@highstate/library 0.9.15 → 0.9.18

package/src/mullvad.ts

@@ -1,4 +1,4 @@
-import { defineUnit, Type } from "@highstate/contract"
+import { defineUnit, z } from "@highstate/contract"
 import { networkEntity, peerEntity } from "./wireguard"
 import { l4EndpointEntity } from "./network"
 
@@ -6,14 +6,12 @@ export const peer = defineUnit({
   type: "mullvad.peer",
 
   args: {
-    hostname: Type.Optional(Type.String()),
+    hostname: z.string().optional(),
 
     /**
      * Whether to include Mullvad DNS servers in the peer configuration.
-     *
-     * @schema
      */
-    includeDns: Type.Default(Type.Boolean(), true),
+    includeDns: z.boolean().default(true),
   },
 
   inputs: {
@@ -21,8 +19,6 @@ export const peer = defineUnit({
      * The network to use for the WireGuard peer.
      *
      * If not provided, the peer will use default network configuration.
-     *
-     * @schema
      */
     network: {
       entity: networkEntity,
@@ -40,9 +36,9 @@ export const peer = defineUnit({
   },
 
   meta: {
-    displayName: "Mullvad Peer",
+    title: "Mullvad Peer",
     description: "The Mullvad WireGuard peer fetched from the Mullvad API.",
-    primaryIcon: "simple-icons:mullvad",
+    icon: "simple-icons:mullvad",
     secondaryIcon: "cib:wireguard",
     secondaryIconColor: "#88171a",
     category: "VPN",

package/src/network.ts

@@ -1,48 +1,48 @@
-import { defineEntity, defineUnit, Type, type Static } from "@highstate/contract"
+import { defineEntity, defineUnit, z } from "@highstate/contract"
 
-export const endpointVisibilitySchema = Type.StringEnum([
+export const endpointVisibilitySchema = z.enum([
   "public", // Reachable from the public internet
   "external", // Reachable from outside the system boundary, but not public
   "internal", // Reachable only from within the system or cluster
 ])
 
-export const endpointFilterSchema = Type.Array(endpointVisibilitySchema)
+export const endpointFilterSchema = endpointVisibilitySchema.array()
 
 export const l3EndpointEntity = defineEntity({
   type: "network.l3-endpoint",
 
-  schema: Type.Intersect([
-    Type.Object({
+  schema: z.intersection(
+    z.object({
       visibility: endpointVisibilitySchema,
-      metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown())),
+      metadata: z.record(z.string(), z.unknown()).optional(),
     }),
-    Type.Union([
-      Type.Object({
-        type: Type.Literal("hostname"),
+    z.union([
+      z.object({
+        type: z.literal("hostname"),
 
         /**
          * The hostname of the endpoint in the format of a domain name.
          */
-        hostname: Type.String(),
+        hostname: z.string(),
       }),
-      Type.Object({
-        type: Type.Literal("ipv4"),
+      z.object({
+        type: z.literal("ipv4"),
 
         /**
          * The IPv4 address of the endpoint.
          */
-        address: Type.String(),
+        address: z.string(),
       }),
-      Type.Object({
-        type: Type.Literal("ipv6"),
+      z.object({
+        type: z.literal("ipv6"),
 
         /**
          * The IPv6 address of the endpoint.
          */
-        address: Type.String(),
+        address: z.string(),
       }),
     ]),
-  ]),
+  ),
 
   meta: {
     color: "#4CAF50",
@@ -50,17 +50,17 @@ export const l3EndpointEntity = defineEntity({
   },
 })
 
-export const l4ProtocolSchema = Type.StringEnum(["tcp", "udp"])
+export const l4ProtocolSchema = z.enum(["tcp", "udp"])
 
-export const portInfoSchema = Type.Object({
-  port: Type.Number(),
+export const l4PortInfoSchema = z.object({
+  port: z.number(),
   protocol: l4ProtocolSchema,
 })
 
 export const l4EndpointEntity = defineEntity({
   type: "network.l4-endpoint",
 
-  schema: Type.Intersect([l3EndpointEntity.schema, portInfoSchema]),
+  schema: z.intersection(l3EndpointEntity.schema, l4PortInfoSchema),
 
   meta: {
     color: "#2196F3",
@@ -68,6 +68,33 @@ export const l4EndpointEntity = defineEntity({
   },
 })
 
