@glubean/cli 0.5.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/contracts.d.ts +1 -4
- package/dist/commands/contracts.d.ts.map +1 -1
- package/dist/commands/contracts.js +11 -241
- package/dist/commands/contracts.js.map +1 -1
- package/dist/commands/load.d.ts +54 -0
- package/dist/commands/load.d.ts.map +1 -0
- package/dist/commands/load.js +270 -0
- package/dist/commands/load.js.map +1 -0
- package/dist/commands/migrate.js +3 -1
- package/dist/commands/migrate.js.map +1 -1
- package/dist/commands/run.d.ts +10 -27
- package/dist/commands/run.d.ts.map +1 -1
- package/dist/commands/run.js +111 -106
- package/dist/commands/run.js.map +1 -1
- package/dist/commands/scan.d.ts.map +1 -1
- package/dist/commands/scan.js +5 -1
- package/dist/commands/scan.js.map +1 -1
- package/dist/commands/validate_metadata.d.ts.map +1 -1
- package/dist/commands/validate_metadata.js +5 -1
- package/dist/commands/validate_metadata.js.map +1 -1
- package/dist/lib/config.d.ts +2 -1
- package/dist/lib/config.d.ts.map +1 -1
- package/dist/lib/config.js +3 -1
- package/dist/lib/config.js.map +1 -1
- package/dist/lib/redact-metadata.d.ts +47 -0
- package/dist/lib/redact-metadata.d.ts.map +1 -0
- package/dist/lib/redact-metadata.js +84 -0
- package/dist/lib/redact-metadata.js.map +1 -0
- package/dist/lib/upload.d.ts +20 -1
- package/dist/lib/upload.d.ts.map +1 -1
- package/dist/lib/upload.js.map +1 -1
- package/dist/main.d.ts.map +1 -1
- package/dist/main.js +11 -0
- package/dist/main.js.map +1 -1
- package/dist/metadata.d.ts +18 -1
- package/dist/metadata.d.ts.map +1 -1
- package/dist/metadata.js +48 -2
- package/dist/metadata.js.map +1 -1
- package/package.json +9 -6
package/dist/metadata.js
CHANGED
|
@@ -31,7 +31,7 @@ export function deriveMetadataStats(files) {
|
|
|
31
31
|
tags: Array.from(allTags).sort(),
|
|
32
32
|
};
|
|
33
33
|
}
|
|
34
|
-
export async function computeRootHash(files, contracts) {
|
|
34
|
+
export async function computeRootHash(files, contracts, workflows) {
|
|
35
35
|
const entries = Object.entries(files).sort(([a], [b]) => a.localeCompare(b));
|
|
36
36
|
const parts = entries.map(([path, meta]) => `${path}:${meta.hash}`);
|
|
37
37
|
// Include contract metadata in hash so contract changes affect rootHash
|
|
@@ -41,6 +41,15 @@ export async function computeRootHash(files, contracts) {
|
|
|
41
41
|
.digest("hex");
|
|
42
42
|
parts.push(`__contracts__:sha256-${contractHash}`);
|
|
43
43
|
}
|
|
44
|
+
// Same for workflow projections (S2.6) — a grade/shape change must change
|
|
45
|
+
// the rootHash. Only added when present, so workflow-free projects keep
|
|
46
|
+
// their existing hashes.
