@mizchi/k1c 0.1.0

package/dist/providers/custom-domain.js

@@ -0,0 +1,120 @@
+import { z } from 'zod';
+import { NotFound } from "./types.js";
+import { toProviderError } from "./errors.js";
+export const customDomainSchema = z.object({
+    hostname: z.string(),
+    service: z.string(),
+    zoneId: z.string(),
+    environment: z.string(),
+});
+const SERVICE_PREFIX = 'k1c--';
+/**
+ * Cloudflare's Worker Custom Domain has no per-domain user tag for managed-by markers,
+ * so ownership is inferred from `service` (the Worker script name) starting with the
+ * k1c naming convention. This is good enough for v0.1.
+ */
+function isManaged(service) {
+    return typeof service === 'string' && service.startsWith(SERVICE_PREFIX);
+}
+function labelFromHostname(hostname) {
+    if (!hostname)
+        return null;
+    return hostname; // hostname is globally unique within the account, fine as-is
+}
+export const customDomainProvider = {
+    resourceType: 'CustomDomain',
+    schema: customDomainSchema,
+    async *list(ctx) {
+        let iter;
+        try {
+            iter = ctx.cloudflare.workers.domains.list({ account_id: ctx.accountId });
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+        try {
+            for await (const dom of iter) {
+                if (!isManaged(dom.service))
+                    continue;
+                const label = labelFromHostname(dom.hostname);
+                if (label === null || !dom.id)
+                    continue;
+                yield { nativeId: dom.id, label };
+            }
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async read(ctx, nativeId) {
+        try {
+            const dom = await ctx.cloudflare.workers.domains.get(nativeId, {
+                account_id: ctx.accountId,
+            });
+            if (!dom.hostname || !dom.service || !dom.zone_id)
+                return NotFound;
+            return {
+                hostname: dom.hostname,
+                service: dom.service,
+                zoneId: dom.zone_id,
+                environment: dom.environment ?? 'production',
+            };
+        }
+        catch (raw) {
+            const err = toProviderError(raw);
+            if (err.code === 'NotFound')
+                return NotFound;
+            throw err;
+        }
+    },
+    async create(ctx, _label, desired) {
+        try {
+            const dom = await ctx.cloudflare.workers.domains.update({
+                account_id: ctx.accountId,
+                hostname: desired.hostname,
+                service: desired.service,
+                zone_id: desired.zoneId,
+                environment: desired.environment,
+            });
+            return {
+                kind: 'sync',
+                nativeId: dom.id ?? desired.hostname,
+                properties: desired,
+            };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async update(ctx, _nativeId, _prior, desired) {
+        try {
+            // The Workers Domains API uses a single PUT for create-or-update; there is no
+            // per-id update endpoint. Re-issuing the upsert is safe and idempotent.
+            const dom = await ctx.cloudflare.workers.domains.update({
+                account_id: ctx.accountId,
+                hostname: desired.hostname,
+                service: desired.service,
+                zone_id: desired.zoneId,
+                environment: desired.environment,
+            });
+            return {
+                kind: 'sync',
+                nativeId: dom.id ?? desired.hostname,
+                properties: desired,
+            };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async delete(ctx, nativeId) {
+        try {
+            await ctx.cloudflare.workers.domains.delete(nativeId, { account_id: ctx.accountId });
+            return { kind: 'sync' };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+};
+//# sourceMappingURL=custom-domain.js.map

package/dist/providers/d1-database.d.ts

@@ -0,0 +1,9 @@
+import { z } from 'zod';
+import type { CloudflareResourceProvider } from './types.ts';
+export interface D1DatabaseProperties {
+    readonly databaseName: string;
+    readonly primaryLocationHint?: 'wnam' | 'enam' | 'weur' | 'eeur' | 'apac' | 'oc';
+}
+export declare const d1DatabasePropsSchema: z.ZodType<D1DatabaseProperties>;
+export declare const d1DatabaseProvider: CloudflareResourceProvider<D1DatabaseProperties>;
+//# sourceMappingURL=d1-database.d.ts.map

