@cat-factory/integrations 0.6.0

package/dist/modules/environments/environments.logic.d.ts

@@ -0,0 +1,50 @@
+import type { EnvironmentAccessHandle, EnvironmentHandle, EnvironmentStatus } from '@cat-factory/kernel';
+import type { EnvironmentRecord, UrlSafetyPolicy } from '@cat-factory/kernel';
+/** The agent kind that triggers deterministic provisioning. */
+export declare const DEPLOYER_AGENT_KIND = "deployer";
+/** Board category for environment blocks (a deployer pipeline typically runs here). */
+export declare const ENVIRONMENT_BLOCK_TYPE = "environment";
+/**
+ * Whether a pipeline step should provision an environment deterministically.
+ * Keyed strictly on the `deployer` agent kind so that other steps in a pipeline
+ * on an `environment` block (e.g. a following `tester`) still run normally.
+ */
+export declare function isDeployStep(agentKind: string): boolean;
+/**
+ * Validate a URL before it is stored, fetched, or exposed. The default policy
+ * (STRICT_URL_SAFETY_POLICY) requires `https` and rejects internal/private hosts; a
+ * trusted operator-installed adapter can pass a widened policy to permit specific
+ * schemes/hosts (e.g. an internal env platform on a private/VPN host). Embedded
+ * credentials are forbidden regardless of policy. Parsed by hand (no `URL` global) so
+ * this stays in the platform-agnostic core.
+ */
+export declare function assertSafeEnvironmentUrl(url: string, label?: string, policy?: UrlSafetyPolicy): void;
+/** Variables available to manifest templates, in a bounded namespace. */
+export interface InterpolationScope {
+    input: Record<string, string>;
+    provision: Record<string, string>;
+}
+/**
+ * Replace `{{ namespace.key }}` placeholders from the given scope. Unknown
+ * namespaces and missing keys resolve to an empty string, so a template can
+ * never reference arbitrary host state.
+ */
+export declare function interpolateTemplate(template: string, scope: InterpolationScope): string;
+/** Read a value from parsed JSON by a dot-path (e.g. `data.url`, `items.0.id`). */
+export declare function extractByPath(json: unknown, path: string): unknown;
+/** Extract a scalar as a string, or undefined if absent/non-scalar. */
+export declare function extractString(json: unknown, path: string | undefined): string | undefined;
+/**
+ * Map a provider status string onto our lifecycle states using the manifest's
+ * `statusMap`. Falls back to `fallback` (caller decides, e.g. 'ready' for a
+ * synchronous provisioner with no status polling).
+ */
+export declare function mapStatus(raw: string | undefined, statusMap: {
+    from: string;
+    to: EnvironmentStatus;
+}[] | undefined, fallback: EnvironmentStatus): EnvironmentStatus;
+/** Project a stored record onto the wire handle, optionally with decrypted access. */
+export declare function recordToHandle(record: EnvironmentRecord, access?: EnvironmentAccessHandle | null): EnvironmentHandle;
+/** Coerce an extracted expiry (epoch-ms number, numeric string, or ISO) to ms. */
+export declare function coerceExpiresAt(value: unknown): number | null;
+//# sourceMappingURL=environments.logic.d.ts.map

package/dist/modules/environments/environments.logic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"environments.logic.d.ts","sourceRoot":"","sources":["../../../src/modules/environments/environments.logic.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,iBAAiB,EACjB,iBAAiB,EAClB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAS7E,+DAA+D;AAC/D,eAAO,MAAM,mBAAmB,aAAa,CAAA;AAC7C,uFAAuF;AACvF,eAAO,MAAM,sBAAsB,gBAAgB,CAAA;AAEnD;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEvD;AAuGD;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,EACX,KAAK,SAAQ,EACb,MAAM,GAAE,eAA0C,GACjD,IAAI,CAyBN;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC7B,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAClC;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,kBAAkB,GAAG,MAAM,CAWvF;AAED,mFAAmF;AACnF,wBAAgB,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CASlE;AAED,uEAAuE;AACvE,wBAAgB,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAOzF;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CACvB,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,SAAS,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,iBAAiB,CAAA;CAAE,EAAE,GAAG,SAAS,EAChE,QAAQ,EAAE,iBAAiB,GAC1B,iBAAiB,CAMnB;AAED,sFAAsF;AACtF,wBAAgB,cAAc,CAC5B,MAAM,EAAE,iBAAiB,EACzB,MAAM,CAAC,EAAE,uBAAuB,GAAG,IAAI,GACtC,iBAAiB,CAenB;AAED,kFAAkF;AAClF,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAU7D"}

