@authrim/setup 0.1.0

package/dist/core/deploy.js

@@ -0,0 +1,389 @@
+/**
+ * Authrim Deployment Module
+ *
+ * Handles the deployment order, parallel execution, and retry logic
+ * for Authrim Workers.
+ */
+import { execa } from 'execa';
+import { join } from 'node:path';
+import { existsSync } from 'node:fs';
+import { getWorkerName, getDeploymentOrder, CORE_WORKER_COMPONENTS, WORKER_COMPONENTS, } from './naming.js';
+// =============================================================================
+// Validation Helpers
+// =============================================================================
+/**
+ * Validate that a component is a valid WorkerComponent
+ * Prevents path traversal attacks by ensuring component is from allowed list
+ */
+function isValidComponent(component) {
+    return WORKER_COMPONENTS.includes(component);
+}
+/**
+ * Validate environment name to prevent injection
+ */
+function isValidEnv(env) {
+    return /^[a-z][a-z0-9-]*$/.test(env);
+}
+// =============================================================================
+// Deployment Order
+// =============================================================================
+/**
+ * Get deployment levels - components that can be deployed in parallel
+ */
+export function getDeploymentLevels(enabledComponents) {
+    // Convert array to Set for getDeploymentOrder
+    const componentSet = enabledComponents
+        ? new Set(enabledComponents)
+        : new Set(CORE_WORKER_COMPONENTS);
+    // getDeploymentOrder already returns components grouped by level
+    return getDeploymentOrder(componentSet);
+}
+// =============================================================================
+// Single Worker Deployment
+// =============================================================================
+/**
+ * Deploy a single worker with retry logic
+ */
+export async function deployWorker(component, options) {
+    const { env, rootDir, maxRetries = 3, retryDelayMs = 5000, onProgress } = options;
+    const startTime = Date.now();
+    // Security: Validate component to prevent path traversal
+    if (!isValidComponent(component)) {
+        return {
+            component,
+            workerName: '',
+            success: false,
+            error: 'Invalid component name',
+            duration: Date.now() - startTime,
+        };
+    }
+    // Security: Validate environment name
+    if (!isValidEnv(env)) {
+        return {
+            component,
+            workerName: '',
+            success: false,
+            error: 'Invalid environment name',
+            duration: Date.now() - startTime,
+        };
+    }
+    const workerName = getWorkerName(env, component);
+    const packageDir = join(rootDir, 'packages', component);
+    const wranglerConfig = options.configFile || `wrangler.${env}.toml`;
+    const wranglerConfigPath = join(packageDir, wranglerConfig);
+    // Check if package directory exists
+    if (!existsSync(packageDir)) {
+        return {
+            component,
+            workerName,
+            success: false,
+            error: 'Package directory not found', // Don't expose full path
+            duration: Date.now() - startTime,
+        };
+    }
+    // Check if wrangler config exists
+    if (!existsSync(wranglerConfigPath)) {
+        return {
+            component,
+            workerName,
+            success: false,
+            error: 'Wrangler config not found', // Don't expose full path
+            duration: Date.now() - startTime,
+        };
+    }
+    let lastError;
+    for (let attempt = 1; attempt <= maxRetries; attempt++) {
+        try {
+            onProgress?.(`[${attempt}/${maxRetries}] Deploying ${workerName}...`);
+            if (options.dryRun) {
+                onProgress?.(`  [DRY RUN] Would deploy ${component} with config ${wranglerConfig}`);
+                return {
+                    component,
+                    workerName,
+                    success: true,
+                    deployedAt: new Date().toISOString(),
