/interp/credential.js.map +1 -1
- package/dist/shell/main-credential.js +1 -1
- package/dist/shell/main-credential.js.map +1 -1
- package/dist/shell/main-runner.js +19 -3
- package/dist/shell/main-runner.js.map +1 -1
- package/dist/shell/main.js +6 -5
- package/dist/shell/main.js.map +1 -1
- package/package.json +1 -1
package/WORKFLOW.template.yaml
CHANGED
|
@@ -54,13 +54,16 @@ tracker:
|
|
|
54
54
|
# and the landing directory for `symphony.propose_issue`.
|
|
55
55
|
# adapter (string, optional): override the workflow-level `acp.adapter` for
|
|
56
56
|
# agents dispatched in this state. Must be a known profile (claude,
|
|
57
|
-
# codex).
|
|
57
|
+
# codex, pi). All use host-side credential substitution at Gondolin
|
|
58
58
|
# egress and are startup-probed so a missing credential fails fast.
|
|
59
59
|
# claude has a single host credential file
|
|
60
60
|
# (~/.claude/.credentials.json) that is probed for readability; codex
|
|
61
61
|
# passes when either ~/.codex/auth.json holds a token (ChatGPT-OAuth
|
|
62
62
|
# tokens.access_token or a top-level OPENAI_API_KEY) or the host
|
|
63
|
-
# OPENAI_API_KEY env var is set.
|
|
63
|
+
# OPENAI_API_KEY env var is set; pi passes when ~/.pi/agent/auth.json
|
|
64
|
+
# holds a `github-copilot` entry (access or refresh token — log in
|
|
65
|
+
# once with `pi` /login on the host) or the host COPILOT_GITHUB_TOKEN
|
|
66
|
+
# env var is set.
|
|
64
67
|
# prompt_file (path): this state's prompt template, in its own file. The shell
|
|
65
68
|
# loader reads it and assembles `prompt.preamble_file` + this file +
|
|
66
69
|
# `prompt.footer_file` (see the top-level `prompt:` block below) into
|
|
@@ -746,6 +749,11 @@ acp:
|
|
|
746
749
|
# bearer (in a fake ~/.codex/auth.json); the host substitutes the
|
|
747
750
|
# real OpenAI/ChatGPT token at egress. No real credential — and no
|
|
748
751
|
# real OPENAI_API_KEY — enters the VM.
|
|
752
|
+
# pi — pi-acp wrapping `pi --mode rpc` (the pi coding agent), backed by a
|
|
753
|
+
# GitHub Copilot subscription. Same model: the guest holds a
|
|
754
|
+
# placeholder COPILOT_GITHUB_TOKEN env bearer; the host substitutes
|
|
755
|
+
# the real short-lived Copilot token at egress. No real credential
|
|
756
|
+
# enters the VM.
|
|
749
757
|
adapter: claude
|
|
750
758
|
|
|
751
759
|
# Credentials never enter the VM (issue 113; codex generalized in 116). The
|
|
@@ -768,6 +776,23 @@ acp:
|
|
|
768
776
|
# so codex-acp runs in its native mode without an in-VM OAuth handshake or
|
|
769
777
|
# refresh (both stay host-side). Every credential-bearing var is stripped from
|
|
770
778
|
# the forwarded VM boot env.
|
|
779
|
+
#
|
|
780
|
+
# For pi: the host credential is the `github-copilot` entry in
|
|
781
|
+
# ~/.pi/agent/auth.json — run `pi` once on the host and `/login` with GitHub
|
|
782
|
+
# Copilot to create it (or export COPILOT_GITHUB_TOKEN with a ready Copilot
|
|
783
|
+
# bearer). The host reads the short-lived `access` Copilot token (NEVER the
|
|
784
|
+
# durable `refresh` GitHub-OAuth token) and substitutes it at egress to
|
|
785
|
+
# api.individual.githubcopilot.com; when it nears expiry the host re-exchanges
|
|
786
|
+
# the refresh token against api.github.com/copilot_internal/v2/token directly
|
|
787
|
+
# (no model call) and rewrites auth.json. In the guest, pi resolves its bearer
|
|
788
|
+
# from the COPILOT_GITHUB_TOKEN placeholder env var (used verbatim — pi's env
|
|
789
|
+
# path performs no exchange/refresh), and `defaultProvider: github-copilot` is
|
|
790
|
+
# pinned via a staged ~/.pi/agent/settings.json. Because pi has no built-in MCP
|
|
791
|
+
# client (and pi-acp ignores the ACP mcpServers descriptor), symphony also
|
|
792
|
+
# stages a per-dispatch extension at ~/.pi/agent/extensions/symphony-mcp.ts
|
|
793
|
+
# that bridges the symphony tools (transition / request_human_steering /
|
|
794
|
+
# propose_issue) to the MCP endpoint. Business/enterprise Copilot endpoints
|
|
795
|
+
# (api.business.githubcopilot.com etc.) are not wired — individual only.
|
|
771
796
|
|
|
772
797
|
# model (string | null): optional model selector forwarded to the chosen adapter.
|
|
773
798
|
# Each adapter profile knows how to surface it natively:
|
|
@@ -775,6 +800,10 @@ acp:
|
|
|
775
800
|
# claude-agent-acp would (aliases like "opus", "sonnet", or full IDs
|
|
776
801
|
# like "claude-opus-4-7").
|
|
777
802
|
# codex — passed as `-c model="<value>"` argv to codex-acp (parsed as TOML).
|
|
803
|
+
# pi — written as `defaultModel` into the staged ~/.pi/agent/settings.json
|
|
804
|
+
# (pi-acp forwards no argv and pi has no model env var). Accepts a
|
|
805
|
+
# Copilot model id (e.g. "gpt-5", "claude-sonnet-4-6") or pi's
|
|
806
|
+
# provider/id + fuzzy forms; unset ⇒ pi's own Copilot default.
|
|
778
807
|
# Leave unset / null to use the adapter's own default model. Default: null.
|
|
779
808
|
# model: claude-opus-4-7
|
|
780
809
|
|
|
@@ -789,6 +818,9 @@ acp:
|
|
|
789
818
|
# from drifting from the adapter's own supported list.
|
|
790
819
|
# codex — not wired (codex-acp has no first-class effort knob on the wrapper);
|
|
791
820
|
# setting `acp.effort` for a codex-backed state is a no-op.
|
|
821
|
+
# pi — not wired (pi's thinking level shares the same settings.json the
|
|
822
|
+
# model pin is staged into, and the injection channels have no merge
|
|
823
|
+
# semantics); setting `acp.effort` for a pi-backed state is a no-op.
|
|
792
824
|
# Leave unset / null for the adapter's own default. Default: null.
|
|
793
825
|
# effort: xhigh
|
|
794
826
|
|
|
@@ -66,3 +66,9 @@ node = "24"
|
|
|
66
66
|
"npm:@agentclientprotocol/claude-agent-acp" = "0.39.0"
|
|
67
67
|
"npm:@zed-industries/codex-acp" = { version = "0.15.0", npm_args = "--ignore-scripts=false" }
|
|
68
68
|
"npm:opencode-ai" = { version = "1.15.12", npm_args = "--ignore-scripts=false" }
|
|
69
|
+
# pi (adapter: pi) — the pi coding agent + the pi-acp ACP wrapper that spawns
|
|
70
|
+
# `pi --mode rpc` (pi has no native ACP mode). Both are pure JS with NO install
|
|
71
|
+
# scripts (pi's own docs install with --ignore-scripts), so plain pins suffice.
|
|
72
|
+
# pi-coding-agent needs node >= 22.19 — satisfied by the node pin above.
|
|
73
|
+
"npm:@earendil-works/pi-coding-agent" = "0.79.1"
|
|
74
|
+
"npm:pi-acp" = "0.0.27"
|
|
@@ -102,6 +102,27 @@ export function codexPlaceholderAuthSpec() {
|
|
|
102
102
|
guestPath: CODEX_AUTH_GUEST_PATH,
|
|
103
103
|
};
|
|
104
104
|
}
|
|
105
|
+
// ── pi settings.json (provider + model) ────────────────────────────────────
|
|
106
|
+
/** Absolute guest path pi's global settings.json lands at. */
|
|
107
|
+
export const PI_SETTINGS_GUEST_PATH = '/root/.pi/agent/settings.json';
|
|
108
|
+
/**
|
|
109
|
+
* The pi `~/.pi/agent/settings.json` spec. pi-acp spawns `pi --mode rpc` with
|
|
110
|
+
* NO passthrough argv and pi has no model env var, so provider/model selection
|
|
111
|
+
* rides pi's own global settings file. `defaultProvider` is always pinned to
|
|
112
|
+
* `github-copilot` (the only provider symphony stages a credential for);
|
|
113
|
+
* `defaultModel` is included only when a model was chosen (omitted ⇒ pi's own
|
|
114
|
+
* Copilot default).
|
|
115
|
+
*/
|
|
116
|
+
export function piSettingsSpec(model) {
|
|
117
|
+
return {
|
|
118
|
+
stagedName: 'pi-settings.json',
|
|
119
|
+
content: JSON.stringify({
|
|
120
|
+
defaultProvider: 'github-copilot',
|
|
121
|
+
...(model !== null && model.length > 0 ? { defaultModel: model } : {}),
|
|
122
|
+
}),
|
|
123
|
+
guestPath: PI_SETTINGS_GUEST_PATH,
|
|
124
|
+
};
|
|
125
|
+
}
|
|
105
126
|
/**
|
|
106
127
|
* Aggregate every staged-file spec one adapter dispatch needs into a single
|
|
107
128
|
* `StagedFileSpec[]`, in a stable order (identity/config first, then the
|
|
@@ -113,6 +134,9 @@ export function codexPlaceholderAuthSpec() {
|
|
|
113
134
|
* • claude — optional non-secret identity (when extracted) + optional
|
|
114
135
|
* effortLevel settings.json (when effort is set).
|
|
115
136
|
* • codex — the fake placeholder auth.json (always; the init check needs it).
|
|
137
|
+
* • pi — the settings.json provider/model pin (always; `effort` is not
|
|
138
|
+
* wired for pi — there is no collision-free channel for pi's
|
|
139
|
+
* thinking level alongside the model file).
|
|
116
140
|
*/
|
|
117
141
|
export function buildStagedConfigs(input) {
|
|
118
142
|
const specs = [];
|
|
@@ -130,6 +154,10 @@ export function buildStagedConfigs(input) {
|
|
|
130
154
|
specs.push(codexPlaceholderAuthSpec());
|
|
131
155
|
break;
|
|
132
156
|
}
|
|
157
|
+
case 'pi': {
|
|
158
|
+
specs.push(piSettingsSpec(input.model));
|
|
159
|
+
break;
|
|
160
|
+
}
|
|
133
161
|
}
|
|
134
162
|
return specs;
|
|
135
163
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adapter-config.js","sourceRoot":"","sources":["../../../src/core/credential/adapter-config.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,EAAE;AACF,gEAAgE;AAChE,mFAAmF;AACnF,qEAAqE;AACrE,+EAA+E;AAC/E,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAChF,+EAA+E;AAC/E,6EAA6E;AAC7E,2EAA2E;AAC3E,+EAA+E;AAC/E,gFAAgF;AAChF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,EAAE;AACF,sFAAsF;AACtF,gFAAgF;AAChF,iFAAiF;AACjF,qFAAqF;AACrF,mDAAmD;AACnD,mFAAmF;AACnF,EAAE;AACF,mDAAmD;AACnD,gFAAgF;AAChF,8EAA8E;AAC9E,kFAAkF;AAClF,0EAA0E;AAC1E,uEAAuE;AACvE,gFAAgF;AAChF,8DAA8D;AAS9D,8EAA8E;AAE9E,2EAA2E;AAC3E,MAAM,CAAC,MAAM,0BAA0B,GAAG,6BAA6B,CAAC;AAExE,wEAAwE;AACxE,MAAM,CAAC,MAAM,0BAA0B,GAAG,oBAAoB,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,OAAO;QACL,UAAU,EAAE,sBAAsB;QAClC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;QAChD,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA+B;IAChE,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,UAAU,EAAE,aAAa;QACzB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,YAAY,EAAE;gBACZ,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;aAC5C;SACF,CAAC;QACF,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,6DAA6D;AAC7D,MAAM,CAAC,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAE9D,kFAAkF;AAClF,MAAM,CAAC,MAAM,yBAAyB,GAAG,yBAAyB,CAAC;AAEnE;;;;;;;;;GASG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO;QACL,UAAU,EAAE,WAAW;QACvB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,cAAc,EAAE,yBAAyB;YACzC,SAAS,EAAE,QAAQ;SACpB,CAAC;QACF,SAAS,EAAE,qBAAqB;KACjC,CAAC;AACJ,CAAC;AAeD
|
|
1
|
+
{"version":3,"file":"adapter-config.js","sourceRoot":"","sources":["../../../src/core/credential/adapter-config.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,EAAE;AACF,gEAAgE;AAChE,mFAAmF;AACnF,qEAAqE;AACrE,+EAA+E;AAC/E,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAChF,+EAA+E;AAC/E,6EAA6E;AAC7E,2EAA2E;AAC3E,+EAA+E;AAC/E,gFAAgF;AAChF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,EAAE;AACF,sFAAsF;AACtF,gFAAgF;AAChF,iFAAiF;AACjF,qFAAqF;AACrF,mDAAmD;AACnD,mFAAmF;AACnF,EAAE;AACF,mDAAmD;AACnD,gFAAgF;AAChF,8EAA8E;AAC9E,kFAAkF;AAClF,0EAA0E;AAC1E,uEAAuE;AACvE,gFAAgF;AAChF,8DAA8D;AAS9D,8EAA8E;AAE9E,2EAA2E;AAC3E,MAAM,CAAC,MAAM,0BAA0B,GAAG,6BAA6B,CAAC;AAExE,wEAAwE;AACxE,MAAM,CAAC,MAAM,0BAA0B,GAAG,oBAAoB,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,OAAO;QACL,UAAU,EAAE,sBAAsB;QAClC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;QAChD,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA+B;IAChE,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,UAAU,EAAE,aAAa;QACzB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,YAAY,EAAE;gBACZ,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;aAC5C;SACF,CAAC;QACF,SAAS,EAAE,0BAA0B;KACtC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,6DAA6D;AAC7D,MAAM,CAAC,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAE9D,kFAAkF;AAClF,MAAM,CAAC,MAAM,yBAAyB,GAAG,yBAAyB,CAAC;AAEnE;;;;;;;;;GASG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO;QACL,UAAU,EAAE,WAAW;QACvB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,cAAc,EAAE,yBAAyB;YACzC,SAAS,EAAE,QAAQ;SACpB,CAAC;QACF,SAAS,EAAE,qBAAqB;KACjC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,8DAA8D;AAC9D,MAAM,CAAC,MAAM,sBAAsB,GAAG,+BAA+B,CAAC;AAEtE;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,KAAoB;IACjD,OAAO;QACL,UAAU,EAAE,kBAAkB;QAC9B,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;YACtB,eAAe,EAAE,gBAAgB;YACjC,GAAG,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvE,CAAC;QACF,SAAS,EAAE,sBAAsB;KAClC,CAAC;AACJ,CAAC;AAeD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAwB;IACzD,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,QAAQ,KAAK,CAAC,OAAO,EAAE,CAAC;QACtB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,QAAQ,GAAG,kBAAkB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC1D,IAAI,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,CAAC;YACD,MAAM;QACR,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,CAAC,CAAC;YACvC,MAAM;QACR,CAAC;QACD,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YACxC,MAAM;QACR,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -31,7 +31,7 @@ import { nonEmptyString } from './strings.js';
|
|
|
31
31
|
// The seam between the config layer and the IO adapter layer: both sides agree
|
|
32
32
|
// on which adapter ids exist. The full adapter *profile* lives elsewhere
|
|
33
33
|
// (AdapterProfile / the shell's adapter registry); this is only the id set.
|
|
34
|
-
export const KNOWN_ADAPTER_IDS = ['claude', 'codex'];
|
|
34
|
+
export const KNOWN_ADAPTER_IDS = ['claude', 'codex', 'pi'];
|
|
35
35
|
export function isKnownAdapter(id) {
|
|
36
36
|
return KNOWN_ADAPTER_IDS.includes(id);
|
|
37
37
|
}
|
|
@@ -53,6 +53,10 @@ export function hostClaudeCredentialPath(homeDir) {
|
|
|
53
53
|
export function hostCodexCredentialPath(homeDir) {
|
|
54
54
|
return joinPath(homeDir, '.codex', 'auth.json');
|
|
55
55
|
}
|
|
56
|
+
/** Absolute path to the host's pi credential file (`~/.pi/agent/auth.json`). */
|
|
57
|
+
export function hostPiCredentialPath(homeDir) {
|
|
58
|
+
return joinPath(homeDir, '.pi', 'agent', 'auth.json');
|
|
59
|
+
}
|
|
56
60
|
// ─── codex credential resolution ─────────────────────────────────────────────
|
|
57
61
|
/**
|
|
58
62
|
* Pure: does codex have a resolvable credential from either valid source? The
|
|
@@ -80,6 +84,45 @@ export function codexCredentialAvailable(authFileText, env) {
|
|
|
80
84
|
export function codexMissingCredentialMessage(homeDir) {
|
|
81
85
|
return `adapter "codex" requires a host credential, but none is available: neither a token in ${hostCodexCredentialPath(homeDir)} (ChatGPT-OAuth tokens.access_token or OPENAI_API_KEY) nor an OPENAI_API_KEY environment variable is present`;
|
|
82
86
|
}
|
|
87
|
+
// ─── pi (GitHub Copilot) credential resolution ───────────────────────────────
|
|
88
|
+
/**
|
|
89
|
+
* Pure: does pi have a resolvable GitHub-Copilot credential from either valid
|
|
90
|
+
* source? The host reads two — the `github-copilot` entry in `~/.pi/agent/auth.json`
|
|
91
|
+
* (either a live short-lived `access` Copilot token or the durable `refresh`
|
|
92
|
+
* GitHub-OAuth token the host refresher can mint one from) or a
|
|
93
|
+
* `COPILOT_GITHUB_TOKEN` env var (used verbatim as the Copilot bearer, no
|
|
94
|
+
* refresh). The shell reads the file (passing `null` when absent/unreadable)
|
|
95
|
+
* and its env in, mirroring the dispatch-time resolution.
|
|
96
|
+
*/
|
|
97
|
+
export function piCredentialAvailable(authFileText, env) {
|
|
98
|
+
if (nonEmptyString(env['COPILOT_GITHUB_TOKEN']))
|
|
99
|
+
return true;
|
|
100
|
+
if (authFileText === null)
|
|
101
|
+
return false;
|
|
102
|
+
let parsed;
|
|
103
|
+
try {
|
|
104
|
+
parsed = JSON.parse(authFileText);
|
|
105
|
+
}
|
|
106
|
+
catch {
|
|
107
|
+
return false;
|
|
108
|
+
}
|
|
109
|
+
return piAuthFileHasCredential(parsed);
|
|
110
|
+
}
|
|
111
|
+
/** Human-readable explanation of which pi credential sources were checked. */
|
|
112
|
+
export function piMissingCredentialMessage(homeDir) {
|
|
113
|
+
return `adapter "pi" requires a host credential, but none is available: neither a github-copilot entry in ${hostPiCredentialPath(homeDir)} (run \`pi\` on the host and /login with GitHub Copilot) nor a COPILOT_GITHUB_TOKEN environment variable is present`;
|
|
114
|
+
}
|
|
115
|
+
function piAuthFileHasCredential(parsed) {
|
|
116
|
+
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
|
|
117
|
+
return false;
|
|
118
|
+
const entry = parsed['github-copilot'];
|
|
119
|
+
if (!entry || typeof entry !== 'object' || Array.isArray(entry))
|
|
120
|
+
return false;
|
|
121
|
+
const rec = entry;
|
|
122
|
+
// Either a live access token (substitutable now) or the durable refresh token
|
|
123
|
+
// (the host refresher mints a fresh access token before dispatch needs it).
|
|
124
|
+
return nonEmptyString(rec['access']) !== null || nonEmptyString(rec['refresh']) !== null;
|
|
125
|
+
}
|
|
83
126
|
function codexAuthFileHasToken(parsed) {
|
|
84
127
|
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
|
|
85
128
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"availability.js","sourceRoot":"","sources":["../../../src/core/credential/availability.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,EAAE;AACF,oEAAoE;AACpE,6DAA6D;AAC7D,0EAA0E;AAC1E,EAAE;AACF,4EAA4E;AAC5E,iFAAiF;AACjF,yDAAyD;AACzD,EAAE;AACF,0DAA0D;AAC1D,EAAE;AACF,6DAA6D;AAC7D,2EAA2E;AAC3E,iFAAiF;AACjF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,+EAA+E;AAC/E,oFAAoF;AACpF,uEAAuE;AACvE,EAAE;AACF,+EAA+E;AAC/E,+EAA+E;AAC/E,iFAAiF;AACjF,qEAAqE;AAIrE,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,+EAA+E;AAC/E,yEAAyE;AACzE,4EAA4E;AAE5E,MAAM,CAAC,MAAM,iBAAiB,GAA4B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"availability.js","sourceRoot":"","sources":["../../../src/core/credential/availability.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,EAAE;AACF,oEAAoE;AACpE,6DAA6D;AAC7D,0EAA0E;AAC1E,EAAE;AACF,4EAA4E;AAC5E,iFAAiF;AACjF,yDAAyD;AACzD,EAAE;AACF,0DAA0D;AAC1D,EAAE;AACF,6DAA6D;AAC7D,2EAA2E;AAC3E,iFAAiF;AACjF,8EAA8E;AAC9E,0EAA0E;AAC1E,6EAA6E;AAC7E,+EAA+E;AAC/E,oFAAoF;AACpF,uEAAuE;AACvE,EAAE;AACF,+EAA+E;AAC/E,+EAA+E;AAC/E,iFAAiF;AACjF,qEAAqE;AAIrE,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,+EAA+E;AAC/E,yEAAyE;AACzE,4EAA4E;AAE5E,MAAM,CAAC,MAAM,iBAAiB,GAA4B,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAEpF,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,OAAQ,iBAAuC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,yEAAyE;AACzE,oEAAoE;AACpE,MAAM,QAAQ,GAAG,cAAc,CAAC;AAEhC,gFAAgF;AAChF,EAAE;AACF,yEAAyE;AACzE,gFAAgF;AAChF,4EAA4E;AAC5E,6EAA6E;AAC7E,mDAAmD;AAEnD,gGAAgG;AAChG,MAAM,UAAU,wBAAwB,CAAC,OAAe;IACtD,OAAO,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;AAC3D,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACrD,OAAO,QAAQ,CAAC,OAAO,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;AAClD,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,OAAO,QAAQ,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AAED,gFAAgF;AAEhF;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,YAA2B,EAC3B,GAAgB;IAEhB,IAAI,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACvD,IAAI,YAAY,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,6BAA6B,CAAC,OAAe;IAC3D,OAAO,yFAAyF,uBAAuB,CACrH,OAAO,CACR,8GAA8G,CAAC;AAClH,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,YAA2B,EAC3B,GAAgB;IAEhB,IAAI,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7D,IAAI,YAAY,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,uBAAuB,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,0BAA0B,CAAC,OAAe;IACxD,OAAO,qGAAqG,oBAAoB,CAC9H,OAAO,CACR,qHAAqH,CAAC;AACzH,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAe;IAC9C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACjF,MAAM,KAAK,GAAI,MAAkC,CAAC,gBAAgB,CAAC,CAAC;IACpE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9E,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,8EAA8E;IAC9E,4EAA4E;IAC5E,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,CAAC;AAC3F,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAe;IAC5C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACjF,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,IAAI,cAAc,CAAE,MAAkC,CAAC,cAAc,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IACvF,CAAC;IACD,OAAO,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,KAAK,IAAI,CAAC;AACzD,CAAC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,+EAA+E;AAC/E,2EAA2E"}
|
|
@@ -91,6 +91,40 @@ export function codexEnvFallback(env) {
|
|
|
91
91
|
const key = nonEmptyString(env['OPENAI_API_KEY']);
|
|
92
92
|
return key === null ? null : { accessToken: key, expiresAtMs: null };
|
|
93
93
|
}
|
|
94
|
+
// ── pi (GitHub Copilot) ───────────────────────────────────────────────────────
|
|
95
|
+
/**
|
|
96
|
+
* Pull the short-lived Copilot access token out of the already-parsed pi
|
|
97
|
+
* `~/.pi/agent/auth.json`. pi stores `{ "github-copilot": { type, refresh,
|
|
98
|
+
* access, expires, enterpriseUrl? } }` where `access` is the Copilot bearer the
|
|
99
|
+
* Copilot API accepts and `expires` is its absolute expiry in ms since epoch
|
|
100
|
+
* (pi already subtracts its own 5-minute safety margin before storing).
