@graphorin/cli 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/LICENSE +21 -0
- package/README.md +130 -0
- package/dist/bin/graphorin.d.ts +1 -0
- package/dist/bin/graphorin.js +606 -0
- package/dist/bin/graphorin.js.map +1 -0
- package/dist/commands/audit.d.ts +59 -0
- package/dist/commands/audit.d.ts.map +1 -0
- package/dist/commands/audit.js +156 -0
- package/dist/commands/audit.js.map +1 -0
- package/dist/commands/auth.d.ts +48 -0
- package/dist/commands/auth.d.ts.map +1 -0
- package/dist/commands/auth.js +148 -0
- package/dist/commands/auth.js.map +1 -0
- package/dist/commands/consolidator.d.ts +49 -0
- package/dist/commands/consolidator.d.ts.map +1 -0
- package/dist/commands/consolidator.js +97 -0
- package/dist/commands/consolidator.js.map +1 -0
- package/dist/commands/doctor.d.ts +64 -0
- package/dist/commands/doctor.d.ts.map +1 -0
- package/dist/commands/doctor.js +150 -0
- package/dist/commands/doctor.js.map +1 -0
- package/dist/commands/guard.d.ts +35 -0
- package/dist/commands/guard.d.ts.map +1 -0
- package/dist/commands/guard.js +86 -0
- package/dist/commands/guard.js.map +1 -0
- package/dist/commands/index.d.ts +21 -0
- package/dist/commands/index.js +22 -0
- package/dist/commands/init.d.ts +46 -0
- package/dist/commands/init.d.ts.map +1 -0
- package/dist/commands/init.js +131 -0
- package/dist/commands/init.js.map +1 -0
- package/dist/commands/memory.d.ts +243 -0
- package/dist/commands/memory.d.ts.map +1 -0
- package/dist/commands/memory.js +471 -0
- package/dist/commands/memory.js.map +1 -0
- package/dist/commands/migrate-config.d.ts +20 -0
- package/dist/commands/migrate-config.d.ts.map +1 -0
- package/dist/commands/migrate-config.js +48 -0
- package/dist/commands/migrate-config.js.map +1 -0
- package/dist/commands/migrate-export.d.ts +26 -0
- package/dist/commands/migrate-export.d.ts.map +1 -0
- package/dist/commands/migrate-export.js +67 -0
- package/dist/commands/migrate-export.js.map +1 -0
- package/dist/commands/migrate.d.ts +31 -0
- package/dist/commands/migrate.d.ts.map +1 -0
- package/dist/commands/migrate.js +59 -0
- package/dist/commands/migrate.js.map +1 -0
- package/dist/commands/pricing.d.ts +66 -0
- package/dist/commands/pricing.d.ts.map +1 -0
- package/dist/commands/pricing.js +128 -0
- package/dist/commands/pricing.js.map +1 -0
- package/dist/commands/secrets.d.ts +96 -0
- package/dist/commands/secrets.d.ts.map +1 -0
- package/dist/commands/secrets.js +182 -0
- package/dist/commands/secrets.js.map +1 -0
- package/dist/commands/skills.d.ts +58 -0
- package/dist/commands/skills.d.ts.map +1 -0
- package/dist/commands/skills.js +181 -0
- package/dist/commands/skills.js.map +1 -0
- package/dist/commands/start.d.ts +51 -0
- package/dist/commands/start.d.ts.map +1 -0
- package/dist/commands/start.js +122 -0
- package/dist/commands/start.js.map +1 -0
- package/dist/commands/storage.d.ts +110 -0
- package/dist/commands/storage.d.ts.map +1 -0
- package/dist/commands/storage.js +274 -0
- package/dist/commands/storage.js.map +1 -0
- package/dist/commands/telemetry.d.ts +21 -0
- package/dist/commands/telemetry.d.ts.map +1 -0
- package/dist/commands/telemetry.js +75 -0
- package/dist/commands/telemetry.js.map +1 -0
- package/dist/commands/token.d.ts +109 -0
- package/dist/commands/token.d.ts.map +1 -0
- package/dist/commands/token.js +246 -0
- package/dist/commands/token.js.map +1 -0