+                    duration: Date.now() - startTime,
+                };
+            }
+            // Use deploy script if available for version management
+            const deployScript = join(rootDir, 'scripts', 'deploy-with-retry.sh');
+            let result;
+            if (existsSync(deployScript)) {
+                // Use deploy script (handles version management)
+                result = await execa(deployScript, [component, env], {
+                    cwd: rootDir,
+                    reject: true,
+                });
+            }
+            else {
+                // Fall back to direct wrangler deploy
+                result = await execa('wrangler', ['deploy', '--config', wranglerConfig], {
+                    cwd: packageDir,
+                    reject: true,
+                });
+            }
+            // Extract version from output if available
+            const versionMatch = result.stdout.match(/Deployed.*version[:\s]+([a-f0-9-]+)/i);
+            onProgress?.(`  ✓ ${workerName} deployed successfully`);
+            return {
+                component,
+                workerName,
+                success: true,
+                deployedAt: new Date().toISOString(),
+                version: versionMatch?.[1],
+                duration: Date.now() - startTime,
+            };
+        }
+        catch (error) {
+            lastError = error;
+            const execaError = error;
+            onProgress?.(`  ✗ Attempt ${attempt} failed: ${execaError.message || String(error)}`);
+            if (attempt < maxRetries) {
+                const delay = retryDelayMs * attempt; // Exponential backoff
+                onProgress?.(`  ⏳ Retrying in ${delay / 1000}s...`);
+                await new Promise((resolve) => setTimeout(resolve, delay));
+            }
+        }
+    }
+    return {
+        component,
+        workerName,
+        success: false,
+        error: lastError?.message || 'Unknown error',
+        duration: Date.now() - startTime,
+    };
+}
+// =============================================================================
+// Parallel Deployment
+// =============================================================================
+/**
+ * Deploy multiple workers in parallel
+ */
+export async function deployParallel(components, options) {
+    const { onProgress } = options;
+    if (components.length === 0) {
+        return [];
+    }
+    onProgress?.(`Deploying ${components.length} component(s) in parallel: ${components.join(', ')}`);
+    const results = await Promise.all(components.map((component) => deployWorker(component, options)));
+    return results;
+}
+// =============================================================================
+// Full Deployment
+// =============================================================================
+/**
+ * Deploy all workers in the correct order
+ */
+export async function deployAll(options, enabledComponents) {
+    const { onProgress, onError } = options;
+    const startedAt = new Date().toISOString();
+    const startTime = Date.now();
+    const levels = getDeploymentLevels(enabledComponents);
+    const allResults = [];
+    onProgress?.('Starting Authrim deployment...\n');
+    onProgress?.(`Environment: ${options.env}`);
+    onProgress?.(`Root directory: ${options.rootDir}`);
+    onProgress?.(`Deployment levels: ${levels.length}\n`);
+    for (let levelIndex = 0; levelIndex < levels.length; levelIndex++) {
+        const level = levels[levelIndex];
+        onProgress?.(`\n━━━ Level ${levelIndex} ━━━`);
+        // Level 0 and 4 are sequential (single component)
+        // Levels 1-3 can be parallel
+        const isParallel = level.length > 1;
+        if (isParallel) {
+            const results = await deployParallel(level, options);
+            allResults.push(...results);
+            // Check for failures
+            const failures = results.filter((r) => !r.success);
+            if (failures.length > 0) {
+                for (const failure of failures) {
