@liquidmetal-ai/drizzle 0.0.1

package/src/liquidmetal/v1alpha1/rainbow_auth_connect.ts

@@ -0,0 +1,55 @@
+// @generated by protoc-gen-connect-es v1.4.0 with parameter "target=ts,import_extension=.js"
+// @generated from file liquidmetal/v1alpha1/rainbow_auth.proto (package liquidmetal.v1alpha1, syntax proto3)
+/* eslint-disable */
+// @ts-nocheck
+
+import { DeviceAccessTokenRequest, DeviceAccessTokenResponse, DeviceAuthorizationRequest, DeviceAuthorizationResponse, RefreshAccessTokenRequest, RefreshAccessTokenResponse } from "./rainbow_auth_pb.js";
+import { MethodKind } from "@bufbuild/protobuf";
+
+/**
+ * @generated from service liquidmetal.v1alpha1.RainbowAuthService
+ */
+export const RainbowAuthService = {
+  typeName: "liquidmetal.v1alpha1.RainbowAuthService",
+  methods: {
+    /**
+     * DeviceAuthorization is similar to the RFC8628 Device Authorization Request
+     * and Response.
+     *
+     * https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
+     *
+     * @generated from rpc liquidmetal.v1alpha1.RainbowAuthService.DeviceAuthorization
+     */
+    deviceAuthorization: {
+      name: "DeviceAuthorization",
+      I: DeviceAuthorizationRequest,
+      O: DeviceAuthorizationResponse,
+      kind: MethodKind.Unary,
+    },
+    /**
+     * DeviceAccessToken is polled after a successful call to DeviceAuthorization
+     * awaiting the verification_uri_complete to have been followed allowing this
+     * RPC to return a BearerToken response.
+     *
+     * @generated from rpc liquidmetal.v1alpha1.RainbowAuthService.DeviceAccessToken
+     */
+    deviceAccessToken: {
+      name: "DeviceAccessToken",
+      I: DeviceAccessTokenRequest,
+      O: DeviceAccessTokenResponse,
+      kind: MethodKind.Unary,
+    },
+    /**
+     * RefreshAccessToken is invoked when the access token expires.
+     *
+     * @generated from rpc liquidmetal.v1alpha1.RainbowAuthService.RefreshAccessToken
+     */
+    refreshAccessToken: {
+      name: "RefreshAccessToken",
+      I: RefreshAccessTokenRequest,
+      O: RefreshAccessTokenResponse,
+      kind: MethodKind.Unary,
+    },
+  }
+} as const;
+