package/dist/modules/environments/environments.logic.js

@@ -0,0 +1,257 @@
+import { STRICT_URL_SAFETY_POLICY, ValidationError } from '@cat-factory/kernel';
+// Pure helpers for the ephemeral-environment integration: SSRF validation of the
+// URLs we fetch/expose, `{{var}}` interpolation over a bounded scope, dot-path
+// extraction from an arbitrary self-rolled response, status mapping and expiry
+// coercion. Keeping these pure makes the generic provider deterministic and
+// testable without a live management API.
+/** The agent kind that triggers deterministic provisioning. */
+export const DEPLOYER_AGENT_KIND = 'deployer';
+/** Board category for environment blocks (a deployer pipeline typically runs here). */
+export const ENVIRONMENT_BLOCK_TYPE = 'environment';
+/**
+ * Whether a pipeline step should provision an environment deterministically.
+ * Keyed strictly on the `deployer` agent kind so that other steps in a pipeline
+ * on an `environment` block (e.g. a following `tester`) still run normally.
+ */
+export function isDeployStep(agentKind) {
+    return agentKind === DEPLOYER_AGENT_KIND;
+}
+/** Whether a decoded IPv4 address is loopback / link-local (metadata) / RFC1918. */
+function isPrivateV4(parts) {
+    const [a, b] = parts;
+    if (a === 127 || a === 0 || a === 10)
+        return true;
+    if (a === 169 && b === 254)
+        return true;
+    if (a === 192 && b === 168)
+        return true;
+    if (a === 172 && b >= 16 && b <= 31)
+        return true;
+    return false;
+}
+/** Parse a plain dotted-decimal IPv4 literal (each octet 0-255), or null. */
+function decimalV4(host) {
+    const m = host.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (!m)
+        return null;
+    const a = Number(m[1]);
+    const b = Number(m[2]);
+    const c = Number(m[3]);
+    const d = Number(m[4]);
+    if (a > 255 || b > 255 || c > 255 || d > 255)
+        return null;
+    return [a, b, c, d];
+}
+/** Extract the embedded IPv4 of an IPv4-mapped IPv6 literal (`::ffff:…`), or null. */
+function mappedV4(host) {
+    // ::ffff:a.b.c.d
+    const dotted = host.match(/^::ffff:(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (dotted) {
+        const a = Number(dotted[1]);
+        const b = Number(dotted[2]);
+        const c = Number(dotted[3]);
+        const d = Number(dotted[4]);
+        if (a > 255 || b > 255 || c > 255 || d > 255)
+            return null;
+        return [a, b, c, d];
+    }
+    // ::ffff:hhhh:hhhh
+    const hex = host.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/);
+    if (hex) {
+        const hi = parseInt(hex[1] ?? '0', 16);
+        const lo = parseInt(hex[2] ?? '0', 16);
+        return [(hi >> 8) & 0xff, hi & 0xff, (lo >> 8) & 0xff, lo & 0xff];
+    }
+    return null;
+}
+/**
+ * Reject hostnames that point at the worker's own network rather than a public
+ * host. The generic provider fetches org-supplied URLs (and we surface the
+ * provisioned env URL to agents), so an unvalidated URL turns the worker into an
+ * SSRF proxy. Host-literal defence-in-depth: blocks loopback, link-local
+ * (incl. cloud metadata 169.254.x.x) and the RFC1918 private ranges — including
+ * the obfuscated encodings (bare integer, hex/octal octets, IPv4-mapped IPv6)
+ * that trivially bypass a naive dotted-decimal match.
+ */
+function isBlockedHost(hostname) {
+    const host = hostname.toLowerCase().replace(/^\[|\]$/g, '');
+    if (host === '')
+        return true;
+    if (host === 'localhost' || host.endsWith('.localhost'))
+        return true;
+    if (host.endsWith('.internal') || host.endsWith('.local'))
+        return true;
+    // IPv6 literals (contain a colon).
+    if (host.includes(':')) {
+        if (host === '::1' || host === '::')
+            return true;
+        if (host.startsWith('fe80:') || host.startsWith('fc') || host.startsWith('fd'))
+            return true;
+        const mapped = mappedV4(host);
+        if (mapped)
+            return isPrivateV4(mapped);
+        return false;
+    }
+    // Obfuscated numeric IPv4 forms are never a legitimate public hostname.
+    // Bare integer (e.g. 2130706433 === 127.0.0.1).
+    if (/^\d+$/.test(host))
+        return true;
+    const labels = host.split('.');
+    for (const label of labels) {
+        if (/^0x[0-9a-f]+$/.test(label))
+            return true; // hex octet (0x7f)
+        if (/^0[0-9]+$/.test(label))
+            return true; // octal / leading-zero octet (0177)
+    }
+    // Standard dotted-decimal IPv4: public addresses pass, private ones blocked.
+    const v4 = decimalV4(host);
+    if (v4)
+        return isPrivateV4(v4);
+    // A purely numeric dotted host that is not a valid public dotted-decimal IPv4
+    // is some other IP encoding we cannot vouch for — reject when in doubt.
+    if (labels.length > 1 && labels.every((l) => /^\d+$/.test(l)))
+        return true;
+    return false;
+}
+/**
+ * Whether `host` is exempt from the private/internal-host block under `policy`.
+ * An allow-list entry matches the hostname case-insensitively, either exactly or as a
+ * dot suffix when it begins with `.` (`.internal` matches `a.b.internal`).
+ */
+function hostExempt(host, policy) {
+    const h = host.toLowerCase().replace(/^\[|\]$/g, '');
+    return policy.allowHosts.some((entry) => {
+        const e = entry.toLowerCase();
+        return e.startsWith('.') ? h === e.slice(1) || h.endsWith(e) : h === e;
+    });
+}
+/**
+ * Validate a URL before it is stored, fetched, or exposed. The default policy
+ * (STRICT_URL_SAFETY_POLICY) requires `https` and rejects internal/private hosts; a
+ * trusted operator-installed adapter can pass a widened policy to permit specific
+ * schemes/hosts (e.g. an internal env platform on a private/VPN host). Embedded
+ * credentials are forbidden regardless of policy. Parsed by hand (no `URL` global) so
+ * this stays in the platform-agnostic core.
+ */
+export function assertSafeEnvironmentUrl(url, label = 'URL', policy = STRICT_URL_SAFETY_POLICY) {
+    const invalid = () => new ValidationError(`Environment ${label} is not a valid URL: '${url}'`);
+    const match = url.match(/^([a-zA-Z][a-zA-Z0-9+.-]*):\/\/([^/?#]*)/);
+    if (!match)
+        throw invalid();
+    if (!policy.schemes.includes(match[1].toLowerCase())) {
+        const allowed = policy.schemes.join('/') || '(none)';
+        throw new ValidationError(`Environment ${label} must use ${allowed}`);
+    }
+    const authority = match[2];
+    if (authority.includes('@')) {
+        throw new ValidationError(`Environment ${label} must not contain credentials`);
+    }
+    let host;
+    if (authority.startsWith('[')) {
+        const end = authority.indexOf(']');
+        if (end === -1)
+            throw invalid();
+        host = authority.slice(1, end);
+    }
+    else {
+        host = authority.split(':')[0];
+    }
+    if (host === '')
+        throw invalid();
+    if (!hostExempt(host, policy) && isBlockedHost(host)) {
+        throw new ValidationError(`Environment ${label} must be a public host`);
+    }
+}
+/**
+ * Replace `{{ namespace.key }}` placeholders from the given scope. Unknown
+ * namespaces and missing keys resolve to an empty string, so a template can
+ * never reference arbitrary host state.
+ */
+export function interpolateTemplate(template, scope) {
+    return template.replace(/\{\{\s*([a-zA-Z0-9_.]+)\s*\}\}/g, (_match, expr) => {
+        const dot = expr.indexOf('.');
+        if (dot === -1)
+            return '';
+        const ns = expr.slice(0, dot);
+        const key = expr.slice(dot + 1);
+        const bag = ns === 'input' ? scope.input : ns === 'provision' ? scope.provision : undefined;
+        if (!bag)
+            return '';
+        const value = bag[key];
+        return value === undefined ? '' : value;
+    });
+}
+/** Read a value from parsed JSON by a dot-path (e.g. `data.url`, `items.0.id`). */
+export function extractByPath(json, path) {
+    if (!path)
+        return undefined;
+    let current = json;
+    for (const segment of path.split('.')) {
+        if (current === null || current === undefined)
+            return undefined;
+        if (typeof current !== 'object')
+            return undefined;
+        current = current[segment];
+    }
+    return current;
+}
+/** Extract a scalar as a string, or undefined if absent/non-scalar. */
+export function extractString(json, path) {
+    if (!path)
+        return undefined;
+    const value = extractByPath(json, path);
+    if (value === null || value === undefined)
+        return undefined;
+    if (typeof value === 'string')
+        return value;
+    if (typeof value === 'number' || typeof value === 'boolean')
+        return String(value);
+    return undefined;
+}
+/**
+ * Map a provider status string onto our lifecycle states using the manifest's
+ * `statusMap`. Falls back to `fallback` (caller decides, e.g. 'ready' for a
+ * synchronous provisioner with no status polling).
+ */
+export function mapStatus(raw, statusMap, fallback) {
+    if (raw !== undefined && statusMap) {
+        const hit = statusMap.find((m) => m.from.toLowerCase() === raw.toLowerCase());
+        if (hit)
+            return hit.to;
+    }
+    return fallback;
+}
+/** Project a stored record onto the wire handle, optionally with decrypted access. */
+export function recordToHandle(record, access) {
+    return {
+        id: record.id,
+        workspaceId: record.workspaceId,
+        blockId: record.blockId,
+        executionId: record.executionId,
+        providerId: record.providerId,
+        externalId: record.externalId,
+        url: record.url,
+        status: record.status,
+        ...(access ? { access } : {}),
+        createdAt: record.createdAt,
+        expiresAt: record.expiresAt,
+        lastError: record.lastError,
+    };
+}
+/** Coerce an extracted expiry (epoch-ms number, numeric string, or ISO) to ms. */
+export function coerceExpiresAt(value) {
+    if (value === null || value === undefined)
+        return null;
+    if (typeof value === 'number' && Number.isFinite(value))
+        return value;
+    if (typeof value === 'string') {
+        const trimmed = value.trim();
+        if (/^\d+$/.test(trimmed))
+            return Number(trimmed);
+        const parsed = Date.parse(trimmed);
+        if (!Number.isNaN(parsed))
+            return parsed;
+    }
+    return null;
+}
+//# sourceMappingURL=environments.logic.js.map