- package/dist/commands/tools-lint.d.ts +103 -0
- package/dist/commands/tools-lint.d.ts.map +1 -0
- package/dist/commands/tools-lint.js +240 -0
- package/dist/commands/tools-lint.js.map +1 -0
- package/dist/commands/traces.d.ts +33 -0
- package/dist/commands/traces.d.ts.map +1 -0
- package/dist/commands/traces.js +103 -0
- package/dist/commands/traces.js.map +1 -0
- package/dist/commands/triggers.d.ts +49 -0
- package/dist/commands/triggers.d.ts.map +1 -0
- package/dist/commands/triggers.js +129 -0
- package/dist/commands/triggers.js.map +1 -0
- package/dist/index.d.ts +46 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +47 -0
- package/dist/index.js.map +1 -0
- package/dist/internal/exit.js +17 -0
- package/dist/internal/exit.js.map +1 -0
- package/dist/internal/load-config.js +84 -0
- package/dist/internal/load-config.js.map +1 -0
- package/dist/internal/offline.d.ts +58 -0
- package/dist/internal/offline.d.ts.map +1 -0
- package/dist/internal/offline.js +72 -0
- package/dist/internal/offline.js.map +1 -0
- package/dist/internal/output.d.ts +56 -0
- package/dist/internal/output.d.ts.map +1 -0
- package/dist/internal/output.js +86 -0
- package/dist/internal/output.js.map +1 -0
- package/dist/internal/prompts.js +49 -0
- package/dist/internal/prompts.js.map +1 -0
- package/dist/internal/store-context.js +69 -0
- package/dist/internal/store-context.js.map +1 -0
- package/package.json +79 -0
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
import { loadConfig } from "./load-config.js";
|
|
2
|
+
import { resolveSecret } from "@graphorin/security";
|
|
3
|
+
import { parseServerConfig } from "@graphorin/server";
|
|
4
|
+
import { createSqliteStore } from "@graphorin/store-sqlite";
|
|
5
|
+
|
|
6
|
+
//#region src/internal/store-context.ts
|
|
7
|
+
/**
|
|
8
|
+
* Shared helper that loads `graphorin.config`, parses it through
|
|
9
|
+
* `parseServerConfig(...)`, opens the SQLite store, optionally resolves
|
|
10
|
+
* the server pepper, and returns a disposable handle for any Phase 15
|
|
11
|
+
* subcommand that needs a live storage / auth context.
|
|
12
|
+
*
|
|
13
|
+
* Centralising the resource lifecycle here means every command (token,
|
|
14
|
+
* audit, secrets, memory, triggers, storage, …) acquires + releases
|
|
15
|
+
* the same way; tests only stub the loader once.
|
|
16
|
+
*
|
|
17
|
+
* @internal
|
|
18
|
+
*/
|
|
19
|
+
/**
|
|
20
|
+
* Open the storage context for the provided config path. Throws on
|
|
21
|
+
* Zod validation errors and on `requirePepper && !pepperRef`.
|
|
22
|
+
*
|
|
23
|
+
* @internal
|
|
24
|
+
*/
|
|
25
|
+
async function openStoreContext(options = {}) {
|
|
26
|
+
const loaded = await loadConfig(options.config);
|
|
27
|
+
const config = parseServerConfig(loaded.config);
|
|
28
|
+
const factory = options.storeFactory ?? createSqliteStore;
|
|
29
|
+
const storeOpts = {
|
|
30
|
+
path: config.storage.path,
|
|
31
|
+
mode: config.storage.mode
|
|
32
|
+
};
|
|
33
|
+
if (config.storage.encryption.enabled) {
|
|
34
|
+
if (config.storage.encryption.passphraseRef === void 0) throw new Error("[graphorin/cli] storage.encryption.enabled is true but no passphraseRef is configured.");
|
|
35
|
+
const { resolveSecret: resolveSecret$1 } = await import("@graphorin/security/secrets");
|
|
36
|
+
const passphrase = await resolveSecret$1(config.storage.encryption.passphraseRef);
