| 294 | * the /api/probes router). |
| 295 | */ |
| 296 | export function loadOpsTriggerToken( |
| 297 | logger_: typeof logger = logger, |
| 298 | ): string | undefined { |
| 299 | const rawTriggerToken = process.env.OPS_TRIGGER_TOKEN; |
| 300 | if (rawTriggerToken === undefined) return undefined; |
| 301 | if (rawTriggerToken.trim() === "") { |
| 302 | logger_.error("orchestrator.FATAL-CONFIG", { |
| 303 | msg: "OPS_TRIGGER_TOKEN set but empty — refusing to boot", |
| 304 | }); |
| 305 | throw new Error( |
| 306 | "OPS_TRIGGER_TOKEN is set but empty — refusing to mount probes router with insecure auth", |
| 307 | ); |
| 308 | } |
| 309 | // R3-A.5: trim defense-in-depth so the value passed downstream matches |
| 310 | // exactly what the bearer-auth middleware compares against (see auth.ts). |
| 311 | return rawTriggerToken.trim(); |
| 312 | } |
| 313 | |
| 314 | /** |
| 315 | * Subscribe to `deploy.result` events on the given bus, routing each event |