(options: { isStartup: boolean })
| 356 | } |
| 357 | |
| 358 | private async refreshPolicyOnce(options: { isStartup: boolean }): Promise<Result<void, string>> { |
| 359 | const policySource = this.getActivePolicySource(); |
| 360 | if (policySource.kind === "none") { |
| 361 | // Policy is opt-in. |
| 362 | this.updateState({ source: "none", status: { state: "disabled" }, policy: null }); |
| 363 | return Ok(undefined); |
| 364 | } |
| 365 | |
| 366 | const schemaSource: PolicySource = policySource.kind === "env" ? "env" : "governor"; |
| 367 | |
| 368 | try { |
| 369 | const [clientVersion, fileText] = await Promise.all([ |
| 370 | getClientVersion(), |
| 371 | policySource.kind === "env" |
| 372 | ? loadPolicyText(policySource.value) |
| 373 | : loadGovernorPolicyText({ |
| 374 | governorOrigin: policySource.origin, |
| 375 | token: policySource.token, |
| 376 | }), |
| 377 | ]); |
| 378 | |
| 379 | const raw = parsePolicyFile(fileText); |
| 380 | const parsed = PolicyFileSchema.parse(raw); |
| 381 | |
| 382 | // Version gates |
| 383 | if (parsed.minimum_client_version) { |
| 384 | const min = parsed.minimum_client_version; |
| 385 | if (compareVersions(clientVersion, min) < 0) { |
| 386 | this.updateState({ |
| 387 | source: schemaSource, |
| 388 | status: { |
| 389 | state: "blocked", |
| 390 | reason: `Mux ${clientVersion} is below required minimum_client_version ${min}`, |
| 391 | }, |
| 392 | policy: null, |
| 393 | }); |
| 394 | return Ok(undefined); |
| 395 | } |
| 396 | } |
| 397 | |
| 398 | const providerAccess = (() => { |
| 399 | const list = parsed.provider_access; |
| 400 | if (!list || list.length === 0) { |
| 401 | return null; |
| 402 | } |
| 403 | |
| 404 | return list.map((p) => { |
| 405 | const forcedBaseUrl = normalizeForcedBaseUrl(p.base_url); |
| 406 | |
| 407 | const models = p.model_access; |
| 408 | if (!models || models.length === 0) { |
| 409 | return { id: p.id, forcedBaseUrl, allowedModels: null }; |
| 410 | } |
| 411 | |
| 412 | // Normalize + drop empties. An empty list means "allow all". |
| 413 | const normalized = models.map((m) => m.trim()).filter(Boolean); |
| 414 | if (normalized.length === 0) { |
| 415 | return { id: p.id, forcedBaseUrl, allowedModels: null }; |
no test coverage detected