npm - @codemation/host - Versions diffs - 0.8.0 → 0.9.1 - Mend

@codemation/host 0.8.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/dist/infrastructure/persistence/PrismaMigrationOperations.js ADDED Viewed

@@ -0,0 +1,302 @@
+import { createRequire } from "node:module";
+import { mkdir } from "node:fs/promises";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { existsSync } from "node:fs";
+import { spawn } from "node:child_process";
+//#region src/infrastructure/persistence/PrismaMigrationOperations.ts
+/**
+* Contains all runtime logic for deploying Prisma migrations.
+* This class is loaded lazily via `await import(...)` from PrismaMigrationDeployer
+* so that the dynamic fs/path/createRequire operations never appear in the
+* static module graph visible to the Turbopack / Next.js NFT tracer.
+*/
+var PrismaMigrationOperations = class PrismaMigrationOperations {
+	static normalizedRuntimeMigrationName = "20260407140000_run_normalized_persistence";
+	require = createRequire(import.meta.url);
+	async deployPersistence(persistence, env) {
+		if (persistence.kind === "none") return;
+		if (persistence.kind === "postgresql") {
+			await this.deployPostgres({
+				databaseUrl: persistence.databaseUrl,
+				env
+			});
+			return;
+		}
+		await this.deploySqlite({
+			databaseFilePath: persistence.databaseFilePath,
+			env
+		});
+	}
+	async deploy(args) {
+		await this.deployPostgres(args);
+	}
+	resolvePackageRoot(env = process.env) {
+		const configuredRoot = env.CODEMATION_HOST_PACKAGE_ROOT;
+		if (configuredRoot) return configuredRoot;
+		let currentDirectory = path.dirname(fileURLToPath(import.meta.url));
+		for (let depth = 0; depth < 8; depth += 1) {
+			if (existsSync(path.join(currentDirectory, "prisma", "schema.postgresql.prisma"))) return currentDirectory;
+			const parentDirectory = path.dirname(currentDirectory);
+			if (parentDirectory === currentDirectory) break;
+			currentDirectory = parentDirectory;
+		}
+		throw new Error(`Could not locate prisma/schema.postgresql.prisma near ${fileURLToPath(import.meta.url)}.`);
+	}
+	async deploySqlite(args) {
+		await this.ensureSqliteParentDirectoryExists(args.databaseFilePath);
+		const databaseUrl = this.sqliteFilePathToDatabaseUrl(args.databaseFilePath);
+		try {
+			await this.deployWithProvider({
+				provider: "sqlite",
+				databaseUrl,
+				env: args.env
+			});
+		} catch (error) {
+			if (!await this.tryRecoverPartiallyAppliedNormalizedRuntimeMigration({
+				databaseFilePath: args.databaseFilePath,
+				databaseUrl,
+				env: args.env,
+				error
+			})) throw error;
+		}
+		await this.cleanupNormalizedRuntimeLegacyArtifacts(args.databaseFilePath);
+	}
+	async deployPostgres(args) {
+		await this.deployWithProvider({
+			provider: "postgresql",
+			databaseUrl: args.databaseUrl,
+			env: args.env
+		});
+	}
+	async deployWithProvider(args) {
+		await this.runPrismaCommand({
+			prismaArgs: ["migrate", "deploy"],
+			provider: args.provider,
+			databaseUrl: args.databaseUrl,
+			env: args.env
+		});
+	}
+	async resolveAppliedMigration(args) {
+		await this.runPrismaCommand({
+			prismaArgs: [
+				"migrate",
+				"resolve",
+				"--applied",
+				args.migrationName
+			],
+			provider: args.provider,
+			databaseUrl: args.databaseUrl,
+			env: args.env
+		});
+	}
+	async runPrismaCommand(args) {
+		const resolverEnv = {
+			...process.env,
+			...args.env ?? {}
+		};
+		const prismaConfigPath = this.resolveAbsolutePrismaConfigPath(resolverEnv);
+		await new Promise((resolve, reject) => {
+			const command = spawn(process.execPath, [
+				...[this.resolvePrismaCliPath(resolverEnv), ...args.prismaArgs],
+				"--config",
+				path.basename(prismaConfigPath)
+			], {
+				cwd: path.dirname(prismaConfigPath),
+				env: this.createProcessEnvironment(args.databaseUrl, args.provider, args.env),
+				stdio: [
+					"ignore",
+					"pipe",
+					"pipe"
+				]
+			});
+			let stdout = "";
+			let stderr = "";
+			command.stdout.on("data", (chunk) => {
+				stdout += chunk.toString();
+			});
+			command.stderr.on("data", (chunk) => {
+				stderr += chunk.toString();
+			});
+			command.once("error", (error) => {
+				reject(error);
+			});
+			command.once("close", (exitCode) => {
+				if (exitCode === 0) {
+					resolve();
+					return;
+				}
+				reject(this.createDeployError(exitCode, stdout, stderr));
+			});
+		});
+	}
+	async tryRecoverPartiallyAppliedNormalizedRuntimeMigration(args) {
+		if (!this.isRecoverableNormalizedRuntimeMigrationError(args.error)) return false;
+		if (!await this.repairPartiallyAppliedNormalizedRuntimeSqliteDatabase(args.databaseFilePath)) return false;
+		await this.resolveAppliedMigration({
+			provider: "sqlite",
+			databaseUrl: args.databaseUrl,
+			migrationName: PrismaMigrationOperations.normalizedRuntimeMigrationName,
+			env: args.env
+		});
+		await this.deployWithProvider({
+			provider: "sqlite",
+			databaseUrl: args.databaseUrl,
+			env: args.env
+		});
+		return true;
+	}
+	isRecoverableNormalizedRuntimeMigrationError(error) {
+		if (!(error instanceof Error)) return false;
+		return error.message.includes("Error: P3009") && error.message.includes(PrismaMigrationOperations.normalizedRuntimeMigrationName);
+	}
+	async repairPartiallyAppliedNormalizedRuntimeSqliteDatabase(databaseFilePath) {
+		const { createClient } = await import("@libsql/client");
+		const client = createClient({ url: this.sqliteFilePathToDatabaseUrl(databaseFilePath) });
+		try {
+			if (!await this.hasActiveFailedMigrationRecord(client, PrismaMigrationOperations.normalizedRuntimeMigrationName)) return false;
+			const runColumns = await this.readSqliteTableColumns(client, "Run");
+			if (!(runColumns.has("finished_at") && runColumns.has("revision") && runColumns.has("outputs_by_node_json") && !runColumns.has("state_json"))) return false;