package/dist/modules/environments/environments.logic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"environments.logic.js","sourceRoot":"","sources":["../../../src/modules/environments/environments.logic.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,wBAAwB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAE/E,iFAAiF;AACjF,+EAA+E;AAC/E,+EAA+E;AAC/E,4EAA4E;AAC5E,0CAA0C;AAE1C,+DAA+D;AAC/D,MAAM,CAAC,MAAM,mBAAmB,GAAG,UAAU,CAAA;AAC7C,uFAAuF;AACvF,MAAM,CAAC,MAAM,sBAAsB,GAAG,aAAa,CAAA;AAEnD;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,SAAS,KAAK,mBAAmB,CAAA;AAC1C,CAAC;AAED,oFAAoF;AACpF,SAAS,WAAW,CAAC,KAAuC;IAC1D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAA;IACpB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IACjD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAA;IACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAA;IACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAA;IAChD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,6EAA6E;AAC7E,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAA;IACpE,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACnB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG;QAAE,OAAO,IAAI,CAAA;IACzD,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;AACrB,CAAC;AAED,sFAAsF;AACtF,SAAS,QAAQ,CAAC,IAAY;IAC5B,iBAAiB;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAA;IAChF,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG;YAAE,OAAO,IAAI,CAAA;QACzD,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IACrB,CAAC;IACD,mBAAmB;IACnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAClE,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAA;QACtC,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAA;QACtC,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;IAC3D,IAAI,IAAI,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IAC5B,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAA;IACpE,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAA;IAEtE,mCAAmC;IACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAA;QAChD,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAA;QAC3F,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;QAC7B,IAAI,MAAM;YAAE,OAAO,WAAW,CAAC,MAAM,CAAC,CAAA;QACtC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,wEAAwE;IACxE,gDAAgD;IAChD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACnC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA,CAAC,mBAAmB;QAChE,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA,CAAC,oCAAoC;IAC/E,CAAC;IAED,6EAA6E;IAC7E,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;IAC1B,IAAI,EAAE;QAAE,OAAO,WAAW,CAAC,EAAE,CAAC,CAAA;IAE9B,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAE1E,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,UAAU,CAAC,IAAY,EAAE,MAAuB;IACvD,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;IACpD,OAAO,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QACtC,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAA;QAC7B,OAAO,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IACxE,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,GAAW,EACX,KAAK,GAAG,KAAK,EACb,MAAM,GAAoB,wBAAwB;IAElD,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,eAAe,CAAC,eAAe,KAAK,yBAAyB,GAAG,GAAG,CAAC,CAAA;IAC9F,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAA;IACnE,IAAI,CAAC,KAAK;QAAE,MAAM,OAAO,EAAE,CAAA;IAE3B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACtD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAA;QACpD,MAAM,IAAI,eAAe,CAAC,eAAe,KAAK,aAAa,OAAO,EAAE,CAAC,CAAA;IACvE,CAAC;IACD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IAC3B,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,eAAe,CAAC,eAAe,KAAK,+BAA+B,CAAC,CAAA;IAChF,CAAC;IACD,IAAI,IAAY,CAAA;IAChB,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClC,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,OAAO,EAAE,CAAA;QAC/B,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAChC,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAA;IACjC,CAAC;IACD,IAAI,IAAI,KAAK,EAAE;QAAE,MAAM,OAAO,EAAE,CAAA;IAChC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,eAAe,CAAC,eAAe,KAAK,wBAAwB,CAAC,CAAA;IACzE,CAAC;AACH,CAAC;AAQD;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,KAAyB;IAC7E,OAAO,QAAQ,CAAC,OAAO,CAAC,iCAAiC,EAAE,CAAC,MAAM,EAAE,IAAY,EAAE,EAAE;QAClF,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC7B,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,OAAO,EAAE,CAAA;QACzB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;QAC/B,MAAM,GAAG,GAAG,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAA;QAC3F,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,CAAA;QACnB,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAA;QACtB,OAAO,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAA;IACzC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,aAAa,CAAC,IAAa,EAAE,IAAY;IACvD,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAA;IAC3B,IAAI,OAAO,GAAY,IAAI,CAAA;IAC3B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS;YAAE,OAAO,SAAS,CAAA;QAC/D,IAAI,OAAO,OAAO,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAA;QACjD,OAAO,GAAI,OAAmC,CAAC,OAAO,CAAC,CAAA;IACzD,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,aAAa,CAAC,IAAa,EAAE,IAAwB;IACnE,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAA;IAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IACvC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAA;IAC3D,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAA;IACjF,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,GAAuB,EACvB,SAAgE,EAChE,QAA2B;IAE3B,IAAI,GAAG,KAAK,SAAS,IAAI,SAAS,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;QAC7E,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC,EAAE,CAAA;IACxB,CAAC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,sFAAsF;AACtF,MAAM,UAAU,cAAc,CAC5B,MAAyB,EACzB,MAAuC;IAEvC,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAA;AACH,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAA;IACtD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IACrE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;QAC5B,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,MAAM,CAAC,OAAO,CAAC,CAAA;QACjD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAA;IAC1C,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/modules/github/GitHubInstallationService.d.ts