|
|
37
|
+
storeOpts.encryption = {
|
|
38
|
+
enabled: true,
|
|
39
|
+
...config.storage.encryption.cipher !== void 0 ? { cipher: config.storage.encryption.cipher } : {},
|
|
40
|
+
passphraseResolver: async () => passphrase.use((v) => v)
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
const store = await factory(storeOpts);
|
|
44
|
+
if (options.skipInit !== true) await store.init();
|
|
45
|
+
let pepper;
|
|
46
|
+
if (options.requirePepper === true) {
|
|
47
|
+
if (config.auth.kind !== "token" || config.auth.pepperRef === void 0) {
|
|
48
|
+
await store.close();
|
|
49
|
+
throw new Error(`[graphorin/cli] this command requires auth.kind: 'token' + auth.pepperRef in '${loaded.path}'.`);
|
|
50
|
+
}
|
|
51
|
+
try {
|
|
52
|
+
pepper = await resolveSecret(config.auth.pepperRef);
|
|
53
|
+
} catch (err) {
|
|
54
|
+
await store.close();
|
|
55
|
+
throw new Error(`[graphorin/cli] failed to resolve auth.pepperRef '${config.auth.pepperRef}': ${err.message}`, { cause: err });
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
return Object.freeze({
|
|
59
|
+
configPath: loaded.path,
|
|
60
|
+
config,
|
|
61
|
+
store,
|
|
62
|
+
...pepper !== void 0 ? { pepper } : {},
|
|
63
|
+
close: () => store.close()
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
//#endregion
|
|
68
|
+
export { openStoreContext };
|
|
69
|
+
//# sourceMappingURL=store-context.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"store-context.js","names":["storeOpts: CreateSqliteStoreOptions","resolveSecret","pepper: SecretValue | undefined"],"sources":["../../src/internal/store-context.ts"],"sourcesContent":["/**\n * Shared helper that loads `graphorin.config`, parses it through\n * `parseServerConfig(...)`, opens the SQLite store, optionally resolves\n * the server pepper, and returns a disposable handle for any Phase 15\n * subcommand that needs a live storage / auth context.\n *\n * Centralising the resource lifecycle here means every command (token,\n * audit, secrets, memory, triggers, storage, …) acquires + releases\n * the same way; tests only stub the loader once.\n *\n * @internal\n */\n\nimport { resolveSecret, type SecretValue } from '@graphorin/security';\nimport { parseServerConfig, type ServerConfigSpec } from '@graphorin/server';\nimport {\n type CreateSqliteStoreOptions,\n createSqliteStore,\n type GraphorinSqliteStore,\n} from '@graphorin/store-sqlite';\n\nimport { loadConfig } from './load-config.js';\n\n/**\n * @internal\n */\nexport interface OpenStoreContextOptions {\n /** Path to `graphorin.config.{ts,js,mjs,json}`. */\n readonly config?: string;\n /**\n * When `true`, refuse to continue when `auth.pepperRef` cannot be\n * resolved. Default `false` — callers that do not need the pepper\n * (e.g. `graphorin audit verify`) skip resolution entirely.\n */\n readonly requirePepper?: boolean;\n /**\n * Override the store factory — tests inject a fake store so they\n * can run subcommand integration without touching a real DB.\n */\n readonly storeFactory?: (options: CreateSqliteStoreOptions) => Promise<GraphorinSqliteStore>;\n /**\n * Skip migrations. Defaults to `false` so subcommands always operate\n * against an initialized schema.