@mysten-incubation/devstack 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (833) hide show
  1. package/LICENSE +189 -0
  2. package/README.md +94 -0
  3. package/dist/_virtual/_rolldown/runtime.mjs +13 -0
  4. package/dist/api/define-capabilities.d.mts +25 -0
  5. package/dist/api/define-capabilities.mjs +19 -0
  6. package/dist/api/define-capabilities.mjs.map +1 -0
  7. package/dist/api/define-devstack-with.d.mts +41 -0
  8. package/dist/api/define-devstack-with.mjs +24 -0
  9. package/dist/api/define-devstack-with.mjs.map +1 -0
  10. package/dist/api/define-devstack.d.mts +62 -0
  11. package/dist/api/define-devstack.mjs +108 -0
  12. package/dist/api/define-devstack.mjs.map +1 -0
  13. package/dist/api/define-plugin.d.mts +1 -0
  14. package/dist/api/inference-network.mjs +122 -0
  15. package/dist/api/inference-network.mjs.map +1 -0
  16. package/dist/api/mode-narrowed-factory.d.mts +26 -0
  17. package/dist/api/mode-narrowed-factory.mjs +8 -0
  18. package/dist/api/mode-narrowed-factory.mjs.map +1 -0
  19. package/dist/api/plugin-errors.mjs +10 -0
  20. package/dist/api/plugin-errors.mjs.map +1 -0
  21. package/dist/api/run-stack.d.mts +82 -0
  22. package/dist/api/run-stack.mjs +127 -0
  23. package/dist/api/run-stack.mjs.map +1 -0
  24. package/dist/build-integrations/playwright/config.d.mts +92 -0
  25. package/dist/build-integrations/playwright/config.mjs +71 -0
  26. package/dist/build-integrations/playwright/config.mjs.map +1 -0
  27. package/dist/build-integrations/playwright/errors.d.mts +82 -0
  28. package/dist/build-integrations/playwright/errors.mjs +43 -0
  29. package/dist/build-integrations/playwright/errors.mjs.map +1 -0
  30. package/dist/build-integrations/playwright/global-setup.d.mts +64 -0
  31. package/dist/build-integrations/playwright/global-setup.mjs +44 -0
  32. package/dist/build-integrations/playwright/global-setup.mjs.map +1 -0
  33. package/dist/build-integrations/playwright/index.d.mts +6 -0
  34. package/dist/build-integrations/playwright/index.mjs +6 -0
  35. package/dist/build-integrations/playwright/stack-context.d.mts +95 -0
  36. package/dist/build-integrations/playwright/stack-context.mjs +277 -0
  37. package/dist/build-integrations/playwright/stack-context.mjs.map +1 -0
  38. package/dist/build-integrations/playwright/wallet-context.d.mts +87 -0
  39. package/dist/build-integrations/playwright/wallet-context.mjs +148 -0
  40. package/dist/build-integrations/playwright/wallet-context.mjs.map +1 -0
  41. package/dist/build-integrations/runtime/cold-start-url.d.mts +67 -0
  42. package/dist/build-integrations/runtime/cold-start-url.mjs +56 -0
  43. package/dist/build-integrations/runtime/cold-start-url.mjs.map +1 -0
  44. package/dist/build-integrations/runtime/dapp-kit-slot.mjs +10 -0
  45. package/dist/build-integrations/runtime/dapp-kit-slot.mjs.map +1 -0
  46. package/dist/build-integrations/runtime/discover.d.mts +78 -0
  47. package/dist/build-integrations/runtime/discover.mjs +124 -0
  48. package/dist/build-integrations/runtime/discover.mjs.map +1 -0
  49. package/dist/build-integrations/runtime/endpoint-registry.d.mts +26 -0
  50. package/dist/build-integrations/runtime/endpoint-registry.mjs +41 -0
  51. package/dist/build-integrations/runtime/endpoint-registry.mjs.map +1 -0
  52. package/dist/build-integrations/runtime/errors.d.mts +64 -0
  53. package/dist/build-integrations/runtime/errors.mjs +51 -0
  54. package/dist/build-integrations/runtime/errors.mjs.map +1 -0
  55. package/dist/build-integrations/runtime/index.d.mts +7 -0
  56. package/dist/build-integrations/runtime/index.mjs +6 -0
  57. package/dist/build-integrations/runtime/read-stack-context.d.mts +38 -0
  58. package/dist/build-integrations/runtime/read-stack-context.mjs +130 -0
  59. package/dist/build-integrations/runtime/read-stack-context.mjs.map +1 -0
  60. package/dist/build-integrations/runtime/stack-context.d.mts +53 -0
  61. package/dist/build-integrations/vitest/config.d.mts +62 -0
  62. package/dist/build-integrations/vitest/config.mjs +80 -0
  63. package/dist/build-integrations/vitest/config.mjs.map +1 -0
  64. package/dist/build-integrations/vitest/env.d.mts +48 -0
  65. package/dist/build-integrations/vitest/env.mjs +50 -0
  66. package/dist/build-integrations/vitest/env.mjs.map +1 -0
  67. package/dist/build-integrations/vitest/errors.d.mts +44 -0
  68. package/dist/build-integrations/vitest/errors.mjs +18 -0
  69. package/dist/build-integrations/vitest/errors.mjs.map +1 -0
  70. package/dist/build-integrations/vitest/index.d.mts +6 -0
  71. package/dist/build-integrations/vitest/index.mjs +6 -0
  72. package/dist/build-integrations/vitest/setup.d.mts +53 -0
  73. package/dist/build-integrations/vitest/setup.mjs +56 -0
  74. package/dist/build-integrations/vitest/setup.mjs.map +1 -0
  75. package/dist/build-integrations/vitest/stack-context.d.mts +58 -0
  76. package/dist/build-integrations/vitest/stack-context.mjs +67 -0
  77. package/dist/build-integrations/vitest/stack-context.mjs.map +1 -0
  78. package/dist/cli/main.d.mts +5 -0
  79. package/dist/cli/main.mjs +586 -0
  80. package/dist/cli/main.mjs.map +1 -0
  81. package/dist/cli/prune-direct.mjs +216 -0
  82. package/dist/cli/prune-direct.mjs.map +1 -0
  83. package/dist/cli/snapshot-reader.mjs +73 -0
  84. package/dist/cli/snapshot-reader.mjs.map +1 -0
  85. package/dist/cli/up-lifecycle.mjs +28 -0
  86. package/dist/cli/up-lifecycle.mjs.map +1 -0
  87. package/dist/contracts/capability-decl.d.mts +42 -0
  88. package/dist/contracts/chain-probe.d.mts +26 -0
  89. package/dist/contracts/chain-probe.mjs +8 -0
  90. package/dist/contracts/chain-probe.mjs.map +1 -0
  91. package/dist/contracts/codegenable.d.mts +43 -0
  92. package/dist/contracts/container-runtime.d.mts +245 -0
  93. package/dist/contracts/liveness-classifier.d.mts +19 -0
  94. package/dist/contracts/network-resolver.d.mts +15 -0
  95. package/dist/contracts/network-resolver.mjs +7 -0
  96. package/dist/contracts/network-resolver.mjs.map +1 -0
  97. package/dist/contracts/projection.d.mts +15 -0
  98. package/dist/contracts/routable.d.mts +53 -0
  99. package/dist/contracts/snapshotable.d.mts +39 -0
  100. package/dist/contracts/strategy-contributor.d.mts +26 -0
  101. package/dist/index.d.mts +89 -0
  102. package/dist/index.mjs +37 -0
  103. package/dist/orchestrators/codegen/bindings.d.mts +2 -0
  104. package/dist/orchestrators/codegen/bindings.mjs +340 -0
  105. package/dist/orchestrators/codegen/bindings.mjs.map +1 -0
  106. package/dist/orchestrators/codegen/emit.mjs +56 -0
  107. package/dist/orchestrators/codegen/emit.mjs.map +1 -0
  108. package/dist/orchestrators/codegen/errors.d.mts +1 -0
  109. package/dist/orchestrators/codegen/errors.mjs +66 -0
  110. package/dist/orchestrators/codegen/errors.mjs.map +1 -0
  111. package/dist/orchestrators/codegen/extras.mjs +16 -0
  112. package/dist/orchestrators/codegen/extras.mjs.map +1 -0
  113. package/dist/orchestrators/codegen/format.mjs +109 -0
  114. package/dist/orchestrators/codegen/format.mjs.map +1 -0
  115. package/dist/orchestrators/codegen/gitignore.mjs +67 -0
  116. package/dist/orchestrators/codegen/gitignore.mjs.map +1 -0
  117. package/dist/orchestrators/codegen/paths.d.mts +1 -0
  118. package/dist/orchestrators/codegen/paths.mjs +33 -0
  119. package/dist/orchestrators/codegen/paths.mjs.map +1 -0
  120. package/dist/orchestrators/codegen/permissions.mjs +6 -0
  121. package/dist/orchestrators/codegen/permissions.mjs.map +1 -0
  122. package/dist/orchestrators/codegen/service.d.mts +1 -0
  123. package/dist/orchestrators/codegen/service.mjs +276 -0
  124. package/dist/orchestrators/codegen/service.mjs.map +1 -0
  125. package/dist/orchestrators/router/cleanup.mjs +58 -0
  126. package/dist/orchestrators/router/cleanup.mjs.map +1 -0
  127. package/dist/orchestrators/router/cors.mjs +31 -0
  128. package/dist/orchestrators/router/cors.mjs.map +1 -0
  129. package/dist/orchestrators/router/entrypoints.d.mts +1 -0
  130. package/dist/orchestrators/router/entrypoints.mjs +80 -0
  131. package/dist/orchestrators/router/entrypoints.mjs.map +1 -0
  132. package/dist/orchestrators/router/errors.d.mts +1 -0
  133. package/dist/orchestrators/router/errors.mjs +103 -0
  134. package/dist/orchestrators/router/errors.mjs.map +1 -0
  135. package/dist/orchestrators/router/file-provider.d.mts +1 -0
  136. package/dist/orchestrators/router/file-provider.mjs +320 -0
  137. package/dist/orchestrators/router/file-provider.mjs.map +1 -0
  138. package/dist/orchestrators/router/hostname.d.mts +1 -0
  139. package/dist/orchestrators/router/hostname.mjs +107 -0
  140. package/dist/orchestrators/router/hostname.mjs.map +1 -0
  141. package/dist/orchestrators/router/index.d.mts +1 -0
  142. package/dist/orchestrators/router/profile.d.mts +1 -0
  143. package/dist/orchestrators/router/profile.mjs +109 -0
  144. package/dist/orchestrators/router/profile.mjs.map +1 -0
  145. package/dist/orchestrators/router/service.d.mts +3 -0
  146. package/dist/orchestrators/router/service.mjs +421 -0
  147. package/dist/orchestrators/router/service.mjs.map +1 -0
  148. package/dist/orchestrators/router/traefik-container.d.mts +1 -0
  149. package/dist/orchestrators/router/traefik-container.mjs +229 -0
  150. package/dist/orchestrators/router/traefik-container.mjs.map +1 -0
  151. package/dist/orchestrators/runtime-composition.d.mts +10 -0
  152. package/dist/orchestrators/runtime-composition.mjs +168 -0
  153. package/dist/orchestrators/runtime-composition.mjs.map +1 -0
  154. package/dist/orchestrators/snapshot/capture.d.mts +1 -0
  155. package/dist/orchestrators/snapshot/capture.mjs +350 -0
  156. package/dist/orchestrators/snapshot/capture.mjs.map +1 -0
  157. package/dist/orchestrators/snapshot/descriptor.d.mts +1 -0
  158. package/dist/orchestrators/snapshot/descriptor.mjs +109 -0
  159. package/dist/orchestrators/snapshot/descriptor.mjs.map +1 -0
  160. package/dist/orchestrators/snapshot/identity-guard.d.mts +1 -0
  161. package/dist/orchestrators/snapshot/identity-guard.mjs +132 -0
  162. package/dist/orchestrators/snapshot/identity-guard.mjs.map +1 -0
  163. package/dist/orchestrators/snapshot/image-bundle-tags.mjs +207 -0
  164. package/dist/orchestrators/snapshot/image-bundle-tags.mjs.map +1 -0
  165. package/dist/orchestrators/snapshot/index.d.mts +1 -0
  166. package/dist/orchestrators/snapshot/integrity.d.mts +1 -0
  167. package/dist/orchestrators/snapshot/integrity.mjs +74 -0
  168. package/dist/orchestrators/snapshot/integrity.mjs.map +1 -0
  169. package/dist/orchestrators/snapshot/prune.d.mts +1 -0
  170. package/dist/orchestrators/snapshot/prune.mjs +110 -0
  171. package/dist/orchestrators/snapshot/prune.mjs.map +1 -0
  172. package/dist/orchestrators/snapshot/restore.d.mts +1 -0
  173. package/dist/orchestrators/snapshot/restore.mjs +404 -0
  174. package/dist/orchestrators/snapshot/restore.mjs.map +1 -0
  175. package/dist/orchestrators/snapshot/service.d.mts +1 -0
  176. package/dist/orchestrators/snapshot/service.mjs +296 -0
  177. package/dist/orchestrators/snapshot/service.mjs.map +1 -0
  178. package/dist/orchestrators/snapshot/state-document.mjs +18 -0
  179. package/dist/orchestrators/snapshot/state-document.mjs.map +1 -0
  180. package/dist/orchestrators/snapshot/wipe.d.mts +1 -0
  181. package/dist/orchestrators/snapshot/wipe.mjs +59 -0
  182. package/dist/orchestrators/snapshot/wipe.mjs.map +1 -0
  183. package/dist/plugins/account/codegen.d.mts +12 -0
  184. package/dist/plugins/account/codegen.mjs +22 -0
  185. package/dist/plugins/account/codegen.mjs.map +1 -0
  186. package/dist/plugins/account/errors.d.mts +44 -0
  187. package/dist/plugins/account/errors.mjs +16 -0
  188. package/dist/plugins/account/errors.mjs.map +1 -0
  189. package/dist/plugins/account/funding.d.mts +94 -0
  190. package/dist/plugins/account/funding.mjs +199 -0
  191. package/dist/plugins/account/funding.mjs.map +1 -0
  192. package/dist/plugins/account/index.d.mts +54 -0
  193. package/dist/plugins/account/index.mjs +151 -0
  194. package/dist/plugins/account/index.mjs.map +1 -0
  195. package/dist/plugins/account/keypair.d.mts +32 -0
  196. package/dist/plugins/account/keypair.mjs +99 -0
  197. package/dist/plugins/account/keypair.mjs.map +1 -0
  198. package/dist/plugins/account/lease.mjs +21 -0
  199. package/dist/plugins/account/lease.mjs.map +1 -0
  200. package/dist/plugins/account/registry.d.mts +33 -0
  201. package/dist/plugins/account/registry.mjs +36 -0
  202. package/dist/plugins/account/registry.mjs.map +1 -0
  203. package/dist/plugins/account/service.d.mts +104 -0
  204. package/dist/plugins/account/service.mjs +405 -0
  205. package/dist/plugins/account/service.mjs.map +1 -0
  206. package/dist/plugins/account/snapshot.mjs +33 -0
  207. package/dist/plugins/account/snapshot.mjs.map +1 -0
  208. package/dist/plugins/account/variants/env.mjs +24 -0
  209. package/dist/plugins/account/variants/env.mjs.map +1 -0
  210. package/dist/plugins/account/variants/ephemeral.mjs +72 -0
  211. package/dist/plugins/account/variants/ephemeral.mjs.map +1 -0
  212. package/dist/plugins/account/variants/impersonate.d.mts +16 -0
  213. package/dist/plugins/account/variants/impersonate.mjs +48 -0
  214. package/dist/plugins/account/variants/impersonate.mjs.map +1 -0
  215. package/dist/plugins/account/variants/inline.mjs +13 -0
  216. package/dist/plugins/account/variants/inline.mjs.map +1 -0
  217. package/dist/plugins/account/variants/keystore.mjs +93 -0
  218. package/dist/plugins/account/variants/keystore.mjs.map +1 -0
  219. package/dist/plugins/account/variants/signer.mjs +31 -0
  220. package/dist/plugins/account/variants/signer.mjs.map +1 -0
  221. package/dist/plugins/action/build-context.d.mts +41 -0
  222. package/dist/plugins/action/discriminator.d.mts +20 -0
  223. package/dist/plugins/action/discriminator.mjs +13 -0
  224. package/dist/plugins/action/discriminator.mjs.map +1 -0
  225. package/dist/plugins/action/errors.d.mts +31 -0
  226. package/dist/plugins/action/errors.mjs +13 -0
  227. package/dist/plugins/action/errors.mjs.map +1 -0
  228. package/dist/plugins/action/execute.d.mts +2 -0
  229. package/dist/plugins/action/execute.mjs +145 -0
  230. package/dist/plugins/action/execute.mjs.map +1 -0
  231. package/dist/plugins/action/index.d.mts +56 -0
  232. package/dist/plugins/action/index.mjs +82 -0
  233. package/dist/plugins/action/index.mjs.map +1 -0
  234. package/dist/plugins/action/service.d.mts +26 -0
  235. package/dist/plugins/action/service.mjs +84 -0
  236. package/dist/plugins/action/service.mjs.map +1 -0
  237. package/dist/plugins/coin/address-resolution.d.mts +34 -0
  238. package/dist/plugins/coin/address-resolution.mjs +80 -0
  239. package/dist/plugins/coin/address-resolution.mjs.map +1 -0
  240. package/dist/plugins/coin/codegen.d.mts +16 -0
  241. package/dist/plugins/coin/codegen.mjs +21 -0
  242. package/dist/plugins/coin/codegen.mjs.map +1 -0
