@kalphq/cli 0.0.0-dev-20260513012830 → 0.0.0-dev-20260513145227
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{add-CTF5QIGY.js → add-KTFK7GHV.js} +7 -5
- package/dist/{add-CTF5QIGY.js.map → add-KTFK7GHV.js.map} +1 -1
- package/dist/{agents-RICTNA5H.js → agents-QLWNNAXD.js} +9 -5
- package/dist/agents-QLWNNAXD.js.map +1 -0
- package/dist/chunk-5ATINSVP.js +210904 -0
- package/dist/chunk-5ATINSVP.js.map +1 -0
- package/dist/{chunk-TPG7QMXB.js → chunk-5J2WLD3O.js} +7 -5
- package/dist/{chunk-TPG7QMXB.js.map → chunk-5J2WLD3O.js.map} +1 -1
- package/dist/chunk-EXXTCGKR.js +77 -0
- package/dist/chunk-EXXTCGKR.js.map +1 -0
- package/dist/{chunk-FP3ZLBYT.js → chunk-IZXCZ3IA.js} +2 -2
- package/dist/{chunk-DHCCSWJN.js → chunk-XVD3FFOJ.js} +37 -104
- package/dist/chunk-XVD3FFOJ.js.map +1 -0
- package/dist/{chunk-EHNC6ITP.js → chunk-YE2SFYAJ.js} +10 -1
- package/dist/chunk-YE2SFYAJ.js.map +1 -0
- package/dist/chunk-ZWE3DS7E.js +39 -0
- package/dist/chunk-ZWE3DS7E.js.map +1 -0
- package/dist/{create-XC55BUCS.js → create-265DBQ72.js} +7 -1
- package/dist/create-265DBQ72.js.map +1 -0
- package/dist/{delete-BQFFYYWZ.js → delete-5RN5RRDK.js} +7 -5
- package/dist/{delete-BQFFYYWZ.js.map → delete-5RN5RRDK.js.map} +1 -1
- package/dist/{delete-K5Z552BS.js → delete-AF2GT6S4.js} +12 -16
- package/dist/delete-AF2GT6S4.js.map +1 -0
- package/dist/{deploy-2JMOUTWG.js → deploy-RWZFKSHR.js} +9 -3
- package/dist/deploy-RWZFKSHR.js.map +1 -0
- package/dist/{dev-X43HHIYV.js → dev-XI5WA3NA.js} +8 -2
- package/dist/dev-XI5WA3NA.js.map +1 -0
- package/dist/index.js +10 -9
- package/dist/index.js.map +1 -1
- package/dist/list-NM727WK3.js +161 -0
- package/dist/list-NM727WK3.js.map +1 -0
- package/dist/{list-JXR4IULK.js → list-SU5CSX3P.js} +30 -9
- package/dist/list-SU5CSX3P.js.map +1 -0
- package/dist/{login-MGPA2VYV.js → login-G3RY64KU.js} +2 -1
- package/dist/{login-MGPA2VYV.js.map → login-G3RY64KU.js.map} +1 -1
- package/dist/{logout-U5V5K775.js → logout-VVQ6OD4D.js} +2 -1
- package/dist/{logout-U5V5K775.js.map → logout-VVQ6OD4D.js.map} +1 -1
- package/dist/pull-2ODHRCHG.js +84 -0
- package/dist/pull-2ODHRCHG.js.map +1 -0
- package/dist/{push-WHPQXAY7.js → push-7DIL7IRB.js} +9 -3
- package/dist/push-7DIL7IRB.js.map +1 -0
- package/dist/{secrets-Z53FLH56.js → secrets-RNM6LSXT.js} +10 -5
- package/dist/secrets-RNM6LSXT.js.map +1 -0
- package/dist/{sync-RPXLLOTK.js → sync-6EXHV3IT.js} +20 -7
- package/dist/sync-6EXHV3IT.js.map +1 -0
- package/package.json +4 -4
- package/dist/agents-RICTNA5H.js.map +0 -1
- package/dist/chunk-DHCCSWJN.js.map +0 -1
- package/dist/chunk-EHNC6ITP.js.map +0 -1
- package/dist/chunk-MMS3GWBG.js +0 -50
- package/dist/chunk-MMS3GWBG.js.map +0 -1
- package/dist/create-XC55BUCS.js.map +0 -1
- package/dist/delete-K5Z552BS.js.map +0 -1
- package/dist/deploy-2JMOUTWG.js.map +0 -1
- package/dist/dev-X43HHIYV.js.map +0 -1
- package/dist/list-4HHUQLZ2.js +0 -142
- package/dist/list-4HHUQLZ2.js.map +0 -1
- package/dist/list-JXR4IULK.js.map +0 -1
- package/dist/push-WHPQXAY7.js.map +0 -1
- package/dist/secrets-Z53FLH56.js.map +0 -1
- package/dist/sync-RPXLLOTK.js.map +0 -1
- /package/dist/{chunk-FP3ZLBYT.js.map → chunk-IZXCZ3IA.js.map} +0 -0
|
@@ -8,15 +8,17 @@ import {
|
|
|
8
8
|
} from "./chunk-S3KAVLVM.js";
|
|
9
9
|
import {
|
|
10
10
|
getRequiredSecretForProvider,
|
|
11
|
-
loadProjectConfig,
|
|
12
11
|
materializeRuntime,
|
|
13
12
|
readDotEnv,
|
|
14
13
|
readProjectState,
|
|
15
|
-
resolveIdentityAuthRequirements,
|
|
16
14
|
resolveProviderFromConfig,
|
|
17
|
-
resolveRuntimeIdentityConfig,
|
|
18
15
|
writeProjectState
|
|
19
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-XVD3FFOJ.js";
|
|
17
|
+
import {
|
|
18
|
+
loadProjectConfig,
|
|
19
|
+
resolveIdentityAuthRequirements,
|
|
20
|
+
resolveRuntimeIdentityConfig
|
|
21
|
+
} from "./chunk-EXXTCGKR.js";
|
|
20
22
|
|
|
21
23
|
// src/utils/deploy.ts
|
|
22
24
|
import { readFile, writeFile } from "fs/promises";
|
|
@@ -196,4 +198,4 @@ export {
|
|
|
196
198
|
promptDeployTarget,
|
|
197
199
|
showKalpCloudWaitlist
|
|
198
200
|
};
|
|
199
|
-
//# sourceMappingURL=chunk-
|
|
201
|
+
//# sourceMappingURL=chunk-5J2WLD3O.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/utils/deploy.ts","../src/utils/deploy-target.ts"],"sourcesContent":["import { readFile, writeFile } from \"node:fs/promises\";\nimport { createHash } from \"node:crypto\";\nimport { requireAuth } from \"@/utils/auth\";\nimport { ensureStudioSecrets } from \"@/utils/secret\";\nimport { readProjectState, writeProjectState } from \"@/utils/project-state\";\nimport { materializeRuntime } from \"@/utils/runtime\";\nimport {\n getRequiredSecretForProvider,\n readDotEnv,\n resolveProviderFromConfig,\n} from \"@/utils/ai\";\nimport {\n loadProjectConfig,\n resolveIdentityAuthRequirements,\n resolveRuntimeIdentityConfig,\n} from \"@/utils/project-config\";\nimport { resolveProvider } from \"@/utils/providers\";\n\ninterface RuntimeWranglerConfig {\n name?: string;\n kv_namespaces?: Array<{ binding: string; id?: string }>;\n}\n\ninterface KvNamespaceInfo {\n id: string;\n title: string;\n}\n\nasync function readWranglerConfig(\n configPath: string,\n): Promise<RuntimeWranglerConfig> {\n const text = await readFile(configPath, \"utf-8\");\n return JSON.parse(text) as RuntimeWranglerConfig;\n}\n\nasync function writeWranglerConfig(\n configPath: string,\n config: RuntimeWranglerConfig,\n): Promise<void> {\n await writeFile(configPath, `${JSON.stringify(config, null, 2)}\\n`, \"utf-8\");\n}\n\nfunction deriveKvNamespaceTitle(workerName: string, binding: string): string {\n return `${workerName}-${binding.toLowerCase().replace(/_/g, \"-\")}`;\n}\n\nasync function listKvNamespaces(\n cwd: string,\n configPath: string,\n): Promise<KvNamespaceInfo[]> {\n const provider = resolveProvider();\n const namespaces = await provider.listNamespaces({ cwd, configPath });\n return namespaces.map((item) => ({\n id: item.id,\n title: item.title,\n }));\n}\n\nasync function ensureKvNamespaceBindingId(\n cwd: string,\n configPath: string,\n): Promise<string | null> {\n const config = await readWranglerConfig(configPath);\n const binding = config.kv_namespaces?.find(\n (item) => item.binding === \"KALP_MANIFESTS\",\n );\n\n if (!binding || !config.name) return null;\n if (binding.id) return binding.id;\n\n const expectedTitle = deriveKvNamespaceTitle(config.name, binding.binding);\n const namespaces = await listKvNamespaces(cwd, configPath);\n const existing = namespaces.find((item) => item.title === expectedTitle);\n if (!existing) return null;\n\n binding.id = existing.id;\n await writeWranglerConfig(configPath, config);\n return existing.id;\n}\n\nfunction isNamespaceAlreadyExistsError(output: string): boolean {\n return output.includes(\"[code: 10014]\") && output.includes(\"already exists\");\n}\n\nexport async function runInitialDeploy(cwd: string): Promise<{\n workerUrl: string;\n customDomains: string[];\n accountId: string;\n studioAdminUser: string;\n studioPassword: string;\n serviceKey: string;\n credentialsChanged: boolean;\n serviceKeyChanged: boolean;\n}> {\n const auth = await requireAuth();\n const loadedConfig = await loadProjectConfig(cwd);\n const identityConfig = resolveRuntimeIdentityConfig(loadedConfig.raw);\n const identitySecretRequirements = resolveIdentityAuthRequirements(identityConfig);\n const aiProvider = await resolveProviderFromConfig(cwd);\n const requiredProviderSecret = getRequiredSecretForProvider(aiProvider);\n const secrets = await ensureStudioSecrets(cwd);\n const envMap = await readDotEnv(cwd);\n const providerSecretValue = envMap[requiredProviderSecret]?.trim();\n if (!providerSecretValue) {\n throw new Error(\n `Missing required secret ${requiredProviderSecret} for provider \"${aiProvider}\". Add it to .env before deploy.`,\n );\n }\n\n const resolvedIdentitySecrets = identitySecretRequirements.map((requirement) => {\n const value = envMap[requirement.envKey]?.trim();\n if (!value) {\n throw new Error(\n `Missing required secret ${requirement.envKey} for ${requirement.reason}. Add it to .env before deploy.`,\n );\n }\n return { name: requirement.envKey, value };\n });\n\n const runtimeProvider = resolveProvider();\n const runtime = await materializeRuntime(cwd);\n let secretSyncFailed = false;\n const secretEntries = [\n [\"KALP_SECRET_KEY\", secrets.key],\n [\"KALP_STUDIO_PASSWORD\", secrets.studioPassword],\n [\"KALP_STUDIO_ADMIN_USER\", secrets.studioAdminUser],\n [\"KALP_SERVICE_KEY\", secrets.serviceKey],\n [requiredProviderSecret, providerSecretValue],\n ...resolvedIdentitySecrets.map((item) => [item.name, item.value] as const),\n ];\n const dedupedSecrets = new Map<string, string>();\n for (const [name, value] of secretEntries) {\n dedupedSecrets.set(name, value);\n }\n\n for (const [name, value] of dedupedSecrets.entries()) {\n try {\n await runtimeProvider.putSecret({\n cwd,\n configPath: runtime.wranglerConfigPath,\n name,\n value,\n });\n } catch {\n secretSyncFailed = true;\n break;\n }\n }\n\n await ensureKvNamespaceBindingId(cwd, runtime.wranglerConfigPath).catch(\n () => null,\n );\n\n let deploy = await runtimeProvider\n .deployRuntime({\n cwd,\n configPath: runtime.wranglerConfigPath,\n useSecretsFile: secretSyncFailed,\n })\n .catch((error) => error);\n if (deploy instanceof Error) {\n const combined = deploy.message;\n if (isNamespaceAlreadyExistsError(combined)) {\n await ensureKvNamespaceBindingId(cwd, runtime.wranglerConfigPath);\n deploy = await runtimeProvider.deployRuntime({\n cwd,\n configPath: runtime.wranglerConfigPath,\n useSecretsFile: secretSyncFailed,\n });\n } else {\n throw deploy;\n }\n }\n\n const workerUrl = deploy.workerUrl;\n const customDomains = deploy.customDomains ?? [];\n\n const existingState = await readProjectState(cwd);\n\n const credentialsFingerprint = createHash(\"sha256\")\n .update(`${secrets.studioAdminUser}:${secrets.studioPassword}`)\n .digest(\"hex\");\n const credentialsChanged =\n existingState?.studioCredentialsFingerprint !== credentialsFingerprint;\n const serviceKeyFingerprint = createHash(\"sha256\")\n .update(secrets.serviceKey)\n .digest(\"hex\");\n const serviceKeyChanged =\n existingState?.serviceKeyFingerprint !