deploy: configure NC01 HWLAB monitor exposure

This commit is contained in:
root
2026-07-08 05:34:11 +02:00
parent 5dfb78f000
commit a328aa909e
41 changed files with 2522 additions and 110 deletions
+12 -4
View File
@@ -49,8 +49,9 @@ process.stderr.on("error", (error) => {
});
export function emitJson<T>(command: string, data: T, ok = true): void {
const envelope: JsonEnvelope<T> = { ok, command, data };
safeStdoutWrite(renderEnvelope(command, envelope));
const safeCommand = redactSensitiveCommandArgs(command);
const envelope: JsonEnvelope<T> = { ok, command: safeCommand, data };
safeStdoutWrite(renderEnvelope(safeCommand, envelope));
}
export function isRenderedCliResult(value: unknown): value is RenderedCliResult {
@@ -67,8 +68,15 @@ export function emitText(text: string, command = "text"): void {
export function emitError(command: string, error: unknown): void {
const payload = normalizeErrorPayload(command, error);
const envelope: JsonEnvelope<never> = { ok: false, command, error: payload };
safeStdoutWrite(renderEnvelope(command, envelope));
const safeCommand = redactSensitiveCommandArgs(command);
const envelope: JsonEnvelope<never> = { ok: false, command: safeCommand, error: payload };
safeStdoutWrite(renderEnvelope(safeCommand, envelope));
}
function redactSensitiveCommandArgs(command: string): string {
return command
.replace(/(--(?:provider-token|token|password|auth-password|session-secret|ssh-client-token)(?:=|\s+))("[^"]*"|'[^']*'|\S+)/giu, "$1<redacted>")
.replace(/\b((?:PROVIDER_TOKEN|UNIDESK_PROVIDER_TOKEN|UNIDESK_SSH_CLIENT_TOKEN|AUTH_PASSWORD|SESSION_SECRET)=)("[^"]*"|'[^']*'|\S+)/gu, "$1<redacted>");
}
export function readCliOutputPolicy(): CliOutputPolicy {