@fragno-dev/github-app-fragment 0.0.1

package/dist/cli/commands/webhooks.js

@@ -0,0 +1,122 @@
+import { baseArgs, createClientFromContext, parseJsonValue } from "../utils/options.js";
+import { printResult } from "../utils/output.js";
+import { resolveWebhookSecret } from "../utils/config.js";
+import { readFileSync } from "node:fs";
+import { define } from "gunshi";
+import { createHmac, randomUUID } from "node:crypto";
+
+//#region src/cli/commands/webhooks.ts
+const webhooksCommand = define({
+	name: "webhooks",
+	description: "Webhook utilities"
+});
+const isRecord = (value) => typeof value === "object" && value !== null;
+const resolvePayload = (ctx) => {
+	const payloadText = ctx.values["payload"];
+	const payloadFile = ctx.values["payload-file"];
+	if (payloadText && payloadFile) throw new Error("Provide either --payload or --payload-file, not both.");
+	if (payloadFile) {
+		const parsed = parseJsonValue("payload", readFileSync(payloadFile, "utf-8"));
+		if (!isRecord(parsed)) throw new Error("--payload-file must contain a JSON object");
+		return parsed;
+	}
+	if (payloadText) {
+		const parsed = parseJsonValue("payload", payloadText);
+		if (!isRecord(parsed)) throw new Error("--payload must be a JSON object");
+		return parsed;
+	}
+	return {};
+};
+const ensureInstallationId = (payload, installationId) => {
+	if (!installationId) return;
+	if (payload["installation_id"]) return;
+	const installation = payload["installation"];
+	if (isRecord(installation)) {
+		if ("id" in installation) return;
+		installation["id"] = installationId;
+		return;
+	}
+	payload["installation"] = { id: installationId };
+};
+const webhooksSendCommand = define({
+	name: "send",
+	description: "Send a signed webhook payload",
+	args: {
+		...baseArgs,
+		event: {
+			type: "string",
+			description: "GitHub event name"
+		},
+		action: {
+			type: "string",
+			description: "Action name"
+		},
+		"installation-id": {
+			type: "string",
+			description: "Installation ID"
+		},
+		delivery: {
+			type: "string",
+			description: "Delivery id (defaults to random UUID)"
+		},
+		payload: {
+			type: "string",
+			description: "Payload JSON string"
+		},
+		"payload-file": {
+			type: "string",
+			description: "Path to JSON payload file"
+		},
+		"webhook-secret": {
+			type: "string",
+			description: "Webhook secret (env: GITHUB_APP_WEBHOOK_SECRET)"
+		}
+	},
+	run: async (ctx) => {
+		const event = ctx.values["event"];
+		if (!event) throw new Error("Missing --event");
+		const payload = resolvePayload(ctx);
+		const action = ctx.values["action"];
+		const installationId = ctx.values["installation-id"];
+		if (action && typeof payload["action"] !== "string") payload["action"] = action;
+		ensureInstallationId(payload, installationId);
+		if (!payload["installation_id"] && !payload["installation"]) throw new Error("Payload must include installation info. Provide --installation-id or include installation data in the payload.");
+		const rawBody = JSON.stringify(payload);
+		const signature = createHmac("sha256", resolveWebhookSecret(ctx)).update(rawBody).digest("hex");
+		const client = createClientFromContext(ctx);
+		const delivery = ctx.values["delivery"] ?? randomUUID();
+		const response = await client.request({
+			method: "POST",
+			path: "/webhooks",
+			body: rawBody,
+			headers: {
+				"content-type": "application/json",
+				"x-github-event": event,
+				"x-github-delivery": delivery,
+				"x-hub-signature-256": `sha256=${signature}`
+			}
+		});
+		if (response.status === 204) {
+			printResult(void 0);
+			return;
+		}
+		const text = await response.text();
+		if (!text) {
+			printResult(void 0);
+			return;
+		}
+		let parsed = null;
+		try {
+			parsed = JSON.parse(text);
+		} catch {
+			parsed = null;
+		}
+		printResult(parsed ?? text);
+	}
+});
+const webhooksSubCommands = /* @__PURE__ */ new Map();
+webhooksSubCommands.set("send", webhooksSendCommand);
+
+//#endregion
+export { webhooksCommand, webhooksSubCommands };
+//# sourceMappingURL=webhooks.js.map