== serviceKeyFingerprint;\n\n await writeProjectState(cwd, {\n workerUrl,\n deployedAt: new Date().toISOString(),\n accountId: auth.accountId,\n studioCredentialsFingerprint: credentialsFingerprint,\n serviceKeyFingerprint,\n agents: existingState?.agents ?? {},\n });\n\n return {\n workerUrl,\n customDomains,\n accountId: auth.accountId,\n studioAdminUser: secrets.studioAdminUser,\n studioPassword: secrets.studioPassword,\n serviceKey: secrets.serviceKey,\n credentialsChanged,\n serviceKeyChanged,\n };\n}\n","import * as p from \"@clack/prompts\";\nimport pc from \"picocolors\";\n\nexport type DeployTarget = \"cloudflare\" | \"kalp-cloud\";\n\nexport async function promptDeployTarget(message: string): Promise<DeployTarget | null> {\n const selected = await p.select({\n message,\n options: [\n {\n value: \"cloudflare\",\n label: \"Cloudflare\",\n hint: \"Available now\",\n },\n {\n value: \"kalp-cloud\",\n label: \"Kalp Cloud\",\n hint: \"Coming soon\",\n },\n ],\n });\n\n if (p.isCancel(selected)) return null;\n return selected as DeployTarget;\n}\n\nexport function showKalpCloudWaitlist(): void {\n p.note(\n [\n `${pc.bold(\"Kalp Cloud is coming soon 🚀\")}`,\n pc.dim(\"Join the waitlist for early access:\"),\n pc.cyan(\"https://usekalp.com/waitlist\"),\n ].join(\"\\n\"),\n \"Kalp Cloud\",\n );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,UAAU,iBAAiB;AACpC,SAAS,kBAAkB;AA2B3B,eAAe,mBACb,YACgC;AAChC,QAAM,OAAO,MAAM,SAAS,YAAY,OAAO;AAC/C,SAAO,KAAK,MAAM,IAAI;AACxB;AAEA,eAAe,oBACb,YACA,QACe;AACf,QAAM,UAAU,YAAY,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,GAAM,OAAO;AAC7E;AAEA,SAAS,uBAAuB,YAAoB,SAAyB;AAC3E,SAAO,GAAG,UAAU,IAAI,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG,CAAC;AAClE;AAEA,eAAe,iBACb,KACA,YAC4B;AAC5B,QAAM,WAAW,gBAAgB;AACjC,QAAM,aAAa,MAAM,SAAS,eAAe,EAAE,KAAK,WAAW,CAAC;AACpE,SAAO,WAAW,IAAI,CAAC,UAAU;AAAA,IAC/B,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,EACd,EAAE;AACJ;AAEA,eAAe,2BACb,KACA,YACwB;AACxB,QAAM,SAAS,MAAM,mBAAmB,UAAU;AAClD,QAAM,UAAU,OAAO,eAAe;AAAA,IACpC,CAAC,SAAS,KAAK,YAAY;AAAA,EAC7B;AAEA,MAAI,CAAC,WAAW,CAAC,OAAO,KAAM,QAAO;AACrC,MAAI,QAAQ,GAAI,QAAO,QAAQ;AAE/B,QAAM,gBAAgB,uBAAuB,OAAO,MAAM,QAAQ,OAAO;AACzE,QAAM,aAAa,MAAM,iBAAiB,KAAK,UAAU;AACzD,QAAM,WAAW,WAAW,KAAK,CAAC,SAAS,KAAK,UAAU,aAAa;AACvE,MAAI,CAAC,SAAU,QAAO;AAEtB,UAAQ,KAAK,SAAS;AACtB,QAAM,oBAAoB,YAAY,MAAM;AAC5C,SAAO,SAAS;AAClB;AAEA,SAAS,8BAA8B,QAAyB;AAC9D,SAAO,OAAO,SAAS,eAAe,KAAK,OAAO,SAAS,gBAAgB;AAC7E;AAEA,eAAsB,iBAAiB,KASpC;AACD,QAAM,OAAO,MAAM,YAAY;AAC/B,QAAM,eAAe,MAAM,kBAAkB,GAAG;AAChD,QAAM,iBAAiB,6BAA6B,aAAa,GAAG;AACpE,QAAM,6BAA6B,gCAAgC,cAAc;AACjF,QAAM,aAAa,MAAM,0BAA0B,GAAG;AACtD,QAAM,yBAAyB,6BAA6B,UAAU;AACtE,QAAM,UAAU,MAAM,oBAAoB,GAAG;AAC7C,QAAM,SAAS,MAAM,WAAW,GAAG;AACnC,QAAM,sBAAsB,OAAO,sBAAsB,GAAG,KAAK;AACjE,MAAI,CAAC,qBAAqB;AACxB,UAAM,IAAI;AAAA,MACR,2BAA2B,sBAAsB,kBAAkB,UAAU;AAAA,IAC/E;AAAA,EACF;AAEA,QAAM,0BAA0B,2BAA2B,IAAI,CAAC,gBAAgB;AAC9E,UAAM,QAAQ,OAAO,YAAY,MAAM,GAAG,KAAK;AAC/C,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR,2BAA2B,YAAY,MAAM,QAAQ,YAAY,MAAM;AAAA,MACzE;AAAA,IACF;AACA,WAAO,EAAE,MAAM,YAAY,QAAQ,MAAM;AAAA,EAC3C,CAAC;AAED,QAAM,kBAAkB,gBAAgB;AACxC,QAAM,UAAU,MAAM,mBAAmB,GAAG;AAC5C,MAAI,mBAAmB;AACvB,QAAM,gBAAgB;AAAA,IACpB,CAAC,mBAAmB,QAAQ,GAAG;AAAA,IAC/B,CAAC,wBAAwB,QAAQ,cAAc;AAAA,IAC/C,CAAC,0BAA0B,QAAQ,eAAe;AAAA,IAClD,CAAC,oBAAoB,QAAQ,UAAU;AAAA,IACvC,CAAC,wBAAwB,mBAAmB;AAAA,IAC5C,GAAG,wBAAwB,IAAI,CAAC,SAAS,CAAC,KAAK,MAAM,KAAK,KAAK,CAAU;AAAA,EAC3E;AACA,QAAM,iBAAiB,oBAAI,IAAoB;AAC/C,aAAW,CAAC,MAAM,KAAK,KAAK,eAAe;AACzC,mBAAe,IAAI,MAAM,KAAK;AAAA,EAChC;AAEA,aAAW,CAAC,MAAM,KAAK,KAAK,eAAe,QAAQ,GAAG;AACpD,QAAI;AACF,YAAM,gBAAgB,UAAU;AAAA,QAC9B;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,QAAQ;AACN,yBAAmB;AACnB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,2BAA2B,KAAK,QAAQ,kBAAkB,EAAE;AAAA,IAChE,MAAM;AAAA,EACR;AAEA,MAAI,SAAS,MAAM,gBAChB,cAAc;AAAA,IACb;AAAA,IACA,YAAY,QAAQ;AAAA,IACpB,gBAAgB;AAAA,EAClB,CAAC,EACA,MAAM,CAAC,UAAU,KAAK;AACzB,MAAI,kBAAkB,OAAO;AAC3B,UAAM,WAAW,OAAO;AACxB,QAAI,8BAA8B,QAAQ,GAAG;AAC3C,YAAM,2BAA2B,KAAK,QAAQ,kBAAkB;AAChE,eAAS,MAAM,gBAAgB,cAAc;AAAA,QAC3C;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB,gBAAgB;AAAA,MAClB,CAAC;AAAA,IACH,OAAO;AACL,YAAM;AAAA,IACR;AAAA,EACF;AAEA,QAAM,YAAY,OAAO;AACzB,QAAM,gBAAgB,OAAO,iBAAiB,CAAC;AAE/C,QAAM,gBAAgB,MAAM,iBAAiB,GAAG;AAEhD,QAAM,yBAAyB,WAAW,QAAQ,EAC/C,OAAO,GAAG,QAAQ,eAAe,IAAI,QAAQ,cAAc,EAAE,EAC7D,OAAO,KAAK;AACf,QAAM,qBACJ,eAAe,iCAAiC;AAClD,QAAM,wBAAwB,WAAW,QAAQ,EAC9C,OAAO,QAAQ,UAAU,EACzB,OAAO,KAAK;AACf,QAAM,oBACJ,eAAe,0BAA0B;AAE3C,QAAM,kBAAkB,KAAK;AAAA,IAC3B;AAAA,IACA,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,IACnC,WAAW,KAAK;AAAA,IAChB,8BAA8B;AAAA,IAC9B;AAAA,IACA,QAAQ,eAAe,UAAU,CAAC;AAAA,EACpC,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,WAAW,KAAK;AAAA,IAChB,iBAAiB,QAAQ;AAAA,IACzB,gBAAgB,QAAQ;AAAA,IACxB,YAAY,QAAQ;AAAA,IACpB;AAAA,IACA;AAAA,EACF;AACF;;;ACjNA,YAAY,OAAO;AACnB,OAAO,QAAQ;AAIf,eAAsB,mBAAmB,SAA+C;AACtF,QAAM,WAAW,MAAQ,SAAO;AAAA,IAC9B;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF,CAAC;AAED,MAAM,WAAS,QAAQ,EAAG,QAAO;AACjC,SAAO;AACT;AAEO,SAAS,wBAA8B;AAC5C,EAAE;AAAA,IACA;AAAA,MACE,GAAG,GAAG,KAAK,qCAA8B,CAAC;AAAA,MAC1C,GAAG,IAAI,qCAAqC;AAAA,MAC5C,GAAG,KAAK,8BAA8B;AAAA,IACxC,EAAE,KAAK,IAAI;AAAA,IACX;AAAA,EACF;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../src/utils/deploy.ts","../src/utils/deploy-target.ts"],"sourcesContent":["import { readFile, writeFile } from \"node:fs/promises\";\nimport { createHash } from \"node:crypto\";\nimport { requireAuth } from \"@/utils/auth\";\nimport { ensureStudioSecrets } from \"@/utils/secret\";\nimport { readProjectState, writeProjectState } from \"@/utils/project-state\";\nimport { materializeRuntime } from \"@/utils/runtime\";\nimport {\n getRequiredSecretForProvider,\n readDotEnv,\n resolveProviderFromConfig,\n} from \"@/utils/ai\";\nimport {\n loadProjectConfig,\n resolveIdentityAuthRequirements,\n resolveRuntimeIdentityConfig,\n} from \"@/utils/project-config\";\nimport { resolveProvider } from \"@/utils/providers\";\n\ninterface RuntimeWranglerConfig {\n name?: string;\n kv_namespaces?: Array<{ binding: string; id?: string }>;\n}\n\ninterface KvNamespaceInfo {\n id: string;\n title: string;\n}\n\nasync function readWranglerConfig(\n configPath: string,\n): Promise<RuntimeWranglerConfig> {\n const text = await readFile(configPath, \"utf-8\");\n return JSON.parse(text) as RuntimeWranglerConfig;\n}\n\nasync function writeWranglerConfig(\n configPath: string,\n config: RuntimeWranglerConfig,\n): Promise<void> {\n await writeFile(configPath, `${JSON.stringify(config, null, 2)}\\n`, \"utf-8\");\n}\n\nfunction deriveKvNamespaceTitle(workerName: string, binding: string): string {\n return `${workerName}-${binding.toLowerCase().replace(/_/g, \"-\")}`;\n}\n\nasync function listKvNamespaces(\n cwd: string,\n configPath: string,\n): Promise<KvNamespaceInfo[]> {\n const provider = resolveProvider();\n const namespaces = await provider.listNamespaces({ cwd, configPath });\n return namespaces.map((item) => ({\n id: item.id,\n title: item.title,\n }));\n}\n\nasync function ensureKvNamespaceBindingId(\n cwd: string,\n configPath: string,\n): Promise<string | null> {\n const config = await readWranglerConfig(configPath);\n const binding = config.kv_namespaces?.find(\n (item) => item.binding === \"KALP_MANIFESTS\",\n );\n\n if (!binding || !config.name) return null;\n if (binding.id) return binding.id;\n\n const expectedTitle = deriveKvNamespaceTitle(config.name, binding.binding);\n const namespaces = await listKvNamespaces(cwd, configPath);\n const existing = namespaces.find((item) => item.title === expectedTitle);\n if (!existing) return null;\n\n binding.id = existing.id;\n await writeWranglerConfig(configPath, config);\n return existing.id;\n}\n\nfunction isNamespaceAlreadyExistsError(output: string): boolean {\n return output.includes(\"[code: 10014]\") && output.includes(\"already exists\");\n}\n\nexport async function runInitialDeploy(cwd: string): Promise<{\n workerUrl: string;\n customDomains: string[];\n accountId: string;\n studioAdminUser: string;\n studioPassword: string;\n serviceKey: string;\n credentialsChanged: boolean;\n serviceKeyChanged: boolean;\n}> {\n const auth = await requireAuth();\n const loadedConfig = await loadProjectConfig(cwd);\n const identityConfig = resolveRuntimeIdentityConfig(loadedConfig.raw);\n const identitySecretRequirements = resolveIdentityAuthRequirements(identityConfig);\n const aiProvider = await resolveProviderFromConfig(cwd);\n const requiredProviderSecret = getRequiredSecretForProvider(aiProvider);\n const secrets = await ensureStudioSecrets(cwd);\n const envMap = await readDotEnv(cwd);\n const providerSecretValue = envMap[requiredProviderSecret]?.trim();\n if (!providerSecretValue) {\n throw new Error(\n `Missing required secret ${requiredProviderSecret} for provider \"${aiProvider}\". Add it to .env before deploy.`,\n );\n }\n\n const resolvedIdentitySecrets = identitySecretRequirements.map((requirement) => {\n const value = envMap[requirement.envKey]?.trim();\n if (!value) {\n throw new Error(\n `Missing required secret ${requirement.envKey} for ${requirement.reason}. Add it to .env before deploy.`,\n );\n }\n return { name: requirement.envKey, value };\n });\n\n const runtimeProvider = resolveProvider();\n const runtime = await materializeRuntime(cwd);\n let secretSyncFailed = false;\n const secretEntries = [\n [\"KALP_SECRET_KEY\", secrets.key],\n [\"KALP_STUDIO_PASSWORD\", secrets.studioPassword],\n [\"KALP_STUDIO_ADMIN_USER\", secrets.studioAdminUser],\n [\"KALP_SERVICE_KEY\", secrets.serviceKey],\n [requiredProviderSecret, providerSecretValue],\n ...resolvedIdentitySecrets.map((item) => [item.name, item.value] as const),\n ];\n const dedupedSecrets = new Map<string, string>();\n for (const [name, value] of secretEntries) {\n dedupedSecrets.set(name, value);\n }\n\n for (const [name, value] of dedupedSecrets.entries()) {\n try {\n await runtimeProvider.putSecret({\n cwd,\n configPath: runtime.wranglerConfigPath,\n name,\n value,\n });\n } catch {\n secretSyncFailed = true;\n break;\n }\n }\n\n await ensureKvNamespaceBindingId(cwd, runtime.wranglerConfigPath).catch(\n () => null,\n );\n\n let deploy = await runtimeProvider\n .deployRuntime({\n cwd,\n configPath: runtime.wranglerConfigPath,\n useSecretsFile: secretSyncFailed,\n })\n .catch((error) => error);\n if (deploy instanceof Error) {\n const combined = deploy.message;\n if (isNamespaceAlreadyExistsError(combined)) {\n await ensureKvNamespaceBindingId(cwd, runtime.wranglerConfigPath);\n deploy = await runtimeProvider.deployRuntime({\n cwd,\n configPath: runtime.wranglerConfigPath,\n useSecretsFile: secretSyncFailed,\n });\n } else {\n throw deploy;\n }\n }\n\n const workerUrl = deploy.workerUrl;\n const customDomains = deploy.customDomains ?? [];\n\n const existingState = await readProjectState(cwd);\n\n const credentialsFingerprint = createHash(\"sha256\")\n .update(`${secrets.studioAdminUser}:${secrets.studioPassword}`)\n .digest(\"hex\");\n const credentialsChanged =\n existingState?.studioCredentialsFingerprint !== credentialsFingerprint;\n const serviceKeyFingerprint = createHash(\"sha256\")\n .update(secrets.serviceKey)\n .digest(\"hex\");\n const serviceKeyChanged =\n existingState?.serviceKeyFingerprint !