@@ -0,0 +1,66 @@
+import type { Clock } from '@cat-factory/kernel';
+import type { GitHubClient } from '@cat-factory/kernel';
+import type { GitHubInstallation, GitHubInstallationRepository } from '@cat-factory/kernel';
+import type { GitHubConnection, GitHubInstallationOption } from '@cat-factory/kernel';
+import type { WorkspaceRepository } from '@cat-factory/kernel';
+export interface GitHubInstallationServiceDependencies {
+    githubClient: GitHubClient;
+    githubInstallationRepository: GitHubInstallationRepository;
+    workspaceRepository: WorkspaceRepository;
+    clock: Clock;
+    /**
+     * Whether cat-factory can create repos for an installation itself — true when
+     * its owning App is the privileged tier (ADR 0005). Surfaced on the connection
+     * so the UI can drop the manual "create on GitHub" step. Absent → always false.
+     */
+    canCreateRepos?: (installation: GitHubInstallation) => boolean;
+    /**
+     * Whether the installation actually granted `workflows: write` (read from the
+     * token's granted set). Surfaced so the UI can warn when agent pushes that touch
+     * `.github/workflows/*` would be rejected. Absent (or throwing) → false.
+     */
+    workflowsGranted?: (installation: GitHubInstallation) => Promise<boolean>;
+}
+export declare class GitHubInstallationService {
+    private readonly deps;
+    constructor(deps: GitHubInstallationServiceDependencies);
+    /**
+     * Bind a GitHub App installation to the workspace's account (idempotent on
+     * re-install). Once bound, every workspace in that account shares it.
+     */
+    connect(workspaceId: string, installationId: number): Promise<GitHubConnection>;
+    /** Whether the privileged App tier can create repos for this installation (ADR 0005). */
+    private canCreate;
+    /**
+     * Whether the installation granted `workflows: write`. Best-effort: any failure
+     * reading the granted set (token mint error, integration quirk) resolves to
+     * false rather than blocking the connection — the warning is advisory.
+     */
+    private canWorkflows;
+    /**
+     * Discover the App's installations so the connect UI can offer a pick instead
+     * of a manually typed installation id. Each is annotated with whether it's
+     * already bound — to THIS workspace, to ANOTHER (so connecting would be
+     * rejected by {@link connect}), or to NONE (free to connect). The `connected`
+     * computation mirrors that guard: a binding to another workspace counts as
+     * taken even when soft-deleted (the installation still lives on GitHub), while
+     * a soft-deleted binding to THIS workspace is re-connectable, so reported NONE.
+     */
+    listAvailableInstallations(workspaceId: string): Promise<GitHubInstallationOption[]>;
+    /**
+     * Resolve the workspace an installation is already bound to, or null if it's
+     * unknown (or tombstoned). Used by the setup callback to recover from GitHub's
+     * *stateless* redirects: saving a repo-access change from the App's
+     * installation settings page redirects back with `setup_action=update` but no
+     * signed `state`, so there's no workspace id to bind. We can only act on an
+     * installation that's ALREADY bound — binding a NEW one still requires a state.
+     */
+    resolveBoundWorkspace(installationId: number): Promise<string | null>;
+    /** The workspace's current connection, or null if not connected. */
+    getConnection(workspaceId: string): Promise<GitHubConnection | null>;
+    /** Resolve the live installation for a workspace, or throw if not connected. */
+    requireInstallation(workspaceId: string): Promise<GitHubInstallation>;
+    /** Disconnect a workspace from GitHub (tombstones the binding). */
+    disconnect(workspaceId: string): Promise<void>;
+}
+//# sourceMappingURL=GitHubInstallationService.d.ts.map