package/dist/cli/commands/webhooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhooks.js","names":[],"sources":["../../../src/cli/commands/webhooks.ts"],"sourcesContent":["import { createHmac, randomUUID } from \"node:crypto\";\nimport { readFileSync } from \"node:fs\";\n\nimport { define } from \"gunshi\";\n\nimport { resolveWebhookSecret } from \"../utils/config.js\";\nimport { baseArgs, createClientFromContext, parseJsonValue } from \"../utils/options.js\";\nimport { printResult } from \"../utils/output.js\";\n\nexport const webhooksCommand = define({\n  name: \"webhooks\",\n  description: \"Webhook utilities\",\n});\n\nconst isRecord = (value: unknown): value is Record<string, unknown> =>\n  typeof value === \"object\" && value !== null;\n\nconst resolvePayload = (ctx: { values: Record<string, unknown> }): Record<string, unknown> => {\n  const payloadText = ctx.values[\"payload\"] as string | undefined;\n  const payloadFile = ctx.values[\"payload-file\"] as string | undefined;\n\n  if (payloadText && payloadFile) {\n    throw new Error(\"Provide either --payload or --payload-file, not both.\");\n  }\n\n  if (payloadFile) {\n    const raw = readFileSync(payloadFile, \"utf-8\");\n    const parsed = parseJsonValue(\"payload\", raw);\n    if (!isRecord(parsed)) {\n      throw new Error(\"--payload-file must contain a JSON object\");\n    }\n    return parsed;\n  }\n\n  if (payloadText) {\n    const parsed = parseJsonValue(\"payload\", payloadText);\n    if (!isRecord(parsed)) {\n      throw new Error(\"--payload must be a JSON object\");\n    }\n    return parsed;\n  }\n\n  return {};\n};\n\nconst ensureInstallationId = (\n  payload: Record<string, unknown>,\n  installationId: string | undefined,\n) => {\n  if (!installationId) {\n    return;\n  }\n\n  if (payload[\"installation_id\"]) {\n    return;\n  }\n\n  const installation = payload[\"installation\"];\n  if (isRecord(installation)) {\n    if (\"id\" in installation) {\n      return;\n    }\n    installation[\"id\"] = installationId;\n    return;\n  }\n\n  payload[\"installation\"] = { id: installationId };\n};\n\nexport const webhooksSendCommand = define({\n  name: \"send\",\n  description: \"Send a signed webhook payload\",\n  args: {\n    ...baseArgs,\n    event: {\n      type: \"string\",\n      description: \"GitHub event name\",\n    },\n    action: {\n      type: \"string\",\n      description: \"Action name\",\n    },\n    \"installation-id\": {\n      type: \"string\",\n      description: \"Installation ID\",\n    },\n    delivery: {\n      type: \"string\",\n      description: \"Delivery id (defaults to random UUID)\",\n    },\n    payload: {\n      type: \"string\",\n      description: \"Payload JSON string\",\n    },\n    \"payload-file\": {\n      type: \"string\",\n      description: \"Path to JSON payload file\",\n    },\n    \"webhook-secret\": {\n      type: \"string\",\n      description: \"Webhook secret (env: GITHUB_APP_WEBHOOK_SECRET)\",\n    },\n  },\n  run: async (ctx) => {\n    const event = ctx.values[\"event\"] as string | undefined;\n    if (!event) {\n      throw new Error(\"Missing --event\");\n    }\n\n    const payload = resolvePayload(ctx);\n    const action = ctx.values[\"action\"] as string | undefined;\n    const installationId = ctx.values[\"installation-id\"] as string | undefined;\n\n    if (action && typeof payload[\"action\"] !== \"string\") {\n      payload[\"action\"] = action;\n    }\n\n    ensureInstallationId(payload, installationId);\n\n    if (!payload[\"installation_id\"] && !payload[\"installation\"]) {\n      throw new Error(\n        \"Payload must include installation info. Provide --installation-id or include installation data in the payload.\",\n      );\n    }\n\n    const rawBody = JSON.stringify(payload);\n    const secret = resolveWebhookSecret(ctx);\n    const signature = createHmac(\"sha256\", secret).update(rawBody).digest(\"hex\");\n\n    const client = createClientFromContext(ctx);\n    const delivery = (ctx.values[\"delivery\"] as string | undefined) ?? randomUUID();\n\n    const response = await client.request({\n      method: \"POST\",\n      path: \"/webhooks\",\n      body: rawBody,\n      headers: {\n        \"content-type\": \"application/json\",\n        \"x-github-event\": event,\n        \"x-github-delivery\": delivery,\n        \"x-hub-signature-256\": `sha256=${signature}`,\n      },\n    });\n\n    if (response.status === 204) {\n      printResult(undefined);\n      return;\n    }\n\n    const text = await response.text();\n    if (!text) {\n      printResult(undefined);\n      return;\n    }\n\n    let parsed: unknown = null;\n    try {\n      parsed = JSON.parse(text) as unknown;\n    } catch {\n      parsed = null;\n    }\n    printResult(parsed ?? text);\n  },\n});\n\nexport const webhooksSubCommands: Map<string, ReturnType<typeof define>> = new Map();\nwebhooksSubCommands.set(\"send\", webhooksSendCommand);\n"],"mappings":";;;;;;;;AASA,MAAa,kBAAkB,OAAO;CACpC,MAAM;CACN,aAAa;CACd,CAAC;AAEF,MAAM,YAAY,UAChB,OAAO,UAAU,YAAY,UAAU;AAEzC,MAAM,kBAAkB,QAAsE;CAC5F,MAAM,cAAc,IAAI,OAAO;CAC/B,MAAM,cAAc,IAAI,OAAO;AAE/B,KAAI,eAAe,YACjB,OAAM,IAAI,MAAM,wDAAwD;AAG1E,KAAI,aAAa;EAEf,MAAM,SAAS,eAAe,WADlB,aAAa,aAAa,QAAQ,CACD;AAC7C,MAAI,CAAC,SAAS,OAAO,CACnB,OAAM,IAAI,MAAM,4CAA4C;AAE9D,SAAO;;AAGT,KAAI,aAAa;EACf,MAAM,SAAS,eAAe,WAAW,YAAY;AACrD,MAAI,CAAC,SAAS,OAAO,CACnB,OAAM,IAAI,MAAM,kCAAkC;AAEpD,SAAO;;AAGT,QAAO,EAAE;;AAGX,MAAM,wBACJ,SACA,mBACG;AACH,KAAI,CAAC,eACH;AAGF,KAAI,QAAQ,mBACV;CAGF,MAAM,eAAe,QAAQ;AAC7B,KAAI,SAAS,aAAa,EAAE;AAC1B,MAAI,QAAQ,aACV;AAEF,eAAa,QAAQ;AACrB;;AAGF,SAAQ,kBAAkB,EAAE,IAAI,gBAAgB;;AAGlD,MAAa,sBAAsB,OAAO;CACxC,MAAM;CACN,aAAa;CACb,MAAM;EACJ,GAAG;EACH,OAAO;GACL,MAAM;GACN,aAAa;GACd;EACD,QAAQ;GACN,MAAM;GACN,aAAa;GACd;EACD,mBAAmB;GACjB,MAAM;GACN,aAAa;GACd;EACD,UAAU;GACR,MAAM;GACN,aAAa;GACd;EACD,SAAS;GACP,MAAM;GACN,aAAa;GACd;EACD,gBAAgB;GACd,MAAM;GACN,aAAa;GACd;EACD,kBAAkB;GAChB,MAAM;GACN,aAAa;GACd;EACF;CACD,KAAK,OAAO,QAAQ;EAClB,MAAM,QAAQ,IAAI,OAAO;AACzB,MAAI,CAAC,MACH,OAAM,IAAI,MAAM,kBAAkB;EAGpC,MAAM,UAAU,eAAe,IAAI;EACnC,MAAM,SAAS,IAAI,OAAO;EAC1B,MAAM,iBAAiB,IAAI,OAAO;AAElC,MAAI,UAAU,OAAO,QAAQ,cAAc,SACzC,SAAQ,YAAY;AAGtB,uBAAqB,SAAS,eAAe;AAE7C,MAAI,CAAC,QAAQ,sBAAsB,CAAC,QAAQ,gBAC1C,OAAM,IAAI,MACR,iHACD;EAGH,MAAM,UAAU,KAAK,UAAU,QAAQ;EAEvC,MAAM,YAAY,WAAW,UADd,qBAAqB,IAAI,CACM,CAAC,OAAO,QAAQ,CAAC,OAAO,MAAM;EAE5E,MAAM,SAAS,wBAAwB,IAAI;EAC3C,MAAM,WAAY,IAAI,OAAO,eAAsC,YAAY;EAE/E,MAAM,WAAW,MAAM,OAAO,QAAQ;GACpC,QAAQ;GACR,MAAM;GACN,MAAM;GACN,SAAS;IACP,gBAAgB;IAChB,kBAAkB;IAClB,qBAAqB;IACrB,uBAAuB,UAAU;IAClC;GACF,CAAC;AAEF,MAAI,SAAS,WAAW,KAAK;AAC3B,eAAY,OAAU;AACtB;;EAGF,MAAM,OAAO,MAAM,SAAS,MAAM;AAClC,MAAI,CAAC,MAAM;AACT,eAAY,OAAU;AACtB;;EAGF,IAAI,SAAkB;AACtB,MAAI;AACF,YAAS,KAAK,MAAM,KAAK;UACnB;AACN,YAAS;;AAEX,cAAY,UAAU,KAAK;;CAE9B,CAAC;AAEF,MAAa,sCAA8D,IAAI,KAAK;AACpF,oBAAoB,IAAI,QAAQ,oBAAoB"}