== serviceKeyFingerprint;\n\n await writeProjectState(cwd, {\n workerUrl,\n deployedAt: new Date().toISOString(),\n accountId: auth.accountId,\n studioCredentialsFingerprint: credentialsFingerprint,\n serviceKeyFingerprint,\n agents: existingState?.agents ?? {},\n });\n\n return {\n workerUrl,\n customDomains,\n accountId: auth.accountId,\n studioAdminUser: secrets.studioAdminUser,\n studioPassword: secrets.studioPassword,\n serviceKey: secrets.serviceKey,\n credentialsChanged,\n serviceKeyChanged,\n };\n}\n","import * as p from \"@clack/prompts\";\nimport pc from \"picocolors\";\n\nexport type DeployTarget = \"cloudflare\" | \"kalp-cloud\";\n\nexport async function promptDeployTarget(message: string): Promise<DeployTarget | null> {\n const selected = await p.select({\n message,\n options: [\n {\n value: \"cloudflare\",\n label: \"Cloudflare\",\n hint: \"Available now\",\n },\n {\n value: \"kalp-cloud\",\n label: \"Kalp Cloud\",\n hint: \"Coming soon\",\n },\n ],\n });\n\n if (p.isCancel(selected)) return null;\n return selected as DeployTarget;\n}\n\nexport function showKalpCloudWaitlist(): void {\n p.note(\n [\n `${pc.bold(\"Kalp Cloud is coming soon 🚀\")}`,\n pc.dim(\"Join the waitlist for early access:\"),\n pc.cyan(\"https://usekalp.com/waitlist\"),\n ].join(\"\\n\"),\n \"Kalp Cloud\",\n );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,UAAU,iBAAiB;AACpC,SAAS,kBAAkB;AA2B3B,eAAe,mBACb,YACgC;AAChC,QAAM,OAAO,MAAM,SAAS,YAAY,OAAO;AAC/C,SAAO,KAAK,MAAM,IAAI;AACxB;AAEA,eAAe,oBACb,YACA,QACe;AACf,QAAM,UAAU,YAAY,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAAA,GAAM,OAAO;AAC7E;AAEA,SAAS,uBAAuB,YAAoB,SAAyB;AAC3E,SAAO,GAAG,UAAU,IAAI,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG,CAAC;AAClE;AAEA,eAAe,iBACb,KACA,YAC4B;AAC5B,QAAM,WAAW,gBAAgB;AACjC,QAAM,aAAa,MAAM,SAAS,eAAe,EAAE,KAAK,WAAW,CAAC;AACpE,SAAO,WAAW,IAAI,CAAC,UAAU;AAAA,IAC/B,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,EACd,EAAE;AACJ;AAEA,eAAe,2BACb,KACA,YACwB;AACxB,QAAM,SAAS,MAAM,mBAAmB,UAAU;AAClD,QAAM,UAAU,OAAO,eAAe;AAAA,IACpC,CAAC,SAAS,KAAK,YAAY;AAAA,EAC7B;AAEA,MAAI,CAAC,WAAW,CAAC,OAAO,KAAM,QAAO;AACrC,MAAI,QAAQ,GAAI,QAAO,QAAQ;AAE/B,QAAM,gBAAgB,uBAAuB,OAAO,MAAM,QAAQ,OAAO;AACzE,QAAM,aAAa,MAAM,iBAAiB,KAAK,UAAU;AACzD,QAAM,WAAW,WAAW,KAAK,CAAC,SAAS,KAAK,UAAU,aAAa;AACvE,MAAI,CAAC,SAAU,QAAO;AAEtB,UAAQ,KAAK,SAAS;AACtB,QAAM,oBAAoB,YAAY,MAAM;AAC5C,SAAO,SAAS;AAClB;AAEA,SAAS,8BAA8B,QAAyB;AAC9D,SAAO,OAAO,SAAS,eAAe,KAAK,OAAO,SAAS,gBAAgB;AAC7E;AAEA,eAAsB,iBAAiB,KASpC;AACD,QAAM,OAAO,MAAM,YAAY;AAC/B,QAAM,eAAe,MAAM,kBAAkB,GAAG;AAChD,QAAM,iBAAiB,6BAA6B,aAAa,GAAG;AACpE,QAAM,6BAA6B,gCAAgC,cAAc;AACjF,QAAM,aAAa,MAAM,0BAA0B,GAAG;AACtD,QAAM,yBAAyB,6BAA6B,UAAU;AACtE,QAAM,UAAU,MAAM,oBAAoB,GAAG;AAC7C,QAAM,SAAS,MAAM,WAAW,GAAG;AACnC,QAAM,sBAAsB,OAAO,sBAAsB,GAAG,KAAK;AACjE,MAAI,CAAC,qBAAqB;AACxB,UAAM,IAAI;AAAA,MACR,2BAA2B,sBAAsB,kBAAkB,UAAU;AAAA,IAC/E;AAAA,EACF;AAEA,QAAM,0BAA0B,2BAA2B,IAAI,CAAC,gBAAgB;AAC9E,UAAM,QAAQ,OAAO,YAAY,MAAM,GAAG,KAAK;AAC/C,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR,2BAA2B,YAAY,MAAM,QAAQ,YAAY,MAAM;AAAA,MACzE;AAAA,IACF;AACA,WAAO,EAAE,MAAM,YAAY,QAAQ,MAAM;AAAA,EAC3C,CAAC;AAED,QAAM,kBAAkB,gBAAgB;AACxC,QAAM,UAAU,MAAM,mBAAmB,GAAG;AAC5C,MAAI,mBAAmB;AACvB,QAAM,gBAAgB;AAAA,IACpB,CAAC,mBAAmB,QAAQ,GAAG;AAAA,IAC/B,CAAC,wBAAwB,QAAQ,cAAc;AAAA,IAC/C,CAAC,0BAA0B,QAAQ,eAAe;AAAA,IAClD,CAAC,oBAAoB,QAAQ,UAAU;AAAA,IACvC,CAAC,wBAAwB,mBAAmB;AAAA,IAC5C,GAAG,wBAAwB,IAAI,CAAC,SAAS,CAAC,KAAK,MAAM,KAAK,KAAK,CAAU;AAAA,EAC3E;AACA,QAAM,iBAAiB,oBAAI,IAAoB;AAC/C,aAAW,CAAC,MAAM,KAAK,KAAK,eAAe;AACzC,mBAAe,IAAI,MAAM,KAAK;AAAA,EAChC;AAEA,aAAW,CAAC,MAAM,KAAK,KAAK,eAAe,QAAQ,GAAG;AACpD,QAAI;AACF,YAAM,gBAAgB,UAAU;AAAA,QAC9B;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,QAAQ;AACN,yBAAmB;AACnB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,2BAA2B,KAAK,QAAQ,kBAAkB,EAAE;AAAA,IAChE,MAAM;AAAA,EACR;AAEA,MAAI,SAAS,MAAM,gBAChB,cAAc;AAAA,IACb;AAAA,IACA,YAAY,QAAQ;AAAA,IACpB,gBAAgB;AAAA,EAClB,CAAC,EACA,MAAM,CAAC,UAAU,KAAK;AACzB,MAAI,kBAAkB,OAAO;AAC3B,UAAM,WAAW,OAAO;AACxB,QAAI,8BAA8B,QAAQ,GAAG;AAC3C,YAAM,2BAA2B,KAAK,QAAQ,kBAAkB;AAChE,eAAS,MAAM,gBAAgB,cAAc;AAAA,QAC3C;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB,gBAAgB;AAAA,MAClB,CAAC;AAAA,IACH,OAAO;AACL,YAAM;AAAA,IACR;AAAA,EACF;AAEA,QAAM,YAAY,OAAO;AACzB,QAAM,gBAAgB,OAAO,iBAAiB,CAAC;AAE/C,QAAM,gBAAgB,MAAM,iBAAiB,GAAG;AAEhD,QAAM,yBAAyB,WAAW,QAAQ,EAC/C,OAAO,GAAG,QAAQ,eAAe,IAAI,QAAQ,cAAc,EAAE,EAC7D,OAAO,KAAK;AACf,QAAM,qBACJ,eAAe,iCAAiC;AAClD,QAAM,wBAAwB,WAAW,QAAQ,EAC9C,OAAO,QAAQ,UAAU,EACzB,OAAO,KAAK;AACf,QAAM,oBACJ,eAAe,0BAA0B;AAE3C,QAAM,kBAAkB,KAAK;AAAA,IAC3B;AAAA,IACA,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,IACnC,WAAW,KAAK;AAAA,IAChB,8BAA8B;AAAA,IAC9B;AAAA,IACA,QAAQ,eAAe,UAAU,CAAC;AAAA,EACpC,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,WAAW,KAAK;AAAA,IAChB,iBAAiB,QAAQ;AAAA,IACzB,gBAAgB,QAAQ;AAAA,IACxB,YAAY,QAAQ;AAAA,IACpB;AAAA,IACA;AAAA,EACF;AACF;;;ACjNA,YAAY,OAAO;AACnB,OAAO,QAAQ;AAIf,eAAsB,mBAAmB,SAA+C;AACtF,QAAM,WAAW,MAAQ,SAAO;AAAA,IAC9B;AAAA,IACA,SAAS;AAAA,MACP;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF,CAAC;AAED,MAAM,WAAS,QAAQ,EAAG,QAAO;AACjC,SAAO;AACT;AAEO,SAAS,wBAA8B;AAC5C,EAAE;AAAA,IACA;AAAA,MACE,GAAG,GAAG,KAAK,qCAA8B,CAAC;AAAA,MAC1C,GAAG,IAAI,qCAAqC;AAAA,MAC5C,GAAG,KAAK,8BAA8B;AAAA,IACxC,EAAE,KAAK,IAAI;AAAA,IACX;AAAA,EACF;AACF;","names":[]}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
|
|
3
|
+
// src/utils/project-config.ts
|
|
4
|
+
import { createJiti } from "jiti";
|
|
5
|
+
import { access } from "fs/promises";
|
|
6
|
+
import { constants } from "fs";
|
|
7
|
+
import { join, resolve } from "path";
|
|
8
|
+
function normalizeStrategy(strategy) {
|
|
9
|
+
if (!strategy) return null;
|
|
10
|
+
if (strategy.type === "jwks") {
|
|
11
|
+
return {
|
|
12
|
+
type: "jwks",
|
|
13
|
+
jwksUrl: strategy.jwksUrl,
|
|
14
|
+
issuer: strategy.issuer,
|
|
15
|
+
audience: strategy.audience
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
if (strategy.type === "symmetric") {
|
|
19
|
+
return {
|
|
20
|
+
type: "symmetric",
|
|
21
|
+
secretEnvKey: strategy.secretEnvKey
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
return {
|
|
25
|
+
type: "apiKey",
|
|
26
|
+
headerName: strategy.headerName,
|
|
27
|
+
envKey: strategy.envKey
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
async function loadProjectConfig(cwd) {
|
|
31
|
+
const configPath = resolve(join(cwd, "kalp.config.ts"));
|
|
32
|
+
await access(configPath, constants.F_OK);
|
|
33
|
+
const jiti = createJiti(cwd, { interopDefault: true });
|
|
34
|
+
const moduleValue = await jiti.import(configPath);
|
|
35
|
+
const raw = moduleValue && typeof moduleValue === "object" && "default" in moduleValue ? moduleValue.default ?? moduleValue : moduleValue;
|
|
36
|
+
return { path: configPath, raw };
|
|
37
|
+
}
|
|
38
|
+
function resolveRuntimeIdentityConfig(rawConfig) {
|
|
39
|
+
const identity = rawConfig.identity && typeof rawConfig.identity === "object" ? rawConfig.identity : void 0;
|
|
40
|
+
const enforceGlobalAuth = typeof rawConfig.enforceGlobalAuth === "boolean" ? rawConfig.enforceGlobalAuth : true;
|
|
41
|
+
return {
|
|
42
|
+
enforceGlobalAuth,
|
|
43
|
+
identityId: identity && typeof identity.id === "string" && identity.id.length > 0 ? identity.id : null,
|
|
44
|
+
strategy: normalizeStrategy(identity?.strategy)
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
function resolveIdentityAuthRequirements(identity) {
|
|
48
|
+
if (!identity.strategy) return [];
|
|
49
|
+
if (identity.strategy.type === "symmetric") {
|
|
50
|
+
return [
|
|
51
|
+
{
|
|
52
|
+
envKey: identity.strategy.secretEnvKey?.trim() || "JWT_SIGNING_SECRET",
|
|
53
|
+
reason: "symmetric JWT validation"
|
|
54
|
+
}
|
|
55
|
+
];
|
|
56
|
+
}
|
|
57
|
+
if (identity.strategy.type === "apiKey") {
|
|
58
|
+
const envKey = identity.strategy.envKey?.trim();
|
|
59
|
+
if (!envKey) {
|
|
60
|
+
return [
|
|
61
|
+
{
|
|
62
|
+
envKey: "KALP_API_KEY",
|
|
63
|
+
reason: "apiKey strategy (default env key)"
|
|
64
|
+
}
|
|
65
|
+
];
|
|
66
|
+
}
|
|
67
|
+
return [{ envKey, reason: "apiKey strategy" }];
|
|
68
|
+
}
|
|
69
|
+
return [];
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
export {
|
|
73
|
+
loadProjectConfig,
|
|
74
|
+
resolveRuntimeIdentityConfig,
|
|
75
|
+
resolveIdentityAuthRequirements
|
|
76
|
+
};
|
|
77
|
+
//# sourceMappingURL=chunk-EXXTCGKR.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/utils/project-config.ts"],"sourcesContent":["import { createJiti } from \"jiti\";\nimport { access } from \"node:fs/promises\";\nimport { constants } from \"node:fs\";\nimport { join, resolve } from \"node:path\";\nimport type { AuthStrategy, IdentityConfig } from \"@kalphq/sdk\";\n\nexport interface LoadedProjectConfig {\n path: string;\n raw: Record<string, unknown>;\n}\n\nexport interface RuntimeIdentityStrategyConfig {\n type: \"jwks\" | \"symmetric\" | \"apiKey\";\n jwksUrl?: string;\n issuer?: string;\n audience?: string;\n secretEnvKey?: string;\n headerName?: string;\n envKey?: string;\n}\n\nexport interface RuntimeIdentityConfig {\n enforceGlobalAuth: boolean;\n identityId: string | null;\n strategy: RuntimeIdentityStrategyConfig | null;\n}\n\nexport interface ProjectConfigAuthRequirement {\n envKey: string;\n reason: string;\n}\n\nfunction normalizeStrategy(\n strategy: AuthStrategy | undefined,\n): RuntimeIdentityStrategyConfig | null {\n if (!strategy) return null;\n if (strategy.type === \"jwks\") {\n return {\n type: \"jwks\",\n jwksUrl: strategy.jwksUrl,\n issuer: strategy.issuer,\n audience: strategy.audience,\n };\n }\n if (strategy.type === \"symmetric\") {\n return {\n type: \"symmetric\",\n secretEnvKey: strategy.secretEnvKey,\n };\n }\n return {\n type: \"apiKey\",\n headerName: strategy.headerName,\n envKey: strategy.envKey,\n };\n}\n\nexport async function loadProjectConfig(cwd: string): Promise<LoadedProjectConfig> {\n const configPath = resolve(join(cwd, \"kalp.config.ts\"));\n await access(configPath, constants.F_OK);\n const jiti = createJiti(cwd, { interopDefault: true });\n const moduleValue = (await jiti.import(configPath)) as\n | { default?: Record<string, unknown> }\n | Record<string, unknown>;\n const raw =\n moduleValue && typeof moduleValue === \"object\" && \"default\" in moduleValue\n ? ((moduleValue.default ?? moduleValue) as Record<string, unknown>)\n : (moduleValue as Record<string, unknown>);\n return { path: configPath, raw };\n}\n\nexport function resolveRuntimeIdentityConfig(\n rawConfig: Record<string, unknown>,\n): RuntimeIdentityConfig {\n const identity =\n rawConfig.identity && typeof rawConfig.identity === \"object\"\n ? (rawConfig.identity as IdentityConfig)\n : undefined;\n const enforceGlobalAuth =\n typeof rawConfig.enforceGlobalAuth === \"boolean\"\n ? rawConfig.enforceGlobalAuth\n : true;\n\n return {\n enforceGlobalAuth,\n identityId:\n identity && typeof identity.id === \"string\" && identity.id.length > 0\n ? identity.id\n : null,\n strategy: normalizeStrategy(identity?.strategy),\n };\n}\n\nexport function resolveIdentityAuthRequirements(\n identity: RuntimeIdentityConfig,\n): ProjectConfigAuthRequirement[] {\n if (!identity.strategy) return [];\n\n if (identity.strategy.type === \"symmetric\") {\n return [\n {\n envKey: identity.strategy.secretEnvKey?.trim() || \"JWT_SIGNING_SECRET\",\n reason: \"symmetric JWT validation\",\n },\n ];\n }\n\n if (identity.strategy.type === \"apiKey\") {\n const envKey = identity.strategy.envKey?.trim();\n if (!envKey) {\n return [\n {\n envKey: \"KALP_API_KEY\",\n reason: \"apiKey strategy (default env key)\",\n },\n ];\n }\n return [{ envKey, reason: \"apiKey strategy\" }];\n }\n\n return [];\n}\n"],"mappings":";;;AAAA,SAAS,kBAAkB;AAC3B,SAAS,cAAc;AACvB,SAAS,iBAAiB;AAC1B,SAAS,MAAM,eAAe;AA6B9B,SAAS,kBACP,UACsC;AACtC,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI,SAAS,SAAS,QAAQ;AAC5B,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS,SAAS;AAAA,MAClB,QAAQ,SAAS;AAAA,MACjB,UAAU,SAAS;AAAA,IACrB;AAAA,EACF;AACA,MAAI,SAAS,SAAS,aAAa;AACjC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,cAAc,SAAS;AAAA,IACzB;AAAA,EACF;AACA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAY,SAAS;AAAA,IACrB,QAAQ,SAAS;AAAA,EACnB;AACF;AAEA,eAAsB,kBAAkB,KAA2C;AACjF,QAAM,aAAa,QAAQ,KAAK,KAAK,gBAAgB,CAAC;AACtD,QAAM,OAAO,YAAY,UAAU,IAAI;AACvC,QAAM,OAAO,WAAW,KAAK,EAAE,gBAAgB,KAAK,CAAC;AACrD,QAAM,cAAe,MAAM,KAAK,OAAO,UAAU;AAGjD,QAAM,MACJ,eAAe,OAAO,gBAAgB,YAAY,aAAa,cACzD,YAAY,WAAW,cACxB;AACP,SAAO,EAAE,MAAM,YAAY,IAAI;AACjC;AAEO,SAAS,6BACd,WACuB;AACvB,QAAM,WACJ,UAAU,YAAY,OAAO,UAAU,aAAa,WAC/C,UAAU,WACX;AACN,QAAM,oBACJ,OAAO,UAAU,sBAAsB,YACnC,UAAU,oBACV;AAEN,SAAO;AAAA,IACL;AAAA,IACA,YACE,YAAY,OAAO,SAAS,OAAO,YAAY,SAAS,GAAG,SAAS,IAChE,SAAS,KACT;AAAA,IACN,UAAU,kBAAkB,UAAU,QAAQ;AAAA,EAChD;AACF;AAEO,SAAS,gCACd,UACgC;AAChC,MAAI,CAAC,SAAS,SAAU,QAAO,CAAC;AAEhC,MAAI,SAAS,SAAS,SAAS,aAAa;AAC1C,WAAO;AAAA,MACL;AAAA,QACE,QAAQ,SAAS,SAAS,cAAc,KAAK,KAAK;AAAA,QAClD,QAAQ;AAAA,MACV;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,SAAS,SAAS,UAAU;AACvC,UAAM,SAAS,SAAS,SAAS,QAAQ,KAAK;AAC9C,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,QACL;AAAA,UACE,QAAQ;AAAA,UACR,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,IACF;AACA,WAAO,CAAC,EAAE,QAAQ,QAAQ,kBAAkB,CAAC;AAAA,EAC/C;AAEA,SAAO,CAAC;AACV;","names":[]}