|
|
47
|
+
if (workflows && workflows.length > 0) {
|
|
48
|
+
const workflowHash = createHash("sha256")
|
|
49
|
+
.update(JSON.stringify(workflows))
|
|
50
|
+
.digest("hex");
|
|
51
|
+
parts.push(`__workflows__:sha256-${workflowHash}`);
|
|
52
|
+
}
|
|
44
53
|
const hash = createHash("sha256").update(parts.join("\n")).digest("hex");
|
|
45
54
|
return `sha256-${hash}`;
|
|
46
55
|
}
|
|
@@ -48,7 +57,26 @@ export async function buildMetadata(scanResult, options) {
|
|
|
48
57
|
const normalizedFiles = normalizeFileMap(scanResult.files);
|
|
49
58
|
const stats = deriveMetadataStats(normalizedFiles);
|
|
50
59
|
const contracts = scanResult.contracts;
|
|
51
|
-
const
|
|
60
|
+
const workflows = scanResult.workflows;
|
|
61
|
+
// rootHash hashes the DOWN-CONVERTED `contracts` (not the rich
|
|
62
|
+
// `contractsProjection`). This is deliberate, NOT an oversight (codex 0.6
|
|
63
|
+
// P2): rootHash is the ON-DISK bundle-integrity hash — `validate_metadata`
|
|
64
|
+
// recomputes it from the metadata.json fields (files + contracts +
|
|
65
|
+
// workflows). The rich projection is UPLOAD-ONLY (off disk, includeProjection
|
|
66
|
+
// below), so hashing it here would make the upload's rootHash diverge from
|
|
67
|
+
// `glubean scan`'s and break that self-check. Consequence: a contract change
|
|
68
|
+
// that touches ONLY rich-projection fields (a response-body schema, a
|
|
69
|
+
// verifyRule) — which the flat `contracts` drops — does not move rootHash.
|
|
70
|
+
// That is fine: rootHash is bundle integrity, NOT the projection's version
|
|
71
|
+
// identity. The projection's identity is the server-side `canonicalHash`
|
|
72
|
+
// (shape-identity proposal §5.3), computed over the FULL projection in the
|
|
73
|
+
// derive job. Uploads are never deduped by rootHash (snapshots are stored
|
|
74
|
+
// per-runId), so a projection-only change still reaches the server and gets
|
|
75
|
+
// its own version there.
|
|
76
|
+
const rootHash = await computeRootHash(normalizedFiles, contracts, workflows);
|
|
77
|
+
const contractsProjection = options.includeProjection
|
|
78
|
+
? scanResult.contractsProjection
|
|
79
|
+
: undefined;
|
|
52
80
|
return {
|
|
53
81
|
schemaVersion: METADATA_SCHEMA_VERSION,
|
|
54
82
|
specVersion: scanResult.specVersion,
|
|
@@ -63,6 +91,24 @@ export async function buildMetadata(scanResult, options) {
|
|
|
63
91
|
projectId: options.projectId,
|
|
64
92
|
version: options.version,
|
|
65
93
|
contracts: contracts && contracts.length > 0 ? contracts : undefined,
|
|
94
|
+
// Lossless full projection of contracts — the source of truth for the
|
|
95
|
+
// Cloud contract metadata snapshot. Upload-only (includeProjection) and
|
|
96
|
+
// MUST be redacted before upload (see commands/run.ts): the projection can
|
|
97
|
+
// carry secrets in examples / default headers / extensions.
|
|
98
|
+
contractsProjection: contractsProjection && contractsProjection.length > 0
|
|
99
|
+
? contractsProjection
|
|
100
|
+
: undefined,
|
|
101
|
+
// DELIBERATELY UNFILTERED (codex S2.6 R14): metadata is the project's
|
|
102
|
+
// authoritative DECLARATION inventory — like `files` and `contracts`, it
|
|
103
|
+
// always reflects the whole scan, never the run's selection. The server's
|
|
104
|
+
// upsert treats this map as authoritative (filtering to selected runnables
|
|
105
|
+
// would make Cloud mark everything unselected as removed — see the
|
|
106
|
+
// degraded-scan note in run.ts). The --upload branch/poll gate protects a
|
|
107
|
+
// DIFFERENT layer: RUN data, where Cloud would render a misleading
|
|
108
|
+
// partial view. A projection in metadata is not a run view; Cloud ignores
|
|
109
|
+
// these fields until the rendering line lands, and when it does it needs
|
|
110
|
+
// the complete inventory, branch/poll included.
