@eventpipe/cli 0.2.1

package/dist/cmd-login.js

@@ -0,0 +1,91 @@
+import { exec } from "node:child_process";
+import { createServer } from "node:http";
+import { randomInt } from "node:crypto";
+import { resolveEventpipeBaseUrl } from "./base-url.js";
+import { saveCredentials } from "./credentials.js";
+const cors = {
+    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Methods": "POST, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type",
+};
+function openBrowser(url) {
+    const safe = url.replace(/"/g, '\\"');
+    const cmd = process.platform === "darwin"
+        ? `open "${safe}"`
+        : process.platform === "win32"
+            ? `cmd /c start "" "${safe}"`
+            : `xdg-open "${safe}"`;
+    exec(cmd, () => { });
+}
+export async function cmdLogin() {
+    const base = resolveEventpipeBaseUrl();
+    const port = randomInt(47_890, 48_000);
+    await new Promise((resolve, reject) => {
+        let settled = false;
+        const done = (fn) => {
+            if (settled) {
+                return;
+            }
+            settled = true;
+            fn();
+        };
+        const server = createServer((req, res) => {
+            const u = req.url ?? "";
+            if (req.method === "OPTIONS" && u.startsWith("/callback")) {
+                res.writeHead(204, cors);
+                res.end();
+                return;
+            }
+            if (req.method === "POST" && u.startsWith("/callback")) {
+                const chunks = [];
+                req.on("data", (c) => chunks.push(c));
+                req.on("end", () => {
+                    void (async () => {
+                        try {
+                            const raw = Buffer.concat(chunks).toString("utf8");
+                            const data = JSON.parse(raw);
+                            if (!data.access_token || !data.refresh_token) {
+                                res.writeHead(400, { "content-type": "application/json", ...cors });
+                                res.end(JSON.stringify({ error: "missing tokens" }));
+                                done(() => reject(new Error("Missing tokens in callback")));
+                                server.close();
+                                return;
+                            }
+                            const stored = {
+                                baseUrl: (data.base_url ?? base).replace(/\/$/, ""),
+                                accessToken: data.access_token,
+                                refreshToken: data.refresh_token,
+                            };
+                            await saveCredentials(stored);
+                            res.writeHead(200, { "content-type": "application/json", ...cors });
+                            res.end(JSON.stringify({ ok: true }));
+                            server.close(() => done(() => resolve()));
+                        }
+                        catch {
+                            res.writeHead(400, { ...cors });
+                            res.end();
+                            done(() => reject(new Error("Invalid callback body")));
+                            server.close();
+                        }
+                    })();
+                });
+                return;
+            }
+            res.writeHead(404);
+            res.end();
+        });
+        server.on("error", (e) => done(() => reject(e)));
+        server.listen(port, "127.0.0.1", () => {
+            const authorizeUrl = `${base}/cli/authorize?port=${port}`;
+            console.log("Opening browser to sign in…");
+            console.log(authorizeUrl);
+            openBrowser(authorizeUrl);
+        });
+        const timer = setTimeout(() => {
+            server.close();
+            done(() => reject(new Error("Login timed out (2 min)")));
+        }, 120_000);
+        server.on("close", () => clearTimeout(timer));
+    });
+    console.log("Saved credentials to ~/.eventpipe/credentials.json");
+}

package/dist/cmd-update.d.ts

@@ -0,0 +1 @@
+export declare function cmdUpdate(): Promise<void>;

package/dist/cmd-update.js

@@ -0,0 +1,20 @@
+import { spawn } from "node:child_process";
+const PACKAGE = "@eventpipe/cli";
+function runNpm(args) {
+    return new Promise((resolve) => {
+        const isWin = process.platform === "win32";
+        const cmd = isWin ? "npm.cmd" : "npm";
+        const child = spawn(cmd, args, {
+            stdio: "inherit",
+            shell: isWin,
+        });
+        child.on("error", () => resolve(1));
+        child.on("close", (code) => resolve(code ?? 1));
+    });
+}
+export async function cmdUpdate() {
+    const code = await runNpm(["install", "-g", `${PACKAGE}@latest`]);
+    if (code !== 0) {
+        throw new Error(`npm exited with code ${code}`);
+    }
+}