package/dist/providers/d1-database.js

@@ -0,0 +1,106 @@
+import { z } from 'zod';
+import { NotFound } from "./types.js";
+import { toProviderError } from "./errors.js";
+export const d1DatabasePropsSchema = z.object({
+    databaseName: z.string(),
+    primaryLocationHint: z.enum(['wnam', 'enam', 'weur', 'eeur', 'apac', 'oc']).optional(),
+});
+const NAME_PREFIX = 'k1c-';
+function parseLabel(name) {
+    if (!name.startsWith(NAME_PREFIX))
+        return null;
+    const rest = name.slice(NAME_PREFIX.length);
+    const dash = rest.indexOf('-');
+    if (dash <= 0 || dash === rest.length - 1)
+        return null;
+    return `${rest.slice(0, dash)}/${rest.slice(dash + 1)}`;
+}
+export const d1DatabaseProvider = {
+    resourceType: 'D1Database',
+    schema: d1DatabasePropsSchema,
+    async *list(ctx) {
+        let iter;
+        try {
+            iter = ctx.cloudflare.d1.database.list({ account_id: ctx.accountId });
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+        try {
+            for await (const db of iter) {
+                const dbName = db.name;
+                const dbId = db.uuid;
+                if (!dbName || !dbId)
+                    continue;
+                const label = parseLabel(dbName);
+                if (label === null)
+                    continue;
+                yield { nativeId: dbId, label };
+            }
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async read(ctx, nativeId) {
+        try {
+            const db = await ctx.cloudflare.d1.database.get(nativeId, { account_id: ctx.accountId });
+            const d = db;
+            if (!d.name)
+                return NotFound;
+            // primary_location_hint is set on create and not always returned. Skip on read.
+            return { databaseName: d.name };
+        }
+        catch (raw) {
+            const err = toProviderError(raw);
+            if (err.code === 'NotFound')
+                return NotFound;
+            throw err;
+        }
+    },
+    async create(ctx, _label, desired) {
+        try {
+            const db = await ctx.cloudflare.d1.database.create({
+                account_id: ctx.accountId,
+                name: desired.databaseName,
+                ...(desired.primaryLocationHint !== undefined
+                    ? { primary_location_hint: desired.primaryLocationHint }
+                    : {}),
+            });
+            const id = db.uuid ?? desired.databaseName;
+            return {
+                kind: 'sync',
+                nativeId: id,
+                properties: { databaseName: desired.databaseName },
+            };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async update(_ctx, _nativeId, prior, desired) {
+        // D1 databases are essentially immutable from k1c's manifest perspective:
+        // primary location and name cannot be changed in place, so any property change
+        // forces a recreate. The reconciler will surface this to the user.
+        if (prior.databaseName !== desired.databaseName ||
+            prior.primaryLocationHint !== desired.primaryLocationHint) {
+            throw {
+                code: 'NotUpdatable',
+                recoverable: false,
+                suggest: 'recreate',
+                message: 'D1 database name and primary location are immutable; recreate to change.',
+            };
+        }
+        return { kind: 'noop' };
+    },
+    async delete(ctx, nativeId) {
+        try {
+            await ctx.cloudflare.d1.database.delete(nativeId, { account_id: ctx.accountId });
+            return { kind: 'sync' };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+};
+//# sourceMappingURL=d1-database.js.map

package/dist/providers/dispatch-namespace.d.ts

@@ -0,0 +1,8 @@
+import { z } from 'zod';
+import type { CloudflareResourceProvider } from './types.ts';
+export interface DispatchNamespaceProperties {
+    readonly namespaceName: string;
+}
+export declare const dispatchNamespaceSchema: z.ZodType<DispatchNamespaceProperties>;
+export declare const dispatchNamespaceProvider: CloudflareResourceProvider<DispatchNamespaceProperties>;
+//# sourceMappingURL=dispatch-namespace.d.ts.map

