npm - @layr-labs/ecloud-sdk - Versions diffs - 1.0.0-devep3 → 1.0.0-devep4 - Mend

@layr-labs/ecloud-sdk 1.0.0-devep3 → 1.0.0-devep4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/VERSION CHANGED Viewed

@@ -1,2 +1,2 @@
-version=1.0.0-devep3
-commit=ae7213bb77bd5448778a2774d92c43d3d9a7cb67
+version=1.0.0-devep4
+commit=d34097bc2cac7cd1e0d74c3ae107481d47fbded9

package/dist/browser.cjs CHANGED Viewed

@@ -749,7 +749,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "1.0.0-devep3" : "0.0.0";
+  const version = true ? "1.0.0-devep4" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {

package/dist/browser.js CHANGED Viewed

@@ -638,7 +638,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "1.0.0-devep3" : "0.0.0";
+  const version = true ? "1.0.0-devep4" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {

package/dist/compute.cjs CHANGED Viewed

@@ -457,7 +457,102 @@ var PushPermissionError = class extends Error {
 var import_handlebars = __toESM(require("handlebars"), 1);
 // src/client/common/templates/Dockerfile.layered.tmpl
-var Dockerfile_layered_default = '{{#if includeTLS}}\n# Get Caddy from official image\nFROM caddy:2.10.2-alpine AS caddy\n{{/if}}\n\nFROM {{baseImage}}\n\n{{#if originalUser}}\n# Switch to root to perform setup (base image has non-root USER: {{originalUser}})\nUSER root\n{{/if}}\n\n# Copy core TEE components\nCOPY compute-source-env.sh /usr/local/bin/\nCOPY kms-client /usr/local/bin/\nCOPY kms-signing-public-key.pem /usr/local/bin/\n{{#if includeDrainWatcher}}\nCOPY ecloud-drain-watcher /usr/local/bin/\n{{/if}}\n\n{{#if includeTLS}}\n# Copy Caddy from official image\nCOPY --from=caddy /usr/bin/caddy /usr/local/bin/caddy\n\n# Copy TLS components\nCOPY tls-keygen /usr/local/bin/\nCOPY Caddyfile /etc/caddy/\n{{/if}}\n\n{{#if originalUser}}\n# Make binaries executable (755 for executables, 644 for keys)\nRUN chmod 755 /usr/local/bin/compute-source-env.sh \\\n    && chmod 755 /usr/local/bin/kms-client{{#if includeDrainWatcher}} \\\n    && chmod 755 /usr/local/bin/ecloud-drain-watcher{{/if}}{{#if includeTLS}} \\\n    && chmod 755 /usr/local/bin/tls-keygen \\\n    && chmod 755 /usr/local/bin/caddy{{/if}} \\\n    && chmod 644 /usr/local/bin/kms-signing-public-key.pem\n\n# Store original user - entrypoint will drop privileges to this user after TEE setup\nENV __ECLOUD_ORIGINAL_USER={{originalUser}}\n{{else}}\n# Make binaries executable (preserve existing permissions, just add execute)\nRUN chmod +x /usr/local/bin/compute-source-env.sh \\\n    && chmod +x /usr/local/bin/kms-client{{#if includeDrainWatcher}} \\\n    && chmod +x /usr/local/bin/ecloud-drain-watcher{{/if}}{{#if includeTLS}} \\\n    && chmod +x /usr/local/bin/tls-keygen{{/if}}\n{{/if}}\n\n{{#if logRedirect}}\n\nLABEL tee.launch_policy.log_redirect={{logRedirect}}\n{{/if}}\n{{#if resourceUsageAllow}}\n\nLABEL tee.launch_policy.monitoring_memory_allow={{resourceUsageAllow}}\n{{/if}}\n\n# Allow-list the envvars the ecloud-platform sets via GCE `tee-env-*`\n# metadata. Without this label, Confidential Space\'s launcher rejects\n# any `tee-env-*` override at container-start with\n# "env var {...} is not allowed to be overridden on this image" and\n# exits with code 1 \u2014 which terminates the VM before the entrypoint\n# ever runs. ECLOUD_PD_EXPECTED is set on PD-backed apps so the\n# entrypoint (compute-source-env.sh) knows to wait for the persistent\n# disk before exec\'ing the user workload. User-supplied env vars\n# flow through KMS (not tee-env-*) and don\'t need to be listed here.\nLABEL tee.launch_policy.allow_env_override=ECLOUD_PD_EXPECTED\n\nLABEL eigenx_cli_version={{ecloudCLIVersion}}\nLABEL eigenx_vm_image=eigen\nLABEL eigenx_container_contract=v1\n\n{{#if includeTLS}}\n# Expose both HTTP and HTTPS ports for Caddy\nEXPOSE 80 443\n{{/if}}\n\nENTRYPOINT ["/usr/local/bin/compute-source-env.sh"]\nCMD {{{originalCmd}}}\n';