package/src/liquidmetal/v1alpha1/rainbow_auth_pb.ts

@@ -0,0 +1,476 @@
+// @generated by protoc-gen-es v1.10.0 with parameter "target=ts"
+// @generated from file liquidmetal/v1alpha1/rainbow_auth.proto (package liquidmetal.v1alpha1, syntax proto3)
+/* eslint-disable */
+// @ts-nocheck
+
+import type { BinaryReadOptions, FieldList, JsonReadOptions, JsonValue, PartialMessage, PlainMessage } from "@bufbuild/protobuf";
+import { Duration, Message, proto3, Timestamp } from "@bufbuild/protobuf";
+
+/**
+ * @generated from message liquidmetal.v1alpha1.DeviceAuthorizationRequest
+ */
+export class DeviceAuthorizationRequest extends Message<DeviceAuthorizationRequest> {
+  /**
+   * client_id should be the application name and version e.g. raindrop@v1.0.0
+   *
+   * @generated from field: string client_id = 1;
+   */
+  clientId = "";
+
+  constructor(data?: PartialMessage<DeviceAuthorizationRequest>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.DeviceAuthorizationRequest";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "client_id", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): DeviceAuthorizationRequest {
+    return new DeviceAuthorizationRequest().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): DeviceAuthorizationRequest {
+    return new DeviceAuthorizationRequest().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): DeviceAuthorizationRequest {
+    return new DeviceAuthorizationRequest().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: DeviceAuthorizationRequest | PlainMessage<DeviceAuthorizationRequest> | undefined, b: DeviceAuthorizationRequest | PlainMessage<DeviceAuthorizationRequest> | undefined): boolean {
+    return proto3.util.equals(DeviceAuthorizationRequest, a, b);
+  }
+}
+
+/**
+ * @generated from message liquidmetal.v1alpha1.DeviceAuthorizationResponse
+ */
+export class DeviceAuthorizationResponse extends Message<DeviceAuthorizationResponse> {
+  /**
+   * device_code is a name from RFC8628 that will be used by the invoker of
+   * DeviceAuthorization to continuously poll to see if the authorization has
+   * been granted.
+   *
+   * @generated from field: string device_code = 1;
+   */
+  deviceCode = "";
+
+  /**
+   * verification_uri_complete is a URL that the caller should visit in order to
+   * initiate a login flow through a browser that will result in the device_code
+   * being associated with the login.
+   *
+   * as we do not support low-fidelity devices, we do not expose the RFC8628
+   * user_code nor the verification_uri. It is expected that the device can
+   * render a complex uri that the user can either click on or use a QR code
+   * scanner to complete rather than providing user-friendly small-length
+   * characters to type manually.
+   *
+   * @generated from field: string verification_uri_complete = 2;
+   */
+  verificationUriComplete = "";
+
+  /**
+   * expires_at is when the device code is marked as expired
+   *
+   * @generated from field: google.protobuf.Timestamp expires_at = 3;
+   */
+  expiresAt?: Timestamp;
+
+  /**
+   * interval is the minimum amount of time that the client should wait between
+   * polling requests
+   *
+   * @generated from field: google.protobuf.Duration interval = 4;
+   */
+  interval?: Duration;
+
+  constructor(data?: PartialMessage<DeviceAuthorizationResponse>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.DeviceAuthorizationResponse";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "device_code", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 2, name: "verification_uri_complete", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 3, name: "expires_at", kind: "message", T: Timestamp },
+    { no: 4, name: "interval", kind: "message", T: Duration },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): DeviceAuthorizationResponse {
+    return new DeviceAuthorizationResponse().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): DeviceAuthorizationResponse {
+    return new DeviceAuthorizationResponse().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): DeviceAuthorizationResponse {
+    return new DeviceAuthorizationResponse().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: DeviceAuthorizationResponse | PlainMessage<DeviceAuthorizationResponse> | undefined, b: DeviceAuthorizationResponse | PlainMessage<DeviceAuthorizationResponse> | undefined): boolean {
+    return proto3.util.equals(DeviceAuthorizationResponse, a, b);
+  }
+}
+
+/**
+ * @generated from message liquidmetal.v1alpha1.DeviceAccessTokenRequest
+ */
+export class DeviceAccessTokenRequest extends Message<DeviceAccessTokenRequest> {
+  /**
+   * @generated from field: string device_code = 1;
+   */
+  deviceCode = "";
+
+  constructor(data?: PartialMessage<DeviceAccessTokenRequest>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.DeviceAccessTokenRequest";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "device_code", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): DeviceAccessTokenRequest {
+    return new DeviceAccessTokenRequest().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): DeviceAccessTokenRequest {
+    return new DeviceAccessTokenRequest().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): DeviceAccessTokenRequest {
+    return new DeviceAccessTokenRequest().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: DeviceAccessTokenRequest | PlainMessage<DeviceAccessTokenRequest> | undefined, b: DeviceAccessTokenRequest | PlainMessage<DeviceAccessTokenRequest> | undefined): boolean {