+                    onError?.(failure.component, new Error(failure.error));
+                }
+            }
+        }
+        else {
+            for (const component of level) {
+                const result = await deployWorker(component, options);
+                allResults.push(result);
+                if (!result.success) {
+                    onError?.(component, new Error(result.error));
+                    // Stop deployment if critical component fails
+                    if (['ar-lib-core', 'ar-discovery'].includes(component)) {
+                        onProgress?.(`\n⚠️  Critical component ${component} failed. Stopping deployment.`);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    const completedAt = new Date().toISOString();
+    const successCount = allResults.filter((r) => r.success).length;
+    const failedCount = allResults.filter((r) => !r.success).length;
+    const summary = {
+        totalComponents: allResults.length,
+        successCount,
+        failedCount,
+        results: allResults,
+        startedAt,
+        completedAt,
+        duration: Date.now() - startTime,
+    };
+    // Print summary
+    onProgress?.('\n━━━ Deployment Summary ━━━');
+    onProgress?.(`Total: ${summary.totalComponents}`);
+    onProgress?.(`Success: ${successCount}`);
+    onProgress?.(`Failed: ${failedCount}`);
+    onProgress?.(`Duration: ${(summary.duration / 1000).toFixed(1)}s`);
+    if (failedCount > 0) {
+        onProgress?.('\nFailed components:');
+        for (const result of allResults.filter((r) => !r.success)) {
+            onProgress?.(`  • ${result.component}: ${result.error}`);
+        }
+    }
+    return summary;
+}
+// =============================================================================
+// Lock File Update
+// =============================================================================
+/**
+ * Update lock file with deployment results
+ */
+export function updateLockWithDeployments(lock, results) {
+    const workers = { ...lock.workers };
+    for (const result of results) {
+        if (result.success && result.deployedAt) {
+            workers[result.component] = {
+                name: result.workerName,
+                deployedAt: result.deployedAt,
+                version: result.version,
+            };
+        }
+    }
+    return {
+        ...lock,
+        workers,
+        updatedAt: new Date().toISOString(),
+    };
+}
+// =============================================================================
+// Secrets Upload
+// =============================================================================
+/**
+ * Upload secrets to all workers that need them
+ */
+export async function uploadSecrets(secrets, options, workers) {
+    const { env, rootDir, onProgress, dryRun } = options;
+    const errors = [];
+    // Workers that need secrets
+    const targetWorkers = workers || [
+        'ar-auth',
+        'ar-token',
+        'ar-userinfo',
+        'ar-management',
+        'ar-lib-core',
+    ];
+    const wranglerConfig = options.configFile || `wrangler.${env}.toml`;
+    for (const component of targetWorkers) {
+        const workerName = getWorkerName(env, component);
+        const packageDir = join(rootDir, 'packages', component);
+        if (!existsSync(packageDir)) {
+            continue;
+        }
+        for (const [secretName, secretValue] of Object.entries(secrets)) {
+            try {
+                onProgress?.(`Uploading ${secretName} to ${workerName}...`);
+                if (dryRun) {
+                    onProgress?.(`  [DRY RUN] Would upload ${secretName}`);
+                    continue;
+                }
+                await execa('wrangler', ['secret', 'put', secretName, '--config', wranglerConfig], {
+                    cwd: packageDir,
+                    input: secretValue,
+                });
+                onProgress?.(`  ✓ ${secretName} uploaded`);
+            }
+            catch (error) {
+                const errorMsg = `Failed to upload ${secretName} to ${workerName}: ${error}`;
