ssh-mcp-pro 1.0.0

package/dist/remote/store.js

@@ -0,0 +1,355 @@
+import { mkdirSync } from "node:fs";
+import { createRequire } from "node:module";
+import path from "node:path";
+const require = createRequire(import.meta.url);
+function loadNodeSqlite() {
+    return require("node:sqlite");
+}
+function resolveDatabaseSync(loadSqlite = loadNodeSqlite) {
+    try {
+        const { DatabaseSync } = loadSqlite();
+        if (typeof DatabaseSync !== "function") {
+            throw new TypeError("DatabaseSync is not a constructor");
+        }
+        return DatabaseSync;
+    }
+    catch (error) {
+        throw new Error(`node:sqlite is not available in this Node.js build (${process.version}). ` +
+            "This feature requires Node.js >=22.13.0. " +
+            "See ARCHITECTURE.md for the better-sqlite3 fallback path.", { cause: error });
+    }
+}
+function dbPathFromUrl(databaseUrl) {
+    if (databaseUrl === ":memory:" || databaseUrl === "file::memory:") {
+        return ":memory:";
+    }
+    if (databaseUrl.startsWith("file:")) {
+        return databaseUrl.slice("file:".length);
+    }
+    return databaseUrl;
+}
+function parseJson(value) {
+    return JSON.parse(value);
+}
+function rowString(row, key) {
+    return String(row[key] ?? "");
+}
+function optionalRowString(row, key) {
+    const value = row[key];
+    return typeof value === "string" && value.length > 0 ? value : undefined;
+}
+function tokenUseConflict(message) {
+    return Object.assign(new Error(message), { code: "INVALID_TOKEN", status: 400 });
+}
+export class RemoteStore {
+    db;
+    constructor(databaseUrl, options = {}) {
+        const filePath = dbPathFromUrl(databaseUrl);
+        if (filePath !== ":memory:") {
+            mkdirSync(path.dirname(path.resolve(filePath)), { recursive: true });
+        }
+        const DatabaseSync = resolveDatabaseSync(options.loadSqlite);
+        this.db = new DatabaseSync(filePath);
+        this.db.exec("PRAGMA foreign_keys = ON");
+        this.migrate();
+    }
+    close() {
+        this.db.close();
+    }
+    migrate() {
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS users (
+        id TEXT PRIMARY KEY,
+        github_id TEXT UNIQUE NOT NULL,
+        github_login TEXT UNIQUE NOT NULL,
+        created_at TEXT NOT NULL,
+        updated_at TEXT NOT NULL
+      ) STRICT;
+
+      CREATE TABLE IF NOT EXISTS oauth_clients (
+        id TEXT PRIMARY KEY,
+        client_id TEXT UNIQUE NOT NULL,
+        client_name TEXT,
+        redirect_uris TEXT NOT NULL,
+        grant_types TEXT NOT NULL,
+        response_types TEXT NOT NULL,
+        token_endpoint_auth_method TEXT NOT NULL,
+        created_at TEXT NOT NULL
+      ) STRICT;
+
+      CREATE TABLE IF NOT EXISTS oauth_authorization_codes (
+        id TEXT PRIMARY KEY,
+        code_hash TEXT UNIQUE NOT NULL,
+        client_id TEXT NOT NULL,
+        user_id TEXT NOT NULL,
+        redirect_uri TEXT NOT NULL,
+        code_challenge TEXT NOT NULL,
+        code_challenge_method TEXT NOT NULL,
+        resource TEXT NOT NULL,
+        scope TEXT NOT NULL,
+        expires_at TEXT NOT NULL,
+        used_at TEXT,
+        created_at TEXT NOT NULL
+      ) STRICT;
+
+      CREATE TABLE IF NOT EXISTS agents (
+        id TEXT PRIMARY KEY,
+        user_id TEXT NOT NULL,
+        alias TEXT NOT NULL,
+        status TEXT NOT NULL,
+        public_key TEXT,
+        profile TEXT NOT NULL,
+        policy_json TEXT NOT NULL,
+        policy_version INTEGER NOT NULL DEFAULT 1,
+        host_metadata_json TEXT,
+        last_seen_at TEXT,
+        created_at TEXT NOT NULL,
+        updated_at TEXT NOT NULL,
+        UNIQUE(user_id, alias)
+      ) STRICT;
+
+      CREATE TABLE IF NOT EXISTS agent_enrollment_tokens (
+        id TEXT PRIMARY KEY,
+        agent_id TEXT NOT NULL,
+        user_id TEXT NOT NULL,
+        token_hash TEXT UNIQUE NOT NULL,
+        expires_at TEXT NOT NULL,
+        used_at TEXT,
+        created_at TEXT NOT NULL
+      ) STRICT;
+
+      CREATE TABLE IF NOT EXISTS actions (
+        id TEXT PRIMARY KEY,
+        user_id TEXT NOT NULL,
+        agent_id TEXT NOT NULL,
+        tool TEXT NOT NULL,
+        capability TEXT NOT NULL,
+        args_json TEXT NOT NULL,
+        status TEXT NOT NULL,
+        issued_at TEXT NOT NULL,
+        deadline TEXT NOT NULL,
+        completed_at TEXT,
+        result_json TEXT,
+        error_code TEXT
+      ) STRICT;
+
+      CREATE TABLE IF NOT EXISTS audit_events (
+        id TEXT PRIMARY KEY,
+        user_id TEXT,
+        agent_id TEXT,
+        action_id TEXT,
+        event_type TEXT NOT NULL,
+        severity TEXT NOT NULL,
+        metadata_json TEXT NOT NULL,
+        created_at TEXT NOT NULL
+      ) STRICT;
+    `);
+    }
+    upsertUser(user) {
+        this.db
+            .prepare(`INSERT INTO users (id, github_id, github_login, created_at, updated_at)
+         VALUES (?, ?, ?, ?, ?)
+         ON CONFLICT(github_id) DO UPDATE SET github_login = excluded.github_login, updated_at = excluded.updated_at`)
+            .run(user.internalId, user.id, user.login, user.now, user.now);
+    }
+    getUserByGitHubId(githubId) {
+        const row = this.db.prepare("SELECT * FROM users WHERE github_id = ?").get(githubId);
+        if (!row) {
+            return undefined;
+        }
+        return {
+            id: rowString(row, "id"),
+            githubId: rowString(row, "github_id"),
+            githubLogin: rowString(row, "github_login"),
+        };
+    }
+    insertClient(client) {
+        this.db
+            .prepare(`INSERT INTO oauth_clients
+         (id, client_id, client_name, redirect_uris, grant_types, response_types, token_endpoint_auth_method, created_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(client.id, client.clientId, client.clientName, JSON.stringify(client.redirectUris), JSON.stringify(client.grantTypes), JSON.stringify(client.responseTypes), client.tokenEndpointAuthMethod, client.createdAt);
+    }
+    getClient(clientId) {
+        const row = this.db.prepare("SELECT * FROM oauth_clients WHERE client_id = ?").get(clientId);
+        if (!row) {
+            return undefined;
+        }
+        return {
+            id: rowString(row, "id"),
+            clientId: rowString(row, "client_id"),
+            clientName: rowString(row, "client_name"),
+            redirectUris: parseJson(rowString(row, "redirect_uris")),
+            grantTypes: parseJson(rowString(row, "grant_types")),
+            responseTypes: parseJson(rowString(row, "response_types")),
+            tokenEndpointAuthMethod: "none",
+            createdAt: rowString(row, "created_at"),
+        };
+    }
+    countOAuthClients() {
+        const row = this.db.prepare("SELECT COUNT(*) AS count FROM oauth_clients").get();
+        return Number(row?.count ?? 0);
+    }
+    insertAuthorizationCode(code) {
+        this.db
+            .prepare(`INSERT INTO oauth_authorization_codes
+         (id, code_hash, client_id, user_id, redirect_uri, code_challenge, code_challenge_method, resource, scope, expires_at, used_at, created_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(code.id, code.codeHash, code.clientId, code.userId, code.redirectUri, code.codeChallenge, code.codeChallengeMethod, code.resource, code.scope, code.expiresAt, code.usedAt ?? null, code.createdAt);
+    }
+    getAuthorizationCodeByHash(codeHash) {
+        const row = this.db
+            .prepare("SELECT * FROM oauth_authorization_codes WHERE code_hash = ?")
+            .get(codeHash);
+        if (!row) {
+            return undefined;
+        }
+        return {
+            id: rowString(row, "id"),
+            codeHash: rowString(row, "code_hash"),
+            clientId: rowString(row, "client_id"),
+            userId: rowString(row, "user_id"),
+            redirectUri: rowString(row, "redirect_uri"),
+            codeChallenge: rowString(row, "code_challenge"),
+            codeChallengeMethod: "S256",
+            resource: rowString(row, "resource"),
+            scope: rowString(row, "scope"),
+            expiresAt: rowString(row, "expires_at"),
+            usedAt: optionalRowString(row, "used_at"),
+            createdAt: rowString(row, "created_at"),
+        };
+    }
+    markAuthorizationCodeUsed(codeHash, usedAt) {
+        const result = this.db
+            .prepare("UPDATE oauth_authorization_codes SET used_at = ? WHERE code_hash = ? AND used_at IS NULL")
+            .run(usedAt, codeHash);
+        if (Number(result.changes) !== 1) {
+            throw tokenUseConflict("Authorization code already used");
+        }
+    }
+    insertAgent(agent) {
+        this.db
+            .prepare(`INSERT INTO agents
+         (id, user_id, alias, status, public_key, profile, policy_json, policy_version, host_metadata_json, last_seen_at, created_at, updated_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(agent.id, agent.userId, agent.alias, agent.status, agent.publicKey ?? null, agent.profile, JSON.stringify(agent.policy), agent.policyVersion, agent.hostMetadata ? JSON.stringify(agent.hostMetadata) : null, agent.lastSeenAt ?? null, agent.createdAt, agent.updatedAt);
+    }
+    updateAgent(agent) {
+        this.db
+            .prepare(`UPDATE agents
+         SET alias = ?, status = ?, public_key = ?, profile = ?, policy_json = ?, policy_version = ?,
+             host_metadata_json = ?, last_seen_at = ?, updated_at = ?
