@hasna/nopen 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -0
- package/dist/adapters/cloudflare.d.ts +136 -0
- package/dist/adapters/cloudflare.d.ts.map +1 -0
- package/dist/adapters/deployment.d.ts +50 -0
- package/dist/adapters/deployment.d.ts.map +1 -0
- package/dist/adapters/domains.d.ts +44 -0
- package/dist/adapters/domains.d.ts.map +1 -0
- package/dist/adapters/email.d.ts +20 -0
- package/dist/adapters/email.d.ts.map +1 -0
- package/dist/adapters/index.d.ts +3 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/sandbox.d.ts +82 -0
- package/dist/adapters/sandbox.d.ts.map +1 -0
- package/dist/adapters/skills.d.ts +19 -0
- package/dist/adapters/skills.d.ts.map +1 -0
- package/dist/adapters/stripe.d.ts +85 -0
- package/dist/adapters/stripe.d.ts.map +1 -0
- package/dist/agents/architect.d.ts +26 -0
- package/dist/agents/architect.d.ts.map +1 -0
- package/dist/agents/autopilot.d.ts +23 -0
- package/dist/agents/autopilot.d.ts.map +1 -0
- package/dist/agents/build.d.ts +31 -0
- package/dist/agents/build.d.ts.map +1 -0
- package/dist/agents/coders.d.ts +77 -0
- package/dist/agents/coders.d.ts.map +1 -0
- package/dist/agents/deploy-guard.d.ts +18 -0
- package/dist/agents/deploy-guard.d.ts.map +1 -0
- package/dist/agents/digest.d.ts +12 -0
- package/dist/agents/digest.d.ts.map +1 -0
- package/dist/agents/goal-build.d.ts +43 -0
- package/dist/agents/goal-build.d.ts.map +1 -0
- package/dist/agents/harness.d.ts +56 -0
- package/dist/agents/harness.d.ts.map +1 -0
- package/dist/agents/index.d.ts +10 -0
- package/dist/agents/index.d.ts.map +1 -0
- package/dist/agents/launch.d.ts +23 -0
- package/dist/agents/launch.d.ts.map +1 -0
- package/dist/agents/loop.d.ts +24 -0
- package/dist/agents/loop.d.ts.map +1 -0
- package/dist/agents/models.d.ts +7 -0
- package/dist/agents/models.d.ts.map +1 -0
- package/dist/agents/moderation.d.ts +22 -0
- package/dist/agents/moderation.d.ts.map +1 -0
- package/dist/agents/planner.d.ts +40 -0
- package/dist/agents/planner.d.ts.map +1 -0
- package/dist/agents/reconciler.d.ts +7 -0
- package/dist/agents/reconciler.d.ts.map +1 -0
- package/dist/agents/reviewer.d.ts +56 -0
- package/dist/agents/reviewer.d.ts.map +1 -0
- package/dist/agents/scaffolds.d.ts +36 -0
- package/dist/agents/scaffolds.d.ts.map +1 -0
- package/dist/agents/scheduler.d.ts +19 -0
- package/dist/agents/scheduler.d.ts.map +1 -0
- package/dist/agents/seeder.d.ts +16 -0
- package/dist/agents/seeder.d.ts.map +1 -0
- package/dist/agents/tools.d.ts +70 -0
- package/dist/agents/tools.d.ts.map +1 -0
- package/dist/agents/workers.d.ts +25 -0
- package/dist/agents/workers.d.ts.map +1 -0
- package/dist/cli/index.d.ts +3 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +68984 -0
- package/dist/db/client.d.ts +32 -0
- package/dist/db/client.d.ts.map +1 -0
- package/dist/db/index.d.ts +2 -0
- package/dist/db/index.d.ts.map +1 -0
- package/dist/db/migrate.d.ts +3 -0
- package/dist/db/migrate.d.ts.map +1 -0
- package/dist/db/repo.d.ts +320 -0
- package/dist/db/repo.d.ts.map +1 -0
- package/dist/db/rls.d.ts +16 -0
- package/dist/db/rls.d.ts.map +1 -0
- package/dist/db/schema.d.ts +3391 -0
- package/dist/db/schema.d.ts.map +1 -0
- package/dist/index.d.ts +9 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +85 -0
- package/dist/lib/auth.d.ts +65 -0
- package/dist/lib/auth.d.ts.map +1 -0
- package/dist/lib/build-agents.d.ts +81 -0
- package/dist/lib/build-agents.d.ts.map +1 -0
- package/dist/lib/checkout.d.ts +24 -0
- package/dist/lib/checkout.d.ts.map +1 -0
- package/dist/lib/client.d.ts +52 -0
- package/dist/lib/client.d.ts.map +1 -0
- package/dist/lib/config.d.ts +118 -0
- package/dist/lib/config.d.ts.map +1 -0
- package/dist/lib/connect.d.ts +14 -0
- package/dist/lib/connect.d.ts.map +1 -0
- package/dist/lib/credits.d.ts +52 -0
- package/dist/lib/credits.d.ts.map +1 -0
- package/dist/lib/doctor.d.ts +25 -0
- package/dist/lib/doctor.d.ts.map +1 -0
- package/dist/lib/ingest.d.ts +9 -0
- package/dist/lib/ingest.d.ts.map +1 -0
- package/dist/lib/iprate.d.ts +26 -0
- package/dist/lib/iprate.d.ts.map +1 -0
- package/dist/lib/mailer.d.ts +15 -0
- package/dist/lib/mailer.d.ts.map +1 -0
- package/dist/lib/oauth.d.ts +10 -0
- package/dist/lib/oauth.d.ts.map +1 -0
- package/dist/lib/ratelimit.d.ts +14 -0
- package/dist/lib/ratelimit.d.ts.map +1 -0
- package/dist/lib/site-template.d.ts +73 -0
- package/dist/lib/site-template.d.ts.map +1 -0
- package/dist/lib/task-charge.d.ts +10 -0
- package/dist/lib/task-charge.d.ts.map +1 -0
- package/dist/mcp/index.d.ts +3 -0
- package/dist/mcp/index.d.ts.map +1 -0
- package/dist/mcp/index.js +5265 -0
- package/dist/sdk/index.d.ts +18 -0
- package/dist/sdk/index.d.ts.map +1 -0
- package/dist/sdk/index.js +4246 -0
- package/dist/types/index.d.ts +51 -0
- package/dist/types/index.d.ts.map +1 -0
- package/package.json +81 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/db/schema.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,UAAU,kJASrB,CAAC;AAEH,eAAO,MAAM,SAAS,iGAMpB,CAAC;AAEH,iDAAiD;AACjD,eAAO,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAahB,CAAC;AAEH,oFAAoF;AACpF,eAAO,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQhB,CAAC;AAEH;mFACmF;AACnF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASrB,CAAC;AAEJ;;uDAEuD;AACvD,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQjB,CAAC;AAEH,0EAA0E;AAC1E,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWnB,CAAC;AAEH,4EAA4E;AAC5E,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQvB,CAAC;AAEH,0EAA0E;AAC1E,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWpB,CAAC;AAEH;2EAC2E;AAC3E,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQtB,CAAC;AAEH,kDAAkD;AAClD,eAAO,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAchB,CAAC;AAEH,mEAAmE;AACnE,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASlB,CAAC;AAEH,wEAAwE;AACxE,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWtB,CAAC;AAEH,kEAAkE;AAClE,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOjB,CAAC;AAEH,oEAAoE;AACpE,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYpB,CAAC;AAEH,4DAA4D;AAC5D,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQjB,CAAC;AAEH,kEAAkE;AAClE,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOjB,CAAC;AAEH,8DAA8D;AAC9D,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAUpB,CAAC;AAIH,eAAO,MAAM,eAAe,8EAAsE,CAAC;AACnG,eAAO,MAAM,aAAa,0IASxB,CAAC;AACH,eAAO,MAAM,eAAe,6DAAqD,CAAC;AAElF,iFAAiF;AACjF,eAAO,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAchB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkCnB,CAAC;AAEH,+CAA+C;AAC/C,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQxB,CAAC;AAEH,oFAAoF;AACpF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQ3B,CAAC;AAEH,+EAA+E;AAC/E,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYlB,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @hasna/nopen — library entry point.
