@blaxel/core 0.2.87-preview.170 → 0.2.87-preview.174
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/.tsbuildinfo +1 -1
- package/dist/cjs/authentication/credentials.js +11 -1
- package/dist/cjs/authentication/index.js +3 -1
- package/dist/cjs/common/credentials.test.js +71 -0
- package/dist/cjs/common/errors.js +15 -0
- package/dist/cjs/common/settings.js +40 -2
- package/dist/cjs/common/settings.test.js +10 -1
- package/dist/cjs/types/authentication/credentials.d.ts +9 -0
- package/dist/cjs/types/common/credentials.test.d.ts +1 -0
- package/dist/cjs/types/common/errors.d.ts +10 -0
- package/dist/cjs/types/common/settings.d.ts +9 -0
- package/dist/cjs-browser/.tsbuildinfo +1 -1
- package/dist/cjs-browser/authentication/credentials.js +11 -1
- package/dist/cjs-browser/authentication/index.js +3 -1
- package/dist/cjs-browser/common/credentials.test.js +71 -0
- package/dist/cjs-browser/common/errors.js +15 -0
- package/dist/cjs-browser/common/settings.js +40 -2
- package/dist/cjs-browser/common/settings.test.js +10 -1
- package/dist/cjs-browser/types/authentication/credentials.d.ts +9 -0
- package/dist/cjs-browser/types/common/credentials.test.d.ts +1 -0
- package/dist/cjs-browser/types/common/errors.d.ts +10 -0
- package/dist/cjs-browser/types/common/settings.d.ts +9 -0
- package/dist/esm/.tsbuildinfo +1 -1
- package/dist/esm/authentication/credentials.js +9 -0
- package/dist/esm/authentication/index.js +4 -2
- package/dist/esm/common/credentials.test.js +69 -0
- package/dist/esm/common/errors.js +13 -0
- package/dist/esm/common/settings.js +40 -2
- package/dist/esm/common/settings.test.js +10 -1
- package/dist/esm-browser/.tsbuildinfo +1 -1
- package/dist/esm-browser/authentication/credentials.js +9 -0
- package/dist/esm-browser/authentication/index.js +4 -2
- package/dist/esm-browser/common/credentials.test.js +69 -0
- package/dist/esm-browser/common/errors.js +13 -0
- package/dist/esm-browser/common/settings.js +40 -2
- package/dist/esm-browser/common/settings.test.js +10 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Credentials = void 0;
|
|
3
|
+
exports.MissingCredentials = exports.Credentials = void 0;
|
|
4
4
|
const env_js_1 = require("../common/env.js");
|
|
5
5
|
class Credentials {
|
|
6
6
|
async authenticate() { }
|
|
@@ -15,3 +15,13 @@ class Credentials {
|
|
|
15
15
|
}
|
|
16
16
|
}
|
|
17
17
|
exports.Credentials = Credentials;
|
|
18
|
+
/**
|
|
19
|
+
* Marker returned by `authentication()` when no usable Blaxel credentials were
|
|
20
|
+
* resolved (no env vars, no matching config workspace). Construction is
|
|
21
|
+
* side-effect free so importing `@blaxel/core` never fails; the actionable
|
|
22
|
+
* error is raised when an authenticated request is actually attempted
|
|
23
|
+
* (see `Settings.assertCredentials`).
|
|
24
|
+
*/
|
|
25
|
+
class MissingCredentials extends Credentials {
|
|
26
|
+
}
|
|
27
|
+
exports.MissingCredentials = MissingCredentials;
|
|
@@ -51,7 +51,9 @@ function getCredentials() {
|
|
|
51
51
|
function authentication() {
|
|
52
52
|
const credentials = getCredentials();
|
|
53
53
|
if (!credentials) {
|
|
54
|
-
|
|
54
|
+
// Never silently fall back to empty headers: a marker that triggers a
|
|
55
|
+
// clear CredentialsError when an authenticated request is attempted.
|
|
56
|
+
return new credentials_js_1.MissingCredentials();
|
|
55
57
|
}
|
|
56
58
|
if (credentials.apiKey) {
|
|
57
59
|
return new apikey_js_1.ApiKey(credentials);
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const vitest_1 = require("vitest");
|
|
4
|
+
const apikey_js_1 = require("../authentication/apikey.js");
|
|
5
|
+
const credentials_js_1 = require("../authentication/credentials.js");
|
|
6
|
+
const index_js_1 = require("../authentication/index.js");
|
|
7
|
+
const errors_js_1 = require("./errors.js");
|
|
8
|
+
const settings_js_1 = require("./settings.js");
|
|
9
|
+
/**
|
|
10
|
+
* ENG-2698: missing / partial BL_WORKSPACE / BL_API_KEY must fail fast with a
|
|
11
|
+
* clear, actionable error instead of silently sending empty headers and
|
|
12
|
+
* surfacing the server's misleading "workspace is required".
