@astrale-os/sdk 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel-client.d.ts","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAGzD,OAAO,EAAgC,KAAK,KAAK,EAAE,MAAM,2BAA2B,CAAA;AAEpF,OAAO,EAAiB,KAAK,sBAAsB,EAAE,MAAM,mCAAmC,CAAA;AAE9F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAsCtD;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAIxC;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAExC;
|
|
1
|
+
{"version":3,"file":"kernel-client.d.ts","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAGzD,OAAO,EAAgC,KAAK,KAAK,EAAE,MAAM,2BAA2B,CAAA;AAEpF,OAAO,EAAiB,KAAK,sBAAsB,EAAE,MAAM,mCAAmC,CAAA;AAE9F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAsCtD;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAIxC;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAExC;AAiED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,oBAAoB,EAC9B,IAAI,EAAE,OAAO,GACZ,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAehE"}
|
|
@@ -77,6 +77,13 @@ async function bindSession(kernelUrl, config, grant, nextHopDelegation) {
|
|
|
77
77
|
subject: config.subject,
|
|
78
78
|
audience: kernelUrl,
|
|
79
79
|
privateKey: config.privateKey,
|
|
80
|
+
// Long-running handlers (a managed INSTALL saga easily runs minutes on a
|
|
81
|
+
// cold box) make kernel callbacks throughout — the default 60s wall left
|
|
82
|
+
// them unable to even write their own failure records (observed live:
|
|
83
|
+
// install wedged at 'installing' forever). The session credential is
|
|
84
|
+
// per-request and aud-bound; delegated AUTHORITY still expires with the
|
|
85
|
+
// inner delegation's own exp.
|
|
86
|
+
ttl: '30m',
|
|
80
87
|
});
|
|
81
88
|
// Self-reference in the mint closure is lazy — it only fires on a delegation
|
|
82
89
|
// cache miss while following a redirect, long after construction.
|
|
@@ -115,10 +122,14 @@ async function bindSession(kernelUrl, config, grant, nextHopDelegation) {
|
|
|
115
122
|
*/
|
|
116
123
|
export function makeSelfKernel(identity, deps) {
|
|
117
124
|
return async (kernelUrl) => {
|
|
118
|
-
const
|
|
125
|
+
const env = deps;
|
|
126
|
+
// Prefer the INSTANCE kernel (the graph this domain is installed on);
|
|
127
|
+
// KERNEL_URL on managed services is the HOST kernel (the box) — wrong
|
|
128
|
+
// graph for domain writes, kept only as a last-resort fallback.
|
|
129
|
+
const url = kernelUrl ?? env?.INSTANCE_KERNEL_URL ?? env?.KERNEL_URL;
|
|
119
130
|
if (typeof url !== 'string' || url.length === 0) {
|
|
120
|
-
throw new Error('selfKernel: no kernel URL — pass one explicitly or set
|
|
121
|
-
'(managed deploys set it automatically).');
|
|
131
|
+
throw new Error('selfKernel: no kernel URL — pass one explicitly or set INSTANCE_KERNEL_URL in the ' +
|
|
132
|
+
'worker env (managed deploys set it automatically).');
|
|
122
133
|
}
|
|
123
134
|
return bindSelfKernel(url, identity);
|
|
124
135
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel-client.js","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,EAAE,YAAY,EAAE,cAAc,EAAc,MAAM,2BAA2B,CAAA;AACpF,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAC3D,OAAO,EAAE,aAAa,EAA+B,MAAM,mCAAmC,CAAA;AAI9F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAA;AAEvC,MAAM,sBAAsB,GAAG,IAAI,CAAA;AAEnC,6EAA6E;AAC7E,4EAA4E;AAC5E,wEAAwE;AACxE,MAAM,WAAW,GAAG,+CAA+C,CAAA;AAEnE,+EAA+E;AAC/E,2EAA2E;AAC3E,uEAAuE;AACvE,MAAM,KAAK,GAAG,IAAI,GAAG,EAA6B,CAAA;AAClD,MAAM,UAAU,GAAG,IAAI,GAAG,EAA0B,CAAA;AAEpD,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAA;QAC/B,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAQ;QACjC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,YAAY,CAAQ,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;KAC5E,CAAC,CAAA;IACF,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IACpB,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAAsB,EACtB,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,CAC/E,iBAAiB,CAAC,UAAU,CAAC,CAC9B,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,CAAA;AACtF,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAA4B,EAC5B,KAAc,EACd,iBAA+C;IAE/C,MAAM,UAAU,GAAG,MAAM,cAAc,CACrC,EAAE,KAAK,EAAE,EACT;QACE,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,MAAM,CAAC,UAAU;
|
|
1
|
+