|
|
3
|
+
* Re-exports the public surface for embedding the nopen engine.
|
|
4
|
+
*/
|
|
5
|
+
export { config } from "./lib/config.js";
|
|
6
|
+
export type { Config } from "./lib/config.js";
|
|
7
|
+
export type { Site, SiteStatus, SiteKind, AgentRun, AgentRunStatus, DomainPurchase, Deployment, } from "./types/index.js";
|
|
8
|
+
export declare const VERSION = "0.0.1";
|
|
9
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACzC,YAAY,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,YAAY,EACV,IAAI,EACJ,UAAU,EACV,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,cAAc,EACd,UAAU,GACX,MAAM,kBAAkB,CAAC;AAE1B,eAAO,MAAM,OAAO,UAAU,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
// @bun
|
|
2
|
+
// src/lib/config.ts
|
|
3
|
+
function cleanSecret(v) {
|
|
4
|
+
let s = v.trim();
|
|
5
|
+
if (s.length >= 2 && (s[0] === '"' && s.endsWith('"') || s[0] === "'" && s.endsWith("'"))) {
|
|
6
|
+
s = s.slice(1, -1).trim();
|
|
7
|
+
}
|
|
8
|
+
return s;
|
|
9
|
+
}
|
|
10
|
+
function env(key, fallback) {
|
|
11
|
+
const raw = process.env[key];
|
|
12
|
+
const v = raw != null ? cleanSecret(raw) : undefined;
|
|
13
|
+
return v && v.length > 0 ? v : fallback;
|
|
14
|
+
}
|
|
15
|
+
function intEnv(key, fallback, min = 1) {
|
|
16
|
+
const raw = env(key);
|
|
17
|
+
const n = raw != null ? Number(raw) : NaN;
|
|
18
|
+
return Number.isInteger(n) && n >= min ? n : fallback;
|
|
19
|
+
}
|
|
20
|
+
var config = {
|
|
21
|
+
appName: "nopen",
|
|
22
|
+
appDomain: env("NOPEN_DOMAIN", "nopen.co"),
|
|
23
|
+
port: Number(env("NOPEN_PORT", "3340")),
|
|
24
|
+
publicUrl: env("NOPEN_PUBLIC_URL", "http://localhost:3340"),
|
|
25
|
+
appUrl: env("NOPEN_APP_URL", env("NOPEN_PUBLIC_URL", "http://localhost:3340")),
|
|
26
|
+
databaseUrl: env("NOPEN_DATABASE_URL", "postgresql://localhost:5432/nopen"),
|
|
27
|
+
databaseHost: env("NOPEN_DATABASE_HOST"),
|
|
28
|
+
databaseSsl: env("NOPEN_DATABASE_SSL"),
|
|
29
|
+
anthropicApiKey: env("ANTHROPIC_API_KEY") ?? env("HASNAXYZ_ANTHROPIC_LIVE_API_KEY"),
|
|
30
|
+
openaiApiKey: env("OPENAI_API_KEY") ?? env("HASNAXYZ_OPENAI_LIVE_API_KEY"),
|
|
31
|
+
zhipuApiKey: env("ZHIPU_API_KEY") ?? env("HASNAXYZ_ZHIPU_LIVE_API_KEY"),
|
|
32
|
+
openrouterApiKey: env("OPENROUTER_API_KEY") ?? env("HASNAXYZ_OPENROUTER_LIVE_API_KEY"),
|
|
33
|
+
models: {
|
|
34
|
+
architect: env("NOPEN_MODEL_ARCHITECT", "claude-opus-4-8"),
|
|
35
|
+
builder: env("NOPEN_MODEL_BUILDER", "claude-sonnet-4-6"),
|
|
36
|
+
fast: env("NOPEN_MODEL_FAST", "gpt-5.4-mini"),
|
|
37
|
+
cheap: env("NOPEN_MODEL_CHEAP", "glm-5.2")
|
|
38
|
+
},
|
|
39
|
+
autopilot: {
|
|
40
|
+
enabled: env("NOPEN_AUTOPILOT_ENABLED", "auto") !== "off",
|
|
41
|
+
maxTasksPerCycle: Number(env("NOPEN_AUTOPILOT_MAX_TASKS", "12")),
|
|
42
|
+
defaultDailyCapCredits: Number(env("NOPEN_AUTOPILOT_DAILY_CAP", "0")),
|
|
43
|
+
buyDomains: env("NOPEN_AUTOPILOT_BUY_DOMAINS", "0") === "1",
|
|
44
|
+
paused: env("NOPEN_AUTOPILOT_PAUSED", "0") === "1",
|
|
45
|
+
globalDailyCapCredits: Number(env("NOPEN_AUTOPILOT_GLOBAL_DAILY_CAP", "0"))
|
|
46
|
+
},
|
|
47
|
+
e2bApiKey: env("E2B_API_KEY") ?? env("HASNAXYZ_E2B_LIVE_API_KEY"),
|
|
48
|
+
sandbox: {
|
|
49
|
+
enabled: env("NOPEN_SANDBOX_ENABLED", "auto") !== "off",
|
|
50
|
+
template: env("NOPEN_SANDBOX_TEMPLATE", "base"),
|
|
51
|
+
timeoutMs: Number(env("NOPEN_SANDBOX_TIMEOUT_MS", "300000")),
|
|
52
|
+
commandTimeoutMs: Number(env("NOPEN_SANDBOX_CMD_TIMEOUT_MS", "180000"))
|
|
53
|
+
},
|
|
54
|
+
review: {
|
|
55
|
+
enabled: env("NOPEN_REVIEW_ENABLED", "auto") !== "off",
|
|
56
|
+
maxFixes: intEnv("NOPEN_REVIEW_MAX_FIXES", 2, 0)
|
|
57
|
+
},
|
|
58
|
+
builder: {
|
|
59
|
+
goalLoop: env("NOPEN_GOAL_BUILD", "auto") !== "off",
|
|
60
|
+
maxIters: intEnv("NOPEN_GOAL_BUILD_MAX_ITERS", 4, 1)
|
|
61
|
+
},
|
|
62
|
+
cloudflareApiToken: env("CLOUDFLARE_API_TOKEN"),
|
|
63
|
+
cloudflareEmail: env("CLOUDFLARE_EMAIL") ?? env("HASNAXYZ_CLOUDFLARE_LIVE_EMAIL"),
|
|
64
|
+
cloudflareGlobalKey: env("CLOUDFLARE_GLOBAL_API_KEY") ?? env("HASNAXYZ_CLOUDFLARE_LIVE_API_KEY"),
|
|
65
|
+
cloudflareAccountId: env("CLOUDFLARE_ACCOUNT_ID"),
|
|
66
|
+
stripeSecretKey: env("STRIPE_SECRET_KEY") ?? env("HASNATOOLS_NOPEN_STRIPE_LIVE_SECRET_KEY"),
|
|
67
|
+
stripeWebhookSecret: env("STRIPE_WEBHOOK_SECRET"),
|
|
68
|
+
takeRateBps: Number(env("NOPEN_TAKE_RATE_BPS", "1000")),
|
|
69
|
+
forwardEmail: env("NOPEN_FORWARD_EMAIL", "andrei@hasna.com"),
|
|
70
|
+
jwtSecret: env("NOPEN_JWT_SECRET", "dev-insecure-change-me"),
|
|
71
|
+
adminSecret: env("NOPEN_ADMIN_SECRET"),
|
|
72
|
+
ingestSecret: env("NOPEN_INGEST_SECRET") ?? env("NOPEN_JWT_SECRET", "dev-insecure-change-me"),
|
|
73
|
+
googleClientId: env("GOOGLE_CLIENT_ID"),
|
|
74
|
+
googleClientSecret: env("GOOGLE_CLIENT_SECRET"),
|
|
75
|
+
resendApiKey: env("RESEND_API_KEY"),
|
|
76
|
+
emailFrom: env("NOPEN_EMAIL_FROM", "Nopen <noreply@todos.md>"),
|
|
77
|
+
isDev: /localhost|127\.0\.0\.1/.test(env("NOPEN_PUBLIC_URL", "http://localhost:3340"))
|
|
78
|
+
};
|
|
79
|
+
|
|
80
|
+
// src/index.ts
|
|
81
|
+
var VERSION = "0.0.1";
|
|
82
|
+
export {
|
|
83
|
+
config,
|
|
84
|
+
VERSION
|
|
85
|
+
};
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
export declare const DEVICE_CODE_TTL_MS: number;
|
|
2
|
+