+			await this.ensureNormalizedRuntimeRepairArtifacts(client);
+			return true;
+		} finally {
+			client.close();
+		}
+	}
+	async hasActiveFailedMigrationRecord(client, migrationName) {
+		return (await client.execute({
+			sql: [
+				"SELECT 1 AS \"has_failed\"",
+				"FROM \"_prisma_migrations\"",
+				"WHERE \"migration_name\" = ?",
+				"  AND \"finished_at\" IS NULL",
+				"  AND \"rolled_back_at\" IS NULL",
+				"LIMIT 1"
+			].join(" "),
+			args: [migrationName]
+		})).rows.length > 0;
+	}
+	async readSqliteTableColumns(client, tableName) {
+		const result = await client.execute(`PRAGMA table_info("${tableName}")`);
+		return new Set(result.rows.map((row) => String(row.name)));
+	}
+	async ensureNormalizedRuntimeRepairArtifacts(client) {
+		await client.execute(`
+      CREATE TABLE IF NOT EXISTS "RunWorkItem" (
+        "work_item_id" TEXT NOT NULL PRIMARY KEY,
+        "run_id" TEXT NOT NULL,
+        "workflow_id" TEXT NOT NULL,
+        "status" TEXT NOT NULL,
+        "target_node_id" TEXT NOT NULL,
+        "batch_id" TEXT NOT NULL,
+        "queue_name" TEXT,
+        "claim_token" TEXT,
+        "claimed_by" TEXT,
+        "claimed_at" TEXT,
+        "available_at" TEXT NOT NULL,
+        "enqueued_at" TEXT NOT NULL,
+        "completed_at" TEXT,
+        "failed_at" TEXT,
+        "source_instance_id" TEXT,
+        "parent_instance_id" TEXT,
+        "items_in" INTEGER NOT NULL,
+        "inputs_by_port_json" TEXT NOT NULL,
+        "error_json" TEXT,
+        CONSTRAINT "RunWorkItem_run_id_fkey" FOREIGN KEY ("run_id") REFERENCES "Run"("run_id") ON DELETE CASCADE ON UPDATE CASCADE
+      )
+    `);
+		await client.execute(`
+      CREATE INDEX IF NOT EXISTS "RunWorkItem_run_id_status_available_at_idx"
+      ON "RunWorkItem"("run_id", "status", "available_at")
+    `);
+		await client.execute(`
+      CREATE INDEX IF NOT EXISTS "RunWorkItem_run_id_target_node_id_batch_id_idx"
+      ON "RunWorkItem"("run_id", "target_node_id", "batch_id")
+    `);
+		await client.execute(`
+      CREATE TABLE IF NOT EXISTS "RunSlotProjection" (
+        "run_id" TEXT NOT NULL PRIMARY KEY,
+        "workflow_id" TEXT NOT NULL,
+        "revision" INTEGER NOT NULL,
+        "updated_at" TEXT NOT NULL,
+        "slot_states_json" TEXT NOT NULL,
+        CONSTRAINT "RunSlotProjection_run_id_fkey" FOREIGN KEY ("run_id") REFERENCES "Run"("run_id") ON DELETE CASCADE ON UPDATE CASCADE
+      )
+    `);
+		await client.execute(`
+      CREATE INDEX IF NOT EXISTS "RunSlotProjection_workflow_id_updated_at_idx"
+      ON "RunSlotProjection"("workflow_id", "updated_at")
+    `);
+		await client.execute(`
+      INSERT OR IGNORE INTO "RunSlotProjection" (
+        "run_id",
+        "workflow_id",
+        "revision",
+        "updated_at",
+        "slot_states_json"
+      )
+      SELECT
+        "run_id",
+        "workflow_id",
+        "revision",
+        "updated_at",
+        json_object('slotStatesByNodeId', json('{}'))
+      FROM "Run"
+    `);
+	}
+	async cleanupNormalizedRuntimeLegacyArtifacts(databaseFilePath) {
+		const { createClient } = await import("@libsql/client");
+		const client = createClient({ url: this.sqliteFilePathToDatabaseUrl(databaseFilePath) });
+		try {
+			const runColumns = await this.readSqliteTableColumns(client, "Run");
+			if (!(runColumns.has("finished_at") && runColumns.has("revision") && runColumns.has("outputs_by_node_json") && !runColumns.has("state_json"))) return;
+			const runSlotProjectionColumns = await this.readSqliteTableColumns(client, "RunSlotProjection");
+			await client.execute("DROP TABLE IF EXISTS \"Run_legacy\"");
+			if (runSlotProjectionColumns.size > 0) await client.execute("DROP TABLE IF EXISTS \"RunProjection\"");
+		} finally {
+			client.close();
+		}
+	}
+	sqliteFilePathToDatabaseUrl(databaseFilePath) {
+		return `file:${path.resolve(databaseFilePath)}`;
+	}
+	createProcessEnvironment(databaseUrl, provider, env) {
+		return {
+			...process.env,
+			...env ?? {},
+			DATABASE_URL: databaseUrl,
+			CODEMATION_PRISMA_PROVIDER: provider
+		};
+	}
+	resolvePrismaCliPath(env) {
+		const configuredPath = env.CODEMATION_PRISMA_CLI_PATH;
+		if (configuredPath && existsSync(configuredPath)) return configuredPath;
+		const packageRoot = this.resolvePackageRoot(env);
+		const packageManagerCandidates = [path.resolve(process.cwd(), "node_modules", "prisma", "build", "index.js"), path.resolve(packageRoot, "node_modules", "prisma", "build", "index.js")];
+		for (const candidate of packageManagerCandidates) if (existsSync(candidate)) return candidate;
+		try {
+			return this.require.resolve("prisma/build/index.js", { paths: [process.cwd(), packageRoot] });
+		} catch {
+			throw new Error("Unable to resolve the Prisma CLI required for startup migrations. Ensure `prisma` is installed.");
+		}
+	}
+	resolveAbsolutePrismaConfigPath(env) {
+		const configuredPath = env.CODEMATION_PRISMA_CONFIG_PATH;
+		const packageRoot = this.resolvePackageRoot(env);
+		if (configuredPath) return path.isAbsolute(configuredPath) ? configuredPath : path.resolve(packageRoot, configuredPath);
+		return path.resolve(packageRoot, "prisma.config.ts");
+	}
+	async ensureSqliteParentDirectoryExists(databaseFilePath) {
+		await mkdir(path.dirname(databaseFilePath), { recursive: true });
+	}
+	createDeployError(exitCode, stdout, stderr) {
+		const output = stderr.trim() || stdout.trim();
+		if (!output) return /* @__PURE__ */ new Error(`Prisma migrate deploy failed during startup with exit code ${exitCode ?? "unknown"}.`);
+		return /* @__PURE__ */ new Error(`Prisma migrate deploy failed during startup with exit code ${exitCode ?? "unknown"}.\n${output}`);
+	}
+};
+//#endregion
+export { PrismaMigrationOperations };
+//# sourceMappingURL=PrismaMigrationOperations.js.map

