@kitsy/cnos 0.0.1 → 1.0.1

package/dist/index.d.cts

@@ -1,8 +1,12 @@
-import { CnosCreateOptions, CnosRuntime, CnosPlugin } from '@kitsy/cnos-core';
-export { CnosCreateOptions, CnosPlugin, CnosRuntime, ConfigEntry, DumpOptions, DumpPlan, DumpPlanOptions, DumpResult, InspectResult, LoaderPlugin, LogicalKey, ManifestFile, NormalizedManifest, ToEnvOptions, ToPublicEnvOptions, planDump, toEnv, toPublicEnv, writeDump } from '@kitsy/cnos-core';
+import { R as ResolvedGraph, D as DumpPlanOptions, a as DumpPlan, b as DumpOptions, c as DumpResult, C as CnosCreateOptions, d as CnosRuntime, e as CnosPlugin } from './plugin-BVNEHj19.cjs';
+export { f as ConfigEntry, I as InspectResult, L as LoaderPlugin, g as LogicalKey, M as ManifestFile, N as NormalizedManifest, T as ToEnvOptions, h as ToPublicEnvOptions } from './plugin-BVNEHj19.cjs';
+export { t as toEnv, a as toPublicEnv } from './toPublicEnv-Dd152fFy.cjs';
+
+declare function planDump(graph: ResolvedGraph, options?: DumpPlanOptions): DumpPlan;
+declare function writeDump(graph: ResolvedGraph, options: DumpOptions): Promise<DumpResult>;
 
 declare function createCnos(options?: CnosCreateOptions): Promise<CnosRuntime>;
 
 declare function defaultPlugins(): CnosPlugin[];
 
-export { createCnos, defaultPlugins };
+export { CnosCreateOptions, CnosPlugin, CnosRuntime, DumpOptions, DumpPlan, DumpPlanOptions, DumpResult, createCnos, defaultPlugins, planDump, writeDump };

package/dist/index.d.ts

@@ -1,8 +1,12 @@
-import { CnosCreateOptions, CnosRuntime, CnosPlugin } from '@kitsy/cnos-core';
-export { CnosCreateOptions, CnosPlugin, CnosRuntime, ConfigEntry, DumpOptions, DumpPlan, DumpPlanOptions, DumpResult, InspectResult, LoaderPlugin, LogicalKey, ManifestFile, NormalizedManifest, ToEnvOptions, ToPublicEnvOptions, planDump, toEnv, toPublicEnv, writeDump } from '@kitsy/cnos-core';
+import { R as ResolvedGraph, D as DumpPlanOptions, a as DumpPlan, b as DumpOptions, c as DumpResult, C as CnosCreateOptions, d as CnosRuntime, e as CnosPlugin } from './plugin-BVNEHj19.js';
+export { f as ConfigEntry, I as InspectResult, L as LoaderPlugin, g as LogicalKey, M as ManifestFile, N as NormalizedManifest, T as ToEnvOptions, h as ToPublicEnvOptions } from './plugin-BVNEHj19.js';
+export { t as toEnv, a as toPublicEnv } from './toPublicEnv-Gwz3xTK0.js';
+
+declare function planDump(graph: ResolvedGraph, options?: DumpPlanOptions): DumpPlan;
+declare function writeDump(graph: ResolvedGraph, options: DumpOptions): Promise<DumpResult>;
 
 declare function createCnos(options?: CnosCreateOptions): Promise<CnosRuntime>;
 
 declare function defaultPlugins(): CnosPlugin[];
 
-export { createCnos, defaultPlugins };
+export { CnosCreateOptions, CnosPlugin, CnosRuntime, DumpOptions, DumpPlan, DumpPlanOptions, DumpResult, createCnos, defaultPlugins, planDump, writeDump };