\n */\n readonly skipInit?: boolean;\n}\n\n/**\n * @internal\n */\nexport interface StoreContext {\n readonly configPath: string;\n readonly config: ServerConfigSpec;\n readonly store: GraphorinSqliteStore;\n readonly pepper?: SecretValue;\n /** Releases the underlying SQLite connection. */\n close(): Promise<void>;\n}\n\n/**\n * Open the storage context for the provided config path. Throws on\n * Zod validation errors and on `requirePepper && !pepperRef`.\n *\n * @internal\n */\nexport async function openStoreContext(\n options: OpenStoreContextOptions = {},\n): Promise<StoreContext> {\n const loaded = await loadConfig(options.config);\n const config = parseServerConfig(loaded.config);\n const factory = options.storeFactory ?? createSqliteStore;\n const storeOpts: CreateSqliteStoreOptions = {\n path: config.storage.path,\n mode: config.storage.mode,\n };\n // IP-1: the CLI honours the same encryption config as the server, so\n // `graphorin` commands can open a database produced by\n // `graphorin storage encrypt`.\n if (config.storage.encryption.enabled) {\n if (config.storage.encryption.passphraseRef === undefined) {\n throw new Error(\n '[graphorin/cli] storage.encryption.enabled is true but no passphraseRef is configured.',\n );\n }\n const { resolveSecret } = await import('@graphorin/security/secrets');\n const passphrase = await resolveSecret(config.storage.encryption.passphraseRef);\n (storeOpts as { encryption?: unknown }).encryption = {\n enabled: true,\n ...(config.storage.encryption.cipher !== undefined\n ? { cipher: config.storage.encryption.cipher }\n : {}),\n passphraseResolver: async () => passphrase.use((v: string) => v),\n };\n }\n const store = await factory(storeOpts);\n if (options.skipInit !== true) {\n await store.init();\n }\n\n let pepper: SecretValue | undefined;\n if (options.requirePepper === true) {\n if (config.auth.kind !== 'token' || config.auth.pepperRef === undefined) {\n await store.close();\n throw new Error(\n `[graphorin/cli] this command requires auth.kind: 'token' + auth.pepperRef in '${loaded.path}'.`,\n );\n }\n try {\n pepper = await resolveSecret(config.auth.pepperRef);\n } catch (err) {\n await store.close();\n throw new Error(\n `[graphorin/cli] failed to resolve auth.pepperRef '${config.auth.pepperRef}': ${(err as Error).message}`,\n { cause: err },\n );\n }\n }\n\n const ctx: StoreContext = Object.freeze({\n configPath: loaded.path,\n config,\n store,\n ...(pepper !== undefined ? { pepper } : {}),\n close: () => store.close(),\n });\n return ctx;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAiEA,eAAsB,iBACpB,UAAmC,EAAE,EACd;CACvB,MAAM,SAAS,MAAM,WAAW,QAAQ,OAAO;CAC/C,MAAM,SAAS,kBAAkB,OAAO,OAAO;CAC/C,MAAM,UAAU,QAAQ,gBAAgB;CACxC,MAAMA,YAAsC;EAC1C,MAAM,OAAO,QAAQ;EACrB,MAAM,OAAO,QAAQ;EACtB;AAID,KAAI,OAAO,QAAQ,WAAW,SAAS;AACrC,MAAI,OAAO,QAAQ,WAAW,kBAAkB,OAC9C,OAAM,IAAI,MACR,yFACD;EAEH,MAAM,EAAE,mCAAkB,MAAM,OAAO;EACvC,MAAM,aAAa,MAAMC,gBAAc,OAAO,QAAQ,WAAW,cAAc;AAC/E,EAAC,UAAuC,aAAa;GACnD,SAAS;GACT,GAAI,OAAO,QAAQ,WAAW,WAAW,SACrC,EAAE,QAAQ,OAAO,QAAQ,WAAW,QAAQ,GAC5C,EAAE;GACN,oBAAoB,YAAY,WAAW,KAAK,MAAc,EAAE;GACjE;;CAEH,MAAM,QAAQ,MAAM,QAAQ,UAAU;AACtC,KAAI,QAAQ,aAAa,KACvB,OAAM,MAAM,MAAM;CAGpB,IAAIC;AACJ,KAAI,QAAQ,kBAAkB,MAAM;AAClC,MAAI,OAAO,KAAK,SAAS,WAAW,OAAO,KAAK,cAAc,QAAW;AACvE,SAAM,MAAM,OAAO;AACnB,SAAM,IAAI,MACR,iFAAiF,OAAO,KAAK,IAC9F;;AAEH,MAAI;AACF,YAAS,MAAM,cAAc,OAAO,KAAK,UAAU;WAC5C,KAAK;AACZ,SAAM,MAAM,OAAO;AACnB,SAAM,IAAI,MACR,qDAAqD,OAAO,KAAK,UAAU,KAAM,IAAc,WAC/F,EAAE,OAAO,KAAK,CACf;;;AAWL,QAP0B,OAAO,OAAO;EACtC,YAAY,OAAO;EACnB;EACA;EACA,GAAI,WAAW,SAAY,EAAE,QAAQ,GAAG,EAAE;EAC1C,aAAa,MAAM,OAAO;EAC3B,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@graphorin/cli",
