synapse-mcp 1.0.0 → 1.0.2

package/dist/services/host-config-repository.d.ts

@@ -0,0 +1,133 @@
+import type { HostConfig } from "../types.js";
+/**
+ * Log security warnings for hosts with Docker socket access
+ *
+ * SECURITY (S-M2, CWE-269): Docker socket access grants root-equivalent privileges.
+ * Any process with socket access can:
+ * - Create containers with host filesystem mounts
+ * - Execute commands as root inside containers
+ * - Access the host network
+ *
+ * This function informs operators about which hosts have this elevated privilege.
+ *
+ * @param hosts - Array of host configurations to check
+ */
+export declare function logDockerSocketSecurityWarnings(hosts: HostConfig[]): void;
+/**
+ * Interface for host configuration repository
+ */
+export interface IHostConfigRepository {
+    /**
+     * Load host configurations from all sources
+     * @returns Promise resolving to array of host configurations
+     */
+    loadHosts(): Promise<HostConfig[]>;
+    /**
+     * Clear cached host configurations
+     */
+    clearCache(): void;
+}
+/**
+ * Repository for loading and caching host configurations
+ *
+ * Loads hosts from multiple sources in priority order:
+ * 1. Manual config file (synapse.config.json) - highest priority
+ * 2. SYNAPSE_HOSTS_CONFIG environment variable
+ * 3. SSH config auto-discovery (~/.ssh/config)
+ * 4. Local Docker socket (fallback)
+ *
+ * Manual hosts completely replace SSH config hosts with the same name.
+ */
+export declare class HostConfigRepository implements IHostConfigRepository {
+    private cache;
+    private cacheEnabled;
+    private sshConfigPath;
+    private defaultSocketPath;
+    private autoAddLocalSocket;
+    /**
+     * Create a new HostConfigRepository
+     *
+     * @param options - Configuration options
+     * @param options.enableCache - Enable caching of host configurations (default: false)
+     * @param options.sshConfigPath - Path to SSH config file (default: null, set to ~/.ssh/config to enable)
+     * @param options.defaultSocketPath - Path to default Docker socket (default: /var/run/docker.sock)
+     * @param options.autoAddLocalSocket - Auto-add local Docker socket (default: true - always auto-add if exists)
+     */
+    constructor(options?: {
+        enableCache?: boolean;
+        sshConfigPath?: string | null;
+        defaultSocketPath?: string;
+        autoAddLocalSocket?: boolean;
+    });
+    /**
+     * Load host configurations from all sources
+     *
+     * Returns cached result if caching is enabled and cache exists.
+     * Otherwise loads from sources and caches if enabled.
+     *
+     * @returns Promise resolving to array of host configurations
+     */
+    loadHosts(): Promise<HostConfig[]>;
+    /**
+     * Clear cached host configurations
+     */
+    clearCache(): void;
+    /**
+     * Internal method to load hosts from all sources
+     *
+     * @returns Promise resolving to array of host configurations
+     */
+    private loadHostsInternal;
+    /**
+     * Remove hosts excluded through SYNAPSE_EXCLUDE_HOSTS.
+     *
+     * Environment format: comma-separated host names, e.g. "code-server,clawd".