+         WHERE id = ?`)
+            .run(agent.alias, agent.status, agent.publicKey ?? null, agent.profile, JSON.stringify(agent.policy), agent.policyVersion, agent.hostMetadata ? JSON.stringify(agent.hostMetadata) : null, agent.lastSeenAt ?? null, agent.updatedAt, agent.id);
+    }
+    getAgent(agentId) {
+        const row = this.db.prepare("SELECT * FROM agents WHERE id = ?").get(agentId);
+        return row ? this.agentFromRow(row) : undefined;
+    }
+    getAgentByAlias(userId, alias) {
+        const row = this.db
+            .prepare("SELECT * FROM agents WHERE user_id = ? AND alias = ?")
+            .get(userId, alias);
+        return row ? this.agentFromRow(row) : undefined;
+    }
+    listAgents(userId) {
+        return this.db
+            .prepare("SELECT * FROM agents WHERE user_id = ? ORDER BY created_at")
+            .all(userId).map((row) => this.agentFromRow(row));
+    }
+    agentFromRow(row) {
+        return {
+            id: rowString(row, "id"),
+            userId: rowString(row, "user_id"),
+            alias: rowString(row, "alias"),
+            status: rowString(row, "status"),
+            publicKey: optionalRowString(row, "public_key"),
+            profile: rowString(row, "profile"),
+            policy: parseJson(rowString(row, "policy_json")),
+            policyVersion: Number(row["policy_version"] ?? 1),
+            hostMetadata: optionalRowString(row, "host_metadata_json")
+                ? parseJson(optionalRowString(row, "host_metadata_json") ?? "{}")
+                : undefined,
+            lastSeenAt: optionalRowString(row, "last_seen_at"),
+            createdAt: rowString(row, "created_at"),
+            updatedAt: rowString(row, "updated_at"),
+        };
+    }
+    insertEnrollmentToken(token) {
+        this.db
+            .prepare(`INSERT INTO agent_enrollment_tokens
+         (id, agent_id, user_id, token_hash, expires_at, used_at, created_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?)`)
+            .run(token.id, token.agentId, token.userId, token.tokenHash, token.expiresAt, token.usedAt ?? null, token.createdAt);
+    }
+    getEnrollmentTokenByHash(tokenHash) {
+        const row = this.db
+            .prepare("SELECT * FROM agent_enrollment_tokens WHERE token_hash = ?")
+            .get(tokenHash);
+        if (!row) {
+            return undefined;
+        }
+        return {
+            id: rowString(row, "id"),
+            agentId: rowString(row, "agent_id"),
+            userId: rowString(row, "user_id"),
+            tokenHash: rowString(row, "token_hash"),
+            expiresAt: rowString(row, "expires_at"),
+            usedAt: optionalRowString(row, "used_at"),
+            createdAt: rowString(row, "created_at"),
+        };
+    }
+    markEnrollmentTokenUsed(tokenHash, usedAt) {
+        const result = this.db
+            .prepare("UPDATE agent_enrollment_tokens SET used_at = ? WHERE token_hash = ? AND used_at IS NULL")
+            .run(usedAt, tokenHash);
+        if (Number(result.changes) !== 1) {
+            throw tokenUseConflict("Enrollment token already used");
+        }
+    }
+    insertAction(action) {
+        this.db
+            .prepare(`INSERT INTO actions
+         (id, user_id, agent_id, tool, capability, args_json, status, issued_at, deadline, completed_at, result_json, error_code)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(action.id, action.userId, action.agentId, action.tool, action.capability, JSON.stringify(action.args), action.status, action.issuedAt, action.deadline, action.completedAt ?? null, action.result ? JSON.stringify(action.result) : null, action.errorCode ?? null);
+    }
+    updateAction(action) {
+        this.db
+            .prepare(`UPDATE actions
+         SET status = ?, completed_at = ?, result_json = ?, error_code = ?
+         WHERE id = ?`)
+            .run(action.status, action.completedAt ?? null, action.result ? JSON.stringify(action.result) : null, action.errorCode ?? null, action.id);
+    }
+    insertAudit(event) {
+        this.db
+            .prepare(`INSERT INTO audit_events
+         (id, user_id, agent_id, action_id, event_type, severity, metadata_json, created_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(event.id, event.userId ?? null, event.agentId ?? null, event.actionId ?? null, event.eventType, event.severity, JSON.stringify(event.metadata), event.createdAt);
+    }
+    listAudit(userId, agentId, limit) {
+        const safeLimit = Math.min(Math.max(limit, 1), 200);
+        const rows = agentId
+            ? this.db
+                .prepare("SELECT * FROM audit_events WHERE user_id = ? AND agent_id = ? ORDER BY created_at DESC LIMIT ?")
+                .all(userId, agentId, safeLimit)
+            : this.db
+                .prepare("SELECT * FROM audit_events WHERE user_id = ? ORDER BY created_at DESC LIMIT ?")
