From 6d08c9ad6a3f94ca20b4b4394298beca97b8a09a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 5 May 2026 12:22:44 +0000 Subject: [PATCH 1/4] chore: update CHANGELOG.md for v1.0.1 --- CHANGELOG.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 894acb7..a191ee7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +## v1.0.1 (2026-05-05) + +## What's Changed + +- ci: drop develop-FF gate from release dispatches; require main by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/200 +- Preprod Release by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/201 +- chore: update agent CHANGELOG.md for agent/v1.0.0 by @github-actions[bot] in https://github.com/rado0x54/ShellWatch/pull/202 +- docs: align README and docs/ with current code by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/203 +- docs: refactor README — logo, tagline, requirements, dev/prod flow by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/204 +- chore: self-host Geist fonts; drop Google Fonts dependency by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/206 +- ci: bump homebrew-tap formula on agent release by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/205 +- Preprod Release by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/207 + +**Full Changelog**: https://github.com/rado0x54/ShellWatch/compare/v1.0.0...v1.0.1 + ## v1.0.0 (2026-05-03) ## What's Changed From 448f99679699c16ebd28f7116c21318e51c350ac Mon Sep 17 00:00:00 2001 From: Martin Riedel <1713643+rado0x54@users.noreply.github.com> Date: Sun, 17 May 2026 21:30:19 +0200 Subject: [PATCH 2/4] chore: misc UX polish across sidebar, observer and onboarding (#212) * fix: prevent wordmark cutoff in README by widening viewBox * feat: restrict Observer Mode sidebar entry to admin accounts * feat: add empty-state explainer to Observer Mode page * docs: add ready-to-copy sshd_config one-liner to Requirements * feat: show ready-to-copy echo+tee one-liner in onboarding sshd step * feat: replace Sign Out text with Docs, GitHub and Logout icons in sidebar footer * feat: collapsible account row in sidebar footer, with inline logout * feat: expand account row on hover, auto-collapse 3s after click * fix: add 1s grace period before hover-collapsing the account row * fix: shorten account row hover-collapse grace to 500ms * revert: show Observer Mode to all accounts; empty-state copy is the explainer * fix: grep-guard onboarding sshd one-liner to avoid duplicate appends * fix: only wire account menu keydown listener while menu is open * revert: drop grep-q guard from sshd one-liner in README and onboarding --- README.md | 8 + client/src/lib/components/Sidebar.svelte | 289 ++++++++++++++++++++--- client/src/routes/observer/+page.svelte | 37 +++ client/src/routes/register/+page.svelte | 6 +- design/shellwatch_wordmark-dark.svg | 6 +- design/shellwatch_wordmark-light.svg | 6 +- 6 files changed, 315 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 5e94bcc..e982ba9 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,14 @@ ShellWatch is a Human-in-the-Loop platform for agent-driven SSH. Passkey-first a PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com ``` + One-liner to append it and reload `sshd`: + + ```bash + echo 'PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com' \ + | sudo tee -a /etc/ssh/sshd_config + sudo systemctl reload ssh # or: sudo systemctl reload sshd + ``` + - **Client (`ssh`):** OpenSSH **10.3+** — only when using the [SSH agent proxy](#ssh-agent-proxy). The PAM-from-inside-a-session path uses our [PAM module](https://github.com/rado0x54/pam-ssh-agent-webauthn) talking to `$SSH_AUTH_SOCK` directly, and plain ShellWatch sessions opened from the UI or MCP have no client-side OpenSSH requirement. ## Quick start diff --git a/client/src/lib/components/Sidebar.svelte b/client/src/lib/components/Sidebar.svelte index 1979dfd..272d26c 100644 --- a/client/src/lib/components/Sidebar.svelte +++ b/client/src/lib/components/Sidebar.svelte @@ -1,5 +1,6 @@ + + + @@ -464,21 +639,6 @@ box-shadow: 0 0 12px rgba(105, 246, 184, 0.6); } - .account-info { - display: flex; - align-items: center; - gap: var(--space-3); - padding: var(--space-3) 0; - margin-bottom: var(--space-2); - } - - .account-details { - display: flex; - flex-direction: column; - gap: 0.15rem; - min-width: 0; - } - .account-name { font-size: var(--body-md); font-weight: 600; @@ -498,6 +658,7 @@ letter-spacing: 0.04em; color: var(--primary); font-weight: 500; + align-self: flex-start; } .badge-admin::before { @@ -508,11 +669,81 @@ display: inline-block; } - .btn-logout:hover { - color: var(--error); + .footer-row { + display: flex; + align-items: center; + gap: var(--space-3); + margin-top: var(--space-3); + padding-top: var(--space-4); + border-top: 1px solid var(--outline-variant); + } + + .account-trigger { + display: inline-flex; + align-items: center; + justify-content: center; + padding: 2px; + background: transparent; + border: none; + cursor: pointer; + transition: filter 0.15s; + flex-shrink: 0; + } + + .account-trigger:hover { + filter: brightness(1.15); + } + + .account-trigger:focus-visible { + outline: 2px solid var(--primary); + outline-offset: 2px; + } + + .account-details { + display: flex; + flex-direction: column; + gap: 0.15rem; + min-width: 0; + flex: 1; + } + + .footer-resources { + display: flex; + align-items: center; + gap: var(--space-1); + margin-left: auto; + } + + .icon-btn { + display: inline-flex; + align-items: center; + justify-content: center; + width: 36px; + height: 36px; + background: transparent; + border: none; + color: var(--on-surface-variant); + cursor: pointer; + text-decoration: none; + transition: + color 0.15s, + background 0.15s; + } + + .icon-btn:hover { + color: var(--on-surface); background: var(--surface-container); } + .icon-btn:focus-visible { + outline: 2px solid var(--primary); + outline-offset: -2px; + } + + .icon-btn-danger:hover { + color: var(--error); + } + @media (max-width: 768px) { .sidebar { width: 100%; diff --git a/client/src/routes/observer/+page.svelte b/client/src/routes/observer/+page.svelte index 255c8ef..551e700 100644 --- a/client/src/routes/observer/+page.svelte +++ b/client/src/routes/observer/+page.svelte @@ -157,6 +157,16 @@
{/each} + {#if $sessions.length === 0} +
+

No active sessions

+

+ Observer Mode shows a live read-only grid of every open session in your account — + UI, MCP agent, and SSH-agent proxy connections all appear here side by side. +

+

Open a session from the sidebar or have an agent start one, and it will show up here.

+
+ {/if} @@ -242,4 +252,31 @@ height: 100%; padding: 2px; } + + .observer-empty { + grid-column: 1 / -1; + grid-row: 1 / -1; + display: flex; + flex-direction: column; + align-items: center; + justify-content: center; + gap: var(--space-3); + padding: var(--space-6); + text-align: center; + color: var(--on-surface-variant); + } + + .observer-empty h2 { + font-family: var(--font-display); + font-size: var(--title-md); + font-weight: 600; + letter-spacing: -0.01em; + color: var(--on-surface); + } + + .observer-empty p { + max-width: 56ch; + line-height: 1.55; + font-size: var(--body-md); + } diff --git a/client/src/routes/register/+page.svelte b/client/src/routes/register/+page.svelte index 2a1eec0..f4888d8 100644 --- a/client/src/routes/register/+page.svelte +++ b/client/src/routes/register/+page.svelte @@ -137,6 +137,7 @@ // (additional algorithms, multi-line config), surface it through the // register response and consume it here instead. const SSHD_CONFIG_LINE = "PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com"; + const SSHD_CONFIG_ONE_LINER = `echo '${SSHD_CONFIG_LINE}' | sudo tee -a /etc/ssh/sshd_config`; async function copyToClipboard(text: string, btn: HTMLButtonElement) { const original = btn.innerHTML; @@ -356,11 +357,12 @@ 1. Enable WebAuthn keys in /etc/ssh/sshd_config (reload sshd after) - {SSHD_CONFIG_LINE} + {SSHD_CONFIG_ONE_LINER} diff --git a/design/shellwatch_wordmark-dark.svg b/design/shellwatch_wordmark-dark.svg index e970a09..bdd6916 100644 --- a/design/shellwatch_wordmark-dark.svg +++ b/design/shellwatch_wordmark-dark.svg @@ -1,12 +1,12 @@ - + ShellWatch - SHELLWATCH diff --git a/design/shellwatch_wordmark-light.svg b/design/shellwatch_wordmark-light.svg index ae13a15..ef26503 100644 --- a/design/shellwatch_wordmark-light.svg +++ b/design/shellwatch_wordmark-light.svg @@ -1,12 +1,12 @@ - + ShellWatch - SHELLWATCH From d2633b88ae6296d26c6afe3f38eda9d3810a98e1 Mon Sep 17 00:00:00 2001 From: Martin Riedel <1713643+rado0x54@users.noreply.github.com> Date: Sun, 17 May 2026 22:23:22 +0200 Subject: [PATCH 3/4] feat: per-endpoint SSH agent forwarding toggle (#213) * feat: per-endpoint SSH agent forwarding toggle * chore: move agent-forward toggle below description, shorten hint * chore: trim agent-forward hint to single sentence * fix: split block-level help class so description's inline hint isn't broken --- README.md | 2 +- client/src/lib/stores/account.ts | 14 - client/src/lib/stores/endpoints.ts | 2 + client/src/routes/admin/general/+page.svelte | 5 + .../routes/settings/endpoints/+page.svelte | 86 +- .../src/routes/settings/general/+page.svelte | 106 +- config.sample.yaml | 2 + drizzle/0007_endpoint_agent_forward.sql | 2 + drizzle/meta/0007_snapshot.json | 973 ++++++++++++++++++ drizzle/meta/_journal.json | 7 + src/config/loader.test.ts | 25 + src/config/schema.ts | 5 + src/db/repositories/account-repo.ts | 5 +- src/db/repositories/endpoint-repo.ts | 14 +- src/db/schema.ts | 8 +- src/db/seed.ts | 1 + src/server/routes/accounts.test.ts | 1 - src/server/routes/accounts.ts | 42 +- src/server/routes/endpoints.ts | 35 +- src/terminal/terminal-manager.test.ts | 1 + src/test/helpers/app-server.ts | 1 + src/test/integration/agent-forward.test.ts | 2 +- src/test/integration/error-scenarios.test.ts | 1 + src/transport/create-factory.ts | 5 - src/transport/ssh-transport-factory.test.ts | 6 +- src/transport/ssh-transport-factory.ts | 4 +- 26 files changed, 1183 insertions(+), 172 deletions(-) create mode 100644 drizzle/0007_endpoint_agent_forward.sql create mode 100644 drizzle/meta/0007_snapshot.json diff --git a/README.md b/README.md index e982ba9..6fe9693 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ ShellWatch is a Human-in-the-Loop platform for agent-driven SSH. Passkey-first a - **Passkey-only auth** — WebAuthn for UI login, agent enrollment, and SSH authentication via OpenSSH's [`webauthn-sk-ecdsa-sha2-nistp256@openssh.com`](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f) signature algorithm - **End-to-end SSH-agent proxy** — local `ssh`/`scp`/`git` reach a passkey via ShellWatch with explicit browser approval per signature -- **Agent forwarding into sessions** — your passkey-backed SSH agent is forwarded into every ShellWatch session, so you can hop to additional hosts and enable SSH-agent-based PAM integration +- **Agent forwarding into sessions** — your passkey-backed SSH agent is forwarded into ShellWatch sessions (per-endpoint toggle), so you can hop to additional hosts and enable SSH-agent-based PAM integration - **PAM integration** — pair with [`pam-ssh-agent-webauthn`](https://github.com/rado0x54/pam-ssh-agent-webauthn) to gate `sudo` (or any PAM-aware step) behind a passkey approval surfaced through ShellWatch - **Human-in-the-loop for agents** — MCP agents request, humans approve; sensitive actions can require per-action consent - **Realtime notifications** — sign requests arrive as Web Push and in-UI toasts diff --git a/client/src/lib/stores/account.ts b/client/src/lib/stores/account.ts index 2636afa..5d0be0f 100644 --- a/client/src/lib/stores/account.ts +++ b/client/src/lib/stores/account.ts @@ -5,7 +5,6 @@ export interface AccountData { id: string; name: string; isAdmin: boolean; - agentForward: boolean; } export const account = writable(null); @@ -36,16 +35,3 @@ export async function updateAccountName(name: string): Promise { } await fetchAccount(); } - -export async function updateAgentForward(agentForward: boolean): Promise { - const res = await fetch("/api/auth/me", { - method: "PUT", - headers: { "Content-Type": "application/json" }, - body: JSON.stringify({ agentForward }), - }); - if (!res.ok) { - const err = await res.json(); - throw new Error(err.error || "Failed to update agent forwarding"); - } - await fetchAccount(); -} diff --git a/client/src/lib/stores/endpoints.ts b/client/src/lib/stores/endpoints.ts index 6b0479a..a8caced 100644 --- a/client/src/lib/stores/endpoints.ts +++ b/client/src/lib/stores/endpoints.ts @@ -18,6 +18,7 @@ export interface Endpoint { port: number; username: string; userVerification: UserVerification; + agentForward: boolean; description: string | null; } @@ -35,6 +36,7 @@ export async function createEndpoint(body: { port: number; username: string; userVerification?: UserVerification; + agentForward?: boolean; description?: string | null; }): Promise { const res = await fetch("/api/endpoints", { diff --git a/client/src/routes/admin/general/+page.svelte b/client/src/routes/admin/general/+page.svelte index f4fd03b..5e1aeb7 100644 --- a/client/src/routes/admin/general/+page.svelte +++ b/client/src/routes/admin/general/+page.svelte @@ -13,6 +13,7 @@ interface SeedEndpoint { label: string; address: string; + agentForward: boolean; passkeyCredentialRef?: string; } @@ -53,6 +54,10 @@ for (const ep of endpoints) { lines.push(` - label: ${yamlStr(ep.label)}`); lines.push(` address: ${yamlStr(ep.address)}`); + // Only emit when off — default is true, keep YAML clean. + if (!ep.agentForward) { + lines.push(" agentForward: false"); + } if (ep.passkeyCredentialRef) { lines.push(` passkeyCredentialRef: ${yamlStr(ep.passkeyCredentialRef)}`); } diff --git a/client/src/routes/settings/endpoints/+page.svelte b/client/src/routes/settings/endpoints/+page.svelte index 7dad21d..8728b10 100644 --- a/client/src/routes/settings/endpoints/+page.svelte +++ b/client/src/routes/settings/endpoints/+page.svelte @@ -28,6 +28,7 @@ let formLabel = $state(""); let formAddress = $state(""); let formUserVerification = $state("required"); + let formAgentForward = $state(true); let formDescription = $state(""); let deleteTarget = $state(null); let deleting = $state(false); @@ -41,6 +42,7 @@ formLabel = ""; formAddress = ""; formUserVerification = "required"; + formAgentForward = true; formDescription = ""; } @@ -49,6 +51,7 @@ formLabel = ep.label; formAddress = formatEndpointAddress(ep); formUserVerification = ep.userVerification; + formAgentForward = ep.agentForward; formDescription = ep.description ?? ""; } @@ -80,6 +83,7 @@ port: parsed.port, username: parsed.username, userVerification: formUserVerification, + agentForward: formAgentForward, description, }); } else { @@ -89,6 +93,7 @@ port: parsed.port, username: parsed.username, userVerification: formUserVerification, + agentForward: formAgentForward, description, }); } @@ -134,7 +139,10 @@ {#snippet primary()} {ep.label} - {ep.userVerification} + UV: {ep.userVerification} + + forward: {ep.agentForward ? "on" : "off"} + {/snippet} {#snippet secondary()}{formatEndpointAddress(ep)}{/snippet} {#snippet actions()} @@ -232,6 +240,28 @@
{formDescription.length} / {ENDPOINT_DESCRIPTION_MAX_LENGTH}
+
+ +
+ + {formAgentForward ? "Enabled" : "Disabled"} +
+ + Forward SSH keys to this host so onward tools (ssh, git) can authenticate. + +
+ {#snippet actions()} - - {$account.agentForward ? "Enabled" : "Disabled"} - - - - Forward SSH keys to remote hosts so programs like ssh and git can authenticate onward. - - {#if agentForwardMessage} - {agentForwardMessage} - {/if} - -
Version
@@ -221,57 +170,4 @@ .message.success { color: var(--green, #4ade80); } - - .toggle-row { - display: flex; - align-items: center; - gap: 0.75rem; - } - - .toggle { - position: relative; - width: 40px; - height: 22px; - border-radius: 11px; - border: 1px solid var(--border); - background: var(--bg-primary); - cursor: pointer; - padding: 0; - transition: background-color 0.2s; - } - - .toggle.active { - background: var(--green, #4ade80); - border-color: var(--green, #4ade80); - } - - .toggle-knob { - position: absolute; - top: 2px; - left: 2px; - width: 16px; - height: 16px; - border-radius: 50%; - background: var(--text-muted); - transition: - transform 0.2s, - background-color 0.2s; - } - - .toggle.active .toggle-knob { - transform: translateX(18px); - background: white; - } - - .toggle-label { - font-size: 0.85rem; - color: var(--text-primary); - } - - .field-hint { - display: block; - font-size: 0.75rem; - color: var(--text-muted); - margin-top: 0.375rem; - } diff --git a/config.sample.yaml b/config.sample.yaml index 28f2584..dd5b3c1 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -40,12 +40,14 @@ keyDirectory: ./keys # Optional: seed endpoints for the admin account on first run (keys are assigned via UI) # Format: [user@]host[:port] — defaults: user=shellwatch, port=22 +# agentForward defaults to true; set to false for hosts that disallow forwarding. # seedAdminEndpoints: # - label: Dev Box # address: ubuntu@dev.example.com # # - label: Staging # address: deploy@staging.example.com:2222 +# agentForward: false # Security settings security: diff --git a/drizzle/0007_endpoint_agent_forward.sql b/drizzle/0007_endpoint_agent_forward.sql new file mode 100644 index 0000000..42104d9 --- /dev/null +++ b/drizzle/0007_endpoint_agent_forward.sql @@ -0,0 +1,2 @@ +ALTER TABLE `endpoints` ADD `agent_forward` integer DEFAULT true NOT NULL;--> statement-breakpoint +ALTER TABLE `accounts` DROP COLUMN `agent_forward`; \ No newline at end of file diff --git a/drizzle/meta/0007_snapshot.json b/drizzle/meta/0007_snapshot.json new file mode 100644 index 0000000..72eee5a --- /dev/null +++ b/drizzle/meta/0007_snapshot.json @@ -0,0 +1,973 @@ +{ + "version": "6", + "dialect": "sqlite", + "id": "833d8ef2-d304-4fca-a662-6c996f63b68d", + "prevId": "3ef48364-48b4-4c51-8686-c11af4722eb9", + "tables": { + "accounts": { + "name": "accounts", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "max_sessions": { + "name": "max_sessions", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": 5 + }, + "last_used_at": { + "name": "last_used_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "admin_account": { + "name": "admin_account", + "columns": { + "singleton": { + "name": "singleton", + "type": "integer", + "primaryKey": true, + "notNull": true, + "autoincrement": false, + "default": 1 + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": {}, + "foreignKeys": { + "admin_account_account_id_accounts_id_fk": { + "name": "admin_account_account_id_accounts_id_fk", + "tableFrom": "admin_account", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": { + "single_row": { + "name": "single_row", + "value": "\"admin_account\".\"singleton\" = 1" + } + } + }, + "api_keys": { + "name": "api_keys", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "key_prefix": { + "name": "key_prefix", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "scopes": { + "name": "scopes", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "endpoints": { + "name": "endpoints", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": { + "api_keys_key_hash_unique": { + "name": "api_keys_key_hash_unique", + "columns": ["key_hash"], + "isUnique": true + } + }, + "foreignKeys": { + "api_keys_account_id_accounts_id_fk": { + "name": "api_keys_account_id_accounts_id_fk", + "tableFrom": "api_keys", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "audit_session_lifecycle": { + "name": "audit_session_lifecycle", + "columns": { + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "endpoint_id": { + "name": "endpoint_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "closed_at": { + "name": "closed_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "source_ip": { + "name": "source_ip", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_reason": { + "name": "mcp_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_name": { + "name": "mcp_client_name", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_version": { + "name": "mcp_client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_label": { + "name": "api_key_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_prefix": { + "name": "api_key_prefix", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_hostname": { + "name": "client_hostname", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_os": { + "name": "client_os", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_version": { + "name": "client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "close_reason": { + "name": "close_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + } + }, + "indexes": { + "audit_session_lifecycle_account_created_idx": { + "name": "audit_session_lifecycle_account_created_idx", + "columns": ["account_id", "created_at", "session_id"], + "isUnique": false + }, + "audit_session_lifecycle_account_endpoint_created_idx": { + "name": "audit_session_lifecycle_account_endpoint_created_idx", + "columns": ["account_id", "endpoint_id", "created_at", "session_id"], + "isUnique": false + } + }, + "foreignKeys": { + "audit_session_lifecycle_account_id_accounts_id_fk": { + "name": "audit_session_lifecycle_account_id_accounts_id_fk", + "tableFrom": "audit_session_lifecycle", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": { + "audit_session_lifecycle_status_chk": { + "name": "audit_session_lifecycle_status_chk", + "value": "\"audit_session_lifecycle\".\"status\" IN ('open','closed','error')" + }, + "audit_session_lifecycle_source_chk": { + "name": "audit_session_lifecycle_source_chk", + "value": "\"audit_session_lifecycle\".\"source\" IN ('ui','mcp','ssh')" + } + } + }, + "audit_signing_requests": { + "name": "audit_signing_requests", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "outcome": { + "name": "outcome", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "latency_ms": { + "name": "latency_ms", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "source_ip": { + "name": "source_ip", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "endpoint_label": { + "name": "endpoint_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "endpoint_address": { + "name": "endpoint_address", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_reason": { + "name": "mcp_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_name": { + "name": "mcp_client_name", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_version": { + "name": "mcp_client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_label": { + "name": "api_key_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_prefix": { + "name": "api_key_prefix", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_hostname": { + "name": "client_hostname", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_os": { + "name": "client_os", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_version": { + "name": "client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "credential_id": { + "name": "credential_id", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "passkey_label": { + "name": "passkey_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "user_verification": { + "name": "user_verification", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "key_label": { + "name": "key_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "key_fingerprint": { + "name": "key_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "cancel_reason": { + "name": "cancel_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + } + }, + "indexes": { + "audit_signing_requests_account_created_idx": { + "name": "audit_signing_requests_account_created_idx", + "columns": ["account_id", "created_at", "id"], + "isUnique": false + } + }, + "foreignKeys": { + "audit_signing_requests_account_id_accounts_id_fk": { + "name": "audit_signing_requests_account_id_accounts_id_fk", + "tableFrom": "audit_signing_requests", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": { + "audit_signing_requests_type_chk": { + "name": "audit_signing_requests_type_chk", + "value": "\"audit_signing_requests\".\"type\" IN ('webauthn-sign','key-approve')" + }, + "audit_signing_requests_source_chk": { + "name": "audit_signing_requests_source_chk", + "value": "\"audit_signing_requests\".\"source\" IN ('endpoint-auth','agent-forwarding','agent-proxy')" + }, + "audit_signing_requests_outcome_chk": { + "name": "audit_signing_requests_outcome_chk", + "value": "\"audit_signing_requests\".\"outcome\" IS NULL OR \"audit_signing_requests\".\"outcome\" IN ('approved','denied','expired','cancelled')" + } + } + }, + "endpoints": { + "name": "endpoints", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "host": { + "name": "host", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "port": { + "name": "port", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": 22 + }, + "username": { + "name": "username", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "user_verification": { + "name": "user_verification", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "'required'" + }, + "agent_forward": { + "name": "agent_forward", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": {}, + "foreignKeys": { + "endpoints_account_id_accounts_id_fk": { + "name": "endpoints_account_id_accounts_id_fk", + "tableFrom": "endpoints", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "push_subscriptions": { + "name": "push_subscriptions", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "endpoint": { + "name": "endpoint", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "p256dh": { + "name": "p256dh", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "auth": { + "name": "auth", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": { + "push_subscriptions_endpoint_unique": { + "name": "push_subscriptions_endpoint_unique", + "columns": ["endpoint"], + "isUnique": true + } + }, + "foreignKeys": { + "push_subscriptions_account_id_accounts_id_fk": { + "name": "push_subscriptions_account_id_accounts_id_fk", + "tableFrom": "push_subscriptions", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "ssh_keys": { + "name": "ssh_keys", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "'file'" + }, + "public_key": { + "name": "public_key", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "fingerprint": { + "name": "fingerprint", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": { + "ssh_keys_fingerprint_unique": { + "name": "ssh_keys_fingerprint_unique", + "columns": ["fingerprint"], + "isUnique": true + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "webauthn_credentials": { + "name": "webauthn_credentials", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "credential_id": { + "name": "credential_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "public_key": { + "name": "public_key", + "type": "blob", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "counter": { + "name": "counter", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": 0 + }, + "transports": { + "name": "transports", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "public_key_openssh": { + "name": "public_key_openssh", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "revoked": { + "name": "revoked", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": false + }, + "state": { + "name": "state", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "'active'" + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + } + }, + "indexes": { + "webauthn_credentials_credential_id_unique": { + "name": "webauthn_credentials_credential_id_unique", + "columns": ["credential_id"], + "isUnique": true + } + }, + "foreignKeys": { + "webauthn_credentials_account_id_accounts_id_fk": { + "name": "webauthn_credentials_account_id_accounts_id_fk", + "tableFrom": "webauthn_credentials", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + } + }, + "views": {}, + "enums": {}, + "_meta": { + "schemas": {}, + "tables": {}, + "columns": {} + }, + "internal": { + "indexes": {} + } +} diff --git a/drizzle/meta/_journal.json b/drizzle/meta/_journal.json index 61bfff8..68785a3 100644 --- a/drizzle/meta/_journal.json +++ b/drizzle/meta/_journal.json @@ -50,6 +50,13 @@ "when": 1777783781140, "tag": "0006_audit_signing_requests", "breakpoints": true + }, + { + "idx": 7, + "version": "6", + "when": 1779047498048, + "tag": "0007_endpoint_agent_forward", + "breakpoints": true } ] } diff --git a/src/config/loader.test.ts b/src/config/loader.test.ts index e7360ca..53bb145 100644 --- a/src/config/loader.test.ts +++ b/src/config/loader.test.ts @@ -128,6 +128,31 @@ seedAdminEndpoints: expect(() => loadConfig(configPath)).toThrow("Invalid config"); }); + it("defaults agentForward to true on seed endpoints", () => { + const dir = createTempDir(); + const configPath = writeConfig( + dir, + ` +server: + externalUrl: http://localhost:3000 +security: + rpId: localhost + trustedWebauthnOrigins: + - http://localhost +seedAdminEndpoints: + - label: Default + address: host.example.com + - label: NoForward + address: locked.example.com + agentForward: false +`, + ); + + const config = loadConfig(configPath); + expect(config.seedAdminEndpoints[0].agentForward).toBe(true); + expect(config.seedAdminEndpoints[1].agentForward).toBe(false); + }); + it("loads multiple endpoints with different address formats", () => { const dir = createTempDir(); const configPath = writeConfig( diff --git a/src/config/schema.ts b/src/config/schema.ts index 755591e..7234e96 100644 --- a/src/config/schema.ts +++ b/src/config/schema.ts @@ -8,6 +8,11 @@ export const SeedEndpointSchema = z.object({ .string() .min(1) .transform((addr) => parseEndpointAddress(addr)), + /** + * Whether to enable SSH agent forwarding on sessions to this endpoint. + * Defaults to true — opt out per endpoint when the host disallows forwarding. + */ + agentForward: z.boolean().default(true), }); /** Field-level defaults for optional security settings (rpId and trustedWebauthnOrigins are required) */ diff --git a/src/db/repositories/account-repo.ts b/src/db/repositories/account-repo.ts index ba2eea1..5d5bac2 100644 --- a/src/db/repositories/account-repo.ts +++ b/src/db/repositories/account-repo.ts @@ -9,7 +9,6 @@ export interface AccountInfo { isAdmin: boolean; enabled: boolean; maxSessions: number; - agentForward: boolean; lastUsedAt: string | null; createdAt: string; updatedAt: string; @@ -20,7 +19,7 @@ export interface AccountRepository { findAll(): Promise; update( id: string, - data: Partial>, + data: Partial>, ): Promise; /** Mark account as active. Writes are batched — call flushLastUsed() to persist. */ touchLastUsed(id: string): void; @@ -82,7 +81,7 @@ export class DrizzleAccountRepository implements AccountRepository { async update( id: string, - data: Partial>, + data: Partial>, ): Promise { this.db .update(accounts) diff --git a/src/db/repositories/endpoint-repo.ts b/src/db/repositories/endpoint-repo.ts index 30ebceb..8752605 100644 --- a/src/db/repositories/endpoint-repo.ts +++ b/src/db/repositories/endpoint-repo.ts @@ -27,6 +27,7 @@ export interface EndpointInfo { port: number; username: string; userVerification: UserVerification; + agentForward: boolean; description: string | null; } @@ -45,6 +46,7 @@ export interface EndpointRepository { port: number; username: string; userVerification?: UserVerification; + agentForward?: boolean; description?: string | null; }): Promise; update( @@ -56,6 +58,7 @@ export interface EndpointRepository { port: number; username: string; userVerification: UserVerification; + agentForward: boolean; description: string | null; }>, ): Promise; @@ -70,6 +73,7 @@ const ENDPOINT_COLUMNS = { port: endpoints.port, username: endpoints.username, userVerification: endpoints.userVerification, + agentForward: endpoints.agentForward, description: endpoints.description, } as const; @@ -101,6 +105,7 @@ export class DrizzleEndpointRepository implements EndpointRepository { port: number; username: string; userVerification?: UserVerification; + agentForward?: boolean; description?: string | null; }): Promise { const now = new Date().toISOString(); @@ -109,6 +114,7 @@ export class DrizzleEndpointRepository implements EndpointRepository { .values({ ...data, userVerification: data.userVerification ?? "required", + agentForward: data.agentForward ?? true, description: data.description ?? null, enabled: true, createdAt: now, @@ -126,6 +132,7 @@ export class DrizzleEndpointRepository implements EndpointRepository { port: number; username: string; userVerification: UserVerification; + agentForward: boolean; description: string | null; }>, ): Promise { @@ -150,9 +157,10 @@ export class InMemoryEndpointRepository implements EndpointRepository { constructor( initialEndpoints: Array< - Omit & { + Omit & { accountId?: string; userVerification?: UserVerification; + agentForward?: boolean; description?: string | null; } > = [], @@ -162,6 +170,7 @@ export class InMemoryEndpointRepository implements EndpointRepository { ...e, accountId: e.accountId ?? this.defaultAccountId, userVerification: e.userVerification ?? "required", + agentForward: e.agentForward ?? true, description: e.description ?? null, })); } @@ -182,11 +191,13 @@ export class InMemoryEndpointRepository implements EndpointRepository { port: number; username: string; userVerification?: UserVerification; + agentForward?: boolean; description?: string | null; }): Promise { this.store.push({ ...data, userVerification: data.userVerification ?? "required", + agentForward: data.agentForward ?? true, description: data.description ?? null, }); } @@ -200,6 +211,7 @@ export class InMemoryEndpointRepository implements EndpointRepository { port: number; username: string; userVerification: UserVerification; + agentForward: boolean; description: string | null; }>, ): Promise { diff --git a/src/db/schema.ts b/src/db/schema.ts index b6158b1..adfd95a 100644 --- a/src/db/schema.ts +++ b/src/db/schema.ts @@ -10,7 +10,6 @@ export const accounts = sqliteTable("accounts", { enabled: integer("enabled", { mode: "boolean" }).notNull().default(true), maxSessions: integer("max_sessions").notNull().default(5), - agentForward: integer("agent_forward", { mode: "boolean" }).notNull().default(false), lastUsedAt: text("last_used_at"), createdAt: text("created_at").notNull(), updatedAt: text("updated_at").notNull(), @@ -87,6 +86,13 @@ export const endpoints = sqliteTable("endpoints", { * host / authenticator can't provide UV. */ userVerification: text("user_verification").notNull().default("required"), + /** + * Whether to enable SSH agent forwarding when opening a session to this + * endpoint. Defaults to enabled — some hosts disallow forwarding (e.g. + * AllowAgentForwarding no in sshd_config) and the user can disable it + * per-endpoint to avoid a forwarding-channel-rejected handshake. + */ + agentForward: integer("agent_forward", { mode: "boolean" }).notNull().default(true), /** * Optional free-form description (max 1000 chars). Surfaced to MCP agents in * the per-endpoint instructions so they have context about what runs on the diff --git a/src/db/seed.ts b/src/db/seed.ts index ab9f519..a685be5 100644 --- a/src/db/seed.ts +++ b/src/db/seed.ts @@ -105,6 +105,7 @@ export function seedFromConfig(db: ShellWatchDB, config: Config): SeedResult { host: ep.address.host, port: ep.address.port, username: ep.address.username, + agentForward: ep.agentForward, enabled: true, createdAt: now, updatedAt: now, diff --git a/src/server/routes/accounts.test.ts b/src/server/routes/accounts.test.ts index 051f2e3..7bd115e 100644 --- a/src/server/routes/accounts.test.ts +++ b/src/server/routes/accounts.test.ts @@ -16,7 +16,6 @@ function stubAccount(id: string, isAdmin: boolean): AccountInfo { isAdmin, enabled: true, maxSessions: 5, - agentForward: false, lastUsedAt: null, createdAt: now, updatedAt: now, diff --git a/src/server/routes/accounts.ts b/src/server/routes/accounts.ts index 817e5e8..f137582 100644 --- a/src/server/routes/accounts.ts +++ b/src/server/routes/accounts.ts @@ -34,33 +34,26 @@ export function registerAccountRoutes(params: AccountRoutesParams) { id: account.id, name: account.name, isAdmin: account.isAdmin, - agentForward: account.agentForward, }; }); - app.put<{ Body: { name?: string; agentForward?: boolean } }>( - "/api/auth/me", - async (request, reply) => { - const accountId = request.accountId; - const { name, agentForward } = request.body; - const updates: Partial<{ name: string; agentForward: boolean }> = {}; - if (name !== undefined) { - const trimmed = name.trim(); - if (!trimmed) { - reply.status(400); - return { error: "Name cannot be empty" }; - } - updates.name = trimmed; - } - if (agentForward !== undefined) { - updates.agentForward = agentForward; - } - if (Object.keys(updates).length > 0) { - await accountRepo.update(accountId, updates); + app.put<{ Body: { name?: string } }>("/api/auth/me", async (request, reply) => { + const accountId = request.accountId; + const { name } = request.body; + const updates: Partial<{ name: string }> = {}; + if (name !== undefined) { + const trimmed = name.trim(); + if (!trimmed) { + reply.status(400); + return { error: "Name cannot be empty" }; } - return { status: "updated" }; - }, - ); + updates.name = trimmed; + } + if (Object.keys(updates).length > 0) { + await accountRepo.update(accountId, updates); + } + return { status: "updated" }; + }); // --- Account Management (admin only) --- @@ -77,7 +70,6 @@ export function registerAccountRoutes(params: AccountRoutesParams) { isAdmin: a.isAdmin, enabled: a.enabled, maxSessions: a.maxSessions, - agentForward: a.agentForward, lastUsedAt: a.lastUsedAt, createdAt: a.createdAt, })), @@ -162,6 +154,7 @@ export function registerAccountRoutes(params: AccountRoutesParams) { host: endpointsTable.host, port: endpointsTable.port, username: endpointsTable.username, + agentForward: endpointsTable.agentForward, }) .from(endpointsTable) .where(eq(endpointsTable.accountId, adminId)) @@ -192,6 +185,7 @@ export function registerAccountRoutes(params: AccountRoutesParams) { host: ep.host, port: ep.port, }), + agentForward: ep.agentForward, })); return { passkeys: seedPasskeys, endpoints: seedEndpoints }; diff --git a/src/server/routes/endpoints.ts b/src/server/routes/endpoints.ts index 6c21059..4040883 100644 --- a/src/server/routes/endpoints.ts +++ b/src/server/routes/endpoints.ts @@ -31,15 +31,18 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { app.get("/api/endpoints", async (request) => { const all = await endpointRepo.findAllForAccount(request.accountId); return { - endpoints: all.map(({ id, label, host, port, username, userVerification, description }) => ({ - id, - label, - host, - port, - username, - userVerification, - description, - })), + endpoints: all.map( + ({ id, label, host, port, username, userVerification, agentForward, description }) => ({ + id, + label, + host, + port, + username, + userVerification, + agentForward, + description, + }), + ), }; }); @@ -50,6 +53,7 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { port?: number; username?: string; userVerification?: string; + agentForward?: boolean; description?: string | null; }; }>("/api/endpoints", async (request, reply) => { @@ -61,6 +65,13 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { error: `userVerification must be one of: ${USER_VERIFICATION_VALUES.join(", ")}`, }; } + if ( + request.body.agentForward !== undefined && + typeof request.body.agentForward !== "boolean" + ) { + reply.status(400); + return { error: "agentForward must be a boolean" }; + } const desc = normalizeDescription(request.body.description); if (!desc.ok) { reply.status(400); @@ -77,6 +88,7 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { port: request.body.port ?? 22, username: request.body.username ?? "shellwatch", userVerification: uv as UserVerification | undefined, + agentForward: request.body.agentForward, description: desc.value, }); return { status: "created", id }; @@ -95,6 +107,7 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { port?: number; username?: string; userVerification?: string; + agentForward?: boolean; description?: string | null; }; }>("/api/endpoints/:id", async (request, reply) => { @@ -106,6 +119,10 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { error: `userVerification must be one of: ${USER_VERIFICATION_VALUES.join(", ")}`, }; } + if (body.agentForward !== undefined && typeof body.agentForward !== "boolean") { + reply.status(400); + return { error: "agentForward must be a boolean" }; + } const descriptionPatch: Partial<{ description: string | null }> = {}; if (body.description !== undefined) { const desc = normalizeDescription(body.description); diff --git a/src/terminal/terminal-manager.test.ts b/src/terminal/terminal-manager.test.ts index 65572ae..7f98433 100644 --- a/src/terminal/terminal-manager.test.ts +++ b/src/terminal/terminal-manager.test.ts @@ -22,6 +22,7 @@ const testEndpoint: EndpointInfo = { port: 22, username: "testuser", userVerification: "required", + agentForward: true, description: null, }; diff --git a/src/test/helpers/app-server.ts b/src/test/helpers/app-server.ts index afed877..fb90729 100644 --- a/src/test/helpers/app-server.ts +++ b/src/test/helpers/app-server.ts @@ -104,6 +104,7 @@ export async function startTestApp( { label: "Test Server", address: { username: "testuser", host: sshServer.host, port: sshServer.port }, + agentForward: true, }, ], security: { cookieSecret: testCookieSecret }, diff --git a/src/test/integration/agent-forward.test.ts b/src/test/integration/agent-forward.test.ts index 493c32e..b75e7a1 100644 --- a/src/test/integration/agent-forward.test.ts +++ b/src/test/integration/agent-forward.test.ts @@ -60,6 +60,7 @@ describe("SSH Agent Forwarding", () => { host: sshServer.host, port: sshServer.port, username: "testuser", + agentForward, }, ]); const keyRepo = new InMemorySshKeyRepository([ @@ -69,7 +70,6 @@ describe("SSH Agent Forwarding", () => { const factory = new SshTransportFactory(keyRepo, keyProvider, { rpId: "localhost", - getAgentForward: async () => agentForward, isAdmin: () => true, createAgent: ({ fileKeys, agentForward: fwd }) => { const fileKeyEntries = fileKeys diff --git a/src/test/integration/error-scenarios.test.ts b/src/test/integration/error-scenarios.test.ts index 31f542d..9b49793 100644 --- a/src/test/integration/error-scenarios.test.ts +++ b/src/test/integration/error-scenarios.test.ts @@ -129,6 +129,7 @@ describe("Error Scenarios", () => { { label: "No Key", address: { username: "test", host: "localhost", port: 22 }, + agentForward: true, }, ], security: { cookieSecret: testSecret }, diff --git a/src/transport/create-factory.ts b/src/transport/create-factory.ts index b0a54f3..46bf807 100644 --- a/src/transport/create-factory.ts +++ b/src/transport/create-factory.ts @@ -43,11 +43,6 @@ export function createSshTransportFactoryFromConfig( findCredentialsForAccount: (accountId) => findCredentialsForAccount(db, accountId), isAdmin: (accountId) => accountRepo.isAdmin(accountId), - getAgentForward: async (accountId) => { - const account = await accountRepo.findById(accountId); - return account?.agentForward ?? false; - }, - createAgent: ({ endpoint, fileKeys, diff --git a/src/transport/ssh-transport-factory.test.ts b/src/transport/ssh-transport-factory.test.ts index 786bab1..c6517cb 100644 --- a/src/transport/ssh-transport-factory.test.ts +++ b/src/transport/ssh-transport-factory.test.ts @@ -24,6 +24,7 @@ const testEndpoint: EndpointInfo = { username: "user", accountId: "account-1", userVerification: "required", + agentForward: false, description: null, }; @@ -211,7 +212,7 @@ describe("SshTransportFactory", () => { expect(cleanup).toHaveBeenCalledOnce(); }); - it("passes agentForward=true when account has it enabled", async () => { + it("passes agentForward=true when the endpoint has it enabled", async () => { const mockTransport = createMockTransport(); const mockAgent = { sign: vi.fn() } as never; mockConnectSshWithAgent.mockResolvedValue(mockTransport); @@ -226,12 +227,11 @@ describe("SshTransportFactory", () => { createAgent, findCredentialsForAccount: () => [testCredential], isAdmin: () => false, - getAgentForward: async () => true, }, ); await factory.create({ - endpoint: testEndpoint, + endpoint: { ...testEndpoint, agentForward: true }, sessionId: "sess_test", trigger: { kind: "ui", sourceIp: "127.0.0.1" }, }); diff --git a/src/transport/ssh-transport-factory.ts b/src/transport/ssh-transport-factory.ts index 679a569..5a4eafc 100644 --- a/src/transport/ssh-transport-factory.ts +++ b/src/transport/ssh-transport-factory.ts @@ -43,8 +43,6 @@ export interface SshTransportFactoryOptions { createAgent: AgentFactory; findCredentialsForAccount?: CredentialsForAccountLookup; isAdmin?: AdminCheck; - /** Look up whether agent forwarding is enabled for a given account */ - getAgentForward?: (accountId: string) => Promise; } /** @@ -63,7 +61,7 @@ export class SshTransportFactory { async create(params: TransportFactoryParams): Promise { const { endpoint, sessionId, trigger } = params; - const agentForward = (await this.options.getAgentForward?.(endpoint.accountId)) ?? false; + const agentForward = endpoint.agentForward; const isAdmin = this.options.isAdmin?.(endpoint.accountId) ?? false; // Gather file keys (admin only) From e2033ef01401a621a3edb23898bd3ec193af8f9c Mon Sep 17 00:00:00 2001 From: Martin Riedel <1713643+rado0x54@users.noreply.github.com> Date: Mon, 18 May 2026 14:24:27 +0200 Subject: [PATCH 4/4] feat: virtual demo endpoints + Settings UX overhaul (closes #211) (#214) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: virtual demoEndpoints config with per-account show toggle * feat: /demo/authorized-keys lookup + persisted passkey fingerprint * revert: /demo/authorized-keys lookup + persisted passkey fingerprint Demo auth is now handled inside the demo container (blanket-allow on a private docker network), no per-user pubkey lookup needed. See #211. * feat: trim onboarding, lift setup docs to a Settings tab, split SSH keys Onboarding drops Server Setup, Endpoints, MCP and Advanced steps; users land in the app right after passkey + notifications. Endpoints page no longer carries the UV hint-block, gains an Add Endpoint wizard that prepends a Server Setup step for first-time users, and renders the default shellwatch@ prefix as a gray adornment with a warning on blur. New /settings/setup tab consolidates the lifted help content. /settings/keys renamed to Passkeys; file-based SSH keys move to a separate admin-only Other SSH Keys tab. formatEndpointAddress always renders the username so the wire-level user is unambiguous in the UI. * chore: align primary actions across Settings pages Add Endpoint and Generate API Key now sit below the list, left-aligned, in the same .register-section pattern as Add passkey. Generate API Key opens a form modal (label + scopes) instead of an inline form; the existing key-display modal still shows the minted key. Demo Endpoints toggle moves to sit next to the section headline instead of the right edge. * feat: restructure Settings Setup tab into collapsible per-integration cards Replace the three-section Setup tab with five collapsible cards (SSH Server, Endpoint, MCP Client, ShellWatch Agent, ShellWatch PAM). Each card has a short explanation and minimum-step setup; Endpoint Setup adds a full field reference covering Label, Address, Description (with a callout on its role for MCP agents), UV, and SSH Agent Forwarding. MCP URL renders the actual origin; Agent install link points at the dedicated agent/v* release stream on GitHub; OpenSSH 10.3+ client requirement noted for the Agent flow. PAM step 3 spells out that the endpoint needs agent forwarding so SSH_AUTH_SOCK is forwarded. ServerSetupGuide placeholder shows a realistic example webauthn-sk one-liner. * feat: optional description on seed/demo endpoints; expose demo endpoints to MCP SeedEndpointSchema gains an optional description (max 1000 chars), which propagates to seedAdminEndpoints inserts and to the demo-endpoint synthesizer — so operator-configured context now surfaces in MCP's list_endpoints response. AgentSession and the shellwatch_manage_endpoints tool merge demo entries into the per-account list when accounts.showDemoEndpoints is on; read resolves demo:* ids via the synthesizer; create/update/delete reject demo ids with a clear error. AgentSession.createSession also resolves demo ids so MCP-driven session opens reach demo principals. * chore: address review feedback (#214) — empty-demo gate, integration coverage, signal-chip badge Hide the Demo Endpoints section + toggle on deployments with no demoEndpoints in config (new demoEndpointsAvailable field on /api/auth/me). Thread $account?.name into the wizard's ServerSetupGuide so the authorized_keys comment carries the real account, not 'user'. Sidebar gains a demo signal-chip below the endpoint label, reusing the global .badge convention. Doc comments on the showDemoEndpoints visibility-vs-auth semantics and on the seed-export side effect of formatEndpointAddress always emitting the username. Locks in the c228350 MCP demo wiring with 7 REST + 6 MCP integration tests. * test: cover demoEndpointsAvailable on GET /api/auth/me Two-case unit test for the field that gates the Settings → Endpoints demo section: false when the operator configured no demoEndpoints, true when at least one is present. Behavior was indirectly exercised in demo-endpoints-flow.test.ts; this nails it down in the most direct test surface. --- client/src/app.css | 7 + .../lib/components/ServerSetupGuide.svelte | 187 ++++ client/src/lib/components/Sidebar.svelte | 12 + client/src/lib/stores/account.ts | 16 + client/src/lib/stores/endpoints.ts | 2 + client/src/lib/utils/endpoint-address.ts | 9 +- client/src/routes/register/+page.svelte | 541 +--------- client/src/routes/settings/+layout.svelte | 29 +- .../src/routes/settings/api-keys/+page.svelte | 147 ++- .../routes/settings/endpoints/+page.svelte | 320 ++++-- client/src/routes/settings/keys/+page.svelte | 111 +- client/src/routes/settings/setup/+page.svelte | 367 +++++++ .../src/routes/settings/ssh-keys/+page.svelte | 178 ++++ config.sample.yaml | 21 + drizzle/0008_account_show_demo_endpoints.sql | 1 + drizzle/meta/0008_snapshot.json | 981 ++++++++++++++++++ drizzle/meta/_journal.json | 7 + src/agent/agent-session.test.ts | 14 + src/agent/agent-session.ts | 32 +- src/config/index.ts | 2 + src/config/schema.ts | 20 + src/db/repositories/account-repo.ts | 5 +- src/db/schema.ts | 5 + src/db/seed.ts | 1 + src/demo-endpoints/index.test.ts | 96 ++ src/demo-endpoints/index.ts | Bin 0 -> 2556 bytes src/mcp/http-transport.test.ts | 2 + src/mcp/http-transport.ts | 25 +- src/mcp/server.test.ts | 174 +++- src/mcp/server.ts | 21 +- src/mcp/tools/endpoints.ts | 45 +- src/server/app.ts | 12 +- src/server/routes/accounts.test.ts | 48 +- src/server/routes/accounts.ts | 64 +- src/server/routes/endpoints.ts | 37 +- src/server/routes/sessions.ts | 16 +- src/test/helpers/test-config.ts | 1 + .../integration/demo-endpoints-flow.test.ts | 250 +++++ src/utils/endpoint-address.test.ts | 12 +- src/utils/endpoint-address.ts | 11 +- 40 files changed, 3018 insertions(+), 811 deletions(-) create mode 100644 client/src/lib/components/ServerSetupGuide.svelte create mode 100644 client/src/routes/settings/setup/+page.svelte create mode 100644 client/src/routes/settings/ssh-keys/+page.svelte create mode 100644 drizzle/0008_account_show_demo_endpoints.sql create mode 100644 drizzle/meta/0008_snapshot.json create mode 100644 src/demo-endpoints/index.test.ts create mode 100644 src/demo-endpoints/index.ts create mode 100644 src/test/integration/demo-endpoints-flow.test.ts diff --git a/client/src/app.css b/client/src/app.css index 142caf9..7e683a8 100644 --- a/client/src/app.css +++ b/client/src/app.css @@ -326,6 +326,13 @@ pre, background: var(--warning, var(--secondary)); } +.badge-demo { + color: var(--accent); +} +.badge-demo::before { + background: var(--accent); +} + /* ------------------------------------------------------------------ * Status dots — small 6px squares, colored, glow when live * ------------------------------------------------------------------ */ diff --git a/client/src/lib/components/ServerSetupGuide.svelte b/client/src/lib/components/ServerSetupGuide.svelte new file mode 100644 index 0000000..84b6154 --- /dev/null +++ b/client/src/lib/components/ServerSetupGuide.svelte @@ -0,0 +1,187 @@ + + + + +

+ Two one-time steps on each server you want to reach. Requires + OpenSSH 8.4+. +

+ +
+ 1. Enable WebAuthn keys in /etc/ssh/sshd_config (reload sshd after) + {SSHD_CONFIG_ONE_LINER} + +
+ +{#if sshOneLiner && sshLine} +
+ 2. Add this passkey to ~/.ssh/authorized_keys + {sshOneLiner} + +
+{:else if passkey} +

+ This authenticator does not expose an SSH-compatible public key. You can still use it for login. To enable SSH, register a different passkey from Settings. +

+{:else} +
+ 2. Add a passkey to ~/.ssh/authorized_keys (example) + + echo 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com + AAAAK3dlYmF1dGhuLXNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBExample…= + example_com-alice-yubikey5' >> ~/.ssh/authorized_keys + +
+

+ Replace the key body and comment with your own — copy the exact one-liner for a specific passkey + from Settings → Passkeys. +

+{/if} + + diff --git a/client/src/lib/components/Sidebar.svelte b/client/src/lib/components/Sidebar.svelte index 272d26c..d1b23e4 100644 --- a/client/src/lib/components/Sidebar.svelte +++ b/client/src/lib/components/Sidebar.svelte @@ -158,6 +158,9 @@
{ep.label} + {#if ep.isDemo} + demo + {/if}
:global(.btn) { flex-shrink: 0; } diff --git a/client/src/lib/stores/account.ts b/client/src/lib/stores/account.ts index 5d0be0f..1f3d96b 100644 --- a/client/src/lib/stores/account.ts +++ b/client/src/lib/stores/account.ts @@ -5,6 +5,9 @@ export interface AccountData { id: string; name: string; isAdmin: boolean; + showDemoEndpoints: boolean; + /** True when the operator has at least one demoEndpoints entry in config. */ + demoEndpointsAvailable: boolean; } export const account = writable(null); @@ -35,3 +38,16 @@ export async function updateAccountName(name: string): Promise { } await fetchAccount(); } + +export async function updateShowDemoEndpoints(showDemoEndpoints: boolean): Promise { + const res = await fetch("/api/auth/me", { + method: "PUT", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ showDemoEndpoints }), + }); + if (!res.ok) { + const err = await res.json(); + throw new Error(err.error || "Failed to update demo endpoint visibility"); + } + await fetchAccount(); +} diff --git a/client/src/lib/stores/endpoints.ts b/client/src/lib/stores/endpoints.ts index a8caced..7a4ec92 100644 --- a/client/src/lib/stores/endpoints.ts +++ b/client/src/lib/stores/endpoints.ts @@ -20,6 +20,8 @@ export interface Endpoint { userVerification: UserVerification; agentForward: boolean; description: string | null; + /** True if this is a virtual demo endpoint (read-only, from operator config). */ + isDemo: boolean; } export const endpoints = writable([]); diff --git a/client/src/lib/utils/endpoint-address.ts b/client/src/lib/utils/endpoint-address.ts index 28c4eaa..fdb0dcc 100644 --- a/client/src/lib/utils/endpoint-address.ts +++ b/client/src/lib/utils/endpoint-address.ts @@ -58,10 +58,13 @@ function parsePort(s: string): number { } /** - * Format an endpoint address, omitting defaults. + * Format an endpoint address. The username is always rendered so the display + * is unambiguous when the endpoint was created without a `user@` prefix and + * picked up the `shellwatch` default — surfacing the default explicitly + * matches what sshd actually sees on the wire. The port is still omitted + * when it's the SSH default (22). */ export function formatEndpointAddress(ep: EndpointAddress): string { - const userPart = ep.username !== DEFAULT_USERNAME ? `${ep.username}@` : ""; const portPart = ep.port !== DEFAULT_PORT ? `:${ep.port}` : ""; - return `${userPart}${ep.host}${portPart}`; + return `${ep.username}@${ep.host}${portPart}`; } diff --git a/client/src/routes/register/+page.svelte b/client/src/routes/register/+page.svelte index f4888d8..2618e73 100644 --- a/client/src/routes/register/+page.svelte +++ b/client/src/routes/register/+page.svelte @@ -5,9 +5,6 @@ import { resolve } from "$app/paths"; import { get } from "svelte/store"; import { selfRegistrationEnabled } from "$lib/stores/connection.js"; - import { createEndpoint, endpoints, fetchEndpoints } from "$lib/stores/endpoints.js"; - import { formatEndpointAddress, parseEndpointAddress } from "$lib/utils/endpoint-address.js"; - import { generateApiKey } from "$lib/stores/keys.js"; import { pushEnabled, pushLoading, @@ -20,23 +17,15 @@ import { credentials, fetchCredentials, registerAccount } from "$lib/stores/webauthn.js"; import Wordmark from "$lib/components/Wordmark.svelte"; - type StepId = - | "welcome" - | "passkey" - | "server-setup" - | "endpoints" - | "mcp" - | "notifications" - | "advanced"; + // The technical-setup steps (SSH server, endpoints, MCP key, advanced links) + // live in Settings → Setup now. Onboarding is a 3-step minimum-friction path + // that ends with the user landing in the app and seeing demo endpoints. + type StepId = "welcome" | "passkey" | "notifications"; const stepOrder: { id: StepId; label: string }[] = [ { id: "welcome", label: "Welcome" }, { id: "passkey", label: "Passkey" }, - { id: "server-setup", label: "Server" }, - { id: "endpoints", label: "Endpoints" }, - { id: "mcp", label: "MCP" }, { id: "notifications", label: "Notify" }, - { id: "advanced", label: "Done" }, ]; let isAdminSetup = $state(false); @@ -91,10 +80,9 @@ const result = await registerAccount(accountName.trim()); registeredCredentialId = result.credentialId; status = ""; - // Pull the freshly-stored credential row so we can show its - // authorized_keys entry on the server-setup step. Also pre-fetch - // endpoints so admin's seeded entries appear when they reach that step. - await Promise.all([fetchCredentials(), fetchEndpoints()]); + // Pull the freshly-stored credential row so the confirmation copy can + // surface its label. + await fetchCredentials(); next(); } catch (err) { error = (err as Error).message; @@ -103,128 +91,10 @@ loading = false; } - // --- Server setup step --- - // registerAccount returns the WebAuthn credentialId (base64url), not the - // row UUID — so match on credentialId, not the row's `id` field. const registeredCred = $derived( $credentials.find((c) => c.credentialId === registeredCredentialId) ?? null, ); - function sshComment(label: string): string { - const sanitize = (s: string) => - s - .toLowerCase() - .replace(/[^a-z0-9]/g, "_") - .replace(/_+/g, "_") - .replace(/^_|_$/g, ""); - const host = sanitize(window.location.hostname); - const name = sanitize(accountName.trim() || "user"); - const key = sanitize(label); - return `${host}-${name}-${key}`; - } - - const sshLine = $derived( - registeredCred?.authorizedKeysEntry - ? `${registeredCred.authorizedKeysEntry} ${sshComment(registeredCred.label)}` - : null, - ); - - const sshOneLiner = $derived(sshLine ? `echo '${sshLine}' >> ~/.ssh/authorized_keys` : null); - - // Single source for the sshd line — referenced from both the visible code - // block and the clipboard handler so they can't drift. Mirrors the value - // computed server-side in src/webauthn/ssh-key-format.ts; if that changes - // (additional algorithms, multi-line config), surface it through the - // register response and consume it here instead. - const SSHD_CONFIG_LINE = "PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com"; - const SSHD_CONFIG_ONE_LINER = `echo '${SSHD_CONFIG_LINE}' | sudo tee -a /etc/ssh/sshd_config`; - - async function copyToClipboard(text: string, btn: HTMLButtonElement) { - const original = btn.innerHTML; - try { - await navigator.clipboard.writeText(text); - btn.innerHTML = "✓ Copied"; - } catch { - // Insecure context (HTTP non-localhost) or denied permission — surface - // the failure instead of flashing a false-positive "Copied" state. - btn.innerHTML = "Copy failed"; - } - setTimeout(() => { - btn.innerHTML = original; - }, 1500); - } - - // --- Endpoints step --- - let epLabel = $state(""); - let epAddress = $state(""); - - async function handleAddEndpoint() { - if (!epLabel || !epAddress) { - error = "Label and Address are required"; - return; - } - let parsed; - try { - parsed = parseEndpointAddress(epAddress); - } catch (err) { - error = (err as Error).message; - return; - } - loading = true; - error = ""; - try { - await createEndpoint({ - label: epLabel, - host: parsed.host, - port: parsed.port, - username: parsed.username, - }); - epLabel = ""; - epAddress = ""; - } catch (err) { - error = (err as Error).message; - } - loading = false; - } - - // --- MCP step --- - let apiKeyLabel = $state(""); - let generatedKey = $state(""); - let showApiKeyForm = $state(false); - - const mcpUrl = $derived(`${window.location.origin}/mcp`); - - // Sample config for non-OAuth MCP clients (HTTP-streaming with bearer auth). - // Inline the generated key directly so the user can copy the whole snippet - // and paste it into their MCP client without further substitution. - const mcpSampleConfig = $derived( - `{ - "mcpServers": { - "shellwatch": { - "type": "http", - "url": "${mcpUrl}", - "headers": { "Authorization": "Bearer ${generatedKey || ""}" } - } - } -}`, - ); - - async function handleGenerateApiKey() { - if (!apiKeyLabel) { - error = "Label is required"; - return; - } - loading = true; - error = ""; - try { - generatedKey = await generateApiKey(apiKeyLabel, ["mcp"]); - apiKeyLabel = ""; - } catch (err) { - error = (err as Error).message; - } - loading = false; - } - // --- Notifications step --- // Only probe the SW + push manager once. Re-firing on each back/forward // visit is harmless but wasteful — the user can't toggle from elsewhere @@ -345,161 +215,6 @@
{/if} - {:else if currentStep === "server-setup"} -

Use this passkey for SSH

-

- Two one-time steps on each server you want to reach. Requires - OpenSSH 8.4+. -

- - {#if sshOneLiner && sshLine} -
- 1. Enable WebAuthn keys in /etc/ssh/sshd_config (reload sshd after) - {SSHD_CONFIG_ONE_LINER} - -
- -
- 2. Add this passkey to ~/.ssh/authorized_keys - {sshOneLiner} - -
- {:else} -

- This authenticator does not expose an SSH-compatible public key. You can still use it for login. To enable SSH, register a different passkey from Settings. -

- {/if} - -
- - -
- {:else if currentStep === "endpoints"} -

Add SSH Endpoints

-

- Configure the remote servers you want to manage. You can always add more later. -

- - {#if $endpoints.length > 0} -
- {#each $endpoints as ep (ep.id)} -
- {ep.label} - {formatEndpointAddress(ep)} -
- {/each} -
- {/if} - -
- - -
-
- -
-
- - -
- {:else if currentStep === "mcp"} -

Connect AI agents

-

- Agents talk to via the Model Context Protocol. There are two ways to wire one up. -

- -
-
- Recommended - OAuth-capable agents -
-

- Point your agent at this URL. The MCP client (Claude Desktop, Cursor, etc.) redirects - through 's OAuth flow — you approve with a passkey, and mints a scoped - API key on the fly and injects it into the agent's session. No manual key handling. -

-
- {mcpUrl} - -
-
- - {#if generatedKey} - -
- API Key — copy now, shown only once - {generatedKey} - -
-
- Sample agent config - 
{mcpSampleConfig}
- -
- {:else} -
- Use a static API key instead -

- For non-OAuth agents, generate a key with mcp scope and configure your client - with a bearer header. -

-
- - -
-
- {/if} - -
- - -
{:else if currentStep === "notifications"}

Stay in the loop

@@ -545,46 +260,6 @@

{/if} -
- - -
- {:else if currentStep === "advanced"} -

What's next

-

A few features worth knowing about.

- -
-
- shellwatch-agent -

- A local SSH agent that brokers signing through . Run - ssh user@host from your terminal — your passkey unlocks the connection, no private - key on disk. -

-
-
- pam-ssh-agent-webauthn -

- PAM module that gates remote actions (e.g. sudo) on a passkey signature - brokered through . Source at - github.com/rado0x54/pam-ssh-agent-webauthn. -

-
-
- Docs & guides -

- Setup walkthroughs and reference live at - docs.shellwatch.ai. -

-
-
-
@@ -718,24 +393,6 @@ margin-bottom: 0.75rem; } - .form-row { - display: flex; - gap: 0.5rem; - margin-bottom: 0.75rem; - } - - .form-row .input { - flex: 1; - min-width: 0; - margin-bottom: 0; - } - - .btn-row { - display: flex; - gap: 0.5rem; - justify-content: center; - } - /* Footer nav row: Back on the left, Continue / primary on the right. */ .nav-row { display: flex; @@ -796,138 +453,6 @@ cursor: default; } - .endpoint-list { - margin-bottom: 0.75rem; - text-align: left; - } - - .endpoint-item { - display: flex; - justify-content: space-between; - align-items: center; - padding: 0.5rem 0.75rem; - background: var(--bg-primary); - border: 1px solid var(--border); - border-radius: 6px; - margin-bottom: 0.375rem; - } - - .endpoint-label { - font-weight: 600; - font-size: 0.8rem; - } - - .endpoint-detail { - font-size: 0.75rem; - color: var(--text-muted); - } - - /* Reusable code-block surface used across server-setup, MCP, etc. */ - .code-block { - position: relative; - background: var(--bg-primary); - border: 1px solid var(--border); - border-radius: 6px; - padding: 0.6rem 0.75rem; - margin-bottom: 0.75rem; - text-align: left; - } - - .code-block-success { - border-color: var(--green, #4ade80); - } - - .code-label { - display: block; - font-size: 0.65rem; - text-transform: uppercase; - letter-spacing: 0.05em; - color: var(--text-muted); - margin-bottom: 0.35rem; - } - - .code-content { - display: block; - font-size: 0.75rem; - word-break: break-all; - padding-right: 3.5rem; /* leave room for the absolute Copy button */ - } - - .code-pre { - white-space: pre-wrap; - margin: 0; - } - - .code-block-success .code-content { - color: var(--green, #4ade80); - } - - .btn-copy { - position: absolute; - top: 0.4rem; - right: 0.4rem; - padding: 0.25rem 0.5rem; - background: var(--bg-secondary); - color: var(--text-primary); - border: 1px solid var(--border); - border-radius: 4px; - font-size: 0.7rem; - cursor: pointer; - } - - .btn-copy:hover { - background: var(--border); - } - - details.extra { - text-align: left; - margin-bottom: 0.75rem; - border: 1px solid var(--border); - border-radius: 6px; - padding: 0.5rem 0.75rem; - background: var(--bg-primary); - } - - details.extra summary { - cursor: pointer; - font-size: 0.78rem; - font-weight: 500; - color: var(--text-primary); - } - - details.extra[open] summary { - margin-bottom: 0.5rem; - } - - /* MCP step */ - .mcp-card { - text-align: left; - background: var(--bg-primary); - border: 1px solid var(--border); - border-radius: 8px; - padding: 0.75rem; - margin-bottom: 0.75rem; - } - - .mcp-card-head { - display: flex; - align-items: center; - gap: 0.5rem; - margin-bottom: 0.4rem; - font-size: 0.9rem; - } - - .badge-recommended { - font-size: 0.6rem; - font-weight: 600; - text-transform: uppercase; - letter-spacing: 0.05em; - color: var(--accent); - border: 1px solid var(--accent); - border-radius: 4px; - padding: 0.1rem 0.4rem; - } - /* Notifications step */ .toggle-row { display: flex; @@ -988,36 +513,6 @@ margin-bottom: 0.75rem; } - /* Advanced step */ - .advanced-list { - text-align: left; - margin-bottom: 0.75rem; - } - - .advanced-item { - border: 1px solid var(--border); - border-radius: 6px; - padding: 0.6rem 0.75rem; - background: var(--bg-primary); - margin-bottom: 0.5rem; - } - - .advanced-item p { - margin: 0.25rem 0 0; - font-size: 0.78rem; - color: var(--text-muted); - line-height: 1.5; - } - - .advanced-item a { - color: var(--accent); - text-decoration: none; - } - - .advanced-item a:hover { - text-decoration: underline; - } - .error { color: var(--red); font-size: 0.85rem; @@ -1060,27 +555,5 @@ .hint { font-size: 0.76rem; } - - .form-row { - flex-direction: column; - } - - .btn-row { - flex-direction: column; - } - - .btn-row .btn-secondary { - width: 100%; - } - - .endpoint-item { - flex-direction: column; - align-items: flex-start; - gap: 0.15rem; - } - - .code-content { - font-size: 0.7rem; - } } diff --git a/client/src/routes/settings/+layout.svelte b/client/src/routes/settings/+layout.svelte index 3869843..7ef8aac 100644 --- a/client/src/routes/settings/+layout.svelte +++ b/client/src/routes/settings/+layout.svelte @@ -1,17 +1,40 @@
diff --git a/client/src/routes/settings/api-keys/+page.svelte b/client/src/routes/settings/api-keys/+page.svelte index 6337e98..a421a86 100644 --- a/client/src/routes/settings/api-keys/+page.svelte +++ b/client/src/routes/settings/api-keys/+page.svelte @@ -12,6 +12,10 @@ let label = $state(""); let scopeMcp = $state(true); let scopeAgent = $state(false); + let generating = $state(false); + // Two-stage flow: open the form modal, fill in label + scopes + Generate, + // then the key-display modal opens with the freshly-minted key (shown once). + let formModalOpen = $state(false); let showKeyModal = $state(false); let generatedKey = $state(""); let revokeTarget = $state<{ id: string; label: string } | null>(null); @@ -21,8 +25,24 @@ fetchApiKeys(); }); + function openGenerateModal() { + label = ""; + scopeMcp = true; + scopeAgent = false; + formModalOpen = true; + } + + function closeGenerateModal() { + if (generating) return; + formModalOpen = false; + } + async function handleGenerate() { - if (!label.trim()) return; + if (generating) return; + if (!label.trim()) { + toastError("Label is required"); + return; + } const scopes: string[] = []; if (scopeMcp) scopes.push("mcp"); if (scopeAgent) scopes.push("agent"); @@ -30,14 +50,15 @@ toastError("Select at least one scope"); return; } + generating = true; try { generatedKey = await generateApiKey(label.trim(), scopes); + formModalOpen = false; showKeyModal = true; - label = ""; - scopeMcp = true; - scopeAgent = false; } catch (err) { toastError(errorMessage(err)); + } finally { + generating = false; } } @@ -68,7 +89,7 @@ btn.textContent = "Copied!"; } - function handleCloseModal() { + function handleCloseKeyModal() { showKeyModal = false; generatedKey = ""; } @@ -104,30 +125,10 @@ {/each} -
-

Generate API Key

-
- - -
-

Scopes

-
- - -
+
+
{#if revokeTarget} @@ -145,8 +146,56 @@ {/if} + {#if formModalOpen} + +
+ + +
+ +
+ Scopes + + +
+ + {#snippet actions()} + + + {/snippet} + + {/if} + {#if showKeyModal} - +

Copy this key now — it will not be shown again.

{generatedKey}
{#snippet actions()} @@ -155,7 +204,7 @@ class="btn btn-primary" onclick={(e) => handleCopy(e.currentTarget as HTMLButtonElement)}>Copy - + {/snippet} {/if} @@ -194,6 +243,14 @@ margin: 0 var(--space-2); } + .register-section { + margin-top: var(--space-5); + display: flex; + align-items: center; + gap: var(--space-3); + flex-wrap: wrap; + } + .modal-desc { color: var(--text-muted); font-size: 0.85rem; @@ -205,18 +262,20 @@ cursor: text; } - .scope-heading { - margin: 0.75rem 0 0.25rem; - font-size: 0.8rem; - font-weight: 600; - color: var(--text-muted); + .field { + display: flex; + flex-direction: column; + gap: 0.3rem; + margin-top: 0.85rem; } - .scope-row { - display: flex; - gap: 1.5rem; - margin-top: 0.5rem; - font-size: 0.85rem; + .field label, + .field .field-label { + font-size: 0.75rem; + font-weight: 600; + color: var(--text-muted); + text-transform: uppercase; + letter-spacing: 0.05em; } .scope-option { @@ -224,6 +283,12 @@ align-items: center; gap: 0.4rem; cursor: pointer; + font-size: 0.85rem; + font-weight: 400; + color: var(--on-surface); + text-transform: none; + letter-spacing: 0; + margin-top: 0.35rem; } .scope-hint { diff --git a/client/src/routes/settings/endpoints/+page.svelte b/client/src/routes/settings/endpoints/+page.svelte index 8728b10..d2a3a7b 100644 --- a/client/src/routes/settings/endpoints/+page.svelte +++ b/client/src/routes/settings/endpoints/+page.svelte @@ -3,6 +3,7 @@ import { onMount } from "svelte"; import Modal from "$lib/components/Modal.svelte"; import ConfirmDialog from "$lib/components/ConfirmDialog.svelte"; + import ServerSetupGuide from "$lib/components/ServerSetupGuide.svelte"; import { createEndpoint, deleteEndpoint, @@ -14,14 +15,22 @@ type Endpoint, type UserVerification, } from "$lib/stores/endpoints.js"; + import { account, fetchAccount, updateShowDemoEndpoints } from "$lib/stores/account.js"; + import { credentials, fetchCredentials } from "$lib/stores/webauthn.js"; import { toastError } from "$lib/stores/toasts.js"; import { errorMessage } from "$lib/utils/error-message.js"; import { formatEndpointAddress, parseEndpointAddress } from "$lib/utils/endpoint-address.js"; - import Wordmark from "$lib/components/Wordmark.svelte"; import SettingsList from "$lib/components/SettingsList.svelte"; import SettingsRow from "$lib/components/SettingsRow.svelte"; - type ModalMode = { kind: "create" } | { kind: "edit"; id: string }; + // The wizard kinds prefix the form with a Server-Setup primer. Triggered + // automatically when the user clicks Add Endpoint while they have no own + // endpoints yet — the button label itself is static. + type ModalMode = + | { kind: "create" } + | { kind: "edit"; id: string } + | { kind: "wizard-server" } + | { kind: "wizard-form" }; let modal = $state(null); let saving = $state(false); @@ -32,18 +41,94 @@ let formDescription = $state(""); let deleteTarget = $state(null); let deleting = $state(false); + let togglingDemo = $state(false); + // Tracks whether the Address field has been blurred. Used to surface the + // "user defaults to shellwatch" hint only after the user finishes editing — + // we don't want it nagging mid-typing. + let addressBlurred = $state(false); + + // The default-user affordance fires when the user blurred away from a + // non-empty address that has no `user@` prefix. The actual prefix is shown + // as a gray adornment next to the input; the value in the input stays as + // whatever the user typed (parseEndpointAddress applies the default). + const showDefaultUserHint = $derived( + addressBlurred && formAddress.length > 0 && !formAddress.includes("@"), + ); + + // Split the merged endpoint list so we can render demos in their own + // section below the user's own endpoints. The server only returns demo + // entries when account.showDemoEndpoints is on, so this filter is empty + // when the toggle is off. + const regularEndpoints = $derived($endpoints.filter((ep) => !ep.isDemo)); + const demoEndpoints = $derived($endpoints.filter((ep) => ep.isDemo)); + + // First active passkey that's convertible to SSH — used by the wizard's + // Server-Setup step so the authorized_keys command is fully copy-pastable. + const wizardPasskey = $derived( + $credentials.find((c) => c.state === "active" && c.authorizedKeysEntry !== null) ?? null, + ); + + // The form modal is the same shape for create / wizard-form / edit. Only the + // Back button (wizard) vs Cancel (everywhere else) and the submit handler's + // create-vs-update branch differ. + const isFormModal = $derived( + modal?.kind === "create" || modal?.kind === "edit" || modal?.kind === "wizard-form", + ); + + function modalTitle(m: ModalMode): string { + switch (m.kind) { + case "create": + case "wizard-form": + return "Add Endpoint"; + case "edit": + return "Edit Endpoint"; + case "wizard-server": + return "Set up your SSH server"; + } + } onMount(() => { fetchEndpoints(); + fetchAccount(); + fetchCredentials(); }); - function openCreate() { - modal = { kind: "create" }; + async function handleToggleDemo() { + if (togglingDemo || !$account) return; + togglingDemo = true; + try { + await updateShowDemoEndpoints(!$account.showDemoEndpoints); + await fetchEndpoints(); + } catch (err) { + toastError(errorMessage(err)); + } finally { + togglingDemo = false; + } + } + + function resetForm() { formLabel = ""; formAddress = ""; formUserVerification = "required"; formAgentForward = true; formDescription = ""; + addressBlurred = false; + } + + // Single entry point from the Add Endpoint button. When the user has no own + // endpoints yet we lead with the SSH-server setup primer; otherwise we drop + // straight into the form — the button label stays the same either way. + function openAdd() { + resetForm(); + modal = regularEndpoints.length === 0 ? { kind: "wizard-server" } : { kind: "create" }; + } + + function continueWizard() { + modal = { kind: "wizard-form" }; + } + + function wizardBack() { + modal = { kind: "wizard-server" }; } function openEdit(ep: Endpoint) { @@ -53,6 +138,7 @@ formUserVerification = ep.userVerification; formAgentForward = ep.agentForward; formDescription = ep.description ?? ""; + addressBlurred = false; } function closeModal() { @@ -76,8 +162,8 @@ const description = formDescription.trim() ? formDescription.trim() : null; saving = true; try { - if (modal.kind === "create") { - await createEndpoint({ + if (modal.kind === "edit") { + await updateEndpoint(modal.id, { label: formLabel.trim(), host: parsed.host, port: parsed.port, @@ -87,7 +173,8 @@ description, }); } else { - await updateEndpoint(modal.id, { + // create or wizard-form — both POST a new endpoint + await createEndpoint({ label: formLabel.trim(), host: parsed.host, port: parsed.port, @@ -129,13 +216,10 @@
-
-