+export const l7AppInfoSchema = z.object({
+  /**
+   * The name of the application protocol used by the endpoint.
+   */
+  appProtocol: z.string(),
+
+  /**
+   * The resource path of the application endpoint, including query parameters.
+   * Must not start with a slash (`/`).
+   *
+   * Example: `api/v1/resource?query=value`, `database?param=value`, `user/repo.git`.
+   */
+  resource: z.string().optional(),
+})
+
+export const l7EndpointEntity = defineEntity({
+  type: "network.l7-endpoint",
+
+  schema: z.intersection(l4EndpointEntity.schema, l7AppInfoSchema),
+
+  meta: {
+    color: "#FF9800",
+    description:
+      "The L7 endpoint for some service. Extends an L4 endpoint with application protocol information.",
+  },
+})
+
 export const l3Endpoint = defineUnit({
   type: "network.l3-endpoint",
 
@@ -77,12 +104,12 @@ export const l3Endpoint = defineUnit({
      *
      * May be a domain name or an IP address.
      */
-    endpoint: Type.String(),
+    endpoint: z.string(),
 
     /**
      * The visibility of the endpoint.
      */
-    visibility: Type.Default(endpointVisibilitySchema, "public"),
+    visibility: endpointVisibilitySchema.default("public"),
   },
 
   outputs: {
@@ -90,10 +117,10 @@ export const l3Endpoint = defineUnit({
   },
 
   meta: {
-    displayName: "L3 Endpoint",
+    title: "L3 Endpoint",
     description: "An L3 endpoint for some service. May be a domain name or an IP address.",
-    primaryIcon: "mdi:network-outline",
-    primaryIconColor: "#4CAF50",
+    icon: "mdi:network-outline",
+    iconColor: "#4CAF50",
     defaultNamePrefix: "endpoint",
     category: "Network",
   },
@@ -119,12 +146,12 @@ export const l4Endpoint = defineUnit({
      * - `tcp://endpoint:port`
      * - `udp://endpoint:port`
      */
-    endpoint: Type.String(),
+    endpoint: z.string(),
 
     /**
      * The visibility of the endpoint.
      */
-    visibility: Type.Default(endpointVisibilitySchema, "public"),
+    visibility: endpointVisibilitySchema.default("public"),
   },
 
   outputs: {
@@ -132,10 +159,10 @@ export const l4Endpoint = defineUnit({
   },
 
   meta: {
-    displayName: "L4 Endpoint",
+    title: "L4 Endpoint",
     description: "An L4 endpoint for some service. Extends an L3 endpoint with a port.",
-    primaryIcon: "mdi:network-outline",
-    primaryIconColor: "#2196F3",
+    icon: "mdi:network-outline",
+    iconColor: "#2196F3",
     defaultNamePrefix: "endpoint",
     category: "Network",
   },
@@ -153,26 +180,24 @@ export const l4Endpoint = defineUnit({
  * - `external`: Reachable from outside the system boundary (e.g., LAN, VPC), but not public.
  * - `internal`: Reachable only from within the application or infrastructure boundary (e.g., within a cluster).
  */
-export type EndpointVisibility = Static<typeof endpointVisibilitySchema>
+export type EndpointVisibility = z.infer<typeof endpointVisibilitySchema>
 