package/dist/providers/dispatch-namespace.js

@@ -0,0 +1,100 @@
+import { z } from 'zod';
+import { NotFound } from "./types.js";
+import { toProviderError } from "./errors.js";
+export const dispatchNamespaceSchema = z.object({
+    namespaceName: z.string(),
+});
+const NAME_PREFIX = 'k1c-';
+function parseLabel(name) {
+    if (!name.startsWith(NAME_PREFIX))
+        return null;
+    const rest = name.slice(NAME_PREFIX.length);
+    const dash = rest.indexOf('-');
+    if (dash <= 0 || dash === rest.length - 1)
+        return null;
+    return `${rest.slice(0, dash)}/${rest.slice(dash + 1)}`;
+}
+export const dispatchNamespaceProvider = {
+    resourceType: 'DispatchNamespace',
+    schema: dispatchNamespaceSchema,
+    async *list(ctx) {
+        let iter;
+        try {
+            iter = ctx.cloudflare.workersForPlatforms.dispatch.namespaces.list({
+                account_id: ctx.accountId,
+            });
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+        try {
+            for await (const ns of iter) {
+                const name = ns.namespace_name;
+                if (!name)
+                    continue;
+                const label = parseLabel(name);
+                if (label === null)
+                    continue;
+                yield { nativeId: name, label };
+            }
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async read(ctx, nativeId) {
+        try {
+            const ns = await ctx.cloudflare.workersForPlatforms.dispatch.namespaces.get(nativeId, {
+                account_id: ctx.accountId,
+            });
+            return { namespaceName: ns.namespace_name ?? nativeId };
+        }
+        catch (raw) {
+            const err = toProviderError(raw);
+            if (err.code === 'NotFound')
+                return NotFound;
+            throw err;
+        }
+    },
+    async create(ctx, _label, desired) {
+        try {
+            const ns = await ctx.cloudflare.workersForPlatforms.dispatch.namespaces.create({
+                account_id: ctx.accountId,
+                name: desired.namespaceName,
+            });
+            return {
+                kind: 'sync',
+                nativeId: ns.namespace_name ?? desired.namespaceName,
+                properties: { namespaceName: ns.namespace_name ?? desired.namespaceName },
+            };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async update(_ctx, _nativeId, prior, desired) {
+        // Dispatch namespaces are effectively immutable. The only "field" is the name itself,
+        // and CF does not support rename. If desired differs from prior, recreate is required.
+        if (prior.namespaceName !== desired.namespaceName) {
+            throw {
+                code: 'NotUpdatable',
+                recoverable: false,
+                suggest: 'recreate',
+                message: 'Dispatch namespace name is immutable; recreate to change.',
+            };
+        }
+        return { kind: 'noop' };
+    },
+    async delete(ctx, nativeId) {
+        try {
+            await ctx.cloudflare.workersForPlatforms.dispatch.namespaces.delete(nativeId, {
+                account_id: ctx.accountId,
+            });
+            return { kind: 'sync' };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+};
+//# sourceMappingURL=dispatch-namespace.js.map

package/dist/providers/dns-record.d.ts

@@ -0,0 +1,14 @@
+import { z } from 'zod';
+import type { CloudflareResourceProvider } from './types.ts';
+export interface DNSRecordProperties {
+    readonly zoneId: string;
+    readonly type: 'A' | 'AAAA' | 'CNAME' | 'TXT' | 'MX';
+    readonly name: string;
+    readonly content: string;
+    readonly ttl?: number;
+    readonly proxied?: boolean;
+    readonly priority?: number;
+}
+export declare const dnsRecordPropsSchema: z.ZodType<DNSRecordProperties>;
+export declare const dnsRecordProvider: CloudflareResourceProvider<DNSRecordProperties>;
+//# sourceMappingURL=dns-record.d.ts.map