export declare const MAGIC_LINK_TTL_MS: number;
|
|
3
|
+
export declare const SESSION_TTL_MS: number;
|
|
4
|
+
/** Lifetime of an exchanged device (CLI) token. Finite so a leaked token expires. */
|
|
5
|
+
export declare const DEVICE_TOKEN_TTL_MS: number;
|
|
6
|
+
export declare function normalizeUserCode(code: string): string;
|
|
7
|
+
export declare function apiTokenIsActive(expiresAt: Date | null | undefined, now?: Date): boolean;
|
|
8
|
+
export interface DeviceStart {
|
|
9
|
+
deviceCode: string;
|
|
10
|
+
userCode: string;
|
|
11
|
+
verificationUri: string;
|
|
12
|
+
expiresInSec: number;
|
|
13
|
+
}
|
|
14
|
+
export declare function startDeviceAuth(verificationBase: string): Promise<DeviceStart>;
|
|
15
|
+
export declare function approveDeviceCode(code: string, userId?: string): Promise<boolean>;
|
|
16
|
+
export declare function exchangeDeviceCode(deviceCode: string): Promise<{
|
|
17
|
+
status: "pending" | "expired" | "approved";
|
|
18
|
+
token?: string;
|
|
19
|
+
userId?: string | null;
|
|
20
|
+
}>;
|
|
21
|
+
export declare function validateToken(token: string): Promise<{
|
|
22
|
+
id: string;
|
|
23
|
+
name: string | null;
|
|
24
|
+
createdAt: Date;
|
|
25
|
+
userId: string | null;
|
|
26
|
+
token: string;
|
|
27
|
+
deviceCode: string | null;
|
|
28
|
+
userCode: string | null;
|
|
29
|
+
approved: boolean;
|
|
30
|
+
expiresAt: Date | null;
|
|
31
|
+
lastUsedAt: Date | null;
|
|
32
|
+
} | null>;
|
|
33
|
+
export declare function upsertUser(email: string, name?: string | null): Promise<{
|
|
34
|
+
id: string;
|
|
35
|
+
name: string | null;
|
|
36
|
+
email: string;
|
|
37
|
+
stripeCustomerId: string | null;
|
|
38
|
+
plan: string;
|
|
39
|
+
credits: number;
|
|
40
|
+
role: string;
|
|
41
|
+
connectAccountId: string | null;
|
|
42
|
+
connectChargesEnabled: boolean;
|
|
43
|
+
createdAt: Date;
|
|
44
|
+
}>;
|
|
45
|
+
export declare function getUserById(id: string): Promise<{
|
|
46
|
+
id: string;
|
|
47
|
+
name: string | null;
|
|
48
|
+
email: string;
|
|
49
|
+
stripeCustomerId: string | null;
|
|
50
|
+
plan: string;
|
|
51
|
+
credits: number;
|
|
52
|
+
role: string;
|
|
53
|
+
connectAccountId: string | null;
|
|
54
|
+
connectChargesEnabled: boolean;
|
|
55
|
+
createdAt: Date;
|
|
56
|
+
} | null>;
|
|
57
|
+
/** Mint a long-lived web session token bound to a user (web/app login). */
|
|
58
|
+
export declare function createSessionToken(userId: string, name?: string): Promise<string>;
|
|
59
|
+
/** Revoke a session/API token (logout). */
|
|
60
|
+
export declare function revokeToken(token: string): Promise<void>;
|
|
61
|
+
/** Create a single-use magic-link token for `email`. Returns the raw token. */
|
|
62
|
+
export declare function createMagicToken(email: string): Promise<string>;
|
|
63
|
+
/** Consume a magic-link token. Returns the bound email, or null if invalid. */
|
|
64
|
+
export declare function consumeMagicToken(token: string): Promise<string | null>;
|
|
65
|
+
//# sourceMappingURL=auth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAiBA,eAAO,MAAM,kBAAkB,QAAiB,CAAC;AACjD,eAAO,MAAM,iBAAiB,QAAiB,CAAC;AAChD,eAAO,MAAM,cAAc,QAA2B,CAAC;AACvD,qFAAqF;AACrF,eAAO,MAAM,mBAAmB,QAA2B,CAAC;AAgB5D,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,IAAI,GAAG,IAAI,GAAG,SAAS,EAAE,GAAG,OAAa,GAAG,OAAO,CAE9F;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAsB,eAAe,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAQpF;AAED,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAUvF;AAED,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAAC,CAejG;AAED,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM;;;;;;;;;;;UAiBhD;AAED,wBAAsB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI;;;;;;;;;;;GAgBnE;AAED,wBAAsB,WAAW,CAAC,EAAE,EAAE,MAAM;;;;;;;;;;;UAE3C;AAED,2EAA2E;AAC3E,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,SAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAYtF;AAED,2CAA2C;AAC3C,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE9D;AAED,+EAA+E;AAC/E,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAWrE;AAED,+EAA+E;AAC/E,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAU7E"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
export type BuildAgent = "cloud" | "codewith";
|
|
2
|
+
export declare const BUILD_AGENTS: readonly ["cloud", "codewith"];
|
|
3
|
+
/** Default engine when none/invalid is supplied — our premium builder. */
|
|
4
|
+
export declare const DEFAULT_AGENT: BuildAgent;
|
|
5
|
+
/** Internal vendor an engine maps to. NEVER exposed to clients/users. */
|
|
6
|
+
export type BuildEngine = "claude-agent-sdk" | "codewith";
|
|
7
|
+
/** Extra credits added on top of the engine's base price for an "expert" build. */
|
|
8
|
+
export declare const EXPERT_SURCHARGE: number;
|
|
9
|
+
export interface BuildAgentInfo {
|
|
10
|
+
id: BuildAgent;
|
|
11
|
+
/** User-facing name (white-label — reveals no vendor). */
|
|
12
|
+
name: string;
|
|
13
|
+
/** Internal engine/vendor — for logs + routing only, NEVER sent to clients. */
|
|
14
|
+
engine: BuildEngine;
|
|
15
|
+
/** In-sandbox CLI binary used for an expert (real-agent) run. Internal only. */
|
|
16
|
+
cli: string;
|
|
17
|
+
/** One-line "what it's good at" for the picker (vendor-neutral). */
|
|
18
|
+
blurb: string;
|