+var Dockerfile_layered_default = `{{#if includeTLS}}
+# Get Caddy from official image
+FROM caddy:2.10.2-alpine AS caddy
+{{/if}}
+FROM {{baseImage}}
+{{#if originalUser}}
+# Switch to root to perform setup (base image has non-root USER: {{originalUser}})
+USER root
+{{/if}}
+# Copy core TEE components
+COPY compute-source-env.sh /usr/local/bin/
+COPY kms-client /usr/local/bin/
+COPY kms-signing-public-key.pem /usr/local/bin/
+{{#if includeDrainWatcher}}
+COPY ecloud-drain-watcher /usr/local/bin/
+{{/if}}
+{{#if includeTLS}}
+# Copy Caddy from official image
+COPY --from=caddy /usr/bin/caddy /usr/local/bin/caddy
+# Copy TLS components
+COPY tls-keygen /usr/local/bin/
+COPY Caddyfile /etc/caddy/
+{{/if}}
+{{#if originalUser}}
+# Make binaries executable (755 for executables, 644 for keys)
+RUN chmod 755 /usr/local/bin/compute-source-env.sh \\
+    && chmod 755 /usr/local/bin/kms-client{{#if includeDrainWatcher}} \\
+    && chmod 755 /usr/local/bin/ecloud-drain-watcher{{/if}}{{#if includeTLS}} \\
+    && chmod 755 /usr/local/bin/tls-keygen \\
+    && chmod 755 /usr/local/bin/caddy{{/if}} \\
+    && chmod 644 /usr/local/bin/kms-signing-public-key.pem
+# Store original user - entrypoint will drop privileges to this user after TEE setup
+ENV __ECLOUD_ORIGINAL_USER={{originalUser}}
+{{else}}
+# Make binaries executable (preserve existing permissions, just add execute)
+RUN chmod +x /usr/local/bin/compute-source-env.sh \\
+    && chmod +x /usr/local/bin/kms-client{{#if includeDrainWatcher}} \\
+    && chmod +x /usr/local/bin/ecloud-drain-watcher{{/if}}{{#if includeTLS}} \\
+    && chmod +x /usr/local/bin/tls-keygen{{/if}}
+{{/if}}
+{{#if logRedirect}}
+LABEL tee.launch_policy.log_redirect={{logRedirect}}
+{{/if}}
+{{#if resourceUsageAllow}}
+LABEL tee.launch_policy.monitoring_memory_allow={{resourceUsageAllow}}
+{{/if}}
+# Allow-list the envvars the ecloud-platform sets via GCE \`tee-env-*\`
+# metadata. Without this label, Confidential Space's launcher rejects
+# any \`tee-env-*\` override at container-start with
+# "env var {...} is not allowed to be overridden on this image" and
+# exits with code 1 \u2014 which terminates the VM before the entrypoint
+# ever runs. User-supplied env vars flow through KMS (not tee-env-*)
+# and don't need to be listed here.
+#
+# Entries:
+#   - ECLOUD_PD_EXPECTED   set on PD-backed apps so the entrypoint
+#                          (compute-source-env.sh) knows to wait for
+#                          the persistent disk before exec'ing the
+#                          user workload.
+#   - ECLOUD_PLATFORM_HOST the platform-routed hostname
+#                          (<addr>.<env>.eigencloud.xyz) so the
+#                          entrypoint's setup_tls can issue an ACME
+#                          cert for it. Injected by the CLI into
+#                          publicEnv at deploy/upgrade time and
+#                          propagated by ecloud-platform's
+#                          compute.go as a tee-env-* metadata key.
+#
+# The CS launcher parses this label as a comma-separated list
+# (go-tpm-tools/launcher/spec/launch_policy.go:185 \u2014 strings.Split
+# on ","). Quotes are not required; keep the value bare for
+# consistency with compute-tee's and eigenx-kms's existing labels.
+LABEL tee.launch_policy.allow_env_override=ECLOUD_PD_EXPECTED,ECLOUD_PLATFORM_HOST
+LABEL eigenx_cli_version={{ecloudCLIVersion}}
+LABEL eigenx_vm_image=eigen
+LABEL eigenx_container_contract=v1
+{{#if includeTLS}}
+# Expose both HTTP and HTTPS ports for Caddy
+EXPOSE 80 443
+{{/if}}
+ENTRYPOINT ["/usr/local/bin/compute-source-env.sh"]
+CMD {{{originalCmd}}}
+`;
 // src/client/common/templates/dockerfileTemplate.ts
 function processDockerfileTemplate(data) {
@@ -5270,7 +5365,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "1.0.0-devep3" : "0.0.0";
+  const version = true ? "1.0.0-devep4" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {