ssh-mcp-pro 1.1.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/README.md +23 -1
- package/dist/config-parsers.d.ts +12 -0
- package/dist/config-parsers.d.ts.map +1 -0
- package/dist/config-parsers.js +60 -0
- package/dist/config-parsers.js.map +1 -0
- package/dist/config.d.ts +3 -2
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +3 -58
- package/dist/config.js.map +1 -1
- package/dist/ensure-pkg.d.ts +9 -0
- package/dist/ensure-pkg.d.ts.map +1 -0
- package/dist/ensure-pkg.js +105 -0
- package/dist/ensure-pkg.js.map +1 -0
- package/dist/ensure.d.ts.map +1 -1
- package/dist/ensure.js +2 -104
- package/dist/ensure.js.map +1 -1
- package/dist/fs-sftp.d.ts +58 -0
- package/dist/fs-sftp.d.ts.map +1 -0
- package/dist/fs-sftp.js +184 -0
- package/dist/fs-sftp.js.map +1 -0
- package/dist/fs-tools.d.ts.map +1 -1
- package/dist/fs-tools.js +2 -144
- package/dist/fs-tools.js.map +1 -1
- package/dist/mcp.d.ts +1 -1
- package/dist/mcp.js +1 -1
- package/dist/remote/agent-handler.d.ts +36 -0
- package/dist/remote/agent-handler.d.ts.map +1 -0
- package/dist/remote/agent-handler.js +255 -0
- package/dist/remote/agent-handler.js.map +1 -0
- package/dist/remote/control-plane.d.ts +4 -17
- package/dist/remote/control-plane.d.ts.map +1 -1
- package/dist/remote/control-plane.js +23 -657
- package/dist/remote/control-plane.js.map +1 -1
- package/dist/remote/http-util.d.ts +29 -0
- package/dist/remote/http-util.d.ts.map +1 -0
- package/dist/remote/http-util.js +159 -0
- package/dist/remote/http-util.js.map +1 -0
- package/dist/remote/oauth-handler.d.ts +47 -0
- package/dist/remote/oauth-handler.d.ts.map +1 -0
- package/dist/remote/oauth-handler.js +296 -0
- package/dist/remote/oauth-handler.js.map +1 -0
- package/dist/session-auth.d.ts +39 -0
- package/dist/session-auth.d.ts.map +1 -0
- package/dist/session-auth.js +148 -0
- package/dist/session-auth.js.map +1 -0
- package/dist/session.d.ts +0 -19
- package/dist/session.d.ts.map +1 -1
- package/dist/session.js +8 -154
- package/dist/session.js.map +1 -1
- package/docs/audit/2026-06-05-ecosystem-audit.md +1 -1
- package/docs/governance/issue-taxonomy.json +5 -0
- package/mcp.json +1 -1
- package/package.json +18 -12
- package/registry/ssh-mcp-pro/mcp.json +1 -1
- package/server.json +3 -3
|
@@ -0,0 +1,255 @@
|
|
|
1
|
+
import { nowIso, verifyEnvelope } from "./crypto.js";
|
|
2
|
+
import { AGENT_NONCE_TTL_MS, isRecord, pruneNonceWindow, hasSeenNonce, rememberNonce, } from "./http-util.js";
|
|
3
|
+
import { parseActionResultEnvelope, parseAgentHelloEnvelope } from "./schemas.js";
|
|
4
|
+
import { acceptWebSocketUpgrade } from "./websocket.js";
|
|
5
|
+
/** Handles agent WebSocket connection lifecycle for RemoteControlPlane. */
|
|
6
|
+
export class AgentWebSocketHandler {
|
|
7
|
+
config;
|
|
8
|
+
store;
|
|
9
|
+
agentConnections;
|
|
10
|
+
agentHelloNonces;
|
|
11
|
+
pendingActions;
|
|
12
|
+
audit;
|
|
13
|
+
constructor(config, store, agentConnections, agentHelloNonces, pendingActions, audit) {
|
|
14
|
+
this.config = config;
|
|
15
|
+
this.store = store;
|
|
16
|
+
this.agentConnections = agentConnections;
|
|
17
|
+
this.agentHelloNonces = agentHelloNonces;
|
|
18
|
+
this.pendingActions = pendingActions;
|
|
19
|
+
this.audit = audit;
|
|
20
|
+
}
|
|
