@alienplatform/core 1.8.0 → 1.10.0

package/dist/tests/index.js

@@ -1,4 +1,4 @@
-import { di as StackStateSchema } from "../stack.js";
+import { Ni as StackStateSchema } from "../stack.js";
 //#region src/tests/index.ts
 function getStackState() {
 	return StackStateSchema.parse(JSON.parse(process.env.ALIEN_STACK_STATE));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alienplatform/core",
-  "version": "1.8.0",
+  "version": "1.10.0",
   "type": "module",
   "exports": {
     ".": {

package/src/__tests__/__snapshots__/stack.test.ts.snap

@@ -31,10 +31,10 @@ exports[`ArtifactRegistry resource configuration > can be used in stack permissi
         "commandsEnabled": false,
         "environment": {},
         "id": "registry-user",
-        "ingress": "private",
         "links": [],
         "memoryMb": 256,
         "permissions": "execution",
+        "publicEndpoints": [],
         "timeoutSeconds": 180,
         "triggers": [],
         "type": "worker",
@@ -145,10 +145,10 @@ exports[`Permissions system > creates a stack with custom permission sets 1`] =
         "commandsEnabled": false,
         "environment": {},
         "id": "test-worker",
-        "ingress": "private",
         "links": [],
         "memoryMb": 256,
         "permissions": "execution",
+        "publicEndpoints": [],
         "timeoutSeconds": 180,
         "triggers": [],
         "type": "worker",
@@ -206,7 +206,6 @@ exports[`Stack builder validation > builds and validates a complex stack with pe
           "RUST_LOG": "info,alien_runtime_test_server=debug,alien_runtime=debug",
         },
         "id": "my-test-worker",
-        "ingress": "public",
         "links": [
           {
             "id": "my-test-bucket",
@@ -215,6 +214,13 @@ exports[`Stack builder validation > builds and validates a complex stack with pe
         ],
         "memoryMb": 512,
         "permissions": "execution",
+        "publicEndpoints": [
+          {
+            "hostLabel": undefined,
+            "name": "api",
+            "wildcardSubdomains": false,
+          },
+        ],
         "timeoutSeconds": 30,
         "triggers": [],
         "type": "worker",
@@ -332,10 +338,10 @@ exports[`Stack builder validation > builds and validates a stack with worker sou
         "commandsEnabled": false,
         "environment": {},
         "id": "my-source-worker",
-        "ingress": "private",
         "links": [],
         "memoryMb": 256,
         "permissions": "execution",
+        "publicEndpoints": [],
         "timeoutSeconds": 15,
         "triggers": [],
         "type": "worker",

package/src/__tests__/stack.test.ts

@@ -7,6 +7,128 @@ import * as alien from "../index.js"
 const SHARED_IMAGE = "docker.io/library/rust:latest"
 
 describe("Stack builder validation", () => {
+  it("builds compute pools from portable requirements only", () => {
+    const compute = new alien.ComputeCluster("runtime")
+      .pool("nested", {
+        requirements: {
+          cpu: 4,
+          memory: "16Gi",
+          architecture: "x86_64",
+          nestedVirtualization: true,
+        },
+        scale: {
+          type: "fixed",
+          machines: { min: 2, max: 4, default: 2 },
+        },
+      })
+      .build()
+
+    expect(compute.config.capacityGroups).toEqual([
+      {
+        groupId: "nested",
+        profile: {
+          cpu: "4",
+          memoryBytes: 17179869184,
+          ephemeralStorageBytes: 21474836480,
+          gpu: undefined,
+        },
+        minSize: 2,
+        maxSize: 2,
+        nestedVirtualization: true,
+      },
+    ])
+  })
+
+  it("builds stack input definitions for deployment forms", () => {
+    const stackInputs = alien.inputs({
+      apiBaseUrl: alien.string({
+        providedBy: ["developer", "deployer"],
+        required: true,
+        label: "API base URL",
+        description: "Public URL used by the runtime service.",
+        placeholder: "https://api.example.com",
+        format: "url",
+        env: "API_BASE_URL",
+      }),
+      accessKey: alien.secret({
+        providedBy: "deployer",
+        required: true,
+        label: "Access key",
+        description: "Secret token used by the runtime service.",
+        minLength: 1,
+        env: {
+          name: "ACCESS_KEY",
+          targetResources: ["my-test-worker"],
+          type: "secret",
+        },
+      }),
+      deploymentTier: alien.enum(["starter", "enterprise"], {
+        providedBy: "developer",
+        required: false,
+        label: "Deployment tier",
+        description: "Controls default service sizing.",
+        default: "starter",
+      }),
+    })
+
+    const worker = new alien.Worker("my-test-worker")
+      .code({ type: "image", image: SHARED_IMAGE })
+      .permissions("execution")
+      .build()
+
+    const stack = new alien.Stack("my-test-stack").inputs(stackInputs).add(worker, "live").build()
+    const inputs = stack.inputs
+    expect(inputs).toBeDefined()
+    if (!inputs) {
+      throw new Error("expected stack inputs to be defined")
+    }
+
+    expect(inputs).toHaveLength(3)
+    expect(inputs.map(input => input.id)).toEqual(["apiBaseUrl", "accessKey", "deploymentTier"])
+    expect(inputs.find(input => input.id === "apiBaseUrl")).toMatchObject({
+      kind: "string",
+      providedBy: ["developer", "deployer"],
+      required: true,
+      validation: { format: "url" },
+      env: [{ name: "API_BASE_URL" }],
+    })
+    expect(inputs.find(input => input.id === "accessKey")).toMatchObject({
+      kind: "secret",
+      providedBy: ["deployer"],
+      env: [
+        {
+          name: "ACCESS_KEY",
+          targetResources: ["my-test-worker"],
+          type: "secret",
+        },
+      ],
+    })
+    expect(inputs.find(input => input.id === "deploymentTier")).toMatchObject({
+      kind: "enum",
+      default: {
+        type: "string",
+        value: "starter",
+      },
+      validation: {
+        values: ["starter", "enterprise"],
+      },
+    })
+  })
+
+  it("rejects non-portable stack input regex patterns", () => {
+    expect(() =>
+      alien.inputs({
+        apiBaseUrl: alien.string({
+          providedBy: "deployer",
+          required: true,
+          label: "API base URL",
+          description: "Public URL used by the runtime service.",
+          pattern: "(?=https://).*",
+        }),
+      }),
+    ).toThrow(/not portable/)
+  })
+
   it("builds a stateful container with persistent storage options", () => {
     const postgres = new alien.Container("postgres")
       .code({ type: "image", image: "postgres:16-alpine" })
@@ -26,6 +148,68 @@ describe("Stack builder validation", () => {
     })
   })
 