  243. package/dist/plugins/coin/discovery.d.mts +26 -0
  244. package/dist/plugins/coin/discovery.mjs +112 -0
  245. package/dist/plugins/coin/discovery.mjs.map +1 -0
  246. package/dist/plugins/coin/errors.d.mts +48 -0
  247. package/dist/plugins/coin/errors.mjs +13 -0
  248. package/dist/plugins/coin/errors.mjs.map +1 -0
  249. package/dist/plugins/coin/index.d.mts +95 -0
  250. package/dist/plugins/coin/index.mjs +172 -0
  251. package/dist/plugins/coin/index.mjs.map +1 -0
  252. package/dist/plugins/coin/metadata.d.mts +15 -0
  253. package/dist/plugins/coin/metadata.mjs +99 -0
  254. package/dist/plugins/coin/metadata.mjs.map +1 -0
  255. package/dist/plugins/coin/mint.d.mts +34 -0
  256. package/dist/plugins/coin/mint.mjs +164 -0
  257. package/dist/plugins/coin/mint.mjs.map +1 -0
  258. package/dist/plugins/coin/registry.d.mts +1 -0
  259. package/dist/plugins/coin/registry.mjs +37 -0
  260. package/dist/plugins/coin/registry.mjs.map +1 -0
  261. package/dist/plugins/coin/service.d.mts +47 -0
  262. package/dist/plugins/coin/service.mjs +51 -0
  263. package/dist/plugins/coin/service.mjs.map +1 -0
  264. package/dist/plugins/coin/snapshot.mjs +19 -0
  265. package/dist/plugins/coin/snapshot.mjs.map +1 -0
  266. package/dist/plugins/coin/type-strings.mjs +49 -0
  267. package/dist/plugins/coin/type-strings.mjs.map +1 -0
  268. package/dist/plugins/deepbook/codegen.d.mts +39 -0
  269. package/dist/plugins/deepbook/codegen.mjs +15 -0
  270. package/dist/plugins/deepbook/codegen.mjs.map +1 -0
  271. package/dist/plugins/deepbook/deploy.mjs +437 -0
  272. package/dist/plugins/deepbook/deploy.mjs.map +1 -0
  273. package/dist/plugins/deepbook/errors.d.mts +29 -0
  274. package/dist/plugins/deepbook/errors.mjs +26 -0
  275. package/dist/plugins/deepbook/errors.mjs.map +1 -0
  276. package/dist/plugins/deepbook/faucet-strategy.d.mts +8 -0
  277. package/dist/plugins/deepbook/faucet-strategy.mjs +81 -0
  278. package/dist/plugins/deepbook/faucet-strategy.mjs.map +1 -0
  279. package/dist/plugins/deepbook/index.d.mts +171 -0
  280. package/dist/plugins/deepbook/index.mjs +359 -0
  281. package/dist/plugins/deepbook/index.mjs.map +1 -0
  282. package/dist/plugins/deepbook/plugin-key.mjs +7 -0
  283. package/dist/plugins/deepbook/plugin-key.mjs.map +1 -0
  284. package/dist/plugins/deepbook/pyth/index.mjs +226 -0
  285. package/dist/plugins/deepbook/pyth/index.mjs.map +1 -0
  286. package/dist/plugins/deepbook/routable.mjs +21 -0
  287. package/dist/plugins/deepbook/routable.mjs.map +1 -0
  288. package/dist/plugins/deepbook/snapshot.mjs +49 -0
  289. package/dist/plugins/deepbook/snapshot.mjs.map +1 -0
  290. package/dist/plugins/deepbook/types.d.mts +125 -0
  291. package/dist/plugins/deepbook/types.mjs +12 -0
  292. package/dist/plugins/deepbook/types.mjs.map +1 -0
  293. package/dist/plugins/faucet/dispatcher.d.mts +9 -0
  294. package/dist/plugins/faucet/dispatcher.mjs +13 -0
  295. package/dist/plugins/faucet/dispatcher.mjs.map +1 -0
  296. package/dist/plugins/faucet/errors.d.mts +86 -0
  297. package/dist/plugins/faucet/errors.mjs +19 -0
  298. package/dist/plugins/faucet/errors.mjs.map +1 -0
  299. package/dist/plugins/faucet/http.mjs +127 -0
  300. package/dist/plugins/faucet/http.mjs.map +1 -0
  301. package/dist/plugins/faucet/index.d.mts +43 -0
  302. package/dist/plugins/faucet/index.mjs +42 -0
  303. package/dist/plugins/faucet/index.mjs.map +1 -0
  304. package/dist/plugins/faucet/service.d.mts +20 -0
  305. package/dist/plugins/faucet/strategies/sui-local.d.mts +23 -0
  306. package/dist/plugins/faucet/strategies/sui-local.mjs +29 -0
  307. package/dist/plugins/faucet/strategies/sui-local.mjs.map +1 -0
  308. package/dist/plugins/host-service/errors.d.mts +27 -0
  309. package/dist/plugins/host-service/errors.mjs +14 -0
  310. package/dist/plugins/host-service/errors.mjs.map +1 -0
  311. package/dist/plugins/host-service/index.d.mts +10 -0
  312. package/dist/plugins/host-service/index.mjs +48 -0
  313. package/dist/plugins/host-service/index.mjs.map +1 -0
  314. package/dist/plugins/host-service/routable.mjs +24 -0
  315. package/dist/plugins/host-service/routable.mjs.map +1 -0
  316. package/dist/plugins/host-service/service.d.mts +49 -0
  317. package/dist/plugins/host-service/service.mjs +375 -0
  318. package/dist/plugins/host-service/service.mjs.map +1 -0
  319. package/dist/plugins/package/build.d.mts +1 -0
  320. package/dist/plugins/package/build.mjs +24 -0
  321. package/dist/plugins/package/build.mjs.map +1 -0
  322. package/dist/plugins/package/codegen.d.mts +19 -0
  323. package/dist/plugins/package/codegen.mjs +41 -0
  324. package/dist/plugins/package/codegen.mjs.map +1 -0
  325. package/dist/plugins/package/dep-resolution.mjs +10 -0
  326. package/dist/plugins/package/dep-resolution.mjs.map +1 -0
  327. package/dist/plugins/package/errors.d.mts +34 -0
  328. package/dist/plugins/package/errors.mjs +13 -0
  329. package/dist/plugins/package/errors.mjs.map +1 -0
  330. package/dist/plugins/package/index.d.mts +109 -0
  331. package/dist/plugins/package/index.mjs +207 -0
  332. package/dist/plugins/package/index.mjs.map +1 -0
  333. package/dist/plugins/package/mode-known.mjs +41 -0
  334. package/dist/plugins/package/mode-known.mjs.map +1 -0
  335. package/dist/plugins/package/mode-local.d.mts +1 -0
  336. package/dist/plugins/package/mode-local.mjs +183 -0
  337. package/dist/plugins/package/mode-local.mjs.map +1 -0
  338. package/dist/plugins/package/publish-executor.mjs +202 -0
  339. package/dist/plugins/package/publish-executor.mjs.map +1 -0
  340. package/dist/plugins/package/publish-output.d.mts +28 -0
  341. package/dist/plugins/package/publish-output.mjs +45 -0
  342. package/dist/plugins/package/publish-output.mjs.map +1 -0
  343. package/dist/plugins/package/registry.d.mts +25 -0
  344. package/dist/plugins/package/registry.mjs +30 -0
  345. package/dist/plugins/package/registry.mjs.map +1 -0
  346. package/dist/plugins/package/service.mjs +20 -0
  347. package/dist/plugins/package/service.mjs.map +1 -0
  348. package/dist/plugins/package/snapshot.mjs +25 -0
  349. package/dist/plugins/package/snapshot.mjs.map +1 -0
  350. package/dist/plugins/postgres/codegen.mjs +42 -0
  351. package/dist/plugins/postgres/codegen.mjs.map +1 -0
  352. package/dist/plugins/postgres/connection.d.mts +33 -0
  353. package/dist/plugins/postgres/connection.mjs +19 -0
  354. package/dist/plugins/postgres/connection.mjs.map +1 -0
  355. package/dist/plugins/postgres/db-ensure.mjs +100 -0
  356. package/dist/plugins/postgres/db-ensure.mjs.map +1 -0
  357. package/dist/plugins/postgres/errors.d.mts +55 -0
  358. package/dist/plugins/postgres/errors.mjs +29 -0
  359. package/dist/plugins/postgres/errors.mjs.map +1 -0
  360. package/dist/plugins/postgres/index.d.mts +37 -0
  361. package/dist/plugins/postgres/index.mjs +75 -0
  362. package/dist/plugins/postgres/index.mjs.map +1 -0
  363. package/dist/plugins/postgres/routable.mjs +33 -0
  364. package/dist/plugins/postgres/routable.mjs.map +1 -0
  365. package/dist/plugins/postgres/service.d.mts +50 -0
  366. package/dist/plugins/postgres/service.mjs +145 -0
  367. package/dist/plugins/postgres/service.mjs.map +1 -0
  368. package/dist/plugins/postgres/snapshot.d.mts +1 -0
  369. package/dist/plugins/postgres/snapshot.mjs +32 -0
  370. package/dist/plugins/postgres/snapshot.mjs.map +1 -0
  371. package/dist/plugins/router-entrypoints.mjs +21 -0
  372. package/dist/plugins/router-entrypoints.mjs.map +1 -0
  373. package/dist/plugins/seal/bootstrap-assets/cargo-image.mjs +59 -0
  374. package/dist/plugins/seal/bootstrap-assets/cargo-image.mjs.map +1 -0
  375. package/dist/plugins/seal/bootstrap-assets/source-fetch.mjs +132 -0
  376. package/dist/plugins/seal/bootstrap-assets/source-fetch.mjs.map +1 -0
  377. package/dist/plugins/seal/codegen.d.mts +19 -0
  378. package/dist/plugins/seal/codegen.mjs +16 -0
  379. package/dist/plugins/seal/codegen.mjs.map +1 -0
  380. package/dist/plugins/seal/config-render.mjs +82 -0
  381. package/dist/plugins/seal/config-render.mjs.map +1 -0
  382. package/dist/plugins/seal/deploy.mjs +198 -0
  383. package/dist/plugins/seal/deploy.mjs.map +1 -0
  384. package/dist/plugins/seal/errors.d.mts +52 -0
  385. package/dist/plugins/seal/errors.mjs +19 -0
  386. package/dist/plugins/seal/errors.mjs.map +1 -0
  387. package/dist/plugins/seal/index.d.mts +161 -0
  388. package/dist/plugins/seal/index.mjs +235 -0
  389. package/dist/plugins/seal/index.mjs.map +1 -0
  390. package/dist/plugins/seal/key-manager.d.mts +22 -0
  391. package/dist/plugins/seal/key-manager.mjs +22 -0
  392. package/dist/plugins/seal/key-manager.mjs.map +1 -0
  393. package/dist/plugins/seal/key-server.mjs +175 -0
  394. package/dist/plugins/seal/key-server.mjs.map +1 -0
  395. package/dist/plugins/seal/keygen.mjs +96 -0
  396. package/dist/plugins/seal/keygen.mjs.map +1 -0
  397. package/dist/plugins/seal/mode/fork-known.d.mts +8 -0
  398. package/dist/plugins/seal/mode/fork-known.mjs +23 -0
  399. package/dist/plugins/seal/mode/fork-known.mjs.map +1 -0
  400. package/dist/plugins/seal/mode/live.d.mts +18 -0
  401. package/dist/plugins/seal/mode/live.mjs +64 -0
  402. package/dist/plugins/seal/mode/live.mjs.map +1 -0
  403. package/dist/plugins/seal/mode/local-keygen.mjs +180 -0
  404. package/dist/plugins/seal/mode/local-keygen.mjs.map +1 -0
  405. package/dist/plugins/seal/plugin-key.mjs +7 -0
  406. package/dist/plugins/seal/plugin-key.mjs.map +1 -0
  407. package/dist/plugins/seal/registry-publish.d.mts +43 -0
  408. package/dist/plugins/seal/registry-publish.mjs +9 -0
  409. package/dist/plugins/seal/registry-publish.mjs.map +1 -0
  410. package/dist/plugins/seal/routable.mjs +57 -0
  411. package/dist/plugins/seal/routable.mjs.map +1 -0
  412. package/dist/plugins/seal/service.mjs +17 -0
  413. package/dist/plugins/seal/service.mjs.map +1 -0
  414. package/dist/plugins/seal/snapshot.mjs +51 -0
  415. package/dist/plugins/seal/snapshot.mjs.map +1 -0
  416. package/dist/plugins/sui/auto-tick.mjs +45 -0
  417. package/dist/plugins/sui/auto-tick.mjs.map +1 -0
  418. package/dist/plugins/sui/chain-build-container.d.mts +1 -0
  419. package/dist/plugins/sui/chain-probe.d.mts +85 -0
  420. package/dist/plugins/sui/chain-probe.mjs +104 -0
  421. package/dist/plugins/sui/chain-probe.mjs.map +1 -0
  422. package/dist/plugins/sui/codegen.d.mts +14 -0
  423. package/dist/plugins/sui/codegen.mjs +26 -0
  424. package/dist/plugins/sui/codegen.mjs.map +1 -0
  425. package/dist/plugins/sui/errors.d.mts +74 -0
  426. package/dist/plugins/sui/errors.mjs +28 -0
  427. package/dist/plugins/sui/errors.mjs.map +1 -0
  428. package/dist/plugins/sui/fork-orchestration.mjs +24 -0
  429. package/dist/plugins/sui/fork-orchestration.mjs.map +1 -0
  430. package/dist/plugins/sui/fork-transaction.mjs +96 -0
  431. package/dist/plugins/sui/fork-transaction.mjs.map +1 -0
  432. package/dist/plugins/sui/index.d.mts +318 -0
  433. package/dist/plugins/sui/index.mjs +182 -0
  434. package/dist/plugins/sui/index.mjs.map +1 -0
  435. package/dist/plugins/sui/mode/external.mjs +60 -0
  436. package/dist/plugins/sui/mode/external.mjs.map +1 -0
  437. package/dist/plugins/sui/mode/fork.mjs +283 -0
  438. package/dist/plugins/sui/mode/fork.mjs.map +1 -0
  439. package/dist/plugins/sui/mode/live.mjs +103 -0
  440. package/dist/plugins/sui/mode/live.mjs.map +1 -0
  441. package/dist/plugins/sui/mode/local.mjs +293 -0
  442. package/dist/plugins/sui/mode/local.mjs.map +1 -0
  443. package/dist/plugins/sui/mode/shared-boot.mjs +254 -0
  444. package/dist/plugins/sui/mode/shared-boot.mjs.map +1 -0
  445. package/dist/plugins/sui/mode/shared.d.mts +103 -0
  446. package/dist/plugins/sui/mode/shared.mjs +12 -0
  447. package/dist/plugins/sui/mode/shared.mjs.map +1 -0
  448. package/dist/plugins/sui/mode/spec.d.mts +94 -0
  449. package/dist/plugins/sui/network-resolver.d.mts +23 -0
  450. package/dist/plugins/sui/routable.mjs +88 -0
  451. package/dist/plugins/sui/routable.mjs.map +1 -0
  452. package/dist/plugins/sui/seed-objects.d.mts +18 -0
  453. package/dist/plugins/sui/seed-objects.mjs +25 -0
  454. package/dist/plugins/sui/seed-objects.mjs.map +1 -0
  455. package/dist/plugins/sui/service.mjs +38 -0
  456. package/dist/plugins/sui/service.mjs.map +1 -0
  457. package/dist/plugins/sui/snapshot.mjs +53 -0
  458. package/dist/plugins/sui/snapshot.mjs.map +1 -0
  459. package/dist/plugins/wallet/codegen.d.mts +33 -0
  460. package/dist/plugins/wallet/codegen.mjs +34 -0
  461. package/dist/plugins/wallet/codegen.mjs.map +1 -0
  462. package/dist/plugins/wallet/errors.d.mts +66 -0
  463. package/dist/plugins/wallet/errors.mjs +16 -0
  464. package/dist/plugins/wallet/errors.mjs.map +1 -0
  465. package/dist/plugins/wallet/index.d.mts +63 -0
  466. package/dist/plugins/wallet/index.mjs +126 -0
  467. package/dist/plugins/wallet/index.mjs.map +1 -0
  468. package/dist/plugins/wallet/origin-policy.d.mts +1 -0
  469. package/dist/plugins/wallet/origin-policy.mjs +65 -0
  470. package/dist/plugins/wallet/origin-policy.mjs.map +1 -0
  471. package/dist/plugins/wallet/pairing.d.mts +11 -0
  472. package/dist/plugins/wallet/pairing.mjs +125 -0
  473. package/dist/plugins/wallet/pairing.mjs.map +1 -0
  474. package/dist/plugins/wallet/protocol.d.mts +1 -0
  475. package/dist/plugins/wallet/protocol.mjs +96 -0
  476. package/dist/plugins/wallet/protocol.mjs.map +1 -0
  477. package/dist/plugins/wallet/routable.mjs +32 -0
  478. package/dist/plugins/wallet/routable.mjs.map +1 -0
  479. package/dist/plugins/wallet/server.d.mts +12 -0
  480. package/dist/plugins/wallet/server.mjs +317 -0
  481. package/dist/plugins/wallet/server.mjs.map +1 -0
  482. package/dist/plugins/wallet/service.d.mts +68 -0
  483. package/dist/plugins/wallet/service.mjs +97 -0
  484. package/dist/plugins/wallet/service.mjs.map +1 -0
  485. package/dist/plugins/wallet/snapshot.d.mts +1 -0
  486. package/dist/plugins/wallet/snapshot.mjs +14 -0
  487. package/dist/plugins/wallet/snapshot.mjs.map +1 -0
  488. package/dist/plugins/walrus/bootstrap-assets/cargo-image.mjs +42 -0
  489. package/dist/plugins/walrus/bootstrap-assets/cargo-image.mjs.map +1 -0
  490. package/dist/plugins/walrus/codegen.d.mts +38 -0
  491. package/dist/plugins/walrus/codegen.mjs +34 -0
  492. package/dist/plugins/walrus/codegen.mjs.map +1 -0
  493. package/dist/plugins/walrus/deploy-paths.mjs +14 -0
  494. package/dist/plugins/walrus/deploy-paths.mjs.map +1 -0
  495. package/dist/plugins/walrus/deploy.d.mts +1 -0
  496. package/dist/plugins/walrus/deploy.mjs +224 -0
  497. package/dist/plugins/walrus/deploy.mjs.map +1 -0
  498. package/dist/plugins/walrus/errors.d.mts +38 -0
  499. package/dist/plugins/walrus/errors.mjs +26 -0
  500. package/dist/plugins/walrus/errors.mjs.map +1 -0
  501. package/dist/plugins/walrus/faucet-strategy.d.mts +12 -0
  502. package/dist/plugins/walrus/faucet-strategy.mjs +62 -0