21
|
+
handleUpgrade(req, socket, head, pathname) {
|
|
22
|
+
if (pathname !== this.config.agentWsPath) {
|
|
23
|
+
return false;
|
|
24
|
+
}
|
|
25
|
+
const connection = acceptWebSocketUpgrade(req, socket, head);
|
|
26
|
+
connection.onText((message) => {
|
|
27
|
+
void this.handleAgentMessage(connection, message).catch(() => {
|
|
28
|
+
connection.sendJson({
|
|
29
|
+
type: "error",
|
|
30
|
+
code: "INTERNAL_ERROR",
|
|
31
|
+
message: "Agent message failed",
|
|
32
|
+
});
|
|
33
|
+
connection.close();
|
|
34
|
+
});
|
|
35
|
+
});
|
|
36
|
+
return true;
|
|
37
|
+
}
|
|
38
|
+
async handleAgentMessage(connection, message) {
|
|
39
|
+
const payload = JSON.parse(message);
|
|
40
|
+
if (!isRecord(payload)) {
|
|
41
|
+
connection.sendJson({ type: "error", code: "INTERNAL_ERROR", message: "Invalid message" });
|
|
42
|
+
connection.close();
|
|
43
|
+
return;
|
|
44
|
+
}
|
|
45
|
+
if (payload.type === "agent.hello") {
|
|
46
|
+
await this.handleAgentHello(connection, parseAgentHelloEnvelope(payload));
|
|
47
|
+
return;
|
|
48
|
+
}
|
|
49
|
+
if (payload.type === "action.result") {
|
|
50
|
+
await this.handleActionResult(connection, parseActionResultEnvelope(payload));
|
|
51
|
+
return;
|
|
52
|
+
}
|
|
53
|
+
connection.sendJson({ type: "error", code: "INTERNAL_ERROR", message: "Unknown message type" });
|
|
54
|
+
connection.close();
|
|
55
|
+
}
|
|
56
|
+
async handleAgentHello(connection, hello) {
|
|
57
|
+
const agent = this.store.getAgent(hello.agent_id);
|
|
58
|
+
if (!agent || agent.status === "revoked" || !agent.publicKey) {
|
|
59
|
+
connection.sendJson({
|
|
60
|
+
type: "error",
|
|
61
|
+
code: "AGENT_NOT_FOUND",
|
|
62
|
+
message: "Agent is not enrolled",
|
|
63
|
+
});
|
|
64
|
+
connection.close();
|
|
65
|
+
return;
|
|
66
|
+
}
|
|
67
|
+
if (!verifyEnvelope(hello, agent.publicKey)) {
|
|
68
|
+
this.audit({
|
|
69
|
+
userId: agent.userId,
|
|
70
|
+
agentId: agent.id,
|
|
71
|
+
eventType: "agent_signature_invalid",
|
|
72
|
+
severity: "warn",
|
|
73
|
+
metadata: { message_type: "agent.hello" },
|
|
74
|
+
});
|
|
75
|
+
connection.sendJson({
|
|
76
|
+
type: "error",
|
|
77
|
+
code: "SIGNATURE_INVALID",
|
|
78
|
+
message: "Agent signature is invalid",
|
|
79
|
+
});
|
|
80
|
+
connection.close();
|
|
81
|
+
return;
|
|
82
|
+
}
|
|
83
|
+
const timestampAgeMs = Math.abs(Date.now() - new Date(hello.timestamp).getTime());
|
|
84
|
+
if (timestampAgeMs > 300_000) {
|
|
85
|
+
this.audit({
|
|
86
|
+
userId: agent.userId,
|
|
87
|
+
agentId: agent.id,
|
|
88
|
+
eventType: "agent_hello_expired",
|
|
89
|
+
severity: "warn",
|
|
90
|
+
metadata: {},
|
|
91
|
+
});
|
|
92
|
+
connection.sendJson({
|
|
93
|
+
type: "error",
|
|
94
|
+
code: "ACTION_EXPIRED",
|
|
95
|
+
message: "Agent hello timestamp is stale",
|
|
96
|
+
});
|
|
97
|
+
connection.close();
|
|
98
|
+
return;
|
|
99
|
+
}
|
|
100
|
+
const now = Date.now();
|
|
101
|
+
this.cleanupEphemeralState(now);
|
|
102
|
+
const existingConnection = this.agentConnections.get(agent.id);
|
|
103
|
+
if (existingConnection?.connection === connection) {
|
|
104
|
+
this.audit({
|
|
105
|
+
userId: agent.userId,
|
|
106
|
+
agentId: agent.id,
|
|
107
|
+
eventType: "agent_duplicate_hello_rejected",
|
|
108
|
+
severity: "warn",
|
|
109
|
+
metadata: {},
|
|
110
|
+
});
|
|
111
|
+
connection.sendJson({
|
|
112
|
+
type: "error",
|
|
113
|
+
code: "ACTION_REPLAY_DETECTED",
|
|
114
|
+
message: "Agent hello was already processed on this connection",
|
|
115
|
+
});
|
|
116
|
+
connection.close();
|
|
117
|
+
return;
|
|
118
|
+
}
|
|
119
|
+
const helloNonces = this.agentHelloNonces.get(agent.id) ?? new Map();
|
|
120
|
+
if (helloNonces.has(hello.nonce)) {
|
|
121
|
+
this.audit({
|
|
122
|
+
userId: agent.userId,
|
|
123
|
+
agentId: agent.id,
|
|
124
|
+
eventType: "agent_hello_replay_detected",
|
|
125
|
+
severity: "warn",
|
|
126
|
+
metadata: {},
|
|
127
|
+
});
|
|
128
|
+
connection.sendJson({
|
|
129
|
+
type: "error",
|
|
130
|
+
code: "ACTION_REPLAY_DETECTED",
|
|
131
|
+
message: "Agent hello nonce was already used",
|
|
132
|
+
});
|
|
133
|
+
connection.close();
|
|
134
|
+
return;
|
|
135
|
+
}
|
|
136
|
+
helloNonces.set(hello.nonce, now + AGENT_NONCE_TTL_MS);
|
|
137
|
+
this.agentHelloNonces.set(agent.id, helloNonces);
|
|
138
|
+
if (existingConnection) {
|
|
139
|
+
existingConnection.connection.close();
|
|
140
|
+
}
|
|
141
|
+
const seenNonces = new Map();
|
|
142
|
+
rememberNonce(seenNonces, hello.nonce, now);
|
|
143
|
+
this.agentConnections.set(agent.id, { agent, connection, seenNonces });
|
|
144
|
+
const online = {
|
|
145
|
+
...agent,
|
|
146
|
+
status: "online",
|
|
147
|
+
lastSeenAt: nowIso(),
|
|
148
|
+
hostMetadata: hello.host,
|
|
149
|
+
updatedAt: nowIso(),
|
|
150
|
+
};
|
|
151
|
+
this.store.updateAgent(online);
|
|
152
|
+
connection.onClose(() => {
|
|
153
|
+
const live = this.agentConnections.get(agent.id);
|
|
154
|
+
if (live?.connection !== connection) {
|
|
155
|
+
return;
|
|
156
|
+
}
|
|
157
|
+
this.agentConnections.delete(agent.id);
|
|
158
|
+
const latest = this.store.getAgent(agent.id);
|
|
159
|
+
if (latest && latest.status !== "revoked") {
|
|
160
|
+
this.store.updateAgent({ ...latest, status: "offline", updatedAt: nowIso() });
|
|
161
|
+
}
|
|
162
|
+
this.audit({
|
|
163
|
+
userId: agent.userId,
|
|
164
|
+
agentId: agent.id,
|
|
165
|
+
eventType: "agent_disconnected",
|
|
166
|
+
severity: "info",
|
|
167
|
+
metadata: {},
|
|
168
|
+
});
|
|
169
|
+
});
|
|
170
|
+
this.audit({
|
|
171
|
+
userId: agent.userId,
|
|
172
|
+
agentId: agent.id,
|
|
173
|
+
eventType: "agent_connected",
|
|
174
|
+
severity: "info",
|
|
175
|
+
metadata: { agent_version: hello.agent_version, host: hello.host.hostname },
|
|
176
|
+
});
|
|
177
|
+
connection.sendJson({ type: "agent.ready", agent_id: agent.id, policy: agent.policy });
|
|
178
|
+
}
|
|
179
|
+
async handleActionResult(connection, result) {
|
|
180
|
+
const pending = this.pendingActions.get(result.action_id);
|
|
181
|
+
if (!pending) {
|
|
182
|
+
return;
|
|
183
|
+
}
|
|
184
|
+
const agent = this.store.getAgent(result.agent_id);
|
|
185
|
+
if (!agent?.publicKey ||
|
|
186
|
+
!verifyEnvelope(result, agent.publicKey)) {
|
|
187
|
+
clearTimeout(pending.timeout);
|
|
188
|
+
this.pendingActions.delete(result.action_id);
|
|
189
|
+
this.audit({
|
|
190
|
+
userId: pending.action.userId,
|
|
191
|
+
agentId: pending.action.agentId,
|
|
192
|
+
actionId: pending.action.id,
|
|
193
|
+
