bastion/tsconfig.json

{
  "files": [],
  "references": [
    { "path": "src/core" },
    { "path": "src/shared" },
    { "path": "src/bastion" },
    { "path": "src/cli" },
    { "path": "src/labd" },
    { "path": "src/modules" }
  ]
}
feat: TypeScript bastion rewrite (initial scaffold) Full rewrite of the bash bastion.sh into a TypeScript application: - Fastify HTTP server with typed routes (dispatch, kickstart, API) - Commander CLI (serve, install, list, reprovision) - Kickstart templates as TypeScript template literals (no more heredoc hell) - dnsmasq management via execa subprocess - Merged machine list view (hardware + install info in one table) - Containerized via podman-compose (Dockerfile + docker-compose.yml) - All partition logic preserved (LVM, reprovision detection, role-based) Not yet tested end-to-end — needs VM validation before replacing bash version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-17 02:55:52 +00:00			`{`
refactor: restructure bastion as pnpm monorepo (@lab/shared, @lab/bastion, @lab/cli) - Split into 3 workspace packages: shared (types/constants), bastion (server), cli - CLI binary renamed from "bastion" to "lab" - Cross-package imports via @lab/shared and @lab/bastion workspace references - Extracted BastionConfig, BastionState, HardwareInfo types into @lab/shared - Added APP_NAME/APP_VERSION constants - tsconfig.base.json with project references for build ordering - Root workspace scripts: build, test, typecheck, clean Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-17 11:05:41 +00:00			`"files": [],`
			`"references": [`
feat: v2.0 Phase 1 foundation — @lab/core, auth, RBAC, audit, resource store New packages: - @lab/core: Resource types, Output<T> (Pulumi), audit event types, auth types, environment/account types, resource kind registry New Prisma schema (mcpctl pattern): - User (email/password/bcrypt), Session (bearer tokens), Group, GroupMember - ServiceAccount, RbacDefinition (JSON subjects + roleBindings) - AuditEvent (correlation IDs, causal chains, fire-and-forget batching) - Environment, Account (driver config, Infisical secret path), Binding - Resource (generic, kind/name/env unique, origin/managedBy tracking) - Secret, Fleet, FleetMember, GitSource - Keeps v1.0 models: Server, Agent, Bastion, Cluster, JoinToken New services: - AuthService: bearer token login, bootstrap (first login creates admin), session management with 30-day expiry - RbacService: environment-scoped permission checks, group membership, role hierarchy (admin > edit > view) - AuditService: fire-and-forget event collection, batch 50 / flush 5s, correlation IDs for causal chains - ResourceStore: CRUD with origin/managedBy, RBAC-enforced routes New routes: - POST /api/auth/login, POST /api/auth/logout (bearer token auth) - GET/POST/PUT/DELETE /api/resources (RBAC-enforced CRUD) - GET/POST /api/environments, GET/POST /api/accounts - POST /api/accounts/bind, GET /api/bindings - GET /api/events (audit query with --last, --kind, --env, --correlation) New middleware: - Bearer token auth (validates Authorization header, resolves user identity) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-04-02 01:42:28 +01:00			`{ "path": "src/core" },`
refactor: restructure bastion as pnpm monorepo (@lab/shared, @lab/bastion, @lab/cli) - Split into 3 workspace packages: shared (types/constants), bastion (server), cli - CLI binary renamed from "bastion" to "lab" - Cross-package imports via @lab/shared and @lab/bastion workspace references - Extracted BastionConfig, BastionState, HardwareInfo types into @lab/shared - Added APP_NAME/APP_VERSION constants - tsconfig.base.json with project references for build ordering - Root workspace scripts: build, test, typecheck, clean Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-17 11:05:41 +00:00			`{ "path": "src/shared" },`
			`{ "path": "src/bastion" },`
feat: scaffold labd — master daemon with CockroachDB + Prisma New @lab/labd workspace package: - Fastify HTTP server + WebSocket for agent connections - Prisma schema (CockroachDB): Server, Agent, User, Role, Permission, UserRole, JoinToken, AuditLog, PulumiRun, Cluster models - Health endpoint with DB connectivity check - Server listing with cloud/env/status filters - Auth routes: agent enrollment, join token management - Placeholder mTLS auth middleware - Dev stack: CockroachDB single-node in docker-compose - 32 tests passing (2 new for labd health) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 00:13:16 +00:00			`{ "path": "src/cli" },`
feat: install logging, error trapping, PXE/ISO integration tests Kickstart installs on real hardware failed silently — no error reporting, only 3 progress callbacks, zero log streaming. This overhaul makes every install fully observable. Kickstart improvements: - Error trapping in %pre and %post (trap ERR sends failure details to bastion) - 12+ granular progress stages (was 3): SSH, hostname, k3s prep, EFI boot, metadata - Background log streamer: tails %post output and batch-sends to /api/log - bastion_log() function for explicit log lines from kickstart scripts Bastion API: - POST /api/log — receives raw log lines from kickstart (single or batch) - InstallLogBuffer — per-MAC ring buffer (2000 lines) + file persistence - GET /api/logs/:mac — now returns log_lines + log_total alongside stages - SSE /api/logs/:mac/follow — uses named events (event: stage vs event: log) - Progress events forwarded to labd via bastion-progress WebSocket message - Post-provision k3s logs routed through progressBus (was console-only) dnsmasq fixes found during VM testing: - HTTP Boot filename: ipxe-real.efi → ipxe.efi (leftover from old 2-stage approach) - pxe-service directives: only in proxy mode (breaks OVMF PXE in full mode) - PXEClient vendor class echo for UEFI firmware compatibility Integration tests: - PXE boot test: blank UEFI VM → dnsmasq → HTTP Boot → iPXE → bastion → install - ISO boot test: blank VM boots from bastion-generated ISO → same flow - Shared helpers: pxe-network (no DHCP, nftables fix), pxe-vm (UEFI + ISO boot) - test-provision.sh: runs both PXE + ISO tests with prerequisite checks - 250GB sparse QCOW2 disk (LVM layout needs ~204GB) 201 unit tests passing (11 new). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 22:26:33 +00:00			`{ "path": "src/labd" },`
			`{ "path": "src/modules" }`
refactor: restructure bastion as pnpm monorepo (@lab/shared, @lab/bastion, @lab/cli) - Split into 3 workspace packages: shared (types/constants), bastion (server), cli - CLI binary renamed from "bastion" to "lab" - Cross-package imports via @lab/shared and @lab/bastion workspace references - Extracted BastionConfig, BastionState, HardwareInfo types into @lab/shared - Added APP_NAME/APP_VERSION constants - tsconfig.base.json with project references for build ordering - Root workspace scripts: build, test, typecheck, clean Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-17 11:05:41 +00:00			`]`
feat: TypeScript bastion rewrite (initial scaffold) Full rewrite of the bash bastion.sh into a TypeScript application: - Fastify HTTP server with typed routes (dispatch, kickstart, API) - Commander CLI (serve, install, list, reprovision) - Kickstart templates as TypeScript template literals (no more heredoc hell) - dnsmasq management via execa subprocess - Merged machine list view (hardware + install info in one table) - Containerized via podman-compose (Dockerfile + docker-compose.yml) - All partition logic preserved (LVM, reprovision detection, role-based) Not yet tested end-to-end — needs VM validation before replacing bash version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-17 02:55:52 +00:00			`}`