package/dist/modules/github/GitHubInstallationService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GitHubInstallationService.d.ts","sourceRoot":"","sources":["../../../src/modules/github/GitHubInstallationService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,KAAK,EAAE,kBAAkB,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAA;AAC3F,OAAO,KAAK,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAA;AAGrF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AAU9D,MAAM,WAAW,qCAAqC;IACpD,YAAY,EAAE,YAAY,CAAA;IAC1B,4BAA4B,EAAE,4BAA4B,CAAA;IAC1D,mBAAmB,EAAE,mBAAmB,CAAA;IACxC,KAAK,EAAE,KAAK,CAAA;IACZ;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,YAAY,EAAE,kBAAkB,KAAK,OAAO,CAAA;IAC9D;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,YAAY,EAAE,kBAAkB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC1E;AAiBD,qBAAa,yBAAyB;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI;IAAjC,YAA6B,IAAI,EAAE,qCAAqC,EAAI;IAE5E;;;OAGG;IACG,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA6CpF;IAED,yFAAyF;IACzF,OAAO,CAAC,SAAS;IAIjB;;;;OAIG;YACW,YAAY;IAS1B;;;;;;;;OAQG;IACG,0BAA0B,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC,CAuBzF;IAED;;;;;;;OAOG;IACG,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAK1E;IAED,oEAAoE;IAC9D,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAQzE;IAED,gFAAgF;IAC1E,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAM1E;IAED,mEAAmE;IAC7D,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAOnD;CACF"}