eventType: "agent_result_signature_invalid",
|
|
194
|
+
severity: "warn",
|
|
195
|
+
metadata: {},
|
|
196
|
+
});
|
|
197
|
+
pending.reject(new Error("Agent result signature is invalid"));
|
|
198
|
+
return;
|
|
199
|
+
}
|
|
200
|
+
const live = this.agentConnections.get(result.agent_id);
|
|
201
|
+
if (pending.action.agentId !== result.agent_id || live?.connection !== connection) {
|
|
202
|
+
clearTimeout(pending.timeout);
|
|
203
|
+
this.pendingActions.delete(result.action_id);
|
|
204
|
+
this.audit({
|
|
205
|
+
userId: pending.action.userId,
|
|
206
|
+
agentId: pending.action.agentId,
|
|
207
|
+
actionId: pending.action.id,
|
|
208
|
+
eventType: "agent_result_connection_invalid",
|
|
209
|
+
severity: "warn",
|
|
210
|
+
metadata: {},
|
|
211
|
+
});
|
|
212
|
+
pending.reject(Object.assign(new Error("Agent result came from an unexpected connection"), {
|
|
213
|
+
code: "SIGNATURE_INVALID",
|
|
214
|
+
}));
|
|
215
|
+
return;
|
|
216
|
+
}
|
|
217
|
+
const now = Date.now();
|
|
218
|
+
if (hasSeenNonce(live.seenNonces, result.nonce, now)) {
|
|
219
|
+
clearTimeout(pending.timeout);
|
|
220
|
+
this.pendingActions.delete(result.action_id);
|
|
221
|
+
this.audit({
|
|
222
|
+
userId: pending.action.userId,
|
|
223
|
+
agentId: pending.action.agentId,
|
|
224
|
+
actionId: pending.action.id,
|
|
225
|
+
eventType: "agent_result_replay_detected",
|
|
226
|
+
severity: "warn",
|
|
227
|
+
metadata: {},
|
|
228
|
+
});
|
|
229
|
+
pending.reject(Object.assign(new Error("Agent result nonce was already used"), {
|
|
230
|
+
code: "ACTION_REPLAY_DETECTED",
|
|
231
|
+
}));
|
|
232
|
+
return;
|
|
233
|
+
}
|
|
234
|
+
rememberNonce(live.seenNonces, result.nonce, now);
|
|
235
|
+
clearTimeout(pending.timeout);
|
|
236
|
+
this.pendingActions.delete(result.action_id);
|
|
237
|
+
pending.resolve(result);
|
|
238
|
+
}
|
|
239
|
+
cleanupEphemeralState(now = Date.now()) {
|
|
240
|
+
for (const [agentId, nonces] of this.agentHelloNonces.entries()) {
|
|
241
|
+
pruneNonceWindow(nonces, now);
|
|
242
|
+
if (nonces.size === 0) {
|
|
243
|
+
this.agentHelloNonces.delete(agentId);
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
for (const live of this.agentConnections.values()) {
|
|
247
|
+
pruneNonceWindow(live.seenNonces, now);
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
/** Number of currently connected agents. */
|
|
251
|
+
get connectedAgentCount() {
|
|
252
|
+
return this.agentConnections.size;
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
//# sourceMappingURL=agent-handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"agent-handler.js","sourceRoot":"","sources":["../../src/remote/agent-handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EACL,kBAAkB,EAClB,QAAQ,EACR,gBAAgB,EAChB,YAAY,EACZ,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AASlF,OAAO,EAAE,sBAAsB,EAAmC,MAAM,gBAAgB,CAAC;AAezF,2EAA2E;AAC3E,MAAM,OAAO,qBAAqB;IAEb;IACA;IACA;IACA;IACA;IACA;IANnB,YACmB,MAA+B,EAC/B,KAAkB,EAClB,gBAA8C,EAC9C,gBAAkD,EAClD,cAA0C,EAC1C,KAA4D;QAL5D,WAAM,GAAN,MAAM,CAAyB;QAC/B,UAAK,GAAL,KAAK,CAAa;QAClB,qBAAgB,GAAhB,gBAAgB,CAA8B;QAC9C,qBAAgB,GAAhB,gBAAgB,CAAkC;QAClD,mBAAc,GAAd,cAAc,CAA4B;QAC1C,UAAK,GAAL,KAAK,CAAuD;IAC5E,CAAC;IAEJ,aAAa,CACX,GAAoB,EACpB,MAAc,EACd,IAA6B,EAC7B,QAAgB;QAEhB,IAAI,