|
|
3
|
+
"version": "0.5.0",
|
|
4
|
+
"description": "Operator CLI for the Graphorin framework. Phase 14a ships the minimal `graphorin` binary with three commands: `graphorin start` (boot the standalone server with lifecycle hooks + pre-bind validation + storage migrations + audit log), `graphorin init` (interactive prompts for cloud-upload consent, opt-in storage encryption, and one-shot bootstrap-token issuance; --non-interactive accepts every option as flags or env vars), and `graphorin migrate` (idempotent storage migrations against the configured SQLite store). Phase 15 extends the same binary with `doctor`, `token`, `secrets`, `storage`, `audit`, `memory`, `consolidator`, `triggers`, `auth`, `pricing`, `skills`, `traces`, `migrate-export`, `guard`, and `telemetry`. Created and maintained by Oleksiy Stepurenko.",
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"author": "Oleksiy Stepurenko",
|
|
7
|
+
"homepage": "https://github.com/o-stepper/graphorin/tree/main/packages/cli",
|
|
8
|
+
"repository": {
|
|
9
|
+
"type": "git",
|
|
10
|
+
"url": "git+https://github.com/o-stepper/graphorin.git",
|
|
11
|
+
"directory": "packages/cli"
|
|
12
|
+
},
|
|
13
|
+
"bugs": {
|
|
14
|
+
"url": "https://github.com/o-stepper/graphorin/issues"
|
|
15
|
+
},
|
|
16
|
+
"keywords": [
|
|
17
|
+
"graphorin",
|
|
18
|
+
"ai",
|
|
19
|
+
"agents",
|
|
20
|
+
"framework",
|
|
21
|
+
"cli",
|
|
22
|
+
"graphorin-start",
|
|
23
|
+
"graphorin-init",
|
|
24
|
+
"graphorin-migrate"
|
|
25
|
+
],
|
|
26
|
+
"type": "module",
|
|
27
|
+
"engines": {
|
|
28
|
+
"node": ">=22.0.0"
|
|
29
|
+
},
|
|
30
|
+
"main": "./dist/index.js",
|
|
31
|
+
"module": "./dist/index.js",
|
|
32
|
+
"types": "./dist/index.d.ts",
|
|
33
|
+
"bin": {
|
|
34
|
+
"graphorin": "./dist/bin/graphorin.js"
|
|
35
|
+
},
|
|
36
|
+
"exports": {
|
|
37
|
+
".": {
|
|
38
|
+
"types": "./dist/index.d.ts",
|
|
39
|
+
"import": "./dist/index.js"
|
|
40
|
+
},
|
|
41
|
+
"./commands": {
|
|
42
|
+
"types": "./dist/commands/index.d.ts",
|
|
43
|
+
"import": "./dist/commands/index.js"
|
|
44
|
+
},
|
|
45
|
+
"./package.json": "./package.json"
|
|
46
|
+
},
|
|
47
|
+
"files": [
|
|
48
|
+
"dist",
|
|
49
|
+
"README.md",
|
|
50
|
+
"CHANGELOG.md",
|
|
51
|
+
"LICENSE"
|
|
52
|
+
],
|
|
53
|
+
"dependencies": {
|
|
54
|
+
"commander": "^10.0.0",
|
|
55
|
+
"@graphorin/core": "0.5.0",
|
|
56
|
+
"@graphorin/eslint-plugin": "0.5.0",
|
|
57
|
+
"@graphorin/memory": "0.5.0",
|
|
58
|
+
"@graphorin/pricing": "0.5.0",
|
|
59
|
+
"@graphorin/security": "0.5.0",
|
|
60
|
+
"@graphorin/server": "0.5.0",
|
|
61
|
+
"@graphorin/sessions": "0.5.0",
|
|
62
|
+
"@graphorin/skills": "0.5.0",
|
|
63
|
+
"@graphorin/store-sqlite": "0.5.0"
|
|
64
|
+
},
|
|
65
|
+
"publishConfig": {
|
|
66
|
+
"access": "public",
|
|
67
|
+
"provenance": true
|
|
68
|
+
},
|
|
69
|
+
"devDependencies": {
|
|
70
|
+
"@graphorin/store-sqlite-encrypted": "0.5.0"
|
|
71
|
+
},
|
|
72
|
+
"scripts": {
|
|
73
|
+
"build": "tsdown",
|
|
74
|
+
"typecheck": "tsc --noEmit && tsc -p tsconfig.tests.json",
|
|
75
|
+
"test": "vitest run",
|
|
76
|
+
"lint": "biome check .",
|
|
77
|
+
"clean": "rimraf dist .turbo *.tsbuildinfo"
|
|
78
|
+
}
|
|
79
|
+
}
|