package/dist/modules/github/GitHubInstallationService.js

@@ -0,0 +1,143 @@
+import { ConflictError } from '@cat-factory/kernel';
+import { requireWorkspace } from '@cat-factory/kernel';
+function toConnection(installation, canCreateRepos, canManageWorkflows) {
+    return {
+        installationId: installation.installationId,
+        accountLogin: installation.accountLogin,
+        targetType: installation.targetType,
+        connectedAt: installation.createdAt,
+        canCreateRepos,
+        canManageWorkflows,
+    };
+}
+export class GitHubInstallationService {
+    deps;
+    constructor(deps) {
+        this.deps = deps;
+    }
+    /**
+     * Bind a GitHub App installation to the workspace's account (idempotent on
+     * re-install). Once bound, every workspace in that account shares it.
+     */
+    async connect(workspaceId, installationId) {
+        await requireWorkspace(this.deps.workspaceRepository, workspaceId);
+        const accountId = (await this.deps.workspaceRepository.accountOf(workspaceId)) ?? null;
+        // Guard against binding an installation that already belongs to a DIFFERENT
+        // account. We reject regardless of the other binding's `deletedAt`: a
+        // previously disconnected/suspended installation is still installed on GitHub
+        // (its tokens still mint), so letting another tenant claim it would be an
+        // account-takeover primitive. Sharing WITHIN the same account is fine — that's
+        // the whole point — and the auth-disabled path (both accounts null) is
+        // unrestricted, exactly like the rest of the dev path.
+        const existing = await this.deps.githubInstallationRepository.getByInstallationId(installationId);
+        if (existing &&
+            existing.accountId !== null &&
+            accountId !== null &&
+            existing.accountId !== accountId) {
+            throw new ConflictError(`Installation ${installationId} is already connected to another account`);
+        }
+        const meta = await this.deps.githubClient.getInstallation(installationId);
+        const installation = {
+            installationId,
+            workspaceId,
+            accountId,
+            accountLogin: meta.accountLogin,
+            targetType: meta.targetType,
+            // The App that owns this installation (probed at connect), so every later
+            // token mint routes to the right App's key (ADR 0005).
+            appId: meta.appId,
+            cachedToken: null,
+            tokenExpiresAt: null,
+            createdAt: existing?.createdAt ?? this.deps.clock.now(),
+            deletedAt: null,
+        };
+        await this.deps.githubInstallationRepository.upsert(installation);
+        return toConnection(installation, this.canCreate(installation), await this.canWorkflows(installation));
+    }
+    /** Whether the privileged App tier can create repos for this installation (ADR 0005). */
+    canCreate(installation) {
+        return this.deps.canCreateRepos?.(installation) ?? false;
+    }
+    /**
+     * Whether the installation granted `workflows: write`. Best-effort: any failure
+     * reading the granted set (token mint error, integration quirk) resolves to
+     * false rather than blocking the connection — the warning is advisory.
+     */
+    async canWorkflows(installation) {
+        if (!this.deps.workflowsGranted)
+            return false;
+        try {
+            return await this.deps.workflowsGranted(installation);
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Discover the App's installations so the connect UI can offer a pick instead
+     * of a manually typed installation id. Each is annotated with whether it's
+     * already bound — to THIS workspace, to ANOTHER (so connecting would be
+     * rejected by {@link connect}), or to NONE (free to connect). The `connected`
+     * computation mirrors that guard: a binding to another workspace counts as
+     * taken even when soft-deleted (the installation still lives on GitHub), while
+     * a soft-deleted binding to THIS workspace is re-connectable, so reported NONE.
+     */
+    async listAvailableInstallations(workspaceId) {
+        await requireWorkspace(this.deps.workspaceRepository, workspaceId);
+        const accountId = (await this.deps.workspaceRepository.accountOf(workspaceId)) ?? null;
+        const installations = await this.deps.githubClient.listInstallations();
+        return Promise.all(installations.map(async (i) => {
+            const existing = await this.deps.githubInstallationRepository.getByInstallationId(i.installationId);
+            let connected = 'none';
+            if (existing) {
+                const sameAccount = existing.accountId !== null && accountId !== null && existing.accountId === accountId;
+                if (existing.workspaceId === workspaceId || sameAccount) {
+                    // Already available to this workspace (directly, or shared via account).
+                    if (!existing.deletedAt || sameAccount)
+                        connected = 'this';
+                }
+                else {
+                    connected = 'other';
+                }
+            }
+            return { ...i, connected };
+        }));
+    }
+    /**
+     * Resolve the workspace an installation is already bound to, or null if it's
+     * unknown (or tombstoned). Used by the setup callback to recover from GitHub's
+     * *stateless* redirects: saving a repo-access change from the App's
+     * installation settings page redirects back with `setup_action=update` but no
+     * signed `state`, so there's no workspace id to bind. We can only act on an
+     * installation that's ALREADY bound — binding a NEW one still requires a state.
+     */
+    async resolveBoundWorkspace(installationId) {
+        const existing = await this.deps.githubInstallationRepository.getByInstallationId(installationId);
+        if (!existing || existing.deletedAt)
+            return null;
+        return existing.workspaceId;
+    }
+    /** The workspace's current connection, or null if not connected. */
+    async getConnection(workspaceId) {
+        const installation = await this.deps.githubInstallationRepository.getByWorkspace(workspaceId);
+        if (!installation || installation.deletedAt)
+            return null;
+        return toConnection(installation, this.canCreate(installation), await this.canWorkflows(installation));
+    }
+    /** Resolve the live installation for a workspace, or throw if not connected. */
+    async requireInstallation(workspaceId) {
+        const installation = await this.deps.githubInstallationRepository.getByWorkspace(workspaceId);
+        if (!installation || installation.deletedAt) {
+            throw new ConflictError(`Workspace '${workspaceId}' is not connected to GitHub`);
+        }
+        return installation;
+    }
+    /** Disconnect a workspace from GitHub (tombstones the binding). */
+    async disconnect(workspaceId) {
+        const installation = await this.deps.githubInstallationRepository.getByWorkspace(workspaceId);
+        if (!installation || installation.deletedAt)
+            return;
+        await this.deps.githubInstallationRepository.softDelete(installation.installationId, this.deps.clock.now());
+    }
+}
+//# sourceMappingURL=GitHubInstallationService.js.map

