@crossdelta/infrastructure 0.5.5 → 0.6.0

package/dist/helpers/index.d.ts

@@ -2,4 +2,6 @@ export * from './deploy-streams';
 export * from './discover-services';
 export * from './docker-hub-image';
 export * from './otel';
+export * from './stream-job';
+export * from './stream-setup';
 export * from './streams';

package/dist/helpers/stream-job.d.ts

@@ -0,0 +1,68 @@
+/**
+ * NATS JetStream Stream Materialization via K8s Job
+ *
+ * Creates streams inside the cluster using a K8s Job with nats-box.
+ * This solves the problem that Pulumi runs outside the cluster
+ * and cannot reach cluster-internal NATS URLs.
+ *
+ * Architecture:
+ * - Pure functions (stream-setup.ts) generate shell scripts
+ * - This file creates Pulumi K8s resources (ConfigMap + Job)
+ * - nats-box image provides the `nats` CLI (no custom image needed)
+ *
+ * @module @crossdelta/infrastructure/lib/helpers/stream-job
+ */
+import type { Provider } from '@pulumi/kubernetes';
+import * as k8s from '@pulumi/kubernetes';
+import type { Output } from '@pulumi/pulumi';
+import type { StreamPolicy } from './deploy-streams';
+import { type ResolvedStream } from './stream-setup';
+export type { ResolvedStream };
+export { computeConfigHash, generateSetupScript, msToNatsDuration, resolveStreams } from './stream-setup';
+export interface MaterializeStreamsConfig {
+    /** NATS connection URL (cluster-internal) */
+    natsUrl: Output<string>;
+    /** NATS auth credentials (optional) */
+    credentials?: {
+        user?: Output<string>;
+        password?: Output<string>;
+    };
+    /** Contracts module (e.g., `import * as contracts from '@my-org/contracts'`) */
+    contracts: Record<string, unknown>;
+    /** Stream-specific policy overrides */
+    policies?: Record<string, Partial<StreamPolicy>>;
+    /** Default policy for all streams */
+    defaults?: Partial<StreamPolicy>;
+    /** nats-box image override (default: natsio/nats-box:0.14.5) */
+    image?: string;
+    /** Job TTL after completion in seconds (default: 300) */
+    ttlAfterFinished?: number;
+    /** Max retry attempts (default: 3) */
+    backoffLimit?: number;
+}
+/**
+ * Materialize NATS JetStream streams via a K8s Job.
+ *
+ * Creates a ConfigMap with a setup script and a Job that runs it
+ * inside the cluster where NATS is reachable. Uses nats-box image
+ * (no custom image build needed).
+ *
+ * Validation runs at Pulumi plan time (outside cluster).
+ * Materialization runs at deploy time (inside cluster via K8s Job).
+ *
+ * @example
+ * ```typescript
+ * import { materializeStreams } from '@crossdelta/infrastructure'
+ * import * as contracts from '@my-org/contracts'
+ * import { STREAM_POLICIES, DEFAULT_POLICY } from '@my-org/contracts'
+ *
+ * materializeStreams(provider, 'my-namespace', {
+ *   natsUrl: runtime.natsUrl,
+ *   credentials: { user: natsUser, password: natsPassword },
+ *   contracts,
+ *   policies: STREAM_POLICIES,
+ *   defaults: DEFAULT_POLICY,
+ * })
+ * ```
+ */
+export declare const materializeStreams: (provider: Provider, namespace: string, config: MaterializeStreamsConfig) => k8s.batch.v1.Job;

package/dist/helpers/stream-setup.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Stream Setup Script Generator
+ *
+ * Pure functions for generating NATS JetStream setup scripts.
+ * No Pulumi or K8s dependencies — fully testable with Bun.
+ *
+ * Used by:
+ * - `stream-job.ts` (K8s Job materialization)
+ * - Tests (direct import)
+ *
+ * @module @crossdelta/infrastructure/lib/helpers/stream-setup
+ */
+import type { StreamPolicy } from './deploy-streams';
+import type { StreamDefinition } from './streams';
+export interface ResolvedStream {
+    stream: string;
+    subjects: string[];
+    retention: string;
+    storage: string;
+    maxAge: string;
+    replicas: number;
+    maxMsgSize: number;
+}
+/**
+ * Convert milliseconds to NATS CLI duration format (e.g., "168h0m0s")
+ */
+export declare const msToNatsDuration: (ms: number) => string;
+/**
+ * Apply policies and produce resolved stream configs (pure)
+ */
+export declare const resolveStreams: (definitions: StreamDefinition[], policies?: Record<string, Partial<StreamPolicy>>, defaults?: Partial<StreamPolicy>) => ResolvedStream[];
+/**
+ * Generate a shell script that creates/updates NATS JetStream streams.