package/dist/infrastructure/persistence/PrismaMigrationOperations.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"PrismaMigrationOperations.js","names":[],"sources":["../../../src/infrastructure/persistence/PrismaMigrationOperations.ts"],"sourcesContent":["import type { Client } from \"@libsql/client\";\nimport { spawn } from \"node:child_process\";\nimport { existsSync } from \"node:fs\";\nimport { mkdir } from \"node:fs/promises\";\nimport { createRequire } from \"node:module\";\nimport path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport type { AppPersistenceConfig } from \"../../presentation/config/AppConfig\";\n\n/**\n * Contains all runtime logic for deploying Prisma migrations.\n * This class is loaded lazily via `await import(...)` from PrismaMigrationDeployer\n * so that the dynamic fs/path/createRequire operations never appear in the\n * static module graph visible to the Turbopack / Next.js NFT tracer.\n */\nexport class PrismaMigrationOperations {\n private static readonly normalizedRuntimeMigrationName = \"20260407140000_run_normalized_persistence\";\n private readonly require = createRequire(import.meta.url);\n\n async deployPersistence(persistence: AppPersistenceConfig, env?: Readonly<NodeJS.ProcessEnv>): Promise<void> {\n if (persistence.kind === \"none\") {\n return;\n }\n if (persistence.kind === \"postgresql\") {\n await this.deployPostgres({ databaseUrl: persistence.databaseUrl, env });\n return;\n }\n await this.deploySqlite({ databaseFilePath: persistence.databaseFilePath, env });\n }\n\n async deploy(args: Readonly<{ databaseUrl: string; env?: Readonly<NodeJS.ProcessEnv> }>): Promise<void> {\n await this.deployPostgres(args);\n }\n\n resolvePackageRoot(env: Readonly<NodeJS.ProcessEnv> = process.env): string {\n const configuredRoot = env.CODEMATION_HOST_PACKAGE_ROOT;\n if (configuredRoot) {\n return configuredRoot;\n }\n let currentDirectory = path.dirname(fileURLToPath(import.meta.url));\n for (let depth = 0; depth < 8; depth += 1) {\n if (existsSync(path.join(currentDirectory, \"prisma\", \"schema.postgresql.prisma\"))) {\n return currentDirectory;\n }\n const parentDirectory = path.dirname(currentDirectory);\n if (parentDirectory === currentDirectory) {\n break;\n }\n currentDirectory = parentDirectory;\n }\n throw new Error(`Could not locate prisma/schema.postgresql.prisma near ${fileURLToPath(import.meta.url)}.`);\n }\n\n private async deploySqlite(\n args: Readonly<{ databaseFilePath: string; env?: Readonly<NodeJS.ProcessEnv> }>,\n ): Promise<void> {\n await this.ensureSqliteParentDirectoryExists(args.databaseFilePath);\n const databaseUrl = this.sqliteFilePathToDatabaseUrl(args.databaseFilePath);\n try {\n await this.deployWithProvider({\n provider: \"sqlite\",\n databaseUrl,\n env: args.env,\n });\n } catch (error) {\n const recovered = await this.tryRecoverPartiallyAppliedNormalizedRuntimeMigration({\n databaseFilePath: args.databaseFilePath,\n databaseUrl,\n env: args.env,\n error,\n });\n if (!recovered) {\n throw error;\n }\n }\n await this.cleanupNormalizedRuntimeLegacyArtifacts(args.databaseFilePath);\n }\n\n private async deployPostgres(\n args: Readonly<{ databaseUrl: string; env?: Readonly<NodeJS.ProcessEnv> }>,\n ): Promise<void> {\n await this.deployWithProvider({\n provider: \"postgresql\",\n databaseUrl: args.databaseUrl,\n env: args.env,\n });\n }\n\n private async deployWithProvider(\n args: Readonly<{\n provider: \"postgresql\" | \"sqlite\";\n databaseUrl: string;\n env?: Readonly<NodeJS.ProcessEnv>;\n }>,\n ): Promise<void> {\n await this.runPrismaCommand({\n prismaArgs: [\"migrate\", \"deploy\"],\n provider: args.provider,\n databaseUrl: args.databaseUrl,\n env: args.env,\n });\n }\n\n private async resolveAppliedMigration(\n args: Readonly<{\n provider: \"postgresql\" | \"sqlite\";\n databaseUrl: string;\n migrationName: string;\n env?: Readonly<NodeJS.ProcessEnv>;\n }>,\n ): Promise<void> {\n await this.runPrismaCommand({\n prismaArgs: [\"migrate\", \"resolve\", \"--applied\", args.migrationName],\n provider: args.provider,\n databaseUrl: args.databaseUrl,\n env: args.env,\n });\n }\n\n private async runPrismaCommand(\n args: Readonly<{\n prismaArgs: string[];\n provider: \"postgresql\" | \"sqlite\";\n databaseUrl: string;\n env?: Readonly<NodeJS.ProcessEnv>;\n }>,\n ): Promise<void> {\n const resolverEnv = { ...process.env, ...(args.env ?? {}) };\n const prismaConfigPath = this.resolveAbsolutePrismaConfigPath(resolverEnv);\n await new Promise<void>((resolve, reject) => {\n const command = spawn(\n process.execPath,\n [...[this.resolvePrismaCliPath(resolverEnv), ...args.prismaArgs], \"--config\", path.basename(prismaConfigPath)],\n {\n cwd: path.dirname(prismaConfigPath),\n env: this.createProcessEnvironment(args.databaseUrl, args.provider, args.env),\n stdio: [\"ignore\", \"pipe\", \"pipe\"],\n },\n );\n let stdout = \"\";\n let stderr = \"\";\n command.stdout.on(\"data\", (chunk: Buffer | string) => {\n stdout += chunk.toString();\n });\n command.stderr.on(\"data\", (chunk: Buffer | string) => {\n stderr += chunk.toString();\n });\n command.once(\"error\", (error) => {\n reject(error);\n });\n command.once(\"close\", (exitCode) => {\n if (exitCode === 0) {\n resolve();\n return;\n }\n reject(this.createDeployError(exitCode, stdout, stderr));\n });\n });\n }\n\n private async tryRecoverPartiallyAppliedNormalizedRuntimeMigration(\n args: Readonly<{\n databaseFilePath: string;\n databaseUrl: string;\n env?: Readonly<NodeJS.ProcessEnv>;\n error: unknown;\n }>,\n ): Promise<boolean> {\n if (!this.isRecoverableNormalizedRuntimeMigrationError(args.error)) {\n return false;\n }\n const repaired = await this.repairPartiallyAppliedNormalizedRuntimeSqliteDatabase(args.databaseFilePath);\n if (!repaired) {\n return false;\n }\n await this.resolveAppliedMigration({\n provider: \"sqlite\",\n databaseUrl: args.databaseUrl,\n migrationName: PrismaMigrationOperations.normalizedRuntimeMigrationName,\n env: args.env,\n });\n await this.deployWithProvider({\n provider: \"sqlite\",\n databaseUrl: args.databaseUrl,\n env: args.env,\n });\n return true;\n }\n\n private isRecoverableNormalizedRuntimeMigrationError(error: unknown): boolean {\n if (!