package/dist/index.js

@@ -1,22 +1,118 @@
-// src/createCnos.ts
 import {
-  createCnos as createCoreCnos
-} from "@kitsy/cnos-core";
-
-// src/defaultPlugins.ts
-import { createProvenanceInspector } from "@kitsy/cnos-core";
-import { createBasicSchemaPlugin } from "@kitsy/cnos-plugin-basic-schema";
-import { createCliArgsPlugin } from "@kitsy/cnos-plugin-cli-args";
-import { createDotenvPlugin } from "@kitsy/cnos-plugin-dotenv";
+  createBasicSchemaPlugin
+} from "./chunk-H65FPTDM.js";
+import {
+  createCliArgsPlugin
+} from "./chunk-GGYIRIGU.js";
+import {
+  createDotenvPlugin
+} from "./chunk-44JOQPSN.js";
 import {
   createEnvExportPlugin,
   createPublicEnvExportPlugin
-} from "@kitsy/cnos-plugin-env-export";
+} from "./chunk-ASZ7I3JJ.js";
 import {
   createFilesystemSecretsPlugin,
   createFilesystemValuesPlugin
-} from "@kitsy/cnos-plugin-filesystem";
-import { createProcessEnvPlugin } from "@kitsy/cnos-plugin-process-env";
+} from "./chunk-KG6OZX5C.js";
+import {
+  createProcessEnvPlugin
+} from "./chunk-CGTFH4QQ.js";
+import {
+  createCnos,
+  createProvenanceInspector,
+  planDump,
+  toEnv,
+  toPublicEnv,
+  writeDump
+} from "./chunk-K2T4R5WH.js";
+
+// package.json
+var package_default = {
+  name: "@kitsy/cnos",
+  version: "1.0.1",
+  description: "Batteries-included CNOS runtime package wired with the official plugins.",
+  type: "module",
+  main: "./dist/index.cjs",
+  module: "./dist/index.js",
+  types: "./dist/index.d.ts",
+  exports: {
+    ".": {
+      types: "./dist/index.d.ts",
+      import: "./dist/index.js",
+      require: "./dist/index.cjs"
+    },
+    "./internal": {
+      types: "./dist/internal.d.ts",
+      import: "./dist/internal.js",
+      require: "./dist/internal.cjs"
+    },
+    "./plugins/filesystem": {
+      types: "./dist/plugin/filesystem.d.ts",
+      import: "./dist/plugin/filesystem.js",
+      require: "./dist/plugin/filesystem.cjs"
+    },
+    "./plugins/dotenv": {
+      types: "./dist/plugin/dotenv.d.ts",
+      import: "./dist/plugin/dotenv.js",
+      require: "./dist/plugin/dotenv.cjs"
+    },
+    "./plugins/process-env": {
+      types: "./dist/plugin/process-env.d.ts",
+      import: "./dist/plugin/process-env.js",
+      require: "./dist/plugin/process-env.cjs"
+    },
+    "./plugins/cli-args": {
+      types: "./dist/plugin/cli-args.d.ts",
+      import: "./dist/plugin/cli-args.js",
+      require: "./dist/plugin/cli-args.cjs"
+    },
+    "./plugins/basic-schema": {
+      types: "./dist/plugin/basic-schema.d.ts",
+      import: "./dist/plugin/basic-schema.js",
+      require: "./dist/plugin/basic-schema.cjs"
+    },
+    "./plugins/env-export": {
+      types: "./dist/plugin/env-export.d.ts",
+      import: "./dist/plugin/env-export.js",
+      require: "./dist/plugin/env-export.cjs"
+    }
+  },
+  files: [
+    "dist"
+  ],
+  license: "MIT",
+  repository: {
+    type: "git",
+    url: "https://github.com/kitsyai/cnos.git",
+    directory: "packages/cnos"
+  },
+  homepage: "https://github.com/kitsyai/cnos/tree/main/packages/cnos",
+  bugs: {
+    url: "https://github.com/kitsyai/cnos/issues"
+  },
+  keywords: [
+    "cnos",
+    "config",
+    "runtime"
+  ],
+  publishConfig: {
+    access: "public"
+  },
+  dependencies: {
+    yaml: "^2.8.3"
+  },
+  scripts: {
+    build: "tsup --config tsup.config.ts",
+    clean: "rimraf dist",
+    dev: "tsup --config tsup.config.ts --watch",
+    lint: "eslint src test",
+    test: "vitest run",
+    typecheck: "tsc -p tsconfig.json --noEmit"
+  }
+};
+
+// src/defaultPlugins.ts
 function defaultPlugins() {
   return [
     createFilesystemValuesPlugin(),
@@ -32,22 +128,15 @@ function defaultPlugins() {
 }
 