|
|
101
|
+
*
|
|
102
|
+
* The durable `refresh` GitHub-OAuth token is NEVER read here — it stays
|
|
103
|
+
* host-side (the host refresher exchanges it for a fresh access token), so an
|
|
104
|
+
* in-VM agent can neither see nor rotate the durable credential.
|
|
105
|
+
*/
|
|
106
|
+
export function extractPiToken(parsed) {
|
|
107
|
+
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
|
|
108
|
+
return null;
|
|
109
|
+
const entry = parsed['github-copilot'];
|
|
110
|
+
if (!entry || typeof entry !== 'object' || Array.isArray(entry))
|
|
111
|
+
return null;
|
|
112
|
+
const rec = entry;
|
|
113
|
+
const access = nonEmptyString(rec['access']);
|
|
114
|
+
if (access === null)
|
|
115
|
+
return null;
|
|
116
|
+
return { accessToken: access, expiresAtMs: coerceExpiresAtMs(rec['expires']) };
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Pure: read `COPILOT_GITHUB_TOKEN` from a host-environment snapshot as a pi
|
|
120
|
+
* credential fallback. The value is treated as a ready-to-send Copilot bearer
|
|
121
|
+
* (mirroring pi's own env-var semantics: used verbatim, never exchanged or
|
|
122
|
+
* refreshed), so the expiry is unknown (null → on-demand re-read degradation).
|
|
123
|
+
*/
|
|
124
|
+
export function piEnvFallback(env) {
|
|
125
|
+
const token = nonEmptyString(env['COPILOT_GITHUB_TOKEN']);
|
|
126
|
+
return token === null ? null : { accessToken: token, expiresAtMs: null };
|
|
127
|
+
}
|
|
94
128
|
// ── JWT / expiry coercion ───────────────────────────────────────────────────────
|
|
95
129
|
/**
|
|
96
130
|
* Decode a JWT's `exp` claim (seconds since epoch) and return it as ms since
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../src/core/credential/extract.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,qCAAqC;AACrC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,iFAAiF;AACjF,0EAA0E;AAC1E,oFAAoF;AACpF,iFAAiF;AACjF,iFAAiF;AACjF,mEAAmE;AACnE,mFAAmF;AACnF,kFAAkF;AAClF,mFAAmF;AACnF,EAAE;AACF,+EAA+E;AAC/E,iFAAiF;AACjF,iFAAiF;AACjF,8EAA8E;AAC9E,+EAA+E;AAC/E,aAAa;AAGb,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAQ9C,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAe;IAChD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IACpC,MAAM,SAAS,GACb,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzD,CAAC,CAAE,KAAiC;QACpC,CAAC,CAAC,IAAI,CAAC;IACX,MAAM,WAAW,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,WAAW,GAAG,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;IAC9D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAC/C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QACrD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,qEAAqE;YACrE,yEAAyE;YACzE,uEAAuE;YACvE,gDAAgD;YAChD,OAAO;gBACL,WAAW,EAAE,KAAK;gBAClB,WAAW,EAAE,cAAc,CAAC,KAAK,CAAC;gBAClC,YAAY,EAAE,IAAI;gBAClB,gBAAgB,EAAE,cAAc,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;aACvD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,iFAAiF;IACjF,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtD,OAAO,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAc;IAC7C,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClD,OAAO,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACvE,CAAC;AAED,mFAAmF;AAEnF;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,IAAI,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACnF,MAAM,GAAG,GAAI,OAAmC,CAAC,KAAK,CAAC,CAAC;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,OAAO,GAAG,GAAG,IAAI,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,UAAU,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gFAAgF;AAEhF,uFAAuF;AACvF,SAAS,iBAAiB,CAAC,IAA6B;IACtD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,0EAA0E;AAC1E,MAAM,eAAe,GAAG,kEAAkE,CAAC;AAE3F;;;;;;;;;GASG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;AAClC,CAAC;AAED,8EAA8E;AAC9E,SAAS,gBAAgB,CAAC,GAAW;IACnC,uEAAuE;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACzE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,2BAA2B;IAClE,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;QACpD,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrB,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,CAAC;YACV,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4EAA4E;AAC5E,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAE,CAAC;QACvB,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QACD,IAAI,MAAc,CAAC;QACnB,IAAI,EAAU,CAAC;QACf,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,SAAS,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,CAAC,mBAAmB;YAC9E,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,IAAI,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../../src/core/credential/extract.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,qCAAqC;AACrC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,iFAAiF;AACjF,0EAA0E;AAC1E,oFAAoF;AACpF,iFAAiF;AACjF,iFAAiF;AACjF,mEAAmE;AACnE,mFAAmF;AACnF,kFAAkF;AAClF,mFAAmF;AACnF,EAAE;AACF,+EAA+E;AAC/E,iFAAiF;AACjF,iFAAiF;AACjF,8EAA8E;AAC9E,+EAA+E;AAC/E,aAAa;AAGb,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAQ9C,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAe;IAChD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IACpC,MAAM,SAAS,GACb,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzD,CAAC,CAAE,KAAiC;QACpC,CAAC,CAAC,IAAI,CAAC;IACX,MAAM,WAAW,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,WAAW,GAAG,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;IAC9D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAC/C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QACrD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,qEAAqE;YACrE,yEAAyE;YACzE,uEAAuE;YACvE,gDAAgD;YAChD,OAAO;gBACL,WAAW,EAAE,KAAK;gBAClB,WAAW,EAAE,cAAc,CAAC,KAAK,CAAC;gBAClC,YAAY,EAAE,IAAI;gBAClB,gBAAgB,EAAE,cAAc,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;aACvD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,iFAAiF;IACjF,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtD,OAAO,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAc;IAC7C,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClD,OAAO,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACvE,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,MAAe;IAC5C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,KAAK,GAAI,MAAkC,CAAC,gBAAgB,CAAC,CAAC;IACpE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;AACjF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAAc;IAC1C,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC;IAC1D,OAAO,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC3E,CAAC;AAED,mFAAmF;AAEnF;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,IAAI,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACnF,MAAM,GAAG,GAAI,OAAmC,CAAC,KAAK,CAAC,CAAC;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,OAAO,GAAG,GAAG,IAAI,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,UAAU,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gFAAgF;AAEhF,uFAAuF;AACvF,SAAS,iBAAiB,CAAC,IAA6B;IACtD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,0EAA0E;AAC1E,MAAM,eAAe,GAAG,kEAAkE,CAAC;AAE3F;;;;;;;;;GASG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;AAClC,CAAC;AAED,8EAA8E;AAC9E,SAAS,gBAAgB,CAAC,GAAW;IACnC,uEAAuE;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACzE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,2BAA2B;IAClE,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;QACpD,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrB,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,CAAC;YACV,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4EAA4E;AAC5E,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAE,CAAC;QACvB,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QACD,IAAI,MAAc,CAAC;QACnB,IAAI,EAAU,CAAC;QACf,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC;YACX,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,CAAC,uBAAuB;QACtC,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,SAAS,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,CAAC,mBAAmB;YAC9E,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,IAAI,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -18,7 +18,8 @@
|
|
|
18
18
|
// UUIDs; codex account_id / auth_mode / last_refresh). In this clean-room rewrite
|
|
19
19
|
// that IO lives in the SHELL: the shell reads + extracts the already-validated
|
|
20
20
|
// `ClaudeIdentity` / `CodexIdentity` and hands them to this core as plain data.
