@astrale-os/sdk 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/kernel-client.d.ts.map +1 -1
- package/dist/auth/kernel-client.js +14 -3
- package/dist/auth/kernel-client.js.map +1 -1
- package/dist/define/view.d.ts +10 -0
- package/dist/define/view.d.ts.map +1 -1
- package/dist/define/view.js.map +1 -1
- package/dist/server/auxiliary-routes.d.ts.map +1 -1
- package/dist/server/auxiliary-routes.js +8 -3
- package/dist/server/auxiliary-routes.js.map +1 -1
- package/package.json +1 -1
- package/src/auth/kernel-client.ts +14 -3
- package/src/define/view.ts +10 -0
- package/src/server/auxiliary-routes.ts +8 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel-client.d.ts","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAGzD,OAAO,EAAgC,KAAK,KAAK,EAAE,MAAM,2BAA2B,CAAA;AAEpF,OAAO,EAAiB,KAAK,sBAAsB,EAAE,MAAM,mCAAmC,CAAA;AAE9F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAsCtD;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAIxC;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAExC;
|
|
1
|
+
{"version":3,"file":"kernel-client.d.ts","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAGzD,OAAO,EAAgC,KAAK,KAAK,EAAE,MAAM,2BAA2B,CAAA;AAEpF,OAAO,EAAiB,KAAK,sBAAsB,EAAE,MAAM,mCAAmC,CAAA;AAE9F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAsCtD;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAIxC;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAExC;AAiED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,oBAAoB,EAC9B,IAAI,EAAE,OAAO,GACZ,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAehE"}
|
|
@@ -77,6 +77,13 @@ async function bindSession(kernelUrl, config, grant, nextHopDelegation) {
|
|
|
77
77
|
subject: config.subject,
|
|
78
78
|
audience: kernelUrl,
|
|
79
79
|
privateKey: config.privateKey,
|
|
80
|
+
// Long-running handlers (a managed INSTALL saga easily runs minutes on a
|
|
81
|
+
// cold box) make kernel callbacks throughout — the default 60s wall left
|
|
82
|
+
// them unable to even write their own failure records (observed live:
|
|
83
|
+
// install wedged at 'installing' forever). The session credential is
|
|
84
|
+
// per-request and aud-bound; delegated AUTHORITY still expires with the
|
|
85
|
+
// inner delegation's own exp.
|
|
86
|
+
ttl: '30m',
|
|
80
87
|
});
|
|
81
88
|
// Self-reference in the mint closure is lazy — it only fires on a delegation
|
|
82
89
|
// cache miss while following a redirect, long after construction.
|
|
@@ -115,10 +122,14 @@ async function bindSession(kernelUrl, config, grant, nextHopDelegation) {
|
|
|
115
122
|
*/
|
|
116
123
|
export function makeSelfKernel(identity, deps) {
|
|
117
124
|
return async (kernelUrl) => {
|
|
118
|
-
const
|
|
125
|
+
const env = deps;
|
|
126
|
+
// Prefer the INSTANCE kernel (the graph this domain is installed on);
|
|
127
|
+
// KERNEL_URL on managed services is the HOST kernel (the box) — wrong
|
|
128
|
+
// graph for domain writes, kept only as a last-resort fallback.