|
|
@@ -5,7 +5,7 @@ import {
|
|
|
5
5
|
import {
|
|
6
6
|
materializeRuntime,
|
|
7
7
|
readProjectState
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-XVD3FFOJ.js";
|
|
9
9
|
|
|
10
10
|
// src/utils/secrets-runtime.ts
|
|
11
11
|
async function resolveSecretsRuntimeConfigPath(cwd) {
|
|
@@ -25,4 +25,4 @@ async function resolveSecretsRuntimeConfigPath(cwd) {
|
|
|
25
25
|
export {
|
|
26
26
|
resolveSecretsRuntimeConfigPath
|
|
27
27
|
};
|
|
28
|
-
//# sourceMappingURL=chunk-
|
|
28
|
+
//# sourceMappingURL=chunk-IZXCZ3IA.js.map
|
|
@@ -1,4 +1,9 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
+
import {
|
|
3
|
+
loadProjectConfig,
|
|
4
|
+
resolveIdentityAuthRequirements,
|
|
5
|
+
resolveRuntimeIdentityConfig
|
|
6
|
+
} from "./chunk-EXXTCGKR.js";
|
|
2
7
|
|
|
3
8
|
// src/utils/project-state.ts
|
|
4
9
|
import { mkdir, readFile, writeFile } from "fs/promises";
|
|
@@ -60,7 +65,7 @@ async function writeProjectState(cwd, state) {
|
|
|
60
65
|
// src/utils/runtime.ts
|
|
61
66
|
import { createHash } from "crypto";
|
|
62
67
|
import {
|
|
63
|
-
access as
|
|
68
|
+
access as access2,
|
|
64
69
|
cp,
|
|
65
70
|
mkdir as mkdir2,
|
|
66
71
|
readdir,
|
|
@@ -69,7 +74,7 @@ import {
|
|
|
69
74
|
stat,
|
|
70
75
|
writeFile as writeFile3
|
|
71
76
|
} from "fs/promises";
|
|
72
|
-
import { basename, dirname, join as
|
|
77
|
+
import { basename, dirname, join as join4, resolve } from "path";
|
|
73
78
|
import { fileURLToPath } from "url";
|
|
74
79
|
import { deriveLabelFromName } from "@kalphq/project";
|
|
75
80
|
|
|
@@ -112,79 +117,10 @@ function getRequiredSecretForProvider(provider) {
|
|
|
112
117
|
return PROVIDER_SECRET_MAP[provider];
|
|
113
118
|
}
|
|
114
119
|
|
|
115
|
-
// src/utils/project-config.ts
|
|
116
|
-
import { createJiti as createJiti2 } from "jiti";
|
|
117
|
-
import { access as access2 } from "fs/promises";
|
|
118
|
-
import { constants as constants2 } from "fs";
|
|
119
|
-
import { join as join3, resolve } from "path";
|
|
120
|
-
function normalizeStrategy(strategy) {
|
|
121
|
-
if (!strategy) return null;
|
|
122
|
-
if (strategy.type === "jwks") {
|
|
123
|
-
return {
|
|
124
|
-
type: "jwks",
|
|
125
|
-
jwksUrl: strategy.jwksUrl,
|
|
126
|
-
issuer: strategy.issuer,
|
|
127
|
-
audience: strategy.audience
|
|
128
|
-
};
|
|
129
|
-
}
|
|
130
|
-
if (strategy.type === "symmetric") {
|
|
131
|
-
return {
|
|
132
|
-
type: "symmetric",
|
|
133
|
-
secretEnvKey: strategy.secretEnvKey
|
|
134
|
-
};
|
|
135
|
-
}
|
|
136
|
-
return {
|
|
137
|
-
type: "apiKey",
|
|
138
|
-
headerName: strategy.headerName,
|
|
139
|
-
envKey: strategy.envKey
|
|
140
|
-
};
|
|
141
|
-
}
|
|
142
|
-
async function loadProjectConfig(cwd) {
|
|
143
|
-
const configPath = resolve(join3(cwd, "kalp.config.ts"));
|
|
144
|
-
await access2(configPath, constants2.F_OK);
|
|
145
|
-
const jiti = createJiti2(cwd, { interopDefault: true });
|
|
146
|
-
const moduleValue = await jiti.import(configPath);
|
|
147
|
-
const raw = moduleValue && typeof moduleValue === "object" && "default" in moduleValue ? moduleValue.default ?? moduleValue : moduleValue;
|
|
148
|
-
return { path: configPath, raw };
|
|
149
|
-
}
|
|
150
|
-
function resolveRuntimeIdentityConfig(rawConfig) {
|
|
151
|
-
const identity = rawConfig.identity && typeof rawConfig.identity === "object" ? rawConfig.identity : void 0;
|
|
152
|
-
const enforceGlobalAuth = typeof rawConfig.enforceGlobalAuth === "boolean" ? rawConfig.enforceGlobalAuth : true;
|
|
153
|
-
return {
|
|
154
|
-
enforceGlobalAuth,
|
|
155
|
-
identityId: identity && typeof identity.id === "string" && identity.id.length > 0 ? identity.id : null,
|
|
156
|
-
strategy: normalizeStrategy(identity?.strategy)
|
|
157
|
-
};
|
|
158
|
-
}
|
|
159
|
-
function resolveIdentityAuthRequirements(identity) {
|
|
160
|
-
if (!identity.strategy) return [];
|
|
161
|
-
if (identity.strategy.type === "symmetric") {
|
|
162
|
-
return [
|
|
163
|
-
{
|
|
164
|
-
envKey: identity.strategy.secretEnvKey?.trim() || "JWT_SIGNING_SECRET",
|
|
165
|
-
reason: "symmetric JWT validation"
|
|
166
|
-
}
|
|
167
|
-
];
|
|
168
|
-
}
|
|
169
|
-
if (identity.strategy.type === "apiKey") {
|
|
170
|
-
const envKey = identity.strategy.envKey?.trim();
|
|
171
|
-
if (!envKey) {
|
|
172
|
-
return [
|
|
173
|
-
{
|
|
174
|
-
envKey: "KALP_API_KEY",
|
|
175
|
-
reason: "apiKey strategy (default env key)"
|
|
176
|
-
}
|
|
177
|
-
];
|
|
178
|
-
}
|
|
179
|
-
return [{ envKey, reason: "apiKey strategy" }];
|
|
180
|
-
}
|
|
181
|
-
return [];
|
|
182
|
-
}
|
|
183
|
-
|
|
184
120
|
// src/utils/runtime-identity.ts
|
|
185
121
|
import { build } from "esbuild";
|
|
186
122
|
import { writeFile as writeFile2 } from "fs/promises";
|
|
187
|
-
import { join as
|
|
123
|
+
import { join as join3 } from "path";
|
|
188
124
|
var DEFAULT_IDENTITY_MAP_SOURCE = `export default function mapIdentity(payload) {
|
|
189
125
|
const sub =
|
|
190
126
|
payload && typeof payload === "object" && typeof payload.sub === "string"
|
|
@@ -258,8 +194,8 @@ export default mapIdentity;
|
|
|
258
194
|
}
|
|
259
195
|
async function materializeRuntimeIdentity(params) {
|
|
260
196
|
const { cwd, runtimeDir } = params;
|
|
261
|
-
const identityConfigPath =
|
|
262
|
-
const identityMapPath =
|
|
197
|
+
const identityConfigPath = join3(runtimeDir, "identity.config.json");
|
|
198
|
+
const identityMapPath = join3(runtimeDir, "identity.map.mjs");
|
|
263
199
|
let rawConfig = {};
|
|
264
200
|
try {
|
|
265
201
|
const loaded = await loadProjectConfig(cwd);
|
|
@@ -305,7 +241,7 @@ function sanitizeSegment(input) {
|
|
|
305
241
|
}
|
|
306
242
|
async function resolveProjectSlug(cwd) {
|
|
307
243
|
const fallback = sanitizeSegment(basename(cwd)) || "agent";
|
|
308
|
-
const packageJsonPath =
|
|
244
|
+
const packageJsonPath = join4(cwd, "package.json");
|
|
309
245
|
try {
|
|
310
246
|
const content = await readFile3(packageJsonPath, "utf-8");
|
|
311
247
|
const pkg = JSON.parse(content);
|
|
@@ -369,10 +305,10 @@ function createRuntimeConfig(workerName, mode, requiredSecrets) {
|
|
|
369
305
|
}
|
|
370
306
|
function runtimeTemplateCandidates() {
|
|
371
307
|
const here = dirname(fileURLToPath(import.meta.url));
|
|
372
|
-
const distTemplateRoot =
|
|
373
|
-
const packageRootTemplate =
|
|
374
|
-
const sourceTemplateRoot =
|
|
375
|
-
const monorepoStudioDist =
|
|
308
|
+
const distTemplateRoot = resolve(here, "runtime-template");
|
|
309
|
+
const packageRootTemplate = resolve(here, "..", "runtime-template");
|
|
310
|
+
const sourceTemplateRoot = resolve(here, "..", "..", "runtime-template");
|
|
311
|
+
const monorepoStudioDist = resolve(
|
|
376
312
|
here,
|
|
377
313
|
"..",
|
|
378
314
|
"..",
|
|
@@ -385,28 +321,28 @@ function runtimeTemplateCandidates() {
|
|
|
385
321
|
);
|
|
386
322
|
return [
|
|
387
323
|
{
|
|
388
|
-
studioTemplateDir:
|
|
389
|
-
workerEntryPath:
|
|
324
|
+
studioTemplateDir: join4(distTemplateRoot, STUDIO_DIR),
|
|
325
|
+
workerEntryPath: join4(distTemplateRoot, WORKER_ENTRY_FILE)
|
|
390
326
|
},
|
|
391
327
|
{
|
|
392
|
-
studioTemplateDir:
|
|
393
|
-
workerEntryPath:
|
|
328
|
+
studioTemplateDir: join4(packageRootTemplate, STUDIO_DIR),
|
|
329
|
+
workerEntryPath: join4(packageRootTemplate, WORKER_ENTRY_FILE)
|
|
394
330
|
},
|
|
395
331
|
{
|
|
396
|
-
studioTemplateDir:
|
|
397
|
-
workerEntryPath:
|
|
332
|
+
studioTemplateDir: join4(sourceTemplateRoot, STUDIO_DIR),
|
|
333
|
+
workerEntryPath: join4(sourceTemplateRoot, WORKER_ENTRY_FILE)
|
|
398
334
|
},
|
|
399
335
|
{
|
|
400
336
|
studioTemplateDir: monorepoStudioDist,
|
|
401
|
-
workerEntryPath:
|
|
337
|
+
workerEntryPath: join4(sourceTemplateRoot, WORKER_ENTRY_FILE)
|
|
402
338
|
}
|
|
403
339
|
];
|
|
404
340
|
}
|
|
405
341
|
async function resolveRuntimeTemplate() {
|
|
406
342
|
for (const candidate of runtimeTemplateCandidates()) {
|
|
407
343
|
try {
|
|
408
|
-
await
|
|
409
|
-
await
|
|
344
|
+
await access2(candidate.studioTemplateDir);
|
|
345
|
+
await access2(candidate.workerEntryPath);
|
|
410
346
|
return candidate;
|
|
411
347
|
} catch {
|
|
412
348
|
}
|
|
@@ -433,13 +369,13 @@ ${cssLinks}
|
|
|
433
369
|
`;
|
|
434
370
|
}
|
|
435
371
|
async function ensureStudioIndex(studioDir) {
|
|
436
|
-
const indexPath =
|
|
372
|
+
const indexPath = join4(studioDir, "index.html");
|
|
437
373
|
try {
|
|
438
|
-
await
|
|
374
|
+
await access2(indexPath);
|
|
439
375
|
return;
|
|
440
376
|
} catch {
|
|
441
377
|
}
|
|
442
|
-
const assetsDir =
|
|
378
|
+
const assetsDir = join4(studioDir, "assets");
|
|
443
379
|
const assetFiles = await readdir(assetsDir);
|
|
444
380
|
const entryScript = assetFiles.find((file) => /^index-.*\.js$/i.test(file)) ?? assetFiles.find((file) => file.endsWith(".js"));
|
|
445
381
|
if (!entryScript) {
|
|
@@ -452,13 +388,13 @@ async function ensureStudioIndex(studioDir) {
|
|
|
452
388
|
await writeFile3(indexPath, html, "utf-8");
|
|
453
389
|
}
|
|
454
390
|
async function readLocalAgentNames(cwd) {
|
|
455
|
-
const agentsDir =
|
|
391
|
+
const agentsDir = join4(cwd, "agents");
|
|
456
392
|
try {
|
|
457
393
|
const entries = await readdir(agentsDir, { withFileTypes: true });
|
|
458
394
|
const names = [];
|
|
459
395
|
for (const entry of entries) {
|
|
460
396
|
if (!entry.isDirectory()) continue;
|
|
461
|
-
const indexPath =
|
|
397
|
+
const indexPath = join4(agentsDir, entry.name, "index.ts");
|
|
462
398
|
const exists = await stat(indexPath).then(() => true).catch(() => false);
|
|
463
399
|
if (exists) names.push(entry.name);
|
|
464
400
|
}
|
|
@@ -473,7 +409,7 @@ async function createAgentsSnapshot(cwd, mode) {
|
|
|
473
409
|
const byName = /* @__PURE__ */ new Map();
|
|
474
410
|
const stateAgents = state?.agents ?? {};
|
|
475
411
|
for (const name of localAgentNames) {
|
|
476
|
-
const localPath =
|
|
412
|
+
const localPath = join4(cwd, "agents", name, "index.ts");
|
|
477
413
|
const saved = stateAgents[name];
|
|
478
414
|
const hasRemoteVersion = !!saved?.lastRemoteHash && (saved?.currentVersion ?? 0) > 0;
|
|
479
415
|
if (mode === "remote" && !hasRemoteVersion) {
|
|
@@ -501,7 +437,7 @@ async function createAgentsSnapshot(cwd, mode) {
|
|
|
501
437
|
for (const [name, saved] of Object.entries(stateAgents)) {
|
|
502
438
|
const hasRemoteVersion = !!saved.lastRemoteHash && (saved.currentVersion ?? 0) > 0;
|
|
503
439
|
if (!hasRemoteVersion || byName.has(name)) continue;
|
|
504
|
-
const localPath = saved.localPath ??
