@hasna/uptime 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -3
- package/README.md +11 -5
- package/dist/api.d.ts +2 -0
- package/dist/api.d.ts.map +1 -1
- package/dist/api.js +43 -4
- package/dist/cli/index.js +80 -31
- package/dist/cloud-plan.d.ts +11 -7
- package/dist/cloud-plan.d.ts.map +1 -1
- package/dist/cloud-plan.js +30 -22
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +73 -26
- package/docs/aws-deployment-runbook.md +29 -11
- package/infra/aws/README.md +22 -1
- package/infra/aws/main.tf +138 -10
- package/infra/aws/outputs.tf +8 -0
- package/infra/aws/terraform.tfvars.example +12 -3
- package/infra/aws/variables.tf +72 -3
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,30 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## [0.1.9] - 2026-06-28
|
|
10
|
+
|
|
11
|
+
### Changed
|
|
12
|
+
|
|
13
|
+
- AWS Terraform EFS mount targets now use stable list-index keys so deployment
|
|
14
|
+
roots can create private subnets and Open Uptime resources in one plan.
|
|
15
|
+
- AWS Terraform resources now include owner/project/environment/cost-center tags
|
|
16
|
+
and optional AWS Budgets alerts when recipients are configured.
|
|
17
|
+
|
|
18
|
+
## [0.1.8] - 2026-06-28
|
|
19
|
+
|
|
20
|
+
### Added
|
|
21
|
+
|
|
22
|
+
- CloudFront default-domain protected web access mode for first AWS deployment,
|
|
23
|
+
with ALB HTTP restricted to CloudFront origin-facing ranges.
|
|
24
|
+
- Hosted public-origin allow-list support through
|
|
25
|
+
`HASNA_UPTIME_ALLOWED_ORIGINS`, wired by the AWS template for CloudFront and
|
|
26
|
+
custom HTTPS access modes.
|
|
27
|
+
|
|
28
|
+
### Changed
|
|
29
|
+
|
|
30
|
+
- AWS Terraform and cloud-plan defaults no longer require custom Route53/ACM
|
|
31
|
+
inputs for the first protected web deployment path.
|
|
32
|
+
|
|
9
33
|
## [0.1.7] - 2026-06-28
|
|
10
34
|
|
|
11
35
|
### Added
|
|
@@ -51,12 +75,12 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
|
51
75
|
- Dry-run AWS deployment plan generator for a reviewed AWS target,
|
|
52
76
|
covering ECS/Fargate services, ECR image commands, ALB/RDS/S3/Secrets/Logs
|
|
53
77
|
resources, rollback steps, and safety assertions.
|
|
54
|
-
-
|
|
78
|
+
- Private-probe hosted-targeted preflight config generator with JSON and
|
|
55
79
|
env-file rendering.
|
|
56
|
-
- CLI commands `uptime cloud plan` and `uptime cloud
|
|
80
|
+
- CLI commands `uptime cloud plan` and `uptime cloud private-probe-config`.
|
|
57
81
|
- SDK export `@hasna/uptime/cloud-plan`.
|
|
58
82
|
- Machine-readable `blocked`/`canApply:false` and `blocked`/`canStart:false`
|
|
59
|
-
gates plus blocker/evidence lists for AWS and
|
|
83
|
+
gates plus blocker/evidence lists for AWS and private-probe planning artifacts.
|
|
60
84
|
|
|
61
85
|
### Security
|
|
62
86
|
|
package/README.md
CHANGED
|
@@ -32,7 +32,7 @@ uptime report-schedules run-due
|
|
|
32
32
|
uptime report-schedules runs
|
|
33
33
|
uptime audit
|
|
34
34
|
uptime cloud plan --json
|
|
35
|
-
uptime cloud
|
|
35
|
+
uptime cloud private-probe-config --probe-id prb_private_01 --machine-id private-probe-01 --env
|
|
36
36
|
uptime incidents
|
|
37
37
|
uptime serve --port 3899 --check
|
|
38
38
|
```
|
|
@@ -41,14 +41,18 @@ Scheduled reports persist endpoint and recipient configuration, but not send
|
|
|
41
41
|
keys or API tokens. Configure `MAILERY_SEND_KEY`, `HASNA_MAILERY_SEND_KEY`,
|
|
42
42
|
`HASNA_LOGS_API_TOKEN`, or the matching service env vars before scheduled runs.
|
|
43
43
|
|
|
44
|
-
The `uptime cloud ...` commands generate dry-run AWS/
|
|
44
|
+
The `uptime cloud ...` commands generate dry-run AWS/private-probe planning artifacts
|
|
45
45
|
only. They do not call AWS, write secrets, or produce an approved deploy script;
|
|
46
46
|
current output is intentionally blocked until the infra and cloud-store evidence
|
|
47
47
|
in `docs/aws-deployment-runbook.md` is satisfied.
|
|
48
48
|
|
|
49
49
|
Deployment review artifacts live in `Dockerfile` and `infra/aws`. The Terraform
|
|
50
50
|
desired counts default to zero, and `uptime cloud plan --json` exposes the
|
|
51
|
-
format/init/validate/plan commands with `applyAllowed: false`.
|
|
51
|
+
format/init/validate/plan commands with `applyAllowed: false`. The first
|
|
52
|
+
protected access path uses the CloudFront default HTTPS domain with ALB origin
|
|
53
|
+
ingress restricted to CloudFront. The hosted web task must set
|
|
54
|
+
`HASNA_UPTIME_ALLOWED_ORIGINS` to the public HTTPS edge origin so same-origin
|
|
55
|
+
browser mutations still pass when the private origin hop is HTTP. Hosted AWS
|
|
52
56
|
runtime state currently uses explicit EFS-backed SQLite via
|
|
53
57
|
`HASNA_UPTIME_HOSTED_SQLITE_DB=/data/uptime/uptime.db` for one protected web
|
|
54
58
|
task maximum; do not set `HASNA_UPTIME_DATABASE_URL` until the async Postgres
|
|
@@ -59,7 +63,7 @@ the published npm package into ECR from inside AWS.