package/dist/providers/dns-record.js

@@ -0,0 +1,136 @@
+import { z } from 'zod';
+import { NotFound } from "./types.js";
+import { toProviderError } from "./errors.js";
+export const dnsRecordPropsSchema = z.object({
+    zoneId: z.string(),
+    type: z.enum(['A', 'AAAA', 'CNAME', 'TXT', 'MX']),
+    name: z.string(),
+    content: z.string(),
+    ttl: z.number().int().nonnegative().optional(),
+    proxied: z.boolean().optional(),
+    priority: z.number().int().nonnegative().optional(),
+});
+const COMMENT_PREFIX = 'k1c.io/managed=';
+function parseLabel(comment) {
+    if (!comment)
+        return null;
+    if (!comment.startsWith(COMMENT_PREFIX))
+        return null;
+    return comment.slice(COMMENT_PREFIX.length);
+}
+function buildBody(props, label) {
+    return {
+        type: props.type,
+        name: props.name,
+        content: props.content,
+        comment: `${COMMENT_PREFIX}${label}`,
+        ...(props.ttl !== undefined ? { ttl: props.ttl } : {}),
+        ...(props.proxied !== undefined ? { proxied: props.proxied } : {}),
+        ...(props.priority !== undefined ? { priority: props.priority } : {}),
+    };
+}
+export const dnsRecordProvider = {
+    resourceType: 'DNSRecord',
+    schema: dnsRecordPropsSchema,
+    async *list(ctx) {
+        if (ctx.zoneId === undefined) {
+            // No zone bound; we can't enumerate records account-wide. Yield nothing
+            // and rely on the caller to filter by manifest scope.
+            return;
+        }
+        let iter;
+        try {
+            iter = ctx.cloudflare.dns.records.list({ zone_id: ctx.zoneId });
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+        try {
+            for await (const rec of iter) {
+                const r = rec;
+                if (!r.id)
+                    continue;
+                const label = parseLabel(r.comment);
+                if (label === null)
+                    continue;
+                yield { nativeId: r.id, label };
+            }
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async read(ctx, nativeId) {
+        if (ctx.zoneId === undefined)
+            return NotFound;
+        try {
+            const rec = await ctx.cloudflare.dns.records.get(nativeId, { zone_id: ctx.zoneId });
+            const r = rec;
+            if (!r.type || !r.name || !r.content)
+                return NotFound;
+            return {
+                zoneId: ctx.zoneId,
+                type: r.type,
+                name: r.name,
+                content: r.content,
+                ...(r.ttl !== undefined ? { ttl: r.ttl } : {}),
+                ...(r.proxied !== undefined ? { proxied: r.proxied } : {}),
+                ...(r.priority !== undefined ? { priority: r.priority } : {}),
+            };
+        }
+        catch (raw) {
+            const err = toProviderError(raw);
+            if (err.code === 'NotFound')
+                return NotFound;
+            throw err;
+        }
+    },
+    async create(ctx, label, desired) {
+        try {
+            const rec = await ctx.cloudflare.dns.records.create({
+                zone_id: desired.zoneId,
+                ...buildBody(desired, label),
+            });
+            const id = rec.id ?? `${desired.type}-${desired.name}`;
+            return { kind: 'sync', nativeId: id, properties: desired };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async update(ctx, nativeId, _prior, desired) {
+        try {
+            // Use full PUT (`update`) rather than PATCH (`edit`) so the record state matches
+            // the manifest exactly — fields the user removed should be reset to defaults.
+            const rec = await ctx.cloudflare.dns.records.update(nativeId, {
+                zone_id: desired.zoneId,
+                ...buildBody(desired, /* label is irrelevant on update */ ''),
+            });
+            const id = rec.id ?? nativeId;
+            // Preserve the original comment label by re-issuing it; otherwise the manifest's
+            // label would drop and the record would no longer be detected as managed.
+            void ctx;
+            return { kind: 'sync', nativeId: id, properties: desired };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+    async delete(ctx, nativeId) {
+        if (ctx.zoneId === undefined) {
+            throw {
+                code: 'InvalidRequest',
+                recoverable: false,
+                message: 'DNSRecord delete requires zoneId in ProviderContext',
+            };
+        }
+        try {
+            await ctx.cloudflare.dns.records.delete(nativeId, { zone_id: ctx.zoneId });
+            return { kind: 'sync' };
+        }
+        catch (raw) {
+            throw toProviderError(raw);
+        }
+    },
+};
+//# sourceMappingURL=dns-record.js.map

package/dist/providers/errors.d.ts

@@ -0,0 +1,8 @@
+import type { ProviderError } from './types.ts';
+export interface CloudflareLikeAPIError {
+    readonly status?: number;
+    readonly message?: string;
+    readonly name?: string;
+}
+export declare function toProviderError(raw: unknown): ProviderError;
+//# sourceMappingURL=errors.d.ts.map

package/dist/providers/errors.js

@@ -0,0 +1,64 @@
+export function toProviderError(raw) {
+    if (isAPIError(raw)) {
+        const status = raw.status ?? 0;
+        const message = raw.message ?? 'Cloudflare API error';
+        const code = statusToCode(status);
+        return {
+            code,
+            recoverable: isRecoverableCode(code),
+            message,
+            cause: raw,
+            ...(suggestForCode(code) ? { suggest: 'recreate' } : {}),
+        };
+    }
+    if (raw instanceof Error) {
+        return {
+            code: 'NetworkFailure',
+            recoverable: true,
+            message: raw.message,
+            cause: raw,
+        };
+    }
+    return {
+        code: 'ServiceInternalError',
+        recoverable: true,
+        message: String(raw),
+        cause: raw,
+    };
+}
+function statusToCode(status) {
+    if (status === 404)
+        return 'NotFound';
+    if (status === 403 || status === 401)
+        return 'AccessDenied';
+    if (status === 409)
+        return 'AlreadyExists';
+    if (status === 429)
+        return 'Throttling';
+    if (status >= 500)
+        return 'ServiceInternalError';
+    if (status === 408)
+        return 'ServiceTimeout';
+    if (status >= 400)
+        return 'InvalidRequest';
+    return 'ServiceInternalError';
+}
+function isRecoverableCode(code) {
+    return (code === 'Throttling' ||
+        code === 'NotStabilized' ||
+        code === 'ServiceInternalError' ||
+        code === 'ServiceTimeout' ||
+        code === 'NetworkFailure');
+}
+function suggestForCode(code) {
+    return code === 'NotFound' || code === 'NotUpdatable';
+}
+function isAPIError(raw) {
+    if (raw === null || typeof raw !== 'object')
+        return false;
+    const obj = raw;
+    if (typeof obj['status'] !== 'number')
+        return false;
+    return true;
+}
+//# sourceMappingURL=errors.js.map

package/dist/providers/hyperdrive.d.ts

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+import type { CloudflareResourceProvider } from './types.ts';
+export interface HyperdriveProperties {
+    readonly name: string;
+    readonly origin: {
+        readonly scheme: 'postgres' | 'postgresql' | 'mysql';
+        readonly host: string;
+        readonly port: number;
+        readonly database: string;
+        readonly user: string;
+        /**
+         * Resolved password value, uploaded to Cloudflare on create / update. Cloudflare
+         * never returns this on read, so propertiesEqual will mark Hyperdrive as drifted
+         * on every apply when this changes; that is acceptable for a write-only field.
+         */
+        readonly password: string;
+    };
+    readonly caching?: {
+        readonly disabled?: boolean;
+        readonly maxAge?: number;
+        readonly staleWhileRevalidate?: number;
+    };
+    readonly originConnectionLimit?: number;
+}
+export declare const hyperdriveSchema: z.ZodType<HyperdriveProperties>;
+export declare const hyperdriveProvider: CloudflareResourceProvider<HyperdriveProperties>;
+//# sourceMappingURL=hyperdrive.d.ts.map