+    return proto3.util.equals(DeviceAccessTokenRequest, a, b);
+  }
+}
+
+/**
+ * @generated from message liquidmetal.v1alpha1.DeviceAccessTokenResponse
+ */
+export class DeviceAccessTokenResponse extends Message<DeviceAccessTokenResponse> {
+  /**
+   * @generated from oneof liquidmetal.v1alpha1.DeviceAccessTokenResponse.response
+   */
+  response: {
+    /**
+     * authorization_pending is returned when it is acceptable to continue
+     * polling for a token but the login has not yet completed.
+     *
+     * @generated from field: liquidmetal.v1alpha1.AuthorizationPending authorization_pending = 1;
+     */
+    value: AuthorizationPending;
+    case: "authorizationPending";
+  } | {
+    /**
+     * bearer_token is a successful authorization where access may be granted by
+     * providing the access_token as a Bearer authentication header.
+     *
+     * @generated from field: liquidmetal.v1alpha1.BearerToken bearer_token = 2;
+     */
+    value: BearerToken;
+    case: "bearerToken";
+  } | { case: undefined; value?: undefined } = { case: undefined };
+
+  constructor(data?: PartialMessage<DeviceAccessTokenResponse>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.DeviceAccessTokenResponse";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "authorization_pending", kind: "message", T: AuthorizationPending, oneof: "response" },
+    { no: 2, name: "bearer_token", kind: "message", T: BearerToken, oneof: "response" },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): DeviceAccessTokenResponse {
+    return new DeviceAccessTokenResponse().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): DeviceAccessTokenResponse {
+    return new DeviceAccessTokenResponse().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): DeviceAccessTokenResponse {
+    return new DeviceAccessTokenResponse().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: DeviceAccessTokenResponse | PlainMessage<DeviceAccessTokenResponse> | undefined, b: DeviceAccessTokenResponse | PlainMessage<DeviceAccessTokenResponse> | undefined): boolean {
+    return proto3.util.equals(DeviceAccessTokenResponse, a, b);
+  }
+}
+
+/**
+ * @generated from message liquidmetal.v1alpha1.RefreshAccessTokenRequest
+ */
+export class RefreshAccessTokenRequest extends Message<RefreshAccessTokenRequest> {
+  /**
+   * @generated from field: string refresh_token = 1;
+   */
+  refreshToken = "";
+
+  /**
+   * @generated from field: string organization_id = 2;
+   */
+  organizationId = "";
+
+  constructor(data?: PartialMessage<RefreshAccessTokenRequest>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.RefreshAccessTokenRequest";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "refresh_token", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 2, name: "organization_id", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): RefreshAccessTokenRequest {
+    return new RefreshAccessTokenRequest().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): RefreshAccessTokenRequest {
+    return new RefreshAccessTokenRequest().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): RefreshAccessTokenRequest {
+    return new RefreshAccessTokenRequest().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: RefreshAccessTokenRequest | PlainMessage<RefreshAccessTokenRequest> | undefined, b: RefreshAccessTokenRequest | PlainMessage<RefreshAccessTokenRequest> | undefined): boolean {
+    return proto3.util.equals(RefreshAccessTokenRequest, a, b);
+  }
+}
+
+/**
+ * @generated from message liquidmetal.v1alpha1.RefreshAccessTokenResponse
+ */
+export class RefreshAccessTokenResponse extends Message<RefreshAccessTokenResponse> {
+  /**
+   * @generated from field: liquidmetal.v1alpha1.BearerToken bearer_token = 1;
+   */
+  bearerToken?: BearerToken;
+
+  constructor(data?: PartialMessage<RefreshAccessTokenResponse>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.RefreshAccessTokenResponse";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "bearer_token", kind: "message", T: BearerToken },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): RefreshAccessTokenResponse {
+    return new RefreshAccessTokenResponse().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): RefreshAccessTokenResponse {
+    return new RefreshAccessTokenResponse().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): RefreshAccessTokenResponse {
+    return new RefreshAccessTokenResponse().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: RefreshAccessTokenResponse | PlainMessage<RefreshAccessTokenResponse> | undefined, b: RefreshAccessTokenResponse | PlainMessage<RefreshAccessTokenResponse> | undefined): boolean {
+    return proto3.util.equals(RefreshAccessTokenResponse, a, b);
+  }
+}
+
+/**
+ * @generated from message liquidmetal.v1alpha1.AuthorizationPending
+ */
+export class AuthorizationPending extends Message<AuthorizationPending> {
+  /**
+   * interval is the minimum amount of time that the client should wait between
+   * polling requests
+   *
+   * @generated from field: google.protobuf.Duration interval = 1;
+   */
+  interval?: Duration;
+
+  constructor(data?: PartialMessage<AuthorizationPending>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.AuthorizationPending";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "interval", kind: "message", T: Duration },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): AuthorizationPending {