|
|
|
59
63
|
Private/local probes can submit signed results from another machine:
|
|
60
64
|
|
|
61
65
|
```bash
|
|
62
|
-
uptime probes create
|
|
66
|
+
uptime probes create private-probe-01 --private-key-file ./private-probe-01.key.pem
|
|
63
67
|
uptime probes jobs create --monitor <monitor-id> --schedule-slot 2026-06-28T12:00:00Z
|
|
64
68
|
uptime probes jobs claim <job-id> --probe <probe-id>
|
|
65
69
|
uptime probes submit \
|
|
@@ -69,7 +73,7 @@ uptime probes submit \
|
|
|
69
73
|
--fencing-token <claim-fencing-token> \
|
|
70
74
|
--monitor <monitor-id> \
|
|
71
75
|
--monitor-revision <claim-monitor-revision> \
|
|
72
|
-
--private-key-file ./
|
|
76
|
+
--private-key-file ./private-probe-01.key.pem \
|
|
73
77
|
--status up
|
|
74
78
|
```
|
|
75
79
|
|
|
@@ -87,6 +91,8 @@ State-changing API requests reject cross-origin browser requests and
|
|
|
87
91
|
non-loopback mutation hosts by default. For a trusted remote bind, set
|
|
88
92
|
`HASNA_UPTIME_API_TOKEN` or pass `uptime serve --api-token <token>` and send
|
|
89
93
|
`Authorization: Bearer <token>` or `X-Uptime-Token: <token>`.
|
|
94
|
+
Hosted mode additionally accepts comma-separated public origins from
|
|
95
|
+
`HASNA_UPTIME_ALLOWED_ORIGINS` for deployments behind a TLS-terminating edge.
|
|
90
96
|
Endpoints that accept request bodies require `content-type: application/json`.
|
|
91
97
|
|
|
92
98
|
## Uptime Semantics
|
package/dist/api.d.ts
CHANGED
|
@@ -9,12 +9,14 @@ export interface ServeOptions extends UptimeServiceOptions {
|
|
|
9
9
|
apiToken?: string;
|
|
10
10
|
hostedToken?: string;
|
|
11
11
|
hostedTokens?: HostedToken[];
|
|
12
|
+
hostedAllowedOrigins?: string[];
|
|
12
13
|
allowUnsafeRemoteMutations?: boolean;
|
|
13
14
|
}
|
|
14
15
|
export interface CreateApiHandlerOptions {
|
|
15
16
|
apiToken?: string;
|
|
16
17
|
hostedToken?: string;
|
|
17
18
|
hostedTokens?: HostedToken[];
|
|
19
|
+
hostedAllowedOrigins?: string[];
|
|
18
20
|
allowUnsafeRemoteMutations?: boolean;
|
|
19
21
|
fetchImpl?: typeof fetch;
|
|
20
22
|
trustedLoopback?: boolean;
|
package/dist/api.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAsB,KAAK,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACxE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,WAAW,YAAa,SAAQ,oBAAoB;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,IAAI,CAAC,EAAE,iBAAiB,CAAC;CAC1B;AAED,MAAM,MAAM,WAAW,GAAG,aAAa,GAAG,cAAc,GAAG,cAAc,GAAG,eAAe,GAAG,cAAc,CAAC;AAE7G,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAOD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,aAAa,EAAE,OAAO,GAAE,uBAA4B,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CA2BvI;AAED,wBAAgB,WAAW,CAAC,OAAO,GAAE,YAAiB,GAAG;IAAE,MAAM,EAAE,UAAU,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC;IAAC,OAAO,EAAE,aAAa,CAAC;IAAC,SAAS,CAAC,EAAE,eAAe,CAAA;CAAE,
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAsB,KAAK,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACxE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,WAAW,YAAa,SAAQ,oBAAoB;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,IAAI,CAAC,EAAE,iBAAiB,CAAC;CAC1B;AAED,MAAM,MAAM,WAAW,GAAG,aAAa,GAAG,cAAc,GAAG,cAAc,GAAG,eAAe,GAAG,cAAc,CAAC;AAE7G,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAOD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,aAAa,EAAE,OAAO,GAAE,uBAA4B,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CA2BvI;AAED,wBAAgB,WAAW,CAAC,OAAO,GAAE,YAAiB,GAAG;IAAE,MAAM,EAAE,UAAU,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC;IAAC,OAAO,EAAE,aAAa,CAAC;IAAC,SAAS,CAAC,EAAE,eAAe,CAAA;CAAE,CA4BrJ"}
|
package/dist/api.js
CHANGED
|
@@ -3510,6 +3510,7 @@ function serveUptime(options = {}) {
|
|
|
3510
3510
|
apiToken: options.apiToken,
|
|
3511
3511
|
hostedToken: options.hostedToken,
|
|
3512
3512
|
hostedTokens: options.hostedTokens,
|
|
3513
|
+
hostedAllowedOrigins: options.hostedAllowedOrigins,
|
|
3513
3514
|
allowUnsafeRemoteMutations: options.allowUnsafeRemoteMutations,
|
|
3514
3515
|
trustedLoopback: isLoopbackHost(options.host ?? "127.0.0.1"),
|
|
3515
3516
|
mode
|
|
@@ -3569,13 +3570,23 @@ async function handleHostedRequest(service, request, url, options) {
|
|
|
3569
3570
|
const scope = hostedScopeFor(request.method, apiPath);
|
|
3570
3571
|
requireHostedActor(request, url, options, scope);
|
|
3571
3572
|
if (["POST", "PATCH", "DELETE"].includes(request.method)) {
|
|
3572
|
-
|
|
3573
|
-
if (origin && origin !== `${url.protocol}//${url.host}`) {
|
|
3574
|
-
throw new ApiError("cross-origin mutation rejected", 403);
|
|
3575
|
-
}
|
|
3573
|
+
validateHostedMutationOrigin(request, url, options);
|
|
3576
3574
|
}
|
|
3577
3575
|
return handleApiRoute(service, request, url, apiPath, options, true);
|
|
3578
3576
|
}
|
|
3577
|
+
function validateHostedMutationOrigin(request, url, options) {
|
|
3578
|
+
const rawOrigin = request.headers.get("origin");
|
|
3579
|
+
const origin = normalizeOrigin(rawOrigin);