+ * Uses `nats` CLI from nats-box. Idempotent: creates if missing, updates if exists.
+ */
+export declare const generateSetupScript: (streams: ResolvedStream[]) => string;
+/**
+ * Compute a short hash from stream config for change detection.
+ * When config changes, the Job name changes → Pulumi recreates it.
+ */
+export declare const computeConfigHash: (streams: ResolvedStream[]) => string;

package/dist/index.cjs

@@ -44,8 +44,11 @@ var exports_lib = {};
 __export(exports_lib, {
   validateStreamDefinitionsPure: () => validateStreamDefinitionsPure,
   validateStreamDefinitions: () => validateStreamDefinitions,
+  resolveStreams: () => resolveStreams,
   registerRuntime: () => registerRuntime,
   ports: () => ports,
+  msToNatsDuration: () => msToNatsDuration,
+  materializeStreams: () => materializeStreams,
   hasPublicPort: () => hasPublicPort,
   getStreamNames: () => getStreamNames,
   getStreamDefinition: () => getStreamDefinition,
@@ -53,6 +56,7 @@ __export(exports_lib, {
   getPublicPorts: () => getPublicPorts,
   getPrimaryPort: () => getPrimaryPort,
   getAllPorts: () => getAllPorts,
+  generateSetupScript: () => generateSetupScript,
   generateLocalSetupScript: () => generateLocalSetupScript,
   generateKubectlApplyCommand: () => generateKubectlApplyCommand,
   generateK3dDeleteCommand: () => generateK3dDeleteCommand,
@@ -81,6 +85,7 @@ __export(exports_lib, {
   createImagePullSecret: () => createImagePullSecret,
   createDOKSCluster: () => createDOKSCluster,
   convertToComposeService: () => convertToComposeService,
+  computeConfigHash: () => computeConfigHash,
   collectStreamDefinitions: () => collectStreamDefinitions,
   buildOtelEnv: () => buildOtelEnv,
   buildNatsUrl: () => buildNatsUrl,
@@ -933,9 +938,175 @@ var buildOtelEnv = (serviceName, config) => {
   }
   return env;
 };
+// lib/helpers/stream-job.ts
+var k8s4 = __toESM(require("@pulumi/kubernetes"));
+
+// lib/helpers/stream-setup.ts
+var DEFAULT_POLICY = {
+  maxAge: 7 * 24 * 60 * 60 * 1000,
+  storage: "file",
+  replicas: 1,
+  maxMsgSize: 1024 * 1024
+};
+var msToNatsDuration = (ms) => {
+  const totalSeconds = Math.floor(ms / 1000);
+  const hours = Math.floor(totalSeconds / 3600);
+  const minutes = Math.floor(totalSeconds % 3600 / 60);
+  const seconds = totalSeconds % 60;
+  return `${hours}h${minutes}m${seconds}s`;
+};
+var resolveStreams = (definitions, policies = {}, defaults = DEFAULT_POLICY) => definitions.map(({ stream, subjects }) => {
+  const merged = { ...DEFAULT_POLICY, ...defaults, ...policies[stream] };
+  return {
+    stream,
+    subjects,
+    retention: "limits",
+    storage: merged.storage ?? "file",
+    maxAge: msToNatsDuration(merged.maxAge ?? 7 * 24 * 60 * 60 * 1000),
+    replicas: merged.replicas ?? 1,
+    maxMsgSize: merged.maxMsgSize ?? 1024 * 1024
+  };
+});
+var generateSetupScript = (streams) => {
+  const streamCommands = streams.map((s) => {
+    const subjects = s.subjects.join(",");
+    const args = [
+      `--retention ${s.retention}`,
+      `--storage ${s.storage}`,
+      `--max-age ${s.maxAge}`,
+      `--replicas ${s.replicas}`,
+      `--max-msg-size ${s.maxMsgSize}`
+    ].join(" ");
+    return [
+      `echo "Processing stream: ${s.stream} (${subjects})"`,
+      `if nats $NATS_OPTS stream info "${s.stream}" > /dev/null 2>&1; then`,
+      `  echo "  Updating existing stream..."`,
+      `  nats $NATS_OPTS stream edit "${s.stream}" --subjects "${subjects}" ${args} --force`,
+      `else`,
+      `  echo "  Creating new stream..."`,
+      `  nats $NATS_OPTS stream add "${s.stream}" --subjects "${subjects}" ${args} --defaults`,
+      `fi`,
+      `echo "  ✅ ${s.stream} ready"`,