+     */
+    private applyExcludedHostsFilter;
+    /**
+     * Get config file search paths (in order of priority)
+     * Computed at runtime to support testing with env var changes
+     *
+     * @returns Array of config file paths to check
+     */
+    private getConfigPaths;
+    /**
+     * Load host configurations from config file with Zod validation
+     *
+     * Security: Validates all config fields against schema (S-H2)
+     * @see https://cwe.mitre.org/data/definitions/20.html
+     *
+     * @param configPath - Path to config file
+     * @returns Promise resolving to array of host configurations (empty if failed)
+     */
+    private loadFromConfigFile;
+    /**
+     * Load host configurations from environment variable with Zod validation
+     *
+     * Security: Validates all config fields against schema (S-H2)
+     * @see https://cwe.mitre.org/data/definitions/20.html
+     *
+     * @returns Array of host configurations (empty if failed)
+     */
+    private loadFromEnvVar;
+    /**
+     * Load host configurations from SSH config file
+     *
+     * @returns Promise resolving to array of host configurations (empty if failed or none found)
+     */
+    private loadFromSSHConfig;
+    /**
+     * Get default local host configuration
+     *
+     * @returns Default local host configuration
+     */
+    private getDefaultLocalHost;
+    /**
+     * Auto-add local Docker socket if it exists and isn't already configured
+     *
+     * @param hosts - Current host configurations
+     * @returns Host configurations with local socket added if needed
+     */
+    private ensureLocalSocket;
+}
+//# sourceMappingURL=host-config-repository.d.ts.map

package/dist/services/host-config-repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"host-config-repository.d.ts","sourceRoot":"","sources":["../../src/services/host-config-repository.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAK9C;;;;;;;;;;;;GAYG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,IAAI,CAWzE;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,SAAS,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEnC;;OAEG;IACH,UAAU,IAAI,IAAI,CAAC;CACpB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,oBAAqB,YAAW,qBAAqB;IAChE,OAAO,CAAC,KAAK,CAA6B;IAC1C,OAAO,CAAC,YAAY,CAAU;IAC9B,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,kBAAkB,CAAsB;IAEhD;;;;;;;;OAQG;gBAED,OAAO,GAAE;QACP,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,kBAAkB,CAAC,EAAE,OAAO,CAAC;KACzB;IAiBR;;;;;;;OAOG;IACG,SAAS,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAiBxC;;OAEG;IACH,UAAU,IAAI,IAAI;IAIlB;;;;OAIG;YACW,iBAAiB;IAwD/B;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;IA0BhC;;;;;OAKG;IACH,OAAO,CAAC,cAAc;IAStB;;;;;;;;OAQG;YACW,kBAAkB;IAuBhC;;;;;;;OAOG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;;OAIG;YACW,iBAAiB;IAsB/B;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAS3B;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;CAkC1B"}

package/dist/services/host-config-repository.js

@@ -0,0 +1,323 @@
+import { existsSync } from "node:fs";
+import { readFile } from "node:fs/promises";
+import { homedir, hostname } from "node:os";
+import { join } from "node:path";
+import { DEFAULT_DOCKER_SOCKET, ENV_HOSTS_CONFIG } from "../constants.js";
+import { validateHostConfigs } from "../schemas/host-config.js";
+import { logError } from "../utils/errors.js";
+import { isSocketPath } from "./docker/utils/client-factory.js";
+import { loadFromSSHConfig, mergeHostConfigs } from "./ssh-config-loader.js";
+/**
+ * Log security warnings for hosts with Docker socket access
+ *
+ * SECURITY (S-M2, CWE-269): Docker socket access grants root-equivalent privileges.
+ * Any process with socket access can:
+ * - Create containers with host filesystem mounts
+ * - Execute commands as root inside containers
+ * - Access the host network
+ *
+ * This function informs operators about which hosts have this elevated privilege.
+ *
+ * @param hosts - Array of host configurations to check
+ */
+export function logDockerSocketSecurityWarnings(hosts) {
+    for (const host of hosts) {
+        // Check if host uses Docker socket (either explicitly or via host field)
+        const socketPath = host.dockerSocketPath || (isSocketPath(host.host) ? host.host : null);
+        if (socketPath) {
+            console.error(`WARNING: Docker socket access grants root-equivalent privileges on ${host.name}`);
+        }
+    }
+}
+/**
+ * Repository for loading and caching host configurations
+ *
+ * Loads hosts from multiple sources in priority order:
+ * 1. Manual config file (synapse.config.json) - highest priority
+ * 2. SYNAPSE_HOSTS_CONFIG environment variable
+ * 3. SSH config auto-discovery (~/.ssh/config)
+ * 4. Local Docker socket (fallback)
+ *
+ * Manual hosts completely replace SSH config hosts with the same name.