+    return new AuthorizationPending().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): AuthorizationPending {
+    return new AuthorizationPending().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): AuthorizationPending {
+    return new AuthorizationPending().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: AuthorizationPending | PlainMessage<AuthorizationPending> | undefined, b: AuthorizationPending | PlainMessage<AuthorizationPending> | undefined): boolean {
+    return proto3.util.equals(AuthorizationPending, a, b);
+  }
+}
+
+/**
+ * @generated from message liquidmetal.v1alpha1.BearerToken
+ */
+export class BearerToken extends Message<BearerToken> {
+  /**
+   * access_token is the string to be provided as a Bearer to APIs
+   *
+   * @generated from field: string access_token = 1;
+   */
+  accessToken = "";
+
+  /**
+   * access_token_expires_at is when the access token expires (though the
+   * access token happens to be a jwt and also includes an expires at field,
+   * this allows the client to use the access token without needing to know
+   * how to validate or parse it.)
+   *
+   * @generated from field: google.protobuf.Timestamp access_token_expires_at = 2;
+   */
+  accessTokenExpiresAt?: Timestamp;
+
+  /**
+   * refresh_token is utilized when the access token expires to gain another
+   * access token. the value will be provided upon a new grant, and may be
+   * omitted upon refresh. whenever the value is provided, any previously stored
+   * refresh token must be discarded and replaced by this value.
+   *
+   * @generated from field: optional string refresh_token = 3;
+   */
+  refreshToken?: string;
+
+  /**
+   * user_id, user_email, organization_id, and organization_name are surfaced
+   * for the client to present to the user for choosing which token to utilize
+   * or remove for cli use cases.
+   *
+   * @generated from field: string user_id = 4;
+   */
+  userId = "";
+
+  /**
+   * @generated from field: string user_email = 5;
+   */
+  userEmail = "";
+
+  /**
+   * @generated from field: string organization_id = 6;
+   */
+  organizationId = "";
+
+  /**
+   * @generated from field: string organization_name = 7;
+   */
+  organizationName = "";
+
+  /**
+   * catalog_service_base_url is used by the cli to determine which endpoint to
+   * address when speaking to this organization.
+   *
+   * @generated from field: string catalog_service_base_url = 8;
+   */
+  catalogServiceBaseUrl = "";
+
+  constructor(data?: PartialMessage<BearerToken>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.BearerToken";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "access_token", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 2, name: "access_token_expires_at", kind: "message", T: Timestamp },
+    { no: 3, name: "refresh_token", kind: "scalar", T: 9 /* ScalarType.STRING */, opt: true },
+    { no: 4, name: "user_id", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 5, name: "user_email", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 6, name: "organization_id", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 7, name: "organization_name", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+    { no: 8, name: "catalog_service_base_url", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): BearerToken {
+    return new BearerToken().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): BearerToken {
+    return new BearerToken().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): BearerToken {
+    return new BearerToken().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: BearerToken | PlainMessage<BearerToken> | undefined, b: BearerToken | PlainMessage<BearerToken> | undefined): boolean {
+    return proto3.util.equals(BearerToken, a, b);
+  }
+}
+
+/**
+ * AuthenticationState is serialized and provided to WorkOS when redirecting the
+ * user to complete authentication, this state is then copied forward by WorkOS
+ * to the redirectUrl so it can be read again upon successful authentication.
+ *
+ * @generated from message liquidmetal.v1alpha1.AuthenticationState
+ */
+export class AuthenticationState extends Message<AuthenticationState> {
+  /**
+   * device_code is the RFC8628 code that the cli is polling for and the browser
+   * needs to know about once authentication from WorkOS completes.
+   *
+   * @generated from field: string device_code = 1;
+   */
+  deviceCode = "";
+
+  constructor(data?: PartialMessage<AuthenticationState>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.AuthenticationState";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "device_code", kind: "scalar", T: 9 /* ScalarType.STRING */ },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): AuthenticationState {
+    return new AuthenticationState().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): AuthenticationState {
+    return new AuthenticationState().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): AuthenticationState {
+    return new AuthenticationState().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: AuthenticationState | PlainMessage<AuthenticationState> | undefined, b: AuthenticationState | PlainMessage<AuthenticationState> | undefined): boolean {
+    return proto3.util.equals(AuthenticationState, a, b);
+  }
+}
+