|
|
129
|
+
const url = kernelUrl ?? env?.INSTANCE_KERNEL_URL ?? env?.KERNEL_URL;
|
|
119
130
|
if (typeof url !== 'string' || url.length === 0) {
|
|
120
|
-
throw new Error('selfKernel: no kernel URL — pass one explicitly or set
|
|
121
|
-
'(managed deploys set it automatically).');
|
|
131
|
+
throw new Error('selfKernel: no kernel URL — pass one explicitly or set INSTANCE_KERNEL_URL in the ' +
|
|
132
|
+
'worker env (managed deploys set it automatically).');
|
|
122
133
|
}
|
|
123
134
|
return bindSelfKernel(url, identity);
|
|
124
135
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kernel-client.js","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,EAAE,YAAY,EAAE,cAAc,EAAc,MAAM,2BAA2B,CAAA;AACpF,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAC3D,OAAO,EAAE,aAAa,EAA+B,MAAM,mCAAmC,CAAA;AAI9F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAA;AAEvC,MAAM,sBAAsB,GAAG,IAAI,CAAA;AAEnC,6EAA6E;AAC7E,4EAA4E;AAC5E,wEAAwE;AACxE,MAAM,WAAW,GAAG,+CAA+C,CAAA;AAEnE,+EAA+E;AAC/E,2EAA2E;AAC3E,uEAAuE;AACvE,MAAM,KAAK,GAAG,IAAI,GAAG,EAA6B,CAAA;AAClD,MAAM,UAAU,GAAG,IAAI,GAAG,EAA0B,CAAA;AAEpD,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAA;QAC/B,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAQ;QACjC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,YAAY,CAAQ,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;KAC5E,CAAC,CAAA;IACF,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IACpB,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAAsB,EACtB,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,CAC/E,iBAAiB,CAAC,UAAU,CAAC,CAC9B,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,CAAA;AACtF,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAA4B,EAC5B,KAAc,EACd,iBAA+C;IAE/C,MAAM,UAAU,GAAG,MAAM,cAAc,CACrC,EAAE,KAAK,EAAE,EACT;QACE,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,MAAM,CAAC,UAAU;
|
|
1
|
+
{"version":3,"file":"kernel-client.js","sourceRoot":"","sources":["../../src/auth/kernel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,EAAE,YAAY,EAAE,cAAc,EAAc,MAAM,2BAA2B,CAAA;AACpF,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAC3D,OAAO,EAAE,aAAa,EAA+B,MAAM,mCAAmC,CAAA;AAI9F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAA;AAEvC,MAAM,sBAAsB,GAAG,IAAI,CAAA;AAEnC,6EAA6E;AAC7E,4EAA4E;AAC5E,wEAAwE;AACxE,MAAM,WAAW,GAAG,+CAA+C,CAAA;AAEnE,+EAA+E;AAC/E,2EAA2E;AAC3E,uEAAuE;AACvE,MAAM,KAAK,GAAG,IAAI,GAAG,EAA6B,CAAA;AAClD,MAAM,UAAU,GAAG,IAAI,GAAG,EAA0B,CAAA;AAEpD,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAA;QAC/B,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAQ;QACjC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,YAAY,CAAQ,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;KAC5E,CAAC,CAAA;IACF,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IACpB,