|
|
13
|
+
*
|
|
14
|
+
* `env` reads through to `process.env`, so env state is controlled there.
|
|
15
|
+
*/
|
|
16
|
+
(0, vitest_1.describe)('credential validation', () => {
|
|
17
|
+
const AUTH_ENV = ['BL_API_KEY', 'BL_WORKSPACE', 'BL_CLIENT_CREDENTIALS'];
|
|
18
|
+
let savedEnv;
|
|
19
|
+
let savedCredentials;
|
|
20
|
+
let savedConfig;
|
|
21
|
+
(0, vitest_1.beforeEach)(() => {
|
|
22
|
+
savedEnv = {};
|
|
23
|
+
for (const key of AUTH_ENV) {
|
|
24
|
+
savedEnv[key] = process.env[key];
|
|
25
|
+
delete process.env[key];
|
|
26
|
+
}
|
|
27
|
+
savedCredentials = settings_js_1.settings.credentials;
|
|
28
|
+
savedConfig = settings_js_1.settings.config;
|
|
29
|
+
settings_js_1.settings.config = { proxy: '', apikey: '', workspace: '' };
|
|
30
|
+
});
|
|
31
|
+
(0, vitest_1.afterEach)(() => {
|
|
32
|
+
for (const key of AUTH_ENV) {
|
|
33
|
+
if (savedEnv[key] === undefined)
|
|
34
|
+
delete process.env[key];
|
|
35
|
+
else
|
|
36
|
+
process.env[key] = savedEnv[key];
|
|
37
|
+
}
|
|
38
|
+
settings_js_1.settings.credentials = savedCredentials;
|
|
39
|
+
settings_js_1.settings.config = savedConfig;
|
|
40
|
+
});
|
|
41
|
+
(0, vitest_1.it)('API key without workspace throws a clear BL_WORKSPACE error from headers', () => {
|
|
42
|
+
settings_js_1.settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key' });
|
|
43
|
+
(0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(errors_js_1.CredentialsError);
|
|
44
|
+
(0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(/BL_WORKSPACE/);
|
|
45
|
+
});
|
|
46
|
+
(0, vitest_1.it)('API key without workspace rejects from authenticate()', async () => {
|
|
47
|
+
settings_js_1.settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key' });
|
|
48
|
+
await (0, vitest_1.expect)(settings_js_1.settings.authenticate()).rejects.toThrow(/BL_WORKSPACE/);
|
|
49
|
+
});
|
|
50
|
+
(0, vitest_1.it)('workspace set but no API key names the missing API key', () => {
|
|
51
|
+
process.env.BL_WORKSPACE = 'my-workspace';
|
|
52
|
+
settings_js_1.settings.credentials = new credentials_js_1.MissingCredentials();
|
|
53
|
+
(0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(/API key is missing/);
|
|
54
|
+
});
|
|
55
|
+
(0, vitest_1.it)('no credentials at all names both env vars', () => {
|
|
56
|
+
settings_js_1.settings.credentials = new credentials_js_1.MissingCredentials();
|
|
57
|
+
(0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(errors_js_1.CredentialsError);
|
|
58
|
+
(0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(/BL_API_KEY and BL_WORKSPACE/);
|
|
59
|
+
});
|
|
60
|
+
(0, vitest_1.it)('api key + workspace builds clean headers with no empty values', () => {
|
|
61
|
+
settings_js_1.settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key', workspace: 'my-workspace' });
|
|
62
|
+
const headers = settings_js_1.settings.headers;
|
|
63
|
+
(0, vitest_1.expect)(headers['x-blaxel-workspace']).toBe('my-workspace');
|
|
64
|
+
(0, vitest_1.expect)(headers['x-blaxel-authorization']).toBe('Bearer test-key');
|
|
65
|
+
(0, vitest_1.expect)(Object.values(headers)).not.toContain('');
|
|
66
|
+
});
|
|
67
|
+
(0, vitest_1.it)('authentication() returns a real ApiKey when BL_API_KEY is set', () => {
|
|
68
|
+
process.env.BL_API_KEY = 'test-key';
|
|
69
|
+
(0, vitest_1.expect)((0, index_js_1.authentication)()).toBeInstanceOf(apikey_js_1.ApiKey);
|
|
70
|
+
});
|
|
71
|
+
});
|
|
@@ -1,6 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CredentialsError = void 0;
|
|
3
4
|
exports.handleDynamicImportError = handleDynamicImportError;
|
|
5
|
+
/**
|
|
6
|
+
* Thrown when Blaxel credentials are missing or incomplete.