+      ``
+    ].join(`
+`);
+  });
+  return [
+    `#!/bin/sh`,
+    `set -e`,
+    ``,
+    `NATS_OPTS="--server $NATS_URL"`,
+    `if [ -n "$NATS_USER" ] && [ -n "$NATS_PASSWORD" ]; then`,
+    `  NATS_OPTS="$NATS_OPTS --user $NATS_USER --password $NATS_PASSWORD"`,
+    `fi`,
+    ``,
+    `echo "\uD83D\uDE80 Materializing ${streams.length} stream(s)..."`,
+    `echo ""`,
+    ``,
+    ...streamCommands,
+    `echo ""`,
+    `echo "✅ All streams materialized successfully"`
+  ].join(`
+`);
+};
+var computeConfigHash = (streams) => {
+  const data = JSON.stringify(streams);
+  let hash = 0;
+  for (let i = 0;i < data.length; i++) {
+    const char = data.charCodeAt(i);
+    hash = (hash << 5) - hash + char | 0;
+  }
+  return Math.abs(hash).toString(36).slice(0, 8);
+};
+
+// lib/helpers/stream-job.ts
+var DEFAULT_POLICY2 = {
+  maxAge: 7 * 24 * 60 * 60 * 1000,
+  storage: "file",
+  replicas: 1,
+  maxMsgSize: 1024 * 1024
+};
+var NATS_BOX_IMAGE = "natsio/nats-box:0.14.5";
+var materializeStreams = (provider, namespace, config) => {
+  const {
+    contracts,
+    policies = {},
+    defaults = DEFAULT_POLICY2,
+    image = NATS_BOX_IMAGE,
+    ttlAfterFinished = 300,
+    backoffLimit = 3
+  } = config;
+  validateStreamDefinitions(contracts);
+  const definitions = collectStreamDefinitions(contracts);
+  const resolved = resolveStreams(definitions, policies, defaults);
+  const script = generateSetupScript(resolved);
+  const configHash = computeConfigHash(resolved);
+  console.log(`\uD83D\uDCCB Collecting stream definitions from contracts...`);
+  console.log(`✅ Found ${definitions.length} stream(s):`);
+  for (const { stream, subjects } of definitions) {
+    console.log(`   - ${stream}: ${subjects.join(", ")}`);
+  }
+  const configMap = new k8s4.core.v1.ConfigMap("stream-setup-config", {
+    metadata: {
+      name: `stream-setup-${configHash}`,
+      namespace,
+      labels: { app: "stream-setup", "config-hash": configHash }
+    },
+    data: {
+      "setup.sh": script,
+      "streams.json": JSON.stringify(resolved, null, 2)
+    }
+  }, { provider });
+  const envVars = [{ name: "NATS_URL", value: config.natsUrl }];
+  if (config.credentials?.user) {
+    envVars.push({ name: "NATS_USER", value: config.credentials.user });
+  }
+  if (config.credentials?.password) {
+    envVars.push({ name: "NATS_PASSWORD", value: config.credentials.password });
+  }
+  const job = new k8s4.batch.v1.Job("stream-setup", {
+    metadata: {
+      name: `stream-setup-${configHash}`,
+      namespace,
+      labels: { app: "stream-setup", "config-hash": configHash }
+    },
+    spec: {
+      backoffLimit,
+      ttlSecondsAfterFinished: ttlAfterFinished,
+      template: {
+        metadata: {
+          labels: { app: "stream-setup" }
+        },
+        spec: {
+          restartPolicy: "Never",
+          containers: [
+            {
+              name: "stream-setup",
+              image,
+              command: ["sh", "/config/setup.sh"],
+              env: envVars,
+              volumeMounts: [{ name: "config", mountPath: "/config", readOnly: true }]
+            }
+          ],
+          volumes: [
+            {
+              name: "config",
+              configMap: { name: configMap.metadata.name }
+            }
+          ]
+        }
+      }
+    }
+  }, {
+    provider,
+    dependsOn: [configMap],
+    deleteBeforeReplace: true
+  });
+  return job;
+};
 // lib/runtimes/doks/cluster.ts
 var digitalocean = __toESM(require("@pulumi/digitalocean"));
-var k8s4 = __toESM(require("@pulumi/kubernetes"));
+var k8s5 = __toESM(require("@pulumi/kubernetes"));
 var pulumi4 = __toESM(require("@pulumi/pulumi"));