  503. package/dist/plugins/walrus/faucet-strategy.mjs.map +1 -0
  504. package/dist/plugins/walrus/index.d.mts +177 -0
  505. package/dist/plugins/walrus/index.mjs +284 -0
  506. package/dist/plugins/walrus/index.mjs.map +1 -0
  507. package/dist/plugins/walrus/mode/known-deploy.d.mts +25 -0
  508. package/dist/plugins/walrus/mode/known-deploy.mjs +71 -0
  509. package/dist/plugins/walrus/mode/known-deploy.mjs.map +1 -0
  510. package/dist/plugins/walrus/mode/local-cluster.d.mts +34 -0
  511. package/dist/plugins/walrus/mode/local-cluster.mjs +153 -0
  512. package/dist/plugins/walrus/mode/local-cluster.mjs.map +1 -0
  513. package/dist/plugins/walrus/plugin-key.mjs +7 -0
  514. package/dist/plugins/walrus/plugin-key.mjs.map +1 -0
  515. package/dist/plugins/walrus/registry-publish.d.mts +24 -0
  516. package/dist/plugins/walrus/registry-publish.mjs +7 -0
  517. package/dist/plugins/walrus/registry-publish.mjs.map +1 -0
  518. package/dist/plugins/walrus/routable.mjs +99 -0
  519. package/dist/plugins/walrus/routable.mjs.map +1 -0
  520. package/dist/plugins/walrus/service.mjs +20 -0
  521. package/dist/plugins/walrus/service.mjs.map +1 -0
  522. package/dist/plugins/walrus/snapshot.mjs +53 -0
  523. package/dist/plugins/walrus/snapshot.mjs.map +1 -0
  524. package/dist/plugins/walrus/storage-nodes.d.mts +15 -0
  525. package/dist/plugins/walrus/storage-nodes.mjs +154 -0
  526. package/dist/plugins/walrus/storage-nodes.mjs.map +1 -0
  527. package/dist/plugins/walrus/wal-swap.d.mts +2 -0
  528. package/dist/plugins/walrus/wal-swap.mjs +58 -0
  529. package/dist/plugins/walrus/wal-swap.mjs.map +1 -0
  530. package/dist/primitives/artifact-publisher.d.mts +12 -0
  531. package/dist/primitives/cache.d.mts +1 -0
  532. package/dist/runtime/built-in-plugin-layers.mjs +49 -0
  533. package/dist/runtime/built-in-plugin-layers.mjs.map +1 -0
  534. package/dist/runtime/docker/client.d.mts +2 -0
  535. package/dist/runtime/docker/client.mjs +54 -0
  536. package/dist/runtime/docker/client.mjs.map +1 -0
  537. package/dist/runtime/docker/container.d.mts +1 -0
  538. package/dist/runtime/docker/container.mjs +562 -0
  539. package/dist/runtime/docker/container.mjs.map +1 -0
  540. package/dist/runtime/docker/errors.d.mts +1 -0
  541. package/dist/runtime/docker/errors.mjs +187 -0
  542. package/dist/runtime/docker/errors.mjs.map +1 -0
  543. package/dist/runtime/docker/exec.d.mts +1 -0
  544. package/dist/runtime/docker/exec.mjs +63 -0
  545. package/dist/runtime/docker/exec.mjs.map +1 -0
  546. package/dist/runtime/docker/image.d.mts +1 -0
  547. package/dist/runtime/docker/image.mjs +278 -0
  548. package/dist/runtime/docker/image.mjs.map +1 -0
  549. package/dist/runtime/docker/index.d.mts +1 -0
  550. package/dist/runtime/docker/inventory.d.mts +1 -0
  551. package/dist/runtime/docker/inventory.mjs +167 -0
  552. package/dist/runtime/docker/inventory.mjs.map +1 -0
  553. package/dist/runtime/docker/labels.d.mts +1 -0
  554. package/dist/runtime/docker/labels.mjs +97 -0
  555. package/dist/runtime/docker/labels.mjs.map +1 -0
  556. package/dist/runtime/docker/logs.d.mts +1 -0
  557. package/dist/runtime/docker/logs.mjs +34 -0
  558. package/dist/runtime/docker/logs.mjs.map +1 -0
  559. package/dist/runtime/docker/network.d.mts +1 -0
  560. package/dist/runtime/docker/network.mjs +168 -0
  561. package/dist/runtime/docker/network.mjs.map +1 -0
  562. package/dist/runtime/docker/service.d.mts +9 -0
  563. package/dist/runtime/docker/service.mjs +266 -0
  564. package/dist/runtime/docker/service.mjs.map +1 -0
  565. package/dist/runtime/docker/sweep.d.mts +1 -0
  566. package/dist/runtime/docker/sweep.mjs +220 -0
  567. package/dist/runtime/docker/sweep.mjs.map +1 -0
  568. package/dist/runtime/docker/volume.d.mts +1 -0
  569. package/dist/runtime/docker/volume.mjs +24 -0
  570. package/dist/runtime/docker/volume.mjs.map +1 -0
  571. package/dist/runtime/docker/wrap.d.mts +1 -0
  572. package/dist/runtime/docker/wrap.mjs +131 -0
  573. package/dist/runtime/docker/wrap.mjs.map +1 -0
  574. package/dist/substrate/brand.d.mts +24 -0
  575. package/dist/substrate/brand.mjs +14 -0
  576. package/dist/substrate/brand.mjs.map +1 -0
  577. package/dist/substrate/cross-process.d.mts +1 -0
  578. package/dist/substrate/cross-process.mjs +28 -0
  579. package/dist/substrate/cross-process.mjs.map +1 -0
  580. package/dist/substrate/events.d.mts +117 -0
  581. package/dist/substrate/identity.d.mts +13 -0
  582. package/dist/substrate/lifecycle.d.mts +12 -0
  583. package/dist/substrate/manifest.d.mts +39 -0
  584. package/dist/substrate/manifest.mjs +33 -0
  585. package/dist/substrate/manifest.mjs.map +1 -0
  586. package/dist/substrate/network.d.mts +34 -0
  587. package/dist/substrate/options.d.mts +23 -0
  588. package/dist/substrate/plugin.d.mts +101 -0
  589. package/dist/substrate/plugin.mjs +61 -0
  590. package/dist/substrate/plugin.mjs.map +1 -0
  591. package/dist/substrate/projection.d.mts +100 -0
  592. package/dist/substrate/runtime/artifact-publisher/index.mjs +76 -0
  593. package/dist/substrate/runtime/artifact-publisher/index.mjs.map +1 -0
  594. package/dist/substrate/runtime/atomic-write.mjs +106 -0
  595. package/dist/substrate/runtime/atomic-write.mjs.map +1 -0
  596. package/dist/substrate/runtime/cache/index.d.mts +1 -0
  597. package/dist/substrate/runtime/cache/schema.d.mts +1 -0
  598. package/dist/substrate/runtime/cache/schema.mjs +22 -0
  599. package/dist/substrate/runtime/cache/schema.mjs.map +1 -0
  600. package/dist/substrate/runtime/cache/service.d.mts +1 -0
  601. package/dist/substrate/runtime/cache/service.mjs +89 -0
  602. package/dist/substrate/runtime/cache/service.mjs.map +1 -0
  603. package/dist/substrate/runtime/capability-sinks/index.d.mts +1 -0
  604. package/dist/substrate/runtime/capability-sinks/layer.d.mts +1 -0
  605. package/dist/substrate/runtime/capability-sinks/layer.mjs +31 -0
  606. package/dist/substrate/runtime/capability-sinks/layer.mjs.map +1 -0
  607. package/dist/substrate/runtime/capability-sinks/service.d.mts +36 -0
  608. package/dist/substrate/runtime/capability-sinks/service.mjs +74 -0
  609. package/dist/substrate/runtime/capability-sinks/service.mjs.map +1 -0
  610. package/dist/substrate/runtime/config-validation.d.mts +38 -0
  611. package/dist/substrate/runtime/config-validation.mjs +137 -0
  612. package/dist/substrate/runtime/config-validation.mjs.map +1 -0
  613. package/dist/substrate/runtime/context-helpers.mjs +32 -0
  614. package/dist/substrate/runtime/context-helpers.mjs.map +1 -0
  615. package/dist/substrate/runtime/cross-process/command-channel/channel.mjs +128 -0
  616. package/dist/substrate/runtime/cross-process/command-channel/channel.mjs.map +1 -0
  617. package/dist/substrate/runtime/cross-process/command-channel/file-channel.mjs +136 -0
  618. package/dist/substrate/runtime/cross-process/command-channel/file-channel.mjs.map +1 -0
  619. package/dist/substrate/runtime/cross-process/command-channel/protocol.mjs +49 -0
  620. package/dist/substrate/runtime/cross-process/command-channel/protocol.mjs.map +1 -0
  621. package/dist/substrate/runtime/cross-process/command-channel/runtime-control-lock.mjs +9 -0
  622. package/dist/substrate/runtime/cross-process/command-channel/runtime-control-lock.mjs.map +1 -0
  623. package/dist/substrate/runtime/cross-process/liveness.mjs +119 -0
  624. package/dist/substrate/runtime/cross-process/liveness.mjs.map +1 -0
  625. package/dist/substrate/runtime/cross-process/roster.mjs +275 -0
  626. package/dist/substrate/runtime/cross-process/roster.mjs.map +1 -0
  627. package/dist/substrate/runtime/cross-process/snapshot-reservation.d.mts +1 -0
  628. package/dist/substrate/runtime/cross-process/snapshot-reservation.mjs +117 -0
  629. package/dist/substrate/runtime/cross-process/snapshot-reservation.mjs.map +1 -0
  630. package/dist/substrate/runtime/cross-process/stack-lock.d.mts +1 -0
  631. package/dist/substrate/runtime/cross-process/stack-lock.mjs +142 -0
  632. package/dist/substrate/runtime/cross-process/stack-lock.mjs.map +1 -0
  633. package/dist/substrate/runtime/current-plugin.mjs +15 -0
  634. package/dist/substrate/runtime/current-plugin.mjs.map +1 -0
  635. package/dist/substrate/runtime/errors.d.mts +1 -0
  636. package/dist/substrate/runtime/errors.mjs +76 -0
  637. package/dist/substrate/runtime/errors.mjs.map +1 -0
  638. package/dist/substrate/runtime/host-tree-tar/index.mjs +364 -0
  639. package/dist/substrate/runtime/host-tree-tar/index.mjs.map +1 -0
  640. package/dist/substrate/runtime/http-probe.d.mts +35 -0
  641. package/dist/substrate/runtime/http-probe.mjs +65 -0
  642. package/dist/substrate/runtime/http-probe.mjs.map +1 -0
  643. package/dist/substrate/runtime/lease-broker/index.d.mts +1 -0
  644. package/dist/substrate/runtime/lease-broker/service.d.mts +64 -0
  645. package/dist/substrate/runtime/lease-broker/service.mjs +155 -0
  646. package/dist/substrate/runtime/lease-broker/service.mjs.map +1 -0
  647. package/dist/substrate/runtime/lifecycle/dep-graph.d.mts +1 -0
  648. package/dist/substrate/runtime/lifecycle/dep-graph.mjs +138 -0
  649. package/dist/substrate/runtime/lifecycle/dep-graph.mjs.map +1 -0
  650. package/dist/substrate/runtime/lifecycle/index.d.mts +1 -0
  651. package/dist/substrate/runtime/lifecycle/lifecycle-fact.mjs +31 -0
  652. package/dist/substrate/runtime/lifecycle/lifecycle-fact.mjs.map +1 -0
  653. package/dist/substrate/runtime/lifecycle/plugin-registry.d.mts +1 -0
  654. package/dist/substrate/runtime/lifecycle/plugin-registry.mjs +133 -0
  655. package/dist/substrate/runtime/lifecycle/plugin-registry.mjs.map +1 -0
  656. package/dist/substrate/runtime/lifecycle/ready-gate.d.mts +1 -0
  657. package/dist/substrate/runtime/lifecycle/ready-gate.mjs +34 -0
  658. package/dist/substrate/runtime/lifecycle/ready-gate.mjs.map +1 -0
  659. package/dist/substrate/runtime/lifecycle/selective-restart.d.mts +1 -0
  660. package/dist/substrate/runtime/lifecycle/selective-restart.mjs +43 -0
  661. package/dist/substrate/runtime/lifecycle/selective-restart.mjs.map +1 -0
  662. package/dist/substrate/runtime/lifecycle/signals.d.mts +1 -0
  663. package/dist/substrate/runtime/lifecycle/signals.mjs +64 -0
  664. package/dist/substrate/runtime/lifecycle/signals.mjs.map +1 -0
  665. package/dist/substrate/runtime/lifecycle/state-machine.d.mts +1 -0
  666. package/dist/substrate/runtime/lifecycle/state-machine.mjs +38 -0
  667. package/dist/substrate/runtime/lifecycle/state-machine.mjs.map +1 -0
  668. package/dist/substrate/runtime/lifecycle/watch-attribution.d.mts +1 -0
  669. package/dist/substrate/runtime/lifecycle/watch-attribution.mjs +27 -0
  670. package/dist/substrate/runtime/lifecycle/watch-attribution.mjs.map +1 -0
  671. package/dist/substrate/runtime/managed-container.d.mts +30 -0
  672. package/dist/substrate/runtime/managed-container.mjs +32 -0
  673. package/dist/substrate/runtime/managed-container.mjs.map +1 -0
  674. package/dist/substrate/runtime/manifest/manifest.mjs +73 -0
  675. package/dist/substrate/runtime/manifest/manifest.mjs.map +1 -0
  676. package/dist/substrate/runtime/mode-errors.d.mts +36 -0
  677. package/dist/substrate/runtime/observability/cascade-formatter.d.mts +1 -0
  678. package/dist/substrate/runtime/observability/cascade-formatter.mjs +135 -0
  679. package/dist/substrate/runtime/observability/cascade-formatter.mjs.map +1 -0
  680. package/dist/substrate/runtime/observability/formatter-registry.d.mts +1 -0
  681. package/dist/substrate/runtime/observability/formatter-registry.mjs +65 -0
  682. package/dist/substrate/runtime/observability/formatter-registry.mjs.map +1 -0
  683. package/dist/substrate/runtime/observability/index.d.mts +3 -0
  684. package/dist/substrate/runtime/observability/logger.d.mts +58 -0
  685. package/dist/substrate/runtime/observability/logger.mjs +89 -0
  686. package/dist/substrate/runtime/observability/logger.mjs.map +1 -0
  687. package/dist/substrate/runtime/observability/pretty-error.d.mts +1 -0
  688. package/dist/substrate/runtime/observability/pretty-error.mjs +119 -0
  689. package/dist/substrate/runtime/observability/pretty-error.mjs.map +1 -0
  690. package/dist/substrate/runtime/observability/process-lines.d.mts +31 -0
  691. package/dist/substrate/runtime/observability/process-lines.mjs +40 -0
  692. package/dist/substrate/runtime/observability/process-lines.mjs.map +1 -0
  693. package/dist/substrate/runtime/observability/redaction.d.mts +28 -0
  694. package/dist/substrate/runtime/observability/redaction.mjs +45 -0
  695. package/dist/substrate/runtime/observability/redaction.mjs.map +1 -0
  696. package/dist/substrate/runtime/observability/spans.d.mts +1 -0
  697. package/dist/substrate/runtime/observability/spans.mjs +87 -0
  698. package/dist/substrate/runtime/observability/spans.mjs.map +1 -0
  699. package/dist/substrate/runtime/observability/subprocess-capture.d.mts +2 -0
  700. package/dist/substrate/runtime/observability/subprocess-capture.mjs +82 -0
  701. package/dist/substrate/runtime/observability/subprocess-capture.mjs.map +1 -0
  702. package/dist/substrate/runtime/paths.d.mts +17 -0
  703. package/dist/substrate/runtime/paths.mjs +61 -0
  704. package/dist/substrate/runtime/paths.mjs.map +1 -0
  705. package/dist/substrate/runtime/port-broker/index.d.mts +1 -0
  706. package/dist/substrate/runtime/port-broker/service.d.mts +1 -0
  707. package/dist/substrate/runtime/port-broker/service.mjs +319 -0
  708. package/dist/substrate/runtime/port-broker/service.mjs.map +1 -0
  709. package/dist/substrate/runtime/post-acquire-tasks.d.mts +1 -0
  710. package/dist/substrate/runtime/post-acquire-tasks.mjs +34 -0
  711. package/dist/substrate/runtime/post-acquire-tasks.mjs.map +1 -0
  712. package/dist/substrate/runtime/probes.d.mts +51 -0
  713. package/dist/substrate/runtime/probes.mjs +84 -0
  714. package/dist/substrate/runtime/probes.mjs.map +1 -0
  715. package/dist/substrate/runtime/process-supervisor.d.mts +57 -0
  716. package/dist/substrate/runtime/process-supervisor.mjs +73 -0
  717. package/dist/substrate/runtime/process-supervisor.mjs.map +1 -0
  718. package/dist/substrate/runtime/projection/operational-endpoints.mjs +44 -0
  719. package/dist/substrate/runtime/projection/operational-endpoints.mjs.map +1 -0
  720. package/dist/substrate/runtime/projection/persisted.mjs +195 -0
  721. package/dist/substrate/runtime/projection/persisted.mjs.map +1 -0
  722. package/dist/substrate/runtime/projection/state-ref.mjs +48 -0
  723. package/dist/substrate/runtime/projection/state-ref.mjs.map +1 -0
  724. package/dist/substrate/runtime/projection/update.mjs +200 -0
  725. package/dist/substrate/runtime/projection/update.mjs.map +1 -0
  726. package/dist/substrate/runtime/retry-policy.d.mts +18 -0
  727. package/dist/substrate/runtime/retry-policy.mjs +16 -0
  728. package/dist/substrate/runtime/retry-policy.mjs.map +1 -0
  729. package/dist/substrate/runtime/run.mjs +86 -0