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACzC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,UAAU,GAAG,sBAAsB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7D,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;YAC5B,KAAK,IAAI,CAAC,kBAAkB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC3D,UAAU,CAAC,QAAQ,CAAC;oBAClB,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,sBAAsB;iBAChC,CAAC,CAAC;gBACH,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,UAAsC,EACtC,OAAe;QAEf,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAY,CAAC;QAC/C,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACvB,UAAU,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC3F,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,uBAAuB,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1E,OAAO;QACT,CAAC;QACD,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,EAAE,yBAAyB,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9E,OAAO;QACT,CAAC;QACD,UAAU,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAChG,UAAU,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,UAAsC,EACtC,KAAyB;QAEzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YAC7D,UAAU,CAAC,QAAQ,CAAC;gBAClB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,uBAAuB;aACjC,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,KAA2C,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,SAAS,EAAE,yBAAyB;gBACpC,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE,YAAY,EAAE,aAAa,EAAE;aAC1C,CAAC,CAAC;YACH,UAAU,CAAC,QAAQ,CAAC;gBAClB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAClF,IAAI,cAAc,GAAG,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,SAAS,EAAE,qBAAqB;gBAChC,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;YACH,UAAU,CAAC,QAAQ,CAAC;gBAClB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,gCAAgC;aAC1C,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,kBAAkB,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC/D,IAAI,kBAAkB,EAAE,UAAU,KAAK,UAAU,EAAE,CAAC;YAClD,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,SAAS,EAAE,gCAAgC;gBAC3C,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;YACH,UAAU,CAAC,QAAQ,CAAC;gBAClB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,wBAAwB;gBAC9B,OAAO,EAAE,sDAAsD;aAChE,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,IAAI,GAAG,EAAkB,CAAC;QACrF,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,SAAS,EAAE,6BAA6B;gBACxC,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;YACH,UAAU,CAAC,QAAQ,CAAC;gBAClB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,wBAAwB;gBAC9B,OAAO,EAAE,oCAAoC;aAC9C,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,GAAG,kBAAkB,CAAC,CAAC;QACvD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;QACjD,IAAI,kBAAkB,EAAE,CAAC;YACvB,kBAAkB,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxC,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC7C,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;QACvE,MAAM,MAAM,GAAsB;YAChC,GAAG,KAAK;YACR,MAAM,EAAE,QAAQ;YAChB,UAAU,EAAE,MAAM,EAAE;YACpB,YAAY,EAAE,KAAK,CAAC,IAAI;YACxB,SAAS,EAAE,MAAM,EAAE;SACpB,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC/B,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE;YACtB,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI,IAAI,EAAE,UAAU,KAAK,UAAU,EAAE,CAAC;gBACpC,OAAO;YACT,CAAC;YACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC1C,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;YAChF,CAAC;YACD,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,SAAS,EAAE,oBAAoB;gBAC/B,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC;YACT,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,OAAO,EAAE,KAAK,CAAC,EAAE;YACjB,SAAS,EAAE,iBAAiB;YAC5B,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;SAC5E,CAAC,CAAC;QACH,UAAU,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACzF,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,UAAsC,EACtC,MAA4B;QAE5B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnD,IACE,CAAC,KAAK,EAAE,SAAS;YACjB,CAAC,cAAc,CAAC,MAA4C,EAAE,KAAK,CAAC,SAAS,CAAC,EAC9E,CAAC;YACD,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;gBAC7B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;gBAC/B,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;YACH,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACxD,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,KAAK,MAAM,CAAC,QAAQ,IAAI,IAAI,EAAE,UAAU,KAAK,UAAU,EAAE,CAAC;YAClF,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;gBAC7B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;gBAC/B,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE;gBAC3B,SAAS,EAAE,iCAAiC;gBAC5C,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;YACH,OAAO,CAAC,MAAM,CACZ,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iDAAiD,CAAC,EAAE;gBAC1E,IAAI,EAAE,mBAA6C;aACpD,CAAC,CACH,CAAC;YACF,OAAO;QACT,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;YACrD,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK,CAAC;gBACT,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;gBAC7B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;gBAC/B,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE;gBAC3B,SAAS,EAAE,8BAA8B;gBACzC,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;YACH,OAAO,CAAC,MAAM,CACZ,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qCAAqC,CAAC,EAAE;gBAC9D,IAAI,EAAE,wBAAkD;aACzD,CAAC,CACH,CAAC;YACF,OAAO;QACT,CAAC;QACD,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAClD,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC7C,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;IAED,qBAAqB,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;QACpC,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,EAAE,CAAC;YAChE,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAC9B,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACtB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,EAAE,CAAC;YAClD,gBAAgB,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,IAAI,mBAAmB;QACrB,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;IACpC,CAAC;CACF"}
|
|
@@ -2,6 +2,8 @@ import type { IncomingMessage, ServerResponse } from "node:http";
|
|
|
2
2
|
import type { Duplex } from "node:stream";
|
|
3
3
|
import { type PemKeyPair } from "./crypto.js";
|
|
4
4
|
import { RemoteStore } from "./store.js";
|
|
5
|
+
import { OAuthHandler } from "./oauth-handler.js";
|
|
6
|
+
import { AgentWebSocketHandler } from "./agent-handler.js";
|
|
5
7
|
import type { RemoteConfig } from "./types.js";
|
|
6
8
|
export declare class RemoteControlPlane {
|
|
7
9
|
readonly config: RemoteConfig;