package/dist/modules/github/GitHubInstallationService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GitHubInstallationService.js","sourceRoot":"","sources":["../../../src/modules/github/GitHubInstallationService.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AA8BtD,SAAS,YAAY,CACnB,YAAgC,EAChC,cAAuB,EACvB,kBAA2B;IAE3B,OAAO;QACL,cAAc,EAAE,YAAY,CAAC,cAAc;QAC3C,YAAY,EAAE,YAAY,CAAC,YAAY;QACvC,UAAU,EAAE,YAAY,CAAC,UAAU;QACnC,WAAW,EAAE,YAAY,CAAC,SAAS;QACnC,cAAc;QACd,kBAAkB;KACnB,CAAA;AACH,CAAC;AAED,MAAM,OAAO,yBAAyB;IACP,IAAI;IAAjC,YAA6B,IAA2C;oBAA3C,IAAI;IAA0C,CAAC;IAE5E;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,WAAmB,EAAE,cAAsB;QACvD,MAAM,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,WAAW,CAAC,CAAA;QAClE,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,IAAI,IAAI,CAAA;QAEtF,4EAA4E;QAC5E,sEAAsE;QACtE,8EAA8E;QAC9E,0EAA0E;QAC1E,+EAA+E;QAC/E,uEAAuE;QACvE,uDAAuD;QACvD,MAAM,QAAQ,GACZ,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAA;QAClF,IACE,QAAQ;YACR,QAAQ,CAAC,SAAS,KAAK,IAAI;YAC3B,SAAS,KAAK,IAAI;YAClB,QAAQ,CAAC,SAAS,KAAK,SAAS,EAChC,CAAC;YACD,MAAM,IAAI,aAAa,CACrB,gBAAgB,cAAc,0CAA0C,CACzE,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,cAAc,CAAC,CAAA;QACzE,MAAM,YAAY,GAAuB;YACvC,cAAc;YACd,WAAW;YACX,SAAS;YACT,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,0EAA0E;YAC1E,uDAAuD;YACvD,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI;YACjB,cAAc,EAAE,IAAI;YACpB,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;YACvD,SAAS,EAAE,IAAI;SAChB,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;QACjE,OAAO,YAAY,CACjB,YAAY,EACZ,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAC5B,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CACtC,CAAA;IACH,CAAC;IAED,yFAAyF;IACjF,SAAS,CAAC,YAAgC;QAChD,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,YAAY,CAAC,IAAI,KAAK,CAAA;IAC1D,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,YAAY,CAAC,YAAgC;QACzD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB;YAAE,OAAO,KAAK,CAAA;QAC7C,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAA;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,0BAA0B,CAAC,WAAmB;QAClD,MAAM,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,WAAW,CAAC,CAAA;QAClE,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,IAAI,IAAI,CAAA;QACtF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,iBAAiB,EAAE,CAAA;QACtE,OAAO,OAAO,CAAC,GAAG,CAChB,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YAC5B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,mBAAmB,CAC/E,CAAC,CAAC,cAAc,CACjB,CAAA;YACD,IAAI,SAAS,GAA0C,MAAM,CAAA;YAC7D,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,WAAW,GACf,QAAQ,CAAC,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,IAAI,IAAI,QAAQ,CAAC,SAAS,KAAK,SAAS,CAAA;gBACvF,IAAI,QAAQ,CAAC,WAAW,KAAK,WAAW,IAAI,WAAW,EAAE,CAAC;oBACxD,yEAAyE;oBACzE,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,WAAW;wBAAE,SAAS,GAAG,MAAM,CAAA;gBAC5D,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,OAAO,CAAA;gBACrB,CAAC;YACH,CAAC;YACD,OAAO,EAAE,GAAG,CAAC,EAAE,SAAS,EAAE,CAAA;QAC5B,CAAC,CAAC,CACH,CAAA;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,qBAAqB,CAAC,cAAsB;QAChD,MAAM,QAAQ,GACZ,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAA;QAClF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,SAAS;YAAE,OAAO,IAAI,CAAA;QAChD,OAAO,QAAQ,CAAC,WAAW,CAAA;IAC7B,CAAC;IAED,oEAAoE;IACpE,KAAK,CAAC,aAAa,CAAC,WAAmB;QACrC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,WAAW,CAAC,CAAA;QAC7F,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,SAAS;YAAE,OAAO,IAAI,CAAA;QACxD,OAAO,YAAY,CACjB,YAAY,EACZ,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAC5B,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CACtC,CAAA;IACH,CAAC;IAED,gFAAgF;IAChF,KAAK,CAAC,mBAAmB,CAAC,WAAmB;QAC3C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,WAAW,CAAC,CAAA;QAC7F,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5C,MAAM,IAAI,aAAa,CAAC,cAAc,WAAW,8BAA8B,CAAC,CAAA;QAClF,CAAC;QACD,OAAO,YAAY,CAAA;IACrB,CAAC;IAED,mEAAmE;IACnE,KAAK,CAAC,UAAU,CAAC,WAAmB;QAClC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,WAAW,CAAC,CAAA;QAC7F,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,SAAS;YAAE,OAAM;QACnD,MAAM,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,UAAU,CACrD,YAAY,CAAC,cAAc,EAC3B,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CACtB,CAAA;IACH,CAAC;CACF"}

package/dist/modules/github/GitHubService.d.ts

@@ -0,0 +1,29 @@
+import type { Clock } from '@cat-factory/kernel';
+import type { GitHubClient } from '@cat-factory/kernel';
+import type { BranchProjectionRepository, IssueProjectionRepository, PullRequestProjectionRepository, RepoProjectionRepository } from '@cat-factory/kernel';
+import type { CommitFilesInput, GitHubBranch, GitHubIssue, GitHubPullRequest, GitHubRepo, MergePullRequestInput, OpenPullRequestInput } from '@cat-factory/kernel';
+export interface GitHubServiceDependencies {
+    githubClient: GitHubClient;
+    repoProjectionRepository: RepoProjectionRepository;
+    branchProjectionRepository: BranchProjectionRepository;
+    pullRequestProjectionRepository: PullRequestProjectionRepository;
+    issueProjectionRepository: IssueProjectionRepository;
+    clock: Clock;
+}
+export declare class GitHubService {
+    private readonly deps;
+    constructor(deps: GitHubServiceDependencies);
+    listRepos(workspaceId: string): Promise<GitHubRepo[]>;
+    listBranches(workspaceId: string, repoGithubId: number): Promise<GitHubBranch[]>;
+    listPullRequests(workspaceId: string): Promise<GitHubPullRequest[]>;
+    listIssues(workspaceId: string): Promise<GitHubIssue[]>;
+    createBranch(workspaceId: string, repoGithubId: number, name: string, fromSha: string): Promise<GitHubBranch>;
+    commitFiles(workspaceId: string, repoGithubId: number, input: CommitFilesInput): Promise<{
+        sha: string;
+    }>;
+    openPullRequest(workspaceId: string, repoGithubId: number, input: OpenPullRequestInput): Promise<GitHubPullRequest>;
+    mergePullRequest(workspaceId: string, repoGithubId: number, number: number, input?: MergePullRequestInput): Promise<void>;
+    comment(workspaceId: string, repoGithubId: number, issueOrPrNumber: number, body: string): Promise<void>;
+    private resolve;
+}
+//# sourceMappingURL=GitHubService.d.ts.map