(error instanceof Error)) {\n return false;\n }\n return (\n error.message.includes(\"Error: P3009\") &&\n error.message.includes(PrismaMigrationOperations.normalizedRuntimeMigrationName)\n );\n }\n\n private async repairPartiallyAppliedNormalizedRuntimeSqliteDatabase(databaseFilePath: string): Promise<boolean> {\n // Lazy import: @libsql/client pulls in platform-specific native bindings that confuse the\n // Next.js / Turbopack module tracer (forcing the whole project to be traced via NFT). This\n // recovery path is rarely needed, so defer the load until it's actually invoked.\n const { createClient } = await import(\"@libsql/client\");\n const client = createClient({ url: this.sqliteFilePathToDatabaseUrl(databaseFilePath) });\n try {\n const failedMigration = await this.hasActiveFailedMigrationRecord(\n client,\n PrismaMigrationOperations.normalizedRuntimeMigrationName,\n );\n if (!failedMigration) {\n return false;\n }\n const runColumns = await this.readSqliteTableColumns(client, \"Run\");\n const hasNormalizedRunShape =\n runColumns.has(\"finished_at\") &&\n runColumns.has(\"revision\") &&\n runColumns.has(\"outputs_by_node_json\") &&\n !runColumns.has(\"state_json\");\n if (!hasNormalizedRunShape) {\n return false;\n }\n await this.ensureNormalizedRuntimeRepairArtifacts(client);\n return true;\n } finally {\n client.close();\n }\n }\n\n private async hasActiveFailedMigrationRecord(client: Client, migrationName: string): Promise<boolean> {\n const result = await client.execute({\n sql: [\n 'SELECT 1 AS \"has_failed\"',\n 'FROM \"_prisma_migrations\"',\n 'WHERE \"migration_name\" = ?',\n ' AND \"finished_at\" IS NULL',\n ' AND \"rolled_back_at\" IS NULL',\n \"LIMIT 1\",\n ].join(\" \"),\n args: [migrationName],\n });\n return result.rows.length > 0;\n }\n\n private async readSqliteTableColumns(client: Client, tableName: string): Promise<Set<string>> {\n const result = await client.execute(`PRAGMA table_info(\"${tableName}\")`);\n return new Set(result.rows.map((row) => String(row.name)));\n }\n\n private async ensureNormalizedRuntimeRepairArtifacts(client: Client): Promise<void> {\n await client.execute(`\n CREATE TABLE IF NOT EXISTS \"RunWorkItem\" (\n \"work_item_id\" TEXT NOT NULL PRIMARY KEY,\n \"run_id\" TEXT NOT NULL,\n \"workflow_id\" TEXT NOT NULL,\n \"status\" TEXT NOT NULL,\n \"target_node_id\" TEXT NOT NULL,\n \"batch_id\" TEXT NOT NULL,\n \"queue_name\" TEXT,\n \"claim_token\" TEXT,\n \"claimed_by\" TEXT,\n \"claimed_at\" TEXT,\n \"available_at\" TEXT NOT NULL,\n \"enqueued_at\" TEXT NOT NULL,\n \"completed_at\" TEXT,\n \"failed_at\" TEXT,\n \"source_instance_id\" TEXT,\n \"parent_instance_id\" TEXT,\n \"items_in\" INTEGER NOT NULL,\n \"inputs_by_port_json\" TEXT NOT NULL,\n \"error_json\" TEXT,\n CONSTRAINT \"RunWorkItem_run_id_fkey\" FOREIGN KEY (\"run_id\") REFERENCES \"Run\"(\"run_id\") ON DELETE CASCADE ON UPDATE CASCADE\n )\n `);\n await client.execute(`\n CREATE INDEX IF NOT EXISTS \"RunWorkItem_run_id_status_available_at_idx\"\n ON \"RunWorkItem\"(\"run_id\", \"status\", \"available_at\")\n `);\n await client.execute(`\n CREATE INDEX IF NOT EXISTS \"RunWorkItem_run_id_target_node_id_batch_id_idx\"\n ON \"RunWorkItem\"(\"run_id\", \"target_node_id\", \"batch_id\")\n `);\n await client.execute(`\n CREATE TABLE IF NOT EXISTS \"RunSlotProjection\" (\n \"run_id\" TEXT NOT NULL PRIMARY KEY,\n \"workflow_id\" TEXT NOT NULL,\n \"revision\" INTEGER NOT NULL,\n \"updated_at\" TEXT NOT NULL,\n \"slot_states_json\" TEXT NOT NULL,\n CONSTRAINT \"RunSlotProjection_run_id_fkey\" FOREIGN KEY (\"run_id\") REFERENCES \"Run\"(\"run_id\") ON DELETE CASCADE ON UPDATE CASCADE\n )\n `);\n await client.execute(`\n CREATE INDEX IF NOT EXISTS \"RunSlotProjection_workflow_id_updated_at_idx\"\n ON \"RunSlotProjection\"(\"workflow_id\", \"updated_at\")\n `);\n await client.execute(`\n INSERT OR IGNORE INTO \"RunSlotProjection\" (\n \"run_id\",\n \"workflow_id\",\n \"revision\",\n \"updated_at\",\n \"slot_states_json\"\n )\n SELECT\n \"run_id\",\n \"workflow_id\",\n \"revision\",\n \"updated_at\",\n json_object('slotStatesByNodeId', json('{}'))\n FROM \"Run\"\n `);\n }\n\n private async cleanupNormalizedRuntimeLegacyArtifacts(databaseFilePath: string): Promise<void> {\n const { createClient } = await import(\"@libsql/client\");\n const client = createClient({ url: this.sqliteFilePathToDatabaseUrl(databaseFilePath) });\n try {\n const runColumns = await this.readSqliteTableColumns(client, \"Run\");\n const hasNormalizedRunShape =\n runColumns.has(\"finished_at\") &&\n runColumns.has(\"revision\") &&\n runColumns.has(\"outputs_by_node_json\") &&\n !runColumns.has(\"state_json\");\n if (!hasNormalizedRunShape) {\n return;\n }\n const runSlotProjectionColumns = await this.readSqliteTableColumns(client, \"RunSlotProjection\");\n await client.execute('DROP TABLE IF EXISTS \"Run_legacy\"');\n if (runSlotProjectionColumns.size > 0) {\n await client.execute('DROP TABLE IF EXISTS \"RunProjection\"');\n }\n } finally {\n client.close();\n }\n }\n\n private sqliteFilePathToDatabaseUrl(databaseFilePath: string): string {\n return `file:${path.resolve(databaseFilePath)}`;\n }\n\n private createProcessEnvironment(\n databaseUrl: string,\n provider: \"postgresql\" | \"sqlite\",\n env?: Readonly<NodeJS.ProcessEnv>,\n ): NodeJS.ProcessEnv {\n return {\n ...process.env,\n ...(env ?? {}),\n DATABASE_URL: databaseUrl,\n CODEMATION_PRISMA_PROVIDER: provider,\n };\n }\n\n private resolvePrismaCliPath(env: Readonly<NodeJS.ProcessEnv>): string {\n const configuredPath = env.CODEMATION_PRISMA_CLI_PATH;\n if (configuredPath && existsSync(configuredPath)) {\n return configuredPath;\n }\n const packageRoot = this.resolvePackageRoot(env);\n const packageManagerCandidates = [\n path.resolve(process.cwd(), \"node_modules\", \"prisma\", \"build\", \"index.js\"),\n path.resolve(packageRoot, \"node_modules\", \"prisma\", \"build\", \"index.js\"),\n ];\n for (const candidate of packageManagerCandidates) {\n if (existsSync(candidate)) {\n return candidate;\n }\n }\n try {\n return this.require.resolve(\"prisma/build/index.js\", {\n paths: [process.cwd(), packageRoot],\n });\n } catch {\n throw new Error(\n \"Unable to resolve the Prisma CLI required for startup migrations. Ensure `prisma` is installed.