|
|
@@ -13,32 +15,17 @@ export declare class RemoteControlPlane {
|
|
|
13
15
|
private readonly cleanupInterval;
|
|
14
16
|
private jwtKeyPair;
|
|
15
17
|
private readonly controlPlaneKeyPair;
|
|
18
|
+
readonly oauth: OAuthHandler;
|
|
19
|
+
readonly agentHandler: AgentWebSocketHandler;
|
|
16
20
|
constructor(config?: RemoteConfig);
|
|
17
21
|
initialize(): Promise<void>;
|
|
18
22
|
close(): void;
|
|
19
23
|
private cleanupEphemeralState;
|
|
20
24
|
handleHttp(req: IncomingMessage, res: ServerResponse, pathname: string): Promise<boolean>;
|
|
21
25
|
handleUpgrade(req: IncomingMessage, socket: Duplex, head: Buffer<ArrayBufferLike>, pathname: string): boolean;
|
|
22
|
-
private protectedResourceMetadata;
|
|
23
|
-
private authorizationServerMetadata;
|
|
24
|
-
private handleRegister;
|
|
25
|
-
private handleAuthorize;
|
|
26
|
-
private validateAuthorizeParams;
|
|
27
|
-
private handleGitHubCallback;
|
|
28
|
-
private fetchGitHubUser;
|
|
29
|
-
private testGitHubUser;
|
|
30
|
-
private upsertGitHubUser;
|
|
31
|
-
private isGitHubUserAllowed;
|
|
32
|
-
private issueAuthorizationCode;
|
|
33
|
-
private handleToken;
|
|
34
|
-
private userFromId;
|
|
35
|
-
private handleJwks;
|
|
36
26
|
private handleMcp;
|
|
37
27
|
private handleApi;
|
|
38
28
|
private handleAgentEnroll;
|
|
39
|
-
private handleAgentMessage;
|
|
40
|
-
private handleAgentHello;
|
|
41
|
-
private handleActionResult;
|
|
42
29
|
private authenticate;
|
|
43
30
|
private sendUnauthorized;
|
|
44
31
|
private callRemoteTool;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"control-plane.d.ts","sourceRoot":"","sources":["../../src/remote/control-plane.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"control-plane.d.ts","sourceRoot":"","sources":["../../src/remote/control-plane.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAWL,KAAK,UAAU,EAChB,MAAM,aAAa,CAAC;AAkBrB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,YAAY,EAAyB,MAAM,oBAAoB,CAAC;AACzE,OAAO,EACL,qBAAqB,EAGtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAMV,YAAY,EAKb,MAAM,YAAY,CAAC;AAKpB,qBAAa,kBAAkB;IAC7B,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAuC;IAC7E,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAsC;IACvE,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA0C;IAC3E,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoC;IACnE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAiB;IACjD,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAa;IACjD,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,qBAAqB,CAAC;gBAEjC,MAAM,eAAqB;IAuBjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAIjC,KAAK,IAAI,IAAI;IAgBb,OAAO,CAAC,qBAAqB;IAKvB,UAAU,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiD/F,aAAa,CACX,GAAG,EAAE,eAAe,EACpB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,EAC7B,QAAQ,EAAE,MAAM,GACf,OAAO;YAII,SAAS;YAsET,SAAS;YAsDT,iBAAiB;YAsDjB,YAAY;IAiB1B,OAAO,CAAC,gBAAgB;YAWV,cAAc;IA4D5B,OAAO,CAAC,qBAAqB;IAmD7B,OAAO,CAAC,cAAc;IA8BtB,OAAO,CAAC,iBAAiB;IAsDzB,OAAO,CAAC,WAAW;YAkBL,cAAc;IA4H5B,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,KAAK;IASb,OAAO,CAAC,iBAAiB;CAM1B;AAED,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAI5E;AAED,wBAAgB,uBAAuB,CAAC,mBAAmB,EAAE,UAAU,GAAG,MAAM,CAE/E"}
|