|
19
|
+
/** Base credit price for a (non-expert) build with this engine. */
|
|
20
|
+
baseCredits: number;
|
|
21
|
+
}
|
|
22
|
+
export declare const BUILD_AGENT_INFO: Record<BuildAgent, BuildAgentInfo>;
|
|
23
|
+
/** Validate/normalize an engine id (case-insensitive); unknown → DEFAULT_AGENT. */
|
|
24
|
+
export declare function normalizeAgent(agent: string | null | undefined): BuildAgent;
|
|
25
|
+
/** Map a user's plan to the build engine it grants. */
|
|
26
|
+
export declare function engineForPlan(plan: string | null | undefined): BuildAgent;
|
|
27
|
+
/**
|
|
28
|
+
* Resolve the build choice for a user. If the request explicitly names a valid
|
|
29
|
+
* engine, honor it; otherwise default to the engine the user's plan grants
|
|
30
|
+
* (premium → cloud, everyone else → the economical codewith). This is how the
|
|
31
|
+
* builder is picked per the user's plan when they don't override it.
|
|
32
|
+
*/
|
|
33
|
+
export declare function buildChoiceForPlan(input: {
|
|
34
|
+
agent?: unknown;
|
|
35
|
+
expert?: unknown;
|
|
36
|
+
} | null | undefined, plan: string | null | undefined): BuildChoice;
|
|
37
|
+
/** Credit price for a build with `agent` at the given expert setting. */
|
|
38
|
+
export declare function buildCost(agent: BuildAgent, expert: boolean): number;
|
|
39
|
+
/** The user's build choice persisted on a site and honored by the build worker. */
|
|
40
|
+
export interface BuildChoice {
|
|
41
|
+
agent: BuildAgent;
|
|
42
|
+
expert: boolean;
|
|
43
|
+
}
|
|
44
|
+
/** Coerce arbitrary request input into a safe BuildChoice (unknown engine → default). */
|
|
45
|
+
export declare function normalizeBuildChoice(input: {
|
|
46
|
+
agent?: unknown;
|
|
47
|
+
expert?: unknown;
|
|
48
|
+
} | null | undefined): BuildChoice;
|
|
49
|
+
/** Credit cost of a build choice. */
|
|
50
|
+
export declare function buildChoiceCost(choice: BuildChoice): number;
|
|
51
|
+
/** The cheapest engine base price — the floor charged when no agent ran (template only). */
|
|
52
|
+
export declare function minBaseCredits(): number;
|
|
53
|
+
/**
|
|
54
|
+
* The FAIR price actually owed for a build, given what ran. Used to refund the
|
|
55
|
+
* difference vs the (upfront-charged) requested price so we never overcharge:
|
|
56
|
+
* - not downgraded → the full requested price.
|
|
57
|
+
* - expert fell back to std → the engine's standard (no-surcharge) price.
|
|
58
|
+
* - no agent ran (template) → the cheapest base price.
|
|
59
|
+
*/
|
|
60
|
+
export declare function fairBuildCost(choice: BuildChoice, agentUsed: string, downgraded: boolean): number;
|
|
61
|
+
/** UI-ready descriptor — deliberately OMITS `engine`/`cli` so no vendor leaks to clients. */
|
|
62
|
+
export interface BuildAgentDescriptor {
|
|
63
|
+
id: BuildAgent;
|
|
64
|
+
name: string;
|
|
65
|
+
blurb: string;
|
|
66
|
+
baseCredits: number;
|
|
67
|
+
/** Price for an expert build with this engine. */
|
|
68
|
+
expertCredits: number;
|
|
69
|
+
}
|
|
70
|
+
/** UI-ready list of engines with both price points and NO vendor identity. */
|
|
71
|
+
export declare function listBuildAgents(): BuildAgentDescriptor[];
|
|
72
|
+
export interface AgentAvailability {
|
|
73
|
+
id: BuildAgent;
|
|
74
|
+
/** Can do at least a standard build (the shared ai-sdk providers are configured). */
|
|
75
|
+
available: boolean;
|
|
76
|
+
/** Can do an EXPERT build (the engine's own real CLI credential is present). */
|
|
77
|
+
expertAvailable: boolean;
|
|
78
|
+
}
|
|
79
|
+
/** Which engines are usable given the configured credentials (drives the UI picker). */
|
|
80
|
+
export declare function agentAvailability(): AgentAvailability[];
|
|
81
|
+
//# sourceMappingURL=build-agents.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"build-agents.d.ts","sourceRoot":"","sources":["../../src/lib/build-agents.ts"],"names":[],"mappings":"AAeA,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,UAAU,CAAC;AAE9C,eAAO,MAAM,YAAY,gCAAiC,CAAC;AAE3D,0EAA0E;AAC1E,eAAO,MAAM,aAAa,EAAE,UAAoB,CAAC;AAEjD,yEAAyE;AACzE,MAAM,MAAM,WAAW,GAAG,kBAAkB,GAAG,UAAU,CAAC;AAa1D,mFAAmF;AACnF,eAAO,MAAM,gBAAgB,QAA8C,CAAC;AAE5E,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,UAAU,CAAC;IACf,0DAA0D;IAC1D,IAAI,EAAE,MAAM,CAAC;IACb,+EAA+E;IAC/E,MAAM,EAAE,WAAW,CAAC;IACpB,gFAAgF;IAChF,GAAG,EAAE,MAAM,CAAC;IACZ,oEAAoE;IACpE,KAAK,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,UAAU,EAAE,cAAc,CAiB/D,CAAC;AAEF,mFAAmF;AACnF,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,UAAU,CAG3E;AAKD,uDAAuD;AACvD,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,UAAU,CAEzE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,EAC/D,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC9B,WAAW,CAOb;AAED,yEAAyE;AACzE,wBAAgB,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM,CAGpE;AAED,mFAAmF;AACnF,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,yFAAyF;AACzF,wBAAgB,oBAAoB,CAAC,KAAK,EAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,GAAG,WAAW,CAKjH;AAED,qCAAqC;AACrC,wBAAgB,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAE3D;AAED,4FAA4F;AAC5F,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,GAAG,MAAM,CAIjG;AAED,6FAA6F;AAC7F,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,UAAU,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,8EAA8E;AAC9E,wBAAgB,eAAe,IAAI,oBAAoB,EAAE,CAKxD;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,UAAU,CAAC;IACf,qFAAqF;IACrF,SAAS,EAAE,OAAO,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,wFAAwF;AACxF,wBAAgB,iBAAiB,IAAI,iBAAiB,EAAE,CAUvD"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export interface StripeCheckoutPayment {