\",\n );\n }\n }\n\n private resolveAbsolutePrismaConfigPath(env: Readonly<NodeJS.ProcessEnv>): string {\n const configuredPath = env.CODEMATION_PRISMA_CONFIG_PATH;\n const packageRoot = this.resolvePackageRoot(env);\n if (configuredPath) {\n return path.isAbsolute(configuredPath) ? configuredPath : path.resolve(packageRoot, configuredPath);\n }\n return path.resolve(packageRoot, \"prisma.config.ts\");\n }\n\n private async ensureSqliteParentDirectoryExists(databaseFilePath: string): Promise<void> {\n await mkdir(path.dirname(databaseFilePath), { recursive: true });\n }\n\n private createDeployError(exitCode: number | null, stdout: string, stderr: string): Error {\n const output = stderr.trim() || stdout.trim();\n if (!output) {\n return new Error(`Prisma migrate deploy failed during startup with exit code ${exitCode ?? \"unknown\"}.`);\n }\n return new Error(`Prisma migrate deploy failed during startup with exit code ${exitCode ?? \"unknown\"}.\\n${output}`);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAeA,IAAa,4BAAb,MAAa,0BAA0B;CACrC,OAAwB,iCAAiC;CACzD,AAAiB,UAAU,cAAc,OAAO,KAAK,IAAI;CAEzD,MAAM,kBAAkB,aAAmC,KAAkD;AAC3G,MAAI,YAAY,SAAS,OACvB;AAEF,MAAI,YAAY,SAAS,cAAc;AACrC,SAAM,KAAK,eAAe;IAAE,aAAa,YAAY;IAAa;IAAK,CAAC;AACxE;;AAEF,QAAM,KAAK,aAAa;GAAE,kBAAkB,YAAY;GAAkB;GAAK,CAAC;;CAGlF,MAAM,OAAO,MAA2F;AACtG,QAAM,KAAK,eAAe,KAAK;;CAGjC,mBAAmB,MAAmC,QAAQ,KAAa;EACzE,MAAM,iBAAiB,IAAI;AAC3B,MAAI,eACF,QAAO;EAET,IAAI,mBAAmB,KAAK,QAAQ,cAAc,OAAO,KAAK,IAAI,CAAC;AACnE,OAAK,IAAI,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG;AACzC,OAAI,WAAW,KAAK,KAAK,kBAAkB,UAAU,2BAA2B,CAAC,CAC/E,QAAO;GAET,MAAM,kBAAkB,KAAK,QAAQ,iBAAiB;AACtD,OAAI,oBAAoB,iBACtB;AAEF,sBAAmB;;AAErB,QAAM,IAAI,MAAM,yDAAyD,cAAc,OAAO,KAAK,IAAI,CAAC,GAAG;;CAG7G,MAAc,aACZ,MACe;AACf,QAAM,KAAK,kCAAkC,KAAK,iBAAiB;EACnE,MAAM,cAAc,KAAK,4BAA4B,KAAK,iBAAiB;AAC3E,MAAI;AACF,SAAM,KAAK,mBAAmB;IAC5B,UAAU;IACV;IACA,KAAK,KAAK;IACX,CAAC;WACK,OAAO;AAOd,OAAI,CANc,MAAM,KAAK,qDAAqD;IAChF,kBAAkB,KAAK;IACvB;IACA,KAAK,KAAK;IACV;IACD,CAAC,CAEA,OAAM;;AAGV,QAAM,KAAK,wCAAwC,KAAK,iBAAiB;;CAG3E,MAAc,eACZ,MACe;AACf,QAAM,KAAK,mBAAmB;GAC5B,UAAU;GACV,aAAa,KAAK;GAClB,KAAK,KAAK;GACX,CAAC;;CAGJ,MAAc,mBACZ,MAKe;AACf,QAAM,KAAK,iBAAiB;GAC1B,YAAY,CAAC,WAAW,SAAS;GACjC,UAAU,KAAK;GACf,aAAa,KAAK;GAClB,KAAK,KAAK;GACX,CAAC;;CAGJ,MAAc,wBACZ,MAMe;AACf,QAAM,KAAK,iBAAiB;GAC1B,YAAY;IAAC;IAAW;IAAW;IAAa,KAAK;IAAc;GACnE,UAAU,KAAK;GACf,aAAa,KAAK;GAClB,KAAK,KAAK;GACX,CAAC;;CAGJ,MAAc,iBACZ,MAMe;EACf,MAAM,cAAc;GAAE,GAAG,QAAQ;GAAK,GAAI,KAAK,OAAO,EAAE;GAAG;EAC3D,MAAM,mBAAmB,KAAK,gCAAgC,YAAY;AAC1E,QAAM,IAAI,SAAe,SAAS,WAAW;GAC3C,MAAM,UAAU,MACd,QAAQ,UACR;IAAC,GAAG,CAAC,KAAK,qBAAqB,YAAY,EAAE,GAAG,KAAK,WAAW;IAAE;IAAY,KAAK,SAAS,iBAAiB;IAAC,EAC9G;IACE,KAAK,KAAK,QAAQ,iBAAiB;IACnC,KAAK,KAAK,yBAAyB,KAAK,aAAa,KAAK,UAAU,KAAK,IAAI;IAC7E,OAAO;KAAC;KAAU;KAAQ;KAAO;IAClC,CACF;GACD,IAAI,SAAS;GACb,IAAI,SAAS;AACb,WAAQ,OAAO,GAAG,SAAS,UAA2B;AACpD,cAAU,MAAM,UAAU;KAC1B;AACF,WAAQ,OAAO,GAAG,SAAS,UAA2B;AACpD,cAAU,MAAM,UAAU;KAC1B;AACF,WAAQ,KAAK,UAAU,UAAU;AAC/B,WAAO,MAAM;KACb;AACF,WAAQ,KAAK,UAAU,aAAa;AAClC,QAAI,aAAa,GAAG;AAClB,cAAS;AACT;;AAEF,WAAO,KAAK,kBAAkB,UAAU,QAAQ,OAAO,CAAC;KACxD;IACF;;CAGJ,MAAc,qDACZ,MAMkB;AAClB,MAAI,CAAC,KAAK,6CAA6C,KAAK,MAAM,CAChE,QAAO;AAGT,MAAI,CADa,MAAM,KAAK,sDAAsD,KAAK,iBAAiB,CAEtG,QAAO;AAET,QAAM,KAAK,wBAAwB;GACjC,UAAU;GACV,aAAa,KAAK;GAClB,eAAe,0BAA0B;GACzC,KAAK,KAAK;GACX,CAAC;AACF,QAAM,KAAK,mBAAmB;GAC5B,UAAU;GACV,aAAa,KAAK;GAClB,KAAK,KAAK;GACX,CAAC;AACF,SAAO;;CAGT,AAAQ,6CAA6C,OAAyB;AAC5E,MAAI,EAAE,iBAAiB,OACrB,QAAO;AAET,SACE,MAAM,QAAQ,SAAS,eAAe,IACtC,MAAM,QAAQ,SAAS,0BAA0B,+BAA+B;;CAIpF,MAAc,sDAAsD,kBAA4C;EAI9G,MAAM,EAAE,iBAAiB,MAAM,OAAO;EACtC,MAAM,SAAS,aAAa,EAAE,KAAK,KAAK,4BAA4B,iBAAiB,EAAE,CAAC;AACxF,MAAI;AAKF,OAAI,CAJoB,MAAM,KAAK,+BACjC,QACA,0BAA0B,+BAC3B,CAEC,QAAO;GAET,MAAM,aAAa,MAAM,KAAK,uBAAuB,QAAQ,MAAM;AAMnE,OAAI,EAJF,WAAW,IAAI,cAAc,IAC7B,WAAW,IAAI,WAAW,IAC1B,WAAW,IAAI,uBAAuB,IACtC,CAAC,WAAW,IAAI,aAAa,EAE7B,QAAO;AAET,SAAM,KAAK,uCAAuC,OAAO;AACzD,UAAO;YACC;AACR,UAAO,OAAO;;;CAIlB,MAAc,+BAA+B,QAAgB,eAAyC;AAYpG,UAXe,MAAM,OAAO,QAAQ;GAClC,KAAK;IACH;IACA;IACA;IACA;IACA;IACA;IACD,CAAC,KAAK,IAAI;GACX,MAAM,CAAC,cAAc;GACtB,CAAC,EACY,KAAK,SAAS;;CAG9B,MAAc,uBAAuB,QAAgB,WAAyC;EAC5F,MAAM,SAAS,MAAM,OAAO,QAAQ,sBAAsB,UAAU,IAAI;AACxE,SAAO,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,OAAO,IAAI,KAAK,CAAC,CAAC;;CAG5D,MAAc,uCAAuC,QAA+B;AAClF,QAAM,OAAO,QAAQ;;;;;;;;;;;;;;;;;;;;;;;MAuBnB;AACF,QAAM,OAAO,QAAQ;;;MAGnB;AACF,QAAM,OAAO,QAAQ;;;MAGnB;AACF,QAAM,OAAO,QAAQ;;;;;;;;;MASnB;AACF,QAAM,OAAO,QAAQ;;;MAGnB;AACF,QAAM,OAAO,QAAQ;;;;;;;;;;;;;;;MAenB;;CAGJ,MAAc,wCAAwC,kBAAyC;EAC7F,MAAM,EAAE,iBAAiB,MAAM,OAAO;EACtC,MAAM,SAAS,aAAa,EAAE,KAAK,KAAK,4BAA4B,iBAAiB,EAAE,CAAC;AACxF,MAAI;GACF,MAAM,aAAa,MAAM,KAAK,uBAAuB,QAAQ,MAAM;AAMnE,OAAI,EAJF,WAAW,IAAI,cAAc,IAC7B,WAAW,IAAI,WAAW,IAC1B,WAAW,IAAI,uBAAuB,IACtC,CAAC,WAAW,IAAI,aAAa,EAE7B;GAEF,MAAM,2BAA2B,MAAM,KAAK,uBAAuB,QAAQ,oBAAoB;AAC/F,SAAM,OAAO,QAAQ,sCAAoC;AACzD,OAAI,yBAAyB,OAAO,EAClC,OAAM,OAAO,QAAQ,yCAAuC;YAEtD;AACR,UAAO,OAAO;;;CAIlB,AAAQ,4BAA4B,kBAAkC;AACpE,SAAO,QAAQ,KAAK,QAAQ,iBAAiB;;CAG/C,AAAQ,yBACN,aACA,UACA,KACmB;AACnB,SAAO;GACL,GAAG,QAAQ;GACX,GAAI,OAAO,EAAE;GACb,cAAc;GACd,4BAA4B;GAC7B;;CAGH,AAAQ,qBAAqB,KAA0C;EACrE,MAAM,iBAAiB,IAAI;AAC3B,MAAI,kBAAkB,WAAW,eAAe,CAC9C,QAAO;EAET,MAAM,cAAc,KAAK,mBAAmB,IAAI;EAChD,MAAM,2BAA2B,CAC/B,KAAK,QAAQ,QAAQ,KAAK,EAAE,gBAAgB,UAAU,SAAS,WAAW,EAC1E,KAAK,QAAQ,aAAa,gBAAgB,UAAU,SAAS,WAAW,CACzE;AACD,OAAK,MAAM,aAAa,yBACtB,KAAI,WAAW,UAAU,CACvB,QAAO;AAGX,MAAI;AACF,UAAO,KAAK,QAAQ,QAAQ,yBAAyB,EACnD,OAAO,CAAC,QAAQ,KAAK,EAAE,YAAY,EACpC,CAAC;UACI;AACN,SAAM,IAAI,MACR,kGACD;;;CAIL,AAAQ,gCAAgC,KAA0C;EAChF,MAAM,iBAAiB,IAAI;EAC3B,MAAM,cAAc,KAAK,mBAAmB,IAAI;AAChD,MAAI,eACF,QAAO,KAAK,WAAW,eAAe,GAAG,iBAAiB,KAAK,QAAQ,aAAa,eAAe;AAErG,SAAO,KAAK,QAAQ,aAAa,mBAAmB;;CAGtD,MAAc,kCAAkC,kBAAyC;AACvF,QAAM,MAAM,KAAK,QAAQ,iBAAiB,EAAE,EAAE,WAAW,MAAM,CAAC;;CAGlE,AAAQ,kBAAkB,UAAyB,QAAgB,QAAuB;EACxF,MAAM,SAAS,OAAO,MAAM,IAAI,OAAO,MAAM;AAC7C,MAAI,CAAC,OACH,wBAAO,IAAI,MAAM,8DAA8D,YAAY,UAAU,GAAG;AAE1G,yBAAO,IAAI,MAAM,8DAA8D,YAAY,UAAU,KAAK,SAAS"}