+                errors.push(errorMsg);
+                onProgress?.(`  ✗ ${errorMsg}`);
+            }
+        }
+    }
+    return {
+        success: errors.length === 0,
+        errors,
+    };
+}
+/**
+ * Deploy UI to Cloudflare Pages
+ */
+export async function deployPages(options) {
+    const { env, rootDir, projectName, onProgress, dryRun } = options;
+    // Security: Validate environment name
+    if (!isValidEnv(env)) {
+        return {
+            component: 'ar-ui',
+            projectName: projectName || `${env}-ar-ui`,
+            success: false,
+            error: 'Invalid environment name',
+            duration: 0,
+        };
+    }
+    const uiDir = join(rootDir, 'packages', 'ar-ui');
+    const distDir = join(uiDir, 'dist');
+    const startTime = Date.now();
+    if (!existsSync(uiDir)) {
+        return {
+            component: 'ar-ui',
+            projectName: projectName || `${env}-ar-ui`,
+            success: false,
+            error: 'ar-ui package not found',
+            duration: Date.now() - startTime,
+        };
+    }
+    try {
+        // Build the UI first
+        onProgress?.('Building ar-ui...');
+        if (!dryRun) {
+            await execa('pnpm', ['run', 'build'], {
+                cwd: uiDir,
+            });
+        }
+        onProgress?.('Deploying to Cloudflare Pages...');
+        if (dryRun) {
+            onProgress?.('[DRY RUN] Would deploy ar-ui to Pages');
+            return {
+                component: 'ar-ui',
+                projectName: projectName || `${env}-ar-ui`,
+                success: true,
+                deployedAt: new Date().toISOString(),
+                duration: Date.now() - startTime,
+            };
+        }
+        const pagesProjectName = projectName || `${env}-ar-ui`;
+        await execa('wrangler', ['pages', 'deploy', distDir, '--project-name', pagesProjectName], {
+            cwd: uiDir,
+        });
+        onProgress?.(`✓ ar-ui deployed to Pages: ${pagesProjectName}`);
+        return {
+            component: 'ar-ui',
+            projectName: pagesProjectName,
+            success: true,
+            deployedAt: new Date().toISOString(),
+            duration: Date.now() - startTime,
+        };
+    }
+    catch (error) {
+        // Sanitize error message to prevent path exposure
+        const errorMsg = error instanceof Error ? error.message : String(error);
+        const sanitizedError = errorMsg.replace(/\/[^\s:]+/g, '[path]').replace(/\\[^\s:]+/g, '[path]');
+        return {
+            component: 'ar-ui',
+            projectName: projectName || `${env}-ar-ui`,
+            success: false,
+            error: sanitizedError,
+            duration: Date.now() - startTime,
+        };
+    }
+}
+//# sourceMappingURL=deploy.js.map

package/dist/core/deploy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../src/core/deploy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,KAAK,EAAmB,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EACL,aAAa,EACb,kBAAkB,EAElB,sBAAsB,EACtB,iBAAiB,GAElB,MAAM,aAAa,CAAC;AAGrB,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF;;;GAGG;AACH,SAAS,gBAAgB,CAAC,SAAiB;IACzC,OAAO,iBAAiB,CAAC,QAAQ,CAAC,SAA4B,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC;AAqCD,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,iBAAqC;IACvE,8CAA8C;IAC9C,MAAM,YAAY,GAAG,iBAAiB;QACpC,CAAC,CAAC,IAAI,GAAG,CAAkB,iBAAiB,CAAC;QAC7C,CAAC,CAAC,IAAI,GAAG,CAAkB,sBAAsB,CAAC,CAAC;IAErD,iEAAiE;IACjE,OAAO,kBAAkB,CAAC,YAAY,CAAC,CAAC;AAC1C,CAAC;AAED,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,SAA0B,EAC1B,OAAsB;IAEtB,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,GAAG,CAAC,EAAE,YAAY,GAAG,IAAI,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAClF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,yDAAyD;IACzD,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,SAAS;YACT,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,wBAAwB;YAC/B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO;YACL,SAAS;YACT,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,0BAA0B;YACjC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,IAAI,YAAY,GAAG,OAAO,CAAC;IACpE,MAAM,kBAAkB,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAE5D,oCAAoC;IACpC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,SAAS;YACT,UAAU;YACV,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,6BAA6B,EAAE,yBAAyB;YAC/D,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACpC,OAAO;YACL,SAAS;YACT,UAAU;YACV,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,2BAA2B,EAAE,yBAAyB;YAC7D,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,SAA4B,CAAC;IAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,UAAU,EAAE,CAAC,IAAI,OAAO,IAAI,UAAU,eAAe,UAAU,KAAK,CAAC,CAAC;YAEtE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,UAAU,EAAE,CAAC,4BAA4B,SAAS,gBAAgB,cAAc,EAAE,CAAC,CAAC;gBACpF,OAAO;oBACL,SAAS;oBACT,UAAU;oBACV,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACpC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACjC,CAAC;YACJ,CAAC;YAED,wDAAwD;YACxD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,sBAAsB,CAAC,CAAC;YACtE,IAAI,MAA0C,CAAC;YAE/C,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC7B,iDAAiD;gBACjD,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE;oBACnD,GAAG,EAAE,OAAO;oBACZ,MAAM,EAAE,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,sCAAsC;gBACtC,MAAM,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE;oBACvE,GAAG,EAAE,UAAU;oBACf,MAAM,EAAE,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YAED,2CAA2C;YAC3C,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAEjF,UAAU,EAAE,CAAC,OAAO,UAAU,wBAAwB,CAAC,CAAC;YAExD,OAAO;gBACL,SAAS;gBACT,UAAU;gBACV,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;gBAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACjC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAc,CAAC;YAC3B,MAAM,UAAU,GAAG,KAAmB,CAAC;YAEvC,UAAU,EAAE,CAAC,eAAe,OAAO,YAAY,UAAU,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAEtF,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;gBACzB,MAAM,KAAK,GAAG,YAAY,GAAG,OAAO,CAAC,CAAC,sBAAsB;gBAC5D,UAAU,EAAE,CAAC,mBAAmB,KAAK,GAAG,IAAI,MAAM,CAAC,CAAC;gBACpD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS;QACT,UAAU;QACV,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,SAAS,EAAE,OAAO,IAAI,eAAe;QAC5C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;KACjC,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAA6B,EAC7B,OAAsB;IAEtB,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAE/B,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,UAAU,EAAE,CAAC,aAAa,UAAU,CAAC,MAAM,8BAA8B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAElG,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAChE,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,OAAsB,EACtB,iBAAqC;IAErC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,MAAM,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;IACtD,MAAM,UAAU,GAAmB,EAAE,CAAC;IAEtC,UAAU,EAAE,CAAC,kCAAkC,CAAC,CAAC;IACjD,UAAU,EAAE,CAAC,gBAAgB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5C,UAAU,EAAE,CAAC,mBAAmB,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACnD,UAAU,EAAE,CAAC,sBAAsB,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;IAEtD,KAAK,IAAI,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;QACjC,UAAU,EAAE,CAAC,eAAe,UAAU,MAAM,CAAC,CAAC;QAE9C,kDAAkD;QAClD,6BAA6B;QAC7B,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QAEpC,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACrD,UAAU,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;YAE5B,qBAAqB;YACrB,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,SAAS,IAAI,KAAK,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACtD,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAExB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,OAAO,EAAE,CAAC,SAAS,EAAE,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;oBAE9C,8CAA8C;oBAC9C,IAAI,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;wBACxD,UAAU,EAAE,CAAC,4BAA4B,SAAS,+BAA+B,CAAC,CAAC;wBACnF,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAChE,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAEhE,MAAM,OAAO,GAAsB;QACjC,eAAe,EAAE,UAAU,CAAC,MAAM;QAClC,YAAY;QACZ,WAAW;QACX,OAAO,EAAE,UAAU;QACnB,SAAS;QACT,WAAW;QACX,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;KACjC,CAAC;IAEF,gBAAgB;IAChB,UAAU,EAAE,CAAC,8BAA8B,CAAC,CAAC;IAC7C,UAAU,EAAE,CAAC,UAAU,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IAClD,UAAU,EAAE,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IACzC,UAAU,EAAE,CAAC,WAAW,WAAW,EAAE,CAAC,CAAC;IACvC,UAAU,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,UAAU,EAAE,CAAC,sBAAsB,CAAC,CAAC;QACrC,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,UAAU,EAAE,CAAC,OAAO,MAAM,CAAC,SAAS,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAAiB,EAAE,OAAuB;IAClF,MAAM,OAAO,GAAgC,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAEjE,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACxC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG;gBAC1B,IAAI,EAAE,MAAM,CAAC,UAAU;gBACvB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,GAAG,IAAI;QACP,OAAO;QACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAA+B,EAC/B,OAAsB,EACtB,OAA2B;IAE3B,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACrD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,4BAA4B;IAC5B,MAAM,aAAa,GAAG,OAAO,IAAI;QAC/B,SAAS;QACT,UAAU;QACV,aAAa;QACb,eAAe;QACf,aAAa;KACd,CAAC;IAEF,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,IAAI,YAAY,GAAG,OAAO,CAAC;IAEpE,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;QAExD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC;gBACH,UAAU,EAAE,CAAC,aAAa,UAAU,OAAO,UAAU,KAAK,CAAC,CAAC;gBAE5D,IAAI,MAAM,EAAE,CAAC;oBACX,UAAU,EAAE,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;oBACvD,SAAS;gBACX,CAAC;gBAED,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE;oBACjF,GAAG,EAAE,UAAU;oBACf,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;gBAEH,UAAU,EAAE,CAAC,OAAO,UAAU,WAAW,CAAC,CAAC;YAC7C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG,oBAAoB,UAAU,OAAO,UAAU,KAAK,KAAK,EAAE,CAAC;gBAC7E,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACtB,UAAU,EAAE,CAAC,OAAO,QAAQ,EAAE,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC5B,MAAM;KACP,CAAC;AACJ,CAAC;AAmBD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAiD;IAEjD,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAElE,sCAAsC;IACtC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,WAAW,IAAI,GAAG,GAAG,QAAQ;YAC1C,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,0BAA0B;YACjC,QAAQ,EAAE,CAAC;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,WAAW,IAAI,GAAG,GAAG,QAAQ;YAC1C,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,yBAAyB;YAChC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,qBAAqB;QACrB,UAAU,EAAE,CAAC,mBAAmB,CAAC,CAAC;QAElC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE;gBACpC,GAAG,EAAE,KAAK;aACX,CAAC,CAAC;QACL,CAAC;QAED,UAAU,EAAE,CAAC,kCAAkC,CAAC,CAAC;QAEjD,IAAI,MAAM,EAAE,CAAC;YACX,UAAU,EAAE,CAAC,uCAAuC,CAAC,CAAC;YACtD,OAAO;gBACL,SAAS,EAAE,OAAO;gBAClB,WAAW,EAAE,WAAW,IAAI,GAAG,GAAG,QAAQ;gBAC1C,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACjC,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,IAAI,GAAG,GAAG,QAAQ,CAAC;QAEvD,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,EAAE;YACxF,GAAG,EAAE,KAAK;SACX,CAAC,CAAC;QAEH,UAAU,EAAE,CAAC,8BAA8B,gBAAgB,EAAE,CAAC,CAAC;QAE/D,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,gBAAgB;YAC7B,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,kDAAkD;QAClD,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACxE,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QAChG,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,WAAW,IAAI,GAAG,GAAG,QAAQ;YAC1C,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,cAAc;YACrB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/core/keys.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Authrim Key Generation Module
+ *
+ * Generates RSA key pairs for JWT signing and other cryptographic secrets.
+ * Based on the existing setup-keys.sh script functionality.