package/dist/cli/github/api.js

@@ -0,0 +1,94 @@
+import { App, Octokit } from "octokit";
+
+//#region src/github/api.ts
+const DEFAULT_API_BASE_URL = "https://api.github.com";
+const DEFAULT_API_VERSION = "2022-11-28";
+const createGitHubApiClient = (config, options = {}) => {
+	const fetchImpl = options.fetch ?? globalThis.fetch ?? void 0;
+	const apiBaseUrl = config.apiBaseUrl ?? DEFAULT_API_BASE_URL;
+	const apiVersion = config.apiVersion ?? DEFAULT_API_VERSION;
+	const OctokitForApp = Octokit.defaults({
+		baseUrl: apiBaseUrl,
+		request: {
+			...fetchImpl ? { fetch: fetchImpl } : {},
+			retries: 0
+		},
+		headers: { "x-github-api-version": apiVersion }
+	});
+	const octokitApp = new App({
+		appId: config.appId,
+		privateKey: config.privateKeyPem,
+		webhooks: { secret: config.webhookSecret },
+		Octokit: OctokitForApp
+	});
+	const app = {
+		octokit: octokitApp.octokit,
+		webhooks: octokitApp.webhooks,
+		getInstallationOctokit: async (installationId) => await octokitApp.getInstallationOctokit(installationId)
+	};
+	const resolveInstallationId = (installationId) => {
+		const numeric = Number.parseInt(installationId, 10);
+		if (!Number.isSafeInteger(numeric)) throw new Error(`Invalid installation id: ${installationId}`);
+		return numeric;
+	};
+	const getInstallationOctokit = async (installationId) => {
+		return await octokitApp.getInstallationOctokit(resolveInstallationId(installationId));
+	};
+	const listInstallationRepos = async (installationId) => {
+		const installationOctokit = await getInstallationOctokit(installationId);
+		const repositories = [];
+		const perPage = 100;
+		let page = 1;
+		while (true) {
+			const response = await installationOctokit.request("GET /installation/repositories", {
+				page,
+				per_page: perPage
+			});
+			const pageRepositories = response.data.repositories;
+			repositories.push(...pageRepositories);
+			const totalCount = response.data.total_count;
+			if (pageRepositories.length === 0) break;
+			if (typeof totalCount === "number" && repositories.length >= totalCount) break;
+			if (pageRepositories.length < perPage) break;
+			page += 1;
+		}
+		return { repositories };
+	};
+	const getInstallation = async (installationId) => {
+		const data = (await octokitApp.octokit.request("GET /app/installations/{installation_id}", { installation_id: resolveInstallationId(installationId) })).data;
+		const account = data.account;
+		if (!account || typeof account.id !== "number") throw new Error("GitHub installation response is missing account information.");
+		const accountLogin = "login" in account && typeof account.login === "string" && account.login.length > 0 ? account.login : "slug" in account && typeof account.slug === "string" && account.slug.length > 0 ? account.slug : String(account.id);
+		const accountType = "type" in account && typeof account.type === "string" && account.type.length > 0 ? account.type : "login" in account ? "User" : "Enterprise";
+		const status = typeof data.suspended_at === "string" && data.suspended_at.length > 0 ? "suspended" : "active";
+		return {
+			id: typeof data.id === "number" ? String(data.id) : installationId,
+			accountId: String(account.id),
+			accountLogin,
+			accountType,
+			status,
+			permissions: data.permissions ?? {},
+			events: data.events ?? []
+		};
+	};
+	const verifyWebhookSignature = async (options) => {
+		if (!options.signatureHeader) return false;
+		try {
+			return await octokitApp.webhooks.verify(options.payload, options.signatureHeader);
+		} catch {
+			return false;
+		}
+	};
+	return {
+		app,
+		apiVersion,
+		resolveInstallationId,
+		getInstallation,
+		listInstallationRepos,
+		verifyWebhookSignature
+	};
+};
+
+//#endregion
+export { createGitHubApiClient };
+//# sourceMappingURL=api.js.map