|
|
111
|
+
workflows: workflows && workflows.length > 0 ? workflows : undefined,
|
|
66
112
|
};
|
|
67
113
|
}
|
|
68
114
|
//# sourceMappingURL=metadata.js.map
|
package/dist/metadata.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../src/metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAE3C,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,KAA+B;IAE/B,MAAM,UAAU,GAA6B,EAAE,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,UAAU,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC;IACpC,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAA+B;IAKjE,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5C,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACnC,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9C,CAAC;YACD,SAAS,IAAI,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS;QACT,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM;QACpC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE;KACjC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAA+B,EAC/B,SAAqB;IAErB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAa,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAE9E,wEAAwE;IACxE,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC;aACtC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;aACjC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,wBAAwB,YAAY,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzE,OAAO,UAAU,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,
|
|
1
|
+
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../src/metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAE3C,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,KAA+B;IAE/B,MAAM,UAAU,GAA6B,EAAE,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,UAAU,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC;IACpC,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAA+B;IAKjE,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5C,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACnC,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9C,CAAC;YACD,SAAS,IAAI,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS;QACT,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM;QACpC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE;KACjC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAA+B,EAC/B,SAAqB,EACrB,SAAqB;IAErB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAa,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAE9E,wEAAwE;IACxE,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC;aACtC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;aACjC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,wBAAwB,YAAY,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,0EAA0E;IAC1E,wEAAwE;IACxE,yBAAyB;IACzB,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC;aACtC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;aACjC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,wBAAwB,YAAY,EAAE,CAAC,CAAC;IACrD,CAAC;IAGD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzE,OAAO,UAAU,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAsB,EACtB,OAsBC;IAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAG,mBAAmB,CAAC,eAAe,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC;IACvC,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC;IACvC,+DAA+D;IAC/D,0EAA0E;IAC1E,2EAA2E;IAC3E,mEAAmE;IACnE,8EAA8E;IAC9E,2EAA2E;IAC3E,6EAA6E;IAC7E,sEAAsE;IACtE,2EAA2E;IAC3E,2EAA2E;IAC3E,yEAAyE;IACzE,2EAA2E;IAC3E,0EAA0E;IAC1E,4EAA4E;IAC5E,yBAAyB;IACzB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,eAAe,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAE9E,MAAM,mBAAmB,GAAG,OAAO,CAAC,iBAAiB;QACnD,CAAC,CAAC,UAAU,CAAC,mBAAmB;QAChC,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO;QACL,aAAa,EAAE,uBAAuB;QACtC,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5D,QAAQ;QACR,KAAK,EAAE,eAAe;QACtB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACpE,sEAAsE;QACtE,wEAAwE;QACxE,2EAA2E;QAC3E,4DAA4D;QAC5D,mBAAmB,EACjB,mBAAmB,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC;YACnD,CAAC,CAAC,mBAAmB;YACrB,CAAC,CAAC,SAAS;QACf,sEAAsE;QACtE,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,mEAAmE;QACnE,0EAA0E;QAC1E,mEAAmE;QACnE,0EAA0E;QAC1E,yEAAyE;QACzE,gDAAgD;QAChD,SAAS,EAAE,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@glubean/cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.8.0",
|
|
4
|
+
"engines": {
|
|
5
|
+
"node": ">=22"
|
|
6
|
+
},
|
|
4
7
|
"type": "module",
|
|
5
8
|
"bin": {
|
|
6
9
|
"glubean": "./bin/gb.js"
|
|
@@ -27,10 +30,10 @@
|
|
|
27
30
|
"dotenv": "^16.4.0",
|
|
28
31
|
"tsx": "^4.19.0",
|
|
29
32
|
"yaml": "^2.7.0",
|
|
30
|
-
"@glubean/
|
|
31
|
-
"@glubean/
|
|
32
|
-
"@glubean/
|
|
33
|
-
"@glubean/
|
|
33
|
+
"@glubean/runner": "0.8.0",
|
|
34
|
+
"@glubean/sdk": "0.8.0",
|
|
35
|
+
"@glubean/scanner": "0.8.0",
|
|
36
|
+
"@glubean/redaction": "0.8.0"
|
|
34
37
|
},
|
|
35
38
|
"peerDependencies": {
|
|
36
39
|
"typescript": "^5.0.0"
|
|
@@ -44,7 +47,7 @@
|
|
|
44
47
|
"@types/node": "^22.0.0",
|
|
45
48
|
"@types/archiver": "^6.0.0",
|
|
46
49
|
"typescript": "^5.9.3",
|
|
47
|
-
"@glubean/graphql": "0.
|
|
50
|
+
"@glubean/graphql": "0.8.0"
|
|
48
51
|
},
|
|
49
52
|
"repository": {
|
|
50
53
|
"type": "git",
|