package/dist/code-node-ids.d.ts

@@ -0,0 +1 @@
+export declare function collectCodeNodeIds(pipe: unknown): string[];

package/dist/code-node-ids.js

@@ -0,0 +1,20 @@
+export function collectCodeNodeIds(pipe) {
+    if (typeof pipe !== "object" || pipe === null) {
+        return [];
+    }
+    const nodes = pipe.nodes;
+    if (!Array.isArray(nodes)) {
+        return [];
+    }
+    const out = [];
+    for (const n of nodes) {
+        if (typeof n !== "object" || n === null) {
+            continue;
+        }
+        const rec = n;
+        if (rec.type === "code" && typeof rec.id === "string") {
+            out.push(rec.id);
+        }
+    }
+    return out;
+}

package/dist/config.d.ts

@@ -0,0 +1,8 @@
+export type EventpipeManifest = {
+    pipelineId: string;
+    nodeId?: string;
+    entry?: string;
+    codeNodes?: Record<string, string>;
+    settings: Record<string, unknown>;
+};
+export declare function loadManifest(projectDir: string): Promise<EventpipeManifest>;

package/dist/config.js

@@ -0,0 +1,42 @@
+import { readFile } from "node:fs/promises";
+import { resolve } from "node:path";
+export async function loadManifest(projectDir) {
+    const path = resolve(projectDir, "eventpipe.json");
+    const raw = await readFile(path, "utf8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed !== "object" || parsed === null) {
+        throw new Error("eventpipe.json must be a JSON object");
+    }
+    const o = parsed;
+    const pipelineId = typeof o.pipelineId === "string" ? o.pipelineId.trim() : "";
+    if (!pipelineId) {
+        throw new Error("eventpipe.json: pipelineId (string) is required");
+    }
+    const settings = o.settings;
+    if (typeof settings !== "object" || settings === null || Array.isArray(settings)) {
+        throw new Error("eventpipe.json: settings must be an object");
+    }
+    const pipe = settings.pipe;
+    if (pipe === undefined || pipe === null) {
+        throw new Error("eventpipe.json: settings.pipe is required for publish");
+    }
+    let codeNodes = undefined;
+    if (o.codeNodes !== undefined) {
+        if (typeof o.codeNodes !== "object" || o.codeNodes === null || Array.isArray(o.codeNodes)) {
+            throw new Error("eventpipe.json: codeNodes must be an object map (string -> string)");
+        }
+        codeNodes = o.codeNodes;
+        for (const [k, v] of Object.entries(codeNodes)) {
+            if (typeof v !== "string") {
+                throw new Error(`eventpipe.json: codeNodes["${k}"] must be a string (node id)`);
+            }
+        }
+    }
+    return {
+        pipelineId,
+        nodeId: typeof o.nodeId === "string" ? o.nodeId.trim() : undefined,
+        entry: typeof o.entry === "string" ? o.entry.trim() : undefined,
+        codeNodes,
+        settings: settings,
+    };
+}

package/dist/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const BUNDLE_MAX_BYTES: number;
+export declare const GLOBAL_NAME = "__eventpipeExports";

package/dist/constants.js

@@ -0,0 +1,2 @@
+export const BUNDLE_MAX_BYTES = 200 * 1024;
+export const GLOBAL_NAME = "__eventpipeExports";

package/dist/credentials.d.ts

@@ -0,0 +1,7 @@
+export type StoredCredentials = {
+    baseUrl: string;
+    accessToken: string;
+    refreshToken: string;
+};
+export declare function loadCredentials(): Promise<StoredCredentials | null>;
+export declare function saveCredentials(c: StoredCredentials): Promise<void>;