package/dist/cli/github/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","names":[],"sources":["../../../src/github/api.ts"],"sourcesContent":["import { App, Octokit } from \"octokit\";\n\nimport type { GitHubAppFragmentConfig } from \"./types\";\n\ntype GitHubApiClientOptions = {\n  fetch?: typeof fetch;\n};\n\ntype OctokitAppInstance = InstanceType<typeof App>;\ntype GitHubOctokit = OctokitAppInstance[\"octokit\"];\n\nexport type GitHubAppInstance = {\n  octokit: GitHubOctokit;\n  webhooks: OctokitAppInstance[\"webhooks\"];\n  getInstallationOctokit: (installationId: number) => Promise<GitHubOctokit>;\n};\n\nexport type GitHubInstallationRepository = {\n  id: number;\n  name: string;\n  full_name: string;\n  private: boolean;\n  fork?: boolean;\n  default_branch?: string | null;\n  owner: { login: string };\n};\n\nexport type GitHubInstallationDetails = {\n  id: string;\n  accountId: string;\n  accountLogin: string;\n  accountType: string;\n  status: \"active\" | \"suspended\";\n  permissions: Record<string, unknown>;\n  events: unknown[];\n};\n\ntype GitHubInstallationRepositoriesResponse = {\n  repositories: GitHubInstallationRepository[];\n};\n\nexport type GitHubApiClient = {\n  app: GitHubAppInstance;\n  apiVersion: string;\n  resolveInstallationId: (installationId: string) => number;\n  getInstallation: (installationId: string) => Promise<GitHubInstallationDetails>;\n  listInstallationRepos: (\n    installationId: string,\n  ) => Promise<GitHubInstallationRepositoriesResponse>;\n  verifyWebhookSignature: (options: {\n    payload: string;\n    signatureHeader: string | null;\n  }) => Promise<boolean>;\n};\n\nconst DEFAULT_API_BASE_URL = \"https://api.github.com\";\nconst DEFAULT_API_VERSION = \"2022-11-28\";\n\nexport const createGitHubApiClient = (\n  config: GitHubAppFragmentConfig,\n  options: GitHubApiClientOptions = {},\n): GitHubApiClient => {\n  const fetchImpl = options.fetch ?? globalThis.fetch ?? undefined;\n  const apiBaseUrl = config.apiBaseUrl ?? DEFAULT_API_BASE_URL;\n  const apiVersion = config.apiVersion ?? DEFAULT_API_VERSION;\n\n  const OctokitForApp = Octokit.defaults({\n    baseUrl: apiBaseUrl,\n    request: {\n      ...(fetchImpl ? { fetch: fetchImpl } : {}),\n      retries: 0,\n    },\n    headers: {\n      \"x-github-api-version\": apiVersion,\n    },\n  });\n\n  const octokitApp = new App({\n    appId: config.appId,\n    privateKey: config.privateKeyPem,\n    webhooks: { secret: config.webhookSecret },\n    Octokit: OctokitForApp,\n  });\n  const app: GitHubAppInstance = {\n    octokit: octokitApp.octokit,\n    webhooks: octokitApp.webhooks,\n    getInstallationOctokit: async (installationId) =>\n      await octokitApp.getInstallationOctokit(installationId),\n  };\n\n  const resolveInstallationId = (installationId: string) => {\n    const numeric = Number.parseInt(installationId, 10);\n    if (!Number.isSafeInteger(numeric)) {\n      throw new Error(`Invalid installation id: ${installationId}`);\n    }\n    return numeric;\n  };\n\n  const getInstallationOctokit = async (installationId: string) => {\n    return await octokitApp.getInstallationOctokit(resolveInstallationId(installationId));\n  };\n\n  const listInstallationRepos = async (installationId: string) => {\n    const installationOctokit = await getInstallationOctokit(installationId);\n\n    const repositories: GitHubInstallationRepository[] = [];\n    const perPage = 100;\n    let page = 1;\n\n    while (true) {\n      const response = await installationOctokit.request(\"GET /installation/repositories\", {\n        page,\n        per_page: perPage,\n      });\n      const pageRepositories = response.data.repositories;\n      repositories.push(...pageRepositories);\n\n      const totalCount = response.data.total_count;\n      if (pageRepositories.length === 0) {\n        break;\n      }\n      if (typeof totalCount === \"number\" && repositories.length >= totalCount) {\n        break;\n      }\n      if (pageRepositories.length < perPage) {\n        break;\n      }\n      page += 1;\n    }\n\n    return {\n      repositories,\n    } satisfies GitHubInstallationRepositoriesResponse;\n  };\n\n  const getInstallation = async (installationId: string): Promise<GitHubInstallationDetails> => {\n    const response = await octokitApp.octokit.request(\"GET /app/installations/{installation_id}\", {\n      installation_id: resolveInstallationId(installationId),\n    });\n\n    const data = response.data;\n    const account = data.account;\n    if (!account || typeof account.id !== \"number\") {\n      throw new Error(\"GitHub installation response is missing account information.\");\n    }\n\n    const accountLogin =\n      \"login\" in account && typeof account.login === \"string\" && account.login.length > 0\n        ? account.login\n        : \"slug\" in account && typeof account.slug === \"string\" && account.slug.length > 0\n          ? account.slug\n          : String(account.id);\n\n    const accountType =\n      \"type\" in account && typeof account.type === \"string\" && account.type.length > 0\n        ? account.type\n        : \"login\" in account\n          ? \"User\"\n          : \"Enterprise\";\n\n    const status: GitHubInstallationDetails[\"status\"] =\n      typeof data.suspended_at === \"string\" && data.suspended_at.length > 0\n        ? \"suspended\"\n        : \"active\";\n\n    return {\n      id: typeof data.id === \"number\" ? String(data.id) : installationId,\n      accountId: String(account.id),\n      accountLogin,\n      accountType,\n      status,\n      permissions: data.permissions ?? {},\n      events: data.events ?? [],\n    };\n  };\n\n  const verifyWebhookSignature = async (options: {\n    payload: string;\n    signatureHeader: string | null;\n  }) => {\n    if (!options.signatureHeader) {\n      return false;\n    }\n    try {\n      return await octokitApp.webhooks.verify(options.payload, options.signatureHeader);\n    } catch {\n      return false;\n    }\n  };\n\n  return {\n    app,\n    apiVersion,\n    resolveInstallationId,\n    getInstallation,\n    listInstallationRepos,\n    verifyWebhookSignature,\n  };\n};\n"],"mappings":";;;AAuDA,MAAM,uBAAuB;AAC7B,MAAM,sBAAsB;AAE5B,MAAa,yBACX,QACA,UAAkC,EAAE,KAChB;CACpB,MAAM,YAAY,QAAQ,SAAS,WAAW,SAAS;CACvD,MAAM,aAAa,OAAO,cAAc;CACxC,MAAM,aAAa,OAAO,cAAc;CAExC,MAAM,gBAAgB,QAAQ,SAAS;EACrC,SAAS;EACT,SAAS;GACP,GAAI,YAAY,EAAE,OAAO,WAAW,GAAG,EAAE;GACzC,SAAS;GACV;EACD,SAAS,EACP,wBAAwB,YACzB;EACF,CAAC;CAEF,MAAM,aAAa,IAAI,IAAI;EACzB,OAAO,OAAO;EACd,YAAY,OAAO;EACnB,UAAU,EAAE,QAAQ,OAAO,eAAe;EAC1C,SAAS;EACV,CAAC;CACF,MAAM,MAAyB;EAC7B,SAAS,WAAW;EACpB,UAAU,WAAW;EACrB,wBAAwB,OAAO,mBAC7B,MAAM,WAAW,uBAAuB,eAAe;EAC1D;CAED,MAAM,yBAAyB,mBAA2B;EACxD,MAAM,UAAU,OAAO,SAAS,gBAAgB,GAAG;AACnD,MAAI,CAAC,OAAO,cAAc,QAAQ,CAChC,OAAM,IAAI,MAAM,4BAA4B,iBAAiB;AAE/D,SAAO;;CAGT,MAAM,yBAAyB,OAAO,mBAA2B;AAC/D,SAAO,MAAM,WAAW,uBAAuB,sBAAsB,eAAe,CAAC;;CAGvF,MAAM,wBAAwB,OAAO,mBAA2B;EAC9D,MAAM,sBAAsB,MAAM,uBAAuB,eAAe;EAExE,MAAM,eAA+C,EAAE;EACvD,MAAM,UAAU;EAChB,IAAI,OAAO;AAEX,SAAO,MAAM;GACX,MAAM,WAAW,MAAM,oBAAoB,QAAQ,kCAAkC;IACnF;IACA,UAAU;IACX,CAAC;GACF,MAAM,mBAAmB,SAAS,KAAK;AACvC,gBAAa,KAAK,GAAG,iBAAiB;GAEtC,MAAM,aAAa,SAAS,KAAK;AACjC,OAAI,iBAAiB,WAAW,EAC9B;AAEF,OAAI,OAAO,eAAe,YAAY,aAAa,UAAU,WAC3D;AAEF,OAAI,iBAAiB,SAAS,QAC5B;AAEF,WAAQ;;AAGV,SAAO,EACL,cACD;;CAGH,MAAM,kBAAkB,OAAO,mBAA+D;EAK5F,MAAM,QAJW,MAAM,WAAW,QAAQ,QAAQ,4CAA4C,EAC5F,iBAAiB,sBAAsB,eAAe,EACvD,CAAC,EAEoB;EACtB,MAAM,UAAU,KAAK;AACrB,MAAI,CAAC,WAAW,OAAO,QAAQ,OAAO,SACpC,OAAM,IAAI,MAAM,+DAA+D;EAGjF,MAAM,eACJ,WAAW,WAAW,OAAO,QAAQ,UAAU,YAAY,QAAQ,MAAM,SAAS,IAC9E,QAAQ,QACR,UAAU,WAAW,OAAO,QAAQ,SAAS,YAAY,QAAQ,KAAK,SAAS,IAC7E,QAAQ,OACR,OAAO,QAAQ,GAAG;EAE1B,MAAM,cACJ,UAAU,WAAW,OAAO,QAAQ,SAAS,YAAY,QAAQ,KAAK,SAAS,IAC3E,QAAQ,OACR,WAAW,UACT,SACA;EAER,MAAM,SACJ,OAAO,KAAK,iBAAiB,YAAY,KAAK,aAAa,SAAS,IAChE,cACA;AAEN,SAAO;GACL,IAAI,OAAO,KAAK,OAAO,WAAW,OAAO,KAAK,GAAG,GAAG;GACpD,WAAW,OAAO,QAAQ,GAAG;GAC7B;GACA;GACA;GACA,aAAa,KAAK,eAAe,EAAE;GACnC,QAAQ,KAAK,UAAU,EAAE;GAC1B;;CAGH,MAAM,yBAAyB,OAAO,YAGhC;AACJ,MAAI,CAAC,QAAQ,gBACX,QAAO;AAET,MAAI;AACF,UAAO,MAAM,WAAW,SAAS,OAAO,QAAQ,SAAS,QAAQ,gBAAgB;UAC3E;AACN,UAAO;;;AAIX,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACD"}