 function createDOKSCluster(config) {
   const stack = pulumi4.getStack();
@@ -970,7 +1141,7 @@ function createDOKSCluster(config) {
     }
     return firstConfig.rawConfig;
   });
-  const provider = new k8s4.Provider(`${config.name}-k8s-provider`, {
+  const provider = new k8s5.Provider(`${config.name}-k8s-provider`, {
     kubeconfig
   });
   return {
@@ -981,7 +1152,7 @@ function createDOKSCluster(config) {
   };
 }
 function createK8sProviderFromKubeconfig(name, kubeconfig) {
-  return new k8s4.Provider(name, { kubeconfig });
+  return new k8s5.Provider(name, { kubeconfig });
 }
 // lib/runtimes/doks/vpc.ts
 var digitalocean2 = __toESM(require("@pulumi/digitalocean"));
@@ -997,7 +1168,7 @@ function createVPC(config) {
   });
 }
 // lib/runtimes/doks/workloads.ts
-var k8s5 = __toESM(require("@pulumi/kubernetes"));
+var k8s6 = __toESM(require("@pulumi/kubernetes"));
 var pulumi6 = __toESM(require("@pulumi/pulumi"));
 var normalizeK8sConfig = (config) => {
   if (config.ports) {
@@ -1047,7 +1218,7 @@ var createImagePullSecret = (provider, namespace, name, config) => {
       }
     });
   });
-  return new k8s5.core.v1.Secret(name, {
+  return new k8s6.core.v1.Secret(name, {
     metadata: {
       name,
       namespace,
@@ -1077,7 +1248,7 @@ var buildEnvVars = (config) => {
   })) : [];
   return [portEnv, ...plainEnvVars, ...secretEnvVars];
 };
-var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s5.core.v1.Secret(`${config.name}-secret`, {
+var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s6.core.v1.Secret(`${config.name}-secret`, {
   metadata: {
     name: `${config.name}-secret`,
     namespace,
@@ -1090,7 +1261,7 @@ var createServiceVolumes = (provider, namespace, config, labels) => {
   if (!config.volumes) {
     return { pvcs: [], volumeMounts: [], volumes: [] };
   }
-  const pvcs = config.volumes.map((vol) => new k8s5.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
+  const pvcs = config.volumes.map((vol) => new k8s6.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
     metadata: {
       name: `${config.name}-${vol.name}`,
       namespace,
@@ -1206,7 +1377,7 @@ var createServiceIngress = (provider, namespace, config, labels, service) => {
   const allHosts = [...primaryHosts, ...additionalHosts];
   const ingressRules = allHosts.length > 0 ? allHosts.map(createRule) : [createRule()];
   const tlsSecretName = config.ingress.tls?.secretName ?? `${config.name}-tls`;
-  return new k8s5.networking.v1.Ingress(`${config.name}-ingress`, {
+  return new k8s6.networking.v1.Ingress(`${config.name}-ingress`, {
     metadata: {
       name: config.name,
       namespace,
@@ -1236,7 +1407,7 @@ var deployK8sService = (provider, namespace, config) => {
   const { livenessProbe, readinessProbe } = buildHealthProbes(normalizedConfig);
   const containerPorts = buildContainerPorts(normalizedConfig);
   const servicePorts = buildServicePorts(normalizedConfig);
-  const deployment = new k8s5.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
+  const deployment = new k8s6.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1277,7 +1448,7 @@ var deployK8sService = (provider, namespace, config) => {
       }
     }
   }, { provider, dependsOn: pvcs.length > 0 ? pvcs : undefined });
-  const service = new k8s5.core.v1.Service(`${normalizedConfig.name}-service`, {
+  const service = new k8s6.core.v1.Service(`${normalizedConfig.name}-service`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1310,7 +1481,7 @@ var deployK8sServices = (provider, namespace, configs, options) => configs.filte
   results.set(config.name, deployK8sService(provider, namespace, configWithSecret));