package/dist/credentials.js

@@ -0,0 +1,42 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { join } from "node:path";
+const dir = () => join(homedir(), ".eventpipe");
+const filePath = () => join(dir(), "credentials.json");
+export async function loadCredentials() {
+    try {
+        const raw = await readFile(filePath(), "utf8");
+        const data = JSON.parse(raw);
+        if (typeof data.baseUrl === "string" &&
+            typeof data.accessToken === "string" &&
+            typeof data.refreshToken === "string") {
+            return {
+                baseUrl: data.baseUrl.replace(/\/$/, ""),
+                accessToken: data.accessToken,
+                refreshToken: data.refreshToken,
+            };
+        }
+    }
+    catch {
+        return null;
+    }
+    return null;
+}
+export async function saveCredentials(c) {
+    await mkdir(dir(), { recursive: true });
+    const normalized = {
+        ...c,
+        baseUrl: c.baseUrl.replace(/\/$/, ""),
+    };
+    await writeFile(filePath(), JSON.stringify(normalized, null, 2), "utf8");
+    try {
+        await chmodSafe(filePath());
+    }
+    catch {
+        /* ignore */
+    }
+}
+async function chmodSafe(path) {
+    const { chmod } = await import("node:fs/promises");
+    await chmod(path, 0o600);
+}

package/dist/forward-local.d.ts

@@ -0,0 +1,14 @@
+export type FlowEventWire = {
+    webhookId?: string;
+    method?: string;
+    headers?: Record<string, string>;
+    query?: Record<string, string>;
+    path?: string;
+    body?: unknown;
+    receivedAt?: number;
+};
+export declare function forwardWebhookToLocal(forwardTo: string, event: FlowEventWire): Promise<{
+    ok: boolean;
+    status: number;
+    error?: string;
+}>;

package/dist/forward-local.js

@@ -0,0 +1,76 @@
+const HOP_BY_HOP = new Set([
+    "host",
+    "connection",
+    "content-length",
+    "transfer-encoding",
+    "keep-alive",
+    "proxy-connection",
+    "te",
+    "trailer",
+    "upgrade",
+]);
+export async function forwardWebhookToLocal(forwardTo, event) {
+    let url;
+    try {
+        url = new URL(forwardTo);
+    }
+    catch {
+        return { ok: false, status: 0, error: "Invalid --forward-to URL" };
+    }
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
+        return { ok: false, status: 0, error: "Only http(s) URLs are allowed for --forward-to" };
+    }
+    const q = event.query ?? {};
+    for (const [k, v] of Object.entries(q)) {
+        if (v === undefined || v === null) {
+            continue;
+        }
+        if (Array.isArray(v)) {
+            for (const item of v) {
+                url.searchParams.append(k, String(item));
+            }
+        }
+        else {
+            url.searchParams.append(k, String(v));
+        }
+    }
+    const method = (event.method ?? "POST").toUpperCase();
+    const headers = new Headers();
+    const raw = event.headers ?? {};
+    for (const [k, v] of Object.entries(raw)) {
+        if (typeof v !== "string") {
+            continue;
+        }
+        const key = k.toLowerCase();
+        if (HOP_BY_HOP.has(key)) {
+            continue;
+        }
+        headers.set(k, v);
+    }
+    let body;
+    if (method !== "GET" && method !== "HEAD") {
+        const b = event.body;
+        if (b !== undefined && b !== null) {
+            if (typeof b === "string") {
+                body = b;
+            }
+            else if (typeof b === "object") {
+                body = JSON.stringify(b);
+                if (!headers.has("content-type")) {
+                    headers.set("content-type", "application/json; charset=utf-8");
+                }
+            }
+            else {
+                body = String(b);
+            }
+        }
+    }
+    try {
+        const res = await fetch(url, { method, headers, body, redirect: "manual" });
+        return { ok: res.ok, status: res.status };
+    }
+    catch (e) {
+        const message = e instanceof Error ? e.message : String(e);
+        return { ok: false, status: 0, error: message };
+    }
+}

package/dist/hash.d.ts

@@ -0,0 +1,2 @@
+export declare function sha256Utf8(input: string): string;
+export declare function byteLenUtf8(s: string): number;

package/dist/hash.js

@@ -0,0 +1,7 @@
+import { createHash } from "node:crypto";
+export function sha256Utf8(input) {
+    return createHash("sha256").update(input, "utf8").digest("hex");
+}
+export function byteLenUtf8(s) {
+    return new TextEncoder().encode(s).byteLength;
+}