|
|
3580
|
+
if (rawOrigin && !origin) {
|
|
3581
|
+
throw new ApiError("cross-origin mutation rejected", 403);
|
|
3582
|
+
}
|
|
3583
|
+
if (!origin)
|
|
3584
|
+
return;
|
|
3585
|
+
const allowedOrigins = new Set([`${url.protocol}//${url.host}`, ...resolveHostedAllowedOrigins(options)]);
|
|
3586
|
+
if (!allowedOrigins.has(origin)) {
|
|
3587
|
+
throw new ApiError("cross-origin mutation rejected", 403);
|
|
3588
|
+
}
|
|
3589
|
+
}
|
|
3579
3590
|
async function handleApiRoute(service, request, url, apiPath, options, hosted) {
|
|
3580
3591
|
if (request.method === "GET" && apiPath === "/api/summary") {
|
|
3581
3592
|
return json(service.summary());
|
|
@@ -3794,6 +3805,34 @@ function resolveHostedTokens(options) {
|
|
|
3794
3805
|
workspaceId: process.env.HASNA_UPTIME_WORKSPACE_ID ?? "default"
|
|
3795
3806
|
}];
|
|
3796
3807
|
}
|
|
3808
|
+
function resolveHostedAllowedOrigins(options) {
|
|
3809
|
+
const configured = options.hostedAllowedOrigins ?? splitCsv(process.env.HASNA_UPTIME_ALLOWED_ORIGINS);
|
|
3810
|
+
return configured.map((origin) => normalizeAllowedOrigin(origin)).filter((origin) => Boolean(origin));
|
|
3811
|
+
}
|
|
3812
|
+
function splitCsv(value) {
|
|
3813
|
+
if (!value)
|
|
3814
|
+
return [];
|
|
3815
|
+
return value.split(",").map((entry) => entry.trim()).filter(Boolean);
|
|
3816
|
+
}
|
|
3817
|
+
function normalizeAllowedOrigin(value) {
|
|
3818
|
+
const origin = normalizeOrigin(value);
|
|
3819
|
+
if (!origin) {
|
|
3820
|
+
throw new ApiError(`invalid hosted allowed origin: ${value}`, 500);
|
|
3821
|
+
}
|
|
3822
|
+
return origin;
|
|
3823
|
+
}
|
|
3824
|
+
function normalizeOrigin(value) {
|
|
3825
|
+
if (!value?.trim())
|
|
3826
|
+
return;
|
|
3827
|
+
try {
|
|
3828
|
+
const parsed = new URL(value.trim());
|
|
3829
|
+
if (parsed.protocol !== "http:" && parsed.protocol !== "https:")
|
|
3830
|
+
return;
|
|
3831
|
+
return `${parsed.protocol}//${parsed.host}`;
|
|
3832
|
+
} catch {
|
|
3833
|
+
return;
|
|
3834
|
+
}
|
|
3835
|
+
}
|
|
3797
3836
|
function safeTokenEqual(candidate, expected) {
|
|
3798
3837
|
if (!candidate)
|
|
3799
3838
|
return false;
|
package/dist/cli/index.js
CHANGED
|
@@ -6107,6 +6107,7 @@ function serveUptime(options = {}) {
|
|
|
6107
6107
|
apiToken: options.apiToken,
|
|
6108
6108
|
hostedToken: options.hostedToken,
|
|
6109
6109
|
hostedTokens: options.hostedTokens,
|
|
6110
|
+
hostedAllowedOrigins: options.hostedAllowedOrigins,
|
|
6110
6111
|
allowUnsafeRemoteMutations: options.allowUnsafeRemoteMutations,
|
|
6111
6112
|
trustedLoopback: isLoopbackHost(options.host ?? "127.0.0.1"),
|
|
6112
6113
|
mode
|
|
@@ -6166,13 +6167,23 @@ async function handleHostedRequest(service, request, url, options) {
|
|
|
6166
6167
|
const scope = hostedScopeFor(request.method, apiPath);
|
|
6167
6168
|
requireHostedActor(request, url, options, scope);
|
|
6168
6169
|
if (["POST", "PATCH", "DELETE"].includes(request.method)) {
|
|
6169
|
-
|
|
6170
|
-
if (origin && origin !== `${url.protocol}//${url.host}`) {
|
|
6171
|
-
throw new ApiError("cross-origin mutation rejected", 403);
|
|
6172
|
-
}
|
|
6170
|
+
validateHostedMutationOrigin(request, url, options);
|
|
6173
6171
|
}
|
|
6174
6172
|
return handleApiRoute(service, request, url, apiPath, options, true);
|
|
6175
6173
|
}
|
|
6174
|
+
function validateHostedMutationOrigin(request, url, options) {
|
|
6175
|
+
const rawOrigin = request.headers.get("origin");
|
|
6176
|
+
const origin = normalizeOrigin(rawOrigin);
|
|
6177
|
+
if (rawOrigin && !origin) {
|
|
6178
|
+
throw new ApiError("cross-origin mutation rejected", 403);
|
|
6179
|
+
}
|
|
6180
|
+
if (!origin)
|
|
6181
|
+
return;
|
|
6182
|
+
const allowedOrigins = new Set([`${url.protocol}//${url.host}`, ...resolveHostedAllowedOrigins(options)]);
|
|
6183
|
+
if (!allowedOrigins.has(origin)) {
|
|
6184
|
+
throw new ApiError("cross-origin mutation rejected", 403);
|
|
6185
|
+
}
|
|
6186
|
+
}
|
|
6176
6187
|
async function handleApiRoute(service, request, url, apiPath, options, hosted) {
|
|
6177
6188
|
if (request.method === "GET" && apiPath === "/api/summary") {
|
|
6178
6189
|
return json(service.summary());
|
|
@@ -6391,6 +6402,34 @@ function resolveHostedTokens(options) {
|
|
|
6391
6402
|
workspaceId: process.env.HASNA_UPTIME_WORKSPACE_ID ?? "default"
|
|
6392
6403
|
}];
|
|
6393
6404
|
}
|
|
6405
|
+
function resolveHostedAllowedOrigins(options) {
|
|
6406
|
+
const configured = options.hostedAllowedOrigins ?? splitCsv(process.env.HASNA_UPTIME_ALLOWED_ORIGINS);
|
|
6407
|
+
return configured.map((origin) => normalizeAllowedOrigin(origin)).filter((origin) => Boolean(origin));
|
|
6408
|
+
}
|
|
6409
|
+
function splitCsv(value) {
|
|
6410
|
+
if (!value)
|
|
6411
|
+
return [];
|
|
6412
|
+
return value.split(",").map((entry) => entry.trim()).filter(Boolean);
|
|
6413
|
+
}
|
|
6414
|
+
function normalizeAllowedOrigin(value) {