   return results;
 }, new Map);
-var createNamespace = (provider, name, labels) => new k8s5.core.v1.Namespace(name, {
+var createNamespace = (provider, name, labels) => new k8s6.core.v1.Namespace(name, {
   metadata: {
     name,
     labels: {

package/dist/index.js

@@ -844,9 +844,175 @@ var buildOtelEnv = (serviceName, config) => {
   }
   return env;
 };
+// lib/helpers/stream-job.ts
+import * as k8s4 from "@pulumi/kubernetes";
+
+// lib/helpers/stream-setup.ts
+var DEFAULT_POLICY = {
+  maxAge: 7 * 24 * 60 * 60 * 1000,
+  storage: "file",
+  replicas: 1,
+  maxMsgSize: 1024 * 1024
+};
+var msToNatsDuration = (ms) => {
+  const totalSeconds = Math.floor(ms / 1000);
+  const hours = Math.floor(totalSeconds / 3600);
+  const minutes = Math.floor(totalSeconds % 3600 / 60);
+  const seconds = totalSeconds % 60;
+  return `${hours}h${minutes}m${seconds}s`;
+};
+var resolveStreams = (definitions, policies = {}, defaults = DEFAULT_POLICY) => definitions.map(({ stream, subjects }) => {
+  const merged = { ...DEFAULT_POLICY, ...defaults, ...policies[stream] };
+  return {
+    stream,
+    subjects,
+    retention: "limits",
+    storage: merged.storage ?? "file",
+    maxAge: msToNatsDuration(merged.maxAge ?? 7 * 24 * 60 * 60 * 1000),
+    replicas: merged.replicas ?? 1,
+    maxMsgSize: merged.maxMsgSize ?? 1024 * 1024
+  };
+});
+var generateSetupScript = (streams) => {
+  const streamCommands = streams.map((s) => {
+    const subjects = s.subjects.join(",");
+    const args = [
+      `--retention ${s.retention}`,
+      `--storage ${s.storage}`,
+      `--max-age ${s.maxAge}`,
+      `--replicas ${s.replicas}`,
+      `--max-msg-size ${s.maxMsgSize}`
+    ].join(" ");
+    return [
+      `echo "Processing stream: ${s.stream} (${subjects})"`,
+      `if nats $NATS_OPTS stream info "${s.stream}" > /dev/null 2>&1; then`,
+      `  echo "  Updating existing stream..."`,
+      `  nats $NATS_OPTS stream edit "${s.stream}" --subjects "${subjects}" ${args} --force`,
+      `else`,
+      `  echo "  Creating new stream..."`,
+      `  nats $NATS_OPTS stream add "${s.stream}" --subjects "${subjects}" ${args} --defaults`,
+      `fi`,
+      `echo "  ✅ ${s.stream} ready"`,
+      ``
+    ].join(`
+`);
+  });
+  return [
+    `#!/bin/sh`,
+    `set -e`,
+    ``,
+    `NATS_OPTS="--server $NATS_URL"`,
+    `if [ -n "$NATS_USER" ] && [ -n "$NATS_PASSWORD" ]; then`,
+    `  NATS_OPTS="$NATS_OPTS --user $NATS_USER --password $NATS_PASSWORD"`,
+    `fi`,
+    ``,
+    `echo "\uD83D\uDE80 Materializing ${streams.length} stream(s)..."`,
+    `echo ""`,
+    ``,
+    ...streamCommands,
+    `echo ""`,
+    `echo "✅ All streams materialized successfully"`
+  ].join(`
+`);
+};
+var computeConfigHash = (streams) => {
+  const data = JSON.stringify(streams);
+  let hash = 0;
+  for (let i = 0;i < data.length; i++) {
+    const char = data.charCodeAt(i);
+    hash = (hash << 5) - hash + char | 0;
+  }
+  return Math.abs(hash).toString(36).slice(0, 8);
+};
+
+// lib/helpers/stream-job.ts
+var DEFAULT_POLICY2 = {
+  maxAge: 7 * 24 * 60 * 60 * 1000,
+  storage: "file",
+  replicas: 1,
+  maxMsgSize: 1024 * 1024
+};
+var NATS_BOX_IMAGE = "natsio/nats-box:0.14.5";
+var materializeStreams = (provider, namespace, config) => {
+  const {
+    contracts,
+    policies = {},
+    defaults = DEFAULT_POLICY2,
+    image = NATS_BOX_IMAGE,
+    ttlAfterFinished = 300,
+    backoffLimit = 3
+  } = config;
+  validateStreamDefinitions(contracts);
+  const definitions = collectStreamDefinitions(contracts);
+  const resolved = resolveStreams(definitions, policies, defaults);
+  const script = generateSetupScript(resolved);
