@kustodian/schema 1.4.0 → 2.0.0

package/dist/template.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"template.d.ts","sourceRoot":"","sources":["../src/template.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAaxB;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;EAKpC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE7E;;;;;;;GAOG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;IAAmD,CAAC;AAEtF,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEtE;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,2CAAyC,CAAC;AAE/E,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE5E;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;EAGrC,CAAC;AAEH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEhF;;;GAGG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAa/B,yEAAyE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEzE,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAErE;;GAEG;AACH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;EAKxC,CAAC;AAEH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAErF;;;GAGG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;IAEtC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAElF;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;IAE/B,wEAAwE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAjCxE,yEAAyE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoCzE,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;QAV1B,wEAAwE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAjCxE,yEAAyE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgDzE,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE3D;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,GAAG,CAAC,CAAC,mBAAmB,CAAC,OAAO,EAAE,YAAY,CAAC,CAE7F"}

package/package.json

@@ -1,23 +1,26 @@
 {
   "name": "@kustodian/schema",
-  "version": "1.4.0",
+  "version": "2.0.0",
   "description": "JSON Schema definitions for Kustodian YAML validation",
   "type": "module",
-  "main": "./src/index.ts",
-  "types": "./src/index.ts",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "exports": {
     ".": {
-      "types": "./src/index.ts",
-      "import": "./src/index.ts"
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
     }
   },
   "files": [
-    "src"
+    "dist"
   ],
   "scripts": {
     "test": "bun test",
     "test:watch": "bun test --watch",
-    "typecheck": "bun run tsc --noEmit"
+    "typecheck": "bun run tsc --noEmit",
+    "generate-schemas": "bun run ./scripts/generate-json-schemas.ts",
+    "build": "bun build src/index.ts --outdir dist --target node --format esm && tsc --emitDeclarationOnly --outDir dist",
+    "prepublishOnly": "bun run build"
   },
   "keywords": [
     "kustodian",
@@ -33,9 +36,13 @@
     "directory": "packages/schema"
   },
   "publishConfig": {
-    "registry": "https://npm.pkg.github.com"
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
   },
   "dependencies": {
     "zod": "^3.25.30"
+  },
+  "devDependencies": {
+    "zod-to-json-schema": "^3.25.1"
   }
 }

package/src/cluster.ts

@@ -1,191 +0,0 @@
-import { z } from 'zod';
-
-import { api_version_schema, metadata_schema, values_schema } from './common.js';
-import { ssh_config_schema } from './node-list.js';
-import { preservation_mode_schema } from './template.js';
-
-/**
- * Git repository configuration for a cluster.
- */
-export const git_config_schema = z.object({
-  owner: z.string().min(1),
-  repository: z.string().min(1),
-  branch: z.string().min(1).optional().default('main'),
-  path: z.string().optional(),
-});
-
-export type GitConfigType = z.infer<typeof git_config_schema>;
-
-/**
- * OCI repository configuration for a cluster.
- */
-export const oci_config_schema = z.object({
-  registry: z.string().min(1),
-  repository: z.string().min(1),
-  tag_strategy: z.enum(['cluster', 'git-sha', 'version', 'manual']).optional().default('git-sha'),
-  tag: z.string().optional(),
-  secret_ref: z.string().optional(),
-  provider: z.enum(['aws', 'azure', 'gcp', 'generic']).optional().default('generic'),
-  insecure: z.boolean().optional().default(false),
-});
-
-export type OciConfigType = z.infer<typeof oci_config_schema>;
-
-/**
- * Kustomization override configuration within a cluster.
- *
- * Allows overriding kustomization enablement and preservation from template defaults.
- */
-export const kustomization_override_schema = z.object({
-  enabled: z.boolean(),
-  preservation: z
-    .object({
-      mode: preservation_mode_schema,
-      keep_resources: z.array(z.string()).optional(),
-    })
-    .optional(),
-});
-
-export type KustomizationOverrideType = z.infer<typeof kustomization_override_schema>;
-
-/**
- * Template enablement configuration within a cluster.