{"version":3,"file":"kernel-client.js","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,EAAE,YAAY,EAAE,cAAc,EAAc,MAAM,2BAA2B,CAAA;AACpF,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAC3D,OAAO,EAAE,aAAa,EAA+B,MAAM,mCAAmC,CAAA;AAI9F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAA;AAEvC,MAAM,sBAAsB,GAAG,IAAI,CAAA;AAEnC,6EAA6E;AAC7E,4EAA4E;AAC5E,wEAAwE;AACxE,MAAM,WAAW,GAAG,+CAA+C,CAAA;AAEnE,+EAA+E;AAC/E,2EAA2E;AAC3E,uEAAuE;AACvE,MAAM,KAAK,GAAG,IAAI,GAAG,EAA6B,CAAA;AAClD,MAAM,UAAU,GAAG,IAAI,GAAG,EAA0B,CAAA;AAEpD,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAA;QAC/B,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAQ;QACjC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,YAAY,CAAQ,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;KAC5E,CAAC,CAAA;IACF,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IACpB,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAAsB,EACtB,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,CAC/E,iBAAiB,CAAC,UAAU,CAAC,CAC9B,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,CAAA;AACtF,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAA4B,EAC5B,KAAc,EACd,iBAA+C;IAE/C,MAAM,UAAU,GAAG,MAAM,cAAc,CACrC,EAAE,KAAK,EAAE,EACT;QACE,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,yEAAyE;QACzE,yEAAyE;QACzE,sEAAsE;QACtE,qEAAqE;QACrE,wEAAwE;QACxE,8BAA8B;QAC9B,GAAG,EAAE,KAAK;KACX,CACF,CAAA;IAED,6EAA6E;IAC7E,kEAAkE;IAClE,MAAM,OAAO,GAAyB,IAAI,aAAa,CAAQ;QAC7D,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC;QAC9B,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC;QACxB,UAAU,EAAE;YACV,yEAAyE;YACzE,yEAAyE;YACzE,qEAAqE;YACrE,yEAAyE;YACzE,qEAAqE;YACrE,8DAA8D;YAC9D,iEAAiE;YACjE,sEAAsE;YACtE,UAAU;YACV,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;gBACvB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;gBAC1E,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CACjC,IAAI,MAAM,4BAA4B,EACtC,EAAE,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,EAAE,GAAG,EAAE,sBAAsB,EAAE,EAC1E,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CACrC,CAAA;gBACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACjC,MAAM,IAAI,KAAK,CACb,qCAAqC,OAAO,QAAQ,gCAAgC,CACrF,CAAA;gBACH,CAAC;gBACD,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,EAAE,sBAAsB,EAAE,CAAA;YAC9D,CAAC;YACD,GAAG,EAAE,sBAAsB;SAC5B;KACF,CAAC,CAAA;IACF,OAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,CAAA;AAC/B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,QAA8B,EAC9B,IAAa;IAEb,OAAO,KAAK,EAAE,SAAkB,EAAE,EAAE;QAClC,MAAM,GAAG,GAAG,IAAkF,CAAA;QAC9F,sEAAsE;QACtE,sEAAsE;QACtE,gEAAgE;QAChE,MAAM,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,mBAAmB,IAAI,GAAG,EAAE,UAAU,CAAA;QACpE,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CACb,oFAAoF;gBAClF,oDAAoD,CACvD,CAAA;QACH,CAAC;QACD,OAAO,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IACtC,CAAC,CAAA;AACH,CAAC;AAED,6EAA6E;AAC7E,6EAA6E;AAC7E,4DAA4D;AAC5D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAA;AAEzC;;;GAGG;AACH,KAAK,UAAU,aAAa,CAC1B,OAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,MAA4B;IAE5B,MAAM,GAAG,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAA;IAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IACzB,MAAM,EAAE,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAE7E,CAAA;IACR,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,wCAAwC,MAAM,CAAC,OAAO,+CAA+C,CACtG,CAAA;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;IACvB,OAAO,EAAE,CAAC,EAAE,CAAA;AACd,CAAC"}
|
package/package.json
CHANGED
|
@@ -107,6 +107,13 @@ async function bindSession(
|
|
|
107
107
|
subject: config.subject,
|
|
108
108
|
audience: kernelUrl,
|
|
109
109
|
privateKey: config.privateKey,
|
|
110
|
+
// Long-running handlers (a managed INSTALL saga easily runs minutes on a
|
|
111
|
+
// cold box) make kernel callbacks throughout — the default 60s wall left
|
|
112
|
+
// them unable to even write their own failure records (observed live:
|
|
113
|
+
// install wedged at 'installing' forever). The session credential is
|
|
114
|
+
// per-request and aud-bound; delegated AUTHORITY still expires with the
|
|
115
|
+
// inner delegation's own exp.
|
|
116
|
+
ttl: '30m',
|
|
110
117
|
},
|
|
111
118
|
)
|
|
112
119
|
|
|
@@ -157,11 +164,15 @@ export function makeSelfKernel(
|
|
|
157
164
|
deps: unknown,
|
|
158
165
|
): (kernelUrl?: string) => Promise<BoundClientSessionView<FnMap>> {
|
|
159
166
|
return async (kernelUrl?: string) => {
|
|
160
|
-
const
|
|
167
|
+
const env = deps as { INSTANCE_KERNEL_URL?: unknown; KERNEL_URL?: unknown } | null | undefined
|
|
168
|
+
// Prefer the INSTANCE kernel (the graph this domain is installed on);
|
|
169
|
+
// KERNEL_URL on managed services is the HOST kernel (the box) — wrong
|
|
170
|
+
// graph for domain writes, kept only as a last-resort fallback.
|
|
171
|
+
const url = kernelUrl ?? env?.INSTANCE_KERNEL_URL ?? env?.KERNEL_URL
|
|
161
172
|
if (typeof url !== 'string' || url.length === 0) {
|
|
162
173
|
throw new Error(
|
|
163
|
-
'selfKernel: no kernel URL — pass one explicitly or set
|
|
164
|
-
'(managed deploys set it automatically).',
|
|
174
|
+
'selfKernel: no kernel URL — pass one explicitly or set INSTANCE_KERNEL_URL in the ' +
|
|
175
|
+
'worker env (managed deploys set it automatically).',
|
|
165
176
|
)
|
|
166
177
|
}
|
|
167
178
|
return bindSelfKernel(url, identity)
|