+  it("builds container and daemon wildcard public endpoint options", () => {
+    const container = new alien.Container("router")
+      .code({ type: "image", image: "nginx:latest" })
+      .cpu(0.25)
+      .memory("256Mi")
+      .permissions("execution")
+      .publicEndpoint("api", 8080, {
+        protocol: "http",
+        hostLabel: "edge",
+        wildcardSubdomains: true,
+      })
+      .build()
+
+    expect(container.config.ports).toEqual([
+      {
+        port: 8080,
+      },
+    ])
+    expect(container.config.publicEndpoints).toEqual([
+      {
+        name: "api",
+        port: 8080,
+        protocol: "http",
+        hostLabel: "edge",
+        wildcardSubdomains: true,
+      },
+    ])
+
+    const daemon = new alien.Daemon("gateway")
+      .code({ type: "image", image: "registry.example.com/gateway:latest" })
+      .cluster("compute")
+      .permissions("execution")
+      .publicEndpoint("api", 8080, {
+        protocol: "http",
+        hostLabel: "public",
+        wildcardSubdomains: true,
+      })
+      .healthCheck({
+        path: "/health",
+        method: "GET",
+        timeoutSeconds: 1,
+        failureThreshold: 3,
+      })
+      .build()
+
+    expect(daemon.config.publicEndpoints).toEqual([
+      {
+        name: "api",
+        port: 8080,
+        protocol: "http",
+        hostLabel: "public",
+        wildcardSubdomains: true,
+      },
+    ])
+    expect(daemon.config.healthCheck).toEqual({
+      path: "/health",
+      method: "GET",
+      timeoutSeconds: 1,
+      failureThreshold: 3,
+    })
+  })
+
   it("builds and validates a complex stack with permissions", () => {
     // Storage bucket
     const storage = new alien.Storage("my-test-bucket").publicRead(true).build()
@@ -36,7 +220,7 @@ describe("Stack builder validation", () => {
       .memoryMb(512)
       .timeoutSeconds(30)
       .permissions("execution")
-      .ingress("public")
+      .publicEndpoint("api")
       .environment({
         RUST_LOG: "info,alien_runtime_test_server=debug,alien_runtime=debug",
       })
@@ -140,7 +324,6 @@ describe("Stack builder validation", () => {
       })
       .memoryMb(256)
       .timeoutSeconds(15)
-      .ingress("private")
       .permissions("execution")
       .build()
 

package/src/compute-cluster.ts

@@ -0,0 +1,213 @@
+import {
+  type ComputeCluster as ComputeClusterConfig,
+  ComputeClusterSchema,
+  type MachineProfile,
+  type ResourceType,
+} from "./generated/index.js"
+import { Resource } from "./resource.js"
+
+export type {
+  ComputeCluster as ComputeClusterConfig,
+  CapacityGroup,
+  CapacityGroupScalePolicy,
+  ComputeChoiceRange as GeneratedComputeChoiceRange,
+  MachineProfile,
+} from "./generated/index.js"
+export {
+  ComputeClusterSchema as ComputeClusterConfigSchema,
+  CapacityGroupSchema,
+  CapacityGroupScalePolicySchema,
+  ComputeChoiceRangeSchema,
+  MachineProfileSchema,
+} from "./generated/index.js"
+
+/**
+ * Hardware requirements for a compute pool.
+ */
+export type ComputePoolRequirements = {
+  cpu: number | string
+  memory: string
+  ephemeralStorage?: string
+  architecture?: "arm64" | "x86_64"
+  nestedVirtualization?: boolean
+  accelerators?: Array<{
+    type: string
+    count: number
+  }>
+}
+
+export type ComputeChoiceRange =
+  | number
+  | {
+      min: number
+      max: number
+      default: number
+    }
+
+export type ComputePoolScale =
+  | {
+      type: "fixed"
+      machines: ComputeChoiceRange
+    }
+  | {
+      type: "autoscale"
+      min: ComputeChoiceRange
+      max: ComputeChoiceRange
+    }
+
+export type ComputePoolInput = {
+  requirements: ComputePoolRequirements
+  scale: ComputePoolScale
+}
+
+/**
+ * Declares a ComputeCluster — the setup-owned machine boundary for daemons and
+ * containers. Each capacity group inside the cluster becomes a separate
+ * Auto Scaling Group (AWS), Managed Instance Group (GCP), or VM Scale Set
+ * (Azure). Daemons reference a cluster via `daemon.cluster(...)` and (when
+ * the cluster has more than one capacity group) a specific group via
+ * `daemon.pool(...)`.
+ *
+ * Application source declares portable pool requirements. Provider machine
+ * names are selected later through deployment settings.
+ */
+export class ComputeCluster {
+  private _config: Partial<ComputeClusterConfig> = {
+    capacityGroups: [],
+  }
+
+  constructor(id: string) {
+    this._config.id = id
+  }
+
+  /**
+   * Returns the resource type for permission targets that apply to all
+   * compute-cluster resources.
+   */
+  public static any(): ResourceType {
+    return "compute-cluster"
+  }
+
+  public pool(groupId: string, config: ComputePoolInput): this {
+    const { minSize, maxSize } = selectedScaleBounds(config.scale)
+    this._config.capacityGroups!.push({
+      groupId,
+      profile: machineProfileFromRequirements(config.requirements),
+      minSize,
+      maxSize,
+      scalePolicy: scalePolicyFromInput(config.scale),
+      nestedVirtualization: config.requirements.nestedVirtualization,
+    })
+    return this
+  }
+
+  /**
+   * Sets the container CIDR block used for inter-container networking inside
+   * the cluster. Each machine gets a /24 subnet carved from this range.
+   * Defaults to 10.244.0.0/16 if not specified.
+   */
+  public containerCidr(cidr: string): this {
+    this._config.containerCidr = cidr
+    return this
+  }
+
+  /**
+   * Builds and validates the cluster configuration.
+   */
+  public build(): Resource {
+    const config = ComputeClusterSchema.parse(this._config)
+    return new Resource({
+      type: "compute-cluster",
+      ...config,
+    })
+  }
+}
+
+function selectedScaleBounds(scale: ComputePoolScale): { minSize: number; maxSize: number } {
+  if (scale.type === "fixed") {
+    const machines = defaultChoice(scale.machines)
+    return { minSize: machines, maxSize: machines }
+  }
+
+  return {
+    minSize: defaultChoice(scale.min),
+    maxSize: defaultChoice(scale.max),
+  }
+}
+
+function scalePolicyFromInput(
+  scale: ComputePoolScale,
+): ComputeClusterConfig["capacityGroups"][number]["scalePolicy"] {
+  if (scale.type === "fixed") {
+    return {
+      type: "fixed",
+      machines: choiceRange(scale.machines),
+    }
+  }
+
+  return {
+    type: "autoscale",
+    min: choiceRange(scale.min),
+    max: choiceRange(scale.max),
+  }
+}
+
+function choiceRange(choice: ComputeChoiceRange): { min: number; max: number; default: number } {
+  if (typeof choice === "number") {
+    return { min: choice, max: choice, default: choice }
+  }
+  return choice
+}
+
+function defaultChoice(choice: ComputeChoiceRange): number {
+  if (typeof choice === "number") {
+    return choice
+  }
+
+  return choice.default
+}
+
+function machineProfileFromRequirements(requirements: ComputePoolRequirements): MachineProfile {
+  return {
+    cpu: typeof requirements.cpu === "number" ? `${requirements.cpu}` : requirements.cpu,
+    memoryBytes: parseQuantityBytes(requirements.memory),
+    ephemeralStorageBytes: parseQuantityBytes(requirements.ephemeralStorage ?? "20Gi"),
+    architecture: requirements.architecture,
+    gpu: requirements.accelerators?.[0]
+      ? {
+          type: requirements.accelerators[0].type,
+          count: requirements.accelerators[0].count,
+        }
+      : undefined,
+  }
+}
+
+function parseQuantityBytes(value: string): number {
+  const match = value.match(/^([0-9]+(?:\.[0-9]+)?)(Ki|Mi|Gi|Ti|k|M|G|T)?$/)
+  if (!match) {
+    throw new Error(`Invalid memory/storage quantity: ${value}`)
+  }
+
+  const amount = Number(match[1])
+  const suffix = match[2]
+  const multiplier =
+    suffix === "Ti"
+      ? 1024 ** 4
+      : suffix === "Gi"
+        ? 1024 ** 3
+        : suffix === "Mi"
+          ? 1024 ** 2
+          : suffix === "Ki"
+            ? 1024
+            : suffix === "T"
+              ? 1000 ** 4
+              : suffix === "G"
+                ? 1000 ** 3
+                : suffix === "M"
+                  ? 1000 ** 2
+                  : suffix === "k"
+                    ? 1000
+                    : 1
+
+  return Math.round(amount * multiplier)
+}