|
|
21
|
-
// This module is 100% synchronous, has ZERO IO, and imports ONLY from src/types
|
|
21
|
+
// This module is 100% synchronous, has ZERO IO, and imports ONLY from src/types
|
|
22
|
+
// (plus the pure core pi-extension generator for the pi MCP bridge).
|
|
22
23
|
//
|
|
23
24
|
// Defense-in-depth (codex review, HIGH, preserved from the reference): even
|
|
24
25
|
// though the shell extractor is expected to validate, this STAGING chokepoint
|
|
@@ -26,6 +27,7 @@
|
|
|
26
27
|
// never matches), `authMode` (closed set), and `lastRefresh` (ISO-timestamp
|
|
27
28
|
// shape) before embedding them into the staged auth.json. A token-shaped value is
|
|
28
29
|
// OMITTED regardless of which producer handed it to us.
|
|
30
|
+
import { buildPiSymphonyMcpExtension, PI_EXTENSION_GUEST_PATH } from '../mcp/pi-extension.js';
|
|
29
31
|
// SHARED account_id guard (codex review HIGH) — the ONE definition. Re-exported
|
|
30
32
|
// so this module's importers keep their specifier.
|
|
31
33
|
import { validAccountId } from './account-id.js';
|
|
@@ -39,6 +41,7 @@ export { validAccountId };
|
|
|
39
41
|
const CLAUDE_CREDENTIALS_GUEST_PATH = '/root/.claude/.credentials.json';
|
|
40
42
|
const CLAUDE_CONFIG_GUEST_PATH = '/root/.claude.json';
|
|
41
43
|
const CODEX_AUTH_GUEST_PATH = '/root/.codex/auth.json';
|
|
44
|
+
const PI_SETTINGS_GUEST_PATH = '/root/.pi/agent/settings.json';
|
|
42
45
|
// Creds files are 0600.
|
|
43
46
|
const CRED_FILE_MODE = 0o600;
|
|
44
47
|
// Far-future expiry (2100-01-01T00:00:00Z, ms since epoch) so the claude client
|
|
@@ -82,8 +85,17 @@ export function buildGondolinFakeCreds(input) {
|
|
|
82
85
|
return { files: buildClaudeFiles(input.placeholder, input.claudeIdentity), env };
|
|
83
86
|
case 'codex':
|
|
84
87
|
return { files: buildCodexFiles(input.placeholder, input.codexIdentity), env };
|
|
88
|
+
case 'pi':
|
|
89
|
+
// pi resolves its bearer from the env placeholder (COPILOT_GITHUB_TOKEN),
|
|
90
|
+
// so the env carries the credential; the files carry only non-secret config
|
|
91
|
+
// + the per-dispatch MCP bridge. PI_SKIP_VERSION_CHECK suppresses pi's
|
|
92
|
+
// startup version probe (egress-blocked in the VM → pure 403 noise).
|
|
93
|
+
return {
|
|
94
|
+
files: buildPiFiles(input.mcp ?? null),
|
|
95
|
+
env: { ...env, PI_SKIP_VERSION_CHECK: '1' },
|
|
96
|
+
};
|
|
85
97
|
default: {
|
|
86
|
-
// Exhaustive over AcpAdapterId (closed union claude|codex): the compiler
|
|
98
|
+
// Exhaustive over AcpAdapterId (closed union claude|codex|pi): the compiler
|
|
87
99
|
// proves `input.adapter` is `never` here. Kept as a total function.
|
|
88
100
|
const unreachable = input.adapter;
|
|
89
101
|
throw new Error(`buildGondolinFakeCreds: unhandled adapter ${String(unreachable)}`);
|
|
@@ -162,6 +174,31 @@ export function buildCodexFiles(placeholder, identity) {
|
|
|
162
174
|
};
|
|
163
175
|
return [credFile(CODEX_AUTH_GUEST_PATH, JSON.stringify(auth))];
|
|
164
176
|
}
|
|
177
|
+
/**
|
|
178
|
+
* pi guest files. DELIBERATELY no `~/.pi/agent/auth.json`: pi's credential
|
|
179
|
+
* resolution is `--api-key flag → auth.json → env var`, and the env path is the
|
|
180
|
+
* one that uses the value VERBATIM as the Copilot bearer (no in-guest
|
|
181
|
+
* device-flow/exchange/refresh). Staging even a placeholder auth.json would
|
|
182
|
+
* shadow the env placeholder AND trigger pi's own (egress-blocked) token
|
|
183
|
+
* exchange — so the credential rides ONLY the COPILOT_GITHUB_TOKEN env entry.
|
|
184
|
+
*
|
|
185
|
+
* • settings.json — pins `defaultProvider: github-copilot` so pi never picks
|
|
186
|
+
* a provider symphony has no credential for. A dispatch-chosen model
|
|
187
|
+
* overwrites this file via the pi profile's modelInjection (runtime files
|
|
188
|
+
* stage after fake-creds files).
|
|
189
|
+
* • extensions/symphony-mcp.ts — the MCP bridge (pi-acp ignores ACP
|
|
190
|
+
* mcpServers; without this the agent cannot call `transition`). Skipped
|
|
191
|
+
* when MCP is disabled for the run.
|
|
192
|
+
*/
|
|
193
|
+
export function buildPiFiles(mcp) {
|
|
194
|
+
const files = [
|
|
195
|
+
credFile(PI_SETTINGS_GUEST_PATH, JSON.stringify({ defaultProvider: 'github-copilot' })),
|
|
196
|
+
];
|
|
197
|
+
if (mcp !== null) {
|
|
198
|
+
files.push(credFile(PI_EXTENSION_GUEST_PATH, buildPiSymphonyMcpExtension(mcp)));
|
|
199
|
+
}
|
|
200
|
+
return files;
|
|
201
|
+
}
|
|
165
202
|
// ---------------------------------------------------------------------------
|
|
166
203
|
// Helpers.
|
|
167
204
|
// ---------------------------------------------------------------------------
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fake-creds.js","sourceRoot":"","sources":["../../../src/core/credential/fake-creds.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,EAAE;AACF,6EAA6E;AAC7E,qEAAqE;AACrE,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,0EAA0E;AAC1E,wEAAwE;AACxE,gFAAgF;AAChF,iFAAiF;AACjF,yEAAyE;AACzE,iFAAiF;AACjF,gEAAgE;AAChE,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,kFAAkF;AAClF,+EAA+E;AAC/E,gFAAgF;AAChF,
|
|
1
|
+
{"version":3,"file":"fake-creds.js","sourceRoot":"","sources":["../../../src/core/credential/fake-creds.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,EAAE;AACF,6EAA6E;AAC7E,qEAAqE;AACrE,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,0EAA0E;AAC1E,wEAAwE;AACxE,gFAAgF;AAChF,iFAAiF;AACjF,yEAAyE;AACzE,iFAAiF;AACjF,gEAAgE;AAChE,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,kFAAkF;AAClF,+EAA+E;AAC/E,gFAAgF;AAChF,gFAAgF;AAChF,qEAAqE;AACrE,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,+EAA+E;AAC/E,4EAA4E;AAC5E,kFAAkF;AAClF,wDAAwD;AAUxD,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAC9F,gFAAgF;AAChF,mDAAmD;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAE1B,8EAA8E;AAC9E,gEAAgE;AAChE,8EAA8E;AAE9E,gFAAgF;AAChF,+EAA+E;AAC/E,2CAA2C;AAC3C,MAAM,6BAA6B,GAAG,iCAAiC,CAAC;AACxE,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;AACtD,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AACvD,MAAM,sBAAsB,GAAG,+BAA+B,CAAC;AAE/D,wBAAwB;AACxB,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,gFAAgF;AAChF,0EAA0E;AAC1E,0EAA0E;AAC1E,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAExC,kFAAkF;AAClF,kEAAkE;AAClE,MAAM,YAAY,GAAG,2CAA2C,CAAC;AAEjE,8EAA8E;AAC9E,mEAAmE;AACnE,2EAA2E;AAC3E,8EAA8E;AAE9E,8CAA8C;AAC9C,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC7E,kFAAkF;AAClF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C,SAAS,aAAa,CAAC,CAAgB;IACrC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAgB;IACxC,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC3D,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAyB;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;IAC9E,QAAQ,KAAK,CAAC,OAAO,EAAE,CAAC;QACtB,KAAK,QAAQ;YACX,OAAO,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,cAAc,CAAC,EAAE,GAAG,EAAE,CAAC;QACnF,KAAK,OAAO;YACV,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,CAAC;QACjF,KAAK,IAAI;YACP,0EAA0E;YAC1E,4EAA4E;YAC5E,uEAAuE;YACvE,qEAAqE;YACrE,OAAO;gBACL,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC;gBACtC,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,qBAAqB,EAAE,GAAG,EAAE;aAC5C,CAAC;QACJ,OAAO,CAAC,CAAC,CAAC;YACR,4EAA4E;YAC5E,oEAAoE;YACpE,MAAM,WAAW,GAAU,KAAK,CAAC,OAAO,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,6CAA6C,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAC9B,WAAmB,EACnB,QAA+B;IAE/B,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;QAClC,aAAa,EAAE;YACb,WAAW,EAAE,WAAW;YACxB,YAAY,EAAE,YAAY;YAC1B,SAAS,EAAE,aAAa;SACzB;KACF,CAAC,CAAC;IACH,MAAM,KAAK,GAAoB,CAAC,QAAQ,CAAC,6BAA6B,EAAE,YAAY,CAAC,CAAC,CAAC;IAEvF,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;YACnC,sBAAsB,EAAE,IAAI;YAC5B,YAAY,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,EAAE;YAChG,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,aAAa,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAmB,EACnB,QAA8B;IAE9B,gFAAgF;IAChF,iFAAiF;IACjF,iFAAiF;IACjF,kDAAkD;IAClD,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI,CAAC,CAAC;IAEpE,MAAM,MAAM,GAA4B;QACtC,YAAY,EAAE,WAAW;QACzB,QAAQ,EAAE,WAAW;QACrB,aAAa,EAAE,YAAY;QAC3B,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACzD,CAAC;IACF,+EAA+E;IAC/E,4EAA4E;IAC5E,4EAA4E;IAC5E,MAAM,IAAI,GAA4B;QACpC,cAAc,EAAE,IAAI;QACpB,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM;QACN,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC;IACF,OAAO,CAAC,QAAQ,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,YAAY,CAAC,GAA+B;IAC1D,MAAM,KAAK,GAAoB;QAC7B,QAAQ,CAAC,sBAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,eAAe,EAAE,gBAAgB,EAAE,CAAC,CAAC;KACxF,CAAC;IACF,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,EAAE,2BAA2B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,SAAiB,EAAE,OAAe;IAClD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;AACtD,CAAC"}
|
|
@@ -43,12 +43,20 @@ import { nonEmptyString } from './strings.js';
|
|
|
43
43
|
// codex `OPENAI_API_KEY`).
|
|
44
44
|
export const CLAUDE_SECRET_NAME = 'ANTHROPIC_AUTH_TOKEN';
|
|
45
45
|
export const CODEX_SECRET_NAME = 'OPENAI_API_KEY';
|
|
46
|
+
// pi reads COPILOT_GITHUB_TOKEN and uses it VERBATIM as its Copilot bearer (no
|
|
47
|
+
// in-guest exchange/refresh) — exactly the placeholder-substitution contract.
|
|
48
|
+
export const PI_SECRET_NAME = 'COPILOT_GITHUB_TOKEN';
|
|
46
49
|
// The hosts each adapter's real token may be substituted onto at egress (its
|
|
47
50
|
// credential validity scope — NOT the general firewall; see buildAdapterHooksConfig).
|
|
48
51
|
export const CLAUDE_UPSTREAM_HOST = 'api.anthropic.com';
|
|
49
52
|
// codex ChatGPT-OAuth subscription tokens are honored on the ChatGPT backend
|
|
50
53
|
// (chatgpt.com/backend-api/codex), never the metered platform API.
|
|
51
54
|
export const CODEX_UPSTREAM_HOST = 'chatgpt.com';
|
|
55
|
+
// pi (GitHub Copilot): with an env-var credential pi dials each Copilot model's
|
|
56
|
+
// baked-in default base URL — the individual-subscription endpoint. (Business/
|
|
57
|
+
// enterprise segments would need a models.json baseUrl override + a wider scope;
|
|
58
|
+
// not wired.)
|
|
59
|
+
export const PI_UPSTREAM_HOST = 'api.individual.githubcopilot.com';
|
|
52
60
|
/**
|
|
53
61
|
* Far-future JWT `exp` (seconds since epoch — 2100-01-01T00:00:00Z) baked into
|
|
54
62
|
* the codex placeholder so codex's native mode treats it as a long-lived,
|
|
@@ -98,6 +106,8 @@ export function assemblePlaceholderJwt(signature, accountId = null) {
|
|
|
98
106
|
* - claude → `sk-ant-<random>` (claude validates the `sk-ant-` shape)
|
|
99
107
|
* - codex → a JWT-shaped placeholder (header.payload.<random-sig>) with a
|
|
100
108
|
* far-future `exp` + (when known + UUID-valid) the account-id claim
|
|
109
|
+
* - pi → `gho_symphony<random>` (pi sends the env value verbatim — no
|
|
110
|
+
* shape validation; the prefix just keeps it visibly token-shaped)
|
|
101
111
|
*
|
|
102
112
|
* `accountId` is consulted ONLY for codex; null/undefined elsewhere.
|
|
103
113
|
*/
|
|
@@ -108,6 +118,8 @@ export function buildAdapterPlaceholder(adapter, rng, accountId = null) {
|
|
|
108
118
|
case 'codex':
|
|
109
119
|
// The signature segment is high-entropy random material (base64url-safe).