package/dist/cli/github/definition.js

@@ -0,0 +1,15 @@
+import { githubAppSchema } from "../schema.js";
+import { createGitHubApiClient } from "./api.js";
+import { createWebhookProcessor } from "./webhook-processing.js";
+import { withDatabase } from "@fragno-dev/db";
+import { defineFragment } from "@fragno-dev/core";
+
+//#region src/github/definition.ts
+const githubAppFragmentDefinition = defineFragment("github-app-fragment").extend(withDatabase(githubAppSchema)).withDependencies(({ config }) => ({ githubApiClient: createGitHubApiClient(config) })).providesBaseService(({ deps, defineService }) => defineService({
+	app: deps.githubApiClient.app,
+	githubApiClient: deps.githubApiClient
+})).provideHooks(({ defineHook, config }) => ({ processWebhook: defineHook(createWebhookProcessor({ webhook: config.webhook })) })).build();
+
+//#endregion
+export { githubAppFragmentDefinition };
+//# sourceMappingURL=definition.js.map

package/dist/cli/github/definition.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"definition.js","names":[],"sources":["../../../src/github/definition.ts"],"sourcesContent":["import { defineFragment } from \"@fragno-dev/core\";\nimport { withDatabase } from \"@fragno-dev/db\";\n\nimport { githubAppSchema } from \"../schema\";\nimport { createGitHubApiClient } from \"./api\";\nimport type { GitHubAppFragmentConfig } from \"./types\";\nimport { createWebhookProcessor } from \"./webhook-processing\";\n\nexport type GitHubAppFragmentDependencies = {\n  githubApiClient: ReturnType<typeof createGitHubApiClient>;\n};\nexport type GitHubAppFragmentServices = {\n  app: ReturnType<typeof createGitHubApiClient>[\"app\"];\n  githubApiClient: ReturnType<typeof createGitHubApiClient>;\n};\n\nexport const githubAppFragmentDefinition = defineFragment<GitHubAppFragmentConfig>(\n  \"github-app-fragment\",\n)\n  .extend(withDatabase(githubAppSchema))\n  .withDependencies(({ config }) => ({\n    githubApiClient: createGitHubApiClient(config),\n  }))\n  .providesBaseService(({ deps, defineService }) =>\n    defineService({\n      app: deps.githubApiClient.app,\n      githubApiClient: deps.githubApiClient,\n    }),\n  )\n  .provideHooks(({ defineHook, config }) => ({\n    processWebhook: defineHook(\n      createWebhookProcessor({\n        webhook: config.webhook,\n      }),\n    ),\n  }))\n  .build();\n"],"mappings":";;;;;;;AAgBA,MAAa,8BAA8B,eACzC,sBACD,CACE,OAAO,aAAa,gBAAgB,CAAC,CACrC,kBAAkB,EAAE,cAAc,EACjC,iBAAiB,sBAAsB,OAAO,EAC/C,EAAE,CACF,qBAAqB,EAAE,MAAM,oBAC5B,cAAc;CACZ,KAAK,KAAK,gBAAgB;CAC1B,iBAAiB,KAAK;CACvB,CAAC,CACH,CACA,cAAc,EAAE,YAAY,cAAc,EACzC,gBAAgB,WACd,uBAAuB,EACrB,SAAS,OAAO,SACjB,CAAC,CACH,EACF,EAAE,CACF,OAAO"}

package/dist/cli/github/factory.js

@@ -0,0 +1,12 @@
+import { githubAppFragmentDefinition } from "./definition.js";
+import { githubAppRoutesFactory } from "../routes.js";
+import { instantiate } from "@fragno-dev/core";
+
+//#region src/github/factory.ts
+function createGitHubAppFragment(config, options) {
+	return instantiate(githubAppFragmentDefinition).withConfig(config).withRoutes([githubAppRoutesFactory]).withOptions(options).build();
+}
+
+//#endregion
+export { createGitHubAppFragment };
+//# sourceMappingURL=factory.js.map

package/dist/cli/github/factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.js","names":[],"sources":["../../../src/github/factory.ts"],"sourcesContent":["import { instantiate } from \"@fragno-dev/core\";\nimport type { FragnoPublicConfigWithDatabase } from \"@fragno-dev/db\";\n\nimport { githubAppRoutesFactory } from \"../routes\";\nimport { githubAppFragmentDefinition, type GitHubAppFragmentServices } from \"./definition\";\nimport type { GitHubAppFragmentConfig } from \"./types\";\n\nexport function createGitHubAppFragment(\n  config: GitHubAppFragmentConfig,\n  options: FragnoPublicConfigWithDatabase,\n) {\n  return instantiate(githubAppFragmentDefinition)\n    .withConfig(config)\n    .withRoutes([githubAppRoutesFactory])\n    .withOptions(options)\n    .build();\n}\n\nexport function getGitHubApiClientFromFragment(fragment: { services: GitHubAppFragmentServices }) {\n  return fragment.services.githubApiClient;\n}\n\nexport function getGitHubAppFromFragment(fragment: { services: GitHubAppFragmentServices }) {\n  return fragment.services.app;\n}\n"],"mappings":";;;;;AAOA,SAAgB,wBACd,QACA,SACA;AACA,QAAO,YAAY,4BAA4B,CAC5C,WAAW,OAAO,CAClB,WAAW,CAAC,uBAAuB,CAAC,CACpC,YAAY,QAAQ,CACpB,OAAO"}

