@checkstack/satellite-common 0.3.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +96 -0
  2. package/package.json +6 -6
  3. package/src/rpc-contract.ts +38 -0
package/CHANGELOG.md CHANGED
@@ -1,5 +1,101 @@
1
1
  # @checkstack/satellite-common
2
2
 
3
+ ## 0.5.0
4
+
5
+ ### Minor Changes
6
+
7
+ - 9016526: Add a `/rest/:pluginId/*` HTTP mount that serves every plugin's oRPC contract
8
+ through the REST/OpenAPI shape described by `/api/openapi.json`. Queries are
9
+ `GET` with query parameters, mutations are `POST` with the input as the raw
10
+ JSON body. The existing `/api/:pluginId/*` mount continues to serve oRPC's
11
+ native wire protocol unchanged, so existing clients are not affected.
12
+
13
+ The OpenAPI spec at `/api/openapi.json` now reflects the real mount: every
14
+ `paths` entry is prefixed with `/rest` instead of `/api`.
15
+
16
+ Also fixes a SPA-fallback bug: the backend's `/api-docs` route previously
17
+ returned 404 on production deployments because the static-file middleware
18
+ skipped any path starting with `/api`, capturing `/api-docs` along with real
19
+ API routes. The skip now requires a trailing slash (`/api/`, `/rest/`).
20
+
21
+ Required access rules are now visible in the API Docs UI. The OpenAPI spec
22
+ generator was reading a non-existent `accessRules` field on procedure
23
+ metadata; the real field is `access: AccessRule[]`. Each procedure's access
24
+ rules are now flattened to fully-qualified IDs (e.g. `catalog.system.read`)
25
+ and emitted under `x-orpc-meta.accessRules`, which the existing
26
+ `Required Access Rules` section in the docs UI already knew how to render.
27
+
28
+ The API Docs schema renderer now handles record types (zod `z.record`),
29
+ `$ref`s into `components.schemas`, `oneOf`/`anyOf`/`allOf`, nullable union
30
+ types (`type: ["string", "null"]`), and `format` qualifiers. Previously
31
+ record outputs like `{ statuses: object }` masked the actual value type;
32
+ they now render as `{ [key]: <ResolvedType> { ... } }` with the inner
33
+ schema expanded, capped at 12 levels with cycle detection.
34
+
35
+ **REST method conventions.** `proc()` now defaults to `GET` for queries and
36
+ `POST` for mutations on the `/rest` mount, using bracket-notation query
37
+ params (`?filter[status]=active&ids[0]=a`) for GET inputs. Existing
38
+ procedures were updated to follow REST semantics:
39
+
40
+ - `update*` mutations → `PATCH`
41
+ - `delete*` / `remove*` mutations → `DELETE`
42
+ - `getBulk*` queries and any query taking a large array input → `POST`
43
+ (because `@orpc/openapi@1.13.x` has no GET→POST URL-length fallback)
44
+
45
+ GET endpoints require an `object` input — bare scalars like
46
+ `.input(z.string())` are not valid on GET. `getSystemConfigurations` was
47
+ refactored from `.input(z.string())` to `.input(z.object({ systemId: ... }))`
48
+ to fit the GET shape; the only call-site update was the in-process router
49
+ unpacking `input.systemId` instead of passing `input` directly.
50
+
51
+ The API Docs UI now renders query parameters (path/query/header/cookie) in a
52
+ dedicated table for GET endpoints, and the fetch example shows them in the
53
+ URL with `<required>` / `<optional>` placeholders.
54
+
55
+ ### Patch Changes
56
+
57
+ - Updated dependencies [9016526]
58
+ - @checkstack/common@0.10.0
59
+ - @checkstack/healthcheck-common@1.1.0
60
+ - @checkstack/signal-common@0.2.3
61
+
62
+ ## 0.4.0
63
+
64
+ ### Minor Changes
65
+
66
+ - f6f9a5c: Add a GitOps `Satellite` kind plus a UI affordance for resetting tokens.
67
+
68
+ GitOps owns satellite **metadata only** — `metadata.name`,
69
+ `spec.region`, and `metadata.labels` (used as the satellite's runtime
70
+ tags). The bcrypt token is intentionally never expressed in YAML; on
71
+ first reconcile a satellite is created with a random token that is
72
+ discarded, and operators must use the Satellites page to retrieve a
73
+ working credential.
74
+
75
+ To support that flow:
76
+
77
+ - New service methods: `updateSatelliteMetadata`, `rotateSatelliteToken`,
78
+ `getSatelliteByName`.
79
+ - New RPC procs: `updateSatellite`, `rotateSatelliteToken`.
80
+ - New `RotateSatelliteTokenDialog` and a "Reset token" key icon on the
81
+ Satellites list. The dialog reuses the one-time-reveal layout from
82
+ `CreateSatelliteDialog`.
83
+ - The Satellites list shows a `GitOpsSourceBadge` next to managed
84
+ satellites and disables the delete button while leaving the
85
+ token-reset button enabled (so operators can always re-issue a
86
+ credential without touching YAML).
87
+
88
+ The satellite kind reconciler adopts pre-existing satellites by name on
89
+ first sync, so this is safe to roll out against installations that
90
+ already have manually-created satellites.
91
+
92
+ ### Patch Changes
93
+
94
+ - Updated dependencies [42abfff]
95
+ - @checkstack/common@0.9.0
96
+ - @checkstack/healthcheck-common@1.0.2
97
+ - @checkstack/signal-common@0.2.2
98
+
3
99
  ## 0.3.2
4
100
 