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAAsB,EACtB,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,CAC/E,iBAAiB,CAAC,UAAU,CAAC,CAC9B,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAiB,EACjB,MAA4B;IAE5B,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,CAAA;AACtF,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAA4B,EAC5B,KAAc,EACd,iBAA+C;IAE/C,MAAM,UAAU,GAAG,MAAM,cAAc,CACrC,EAAE,KAAK,EAAE,EACT;QACE,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,yEAAyE;QACzE,yEAAyE;QACzE,sEAAsE;QACtE,qEAAqE;QACrE,wEAAwE;QACxE,8BAA8B;QAC9B,GAAG,EAAE,KAAK;KACX,CACF,CAAA;IAED,6EAA6E;IAC7E,kEAAkE;IAClE,MAAM,OAAO,GAAyB,IAAI,aAAa,CAAQ;QAC7D,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC;QAC9B,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC;QACxB,UAAU,EAAE;YACV,yEAAyE;YACzE,yEAAyE;YACzE,qEAAqE;YACrE,yEAAyE;YACzE,qEAAqE;YACrE,8DAA8D;YAC9D,iEAAiE;YACjE,sEAAsE;YACtE,UAAU;YACV,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;gBACvB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;gBAC1E,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CACjC,IAAI,MAAM,4BAA4B,EACtC,EAAE,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,EAAE,GAAG,EAAE,sBAAsB,EAAE,EAC1E,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CACrC,CAAA;gBACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACjC,MAAM,IAAI,KAAK,CACb,qCAAqC,OAAO,QAAQ,gCAAgC,CACrF,CAAA;gBACH,CAAC;gBACD,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,EAAE,sBAAsB,EAAE,CAAA;YAC9D,CAAC;YACD,GAAG,EAAE,sBAAsB;SAC5B;KACF,CAAC,CAAA;IACF,OAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,CAAA;AAC/B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,QAA8B,EAC9B,IAAa;IAEb,OAAO,KAAK,EAAE,SAAkB,EAAE,EAAE;QAClC,MAAM,GAAG,GAAG,IAAkF,CAAA;QAC9F,sEAAsE;QACtE,sEAAsE;QACtE,gEAAgE;QAChE,MAAM,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,mBAAmB,IAAI,GAAG,EAAE,UAAU,CAAA;QACpE,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CACb,oFAAoF;gBAClF,oDAAoD,CACvD,CAAA;QACH,CAAC;QACD,OAAO,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IACtC,CAAC,CAAA;AACH,CAAC;AAED,6EAA6E;AAC7E,6EAA6E;AAC7E,4DAA4D;AAC5D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAA;AAEzC;;;GAGG;AACH,KAAK,UAAU,aAAa,CAC1B,OAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,MAA4B;IAE5B,MAAM,GAAG,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAA;IAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IACzB,MAAM,EAAE,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAE7E,CAAA;IACR,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,wCAAwC,MAAM,CAAC,OAAO,+CAA+C,CACtG,CAAA;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;IACvB,OAAO,EAAE,CAAC,EAAE,CAAA;AACd,CAAC"}
|
package/dist/define/view.d.ts
CHANGED
|
@@ -18,6 +18,8 @@
|
|
|
18
18
|
* lives at an external host.