package/dist/mapping.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-import "./ItemsInputNormalizer-_RwIfRIQ.js";
-import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-6MyjCvBO.js";
+import "./ItemsInputNormalizer-CFkfNMLt.js";
+import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-BNn2fvR_.js";
 export { WorkflowPolicyUiPresentationFactory };

package/dist/mapping.js CHANGED Viewed

@@ -1,3 +1,3 @@
-import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-Bb-ae_Zh.js";
+import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-DfvD2VHk.js";
 export { WorkflowPolicyUiPresentationFactory };

package/dist/nextServer.d.ts CHANGED Viewed

@@ -1,20 +1,21 @@
-import { n as RunIntentService, t as OAuthFlowExecutor } from "./index-DilAYwnH.js";
-import { D as WebhookInvocationMatch, F as ActivationIdFactory, I as BinaryAttachment, L as Item, X as WorkflowDefinition, o as BinaryStorage, q as RunIdFactory, w as WorkflowActivationPolicy } from "./ItemsInputNormalizer-_RwIfRIQ.js";
-import { r as AppConfig } from "./CodemationAppContext-CGFYVcSb.js";
+import { n as OAuthFlowExecutor, r as RunIntentService } from "./index-ChIfeWzk.js";
+import { A as WorkflowDefinition, D as RunIdFactory, St as WebhookInvocationMatch, _ as Item, a as BinaryStorage, g as BinaryAttachment, h as ActivationIdFactory, tt as WorkflowActivationPolicy } from "./ItemsInputNormalizer-CFkfNMLt.js";
+import { r as AppConfig } from "./CodemationAppContext-K51b7oXe.js";
 import { l as Logger, u as LoggerFactory } from "./CodemationWhitelabelConfig-Ca2mCUeC.js";
 import { n as logLevelPolicyFactory, t as LogLevelPolicyFactory } from "./LogLevelPolicyFactory-ewCHLDLn.js";
 import { a as CodemationFrontendAuthSnapshot, i as CodemationFrontendAuthProviderSnapshot, n as InternalAuthBootstrap, r as FrontendAppConfig, t as PublicFrontendBootstrap } from "./PublicFrontendBootstrap-Cev3qK46.js";
-import "./CodemationConfigNormalizer-48f-T66P.js";
-import { a as CredentialSecretCipher, i as CredentialInstanceService, o as McpServerCatalog, r as CredentialBindingService, t as CredentialStore } from "./CredentialServices-BLloBztI.js";
-import "./CredentialContractsRegistry-Bq2bq28t.js";
-import "./TelemetryContracts-BtDx84Cp.js";
+import "./CodemationConfigNormalizer-B4rDYC9h.js";
+import { a as CredentialSecretCipher, i as CredentialInstanceService, o as McpServerCatalog, r as CredentialBindingService, t as CredentialStore } from "./CredentialServices-B3wPyp2y.js";
+import "./CredentialContractsRegistry-Dgu-rEXi.js";
+import "./TelemetryContracts-DpZEODQM.js";
 import { i as WorkflowSummary, t as WorkflowDto } from "./WorkflowViewContracts-B7aFQcIw.js";
-import { S as CommandBus, _ as AppContainerLifecycle, a as CodemationHonoApiApp, b as QueryBus, c as SessionVerifier, d as WorkflowRunRetentionPruneScheduler, f as ServerLoggerFactory, g as DatabaseMigrations, i as WorkflowDebuggerOverlayRepository, l as WorkerRuntime, m as WorkflowRunRepository, n as CodemationBootstrapRequest, o as BinaryHttpRouteHandler, p as LogFilter, r as ApplicationTokens, s as ServerHttpRouteParams, t as CodemationPluginListMerger, u as FrontendRuntime, v as AppContainerFactory, y as WorkflowWebsocketServer } from "./CodemationPluginListMerger-DP7djJ9S.js";
-import { t as AppConfigFactory } from "./AppConfigFactory-BT0y0LVC.js";
-import "./InternalHonoApiRouteRegistrar-c7t3KnV_.js";
-import { n as InternalAuthBootstrapFactory, r as FrontendAppConfigFactory, t as PublicFrontendBootstrapFactory } from "./PublicFrontendBootstrapFactory-Dv04tJ-6.js";
-import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-6MyjCvBO.js";
-import { t as PairingConfig } from "./pairing.types-snfZ_OzB.js";
+import { S as CommandBus, _ as AppContainerLifecycle, a as CodemationHonoApiApp, b as QueryBus, c as SessionVerifier, d as WorkflowRunRetentionPruneScheduler, f as ServerLoggerFactory, g as DatabaseMigrations, i as WorkflowDebuggerOverlayRepository, l as WorkerRuntime, m as WorkflowRunRepository, n as CodemationBootstrapRequest, o as BinaryHttpRouteHandler, p as LogFilter, r as ApplicationTokens, s as ServerHttpRouteParams, t as CodemationPluginListMerger, u as FrontendRuntime, v as AppContainerFactory, y as WorkflowWebsocketServer } from "./CodemationPluginListMerger-DS6I3Xe0.js";
+import { t as AppConfigFactory } from "./AppConfigFactory-DncmwCD1.js";
+import "./PrismaMigrationDeployer-DdEcXXVi.js";
+import "./InternalHonoApiRouteRegistrar-Ce1yxpnO.js";
+import { n as InternalAuthBootstrapFactory, r as FrontendAppConfigFactory, t as PublicFrontendBootstrapFactory } from "./PublicFrontendBootstrapFactory-ClEjZP74.js";
+import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-BNn2fvR_.js";
+import { t as PairingConfig } from "./pairing.types-D9Bjn98U.js";
 //#region src/application/dev/DevBootstrapSummaryJson.types.d.ts
 type DevBootstrapSummaryJson = Readonly<{
@@ -141,6 +142,7 @@ declare class CredentialHttpRouteHandler {
   getCredentialTypes(): Promise<Response>;
   getCredentialFieldEnvStatus(): Promise<Response>;
   getCredentialInstances(): Promise<Response>;
+  getCredentialApps(): Promise<Response>;
   getCredentialInstance(request: Request, params: ServerHttpRouteParams): Promise<Response>;
   postCredentialInstance(request: Request): Promise<Response>;
   putCredentialInstance(request: Request, params: ServerHttpRouteParams): Promise<Response>;

package/dist/nextServer.js CHANGED Viewed

@@ -1,14 +1,14 @@
 import { n as logLevelPolicyFactory, t as LogLevelPolicyFactory } from "./LogLevelPolicyFactory-DCUzIN6G.js";
-import "./ApiPaths-Dv1dcHu_.js";
+import "./ApiPaths-DCvrlIjg.js";
 import { a as FilteringLogger, i as PerformanceLogPolicy, n as PerformanceLogPolicyFactory, r as performanceLogPolicyFactory, t as ServerLoggerFactory } from "./ServerLoggerFactory-Ckk52S3w.js";
 import "./decorateParam-BWxkAUSj.js";
 import "./decorate-CXWmflG_.js";
-import { a as CredentialInstanceService, i as CredentialBindingService, m as ApplicationTokens } from "./CredentialServices-Dk8yypeL.js";
+import { a as CredentialInstanceService, i as CredentialBindingService, m as ApplicationTokens } from "./CredentialServices-Bios0dM8.js";
 import "./CodemationTsyringeTypeInfoRegistrar-Bj6FJYFz.js";
-import { A as WorkflowDefinitionMapper, C as CodemationHonoApiApp, D as FrontendAppConfigFactory, E as InternalAuthBootstrapFactory, P as RunBinaryAttachmentLookupService, S as CredentialHttpRouteHandler, T as PublicFrontendBootstrapFactory, _ as WorkflowHttpRouteHandler, b as RunHttpRouteHandler, d as FrontendRuntime, h as WorkflowRunRetentionPruneScheduler, k as WorkflowWebsocketServer, m as AppContainerLifecycle, p as DatabaseMigrations, t as AppContainerFactory, u as WorkerRuntime, v as WebhookHttpRouteHandler, w as BinaryHttpRouteHandler, x as OAuth2HttpRouteHandler, y as RequestToWebhookItemMapper } from "./AppContainerFactory-DRTjG7nG.js";
-import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-Bb-ae_Zh.js";
-import "./InternalPingRegistrar-DY3kSfxP.js";
-import { t as AppConfigFactory } from "./AppConfigFactory-Cx4qQvRk.js";
+import { A as WorkflowDefinitionMapper, C as CodemationHonoApiApp, D as FrontendAppConfigFactory, E as InternalAuthBootstrapFactory, P as RunBinaryAttachmentLookupService, S as CredentialHttpRouteHandler, T as PublicFrontendBootstrapFactory, _ as WorkflowHttpRouteHandler, b as RunHttpRouteHandler, d as FrontendRuntime, h as WorkflowRunRetentionPruneScheduler, k as WorkflowWebsocketServer, m as AppContainerLifecycle, p as DatabaseMigrations, t as AppContainerFactory, u as WorkerRuntime, v as WebhookHttpRouteHandler, w as BinaryHttpRouteHandler, x as OAuth2HttpRouteHandler, y as RequestToWebhookItemMapper } from "./AppContainerFactory-CHCXP2rn.js";
+import "./InternalPingRegistrar-BavAAnvk.js";
+import { t as WorkflowPolicyUiPresentationFactory } from "./WorkflowPolicyUiPresentationFactory-DfvD2VHk.js";
+import { t as AppConfigFactory } from "./AppConfigFactory-D4LL1aOR.js";
 import { n as CodemationBootstrapRequest, t as CodemationPluginListMerger } from "./CodemationPluginListMerger-D1B1IEbt.js";
 export { AppConfigFactory, AppContainerFactory, AppContainerLifecycle, ApplicationTokens, BinaryHttpRouteHandler, CodemationBootstrapRequest, CodemationHonoApiApp, CodemationPluginListMerger, CredentialBindingService, CredentialHttpRouteHandler, CredentialInstanceService, DatabaseMigrations, FilteringLogger, FrontendAppConfigFactory, FrontendRuntime, InternalAuthBootstrapFactory, LogLevelPolicyFactory, OAuth2HttpRouteHandler, PerformanceLogPolicy, PerformanceLogPolicyFactory, PublicFrontendBootstrapFactory, RequestToWebhookItemMapper, RunBinaryAttachmentLookupService, RunHttpRouteHandler, ServerLoggerFactory, WebhookHttpRouteHandler, WorkerRuntime, WorkflowDefinitionMapper, WorkflowHttpRouteHandler, WorkflowPolicyUiPresentationFactory, WorkflowRunRetentionPruneScheduler, WorkflowWebsocketServer, logLevelPolicyFactory, performanceLogPolicyFactory };