+ */
+export class HostConfigRepository {
+    cache = null;
+    cacheEnabled;
+    sshConfigPath;
+    defaultSocketPath;
+    autoAddLocalSocket;
+    /**
+     * Create a new HostConfigRepository
+     *
+     * @param options - Configuration options
+     * @param options.enableCache - Enable caching of host configurations (default: false)
+     * @param options.sshConfigPath - Path to SSH config file (default: null, set to ~/.ssh/config to enable)
+     * @param options.defaultSocketPath - Path to default Docker socket (default: /var/run/docker.sock)
+     * @param options.autoAddLocalSocket - Auto-add local Docker socket (default: true - always auto-add if exists)
+     */
+    constructor(options = {}) {
+        this.cacheEnabled = options.enableCache ?? false;
+        // SSH config loading: use provided path, or default to ~/.ssh/config in non-test environments
+        // In test environments (NODE_ENV=test or vitest), default to null to avoid environment dependencies
+        if (options.sshConfigPath !== undefined) {
+            this.sshConfigPath = options.sshConfigPath;
+        }
+        else if (process.env.NODE_ENV === "test" || process.env.VITEST) {
+            this.sshConfigPath = null;
+        }
+        else {
+            this.sshConfigPath = join(homedir(), ".ssh", "config");
+        }
+        this.defaultSocketPath = options.defaultSocketPath ?? DEFAULT_DOCKER_SOCKET;
+        // Auto-add local socket: if not specified, will be determined based on whether manual config exists
+        this.autoAddLocalSocket = options.autoAddLocalSocket;
+    }
+    /**
+     * Load host configurations from all sources
+     *
+     * Returns cached result if caching is enabled and cache exists.
+     * Otherwise loads from sources and caches if enabled.
+     *
+     * @returns Promise resolving to array of host configurations
+     */
+    async loadHosts() {
+        // Return cached if enabled and available
+        if (this.cacheEnabled && this.cache !== null) {
+            return this.cache;
+        }
+        // Load from sources
+        const hosts = await this.loadHostsInternal();
+        // Cache if enabled
+        if (this.cacheEnabled) {
+            this.cache = hosts;
+        }
+        return hosts;
+    }
+    /**
+     * Clear cached host configurations
+     */
+    clearCache() {
+        this.cache = null;
+    }
+    /**
+     * Internal method to load hosts from all sources
+     *
+     * @returns Promise resolving to array of host configurations
+     */
+    async loadHostsInternal() {
+        let manualHosts = [];
+        // 1. Try manual config file first
+        for (const configPath of this.getConfigPaths()) {
+            if (existsSync(configPath)) {
+                const loadedHosts = await this.loadFromConfigFile(configPath);
+                if (loadedHosts.length > 0) {
+                    manualHosts = loadedHosts;
+                    break;
+                }
+            }
+        }
+        // 2. Fall back to env var if no config file
+        if (manualHosts.length === 0) {
+            const loadedHosts = this.loadFromEnvVar();
+            if (loadedHosts.length > 0) {
+                manualHosts = loadedHosts;
+            }
+        }
+        // 3. Load SSH config hosts (auto-discovery)
+        const sshHosts = await this.loadFromSSHConfig();
+        // 4. Merge hosts with manual taking precedence
+        const mergedHosts = mergeHostConfigs(sshHosts, manualHosts);
+        const hosts = this.applyExcludedHostsFilter(mergedHosts);
+        // 5. If still no hosts, default to local socket only
+        if (hosts.length === 0) {
+            console.error("No config found, using local Docker socket");
+            const defaultHost = this.getDefaultLocalHost();
+            // SECURITY (S-M2): Warn about Docker socket privileges
+            logDockerSocketSecurityWarnings([defaultHost]);
+            return [defaultHost];
+        }
+        // 6. Auto-add local socket if exists and not configured
+        // If autoAddLocalSocket is explicitly set, honor it
+        // If undefined (default), always auto-add (matches original docker.ts:1280 behavior)
+        const shouldAutoAdd = this.autoAddLocalSocket !== undefined ? this.autoAddLocalSocket : true;
+        let finalHosts;
+        if (shouldAutoAdd) {
+            finalHosts = this.ensureLocalSocket(hosts);
+        }
+        else {
+            finalHosts = hosts;
+        }
+        // SECURITY (S-M2): Log warnings for hosts with Docker socket access
+        logDockerSocketSecurityWarnings(finalHosts);
+        return finalHosts;
+    }
+    /**
+     * Remove hosts excluded through SYNAPSE_EXCLUDE_HOSTS.
+     *
+     * Environment format: comma-separated host names, e.g. "code-server,clawd".