|
|
440
|
+
const localPath = saved.localPath ?? join4(cwd, "agents", name, "index.ts");
|
|
505
441
|
const workerUrl = saved.workerUrl ?? (state?.workerUrl ? `${state.workerUrl.replace(/\/$/, "")}/a/${name}` : null);
|
|
506
442
|
const versionNumber = saved.currentVersion > 0 ? saved.currentVersion : null;
|
|
507
443
|
byName.set(name, {
|
|
@@ -532,7 +468,7 @@ async function createAgentsSnapshot(cwd, mode) {
|
|
|
532
468
|
async function writeRuntimeAgentsSnapshot(params) {
|
|
533
469
|
const snapshot = await createAgentsSnapshot(params.cwd, params.mode);
|
|
534
470
|
await writeFile3(
|
|
535
|
-
|
|
471
|
+
join4(params.runtimeDir, "agents.snapshot.json"),
|
|
536
472
|
`${JSON.stringify(snapshot, null, 2)}
|
|
537
473
|
`,
|
|
538
474
|
"utf-8"
|
|
@@ -540,10 +476,10 @@ async function writeRuntimeAgentsSnapshot(params) {
|
|
|
540
476
|
}
|
|
541
477
|
async function materializeRuntime(cwd, options = {}) {
|
|
542
478
|
const mode = options.mode ?? "remote";
|
|
543
|
-
const runtimeDir =
|
|
544
|
-
const studioDir =
|
|
545
|
-
const workerEntrypointPath =
|
|
546
|
-
const wranglerConfigPath =
|
|
479
|
+
const runtimeDir = join4(cwd, RUNTIME_ROOT, RUNTIME_DIR);
|
|
480
|
+
const studioDir = join4(runtimeDir, STUDIO_DIR);
|
|
481
|
+
const workerEntrypointPath = join4(runtimeDir, WORKER_ENTRY_FILE);
|
|
482
|
+
const wranglerConfigPath = join4(runtimeDir, WRANGLER_CONFIG_FILE);
|
|
547
483
|
const template = await resolveRuntimeTemplate();
|
|
548
484
|
await rm(runtimeDir, { recursive: true, force: true });
|
|
549
485
|
await mkdir2(runtimeDir, { recursive: true });
|
|
@@ -595,11 +531,8 @@ export {
|
|
|
595
531
|
resolveProviderFromConfig,
|
|
596
532
|
readDotEnv,
|
|
597
533
|
getRequiredSecretForProvider,
|
|
598
|
-
loadProjectConfig,
|
|
599
|
-
resolveRuntimeIdentityConfig,
|
|
600
|
-
resolveIdentityAuthRequirements,
|
|
601
534
|
readLocalAgentNames,
|
|
602
535
|
writeRuntimeAgentsSnapshot,
|
|
603
536
|
materializeRuntime
|
|
604
537
|
};
|
|
605
|
-
//# sourceMappingURL=chunk-
|
|
538
|
+
//# sourceMappingURL=chunk-XVD3FFOJ.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/utils/project-state.ts","../src/utils/runtime.ts","../src/utils/ai.ts","../src/utils/runtime-identity.ts"],"sourcesContent":["import { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport { join } from \"node:path\";\n\nexport interface ProjectAgentState {\n currentHash: string | null;\n currentVersion: number;\n lastLocalHash: string | null;\n lastRemoteHash: string | null;\n lastPushedAt: string | null;\n localPath: string;\n workerUrl: string | null;\n}\n\nexport interface ProjectState {\n workerUrl: string | null;\n deployedAt: string | null;\n accountId: string | null;\n studioCredentialsFingerprint?: string | null;\n serviceKeyFingerprint?: string | null;\n agents: Record<string, ProjectAgentState>;\n}\n\nconst KALP_DIR = \".kalp\";\nconst STATE_FILE = \"state.json\";\n\nfunction normalizeProjectState(raw: unknown): ProjectState | null {\n if (!raw || typeof raw !== \"object\") return null;\n const value = raw as Record<string, unknown>;\n const workerUrl =\n typeof value.workerUrl === \"string\" && value.workerUrl.length > 0\n ? value.workerUrl\n : null;\n const deployedAt =\n typeof value.deployedAt === \"string\" && value.deployedAt.length > 0\n ? value.deployedAt\n : null;\n const accountId =\n typeof value.accountId === \"string\" && value.accountId.length > 0\n ? value.accountId\n : null;\n const studioCredentialsFingerprint =\n typeof value.studioCredentialsFingerprint === \"string\" &&\n value.studioCredentialsFingerprint.length > 0\n ? value.studioCredentialsFingerprint\n : null;\n const serviceKeyFingerprint =\n typeof value.serviceKeyFingerprint === \"string\" &&\n value.serviceKeyFingerprint.length > 0\n ? value.serviceKeyFingerprint\n : null;\n\n const agents: Record<string, ProjectAgentState> = {};\n const rawAgents =\n value.agents && typeof value.agents === \"object\"\n ? (value.agents as Record<string, unknown>)\n : {};\n\n for (const [name, entry] of Object.entries(rawAgents)) {\n if (!entry || typeof entry !== \"object\") continue;\n const item = entry as Record<string, unknown>;\n if (typeof item.localPath !== \"string\" || item.localPath.length === 0) {\n continue;\n }\n\n const currentVersion =\n typeof item.currentVersion === \"number\" && Number.isFinite(item.currentVersion)\n ? Math.max(0, Math.floor(item.currentVersion))\n : 0;\n\n agents[name] = {\n currentHash: typeof item.currentHash === \"string\" ? item.currentHash : null,\n currentVersion,\n lastLocalHash: typeof item.lastLocalHash === \"string\" ? item.lastLocalHash : null,\n lastRemoteHash:\n typeof item.lastRemoteHash === \"string\" ? item.lastRemoteHash : null,\n lastPushedAt: typeof item.lastPushedAt === \"string\" ? item.lastPushedAt : null,\n localPath: item.localPath,\n workerUrl: typeof item.workerUrl === \"string\" ? item.workerUrl : null,\n };\n }\n\n return {\n workerUrl,\n deployedAt,\n accountId,\n studioCredentialsFingerprint,\n serviceKeyFingerprint,\n agents,\n };\n}\n\nexport async function readProjectState(cwd: string): Promise<ProjectState | null> {\n try {\n const statePath = join(cwd, KALP_DIR, STATE_FILE);\n const content = await readFile(statePath, \"utf-8\");\n return normalizeProjectState(JSON.parse(content));\n } catch {\n return null;\n }\n}\n\nexport async function writeProjectState(\n cwd: string,\n state: ProjectState,\n): Promise<void> {\n const dir = join(cwd, KALP_DIR);\n await mkdir(dir, { recursive: true });\n await writeFile(join(dir, STATE_FILE), `${JSON.stringify(state, null, 2)}\\n`, \"utf-8\");\n}\n","import { createHash } from \"node:crypto\";\nimport {\n access,\n cp,\n mkdir,\n readdir,\n readFile,\n rm,\n stat,\n writeFile,\n} from \"node:fs/promises\";\nimport { basename, dirname, join, resolve } from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { deriveLabelFromName } from \"@kalphq/project\";\nimport { getRequiredSecretForProvider, resolveProviderFromConfig } from \"@/utils/ai\";\nimport {\n resolveIdentityAuthRequirements,\n} from \"@/utils/project-config\";\nimport { readProjectState } from \"@/utils/project-state\";\nimport { materializeRuntimeIdentity } from \"@/utils/runtime-identity\";\n\nconst RUNTIME_ROOT = \".kalp\";\nconst RUNTIME_DIR = \"runtime\";\nconst STUDIO_DIR = \"studio\";\nconst WRANGLER_CONFIG_FILE = \"wrangler.jsonc\";\nconst WORKER_ENTRY_FILE = \"worker-entry.js\";\nconst COMPATIBILITY_DATE = \"2026-05-10\";\n\nexport interface RuntimePaths {\n runtimeDir: string;\n studioDir: string;\n workerEntrypointPath: string;\n wranglerConfigPath: string;\n workerName: string;\n}\n\ninterface RuntimeAgentRecord {\n name: string;\n label?: string;\n tags?: string[];\n environment: \"local\" | \"remote\" | \"both\";\n status: \"online\" | \"offline\";\n hash: string | null;\n version: string | null;\n versionNumber: number | null;\n lastRemoteHash: string | null;\n lastLocalHash: string | null;\n workerUrl: string | null;\n localPath: string | null;\n updatedAt: string | null;\n}\n\ninterface RuntimeAgentsSnapshot {\n generatedAt: string;\n projectPath: string;\n workerUrl: string | null;\n mode: \"local\" | \"remote\";\n agents: RuntimeAgentRecord[];\n}\n\nexport interface MaterializeRuntimeOptions {\n mode?: \"local\" | \"remote\";\n}\n\ninterface WranglerConfig {\n $schema: string;\n name: string;\n main: string;\n compatibility_date: string;\n compatibility_flags: string[];\n migrations: Array<{ tag: string; new_sqlite_classes: string[] }>;\n durable_objects: {\n bindings: Array<{ name: string; class_name: string }>;\n };\n kv_namespaces: Array<{ binding: string }>;\n assets: {\n directory: string;\n binding: string;\n run_worker_first: boolean;\n };\n observability: { enabled: boolean };\n upload_source_maps: boolean;\n vars: {\n KALP_ENV: \"local\" | \"remote\";\n };\n secrets: { required: string[] };\n}\n\ninterface RuntimeTemplatePaths {\n studioTemplateDir: string;\n workerEntryPath: string;\n}\n\nfunction sanitizeSegment(input: string): string {\n return input\n .toLowerCase()\n .replace(/^@/, \"\")\n .replace(/\\//g, \"-\")\n .replace(/[^a-z0-9-]/g, \"-\")\n .replace(/-+/g, \"-\")\n .replace(/^-+|-+$/g, \"\");\n}\n\nasync function resolveProjectSlug(cwd: string): Promise<string> {\n const fallback = sanitizeSegment(basename(cwd)) || \"agent\";\n const packageJsonPath = join(cwd, \"package.json\");\n\n try {\n const content = await readFile(packageJsonPath, \"utf-8\");\n const pkg = JSON.parse(content) as { name?: string };\n const name = typeof pkg.name === \"string\" ? pkg.name : \"\";\n const sanitized = sanitizeSegment(name);\n return sanitized || fallback;\n } catch {\n return fallback;\n }\n}\n\nfunction buildWorkerName(slug: string, cwd: string): string {\n const cwdHash = createHash(\"sha1\").update(cwd).digest(\"hex\").slice(0, 8);\n const withPrefix = `kalp-${slug}-${cwdHash}`;\n const maxLen = 63;\n if (withPrefix.length <= maxLen) {\n return withPrefix;\n }\n\n const clipped = withPrefix.slice(0, maxLen).replace(/-+$/g, \"\");\n return clipped || `kalp-${cwdHash}`;\n}\n\nfunction createRuntimeConfig(\n workerName: string,\n mode: \"local\" | \"remote\",\n requiredSecrets: string[],\n): WranglerConfig {\n return {\n $schema: \"node_modules/wrangler/config-schema.json\",\n name: workerName,\n main: `./${WORKER_ENTRY_FILE}`,\n compatibility_date: COMPATIBILITY_DATE,\n compatibility_flags: [\"nodejs_compat\"],\n migrations: [\n {\n tag: \"v1\",\n new_sqlite_classes: [\"AgentDurableObject\"],\n },\n ],\n durable_objects: {\n bindings: [\n {\n name: \"KALP_RUNTIME_CLOUDFLARE\",\n class_name: \"AgentDurableObject\",\n },\n ],\n },\n kv_namespaces: [\n {\n binding: \"KALP_MANIFESTS\",\n },\n ],\n assets: {\n directory: `./${STUDIO_DIR}`,\n binding: \"ASSETS\",\n run_worker_first: true,\n },\n observability: { enabled: true },\n upload_source_maps: true,\n vars: {\n KALP_ENV: mode,\n },\n secrets: {\n required: requiredSecrets,\n },\n };\n}\n\nfunction runtimeTemplateCandidates(): Array<{\n studioTemplateDir: string;\n workerEntryPath: string;\n}> {\n const here = dirname(fileURLToPath(import.meta.url));\n const distTemplateRoot = resolve(here, \"runtime-template\");\n const packageRootTemplate = resolve(here, \"..\", \"runtime-template\");\n const sourceTemplateRoot = resolve(here, \"..\", \"..\", \"runtime-template\");\n const monorepoStudioDist = resolve(\n here,\n \"..\",\n \"..\",\n \"..\",\n \"..\",\n \"apps\",\n \"studio\",\n \"dist\",\n \"client\",\n );\n\n return [\n {\n studioTemplateDir: join(distTemplateRoot, STUDIO_DIR),\n workerEntryPath: join(distTemplateRoot, WORKER_ENTRY_FILE),\n },\n {\n studioTemplateDir: join(packageRootTemplate, STUDIO_DIR),\n workerEntryPath: join(packageRootTemplate, WORKER_ENTRY_FILE),\n },\n {\n studioTemplateDir: join(sourceTemplateRoot, STUDIO_DIR),\n workerEntryPath: join(sourceTemplateRoot, WORKER_ENTRY_FILE),\n },\n {\n studioTemplateDir: monorepoStudioDist,\n workerEntryPath: join(sourceTemplateRoot, WORKER_ENTRY_FILE),\n },\n ];\n}\n\nasync function resolveRuntimeTemplate(): Promise<RuntimeTemplatePaths> {\n for (const candidate of runtimeTemplateCandidates()) {\n try {\n await access(candidate.studioTemplateDir);\n await access(candidate.workerEntryPath);\n return candidate;\n } catch {\n // continue\n }\n }\n\n throw new Error(\n \"Kalp runtime template not found in CLI package. Reinstall @kalphq/cli.\",\n );\n}\n\nfunction createStudioShell(entryScript: string, cssFiles: string[]): string {\n const cssLinks = cssFiles\n .map((file) => ` <link rel=\"stylesheet\" href=\"/studio/assets/${file}\" />`)\n .join(\"\\n\");\n\n return `<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"UTF-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Kalp Studio</title>\n${cssLinks}\n </head>\n <body>\n <div id=\"root\"></div>\n <script type=\"module\" src=\"/studio/assets/${entryScript}\"></script>\n </body>\n</html>\n`;\n}\n\nasync function ensureStudioIndex(studioDir: string): Promise<void> {\n const indexPath = join(studioDir, \"index.html\");\n try {\n await access(indexPath);\n return;\n } catch {\n // index.html is missing on some TanStack Start static builds.\n }\n\n const assetsDir = join(studioDir, \"assets\");\n const assetFiles = await readdir(assetsDir);\n const entryScript =\n assetFiles.find((file) => /^index-.*\\.js$/i.test(file)) ??\n assetFiles.find((file) => file.endsWith(\".js\"));\n\n if (!entryScript) {\n throw new Error(\n \"Studio runtime template is missing an entry JS bundle in studio/assets.\",\n );\n }\n\n const cssFiles = assetFiles.filter((file) => file.endsWith(\".css\")).sort();\n const html = createStudioShell(entryScript, cssFiles);\n await writeFile(indexPath, html, \"utf-8\");\n}\n\nexport async function readLocalAgentNames(cwd: string): Promise<string[]> {\n const agentsDir = join(cwd, \"agents\");\n try {\n const entries = await readdir(agentsDir, { withFileTypes: true });\n const names: string[] = [];\n for (const entry of entries) {\n if (!entry.isDirectory()) continue;\n const indexPath = join(agentsDir, entry.name, \"index.ts\");\n const exists = await stat(indexPath)\n .then(() => true)\n .catch(() => false);\n if (exists) names.push(entry.name);\n }\n return names.sort((a, b) => a.localeCompare(b));\n } catch {\n return [];\n }\n}\n\nasync function createAgentsSnapshot(\n cwd: string,\n mode: \"local\" | \"remote\",\n): Promise<RuntimeAgentsSnapshot> {\n const localAgentNames = await readLocalAgentNames(cwd);\n const state = await readProjectState(cwd);\n\n const byName = new Map<string, RuntimeAgentRecord>();\n const stateAgents = state?.agents ?? {};\n\n for (const name of localAgentNames) {\n const localPath = join(cwd, \"agents\", name, \"index.ts\");\n const saved = stateAgents[name];\n const hasRemoteVersion = !!saved?.lastRemoteHash && (saved?.currentVersion ?? 0) > 0;\n\n if (mode === \"remote\" && !hasRemoteVersion) {\n continue;\n }\n\n const resolvedWorkerUrl =\n saved?.workerUrl ??\n (state?.workerUrl ? `${state.workerUrl.replace(/\\/$/, \"\")}/a/${name}` : null);\n const versionNumber =\n typeof saved?.currentVersion === \"number\" && saved.currentVersion > 0\n ? saved.currentVersion\n : null;\n\n byName.set(name, {\n name,\n label: deriveLabelFromName(name),\n tags: [],\n environment:\n mode === \"remote\"\n ? \"remote\"\n : hasRemoteVersion\n ? \"both\"\n : \"local\",\n status: resolvedWorkerUrl ? \"online\" : \"offline\",\n hash: saved?.currentHash ?? null,\n version: versionNumber ? `v${versionNumber}` : null,\n versionNumber,\n lastRemoteHash: saved?.lastRemoteHash ?? null,\n lastLocalHash: saved?.lastLocalHash ?? null,\n workerUrl: resolvedWorkerUrl,\n localPath,\n updatedAt: saved?.lastPushedAt ?? state?.deployedAt ?? null,\n });\n }\n\n if (mode === \"remote\") {\n for (const [name, saved] of Object.entries(stateAgents)) {\n const hasRemoteVersion =\n !!saved.lastRemoteHash && (saved.currentVersion ?? 0) > 0;\n if (!hasRemoteVersion || byName.has(name)) continue;\n\n const localPath = saved.localPath ?? join(cwd, \"agents\", name, \"index.ts\");\n const workerUrl =\n saved.workerUrl ??\n (state?.workerUrl ? `${state.workerUrl.replace(/\\/$/, \"\")}/a/${name}` : null);\n const versionNumber = saved.currentVersion > 0 ? saved.currentVersion : null;\n\n byName.set(name, {\n name,\n label: deriveLabelFromName(name),\n tags: [],\n environment: \"remote\",\n status: workerUrl ? \"online\" : \"offline\",\n hash: saved.currentHash ?? null,\n version: versionNumber ? `v${versionNumber}` : null,\n versionNumber,\n lastRemoteHash: saved.lastRemoteHash ?? null,\n lastLocalHash: saved.lastLocalHash ?? null,\n workerUrl,\n localPath,\n updatedAt: saved.lastPushedAt ?? state?.deployedAt ?? null,\n });\n }\n }\n\n return {\n generatedAt: new Date().toISOString(),\n projectPath: cwd,\n workerUrl: state?.workerUrl ?? null,\n mode,\n agents: Array.from(byName.values()).sort((a, b) => a.name.localeCompare(b.name)),\n };\n}\n\nexport async function writeRuntimeAgentsSnapshot(params: {\n cwd: string;\n runtimeDir: string;\n mode: \"local\" | \"remote\";\n}): Promise<void> {\n const snapshot = await createAgentsSnapshot(params.cwd, params.mode);\n await writeFile(\n join(params.runtimeDir, \"agents.snapshot.json\"),\n `${JSON.stringify(snapshot, null, 2)}\\n`,\n \"utf-8\",\n );\n}\n\nexport async function materializeRuntime(\n cwd: string,\n options: MaterializeRuntimeOptions = {},\n): Promise<RuntimePaths> {\n const mode = options.mode ?? \"remote\";\n const runtimeDir = join(cwd, RUNTIME_ROOT, RUNTIME_DIR);\n const studioDir = join(runtimeDir, STUDIO_DIR);\n const workerEntrypointPath = join(runtimeDir, WORKER_ENTRY_FILE);\n const wranglerConfigPath = join(runtimeDir, WRANGLER_CONFIG_FILE);\n\n const template = await resolveRuntimeTemplate();\n await rm(runtimeDir, { recursive: true, force: true });\n await mkdir(runtimeDir, { recursive: true });\n\n await cp(template.studioTemplateDir, studioDir, { recursive: true });\n await cp(template.workerEntryPath, workerEntrypointPath);\n await ensureStudioIndex(studioDir);\n await writeRuntimeAgentsSnapshot({ cwd, runtimeDir, mode });\n const identity = await materializeRuntimeIdentity({ cwd, runtimeDir });\n\n const projectSlug = await resolveProjectSlug(cwd);\n const workerName = buildWorkerName(projectSlug, cwd);\n const requiredSecrets = new Set<string>([\n \"KALP_SECRET_KEY\",\n \"KALP_STUDIO_PASSWORD\",\n \"KALP_STUDIO_ADMIN_USER\",\n \"KALP_SERVICE_KEY\",\n ]);\n\n try {\n const provider = await resolveProviderFromConfig(cwd);\n requiredSecrets.add(getRequiredSecretForProvider(provider));\n } catch {\n // Ignore provider resolution errors here; deploy preflight handles strict checks.\n }\n\n const identityRequirements = resolveIdentityAuthRequirements(identity.identityConfig);\n for (const requirement of identityRequirements) {\n requiredSecrets.add(requirement.envKey);\n }\n\n const wranglerConfig = createRuntimeConfig(\n workerName,\n mode,\n [...requiredSecrets].sort((a, b) => a.localeCompare(b)),\n );\n await writeFile(\n wranglerConfigPath,\n `${JSON.stringify(wranglerConfig, null, 2)}\\n`,\n \"utf-8\",\n );\n\n return {\n runtimeDir,\n studioDir,\n workerEntrypointPath,\n wranglerConfigPath,\n workerName,\n };\n}\n","import { access, readFile } from \"node:fs/promises\";\nimport { constants } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { createJiti } from \"jiti\";\n\nexport type AIProvider = \"openai\" | \"anthropic\" | \"openrouter\" | \"custom\";\n\nconst PROVIDER_SECRET_MAP: Record<AIProvider, string> = {\n openai: \"OPENAI_API_KEY\",\n anthropic: \"ANTHROPIC_API_KEY\",\n openrouter: \"OPENROUTER_API_KEY\",\n custom: \"CUSTOM_AI_API_KEY\",\n};\n\nfunction parseEnv(content: string): Record<string, string> {\n const env: Record<string, string> = {};\n for (const raw of content.split(/\\r?\\n/g)) {\n const line = raw.trim();\n if (!line || line.startsWith(\"#\")) continue;\n const idx = line.indexOf(\"=\");\n if (idx <= 0) continue;\n env[line.slice(0, idx).trim()] = line.slice(idx + 1);\n }\n return env;\n}\n\nexport async function resolveProviderFromConfig(cwd: string): Promise<AIProvider> {\n const configPath = join(cwd, \"kalp.config.ts\");\n await access(configPath, constants.F_OK);\n const jiti = createJiti(cwd, { interopDefault: true });\n const config = (await jiti.import(configPath)) as\n | { default?: { ai?: { provider?: AIProvider } }; ai?: { provider?: AIProvider } }\n | undefined;\n const provider = config?.default?.ai?.provider ?? config?.ai?.provider ?? \"openai\";\n return provider;\n}\n\nexport async function readDotEnv(cwd: string): Promise<Record<string, string>> {\n const envPath = join(cwd, \".env\");\n const content = await readFile(envPath, \"utf-8\").catch(() => \"\");\n return parseEnv(content);\n}\n\nexport function getRequiredSecretForProvider(provider: AIProvider): string {\n return PROVIDER_SECRET_MAP[provider];\n}\n","import { build } from \"esbuild\";\nimport { writeFile } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport {\n loadProjectConfig,\n resolveRuntimeIdentityConfig,\n type RuntimeIdentityConfig,\n} from \"@/utils/project-config\";\n\nexport interface MaterializeRuntimeIdentityResult {\n identityConfig: RuntimeIdentityConfig;\n identityConfigPath: string;\n identityMapPath: string;\n}\n\nconst DEFAULT_IDENTITY_MAP_SOURCE = `export default function mapIdentity(payload) {\n const sub =\n payload && typeof payload === \"object\" && typeof payload.sub === \"string\"\n ? payload.sub\n : \"anonymous\";\n return { userId: sub, claims: {} };\n}\n`;\n\nfunction readIdentityMapCandidate(rawConfig: Record<string, unknown>): unknown {\n if (!rawConfig.identity || typeof rawConfig.identity !== \"object\") return null;\n return (rawConfig.identity as Record<string, unknown>).mapIdentity;\n}\n\nfunction assertEdgeSafeSource(mapIdentitySource: string): void {\n const blockedPatterns: Array<{ regex: RegExp; label: string }> = [\n { regex: /\\brequire\\s*\\(/, label: \"require(...)\" },\n { regex: /\\bnode:/, label: \"node:* imports\" },\n { regex: /\\bprocess\\./, label: \"process.*\" },\n { regex: /\\bBuffer\\b/, label: \"Buffer\" },\n { regex: /\\bimport\\s*\\(/, label: \"dynamic import(...)\" },\n ];\n\n const hit = blockedPatterns.find((item) => item.regex.test(mapIdentitySource));\n if (!hit) return;\n\n throw new Error(\n `mapIdentity uses \"${hit.label}\", which is not supported in edge runtime.