package/dist/pairing.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-import "./index-DilAYwnH.js";
-import { g as TypeToken } from "./ItemsInputNormalizer-_RwIfRIQ.js";
-import { t as InternalHonoApiRouteRegistrar } from "./InternalHonoApiRouteRegistrar-c7t3KnV_.js";
-import { i as PairingVerificationSuccess, n as PairingVerificationFailure, r as PairingVerificationResult, t as PairingConfig } from "./pairing.types-snfZ_OzB.js";
+import "./index-ChIfeWzk.js";
+import { G as TypeToken } from "./ItemsInputNormalizer-CFkfNMLt.js";
+import { t as InternalHonoApiRouteRegistrar } from "./InternalHonoApiRouteRegistrar-Ce1yxpnO.js";
+import { i as PairingVerificationSuccess, n as PairingVerificationFailure, r as PairingVerificationResult, t as PairingConfig } from "./pairing.types-D9Bjn98U.js";
 import { Hono, MiddlewareHandler } from "hono";
 //#region src/pairing/HmacRequestSigner.d.ts
@@ -10,7 +10,7 @@ interface SignedHeaders {
 }
 declare class HmacRequestSigner {
   private readonly config;
-  constructor(config: PairingConfig);
+  constructor(config?: PairingConfig | null);
   sign(method: string, urlOrPath: string, body: string): SignedHeaders;
 }
 //#endregion
@@ -29,19 +29,38 @@ declare class PairedFetch {
   delete(url: string): Promise<Response>;
 }
 //#endregion
+//#region src/pairing/HmacNonceStore.d.ts
+/**
+ * Seam for durable HMAC replay-protection nonce storage (T6 security fix).
+ *
+ * The default in-process store (InMemoryHmacNonceStore) clears on restart, allowing
+ * replay within the timestamp window. PrismaHmacNonceStore provides durability.
+ */
+interface HmacNonceStore {
+  /**
+   * Atomically record a nonce if it has not been seen before.
+   * Returns `true` if the nonce was new (request should proceed),
+   * `false` if the nonce was already present (replay — reject).
+   */
+  recordIfNew(nonce: string, expiresAt: Date): Promise<boolean>;
+}
+//#endregion
 //#region src/pairing/IncomingHmacVerifier.d.ts
 /**
  * Verifies incoming HMAC-signed requests from the control plane.
  * Mirrors the control-plane HmacVerifier — both sides follow docs/pairing-protocol.md.
+ *
+ * Security (T6): The nonce store is injected and defaults to PrismaHmacNonceStore in
+ * managed mode so replay protection survives process restarts within the 300-second
+ * timestamp window.
  */
 declare class IncomingHmacVerifier {
   private readonly config;
-  private readonly usedNonces;
+  private readonly nonceStore;
   private readonly nonceTtlSeconds;
-  constructor(config: PairingConfig);
-  verify(method: string, url: string, body: string, authHeader: string | null): PairingVerificationResult;
+  constructor(config: (PairingConfig | null) | undefined, nonceStore: HmacNonceStore);
+  verify(method: string, url: string, body: string, authHeader: string | null): Promise<PairingVerificationResult>;
   private parseHeader;
-  private pruneExpiredNonces;
 }
 //#endregion
 //#region src/pairing/InternalHmacAuthMiddleware.d.ts

package/dist/pairing.js CHANGED Viewed

@@ -1,5 +1,21 @@
 import "./decorateParam-BWxkAUSj.js";
-import "./decorate-CXWmflG_.js";
-import { a as PairedFetch, i as PairingConfigFactory, n as InternalHmacAuthMiddleware, o as HmacRequestSigner, r as IncomingHmacVerifier, s as PairingConfigToken, t as InternalPingRegistrar } from "./InternalPingRegistrar-DY3kSfxP.js";
+import { t as __decorate } from "./decorate-CXWmflG_.js";
+import { a as PairingConfigFactory, c as PairingConfigToken, n as InternalHmacAuthMiddleware, o as PairedFetch, r as IncomingHmacVerifier, s as HmacRequestSigner, t as InternalPingRegistrar } from "./InternalPingRegistrar-BavAAnvk.js";
+import { injectable } from "@codemation/core";
-export { HmacRequestSigner, IncomingHmacVerifier, InternalHmacAuthMiddleware, InternalPingRegistrar, PairedFetch, PairingConfigFactory, PairingConfigToken };
+//#region src/pairing/InMemoryHmacNonceStore.ts
+let InMemoryHmacNonceStore = class InMemoryHmacNonceStore$1 {
+	store = /* @__PURE__ */ new Map();
+	async recordIfNew(nonce, expiresAt) {
+		const nowSec = Math.floor(Date.now() / 1e3);
+		for (const [key, expirySec] of this.store.entries()) if (expirySec <= nowSec) this.store.delete(key);
+		if (this.store.has(nonce)) return false;
+		this.store.set(nonce, Math.floor(expiresAt.getTime() / 1e3));
+		return true;
+	}
+};
+InMemoryHmacNonceStore = __decorate([injectable()], InMemoryHmacNonceStore);
+//#endregion
+export { HmacRequestSigner, IncomingHmacVerifier, InternalHmacAuthMiddleware, InternalPingRegistrar, PairedFetch, PairingConfigFactory, PairingConfigToken };
+//# sourceMappingURL=pairing.js.map

package/dist/pairing.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pairing.js","names":["InMemoryHmacNonceStore"],"sources":["../src/pairing/InMemoryHmacNonceStore.ts"],"sourcesContent":["import { injectable } from \"@codemation/core\";\nimport type { HmacNonceStore } from \"./HmacNonceStore\";\n\n/**\n * In-memory HMAC nonce store for unit tests and non-managed mode.\n *\n * NOTE: Nonces are lost on process restart; this is intentional for non-managed\n * mode where replay risk is low. Use PrismaHmacNonceStore in managed mode.\n */\n@injectable()\nexport class InMemoryHmacNonceStore implements HmacNonceStore {\n private readonly store = new Map<string, number>();\n\n async recordIfNew(nonce: string, expiresAt: Date): Promise<boolean> {\n const nowSec = Math.floor(Date.now() / 1000);\n // Prune expired entries on each call (mirrors original in-process behaviour)\n for (const [key, expirySec] of this.store.entries()) {\n if (expirySec <= nowSec) this.store.delete(key);\n }\n if (this.store.has(nonce)) return false;\n this.store.set(nonce, Math.floor(expiresAt.getTime() / 1000));\n return true;\n }\n}\n"],"mappings":";;;;;;AAUO,mCAAMA,yBAAiD;CAC5D,AAAiB,wBAAQ,IAAI,KAAqB;CAElD,MAAM,YAAY,OAAe,WAAmC;EAClE,MAAM,SAAS,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;AAE5C,OAAK,MAAM,CAAC,KAAK,cAAc,KAAK,MAAM,SAAS,CACjD,KAAI,aAAa,OAAQ,MAAK,MAAM,OAAO,IAAI;AAEjD,MAAI,KAAK,MAAM,IAAI,MAAM,CAAE,QAAO;AAClC,OAAK,MAAM,IAAI,OAAO,KAAK,MAAM,UAAU,SAAS,GAAG,IAAK,CAAC;AAC7D,SAAO;;;qCAZV,YAAY"}

package/dist/{pairing.types-snfZ_OzB.d.ts → pairing.types-D9Bjn98U.d.ts} RENAMED Viewed