 // src/createCnos.ts
-async function createCnos(options = {}) {
-  return createCoreCnos({
+async function createCnos2(options = {}) {
+  return createCnos({
     ...options,
+    cnosVersion: package_default.version,
     plugins: [...defaultPlugins(), ...options.plugins ?? []]
   });
 }
-
-// src/index.ts
-import {
-  planDump,
-  toEnv,
-  toPublicEnv,
-  writeDump
-} from "@kitsy/cnos-core";
 export {
-  createCnos,
+  createCnos2 as createCnos,
   defaultPlugins,
   planDump,
   toEnv,

package/dist/internal.cjs

@@ -0,0 +1,288 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/internal.ts
+var internal_exports = {};
+__export(internal_exports, {
+  flattenObject: () => flattenObject,
+  parseYaml: () => parseYaml,
+  resolveConfigDocumentPath: () => resolveConfigDocumentPath,
+  resolveSecretStoreRoot: () => resolveSecretStoreRoot,
+  stringifyYaml: () => stringifyYaml,
+  validateRuntime: () => validateRuntime,
+  writeLocalSecret: () => writeLocalSecret
+});
+module.exports = __toCommonJS(internal_exports);
+
+// ../core/src/manifest/loadManifest.ts
+var import_promises2 = require("fs/promises");
+var import_node_path2 = __toESM(require("path"), 1);
+
+// ../core/src/utils/path.ts
+var import_promises = require("fs/promises");
+var import_node_os = __toESM(require("os"), 1);
+var import_node_path = __toESM(require("path"), 1);
+function expandHomePath(targetPath) {
+  if (targetPath === "~") {
+    return import_node_os.default.homedir();
+  }
+  if (targetPath.startsWith("~/") || targetPath.startsWith("~\\")) {
+    return import_node_path.default.join(import_node_os.default.homedir(), targetPath.slice(2));
+  }
+  return targetPath;
+}
+function resolveNamespaceDirectory(workspaceRoot, namespace, profile) {
+  const rootFolder = namespace === "value" ? "values" : "secrets";
+  if (profile && profile !== "base") {
+    return import_node_path.default.resolve(workspaceRoot, "profiles", profile, rootFolder);
+  }
+  return import_node_path.default.resolve(workspaceRoot, rootFolder);
+}
+function resolveConfigDocumentPath(workspaceRoot, namespace, configPath, profile) {
+  const namespaceRoot = resolveNamespaceDirectory(workspaceRoot, namespace, profile);
+  const fileName = `${configPath.split(".").shift() ?? "app"}.yml`;
+  return import_node_path.default.resolve(namespaceRoot, fileName);
+}
+
+// ../core/src/utils/yaml.ts
+var import_yaml = require("yaml");
+function parseYaml(source) {
+  return (0, import_yaml.parse)(source);
+}
+function stringifyYaml(value) {
+  return (0, import_yaml.stringify)(value);
+}
+
+// ../core/src/manifest/loadWorkspaceFile.ts
+var import_promises3 = require("fs/promises");
+var import_node_path3 = __toESM(require("path"), 1);
+
+// ../core/src/profiles/expandProfileChain.ts
+var import_promises4 = require("fs/promises");
+var import_node_path4 = __toESM(require("path"), 1);
+
+// ../core/src/workspaces/resolveWorkspaceContext.ts
+var import_promises5 = require("fs/promises");
+var import_node_path5 = __toESM(require("path"), 1);
+
+// ../core/src/utils/envNaming.ts
+function normalizeMappingConfig(config = {}) {
+  return {
+    convention: config.convention,
+    explicit: config.explicit ?? {}
+  };
+}
+function toScreamingSnakeSegment(segment) {
+  return segment.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
+}
+function toScreamingSnake(path8) {
+  return path8.split(".").map((segment) => toScreamingSnakeSegment(segment)).filter(Boolean).join("_");
+}
+function logicalKeyToEnvVar(key, config = {}) {
+  const normalized = normalizeMappingConfig(config);
+  const explicitEntry = Object.entries(normalized.explicit).find(([, logicalKey]) => logicalKey === key);
+  if (explicitEntry) {
+    return explicitEntry[0];
+  }
+  if (normalized.convention !== "SCREAMING_SNAKE") {
+    return void 0;
+  }
+  if (key.startsWith("value.")) {
+    return toScreamingSnake(key.slice("value.".length));
+  }
+  if (key.startsWith("secret.")) {
+    return `SECRET_${toScreamingSnake(key.slice("secret.".length))}`;
+  }
+  return void 0;
+}
+
+// ../core/src/runtime/dump.ts
+var import_promises6 = require("fs/promises");
+var import_node_path6 = __toESM(require("path"), 1);
+
+// ../core/src/utils/flatten.ts
+function flattenObject(value, prefix = "") {
+  return Object.entries(value).reduce((accumulator, [key, nestedValue]) => {
+    const nextKey = prefix ? `${prefix}.${key}` : key;
+    if (nestedValue && typeof nestedValue === "object" && !Array.isArray(nestedValue)) {
+      Object.assign(accumulator, flattenObject(nestedValue, nextKey));
+      return accumulator;
+    }
+    accumulator[nextKey] = nestedValue;
+    return accumulator;
+  }, {});
+}
+
+// ../core/src/utils/secretStore.ts
+var import_node_crypto = require("crypto");
+var import_promises7 = require("fs/promises");
+var import_node_path7 = __toESM(require("path"), 1);
+function resolveSecretStoreRoot(processEnv = process.env) {
+  return import_node_path7.default.resolve(expandHomePath(processEnv.CNOS_SECRET_HOME ?? "~/.cnos/secrets"));
+}
+function resolveSecretStoreFile(storeRoot, ref) {
+  return import_node_path7.default.join(storeRoot, "store", ...ref.split("/")).concat(".json");
+}
+function deriveKey(passphrase, salt) {
+  return (0, import_node_crypto.scryptSync)(passphrase, salt, 32);
+}
+function encryptDocument(value, passphrase) {
+  const salt = (0, import_node_crypto.randomBytes)(16);
+  const iv = (0, import_node_crypto.randomBytes)(12);
+  const key = deriveKey(passphrase, salt);
+  const cipher = (0, import_node_crypto.createCipheriv)("aes-256-gcm", key, iv);
+  const ciphertext = Buffer.concat([cipher.update(value, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return {
+    version: 1,
+    algorithm: "aes-256-gcm",
+    salt: salt.toString("base64"),
+    iv: iv.toString("base64"),
+    tag: tag.toString("base64"),
+    ciphertext: ciphertext.toString("base64")
+  };
+}
+async function writeLocalSecret(storeRoot, ref, value, passphrase) {
+  const filePath = resolveSecretStoreFile(storeRoot, ref);
+  await (0, import_promises7.mkdir)(import_node_path7.default.dirname(filePath), { recursive: true });
+  await (0, import_promises7.writeFile)(filePath, JSON.stringify(encryptDocument(value, passphrase), null, 2), "utf8");
+  return filePath;
+}
+
+// ../core/src/validation/envMapping.ts
+function fallbackLogicalKeyToEnvVar(key) {
+  return key.replace(/^(value|secret)\./, "").replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
+}
+function validateEnvMappingCollisions(manifest, graph) {
+  const candidates = /* @__PURE__ */ new Set([
+    ...Object.values(manifest.envMapping.explicit),
+    ...manifest.public.promote,
+    ...Object.keys(manifest.schema),
+    ...graph ? Array.from(graph.entries.keys()) : []
+  ]);
+  const collisions = /* @__PURE__ */ new Map();
+  for (const key of candidates) {
+    if (key.startsWith("meta.")) {
+      continue;
+    }
+    const envVar = logicalKeyToEnvVar(key, manifest.envMapping) ?? (key.startsWith("value.") || key.startsWith("secret.") ? fallbackLogicalKeyToEnvVar(key) : void 0);
+    if (!envVar) {
+      continue;
+    }
+    const keys = collisions.get(envVar) ?? [];
+    keys.push(key);
+    collisions.set(envVar, keys);
+  }
+  return Array.from(collisions.entries()).filter(([, keys]) => new Set(keys).size > 1).map(([envVar, keys]) => ({
+    code: "env-mapping.collision",
+    message: `Multiple logical keys map to env var ${envVar}: ${Array.from(new Set(keys)).join(", ")}`
+  }));
+}
+
+// ../core/src/validation/publicSafety.ts
+function validatePublicSafety(manifest) {
+  return manifest.public.promote.filter((key) => !key.startsWith("value.")).map((key) => ({
+    code: "public.invalid-promotion",
+    key,
+    message: `public.promote may only include value.* keys: ${key}`
+  }));
+}
+
+// ../core/src/validation/workspaceSafety.ts
+function validateWorkspaceSafety(manifest, graph) {
+  const issues = [];
+  const localRoot = graph.workspace.workspaceRoots.find(
+    (entry) => entry.scope === "local" && entry.workspaceId === graph.workspace.workspaceId
+  );
+  if (!localRoot) {
+    issues.push({
+      code: "workspace.missing-local-root",
+      message: `Missing local workspace root for ${graph.workspace.workspaceId}`
+    });
+  }
+  if (manifest.workspaces.global.allowWrite && !manifest.workspaces.global.enabled) {
+    issues.push({
+      code: "workspace.global-write-policy",
+      message: "workspaces.global.allowWrite requires workspaces.global.enabled: true"
+    });
+  }
+  return issues;
+}
+
+// ../core/src/validation/validateRuntime.ts
+async function validateRuntime(runtime) {
+  const validatorPlugins = runtime.plugins.filter(
+    (plugin) => plugin.kind === "validator"
+  );
+  const pluginResults = await Promise.all(
+    validatorPlugins.map(
+      (plugin) => plugin.validate(runtime.graph, {
+        manifest: runtime.manifest,
+        schema: runtime.manifest.schema
+      })
+    )
+  );
+  const builtInResults = [
+    {
+      pluginId: "public-safety",
+      valid: true,
+      issues: validatePublicSafety(runtime.manifest)
+    },
+    {
+      pluginId: "env-mapping",
+      valid: true,
+      issues: validateEnvMappingCollisions(runtime.manifest, runtime.graph)
+    },
+    {
+      pluginId: "workspace-safety",
+      valid: true,
+      issues: validateWorkspaceSafety(runtime.manifest, runtime.graph)
+    }
+  ].map((result) => ({
+    ...result,
+    valid: result.issues.length === 0
+  }));
+  const results = [...pluginResults, ...builtInResults];
+  const issues = results.flatMap((result) => result.issues);
+  return {
+    valid: issues.length === 0,
+    issues,
+    results
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  flattenObject,
+  parseYaml,
+  resolveConfigDocumentPath,
+  resolveSecretStoreRoot,
+  stringifyYaml,
+  validateRuntime,
+  writeLocalSecret
+});

package/dist/internal.d.cts

@@ -0,0 +1,20 @@
+import { d as CnosRuntime, V as ValidationSummary } from './plugin-BVNEHj19.cjs';
+export { i as ValidationIssue, W as WorkspaceFile } from './plugin-BVNEHj19.cjs';
+
+declare function flattenObject(value: Record<string, unknown>, prefix?: string): Record<string, unknown>;
+
+declare function resolveConfigDocumentPath(workspaceRoot: string, namespace: 'value' | 'secret', configPath: string, profile?: string): string;
+
+interface SecretReference {
+    provider: string;
+    ref: string;
+}
+declare function resolveSecretStoreRoot(processEnv?: Record<string, string | undefined>): string;
+declare function writeLocalSecret(storeRoot: string, ref: string, value: string, passphrase: string): Promise<string>;
+
+declare function parseYaml<T>(source: string): T;
+declare function stringifyYaml(value: unknown): string;
+
+declare function validateRuntime(runtime: CnosRuntime): Promise<ValidationSummary>;
+
+export { type SecretReference, ValidationSummary, flattenObject, parseYaml, resolveConfigDocumentPath, resolveSecretStoreRoot, stringifyYaml, validateRuntime, writeLocalSecret };

package/dist/internal.d.ts

@@ -0,0 +1,20 @@
+import { d as CnosRuntime, V as ValidationSummary } from './plugin-BVNEHj19.js';
+export { i as ValidationIssue, W as WorkspaceFile } from './plugin-BVNEHj19.js';
+
+declare function flattenObject(value: Record<string, unknown>, prefix?: string): Record<string, unknown>;
+
+declare function resolveConfigDocumentPath(workspaceRoot: string, namespace: 'value' | 'secret', configPath: string, profile?: string): string;
+
+interface SecretReference {
+    provider: string;
+    ref: string;
+}
+declare function resolveSecretStoreRoot(processEnv?: Record<string, string | undefined>): string;
+declare function writeLocalSecret(storeRoot: string, ref: string, value: string, passphrase: string): Promise<string>;
+
+declare function parseYaml<T>(source: string): T;
+declare function stringifyYaml(value: unknown): string;
+
+declare function validateRuntime(runtime: CnosRuntime): Promise<ValidationSummary>;
+
+export { type SecretReference, ValidationSummary, flattenObject, parseYaml, resolveConfigDocumentPath, resolveSecretStoreRoot, stringifyYaml, validateRuntime, writeLocalSecret };

package/dist/internal.js

@@ -0,0 +1,18 @@
+import {
+  flattenObject,
+  parseYaml,
+  resolveConfigDocumentPath,
+  resolveSecretStoreRoot,
+  stringifyYaml,
+  validateRuntime,
+  writeLocalSecret
+} from "./chunk-K2T4R5WH.js";
+export {
+  flattenObject,
+  parseYaml,
+  resolveConfigDocumentPath,
+  resolveSecretStoreRoot,
+  stringifyYaml,
+  validateRuntime,
+  writeLocalSecret
+};