|
|
7
|
+
*
|
|
8
|
+
* Surfaced eagerly with an actionable message (which env var / login step is
|
|
9
|
+
* missing) instead of silently sending empty workspace/authorization headers
|
|
10
|
+
* and letting the user hit a misleading server-side "workspace is required".
|
|
11
|
+
*/
|
|
12
|
+
class CredentialsError extends Error {
|
|
13
|
+
constructor(message) {
|
|
14
|
+
super(message);
|
|
15
|
+
this.name = "CredentialsError";
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
exports.CredentialsError = CredentialsError;
|
|
4
19
|
function handleDynamicImportError(err) {
|
|
5
20
|
if (err instanceof Error) {
|
|
6
21
|
// We check if it's module import error and retrieve package name from the error message with a regex
|
|
@@ -7,12 +7,29 @@ exports.settings = void 0;
|
|
|
7
7
|
const yaml_1 = __importDefault(require("yaml"));
|
|
8
8
|
const apikey_js_1 = require("../authentication/apikey.js");
|
|
9
9
|
const clientcredentials_js_1 = require("../authentication/clientcredentials.js");
|
|
10
|
+
const credentials_js_1 = require("../authentication/credentials.js");
|
|
10
11
|
const index_js_1 = require("../authentication/index.js");
|
|
11
12
|
const env_js_1 = require("../common/env.js");
|
|
13
|
+
const errors_js_1 = require("../common/errors.js");
|
|
12
14
|
const node_js_1 = require("../common/node.js");
|
|
15
|
+
/**
|
|
16
|
+
* Build an actionable "credentials missing" message naming exactly which piece
|
|
17
|
+
* is absent, based on the env vars currently set.
|
|
18
|
+
*/
|
|
19
|
+
function missingCredentialsMessage() {
|
|
20
|
+
const hasWorkspace = !!env_js_1.env.BL_WORKSPACE;
|
|
21
|
+
const hasApiKey = !!env_js_1.env.BL_API_KEY;
|
|
22
|
+
if (hasWorkspace && !hasApiKey) {
|
|
23
|
+
return "Blaxel API key is missing. Set the BL_API_KEY environment variable, or run `bl login`, to authenticate (BL_WORKSPACE is already set).";
|
|
24
|
+
}
|
|
25
|
+
if (hasApiKey && !hasWorkspace) {
|
|
26
|
+
return "Blaxel workspace is missing. Set the BL_WORKSPACE environment variable, or run `bl login`, to authenticate (BL_API_KEY is already set).";
|
|
27
|
+
}
|
|
28
|
+
return "No Blaxel credentials found. Set the BL_API_KEY and BL_WORKSPACE environment variables, or run `bl login`.";
|
|
29
|
+
}
|
|
13
30
|
// Build info - these placeholders are replaced at build time by build:replace-imports
|
|
14
|
-
const BUILD_VERSION = "0.2.87-preview.
|
|
15
|
-
const BUILD_COMMIT = "
|
|
31
|
+
const BUILD_VERSION = "0.2.87-preview.174";
|
|
32
|
+
const BUILD_COMMIT = "d820c0d5ab85c3e0603e16cd29198e14055869ec";
|
|
16
33
|
const BUILD_SENTRY_DSN = "https://fd5e60e1c9820e1eef5ccebb84a07127@o4508714045276160.ingest.us.sentry.io/4510465864564736";
|
|
17
34
|
const BLAXEL_API_VERSION = "2026-04-16";
|
|
18
35
|
// Cache for config.yaml tracking value
|
|
@@ -173,6 +190,7 @@ class Settings {
|
|
|
173
190
|
return env_js_1.env.BL_API_VERSION || BLAXEL_API_VERSION;
|
|
174
191
|
}
|
|
175
192
|
get headers() {
|
|
193
|
+
this.assertCredentials();
|
|
176
194
|
const osArch = getOsArch();
|
|
177
195
|
return {
|
|
178
196
|
"x-blaxel-authorization": this.authorization,
|
|
@@ -258,7 +276,27 @@ class Settings {
|
|
|
258
276
|
}
|
|
259
277
|
return 0;
|
|
260
278
|
}
|
|
279
|
+
/**
|
|
280
|
+
* Fail fast with a clear, actionable error when credentials are missing or
|
|
281
|
+
* incomplete, instead of sending empty workspace/authorization headers and
|
|
282
|
+
* surfacing a misleading server-side "workspace is required". Skipped for
|
|
283
|
+
* `forceUrl` sandbox sessions, which carry their own headers and never read
|
|
284
|
+
* `settings.headers`. Leaves `workspace` itself non-throwing so telemetry
|
|
285
|
+
* tagging stays safe.