+                .all(userId, safeLimit);
+        return rows.map((row) => ({
+            id: rowString(row, "id"),
+            userId: optionalRowString(row, "user_id"),
+            agentId: optionalRowString(row, "agent_id"),
+            actionId: optionalRowString(row, "action_id"),
+            eventType: rowString(row, "event_type"),
+            severity: rowString(row, "severity"),
+            metadata: parseJson(rowString(row, "metadata_json")),
+            createdAt: rowString(row, "created_at"),
+        }));
+    }
+    run(sql, ...params) {
+        this.db.prepare(sql).run(...params);
+    }
+}
+//# sourceMappingURL=store.js.map

package/dist/remote/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/remote/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAmB7B,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAE/C,SAAS,cAAc;IACrB,OAAO,OAAO,CAAC,aAAa,CAAqB,CAAC;AACpD,CAAC;AAED,SAAS,mBAAmB,CAC1B,aAAqC,cAAc;IAEnD,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,UAAU,EAAE,CAAC;QACtC,IAAI,OAAO,YAAY,KAAK,UAAU,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,mCAAmC,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,YAAuC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,uDAAuD,OAAO,CAAC,OAAO,KAAK;YACzE,2CAA2C;YAC3C,2DAA2D,EAC7D,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,WAAmB;IACxC,IAAI,WAAW,KAAK,UAAU,IAAI,WAAW,KAAK,eAAe,EAAE,CAAC;QAClE,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,IAAI,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,SAAS,CAAI,KAAa;IACjC,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;AAChC,CAAC;AAED,SAAS,SAAS,CAAC,GAA4B,EAAE,GAAW;IAC1D,OAAO,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,iBAAiB,CAAC,GAA4B,EAAE,GAAW;IAClE,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC3E,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;AACnF,CAAC;AAED,MAAM,OAAO,WAAW;IACL,EAAE,CAAwC;IAE3D,YAAY,WAAmB,EAAE,UAA8B,EAAE;QAC/D,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;QAC5C,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;YAC5B,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,YAAY,GAAG,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,CAAC,EAAE,GAAG,IAAI,YAAY,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAEO,OAAO;QACb,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAsFZ,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CAAC,IAAsD;QAC/D,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;qHAE6G,CAC9G;aACA,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,iBAAiB,CACf,QAAgB;QAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAEtE,CAAC;QACd,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,EAAE,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC;YACxB,QAAQ,EAAE,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC;YACrC,WAAW,EAAE,SAAS,CAAC,GAAG,EAAE,cAAc,CAAC;SAC5C,CAAC;IACJ,CAAC;IAED,YAAY,CAAC,MAAmB;QAC9B,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;yCAEiC,CAClC;aACA,GAAG,CACF,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,UAAU,EACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,EACnC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,EACpC,MAAM,CAAC,uBAAuB,EAC9B,MAAM,CAAC,SAAS,CACjB,CAAC;IACN,CAAC;IAED,SAAS,CAAC,QAAgB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC,GAAG,CAAC,QAAQ,CAE9E,CAAC;QACd,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,EAAE,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC;YACxB,QAAQ,EAAE,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC;YACrC,UAAU,EAAE,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC;YACzC,YAAY,EAAE,SAAS,CAAW,SAAS,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;YAClE,UAAU,EAAE,SAAS,CAAW,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;YAC9D,aAAa,EAAE,SAAS,CAAW,SAAS,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;YACpE,uBAAuB,EAAE,MAAM;YAC/B,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;SACxC,CAAC;IACJ,CAAC;IAED,iBAAiB;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,6CAA6C,CAAC,CAAC,GAAG,EAEjE,CAAC;QACd,OAAO,MAAM,CAAC,GAAG,EAAE,KAAK,IAAI,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,uBAAuB,CAAC,IAA4B;QAClD,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;qDAE6C,CAC9C;aACA,GAAG,CACF,IAAI,CAAC,EAAE,EACP,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,mBAAmB,EACxB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,MAAM,IAAI,IAAI,EACnB,IAAI,CAAC,SAAS,CACf,CAAC;IACN,CAAC;IAED,0BAA0B,CAAC,QAAgB;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,6DAA6D,CAAC;aACtE,GAAG,CAAC,QAAQ,CAAwC,CAAC;QACxD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,EAAE,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC;YACxB,QAAQ,EAAE,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC;YACrC,QAAQ,EAAE,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC;YACrC,MAAM,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC;YACjC,WAAW,EAAE,SAAS,CAAC,GAAG,EAAE,cAAc,CAAC;YAC3C,aAAa,EAAE,SAAS,CAAC,GAAG,EAAE,gBAAgB,CAAC;YAC/C,mBAAmB,EAAE,MAAM;YAC3B,QAAQ,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC;YACpC,KAAK,EAAE,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC;YAC9B,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;YACvC,MAAM,EAAE,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC;YACzC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;SACxC,CAAC;IACJ,CAAC;IAED,yBAAyB,CAAC,QAAgB,EAAE,MAAc;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CACN,0FAA0F,CAC3F;aACA,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACzB,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,WAAW,CAAC,KAAwB;QAClC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;qDAE6C,CAC9C;aACA,GAAG,CACF,KAAK,CAAC,EAAE,EACR,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,SAAS,IAAI,IAAI,EACvB,KAAK,CAAC,OAAO,EACb,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAC5B,KAAK,CAAC,aAAa,EACnB,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,EAC9D,KAAK,CAAC,UAAU,IAAI,IAAI,EACxB,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,SAAS,CAChB,CAAC;IACN,CAAC;IAED,WAAW,CAAC,KAAwB;QAClC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;sBAGc,CACf;aACA,GAAG,CACF,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,SAAS,IAAI,IAAI,EACvB,KAAK,CAAC,OAAO,EACb,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAC5B,KAAK,CAAC,aAAa,EACnB,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,EAC9D,KAAK,CAAC,UAAU,IAAI,IAAI,EACxB,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,EAAE,CACT,CAAC;IACN,CAAC;IAED,QAAQ,CAAC,OAAe;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC,GAAG,CAAC,OAAO,CAE/D,CAAC;QACd,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAED,eAAe,CAAC,MAAc,EAAE,KAAa;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,sDAAsD,CAAC;aAC/D,GAAG,CAAC,MAAM,EAAE,KAAK,CAAwC,CAAC;QAC7D,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAED,UAAU,CAAC,MAAc;QACvB,OACE,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,4DAA4D,CAAC;aACrE,GAAG,CAAC,MAAM,CACd,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAEO,YAAY,CAAC,GAA4B;QAC/C,OAAO;YACL,EAAE,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC;YACxB,MAAM,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC;YACjC,KAAK,EAAE,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC;YAC9B,MAAM,EAAE,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAgC;YAC/D,SAAS,EAAE,iBAAiB,CAAC,GAAG,EAAE,YAAY,CAAC;YAC/C,OAAO,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,CAAiC;YAClE,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;YAChD,aAAa,EAAE,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACjD,YAAY,EAAE,iBAAiB,CAAC,GAAG,EAAE,oBAAoB,CAAC;gBACxD,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,oBAAoB,CAAC,IAAI,IAAI,CAAC;gBACjE,CAAC,CAAC,SAAS;YACb,UAAU,EAAE,iBAAiB,CAAC,GAAG,EAAE,cAAc,CAAC;YAClD,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;YACvC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;SACxC,CAAC;IACJ,CAAC;IAED,qBAAqB,CAAC,KAAiC;QACrD,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;sCAE8B,CAC/B;aACA,GAAG,CACF,KAAK,CAAC,EAAE,EACR,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,MAAM,IAAI,IAAI,EACpB,KAAK,CAAC,SAAS,CAChB,CAAC;IACN,CAAC;IAED,wBAAwB,CAAC,SAAiB;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,4DAA4D,CAAC;aACrE,GAAG,CAAC,SAAS,CAAwC,CAAC;QACzD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,EAAE,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC;YACxB,OAAO,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC;YACnC,MAAM,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC;YACjC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;YACvC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;YACvC,MAAM,EAAE,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC;YACzC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;SACxC,CAAC;IACJ,CAAC;IAED,uBAAuB,CAAC,SAAiB,EAAE,MAAc;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CACN,yFAAyF,CAC1F;aACA,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAC1B,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,gBAAgB,CAAC,+BAA+B,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,YAAY,CAAC,MAAoB;QAC/B,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;qDAE6C,CAC9C;aACA,GAAG,CACF,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,UAAU,EACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAC3B,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,IAAI,IAAI,EAC1B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,EACpD,MAAM,CAAC,SAAS,IAAI,IAAI,CACzB,CAAC;IACN,CAAC;IAED,YAAY,CAAC,MAAoB;QAC/B,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;sBAEc,CACf;aACA,GAAG,CACF,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,WAAW,IAAI,IAAI,EAC1B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,EACpD,MAAM,CAAC,SAAS,IAAI,IAAI,EACxB,MAAM,CAAC,EAAE,CACV,CAAC;IACN,CAAC;IAED,WAAW,CAAC,KAAiB;QAC3B,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;yCAEiC,CAClC;aACA,GAAG,CACF,KAAK,CAAC,EAAE,EACR,KAAK,CAAC,MAAM,IAAI,IAAI,EACpB,KAAK,CAAC,OAAO,IAAI,IAAI,EACrB,KAAK,CAAC,QAAQ,IAAI,IAAI,EACtB,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,QAAQ,EACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,EAC9B,KAAK,CAAC,SAAS,CAChB,CAAC;IACN,CAAC;IAED,SAAS,CAAC,MAAc,EAAE,OAA2B,EAAE,KAAa;QAClE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO;YAClB,CAAC,CAAE,IAAI,CAAC,EAAE;iBACL,OAAO,CACN,gGAAgG,CACjG;iBACA,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAA+B;YAClE,CAAC,CAAE,IAAI,CAAC,EAAE;iBACL,OAAO,CAAC,+EAA+E,CAAC;iBACxF,GAAG,CAAC,MAAM,EAAE,SAAS,CAA+B,CAAC;QAC5D,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACxB,EAAE,EAAE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC;YACxB,MAAM,EAAE,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC;YACzC,OAAO,EAAE,iBAAiB,CAAC,GAAG,EAAE,UAAU,CAAC;YAC3C,QAAQ,EAAE,iBAAiB,CAAC,GAAG,EAAE,WAAW,CAAC;YAC7C,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;YACvC,QAAQ,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAA2B;YAC9D,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;YACpD,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC;SACxC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,GAAG,MAAkB;QACpC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IACtC,CAAC;CACF"}

package/dist/remote/types.d.ts

@@ -0,0 +1,183 @@
+export declare const REMOTE_CAPABILITIES: readonly ["hosts.read", "agents.read", "agents.admin", "system.read", "logs.read", "service.manage", "docker.manage", "files.read", "files.write", "shell.exec", "sudo.exec", "agent.admin", "audit.read"];
+export type RemoteCapability = (typeof REMOTE_CAPABILITIES)[number];
+export declare const REMOTE_SCOPES: readonly ["hosts:read", "agents:read", "agents:admin", "status:read", "logs:read", "service:manage", "docker:manage", "files:read", "files:write", "shell:exec", "sudo:exec"];
+export type RemoteScope = (typeof REMOTE_SCOPES)[number];
+export declare const SCOPE_CAPABILITY_MAP: Record<RemoteScope, RemoteCapability[]>;
+export type AgentProfileName = "read-only" | "operations" | "full-admin" | "custom";
+export type CapabilityPolicy = Record<RemoteCapability, boolean>;
+export interface AgentPolicy {
+    profile: AgentProfileName;
+    capabilities: CapabilityPolicy;
+    allowPaths: string[];
+    denyPaths: string[];
+    allowServices: string[];
+    allowContainers: string[];
+    maxOutputBytes: number;
+    maxActionTimeoutSeconds: number;
+    version: number;
+}
+export interface GitHubUser {
+    id: string;
+    login: string;
+}
+export interface OAuthClient {
+    id: string;
+    clientId: string;
+    clientName: string;
+    redirectUris: string[];
+    grantTypes: string[];
+    responseTypes: string[];
+    tokenEndpointAuthMethod: "none";
+    createdAt: string;
+}
+export interface OAuthAuthorizationCode {
+    id: string;
+    codeHash: string;
+    clientId: string;
+    userId: string;
+    redirectUri: string;
+    codeChallenge: string;
+    codeChallengeMethod: "S256";
+    resource: string;
+    scope: string;
+    expiresAt: string;
+    usedAt?: string | undefined;
+    createdAt: string;
+}
+export interface RemoteAgentRecord {
+    id: string;
+    userId: string;
+    alias: string;
+    status: "pending" | "online" | "offline" | "revoked";
+    publicKey?: string | undefined;
+    profile: AgentProfileName;
+    policy: AgentPolicy;
+    policyVersion: number;
+    hostMetadata?: AgentHostMetadata | undefined;
+    lastSeenAt?: string | undefined;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface AgentEnrollmentTokenRecord {
+    id: string;
+    agentId: string;
+    userId: string;
+    tokenHash: string;
+    expiresAt: string;
+    usedAt?: string | undefined;
+    createdAt: string;
+}
+export interface AgentHostMetadata {
+    hostname: string;
+    os: string;
+    arch: string;
+    platform: string;
+}
+export interface ActionRecord {
+    id: string;
+    userId: string;
+    agentId: string;
+    tool: RemoteToolName;
+    capability: RemoteCapability;
+    args: Record<string, unknown>;
+    status: "pending" | "sent" | "completed" | "denied" | "timeout" | "error";
+    issuedAt: string;
+    deadline: string;
+    completedAt?: string | undefined;
+    result?: ActionResultEnvelope | undefined;
+    errorCode?: RemoteErrorCode | undefined;
+}
+export interface AuditEvent {
+    id: string;
+    userId?: string | undefined;
+    agentId?: string | undefined;
+    actionId?: string | undefined;
+    eventType: string;
+    severity: "info" | "warn" | "error";
+    metadata: Record<string, unknown>;
+    createdAt: string;
+}
+export declare const REMOTE_TOOLS: readonly ["list_hosts", "list_agents", "create_enrollment_token", "get_agent_install_command", "get_system_status", "tail_logs", "restart_service", "docker_ps", "docker_logs", "docker_restart", "file_read", "file_write", "run_shell", "run_shell_as_root", "update_agent_policy", "revoke_agent", "get_audit_events"];
+export type RemoteToolName = (typeof REMOTE_TOOLS)[number];