- */
-export const template_config_schema = z.object({
-  name: z.string().min(1),
-  enabled: z.boolean().optional().default(true),
-  values: values_schema.optional(),
-  kustomizations: z
-    .record(
-      z.string(), // kustomization name
-      z.union([
-        z.boolean(), // Simple: just enabled/disabled
-        kustomization_override_schema, // Advanced: with preservation
-      ]),
-    )
-    .optional(),
-});
-
-export type TemplateConfigType = z.infer<typeof template_config_schema>;
-
-/**
- * Plugin configuration within a cluster.
- */
-export const plugin_config_schema = z.object({
-  name: z.string().min(1),
-  config: z.record(z.string(), z.unknown()).optional(),
-});
-
-export type PluginConfigType = z.infer<typeof plugin_config_schema>;
-
-/**
- * Node defaults configuration within a cluster.
- */
-export const node_defaults_schema = z.object({
-  label_prefix: z.string().optional(),
-  ssh: ssh_config_schema.optional(),
-});
-
-export type NodeDefaultsType = z.infer<typeof node_defaults_schema>;
-
-/**
- * GitHub repository configuration for GitOps metadata.
- */
-export const github_config_schema = z.object({
-  organization: z.string().min(1),
-  repository: z.string().min(1),
-  branch: z.string().min(1).optional().default('main'),
-});
-
-export type GithubConfigType = z.infer<typeof github_config_schema>;
-
-/**
- * Bootstrap credential configuration for secret providers.
- * Allows obtaining credentials from another secret provider.
- */
-export const bootstrap_credential_schema = z.discriminatedUnion('type', [
-  z.object({
-    type: z.literal('1password'),
-    ref: z.string().min(1),
-  }),
-  z.object({
-    type: z.literal('doppler'),
-    project: z.string().min(1),
-    config: z.string().min(1),
-    secret: z.string().min(1),
-  }),
-]);
-
-export type BootstrapCredentialType = z.infer<typeof bootstrap_credential_schema>;
-
-/**
- * Doppler secret provider configuration at cluster level.
- */
-export const doppler_config_schema = z.object({
-  project: z.string().min(1),
-  config: z.string().min(1),
-  service_token: bootstrap_credential_schema.optional(),
-});
-
-export type DopplerConfigType = z.infer<typeof doppler_config_schema>;
-
-/**
- * 1Password secret provider configuration at cluster level.
- */
-export const onepassword_config_schema = z.object({
-  vault: z.string().min(1),
-  service_account_token: bootstrap_credential_schema.optional(),
-});
-
-export type OnePasswordConfigType = z.infer<typeof onepassword_config_schema>;
-
-/**
- * Secret providers configuration at cluster level.
- */
-export const secrets_config_schema = z.object({
-  doppler: doppler_config_schema.optional(),
-  onepassword: onepassword_config_schema.optional(),
-});
-
-export type SecretsConfigType = z.infer<typeof secrets_config_schema>;
-
-/**
- * Cluster specification.
- */
-export const cluster_spec_schema = z
-  .object({
-    code: z.string().min(1).optional(),
-    domain: z.string().min(1),
-    git: git_config_schema.optional(),
-    oci: oci_config_schema.optional(),
-    github: github_config_schema.optional(),
-    templates: z.array(template_config_schema).optional(),
-    plugins: z.array(plugin_config_schema).optional(),
-    node_defaults: node_defaults_schema.optional(),
-    nodes: z.array(z.string()).optional(),
-    secrets: secrets_config_schema.optional(),
-  })
-  .refine((data) => data.git || data.oci, {
-    message: "Either 'git' or 'oci' must be specified",
-  });
-
-export type ClusterSpecType = z.infer<typeof cluster_spec_schema>;
-
-/**
- * Complete Cluster resource definition.