|
|
2
|
+
sessionId: string;
|
|
3
|
+
amountCents: number;
|
|
4
|
+
currency: string;
|
|
5
|
+
}
|
|
6
|
+
export declare function normalizeCurrency(currency: string | null | undefined): string;
|
|
7
|
+
export declare function paidCheckoutFromStripeObject(obj: {
|
|
8
|
+
id?: string;
|
|
9
|
+
payment_status?: string;
|
|
10
|
+
amount_total?: number;
|
|
11
|
+
currency?: string;
|
|
12
|
+
}): StripeCheckoutPayment | null;
|
|
13
|
+
/**
|
|
14
|
+
* Outcome of a fulfillment attempt:
|
|
15
|
+
* - "fulfilled": credits granted now.
|
|
16
|
+
* - "already": the session exists but isn't pending (already fulfilled / replayed).
|
|
17
|
+
* - "not_recorded": no such session yet — the webhook likely beat /api/checkout's
|
|
18
|
+
* commit. The caller should return a 5xx so Stripe RETRIES rather than dropping
|
|
19
|
+
* the payment (otherwise the user pays and is never credited).
|
|
20
|
+
* - "invalid": malformed payment payload.
|
|
21
|
+
*/
|
|
22
|
+
export type FulfillResult = "fulfilled" | "already" | "not_recorded" | "invalid";
|
|
23
|
+
export declare function fulfillCreditCheckout(payment: StripeCheckoutPayment, reason: string): Promise<FulfillResult>;
|
|
24
|
+
//# sourceMappingURL=checkout.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"checkout.d.ts","sourceRoot":"","sources":["../../src/lib/checkout.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAE7E;AAED,wBAAgB,4BAA4B,CAAC,GAAG,EAAE;IAChD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,qBAAqB,GAAG,IAAI,CAO/B;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,aAAa,GAAG,WAAW,GAAG,SAAS,GAAG,cAAc,GAAG,SAAS,CAAC;AAEjF,wBAAsB,qBAAqB,CAAC,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA+ClH"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import type { SiteSpec } from "./site-template.js";
|
|
2
|
+
export interface NopenConfig {
|
|
3
|
+
apiUrl: string;
|
|
4
|
+
token?: string;
|
|
5
|
+
}
|
|
6
|
+
export interface ClientSite {
|
|
7
|
+
id: string;
|
|
8
|
+
name: string | null;
|
|
9
|
+
status: string;
|
|
10
|
+
domain: string | null;
|
|
11
|
+
liveUrl: string | null;
|
|
12
|
+
prompt: string;
|
|
13
|
+
}
|
|
14
|
+
export interface CreateSiteResponse {
|
|
15
|
+
siteId: string;
|
|
16
|
+
runId: string;
|
|
17
|
+
status: "live" | "failed";
|
|
18
|
+
url: string | null;
|
|
19
|
+
domain: string | null;
|
|
20
|
+
iterations: number;
|
|
21
|
+
spec: SiteSpec | null;
|
|
22
|
+
}
|
|
23
|
+
export interface ListSitesResponse {
|
|
24
|
+
sites: ClientSite[];
|
|
25
|
+
}
|
|
26
|
+
export interface SiteStatusResponse {
|
|
27
|
+
site: ClientSite;
|
|
28
|
+
}
|
|
29
|
+
export interface SuggestDomainsResponse {
|
|
30
|
+
suggestions: {
|
|
31
|
+
domain: string;
|
|
32
|
+
available: boolean;
|
|
33
|
+
priceCents: number | null;
|
|
34
|
+
renewCents: number | null;
|
|
35
|
+
currency: string | null;
|
|
36
|
+
}[];
|
|
37
|
+
}
|
|
38
|
+
export declare function loadConfig(): NopenConfig;
|
|
39
|
+
export declare function saveToken(apiUrl: string, token: string): void;
|
|
40
|
+
export declare class NopenClient {
|
|
41
|
+
private cfg;
|
|
42
|
+
constructor(cfg?: NopenConfig);
|
|
43
|
+
private headers;
|
|
44
|
+
/** Fetch + parse JSON; throw an actionable error on non-2xx. */
|
|
45
|
+
private json;
|
|
46
|
+
createSite(prompt: string, buyDomain?: boolean, domains?: string[]): Promise<CreateSiteResponse>;
|
|
47
|
+
listSites(): Promise<ListSitesResponse>;
|
|
48
|
+
siteStatus(id: string): Promise<SiteStatusResponse>;
|
|
49
|
+
suggestDomains(q: string): Promise<SuggestDomainsResponse>;
|
|
50
|
+
deviceLogin(onPrompt: (userCode: string, uri: string) => void): Promise<string>;
|
|
51
|
+
}
|
|
52
|
+
//# sourceMappingURL=client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/lib/client.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAMnD,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,UAAU,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,UAAU,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,OAAO,CAAC;QACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,EAAE,CAAC;CACL;AAED,wBAAgB,UAAU,IAAI,WAAW,CAcxC;AAED,wBAAgB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,QAItD;AAED,qBAAa,WAAW;IACV,OAAO,CAAC,GAAG;gBAAH,GAAG,GAAE,WAA0B;IAEnD,OAAO,CAAC,OAAO;IAOf,gEAAgE;YAClD,IAAI;IAQZ,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,UAAQ,EAAE,OAAO,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAUlG,SAAS,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAIvC,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAInD,cAAc,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAO1D,WAAW,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC;CAuBtF"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Central configuration for platform-nopen.
|
|
3
|
+
* All secrets come from the environment (loaded from the vault / ~/.secrets at runtime).
|
|
4
|
+
* Never hardcode credentials here.
