feat: replace credential proxy with OneCLI gateway for secret injection
This commit is contained in:
Guy Ben Aharon
committed by
Guy Ben-Aharon
Guy Ben-Aharon
parent
deee4b2a96
commit
e9369617fb
32
src/index.ts
32
src/index.ts
@@ -1,15 +1,16 @@
|
||||
import fs from 'fs';
|
||||
import path from 'path';
|
||||
|
||||
import { OneCLI } from '@onecli-sh/sdk';
|
||||
|
||||
import {
|
||||
ASSISTANT_NAME,
|
||||
CREDENTIAL_PROXY_PORT,
|
||||
IDLE_TIMEOUT,
|
||||
ONECLI_URL,
|
||||
POLL_INTERVAL,
|
||||
TIMEZONE,
|
||||
TRIGGER_PATTERN,
|
||||
} from './config.js';
|
||||
import { startCredentialProxy } from './credential-proxy.js';
|
||||
import './channels/index.js';
|
||||
import {
|
||||
getChannelFactory,
|
||||
@@ -24,7 +25,6 @@ import {
|
||||
import {
|
||||
cleanupOrphans,
|
||||
ensureContainerRuntimeRunning,
|
||||
PROXY_BIND_HOST,
|
||||
} from './container-runtime.js';
|
||||
import {
|
||||
getAllChats,
|
||||
@@ -72,6 +72,8 @@ let messageLoopRunning = false;
|
||||
const channels: Channel[] = [];
|
||||
const queue = new GroupQueue();
|
||||
|
||||
const onecli = new OneCLI({ url: ONECLI_URL });
|
||||
|
||||
function loadState(): void {
|
||||
lastTimestamp = getRouterState('last_timestamp') || '';
|
||||
const agentTs = getRouterState('last_agent_timestamp');
|
||||
@@ -112,6 +114,23 @@ function registerGroup(jid: string, group: RegisteredGroup): void {
|
||||
// Create group folder
|
||||
fs.mkdirSync(path.join(groupDir, 'logs'), { recursive: true });
|
||||
|
||||
// Create a corresponding OneCLI agent (best-effort, non-blocking)
|
||||
const identifier = group.folder.toLowerCase().replace(/_/g, '-');
|
||||
onecli.createAgent({ name: group.name, identifier }).then(
|
||||
(agent) => {
|
||||
logger.info(
|
||||
{ jid, agentId: agent.id, identifier },
|
||||
'OneCLI agent created',
|
||||
);
|
||||
},
|
||||
(err) => {
|
||||
logger.debug(
|
||||
{ jid, identifier, err: String(err) },
|
||||
'OneCLI agent creation skipped',
|
||||
);
|
||||
},
|
||||
);
|
||||
|
||||
logger.info(
|
||||
{ jid, name: group.name, folder: group.folder },
|
||||
'Group registered',
|
||||
@@ -476,16 +495,9 @@ async function main(): Promise<void> {
|
||||
loadState();
|
||||
restoreRemoteControl();
|
||||
|
||||
// Start credential proxy (containers route API calls through this)
|
||||
const proxyServer = await startCredentialProxy(
|
||||
CREDENTIAL_PROXY_PORT,
|
||||
PROXY_BIND_HOST,
|
||||
);
|
||||
|
||||
// Graceful shutdown handlers
|
||||
const shutdown = async (signal: string) => {
|
||||
logger.info({ signal }, 'Shutdown signal received');
|
||||
proxyServer.close();
|
||||
await queue.shutdown(10000);
|
||||
for (const ch of channels) await ch.disconnect();
|
||||
process.exit(0);
|
||||
|
||||
Reference in New Issue
Block a user