- */
-export const cluster_schema = z.object({
-  apiVersion: api_version_schema,
-  kind: z.literal('Cluster'),
-  metadata: metadata_schema,
-  spec: cluster_spec_schema,
-});
-
-export type ClusterType = z.infer<typeof cluster_schema>;
-
-/**
- * Validates a cluster object and returns the result.
- */
-export function validate_cluster(data: unknown): z.SafeParseReturnType<unknown, ClusterType> {
-  return cluster_schema.safeParse(data);
-}

package/src/common.ts

@@ -1,300 +0,0 @@
-import { z } from 'zod';
-
-/**
- * Common API version for all Kustodian resources.
- */
-export const api_version_schema = z.literal('kustodian.io/v1');
-
-/**
- * Standard metadata for all Kustodian resources.
- */
-export const metadata_schema = z.object({
-  name: z.string().min(1),
-});
-
-export type MetadataType = z.infer<typeof metadata_schema>;
-
-/**
- * Health check configuration for waiting on resources.
- */
-export const health_check_schema = z.object({
-  kind: z.string().min(1),
-  name: z.string().min(1),
-  namespace: z.string().min(1).optional(),
-  api_version: z.string().min(1).optional(),
-});
-
-export type HealthCheckType = z.infer<typeof health_check_schema>;
-
-/**
- * Health check expression configuration using CEL (Common Expression Language).
- * Supports custom health check conditions via CEL expressions.
- */
-export const health_check_expr_schema = z.object({
-  api_version: z.string().min(1),
-  kind: z.string().min(1),
-  namespace: z.string().min(1).optional(),
-  /** CEL expression for when resource is healthy/current */
-  current: z.string().min(1).optional(),
-  /** CEL expression for when resource has failed */
-  failed: z.string().min(1).optional(),
-});
-
-export type HealthCheckExprType = z.infer<typeof health_check_expr_schema>;
-
-/**
- * Registry configuration for version substitutions.
- */
-export const registry_config_schema = z.object({
-  /** Full image reference: registry/namespace/image or just namespace/image for Docker Hub */
-  image: z.string().min(1),
-  /** Registry type for API selection */
-  type: z.enum(['dockerhub', 'ghcr']).optional(),
-});
-
-export type RegistryConfigType = z.infer<typeof registry_config_schema>;
-
-/**
- * Helm repository configuration for helm chart version substitutions.
- * Supports both traditional Helm repositories and OCI registries.
- */
-export const helm_config_schema = z
-  .object({
-    /** Helm chart repository URL (e.g., https://traefik.github.io/charts) */
-    repository: z.string().url().optional(),
-    /** OCI registry URL for Helm charts (e.g., oci://ghcr.io/traefik/helm) */
-    oci: z.string().startsWith('oci://').optional(),
-    /** Chart name */
-    chart: z.string().min(1),
-  })
-  .refine(
-    (data) => {
-      // Either repository or oci must be provided
-      return data.repository !== undefined || data.oci !== undefined;
-    },
-    {
-      message: "Either 'repository' or 'oci' must be specified",
-    },
-  );
-
-export type HelmConfigType = z.infer<typeof helm_config_schema>;
-
-/**
- * Generic substitution (backward compatible, default type).
- */
-export const generic_substitution_schema = z.object({
-  type: z.literal('generic').optional(),
-  name: z.string().min(1),
-  default: z.string().optional(),
-  secret: z.string().optional(),
-  preserve_case: z.boolean().optional(),
-});
-
-export type GenericSubstitutionType = z.infer<typeof generic_substitution_schema>;
-
-/**
- * Version substitution for tracking container image versions.
- */
-export const version_substitution_schema = z.object({
-  type: z.literal('version'),
-  name: z.string().min(1),
-  default: z.string().optional(),
-  /** Semver constraint: ^1.0.0, ~2.3.0, >=1.0.0 <2.0.0 */
-  constraint: z.string().optional(),
-  /** Registry configuration for fetching available versions */
-  registry: registry_config_schema,
-  /** Regex pattern for filtering valid tags (default: semver-like) */
-  tag_pattern: z.string().optional(),
-  /** Exclude pre-release versions (default: true) */
-  exclude_prerelease: z.boolean().optional(),
-});
-
-export type VersionSubstitutionType = z.infer<typeof version_substitution_schema>;
-
-/**
- * Helm chart version substitution for tracking Helm chart versions.
- */
-export const helm_substitution_schema = z.object({
-  type: z.literal('helm'),
-  name: z.string().min(1),
-  default: z.string().optional(),
-  /** Semver constraint: ^1.0.0, ~2.3.0, >=1.0.0 <2.0.0 */
-  constraint: z.string().optional(),
-  /** Helm repository configuration for fetching available chart versions */
-  helm: helm_config_schema,
-  /** Regex pattern for filtering valid tags (default: semver-like) */
-  tag_pattern: z.string().optional(),
-  /** Exclude pre-release versions (default: true) */
-  exclude_prerelease: z.boolean().optional(),
-});
-
-export type HelmSubstitutionType = z.infer<typeof helm_substitution_schema>;
-
-/**
- * Namespace substitution with Kubernetes naming validation.
- */
-export const namespace_substitution_schema = z.object({
-  type: z.literal('namespace'),
-  name: z.string().min(1),
-  default: z.string().optional(),
-});
-
-export type NamespaceSubstitutionType = z.infer<typeof namespace_substitution_schema>;
-
-/**
- * 1Password substitution for fetching secrets from 1Password vaults.
- * Uses the op:// secret reference format, or shorthand with cluster defaults.
- */
-export const onepassword_substitution_schema = z
-  .object({
-    type: z.literal('1password'),
-    name: z.string().min(1),
-    /** 1Password secret reference: op://vault/item[/section]/field, or shorthand item/field when vault is configured at cluster level */
-    ref: z.string().min(1).optional(),
-    /** Item name (shorthand, requires cluster-level vault configuration) */
-    item: z.string().min(1).optional(),
-    /** Field name (shorthand, requires cluster-level vault configuration) */
-    field: z.string().min(1).optional(),
-    /** Section name (optional, for shorthand references) */
-    section: z.string().optional(),
-    /** Optional default value if secret cannot be fetched */
-    default: z.string().optional(),
-  })
-  .refine(
-    (data) => {
-      // Either ref must be provided, or both item and field
-      return data.ref !== undefined || (data.item !== undefined && data.field !== undefined);
-    },
-    {
-      message: "Either 'ref' or both 'item' and 'field' must be specified",
-    },
-  );
-
-export type OnePasswordSubstitutionType = z.infer<typeof onepassword_substitution_schema>;
-
-/**
- * Doppler substitution for fetching secrets from Doppler projects.
- * Project and config can be omitted if configured at cluster level.
- */
-export const doppler_substitution_schema = z.object({
-  type: z.literal('doppler'),
-  name: z.string().min(1),
-  /** Doppler project name (optional if configured at cluster level) */
-  project: z.string().min(1).optional(),
-  /** Doppler config name (optional if configured at cluster level, e.g., 'dev', 'stg', 'prd') */
-  config: z.string().min(1).optional(),
-  /** Secret key name in Doppler */
-  secret: z.string().min(1),
-  /** Optional default value if secret cannot be fetched */
-  default: z.string().optional(),
-});
-
-export type DopplerSubstitutionType = z.infer<typeof doppler_substitution_schema>;
-
-/**
- * Union of all substitution types.
- * Supports backward compatibility: substitutions without 'type' are treated as generic.