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* Defensive: some secret stores keep surrounding quotes / stray whitespace in a
|
|
8
|
+
* value (e.g. KEY="abc"), which silently breaks auth headers. Strip one layer of
|
|
9
|
+
* matching surrounding quotes and trim — credentials never legitimately contain those.
|
|
10
|
+
*/
|
|
11
|
+
export declare function cleanSecret(v: string): string;
|
|
12
|
+
export declare const config: {
|
|
13
|
+
/** App */
|
|
14
|
+
readonly appName: "nopen";
|
|
15
|
+
readonly appDomain: string;
|
|
16
|
+
readonly port: number;
|
|
17
|
+
readonly publicUrl: string;
|
|
18
|
+
/** Where the dashboard SPA lives. Same origin as the API in prod; the Vite
|
|
19
|
+
* dev server (:3341) in local dev. OAuth/magic-link redirects land here. */
|
|
20
|
+
readonly appUrl: string;
|
|
21
|
+
/** Postgres */
|
|
22
|
+
readonly databaseUrl: string;
|
|
23
|
+
/** Optional Postgres host override. Can be a Unix socket dir such as /var/run/postgresql. */
|
|
24
|
+
readonly databaseHost: string | undefined;
|
|
25
|
+
/** Postgres TLS mode. RDS Postgres 16 forces SSL (rds.force_ssl=1), so prod sets
|
|
26
|
+
* NOPEN_DATABASE_SSL=require — encrypt without CA verification (the in-VPC RDS
|
|
27
|
+
* endpoint presents the Amazon RDS CA, which we don't bundle). Unset = no TLS
|
|
28
|
+
* (local socket / dev). */
|
|
29
|
+
readonly databaseSsl: string | undefined;
|
|
30
|
+
/** AI providers (high-level architecture: Anthropic + OpenAI) */
|
|
31
|
+
readonly anthropicApiKey: string | undefined;
|
|
32
|
+
readonly openaiApiKey: string | undefined;
|
|
33
|
+
/** Zhipu / GLM — the economical "codewith" engine runs GLM-5.2. Optional;
|
|
34
|
+
* economical builds fall back to the ai-sdk fast model when absent. */
|
|
35
|
+
readonly zhipuApiKey: string | undefined;
|
|
36
|
+
/** OpenRouter — access to free/community models for the economical engine. */
|
|
37
|
+
readonly openrouterApiKey: string | undefined;
|
|
38
|
+
/** Default models per role */
|
|
39
|
+
readonly models: {
|
|
40
|
+
readonly architect: string;
|
|
41
|
+
readonly builder: string;
|
|
42
|
+
readonly fast: string;
|
|
43
|
+
/** Economical model for the "codewith" engine (GLM-5.2 + free models). */
|
|
44
|
+
readonly cheap: string;
|
|
45
|
+
};
|
|
46
|
+
/** Autopilot — the per-app goal + task-list engine. */
|
|
47
|
+
readonly autopilot: {
|
|
48
|
+
/** Off by default; the daemon/cycle only runs apps when enabled. */
|
|
49
|
+
readonly enabled: boolean;
|
|
50
|
+
/** Max tasks executed per cycle invocation (safety bound). */
|
|
51
|
+
readonly maxTasksPerCycle: number;
|
|
52
|
+
/** Default per-app daily credit cap (0 = no per-app cap, only balance). */
|
|
53
|
+
readonly defaultDailyCapCredits: number;
|
|
54
|
+
/** Real domain purchases spend money — opt-in. */
|
|
55
|
+
readonly buyDomains: boolean;
|
|
56
|
+
/** Platform-wide kill switch: when set, the cycle does nothing. */
|
|
57
|
+
readonly paused: boolean;
|
|
58
|
+
/** Aggregate platform credit ceiling per day (0 = unlimited). */
|
|
59
|
+
readonly globalDailyCapCredits: number;
|
|
60
|
+
};
|
|
61
|
+
/** Sandboxes (e2b) — ALL generated-app building/execution happens here, never
|
|
62
|
+
* on the host. The key comes from the vault (hasnaxyz/e2b/live/api_key). */
|
|
63
|
+
readonly e2bApiKey: string | undefined;
|
|
64
|
+
readonly sandbox: {
|
|
65
|
+
/** Sandbox build is on whenever an e2b key is present, unless explicitly off. */
|
|
66
|
+
readonly enabled: boolean;
|
|
67
|
+
readonly template: string;
|
|
68
|
+
/** Hard ceiling for a single build sandbox's lifetime. */
|
|
69
|
+
readonly timeoutMs: number;
|
|
70
|
+
/** Per-command ceiling inside the sandbox. */
|
|
71
|
+
readonly commandTimeoutMs: number;
|
|
72
|
+
};
|
|
73
|
+
/** Review gate — our Codewith reviewer double-checks the build before go-live.
|
|
74
|
+
* On by default (when an economical-engine credential is present); set "off" to skip. */
|
|
75
|
+
readonly review: {
|
|
76
|
+
readonly enabled: boolean;
|
|
77
|
+
readonly maxFixes: number;
|
|
78
|
+
};
|
|
79
|
+
/** Goal-loop builder — the premium "cloud" engine drives one goal-directed agent
|
|
80
|
+
* session that iterates until the in-sandbox smoke passes. On by default; "off" to skip. */
|
|
81
|
+
readonly builder: {
|
|
82
|
+
readonly goalLoop: boolean;
|
|
83
|
+
readonly maxIters: number;
|
|
84
|
+
};
|
|
85
|
+
/** Cloudflare (domains + Workers deploy + email).