|
|
19
19
|
*/
|
|
20
20
|
import type { AuthPolicy, FunctionBinding } from '@astrale-os/kernel-api/routed';
|
|
21
|
+
import type { FnMap } from '@astrale-os/kernel-client';
|
|
22
|
+
import type { BoundClientSessionView } from '@astrale-os/kernel-client/session';
|
|
21
23
|
import type { AuthContext } from '@astrale-os/kernel-core';
|
|
22
24
|
import type { EdgeEndpoint } from '@astrale-os/kernel-dsl';
|
|
23
25
|
import type { Context } from 'hono';
|
|
@@ -34,6 +36,14 @@ export type ViewRenderContext<TDeps = unknown> = {
|
|
|
34
36
|
auth: AuthContext | null;
|
|
35
37
|
/** Typed dependency container injected at server startup. */
|
|
36
38
|
deps: TDeps;
|
|
39
|
+
/**
|
|
40
|
+
* Kernel session authenticated as THE VIEW'S OWN identity (its grants
|
|
41
|
+
* only) — the seam for a server-rendered view that reads the graph (e.g.
|
|
42
|
+
* a public list page). Grant the view's function identity narrow READ on
|
|
43
|
+
* what it renders (in a seed), never root. Dials the INSTANCE kernel
|
|
44
|
+
* (`deps.INSTANCE_KERNEL_URL`, set by managed deploys) unless overridden.
|
|
45
|
+
*/
|
|
46
|
+
selfKernel: (kernelUrl?: string) => Promise<BoundClientSessionView<FnMap>>;
|
|
37
47
|
};
|
|
38
48
|
export type ViewDef<TDeps = unknown> = {
|
|
39
49
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"view.d.ts","sourceRoot":"","sources":["../../src/define/view.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAChF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAC1D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAEnC,MAAM,MAAM,iBAAiB,CAAC,KAAK,GAAG,OAAO,IAAI;IAC/C,+DAA+D;IAC/D,CAAC,EAAE,OAAO,CAAA;IACV;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC9B,qEAAqE;IACrE,IAAI,EAAE,WAAW,GAAG,IAAI,CAAA;IACxB,6DAA6D;IAC7D,IAAI,EAAE,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"view.d.ts","sourceRoot":"","sources":["../../src/define/view.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAChF,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAA;AAC/E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAC1D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAEnC,MAAM,MAAM,iBAAiB,CAAC,KAAK,GAAG,OAAO,IAAI;IAC/C,+DAA+D;IAC/D,CAAC,EAAE,OAAO,CAAA;IACV;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC9B,qEAAqE;IACrE,IAAI,EAAE,WAAW,GAAG,IAAI,CAAA;IACxB,6DAA6D;IAC7D,IAAI,EAAE,KAAK,CAAA;IACX;;;;;;OAMG;IACH,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAAA;CAC3E,CAAA;AAED,MAAM,MAAM,OAAO,CAAC,KAAK,GAAG,OAAO,IAAI;IACrC;;;;;;;;OAQG;IACH,OAAO,CAAC,EAAE,eAAe,CAAA;IACzB;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,uDAAuD;IACvD,IAAI,CAAC,EAAE,UAAU,CAAA;IACjB;;;OAGG;IACH,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,iBAAiB,CAAC,KAAK,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE;;;;OAIG;IACH,MAAM,CAAC,EAAE,CAAC,GAAG,EAAE,iBAAiB,CAAC,KAAK,CAAC,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IACxE;;;;;OAKG;IACH,OAAO,CAAC,EAAE,YAAY,GAAG,YAAY,EAAE,CAAA;IACvC,2CAA2C;IAC3C,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,KAAK,GAAG,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAE/E"}
|
package/dist/define/view.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"view.js","sourceRoot":"","sources":["../../src/define/view.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;
|
|
1
|
+
{"version":3,"file":"view.js","sourceRoot":"","sources":["../../src/define/view.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AA2EH;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAkB,GAAmB;IAC7D,OAAO,GAAG,CAAA;AACZ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auxiliary-routes.d.ts","sourceRoot":"","sources":["../../src/server/auxiliary-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAW,IAAI,EAAE,MAAM,MAAM,CAAA;AAQzC,OAAO,EAKL,KAAK,eAAe,EAErB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAA;AAG7E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AACrE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAS1D,MAAM,MAAM,qBAAqB,CAAC,KAAK,IAAI;IACzC,GAAG,EAAE,IAAI,CAAA;IACT,gFAAgF;IAChF,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAC9C,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACtD,sBAAsB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACxD,IAAI,EAAE,KAAK,CAAA;IACX;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAA;IAC1B;;;;;OAKG;IACH,IAAI,EAAE,UAAU,CAAA;CACjB,CAAA;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,qBAAqB,CAAC,KAAK,CAAC,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"auxiliary-routes.d.ts","sourceRoot":"","sources":["../../src/server/auxiliary-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAW,IAAI,EAAE,MAAM,MAAM,CAAA;AAQzC,OAAO,EAKL,KAAK,eAAe,EAErB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAA;AAG7E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AACrE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAS1D,MAAM,MAAM,qBAAqB,CAAC,KAAK,IAAI;IACzC,GAAG,EAAE,IAAI,CAAA;IACT,gFAAgF;IAChF,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAC9C,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACtD,sBAAsB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACxD,IAAI,EAAE,KAAK,CAAA;IACX;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAA;IAC1B;;;;;OAKG;IACH,IAAI,EAAE,UAAU,CAAA;CACjB,CAAA;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,qBAAqB,CAAC,KAAK,CAAC,GAAG,IAAI,CAiFtF"}
|
|
@@ -41,11 +41,16 @@ export function mountAuxiliaryRoutes(config) {
|
|
|
41
41
|
// Views are transport-only (iframe HTML/redirect) — the kernel client
|
|
42
42
|
// built by `resolveInboundAuth` is intentionally NOT forwarded. Code
|
|
43
43
|
// inside the loaded iframe talks back to the kernel via the shell
|
|
44
|
-
// (WebSocket), not via this worker route.
|
|
44
|
+
// (WebSocket), not via this worker route. SERVER-rendered views that
|
|
45
|
+
// read the graph use `selfKernel` instead: the view's OWN identity,
|
|
46
|
+
// narrow grants (the cold-agent gate run had to deep-import SDK
|
|
47
|
+
// internals for exactly this — now it's the supported seam).