- */
-export const substitution_schema = z.union([
-  version_substitution_schema,
-  helm_substitution_schema,
-  namespace_substitution_schema,
-  onepassword_substitution_schema,
-  doppler_substitution_schema,
-  generic_substitution_schema, // Must be last due to optional 'type' field
-]);
-
-export type SubstitutionType = z.infer<typeof substitution_schema>;
-
-/**
- * Type guard for version substitutions.
- */
-export function is_version_substitution(sub: SubstitutionType): sub is VersionSubstitutionType {
-  return 'type' in sub && sub.type === 'version';
-}
-
-/**
- * Type guard for helm substitutions.
- */
-export function is_helm_substitution(sub: SubstitutionType): sub is HelmSubstitutionType {
-  return 'type' in sub && sub.type === 'helm';
-}
-
-/**
- * Type guard for namespace substitutions.
- */
-export function is_namespace_substitution(sub: SubstitutionType): sub is NamespaceSubstitutionType {
-  return 'type' in sub && sub.type === 'namespace';
-}
-
-/**
- * Type guard for generic substitutions.
- */
-export function is_generic_substitution(sub: SubstitutionType): sub is GenericSubstitutionType {
-  return !('type' in sub) || sub.type === 'generic' || sub.type === undefined;
-}
-
-/**
- * Type guard for 1Password substitutions.
- */
-export function is_onepassword_substitution(
-  sub: SubstitutionType,
-): sub is OnePasswordSubstitutionType {
-  return 'type' in sub && sub.type === '1password';
-}
-
-/**
- * Type guard for Doppler substitutions.
- */
-export function is_doppler_substitution(sub: SubstitutionType): sub is DopplerSubstitutionType {
-  return 'type' in sub && sub.type === 'doppler';
-}
-
-/**
- * Namespace configuration with fallback behavior.
- */
-export const namespace_config_schema = z.object({
-  default: z.string().min(1),
-  create: z.boolean().optional().default(true),
-});
-
-export type NamespaceConfigType = z.infer<typeof namespace_config_schema>;
-
-/**
- * Base auth configuration for kustomizations.
- * This schema defines common fields that all auth providers share.
- * Plugins (e.g., authelia, authentik) extend validation for provider-specific fields.
- */
-export const auth_config_schema = z.object({
-  /** Auth provider plugin name (e.g., 'authelia', 'authentik') */
-  provider: z.string().min(1),
-  /** Provider-specific auth type (e.g., 'oidc', 'proxy', 'oauth2', 'saml') */
-  type: z.string().min(1),
-  /** Application identifier (used for client_id, slug, etc.) */
-  app_name: z.string().min(1),
-  /** Display name for the application */
-  app_display_name: z.string().optional(),
-  /** Application description */
-  app_description: z.string().optional(),
-  /** Application icon URL */
-  app_icon: z.string().optional(),
-  /** Application group/category */
-  app_group: z.string().optional(),
-  /** Application launch URL */
-  app_launch_url: z.string().optional(),
-  /** External host for the application */
-  external_host: z.string().optional(),
-  /** Internal service host (for proxy auth) */
-  internal_host: z.string().optional(),
-  /** Provider-specific configuration (validated by auth plugins) */
-  config: z.record(z.string(), z.unknown()).optional(),
-});
-
-export type AuthConfigType = z.infer<typeof auth_config_schema>;
-
-/**
- * Key-value pairs for substitution values.
- */
-export const values_schema = z.record(z.string(), z.string());
-
-export type ValuesType = z.infer<typeof values_schema>;

package/src/node-list.ts

@@ -1,135 +0,0 @@
-import { z } from 'zod';
-
-import { api_version_schema } from './common.js';
-
-/**
- * SSH configuration schema.
- */
-export const ssh_config_schema = z.object({
-  user: z.string().optional(),
-  key_path: z.string().optional(),
-  known_hosts_path: z.string().optional(),
-  port: z.number().int().positive().optional(),
-});
-
-export type SshConfigSchemaType = z.infer<typeof ssh_config_schema>;
-
-/**
- * Kubernetes taint effect.