|
|
110
120
|
return assemblePlaceholderJwt(rng.newToken(), accountId);
|
|
121
|
+
case 'pi':
|
|
122
|
+
return `gho_symphony${rng.newToken()}`;
|
|
111
123
|
}
|
|
112
124
|
}
|
|
113
125
|
// ─── per-adapter credential spec ─────────────────────────────────────────────
|
|
@@ -137,6 +149,13 @@ export function buildAdapterCredentialSpec(adapter, placeholder) {
|
|
|
137
149
|
secretName: CODEX_SECRET_NAME,
|
|
138
150
|
substitutionHosts: [CODEX_UPSTREAM_HOST],
|
|
139
151
|
};
|
|
152
|
+
case 'pi':
|
|
153
|
+
return {
|
|
154
|
+
adapter,
|
|
155
|
+
placeholder,
|
|
156
|
+
secretName: PI_SECRET_NAME,
|
|
157
|
+
substitutionHosts: [PI_UPSTREAM_HOST],
|
|
158
|
+
};
|
|
140
159
|
}
|
|
141
160
|
}
|
|
142
161
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shape.js","sourceRoot":"","sources":["../../../src/core/credential/shape.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,oCAAoC;AACpC,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,+EAA+E;AAC/E,yEAAyE;AACzE,EAAE;AACF,4EAA4E;AAC5E,gEAAgE;AAChE,mFAAmF;AACnF,kFAAkF;AAClF,6DAA6D;AAC7D,wDAAwD;AACxD,mFAAmF;AACnF,uDAAuD;AACvD,gFAAgF;AAChF,4EAA4E;AAC5E,gCAAgC;AAChC,gFAAgF;AAChF,kFAAkF;AAClF,iFAAiF;AACjF,8BAA8B;AAC9B,sDAAsD;AACtD,wEAAwE;AACxE,iFAAiF;AACjF,8EAA8E;AAC9E,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,6EAA6E;AAC7E,kFAAkF;AAClF,sDAAsD;AAStD,yEAAyE;AACzE,+DAA+D;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,2BAA2B;AAE3B,MAAM,CAAC,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,MAAM,CAAC,MAAM,iBAAiB,GAAG,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"shape.js","sourceRoot":"","sources":["../../../src/core/credential/shape.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,oCAAoC;AACpC,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,+EAA+E;AAC/E,yEAAyE;AACzE,EAAE;AACF,4EAA4E;AAC5E,gEAAgE;AAChE,mFAAmF;AACnF,kFAAkF;AAClF,6DAA6D;AAC7D,wDAAwD;AACxD,mFAAmF;AACnF,uDAAuD;AACvD,gFAAgF;AAChF,4EAA4E;AAC5E,gCAAgC;AAChC,gFAAgF;AAChF,kFAAkF;AAClF,iFAAiF;AACjF,8BAA8B;AAC9B,sDAAsD;AACtD,wEAAwE;AACxE,iFAAiF;AACjF,8EAA8E;AAC9E,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAC9E,6EAA6E;AAC7E,kFAAkF;AAClF,sDAAsD;AAStD,yEAAyE;AACzE,+DAA+D;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,gFAAgF;AAChF,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,2BAA2B;AAE3B,MAAM,CAAC,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,MAAM,CAAC,MAAM,iBAAiB,GAAG,gBAAgB,CAAC;AAClD,+EAA+E;AAC/E,8EAA8E;AAC9E,MAAM,CAAC,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAErD,6EAA6E;AAC7E,sFAAsF;AACtF,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AACxD,6EAA6E;AAC7E,mEAAmE;AACnE,MAAM,CAAC,MAAM,mBAAmB,GAAG,aAAa,CAAC;AACjD,gFAAgF;AAChF,+EAA+E;AAC/E,iFAAiF;AACjF,cAAc;AACd,MAAM,CAAC,MAAM,gBAAgB,GAAG,kCAAkC,CAAC;AAEnE;;;;;GAKG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,aAAa,CAAC;AAEzD,qEAAqE;AACrE,MAAM,oBAAoB,GAAG,aAAa,CAAC;AAE3C,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,sBAAsB,CACpC,SAAiB,EACjB,YAA2B,IAAI;IAE/B,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,aAAa,CAAC;QAC5B,GAAG,EAAE,2BAA2B;QAChC,GAAG,CAAC,aAAa,KAAK,IAAI;YACxB,CAAC,CAAC,EAAE,6BAA6B,EAAE,EAAE,kBAAkB,EAAE,aAAa,EAAE,EAAE;YAC1E,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;IACH,OAAO,GAAG,MAAM,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;AAC7C,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAqB,EACrB,GAAiB,EACjB,YAA2B,IAAI;IAE/B,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,UAAU,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;QACpC,KAAK,OAAO;YACV,0EAA0E;YAC1E,OAAO,sBAAsB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC;QAC3D,KAAK,IAAI;YACP,OAAO,eAAe,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAqB,EACrB,WAAmB;IAEnB,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,kBAAkB;gBAC9B,iBAAiB,EAAE,CAAC,oBAAoB,CAAC;aAC1C,CAAC;QACJ,KAAK,OAAO;YACV,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,iBAAiB;gBAC7B,iBAAiB,EAAE,CAAC,mBAAmB,CAAC;aACzC,CAAC;QACJ,KAAK,IAAI;YACP,OAAO;gBACL,OAAO;gBACP,WAAW;gBACX,UAAU,EAAE,cAAc;gBAC1B,iBAAiB,EAAE,CAAC,gBAAgB,CAAC;aACtC,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yCAAyC,CACvD,OAAqB,EACrB,GAAiB,EACjB,YAA2B,IAAI;IAE/B,OAAO,0BAA0B,CAAC,OAAO,EAAE,uBAAuB,CAAC,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;AAC/F,CAAC;AAkBD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAgB;IACjD,IAAI,CAAC,KAAK,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IACrC,+EAA+E;IAC/E,sDAAsD;IACtD,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC;IACjE,MAAM,YAAY,GAChB,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAChE,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,uBAAuB,EAAE,YAAY,EAAE,CAAC;AAC5F,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,uBAAuB,CAAC,QAAgB;IACtD,OAAO,QAAQ,CAAC,OAAO,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;AACpE,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CACrC,KAAuC,EACvC,kBAAqC,EAAE;IAEvC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,GAAG,eAAe,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;IACnE,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,iBAAiB,EAAE,CAAC,GAAG,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAChF,YAAY;KACb,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,qFAAqF;AAErF,2DAA2D;AAC3D,SAAS,MAAM,CAAC,MAAyB;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAS;QAC1B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACjC,uEAAuE;IACvE,MAAM,MAAM,GAAG,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzE,CAAC"}
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
// PURE generator for the pi symphony-MCP bridge extension (adapter: pi).
|
|
2
|
+
//
|
|
3
|
+
// pi (the @earendil-works/pi-coding-agent harness) has NO built-in MCP client
|
|
4
|
+
// — by design ("No MCP" is a pi philosophy point) — and the pi-acp ACP wrapper
|
|
5
|
+
// accepts but IGNORES the `mcpServers` advertised on ACP session/new. Without a
|
|
6
|
+
// bridge, an in-VM pi agent could never call `transition` / `request_human_steering`
|
|
7
|
+
// / `propose_issue`, so a pi dispatch could never reach a terminal state.
|
|
8
|
+
//
|
|
9
|
+
// The bridge: pi auto-discovers TypeScript extensions under
|
|
10
|
+
// `~/.pi/agent/extensions/*.ts` (global scope — loaded without a trust prompt,
|
|
11
|
+
// unlike project-local `.pi/extensions/`). This module generates the SOURCE of
|
|
12
|
+
// such an extension, with the per-dispatch MCP URL + bearer baked in; the
|
|
13
|
+
// fake-creds staging ships it into the guest alongside pi's settings.json. The
|
|
14
|
+
// extension registers one pi tool per symphony MCP tool and forwards each call
|
|
15
|
+
// as a plain JSON-RPC 2.0 `tools/call` POST — symphony's MCP endpoint is
|
|
16
|
+
// stateless per request (initialize is static), so no session handshake is
|
|
17
|
+
// needed.
|
|
18
|
+
//
|
|
19
|
+
// The tool names / descriptions / parameter schemas are derived from the SAME
|
|
20
|
+
// `TOOL_LIST` the MCP `tools/list` serves, so the two surfaces cannot drift:
|
|
21
|
+
// the JSON-Schema property entries are transliterated into the Typebox calls
|
|
22
|
+
// pi's extension API expects (`typebox` is one of the packages pi guarantees
|
|
23
|
+
// resolvable from extension files).
|
|
24
|
+
//
|
|
25
|
+
// Pure, synchronous, zero IO — (endpoint) -> source string.
|
|
26
|
+
import { TOOL_LIST } from './protocol.js';
|
|
27
|
+
/** Absolute guest path the staged pi extension lands at (global auto-discovery). */
|
|
28
|
+
export const PI_EXTENSION_GUEST_PATH = '/root/.pi/agent/extensions/symphony-mcp.ts';
|
|
29
|
+
/**
|
|
30
|
+
* Transliterate one JSON-Schema property into the Typebox expression the
|
|
31
|
+
* generated extension declares it with. The TOOL_LIST catalog only uses
|
|
32
|
+
* `string`, `number`, and `array<string>` — a new property type added to the
|
|
33
|
+
* catalog without a mapping here must fail LOUDLY at staging (throw), not ship
|
|
34
|
+
* a silently-wrong schema to the model.