package/dist/cli/github/repo-sync.js

@@ -0,0 +1,33 @@
+import "../schema.js";
+
+//#region src/github/repo-sync.ts
+const toRepoRecord = (installationId, repo, now) => {
+	const ownerLogin = repo.owner?.login ?? "";
+	const record = {
+		id: `${repo.id}`,
+		installationId,
+		ownerLogin,
+		name: repo.name,
+		fullName: repo.full_name ?? `${ownerLogin}/${repo.name}`,
+		isPrivate: Boolean(repo.private),
+		removedAt: null,
+		updatedAt: now
+	};
+	if (repo.fork !== void 0) record.isFork = Boolean(repo.fork);
+	if (repo.default_branch !== void 0) record.defaultBranch = repo.default_branch ?? null;
+	return record;
+};
+const toRepoCreateRecord = (record) => ({
+	...record,
+	isFork: record.isFork ?? null,
+	defaultBranch: record.defaultBranch ?? null
+});
+const hasRepoChanges = (existing, record) => {
+	const forkChanged = typeof record.isFork === "boolean" && existing.isFork !== record.isFork;
+	const defaultBranchChanged = record.defaultBranch !== void 0 && (existing.defaultBranch ?? null) !== record.defaultBranch;
+	return existing.ownerLogin !== record.ownerLogin || existing.name !== record.name || existing.fullName !== record.fullName || existing.isPrivate !== record.isPrivate || forkChanged || defaultBranchChanged || existing.installationId == null || existing.removedAt !== null;
+};
+
+//#endregion
+export { hasRepoChanges, toRepoCreateRecord, toRepoRecord };
+//# sourceMappingURL=repo-sync.js.map

package/dist/cli/github/repo-sync.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo-sync.js","names":[],"sources":["../../../src/github/repo-sync.ts"],"sourcesContent":["import type { TableToColumnValues } from \"@fragno-dev/db/query\";\n\nimport { githubAppSchema } from \"../schema\";\nimport type { GitHubInstallationRepository } from \"./api\";\n\nexport type InstallationRepoRow = TableToColumnValues<\n  (typeof githubAppSchema)[\"tables\"][\"installation_repo\"]\n>;\n\nexport type RepoRecord = {\n  id: string;\n  installationId: string;\n  ownerLogin: string;\n  name: string;\n  fullName: string;\n  isPrivate: boolean;\n  isFork?: boolean;\n  defaultBranch?: string | null;\n  removedAt: null;\n  updatedAt: Date;\n};\n\nexport type RepoCreateRecord = Omit<RepoRecord, \"isFork\" | \"defaultBranch\"> & {\n  isFork: boolean | null;\n  defaultBranch: string | null;\n};\n\nexport const toRepoRecord = (\n  installationId: string,\n  repo: GitHubInstallationRepository,\n  now: Date,\n): RepoRecord => {\n  const ownerLogin = repo.owner?.login ?? \"\";\n  const record: RepoRecord = {\n    id: `${repo.id}`,\n    installationId,\n    ownerLogin,\n    name: repo.name,\n    fullName: repo.full_name ?? `${ownerLogin}/${repo.name}`,\n    isPrivate: Boolean(repo.private),\n    removedAt: null,\n    updatedAt: now,\n  };\n\n  if (repo.fork !== undefined) {\n    record.isFork = Boolean(repo.fork);\n  }\n  if (repo.default_branch !== undefined) {\n    record.defaultBranch = repo.default_branch ?? null;\n  }\n\n  return record;\n};\n\nexport const toRepoCreateRecord = (record: RepoRecord): RepoCreateRecord => ({\n  ...record,\n  isFork: record.isFork ?? null,\n  defaultBranch: record.defaultBranch ?? null,\n});\n\nexport const hasRepoChanges = (existing: InstallationRepoRow, record: RepoRecord) => {\n  const forkChanged = typeof record.isFork === \"boolean\" && existing.isFork !== record.isFork;\n  const defaultBranchChanged =\n    record.defaultBranch !== undefined && (existing.defaultBranch ?? null) !== record.defaultBranch;\n\n  return (\n    existing.ownerLogin !== record.ownerLogin ||\n    existing.name !== record.name ||\n    existing.fullName !== record.fullName ||\n    existing.isPrivate !== record.isPrivate ||\n    forkChanged ||\n    defaultBranchChanged ||\n    existing.installationId == null ||\n    existing.removedAt !== null\n  );\n};\n"],"mappings":";;;AA2BA,MAAa,gBACX,gBACA,MACA,QACe;CACf,MAAM,aAAa,KAAK,OAAO,SAAS;CACxC,MAAM,SAAqB;EACzB,IAAI,GAAG,KAAK;EACZ;EACA;EACA,MAAM,KAAK;EACX,UAAU,KAAK,aAAa,GAAG,WAAW,GAAG,KAAK;EAClD,WAAW,QAAQ,KAAK,QAAQ;EAChC,WAAW;EACX,WAAW;EACZ;AAED,KAAI,KAAK,SAAS,OAChB,QAAO,SAAS,QAAQ,KAAK,KAAK;AAEpC,KAAI,KAAK,mBAAmB,OAC1B,QAAO,gBAAgB,KAAK,kBAAkB;AAGhD,QAAO;;AAGT,MAAa,sBAAsB,YAA0C;CAC3E,GAAG;CACH,QAAQ,OAAO,UAAU;CACzB,eAAe,OAAO,iBAAiB;CACxC;AAED,MAAa,kBAAkB,UAA+B,WAAuB;CACnF,MAAM,cAAc,OAAO,OAAO,WAAW,aAAa,SAAS,WAAW,OAAO;CACrF,MAAM,uBACJ,OAAO,kBAAkB,WAAc,SAAS,iBAAiB,UAAU,OAAO;AAEpF,QACE,SAAS,eAAe,OAAO,cAC/B,SAAS,SAAS,OAAO,QACzB,SAAS,aAAa,OAAO,YAC7B,SAAS,cAAc,OAAO,aAC9B,eACA,wBACA,SAAS,kBAAkB,QAC3B,SAAS,cAAc"}

package/dist/cli/github/utils.js

@@ -0,0 +1,23 @@
+import { FragnoId } from "@fragno-dev/db/schema";
+
+//#region src/github/utils.ts
+const isRecord = (value) => typeof value === "object" && value !== null;
+const toExternalId = (value) => {
+	if (value === null || value === void 0) return "";
+	if (typeof value === "string") return value;
+	if (typeof value === "number") return `${value}`;
+	if (value instanceof FragnoId) return value.externalId;
+	throw new Error("Expected external id to be a string, number, or FragnoId.");
+};
+const toStringValue = (value) => toExternalId(value);
+const normalizeJoinedLinks = (links) => {
+	return (Array.isArray(links) ? links : links ? [links] : []).filter((link) => typeof link.linkKey === "string" && link.linkKey.length > 0);
+};
+const normalizeJoinedInstallation = (installation) => {
+	if (!installation) return null;
+	return toExternalId(installation.id) ? installation : null;
+};
+
+//#endregion
+export { isRecord, normalizeJoinedInstallation, normalizeJoinedLinks, toExternalId, toStringValue };
+//# sourceMappingURL=utils.js.map