|
|
6415
|
+
const origin = normalizeOrigin(value);
|
|
6416
|
+
if (!origin) {
|
|
6417
|
+
throw new ApiError(`invalid hosted allowed origin: ${value}`, 500);
|
|
6418
|
+
}
|
|
6419
|
+
return origin;
|
|
6420
|
+
}
|
|
6421
|
+
function normalizeOrigin(value) {
|
|
6422
|
+
if (!value?.trim())
|
|
6423
|
+
return;
|
|
6424
|
+
try {
|
|
6425
|
+
const parsed = new URL(value.trim());
|
|
6426
|
+
if (parsed.protocol !== "http:" && parsed.protocol !== "https:")
|
|
6427
|
+
return;
|
|
6428
|
+
return `${parsed.protocol}//${parsed.host}`;
|
|
6429
|
+
} catch {
|
|
6430
|
+
return;
|
|
6431
|
+
}
|
|
6432
|
+
}
|
|
6394
6433
|
function safeTokenEqual(candidate, expected) {
|
|
6395
6434
|
if (!candidate)
|
|
6396
6435
|
return false;
|
|
@@ -6426,6 +6465,7 @@ var DEFAULT_HOSTNAME = "uptime.example.com";
|
|
|
6426
6465
|
var DEFAULT_WORKSPACE_ID = "workspace-id";
|
|
6427
6466
|
var DEFAULT_VPC_ID = "vpc-xxxxxxxx";
|
|
6428
6467
|
var DEFAULT_HOSTED_SQLITE_DB = "/data/uptime/uptime.db";
|
|
6468
|
+
var DEFAULT_PROTECTED_ACCESS_MODE = "cloudfront_default_domain";
|
|
6429
6469
|
function buildAwsDeploymentPlan(options = {}) {
|
|
6430
6470
|
const region = clean(options.region, DEFAULT_REGION);
|
|
6431
6471
|
const stage = clean(options.stage, DEFAULT_STAGE);
|
|
@@ -6438,7 +6478,9 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6438
6478
|
const image = clean(options.image, `${imageRepositoryUri}@sha256:<image-digest>`);
|
|
6439
6479
|
const evidenceBucket = clean(options.evidenceBucket, `hasna-${stage}-${prefix}-evidence`);
|
|
6440
6480
|
const hostedSqliteDbPath = clean(options.hostedSqliteDbPath, DEFAULT_HOSTED_SQLITE_DB);
|
|
6441
|
-
const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.
|
|
6481
|
+
const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.9");
|
|
6482
|
+
const protectedAccessMode = options.protectedAccessMode ?? DEFAULT_PROTECTED_ACCESS_MODE;
|
|
6483
|
+
const protectedAccessUrl = protectedAccessMode === "cloudfront_default_domain" ? "https://<cloudfront-domain>" : `https://${hostname}`;
|
|
6442
6484
|
const cluster = `${prefix}-${stage}`;
|
|
6443
6485
|
const secrets = {
|
|
6444
6486
|
appEnv: clean(options.appEnvSecretName, `open-uptime/${stage}/app/env`),
|
|
@@ -6452,7 +6494,8 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6452
6494
|
HASNA_UPTIME_MODE: "hosted",
|
|
6453
6495
|
HASNA_UPTIME_HOSTED_SQLITE_DB: hostedSqliteDbPath,
|
|
6454
6496
|
HASNA_UPTIME_WORKSPACE_ID: workspaceId,
|
|
6455
|
-
HASNA_UPTIME_HOSTNAME: hostname
|
|
6497
|
+
HASNA_UPTIME_HOSTNAME: hostname,
|
|
6498
|
+
HASNA_UPTIME_ALLOWED_ORIGINS: protectedAccessUrl
|
|
6456
6499
|
}),
|
|
6457
6500
|
servicePlan(prefix, stage, "scheduler", 0, image, workspaceId, secrets, {
|
|
6458
6501
|
HASNA_UPTIME_MODE: "hosted",
|
|
@@ -6478,7 +6521,7 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6478
6521
|
];
|
|
6479
6522
|
return {
|
|
6480
6523
|
kind: "open-uptime.aws-deployment-plan",
|
|
6481
|
-
version:
|
|
6524
|
+
version: 3,
|
|
6482
6525
|
generatedAt: new Date().toISOString(),
|
|
6483
6526
|
status: "blocked",
|
|
6484
6527
|
canApply: false,
|
|
@@ -6500,6 +6543,9 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6500
6543
|
hostedSqliteDbPath,
|
|
6501
6544
|
evidenceBucket,
|
|
6502
6545
|
loadBalancer: `${prefix}-${stage}-alb`,
|
|
6546
|
+
protectedAccessMode,
|
|
6547
|
+
edgeDistribution: protectedAccessMode === "cloudfront_default_domain" ? `${prefix}-${stage}-edge` : undefined,
|
|
6548
|
+
protectedAccessUrl,
|
|
6503
6549
|
targetGroups: [`${prefix}-${stage}-web-tg`],
|
|
6504
6550
|
securityGroups: [
|
|
6505
6551
|
`${prefix}-${stage}-alb-sg`,
|
|
@@ -6547,7 +6593,7 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6547
6593
|
`Infra PR must declare CodeBuild image builder ${prefix}-${stage}-image-builder for @hasna/uptime@${runtimePackageVersion}.`,
|
|
6548
6594
|
`Infra PR must declare hardened S3 evidence bucket ${evidenceBucket} with KMS, versioning, lifecycle, and public access block.`,
|
|
6549
6595
|
`Infra PR must declare encrypted EFS ${prefix}-${stage}-data with access point, mount targets, and AWS Backup plan.`,
|
|
6550
|
-
`Infra PR must declare ECS/Fargate cluster ${cluster}, ALB, target groups, security groups, IAM roles, CloudWatch log groups, and Secrets Manager refs.`,
|
|
6596
|
+
protectedAccessMode === "cloudfront_default_domain" ? "Infra PR must declare CloudFront default-domain HTTPS edge, ALB HTTP listener restricted to CloudFront origin-facing ranges, ECS/Fargate cluster, target groups, security groups, IAM roles, CloudWatch log groups, and Secrets Manager refs." : `Infra PR must declare ECS/Fargate cluster ${cluster}, ALB HTTPS listener, target groups, security groups, IAM roles, CloudWatch log groups, and Secrets Manager refs.`,
|
|
6551
6597
|
"Only apply the infra plan from the approved infrastructure repository after review evidence is attached."