  730. package/dist/substrate/runtime/run.mjs.map +1 -0
  731. package/dist/substrate/runtime/runtime-decode.d.mts +32 -0
  732. package/dist/substrate/runtime/runtime-decode.mjs +53 -0
  733. package/dist/substrate/runtime/runtime-decode.mjs.map +1 -0
  734. package/dist/substrate/runtime/scoped-http-server.mjs +36 -0
  735. package/dist/substrate/runtime/scoped-http-server.mjs.map +1 -0
  736. package/dist/substrate/runtime/scoped-ref-map/service.mjs +83 -0
  737. package/dist/substrate/runtime/scoped-ref-map/service.mjs.map +1 -0
  738. package/dist/substrate/runtime/stage-and-swap/index.d.mts +1 -0
  739. package/dist/substrate/runtime/stage-and-swap/index.mjs +131 -0
  740. package/dist/substrate/runtime/stage-and-swap/index.mjs.map +1 -0
  741. package/dist/substrate/runtime/state-store/schema.mjs +36 -0
  742. package/dist/substrate/runtime/state-store/schema.mjs.map +1 -0
  743. package/dist/substrate/runtime/strategy-registry/chain-probe-for.d.mts +1 -0
  744. package/dist/substrate/runtime/strategy-registry/chain-probe-for.mjs +22 -0
  745. package/dist/substrate/runtime/strategy-registry/chain-probe-for.mjs.map +1 -0
  746. package/dist/substrate/runtime/strategy-registry/faucet-capability-for.d.mts +1 -0
  747. package/dist/substrate/runtime/strategy-registry/faucet-capability-for.mjs +30 -0
  748. package/dist/substrate/runtime/strategy-registry/faucet-capability-for.mjs.map +1 -0
  749. package/dist/substrate/runtime/strategy-registry/index.d.mts +1 -0
  750. package/dist/substrate/runtime/strategy-registry/service.d.mts +1 -0
  751. package/dist/substrate/runtime/strategy-registry/service.mjs +67 -0
  752. package/dist/substrate/runtime/strategy-registry/service.mjs.map +1 -0
  753. package/dist/substrate/runtime/sui-execute/index.d.mts +11 -0
  754. package/dist/substrate/runtime/sui-execute/index.mjs +144 -0
  755. package/dist/substrate/runtime/sui-execute/index.mjs.map +1 -0
  756. package/dist/substrate/runtime/sui-move-build/index.d.mts +1 -0
  757. package/dist/substrate/runtime/sui-move-build/index.mjs +283 -0
  758. package/dist/substrate/runtime/sui-move-build/index.mjs.map +1 -0
  759. package/dist/substrate/runtime/supervisor.d.mts +1 -0
  760. package/dist/substrate/runtime/supervisor.mjs +831 -0
  761. package/dist/substrate/runtime/supervisor.mjs.map +1 -0
  762. package/dist/surfaces/cli/command-tree.mjs +276 -0
  763. package/dist/surfaces/cli/command-tree.mjs.map +1 -0
  764. package/dist/surfaces/cli/commands/config.mjs +31 -0
  765. package/dist/surfaces/cli/commands/config.mjs.map +1 -0
  766. package/dist/surfaces/cli/commands/confirm-node.mjs +26 -0
  767. package/dist/surfaces/cli/commands/confirm-node.mjs.map +1 -0
  768. package/dist/surfaces/cli/commands/confirm.mjs +26 -0
  769. package/dist/surfaces/cli/commands/confirm.mjs.map +1 -0
  770. package/dist/surfaces/cli/commands/doctor-probes.mjs +452 -0
  771. package/dist/surfaces/cli/commands/doctor-probes.mjs.map +1 -0
  772. package/dist/surfaces/cli/commands/doctor.mjs +38 -0
  773. package/dist/surfaces/cli/commands/doctor.mjs.map +1 -0
  774. package/dist/surfaces/cli/commands/prune-picker.mjs +347 -0
  775. package/dist/surfaces/cli/commands/prune-picker.mjs.map +1 -0
  776. package/dist/surfaces/cli/commands/prune.mjs +178 -0
  777. package/dist/surfaces/cli/commands/prune.mjs.map +1 -0
  778. package/dist/surfaces/cli/commands/snapshot.mjs +141 -0
  779. package/dist/surfaces/cli/commands/snapshot.mjs.map +1 -0
  780. package/dist/surfaces/cli/commands/status.mjs +95 -0
  781. package/dist/surfaces/cli/commands/status.mjs.map +1 -0
  782. package/dist/surfaces/cli/commands/supervisor-presence.mjs +33 -0
  783. package/dist/surfaces/cli/commands/supervisor-presence.mjs.map +1 -0
  784. package/dist/surfaces/cli/commands/wipe.mjs +28 -0
  785. package/dist/surfaces/cli/commands/wipe.mjs.map +1 -0
  786. package/dist/surfaces/cli/envelope.mjs +43 -0
  787. package/dist/surfaces/cli/envelope.mjs.map +1 -0
  788. package/dist/surfaces/cli/errors.mjs +110 -0
  789. package/dist/surfaces/cli/errors.mjs.map +1 -0
  790. package/dist/surfaces/cli/flags.mjs +56 -0
  791. package/dist/surfaces/cli/flags.mjs.map +1 -0
  792. package/dist/surfaces/cli/index.mjs +418 -0
  793. package/dist/surfaces/cli/index.mjs.map +1 -0
  794. package/dist/surfaces/cli/output.mjs +115 -0
  795. package/dist/surfaces/cli/output.mjs.map +1 -0
  796. package/dist/surfaces/cli/sysexits.mjs +139 -0
  797. package/dist/surfaces/cli/sysexits.mjs.map +1 -0
  798. package/dist/surfaces/tui/app.mjs +104 -0
  799. package/dist/surfaces/tui/app.mjs.map +1 -0
  800. package/dist/surfaces/tui/dashboard.mjs +261 -0
  801. package/dist/surfaces/tui/dashboard.mjs.map +1 -0
  802. package/dist/surfaces/tui/display-derivation.mjs +395 -0
  803. package/dist/surfaces/tui/display-derivation.mjs.map +1 -0
  804. package/dist/surfaces/tui/errors.mjs +11 -0
  805. package/dist/surfaces/tui/errors.mjs.map +1 -0
  806. package/dist/surfaces/tui/event-log.mjs +155 -0
  807. package/dist/surfaces/tui/event-log.mjs.map +1 -0
  808. package/dist/surfaces/tui/heartbeat.mjs +33 -0
  809. package/dist/surfaces/tui/heartbeat.mjs.map +1 -0
  810. package/dist/surfaces/tui/index.mjs +50 -0
  811. package/dist/surfaces/tui/index.mjs.map +1 -0
  812. package/dist/surfaces/tui/input.mjs +104 -0
  813. package/dist/surfaces/tui/input.mjs.map +1 -0
  814. package/dist/surfaces/tui/mode-detect.mjs +32 -0
  815. package/dist/surfaces/tui/mode-detect.mjs.map +1 -0
  816. package/dist/surfaces/tui/mount-ink.mjs +31 -0
  817. package/dist/surfaces/tui/mount-ink.mjs.map +1 -0
  818. package/dist/surfaces/tui/plain-renderer.mjs +170 -0
  819. package/dist/surfaces/tui/plain-renderer.mjs.map +1 -0
  820. package/dist/surfaces/tui/resource-table.mjs +507 -0
  821. package/dist/surfaces/tui/resource-table.mjs.map +1 -0
  822. package/images/_shared/signal-forward.sh +77 -0
  823. package/images/postgres/Dockerfile +32 -0
  824. package/images/seal/Dockerfile +68 -0
  825. package/images/seal/entrypoint.sh +65 -0
  826. package/images/sui/Dockerfile +73 -0
  827. package/images/sui/entrypoint.sh +244 -0
  828. package/images/sui-fork/Dockerfile +53 -0
  829. package/images/sui-fork/entrypoint.sh +51 -0
  830. package/images/walrus/Dockerfile +122 -0
  831. package/images/walrus/deploy-walrus.sh +305 -0
  832. package/images/walrus/run-walrus.sh +53 -0
  833. package/package.json +94 -0
@@ -0,0 +1,96 @@
1
+ import { Schema } from "effect";
2
+ //#region src/plugins/wallet/protocol.ts
3
+ /**
4
+ * Canonical path constants under the `/api/v1/devstack/*` prefix.
5
+ *
6
+ * Distilled-doc note (15-wallet.md "Fork-control routes declared but
7
+ * unimplemented"): the legacy server declared four `FORK_*` path
8
+ * constants whose handlers never landed. Per "no compat for never-
9
+ * cases", we drop them from the wire protocol entirely — when the
10
+ * fork-control surface is wired, those routes will be added (and the
11
+ * dev-wallet adapter shipped together). No half-done stubs.
12
+ */
13
+ const WalletHttpPath = {
14
+ HEALTH: "/api/v1/devstack/health",
15
+ ACCOUNTS: "/api/v1/devstack/accounts",
16
+ SIGN_TRANSACTION: "/api/v1/devstack/sign-transaction",
17
+ SIGN_PERSONAL_MESSAGE: "/api/v1/devstack/sign-personal-message",
18
+ EXECUTE: "/api/v1/devstack/execute"
19
+ };
20
+ /** Prefix gate: ANY path under this prefix is treated as protocol traffic
21
+ * (and subject to mandatory Origin + bearer); anything else is a flat
22
+ * 404. */
23
+ const WALLET_PROTOCOL_PREFIX = "/api/v1/devstack/";
24
+ /**
25
+ * Sui address — `0x` + 64 hex chars. Schema-validated so a typo or
26
+ * truncated address surfaces as a structured `body-invalid` request
27
+ * error rather than a confusing `address-not-found` (no account bound
28
+ * at the address would be the same shape if we didn't validate).
29
+ */
30
+ const SuiAddressSchema = Schema.String.check(Schema.isPattern(/^0x[0-9a-fA-F]{64}$/));
31
+ /** Base64-encoded bytes — string-typed at the wire (we keep base64 over
32
+ * the cross-boundary; the server decodes with `Uint8Array.fromBase64`
33
+ * or equivalent before handing to the Account sign closures). */
34
+ const Base64Schema = Schema.String.check(Schema.isPattern(/^[A-Za-z0-9+/]*={0,2}$/));
35
+ /** Signature scheme discriminator surfaced on `/accounts`. Mirrors the
36
+ * `AccountValue.scheme` shape from the account plugin. */
37
+ const SignatureSchemeSchema = Schema.Union([
38
+ Schema.Literal("ed25519"),
39
+ Schema.Literal("secp256k1"),
40
+ Schema.Literal("secp256r1")
41
+ ]);
42
+ /** Account-source discriminator. `'impersonate'` accounts cannot
43
+ * satisfy `signTransaction` / `signPersonalMessage` — only
44
+ * `/execute` (which routes through the fork-admin surface) makes
45
+ * sense for them. */
46
+ const AccountSourceSchema = Schema.Union([Schema.Literal("real"), Schema.Literal("impersonate")]);
47
+ Schema.Struct({ ok: Schema.Literal(true) });
48
+ const AccountSummarySchema = Schema.Struct({
49
+ name: Schema.String,
50
+ address: SuiAddressSchema,
51
+ scheme: SignatureSchemeSchema,
52
+ /** Base64-encoded `publicKey`. Impersonation accounts publish a
53
+ * zero-length string here — consumers branch on `source`, not on
54
+ * publicKey emptiness. */
55
+ publicKey: Base64Schema,
56
+ source: AccountSourceSchema
57
+ });
58
+ Schema.Struct({ accounts: Schema.Array(AccountSummarySchema) });
59
+ /** Canonical sign request — same shape for transaction and personal-
60
+ * message routes. `bytes` is the only payload key (no `txBytes`,
61
+ * `message`, or `messageBytes` aliases). */
62
+ const SignRequestSchema = Schema.Struct({
63
+ address: SuiAddressSchema,
64
+ bytes: Base64Schema
65
+ });
66
+ Schema.Struct({
67
+ bytes: Base64Schema,
68
+ signature: Schema.String
69
+ });
70
+ /** Execute request — `bytes` is the BCS-serialized transaction.
71
+ * Impersonation accounts route through fork-admin (no signature
72
+ * needed); real accounts route through `signAndExecute`. */
73
+ const ExecuteRequestSchema = Schema.Struct({
74
+ address: SuiAddressSchema,
75
+ bytes: Base64Schema
76
+ });
77
+ Schema.Struct({
78
+ digest: Schema.String,
79
+ effects: Schema.Unknown,
80
+ objectChanges: Schema.Array(Schema.Unknown),
81
+ balanceChanges: Schema.Array(Schema.Unknown)
82
+ });
83
+ Schema.Struct({
84
+ error: Schema.String,
85
+ code: Schema.String
86
+ });
87
+ const WALLET_AUTH_HEADER = "authorization";
88
+ const WALLET_BEARER_PREFIX = "Bearer ";
89
+ /** URL-fragment key the pair-URL carries the token under
90
+ * (`<wallet-url>/#token=<32-hex>`). Fragments are not sent to the
91
+ * server, so the token never appears in access logs / referrers. */
92
+ const WALLET_TOKEN_FRAGMENT_KEY = "token";
93
+ //#endregion
94
+ export { AccountSourceSchema, AccountSummarySchema, Base64Schema, ExecuteRequestSchema, SignRequestSchema, SignatureSchemeSchema, SuiAddressSchema, WALLET_AUTH_HEADER, WALLET_BEARER_PREFIX, WALLET_PROTOCOL_PREFIX, WALLET_TOKEN_FRAGMENT_KEY, WalletHttpPath };
95
+
96
+ //# sourceMappingURL=protocol.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"protocol.mjs","names":[],"sources":["../../../src/plugins/wallet/protocol.ts"],"sourcesContent":["// Wallet plugin — wire-level protocol.\n//\n// This file is the ONE cross-boundary contract between the devstack-\n// side HTTP server (this plugin) and the browser-side adapter (the\n// `dev-wallet` package). The browser-side adapter MUST be kept in\n// lock-step with these schemas; today that's enforced by a mirror in\n// `dev-wallet/src/adapters/devstack-paths.ts` + a byte-equality test.\n//\n// Distilled-doc opportunity (15-wallet.md \"Acyclic-edge duplication\"):\n// the duplication exists because devstack peer-deps on dev-wallet (for\n// codegen output) and a reverse edge would close a workspace cycle.\n// Per the task's architecture-revision flag: the long-term fix is to\n// hoist this file into a third tiny package (e.g.\n// `@mysten-incubation/devstack-wallet-protocol`) consumed by BOTH\n// sides. See `## Architecture-doc revisions` in the report.\n//\n// Canonical envelope choice (15-wallet.md \"Asymmetric sign-response\n// field names\" + \"Dual field-name acceptance\"):\n//\n// - Sign endpoints accept `{ address, bytes }` (always `bytes`, never\n// `txBytes` or `messageBytes`).\n// - Sign endpoints respond `{ bytes, signature }` (always those two\n// names; never `txBytes` / `suiSignature`).\n//\n// This mirrors `@mysten/sui`'s `Signer.signTransaction` /\n// `signPersonalMessage` return shape exactly, eliminating the asymmetry\n// the legacy server carried. Per the memory note \"no compat for\n// never-cases\" — devstack is unreleased, no migration burden.\n//\n// Effect v4 Schema is the validator. Each request/response is a\n// Schema.Struct; handlers `Schema.decodeUnknown(...)` the body and\n// `catchTag('ParseError', ...)` into a `body-invalid` request error.\n\nimport { Schema } from 'effect';\n\n// ----------------------------------------------------------------------\n// Path constants\n// ----------------------------------------------------------------------\n\n/**\n * Canonical path constants under the `/api/v1/devstack/*` prefix.\n *\n * Distilled-doc note (15-wallet.md \"Fork-control routes declared but\n * unimplemented\"): the legacy server declared four `FORK_*` path\n * constants whose handlers never landed. Per \"no compat for never-\n * cases\", we drop them from the wire protocol entirely — when the\n * fork-control surface is wired, those routes will be added (and the\n * dev-wallet adapter shipped together). No half-done stubs.\n */\nexport const WalletHttpPath = {\n\tHEALTH: '/api/v1/devstack/health',\n\tACCOUNTS: '/api/v1/devstack/accounts',\n\tSIGN_TRANSACTION: '/api/v1/devstack/sign-transaction',\n\tSIGN_PERSONAL_MESSAGE: '/api/v1/devstack/sign-personal-message',\n\tEXECUTE: '/api/v1/devstack/execute',\n} as const;\n\nexport type WalletHttpPathValue = (typeof WalletHttpPath)[keyof typeof WalletHttpPath];\n\n/** Prefix gate: ANY path under this prefix is treated as protocol traffic\n * (and subject to mandatory Origin + bearer); anything else is a flat\n * 404. */\nexport const WALLET_PROTOCOL_PREFIX = '/api/v1/devstack/' as const;\n\n// ----------------------------------------------------------------------\n// Shared primitives\n// ----------------------------------------------------------------------\n\n/**\n * Sui address — `0x` + 64 hex chars. Schema-validated so a typo or\n * truncated address surfaces as a structured `body-invalid` request\n * error rather than a confusing `address-not-found` (no account bound\n * at the address would be the same shape if we didn't validate).