`,\n );\n}\n\nasync function writeDefaultIdentityMap(identityMapPath: string): Promise<void> {\n await writeFile(identityMapPath, DEFAULT_IDENTITY_MAP_SOURCE, \"utf-8\");\n}\n\nasync function bundleIdentityMap(params: {\n cwd: string;\n mapIdentitySource: string;\n identityMapPath: string;\n}): Promise<void> {\n const { cwd, mapIdentitySource, identityMapPath } = params;\n assertEdgeSafeSource(mapIdentitySource);\n\n const entrySource = `\nconst mapIdentity = (${mapIdentitySource});\nif (typeof mapIdentity !== \"function\") {\n throw new Error(\"identity.mapIdentity must be a function.\");\n}\nexport default mapIdentity;\n`;\n\n try {\n await build({\n absWorkingDir: cwd,\n bundle: true,\n format: \"esm\",\n platform: \"browser\",\n target: [\"es2022\"],\n write: true,\n outfile: identityMapPath,\n logLevel: \"silent\",\n stdin: {\n contents: entrySource,\n resolveDir: cwd,\n sourcefile: \"kalp-identity-map-entry.mjs\",\n loader: \"js\",\n },\n });\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error);\n throw new Error(\n [\n \"Could not bundle identity.mapIdentity for runtime.\",\n \"Please verify:\",\n \" • kalp.config.ts exists and exports default defineConfig(...)\",\n \" • mapIdentity is declared inline and does not capture external variables\",\n \" • mapIdentity does not use Node-specific APIs\",\n \" • kalp.config.ts has no broken imports\",\n `Technical details: ${message}`,\n ].join(\"\\n\"),\n );\n }\n}\n\nexport async function materializeRuntimeIdentity(params: {\n cwd: string;\n runtimeDir: string;\n}): Promise<MaterializeRuntimeIdentityResult> {\n const { cwd, runtimeDir } = params;\n const identityConfigPath = join(runtimeDir, \"identity.config.json\");\n const identityMapPath = join(runtimeDir, \"identity.map.mjs\");\n\n let rawConfig: Record<string, unknown> = {};\n try {\n const loaded = await loadProjectConfig(cwd);\n rawConfig = loaded.raw;\n } catch {\n rawConfig = {};\n }\n\n const identityConfig = resolveRuntimeIdentityConfig(rawConfig);\n await writeFile(\n identityConfigPath,\n `${JSON.stringify(identityConfig, null, 2)}\\n`,\n \"utf-8\",\n );\n\n const mapIdentity = readIdentityMapCandidate(rawConfig);\n if (typeof mapIdentity === \"function\") {\n const mapIdentitySource = mapIdentity.toString();\n if (!mapIdentitySource || /\\[native code\\]/.test(mapIdentitySource)) {\n throw new Error(\n \"Could not serialize identity.mapIdentity. Define it inline in kalp.config.ts as a regular function.\",\n );\n }\n await bundleIdentityMap({\n cwd,\n mapIdentitySource,\n identityMapPath,\n });\n } else {\n await writeDefaultIdentityMap(identityMapPath);\n }\n\n return { identityConfig, identityConfigPath, identityMapPath };\n}\n"],"mappings":";;;;;;;;AAAA,SAAS,OAAO,UAAU,iBAAiB;AAC3C,SAAS,YAAY;AAqBrB,IAAM,WAAW;AACjB,IAAM,aAAa;AAEnB,SAAS,sBAAsB,KAAmC;AAChE,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,QAAQ;AACd,QAAM,YACJ,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,SAAS,IAC5D,MAAM,YACN;AACN,QAAM,aACJ,OAAO,MAAM,eAAe,YAAY,MAAM,WAAW,SAAS,IAC9D,MAAM,aACN;AACN,QAAM,YACJ,OAAO,MAAM,cAAc,YAAY,MAAM,UAAU,SAAS,IAC5D,MAAM,YACN;AACN,QAAM,+BACJ,OAAO,MAAM,iCAAiC,YAC9C,MAAM,6BAA6B,SAAS,IACxC,MAAM,+BACN;AACN,QAAM,wBACJ,OAAO,MAAM,0BAA0B,YACvC,MAAM,sBAAsB,SAAS,IACjC,MAAM,wBACN;AAEN,QAAM,SAA4C,CAAC;AACnD,QAAM,YACJ,MAAM,UAAU,OAAO,MAAM,WAAW,WACnC,MAAM,SACP,CAAC;AAEP,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,SAAS,GAAG;AACrD,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU;AACzC,UAAM,OAAO;AACb,QAAI,OAAO,KAAK,cAAc,YAAY,KAAK,UAAU,WAAW,GAAG;AACrE;AAAA,IACF;AAEA,UAAM,iBACJ,OAAO,KAAK,mBAAmB,YAAY,OAAO,SAAS,KAAK,cAAc,IAC1E,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,cAAc,CAAC,IAC3C;AAEN,WAAO,IAAI,IAAI;AAAA,MACb,aAAa,OAAO,KAAK,gBAAgB,WAAW,KAAK,cAAc;AAAA,MACvE;AAAA,MACA,eAAe,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;AAAA,MAC7E,gBACE,OAAO,KAAK,mBAAmB,WAAW,KAAK,iBAAiB;AAAA,MAClE,cAAc,OAAO,KAAK,iBAAiB,WAAW,KAAK,eAAe;AAAA,MAC1E,WAAW,KAAK;AAAA,MAChB,WAAW,OAAO,KAAK,cAAc,WAAW,KAAK,YAAY;AAAA,IACnE;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,iBAAiB,KAA2C;AAChF,MAAI;AACF,UAAM,YAAY,KAAK,KAAK,UAAU,UAAU;AAChD,UAAM,UAAU,MAAM,SAAS,WAAW,OAAO;AACjD,WAAO,sBAAsB,KAAK,MAAM,OAAO,CAAC;AAAA,EAClD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBACpB,KACA,OACe;AACf,QAAM,MAAM,KAAK,KAAK,QAAQ;AAC9B,QAAM,MAAM,KAAK,EAAE,WAAW,KAAK,CAAC;AACpC,QAAM,UAAU,KAAK,KAAK,UAAU,GAAG,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,CAAC;AAAA,GAAM,OAAO;AACvF;;;AC5GA,SAAS,kBAAkB;AAC3B;AAAA,EACE,UAAAA;AAAA,EACA;AAAA,EACA,SAAAC;AAAA,EACA;AAAA,EACA,YAAAC;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAAC;AAAA,OACK;AACP,SAAS,UAAU,SAAS,QAAAC,OAAM,eAAe;AACjD,SAAS,qBAAqB;AAC9B,SAAS,2BAA2B;;;ACbpC,SAAS,QAAQ,YAAAC,iBAAgB;AACjC,SAAS,iBAAiB;AAC1B,SAAS,QAAAC,aAAY;AACrB,SAAS,kBAAkB;AAI3B,IAAM,sBAAkD;AAAA,EACtD,QAAQ;AAAA,EACR,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,QAAQ;AACV;AAEA,SAAS,SAAS,SAAyC;AACzD,QAAM,MAA8B,CAAC;AACrC,aAAW,OAAO,QAAQ,MAAM,QAAQ,GAAG;AACzC,UAAM,OAAO,IAAI,KAAK;AACtB,QAAI,CAAC,QAAQ,KAAK,WAAW,GAAG,EAAG;AACnC,UAAM,MAAM,KAAK,QAAQ,GAAG;AAC5B,QAAI,OAAO,EAAG;AACd,QAAI,KAAK,MAAM,GAAG,GAAG,EAAE,KAAK,CAAC,IAAI,KAAK,MAAM,MAAM,CAAC;AAAA,EACrD;AACA,SAAO;AACT;AAEA,eAAsB,0BAA0B,KAAkC;AAChF,QAAM,aAAaA,MAAK,KAAK,gBAAgB;AAC7C,QAAM,OAAO,YAAY,UAAU,IAAI;AACvC,QAAM,OAAO,WAAW,KAAK,EAAE,gBAAgB,KAAK,CAAC;AACrD,QAAM,SAAU,MAAM,KAAK,OAAO,UAAU;AAG5C,QAAM,WAAW,QAAQ,SAAS,IAAI,YAAY,QAAQ,IAAI,YAAY;AAC1E,SAAO;AACT;AAEA,eAAsB,WAAW,KAA8C;AAC7E,QAAM,UAAUA,MAAK,KAAK,MAAM;AAChC,QAAM,UAAU,MAAMD,UAAS,SAAS,OAAO,EAAE,MAAM,MAAM,EAAE;AAC/D,SAAO,SAAS,OAAO;AACzB;AAEO,SAAS,6BAA6B,UAA8B;AACzE,SAAO,oBAAoB,QAAQ;AACrC;;;AC7CA,SAAS,aAAa;AACtB,SAAS,aAAAE,kBAAiB;AAC1B,SAAS,QAAAC,aAAY;AAarB,IAAM,8BAA8B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AASpC,SAAS,yBAAyB,WAA6C;AAC7E,MAAI,CAAC,UAAU,YAAY,OAAO,UAAU,aAAa,SAAU,QAAO;AAC1E,SAAQ,UAAU,SAAqC;AACzD;AAEA,SAAS,qBAAqB,mBAAiC;AAC7D,QAAM,kBAA2D;AAAA,IAC/D,EAAE,OAAO,kBAAkB,OAAO,eAAe;AAAA,IACjD,EAAE,OAAO,WAAW,OAAO,iBAAiB;AAAA,IAC5C,EAAE,OAAO,eAAe,OAAO,YAAY;AAAA,IAC3C,EAAE,OAAO,cAAc,OAAO,SAAS;AAAA,IACvC,EAAE,OAAO,iBAAiB,OAAO,sBAAsB;AAAA,EACzD;AAEA,QAAM,MAAM,gBAAgB,KAAK,CAAC,SAAS,KAAK,MAAM,KAAK,iBAAiB,CAAC;AAC7E,MAAI,CAAC,IAAK;AAEV,QAAM,IAAI;AAAA,IACR,qBAAqB,IAAI,KAAK;AAAA,EAChC;AACF;AAEA,eAAe,wBAAwB,iBAAwC;AAC7E,QAAMC,WAAU,iBAAiB,6BAA6B,OAAO;AACvE;AAEA,eAAe,kBAAkB,QAIf;AAChB,QAAM,EAAE,KAAK,mBAAmB,gBAAgB,IAAI;AACpD,uBAAqB,iBAAiB;AAEtC,QAAM,cAAc;AAAA,uBACC,iBAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAOtC,MAAI;AACF,UAAM,MAAM;AAAA,MACV,eAAe;AAAA,MACf,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,QAAQ,CAAC,QAAQ;AAAA,MACjB,OAAO;AAAA,MACP,SAAS;AAAA,MACT,UAAU;AAAA,MACV,OAAO;AAAA,QACL,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,QAAQ;AAAA,MACV;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,UAAM,IAAI;AAAA,MACR;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,sBAAsB,OAAO;AAAA,MAC/B,EAAE,KAAK,IAAI;AAAA,IACb;AAAA,EACF;AACF;AAEA,eAAsB,2BAA2B,QAGH;AAC5C,QAAM,EAAE,KAAK,WAAW,IAAI;AAC5B,QAAM,qBAAqBC,MAAK,YAAY,sBAAsB;AAClE,QAAM,kBAAkBA,MAAK,YAAY,kBAAkB;AAE3D,MAAI,YAAqC,CAAC;AAC1C,MAAI;AACF,UAAM,SAAS,MAAM,kBAAkB,GAAG;AAC1C,gBAAY,OAAO;AAAA,EACrB,QAAQ;AACN,gBAAY,CAAC;AAAA,EACf;AAEA,QAAM,iBAAiB,6BAA6B,SAAS;AAC7D,QAAMD;AAAA,IACJ;AAAA,IACA,GAAG,KAAK,UAAU,gBAAgB,MAAM,CAAC,CAAC;AAAA;AAAA,IAC1C;AAAA,EACF;AAEA,QAAM,cAAc,yBAAyB,SAAS;AACtD,MAAI,OAAO,gBAAgB,YAAY;AACrC,UAAM,oBAAoB,YAAY,SAAS;AAC/C,QAAI,CAAC,qBAAqB,kBAAkB,KAAK,iBAAiB,GAAG;AACnE,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,kBAAkB;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,OAAO;AACL,UAAM,wBAAwB,eAAe;AAAA,EAC/C;AAEA,SAAO,EAAE,gBAAgB,oBAAoB,gBAAgB;AAC/D;;;AFvHA,IAAM,eAAe;AACrB,IAAM,cAAc;AACpB,IAAM,aAAa;AACnB,IAAM,uBAAuB;AAC7B,IAAM,oBAAoB;AAC1B,IAAM,qBAAqB;AAmE3B,SAAS,gBAAgB,OAAuB;AAC9C,SAAO,MACJ,YAAY,EACZ,QAAQ,MAAM,EAAE,EAChB,QAAQ,OAAO,GAAG,EAClB,QAAQ,eAAe,GAAG,EAC1B,QAAQ,OAAO,GAAG,EAClB,QAAQ,YAAY,EAAE;AAC3B;AAEA,eAAe,mBAAmB,KAA8B;AAC9D,QAAM,WAAW,gBAAgB,SAAS,GAAG,CAAC,KAAK;AACnD,QAAM,kBAAkBE,MAAK,KAAK,cAAc;AAEhD,MAAI;AACF,UAAM,UAAU,MAAMC,UAAS,iBAAiB,OAAO;AACvD,UAAM,MAAM,KAAK,MAAM,OAAO;AAC9B,UAAM,OAAO,OAAO,IAAI,SAAS,WAAW,IAAI,OAAO;AACvD,UAAM,YAAY,gBAAgB,IAAI;AACtC,WAAO,aAAa;AAAA,EACtB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,gBAAgB,MAAc,KAAqB;AAC1D,QAAM,UAAU,WAAW,MAAM,EAAE,OAAO,GAAG,EAAE,OAAO,KAAK,EAAE,MAAM,GAAG,CAAC;AACvE,QAAM,aAAa,QAAQ,IAAI,IAAI,OAAO;AAC1C,QAAM,SAAS;AACf,MAAI,WAAW,UAAU,QAAQ;AAC/B,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,WAAW,MAAM,GAAG,MAAM,EAAE,QAAQ,QAAQ,EAAE;AAC9D,SAAO,WAAW,QAAQ,OAAO;AACnC;AAEA,SAAS,oBACP,YACA,MACA,iBACgB;AAChB,SAAO;AAAA,IACL,SAAS;AAAA,IACT,MAAM;AAAA,IACN,MAAM,KAAK,iBAAiB;AAAA,IAC5B,oBAAoB;AAAA,IACpB,qBAAqB,CAAC,eAAe;AAAA,IACrC,YAAY;AAAA,MACV;AAAA,QACE,KAAK;AAAA,QACL,oBAAoB,CAAC,oBAAoB;AAAA,MAC3C;AAAA,IACF;AAAA,IACA,iBAAiB;AAAA,MACf,UAAU;AAAA,QACR;AAAA,UACE,MAAM;AAAA,UACN,YAAY;AAAA,QACd;AAAA,MACF;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb;AAAA,QACE,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,WAAW,KAAK,UAAU;AAAA,MAC1B,SAAS;AAAA,MACT,kBAAkB;AAAA,IACpB;AAAA,IACA,eAAe,EAAE,SAAS,KAAK;AAAA,IAC/B,oBAAoB;AAAA,IACpB,MAAM;AAAA,MACJ,UAAU;AAAA,IACZ;AAAA,IACA,SAAS;AAAA,MACP,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,SAAS,4BAGN;AACD,QAAM,OAAO,QAAQ,cAAc,YAAY,GAAG,CAAC;AACnD,QAAM,mBAAmB,QAAQ,MAAM,kBAAkB;AACzD,QAAM,sBAAsB,QAAQ,MAAM,MAAM,kBAAkB;AAClE,QAAM,qBAAqB,QAAQ,MAAM,MAAM,MAAM,kBAAkB;AACvE,QAAM,qBAAqB;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,MACE,mBAAmBD,MAAK,kBAAkB,UAAU;AAAA,MACpD,iBAAiBA,MAAK,kBAAkB,iBAAiB;AAAA,IAC3D;AAAA,IACA;AAAA,MACE,mBAAmBA,MAAK,qBAAqB,UAAU;AAAA,MACvD,iBAAiBA,MAAK,qBAAqB,iBAAiB;AAAA,IAC9D;AAAA,IACA;AAAA,MACE,mBAAmBA,MAAK,oBAAoB,UAAU;AAAA,MACtD,iBAAiBA,MAAK,oBAAoB,iBAAiB;AAAA,IAC7D;AAAA,IACA;AAAA,MACE,mBAAmB;AAAA,MACnB,iBAAiBA,MAAK,oBAAoB,iBAAiB;AAAA,IAC7D;AAAA,EACF;AACF;AAEA,eAAe,yBAAwD;AACrE,aAAW,aAAa,0BAA0B,GAAG;AACnD,QAAI;AACF,YAAME,QAAO,UAAU,iBAAiB;AACxC,YAAMA,QAAO,UAAU,eAAe;AACtC,aAAO;AAAA,IACT,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,QAAM,IAAI;AAAA,IACR;AAAA,EACF;AACF;AAEA,SAAS,kBAAkB,aAAqB,UAA4B;AAC1E,QAAM,WAAW,SACd,IAAI,CAAC,SAAS,mDAAmD,IAAI,MAAM,EAC3E,KAAK,IAAI;AAEZ,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMP,QAAQ;AAAA;AAAA;AAAA;AAAA,gDAIsC,WAAW;AAAA;AAAA;AAAA;AAI3D;AAEA,eAAe,kBAAkB,WAAkC;AACjE,QAAM,YAAYF,MAAK,WAAW,YAAY;AAC9C,MAAI;AACF,UAAME,QAAO,SAAS;AACtB;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,QAAM,YAAYF,MAAK,WAAW,QAAQ;AAC1C,QAAM,aAAa,MAAM,QAAQ,SAAS;AAC1C,QAAM,cACJ,WAAW,KAAK,CAAC,SAAS,kBAAkB,KAAK,IAAI,CAAC,KACtD,WAAW,KAAK,CAAC,SAAS,KAAK,SAAS,KAAK,CAAC;AAEhD,MAAI,CAAC,aAAa;AAChB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,WAAW,WAAW,OAAO,CAAC,SAAS,KAAK,SAAS,MAAM,CAAC,EAAE,KAAK;AACzE,QAAM,OAAO,kBAAkB,aAAa,QAAQ;AACpD,QAAMG,WAAU,WAAW,MAAM,OAAO;AAC1C;AAEA,eAAsB,oBAAoB,KAAgC;AACxE,QAAM,YAAYH,MAAK,KAAK,QAAQ;AACpC,MAAI;AACF,UAAM,UAAU,MAAM,QAAQ,WAAW,EAAE,eAAe,KAAK,CAAC;AAChE,UAAM,QAAkB,CAAC;AACzB,eAAW,SAAS,SAAS;AAC3B,UAAI,CAAC,MAAM,YAAY,EAAG;AAC1B,YAAM,YAAYA,MAAK,WAAW,MAAM,MAAM,UAAU;AACxD,YAAM,SAAS,MAAM,KAAK,SAAS,EAChC,KAAK,MAAM,IAAI,EACf,MAAM,MAAM,KAAK;AACpB,UAAI,OAAQ,OAAM,KAAK,MAAM,IAAI;AAAA,IACnC;AACA,WAAO,MAAM,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,eAAe,qBACb,KACA,MACgC;AAChC,QAAM,kBAAkB,MAAM,oBAAoB,GAAG;AACrD,QAAM,QAAQ,MAAM,iBAAiB,GAAG;AAExC,QAAM,SAAS,oBAAI,IAAgC;AACnD,QAAM,cAAc,OAAO,UAAU,CAAC;AAEtC,aAAW,QAAQ,iBAAiB;AAClC,UAAM,YAAYA,MAAK,KAAK,UAAU,MAAM,UAAU;AACtD,UAAM,QAAQ,YAAY,IAAI;AAC9B,UAAM,mBAAmB,CAAC,CAAC,OAAO,mBAAmB,OAAO,kBAAkB,KAAK;AAEnF,QAAI,SAAS,YAAY,CAAC,kBAAkB;AAC1C;AAAA,IACF;AAEA,UAAM,oBACJ,OAAO,cACN,OAAO,YAAY,GAAG,MAAM,UAAU,QAAQ,OAAO,EAAE,CAAC,MAAM,IAAI,KAAK;AAC1E,UAAM,gBACJ,OAAO,OAAO,mBAAmB,YAAY,MAAM,iBAAiB,IAChE,MAAM,iBACN;AAEN,WAAO,IAAI,MAAM;AAAA,MACf;AAAA,MACA,OAAO,oBAAoB,IAAI;AAAA,MAC/B,MAAM,CAAC;AAAA,MACP,aACE,SAAS,WACL,WACA,mBACE,SACA;AAAA,MACR,QAAQ,oBAAoB,WAAW;AAAA,MACvC,MAAM,OAAO,eAAe;AAAA,MAC5B,SAAS,gBAAgB,IAAI,aAAa,KAAK;AAAA,MAC/C;AAAA,MACA,gBAAgB,OAAO,kBAAkB;AAAA,MACzC,eAAe,OAAO,iBAAiB;AAAA,MACvC,WAAW;AAAA,MACX;AAAA,MACA,WAAW,OAAO,gBAAgB,OAAO,cAAc;AAAA,IACzD,CAAC;AAAA,EACH;AAEA,MAAI,SAAS,UAAU;AACrB,eAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,WAAW,GAAG;AACvD,YAAM,mBACJ,CAAC,CAAC,MAAM,mBAAmB,MAAM,kBAAkB,KAAK;AAC1D,UAAI,CAAC,oBAAoB,OAAO,IAAI,IAAI,EAAG;AAE3C,YAAM,YAAY,MAAM,aAAaA,MAAK,KAAK,UAAU,MAAM,UAAU;AACzE,YAAM,YACJ,MAAM,cACL,OAAO,YAAY,GAAG,MAAM,UAAU,QAAQ,OAAO,EAAE,CAAC,MAAM,IAAI,KAAK;AAC1E,YAAM,gBAAgB,MAAM,iBAAiB,IAAI,MAAM,iBAAiB;AAExE,aAAO,IAAI,MAAM;AAAA,QACf;AAAA,QACA,OAAO,oBAAoB,IAAI;AAAA,QAC/B,MAAM,CAAC;AAAA,QACP,aAAa;AAAA,QACb,QAAQ,YAAY,WAAW;AAAA,QAC/B,MAAM,MAAM,eAAe;AAAA,QAC3B,SAAS,gBAAgB,IAAI,aAAa,KAAK;AAAA,QAC/C;AAAA,QACA,gBAAgB,MAAM,kBAAkB;AAAA,QACxC,eAAe,MAAM,iBAAiB;AAAA,QACtC;AAAA,QACA;AAAA,QACA,WAAW,MAAM,gBAAgB,OAAO,cAAc;AAAA,MACxD,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AAAA,IACL,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,aAAa;AAAA,IACb,WAAW,OAAO,aAAa;AAAA,IAC/B;AAAA,IACA,QAAQ,MAAM,KAAK,OAAO,OAAO,CAAC,EAAE,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,EACjF;AACF;AAEA,eAAsB,2BAA2B,QAI/B;AAChB,QAAM,WAAW,MAAM,qBAAqB,OAAO,KAAK,OAAO,IAAI;AACnE,QAAMG;AAAA,IACJH,MAAK,OAAO,YAAY,sBAAsB;AAAA,IAC9C,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA;AAAA,IACpC;AAAA,EACF;AACF;AAEA,eAAsB,mBACpB,KACA,UAAqC,CAAC,GACf;AACvB,QAAM,OAAO,QAAQ,QAAQ;AAC7B,QAAM,aAAaA,MAAK,KAAK,cAAc,WAAW;AACtD,QAAM,YAAYA,MAAK,YAAY,UAAU;AAC7C,QAAM,uBAAuBA,MAAK,YAAY,iBAAiB;AAC/D,QAAM,qBAAqBA,MAAK,YAAY,oBAAoB;AAEhE,QAAM,WAAW,MAAM,uBAAuB;AAC9C,QAAM,GAAG,YAAY,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AACrD,QAAMI,OAAM,YAAY,EAAE,WAAW,KAAK,CAAC;AAE3C,QAAM,GAAG,SAAS,mBAAmB,WAAW,EAAE,WAAW,KAAK,CAAC;AACnE,QAAM,GAAG,SAAS,iBAAiB,oBAAoB;AACvD,QAAM,kBAAkB,SAAS;AACjC,QAAM,2BAA2B,EAAE,KAAK,YAAY,KAAK,CAAC;AAC1D,QAAM,WAAW,MAAM,2BAA2B,EAAE,KAAK,WAAW,CAAC;AAErE,QAAM,cAAc,MAAM,mBAAmB,GAAG;AAChD,QAAM,aAAa,gBAAgB,aAAa,GAAG;AACnD,QAAM,kBAAkB,oBAAI,IAAY;AAAA,IACtC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI;AACF,UAAM,WAAW,MAAM,0BAA0B,GAAG;AACpD,oBAAgB,IAAI,6BAA6B,QAAQ,CAAC;AAAA,EAC5D,QAAQ;AAAA,EAER;AAEA,QAAM,uBAAuB,gCAAgC,SAAS,cAAc;AACpF,aAAW,eAAe,sBAAsB;AAC9C,oBAAgB,IAAI,YAAY,MAAM;AAAA,EACxC;AAEA,QAAM,iBAAiB;AAAA,IACrB;AAAA,IACA;AAAA,IACA,CAAC,GAAG,eAAe,EAAE,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AAAA,EACxD;AACA,QAAMD;AAAA,IACJ;AAAA,IACA,GAAG,KAAK,UAAU,gBAAgB,MAAM,CAAC,CAAC;AAAA;AAAA,IAC1C;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["access","mkdir","readFile","writeFile","join","readFile","join","writeFile","join","writeFile","join","join","readFile","access","writeFile","mkdir"]}
|
|
@@ -5,6 +5,14 @@ import { readFile, writeFile } from "fs/promises";
|
|
|
5
5
|
import { join } from "path";
|
|
6
6
|
var SECRETS_ARRAY_REGEX = /secrets:\s*\[([\s\S]*?)\]/m;
|
|
7
7
|
var SECRET_LITERAL_REGEX = /["'`]([^"'`]+)["'`]/g;
|
|
8
|
+
var INTERNAL_PREFIX = "KALP_";
|
|
9
|
+
function isInternalSecret(name) {
|
|
10
|
+
return name.trim().toUpperCase().startsWith(INTERNAL_PREFIX);
|
|
11
|
+
}
|
|
12
|
+
function filterInternalSecrets(secrets, includeInternal = false) {
|
|
13
|
+
if (includeInternal) return [...secrets];
|
|
14
|
+
return secrets.filter((name) => !isInternalSecret(name));
|
|
15
|
+
}
|
|
8
16
|
async function readLocalSecretsFromConfig(cwd) {
|
|
9
17
|
const configPath = join(cwd, "kalp.config.ts");
|
|
10
18
|
const content = await readFile(configPath, "utf-8").catch(() => {
|
|
@@ -40,8 +48,9 @@ function mergeSecrets(base, incoming) {
|
|
|
40
48
|
}
|
|
41
49
|
|
|
42
50
|
export {
|
|
51
|
+
filterInternalSecrets,
|
|
43
52
|
readLocalSecretsFromConfig,
|
|
44
53
|
writeLocalSecretsToConfig,
|
|
45
54
|
mergeSecrets
|
|
46
55
|
};
|
|
47
|
-
//# sourceMappingURL=chunk-
|
|
56
|
+
//# sourceMappingURL=chunk-YE2SFYAJ.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/utils/secrets-config.ts"],"sourcesContent":["import { readFile, writeFile } from \"node:fs/promises\";\nimport { join } from \"node:path\";\n\nconst SECRETS_ARRAY_REGEX = /secrets:\\s*\\[([\\s\\S]*?)\\]/m;\nconst SECRET_LITERAL_REGEX = /[\"'`]([^\"'`]+)[\"'`]/g;\nconst INTERNAL_PREFIX = \"KALP_\";\n\nexport function isInternalSecret(name: string): boolean {\n return name.trim().toUpperCase().startsWith(INTERNAL_PREFIX);\n}\n\nexport function filterInternalSecrets(\n secrets: string[],\n includeInternal = false,\n): string[] {\n if (includeInternal) return [...secrets];\n return secrets.filter((name) => !isInternalSecret(name));\n}\n\nexport async function readLocalSecretsFromConfig(cwd: string): Promise<string[]> {\n const configPath = join(cwd, \"kalp.config.ts\");\n const content = await readFile(configPath, \"utf-8\").catch(() => {\n throw new Error(\"kalp.config.ts not found. Run create-kalp first.\");\n });\n\n const match = content.match(SECRETS_ARRAY_REGEX);\n if (!match) return [];\n const body = match[1] ?? \"\";\n const values: string[] = [];\n let item: RegExpExecArray | null;\n while ((item = SECRET_LITERAL_REGEX.exec(body)) !== null) {\n if (item[1]) values.push(item[1]);\n }\n return [...new Set(values)].sort((a, b) => a.localeCompare(b));\n}\n\nexport async function writeLocalSecretsToConfig(\n cwd: string,\n secrets: string[],\n): Promise<void> {\n const configPath = join(cwd, \"kalp.config.ts\");\n const content = await readFile(configPath, \"utf-8\").catch(() => {\n throw new Error(\"kalp.config.ts not found. Run create-kalp first.\");\n });\n\n if (!SECRETS_ARRAY_REGEX.test(content)) {\n throw new Error(\n \"Could not find `secrets: []` in kalp.config.ts. Add a secrets array first.\",\n );\n }\n\n const sorted = [...new Set(secrets)]\n .map((value) => value.trim())\n .filter(Boolean)\n .sort((a, b) => a.localeCompare(b));\n\n const serialized =\n sorted.length > 0 ? sorted.map((secret) => `\"${secret}\"`).join(\", \") : \"\";\n const next = content.replace(SECRETS_ARRAY_REGEX, `secrets: [${serialized}]`);\n await writeFile(configPath, next, \"utf-8\");\n}\n\nexport function mergeSecrets(\n base: string[],\n incoming: string[],\n): string[] {\n return [...new Set([...base, ...incoming].map((value) => value.trim()).filter(Boolean))]\n .sort((a, b) => a.localeCompare(b));\n}\n"],"mappings":";;;AAAA,SAAS,UAAU,iBAAiB;AACpC,SAAS,YAAY;AAErB,IAAM,sBAAsB;AAC5B,IAAM,uBAAuB;AAC7B,IAAM,kBAAkB;AAEjB,SAAS,iBAAiB,MAAuB;AACtD,SAAO,KAAK,KAAK,EAAE,YAAY,EAAE,WAAW,eAAe;AAC7D;AAEO,SAAS,sBACd,SACA,kBAAkB,OACR;AACV,MAAI,gBAAiB,QAAO,CAAC,GAAG,OAAO;AACvC,SAAO,QAAQ,OAAO,CAAC,SAAS,CAAC,iBAAiB,IAAI,CAAC;AACzD;AAEA,eAAsB,2BAA2B,KAAgC;AAC/E,QAAM,aAAa,KAAK,KAAK,gBAAgB;AAC7C,QAAM,UAAU,MAAM,SAAS,YAAY,OAAO,EAAE,MAAM,MAAM;AAC9D,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACpE,CAAC;AAED,QAAM,QAAQ,QAAQ,MAAM,mBAAmB;AAC/C,MAAI,CAAC,MAAO,QAAO,CAAC;AACpB,QAAM,OAAO,MAAM,CAAC,KAAK;AACzB,QAAM,SAAmB,CAAC;AAC1B,MAAI;AACJ,UAAQ,OAAO,qBAAqB,KAAK,IAAI,OAAO,MAAM;AACxD,QAAI,KAAK,CAAC,EAAG,QAAO,KAAK,KAAK,CAAC,CAAC;AAAA,EAClC;AACA,SAAO,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC,EAAE,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AAC/D;AAEA,eAAsB,0BACpB,KACA,SACe;AACf,QAAM,aAAa,KAAK,KAAK,gBAAgB;AAC7C,QAAM,UAAU,MAAM,SAAS,YAAY,OAAO,EAAE,MAAM,MAAM;AAC9D,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACpE,CAAC;AAED,MAAI,CAAC,oBAAoB,KAAK,OAAO,GAAG;AACtC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAS,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,EAChC,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAC3B,OAAO,OAAO,EACd,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AAEpC,QAAM,aACJ,OAAO,SAAS,IAAI,OAAO,IAAI,CAAC,WAAW,IAAI,MAAM,GAAG,EAAE,KAAK,IAAI,IAAI;AACzE,QAAM,OAAO,QAAQ,QAAQ,qBAAqB,aAAa,UAAU,GAAG;AAC5E,QAAM,UAAU,YAAY,MAAM,OAAO;AAC3C;AAEO,SAAS,aACd,MACA,UACU;AACV,SAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,MAAM,GAAG,QAAQ,EAAE,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAAE,OAAO,OAAO,CAAC,CAAC,EACpF,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AACtC;","names":[]}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
var __create = Object.create;
|
|
3
|
+
var __defProp = Object.defineProperty;
|
|
4
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
7
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
|
+
var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
|
|
9
|
+
get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
|
|
10
|
+
}) : x)(function(x) {
|
|
11
|
+
if (typeof require !== "undefined") return require.apply(this, arguments);
|
|
12
|
+
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
13
|
+
});
|
|
14
|
+
var __commonJS = (cb, mod) => function __require2() {
|
|
15
|
+
return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
|
|
16
|
+
};
|
|
17
|
+
var __copyProps = (to, from, except, desc) => {
|
|
18
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
19
|
+
for (let key of __getOwnPropNames(from))
|
|
20
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
21
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
22
|
+
}
|
|
23
|
+
return to;
|
|
24
|
+
};
|
|
25
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
26
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
27
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
28
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
29
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
30
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
31
|
+
mod
|
|
32
|
+
));
|
|
33
|
+
|
|
34
|
+
export {
|
|
35
|
+
__require,
|
|
36
|
+
__commonJS,
|
|
37
|
+
__toESM
|
|
38
|
+
};
|
|
39
|
+
//# sourceMappingURL=chunk-ZWE3DS7E.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|