+     */
+    applyExcludedHostsFilter(hosts) {
+        const raw = process.env.SYNAPSE_EXCLUDE_HOSTS?.trim();
+        if (!raw) {
+            return hosts;
+        }
+        const excluded = new Set(raw
+            .split(",")
+            .map((value) => value.trim())
+            .filter((value) => value.length > 0));
+        if (excluded.size === 0) {
+            return hosts;
+        }
+        const filtered = hosts.filter((host) => !excluded.has(host.name));
+        const removed = hosts.length - filtered.length;
+        if (removed > 0) {
+            console.error(`Excluded ${removed} host(s) via SYNAPSE_EXCLUDE_HOSTS`);
+        }
+        return filtered;
+    }
+    /**
+     * Get config file search paths (in order of priority)
+     * Computed at runtime to support testing with env var changes
+     *
+     * @returns Array of config file paths to check
+     */
+    getConfigPaths() {
+        return [
+            process.env.SYNAPSE_CONFIG_FILE, // Explicit path
+            join(process.cwd(), "synapse.config.json"), // Current directory
+            join(homedir(), ".config", "synapse-mcp", "config.json"), // XDG style
+            join(homedir(), ".synapse-mcp.json"), // Dotfile style
+        ].filter(Boolean);
+    }
+    /**
+     * Load host configurations from config file with Zod validation
+     *
+     * Security: Validates all config fields against schema (S-H2)
+     * @see https://cwe.mitre.org/data/definitions/20.html
+     *
+     * @param configPath - Path to config file
+     * @returns Promise resolving to array of host configurations (empty if failed)
+     */
+    async loadFromConfigFile(configPath) {
+        try {
+            const raw = await readFile(configPath, "utf-8");
+            const config = JSON.parse(raw);
+            const configHosts = config.hosts || config; // Support { hosts: [...] } or just [...]
+            if (Array.isArray(configHosts) && configHosts.length > 0) {
+                // SECURITY (S-H2): Validate config with Zod schema before use
+                const validated = validateHostConfigs(configHosts);
+                console.error(`Loaded ${validated.length} hosts from ${configPath}`);
+                return validated;
+            }
+            return [];
+        }
+        catch (error) {
+            logError(error, {
+                operation: "loadFromConfigFile",
+                metadata: { configPath, source: "file" },
+            });
+            return [];
+        }
+    }
+    /**
+     * Load host configurations from environment variable with Zod validation
+     *
+     * Security: Validates all config fields against schema (S-H2)
+     * @see https://cwe.mitre.org/data/definitions/20.html
+     *
+     * @returns Array of host configurations (empty if failed)
+     */
+    loadFromEnvVar() {
+        const configJson = process.env[ENV_HOSTS_CONFIG];
+        if (!configJson) {
+            return [];
+        }
+        try {
+            const parsed = JSON.parse(configJson);
+            const hostsArray = Array.isArray(parsed) ? parsed : [parsed];
+            // SECURITY (S-H2): Validate config with Zod schema before use
+            const validated = validateHostConfigs(hostsArray);
+            console.error(`Loaded ${validated.length} hosts from SYNAPSE_HOSTS_CONFIG env`);
+            return validated;
+        }
+        catch (error) {
+            logError(error, {
+                operation: "loadFromEnvVar",
+                metadata: { source: "SYNAPSE_HOSTS_CONFIG" },
+            });
+            return [];
+        }
+    }
+    /**
+     * Load host configurations from SSH config file
+     *
+     * @returns Promise resolving to array of host configurations (empty if failed or none found)
+     */
+    async loadFromSSHConfig() {
+        // Skip SSH config loading if path is not provided
+        if (!this.sshConfigPath) {
+            return [];
+        }
+        try {
+            const hosts = await loadFromSSHConfig(this.sshConfigPath);
+            if (hosts.length > 0) {
+                console.error(`Auto-discovered ${hosts.length} hosts from SSH config`);
+            }
+            return hosts;
+        }
+        catch (error) {
+            // SSH config loading failed - this is expected if config is invalid or missing
+            logError(error, {
+                operation: "loadFromSSHConfig",
+                metadata: { sshConfigPath: this.sshConfigPath },
+            });
+            return [];
+        }
+    }
+    /**
+     * Get default local host configuration
+     *
+     * @returns Default local host configuration