package/dist/modules/github/GitHubService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GitHubService.d.ts","sourceRoot":"","sources":["../../../src/modules/github/GitHubService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,EAAE,YAAY,EAAiB,MAAM,qBAAqB,CAAA;AACtE,OAAO,KAAK,EACV,0BAA0B,EAC1B,yBAAyB,EACzB,+BAA+B,EAC/B,wBAAwB,EACzB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,qBAAqB,EACrB,oBAAoB,EACrB,MAAM,qBAAqB,CAAA;AAW5B,MAAM,WAAW,yBAAyB;IACxC,YAAY,EAAE,YAAY,CAAA;IAC1B,wBAAwB,EAAE,wBAAwB,CAAA;IAClD,0BAA0B,EAAE,0BAA0B,CAAA;IACtD,+BAA+B,EAAE,+BAA+B,CAAA;IAChE,yBAAyB,EAAE,yBAAyB,CAAA;IACpD,KAAK,EAAE,KAAK,CAAA;CACb;AAQD,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,IAAI;IAAjC,YAA6B,IAAI,EAAE,yBAAyB,EAAI;IAIhE,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAEpD;IAED,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAE/E;IAED,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAElE;IAED,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAEtD;IAIK,YAAY,CAChB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,YAAY,CAAC,CAYvB;IAEK,WAAW,CACf,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,gBAAgB,GACtB,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAG1B;IAEK,eAAe,CACnB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,oBAAoB,GAC1B,OAAO,CAAC,iBAAiB,CAAC,CAK5B;IAEK,gBAAgB,CACpB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,qBAAqB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAGf;IAEK,OAAO,CACX,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,eAAe,EAAE,MAAM,EACvB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CAGf;YAEa,OAAO;CAYtB"}

package/dist/modules/github/GitHubService.js

@@ -0,0 +1,61 @@
+import { assertFound } from '@cat-factory/kernel';
+export class GitHubService {
+    deps;
+    constructor(deps) {
+        this.deps = deps;
+    }
+    // ---- projection reads ---------------------------------------------------
+    listRepos(workspaceId) {
+        return this.deps.repoProjectionRepository.list(workspaceId);
+    }
+    listBranches(workspaceId, repoGithubId) {
+        return this.deps.branchProjectionRepository.listByRepo(workspaceId, repoGithubId);
+    }
+    listPullRequests(workspaceId) {
+        return this.deps.pullRequestProjectionRepository.listByWorkspace(workspaceId);
+    }
+    listIssues(workspaceId) {
+        return this.deps.issueProjectionRepository.listByWorkspace(workspaceId);
+    }
+    // ---- writes -------------------------------------------------------------
+    async createBranch(workspaceId, repoGithubId, name, fromSha) {
+        const { installationId, ref } = await this.resolve(workspaceId, repoGithubId);
+        await this.deps.githubClient.createBranch(installationId, ref, name, fromSha);
+        const branch = {
+            repoGithubId,
+            name,
+            headSha: fromSha,
+            protected: false,
+            syncedAt: this.deps.clock.now(),
+        };
+        await this.deps.branchProjectionRepository.upsertMany(workspaceId, [branch]);
+        return branch;
+    }
+    async commitFiles(workspaceId, repoGithubId, input) {
+        const { installationId, ref } = await this.resolve(workspaceId, repoGithubId);
+        return this.deps.githubClient.commitFiles(installationId, ref, input);
+    }
+    async openPullRequest(workspaceId, repoGithubId, input) {
+        const { installationId, ref } = await this.resolve(workspaceId, repoGithubId);
+        const pr = await this.deps.githubClient.openPullRequest(installationId, ref, input);
+        await this.deps.pullRequestProjectionRepository.upsertMany(workspaceId, [pr]);
+        return pr;
+    }
+    async mergePullRequest(workspaceId, repoGithubId, number, input) {
+        const { installationId, ref } = await this.resolve(workspaceId, repoGithubId);
+        await this.deps.githubClient.mergePullRequest(installationId, ref, number, input);
+    }
+    async comment(workspaceId, repoGithubId, issueOrPrNumber, body) {
+        const { installationId, ref } = await this.resolve(workspaceId, repoGithubId);
+        await this.deps.githubClient.comment(installationId, ref, issueOrPrNumber, body);
+    }
+    async resolve(workspaceId, repoGithubId) {
+        const repo = assertFound(await this.deps.repoProjectionRepository.get(workspaceId, repoGithubId), 'GitHubRepo', String(repoGithubId));
+        return {
+            repo,
+            installationId: repo.installationId,
+            ref: { owner: repo.owner, repo: repo.name },
+        };
+    }
+}
+//# sourceMappingURL=GitHubService.js.map