package/src/liquidmetal/v1alpha1/raindrop_pb.ts

@@ -0,0 +1,63 @@
+// @generated by protoc-gen-es v1.10.0 with parameter "target=ts"
+// @generated from file liquidmetal/v1alpha1/raindrop.proto (package liquidmetal.v1alpha1, syntax proto3)
+/* eslint-disable */
+// @ts-nocheck
+
+import type { BinaryReadOptions, FieldList, JsonReadOptions, JsonValue, PartialMessage, PlainMessage } from "@bufbuild/protobuf";
+import { Message, proto3 } from "@bufbuild/protobuf";
+import { BearerToken } from "./rainbow_auth_pb.js";
+
+/**
+ * RaindropState represents the persisted state that raindrop utilizes to
+ * understand login information and current context.
+ *
+ * @generated from message liquidmetal.v1alpha1.RaindropState
+ */
+export class RaindropState extends Message<RaindropState> {
+  /**
+   * organization_id_to_bearer_token is a map of BearerToken credentials by
+   * organizationId. As tokens are refreshed, the value is replaced in this map.
+   * It is not possible to log into a single organization using separate
+   * credentials on the CLI.
+   *
+   * @generated from field: map<string, liquidmetal.v1alpha1.BearerToken> organization_id_to_bearer_token = 1;
+   */
+  organizationIdToBearerToken: { [key: string]: BearerToken } = {};
+
+  /**
+   * current_organization_id is the organization that the cli is selected to
+   * operate against using the associated credentials.
+   *
+   * @generated from field: optional string current_organization_id = 2;
+   */
+  currentOrganizationId?: string;
+
+  constructor(data?: PartialMessage<RaindropState>) {
+    super();
+    proto3.util.initPartial(data, this);
+  }
+
+  static readonly runtime: typeof proto3 = proto3;
+  static readonly typeName = "liquidmetal.v1alpha1.RaindropState";
+  static readonly fields: FieldList = proto3.util.newFieldList(() => [
+    { no: 1, name: "organization_id_to_bearer_token", kind: "map", K: 9 /* ScalarType.STRING */, V: {kind: "message", T: BearerToken} },
+    { no: 2, name: "current_organization_id", kind: "scalar", T: 9 /* ScalarType.STRING */, opt: true },
+  ]);
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): RaindropState {
+    return new RaindropState().fromBinary(bytes, options);
+  }
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): RaindropState {
+    return new RaindropState().fromJson(jsonValue, options);
+  }
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): RaindropState {
+    return new RaindropState().fromJsonString(jsonString, options);
+  }
+
+  static equals(a: RaindropState | PlainMessage<RaindropState> | undefined, b: RaindropState | PlainMessage<RaindropState> | undefined): boolean {
+    return proto3.util.equals(RaindropState, a, b);
+  }
+}
+

package/src/unsafe/codestore.test.ts

@@ -0,0 +1,34 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'os';
+import { expect, test } from 'vitest';
+import { FileSystemBundle } from './codestore.js';
+
+test('FileSystemBundle maps to local files and their contents', async () => {
+  // Get a temporary directory.
+  const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'test'));
+  const bundle = new FileSystemBundle(tmpDir);
+
+  // Write
+  await bundle.write('a.txt', Buffer.from('a\n'));
+  await bundle.write('b.txt', Buffer.from('b\n'));
+
+  // List
+  const files = await bundle.list();
+  expect(files).toEqual(['a.txt', 'b.txt']);
+
+  // Read
+  const a = await bundle.read('a.txt');
+  expect(a.toString()).toEqual('a\n');
+  const b = await bundle.read('b.txt');
+  expect(b.toString()).toEqual('b\n');
+
+  // Delete
+  await bundle.delete('a.txt');
+  await bundle.delete('b.txt');
+
+  expect(await bundle.list()).toEqual([]);
+
+  // Cleanup
+  await fs.rmdir(tmpDir);
+});

package/src/unsafe/codestore.ts

@@ -0,0 +1,29 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { Bundle, BundleBase } from '../codestore.js';
+
+// FileSystemBundle is a Bundle backed by the file system.
+export class FileSystemBundle extends BundleBase implements Bundle {
+  private root: string;
+
+  constructor(root: string) {
+    super();
+    this.root = root;
+  }
+
+  async list(): Promise<string[]> {
+    return fs.readdir(this.root, { recursive: true });
+  }
+
+  async read(name: string): Promise<Buffer> {
+    return fs.readFile(path.join(this.root, name));
+  }
+
+  async write(name: string, content: Buffer): Promise<void> {
+    await fs.writeFile(path.join(this.root, name), content);
+  }
+
+  async delete(name: string): Promise<void> {
+    await fs.unlink(path.join(this.root, name));
+  }
+}

package/tsconfig.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "compilerOptions": {
+    "declaration": true,
+    "declarationMap": true,
+    "esModuleInterop": true,
+    "incremental": false,
+    "isolatedModules": true,
+    "lib": [
+      "es2022",
+      "DOM",
+      "DOM.Iterable"
+    ],
+    "lib": ["ESNext"],
+    "module" : "ESNext",
+    "moduleDetection": "force",
+    "moduleResolution": "bundler",
+    "noEmit": false,
+    "noUncheckedIndexedAccess": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "resolveJsonModule": true,
+    "skipLibCheck": true,
+    "strict": true,
+    "target": "ESNext",
+    "types": [
+      "@cloudflare/workers-types"
+    ]
+  },
+  "exclude": ["eslint.config.js", "*.test.ts", "test", "tmp/**", "dist/**"]
+}