SSH Endpoints

- -
+

SSH Endpoints

- - {#each $endpoints as ep (ep.id)} + + {#each regularEndpoints as ep (ep.id)} {#snippet primary()} {ep.label} @@ -155,36 +239,49 @@ {/each} -
-

- User Verification controls the WebAuthn userVerification option - used for passkey sign ceremonies to this endpoint. Defaults to required (PIN / biometric - always enforced). Relax only if a specific authenticator can't provide UV. -

-

- This is a client-side setting — requests UV from the authenticator and rejects - responses without it when set to required, but the authoritative gate is the - OpenSSH server. To make UV load-bearing, configure the target host to require - it: -

-
    -
  • - Globally in sshd_config: - PubkeyAuthOptions verify-required -
    • -
  • - Per-key in ~/.ssh/authorized_keys on the server: - verify-required sk-ecdsa-sha2-nistp256@openssh.com AAAA... user@host -
    • -
-

- Either source enables enforcement; sshd rejects signatures without the UV bit (SSH_SK_USER_VERIFICATION_REQD, 0x04) set, logging - user verification requirement not met. See the project README for details. -

+
+
+ {#if $account?.demoEndpointsAvailable} +
+

Demo Endpoints

+ + Show +
+ + {#if $account.showDemoEndpoints} + + {#each demoEndpoints as ep (ep.id)} + + {#snippet primary()} + {ep.label} + UV: {ep.userVerification} + + forward: {ep.agentForward ? "on" : "off"} + + {/snippet} + {#snippet secondary()}{formatEndpointAddress(ep)}{/snippet} + + {/each} + + {/if} + {/if} + {#if deleteTarget} {/if} - {#if modal} - + {#if modal && modal.kind === "wizard-server"} + +

Step 1 of 2 · Server setup

+

+ Before adding your first endpoint, set up the remote server to accept your ShellWatch passkey credential. +

+ + + {#snippet actions()} + + + {/snippet} + + {/if} + + {#if modal && isFormModal} + + {#if modal.kind === "wizard-form"} +

Step 2 of 2 · Endpoint details

+ {/if} +
@@ -214,7 +327,24 @@
- +
+ {#if showDefaultUserHint} + shellwatch@ + {/if} + (addressBlurred = false)} + onblur={() => (addressBlurred = true)} + /> +
+ {#if showDefaultUserHint} + User defaults to shellwatch if not specified. + {/if}
@@ -263,11 +393,17 @@
{#snippet actions()} - + {#if modal?.kind === "wizard-form"} + + {:else} + + {/if} {/snippet} @@ -283,11 +419,33 @@ letter-spacing: 0.05em; } - .header { + .register-section { + margin-top: var(--space-5); display: flex; align-items: center; - justify-content: space-between; + gap: var(--space-3); + flex-wrap: wrap; + } + + /* Demo Endpoints section: headline + toggle clustered on the left so it + matches the rest of the settings pages where actions live left-aligned. */ + .demo-section-header { + display: flex; + align-items: center; + gap: 0.6rem; + margin-top: var(--space-6); margin-bottom: 0.75rem; + padding-top: var(--space-4); + border-top: 1px solid var(--border); + } + + .demo-section-label { + margin: 0; + font-size: 0.75rem; + font-weight: 600; + color: var(--text-muted); + text-transform: uppercase; + letter-spacing: 0.05em; } .row-label { @@ -300,20 +458,58 @@ max-width: 100%; } - .hint-block { - margin-top: var(--space-6); + .wizard-step-hint { + font-size: 0.65rem; + text-transform: uppercase; + letter-spacing: 0.08em; + color: var(--text-muted); + margin: 0 0 0.75rem; + } + + /* Address input with an optional gray "shellwatch@" prefix adornment shown + after blur when the user didn't supply a custom username. The wrapper + mimics the input's chrome so the prefix + input look like one field. */ + .address-input-wrap { + display: flex; + align-items: stretch; + width: 100%; + } + + .address-input-wrap.has-default-user { + border: 1px solid var(--outline-variant); + border-radius: 6px; + background-color: var(--surface-container); + overflow: hidden; + } + + .address-input-wrap.has-default-user input { + border: none; + background: transparent; + padding-left: 0; } - .hint { - font-size: 0.8rem; + .default-user-prefix { + display: inline-flex; + align-items: center; + padding: 0.5rem 0 0.5rem 0.625rem; color: var(--text-muted); - line-height: 1.5; + font-family: var(--font-mono, monospace); + font-size: var(--body-md); + user-select: none; + pointer-events: none; + } + + .address-warning { + display: block; + margin-top: 0.35rem; + font-size: 0.75rem; + color: var(--warning, var(--secondary, #f59e0b)); + line-height: 1.4; } - .hint code { + .address-warning code { font-family: var(--font-mono); font-size: 0.85em; - color: var(--primary); } .field { diff --git a/client/src/routes/settings/keys/+page.svelte b/client/src/routes/settings/keys/+page.svelte index 49ae400..39897d2 100644 --- a/client/src/routes/settings/keys/+page.svelte +++ b/client/src/routes/settings/keys/+page.svelte @@ -1,7 +1,6 @@
@@ -515,79 +480,19 @@ {/if} {#if revokeTarget} - {@const target = revokeTarget}

- Revoke {target.label}? This is permanent and cannot be undone. - {#if target.kind === "passkey"} - You'll be asked to verify with another passkey first. - {/if} + Revoke {revokeTarget.label}? This is permanent and cannot be undone. You'll + be asked to verify with another passkey first.

{/if} - - {#if hasAuthorizedKeys} -
-

SSH Server Setup

-

Add this line to /etc/ssh/sshd_config on your remote server:

- 
PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com
-

Then add the passkey's SSH public key to ~/.ssh/authorized_keys.

-
- {/if} - - - {#if $account?.isAdmin && fileKeys.length > 0} -

File-Based SSH Keys

- - {#each fileKeys as k (k.id)} - - {#snippet primary()} - {k.label} - {#if k.revoked} - revoked - {:else if !k.available} - unavailable - {:else} - available - {/if} - {k.algorithm} - {/snippet} - {#snippet secondary()} - {shortFingerprint(k.fingerprint)} - ·created {formatDate(k.createdAt)} - ·last used {formatDate(k.lastUsedAt)} - {/snippet} - {#snippet actions()} - {#if k.authorizedKeysEntry && !k.revoked} - - {/if} - {#if !k.revoked} - - {/if} - {/snippet} - - {/each} - - {/if}
diff --git a/client/src/routes/settings/ssh-keys/+page.svelte b/client/src/routes/settings/ssh-keys/+page.svelte new file mode 100644 index 0000000..f40b75b --- /dev/null +++ b/client/src/routes/settings/ssh-keys/+page.svelte @@ -0,0 +1,178 @@ + + + + +
+

File-Based SSH Keys

+ + + {#each fileKeys as k (k.id)} + + {#snippet primary()} + {k.label} + {#if k.revoked} + revoked + {:else if !k.available} + unavailable + {:else} + available + {/if} + {k.algorithm} + {/snippet} + {#snippet secondary()} + {shortFingerprint(k.fingerprint)} + ·created {formatDate(k.createdAt)} + ·last used {formatDate(k.lastUsedAt)} + {/snippet} + {#snippet actions()} + {#if k.authorizedKeysEntry && !k.revoked} + + {/if} + {#if !k.revoked} + + {/if} + {/snippet} + + {/each} + + + {#if revokeTarget} + +

