fix: enforce ws3 roles + node allowlist

2026-01-20 09:23:56 +00:00
parent 32a668e4d9
commit 9dbc1435a6
27 changed files with 3096 additions and 40 deletions
--- a/src/gateway/protocol/index.ts
+++ b/src/gateway/protocol/index.ts
@@ -138,6 +138,10 @@ import {
  SessionsResolveParamsSchema,
  type ShutdownEvent,
  ShutdownEventSchema,
+  type SkillsBinsParams,
+  SkillsBinsParamsSchema,
+  type SkillsBinsResult,
+  SkillsBinsResultSchema,
  type SkillsInstallParams,
  SkillsInstallParamsSchema,
  type SkillsStatusParams,
@@ -247,6 +251,7 @@ export const validateChannelsLogoutParams = ajv.compile<ChannelsLogoutParams>(
 );
 export const validateModelsListParams = ajv.compile<ModelsListParams>(ModelsListParamsSchema);
 export const validateSkillsStatusParams = ajv.compile<SkillsStatusParams>(SkillsStatusParamsSchema);
+export const validateSkillsBinsParams = ajv.compile<SkillsBinsParams>(SkillsBinsParamsSchema);
 export const validateSkillsInstallParams =
  ajv.compile<SkillsInstallParams>(SkillsInstallParamsSchema);
 export const validateSkillsUpdateParams = ajv.compile<SkillsUpdateParams>(SkillsUpdateParamsSchema);
@@ -424,6 +429,8 @@ export type {
  AgentsListParams,
  AgentsListResult,
  SkillsStatusParams,
+  SkillsBinsParams,
+  SkillsBinsResult,
  SkillsInstallParams,
  SkillsUpdateParams,
  NodePairRejectParams,
--- a/src/gateway/protocol/schema/agents-models-skills.ts
+++ b/src/gateway/protocol/schema/agents-models-skills.ts
@@ -44,6 +44,15 @@ export const ModelsListResultSchema = Type.Object(

 export const SkillsStatusParamsSchema = Type.Object({}, { additionalProperties: false });

+export const SkillsBinsParamsSchema = Type.Object({}, { additionalProperties: false });
+
+export const SkillsBinsResultSchema = Type.Object(
+  {
+    bins: Type.Array(NonEmptyString),
+  },
+  { additionalProperties: false },
+);
+
 export const SkillsInstallParamsSchema = Type.Object(
  {
    name: NonEmptyString,
--- a/src/gateway/protocol/schema/frames.ts
+++ b/src/gateway/protocol/schema/frames.ts
@@ -39,16 +39,14 @@ export const ConnectParamsSchema = Type.Object(
    permissions: Type.Optional(Type.Record(NonEmptyString, Type.Boolean())),
    role: Type.Optional(NonEmptyString),
    scopes: Type.Optional(Type.Array(NonEmptyString)),
-    device: Type.Optional(
-      Type.Object(
-        {
-          id: NonEmptyString,
-          publicKey: NonEmptyString,
-          signature: NonEmptyString,
-          signedAt: Type.Integer({ minimum: 0 }),
-        },
-        { additionalProperties: false },
-      ),
+    device: Type.Object(
+      {
+        id: NonEmptyString,
+        publicKey: NonEmptyString,
+        signature: NonEmptyString,
+        signedAt: Type.Integer({ minimum: 0 }),
+      },
+      { additionalProperties: false },
    ),
    auth: Type.Optional(
      Type.Object(
--- a/src/gateway/protocol/schema/protocol-schemas.ts
+++ b/src/gateway/protocol/schema/protocol-schemas.ts
@@ -15,6 +15,8 @@ import {
  ModelChoiceSchema,
  ModelsListParamsSchema,
  ModelsListResultSchema,
+  SkillsBinsParamsSchema,
+  SkillsBinsResultSchema,
  SkillsInstallParamsSchema,
  SkillsStatusParamsSchema,
  SkillsUpdateParamsSchema,
@@ -179,6 +181,8 @@ export const ProtocolSchemas: Record<string, TSchema> = {
  ModelsListParams: ModelsListParamsSchema,
  ModelsListResult: ModelsListResultSchema,
  SkillsStatusParams: SkillsStatusParamsSchema,
+  SkillsBinsParams: SkillsBinsParamsSchema,
+  SkillsBinsResult: SkillsBinsResultSchema,
  SkillsInstallParams: SkillsInstallParamsSchema,
  SkillsUpdateParams: SkillsUpdateParamsSchema,
  CronJob: CronJobSchema,
--- a/src/gateway/protocol/schema/types.ts
+++ b/src/gateway/protocol/schema/types.ts
@@ -13,6 +13,8 @@ import type {
  ModelChoiceSchema,
  ModelsListParamsSchema,
  ModelsListResultSchema,
+  SkillsBinsParamsSchema,
+  SkillsBinsResultSchema,
  SkillsInstallParamsSchema,
  SkillsStatusParamsSchema,
  SkillsUpdateParamsSchema,
@@ -168,6 +170,8 @@ export type ModelChoice = Static<typeof ModelChoiceSchema>;
 export type ModelsListParams = Static<typeof ModelsListParamsSchema>;
 export type ModelsListResult = Static<typeof ModelsListResultSchema>;
 export type SkillsStatusParams = Static<typeof SkillsStatusParamsSchema>;
+export type SkillsBinsParams = Static<typeof SkillsBinsParamsSchema>;
+export type SkillsBinsResult = Static<typeof SkillsBinsResultSchema>;
 export type SkillsInstallParams = Static<typeof SkillsInstallParamsSchema>;
 export type SkillsUpdateParams = Static<typeof SkillsUpdateParamsSchema>;
 export type CronJob = Static<typeof CronJobSchema>;