\n */\nexport const SuiAddressSchema = Schema.String.check(Schema.isPattern(/^0x[0-9a-fA-F]{64}$/));\n\n/** Base64-encoded bytes — string-typed at the wire (we keep base64 over\n * the cross-boundary; the server decodes with `Uint8Array.fromBase64`\n * or equivalent before handing to the Account sign closures). */\nexport const Base64Schema = Schema.String.check(Schema.isPattern(/^[A-Za-z0-9+/]*={0,2}$/));\n\n/** Signature scheme discriminator surfaced on `/accounts`. Mirrors the\n * `AccountValue.scheme` shape from the account plugin. */\nexport const SignatureSchemeSchema = Schema.Union([\n\tSchema.Literal('ed25519'),\n\tSchema.Literal('secp256k1'),\n\tSchema.Literal('secp256r1'),\n]);\n\n/** Account-source discriminator. `'impersonate'` accounts cannot\n * satisfy `signTransaction` / `signPersonalMessage` — only\n * `/execute` (which routes through the fork-admin surface) makes\n * sense for them. */\nexport const AccountSourceSchema = Schema.Union([\n\tSchema.Literal('real'),\n\tSchema.Literal('impersonate'),\n]);\n\n// ----------------------------------------------------------------------\n// Response envelopes (200)\n// ----------------------------------------------------------------------\n\nexport const HealthResponseSchema = Schema.Struct({\n\tok: Schema.Literal(true),\n});\nexport type HealthResponse = Schema.Schema.Type<typeof HealthResponseSchema>;\n\nexport const AccountSummarySchema = Schema.Struct({\n\tname: Schema.String,\n\taddress: SuiAddressSchema,\n\tscheme: SignatureSchemeSchema,\n\t/** Base64-encoded `publicKey`. Impersonation accounts publish a\n\t * zero-length string here — consumers branch on `source`, not on\n\t * publicKey emptiness. */\n\tpublicKey: Base64Schema,\n\tsource: AccountSourceSchema,\n});\nexport type AccountSummary = Schema.Schema.Type<typeof AccountSummarySchema>;\n\nexport const AccountsResponseSchema = Schema.Struct({\n\taccounts: Schema.Array(AccountSummarySchema),\n});\nexport type AccountsResponse = Schema.Schema.Type<typeof AccountsResponseSchema>;\n\n// ----------------------------------------------------------------------\n// Sign endpoints — request + response\n// ----------------------------------------------------------------------\n\n/** Canonical sign request — same shape for transaction and personal-\n * message routes. `bytes` is the only payload key (no `txBytes`,\n * `message`, or `messageBytes` aliases). */\nexport const SignRequestSchema = Schema.Struct({\n\taddress: SuiAddressSchema,\n\tbytes: Base64Schema,\n});\nexport type SignRequest = Schema.Schema.Type<typeof SignRequestSchema>;\n\n/** Canonical sign response — same shape for transaction and personal-\n * message routes. Matches `@mysten/sui`'s `Signer` return shape\n * byte-for-byte. */\nexport const SignResponseSchema = Schema.Struct({\n\tbytes: Base64Schema,\n\tsignature: Schema.String,\n});\nexport type SignResponse = Schema.Schema.Type<typeof SignResponseSchema>;\n\n// ----------------------------------------------------------------------\n// Execute endpoint — request + response\n// ----------------------------------------------------------------------\n\n/** Execute request — `bytes` is the BCS-serialized transaction.\n * Impersonation accounts route through fork-admin (no signature\n * needed); real accounts route through `signAndExecute`. */\nexport const ExecuteRequestSchema = Schema.Struct({\n\taddress: SuiAddressSchema,\n\tbytes: Base64Schema,\n});\nexport type ExecuteRequest = Schema.Schema.Type<typeof ExecuteRequestSchema>;\n\n/** Execute response — the narrow `TxResult` projection the account\n * plugin already publishes. The `effects` / `objectChanges` /\n * `balanceChanges` fields cross the wire as opaque JSON; downstream\n * consumers do their own parsing. */\nexport const ExecuteResponseSchema = Schema.Struct({\n\tdigest: Schema.String,\n\teffects: Schema.Unknown,\n\tobjectChanges: Schema.Array(Schema.Unknown),\n\tbalanceChanges: Schema.Array(Schema.Unknown),\n});\nexport type ExecuteResponse = Schema.Schema.Type<typeof ExecuteResponseSchema>;\n\n// ----------------------------------------------------------------------\n// Error envelope\n// ----------------------------------------------------------------------\n\n/** Error response body. The HTTP status carries the broad classification\n * (400/401/403/404/500); `code` carries the narrow phase so callers\n * can branch programmatically. */\nexport const ErrorResponseSchema = Schema.Struct({\n\terror: Schema.String,\n\tcode: Schema.String,\n});\nexport type ErrorResponse = Schema.Schema.Type<typeof ErrorResponseSchema>;\n\n// ----------------------------------------------------------------------\n// Header constants (shared so the dev-wallet adapter doesn't open-code\n// the same strings).\n// ----------------------------------------------------------------------\n\nexport const WALLET_AUTH_HEADER = 'authorization' as const;\nexport const WALLET_BEARER_PREFIX = 'Bearer ' as const;\n\n/** URL-fragment key the pair-URL carries the token under\n * (`<wallet-url>/#token=<32-hex>`). Fragments are not sent to the\n * server, so the token never appears in access logs / referrers. */\nexport const WALLET_TOKEN_FRAGMENT_KEY = 'token' as const;\n\n/** Constant carried token byte length (16 random bytes → 32 hex chars).\n * The on-disk token file is rejected + re-minted if it doesn't match. */\nexport const WALLET_TOKEN_HEX_LENGTH = 32 as const;\n"],"mappings":";;;;;;;;;;;;AAiDA,MAAa,iBAAiB;CAC7B,QAAQ;CACR,UAAU;CACV,kBAAkB;CAClB,uBAAuB;CACvB,SAAS;CACT;;;;AAOD,MAAa,yBAAyB;;;;;;;AAYtC,MAAa,mBAAmB,OAAO,OAAO,MAAM,OAAO,UAAU,sBAAsB,CAAC;;;;AAK5F,MAAa,eAAe,OAAO,OAAO,MAAM,OAAO,UAAU,yBAAyB,CAAC;;;AAI3F,MAAa,wBAAwB,OAAO,MAAM;CACjD,OAAO,QAAQ,UAAU;CACzB,OAAO,QAAQ,YAAY;CAC3B,OAAO,QAAQ,YAAY;CAC3B,CAAC;;;;;AAMF,MAAa,sBAAsB,OAAO,MAAM,CAC/C,OAAO,QAAQ,OAAO,EACtB,OAAO,QAAQ,cAAc,CAC7B,CAAC;AAMkC,OAAO,OAAO,EACjD,IAAI,OAAO,QAAQ,KAAK,EACxB,CAAC;AAGF,MAAa,uBAAuB,OAAO,OAAO;CACjD,MAAM,OAAO;CACb,SAAS;CACT,QAAQ;;;;CAIR,WAAW;CACX,QAAQ;CACR,CAAC;AAGoC,OAAO,OAAO,EACnD,UAAU,OAAO,MAAM,qBAAqB,EAC5C,CAAC;;;;AAUF,MAAa,oBAAoB,OAAO,OAAO;CAC9C,SAAS;CACT,OAAO;CACP,CAAC;AAMgC,OAAO,OAAO;CAC/C,OAAO;CACP,WAAW,OAAO;CAClB,CAAC;;;;AAUF,MAAa,uBAAuB,OAAO,OAAO;CACjD,SAAS;CACT,OAAO;CACP,CAAC;AAOmC,OAAO,OAAO;CAClD,QAAQ,OAAO;CACf,SAAS,OAAO;CAChB,eAAe,OAAO,MAAM,OAAO,QAAQ;CAC3C,gBAAgB,OAAO,MAAM,OAAO,QAAQ;CAC5C,CAAC;AAUiC,OAAO,OAAO;CAChD,OAAO,OAAO;CACd,MAAM,OAAO;CACb,CAAC;AAQF,MAAa,qBAAqB;AAClC,MAAa,uBAAuB;;;;AAKpC,MAAa,4BAA4B"}
@@ -0,0 +1,32 @@
1
+ //#region src/plugins/wallet/routable.ts
2
+ /** Canonical endpoint name. The router orchestrator surfaces this in
3
+ * the manifest under `endpoints['wallet-app']`; downstream consumers
4
+ * (codegen, TUI, doctor) read it by this key.
5
+ *
6
+ * Stable across rewrite + legacy so existing consumers don't break. */
7
+ const WALLET_ENDPOINT_NAME = "wallet-app";
8
+ const WALLET_ENTRYPOINT_PORT = 6173;
9
+ const WALLET_ENTRYPOINTS = [{
10
+ name: WALLET_ENDPOINT_NAME,
11
+ port: WALLET_ENTRYPOINT_PORT,
12
+ protocol: "http"
13
+ }];
14
+ /** Construct the Routable decl for the stack-scoped wallet endpoint. */
15
+ const makeWalletRoutable = (parts) => ({
16
+ kind: "routable",
17
+ endpointName: WALLET_ENDPOINT_NAME,
18
+ dispatchId: {
19
+ serviceKey: `wallet.${parts.app}.${parts.stack}`,
20
+ role: "api"
21
+ },
22
+ upstream: {
23
+ type: "host-loopback",
24
+ port: parts.port
25
+ },
26
+ cors: true,
27
+ wireProtocol: "http"
28
+ });
29
+ //#endregion
30
+ export { WALLET_ENDPOINT_NAME, WALLET_ENTRYPOINTS, WALLET_ENTRYPOINT_PORT, makeWalletRoutable };
31
+
32
+ //# sourceMappingURL=routable.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"routable.mjs","names":[],"sources":["../../../src/plugins/wallet/routable.ts"],"sourcesContent":["// Wallet plugin — Routable contribution.\n//\n// The wallet's HTTP server is a HOST PROCESS (not a docker container)\n// listening on a loopback port the substrate's port broker hands us.\n// The router (Traefik) fronts the loopback port under a stack-scoped\n// hostname like `wallet.<app>.localhost:<router-port>`.\n//\n// This contribution is what tells the router about the upstream. The\n// router orchestrator reads the decl, mints the stack-scoped hostname,\n// and writes the file-provider YAML without ever naming the wallet\n// plugin.\n//\n// The wallet always emits this decl. The router is the standard app\n// and wallet entrypoint, while the loopback URL remains an internal\n// fallback for tests and direct host tooling.\n\nimport type { EntrypointDecl, RoutableDecl } from '../../contracts/routable.ts';\n\n// ----------------------------------------------------------------------\n// Endpoint name constant\n// ----------------------------------------------------------------------\n\n/** Canonical endpoint name. The router orchestrator surfaces this in\n * the manifest under `endpoints['wallet-app']`; downstream consumers\n * (codegen, TUI, doctor) read it by this key.\n *\n * Stable across rewrite + legacy so existing consumers don't break. */\nexport const WALLET_ENDPOINT_NAME = 'wallet-app' as const;\nexport const WALLET_ROUTE_ROLE = 'api' as const;\nexport const WALLET_ENTRYPOINT_PORT = 6173;\n\nexport const WALLET_ENTRYPOINTS: ReadonlyArray<EntrypointDecl> = [\n\t{ name: WALLET_ENDPOINT_NAME, port: WALLET_ENTRYPOINT_PORT, protocol: 'http' },\n];\n\n// ----------------------------------------------------------------------\n// Decl\n// ----------------------------------------------------------------------\n\n/** Construct the Routable decl for the stack-scoped wallet endpoint. */\nexport const makeWalletRoutable = (parts: {\n\treadonly app: string;\n\treadonly stack: string;\n\treadonly port: number;\n}): RoutableDecl => ({\n\tkind: 'routable',\n\tendpointName: WALLET_ENDPOINT_NAME,\n\tdispatchId: {\n\t\t// Convention: `<plugin>.<app>.<stack>` keeps dispatch-file\n\t\t// listings readable; the router still hashes the full\n\t\t// `(app, stack, serviceKey, role)` tuple for uniqueness.\n\t\tserviceKey: `wallet.${parts.app}.${parts.stack}`,\n\t\trole: WALLET_ROUTE_ROLE,\n\t},\n\tupstream: { type: 'host-loopback', port: parts.port },\n\tcors: true,\n\twireProtocol: 'http',\n});\n"],"mappings":";;;;;;AA2BA,MAAa,uBAAuB;AAEpC,MAAa,yBAAyB;AAEtC,MAAa,qBAAoD,CAChE;CAAE,MAAM;CAAsB,MAAM;CAAwB,UAAU;CAAQ,CAC9E;;AAOD,MAAa,sBAAsB,WAId;CACpB,MAAM;CACN,cAAc;CACd,YAAY;EAIX,YAAY,UAAU,MAAM,IAAI,GAAG,MAAM;EACzC,MAAA;EACA;CACD,UAAU;EAAE,MAAM;EAAiB,MAAM,MAAM;EAAM;CACrD,MAAM;CACN,cAAc;CACd"}
@@ -0,0 +1,12 @@
1
+ import { Effect, Scope } from "effect";
2
+
3
+ //#region src/plugins/wallet/server.d.ts
4
+ /** Opaque server handle. The substrate's scope finalizer chain
5
+ * invokes `.close()`; callers don't dispatch into it directly. */
6
+ interface WalletServerHandle {
7
+ readonly url: string;
8
+ readonly close: () => Effect.Effect<void>;
9
+ }
10
+ //#endregion
11
+ export { WalletServerHandle };
12
+ //# sourceMappingURL=server.d.mts.map
@@ -0,0 +1,317 @@
1
+ import { decodeJsonText } from "../../substrate/runtime/runtime-decode.mjs";
2
+ import { SpanAttr } from "../../substrate/runtime/observability/spans.mjs";
3
+ import { walletBootError, walletRequestError } from "./errors.mjs";
4
+ import { ExecuteRequestSchema, SignRequestSchema, WALLET_AUTH_HEADER, WalletHttpPath } from "./protocol.mjs";
5
+ import { parseBearerHeader, safeBearerEquals } from "./pairing.mjs";
6
+ import { checkOrigin, corsHeadersFor } from "./origin-policy.mjs";
7
+ import { listenScopedHttpServer } from "../../substrate/runtime/scoped-http-server.mjs";
8
+ import { Effect } from "effect";
9
+ import { randomUUID } from "node:crypto";
10
+ //#region src/plugins/wallet/server.ts
11
+ /** Body cap — 64 KiB. Above the largest reasonable sign-tx payload,
12
+ * well below any OOM threshold. */
13
+ const MAX_BODY_BYTES = 64 * 1024;
14
+ /** Per-request socket-level timeout, milliseconds. Caps the time a
15
+ * malicious / hung peer can hold an idle connection. */
16
+ const REQUEST_SOCKET_TIMEOUT_MS = 3e4;
17
+ /**
18
+ * Boot the wallet HTTP server.
19
+ *
20
+ * Wires `node:http.createServer` against the dispatcher. Listens on
21
+ * `bindAddress:port` (the substrate's port broker chose `port` upstream
22
+ * of this call). The scope finalizer awaits graceful close on teardown
23
+ * — `closeAllConnections()` followed by `close()` with await.
24
+ *
25
+ * Request flow (per connection):
26
+ *
27
+ * 1. `request` listener fires with `IncomingMessage`+`ServerResponse`.
28
+ * 2. We buffer the request body up to `MAX_BODY_BYTES`. If the
29
+ * inbound payload exceeds the cap, the socket is destroyed and
30
+ * a 413 returned without ever invoking the dispatcher (closes the
31
+ * supervisor-OOM path).
32
+ * 3. Construct a `WalletRequest` from the buffered body + headers.
33
+ * 4. `Effect.runForkWith(supervisorContext)(dispatch(config, req))`
34
+ * — captured at acquire time so handler logs/spans flow to the
35
+ * TUI logger sink.
36
+ * 5. On fiber completion, write status + headers + body to `res`.
37
+ * 6. On uncaught exception in the listener path: 500 with an opaque
38
+ * message (no token leak, no internal-state leak).
39
+ *
40
+ * Scope finalizer:
41
+ *
42
+ * Calls `server.closeAllConnections()` (kills idle keepalive
43
+ * sockets) then awaits `server.close()` (drains in-flight). The
44
+ * finalizer is uninterruptible so a Ctrl-C double-tap doesn't
45
+ * leave the socket dangling.
46
+ */
47
+ const startHttpServer = (config) => Effect.gen(function* () {
48
+ const supervisorContext = yield* Effect.context();
49
+ const runDispatch = Effect.runForkWith(supervisorContext);
50
+ const handle = yield* listenScopedHttpServer({
51
+ bindAddress: config.bindAddress,
52
+ port: config.port,
53
+ listener: makeRequestListener(config, runDispatch),
54
+ onListenError: (cause) => walletBootError({
55
+ phase: "listen",
56
+ message: `wallet HTTP server listen failed on ${config.bindAddress}:${config.port} — ` + (cause instanceof Error ? cause.message : String(cause)),
57
+ hint: "check that the port broker did not hand out a busy port; a sibling devstack on the same address would also explain this.",
58
+ cause
59
+ })
60
+ });
61
+ yield* Effect.logInfo("wallet HTTP server listening").pipe(Effect.annotateLogs({
62
+ [SpanAttr.host]: config.bindAddress,
63
+ [SpanAttr.port]: config.port
64
+ }));
65
+ return {
66
+ url: handle.url,
67
+ close: handle.close
68
+ };
69
+ });
70
+ /**
71
+ * Build the `(req, res)` listener Node hands to `http.createServer`.
72
+ *
73
+ * The listener:
74
+ *
75
+ * - Buffers the request body up to `MAX_BODY_BYTES`. Over-cap →
76
+ * 413 + socket destroyed (the dispatcher's body-cap check is the
77
+ * second line of defense; this one is the first).
78
+ * - Drops invalid socket-level errors silently (defensive: the
79
+ * wallet is loopback-only, but a malformed HTTP/1.1 line shouldn't
80
+ * crash the supervisor).
81
+ * - Forks the dispatcher Effect via the captured supervisor runtime.
82
+ * - Writes the resolved `WalletResponse` back to `res`.
83
+ *
84
+ * Returns void (Node listener signature) — all error reporting flows
85
+ * through the dispatcher (request errors) or `Effect.logError` (boot/
86
+ * listener path errors).