 /**
- * Filter values used to select relevant endpoints based on visibility.
+ * The list of endpoint visibility levels used to filter endpoints.
  *
- * - `public`: Only endpoints exposed to the public internet.
- * - `private`: Endpoints not publicly accessible (external + internal).
- * - `external`: Reachable from outside the system but not public (e.g., LAN, VPC).
- * - `internal`: Reachable only from within the system boundary (e.g., inside a cluster).
- * - `most`: Select the most widely accessible endpoints, preferring visibility in the following order: `public` > `external` > `internal`.
+ * If empty, it will filter the most widely accessible endpoints, prefering visibility in the following order:
  *   - If any public endpoints exist, all public endpoints are selected.
  *   - Otherwise, if any external endpoints exist, all external endpoints are selected.
  *   - If neither exist, all internal endpoints are selected.
  */
-export type EndpointFilter = Static<typeof endpointFilterSchema>
-
-export type L3Endpoint = Static<typeof l3EndpointEntity.schema>
-export type L4Endpoint = Static<typeof l4EndpointEntity.schema>
-export type L4Protocol = Static<typeof l4ProtocolSchema>
-export type L4PortInfo = Static<typeof portInfoSchema>
+export type EndpointFilter = z.infer<typeof endpointFilterSchema>
+
+export type L3Endpoint = z.infer<typeof l3EndpointEntity.schema>
+export type L4Endpoint = z.infer<typeof l4EndpointEntity.schema>
+export type L4Protocol = z.infer<typeof l4ProtocolSchema>
+export type L4PortInfo = z.infer<typeof l4PortInfoSchema>
+export type L7Endpoint = z.infer<typeof l7EndpointEntity.schema>
+export type L7AppInfo = z.infer<typeof l7AppInfoSchema>
 
 /**
  * The L3 or L4 endpoint for some service.

package/src/nixos.ts

@@ -1,25 +1,24 @@
-import { defineEntity, defineUnit, Type } from "@highstate/contract"
-import { fileEntity, serverEntity } from "./common"
-
-export const inlineModuleEntity = defineEntity({
-  type: "nixos.inline-module",
-
-  schema: Type.Object({
-    code: Type.String(),
-  }),
-
-  meta: {
-    displayName: "NixOS Inline Module",
-    description: "The NixOS module reference.",
-    color: "#5277c3",
-  },
-})
+import { defineUnit, z } from "@highstate/contract"
+import { fileEntity, folderEntity } from "./files"
+import { serverEntity } from "./common"
 
 export const inlineModule = defineUnit({
   type: "nixos.inline-module",
 
   args: {
-    code: Type.String({ language: "nix" }),
+    /**
+     * The name of the module file.
+     *
+     * If not provided, the name will be the name of the unit.
+     */
+    moduleName: z.string().optional(),
+
+    /**
+     * The code of the NixOS module.
+     *
+     * In this code you can reference other modules and files by their names.
+     */
+    code: z.string().meta({ language: "nix" }),
   },
 
   inputs: {
@@ -28,17 +27,22 @@ export const inlineModule = defineUnit({
       required: false,
       multiple: true,
     },
+    folders: {
+      entity: folderEntity,
+      required: false,
+      multiple: true,
+    },
   },
 
   outputs: {
-    module: inlineModuleEntity,
+    folder: folderEntity,
   },
 
   meta: {
-    displayName: "NixOS Inline Module",
+    title: "NixOS Inline Module",
     description: "Creates a NixOS module from inline code.",
-    primaryIcon: "simple-icons:nixos",
-    primaryIconColor: "#7ebae4",
+    icon: "simple-icons:nixos",
+    iconColor: "#7ebae4",
     secondaryIcon: "mdi:file-code",
     category: "NixOS",
   },
@@ -49,81 +53,47 @@ export const inlineModule = defineUnit({
   },
 })
 
-export const flakeEntity = defineEntity({
-  type: "nixos.flake",
-
-  schema: Type.Object({
-    url: Type.String(),
-  }),
-
-  meta: {
-    displayName: "NixOS Flake",
-    description: "The NixOS flake reference.",
-    color: "#5277c3",
-  },
-})
-
-export const remoteFlake = defineUnit({
-  type: "nixos.remote-flake",
-
-  args: {
-    url: Type.String(),
-  },
-
-  outputs: {
-    flake: flakeEntity,
-  },
-
-  meta: {
-    displayName: "NixOS Remote Flake",
-    description: "References a remote NixOS flake.",
-    primaryIcon: "simple-icons:nixos",
-    primaryIconColor: "#7ebae4",
-    secondaryIcon: "simple-icons:git",
-    secondaryIconColor: "#f1502f",
-    category: "NixOS",
-  },
-
-  source: {
-    package: "@highstate/nixos",
-    path: "flake",
-  },
-})
-
 export const inlineFlake = defineUnit({
   type: "nixos.inline-flake",
 