package/dist/listen-args.d.ts

@@ -0,0 +1,9 @@
+export type ListenOptions = {
+    verbose: boolean;
+    json: boolean;
+    forwardTo: string | null;
+};
+export declare function parseListenArgv(argv: string[]): {
+    webhookId: string;
+    options: ListenOptions;
+};

package/dist/listen-args.js

@@ -0,0 +1,37 @@
+export function parseListenArgv(argv) {
+    const options = {
+        verbose: false,
+        json: false,
+        forwardTo: null,
+    };
+    let webhookId = "";
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === "--verbose" || a === "-v") {
+            options.verbose = true;
+            continue;
+        }
+        if (a === "--json") {
+            options.json = true;
+            continue;
+        }
+        if (a === "--forward-to") {
+            const u = argv[++i];
+            if (!u?.trim()) {
+                throw new Error("--forward-to requires a URL (e.g. http://127.0.0.1:3000/api/webhooks)");
+            }
+            options.forwardTo = u.trim();
+            continue;
+        }
+        if (a.startsWith("-")) {
+            throw new Error(`Unknown option: ${a}`);
+        }
+        if (!webhookId) {
+            webhookId = a.trim();
+        }
+        else {
+            throw new Error(`Unexpected argument: ${a}`);
+        }
+    }
+    return { webhookId, options };
+}

package/dist/publish.d.ts

@@ -0,0 +1,20 @@
+import type { EventpipeManifest } from "./config.js";
+export type PublishResult = {
+    success?: boolean;
+    version?: number;
+    bundleHash?: string;
+    bundleSizeBytes?: number;
+    error?: string;
+};
+export declare function publishVersion(params: {
+    baseUrl: string;
+    apiKey: string;
+    pipelineId: string;
+    manifest: EventpipeManifest;
+    bundles: Array<{
+        nodeId: string;
+        bundleCode: string;
+        bundleHash: string;
+    }>;
+    sourceCode?: string | null;
+}): Promise<PublishResult>;

package/dist/publish.js

@@ -0,0 +1,23 @@
+export async function publishVersion(params) {
+    const res = await fetch(`${params.baseUrl}/api/account/pipelines/${params.pipelineId}/versions`, {
+        method: "POST",
+        headers: {
+            "content-type": "application/json",
+            "x-api-key": params.apiKey,
+        },
+        body: JSON.stringify({
+            sourceCode: params.sourceCode ?? null,
+            buildMeta: {
+                bundler: "eventpipe-cli",
+                generatedAt: new Date().toISOString(),
+            },
+            settings: params.manifest.settings,
+            codeBundles: params.bundles,
+        }),
+    });
+    const data = (await res.json());
+    if (!res.ok) {
+        return { error: data?.error ?? res.statusText };
+    }
+    return data;
+}

package/dist/studio-sources.d.ts

@@ -0,0 +1,5 @@
+export declare function codeNodeUsesLibrary(pipe: unknown, nodeId: string): boolean;
+export declare function applyPublishedStudioSources(pipe: unknown, params: {
+    sourcesByNodeId: Record<string, string>;
+    flowSourceCode: string;
+}): unknown;