+export declare const TOOL_CAPABILITY_MAP: Record<RemoteToolName, RemoteCapability>;
+export declare const REMOTE_ERROR_CODES: readonly ["UNAUTHORIZED", "FORBIDDEN", "INVALID_TOKEN", "INVALID_SCOPE", "INVALID_CLIENT", "INVALID_REDIRECT_URI", "PKCE_VALIDATION_FAILED", "AGENT_NOT_FOUND", "AGENT_OFFLINE", "AGENT_REVOKED", "AGENT_TIMEOUT", "POLICY_DENIED", "CAPABILITY_DENIED", "ACTION_EXPIRED", "ACTION_REPLAY_DETECTED", "SIGNATURE_INVALID", "COMMAND_TIMEOUT", "OUTPUT_TRUNCATED", "UNSUPPORTED_PLATFORM", "UNSUPPORTED_PLATFORM_OR_PRIVILEGE", "INTERNAL_ERROR"];
+export type RemoteErrorCode = (typeof REMOTE_ERROR_CODES)[number];
+export interface AgentHelloEnvelope {
+    type: "agent.hello";
+    agent_id: string;
+    timestamp: string;
+    nonce: string;
+    capabilities: RemoteCapability[];
+    agent_version: string;
+    host: AgentHostMetadata;
+    signature: string;
+}
+export interface ActionRequestEnvelope {
+    type: "action.request";
+    action_id: string;
+    agent_id: string;
+    user_id: string;
+    tool: RemoteToolName;
+    capability: RemoteCapability;
+    args: Record<string, unknown>;
+    policy_version: number;
+    issued_at: string;
+    deadline: string;
+    nonce: string;
+    signature: string;
+}
+export interface ActionResultEnvelope {
+    type: "action.result";
+    action_id: string;
+    agent_id: string;
+    nonce: string;
+    status: "ok" | "error";
+    exit_code?: number | undefined;
+    stdout?: string | undefined;
+    stderr?: string | undefined;
+    started_at: string;
+    finished_at: string;
+    truncated: boolean;
+    error_code?: RemoteErrorCode | undefined;
+    message?: string | undefined;
+    signature: string;
+}
+export interface PolicyUpdateEnvelope {
+    type: "policy.update";
+    agent_id: string;
+    policy: AgentPolicy;
+    policy_version: number;
+    issued_at: string;
+    nonce: string;
+    signature: string;
+}
+export interface RemotePrincipal {
+    userId: string;
+    githubId: string;
+    githubLogin: string;
+    scopes: RemoteScope[];
+    capabilities: RemoteCapability[];
+    tokenId: string;
+}
+export interface RemoteConfig {
+    enabled: boolean;
+    publicBaseUrl: string;
+    mcpResourceUrl: string;
+    databaseUrl: string;
+    githubClientId?: string | undefined;
+    githubClientSecret?: string | undefined;
+    githubCallbackUrl: string;
+    allowAllUsers: boolean;
+    allowedGitHubLogins: string[];
+    allowedGitHubIds: string[];
+    accessTokenTtlSeconds: number;
+    authCodeTtlSeconds: number;
+    enrollmentTokenTtlSeconds: number;
+    controlPlaneSigningKeyPath: string;
+    jwtSigningKeyPath: string;
+    agentWsPath: string;
+    maxActionTimeoutSeconds: number;
+    maxOutputBytes: number;
+    maxOAuthClients: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/remote/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/remote/types.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,4MActB,CAAC;AAEX,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEpE,eAAO,MAAM,aAAa,+KAYhB,CAAC;AAEX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,WAAW,EAAE,gBAAgB,EAAE,CAYxE,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,YAAY,GAAG,YAAY,GAAG,QAAQ,CAAC;AAEpF,MAAM,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;AAEjE,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,YAAY,EAAE,gBAAgB,CAAC;IAC/B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IACrD,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,MAAM,EAAE,WAAW,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,iBAAiB,GAAG,SAAS,CAAC;IAC7C,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,cAAc,CAAC;IACrB,UAAU,EAAE,gBAAgB,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,MAAM,EAAE,SAAS,GAAG,MAAM,GAAG,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,OAAO,CAAC;IAC1E,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,MAAM,CAAC,EAAE,oBAAoB,GAAG,SAAS,CAAC;IAC1C,SAAS,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;CACzC;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IACpC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,YAAY,2TAkBf,CAAC;AAEX,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC;AAE3D,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAkBxE,CAAC;AAEF,eAAO,MAAM,kBAAkB,ibAsBrB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;AAElE,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,aAAa,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,iBAAiB,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,gBAAgB,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,cAAc,CAAC;IACrB,UAAU,EAAE,gBAAgB,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,eAAe,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,IAAI,GAAG,OAAO,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IACzC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,eAAe,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,WAAW,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,kBAAkB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACxC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,yBAAyB,EAAE,MAAM,CAAC;IAClC,0BAA0B,EAAE,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,EAAE,MAAM,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;CACzB"}