87
+ */
88
+ const makeRequestListener = (config, runDispatch) => (req, res) => {
89
+ req.socket.setTimeout(REQUEST_SOCKET_TIMEOUT_MS);
90
+ const chunks = [];
91
+ let totalBytes = 0;
92
+ let overflowed = false;
93
+ req.on("data", (chunk) => {
94
+ if (overflowed) return;
95
+ totalBytes += chunk.length;
96
+ if (totalBytes > 65536) {
97
+ overflowed = true;
98
+ writeOverflow(res);
99
+ try {
100
+ req.destroy();
101
+ } catch {}
102
+ return;
103
+ }
104
+ chunks.push(chunk);
105
+ });
106
+ req.on("error", () => {});
107
+ req.on("end", () => {
108
+ if (overflowed) return;
109
+ const body = Buffer.concat(chunks).toString("utf8");
110
+ runDispatch(dispatch(config, {
111
+ method: req.method ?? "GET",
112
+ url: req.url ?? "/",
113
+ headers: normalizeHeaders(req.headers),
114
+ body
115
+ }).pipe(Effect.matchEffect({
116
+ onFailure: (cause) => Effect.sync(() => {
117
+ writeServerError(res, cause);
118
+ }),
119
+ onSuccess: (resp) => Effect.sync(() => writeResponse(res, resp))
120
+ })));
121
+ });
122
+ };
123
+ const writeResponse = (res, resp) => {
124
+ if (res.writableEnded) return;
125
+ res.statusCode = resp.status;
126
+ for (const [k, v] of Object.entries(resp.headers)) res.setHeader(k, v);
127
+ res.end(resp.body);
128
+ };
129
+ const writeOverflow = (res) => {
130
+ if (res.writableEnded) return;
131
+ res.statusCode = 413;
132
+ res.setHeader("content-type", "text/plain; charset=utf-8");
133
+ res.end("payload too large");
134
+ };
135
+ const writeServerError = (res, cause) => {
136
+ if (res.writableEnded) return;
137
+ res.statusCode = 500;
138
+ res.setHeader("content-type", "application/json; charset=utf-8");
139
+ res.end(JSON.stringify({
140
+ error: "internal error",
141
+ code: "internal-error"
142
+ }));
143
+ };
144
+ /** Normalize Node's `IncomingHttpHeaders` (string | string[] | undefined)
145
+ * to the `WalletRequest.headers` shape (string | undefined). Picks the
146
+ * first value for repeated headers — matches browser send semantics
147
+ * for the headers we care about (Origin, Authorization, Content-Type). */
148
+ const normalizeHeaders = (headers) => {
149
+ const out = {};
150
+ for (const [k, v] of Object.entries(headers)) if (v === void 0) out[k] = void 0;
151
+ else if (Array.isArray(v)) out[k] = v[0];
152
+ else out[k] = v;
153
+ return out;
154
+ };
155
+ const json = (status, body, extraHeaders = {}) => ({
156
+ status,
157
+ headers: {
158
+ "content-type": "application/json; charset=utf-8",
159
+ ...extraHeaders
160
+ },
161
+ body: JSON.stringify(body)
162
+ });
163
+ const text = (status, body, extraHeaders = {}) => ({
164
+ status,
165
+ headers: {
166
+ "content-type": "text/plain; charset=utf-8",
167
+ ...extraHeaders
168
+ },
169
+ body
170
+ });
171
+ /**
172
+ * Dispatch a single request to its handler. Returns an Effect that
173
+ * always succeeds (the response is built); request-level failures
174
+ * are projected to JSON envelopes via `errorEnvelope` below.
175
+ *
176
+ * The dispatch order matters:
177
+ * 1. OPTIONS preflight (returns 204 + CORS) — no auth required.
178
+ * 2. Path-prefix gate — anything not under `/api/v1/devstack/` is
179
+ * a flat 404 (text/plain). PROTECTS the auth gate from being
180
+ * visible on arbitrary URLs.
181
+ * 3. Origin check (must be in policy.allowed; missing → 403).
182
+ * 4. Bearer check (must constant-time-equal `config.token`).
183
+ * 5. Method+path route to handler.
184
+ */
185
+ const dispatch = (config, req) => Effect.gen(function* () {
186
+ const requestId = randomUUID();
187
+ yield* Effect.annotateCurrentSpan({
188
+ "wallet.request.id": requestId,
189
+ "wallet.request.method": req.method,
190
+ "wallet.request.url": req.url
191
+ });
192
+ if (req.method === "OPTIONS") {
193
+ const origin = req.headers["origin"];
194
+ if (origin !== void 0 && config.policy.allowed.has(origin)) return {
195
+ status: 204,
196
+ headers: corsHeadersFor(origin),
197
+ body: ""
198
+ };
199
+ return text(403, "forbidden origin");
200
+ }
201
+ const path = req.url.split("?")[0] ?? "";
202
+ if (!path.startsWith("/api/v1/devstack/")) return text(404, "not found");
203
+ const originResult = checkOrigin(config.policy, req.headers["origin"]);
204
+ if (originResult === "missing") {
205
+ yield* Effect.logWarning("wallet origin missing").pipe(Effect.annotateLogs({
206
+ [SpanAttr.requestId]: requestId,
207
+ [SpanAttr.httpMethod]: req.method,
208
+ [SpanAttr.httpPath]: path
209
+ }));
210
+ return text(403, "Origin header required");
211
+ }
212
+ if (originResult === "forbidden") {
213
+ yield* Effect.logWarning("wallet origin forbidden").pipe(Effect.annotateLogs({
214
+ [SpanAttr.requestId]: requestId,
215
+ [SpanAttr.walletOrigin]: req.headers.origin ?? "(missing)",
216
+ [SpanAttr.httpMethod]: req.method,
217
+ [SpanAttr.httpPath]: path
218
+ }));
219
+ return text(403, "forbidden origin");
220
+ }
221
+ const origin = req.headers["origin"];
222
+ const bearer = parseBearerHeader(req.headers[WALLET_AUTH_HEADER]);
223
+ const bearerValid = bearer !== null && safeBearerEquals(bearer, config.token);
224
+ yield* Effect.annotateCurrentSpan({ [SpanAttr.walletBearerValid]: bearerValid });
225
+ if (!bearerValid) {
226
+ yield* Effect.logWarning("wallet bearer check failed").pipe(Effect.annotateLogs({
227
+ [SpanAttr.requestId]: requestId,
228
+ [SpanAttr.walletBearerValid]: bearerValid,
229
+ [SpanAttr.httpMethod]: req.method,
230
+ [SpanAttr.httpPath]: path
231
+ }));
232
+ return errorEnvelope(walletRequestError({
233
+ phase: "unauthorized",
234
+ httpStatus: 401,
235
+ message: "unauthorized"
236
+ }), corsHeadersFor(origin));
237
+ }
238
+ const corsHdr = corsHeadersFor(origin);
239
+ return yield* routeRequest(config, req, path, corsHdr).pipe(Effect.catchTag("WalletRequestError", (err) => Effect.succeed(errorEnvelope(err, corsHdr))));
240
+ });
241
+ const routeRequest = (config, req, path, corsHdr) => {
242
+ if (req.method === "GET" && path === WalletHttpPath.HEALTH) return Effect.succeed(json(200, { ok: true }, corsHdr));
243
+ if (req.method === "GET" && path === WalletHttpPath.ACCOUNTS) return handleAccounts(config, corsHdr);
244
+ if (req.method === "POST" && path === WalletHttpPath.SIGN_TRANSACTION) return handleSign(config, req, "transaction", corsHdr);
245
+ if (req.method === "POST" && path === WalletHttpPath.SIGN_PERSONAL_MESSAGE) return handleSign(config, req, "personal-message", corsHdr);
246
+ if (req.method === "POST" && path === WalletHttpPath.EXECUTE) return handleExecute(config, req, corsHdr);
247
+ return Effect.fail(walletRequestError({
248
+ phase: "route-not-found",
249
+ httpStatus: 404,
250
+ message: `no route for ${req.method} ${path}`
251
+ }));
252
+ };
253
+ const handleAccounts = (config, corsHdr) => Effect.sync(() => {
254
+ return json(200, { accounts: Array.from(config.accountsByAddress.values()).map((acct) => ({
255
+ name: acct.name,
256
+ address: acct.address,
257
+ scheme: acct.scheme,
258
+ publicKey: Buffer.from(acct.publicKey).toString("base64"),
259
+ source: acct.source
260
+ })) }, corsHdr);
261
+ });
262
+ const decodeJsonBody = (schema, body) => Effect.gen(function* () {
263
+ if (body.length > 65536) return yield* Effect.fail(walletRequestError({
264
+ phase: "body-invalid",
265
+ httpStatus: 400,
266
+ message: `body exceeds ${MAX_BODY_BYTES}-byte cap`
267
+ }));
268
+ return yield* decodeJsonText(schema, body, {
269
+ source: "wallet request body",
270
+ mkError: (issue) => walletRequestError({
271
+ phase: "body-invalid",
272
+ httpStatus: 400,
273
+ message: issue.message === "failed to parse JSON" ? "invalid JSON body" : "request body did not match schema",
274
+ cause: issue.cause
275
+ })
276
+ });
277
+ });
278
+ const handleSign = (config, req, kind, corsHdr) => Effect.gen(function* () {
279
+ const body = yield* decodeJsonBody(SignRequestSchema, req.body);
280
+ const account = config.accountsByAddress.get(body.address);
281
+ if (account === void 0) return yield* Effect.fail(walletRequestError({
282
+ phase: "address-not-found",
283
+ httpStatus: 404,
284
+ message: `no account for address '${body.address}'`
285
+ }));
286
+ const bytes = Buffer.from(body.bytes, "base64");
287
+ return json(200, yield* (kind === "transaction" ? account.signTransaction(bytes) : account.signPersonalMessage(bytes)).pipe(Effect.mapError((cause) => walletRequestError({
288
+ phase: "sign-route-failed",
289
+ httpStatus: 500,
290
+ message: `${kind === "transaction" ? "signTransaction" : "signPersonalMessage"} failed`,
291
+ cause
292
+ }))), corsHdr);
293
+ });
294
+ const handleExecute = (config, req, corsHdr) => Effect.gen(function* () {
295
+ const body = yield* decodeJsonBody(ExecuteRequestSchema, req.body);
296
+ const account = config.accountsByAddress.get(body.address);
297
+ if (account === void 0) return yield* Effect.fail(walletRequestError({
298
+ phase: "address-not-found",
299
+ httpStatus: 404,
300
+ message: `no account for address '${body.address}'`
301
+ }));
302
+ const bytes = Buffer.from(body.bytes, "base64");
303
+ return json(200, yield* account.signAndExecute(bytes).pipe(Effect.mapError((cause) => walletRequestError({
304
+ phase: "sign-route-failed",
305
+ httpStatus: 500,
306
+ message: "signAndExecute failed",
307
+ cause
308
+ }))), corsHdr);
309
+ });
310
+ const errorEnvelope = (err, corsHdr) => json(err.httpStatus, {
311
+ error: err.message,
312
+ code: err.phase
313
+ }, corsHdr);
314
+ //#endregion
315
+ export { MAX_BODY_BYTES, dispatch, startHttpServer };
316
+
317
+ //# sourceMappingURL=server.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"server.mjs","names":[],"sources":["../../../src/plugins/wallet/server.ts"],"sourcesContent":["// Wallet plugin — in-process HTTP server.\n//\n// Responsibilities:\n//\n// 1. Bind a `node:http` server on a substrate-allocated port (the\n// port broker hands the port in; we don't pick it here).\n// 2. Dispatch by `(METHOD, path)` to the four handlers below\n// (health, accounts, sign-transaction, sign-personal-message,\n// execute).\n// 3. Enforce the auth gate: mandatory Origin in policy.allowed +\n// constant-time bearer compare.\n// 4. Body-cap enforcement: 64 KiB before buffering — protects the\n// supervisor from OOM via streaming payloads.\n// 5. Per-request span + log annotation under the captured\n// supervisor context — so handler errors hit the TUI logger\n// sink instead of bare stderr.\n// 6. Scope-finalizer teardown: `closeAllConnections()` →\n// `close()` awaited → port release (the substrate's scope\n// finalizer chain handles release; we just close).\n//\n// Wiring status (15-wallet.md alignment): both the per-route handler\n// bodies (auth + decode + dispatch to `AccountValue` sign closures)\n// AND the in-process `node:http.Server` listen loop are real. The\n// listener buffers each request body up to `MAX_BODY_BYTES`, forks the\n// dispatcher Effect under the captured supervisor context (so handler\n// logs flow to the TUI logger sink), while the substrate scoped HTTP\n// listener owns bind/close lifecycle.\n\nimport { Context, Effect, Schema } from 'effect';\nimport type { Scope } from 'effect';\nimport { randomUUID } from 'node:crypto';\nimport type { IncomingMessage, ServerResponse } from 'node:http';\n\nimport { listenScopedHttpServer } from '../../substrate/runtime/scoped-http-server.ts';\nimport { SpanAttr } from '../../substrate/runtime/observability/spans.ts';\nimport { decodeJsonText } from '../../substrate/runtime/runtime-decode.ts';\nimport type { AccountValue } from '../account/service.ts';\nimport {\n\twalletBootError,\n\twalletRequestError,\n\ttype WalletBootError,\n\ttype WalletRequestError,\n} from './errors.ts';\nimport { checkOrigin, corsHeadersFor, type OriginPolicy } from './origin-policy.ts';\nimport { parseBearerHeader, safeBearerEquals, type PairingToken } from './pairing.ts';\nimport {\n\tAccountsResponseSchema,\n\tExecuteRequestSchema,\n\tHealthResponseSchema,\n\tSignRequestSchema,\n\tSignResponseSchema,\n\tWALLET_AUTH_HEADER,\n\tWALLET_PROTOCOL_PREFIX,\n\tWalletHttpPath,\n\ttype AccountSummary,\n} from './protocol.ts';\n\n// ----------------------------------------------------------------------\n// Server config + handle\n// ----------------------------------------------------------------------\n\n/** Inputs the substrate hands to `startHttpServer`. The plugin's\n * acquire body builds this from its resolved inputs (port broker,\n * origin policy, accounts map, token). */\nexport interface WalletServerConfig {\n\treadonly bindAddress: string;\n\treadonly port: number;\n\treadonly token: PairingToken;\n\treadonly policy: OriginPolicy;\n\treadonly accountsByAddress: ReadonlyMap<string, AccountValue>;\n\t/** Captured supervisor context — handler errors log under this so\n\t * the TUI logger sink receives them. Stub: the substrate primitive\n\t * will hand this in; today the field is opaque. */\n\treadonly supervisorCtx: unknown;\n}\n\n/** Opaque server handle. The substrate's scope finalizer chain\n * invokes `.close()`; callers don't dispatch into it directly. */\nexport interface WalletServerHandle {\n\treadonly url: string; // direct loopback URL — `http://<bindAddress>:<port>`\n\treadonly close: () => Effect.Effect<void>;\n}\n\n/** Body cap — 64 KiB. Above the largest reasonable sign-tx payload,\n * well below any OOM threshold. */\nexport const MAX_BODY_BYTES = 64 * 1024;\n\n// ----------------------------------------------------------------------\n// Top-level boot\n// ----------------------------------------------------------------------\n\n/** Per-request socket-level timeout, milliseconds. Caps the time a\n * malicious / hung peer can hold an idle connection. */\nconst REQUEST_SOCKET_TIMEOUT_MS = 30_000;\n\n/**\n * Boot the wallet HTTP server.