|
|
45
48
|
run: async ({ c, params, auth }) => {
|
|
49
|
+
const selfKernel = makeSelfKernel(identity, deps);
|
|
50
|
+
const ctx = { c, params, auth, deps, selfKernel };
|
|
46
51
|
if (def.authorize)
|
|
47
|
-
await runAuthorize(def.authorize,
|
|
48
|
-
return def.render(
|
|
52
|
+
await runAuthorize(def.authorize, ctx);
|
|
53
|
+
return def.render(ctx);
|
|
49
54
|
},
|
|
50
55
|
});
|
|
51
56
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auxiliary-routes.js","sourceRoot":"","sources":["../../src/server/auxiliary-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,EACL,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,GAEtB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,aAAa,EACb,SAAS,EACT,kBAAkB,EAClB,gBAAgB,GAGjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAA;AAQ7E,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AACxD,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACjF,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AA0BrE,MAAM,UAAU,oBAAoB,CAAQ,MAAoC;IAC9E,MAAM,EACJ,GAAG,EACH,GAAG,EACH,KAAK,EACL,YAAY,EACZ,eAAe,EACf,sBAAsB,EACtB,IAAI,EACJ,UAAU,EACV,IAAI,GACL,GAAG,MAAM,CAAA;IAEV,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,CAAA;IACpD,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IAE1C,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;YAClC,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM;gBAAE,SAAQ;YACrC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAA;YACzE,UAAU,CAAC;gBACT,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,aAAa,EAAE,KAAK;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,WAAW;gBACX,sEAAsE;gBACtE,qEAAqE;gBACrE,kEAAkE;gBAClE,
|
|
1
|
+
{"version":3,"file":"auxiliary-routes.js","sourceRoot":"","sources":["../../src/server/auxiliary-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,EACL,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,GAEtB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,aAAa,EACb,SAAS,EACT,kBAAkB,EAClB,gBAAgB,GAGjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAA;AAQ7E,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AACxD,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACjF,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AA0BrE,MAAM,UAAU,oBAAoB,CAAQ,MAAoC;IAC9E,MAAM,EACJ,GAAG,EACH,GAAG,EACH,KAAK,EACL,YAAY,EACZ,eAAe,EACf,sBAAsB,EACtB,IAAI,EACJ,UAAU,EACV,IAAI,GACL,GAAG,MAAM,CAAA;IAEV,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,CAAA;IACpD,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IAE1C,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;YAClC,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM;gBAAE,SAAQ;YACrC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAA;YACzE,UAAU,CAAC;gBACT,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,aAAa,EAAE,KAAK;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,WAAW;gBACX,sEAAsE;gBACtE,qEAAqE;gBACrE,kEAAkE;gBAClE,qEAAqE;gBACrE,oEAAoE;gBACpE,gEAAgE;gBAChE,6DAA6D;gBAC7D,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;oBACjC,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;oBACjD,MAAM,GAAG,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;oBACjD,IAAI,GAAG,CAAC,SAAS;wBAAE,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;oBACzD,OAAO,GAAG,CAAC,MAAO,CAAC,GAAG,CAAC,CAAA;gBACzB,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,IAAI,eAAe,IAAI,sBAAsB,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAA;YAC5C,IAAI,CAAC,OAAO;gBAAE,SAAQ;YACtB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,iBAAiB,EAAE,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAA;YAC9F,UAAU,CAAC;gBACT,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,WAAW;gBACX,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE;oBAC7C,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;oBACjD,MAAM,OAAO,GAAY,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;oBAC7D,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;oBAC3D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;wBACnB,MAAM,IAAI,kBAAkB,CAAC,UAAU,CAAC,MAAsC,CAAC,CAAA;oBACjF,CAAC;oBACD,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,CAAA;oBACtF,IAAI,GAAG,CAAC,SAAS;wBAAE,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;oBACzD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACrC,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;oBAC9D,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;wBACtB,MAAM,IAAI,wBAAwB,CAChC,aAAa,CAAC,MAA4C,EAC1D,GAAG,CAAC,GAAG,CACR,CAAA;oBACH,CAAC;oBACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,IAAI,EAAE,CAAC,CAAA;gBAC/C,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,IAAgC,EAChC,IAAY,EACZ,QAA0C;IAE1C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAC7B,MAAM,IAAI,KAAK,CACb,oDAAoD,IAAI,KAAK,IAAI,KAAK;QACpE,6CAA6C,IAAI,4BAA4B,CAChF,CAAA;AACH,CAAC;AAqBD,MAAM,cAAc,GAAG,mBAAmB,CAAA;AAE1C,SAAS,UAAU,CAAC,IAAoB;IACtC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,IAAI,CAAA;IAE1F,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IACnC,IAAI,CAAC,SAAS;QAAE,OAAM;IAEtB,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAA;IAC1C,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC;QAAE,OAAM;IAEhF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,EAAE,MAAM,IAAI,aAAa,CAAA;IACzD,4EAA4E;IAC5E,2EAA2E;IAC3E,6EAA6E;IAC7E,6CAA6C;IAC7C,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,kDAAkD,UAAU,gBAAgB,QAAQ,KAAK;YACvF,kEAAkE,CACrE,CAAA;IACH,CAAC;IACD,0EAA0E;IAC1E,wEAAwE;IACxE,uDAAuD;IACvD,MAAM,WAAW,GACf,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACpF,MAAM,cAAc,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAA;IAExD,MAAM,OAAO,GAAG,KAAK,EAAE,CAAU,EAAqB,EAAE;QACtD,0EAA0E;QAC1E,2EAA2E;QAC3E,2EAA2E;QAC3E,yDAAyD;QACzD,kBAAkB,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAClC,IAAI,CAAC;YACH,IAAI,UAAU,GAA2B,EAAE,CAAA;YAC3C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAChE,IAAI,CAAC,KAAK;oBAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;gBAC/B,UAAU,GAAG,KAAK,CAAA;YACpB,CAAC;YAED,MAAM,UAAU,GAA2B,EAAE,CAAA;YAC7C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;gBAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC/B,IAAI,KAAK,KAAK,SAAS;oBAAE,UAAU,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAA;YACvE,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAC7D,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,EACtD,IAAI,EACJ,QAAQ,CACT,CAAA;YAED,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC;gBACzB,CAAC;gBACD,MAAM,EAAE,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE;gBACxC,IAAI,EAAE,YAAY;gBAClB,MAAM;gBACN,UAAU,EAAE,cAAc,CAAC,MAAM,CAAC;aACnC,CAAC,CAAA;YACF,OAAO,mBAAmB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;QACnD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,mBAAmB,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC,CAAA;IAED,IAAI,UAAU,KAAK,KAAK;QAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;SAC/C,IAAI,UAAU,KAAK,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IAE3D,8DAA8D;IAC9D,0EAA0E;IAC1E,oEAAoE;IACpE,sEAAsE;IACtE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE;QAC1B,kBAAkB,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAClC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAU,EAAE,OAA+B;IACrE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAkB,EAAE,OAA+B;IAC9E,IAAI,CAAC;QACH,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACtF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,4EAA4E;QAC5E,0EAA0E;QAC1E,0EAA0E;QAC1E,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QAC5C,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC5E,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,OAAO,EAAE,MAAM;SAChB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAA;AAC7D,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,OAAO,GAAuB,yBAAyB,CAAC,GAAG,CAAC;QAChE,CAAC,CAAC,GAAG,CAAC,oBAAoB,EAAE;QAC5B,CAAC,CAAC;YACE,IAAI,EAAE,kBAAkB,CAAC,cAAc;YACvC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SAC/D,CAAA;IACL,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,qBAAqB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;AAC3F,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,CAAS;IACpC,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAChB,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAChB,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACjD,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAA;IAC7C,OAAO,GAAG,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,CAAA;AACjC,CAAC;AAED,oEAAoE;AACpE,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC;SAClC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC;SAClC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;AAChD,CAAC"}
|
package/package.json
CHANGED
|
@@ -107,6 +107,13 @@ async function bindSession(
|
|
|
107
107
|
subject: config.subject,
|
|
108
108
|
audience: kernelUrl,
|
|
109
109
|
privateKey: config.privateKey,
|
|
110
|
+
// Long-running handlers (a managed INSTALL saga easily runs minutes on a
|
|
111
|
+
// cold box) make kernel callbacks throughout — the default 60s wall left
|
|
112
|
+
// them unable to even write their own failure records (observed live:
|
|
113
|
+
// install wedged at 'installing' forever). The session credential is
|
|
114
|
+
// per-request and aud-bound; delegated AUTHORITY still expires with the
|
|
115
|
+
// inner delegation's own exp.
|
|
116
|
+
ttl: '30m',
|
|
110
117
|
},
|
|
111
118
|
)
|
|
112
119
|
|
|
@@ -157,11 +164,15 @@ export function makeSelfKernel(
|
|
|
157
164
|
deps: unknown,
|
|
158
165
|
): (kernelUrl?: string) => Promise<BoundClientSessionView<FnMap>> {
|
|
159
166
|
return async (kernelUrl?: string) => {
|
|
160
|
-
const
|
|
167
|
+
const env = deps as { INSTANCE_KERNEL_URL?: unknown; KERNEL_URL?: unknown } | null | undefined
|
|
168
|
+
// Prefer the INSTANCE kernel (the graph this domain is installed on);
|
|
169
|
+
// KERNEL_URL on managed services is the HOST kernel (the box) — wrong
|
|
170
|
+
// graph for domain writes, kept only as a last-resort fallback.