|
|
35
|
+
*/
|
|
36
|
+
function typeboxExpr(toolName, propName, prop, required) {
|
|
37
|
+
const annotation = prop.description !== undefined ? `{ description: ${JSON.stringify(prop.description)} }` : '';
|
|
38
|
+
let base;
|
|
39
|
+
switch (prop.type) {
|
|
40
|
+
case 'string':
|
|
41
|
+
base = `Type.String(${annotation})`;
|
|
42
|
+
break;
|
|
43
|
+
case 'number':
|
|
44
|
+
base = `Type.Number(${annotation})`;
|
|
45
|
+
break;
|
|
46
|
+
case 'array':
|
|
47
|
+
if (prop.items?.type !== 'string') {
|
|
48
|
+
throw new Error(`pi-extension: unsupported array item type for ${toolName}.${propName}`);
|
|
49
|
+
}
|
|
50
|
+
base = annotation === '' ? 'Type.Array(Type.String())' : `Type.Array(Type.String(), ${annotation})`;
|
|
51
|
+
break;
|
|
52
|
+
default:
|
|
53
|
+
throw new Error(`pi-extension: unsupported schema type "${prop.type}" for ${toolName}.${propName}`);
|
|
54
|
+
}
|
|
55
|
+
return required ? base : `Type.Optional(${base})`;
|
|
56
|
+
}
|
|
57
|
+
/** One `pi.registerTool({...})` statement for a TOOL_LIST entry. */
|
|
58
|
+
function registerToolCode(tool) {
|
|
59
|
+
const required = new Set(tool.inputSchema.required ?? []);
|
|
60
|
+
const props = Object.entries(tool.inputSchema.properties)
|
|
61
|
+
.map(([name, prop]) => ` ${name}: ${typeboxExpr(tool.name, name, prop, required.has(name))},`)
|
|
62
|
+
.join('\n');
|
|
63
|
+
return ` pi.registerTool({
|
|
64
|
+
name: ${JSON.stringify(tool.name)},
|
|
65
|
+
label: ${JSON.stringify(`Symphony: ${tool.name}`)},
|
|
66
|
+
description: ${JSON.stringify(tool.description)},
|
|
67
|
+
parameters: Type.Object({
|
|
68
|
+
${props}
|
|
69
|
+
}),
|
|
70
|
+
async execute(_toolCallId, params, signal) {
|
|
71
|
+
return { content: await callSymphonyTool(${JSON.stringify(tool.name)}, params, signal) };
|
|
72
|
+
},
|
|
73
|
+
});`;
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Generate the full extension source for one dispatch. The URL + bearer are
|
|
77
|
+
* baked in VERBATIM (both are per-dispatch, guest-visible values — the same
|
|
78
|
+
* pair rides the ACP session/new mcpServers header for claude/codex), so the
|
|
79
|
+
* staged file is written 0600 like every other creds-adjacent guest file.
|
|
80
|
+
*/
|
|
81
|
+
export function buildPiSymphonyMcpExtension(mcp) {
|
|
82
|
+
return `// Auto-staged by smol-symphony for this dispatch — bridges symphony's MCP
|
|
83
|
+
// control plane (transition / steering / propose_issue) into pi, which has no
|
|
84
|
+
// built-in MCP client. Regenerated per dispatch; edits do not survive.
|
|
85
|
+
import { Type } from "typebox";
|
|
86
|
+
|
|
87
|
+
const MCP_URL = ${JSON.stringify(mcp.url)};
|
|
88
|
+
const MCP_TOKEN = ${JSON.stringify(mcp.token)};
|
|
89
|
+
|
|
90
|
+
async function callSymphonyTool(name, args, signal) {
|
|
91
|
+
const res = await fetch(MCP_URL, {
|
|
92
|
+
method: "POST",
|
|
93
|
+
headers: {
|
|
94
|
+
"content-type": "application/json",
|
|
95
|
+
authorization: "Bearer " + MCP_TOKEN,
|
|
96
|
+
},
|
|
97
|
+
body: JSON.stringify({
|
|
98
|
+
jsonrpc: "2.0",
|
|
99
|
+
id: 1,
|
|
100
|
+
method: "tools/call",
|
|
101
|
+
params: { name, arguments: args },
|
|
102
|
+
}),
|
|
103
|
+
signal,
|
|
104
|
+
});
|
|
105
|
+
if (!res.ok) throw new Error("symphony mcp: http " + res.status);
|
|
106
|
+
const body = await res.json();
|
|
107
|
+
if (body.error) {
|
|
108
|
+
throw new Error("symphony mcp: " + (body.error.message || "error " + body.error.code));
|
|
109
|
+
}
|
|
110
|
+
const raw = body.result && Array.isArray(body.result.content) ? body.result.content : [];
|
|
111
|
+
const text = raw
|
|
112
|
+
.map((c) => (c && typeof c.text === "string" ? c.text : ""))
|
|
113
|
+
.filter(Boolean)
|
|
114
|
+
.join("\\n");
|
|
115
|
+
if (body.result && body.result.isError) throw new Error(text || "symphony tool failed");
|
|
116
|
+
return [{ type: "text", text: text || "ok" }];
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
export default function (pi) {
|
|
120
|
+
${TOOL_LIST.map(registerToolCode).join('\n\n')}
|
|
121
|
+
}
|
|
122
|
+
`;
|
|
123
|
+
}
|
|
124
|
+
//# sourceMappingURL=pi-extension.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pi-extension.js","sourceRoot":"","sources":["../../../src/core/mcp/pi-extension.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,EAAE;AACF,8EAA8E;AAC9E,+EAA+E;AAC/E,gFAAgF;AAChF,qFAAqF;AACrF,0EAA0E;AAC1E,EAAE;AACF,4DAA4D;AAC5D,+EAA+E;AAC/E,+EAA+E;AAC/E,0EAA0E;AAC1E,+EAA+E;AAC/E,+EAA+E;AAC/E,yEAAyE;AACzE,2EAA2E;AAC3E,UAAU;AACV,EAAE;AACF,8EAA8E;AAC9E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,oCAAoC;AACpC,EAAE;AACF,4DAA4D;AAG5D,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE1C,oFAAoF;AACpF,MAAM,CAAC,MAAM,uBAAuB,GAAG,4CAA4C,CAAC;AASpF;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,QAAgB,EAAE,IAAgB,EAAE,QAAiB;IAC1F,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,kBAAkB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAChH,IAAI,IAAY,CAAC;IACjB,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,QAAQ;YACX,IAAI,GAAG,eAAe,UAAU,GAAG,CAAC;YACpC,MAAM;QACR,KAAK,QAAQ;YACX,IAAI,GAAG,eAAe,UAAU,GAAG,CAAC;YACpC,MAAM;QACR,KAAK,OAAO;YACV,IAAI,IAAI,CAAC,KAAK,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAClC,MAAM,IAAI,KAAK,CAAC,iDAAiD,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;YAC3F,CAAC;YACD,IAAI,GAAG,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,6BAA6B,UAAU,GAAG,CAAC;YACpG,MAAM;QACR;YACE,MAAM,IAAI,KAAK,CAAC,0CAA0C,IAAI,CAAC,IAAI,SAAS,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;IACxG,CAAC;IACD,OAAO,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,iBAAiB,IAAI,GAAG,CAAC;AACpD,CAAC;AAED,oEAAoE;AACpE,SAAS,gBAAgB,CAAC,IAAgC;IACxD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAS,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,UAAwC,CAAC;SACpF,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,SAAS,IAAI,KAAK,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC;SAClG,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO;YACG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;aACxB,IAAI,CAAC,SAAS,CAAC,aAAa,IAAI,CAAC,IAAI,EAAE,CAAC;mBAClC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC;;EAEjD,KAAK;;;iDAG0C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;;MAEpE,CAAC;AACP,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CAAC,GAAwB;IAClE,OAAO;;;;;kBAKS,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;oBACrB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgC3C,SAAS,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;;CAE7C,CAAC;AACF,CAAC"}
|
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
// Closed registry of valid adapter ids, inlined from the original
|
|
16
16
|
// `src/agent/adapter-names.ts:isKnownAdapter` constant-list lookup so the core
|
|
17
17
|
// stays pure (no import from the IO adapter layer). Mirrors `AcpAdapterId`.
|
|
18
|
-
const KNOWN_ADAPTER_IDS = ['claude', 'codex'];
|
|
19
|
-
const KNOWN_ADAPTERS_HINT = 'use one of: claude, codex';
|
|
18
|
+
const KNOWN_ADAPTER_IDS = ['claude', 'codex', 'pi'];
|
|
19
|
+
const KNOWN_ADAPTERS_HINT = 'use one of: claude, codex, pi';
|
|
20
20
|
function isKnownAdapter(id) {
|
|
21
21
|
return KNOWN_ADAPTER_IDS.includes(id);
|
|
22
22
|
}
|