package/dist/studio-sources.js

@@ -0,0 +1,65 @@
+import { collectCodeNodeIds } from "./code-node-ids.js";
+const STUDIO_SOURCE_MAX_CHARS = 400_000;
+export function codeNodeUsesLibrary(pipe, nodeId) {
+    if (typeof pipe !== "object" || pipe === null) {
+        return false;
+    }
+    const nodes = pipe.nodes;
+    if (!Array.isArray(nodes)) {
+        return false;
+    }
+    for (const n of nodes) {
+        if (typeof n !== "object" || n === null) {
+            continue;
+        }
+        const rec = n;
+        if (rec.type === "code" && rec.id === nodeId) {
+            const cfg = rec.config;
+            if (typeof cfg !== "object" || cfg === null) {
+                return false;
+            }
+            const v = cfg.libraryArtifactVersionId;
+            return typeof v === "string" && v.length > 0;
+        }
+    }
+    return false;
+}
+export function applyPublishedStudioSources(pipe, params) {
+    if (typeof pipe !== "object" || pipe === null) {
+        return pipe;
+    }
+    const p = pipe;
+    const nodesRaw = p.nodes;
+    if (!Array.isArray(nodesRaw)) {
+        return pipe;
+    }
+    const ids = collectCodeNodeIds(pipe);
+    const single = ids.length === 1;
+    const newNodes = nodesRaw.map((raw) => {
+        if (typeof raw !== "object" || raw === null) {
+            return raw;
+        }
+        const n = raw;
+        if (n.type !== "code") {
+            return raw;
+        }
+        const id = n.id;
+        if (typeof id !== "string") {
+            return raw;
+        }
+        const prevCfg = typeof n.config === "object" && n.config !== null
+            ? { ...n.config }
+            : {};
+        if (codeNodeUsesLibrary(pipe, id)) {
+            delete prevCfg.studioSource;
+            return { ...n, config: prevCfg };
+        }
+        const rawSrc = single ? params.flowSourceCode : (params.sourcesByNodeId[id] ?? "");
+        const trimmed = typeof rawSrc === "string" ? rawSrc.slice(0, STUDIO_SOURCE_MAX_CHARS) : "";
+        return {
+            ...n,
+            config: { ...prevCfg, studioSource: trimmed },
+        };
+    });
+    return { ...p, nodes: newNodes };
+}

package/examples/forward-test-server.mjs

@@ -0,0 +1,30 @@
+import { createServer } from "node:http";
+
+const PORT = 4242;
+
+const server = createServer((req, res) => {
+  const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+
+  if (url.pathname !== "/webhook") {
+    res.writeHead(404, { "content-type": "text/plain" });
+    res.end("Not found. Use POST /webhook");
+    return;
+  }
+
+  const chunks = [];
+  req.on("data", (c) => chunks.push(c));
+  req.on("end", () => {
+    const raw = Buffer.concat(chunks).toString("utf8");
+    const ts = new Date().toISOString();
+    console.log(`\n--- ${ts} ${req.method} /webhook ---`);
+    console.log("Headers:", JSON.stringify(req.headers, null, 2));
+    console.log("Body:", raw || "(empty)");
+
+    res.writeHead(200, { "content-type": "application/json" });
+    res.end(JSON.stringify({ ok: true, receivedAt: ts }));
+  });
+});
+
+server.listen(PORT, "127.0.0.1", () => {
+  console.log(`Forward test server http://127.0.0.1:${PORT}/webhook (listening)`);
+});

package/examples/stripe-webhook/.eventpipe/bundle.js

@@ -0,0 +1,3 @@
+"use strict";var __eventpipeExports=(()=>{var s=Object.defineProperty;var i=Object.getOwnPropertyDescriptor;var l=Object.getOwnPropertyNames;var d=Object.prototype.hasOwnProperty;var c=(n,e)=>{for(var r in e)s(n,r,{get:e[r],enumerable:!0})},p=(n,e,r,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let t of l(e))!d.call(n,t)&&t!==r&&s(n,t,{get:()=>e[t],enumerable:!(o=i(e,t))||o.enumerable});return n};var h=n=>p(s({},"__esModule",{value:!0}),n);var u={};c(u,{handler:()=>a});async function a(n,e){let r=e.env?.STRIPE_SECRET_KEY?.trim()??"";if(!r)return{ok:!1,error:"Set STRIPE_SECRET_KEY in the flow environment (Event tab). Never use process.env in code boxes."};let o=await fetch("https://api.stripe.com/v1/balance",{method:"GET",headers:{Authorization:`Bearer ${r}`,"Stripe-Version":"2024-11-20.acacia"}}),t=await o.json();return o.ok?{ok:!0,available:t.available,pending:t.pending,livemode:t.livemode,note:"Uses REST only so the bundle stays under the 200KB per-node limit; the stripe npm package is too large to bundle here."}:{ok:!1,status:o.status,stripeError:t.error??t}}return h(u);})();
+
+;var handler = __eventpipeExports.handler;