\n *\n * Wires `node:http.createServer` against the dispatcher. Listens on\n * `bindAddress:port` (the substrate's port broker chose `port` upstream\n * of this call). The scope finalizer awaits graceful close on teardown\n * — `closeAllConnections()` followed by `close()` with await.\n *\n * Request flow (per connection):\n *\n * 1. `request` listener fires with `IncomingMessage`+`ServerResponse`.\n * 2. We buffer the request body up to `MAX_BODY_BYTES`. If the\n * inbound payload exceeds the cap, the socket is destroyed and\n * a 413 returned without ever invoking the dispatcher (closes the\n * supervisor-OOM path).\n * 3. Construct a `WalletRequest` from the buffered body + headers.\n * 4. `Effect.runForkWith(supervisorContext)(dispatch(config, req))`\n * — captured at acquire time so handler logs/spans flow to the\n * TUI logger sink.\n * 5. On fiber completion, write status + headers + body to `res`.\n * 6. On uncaught exception in the listener path: 500 with an opaque\n * message (no token leak, no internal-state leak).\n *\n * Scope finalizer:\n *\n * Calls `server.closeAllConnections()` (kills idle keepalive\n * sockets) then awaits `server.close()` (drains in-flight). The\n * finalizer is uninterruptible so a Ctrl-C double-tap doesn't\n * leave the socket dangling.\n */\nexport const startHttpServer = (\n\tconfig: WalletServerConfig,\n): Effect.Effect<WalletServerHandle, WalletBootError, Scope.Scope> =>\n\tEffect.gen(function* () {\n\t\t// Capture the supervisor context so handler fibers run with the\n\t\t// same Logger / span sinks as the rest of the stack. The\n\t\t// dispatcher's R-channel is `never`, but capturing the context\n\t\t// keeps fiber-refs (logger, spans) flowing.\n\t\tconst supervisorContext = yield* Effect.context<never>();\n\t\tconst runDispatch = Effect.runForkWith(supervisorContext as Context.Context<never>);\n\n\t\tconst handle = yield* listenScopedHttpServer({\n\t\t\tbindAddress: config.bindAddress,\n\t\t\tport: config.port,\n\t\t\tlistener: makeRequestListener(config, runDispatch),\n\t\t\tonListenError: (cause): WalletBootError =>\n\t\t\t\twalletBootError({\n\t\t\t\t\tphase: 'listen',\n\t\t\t\t\tmessage:\n\t\t\t\t\t\t`wallet HTTP server listen failed on ${config.bindAddress}:${config.port} — ` +\n\t\t\t\t\t\t(cause instanceof Error ? cause.message : String(cause)),\n\t\t\t\t\thint:\n\t\t\t\t\t\t'check that the port broker did not hand out a busy port; ' +\n\t\t\t\t\t\t'a sibling devstack on the same address would also explain this.',\n\t\t\t\t\tcause,\n\t\t\t\t}),\n\t\t});\n\n\t\tyield* Effect.logInfo('wallet HTTP server listening').pipe(\n\t\t\tEffect.annotateLogs({\n\t\t\t\t[SpanAttr.host]: config.bindAddress,\n\t\t\t\t[SpanAttr.port]: config.port,\n\t\t\t}),\n\t\t);\n\n\t\treturn {\n\t\t\turl: handle.url,\n\t\t\tclose: handle.close,\n\t\t} satisfies WalletServerHandle;\n\t});\n\n// ----------------------------------------------------------------------\n// Node request listener — bridges `node:http` → dispatcher Effect\n// ----------------------------------------------------------------------\n\n/**\n * Build the `(req, res)` listener Node hands to `http.createServer`.\n *\n * The listener:\n *\n * - Buffers the request body up to `MAX_BODY_BYTES`. Over-cap →\n * 413 + socket destroyed (the dispatcher's body-cap check is the\n * second line of defense; this one is the first).\n * - Drops invalid socket-level errors silently (defensive: the\n * wallet is loopback-only, but a malformed HTTP/1.1 line shouldn't\n * crash the supervisor).\n * - Forks the dispatcher Effect via the captured supervisor runtime.\n * - Writes the resolved `WalletResponse` back to `res`.\n *\n * Returns void (Node listener signature) — all error reporting flows\n * through the dispatcher (request errors) or `Effect.logError` (boot/\n * listener path errors).\n */\nconst makeRequestListener =\n\t(\n\t\tconfig: WalletServerConfig,\n\t\trunDispatch: <A, E>(effect: Effect.Effect<A, E, never>) => unknown,\n\t): ((req: IncomingMessage, res: ServerResponse) => void) =>\n\t(req, res) => {\n\t\t// Socket-level timeout — protects against hung peers parking\n\t\t// requests on the supervisor's loopback.\n\t\treq.socket.setTimeout(REQUEST_SOCKET_TIMEOUT_MS);\n\n\t\tconst chunks: Buffer[] = [];\n\t\tlet totalBytes = 0;\n\t\tlet overflowed = false;\n\n\t\treq.on('data', (chunk: Buffer) => {\n\t\t\tif (overflowed) return;\n\t\t\ttotalBytes += chunk.length;\n\t\t\tif (totalBytes > MAX_BODY_BYTES) {\n\t\t\t\toverflowed = true;\n\t\t\t\twriteOverflow(res);\n\t\t\t\ttry {\n\t\t\t\t\treq.destroy();\n\t\t\t\t} catch {\n\t\t\t\t\t/* defensive */\n\t\t\t\t}\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tchunks.push(chunk);\n\t\t});\n\n\t\treq.on('error', () => {\n\t\t\t// Socket-level error — drop. Per-request errors are handled\n\t\t\t// inside the dispatcher.\n\t\t});\n\n\t\treq.on('end', () => {\n\t\t\tif (overflowed) return;\n\t\t\tconst body = Buffer.concat(chunks).toString('utf8');\n\t\t\tconst walletReq: WalletRequest = {\n\t\t\t\tmethod: req.method ?? 'GET',\n\t\t\t\turl: req.url ?? '/',\n\t\t\t\theaders: normalizeHeaders(req.headers),\n\t\t\t\tbody,\n\t\t\t};\n\t\t\tconst program = dispatch(config, walletReq).pipe(\n\t\t\t\tEffect.matchEffect({\n\t\t\t\t\tonFailure: (cause) =>\n\t\t\t\t\t\tEffect.sync(() => {\n\t\t\t\t\t\t\t// `dispatch` is typed `Effect<WalletResponse>` (no\n\t\t\t\t\t\t\t// failure channel); a thrown defect lands here as a\n\t\t\t\t\t\t\t// `Cause`. Log + write a 500.\n\t\t\t\t\t\t\twriteServerError(res, cause);\n\t\t\t\t\t\t}),\n\t\t\t\t\tonSuccess: (resp) => Effect.sync(() => writeResponse(res, resp)),\n\t\t\t\t}),\n\t\t\t);\n\t\t\trunDispatch(program);\n\t\t});\n\t};\n\nconst writeResponse = (res: ServerResponse, resp: WalletResponse): void => {\n\tif (res.writableEnded) return;\n\tres.statusCode = resp.status;\n\tfor (const [k, v] of Object.entries(resp.headers)) {\n\t\tres.setHeader(k, v);\n\t}\n\tres.end(resp.body);\n};\n\nconst writeOverflow = (res: ServerResponse): void => {\n\tif (res.writableEnded) return;\n\tres.statusCode = 413;\n\tres.setHeader('content-type', 'text/plain; charset=utf-8');\n\tres.end('payload too large');\n};\n\nconst writeServerError = (res: ServerResponse, cause: unknown): void => {\n\tif (res.writableEnded) return;\n\tres.statusCode = 500;\n\tres.setHeader('content-type', 'application/json; charset=utf-8');\n\t// Opaque error body — no token, no internal state leak.\n\tres.end(\n\t\tJSON.stringify({\n\t\t\terror: 'internal error',\n\t\t\tcode: 'internal-error',\n\t\t}),\n\t);\n\tvoid cause; // surfaces via Effect.logError on the dispatcher path\n};\n\n/** Normalize Node's `IncomingHttpHeaders` (string | string[] | undefined)\n * to the `WalletRequest.headers` shape (string | undefined). Picks the\n * first value for repeated headers — matches browser send semantics\n * for the headers we care about (Origin, Authorization, Content-Type). */\nconst normalizeHeaders = (\n\theaders: IncomingMessage['headers'],\n): Readonly<Record<string, string | undefined>> => {\n\tconst out: Record<string, string | undefined> = {};\n\tfor (const [k, v] of Object.entries(headers)) {\n\t\tif (v === undefined) {\n\t\t\tout[k] = undefined;\n\t\t} else if (Array.isArray(v)) {\n\t\t\tout[k] = v[0];\n\t\t} else {\n\t\t\tout[k] = v;\n\t\t}\n\t}\n\treturn out;\n};\n\n// ----------------------------------------------------------------------\n// Dispatcher — pure(ish) function from request → effect\n// ----------------------------------------------------------------------\n\n/** Inbound request shape — substrate-runtime-agnostic. The substrate's\n * http-server primitive converts a `node:http` IncomingMessage into\n * this; tests can construct it directly. */\nexport interface WalletRequest {\n\treadonly method: string;\n\treadonly url: string; // path + query, no host\n\treadonly headers: Readonly<Record<string, string | undefined>>;\n\treadonly body: string; // already-buffered (capped at MAX_BODY_BYTES)\n}\n\n/** Outbound response. */\nexport interface WalletResponse {\n\treadonly status: number;\n\treadonly headers: Readonly<Record<string, string>>;\n\treadonly body: string;\n}\n\nconst json = (\n\tstatus: number,\n\tbody: unknown,\n\textraHeaders: Readonly<Record<string, string>> = {},\n): WalletResponse => ({\n\tstatus,\n\theaders: { 'content-type': 'application/json; charset=utf-8', ...extraHeaders },\n\tbody: JSON.stringify(body),\n});\n\nconst text = (\n\tstatus: number,\n\tbody: string,\n\textraHeaders: Readonly<Record<string, string>> = {},\n): WalletResponse => ({\n\tstatus,\n\theaders: { 'content-type': 'text/plain; charset=utf-8', ...extraHeaders },\n\tbody,\n});\n\n/**\n * Dispatch a single request to its handler. Returns an Effect that\n * always succeeds (the response is built); request-level failures\n * are projected to JSON envelopes via `errorEnvelope` below.\n *\n * The dispatch order matters:\n * 1. OPTIONS preflight (returns 204 + CORS) — no auth required.\n * 2. Path-prefix gate — anything not under `/api/v1/devstack/` is\n * a flat 404 (text/plain). PROTECTS the auth gate from being\n * visible on arbitrary URLs.\n * 3. Origin check (must be in policy.allowed; missing → 403).\n * 4. Bearer check (must constant-time-equal `config.token`).\n * 5. Method+path route to handler.\n */\nexport const dispatch = (\n\tconfig: WalletServerConfig,\n\treq: WalletRequest,\n): Effect.Effect<WalletResponse> =>\n\tEffect.gen(function* () {\n\t\tconst requestId = randomUUID();\n\t\tyield* Effect.annotateCurrentSpan({\n\t\t\t'wallet.request.id': requestId,\n\t\t\t'wallet.request.method': req.method,\n\t\t\t'wallet.request.url': req.url,\n\t\t});\n\n\t\t// 1. OPTIONS preflight — no auth check, but the origin still has\n\t\t// to be in the allowlist so we don't leak CORS headers to\n\t\t// arbitrary callers.\n\t\tif (req.method === 'OPTIONS') {\n\t\t\tconst origin = req.headers['origin'];\n\t\t\tif (origin !== undefined && config.policy.allowed.has(origin)) {\n\t\t\t\treturn { status: 204, headers: corsHeadersFor(origin), body: '' };\n\t\t\t}\n\t\t\treturn text(403, 'forbidden origin');\n\t\t}\n\n\t\t// 2. Path-prefix gate.\n\t\tconst path = req.url.split('?')[0] ?? '';\n\t\tif (!path.startsWith(WALLET_PROTOCOL_PREFIX)) {\n\t\t\treturn text(404, 'not found');\n\t\t}\n\n\t\t// 3. Origin check.\n\t\tconst originResult = checkOrigin(config.policy, req.headers['origin']);\n\t\tif (originResult === 'missing') {\n\t\t\t// Log the BEARER-VALIDITY only, never the token itself.\n\t\t\tyield* Effect.logWarning('wallet origin missing').pipe(\n\t\t\t\tEffect.annotateLogs({\n\t\t\t\t\t[SpanAttr.requestId]: requestId,\n\t\t\t\t\t[SpanAttr.httpMethod]: req.method,\n\t\t\t\t\t[SpanAttr.httpPath]: path,\n\t\t\t\t}),\n\t\t\t);\n\t\t\treturn text(403, 'Origin header required');\n\t\t}\n\t\tif (originResult === 'forbidden') {\n\t\t\tyield* Effect.logWarning('wallet origin forbidden').pipe(\n\t\t\t\tEffect.annotateLogs({\n\t\t\t\t\t[SpanAttr.requestId]: requestId,\n\t\t\t\t\t[SpanAttr.walletOrigin]: req.headers.origin ?? '(missing)',\n\t\t\t\t\t[SpanAttr.httpMethod]: req.method,\n\t\t\t\t\t[SpanAttr.httpPath]: path,\n\t\t\t\t}),\n\t\t\t);\n\t\t\treturn text(403, 'forbidden origin');\n\t\t}\n\t\tconst origin = req.headers['origin']!;\n\n\t\t// 4. Bearer check. Token never appears in log lines — only the\n\t\t// boolean validity.\n\t\tconst bearer = parseBearerHeader(req.headers[WALLET_AUTH_HEADER]);\n\t\tconst bearerValid = bearer !== null && safeBearerEquals(bearer, config.token);\n\t\tyield* Effect.annotateCurrentSpan({ [SpanAttr.walletBearerValid]: bearerValid });\n\t\tif (!bearerValid) {\n\t\t\tyield* Effect.logWarning('wallet bearer check failed').pipe(\n\t\t\t\tEffect.annotateLogs({\n\t\t\t\t\t[SpanAttr.requestId]: requestId,\n\t\t\t\t\t[SpanAttr.walletBearerValid]: bearerValid,\n\t\t\t\t\t[SpanAttr.httpMethod]: req.method,\n\t\t\t\t\t[SpanAttr.httpPath]: path,\n\t\t\t\t}),\n\t\t\t);\n\t\t\treturn errorEnvelope(\n\t\t\t\twalletRequestError({\n\t\t\t\t\tphase: 'unauthorized',\n\t\t\t\t\thttpStatus: 401,\n\t\t\t\t\tmessage: 'unauthorized',\n\t\t\t\t}),\n\t\t\t\tcorsHeadersFor(origin),\n\t\t\t);\n\t\t}\n\n\t\t// 5. Route.\n\t\tconst corsHdr = corsHeadersFor(origin);\n\t\treturn yield* routeRequest(config, req, path, corsHdr).pipe(\n\t\t\tEffect.catchTag('WalletRequestError', (err) => Effect.succeed(errorEnvelope(err, corsHdr))),\n\t\t);\n\t});\n\n// ----------------------------------------------------------------------\n// Routing\n// ----------------------------------------------------------------------\n\nconst routeRequest = (\n\tconfig: WalletServerConfig,\n\treq: WalletRequest,\n\tpath: string,\n\tcorsHdr: Readonly<Record<string, string>>,\n): Effect.Effect<WalletResponse, WalletRequestError> => {\n\tif (req.method === 'GET' && path === WalletHttpPath.HEALTH) {\n\t\treturn Effect.succeed(\n\t\t\tjson(200, { ok: true } satisfies Schema.Schema.Type<typeof HealthResponseSchema>, corsHdr),\n\t\t);\n\t}\n\tif (req.method === 'GET' && path === WalletHttpPath.ACCOUNTS) {\n\t\treturn handleAccounts(config, corsHdr);\n\t}\n\tif (req.method === 'POST' && path === WalletHttpPath.SIGN_TRANSACTION) {\n\t\treturn handleSign(config, req, 'transaction', corsHdr);\n\t}\n\tif (req.method === 'POST' && path === WalletHttpPath.SIGN_PERSONAL_MESSAGE) {\n\t\treturn handleSign(config, req, 'personal-message', corsHdr);\n\t}\n\tif (req.method === 'POST' && path === WalletHttpPath.EXECUTE) {\n\t\treturn handleExecute(config, req, corsHdr);\n\t}\n\treturn Effect.fail(\n\t\twalletRequestError({\n\t\t\tphase: 'route-not-found',\n\t\t\thttpStatus: 404,\n\t\t\tmessage: `no route for ${req.method} ${path}`,\n\t\t}),\n\t);\n};\n\n// ----------------------------------------------------------------------\n// Handlers\n// ----------------------------------------------------------------------\n\nconst handleAccounts = (\n\tconfig: WalletServerConfig,\n\tcorsHdr: Readonly<Record<string, string>>,\n): Effect.Effect<WalletResponse, WalletRequestError> =>\n\tEffect.sync(() => {\n\t\tconst accounts: ReadonlyArray<AccountSummary> = Array.from(\n\t\t\tconfig.accountsByAddress.values(),\n\t\t).map((acct) => ({\n\t\t\tname: acct.name,\n\t\t\taddress: acct.address,\n\t\t\tscheme: acct.scheme,\n\t\t\tpublicKey: Buffer.from(acct.publicKey).toString('base64'),\n\t\t\tsource: acct.source,\n\t\t}));\n\t\t// Schema-validate the response so a drift between AccountValue\n\t\t// and the wire envelope blows up at the boundary rather than at\n\t\t// the browser-side decode.