|
|
86
|
+
* Supports both scoped Bearer tokens and the legacy Global API Key (email + key). */
|
|
87
|
+
readonly cloudflareApiToken: string | undefined;
|
|
88
|
+
readonly cloudflareEmail: string | undefined;
|
|
89
|
+
readonly cloudflareGlobalKey: string | undefined;
|
|
90
|
+
readonly cloudflareAccountId: string | undefined;
|
|
91
|
+
/** Stripe (SaaS billing + agent-payment protocol) */
|
|
92
|
+
readonly stripeSecretKey: string | undefined;
|
|
93
|
+
readonly stripeWebhookSecret: string | undefined;
|
|
94
|
+
/** Platform take rate on site sales (basis points; 1000 = 10%). */
|
|
95
|
+
readonly takeRateBps: number;
|
|
96
|
+
/** Email — catch-all forward destination for site domains */
|
|
97
|
+
readonly forwardEmail: string;
|
|
98
|
+
/** Auth */
|
|
99
|
+
readonly jwtSecret: string;
|
|
100
|
+
/** Admin secret required to approve device-code logins (prevents impersonation). */
|
|
101
|
+
readonly adminSecret: string | undefined;
|
|
102
|
+
/** Secret used to derive per-site ingest tokens that scope the public
|
|
103
|
+
* /subscribe + /px beacons to a specific site. Falls back to the auth secret. */
|
|
104
|
+
readonly ingestSecret: string;
|
|
105
|
+
/** Google OAuth (consumer "Continue with Google" login). */
|
|
106
|
+
readonly googleClientId: string | undefined;
|
|
107
|
+
readonly googleClientSecret: string | undefined;
|
|
108
|
+
/** Resend — transactional email used to deliver magic-link sign-in emails. */
|
|
109
|
+
readonly resendApiKey: string | undefined;
|
|
110
|
+
readonly emailFrom: string;
|
|
111
|
+
/** Dev mode: relaxes a few flows (e.g. returns the magic link in the API
|
|
112
|
+
* response so local sign-in works without inbox access). */
|
|
113
|
+
readonly isDev: boolean;
|
|
114
|
+
};
|
|
115
|
+
export type Config = typeof config;
|
|
116
|
+
/** Throws if a required secret is missing — call before operations that need it. */
|
|
117
|
+
export declare function requireSecret(name: keyof Config): string;
|
|
118
|
+
//# sourceMappingURL=config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAM7C;AAkBD,eAAO,MAAM,MAAM;IACjB,UAAU;;;;;IAKV;iFAC6E;;IAG7E,eAAe;;IAKf,6FAA6F;;IAE7F;;;gCAG4B;;IAG5B,iEAAiE;;;IAGjE;4EACwE;;IAExE,8EAA8E;;IAE9E,8BAA8B;;;;;QAK5B,0EAA0E;;;IAI5E,uDAAuD;;QAErD,oEAAoE;;QAEpE,8DAA8D;;QAE9D,2EAA2E;;QAE3E,kDAAkD;;QAElD,mEAAmE;;QAEnE,iEAAiE;;;IAInE;iFAC6E;;;QAG3E,iFAAiF;;;QAGjF,0DAA0D;;QAE1D,8CAA8C;;;IAIhD;8FAC0F;;;;;IAO1F;iGAC6F;;;;;IAM7F;yFACqF;;;;;IAOrF,qDAAqD;;;IAGrD,mEAAmE;;IAGnE,6DAA6D;;IAG7D,WAAW;;IAEX,oFAAoF;;IAEpF;sFACkF;;IAGlF,4DAA4D;;;IAI5D,8EAA8E;;;IAI9E;iEAC6D;;CAErD,CAAC;AAEX,MAAM,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC;AAEnC,oFAAoF;AACpF,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,MAAM,GAAG,MAAM,CAQxD"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
export interface ConnectStatus {
|
|
2
|
+
connected: boolean;
|
|
3
|
+
chargesEnabled: boolean;
|
|
4
|
+
accountId: string | null;
|
|
5
|
+
}
|
|
6
|
+
/** Create the connected account if missing; return its id. */
|
|
7
|
+
export declare function ensureConnectAccount(userId: string): Promise<string>;
|
|
8
|
+
/** Hosted onboarding link for the user to finish payout setup. */
|
|
9
|
+
export declare function onboardingLink(userId: string): Promise<string>;
|
|
10
|
+
/** Refresh + persist whether the account can take charges. */
|
|
11
|
+
export declare function refreshConnectStatus(userId: string): Promise<ConnectStatus>;
|
|
12
|
+
/** The platform's application fee for a sale (the take rate). */
|
|
13
|
+
export declare function applicationFeeCents(amountCents: number): number;
|
|
14
|
+
//# sourceMappingURL=connect.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"connect.d.ts","sourceRoot":"","sources":["../../src/lib/connect.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,OAAO,CAAC;IACnB,cAAc,EAAE,OAAO,CAAC;IACxB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,8DAA8D;AAC9D,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAO1E;AAED,kEAAkE;AAClE,wBAAsB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAQpE;AAED,8DAA8D;AAC9D,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAYjF;AAED,iEAAiE;AACjE,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAE/D"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/** Default credits per plan (monthly grant), polsia-inspired. */
|
|
2
|
+
export declare const PLAN_CREDITS: {
|
|
3
|
+
readonly free: 5;
|
|
4
|
+
readonly starter: 30;
|
|
5
|
+
readonly pro: 120;
|
|
6
|
+
};
|
|
7
|
+
/** Credit cost per action. */
|
|
8
|
+
export declare const COST: {
|
|
9
|
+
readonly site_build: 1;
|
|
10
|
+
readonly domain_buy: 2;
|
|
11
|
+
};
|
|
12
|
+
export declare class InsufficientCreditsError extends Error {
|
|
13
|
+
balance: number;
|
|
14
|
+
needed: number;
|
|
15
|
+
constructor(balance: number, needed: number);
|
|
16
|
+
}
|
|
17
|
+
export declare function assertPositiveCreditAmount(amount: number, label?: string): void;
|
|
18
|
+
export declare function getBalance(userId: string): Promise<number>;
|
|
19
|
+
export declare function grantCredits(userId: string, amount: number, reason: string): Promise<number>;
|
|
20
|
+
/**
|
|
21
|
+
* Spend credits atomically. A single conditional UPDATE (… WHERE credits >= amount)
|
|
22
|
+
* prevents the read-then-write race (concurrent double-spend / negative balance).
|
|
23
|
+
* Throws InsufficientCreditsError if the guarded update affects no row.
|
|
24
|
+
*/
|
|
25
|
+
export declare function spendCredits(userId: string, amount: number, reason: string, siteId?: string): Promise<number>;
|
|
26
|
+
/**
|
|
27
|
+
* Charge a task's credits exactly once. The idempotency key (e.g.
|
|
28
|
+
* `task:<id>:attempt:<n>:charge`) is used as the ledger reason; a retry with the
|
|
29
|
+
* same key is a no-op. Throws InsufficientCreditsError when the balance is short.
