From 2c3d78c99b84435ac061e45235553a876fef9cc5 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 4 Jun 2026 21:40:20 +1000 Subject: [PATCH] feat(actions): config-driven action whitelist registry Co-Authored-By: Claude Opus 4.8 --- config/actions.json | 1 + lib/actions/registry.js | 29 +++++++++++++++++++++++++++++ tests/actions/registry.test.js | 23 +++++++++++++++++++++++ tests/fixtures/actions.test.json | 7 +++++++ 4 files changed, 60 insertions(+) create mode 100644 config/actions.json create mode 100644 lib/actions/registry.js create mode 100644 tests/actions/registry.test.js create mode 100644 tests/fixtures/actions.test.json diff --git a/config/actions.json b/config/actions.json new file mode 100644 index 0000000..eb53f76 --- /dev/null +++ b/config/actions.json @@ -0,0 +1 @@ +{ "hosts": {}, "actions": [] } diff --git a/lib/actions/registry.js b/lib/actions/registry.js new file mode 100644 index 0000000..f5cddfd --- /dev/null +++ b/lib/actions/registry.js @@ -0,0 +1,29 @@ +import { readFileSync } from 'node:fs'; +import path from 'node:path'; +import { fileURLToPath } from 'node:url'; + +const DEFAULT = path.join(path.dirname(fileURLToPath(import.meta.url)), '../../config/actions.json'); +const ID_RE = /^[a-z0-9-]+$/; +const KINDS = new Set(['service_restart', 'guest_power']); +const OPS = new Set(['start', 'stop', 'shutdown', 'reboot']); +const TIERS = new Set(['safe', 'risky']); + +// Loads + validates the action whitelist. `raw` overrides file read (tests). +export function loadActions(file = DEFAULT, raw) { + const cfg = raw || JSON.parse(readFileSync(file, 'utf8')); + const hosts = cfg.hosts || {}; + const byId = new Map(); + for (const a of (cfg.actions || [])) { + if (!ID_RE.test(a.id || '')) throw new Error(`invalid action id: ${a.id}`); + if (!KINDS.has(a.kind)) throw new Error(`unknown kind: ${a.kind}`); + if (!TIERS.has(a.tier)) throw new Error(`invalid tier: ${a.tier}`); + if (a.kind === 'guest_power' && !OPS.has(a.op)) throw new Error(`invalid op: ${a.op}`); + if (byId.has(a.id)) throw new Error(`duplicate action id: ${a.id}`); + byId.set(a.id, a); + } + return { + list: () => [...byId.values()], + get: (id) => byId.get(id), + hostIp: (h) => hosts[h] + }; +} diff --git a/tests/actions/registry.test.js b/tests/actions/registry.test.js new file mode 100644 index 0000000..7db94a1 --- /dev/null +++ b/tests/actions/registry.test.js @@ -0,0 +1,23 @@ +import { describe, it, expect } from 'vitest'; +import { fileURLToPath } from 'url'; +import { loadActions } from '../../lib/actions/registry.js'; + +const FIX = fileURLToPath(new URL('../fixtures/actions.test.json', import.meta.url)); + +describe('action registry', () => { + it('loads + indexes valid actions and resolves host ip', () => { + const reg = loadActions(FIX); + expect(reg.list().map(a => a.id).sort()).toEqual(['restart-caddy-ct100', 'stop-ct107']); + expect(reg.get('restart-caddy-ct100').tier).toBe('safe'); + expect(reg.hostIp('ct100')).toBe('192.168.1.230'); + expect(reg.get('nope')).toBeUndefined(); + }); + it('rejects an action with a bad id or unknown kind/tier', () => { + expect(() => loadActions(null, { hosts: {}, actions: [{ id: 'bad id', kind: 'service_restart', tier: 'safe' }] })) + .toThrow(/invalid action id/i); + expect(() => loadActions(null, { hosts: {}, actions: [{ id: 'x', kind: 'nuke', tier: 'safe' }] })) + .toThrow(/unknown kind/i); + expect(() => loadActions(null, { hosts: {}, actions: [{ id: 'x', kind: 'guest_power', op: 'stop', tier: 'evil' }] })) + .toThrow(/invalid tier/i); + }); +}); diff --git a/tests/fixtures/actions.test.json b/tests/fixtures/actions.test.json new file mode 100644 index 0000000..b1256ef --- /dev/null +++ b/tests/fixtures/actions.test.json @@ -0,0 +1,7 @@ +{ + "hosts": { "ct100": "192.168.1.230", "z": "192.168.1.124" }, + "actions": [ + { "id": "restart-caddy-ct100", "label": "Restart Caddy", "kind": "service_restart", "host": "ct100", "service": "caddy", "tier": "safe" }, + { "id": "stop-ct107", "label": "Stop CT107", "kind": "guest_power", "node": "z", "vmid": 107, "op": "stop", "tier": "risky" } + ] +}