+ Revoke {revokeTarget.label}? This is permanent and cannot be undone. +

+ + {/if} +
+ + diff --git a/config.sample.yaml b/config.sample.yaml index dd5b3c1..cd52ac8 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -41,14 +41,35 @@ keyDirectory: ./keys # Optional: seed endpoints for the admin account on first run (keys are assigned via UI) # Format: [user@]host[:port] — defaults: user=shellwatch, port=22 # agentForward defaults to true; set to false for hosts that disallow forwarding. +# description is optional free-form context (max 1000 chars) surfaced to MCP +# agents via the shellwatch_manage_endpoints list/read tool. # seedAdminEndpoints: # - label: Dev Box # address: ubuntu@dev.example.com +# description: "Personal dev sandbox. /srv/app holds the staging copy." # # - label: Staging # address: deploy@staging.example.com:2222 # agentForward: false +# Optional: virtual demo endpoints merged into every account's endpoint list. +# Same shape as seedAdminEndpoints (including description). Never copied into +# the database — config is the source of truth. Each account has a "Show demo +# endpoints" toggle on the Endpoints page (default on); set demoEndpoints to +# [] or omit to disable. Pairs with the rado0x54/shellwatch-demo-server +# container — see issue #211. +# demoEndpoints: +# - label: "Demo: Sudoku" +# address: sw-sudoku@ssh.shellwatch.ai +# description: "Terminal sudoku (nudoku). ForceCommand-pinned; no shell." +# - label: "Demo: 2048" +# address: sw-2048@ssh.shellwatch.ai +# description: "Terminal 2048. ForceCommand-pinned; no shell." +# - label: "Demo: Snake" +# address: sw-snake@ssh.shellwatch.ai +# - label: "Demo: Matrix" +# address: sw-matrix@ssh.shellwatch.ai + # Security settings security: # WebAuthn Relying Party ID — must match the domain passkeys are registered on. diff --git a/drizzle/0008_account_show_demo_endpoints.sql b/drizzle/0008_account_show_demo_endpoints.sql new file mode 100644 index 0000000..a1da434 --- /dev/null +++ b/drizzle/0008_account_show_demo_endpoints.sql @@ -0,0 +1 @@ +ALTER TABLE `accounts` ADD `show_demo_endpoints` integer DEFAULT true NOT NULL; \ No newline at end of file diff --git a/drizzle/meta/0008_snapshot.json b/drizzle/meta/0008_snapshot.json new file mode 100644 index 0000000..9593351 --- /dev/null +++ b/drizzle/meta/0008_snapshot.json @@ -0,0 +1,981 @@ +{ + "version": "6", + "dialect": "sqlite", + "id": "51088beb-e89a-4425-a71a-9509a1c5483a", + "prevId": "833d8ef2-d304-4fca-a662-6c996f63b68d", + "tables": { + "accounts": { + "name": "accounts", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "max_sessions": { + "name": "max_sessions", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": 5 + }, + "show_demo_endpoints": { + "name": "show_demo_endpoints", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "admin_account": { + "name": "admin_account", + "columns": { + "singleton": { + "name": "singleton", + "type": "integer", + "primaryKey": true, + "notNull": true, + "autoincrement": false, + "default": 1 + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": {}, + "foreignKeys": { + "admin_account_account_id_accounts_id_fk": { + "name": "admin_account_account_id_accounts_id_fk", + "tableFrom": "admin_account", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": { + "single_row": { + "name": "single_row", + "value": "\"admin_account\".\"singleton\" = 1" + } + } + }, + "api_keys": { + "name": "api_keys", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "key_hash": { + "name": "key_hash", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "key_prefix": { + "name": "key_prefix", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "scopes": { + "name": "scopes", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "endpoints": { + "name": "endpoints", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": { + "api_keys_key_hash_unique": { + "name": "api_keys_key_hash_unique", + "columns": ["key_hash"], + "isUnique": true + } + }, + "foreignKeys": { + "api_keys_account_id_accounts_id_fk": { + "name": "api_keys_account_id_accounts_id_fk", + "tableFrom": "api_keys", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "audit_session_lifecycle": { + "name": "audit_session_lifecycle", + "columns": { + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "endpoint_id": { + "name": "endpoint_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "closed_at": { + "name": "closed_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "duration_ms": { + "name": "duration_ms", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "source_ip": { + "name": "source_ip", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_reason": { + "name": "mcp_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_name": { + "name": "mcp_client_name", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_version": { + "name": "mcp_client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_label": { + "name": "api_key_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_prefix": { + "name": "api_key_prefix", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_hostname": { + "name": "client_hostname", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_os": { + "name": "client_os", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_version": { + "name": "client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "close_reason": { + "name": "close_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + } + }, + "indexes": { + "audit_session_lifecycle_account_created_idx": { + "name": "audit_session_lifecycle_account_created_idx", + "columns": ["account_id", "created_at", "session_id"], + "isUnique": false + }, + "audit_session_lifecycle_account_endpoint_created_idx": { + "name": "audit_session_lifecycle_account_endpoint_created_idx", + "columns": ["account_id", "endpoint_id", "created_at", "session_id"], + "isUnique": false + } + }, + "foreignKeys": { + "audit_session_lifecycle_account_id_accounts_id_fk": { + "name": "audit_session_lifecycle_account_id_accounts_id_fk", + "tableFrom": "audit_session_lifecycle", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": { + "audit_session_lifecycle_status_chk": { + "name": "audit_session_lifecycle_status_chk", + "value": "\"audit_session_lifecycle\".\"status\" IN ('open','closed','error')" + }, + "audit_session_lifecycle_source_chk": { + "name": "audit_session_lifecycle_source_chk", + "value": "\"audit_session_lifecycle\".\"source\" IN ('ui','mcp','ssh')" + } + } + }, + "audit_signing_requests": { + "name": "audit_signing_requests", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "source": { + "name": "source", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "resolved_at": { + "name": "resolved_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "outcome": { + "name": "outcome", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "latency_ms": { + "name": "latency_ms", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "source_ip": { + "name": "source_ip", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "endpoint_label": { + "name": "endpoint_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "endpoint_address": { + "name": "endpoint_address", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "session_id": { + "name": "session_id", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_reason": { + "name": "mcp_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_name": { + "name": "mcp_client_name", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "mcp_client_version": { + "name": "mcp_client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_label": { + "name": "api_key_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "api_key_prefix": { + "name": "api_key_prefix", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_hostname": { + "name": "client_hostname", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_os": { + "name": "client_os", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "client_version": { + "name": "client_version", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "credential_id": { + "name": "credential_id", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "passkey_label": { + "name": "passkey_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "user_verification": { + "name": "user_verification", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "key_label": { + "name": "key_label", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "key_fingerprint": { + "name": "key_fingerprint", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "cancel_reason": { + "name": "cancel_reason", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + } + }, + "indexes": { + "audit_signing_requests_account_created_idx": { + "name": "audit_signing_requests_account_created_idx", + "columns": ["account_id", "created_at", "id"], + "isUnique": false + } + }, + "foreignKeys": { + "audit_signing_requests_account_id_accounts_id_fk": { + "name": "audit_signing_requests_account_id_accounts_id_fk", + "tableFrom": "audit_signing_requests", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": { + "audit_signing_requests_type_chk": { + "name": "audit_signing_requests_type_chk", + "value": "\"audit_signing_requests\".\"type\" IN ('webauthn-sign','key-approve')" + }, + "audit_signing_requests_source_chk": { + "name": "audit_signing_requests_source_chk", + "value": "\"audit_signing_requests\".\"source\" IN ('endpoint-auth','agent-forwarding','agent-proxy')" + }, + "audit_signing_requests_outcome_chk": { + "name": "audit_signing_requests_outcome_chk", + "value": "\"audit_signing_requests\".\"outcome\" IS NULL OR \"audit_signing_requests\".\"outcome\" IN ('approved','denied','expired','cancelled')" + } + } + }, + "endpoints": { + "name": "endpoints", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "host": { + "name": "host", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "port": { + "name": "port", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": 22 + }, + "username": { + "name": "username", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "user_verification": { + "name": "user_verification", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "'required'" + }, + "agent_forward": { + "name": "agent_forward", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "description": { + "name": "description", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": {}, + "foreignKeys": { + "endpoints_account_id_accounts_id_fk": { + "name": "endpoints_account_id_accounts_id_fk", + "tableFrom": "endpoints", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "push_subscriptions": { + "name": "push_subscriptions", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "endpoint": { + "name": "endpoint", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "p256dh": { + "name": "p256dh", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "auth": { + "name": "auth", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": { + "push_subscriptions_endpoint_unique": { + "name": "push_subscriptions_endpoint_unique", + "columns": ["endpoint"], + "isUnique": true + } + }, + "foreignKeys": { + "push_subscriptions_account_id_accounts_id_fk": { + "name": "push_subscriptions_account_id_accounts_id_fk", + "tableFrom": "push_subscriptions", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "ssh_keys": { + "name": "ssh_keys", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "'file'" + }, + "public_key": { + "name": "public_key", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "fingerprint": { + "name": "fingerprint", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "last_used_at": { + "name": "last_used_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "updated_at": { + "name": "updated_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + } + }, + "indexes": { + "ssh_keys_fingerprint_unique": { + "name": "ssh_keys_fingerprint_unique", + "columns": ["fingerprint"], + "isUnique": true + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "webauthn_credentials": { + "name": "webauthn_credentials", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "account_id": { + "name": "account_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "credential_id": { + "name": "credential_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "public_key": { + "name": "public_key", + "type": "blob", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "counter": { + "name": "counter", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": 0 + }, + "transports": { + "name": "transports", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "label": { + "name": "label", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "public_key_openssh": { + "name": "public_key_openssh", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "revoked": { + "name": "revoked", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": false + }, + "state": { + "name": "state", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "'active'" + }, + "created_at": { + "name": "created_at", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "last_used_at": { + "name": "last_used_at", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + } + }, + "indexes": { + "webauthn_credentials_credential_id_unique": { + "name": "webauthn_credentials_credential_id_unique", + "columns": ["credential_id"], + "isUnique": true + } + }, + "foreignKeys": { + "webauthn_credentials_account_id_accounts_id_fk": { + "name": "webauthn_credentials_account_id_accounts_id_fk", + "tableFrom": "webauthn_credentials", + "tableTo": "accounts", + "columnsFrom": ["account_id"], + "columnsTo": ["id"], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + } + }, + "views": {}, + "enums": {}, + "_meta": { + "schemas": {}, + "tables": {}, + "columns": {} + }, + "internal": { + "indexes": {} + } +} diff --git a/drizzle/meta/_journal.json b/drizzle/meta/_journal.json index 68785a3..3ed77e2 100644 --- a/drizzle/meta/_journal.json +++ b/drizzle/meta/_journal.json @@ -57,6 +57,13 @@ "when": 1779047498048, "tag": "0007_endpoint_agent_forward", "breakpoints": true + }, + { + "idx": 8, + "version": "6", + "when": 1779052745016, + "tag": "0008_account_show_demo_endpoints", + "breakpoints": true } ] } diff --git a/src/agent/agent-session.test.ts b/src/agent/agent-session.test.ts index 3fbd637..cbfd9ba 100644 --- a/src/agent/agent-session.test.ts +++ b/src/agent/agent-session.test.ts @@ -1,10 +1,18 @@ // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 import { EventEmitter } from "node:events"; import { describe, expect, it, vi } from "vitest"; +import { StubAccountRepository } from "../db/repositories/account-repo.js"; import { InMemoryEndpointRepository } from "../db/repositories/endpoint-repo.js"; +import { createDemoEndpointsService } from "../demo-endpoints/index.js"; import type { TerminalManager } from "../terminal/terminal-manager.js"; import { AgentSession } from "./agent-session.js"; +// Demo-aware deps that mirror the production wiring but with empty demo +// config / a no-op account repo. Tests that need the merged list with +// actual demos should pass their own service instead. +const EMPTY_DEMO = createDemoEndpointsService([]); +const NO_OP_ACCOUNT = new StubAccountRepository(); + function createMockTerminalManager() { const emitter = new EventEmitter(); return Object.assign(emitter, { @@ -45,6 +53,8 @@ describe("AgentSession.listEndpoints", () => { ]); const session = new AgentSession({ endpointRepo, + demoEndpoints: EMPTY_DEMO, + accountRepo: NO_OP_ACCOUNT, terminalManager: createMockTerminalManager(), source: "mcp", accountId: "account-alice", @@ -75,6 +85,8 @@ describe("AgentSession.createSession", () => { const terminalManager = createMockTerminalManager(); const session = new AgentSession({ endpointRepo, + demoEndpoints: EMPTY_DEMO, + accountRepo: NO_OP_ACCOUNT, terminalManager, source: "mcp", accountId: "account-bob", @@ -109,6 +121,8 @@ describe("AgentSession.createSession", () => { }); const session = new AgentSession({ endpointRepo, + demoEndpoints: EMPTY_DEMO, + accountRepo: NO_OP_ACCOUNT, terminalManager, source: "mcp", accountId: "account-alice", diff --git a/src/agent/agent-session.ts b/src/agent/agent-session.ts index 109f3f2..5068375 100644 --- a/src/agent/agent-session.ts +++ b/src/agent/agent-session.ts @@ -1,5 +1,8 @@ // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 +import type { AccountRepository } from "../db/repositories/account-repo.js"; import type { EndpointRepository } from "../db/repositories/endpoint-repo.js"; +import type { DemoEndpointsService } from "../demo-endpoints/index.js"; +import { isDemoEndpointId } from "../demo-endpoints/index.js"; import type { EndpointAuthTrigger } from "../pending-action/types.js"; import type { OutputReadResult, TerminalManager, TerminalSession } from "../terminal/index.js"; import { resolveKeys } from "../terminal/keys.js"; @@ -9,6 +12,16 @@ export type AgentSource = "mcp" | "ssh"; export interface AgentSessionOptions { endpointRepo: EndpointRepository; + /** + * Service that materializes the operator-configured demo endpoints. Merged + * into the agent's endpoint listing when the account's showDemoEndpoints + * toggle is on; opens are accepted on `demo:*` ids regardless of the toggle + * (matches the UI flow — visibility hides them, but the connect path stays + * usable for callers that already know the id). + */ + demoEndpoints: DemoEndpointsService; + /** Used to read the account's `showDemoEndpoints` toggle at list time. */ + accountRepo: AccountRepository; terminalManager: TerminalManager; source: AgentSource; /** @@ -38,6 +51,8 @@ export class AgentSession { private mcpClientVersion?: string; private readonly endpointRepo: EndpointRepository; + private readonly demoEndpoints: DemoEndpointsService; + private readonly accountRepo: AccountRepository; private readonly terminalManager: TerminalManager; private readonly source: AgentSource; private readonly accountId: string; @@ -48,6 +63,8 @@ export class AgentSession { constructor(opts: AgentSessionOptions) { this.endpointRepo = opts.endpointRepo; + this.demoEndpoints = opts.demoEndpoints; + this.accountRepo = opts.accountRepo; this.terminalManager = opts.terminalManager; this.source = opts.source; this.accountId = opts.accountId; @@ -83,8 +100,12 @@ export class AgentSession { description: string | null; }[] > { - const endpoints = await this.endpointRepo.findAllForAccount(this.accountId); - return endpoints.map(({ id, label, host, port, username, description }) => ({ + const own = await this.endpointRepo.findAllForAccount(this.accountId); + const account = await this.accountRepo.findById(this.accountId); + const merged = account?.showDemoEndpoints + ? [...own, ...this.demoEndpoints.list(this.accountId)] + : own; + return merged.map(({ id, label, host, port, username, description }) => ({ id, label, host, @@ -101,7 +122,12 @@ export class AgentSession { // could pass any endpoint UUID and trigger a WebAuthn approval prompt on // the owning account with attacker-chosen reason text — and, if approved, // drive the resulting session via send_keys / read_output. - const endpoint = await this.endpointRepo.findByIdForAccount(endpointId, this.accountId); + // + // Demo endpoints aren't account-scoped (they're a global config set), so + // route them through the synthesizer instead of the per-account repo. + const endpoint = isDemoEndpointId(endpointId) + ? this.demoEndpoints.findById(endpointId, this.accountId) + : await this.endpointRepo.findByIdForAccount(endpointId, this.accountId); if (!endpoint) { throw new Error(`Unknown endpoint: ${endpointId}`); } diff --git a/src/config/index.ts b/src/config/index.ts index 96b8b9c..4c82f58 100644 --- a/src/config/index.ts +++ b/src/config/index.ts @@ -3,6 +3,8 @@ export { loadConfig } from "./loader.js"; export { type Config, ConfigSchema, + type DemoEndpoint, + DemoEndpointSchema, type SeedEndpoint, SeedEndpointSchema, securityFieldDefaults, diff --git a/src/config/schema.ts b/src/config/schema.ts index 7234e96..a0758d0 100644 --- a/src/config/schema.ts +++ b/src/config/schema.ts @@ -13,8 +13,21 @@ export const SeedEndpointSchema = z.object({ * Defaults to true — opt out per endpoint when the host disallows forwarding. */ agentForward: z.boolean().default(true), + /** + * Optional free-form context. Surfaced to MCP agents via the + * `shellwatch_manage_endpoints` list/read tool — the canonical place to + * tell an agent what a given host is for. Bounded to the same 1000-char + * cap the REST API enforces on user-created endpoints. + */ + description: z.string().max(1000).optional(), }); +// demoEndpoints uses the same shape as seedAdminEndpoints — they're virtual, +// global endpoints merged into every account's endpoint list (toggle on the +// account row). See src/demo-endpoints/. Key delivery is a separate concern, +// not modeled per-endpoint. +export const DemoEndpointSchema = SeedEndpointSchema; + /** Field-level defaults for optional security settings (rpId and trustedWebauthnOrigins are required) */ export const rateLimitDefaults = { selfRegister: { max: 5, windowMinutes: 15 }, @@ -161,6 +174,12 @@ export const ConfigSchema = z.object({ seedAdminEndpoints: z.array(SeedEndpointSchema).default([]), seedAdminApiKey: z.string().optional(), seedAdminPasskeys: z.array(SeedAdminPasskeySchema).default([]), + /** + * Virtual demo endpoints merged into every account's endpoint list when the + * account's showDemoEndpoints toggle is on. Same shape as seedAdminEndpoints + * but never copied into the endpoints