- */
-export const taint_effect_schema = z.enum(['NoSchedule', 'PreferNoSchedule', 'NoExecute']);
-
-export type TaintEffectType = z.infer<typeof taint_effect_schema>;
-
-/**
- * Kubernetes taint schema.
- */
-export const taint_schema = z.object({
-  key: z.string().min(1),
-  value: z.string().optional(),
-  effect: taint_effect_schema,
-});
-
-export type TaintSchemaType = z.infer<typeof taint_schema>;
-
-/**
- * Node role in the cluster.
- */
-export const node_role_schema = z.enum(['controller', 'worker', 'controller+worker']);
-
-export type NodeRoleType = z.infer<typeof node_role_schema>;
-
-/**
- * Single node definition schema (for inline use in NodeList).
- */
-export const node_schema = z.object({
-  name: z.string().min(1),
-  role: node_role_schema,
-  address: z.string().min(1),
-  profile: z.string().min(1).optional(),
-  ssh: ssh_config_schema.optional(),
-  labels: z.record(z.union([z.string(), z.boolean(), z.number()])).optional(),
-  taints: z.array(taint_schema).optional(),
-  annotations: z.record(z.string()).optional(),
-});
-
-export type NodeSchemaType = z.infer<typeof node_schema>;
-
-/**
- * Node metadata schema (for standalone Node resources).
- */
-export const node_metadata_schema = z.object({
-  name: z.string().min(1),
-  cluster: z.string().min(1),
-});
-
-export type NodeMetadataType = z.infer<typeof node_metadata_schema>;
-
-/**
- * Node spec schema (for standalone Node resources).
- */
-export const node_spec_schema = z.object({
-  role: node_role_schema,
-  address: z.string().min(1),
-  profile: z.string().min(1).optional(),
-  ssh: ssh_config_schema.optional(),
-  labels: z.record(z.union([z.string(), z.boolean(), z.number()])).optional(),
-  taints: z.array(taint_schema).optional(),
-  annotations: z.record(z.string()).optional(),
-});
-
-export type NodeSpecType = z.infer<typeof node_spec_schema>;
-
-/**
- * Standalone Node resource definition.
- * Used for individual node files at clusters/<cluster>/nodes/<node>.yml
- */
-export const node_resource_schema = z.object({
-  apiVersion: api_version_schema,
-  kind: z.literal('Node'),
-  metadata: node_metadata_schema,
-  spec: node_spec_schema,
-});
-
-export type NodeResourceType = z.infer<typeof node_resource_schema>;
-
-/**
- * Validates a Node resource and returns the result.
- */
-export function validate_node_resource(
-  data: unknown,
-): z.SafeParseReturnType<unknown, NodeResourceType> {
-  return node_resource_schema.safeParse(data);
-}
-
-/**
- * Converts a Node resource to a NodeType for internal use.
- */
-export function node_resource_to_node(resource: NodeResourceType): NodeSchemaType {
-  const node: NodeSchemaType = {
-    name: resource.metadata.name,
-    role: resource.spec.role,
-    address: resource.spec.address,
-  };
-
-  if (resource.spec.profile !== undefined) {
-    node.profile = resource.spec.profile;
-  }
-  if (resource.spec.ssh !== undefined) {
-    node.ssh = resource.spec.ssh;
-  }
-  if (resource.spec.labels !== undefined) {
-    node.labels = resource.spec.labels;
-  }
-  if (resource.spec.taints !== undefined) {
-    node.taints = resource.spec.taints;
-  }
-  if (resource.spec.annotations !== undefined) {
-    node.annotations = resource.spec.annotations;
-  }
-
-  return node;
-}
-
-// NodeList is no longer a schema kind - it's just an internal construct
-// Nodes are defined as individual Node resources and aggregated in code