\n\t\tconst validated: Schema.Schema.Type<typeof AccountsResponseSchema> = { accounts };\n\t\treturn json(200, validated, corsHdr);\n\t});\n\nconst decodeJsonBody = <A>(\n\tschema: Schema.Schema<A>,\n\tbody: string,\n): Effect.Effect<A, WalletRequestError> =>\n\tEffect.gen(function* () {\n\t\tif (body.length > MAX_BODY_BYTES) {\n\t\t\treturn yield* Effect.fail(\n\t\t\t\twalletRequestError({\n\t\t\t\t\tphase: 'body-invalid',\n\t\t\t\t\thttpStatus: 400,\n\t\t\t\t\tmessage: `body exceeds ${MAX_BODY_BYTES}-byte cap`,\n\t\t\t\t}),\n\t\t\t);\n\t\t}\n\t\treturn yield* decodeJsonText(schema as Schema.Decoder<unknown>, body, {\n\t\t\tsource: 'wallet request body',\n\t\t\tmkError: (issue) =>\n\t\t\t\twalletRequestError({\n\t\t\t\t\tphase: 'body-invalid',\n\t\t\t\t\thttpStatus: 400,\n\t\t\t\t\tmessage:\n\t\t\t\t\t\tissue.message === 'failed to parse JSON'\n\t\t\t\t\t\t\t? 'invalid JSON body'\n\t\t\t\t\t\t\t: 'request body did not match schema',\n\t\t\t\t\tcause: issue.cause,\n\t\t\t\t}),\n\t\t}) as Effect.Effect<A, WalletRequestError>;\n\t});\n\nconst handleSign = (\n\tconfig: WalletServerConfig,\n\treq: WalletRequest,\n\tkind: 'transaction' | 'personal-message',\n\tcorsHdr: Readonly<Record<string, string>>,\n): Effect.Effect<WalletResponse, WalletRequestError> =>\n\tEffect.gen(function* () {\n\t\tconst body = yield* decodeJsonBody(SignRequestSchema, req.body);\n\t\tconst account = config.accountsByAddress.get(body.address);\n\t\tif (account === undefined) {\n\t\t\treturn yield* Effect.fail(\n\t\t\t\twalletRequestError({\n\t\t\t\t\tphase: 'address-not-found',\n\t\t\t\t\thttpStatus: 404,\n\t\t\t\t\tmessage: `no account for address '${body.address}'`,\n\t\t\t\t}),\n\t\t\t);\n\t\t}\n\t\tconst bytes = Buffer.from(body.bytes, 'base64');\n\t\tconst signed = yield* (\n\t\t\tkind === 'transaction' ? account.signTransaction(bytes) : account.signPersonalMessage(bytes)\n\t\t).pipe(\n\t\t\tEffect.mapError((cause) =>\n\t\t\t\twalletRequestError({\n\t\t\t\t\tphase: 'sign-route-failed',\n\t\t\t\t\thttpStatus: 500,\n\t\t\t\t\tmessage: `${kind === 'transaction' ? 'signTransaction' : 'signPersonalMessage'} failed`,\n\t\t\t\t\tcause,\n\t\t\t\t}),\n\t\t\t),\n\t\t);\n\t\tconst resp: Schema.Schema.Type<typeof SignResponseSchema> = signed;\n\t\treturn json(200, resp, corsHdr);\n\t});\n\nconst handleExecute = (\n\tconfig: WalletServerConfig,\n\treq: WalletRequest,\n\tcorsHdr: Readonly<Record<string, string>>,\n): Effect.Effect<WalletResponse, WalletRequestError> =>\n\tEffect.gen(function* () {\n\t\tconst body = yield* decodeJsonBody(ExecuteRequestSchema, req.body);\n\t\tconst account = config.accountsByAddress.get(body.address);\n\t\tif (account === undefined) {\n\t\t\treturn yield* Effect.fail(\n\t\t\t\twalletRequestError({\n\t\t\t\t\tphase: 'address-not-found',\n\t\t\t\t\thttpStatus: 404,\n\t\t\t\t\tmessage: `no account for address '${body.address}'`,\n\t\t\t\t}),\n\t\t\t);\n\t\t}\n\t\tconst bytes = Buffer.from(body.bytes, 'base64');\n\t\tconst result = yield* account.signAndExecute(bytes).pipe(\n\t\t\tEffect.mapError((cause) =>\n\t\t\t\twalletRequestError({\n\t\t\t\t\tphase: 'sign-route-failed',\n\t\t\t\t\thttpStatus: 500,\n\t\t\t\t\tmessage: 'signAndExecute failed',\n\t\t\t\t\tcause,\n\t\t\t\t}),\n\t\t\t),\n\t\t);\n\t\treturn json(200, result, corsHdr);\n\t});\n\n// ----------------------------------------------------------------------\n// Error envelope\n// ----------------------------------------------------------------------\n\nconst errorEnvelope = (\n\terr: WalletRequestError,\n\tcorsHdr: Readonly<Record<string, string>>,\n): WalletResponse => json(err.httpStatus, { error: err.message, code: err.phase }, corsHdr);\n"],"mappings":";;;;;;;;;;;;AAqFA,MAAa,iBAAiB,KAAK;;;AAQnC,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgClC,MAAa,mBACZ,WAEA,OAAO,IAAI,aAAa;CAKvB,MAAM,oBAAoB,OAAO,OAAO,SAAgB;CACxD,MAAM,cAAc,OAAO,YAAY,kBAA4C;CAEnF,MAAM,SAAS,OAAO,uBAAuB;EAC5C,aAAa,OAAO;EACpB,MAAM,OAAO;EACb,UAAU,oBAAoB,QAAQ,YAAY;EAClD,gBAAgB,UACf,gBAAgB;GACf,OAAO;GACP,SACC,uCAAuC,OAAO,YAAY,GAAG,OAAO,KAAK,QACxE,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;GACxD,MACC;GAED;GACA,CAAC;EACH,CAAC;AAEF,QAAO,OAAO,QAAQ,+BAA+B,CAAC,KACrD,OAAO,aAAa;GAClB,SAAS,OAAO,OAAO;GACvB,SAAS,OAAO,OAAO;EACxB,CAAC,CACF;AAED,QAAO;EACN,KAAK,OAAO;EACZ,OAAO,OAAO;EACd;EACA;;;;;;;;;;;;;;;;;;;AAwBH,MAAM,uBAEJ,QACA,iBAEA,KAAK,QAAQ;AAGb,KAAI,OAAO,WAAW,0BAA0B;CAEhD,MAAM,SAAmB,EAAE;CAC3B,IAAI,aAAa;CACjB,IAAI,aAAa;AAEjB,KAAI,GAAG,SAAS,UAAkB;AACjC,MAAI,WAAY;AAChB,gBAAc,MAAM;AACpB,MAAI,aAAA,OAA6B;AAChC,gBAAa;AACb,iBAAc,IAAI;AAClB,OAAI;AACH,QAAI,SAAS;WACN;AAGR;;AAED,SAAO,KAAK,MAAM;GACjB;AAEF,KAAI,GAAG,eAAe,GAGpB;AAEF,KAAI,GAAG,aAAa;AACnB,MAAI,WAAY;EAChB,MAAM,OAAO,OAAO,OAAO,OAAO,CAAC,SAAS,OAAO;AAmBnD,cAZgB,SAAS,QAAQ;GALhC,QAAQ,IAAI,UAAU;GACtB,KAAK,IAAI,OAAO;GAChB,SAAS,iBAAiB,IAAI,QAAQ;GACtC;GAEyC,CAAC,CAAC,KAC3C,OAAO,YAAY;GAClB,YAAY,UACX,OAAO,WAAW;AAIjB,qBAAiB,KAAK,MAAM;KAC3B;GACH,YAAY,SAAS,OAAO,WAAW,cAAc,KAAK,KAAK,CAAC;GAChE,CAAC,CAEgB,CAAC;GACnB;;AAGJ,MAAM,iBAAiB,KAAqB,SAA+B;AAC1E,KAAI,IAAI,cAAe;AACvB,KAAI,aAAa,KAAK;AACtB,MAAK,MAAM,CAAC,GAAG,MAAM,OAAO,QAAQ,KAAK,QAAQ,CAChD,KAAI,UAAU,GAAG,EAAE;AAEpB,KAAI,IAAI,KAAK,KAAK;;AAGnB,MAAM,iBAAiB,QAA8B;AACpD,KAAI,IAAI,cAAe;AACvB,KAAI,aAAa;AACjB,KAAI,UAAU,gBAAgB,4BAA4B;AAC1D,KAAI,IAAI,oBAAoB;;AAG7B,MAAM,oBAAoB,KAAqB,UAAyB;AACvE,KAAI,IAAI,cAAe;AACvB,KAAI,aAAa;AACjB,KAAI,UAAU,gBAAgB,kCAAkC;AAEhE,KAAI,IACH,KAAK,UAAU;EACd,OAAO;EACP,MAAM;EACN,CAAC,CACF;;;;;;AAQF,MAAM,oBACL,YACkD;CAClD,MAAM,MAA0C,EAAE;AAClD,MAAK,MAAM,CAAC,GAAG,MAAM,OAAO,QAAQ,QAAQ,CAC3C,KAAI,MAAM,KAAA,EACT,KAAI,KAAK,KAAA;UACC,MAAM,QAAQ,EAAE,CAC1B,KAAI,KAAK,EAAE;KAEX,KAAI,KAAK;AAGX,QAAO;;AAwBR,MAAM,QACL,QACA,MACA,eAAiD,EAAE,MAC9B;CACrB;CACA,SAAS;EAAE,gBAAgB;EAAmC,GAAG;EAAc;CAC/E,MAAM,KAAK,UAAU,KAAK;CAC1B;AAED,MAAM,QACL,QACA,MACA,eAAiD,EAAE,MAC9B;CACrB;CACA,SAAS;EAAE,gBAAgB;EAA6B,GAAG;EAAc;CACzE;CACA;;;;;;;;;;;;;;;AAgBD,MAAa,YACZ,QACA,QAEA,OAAO,IAAI,aAAa;CACvB,MAAM,YAAY,YAAY;AAC9B,QAAO,OAAO,oBAAoB;EACjC,qBAAqB;EACrB,yBAAyB,IAAI;EAC7B,sBAAsB,IAAI;EAC1B,CAAC;AAKF,KAAI,IAAI,WAAW,WAAW;EAC7B,MAAM,SAAS,IAAI,QAAQ;AAC3B,MAAI,WAAW,KAAA,KAAa,OAAO,OAAO,QAAQ,IAAI,OAAO,CAC5D,QAAO;GAAE,QAAQ;GAAK,SAAS,eAAe,OAAO;GAAE,MAAM;GAAI;AAElE,SAAO,KAAK,KAAK,mBAAmB;;CAIrC,MAAM,OAAO,IAAI,IAAI,MAAM,IAAI,CAAC,MAAM;AACtC,KAAI,CAAC,KAAK,WAAA,oBAAkC,CAC3C,QAAO,KAAK,KAAK,YAAY;CAI9B,MAAM,eAAe,YAAY,OAAO,QAAQ,IAAI,QAAQ,UAAU;AACtE,KAAI,iBAAiB,WAAW;AAE/B,SAAO,OAAO,WAAW,wBAAwB,CAAC,KACjD,OAAO,aAAa;IAClB,SAAS,YAAY;IACrB,SAAS,aAAa,IAAI;IAC1B,SAAS,WAAW;GACrB,CAAC,CACF;AACD,SAAO,KAAK,KAAK,yBAAyB;;AAE3C,KAAI,iBAAiB,aAAa;AACjC,SAAO,OAAO,WAAW,0BAA0B,CAAC,KACnD,OAAO,aAAa;IAClB,SAAS,YAAY;IACrB,SAAS,eAAe,IAAI,QAAQ,UAAU;IAC9C,SAAS,aAAa,IAAI;IAC1B,SAAS,WAAW;GACrB,CAAC,CACF;AACD,SAAO,KAAK,KAAK,mBAAmB;;CAErC,MAAM,SAAS,IAAI,QAAQ;CAI3B,MAAM,SAAS,kBAAkB,IAAI,QAAQ,oBAAoB;CACjE,MAAM,cAAc,WAAW,QAAQ,iBAAiB,QAAQ,OAAO,MAAM;AAC7E,QAAO,OAAO,oBAAoB,GAAG,SAAS,oBAAoB,aAAa,CAAC;AAChF,KAAI,CAAC,aAAa;AACjB,SAAO,OAAO,WAAW,6BAA6B,CAAC,KACtD,OAAO,aAAa;IAClB,SAAS,YAAY;IACrB,SAAS,oBAAoB;IAC7B,SAAS,aAAa,IAAI;IAC1B,SAAS,WAAW;GACrB,CAAC,CACF;AACD,SAAO,cACN,mBAAmB;GAClB,OAAO;GACP,YAAY;GACZ,SAAS;GACT,CAAC,EACF,eAAe,OAAO,CACtB;;CAIF,MAAM,UAAU,eAAe,OAAO;AACtC,QAAO,OAAO,aAAa,QAAQ,KAAK,MAAM,QAAQ,CAAC,KACtD,OAAO,SAAS,uBAAuB,QAAQ,OAAO,QAAQ,cAAc,KAAK,QAAQ,CAAC,CAAC,CAC3F;EACA;AAMH,MAAM,gBACL,QACA,KACA,MACA,YACuD;AACvD,KAAI,IAAI,WAAW,SAAS,SAAS,eAAe,OACnD,QAAO,OAAO,QACb,KAAK,KAAK,EAAE,IAAI,MAAM,EAA4D,QAAQ,CAC1F;AAEF,KAAI,IAAI,WAAW,SAAS,SAAS,eAAe,SACnD,QAAO,eAAe,QAAQ,QAAQ;AAEvC,KAAI,IAAI,WAAW,UAAU,SAAS,eAAe,iBACpD,QAAO,WAAW,QAAQ,KAAK,eAAe,QAAQ;AAEvD,KAAI,IAAI,WAAW,UAAU,SAAS,eAAe,sBACpD,QAAO,WAAW,QAAQ,KAAK,oBAAoB,QAAQ;AAE5D,KAAI,IAAI,WAAW,UAAU,SAAS,eAAe,QACpD,QAAO,cAAc,QAAQ,KAAK,QAAQ;AAE3C,QAAO,OAAO,KACb,mBAAmB;EAClB,OAAO;EACP,YAAY;EACZ,SAAS,gBAAgB,IAAI,OAAO,GAAG;EACvC,CAAC,CACF;;AAOF,MAAM,kBACL,QACA,YAEA,OAAO,WAAW;AAcjB,QAAO,KAAK,KAAK,EADsD,UAZvB,MAAM,KACrD,OAAO,kBAAkB,QAAQ,CACjC,CAAC,KAAK,UAAU;EAChB,MAAM,KAAK;EACX,SAAS,KAAK;EACd,QAAQ,KAAK;EACb,WAAW,OAAO,KAAK,KAAK,UAAU,CAAC,SAAS,SAAS;EACzD,QAAQ,KAAK;EACb,EAI8E,EACrD,EAAE,QAAQ;EACnC;AAEH,MAAM,kBACL,QACA,SAEA,OAAO,IAAI,aAAa;AACvB,KAAI,KAAK,SAAA,MACR,QAAO,OAAO,OAAO,KACpB,mBAAmB;EAClB,OAAO;EACP,YAAY;EACZ,SAAS,gBAAgB,eAAe;EACxC,CAAC,CACF;AAEF,QAAO,OAAO,eAAe,QAAmC,MAAM;EACrE,QAAQ;EACR,UAAU,UACT,mBAAmB;GAClB,OAAO;GACP,YAAY;GACZ,SACC,MAAM,YAAY,yBACf,sBACA;GACJ,OAAO,MAAM;GACb,CAAC;EACH,CAAC;EACD;AAEH,MAAM,cACL,QACA,KACA,MACA,YAEA,OAAO,IAAI,aAAa;CACvB,MAAM,OAAO,OAAO,eAAe,mBAAmB,IAAI,KAAK;CAC/D,MAAM,UAAU,OAAO,kBAAkB,IAAI,KAAK,QAAQ;AAC1D,KAAI,YAAY,KAAA,EACf,QAAO,OAAO,OAAO,KACpB,mBAAmB;EAClB,OAAO;EACP,YAAY;EACZ,SAAS,2BAA2B,KAAK,QAAQ;EACjD,CAAC,CACF;CAEF,MAAM,QAAQ,OAAO,KAAK,KAAK,OAAO,SAAS;AAc/C,QAAO,KAAK,KAAK,QAZhB,SAAS,gBAAgB,QAAQ,gBAAgB,MAAM,GAAG,QAAQ,oBAAoB,MAAM,EAC3F,KACD,OAAO,UAAU,UAChB,mBAAmB;EAClB,OAAO;EACP,YAAY;EACZ,SAAS,GAAG,SAAS,gBAAgB,oBAAoB,sBAAsB;EAC/E;EACA,CAAC,CACF,CACD,EAEsB,QAAQ;EAC9B;AAEH,MAAM,iBACL,QACA,KACA,YAEA,OAAO,IAAI,aAAa;CACvB,MAAM,OAAO,OAAO,eAAe,sBAAsB,IAAI,KAAK;CAClE,MAAM,UAAU,OAAO,kBAAkB,IAAI,KAAK,QAAQ;AAC1D,KAAI,YAAY,KAAA,EACf,QAAO,OAAO,OAAO,KACpB,mBAAmB;EAClB,OAAO;EACP,YAAY;EACZ,SAAS,2BAA2B,KAAK,QAAQ;EACjD,CAAC,CACF;CAEF,MAAM,QAAQ,OAAO,KAAK,KAAK,OAAO,SAAS;AAW/C,QAAO,KAAK,KAAK,OAVK,QAAQ,eAAe,MAAM,CAAC,KACnD,OAAO,UAAU,UAChB,mBAAmB;EAClB,OAAO;EACP,YAAY;EACZ,SAAS;EACT;EACA,CAAC,CACF,CACD,EACwB,QAAQ;EAChC;AAMH,MAAM,iBACL,KACA,YACoB,KAAK,IAAI,YAAY;CAAE,OAAO,IAAI;CAAS,MAAM,IAAI;CAAO,EAAE,QAAQ"}
@@ -0,0 +1,68 @@
1
+ import { ResourceRef } from "../../substrate/plugin.mjs";
2
+ import { AccountValue } from "../account/service.mjs";
3
+ import { AccountResourceId } from "../account/index.mjs";
4
+ import { DappKitConfigBindings } from "./codegen.mjs";
5
+ import { PairingToken } from "./pairing.mjs";
6
+ import { WalletServerHandle } from "./server.mjs";
7
+ import { Effect, FileSystem, Scope } from "effect";
8
+
9
+ //#region src/plugins/wallet/service.d.ts
10
+ /** Literal sentinel for `WalletOptions.accounts: 'all'` — every account
11
+ * member in the stack. Expanded by the composer at `defineDevstack`
12
+ * call time (api-surface-design §4 D6). Kept as an exported constant
13
+ * so the wallet factory + composer share one source of truth. */
14
+ declare const WALLET_ACCOUNTS_ALL: "all";
15
+ /** A user-supplied account ref. The user passes the result of
16
+ * `account('alice')` — NOT a bare string. Generic over the literal
17
+ * account name so the wallet's dependency tuple preserves each
18
+ * per-account resource id (`account/alice`, `account/bob`, ...). */
19
+ type WalletAccountMember<Name extends string = string> = ResourceRef<AccountResourceId<Name>, AccountValue>;
20
+ interface WalletOptions<Accounts extends ReadonlyArray<WalletAccountMember> = ReadonlyArray<WalletAccountMember>> {
21
+ /** Accounts the wallet binds. Each is yielded for ordering AND its
22
+ * resolved value is keyed by address into the sign-handler map.
23
+ *
24
+ * Two shapes:
25
+ *
26
+ * - Explicit tuple — each entry is the plugin/resource ref returned
27
+ * by `account('name')`. Pins the bound set at the wallet's call
28
+ * site; preserves each literal `account/${Name}` so stack
29
+ * composition can validate and recursively expand the refs.
30
+ *
31
+ * - The literal `'all'` — shorthand for "every account member in
32
+ * the stack". The composer expands this against the final
33
+ * member tuple at `defineDevstack(...)` time (api-surface-design
34
+ * §4 D6). The wallet member returned by the factory carries an
35
+ * expander hook keyed off `WALLET_ACCOUNTS_ALL` that the
36
+ * composer invokes once the account-providing members are
37
+ * known. */
38
+ readonly accounts: Accounts | typeof WALLET_ACCOUNTS_ALL;
39
+ /** Extra origins merged on top of the stack-scoped auto-derived
40
+ * origin. Useful for headless test runners and custom dev hosts. */
41
+ readonly allowedOrigins?: ReadonlyArray<string>;
42
+ /** Preferred host port. Substrate's port broker forward-scans if
43
+ * this is taken. Default: substrate-picked (no preference). */
44
+ readonly port?: number;
45
+ /** NIC the HTTP server binds. Defaults to `'0.0.0.0'` because the
46
+ * router runs in Docker and must reach the host process through the
47
+ * host-gateway address on native Linux. The public wallet URL remains
48
+ * router-fronted and stack-scoped. */
49
+ readonly bindAddress?: string;
50
+ /** Opt-in: allowlist the bare `http://localhost:<vite-port>` form.
51
+ * Off by default to close the cross-stack pairing risk (see
52
+ * `origin-policy.ts` for the long-form rationale). */
53
+ readonly allowLocalhostVite?: boolean;
54
+ }
55
+ interface WalletValue {
56
+ readonly url: string;
57
+ readonly pairUrl: string;
58
+ readonly bindings: DappKitConfigBindings;
59
+ readonly localPort: number;
60
+ readonly token: PairingToken;
61
+ /** Server handle — substrate's scope finalizer chain invokes
62
+ * `.close()`; callers don't reach in. Exposed here so tests can
63
+ * drive teardown explicitly. */
64
+ readonly server: WalletServerHandle;
65
+ }
66
+ //#endregion
67
+ export { WALLET_ACCOUNTS_ALL, WalletAccountMember, WalletOptions, WalletValue };
68
+ //# sourceMappingURL=service.d.mts.map