+  const configHash = computeConfigHash(resolved);
+  console.log(`\uD83D\uDCCB Collecting stream definitions from contracts...`);
+  console.log(`✅ Found ${definitions.length} stream(s):`);
+  for (const { stream, subjects } of definitions) {
+    console.log(`   - ${stream}: ${subjects.join(", ")}`);
+  }
+  const configMap = new k8s4.core.v1.ConfigMap("stream-setup-config", {
+    metadata: {
+      name: `stream-setup-${configHash}`,
+      namespace,
+      labels: { app: "stream-setup", "config-hash": configHash }
+    },
+    data: {
+      "setup.sh": script,
+      "streams.json": JSON.stringify(resolved, null, 2)
+    }
+  }, { provider });
+  const envVars = [{ name: "NATS_URL", value: config.natsUrl }];
+  if (config.credentials?.user) {
+    envVars.push({ name: "NATS_USER", value: config.credentials.user });
+  }
+  if (config.credentials?.password) {
+    envVars.push({ name: "NATS_PASSWORD", value: config.credentials.password });
+  }
+  const job = new k8s4.batch.v1.Job("stream-setup", {
+    metadata: {
+      name: `stream-setup-${configHash}`,
+      namespace,
+      labels: { app: "stream-setup", "config-hash": configHash }
+    },
+    spec: {
+      backoffLimit,
+      ttlSecondsAfterFinished: ttlAfterFinished,
+      template: {
+        metadata: {
+          labels: { app: "stream-setup" }
+        },
+        spec: {
+          restartPolicy: "Never",
+          containers: [
+            {
+              name: "stream-setup",
+              image,
+              command: ["sh", "/config/setup.sh"],
+              env: envVars,
+              volumeMounts: [{ name: "config", mountPath: "/config", readOnly: true }]
+            }
+          ],
+          volumes: [
+            {
+              name: "config",
+              configMap: { name: configMap.metadata.name }
+            }
+          ]
+        }
+      }
+    }
+  }, {
+    provider,
+    dependsOn: [configMap],
+    deleteBeforeReplace: true
+  });
+  return job;
+};
 // lib/runtimes/doks/cluster.ts
 import * as digitalocean from "@pulumi/digitalocean";
-import * as k8s4 from "@pulumi/kubernetes";
+import * as k8s5 from "@pulumi/kubernetes";
 import * as pulumi4 from "@pulumi/pulumi";
 function createDOKSCluster(config) {
   const stack = pulumi4.getStack();
@@ -881,7 +1047,7 @@ function createDOKSCluster(config) {
     }
     return firstConfig.rawConfig;
   });
-  const provider = new k8s4.Provider(`${config.name}-k8s-provider`, {
+  const provider = new k8s5.Provider(`${config.name}-k8s-provider`, {
     kubeconfig
   });
   return {
@@ -892,7 +1058,7 @@ function createDOKSCluster(config) {
   };
 }
 function createK8sProviderFromKubeconfig(name, kubeconfig) {
-  return new k8s4.Provider(name, { kubeconfig });
+  return new k8s5.Provider(name, { kubeconfig });
 }
 // lib/runtimes/doks/vpc.ts
 import * as digitalocean2 from "@pulumi/digitalocean";
@@ -908,7 +1074,7 @@ function createVPC(config) {
   });
 }
 // lib/runtimes/doks/workloads.ts
-import * as k8s5 from "@pulumi/kubernetes";
+import * as k8s6 from "@pulumi/kubernetes";
 import * as pulumi6 from "@pulumi/pulumi";
 var normalizeK8sConfig = (config) => {
   if (config.ports) {
@@ -958,7 +1124,7 @@ var createImagePullSecret = (provider, namespace, name, config) => {
       }
     });
   });
-  return new k8s5.core.v1.Secret(name, {
+  return new k8s6.core.v1.Secret(name, {
     metadata: {
       name,
       namespace,
@@ -988,7 +1154,7 @@ var buildEnvVars = (config) => {
   })) : [];
   return [portEnv, ...plainEnvVars, ...secretEnvVars];
 };
-var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s5.core.v1.Secret(`${config.name}-secret`, {