+     */
+    getDefaultLocalHost() {
+        return {
+            name: "local",
+            host: "localhost",
+            protocol: "http",
+            dockerSocketPath: this.defaultSocketPath,
+        };
+    }
+    /**
+     * Auto-add local Docker socket if it exists and isn't already configured
+     *
+     * @param hosts - Current host configurations
+     * @returns Host configurations with local socket added if needed
+     */
+    ensureLocalSocket(hosts) {
+        // Check if local socket exists
+        if (!existsSync(this.defaultSocketPath)) {
+            return hosts;
+        }
+        // Check if any host already uses the local socket
+        const hasLocalSocket = hosts.some((h) => h.dockerSocketPath === this.defaultSocketPath ||
+            h.host === this.defaultSocketPath ||
+            (h.host === "localhost" && h.dockerSocketPath));
+        if (hasLocalSocket) {
+            return hosts;
+        }
+        // Auto-add local socket entry
+        const localName = hostname()
+            .toLowerCase()
+            .replace(/[^a-z0-9-]/g, "-") || "local";
+        return [
+            ...hosts,
+            {
+                name: localName,
+                host: this.defaultSocketPath,
+                protocol: "http",
+                dockerSocketPath: this.defaultSocketPath,
+            },
+        ];
+    }
+}
+//# sourceMappingURL=host-config-repository.js.map

package/dist/services/host-config-repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"host-config-repository.js","sourceRoot":"","sources":["../../src/services/host-config-repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE7E;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,+BAA+B,CAAC,KAAmB;IACjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,yEAAyE;QACzE,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAEzF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,sEAAsE,IAAI,CAAC,IAAI,EAAE,CAClF,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAkBD;;;;;;;;;;GAUG;AACH,MAAM,OAAO,oBAAoB;IACvB,KAAK,GAAwB,IAAI,CAAC;IAClC,YAAY,CAAU;IACtB,aAAa,CAAgB;IAC7B,iBAAiB,CAAS;IAC1B,kBAAkB,CAAsB;IAEhD;;;;;;;;OAQG;IACH,YACE,UAKI,EAAE;QAEN,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC;QACjD,8FAA8F;QAC9F,oGAAoG;QACpG,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACxC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC7C,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YACjE,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,qBAAqB,CAAC;QAC5E,oGAAoG;QACpG,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS;QACb,yCAAyC;QACzC,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QAED,oBAAoB;QACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE7C,mBAAmB;QACnB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,WAAW,GAAiB,EAAE,CAAC;QAEnC,kCAAkC;QAClC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;gBAC9D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC3B,WAAW,GAAG,WAAW,CAAC;oBAC1B,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,WAAW,GAAG,WAAW,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,+CAA+C;QAC/C,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC;QAEzD,qDAAqD;QACrD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC/C,uDAAuD;YACvD,+BAA+B,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YAC/C,OAAO,CAAC,WAAW,CAAC,CAAC;QACvB,CAAC;QAED,wDAAwD;QACxD,oDAAoD;QACpD,qFAAqF;QACrF,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC;QAE7F,IAAI,UAAwB,CAAC;QAC7B,IAAI,aAAa,EAAE,CAAC;YAClB,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,KAAK,CAAC;QACrB,CAAC;QAED,oEAAoE;QACpE,+BAA+B,CAAC,UAAU,CAAC,CAAC;QAE5C,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACK,wBAAwB,CAAC,KAAmB;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,GAAG;aACA,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;aAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CACvC,CAAC;QAEF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC/C,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,YAAY,OAAO,oCAAoC,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;OAKG;IACK,cAAc;QACpB,OAAO;YACL,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,gBAAgB;YACjD,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,qBAAqB,CAAC,EAAE,oBAAoB;YAChE,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,aAAa,CAAC,EAAE,YAAY;YACtE,IAAI,CAAC,OAAO,EAAE,EAAE,mBAAmB,CAAC,EAAE,gBAAgB;SACvD,CAAC,MAAM,CAAC,OAAO,CAAa,CAAC;IAChC,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,kBAAkB,CAAC,UAAkB;QACjD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,CAAC,yCAAyC;YAErF,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzD,8DAA