@@ -16,4 +16,4 @@ type PairingVerificationSuccess = {
 type PairingVerificationResult = PairingVerificationSuccess | PairingVerificationFailure;
 //#endregion
 export { PairingVerificationSuccess as i, PairingVerificationFailure as n, PairingVerificationResult as r, PairingConfig as t };
-//# sourceMappingURL=pairing.types-snfZ_OzB.d.ts.map
+//# sourceMappingURL=pairing.types-D9Bjn98U.d.ts.map

package/dist/persistenceServer.d.ts CHANGED Viewed

@@ -1,8 +1,32 @@
-import "./index-DilAYwnH.js";
-import "./ItemsInputNormalizer-_RwIfRIQ.js";
-import { i as AppPersistenceConfig } from "./CodemationAppContext-CGFYVcSb.js";
+import "./index-ChIfeWzk.js";
+import "./ItemsInputNormalizer-CFkfNMLt.js";
+import { i as AppPersistenceConfig } from "./CodemationAppContext-K51b7oXe.js";
 import "./CodemationWhitelabelConfig-Ca2mCUeC.js";
-import "./CodemationConfigNormalizer-48f-T66P.js";
-import { n as PrismaMigrationDeployer, r as PrismaDatabaseClient, t as AppConfigFactory } from "./AppConfigFactory-BT0y0LVC.js";
-import { n as CodemationPostgresPrismaClientFactory, t as CodemationDatabaseUrlParser } from "./persistenceServer-B71RGvSj.js";
-export { AppConfigFactory, AppPersistenceConfig, CodemationDatabaseUrlParser, CodemationPostgresPrismaClientFactory, PrismaDatabaseClient as PrismaClient, PrismaMigrationDeployer };
+import "./CodemationConfigNormalizer-B4rDYC9h.js";
+import { n as PrismaDatabaseClient, t as AppConfigFactory } from "./AppConfigFactory-DncmwCD1.js";
+import { t as PrismaMigrationDeployer } from "./PrismaMigrationDeployer-DdEcXXVi.js";
+import { t as CodemationPostgresPrismaClientFactory } from "./CodemationPostgresPrismaClientFactory-CTNTPnDr.js";
+//#region src/infrastructure/persistence/CodemationDatabaseUrlParser.d.ts
+/**
+ * Parses `CODEMATION_DATABASE_URL` into an {@link AppPersistenceConfig}.
+ *
+ * Supported schemes (case-insensitive):
+ *   - `sqlite://relative/path/to/file.db`    → resolved relative to consumerRoot
+ *   - `sqlite:///absolute/path/to/file.db`   → leading slash = POSIX absolute
+ *   - `sqlite://C:/path/file.db`             → Windows-style absolute (path.isAbsolute()
+ *                                              returns true for these)
+ *   - `pgsql://user:pass@host:5432/dbname`   → normalised to postgresql://
+ *   - `postgresql://user:pass@host:5432/db`  → pass-through (Prisma's expected scheme)
+ *   - `postgres://user:pass@host:5432/db`    → pass-through (common alias)
+ *
+ * Throws on any other scheme. Empty / whitespace input is also an error — callers
+ * should default before calling parse().
+ */
+declare class CodemationDatabaseUrlParser {
+  parse(url: string, consumerRoot: string): AppPersistenceConfig;
+}
+//#endregion
+export { AppConfigFactory, type AppPersistenceConfig, CodemationDatabaseUrlParser, CodemationPostgresPrismaClientFactory, type PrismaDatabaseClient as PrismaClient, PrismaMigrationDeployer };
+//# sourceMappingURL=persistenceServer.d.ts.map

package/dist/persistenceServer.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import "./decorate-CXWmflG_.js";
-import { i as PrismaMigrationDeployer, n as CodemationDatabaseUrlParser, t as AppConfigFactory } from "./AppConfigFactory-Cx4qQvRk.js";
-import { t as CodemationPostgresPrismaClientFactory } from "./persistenceServer-C-hH4z6l.js";
+import { i as PrismaMigrationDeployer, n as CodemationDatabaseUrlParser, t as AppConfigFactory } from "./AppConfigFactory-D4LL1aOR.js";
+import { t as CodemationPostgresPrismaClientFactory } from "./CodemationPostgresPrismaClientFactory-C7156Fe-.js";
 export { AppConfigFactory, CodemationDatabaseUrlParser, CodemationPostgresPrismaClientFactory, PrismaMigrationDeployer };

package/dist/{server-09PKasWR.d.ts → server-B5trn7y4.d.ts} RENAMED Viewed

@@ -1,8 +1,8 @@
-import { m as CodemationConfig, o as CodemationPlugin, r as AppConfig } from "./CodemationAppContext-CGFYVcSb.js";
-import { t as CodemationConsumerConfigLoader } from "./CodemationConsumerConfigLoader-_PIYqwVx.js";
+import { m as CodemationConfig, o as CodemationPlugin, r as AppConfig } from "./CodemationAppContext-K51b7oXe.js";
+import { t as CodemationConsumerConfigLoader } from "./CodemationConsumerConfigLoader-Dt4jyLx6.js";
 import { i as WorkflowSummary, t as WorkflowDto } from "./WorkflowViewContracts-B7aFQcIw.js";
-import { t as AppConfigFactory } from "./AppConfigFactory-BT0y0LVC.js";
-import { a as ProcessRunOptions, o as ProcessRunResult, s as ProcessRunner } from "./PublicFrontendBootstrapFactory-Dv04tJ-6.js";
+import { t as AppConfigFactory } from "./AppConfigFactory-DncmwCD1.js";
+import { a as ProcessRunOptions, o as ProcessRunResult, s as ProcessRunner } from "./PublicFrontendBootstrapFactory-ClEjZP74.js";
 import { ChildProcess } from "node:child_process";
 //#region src/process/ExecaProcessRunner.d.ts
@@ -104,4 +104,4 @@ declare class WorkflowDiscoveryPathSegmentsComputer {
 }
 //#endregion
 export { CodemationResolvedPluginPackage as a, CodemationServerGateway as c, CodemationPluginDiscovery as i, ExecaProcessRunner as l, WorkflowModulePathFinder as n, AppConfigLoadResult as o, CodemationDiscoveredPluginPackage as r, AppConfigLoader as s, WorkflowDiscoveryPathSegmentsComputer as t };
-//# sourceMappingURL=server-09PKasWR.d.ts.map
+//# sourceMappingURL=server-B5trn7y4.d.ts.map

package/dist/{server-vtRCPgRJ.js → server-CNj_y0QO.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { a as CodemationConfigNormalizer, t as CodemationConsumerConfigLoader } from "./CodemationConsumerConfigLoader-By-6tuGc.js";
-import { m as ApplicationTokens } from "./CredentialServices-Dk8yypeL.js";
-import { A as WorkflowDefinitionMapper, C as CodemationHonoApiApp, M as GetWorkflowDetailQuery, d as FrontendRuntime, j as GetWorkflowSummariesQuery, m as AppContainerLifecycle, t as AppContainerFactory } from "./AppContainerFactory-DRTjG7nG.js";
-import { r as CodemationPluginPackageMetadata, t as AppConfigFactory } from "./AppConfigFactory-Cx4qQvRk.js";
+import { m as ApplicationTokens } from "./CredentialServices-Bios0dM8.js";
+import { A as WorkflowDefinitionMapper, C as CodemationHonoApiApp, M as GetWorkflowDetailQuery, d as FrontendRuntime, j as GetWorkflowSummariesQuery, m as AppContainerLifecycle, t as AppContainerFactory } from "./AppContainerFactory-CHCXP2rn.js";
+import { r as CodemationPluginPackageMetadata, t as AppConfigFactory } from "./AppConfigFactory-D4LL1aOR.js";
 import { readFile, readdir } from "node:fs/promises";
 import path from "node:path";
 import { pathToFileURL } from "node:url";
@@ -219,4 +219,4 @@ var CodemationPluginDiscovery = class {
 //#endregion
 export { AppConfigLoader as n, CodemationServerGateway as r, CodemationPluginDiscovery as t };
-//# sourceMappingURL=server-vtRCPgRJ.js.map
+//# sourceMappingURL=server-CNj_y0QO.js.map