mikael-lovqvists-claude-agent/claude-code-conduit
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3841c5418a4de2c7d3ceacdf0bb81a01b983c16f
claude-code-conduit/server/index.mjs
mikael-lovqvists-claude-agent 9668bae220 Add --dry-run flag to server 
When active, action invocations are logged (action name, caller, params)
but no handler is executed. Applies to both auto-accept and approved queue
entries. Startup message confirms the mode is active.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-17 22:41:09 +00:00

180 lines
5.3 KiB
JavaScript
Raw Blame History

import express from 'express';
import { actions } from './actions.mjs';
import { enqueue, get_entry, list_pending, resolve } from './queue.mjs';
import { load_secrets } from './secrets.mjs';
import { create_auth_middleware, check_can_approve } from './auth.mjs';
import { create_mailer } from './mailer.mjs';
import { load_mail_perms } from './mail_perms.mjs';
function get_arg(argv, flag) {
const i = argv.indexOf(flag);
return i !== -1 ? argv[i + 1] : null;
}
function ts() {
return new Date().toLocaleTimeString();
}
const PORT = process.env.CONDUIT_PORT || 3015;
const BIND = get_arg(process.argv, '--bind') || process.env.CONDUIT_BIND || '127.0.0.1';
const VERBOSE = process.argv.includes('--verbose');
const DRY_RUN = process.argv.includes('--dry-run');
const secrets_path = get_arg(process.argv, '--secrets');
const mail_perms_path = get_arg(process.argv, '--mail-perms') || process.env.CONDUIT_MAIL_PERMS || null;
let secrets;
try {
secrets = load_secrets(secrets_path);
} catch (err) {
console.error(`Fatal: ${err.message}`);
process.exit(1);
}
const { users, smtp } = secrets;
let mail_perm_store;
try {
mail_perm_store = load_mail_perms(mail_perms_path);
} catch (err) {
console.error(`Fatal: ${err.message}`);
process.exit(1);
}
if (!mail_perms_path) {
console.warn('Warning: --mail-perms not set; mail permissions will not persist across restarts');
}
const mailer_send = create_mailer(smtp);
const app = express();
app.use(express.json({
verify: (req, _res, buf) => {
req.raw_body = buf.toString('utf8');
},
}));
app.use(create_auth_middleware(users));
app.use((req, _res, next) => {
const is_debug = req.method === 'GET' && req.path === '/queue';
if (!is_debug || VERBOSE) {
console.log(`[${ts()}] ${req.method} ${req.path}${req.conduit_user}`);
}
next();
});
async function run_action(def, action, params, ctx) {
if (DRY_RUN) {
console.log(`[${ts()}] [DRY-RUN] action: ${action}`);
console.log(`[${ts()}] [DRY-RUN] caller: ${ctx.caller}`);
console.log(`[${ts()}] [DRY-RUN] params: ${JSON.stringify(params, null, 2)}`);
return { dry_run: true, action, params };
}
return def.handler(params, ctx);
}
function validate_params(action_def, params) {
const errors = [];
for (const p of action_def.params) {
if (p.required && (params[p.name] === undefined || params[p.name] === null)) {
errors.push(`Missing required param: ${p.name}`);
}
}
return errors;
}
// POST /action — main entry point
app.post('/action', async (req, res) => {
const { action, ...params } = req.body ?? {};
if (!action) {
return res.status(400).json({ error: "Missing 'action' field" });
}
const def = actions[action];
if (!def) {
return res.status(404).json({ error: `Unknown action: ${action}` });
}
const errors = validate_params(def, params);
if (errors.length) {
return res.status(400).json({ error: 'Invalid params', details: errors });
}
if (def.policy === 'auto-deny') {
return res.status(403).json({ status: 'denied', reason: 'Policy: auto-deny' });
}
const ctx = { caller: req.conduit_user, users, mail_perm_store, mailer_send };
if (def.policy === 'auto-accept') {
try {
const result = await run_action(def, action, params, ctx);
return res.json({ status: 'accepted', result });
} catch (err) {
return res.status(500).json({ status: 'error', error: err.message });
}
}
if (def.policy === 'queue') {
const id = enqueue(action, params, req.conduit_user);
return res.status(202).json({ status: 'queued', id });
}
});
// GET /queue — list pending items
app.get('/queue', (req, res) => {
res.json(list_pending());
});
// POST /queue/:id/approve — user approves a queued action
app.post('/queue/:id/approve', async (req, res) => {
const entry = get_entry(req.params.id);
if (!entry) {
return res.status(404).json({ error: 'Not found' });
}
if (entry.status !== 'pending') {
return res.status(409).json({ error: 'Already resolved' });
}
if (!check_can_approve(users, req.conduit_user, entry.submitted_by)) {
return res.status(403).json({ error: 'Not authorized to approve this entry' });
}
entry.resolved_by = req.conduit_user;
resolve(req.params.id, 'approved');
const ctx = { caller: entry.submitted_by, users, mail_perm_store, mailer_send };
const def = actions[entry.action];
try {
const result = await run_action(def, entry.action, entry.params, ctx);
res.json({ status: 'approved', result });
} catch (err) {
res.status(500).json({ status: 'error', error: err.message });
}
});
// POST /queue/:id/deny — user denies a queued action
app.post('/queue/:id/deny', (req, res) => {
const entry = get_entry(req.params.id);
if (!entry) {
return res.status(404).json({ error: 'Not found' });
}
if (entry.status !== 'pending') {
return res.status(409).json({ error: 'Already resolved' });
}
if (!check_can_approve(users, req.conduit_user, entry.submitted_by)) {
return res.status(403).json({ error: 'Not authorized to deny this entry' });
}
entry.resolved_by = req.conduit_user;
resolve(req.params.id, 'denied');
res.json({ status: 'denied' });
});
app.listen(PORT, BIND, () => {
console.log(`claude-code-conduit server running on ${BIND}:${PORT}`);
console.log(`Workspace root: ${process.env.CONDUIT_ROOT || '/workspace'}`);
if (DRY_RUN) {
console.log('DRY-RUN mode enabled — actions will be logged but not executed');
}
});
Reference in New Issue View Git Blame Copy Permalink