|
|
6552
6598
|
],
|
|
6553
6599
|
deploy: [
|
|
@@ -6556,7 +6602,7 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6556
6602
|
"For the EFS SQLite bridge, do not run migration, scheduler, public-probe, or reporter tasks; keep them at desired count 0 until Postgres and cloud leases exist.",
|
|
6557
6603
|
`Register task definitions for ${services.map((service) => service.name).join(", ")} using valueFrom secrets.`,
|
|
6558
6604
|
`Update ECS services in cluster ${cluster} one component at a time through the approved deploy pipeline.`,
|
|
6559
|
-
`Create Route53/edge record for ${hostname} only after ALB health checks pass and auth denial smokes succeed.`
|
|
6605
|
+
protectedAccessMode === "cloudfront_default_domain" ? "Use the CloudFront default HTTPS domain for first protected access; add custom DNS/certificate only after edge ownership is approved." : `Create Route53/edge record for ${hostname} only after ALB health checks pass and auth denial smokes succeed.`
|
|
6560
6606
|
],
|
|
6561
6607
|
rollback: [
|
|
6562
6608
|
"Keep previous task definition ARNs before each service update.",
|
|
@@ -6564,9 +6610,9 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6564
6610
|
"Disable scheduler/reporter services before data rollback.",
|
|
6565
6611
|
"Restore EFS backup recovery point only after explicit operator approval and audit record."
|
|
6566
6612
|
],
|
|
6567
|
-
|
|
6613
|
+
privateProbe: [
|
|
6568
6614
|
"Create a private probe identity with a caller-managed public key.",
|
|
6569
|
-
"Install @hasna/uptime on
|
|
6615
|
+
"Install @hasna/uptime on the private probe operator machine and write the generated env file with mode 0600.",
|
|
6570
6616
|
"Run the private probe against the hosted /api/v1 probe endpoint once it exists."
|
|
6571
6617
|
]
|
|
6572
6618
|
},
|
|
@@ -6575,17 +6621,17 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6575
6621
|
"The EFS SQLite bridge is single-writer only: web target desired count is 1 and scheduler/public-probe/reporter targets remain 0 until Postgres and cloud leases exist.",
|
|
6576
6622
|
"Hosted production auth/RBAC must replace broad static hosted-token operation before exposure.",
|
|
6577
6623
|
"Public probe execution still needs DNS, redirect, and rebinding SSRF enforcement plus cloud check-job leases.",
|
|
6578
|
-
"
|
|
6624
|
+
"Private probe enrollment, claim, submit, heartbeat, revocation, and rotation are not cloud-backed yet."
|
|
6579
6625
|
],
|
|
6580
6626
|
requiredEvidence: [
|
|
6581
6627
|
"Infrastructure PR/synth/plan from the approved infra repository.",
|
|
6582
6628
|
"CodeBuild image-builder run, container smoke, and immutable image digest.",
|
|
6583
6629
|
"ECS task definitions using secrets.valueFrom only.",
|
|
6584
|
-
"ALB
|
|
6630
|
+
"CloudFront-default-domain or ALB TLS auth-denial smokes, direct-origin denial evidence, and web alarm checks.",
|
|
6585
6631
|
"Single-writer ECS evidence: one web task maximum and no scheduler/public-probe/reporter EFS mounts.",
|
|
6586
6632
|
"EFS encryption, access point, mount-target, AWS Backup, and restore-drill evidence.",
|
|
6587
6633
|
"S3 bucket KMS, versioning, lifecycle, and public-access-block evidence.",
|
|
6588
|
-
"
|
|
6634
|
+
"Private-probe registration, key-file mode, heartbeat, and revocation evidence."
