feat(actions): config-driven action whitelist registry

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-04 21:40:20 +10:00
parent 135244cb13
commit 2c3d78c99b
4 changed files with 60 additions and 0 deletions
--- a/config/actions.json
+++ b/config/actions.json
@@ -0,0 +1 @@
+{ "hosts": {}, "actions": [] }
--- a/lib/actions/registry.js
+++ b/lib/actions/registry.js
@@ -0,0 +1,29 @@
+import { readFileSync } from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const DEFAULT = path.join(path.dirname(fileURLToPath(import.meta.url)), '../../config/actions.json');
+const ID_RE = /^[a-z0-9-]+$/;
+const KINDS = new Set(['service_restart', 'guest_power']);
+const OPS = new Set(['start', 'stop', 'shutdown', 'reboot']);
+const TIERS = new Set(['safe', 'risky']);
+
+// Loads + validates the action whitelist. `raw` overrides file read (tests).
+export function loadActions(file = DEFAULT, raw) {
+  const cfg = raw || JSON.parse(readFileSync(file, 'utf8'));
+  const hosts = cfg.hosts || {};
+  const byId = new Map();
+  for (const a of (cfg.actions || [])) {
+    if (!ID_RE.test(a.id || '')) throw new Error(`invalid action id: ${a.id}`);
+    if (!KINDS.has(a.kind)) throw new Error(`unknown kind: ${a.kind}`);
+    if (!TIERS.has(a.tier)) throw new Error(`invalid tier: ${a.tier}`);
+    if (a.kind === 'guest_power' && !OPS.has(a.op)) throw new Error(`invalid op: ${a.op}`);
+    if (byId.has(a.id)) throw new Error(`duplicate action id: ${a.id}`);
+    byId.set(a.id, a);
+  }
+  return {
+    list: () => [...byId.values()],
+    get: (id) => byId.get(id),
+    hostIp: (h) => hosts[h]
+  };
+}
--- a/tests/actions/registry.test.js
+++ b/tests/actions/registry.test.js
@@ -0,0 +1,23 @@
+import { describe, it, expect } from 'vitest';
+import { fileURLToPath } from 'url';
+import { loadActions } from '../../lib/actions/registry.js';
+
+const FIX = fileURLToPath(new URL('../fixtures/actions.test.json', import.meta.url));
+
+describe('action registry', () => {
+  it('loads + indexes valid actions and resolves host ip', () => {
+    const reg = loadActions(FIX);
+    expect(reg.list().map(a => a.id).sort()).toEqual(['restart-caddy-ct100', 'stop-ct107']);
+    expect(reg.get('restart-caddy-ct100').tier).toBe('safe');
+    expect(reg.hostIp('ct100')).toBe('192.168.1.230');
+    expect(reg.get('nope')).toBeUndefined();
+  });
+  it('rejects an action with a bad id or unknown kind/tier', () => {
+    expect(() => loadActions(null, { hosts: {}, actions: [{ id: 'bad id', kind: 'service_restart', tier: 'safe' }] }))
+      .toThrow(/invalid action id/i);
+    expect(() => loadActions(null, { hosts: {}, actions: [{ id: 'x', kind: 'nuke', tier: 'safe' }] }))
+      .toThrow(/unknown kind/i);
+    expect(() => loadActions(null, { hosts: {}, actions: [{ id: 'x', kind: 'guest_power', op: 'stop', tier: 'evil' }] }))
+      .toThrow(/invalid tier/i);
+  });
+});
--- a/tests/fixtures/actions.test.json
+++ b/tests/fixtures/actions.test.json
@@ -0,0 +1,7 @@
+{
+  "hosts": { "ct100": "192.168.1.230", "z": "192.168.1.124" },
+  "actions": [
+    { "id": "restart-caddy-ct100", "label": "Restart Caddy", "kind": "service_restart", "host": "ct100", "service": "caddy", "tier": "safe" },
+    { "id": "stop-ct107", "label": "Stop CT107", "kind": "guest_power", "node": "z", "vmid": 107, "op": "stop", "tier": "risky" }
+  ]
+}