8D;gBAC9D,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;gBACnD,OAAO,CAAC,KAAK,CAAC,UAAU,SAAS,CAAC,MAAM,eAAe,UAAU,EAAE,CAAC,CAAC;gBACrE,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,KAAK,EAAE;gBACd,SAAS,EAAE,oBAAoB;gBAC/B,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE;aACzC,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,cAAc;QACpB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACtC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAE7D,8DAA8D;YAC9D,MAAM,SAAS,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;YAClD,OAAO,CAAC,KAAK,CAAC,UAAU,SAAS,CAAC,MAAM,sCAAsC,CAAC,CAAC;YAChF,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,KAAK,EAAE;gBACd,SAAS,EAAE,gBAAgB;gBAC3B,QAAQ,EAAE,EAAE,MAAM,EAAE,sBAAsB,EAAE;aAC7C,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,iBAAiB;QAC7B,kDAAkD;QAClD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,KAAK,CAAC,mBAAmB,KAAK,CAAC,MAAM,wBAAwB,CAAC,CAAC;YACzE,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,+EAA+E;YAC/E,QAAQ,CAAC,KAAK,EAAE;gBACd,SAAS,EAAE,mBAAmB;gBAC9B,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE;aAChD,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,mBAAmB;QACzB,OAAO;YACL,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,MAAM;YAChB,gBAAgB,EAAE,IAAI,CAAC,iBAAiB;SACzC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CAAC,KAAmB;QAC3C,+BAA+B;QAC/B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kDAAkD;QAClD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,gBAAgB,KAAK,IAAI,CAAC,iBAAiB;YAC7C,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,iBAAiB;YACjC,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,IAAI,CAAC,CAAC,gBAAgB,CAAC,CACjD,CAAC;QAEF,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,8BAA8B;QAC9B,MAAM,SAAS,GACb,QAAQ,EAAE;aACP,WAAW,EAAE;aACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,IAAI,OAAO,CAAC;QAE5C,OAAO;YACL,GAAG,KAAK;YACR;gBACE,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,IAAI,CAAC,iBAAiB;gBAC5B,QAAQ,EAAE,MAAe;gBACzB,gBAAgB,EAAE,IAAI,CAAC,iBAAiB;aACzC;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/services/host-resolver.d.ts

@@ -0,0 +1,49 @@
+import type { HostConfig } from "../types.js";
+import type { ComposeDiscovery } from "./compose-discovery.js";
+/**
+ * Error thrown when host resolution fails
+ */
+export declare class HostResolutionError extends Error {
+    constructor(message: string);
+}
+/**
+ * Resolves which host contains a compose project when not explicitly specified
+ */
+export declare class HostResolver {
+    private readonly discovery;
+    private readonly hosts;
+    constructor(discovery: ComposeDiscovery, hosts: HostConfig[]);
+    /**
+     * Resolve which host to use for a compose operation
+     *
+     * @param projectName - Name of the compose project
+     * @param specifiedHost - Optional host name explicitly provided by user
+     * @returns The resolved host configuration
+     * @throws {HostResolutionError} If resolution fails
+     */
+    resolveHost(projectName: string, specifiedHost?: string): Promise<HostConfig>;
+    /**
+     * Find all hosts that contain the specified project.
+     *
+     * Uses an AbortController to cancel remaining checks on early exit or timeout.
+     * SECURITY (CWE-404): Timer is properly cleared when resolution settles
+     * to prevent dangling promise rejection and memory leak.
+     */
+    private findMatchingHosts;
+    /**
+     * Check all hosts in parallel for the project with early-exit.
+     *
+     * When the first match arrives, starts a short grace period to collect
+     * any near-simultaneous matches (for conflict detection). After the
+     * grace period or when all checks settle (whichever is first), resolves
+     * with all collected matches.
+     *
+     * If all checks fail before any match, resolves immediately with
+     * an empty array.
+     *
+     * This avoids blocking on slow/offline hosts while still detecting
+     * conflicts between responsive hosts.
+     */
+    private checkAllHosts;
+}
+//# sourceMappingURL=host-resolver.d.ts.map

package/dist/services/host-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"host-resolver.d.ts","sourceRoot":"","sources":["../../src/services/host-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AA4B/D;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,qBAAa,YAAY;IAErB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,KAAK;gBADL,SAAS,EAAE,gBAAgB,EAC3B,KAAK,EAAE,UAAU,EAAE;IAGtC;;;;;;;OAOG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA+BnF;;;;;;OAMG;YACW,iBAAiB;IAwB/B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,aAAa;CA6DtB"}