package/dist/cli/github/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","names":[],"sources":["../../../src/github/utils.ts"],"sourcesContent":["import { FragnoId } from \"@fragno-dev/db/schema\";\n\nexport const isRecord = (value: unknown): value is Record<string, unknown> =>\n  typeof value === \"object\" && value !== null;\n\nexport const toExternalId = (value: unknown) => {\n  if (value === null || value === undefined) {\n    return \"\";\n  }\n  if (typeof value === \"string\") {\n    return value;\n  }\n  if (typeof value === \"number\") {\n    return `${value}`;\n  }\n  if (value instanceof FragnoId) {\n    return value.externalId;\n  }\n  throw new Error(\"Expected external id to be a string, number, or FragnoId.\");\n};\n\nexport const toStringValue = (value: unknown) => toExternalId(value);\n\nexport const normalizeJoinedLinks = <T extends { linkKey?: string | null }>(\n  links: T | T[] | null | undefined,\n) => {\n  const entries = Array.isArray(links) ? links : links ? [links] : [];\n  return entries.filter((link) => typeof link.linkKey === \"string\" && link.linkKey.length > 0);\n};\n\nexport const normalizeJoinedInstallation = <T extends { id?: unknown }>(\n  installation: T | null | undefined,\n) => {\n  if (!installation) {\n    return null;\n  }\n  return toExternalId(installation.id) ? installation : null;\n};\n"],"mappings":";;;AAEA,MAAa,YAAY,UACvB,OAAO,UAAU,YAAY,UAAU;AAEzC,MAAa,gBAAgB,UAAmB;AAC9C,KAAI,UAAU,QAAQ,UAAU,OAC9B,QAAO;AAET,KAAI,OAAO,UAAU,SACnB,QAAO;AAET,KAAI,OAAO,UAAU,SACnB,QAAO,GAAG;AAEZ,KAAI,iBAAiB,SACnB,QAAO,MAAM;AAEf,OAAM,IAAI,MAAM,4DAA4D;;AAG9E,MAAa,iBAAiB,UAAmB,aAAa,MAAM;AAEpE,MAAa,wBACX,UACG;AAEH,SADgB,MAAM,QAAQ,MAAM,GAAG,QAAQ,QAAQ,CAAC,MAAM,GAAG,EAAE,EACpD,QAAQ,SAAS,OAAO,KAAK,YAAY,YAAY,KAAK,QAAQ,SAAS,EAAE;;AAG9F,MAAa,+BACX,iBACG;AACH,KAAI,CAAC,aACH,QAAO;AAET,QAAO,aAAa,aAAa,GAAG,GAAG,eAAe"}