package/examples/stripe-webhook/.eventpipe/code.bundle.js

@@ -0,0 +1,3 @@
+"use strict";var __eventpipeExports=(()=>{var s=Object.defineProperty;var i=Object.getOwnPropertyDescriptor;var l=Object.getOwnPropertyNames;var d=Object.prototype.hasOwnProperty;var c=(n,e)=>{for(var r in e)s(n,r,{get:e[r],enumerable:!0})},p=(n,e,r,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let t of l(e))!d.call(n,t)&&t!==r&&s(n,t,{get:()=>e[t],enumerable:!(o=i(e,t))||o.enumerable});return n};var h=n=>p(s({},"__esModule",{value:!0}),n);var u={};c(u,{handler:()=>a});async function a(n,e){let r=e.env?.STRIPE_SECRET_KEY?.trim()??"";if(!r)return{ok:!1,error:"Set STRIPE_SECRET_KEY in the flow environment (Event tab). Never use process.env in code boxes."};let o=await fetch("https://api.stripe.com/v1/balance",{method:"GET",headers:{Authorization:`Bearer ${r}`,"Stripe-Version":"2024-11-20.acacia"}}),t=await o.json();return o.ok?{ok:!0,available:t.available,pending:t.pending,livemode:t.livemode,note:"Uses REST only so the bundle stays under the 200KB per-node limit; the stripe npm package is too large to bundle here."}:{ok:!1,status:o.status,stripeError:t.error??t}}return h(u);})();
+
+;var handler = __eventpipeExports.handler;

package/examples/stripe-webhook/.eventpipe/code.reexport.ts

@@ -0,0 +1 @@
+export { handler } from "../src/handler.ts";

package/examples/stripe-webhook/.eventpipe/entry.reexport.ts

@@ -0,0 +1 @@
+export { handler } from "../src/handler.ts";

package/examples/stripe-webhook/README.md

@@ -0,0 +1,42 @@
+# Stripe balance (REST) — Event Pipe example
+
+This folder is a minimal **eventpipe** project: one code node that calls Stripe’s HTTP API with `context.env.STRIPE_SECRET_KEY`. Values are configured in the dashboard **Event** tab (`settings.env`), not in git.
+
+## Why not `import "stripe"`?
+
+The official `stripe` npm package bundles to **>200KB**, which exceeds the per-code-node limit enforced by the platform. This example uses `fetch` to `https://api.stripe.com/v1/balance` instead.
+
+## Setup
+
+1. Create a pipeline in the dashboard and copy its **pipeline ID** into `eventpipe.json` (`pipelineId`).
+2. Create an **API key** under account settings (used as `EVENTPIPE_API_KEY`).
+3. In the flow **Event** tab, set `STRIPE_SECRET_KEY` to your `sk_test_...` or `sk_live_...` secret.
+
+## Commands
+
+From the **`eventpipe-cli` repo root**:
+
+```bash
+pnpm install
+pnpm run build
+cd examples/stripe-webhook
+pnpm run build
+```
+
+Publish a new version (requires env):
+
+```bash
+export EVENTPIPE_BASE_URL=https://your-app.example.com
+export EVENTPIPE_API_KEY=evp_...
+pnpm run push
+```
+
+Override flow id without editing the file:
+
+```bash
+node ../../dist/cli.js push --dir . --flow "<uuid>"
+```
+
+## Contract
+
+`eventpipe.json` declares `envContract` for `STRIPE_SECRET_KEY` so the studio can show hints; runtime reads **`context.env.STRIPE_SECRET_KEY`** only.

package/examples/stripe-webhook/eventpipe.json

@@ -0,0 +1,28 @@
+{
+  "codeNodes": { "src/handler.ts": "nodo1", "src/other.ts": "nodo2" },
+  "pipelineId": "00000000-0000-0000-0000-000000000000",
+  "nodeId": "code",
+  "entry": "src/handler.ts",
+  "settings": {
+    "timeoutMs": 3000,
+    "pipe": {
+      "schemaVersion": 3,
+      "nodes": [
+        {
+          "id": "code",
+          "type": "code",
+          "config": {}
+        }
+      ],
+      "edges": [],
+      "envContract": {
+        "variables": [
+          {
+            "key": "STRIPE_SECRET_KEY",
+            "description": "Stripe secret key (sk_test_... or sk_live_...). Set values in the dashboard Event tab, not in this repo."
+          }
+        ]
+      }
+    }
+  }
+}