   args: {
-    code: Type.String({ language: "nix" }),
+    /**
+     * The name of the flake folder.
+     *
+     * If not provided, the name will be the name of the unit.
+     */
+    flakeName: z.string().optional(),
+
+    /**
+     * The code of the `flake.nix` file.
+     *
+     * In this code you can reference other flakes, modules, files, and folders by their names.
+     */
+    code: z.string().meta({ language: "nix" }),
   },
 
   inputs: {
-    flakes: {
-      entity: flakeEntity,
+    files: {
+      entity: fileEntity,
       required: false,
       multiple: true,
     },
-    modules: {
-      entity: inlineModuleEntity,
-      required: false,
-      multiple: true,
-    },
-    files: {
-      entity: fileEntity,
+    folders: {
+      entity: folderEntity,
       required: false,
       multiple: true,
     },
   },
 
   outputs: {
-    flake: flakeEntity,
+    folder: folderEntity,
   },
 
   meta: {
-    displayName: "NixOS Inline Flake",
+    title: "NixOS Inline Flake",
     description: "Creates a NixOS flake from inline code.",
-    primaryIcon: "simple-icons:nixos",
-    primaryIconColor: "#7ebae4",
+    icon: "simple-icons:nixos",
+    iconColor: "#7ebae4",
     secondaryIcon: "mdi:file-code",
     category: "NixOS",
   },
@@ -138,17 +108,12 @@ export const system = defineUnit({
   type: "nixos.system",
 
   args: {
-    system: Type.Optional(Type.String()),
+    system: z.string().optional(),
   },
 
   inputs: {
-    flake: flakeEntity,
     server: serverEntity,
-    modules: {
-      entity: inlineModuleEntity,
-      required: false,
-      multiple: true,
-    },
+    flake: folderEntity,
   },
 
   outputs: {
@@ -156,10 +121,10 @@ export const system = defineUnit({
   },
 
   meta: {
-    displayName: "NixOS System",
+    title: "NixOS System",
     description: "Creates a NixOS system on top of any server.",
-    primaryIcon: "simple-icons:nixos",
-    primaryIconColor: "#7ebae4",
+    icon: "simple-icons:nixos",
+    iconColor: "#7ebae4",
     secondaryIcon: "codicon:vm",
     category: "NixOS",
   },

package/src/obfuscators/phantun.ts

@@ -6,9 +6,9 @@ export const deobfuscator = defineUnit({
   ...deobfuscatorSpec,
 
   meta: {
-    displayName: "Phantun Deobfuscator",
+    title: "Phantun Deobfuscator",
     description: "The Phantun Deobfuscator deployed on Kubernetes.",
-    primaryIcon: "mdi:network-outline",
+    icon: "mdi:network-outline",
     secondaryIcon: "mdi:hide",
     category: "Obfuscators",
   },
@@ -24,9 +24,9 @@ export const obfuscator = defineUnit({
   ...obfuscatorSpec,
 
   meta: {
-    displayName: "Phantun Obfuscator",
+    title: "Phantun Obfuscator",
     description: "The Phantun Obfuscator deployed on Kubernetes.",
-    primaryIcon: "mdi:network-outline",
+    icon: "mdi:network-outline",
     secondaryIcon: "mdi:hide",
     category: "Obfuscators",
   },

package/src/obfuscators/shared.ts

@@ -1,40 +1,34 @@
-import { Type, type Static, type TObject } from "@highstate/contract"
+import { $args, $inputs, $outputs, z } from "@highstate/contract"
 import { clusterEntity } from "../k8s"
 import { l4EndpointEntity } from "../network"
 
 export const deobfuscatorSpec = {
-  args: {
+  args: $args({
     /**
      * The name of the namespace and deployment to deploy the deobfuscator on.
      *
      * By default, calculated as `deobfs-{type}-{name}`.
      */
-    appName: Type.Optional(Type.String()),
+    appName: z.string().optional(),
 