|
|
171
|
+
const url = kernelUrl ?? env?.INSTANCE_KERNEL_URL ?? env?.KERNEL_URL
|
|
161
172
|
if (typeof url !== 'string' || url.length === 0) {
|
|
162
173
|
throw new Error(
|
|
163
|
-
'selfKernel: no kernel URL — pass one explicitly or set
|
|
164
|
-
'(managed deploys set it automatically).',
|
|
174
|
+
'selfKernel: no kernel URL — pass one explicitly or set INSTANCE_KERNEL_URL in the ' +
|
|
175
|
+
'worker env (managed deploys set it automatically).',
|
|
165
176
|
)
|
|
166
177
|
}
|
|
167
178
|
return bindSelfKernel(url, identity)
|
package/src/define/view.ts
CHANGED
|
@@ -19,6 +19,8 @@
|
|
|
19
19
|
*/
|
|
20
20
|
|
|
21
21
|
import type { AuthPolicy, FunctionBinding } from '@astrale-os/kernel-api/routed'
|
|
22
|
+
import type { FnMap } from '@astrale-os/kernel-client'
|
|
23
|
+
import type { BoundClientSessionView } from '@astrale-os/kernel-client/session'
|
|
22
24
|
import type { AuthContext } from '@astrale-os/kernel-core'
|
|
23
25
|
import type { EdgeEndpoint } from '@astrale-os/kernel-dsl'
|
|
24
26
|
import type { Context } from 'hono'
|
|
@@ -36,6 +38,14 @@ export type ViewRenderContext<TDeps = unknown> = {
|
|
|
36
38
|
auth: AuthContext | null
|
|
37
39
|
/** Typed dependency container injected at server startup. */
|
|
38
40
|
deps: TDeps
|
|
41
|
+
/**
|
|
42
|
+
* Kernel session authenticated as THE VIEW'S OWN identity (its grants
|
|
43
|
+
* only) — the seam for a server-rendered view that reads the graph (e.g.
|
|
44
|
+
* a public list page). Grant the view's function identity narrow READ on
|
|
45
|
+
* what it renders (in a seed), never root. Dials the INSTANCE kernel
|
|
46
|
+
* (`deps.INSTANCE_KERNEL_URL`, set by managed deploys) unless overridden.
|
|
47
|
+
*/
|
|
48
|
+
selfKernel: (kernelUrl?: string) => Promise<BoundClientSessionView<FnMap>>
|
|
39
49
|
}
|
|
40
50
|
|
|
41
51
|
export type ViewDef<TDeps = unknown> = {
|
|
@@ -102,10 +102,15 @@ export function mountAuxiliaryRoutes<TDeps>(config: AuxiliaryRoutesConfig<TDeps>
|
|
|
102
102
|
// Views are transport-only (iframe HTML/redirect) — the kernel client
|
|
103
103
|
// built by `resolveInboundAuth` is intentionally NOT forwarded. Code
|
|
104
104
|
// inside the loaded iframe talks back to the kernel via the shell
|
|
105
|
-
// (WebSocket), not via this worker route.
|
|
105
|
+
// (WebSocket), not via this worker route. SERVER-rendered views that
|
|
106
|
+
// read the graph use `selfKernel` instead: the view's OWN identity,
|
|
107
|
+
// narrow grants (the cold-agent gate run had to deep-import SDK
|
|
108
|
+
// internals for exactly this — now it's the supported seam).
|
|
106
109
|
run: async ({ c, params, auth }) => {
|
|
107
|
-
|
|
108
|
-
|
|
110
|
+
const selfKernel = makeSelfKernel(identity, deps)
|
|
111
|
+
const ctx = { c, params, auth, deps, selfKernel }
|
|
112
|
+
if (def.authorize) await runAuthorize(def.authorize, ctx)
|
|
113
|
+
return def.render!(ctx)
|
|
109
114
|
},
|
|
110
115
|
})
|
|
111
116
|
}
|