5
101
  ### Patch Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@checkstack/satellite-common",
3
- "version": "0.3.2",
3
+ "version": "0.5.0",
4
4
  "license": "Elastic-2.0",
5
5
  "type": "module",
6
6
  "exports": {
@@ -9,16 +9,16 @@
9
9
  }
10
10
  },
11
11
  "dependencies": {
12
- "@checkstack/common": "0.7.0",
13
- "@checkstack/healthcheck-common": "1.0.0",
14
- "@checkstack/signal-common": "0.2.0",
12
+ "@checkstack/common": "0.9.0",
13
+ "@checkstack/healthcheck-common": "1.0.2",
14
+ "@checkstack/signal-common": "0.2.2",
15
15
  "@orpc/contract": "^1.13.14",
16
16
  "zod": "^4.2.1"
17
17
  },
18
18
  "devDependencies": {
19
19
  "typescript": "^5.7.2",
20
- "@checkstack/tsconfig": "0.0.6",
21
- "@checkstack/scripts": "0.1.2"
20
+ "@checkstack/tsconfig": "0.0.7",
21
+ "@checkstack/scripts": "0.3.1"
22
22
  },
23
23
  "scripts": {
24
24
  "typecheck": "tsgo -b",
package/src/rpc-contract.ts CHANGED
@@ -52,9 +52,47 @@ export const satelliteContract = {
52
52
  userType: "authenticated",
53
53
  access: [satelliteAccess.satellite.manage],
54
54
  })
55
+ .route({ method: "DELETE" })
55
56
  .input(z.object({ id: z.string() }))
56
57
  .output(z.void()),
57
58
 
59
+ /**
60
+ * Update a satellite's metadata. Token is unaffected — use
61
+ * `rotateSatelliteToken` to issue a new token.
62
+ */
63
+ updateSatellite: proc({
64
+ operationType: "mutation",
65
+ userType: "authenticated",
66
+ access: [satelliteAccess.satellite.manage],
67
+ })
68
+ .route({ method: "PATCH" })
69
+ .input(
70
+ z.object({
71
+ id: z.string(),
72
+ name: z.string().min(1).optional(),
73
+ region: z.string().min(1).optional(),
74
+ tags: z.record(z.string(), z.string()).optional(),
75
+ }),
76
+ )
77
+ .output(SatelliteWithStatusSchema),
78
+
79
+ /**
80
+ * Rotate (reset) a satellite's token. Returns the new plaintext token,
81
+ * shown once. The previous token is invalidated immediately.
82
+ */
83
+ rotateSatelliteToken: proc({
84
+ operationType: "mutation",
85
+ userType: "authenticated",
86
+ access: [satelliteAccess.satellite.manage],
87
+ })
88
+ .input(z.object({ id: z.string() }))
89
+ .output(
90
+ z.object({
91
+ satellite: SatelliteWithStatusSchema,
92
+ token: z.string(),
93
+ }),
94
+ ),
95
+
58
96
  /**
59
97
  * Get the list of online satellite IDs.
60
98
  * Used internally by healthcheck-backend for stale source exclusion