     /**
      * The L4 endpoint to forward deobfuscated traffic to.
      *
      * Will take precedence over the `targetEndpoint` input.
-     *
-     * @schema
      */
-    targetEndpoints: Type.Default(Type.Array(Type.String()), []),
+    targetEndpoints: z.string().array().default([]),
 
     /**
      * Whether to expose the deobfuscator service by "NodePort" or "LoadBalancer".
      *
      * By default, the service is not exposed and only accessible from within the cluster.
-     *
-     * @schema
      */
-    external: Type.Default(Type.Boolean(), false),
-  },
+    external: z.boolean().default(false),
+  }),
 
-  inputs: {
+  inputs: $inputs({
     /**
      * The Kubernetes cluster to deploy the deobfuscator on.
-     *
-     * @schema
      */
     k8sCluster: clusterEntity,
 
@@ -42,63 +36,53 @@ export const deobfuscatorSpec = {
      * The L4 endpoints to forward deobfuscated traffic to.
      *
      * Will select the most appropriate endpoint based on the environment.
-     *
-     * @schema
      */
     targetEndpoints: {
       entity: l4EndpointEntity,
       required: false,
       multiple: true,
     },
-  },
+  }),
 
-  outputs: {
+  outputs: $outputs({
     /**
      * The L4 endpoints of the deobfuscator accepting obfuscated traffic.
-     *
-     * @schema
      */
     endpoints: {
       entity: l4EndpointEntity,
       required: false,
       multiple: true,
     },
-  },
-} as const
+  }),
+}
 
 export const obfuscatorSpec = {
-  args: {
+  args: $args({
     /**
      * The name of the namespace and deployment to deploy the obfuscator on.
      *
      * By default, calculated as `obfs-{type}-{name}`.
      */
-    appName: Type.Optional(Type.String()),
+    appName: z.string().optional(),
 
     /**
      * The endpoint of the deobfuscator to pass obfuscated traffic to.
      *
      * Will take precedence over the `endpoint` input.
-     *
-     * @schema
      */
-    endpoints: Type.Default(Type.Array(Type.String()), []),
+    endpoints: z.string().array().default([]),
 
     /**
      * Whether to expose the obfuscator service by "NodePort" or "LoadBalancer".
      *
      * By default, the service is not exposed and only accessible from within the cluster.
-     *
-     * @schema
      */
-    external: Type.Default(Type.Boolean(), false),
-  },
+    external: z.boolean().default(false),
+  }),
 
-  inputs: {
+  inputs: $inputs({
     /**
      * The Kubernetes cluster to deploy the obfuscator on.
-     *
-     * @schema
      */
     k8sCluster: clusterEntity,
 
@@ -106,28 +90,24 @@ export const obfuscatorSpec = {
      * The L4 endpoints of the deobfuscator to pass obfuscated traffic to.
      *
      * Will select the most appropriate endpoint based on the environment.
-     *
-     * @schema
      */
     endpoints: {
       entity: l4EndpointEntity,
       required: false,
       multiple: true,
     },
-  },
+  }),
 
-  outputs: {
+  outputs: $outputs({
     /**
      * The L4 endpoints accepting unobfuscated traffic.
-     *
-     * @schema
      */
     entryEndpoints: {
       entity: l4EndpointEntity,
       multiple: true,
     },
-  },
-} as const
+  }),
+}
 
-export type DeobfuscatorArgs = Static<TObject<(typeof deobfuscatorSpec)["args"]>>
-export type ObfuscatorArgs = Static<TObject<(typeof obfuscatorSpec)["args"]>>
+export type DeobfuscatorArgs = z.infer<typeof deobfuscatorSpec.args>
+export type ObfuscatorArgs = z.infer<typeof obfuscatorSpec.args>