+ */
+/**
+ * JSON Web Key structure (subset of W3C spec for RSA keys)
+ */
+export interface JWK {
+    kty: string;
+    n?: string;
+    e?: string;
+    d?: string;
+    p?: string;
+    q?: string;
+    dp?: string;
+    dq?: string;
+    qi?: string;
+    kid?: string;
+    use?: string;
+    alg?: string;
+    [key: string]: unknown;
+}
+export interface KeyPair {
+    /** Private key in PEM format */
+    privateKeyPem: string;
+    /** Public key in JWK format */
+    publicKeyJwk: JWK;
+    /** Key ID (kid) */
+    keyId: string;
+    /** Creation timestamp */
+    createdAt: string;
+}
+export interface KeyMetadata {
+    kid: string;
+    algorithm: string;
+    keySize: number;
+    createdAt: string;
+    files: {
+        privateKey: string;
+        publicKey: string;
+        rpTokenEncryptionKey?: string;
+    };
+}
+export interface GeneratedSecrets {
+    /** RSA key pair for JWT signing */
+    keyPair: KeyPair;
+    /** RP Token encryption key (hex encoded) */
+    rpTokenEncryptionKey: string;
+    /** Admin API secret */
+    adminApiSecret: string;
+    /** Key Manager secret */
+    keyManagerSecret: string;
+    /** Setup token for initial admin creation */
+    setupToken?: string;
+}
+/**
+ * Generate a unique key ID (kid)
+ *
+ * Format: {prefix}-key-{timestamp}-{random}
+ */
+export declare function generateKeyId(prefix?: string): string;
+/**
+ * Generate an RSA key pair for JWT signing
+ *
+ * @param keyId - Custom key ID or auto-generated
+ * @param keySize - RSA key size in bits (default: 2048)
+ */
+export declare function generateRsaKeyPair(keyId?: string, keySize?: number): KeyPair;
+/**
+ * Generate a random hex-encoded secret
+ *
+ * @param bytes - Number of random bytes (default: 32 = 256 bits)
+ */
+export declare function generateHexSecret(bytes?: number): string;
+/**
+ * Generate a random base64url-encoded secret
+ *
+ * @param bytes - Number of random bytes (default: 32 = 256 bits)
+ */
+export declare function generateBase64Secret(bytes?: number): string;
+/**
+ * Generate all required secrets for Authrim
+ */
+export declare function generateAllSecrets(keyId?: string): GeneratedSecrets;
+/**
+ * Save keys and secrets to the .keys directory
+ */
+export declare function saveKeysToDirectory(secrets: GeneratedSecrets, keysDir?: string): Promise<void>;
+/**
+ * Load existing keys from directory
+ */
+export declare function loadKeysFromDirectory(keysDir?: string): Promise<{
+    keyPair?: Partial<KeyPair>;
+    metadata?: KeyMetadata;
+}>;
+/**
+ * Generate wrangler commands for uploading secrets
+ * @deprecated Use uploadSecrets from deploy.ts instead for programmatic upload
+ */
+export declare function generateWranglerSecretCommands(secrets: GeneratedSecrets, keysDir?: string, env?: string): string[];
+/**
+ * Validate that a private key PEM is valid RSA
+ */
+export declare function validatePrivateKey(pem: string): boolean;
+/**
+ * Validate that a public key JWK has required properties
+ */
+export declare function validatePublicKeyJwk(jwk: JWK): boolean;
+//# sourceMappingURL=keys.d.ts.map

package/dist/core/keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../../src/core/keys.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,OAAO;IACtB,gCAAgC;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,+BAA+B;IAC/B,YAAY,EAAE,GAAG,CAAC;IAClB,mBAAmB;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,oBAAoB,CAAC,EAAE,MAAM,CAAC;KAC/B,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAC/B,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,4CAA4C;IAC5C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uBAAuB;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,yBAAyB;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,6CAA6C;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAMD;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,MAAM,GAAE,MAAc,GAAG,MAAM,CAI5D;AAMD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,GAAE,MAAa,GAAG,OAAO,CAsClF;AAMD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,GAAE,MAAW,GAAG,MAAM,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,GAAE,MAAW,GAAG,MAAM,CAE/D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAUnE;AAyCD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,gBAAgB,EACzB,OAAO,GAAE,MAAgB,GACxB,OAAO,CAAC,IAAI,CAAC,CAgDf;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,GAAE,MAAgB,GAAG,OAAO,CAAC;IAC9E,OAAO,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3B,QAAQ,CAAC,EAAE,WAAW,CAAC;CACxB,CAAC,CA+BD;AA6BD;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,gBAAgB,EACzB,OAAO,GAAE,MAAgB,EACzB,GAAG,CAAC,EAAE,MAAM,GACX,MAAM,EAAE,CA+BV;AAMD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAUvD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAKtD"}