|
|
6589
6635
|
],
|
|
6590
6636
|
safety: {
|
|
6591
6637
|
liveAwsMutation: false,
|
|
@@ -6594,6 +6640,7 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6594
6640
|
notes: [
|
|
6595
6641
|
"This plan generator does not call AWS.",
|
|
6596
6642
|
"Blocked plan output intentionally avoids copy-pastable AWS mutation commands.",
|
|
6643
|
+
"Default protected access uses CloudFront's HTTPS default domain so first deploy is not blocked on custom DNS or ACM.",
|
|
6597
6644
|
"Hosted runtime uses explicit EFS-backed SQLite at HASNA_UPTIME_HOSTED_SQLITE_DB until the async Postgres adapter exists.",
|
|
6598
6645
|
"Do not set HASNA_UPTIME_DATABASE_URL for hosted tasks until the Postgres adapter is implemented.",
|
|
6599
6646
|
"Secrets are represented as secret names/refs and must be injected with valueFrom.",
|
|
@@ -6602,16 +6649,16 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
6602
6649
|
}
|
|
6603
6650
|
};
|
|
6604
6651
|
}
|
|
6605
|
-
function
|
|
6652
|
+
function buildPrivateProbeCloudConfig(options = {}) {
|
|
6606
6653
|
const apiUrl = clean(options.apiUrl, `https://${DEFAULT_HOSTNAME}/api/v1`);
|
|
6607
6654
|
const workspaceId = clean(options.workspaceId, DEFAULT_WORKSPACE_ID);
|
|
6608
|
-
const machineId = clean(options.machineId, "
|
|
6609
|
-
const privateKeyFile = clean(options.probePrivateKeyFile, "~/.hasna/uptime/probes/
|
|
6655
|
+
const machineId = clean(options.machineId, "private-probe-01");
|
|
6656
|
+
const privateKeyFile = clean(options.probePrivateKeyFile, "~/.hasna/uptime/probes/private-probe-01.key.pem");
|
|
6610
6657
|
const probeId = options.probeId?.trim();
|
|
6611
6658
|
const blockers = [
|
|
6612
6659
|
...probeId ? [] : ["Cloud-registered private probe id is required before writing a sourceable env file."],
|
|
6613
6660
|
"Hosted probe claim and submit routes still fail closed until cloud check_jobs and workspace stores are implemented.",
|
|
6614
|
-
"
|
|
6661
|
+
"Private probe enrollment, heartbeat, revocation, rotation, and bounded offline lease handling are not implemented yet."
|
|
6615
6662
|
];
|
|
6616
6663
|
const env3 = {
|
|
6617
6664
|
HASNA_UPTIME_MODE: "hosted",
|
|
@@ -6625,7 +6672,7 @@ function buildSpark01CloudConfig(options = {}) {
|
|
|
6625
6672
|
if (probeId)
|
|
6626
6673
|
env3.HASNA_UPTIME_PRIVATE_PROBE_ID = probeId;
|
|
6627
6674
|
return {
|
|
6628
|
-
kind: "open-uptime.
|
|
6675
|
+
kind: "open-uptime.private-probe-cloud-config",
|
|
6629
6676
|
version: 1,
|
|
6630
6677
|
generatedAt: new Date().toISOString(),
|
|
6631
6678
|
status: "blocked",
|
|
@@ -6637,7 +6684,7 @@ function buildSpark01CloudConfig(options = {}) {
|
|
|
6637
6684
|
{
|
|
6638
6685
|
path: privateKeyFile,
|
|
6639
6686
|
mode: "0600",
|
|
6640
|
-
purpose: "Ed25519 private key generated on
|
|
6687
|
+
purpose: "Ed25519 private key generated on the private probe machine; never paste into cloud config."
|
|
6641
6688
|
},
|
|
6642
6689
|
{
|
|
6643
6690
|
path: "~/.hasna/uptime/cloud.env",
|
|
@@ -6647,7 +6694,7 @@ function buildSpark01CloudConfig(options = {}) {
|
|
|
6647
6694
|
],
|
|
6648
6695
|
commands: [
|
|
6649
6696
|
"bun install -g @hasna/uptime@latest",
|
|
6650
|
-
"Generate the
|
|
6697
|
+
"Generate the private probe key locally and register only its public key with the hosted control plane once registration exists.",
|
|
6651
6698
|
"Write ~/.hasna/uptime/cloud.env from this plan, then source it for the private probe service.",
|
|
6652
6699
|
"Start the private probe worker only after hosted /api/v1 probe claim/submit routes are backed by cloud jobs."
|
|
6653
6700
|
],
|
|
@@ -6656,18 +6703,18 @@ function buildSpark01CloudConfig(options = {}) {
|
|
|
6656
6703
|
privateKeyInline: false,
|
|
6657
6704
|
tokenInline: false,
|
|
6658
6705
|
notes: [
|
|
6659
|
-
"This config is hosted-targeted preflight:
|
|
6706
|
+
"This config is hosted-targeted preflight: the private probe must not start until cloud probe routes are backed by hosted state.",
|
|
6660
6707
|
"The private key file path is referenced, not embedded.",
|
|
6661
6708
|
"Hosted token or probe auth material must come from the machine secret store, not this generated config."
|
|
6662
6709
|
]
|
|
6663
6710
|
}
|
|
6664
6711
|
};
|
|
6665
6712
|
}
|
|
6666
|
-
function
|
|
6713
|
+
function renderPrivateProbeEnv(config) {
|
|
6667
6714
|
const required = ["HASNA_UPTIME_PRIVATE_PROBE_ID"];
|
|
6668
6715
|
const missing = required.filter((key) => !config.env[key]);
|
|
6669
6716
|
if (missing.length > 0) {
|
|
6670
|
-
throw new Error(`
|
|
6717
|
+
throw new Error(`private probe env output requires ${missing.join(", ")}`);
|
|
6671
6718
|
}
|
|
6672
6719
|
return Object.entries(config.env).map(([key, value]) => `${key}=${shellEscape(value)}`).join(`
|
|
6673
6720
|
`);
|
|
@@ -7007,8 +7054,8 @@ program2.command("audit").description("List local audit events").option("--resou
|
|
|
7007
7054
|
fail(error);
|
|
7008
7055
|
}
|
|
7009
7056
|
});
|
|
7010
|
-
var cloud = program2.command("cloud").description("Generate dry-run cloud deployment and
|
|
7011
|
-