|
|
30
|
+
*/
|
|
31
|
+
export declare function chargeTaskCredits(userId: string, amount: number, idempotencyKey: string, siteId?: string): Promise<number>;
|
|
32
|
+
/** Refund a task's credits exactly once (e.g. on failure). Idempotent on the key. */
|
|
33
|
+
export declare function refundTaskCredits(userId: string, amount: number, idempotencyKey: string): Promise<number>;
|
|
34
|
+
/** Credits spent on a site today (for per-app daily caps). Counts only debits. */
|
|
35
|
+
export declare function spentTodayForSite(siteId: string): Promise<number>;
|
|
36
|
+
/** Total credits ever spent on a site (for the per-app LIFETIME budget cap). */
|
|
37
|
+
export declare function spentLifetimeForSite(siteId: string): Promise<number>;
|
|
38
|
+
/** Total credits spent across the platform today (for the global circuit breaker). */
|
|
39
|
+
export declare function spentTodayGlobal(): Promise<number>;
|
|
40
|
+
/** Whether a ledger entry with this reason already exists (webhook idempotency). */
|
|
41
|
+
export declare function ledgerReasonExists(reason: string): Promise<boolean>;
|
|
42
|
+
/** Ledger history for a user. */
|
|
43
|
+
export declare function ledger(userId: string, limit?: number): Promise<{
|
|
44
|
+
id: string;
|
|
45
|
+
createdAt: Date;
|
|
46
|
+
userId: string | null;
|
|
47
|
+
siteId: string | null;
|
|
48
|
+
delta: number;
|
|
49
|
+
reason: string;
|
|
50
|
+
balanceAfter: number;
|
|
51
|
+
}[]>;
|
|
52
|
+
//# sourceMappingURL=credits.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credits.d.ts","sourceRoot":"","sources":["../../src/lib/credits.ts"],"names":[],"mappings":"AASA,iEAAiE;AACjE,eAAO,MAAM,YAAY;;;;CAOf,CAAC;AAEX,8BAA8B;AAC9B,eAAO,MAAM,IAAI;;;CAGP,CAAC;AAEX,qBAAa,wBAAyB,SAAQ,KAAK;IAC9B,OAAO,EAAE,MAAM;IAAS,MAAM,EAAE,MAAM;gBAAtC,OAAO,EAAE,MAAM,EAAS,MAAM,EAAE,MAAM;CAG1D;AAED,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,SAAY,GAAG,IAAI,CAIlF;AAED,wBAAsB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAGhE;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAYlG;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CAejB;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CAIjB;AAED,qFAAqF;AACrF,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC,CAIjB;AAED,kFAAkF;AAClF,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAYvE;AAED,gFAAgF;AAChF,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAM1E;AAED,sFAAsF;AACtF,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC,CAMxD;AAED,oFAAoF;AACpF,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGzE;AAED,iCAAiC;AACjC,wBAAsB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,SAAK;;;;;;;;KAOtD"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
export type Severity = "critical" | "feature" | "optional";
|
|
2
|
+
export interface Check {
|
|
3
|
+
key: string;
|
|
4
|
+
label: string;
|
|
5
|
+
ok: boolean;
|
|
6
|
+
severity: Severity;
|
|
7
|
+
/** What's wrong / what works. */
|
|
8
|
+
detail: string;
|
|
9
|
+
/** How to fix it (only when not ok). */
|
|
10
|
+
fix?: string;
|
|
11
|
+
}
|
|
12
|
+
export interface DoctorReport {
|
|
13
|
+
checks: Check[];
|
|
14
|
+
ok: boolean;
|
|
15
|
+
}
|
|
16
|
+
/** Static, no-network configuration inspection. */
|
|
17
|
+
export declare function inspectConfig(): Check[];
|
|
18
|
+
export declare function report(checks: Check[]): DoctorReport;
|
|
19
|
+
/** Human-readable report for the terminal. */
|
|
20
|
+
export declare function formatReport(r: DoctorReport): string;
|
|
21
|
+
/** Throws on critical failures in production; warns (but continues) in dev. Call at boot. */
|
|
22
|
+
export declare function assertBootConfig(log?: (m: string) => void): void;
|
|
23
|
+
/** Live credential checks. Network calls; only run on demand (`nopen doctor --probe`). */
|
|
24
|
+
export declare function probe(): Promise<Check[]>;
|
|
25
|
+
//# sourceMappingURL=doctor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../src/lib/doctor.ts"],"names":[],"mappings":"AAWA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,UAAU,CAAC;AAE3D,MAAM,WAAW,KAAK;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,QAAQ,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,KAAK,EAAE,CAAC;IAChB,EAAE,EAAE,OAAO,CAAC;CACb;AAID,mDAAmD;AACnD,wBAAgB,aAAa,IAAI,KAAK,EAAE,CA6GvC;AAID,wBAAgB,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAEpD;AAED,8CAA8C;AAC9C,wBAAgB,YAAY,CAAC,CAAC,EAAE,YAAY,GAAG,MAAM,CAgBpD;AAED,6FAA6F;AAC7F,wBAAgB,gBAAgB,CAAC,GAAG,GAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAoB,GAAG,IAAI,CAO/E;AAcD,0FAA0F;AAC1F,wBAAsB,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC,CAmF9C"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/** Stable per-site ingest token (truncated HMAC of the site id under the secret). */
|
|
2
|
+
export declare function siteIngestToken(siteId: string): string;
|
|
3
|
+
/** Constant-time check that `token` is the valid ingest token for `siteId`. */
|
|
4
|
+
export declare function verifyIngestToken(siteId: string, token: string | undefined | null): boolean;
|
|
5
|
+
/** Public subscribe-ingest URL embedded in a generated site (token-scoped). */
|
|
6
|
+
export declare function subscribeIngestUrl(siteId: string): string;
|
|
7
|
+
/** Public pageview-beacon URL embedded in a generated site (token-scoped). */
|
|
8
|
+
export declare function analyticsIngestUrl(siteId: string): string;
|
|
9
|
+
//# sourceMappingURL=ingest.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ingest.d.ts","sourceRoot":"","sources":["../../src/lib/ingest.ts"],"names":[],"mappings":"AAaA,qFAAqF;AACrF,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,+EAA+E;AAC/E,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,OAAO,CAM3F;AAED,+EAA+E;AAC/E,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED,8EAA8E;AAC9E,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEzD"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* In-memory IP rate limiting for the public, CORS-open endpoints (/plan, /subscribe,
|
|
3
|
+
* /px). Two concerns the naive Map approach got wrong:
|
|
4
|
+
* 1. Trust: keying on a client-supplied X-Forwarded-For lets an attacker rotate the
|
|
5
|
+
* header to bypass the limit AND inflate the map without bound.
|
|
6
|
+
* 2. Memory: an unbounded Map of one entry per source IP is a DoS (OOM) on a public
|
|
7
|
+
* endpoint. We prune stale entries and hard-cap the key count.
|
|
8
|
+
*/
|
|
9
|
+
import type { Context } from "hono";
|
|
10
|
+
/**
|
|
11
|
+
* The only trustworthy client IP behind our Cloudflare proxy is `cf-connecting-ip`
|
|
12
|
+
* (set by the edge, overwrites any client value). We deliberately do NOT fall back to
|
|
13
|
+
* the spoofable X-Forwarded-For; with no CF header we use the real socket peer.
|
|
14
|
+
*/
|
|
15
|
+
export declare function clientIp(c: Context): string;
|
|
16
|
+
export interface RateLimiter {
|
|
17
|
+
(key: string, now?: number): boolean;
|
|
18
|
+
size(): number;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Fixed-window limiter (`maxPerWindow` hits per `windowMs` per key) with a hard
|
|
22
|
+
* `maxKeys` cap: when exceeded we prune expired entries, then evict the oldest, so a
|
|
23
|
+
* flood of distinct keys can never exhaust memory.
|
|
24
|
+
*/
|
|
25
|
+
export declare function makeRateLimiter(maxPerWindow: number, windowMs?: number, maxKeys?: number): RateLimiter;
|
|
26
|
+
//# sourceMappingURL=iprate.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iprate.d.ts","sourceRoot":"","sources":["../../src/lib/iprate.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAGpC;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,CAAC,EAAE,OAAO,GAAG,MAAM,CAQ3C;AAED,MAAM,WAAW,WAAW;IAC1B,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACrC,IAAI,IAAI,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,SAAS,EAAE,OAAO,SAAS,GAAG,WAAW,CAqBtG"}
|