package/dist/cli/github/webhook-processing.js

@@ -0,0 +1,247 @@
+import { githubAppSchema } from "../schema.js";
+import { hasRepoChanges, toRepoCreateRecord, toRepoRecord } from "./repo-sync.js";
+import { normalizeJoinedLinks, toExternalId } from "./utils.js";
+
+//#region src/github/webhook-processing.ts
+const SUPPORTED_EVENTS = ["installation", "installation_repositories"];
+function asSupportedWebhook(data) {
+	if (!SUPPORTED_EVENTS.includes(data.event)) return null;
+	return data;
+}
+const toEmitterWebhookEvent = (data) => {
+	return {
+		id: data.deliveryId,
+		name: data.event,
+		payload: data.payload
+	};
+};
+const createWebhookEventDispatcher = (configureOn) => {
+	const handlersByEvent = /* @__PURE__ */ new Map();
+	const registerOn = (event, handler) => {
+		const events = Array.isArray(event) ? event : [event];
+		for (const eventName of events) {
+			const handlers = handlersByEvent.get(eventName);
+			if (handlers) handlers.push(handler);
+			else handlersByEvent.set(eventName, [handler]);
+		}
+	};
+	configureOn?.(registerOn);
+	return async (event, idempotencyKey) => {
+		if (handlersByEvent.size === 0) return;
+		const action = "action" in event.payload && typeof event.payload.action === "string" ? event.payload.action : null;
+		const dispatchEvents = action ? [`${event.name}.${action}`, event.name] : [event.name];
+		const handlers = [];
+		for (const eventName of dispatchEvents) {
+			const registered = handlersByEvent.get(eventName);
+			if (registered && registered.length > 0) handlers.push(...registered);
+		}
+		if (handlers.length === 0) return;
+		const failures = (await Promise.allSettled(handlers.map(async (handler) => await handler(event, idempotencyKey)))).filter((result) => result.status === "rejected").map((result) => result.reason);
+		if (failures.length === 1) throw failures[0];
+		if (failures.length > 1) throw new AggregateError(failures, "One or more configured webhook handlers failed.");
+	};
+};
+const normalizeInstallationStatus = (action) => {
+	switch (action) {
+		case "created":
+		case "new_permissions_accepted":
+		case "unsuspend": return "active";
+		case "suspend": return "suspended";
+		case "deleted": return "deleted";
+		default: return null;
+	}
+};
+const resolveReceivedAt = (receivedAt) => {
+	if (!receivedAt) return /* @__PURE__ */ new Date();
+	const parsed = new Date(receivedAt);
+	return Number.isNaN(parsed.getTime()) ? /* @__PURE__ */ new Date() : parsed;
+};
+const parseOwnerLoginFromFullName = (fullName) => {
+	const separatorIndex = fullName.indexOf("/");
+	if (separatorIndex <= 0) return "";
+	return fullName.slice(0, separatorIndex);
+};
+const toInstallationRepoFromWebhookRepository = (repo) => {
+	const ownerLogin = parseOwnerLoginFromFullName(repo.full_name);
+	const mapped = {
+		id: repo.id,
+		name: repo.name,
+		full_name: repo.full_name,
+		private: repo.private,
+		owner: { login: ownerLogin }
+	};
+	if ("fork" in repo && typeof repo.fork === "boolean") mapped.fork = repo.fork;
+	if ("default_branch" in repo) {
+		const defaultBranch = repo.default_branch;
+		if (typeof defaultBranch === "string" || defaultBranch === null) mapped.default_branch = defaultBranch;
+	}
+	return mapped;
+};
+function extractAccountFromInstallation(installation) {
+	const account = installation.account;
+	if (!account) throw new Error("Webhook payload installation missing account");
+	const accountId = `${account.id}`;
+	if ("login" in account) return {
+		accountId,
+		accountLogin: account.login,
+		accountType: account.type ?? ""
+	};
+	return {
+		accountId,
+		accountLogin: account.slug,
+		accountType: "Enterprise"
+	};
+}
+const isRepoSyncAction = (action) => {
+	return action === "created" || action === "new_permissions_accepted";
+};
+const toRepoUpdateData = (record, now) => ({
+	installationId: record.installationId,
+	ownerLogin: record.ownerLogin,
+	name: record.name,
+	fullName: record.fullName,
+	isPrivate: record.isPrivate,
+	...record.isFork !== void 0 ? { isFork: record.isFork } : {},
+	...record.defaultBranch !== void 0 ? { defaultBranch: record.defaultBranch } : {},
+	removedAt: null,
+	updatedAt: now
+});
+const createWebhookProcessor = (config = {}) => {
+	const dispatchWebhookEvent = createWebhookEventDispatcher(config.webhook);
+	return async function processWebhook(data) {
+		const emitterEvent = toEmitterWebhookEvent(data);
+		const webhook = asSupportedWebhook(data);
+		if (!webhook) {
+			await dispatchWebhookEvent(emitterEvent, this.idempotencyKey);
+			return;
+		}
+		const { event, action, payload } = webhook;
+		const now = resolveReceivedAt(data.receivedAt);
+		const installationId = data.installationId;
+		const installation = payload.installation;
+		if (!installation) throw new Error("Webhook payload missing installation (required for installation events)");
+		const { accountId, accountLogin, accountType } = extractAccountFromInstallation(installation);
+		const statusOverride = normalizeInstallationStatus(action);
+		const needsRepoSync = event === "installation_repositories" || event === "installation" && isRepoSyncAction(action);
+		let existingInstallation = null;
+		let existingRepos = [];
+		if (needsRepoSync) [existingInstallation, existingRepos] = await this.handlerTx().retrieve(({ forSchema }) => {
+			return forSchema(githubAppSchema).findFirst("installation", (b) => b.whereIndex("uniq_installation_id", (eb) => eb("id", "=", installationId))).find("installation_repo", (b) => b.whereIndex("idx_installation_repo_installation", (eb) => eb("installationId", "=", installationId)).join((jb) => jb.links()));
+		}).execute();
+		else [existingInstallation] = await this.handlerTx().retrieve(({ forSchema }) => {
+			return forSchema(githubAppSchema).findFirst("installation", (b) => b.whereIndex("uniq_installation_id", (eb) => eb("id", "=", installationId)));
+		}).execute();
+		const existingStatus = existingInstallation && typeof existingInstallation.status === "string" ? existingInstallation.status : null;
+		const installationUpdate = {
+			accountId,
+			accountLogin,
+			accountType,
+			status: statusOverride || existingStatus || "active",
+			permissions: installation.permissions ?? existingInstallation?.permissions ?? null,
+			events: installation.events ?? existingInstallation?.events ?? null,
+			updatedAt: now,
+			lastWebhookAt: now
+		};
+		const creates = [];
+		const updates = [];
+		const removals = [];
+		const linksToDelete = [];
+		if (needsRepoSync) {
+			const existingById = /* @__PURE__ */ new Map();
+			for (const repo of existingRepos) {
+				const id = toExternalId(repo.id);
+				if (id) existingById.set(id, repo);
+			}
+			const repoLinksByRepoId = /* @__PURE__ */ new Map();
+			for (const repo of existingRepos) {
+				const repoId = toExternalId(repo.id);
+				if (!repoId) continue;
+				const linkEntries = normalizeJoinedLinks(repo.links);
+				if (linkEntries.length === 0) continue;
+				repoLinksByRepoId.set(repoId, linkEntries);
+			}
+			if (event === "installation") {
+				const repos = (payload.repositories ?? []).map(toInstallationRepoFromWebhookRepository);
+				const seen = /* @__PURE__ */ new Set();
+				for (const repo of repos) {
+					const record = toRepoRecord(installationId, repo, now);
+					seen.add(record.id);
+					const existing = existingById.get(record.id);
+					if (!existing) {
+						creates.push(record);
+						continue;
+					}
+					if (hasRepoChanges(existing, record)) updates.push({
+						id: existing.id,
+						data: toRepoUpdateData(record, now)
+					});
+				}
+				for (const [repoId, repo] of existingById.entries()) {
+					if (seen.has(repoId)) continue;
+					if (repo.removedAt === null) {
+						removals.push(repo.id);
+						const links = repoLinksByRepoId.get(repoId);
+						if (links) for (const link of links) linksToDelete.push(link.id);
+					}
+				}
+			}
+			if (event === "installation_repositories") {
+				const added = payload.repositories_added;
+				const removed = payload.repositories_removed;
+				for (const repo of added) {
+					const record = toRepoRecord(installationId, toInstallationRepoFromWebhookRepository(repo), now);
+					const existing = existingById.get(record.id);
+					if (!existing) {
+						creates.push(record);
+						continue;
+					}
+					if (hasRepoChanges(existing, record)) updates.push({
+						id: existing.id,
+						data: toRepoUpdateData(record, now)
+					});
+				}
+				for (const repo of removed) {
+					const repoId = toExternalId(repo.id) || null;
+					if (!repoId) continue;
+					const existing = existingById.get(repoId);
+					if (existing && existing.removedAt === null) {
+						removals.push(existing.id);
+						const links = repoLinksByRepoId.get(repoId);
+						if (links) for (const link of links) linksToDelete.push(link.id);
+					}
+				}
+			}
+		}
+		const hasRepoMutations = creates.length > 0 || updates.length > 0 || removals.length > 0 || linksToDelete.length > 0;
+		await this.handlerTx().mutate(({ forSchema }) => {
+			const uow = forSchema(githubAppSchema);
+			if (existingInstallation) uow.update("installation", installationId, (b) => b.set(installationUpdate));
+			else uow.create("installation", {
+				id: installationId,
+				accountId: installationUpdate.accountId,
+				accountLogin: installationUpdate.accountLogin,
+				accountType: installationUpdate.accountType,
+				status: installationUpdate.status,
+				permissions: installationUpdate.permissions,
+				events: installationUpdate.events,
+				createdAt: now,
+				updatedAt: now,
+				lastWebhookAt: now
+			});
+			if (hasRepoMutations) {
+				for (const record of creates) uow.create("installation_repo", toRepoCreateRecord(record));
+				for (const update of updates) uow.update("installation_repo", update.id, (b) => b.set(update.data));
+				for (const id of removals) uow.update("installation_repo", id, (b) => b.set({
+					removedAt: now,
+					updatedAt: now
+				}));
+				for (const id of linksToDelete) uow.delete("repo_link", id);
+			}
+		}).execute();
+		await dispatchWebhookEvent(emitterEvent, this.idempotencyKey);
+	};
+};
+
+//#endregion
+export { createWebhookProcessor };
+//# sourceMappingURL=webhook-processing.js.map