cloud.command("plan").description("Generate a dry-run AWS deployment plan").option("--account <name>", "AWS account/profile label", "aws-profile").option("--region <region>", "AWS region", "us-east-1").option("--stage <stage>", "deployment stage", "prod").option("--hostname <hostname>", "hosted Open Uptime hostname", "uptime.example.com").option("--workspace-id <id>", "workspace id", "workspace-id").option("--vpc-id <id>", "target VPC id").option("--hosted-sqlite-db <path>", "hosted SQLite path on the EFS mount").option("--rds-instance-id <id>", "deprecated; ignored until the hosted Postgres adapter exists").option("--database-secret-name <name>", "deprecated; ignored until the hosted Postgres adapter exists").option("--ecr-repository <name>", "ECR repository name").option("--image <uri>", "container image URI").option("--runtime-package-version <version>", "published @hasna/uptime version for the AWS image builder").option("--evidence-bucket <name>", "S3 evidence bucket name").option("-j, --json", "print JSON").action((opts) => {
|
|
7057
|
+
var cloud = program2.command("cloud").description("Generate dry-run cloud deployment and private-probe configuration artifacts");
|
|
7058
|
+
cloud.command("plan").description("Generate a dry-run AWS deployment plan").option("--account <name>", "AWS account/profile label", "aws-profile").option("--region <region>", "AWS region", "us-east-1").option("--stage <stage>", "deployment stage", "prod").option("--hostname <hostname>", "hosted Open Uptime hostname", "uptime.example.com").option("--workspace-id <id>", "workspace id", "workspace-id").option("--vpc-id <id>", "target VPC id").option("--hosted-sqlite-db <path>", "hosted SQLite path on the EFS mount").option("--rds-instance-id <id>", "deprecated; ignored until the hosted Postgres adapter exists").option("--database-secret-name <name>", "deprecated; ignored until the hosted Postgres adapter exists").option("--ecr-repository <name>", "ECR repository name").option("--image <uri>", "container image URI").option("--runtime-package-version <version>", "published @hasna/uptime version for the AWS image builder").addOption(new Option("--protected-access-mode <mode>", "protected web access mode").choices(["cloudfront_default_domain", "alb_https_cert"]).default("cloudfront_default_domain")).option("--evidence-bucket <name>", "S3 evidence bucket name").option("-j, --json", "print JSON").action((opts) => {
|
|
7012
7059
|
try {
|
|
7013
7060
|
const plan = buildAwsDeploymentPlan({
|
|
7014
7061
|
accountName: opts.account,
|
|
@@ -7023,6 +7070,7 @@ cloud.command("plan").description("Generate a dry-run AWS deployment plan").opti
|
|
|
7023
7070
|
ecrRepository: opts.ecrRepository,
|
|
7024
7071
|
image: opts.image,
|
|
7025
7072
|
runtimePackageVersion: opts.runtimePackageVersion,
|
|
7073
|
+
protectedAccessMode: opts.protectedAccessMode,
|
|
7026
7074
|
evidenceBucket: opts.evidenceBucket
|
|
7027
7075
|
});
|
|
7028
7076
|
print(plan, renderCloudPlan(plan), opts);
|
|
@@ -7030,9 +7078,9 @@ cloud.command("plan").description("Generate a dry-run AWS deployment plan").opti
|
|
|
7030
7078
|
fail(error);
|
|
7031
7079
|
}
|
|
7032
7080
|
});
|
|
7033
|
-
cloud.command("
|
|
7081
|
+
cloud.command("private-probe-config").description("Generate hosted-targeted private probe preflight configuration").option("--api-url <url>", "hosted Open Uptime API URL", "https://uptime.example.com/api/v1").option("--workspace-id <id>", "workspace id", "workspace-id").option("--probe-id <id>", "cloud registered private probe id").option("--private-key-file <path>", "private probe key file", "~/.hasna/uptime/probes/private-probe-01.key.pem").option("--machine-id <id>", "machine id", "private-probe-01").option("--log-level <level>", "probe log level", "info").option("--env", "print shell env file instead of summary text").option("-j, --json", "print JSON").action((opts) => {
|
|
7034
7082
|
try {
|
|
7035
|
-
const config =
|
|
7083
|
+
const config = buildPrivateProbeCloudConfig({
|
|
7036
7084
|
apiUrl: opts.apiUrl,
|
|
7037
7085
|
workspaceId: opts.workspaceId,
|
|
7038
7086
|
probeId: opts.probeId,
|
|
@@ -7041,10 +7089,10 @@ cloud.command("spark01-config").description("Generate Spark01 hosted-targeted pr
|
|
|
7041
7089
|
logLevel: opts.logLevel
|
|
7042
7090
|
});
|
|
7043
7091
|
if (opts.env && !wantsJson(opts)) {
|
|
7044
|
-
console.log(
|
|
7092
|
+
console.log(renderPrivateProbeEnv(config));
|
|
7045
7093
|
return;
|
|
7046
7094
|
}
|
|
7047
|
-
print(config,
|
|
7095
|
+
print(config, renderPrivateProbeConfig(config), opts);
|
|
7048
7096
|
} catch (error) {
|
|
7049
7097
|
fail(error);
|
|
7050
7098
|
}
|
|
@@ -7416,6 +7464,7 @@ function renderCloudPlan(plan) {
|
|
|
7416
7464
|
`vpc: ${plan.resources.vpcId}`,
|
|
7417
7465
|
`efs: ${plan.resources.efsFileSystem}`,
|
|
7418
7466
|
`hosted sqlite: ${plan.resources.hostedSqliteDbPath}`,
|
|
7467
|
+
`protected access: ${plan.resources.protectedAccessMode} ${plan.resources.protectedAccessUrl}`,
|
|
7419
7468
|
`services: ${plan.resources.services.map((service2) => `${service2.name}:${service2.desiredCount}/${service2.targetDesiredCount}`).join(", ")}`,
|
|
7420
7469
|
`evidence bucket: ${plan.resources.evidenceBucket}`,
|
|
7421
7470
|
`blockers: ${plan.blockers.length}`,
|
|
@@ -7423,7 +7472,7 @@ function renderCloudPlan(plan) {
|
|
|
7423
7472
|
].join(`
|
|
7424
7473
|
`);
|
|
7425
7474
|
}
|
|
7426
|
-
function
|
|
7475
|
+
function renderPrivateProbeConfig(config) {
|
|
7427
7476
|
return [
|
|
7428
7477
|
`${config.machineId} ${config.mode} config`,
|
|
7429
7478
|
`status: ${config.status}`,
|
package/dist/cloud-plan.d.ts
CHANGED
|
@@ -11,6 +11,7 @@ export interface AwsDeploymentPlanOptions {
|
|
|
11
11
|
evidenceBucket?: string;
|
|
12
12
|