package/src/container.ts

@@ -6,11 +6,21 @@ import {
   ContainerSchema,
   type HealthCheck,
   type PersistentStorage,
+  type PublicEndpoint,
   type ResourceSpec,
   type ResourceType,
 } from "./generated/index.js"
 import { Resource } from "./resource.js"
 
+export type PublicEndpointOptions =
+  | "http"
+  | "tcp"
+  | {
+      protocol: "http" | "tcp"
+      hostLabel?: string
+      wildcardSubdomains?: boolean
+    }
+
 export type {
   Container as ContainerConfig,
   ContainerOutputs,
@@ -18,6 +28,7 @@ export type {
   ContainerAutoscaling,
   ContainerPort,
   ExposeProtocol,
+  PublicEndpoint,
   ContainerGpuSpec,
   ContainerStatus,
   HealthCheck,
@@ -53,6 +64,7 @@ export class Container {
   private _config: Partial<ContainerConfig> = {
     links: [],
     ports: [],
+    publicEndpoints: [],
     environment: {},
     stateful: false,
     // cluster is optional - if not set, ComputeClusterMutation will auto-assign
@@ -231,40 +243,40 @@ export class Container {
   }
 
   /**
-   * Exposes a specific port publicly via load balancer.
+   * Exposes a named public endpoint for a container port.
+   *
+   * Endpoint names are the stable contract for URLs, DNS, and runtime
+   * environment injection.
+   *
+   * @param name Endpoint name, unique within this container.
    * @param port Port number to expose.
-   * @param protocol "http" for HTTPS with TLS termination, "tcp" for TCP passthrough.
+   * @param options "http"/"tcp" or endpoint options.
    * @returns The Container builder instance.
    */
-  public exposePort(port: number, protocol: "http" | "tcp"): this {
+  public publicEndpoint(name: string, port: number, options: PublicEndpointOptions = "http"): this {
     if (!this._config.ports) {
       this._config.ports = []
     }
-
-    // Find existing port or add new one
-    const existingPort = this._config.ports.find(p => p.port === port)
-    if (existingPort) {
-      existingPort.expose = protocol
-    } else {
-      this._config.ports.push({ port, expose: protocol })
-    }
-    return this
-  }
-
-  /**
-   * Convenience method to expose the first/primary port publicly.
-   * Must be called after .port() or .ports().
-   * @param protocol "http" for HTTPS with TLS termination, "tcp" for TCP passthrough.
-   * @returns The Container builder instance.
-   */
-  public expose(protocol: "http" | "tcp"): this {
-    if (!this._config.ports || this._config.ports.length === 0) {
-      throw new Error("Cannot expose port: no ports defined. Call .port() first.")
+    if (!this._config.publicEndpoints) {
+      this._config.publicEndpoints = []
     }
-    if (!this._config.ports[0]) {
-      throw new Error("Cannot expose port: ports array is empty")
+    const endpoint =
+      typeof options === "string"
+        ? { protocol: options, hostLabel: undefined, wildcardSubdomains: false }
+        : options
+
+    if (!this._config.ports.some(p => p.port === port)) {
+      this._config.ports.push({
+        port,
+      })
     }
-    this._config.ports[0].expose = protocol
+    this._config.publicEndpoints.push({
+      name,
+      port,
+      protocol: endpoint.protocol,
+      hostLabel: endpoint.hostLabel,
+      wildcardSubdomains: endpoint.wildcardSubdomains ?? false,
+    } satisfies PublicEndpoint)
     return this
   }