package/dist/remote/types.js

@@ -0,0 +1,103 @@
+export const REMOTE_CAPABILITIES = [
+    "hosts.read",
+    "agents.read",
+    "agents.admin",
+    "system.read",
+    "logs.read",
+    "service.manage",
+    "docker.manage",
+    "files.read",
+    "files.write",
+    "shell.exec",
+    "sudo.exec",
+    "agent.admin",
+    "audit.read",
+];
+export const REMOTE_SCOPES = [
+    "hosts:read",
+    "agents:read",
+    "agents:admin",
+    "status:read",
+    "logs:read",
+    "service:manage",
+    "docker:manage",
+    "files:read",
+    "files:write",
+    "shell:exec",
+    "sudo:exec",
+];
+export const SCOPE_CAPABILITY_MAP = {
+    "hosts:read": ["hosts.read"],
+    "agents:read": ["agents.read"],
+    "agents:admin": ["agents.admin", "agent.admin", "audit.read"],
+    "status:read": ["system.read"],
+    "logs:read": ["logs.read"],
+    "service:manage": ["service.manage"],
+    "docker:manage": ["docker.manage"],
+    "files:read": ["files.read"],
+    "files:write": ["files.write"],
+    "shell:exec": ["shell.exec"],
+    "sudo:exec": ["sudo.exec"],
+};
+export const REMOTE_TOOLS = [
+    "list_hosts",
+    "list_agents",
+    "create_enrollment_token",
+    "get_agent_install_command",
+    "get_system_status",
+    "tail_logs",
+    "restart_service",
+    "docker_ps",
+    "docker_logs",
+    "docker_restart",
+    "file_read",
+    "file_write",
+    "run_shell",
+    "run_shell_as_root",
+    "update_agent_policy",
+    "revoke_agent",
+    "get_audit_events",
+];
+export const TOOL_CAPABILITY_MAP = {
+    list_hosts: "hosts.read",
+    list_agents: "agents.read",
+    create_enrollment_token: "agents.admin",
+    get_agent_install_command: "agents.admin",
+    get_system_status: "system.read",
+    tail_logs: "logs.read",
+    restart_service: "service.manage",
+    docker_ps: "docker.manage",
+    docker_logs: "docker.manage",
+    docker_restart: "docker.manage",
+    file_read: "files.read",
+    file_write: "files.write",
+    run_shell: "shell.exec",
+    run_shell_as_root: "sudo.exec",
+    update_agent_policy: "agents.admin",
+    revoke_agent: "agents.admin",
+    get_audit_events: "audit.read",
+};
+export const REMOTE_ERROR_CODES = [
+    "UNAUTHORIZED",
+    "FORBIDDEN",
+    "INVALID_TOKEN",
+    "INVALID_SCOPE",
+    "INVALID_CLIENT",
+    "INVALID_REDIRECT_URI",
+    "PKCE_VALIDATION_FAILED",
+    "AGENT_NOT_FOUND",
+    "AGENT_OFFLINE",
+    "AGENT_REVOKED",
+    "AGENT_TIMEOUT",
+    "POLICY_DENIED",
+    "CAPABILITY_DENIED",
+    "ACTION_EXPIRED",
+    "ACTION_REPLAY_DETECTED",
+    "SIGNATURE_INVALID",
+    "COMMAND_TIMEOUT",
+    "OUTPUT_TRUNCATED",
+    "UNSUPPORTED_PLATFORM",
+    "UNSUPPORTED_PLATFORM_OR_PRIVILEGE",
+    "INTERNAL_ERROR",
+];
+//# sourceMappingURL=types.js.map

package/dist/remote/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/remote/types.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,YAAY;IACZ,aAAa;IACb,cAAc;IACd,aAAa;IACb,WAAW;IACX,gBAAgB;IAChB,eAAe;IACf,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,WAAW;IACX,aAAa;IACb,YAAY;CACJ,CAAC;AAIX,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,YAAY;IACZ,aAAa;IACb,cAAc;IACd,aAAa;IACb,WAAW;IACX,gBAAgB;IAChB,eAAe;IACf,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,WAAW;CACH,CAAC;AAIX,MAAM,CAAC,MAAM,oBAAoB,GAA4C;IAC3E,YAAY,EAAE,CAAC,YAAY,CAAC;IAC5B,aAAa,EAAE,CAAC,aAAa,CAAC;IAC9B,cAAc,EAAE,CAAC,cAAc,EAAE,aAAa,EAAE,YAAY,CAAC;IAC7D,aAAa,EAAE,CAAC,aAAa,CAAC;IAC9B,WAAW,EAAE,CAAC,WAAW,CAAC;IAC1B,gBAAgB,EAAE,CAAC,gBAAgB,CAAC;IACpC,eAAe,EAAE,CAAC,eAAe,CAAC;IAClC,YAAY,EAAE,CAAC,YAAY,CAAC;IAC5B,aAAa,EAAE,CAAC,aAAa,CAAC;IAC9B,YAAY,EAAE,CAAC,YAAY,CAAC;IAC5B,WAAW,EAAE,CAAC,WAAW,CAAC;CAC3B,CAAC;AA2GF,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,YAAY;IACZ,aAAa;IACb,yBAAyB;IACzB,2BAA2B;IAC3B,mBAAmB;IACnB,WAAW;IACX,iBAAiB;IACjB,WAAW;IACX,aAAa;IACb,gBAAgB;IAChB,WAAW;IACX,YAAY;IACZ,WAAW;IACX,mBAAmB;IACnB,qBAAqB;IACrB,cAAc;IACd,kBAAkB;CACV,CAAC;AAIX,MAAM,CAAC,MAAM,mBAAmB,GAA6C;IAC3E,UAAU,EAAE,YAAY;IACxB,WAAW,EAAE,aAAa;IAC1B,uBAAuB,EAAE,cAAc;IACvC,yBAAyB,EAAE,cAAc;IACzC,iBAAiB,EAAE,aAAa;IAChC,SAAS,EAAE,WAAW;IACtB,eAAe,EAAE,gBAAgB;IACjC,SAAS,EAAE,eAAe;IAC1B,WAAW,EAAE,eAAe;IAC5B,cAAc,EAAE,eAAe;IAC/B,SAAS,EAAE,YAAY;IACvB,UAAU,EAAE,aAAa;IACzB,SAAS,EAAE,YAAY;IACvB,iBAAiB,EAAE,WAAW;IAC9B,mBAAmB,EAAE,cAAc;IACnC,YAAY,EAAE,cAAc;IAC5B,gBAAgB,EAAE,YAAY;CAC/B,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,cAAc;IACd,WAAW;IACX,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,sBAAsB;IACtB,wBAAwB;IACxB,iBAAiB;IACjB,eAAe;IACf,eAAe;IACf,eAAe;IACf,eAAe;IACf,mBAAmB;IACnB,gBAAgB;IAChB,wBAAwB;IACxB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,sBAAsB;IACtB,mCAAmC;IACnC,gBAAgB;CACR,CAAC"}