hostedSqliteDbPath?: string;
|
|
13
13
|
runtimePackageVersion?: string;
|
|
14
|
+
protectedAccessMode?: "cloudfront_default_domain" | "alb_https_cert";
|
|
14
15
|
/** @deprecated Postgres is target-state only until the async adapter is implemented. */
|
|
15
16
|
rdsInstanceId?: string;
|
|
16
17
|
/** @deprecated Postgres is target-state only until the async adapter is implemented. */
|
|
@@ -23,7 +24,7 @@ export interface AwsDeploymentPlanOptions {
|
|
|
23
24
|
}
|
|
24
25
|
export interface AwsDeploymentPlan {
|
|
25
26
|
kind: "open-uptime.aws-deployment-plan";
|
|
26
|
-
version:
|
|
27
|
+
version: 3;
|
|
27
28
|
generatedAt: string;
|
|
28
29
|
status: "blocked";
|
|
29
30
|
canApply: false;
|
|
@@ -45,6 +46,9 @@ export interface AwsDeploymentPlan {
|
|
|
45
46
|
hostedSqliteDbPath: string;
|
|
46
47
|
evidenceBucket: string;
|
|
47
48
|
loadBalancer: string;
|
|
49
|
+
protectedAccessMode: "cloudfront_default_domain" | "alb_https_cert";
|
|
50
|
+
edgeDistribution?: string;
|
|
51
|
+
protectedAccessUrl: string;
|
|
48
52
|
targetGroups: string[];
|
|
49
53
|
securityGroups: string[];
|
|
50
54
|
secrets: Record<string, string>;
|
|
@@ -71,7 +75,7 @@ export interface AwsDeploymentPlan {
|
|
|
71
75
|
provision: string[];
|
|
72
76
|
deploy: string[];
|
|
73
77
|
rollback: string[];
|
|
74
|
-
|
|
78
|
+
privateProbe: string[];
|
|
75
79
|
};
|
|
76
80
|
blockers: string[];
|
|
77
81
|
requiredEvidence: string[];
|
|
@@ -94,7 +98,7 @@ export interface AwsServicePlan {
|
|
|
94
98
|
environment: Record<string, string>;
|
|
95
99
|
secrets: Record<string, string>;
|
|
96
100
|
}
|
|
97
|
-
export interface
|
|
101
|
+
export interface PrivateProbeCloudConfigOptions {
|
|
98
102
|
apiUrl?: string;
|
|
99
103
|
workspaceId?: string;
|
|
100
104
|
probeId?: string;
|
|
@@ -102,8 +106,8 @@ export interface Spark01CloudConfigOptions {
|
|
|
102
106
|
machineId?: string;
|
|
103
107
|
logLevel?: string;
|
|
104
108
|
}
|
|
105
|
-
export interface
|
|
106
|
-
kind: "open-uptime.
|
|
109
|
+
export interface PrivateProbeCloudConfig {
|
|
110
|
+
kind: "open-uptime.private-probe-cloud-config";
|
|
107
111
|
version: 1;
|
|
108
112
|
generatedAt: string;
|
|
109
113
|
status: "blocked";
|
|
@@ -125,6 +129,6 @@ export interface Spark01CloudConfig {
|
|
|
125
129
|
};
|
|
126
130
|
}
|
|
127
131
|
export declare function buildAwsDeploymentPlan(options?: AwsDeploymentPlanOptions): AwsDeploymentPlan;
|
|
128
|
-
export declare function
|
|
129
|
-
export declare function
|
|
132
|
+
export declare function buildPrivateProbeCloudConfig(options?: PrivateProbeCloudConfigOptions): PrivateProbeCloudConfig;
|
|
133
|
+
export declare function renderPrivateProbeEnv(config: PrivateProbeCloudConfig): string;
|
|
130
134
|
//# sourceMappingURL=cloud-plan.d.ts.map
|
package/dist/cloud-plan.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cloud-plan.d.ts","sourceRoot":"","sources":["../src/cloud-plan.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,wBAAwB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,wFAAwF;IACxF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wFAAwF;IACxF,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,CAAC,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,SAAS,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,QAAQ,CAAC;IACf,SAAS,EAAE;QACT,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,cAAc,EAAE,CAAC;QAC3B,KAAK,EAAE,MAAM,CAAC;QACd,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;IACF,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,KAAK,CAAC;KACrB,CAAC;IACF,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,
|
|
1
|
+
{"version":3,"file":"cloud-plan.d.ts","sourceRoot":"","sources":["../src/cloud-plan.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,wBAAwB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,mBAAmB,CAAC,EAAE,2BAA2B,GAAG,gBAAgB,CAAC;IACrE,wFAAwF;IACxF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wFAAwF;IACxF,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,CAAC,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,SAAS,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,QAAQ,CAAC;IACf,SAAS,EAAE;QACT,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,cAAc,EAAE,CAAC;QAC3B,KAAK,EAAE,MAAM,CAAC;QACd,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,mBAAmB,EAAE,2BAA2B,GAAG,gBAAgB,CAAC;QACpE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;IACF,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,KAAK,CAAC;KACrB,CAAC;IACF,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,MAAM,EAAE;QACN,eAAe,EAAE,KAAK,CAAC;QACvB,gBAAgB,EAAE,KAAK,CAAC;QACxB,wBAAwB,EAAE,KAAK,CAAC;QAChC,KAAK,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,KAAK,GAAG,WAAW,GAAG,cAAc,GAAG,UAAU,GAAG,WAAW,CAAC;IACtE,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,8BAA8B;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,CAAC,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,SAAS,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,eAAe,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9D,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE;QACN,gBAAgB,EAAE,KAAK,CAAC;QACxB,WAAW,EAAE,KAAK,CAAC;QACnB,KAAK,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;CACH;AAYD,wBAAgB,sBAAsB,CAAC,OAAO,GAAE,wBAA6B,GAAG,iBAAiB,CA2LhG;AAED,wBAAgB,4BAA4B,CAAC,OAAO,GAAE,8BAAmC,GAAG,uBAAuB,CA2DlH;AAED,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,uBAAuB,GAAG,MAAM,CAS7E"}
|