+var createServiceSecret = (provider, namespace, config, labels) => !config.secrets || Object.keys(config.secrets).length === 0 ? undefined : new k8s6.core.v1.Secret(`${config.name}-secret`, {
   metadata: {
     name: `${config.name}-secret`,
     namespace,
@@ -1001,7 +1167,7 @@ var createServiceVolumes = (provider, namespace, config, labels) => {
   if (!config.volumes) {
     return { pvcs: [], volumeMounts: [], volumes: [] };
   }
-  const pvcs = config.volumes.map((vol) => new k8s5.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
+  const pvcs = config.volumes.map((vol) => new k8s6.core.v1.PersistentVolumeClaim(`${config.name}-${vol.name}`, {
     metadata: {
       name: `${config.name}-${vol.name}`,
       namespace,
@@ -1117,7 +1283,7 @@ var createServiceIngress = (provider, namespace, config, labels, service) => {
   const allHosts = [...primaryHosts, ...additionalHosts];
   const ingressRules = allHosts.length > 0 ? allHosts.map(createRule) : [createRule()];
   const tlsSecretName = config.ingress.tls?.secretName ?? `${config.name}-tls`;
-  return new k8s5.networking.v1.Ingress(`${config.name}-ingress`, {
+  return new k8s6.networking.v1.Ingress(`${config.name}-ingress`, {
     metadata: {
       name: config.name,
       namespace,
@@ -1147,7 +1313,7 @@ var deployK8sService = (provider, namespace, config) => {
   const { livenessProbe, readinessProbe } = buildHealthProbes(normalizedConfig);
   const containerPorts = buildContainerPorts(normalizedConfig);
   const servicePorts = buildServicePorts(normalizedConfig);
-  const deployment = new k8s5.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
+  const deployment = new k8s6.apps.v1.Deployment(`${normalizedConfig.name}-deployment`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1188,7 +1354,7 @@ var deployK8sService = (provider, namespace, config) => {
       }
     }
   }, { provider, dependsOn: pvcs.length > 0 ? pvcs : undefined });
-  const service = new k8s5.core.v1.Service(`${normalizedConfig.name}-service`, {
+  const service = new k8s6.core.v1.Service(`${normalizedConfig.name}-service`, {
     metadata: {
       name: normalizedConfig.name,
       namespace,
@@ -1221,7 +1387,7 @@ var deployK8sServices = (provider, namespace, configs, options) => configs.filte
   results.set(config.name, deployK8sService(provider, namespace, configWithSecret));
   return results;
 }, new Map);
-var createNamespace = (provider, name, labels) => new k8s5.core.v1.Namespace(name, {
+var createNamespace = (provider, name, labels) => new k8s6.core.v1.Namespace(name, {
   metadata: {
     name,
     labels: {
@@ -1595,8 +1761,11 @@ var generateLocalSetupScript = (services, options = {}) => {
 export {
   validateStreamDefinitionsPure,
   validateStreamDefinitions,
+  resolveStreams,
   registerRuntime,
   ports,
+  msToNatsDuration,
+  materializeStreams,
   hasPublicPort,
   getStreamNames,
   getStreamDefinition,
@@ -1604,6 +1773,7 @@ export {
   getPublicPorts,
   getPrimaryPort,
   getAllPorts,
+  generateSetupScript,
   generateLocalSetupScript,
   generateKubectlApplyCommand,
   generateK3dDeleteCommand,
@@ -1632,6 +1802,7 @@ export {
   createImagePullSecret,
   createDOKSCluster,
   convertToComposeService,
+  computeConfigHash,
   collectStreamDefinitions,
   buildOtelEnv,
   buildNatsUrl,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crossdelta/infrastructure",
-  "version": "0.5.5",
+  "version": "0.6.0",
   "type": "module",
   "license": "MIT",
   "publishConfig": {
@@ -35,7 +35,7 @@
     }
   },
   "dependencies": {
-    "@crossdelta/cloudevents": "0.6.3"
+    "@crossdelta/cloudevents": "0.6.4"
   },
   "peerDependencies": {
     "@pulumi/digitalocean": "^4.0.0",