|
|
286
|
+
*/
|
|
287
|
+
assertCredentials() {
|
|
288
|
+
const hasConfigCredentials = !!(this.config.apikey ||
|
|
289
|
+
this.config.apiKey ||
|
|
290
|
+
this.config.clientCredentials);
|
|
291
|
+
if (!hasConfigCredentials && this.credentials instanceof credentials_js_1.MissingCredentials) {
|
|
292
|
+
throw new errors_js_1.CredentialsError(missingCredentialsMessage());
|
|
293
|
+
}
|
|
294
|
+
if (!this.workspace) {
|
|
295
|
+
throw new errors_js_1.CredentialsError("Blaxel workspace is missing. Set the BL_WORKSPACE environment variable, or run `bl login`, to authenticate your requests.");
|
|
296
|
+
}
|
|
297
|
+
}
|
|
261
298
|
async authenticate() {
|
|
299
|
+
this.assertCredentials();
|
|
262
300
|
await this.credentials.authenticate();
|
|
263
301
|
}
|
|
264
302
|
}
|
|
@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
36
|
const vitest_1 = require("vitest");
|
|
37
|
+
const apikey_js_1 = require("../authentication/apikey.js");
|
|
37
38
|
const env_js_1 = require("./env.js");
|
|
38
39
|
(0, vitest_1.describe)('Settings.apiVersion', () => {
|
|
39
40
|
(0, vitest_1.beforeEach)(() => {
|
|
@@ -50,6 +51,14 @@ const env_js_1 = require("./env.js");
|
|
|
50
51
|
(0, vitest_1.it)('headers include Blaxel-Version set to the default', async () => {
|
|
51
52
|
delete env_js_1.env.BL_API_VERSION;
|
|
52
53
|
const { settings } = await Promise.resolve().then(() => __importStar(require('./settings.js')));
|
|
53
|
-
|
|
54
|
+
// headers now requires resolvable credentials; run in an authenticated context
|
|
55
|
+
const previous = settings.credentials;
|
|
56
|
+
settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key', workspace: 'test-ws' });
|
|
57
|
+
try {
|
|
58
|
+
(0, vitest_1.expect)(settings.headers['Blaxel-Version']).toBe('2026-04-16');
|
|
59
|
+
}
|
|
60
|
+
finally {
|
|
61
|
+
settings.credentials = previous;
|
|
62
|
+
}
|
|
54
63
|
});
|
|
55
64
|
});
|
|
@@ -4,3 +4,12 @@ export declare class Credentials {
|
|
|
4
4
|
get authorization(): string;
|
|
5
5
|
get token(): string;
|
|
6
6
|
}
|
|
7
|
+
/**
|
|
8
|
+
* Marker returned by `authentication()` when no usable Blaxel credentials were
|
|
9
|
+
* resolved (no env vars, no matching config workspace). Construction is
|
|
10
|
+
* side-effect free so importing `@blaxel/core` never fails; the actionable
|
|
11
|
+
* error is raised when an authenticated request is actually attempted
|
|
12
|
+
* (see `Settings.assertCredentials`).
|
|
13
|
+
*/
|
|
14
|
+
export declare class MissingCredentials extends Credentials {
|
|
15
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -1 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Thrown when Blaxel credentials are missing or incomplete.
|
|
3
|
+
*
|
|
4
|
+
* Surfaced eagerly with an actionable message (which env var / login step is
|
|
5
|
+
* missing) instead of silently sending empty workspace/authorization headers
|
|
6
|
+
* and letting the user hit a misleading server-side "workspace is required".
|
|
7
|
+
*/
|
|
8
|
+
export declare class CredentialsError extends Error {
|
|
9
|
+
constructor(message: string);
|
|
10
|
+
}
|
|
1
11
|
export declare function handleDynamicImportError(err: any): void;
|
|
@@ -63,6 +63,15 @@ declare class Settings {
|
|
|
63
63
|
get disableH2(): boolean;
|
|
64
64
|
get maxConcurrentH2Requests(): number;
|
|
65
65
|
get fsPartRetries(): number;
|
|
66
|
+
/**
|
|
67
|
+
* Fail fast with a clear, actionable error when credentials are missing or
|
|
68
|
+
* incomplete, instead of sending empty workspace/authorization headers and
|
|
69
|
+
* surfacing a misleading server-side "workspace is required". Skipped for
|
|
70
|
+
* `forceUrl` sandbox sessions, which carry their own headers and never read
|
|
71
|
+
* `settings.headers`. Leaves `workspace` itself non-throwing so telemetry
|
|
72
|
+
* tagging stays safe.
|
|
73
|
+
*/
|
|
74
|
+
private assertCredentials;
|
|
66
75
|
authenticate(): Promise<void>;
|
|
67
76
|
}
|
|
68
77
|
export declare const settings: Settings;
|