table — config is the source of truth. + */ + demoEndpoints: z.array(DemoEndpointSchema).default([]), server: ServerSchema, security: SecuritySchema, notifications: NotificationsSchema.default(notificationDefaults), @@ -169,4 +188,5 @@ export const ConfigSchema = z.object({ }); export type SeedEndpoint = z.infer; +export type DemoEndpoint = z.infer; export type Config = z.infer; diff --git a/src/db/repositories/account-repo.ts b/src/db/repositories/account-repo.ts index 5d5bac2..f4f1b14 100644 --- a/src/db/repositories/account-repo.ts +++ b/src/db/repositories/account-repo.ts @@ -9,6 +9,7 @@ export interface AccountInfo { isAdmin: boolean; enabled: boolean; maxSessions: number; + showDemoEndpoints: boolean; lastUsedAt: string | null; createdAt: string; updatedAt: string; @@ -19,7 +20,7 @@ export interface AccountRepository { findAll(): Promise; update( id: string, - data: Partial>, + data: Partial>, ): Promise; /** Mark account as active. Writes are batched — call flushLastUsed() to persist. */ touchLastUsed(id: string): void; @@ -81,7 +82,7 @@ export class DrizzleAccountRepository implements AccountRepository { async update( id: string, - data: Partial>, + data: Partial>, ): Promise { this.db .update(accounts) diff --git a/src/db/schema.ts b/src/db/schema.ts index adfd95a..cc3fe36 100644 --- a/src/db/schema.ts +++ b/src/db/schema.ts @@ -10,6 +10,11 @@ export const accounts = sqliteTable("accounts", { enabled: integer("enabled", { mode: "boolean" }).notNull().default(true), maxSessions: integer("max_sessions").notNull().default(5), + // Whether the operator-configured demoEndpoints are merged into this + // account's endpoint list. Default true; user can hide them from the + // Endpoints page. Demo endpoints are never copied into the `endpoints` + // table — config is the source of truth. See src/demo-endpoints/. + showDemoEndpoints: integer("show_demo_endpoints", { mode: "boolean" }).notNull().default(true), lastUsedAt: text("last_used_at"), createdAt: text("created_at").notNull(), updatedAt: text("updated_at").notNull(), diff --git a/src/db/seed.ts b/src/db/seed.ts index a685be5..310a829 100644 --- a/src/db/seed.ts +++ b/src/db/seed.ts @@ -106,6 +106,7 @@ export function seedFromConfig(db: ShellWatchDB, config: Config): SeedResult { port: ep.address.port, username: ep.address.username, agentForward: ep.agentForward, + description: ep.description ?? null, enabled: true, createdAt: now, updatedAt: now, diff --git a/src/demo-endpoints/index.test.ts b/src/demo-endpoints/index.test.ts new file mode 100644 index 0000000..c523f6b --- /dev/null +++ b/src/demo-endpoints/index.test.ts @@ -0,0 +1,96 @@ +// SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 +import { describe, expect, it } from "vitest"; +import { ConfigSchema } from "../config/index.js"; +import { DEMO_ENDPOINT_ID_PREFIX, createDemoEndpointsService, isDemoEndpointId } from "./index.js"; + +function buildConfig(yaml: { demoEndpoints?: unknown }) { + return ConfigSchema.parse({ + server: { externalUrl: "http://localhost:3000" }, + security: { + rpId: "localhost", + trustedWebauthnOrigins: ["http://localhost:3000"], + }, + ...yaml, + }); +} + +describe("isDemoEndpointId", () => { + it("matches the demo prefix", () => { + expect(isDemoEndpointId(`${DEMO_ENDPOINT_ID_PREFIX}abc123`)).toBe(true); + expect(isDemoEndpointId("not-a-demo-id")).toBe(false); + expect(isDemoEndpointId("")).toBe(false); + }); +}); + +describe("createDemoEndpointsService", () => { + it("returns an empty list when config has no demo endpoints", () => { + const cfg = buildConfig({}); + const svc = createDemoEndpointsService(cfg.demoEndpoints); + expect(svc.list("acc1")).toEqual([]); + expect(svc.isEmpty()).toBe(true); + }); + + it("synthesizes endpoints with stable demo: ids and accountId set", () => { + const cfg = buildConfig({ + demoEndpoints: [ + { label: "Demo: Sudoku", address: "sw-sudoku@ssh.shellwatch.ai" }, + { label: "Demo: 2048", address: "sw-2048@ssh.shellwatch.ai" }, + ], + }); + const svc = createDemoEndpointsService(cfg.demoEndpoints); + const list = svc.list("acc-42"); + expect(list).toHaveLength(2); + for (const e of list) { + expect(e.id.startsWith(DEMO_ENDPOINT_ID_PREFIX)).toBe(true); + expect(e.accountId).toBe("acc-42"); + expect(e.userVerification).toBe("required"); + expect(e.description).toBeNull(); + } + // Different addresses produce distinct ids. + expect(list[0].id).not.toBe(list[1].id); + }); + + it("preserves the agentForward flag from config", () => { + const cfg = buildConfig({ + demoEndpoints: [ + { label: "demo-on", address: "alice@host-a" }, + { label: "demo-off", address: "bob@host-b", agentForward: false }, + ], + }); + const svc = createDemoEndpointsService(cfg.demoEndpoints); + const list = svc.list("acc1"); + expect(list[0].agentForward).toBe(true); + expect(list[1].agentForward).toBe(false); + }); + + it("findById resolves a known demo id, scoped to the requesting account", () => { + const cfg = buildConfig({ + demoEndpoints: [{ label: "Demo: Snake", address: "sw-snake@ssh.shellwatch.ai" }], + }); + const svc = createDemoEndpointsService(cfg.demoEndpoints); + const [synthesized] = svc.list("acc1"); + const found = svc.findById(synthesized.id, "acc-99"); + expect(found).not.toBeNull(); + expect(found!.accountId).toBe("acc-99"); + expect(found!.host).toBe("ssh.shellwatch.ai"); + expect(found!.username).toBe("sw-snake"); + }); + + it("findById returns null for unknown or non-demo ids", () => { + const cfg = buildConfig({ + demoEndpoints: [{ label: "Demo: Snake", address: "sw-snake@ssh.shellwatch.ai" }], + }); + const svc = createDemoEndpointsService(cfg.demoEndpoints); + expect(svc.findById("some-uuid", "acc1")).toBeNull(); + expect(svc.findById(`${DEMO_ENDPOINT_ID_PREFIX}deadbeef`, "acc1")).toBeNull(); + }); + + it("produces a stable id across reconstructions with the same config", () => { + const cfg = buildConfig({ + demoEndpoints: [{ label: "Demo: Sudoku", address: "sw-sudoku@ssh.shellwatch.ai" }], + }); + const a = createDemoEndpointsService(cfg.demoEndpoints).list("acc1")[0].id; + const b = createDemoEndpointsService(cfg.demoEndpoints).list("acc1")[0].id; + expect(a).toBe(b); + }); +}); diff --git a/src/demo-endpoints/index.ts b/src/demo-endpoints/index.ts new file mode 100644 index 0000000000000000000000000000000000000000..1366ace7ef0c8579134336e928f3e9f41afa2bcf GIT binary patch literal 2556 zcmaJ@?QYvP6y0w>#hp>0a$w6%u=R(tH0YKDGtf3c(sc!bAfZLd;wqCGNhR?z1AB-) z;htoNq$JB&v;2rn>VBSk?vbZcy1F>|Jb5QGp{$t9xlm5#QkWSvcb6icoL#+}?5F#a zw-w6@F*!(I4dklQ#?cdHMldISX11UW!ms6>@cuaq@|M6>m<|@~HKfah6QE4lkHd5HBXkt(NZ45LJkD*qiu#Qen z-=E)}emJ=}pMUsxJ3qO-xI8_Zf2JcEa@00M=GGyvRpz8tByGR!IZq^?k#$C@u<8PxrdEKs+fY9;y7pnXG>D~h!M?{J{q)u@o;jQ_75m47;JP-3ueXZ?`l&X z!nQ1>^=%qyzYso?LR&W`58BvAtF17Kt;7gGkP^#ME~PIx*M@wN_xmV(rO67H4m!~M zRW~&rVz!{g*fUb~Y9Y+HOVBLwL&3u2EE7B2w^ssl#HDA=bZ?KY)(Ti!`3HuDdANWsqa|jI$%x-;lnMxlWtpy( zOX+k~xivi$cpS&=rz8AjN_$g8^-+?>eBLK)Hx=yC^^I@P7jP-8F7H7(x(kc2cSrZq zxSExonG2SE@gxGz`|e``2UJ~_O-`V|e_Zcu$ha-}*&6825TY&Qtr4D9_|McjGOOKc z+q7C6pu`-pvOJE>N*nM<}BiffRIfw%vS^KC|r% z!(m*ja=kO(>l;+^OycXCzEO-M2)?E^Z2xI{7o$QpJl3?G958z6C}YN~ zsS;+=KA~Se1!2R;*Dw9hDVL9ecVRS)8Pt7})%e8RAv1@*f}lMXx&(M~R+pfI_1+N1 zqRX3xPC_*{GqUn}K8{;c!4R)INM^&TG3BLxfY=sB*UQ4w-OJnipDx-Uex+{P!eI#I zCyS+6B9292v8JwKTUS*nQ8E_PiASho3*ILPeJ&x*C}&1Pzuyv^9{Lu7-o^Gq;4^I= zm;nngBcG@_M++{xw!A^_NXN%vt-Rf46kj%tBz2^YGTL8?R+kcZ?J)CMo{tA$`qx7A z#Cy9u99y?N?XFT^Ya{n}C2SNTdI+1>>^2bJT^vf&RP=-=0^mJ25w@OA^~|;jWKPMq zUwQ41Ms02{dS0>oU-O27F7LL-Q=g~ZXOTijkB*M8(V { }); }); + // Demo-endpoint visibility/mutation behavior via MCP. Locks in the contract + // that the toggle controls listing only, mutations are refused, and the + // synthesized ids are resolvable via read regardless of toggle state. + describe("shellwatch_manage_endpoints (demo endpoints)", () => { + async function setupDemoClient(opts: { showDemoEndpoints: boolean }) { + const endpointRepo = new InMemoryEndpointRepository(testEndpoints); + const keyRepo = new InMemorySshKeyRepository(testKeys); + const demoEndpoints = createDemoEndpointsService([ + { + label: "Demo: 2048", + address: { host: "ssh.example.com", port: 22, username: "sw-2048" }, + agentForward: false, + }, + ]); + const now = new Date().toISOString(); + const accountRepo: typeof NO_OP_ACCOUNT = { + async findById() { + return { + id: testAccountId, + name: "test", + isAdmin: false, + enabled: true, + maxSessions: 5, + showDemoEndpoints: opts.showDemoEndpoints, + lastUsedAt: null, + createdAt: now, + updatedAt: now, + }; + }, + async findAll() { + return []; + }, + async update() {}, + touchLastUsed() {}, + flushLastUsed() {}, + getAdminAccountId() { + return null; + }, + setAdmin() {}, + isAdmin() { + return false; + }, + destroy() {}, + }; + const agentSession = new AgentSession({ + endpointRepo, + demoEndpoints, + accountRepo, + terminalManager: mockManager, + source: "mcp", + accountId: testAccountId, + }); + const mcpServer = await createMcpServer({ + agentSession, + endpointRepo, + demoEndpoints, + accountRepo, + keyRepo, + accountId: testAccountId, + }); + const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair(); + await mcpServer.connect(serverTransport); + const client = new Client({ name: "test-client", version: "1.0.0" }); + await client.connect(clientTransport); + const demoId = demoEndpoints.list(testAccountId)[0].id; + return { client, demoId }; + } + + it("merges demo endpoints into list when the toggle is on", async () => { + const { client, demoId } = await setupDemoClient({ showDemoEndpoints: true }); + const result = await client.callTool({ + name: "shellwatch_manage_endpoints", + arguments: { action: "list" }, + }); + const content = (result.content as { type: string; text: string }[])[0].text; + const parsed = JSON.parse(content); + const ids = (parsed.endpoints as { id: string }[]).map((e) => e.id); + expect(ids).toContain("dev-box"); + expect(ids).toContain(demoId); + }); + + it("omits demo endpoints from list when the toggle is off", async () => { + const { client } = await setupDemoClient({ showDemoEndpoints: false }); + const result = await client.callTool({ + name: "shellwatch_manage_endpoints", + arguments: { action: "list" }, + }); + const content = (result.content as { type: string; text: string }[])[0].text; + const parsed = JSON.parse(content); + const ids = (parsed.endpoints as { id: string }[]).map((e) => e.id); + expect(ids).toEqual(["dev-box"]); + }); + + it("read resolves demo:* ids regardless of the toggle state", async () => { + const { client, demoId } = await setupDemoClient({ showDemoEndpoints: false }); + const result = await client.callTool({ + name: "shellwatch_manage_endpoints", + arguments: { action: "read", id: demoId }, + }); + expect(result.isError).toBeUndefined(); + const content = (result.content as { type: string; text: string }[])[0].text; + const parsed = JSON.parse(content); + expect(parsed.id).toBe(demoId); + expect(parsed.host).toBe("ssh.example.com"); + }); + + it("rejects update on demo:* ids", async () => { + const { client, demoId } = await setupDemoClient({ showDemoEndpoints: true }); + const result = await client.callTool({ + name: "shellwatch_manage_endpoints", + arguments: { action: "update", id: demoId, data: { label: "x" } }, + }); + expect(result.isError).toBe(true); + const text = (result.content as { type: string; text: string }[])[0].text; + expect(text).toMatch(/read-only/i); + }); + + it("rejects delete on demo:* ids", async () => { + const { client, demoId } = await setupDemoClient({ showDemoEndpoints: true }); + const result = await client.callTool({ + name: "shellwatch_manage_endpoints", + arguments: { action: "delete", id: demoId }, + }); + expect(result.isError).toBe(true); + const text = (result.content as { type: string; text: string }[])[0].text; + expect(text).toMatch(/read-only/i); + }); + + it("rejects create with a demo:* id", async () => { + const { client } = await setupDemoClient({ showDemoEndpoints: true }); + const result = await client.callTool({ + name: "shellwatch_manage_endpoints", + arguments: { + action: "create", + id: "demo:fakehash", + data: { label: "x", host: "h", username: "u" }, + }, + }); + expect(result.isError).toBe(true); + const text = (result.content as { type: string; text: string }[])[0].text; + expect(text).toMatch(/read-only/i); + }); + }); + describe("shellwatch_manage_keys", () => { it("lists keys", async () => { const client = await setupClient(mockManager); @@ -152,11 +313,20 @@ describe("MCP Server Tools", () => { const keyRepo = new InMemorySshKeyRepository(testKeys); const agentSession = new AgentSession({ endpointRepo, + demoEndpoints: EMPTY_DEMO, + accountRepo: NO_OP_ACCOUNT, terminalManager: mockManager, source: "mcp", accountId: testAccountId, }); - const mcpServer = await createMcpServer(agentSession, endpointRepo, keyRepo, testAccountId); + const mcpServer = await createMcpServer({ + agentSession, + endpointRepo, + demoEndpoints: EMPTY_DEMO, + accountRepo: NO_OP_ACCOUNT, + keyRepo, + accountId: testAccountId, + }); const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair(); await mcpServer.connect(serverTransport); const client = new Client({ name: "evil\nclient\x00", version: "9.9.9" }); diff --git a/src/mcp/server.ts b/src/mcp/server.ts index f562475..0898471 100644 --- a/src/mcp/server.ts +++ b/src/mcp/server.ts @@ -1,19 +1,26 @@ // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; import type { AgentSession } from "../agent/index.js"; +import type { AccountRepository } from "../db/repositories/account-repo.js"; import type { EndpointRepository } from "../db/repositories/endpoint-repo.js"; import type { SshKeyRepository } from "../db/repositories/key-repo.js"; +import type { DemoEndpointsService } from "../demo-endpoints/index.js"; import { buildInfo } from "../server/buildInfo.js"; import { registerEndpointTools } from "./tools/endpoints.js"; import { registerKeyTools } from "./tools/keys.js"; import { registerSessionTools } from "./tools/sessions.js"; -export async function createMcpServer( - agentSession: AgentSession, - endpointRepo: EndpointRepository, - keyRepo: SshKeyRepository, - accountId: string, -): Promise { +export interface CreateMcpServerParams { + agentSession: AgentSession; + endpointRepo: EndpointRepository; + demoEndpoints: DemoEndpointsService; + accountRepo: AccountRepository; + keyRepo: SshKeyRepository; + accountId: string; +} + +export async function createMcpServer(params: CreateMcpServerParams): Promise { + const { agentSession, endpointRepo, demoEndpoints, accountRepo, keyRepo, accountId } = params; const endpoints = await agentSession.listEndpoints(); const endpointList = endpoints .map((s) => { @@ -82,7 +89,7 @@ export async function createMcpServer( }; registerSessionTools(mcpServer, agentSession); - registerEndpointTools(mcpServer, endpointRepo, accountId); + registerEndpointTools(mcpServer, { endpointRepo, demoEndpoints, accountRepo, accountId }); registerKeyTools(mcpServer, keyRepo); return mcpServer; diff --git a/src/mcp/tools/endpoints.ts b/src/mcp/tools/endpoints.ts index aac20ad..103e5dc 100644 --- a/src/mcp/tools/endpoints.ts +++ b/src/mcp/tools/endpoints.ts @@ -1,16 +1,27 @@ // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; import { z } from "zod"; +import type { AccountRepository } from "../../db/repositories/account-repo.js"; import { ENDPOINT_DESCRIPTION_MAX_LENGTH, type EndpointRepository, } from "../../db/repositories/endpoint-repo.js"; +import type { DemoEndpointsService } from "../../demo-endpoints/index.js"; +import { isDemoEndpointId } from "../../demo-endpoints/index.js"; + +export interface EndpointToolDeps { + endpointRepo: EndpointRepository; + demoEndpoints: DemoEndpointsService; + accountRepo: AccountRepository; + accountId: string; +} + +const DEMO_READ_ONLY_ERROR = + "Demo endpoints are read-only operator-configured entries. Pick one of the account's own endpoints instead."; + +export function registerEndpointTools(mcpServer: McpServer, deps: EndpointToolDeps) { + const { endpointRepo, demoEndpoints, accountRepo, accountId } = deps; -export function registerEndpointTools( - mcpServer: McpServer, - endpointRepo: EndpointRepository, - accountId: string, -) { mcpServer.tool( "shellwatch_manage_endpoints", "Manage SSH endpoints. Actions: list, read, create, update, delete.", @@ -39,8 +50,12 @@ export function registerEndpointTools( try { switch (action) { case "list": { - const all = await endpointRepo.findAllForAccount(accountId); - const result = all.map(({ id, label, host, port, username, description }) => ({ + const own = await endpointRepo.findAllForAccount(accountId); + const account = await accountRepo.findById(accountId); + const merged = account?.showDemoEndpoints + ? [...own, ...demoEndpoints.list(accountId)] + : own; + const result = merged.map(({ id, label, host, port, username, description }) => ({ id, label, host, @@ -54,7 +69,12 @@ export function registerEndpointTools( } case "read": { if (!id) return { isError: true, content: [{ type: "text", text: "id is required" }] }; - const ep = await endpointRepo.findByIdForAccount(id, accountId); + // Demo endpoints live outside the per-account table — resolve them + // via the synthesizer regardless of toggle state so an agent that + // already knows the id can still inspect it. + const ep = isDemoEndpointId(id) + ? demoEndpoints.findById(id, accountId) + : await endpointRepo.findByIdForAccount(id, accountId); if (!ep) return { isError: true, @@ -71,6 +91,9 @@ export function registerEndpointTools( ], }; } + if (isDemoEndpointId(id)) { + return { isError: true, content: [{ type: "text", text: DEMO_READ_ONLY_ERROR }] }; + } await endpointRepo.create({ id, accountId, @@ -88,11 +111,17 @@ export function registerEndpointTools( isError: true, content: [{ type: "text", text: "id and data are required" }], }; + if (isDemoEndpointId(id)) { + return { isError: true, content: [{ type: "text", text: DEMO_READ_ONLY_ERROR }] }; + } await endpointRepo.update(id, accountId, data); return { content: [{ type: "text", text: JSON.stringify({ status: "updated", id }) }] }; } case "delete": { if (!id) return { isError: true, content: [{ type: "text", text: "id is required" }] }; + if (isDemoEndpointId(id)) { + return { isError: true, content: [{ type: "text", text: DEMO_READ_ONLY_ERROR }] }; + } await endpointRepo.delete(id, accountId); return { content: [{ type: "text", text: JSON.stringify({ status: "deleted", id }) }] }; } diff --git a/src/server/app.ts b/src/server/app.ts index 5659c1c..2c09a44 100644 --- a/src/server/app.ts +++ b/src/server/app.ts @@ -19,6 +19,7 @@ import type { import type { ApiKeyAuthRepository } from "../db/repositories/api-key-repo.js"; import type { SessionLifecycleRepository, SigningRequestsRepository } from "../audit/index.js"; import { registerAgentProxyRoute } from "../agent-socket/index.js"; +import { createDemoEndpointsService } from "../demo-endpoints/index.js"; import { registerMcpHttpTransport } from "../mcp/http-transport.js"; import type { PendingActionStore } from "../pending-action/index.js"; import type { WebSocketChannel } from "../pending-action/index.js"; @@ -168,10 +169,15 @@ export async function buildApp(params: BuildAppParams) { } }); + // Virtual demo-endpoints: synthesized from config.demoEndpoints, merged into + // each account's endpoint list when accounts.show_demo_endpoints is true. + // Never copied into the endpoints table — config is the source of truth. + const demoEndpoints = createDemoEndpointsService(config.demoEndpoints); + // --- REST API routes --- - registerAccountRoutes({ app, accountRepo, db, accountLifecycle }); + registerAccountRoutes({ app, accountRepo, demoEndpoints, db, accountLifecycle }); registerSshKeyRoutes({ app, keyRepo, accountRepo, keyAvailability }); - registerEndpointRoutes({ app, endpointRepo, accountRepo, terminalManager }); + registerEndpointRoutes({ app, endpointRepo, accountRepo, demoEndpoints, terminalManager }); const wsHandler = registerWebSocket({ app, terminalManager }); for (const ext of wsExtensions) wsHandler.addExtension(ext); @@ -180,6 +186,7 @@ export async function buildApp(params: BuildAppParams) { app, endpointRepo, accountRepo, + demoEndpoints, terminalManager, }); @@ -214,6 +221,7 @@ export async function buildApp(params: BuildAppParams) { config, terminalManager, endpointRepo, + demoEndpoints, keyRepo, accountRepo, accountLifecycle, diff --git a/src/server/routes/accounts.test.ts b/src/server/routes/accounts.test.ts index 7bd115e..3860cd1 100644 --- a/src/server/routes/accounts.test.ts +++ b/src/server/routes/accounts.test.ts @@ -2,6 +2,8 @@ import Fastify from "fastify"; import { describe, expect, it, vi } from "vitest"; import type { AccountInfo, AccountRepository } from "../../db/index.js"; +import type { DemoEndpoint } from "../../config/schema.js"; +import { createDemoEndpointsService } from "../../demo-endpoints/index.js"; import { AccountLifecycle } from "../account-lifecycle.js"; import { registerAccountRoutes } from "./accounts.js"; @@ -16,6 +18,7 @@ function stubAccount(id: string, isAdmin: boolean): AccountInfo { isAdmin, enabled: true, maxSessions: 5, + showDemoEndpoints: true, lastUsedAt: null, createdAt: now, updatedAt: now, @@ -45,7 +48,10 @@ function fakeRepo(opts: { adminId: string }): AccountRepository { }; } -async function buildApp(callerAccountId: string) { +async function buildApp( + callerAccountId: string, + opts: { demoEndpoints?: readonly DemoEndpoint[] } = {}, +) { const app = Fastify({ logger: false }); const accountRepo = fakeRepo({ adminId: ADMIN_ID }); const accountLifecycle = new AccountLifecycle(); @@ -53,7 +59,13 @@ async function buildApp(callerAccountId: string) { app.addHook("onRequest", async (request) => { request.accountId = callerAccountId; }); - registerAccountRoutes({ app, accountRepo, accountLifecycle, db: null }); + registerAccountRoutes({ + app, + accountRepo, + demoEndpoints: createDemoEndpointsService(opts.demoEndpoints ?? []), + accountLifecycle, + db: null, + }); return { app, accountLifecycle }; } @@ -95,3 +107,35 @@ describe("DELETE /api/accounts/:id lifecycle emit", () => { await app.close(); }); }); + +describe("GET /api/auth/me — demoEndpointsAvailable", () => { + it("returns false when no demoEndpoints are configured", async () => { + const { app } = await buildApp(ADMIN_ID, { demoEndpoints: [] }); + + const res = await app.inject({ method: "GET", url: "/api/auth/me" }); + + expect(res.statusCode).toBe(200); + const body = res.json() as { demoEndpointsAvailable: boolean }; + expect(body.demoEndpointsAvailable).toBe(false); + await app.close(); + }); + + it("returns true when at least one demoEndpoint is configured", async () => { + const { app } = await buildApp(ADMIN_ID, { + demoEndpoints: [ + { + label: "Demo: 2048", + address: { host: "ssh.example.com", port: 22, username: "sw-2048" }, + agentForward: false, + }, + ], + }); + + const res = await app.inject({ method: "GET", url: "/api/auth/me" }); + + expect(res.statusCode).toBe(200); + const body = res.json() as { demoEndpointsAvailable: boolean }; + expect(body.demoEndpointsAvailable).toBe(true); + await app.close(); + }); +}); diff --git a/src/server/routes/accounts.ts b/src/server/routes/accounts.ts index f137582..44c8c1f 100644 --- a/src/server/routes/accounts.ts +++ b/src/server/routes/accounts.ts @@ -10,18 +10,20 @@ import { endpoints as endpointsTable, webauthnCredentials, } from "../../db/schema.js"; +import type { DemoEndpointsService } from "../../demo-endpoints/index.js"; import { formatEndpointAddress } from "../../utils/endpoint-address.js"; import type { AccountLifecycle } from "../account-lifecycle.js"; export interface AccountRoutesParams { app: FastifyInstance; accountRepo: AccountRepository; + demoEndpoints: DemoEndpointsService; db?: ShellWatchDB | null; accountLifecycle: AccountLifecycle; } export function registerAccountRoutes(params: AccountRoutesParams) { - const { app, accountRepo, db = null, accountLifecycle } = params; + const { app, accountRepo, demoEndpoints, db = null, accountLifecycle } = params; // --- Auth: current account --- app.get("/api/auth/me", async (request, reply) => { @@ -34,26 +36,48 @@ export function registerAccountRoutes(params: AccountRoutesParams) { id: account.id, name: account.name, isAdmin: account.isAdmin, + // showDemoEndpoints is a per-account *visibility* preference, not an + // authorization gate. The `demo:*` virtual ids stay resolvable on the + // connect path regardless of this flag — operator-curated demo entries + // aren't sensitive, the demo container's ForceCommand pinning is the + // load-bearing control. Toggling this off only hides demos from + // /api/endpoints listings (UI + MCP). + showDemoEndpoints: account.showDemoEndpoints, + // Whether the *operator* configured any demoEndpoints at all. The UI + // hides the entire Demo Endpoints section + toggle when this is false, + // so vanilla deployments don't show an inert control. + demoEndpointsAvailable: !demoEndpoints.isEmpty(), }; }); - app.put<{ Body: { name?: string } }>("/api/auth/me", async (request, reply) => { - const accountId = request.accountId; - const { name } = request.body; - const updates: Partial<{ name: string }> = {}; - if (name !== undefined) { - const trimmed = name.trim(); - if (!trimmed) { - reply.status(400); - return { error: "Name cannot be empty" }; + app.put<{ Body: { name?: string; showDemoEndpoints?: boolean } }>( + "/api/auth/me", + async (request, reply) => { + const accountId = request.accountId; + const { name, showDemoEndpoints } = request.body; + const updates: Partial<{ name: string; showDemoEndpoints: boolean }> = {}; + if (name !== undefined) { + const trimmed = name.trim(); + if (!trimmed) { + reply.status(400); + return { error: "Name cannot be empty" }; + } + updates.name = trimmed; } - updates.name = trimmed; - } - if (Object.keys(updates).length > 0) { - await accountRepo.update(accountId, updates); - } - return { status: "updated" }; - }); + if (showDemoEndpoints !== undefined) { + if (typeof showDemoEndpoints !== "boolean") { + reply.status(400); + return { error: "showDemoEndpoints must be a boolean" }; + } + // Visibility flag only; see the GET handler for the auth-gate caveat. + updates.showDemoEndpoints = showDemoEndpoints; + } + if (Object.keys(updates).length > 0) { + await accountRepo.update(accountId, updates); + } + return { status: "updated" }; + }, + ); // --- Account Management (admin only) --- @@ -178,6 +202,12 @@ export function registerAccountRoutes(params: AccountRoutesParams) { }; }); + // formatEndpointAddress always emits a `user@` prefix, even when the user + // is the default `shellwatch` — surfaces the wire-level identity to the + // operator. Round-trips identically through parseEndpointAddress, so an + // exported config re-imports cleanly. Side effect worth noting: re-exports + // of configs that previously omitted the default user will diff against + // their old form (now explicit `shellwatch@…`). const seedEndpoints = eps.map((ep) => ({ label: ep.label, address: formatEndpointAddress({ diff --git a/src/server/routes/endpoints.ts b/src/server/routes/endpoints.ts index 4040883..f820f9b 100644 --- a/src/server/routes/endpoints.ts +++ b/src/server/routes/endpoints.ts @@ -8,6 +8,8 @@ import { USER_VERIFICATION_VALUES, type UserVerification, } from "../../db/repositories/endpoint-repo.js"; +import type { DemoEndpointsService } from "../../demo-endpoints/index.js"; +import { isDemoEndpointId } from "../../demo-endpoints/index.js"; import type { TerminalManager } from "../../terminal/index.js"; function normalizeDescription(value: unknown): { ok: true; value: string | null } | { ok: false } { @@ -22,17 +24,25 @@ export interface EndpointRoutesParams { app: FastifyInstance; endpointRepo: EndpointRepository; accountRepo: AccountRepository; + demoEndpoints: DemoEndpointsService; terminalManager: TerminalManager; } export function registerEndpointRoutes(params: EndpointRoutesParams) { - const { app, endpointRepo, terminalManager } = params; + const { app, endpointRepo, accountRepo, demoEndpoints, terminalManager } = params; app.get("/api/endpoints", async (request) => { - const all = await endpointRepo.findAllForAccount(request.accountId); + const own = await endpointRepo.findAllForAccount(request.accountId); + const account = await accountRepo.findById(request.accountId); + const merged = [ + ...own.map((e) => ({ ...e, isDemo: false as const })), + ...(account?.showDemoEndpoints + ? demoEndpoints.list(request.accountId).map((e) => ({ ...e, isDemo: true as const })) + : []), + ]; return { - endpoints: all.map( - ({ id, label, host, port, username, userVerification, agentForward, description }) => ({ + endpoints: merged.map( + ({ id, label, host, @@ -41,6 +51,17 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { userVerification, agentForward, description, + isDemo, + }) => ({ + id, + label, + host, + port, + username, + userVerification, + agentForward, + description, + isDemo, }), ), }; @@ -112,6 +133,10 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { }; }>("/api/endpoints/:id", async (request, reply) => { try { + if (isDemoEndpointId(request.params.id)) { + reply.status(400); + return { error: "Demo endpoints are read-only — toggle visibility instead" }; + } const body = request.body; if (body.userVerification !== undefined && !isUserVerification(body.userVerification)) { reply.status(400); @@ -149,6 +174,10 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) { app.delete<{ Params: { id: string } }>("/api/endpoints/:id", async (request, reply) => { try { + if (isDemoEndpointId(request.params.id)) { + reply.status(400); + return { error: "Demo endpoints are read-only — toggle visibility instead" }; + } const activeSessions = terminalManager .listSessions() .filter((s) => s.endpointId === request.params.id); diff --git a/src/server/routes/sessions.ts b/src/server/routes/sessions.ts index f4f906b..1572684 100644 --- a/src/server/routes/sessions.ts +++ b/src/server/routes/sessions.ts @@ -1,17 +1,20 @@ // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 import type { FastifyInstance } from "fastify"; import type { AccountRepository, EndpointRepository } from "../../db/index.js"; +import type { DemoEndpointsService } from "../../demo-endpoints/index.js"; +import { isDemoEndpointId } from "../../demo-endpoints/index.js"; import type { TerminalManager } from "../../terminal/index.js"; export interface SessionRoutesParams { app: FastifyInstance; endpointRepo: EndpointRepository; accountRepo: AccountRepository; + demoEndpoints: DemoEndpointsService; terminalManager: TerminalManager; } export function registerSessionRoutes(params: SessionRoutesParams) { - const { app, endpointRepo, accountRepo, terminalManager } = params; + const { app, endpointRepo, accountRepo, demoEndpoints, terminalManager } = params; app.post<{ Body: { endpointId: string } }>("/api/sessions", async (request, reply) => { try { @@ -30,7 +33,16 @@ export function registerSessionRoutes(params: SessionRoutesParams) { } const { endpointId } = request.body; - const endpoint = await endpointRepo.findByIdForAccount(endpointId, request.accountId); + // Demo endpoints are virtual (config-only). Connect deliberately + // bypasses the per-account `showDemoEndpoints` toggle — the toggle is a + // *visibility* preference, not an authorization gate. Demo entries are + // global, operator-curated, and not sensitive; the demo container's + // ForceCommand pinning is the real control. Hiding them from the list + // shouldn't break a session a caller has already chosen to open (e.g. + // when re-using a bookmarked URL with the demo id). + const endpoint = isDemoEndpointId(endpointId) + ? demoEndpoints.findById(endpointId, request.accountId) + : await endpointRepo.findByIdForAccount(endpointId, request.accountId); if (!endpoint) { reply.status(404); return { error: "Endpoint not found" }; diff --git a/src/test/helpers/test-config.ts b/src/test/helpers/test-config.ts index 1888100..35332f0 100644 --- a/src/test/helpers/test-config.ts +++ b/src/test/helpers/test-config.ts @@ -5,6 +5,7 @@ const defaults: Config = { keyDirectory: "/tmp", seedAdminEndpoints: [], seedAdminPasskeys: [], + demoEndpoints: [], server: { ...serverDefaults, externalUrl: "http://localhost:3000" }, security: { ...securityFieldDefaults, diff --git a/src/test/integration/demo-endpoints-flow.test.ts b/src/test/integration/demo-endpoints-flow.test.ts new file mode 100644 index 0000000..12b8e66 --- /dev/null +++ b/src/test/integration/demo-endpoints-flow.test.ts @@ -0,0 +1,250 @@ +// SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 +/** + * Integration tests for the virtual demo-endpoint plumbing. + * + * Covers the REST surface end-to-end: + * - GET /api/endpoints merges / excludes demo entries based on the account's + * showDemoEndpoints toggle. + * - PUT and DELETE /api/endpoints/:id reject `demo:*` virtual ids with 400. + * - POST /api/sessions resolves `demo:*` ids regardless of the toggle state + * (visibility hides them, but the connect path stays usable). + * + * Per-test Fastify rig — mirrors passkey-invite-flow.test.ts's approach so the + * tests don't drag in the full buildApp() stack for an isolated surface. + */ +import Fastify, { type FastifyInstance } from "fastify"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import type { AccountInfo, AccountRepository } from "../../db/repositories/account-repo.js"; +import { InMemoryEndpointRepository } from "../../db/repositories/endpoint-repo.js"; +import { + createDemoEndpointsService, + type DemoEndpointsService, +} from "../../demo-endpoints/index.js"; +import { registerEndpointRoutes } from "../../server/routes/endpoints.js"; +import { registerSessionRoutes } from "../../server/routes/sessions.js"; +import type { TerminalManager } from "../../terminal/index.js"; + +const ACCOUNT_ID = "acct-test"; + +function buildAccountRepo(initial: Partial = {}): AccountRepository { + const now = new Date().toISOString(); + const state: AccountInfo = { + id: ACCOUNT_ID, + name: "Test", + isAdmin: false, + enabled: true, + maxSessions: 5, + showDemoEndpoints: true, + lastUsedAt: null, + createdAt: now, + updatedAt: now, + ...initial, + }; + return { + async findById(id: string) { + return id === ACCOUNT_ID ? state : null; + }, + async findAll() { + return [state]; + }, + async update(_id, data) { + Object.assign(state, data); + }, + touchLastUsed() {}, + flushLastUsed() {}, + getAdminAccountId() { + return null; + }, + setAdmin() {}, + isAdmin() { + return false; + }, + destroy() {}, + }; +} + +function buildTerminalManager(): TerminalManager { + // Only the surfaces the routes under test actually touch — listSessions for + // the delete-while-active check on real endpoints, and create() for the + // session-open path. Everything else throws if reached so a test that + // accidentally exercises an unmocked surface fails loudly rather than + // hanging on a stub call. + const created: { sessionId: string; endpointId: string; accountId: string }[] = []; + const manager = { + listSessions: vi.fn().mockReturnValue([]), + create: vi.fn().mockImplementation(async (endpoint, accountId) => { + const sessionId = `sess-${created.length + 1}`; + created.push({ sessionId, endpointId: endpoint.id, accountId }); + return { + sessionId, + endpointId: endpoint.id, + accountId, + status: "open", + createdAt: new Date(), + lastActivityAt: new Date(), + source: "ui", + }; + }), + } as unknown as TerminalManager; + return manager; +} + +interface Rig { + app: FastifyInstance; + endpointRepo: InMemoryEndpointRepository; + demoEndpoints: DemoEndpointsService; + accountRepo: AccountRepository; + terminalManager: TerminalManager; + demoEndpointId: string; +} + +const DEMO_LABEL = "Demo: 2048"; +const DEMO_HOST = "ssh.example.com"; +const DEMO_PORT = 22; +const DEMO_USER = "sw-2048"; + +async function buildRig(opts: { showDemoEndpoints?: boolean } = {}): Promise { + const accountRepo = buildAccountRepo({ + showDemoEndpoints: opts.showDemoEndpoints ?? true, + }); + const demoEndpoints = createDemoEndpointsService([ + { + label: DEMO_LABEL, + address: { host: DEMO_HOST, port: DEMO_PORT, username: DEMO_USER }, + agentForward: false, + }, + ]); + const endpointRepo = new InMemoryEndpointRepository([ + { + id: "real-ep", + accountId: ACCOUNT_ID, + label: "Real Server", + host: "real.example.com", + port: 22, + username: "ubuntu", + }, + ]); + const terminalManager = buildTerminalManager(); + + const app = Fastify({ logger: false }); + app.decorateRequest("accountId", ""); + app.addHook("onRequest", async (request) => { + request.accountId = ACCOUNT_ID; + }); + registerEndpointRoutes({ app, endpointRepo, accountRepo, demoEndpoints, terminalManager }); + registerSessionRoutes({ app, endpointRepo, accountRepo, demoEndpoints, terminalManager }); + await app.ready(); + + // Compute the demo id the same way the service does so we don't reach into + // its internals to fetch it. + const list = demoEndpoints.list(ACCOUNT_ID); + const demoEndpointId = list[0].id; + + return { app, endpointRepo, demoEndpoints, accountRepo, terminalManager, demoEndpointId }; +} + +describe("GET /api/endpoints — demo merge", () => { + let rig: Rig; + afterEach(async () => { + await rig.app.close(); + }); + + it("includes demo entries when showDemoEndpoints is on", async () => { + rig = await buildRig({ showDemoEndpoints: true }); + const res = await rig.app.inject({ method: "GET", url: "/api/endpoints" }); + expect(res.statusCode).toBe(200); + const body = res.json() as { endpoints: { id: string; isDemo: boolean }[] }; + const ids = body.endpoints.map((e) => e.id); + expect(ids).toContain("real-ep"); + expect(ids).toContain(rig.demoEndpointId); + const demoRow = body.endpoints.find((e) => e.id === rig.demoEndpointId)!; + expect(demoRow.isDemo).toBe(true); + }); + + it("omits demo entries when showDemoEndpoints is off", async () => { + rig = await buildRig({ showDemoEndpoints: false }); + const res = await rig.app.inject({ method: "GET", url: "/api/endpoints" }); + expect(res.statusCode).toBe(200); + const body = res.json() as { endpoints: { id: string }[] }; + const ids = body.endpoints.map((e) => e.id); + expect(ids).toContain("real-ep"); + expect(ids.some((id) => id.startsWith("demo:"))).toBe(false); + }); +}); + +describe("mutation rejection on demo: ids", () => { + let rig: Rig; + beforeEach(async () => { + rig = await buildRig(); + }); + afterEach(async () => { + await rig.app.close(); + }); + + it("PUT /api/endpoints/:id refuses a demo: id", async () => { + const res = await rig.app.inject({ + method: "PUT", + url: `/api/endpoints/${encodeURIComponent(rig.demoEndpointId)}`, + payload: { label: "Should not stick" }, + }); + expect(res.statusCode).toBe(400); + const body = res.json() as { error: string }; + expect(body.error).toMatch(/read-only/i); + }); + + it("DELETE /api/endpoints/:id refuses a demo: id", async () => { + const res = await rig.app.inject({ + method: "DELETE", + url: `/api/endpoints/${encodeURIComponent(rig.demoEndpointId)}`, + }); + expect(res.statusCode).toBe(400); + const body = res.json() as { error: string }; + expect(body.error).toMatch(/read-only/i); + }); +}); + +describe("POST /api/sessions — demo endpoint opens regardless of toggle", () => { + let rig: Rig; + afterEach(async () => { + await rig.app.close(); + }); + + it("opens a session against a demo: id when the toggle is on", async () => { + rig = await buildRig({ showDemoEndpoints: true }); + const res = await rig.app.inject({ + method: "POST", + url: "/api/sessions", + payload: { endpointId: rig.demoEndpointId }, + }); + expect(res.statusCode).toBe(200); + const create = rig.terminalManager.create as unknown as ReturnType; + expect(create).toHaveBeenCalledTimes(1); + const passed = create.mock.calls[0][0]; + expect(passed.host).toBe(DEMO_HOST); + expect(passed.username).toBe(DEMO_USER); + }); + + it("opens a session against a demo: id even when the toggle is off (visibility-only)", async () => { + rig = await buildRig({ showDemoEndpoints: false }); + const res = await rig.app.inject({ + method: "POST", + url: "/api/sessions", + payload: { endpointId: rig.demoEndpointId }, + }); + expect(res.statusCode).toBe(200); + const create = rig.terminalManager.create as unknown as ReturnType; + expect(create).toHaveBeenCalledTimes(1); + const passed = create.mock.calls[0][0]; + expect(passed.host).toBe(DEMO_HOST); + }); + + it("404s for an unknown demo id", async () => { + rig = await buildRig({ showDemoEndpoints: true }); + const res = await rig.app.inject({ + method: "POST", + url: "/api/sessions", + payload: { endpointId: "demo:doesnotexist" }, + }); + expect(res.statusCode).toBe(404); + }); +}); diff --git a/src/utils/endpoint-address.test.ts b/src/utils/endpoint-address.test.ts index 58df346..97a5495 100644 --- a/src/utils/endpoint-address.test.ts +++ b/src/utils/endpoint-address.test.ts @@ -77,25 +77,25 @@ describe("parseEndpointAddress", () => { }); describe("formatEndpointAddress", () => { - it("omits defaults", () => { + it("always renders the username, even when it's the default", () => { expect(formatEndpointAddress({ username: "shellwatch", host: "example.com", port: 22 })).toBe( - "example.com", + "shellwatch@example.com", ); }); - it("includes non-default username", () => { + it("renders a non-default username", () => { expect(formatEndpointAddress({ username: "deploy", host: "example.com", port: 22 })).toBe( "deploy@example.com", ); }); - it("includes non-default port", () => { + it("omits the default port (22)", () => { expect(formatEndpointAddress({ username: "shellwatch", host: "example.com", port: 2222 })).toBe( - "example.com:2222", + "shellwatch@example.com:2222", ); }); - it("includes both non-defaults", () => { + it("renders user + non-default port", () => { expect( formatEndpointAddress({ username: "deploy", host: "dev.example.com", port: 62222 }), ).toBe("deploy@dev.example.com:62222"); diff --git a/src/utils/endpoint-address.ts b/src/utils/endpoint-address.ts index 4c3f8ef..3cc3002 100644 --- a/src/utils/endpoint-address.ts +++ b/src/utils/endpoint-address.ts @@ -82,12 +82,13 @@ function parsePort(portStr: string, original: string): number { } /** - * Format an endpoint address, omitting defaults. - * - username omitted if "shellwatch" - * - port omitted if 22 + * Format an endpoint address. The username is always rendered so the display + * is unambiguous when the endpoint was created without a `user@` prefix and + * picked up the `shellwatch` default — surfacing the default explicitly + * matches what sshd actually sees on the wire. The port is still omitted + * when it's the SSH default (22). */ export function formatEndpointAddress(ep: EndpointAddress): string { - const userPart = ep.username !== DEFAULT_USERNAME ? `${ep.username}@` : ""; const portPart = ep.port !== DEFAULT_PORT ? `:${ep.port}` : ""; - return `${userPart}${ep.host}${portPart}`; + return `${ep.username}@${ep.host}${portPart}`; }