@oisincoveney/pipeline 3.11.16 → 3.11.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,5 @@
1
1
  import { compileArgoExecutionGraph } from "./argo-graph.js";
2
+ import { OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR } from "./run-state/opencode-accounts.js";
2
3
  import { DEFAULT_RUNNER_TASK_DESCRIPTOR_PATH } from "./runner-command/task-descriptor.js";
3
4
  import { stringify } from "yaml";
4
5
  import { z } from "zod";
@@ -322,10 +323,9 @@ function runnerWorkflowStorage(options, tasks) {
322
323
  }
323
324
  });
324
325
  volumeMounts.push({
325
- mountPath: "/root/.opencode/oc-codex-multi-auth-accounts.json",
326
+ mountPath: OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR,
326
327
  name: "opencode-openai-accounts",
327
- readOnly: true,
328
- subPath: "accounts.json"
328
+ readOnly: true
329
329
  });
330
330
  }
331
331
  if (options.gitCredentialsSecretName) {
@@ -5,8 +5,8 @@ import { opencodeAgentName } from "../runtime/opencode-agent-name.js";
5
5
  import { loadMokaGlobalConfig } from "../moka-global-config.js";
6
6
  import { defaultClusterDoctorNamespace, runClusterDoctor } from "../cluster-doctor.js";
7
7
  import { existsSync, readFileSync, readdirSync, statSync } from "node:fs";
8
- import { execa } from "execa";
9
8
  import { join } from "node:path";
9
+ import { execa } from "execa";
10
10
  import matter from "gray-matter";
11
11
  //#region src/cli/doctor.ts
12
12
  const HEADLESS_AGENT_PERMISSION_VALUES = new Set(["ask"]);
@@ -1,7 +1,7 @@
1
1
  import { mergeOpenCodeProjectConfig } from "./opencode-project-config.js";
2
2
  import { existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
3
- import { dirname, join } from "node:path";
4
3
  import { homedir } from "node:os";
4
+ import { dirname, join } from "node:path";
5
5
  import { parse } from "jsonc-parser";
6
6
  //#region src/codex-auth-sync.ts
7
7
  const CODEX_MULTI_AUTH_PLUGIN = "oc-codex-multi-auth@6.3.2";
@@ -233,8 +233,8 @@ declare const configSchema: z.ZodObject<{
233
233
  policy: z.ZodOptional<z.ZodObject<{
234
234
  commands: z.ZodOptional<z.ZodEnum<{
235
235
  allow: "allow";
236
- "trusted-only": "trusted-only";
237
236
  deny: "deny";
237
+ "trusted-only": "trusted-only";
238
238
  }>>;
239
239
  modules: z.ZodOptional<z.ZodEnum<{
240
240
  allow: "allow";
@@ -262,8 +262,8 @@ declare const configSchema: z.ZodObject<{
262
262
  global: "global";
263
263
  }>>;
264
264
  mode: z.ZodEnum<{
265
- hosted: "hosted";
266
265
  local: "local";
266
+ hosted: "hosted";
267
267
  }>;
268
268
  provider: z.ZodLiteral<"toolhive">;
269
269
  authorization_env: z.ZodDefault<z.ZodString>;
@@ -306,10 +306,10 @@ declare const configSchema: z.ZodObject<{
306
306
  }, z.core.$strict>>;
307
307
  output: z.ZodOptional<z.ZodObject<{
308
308
  format: z.ZodEnum<{
309
+ json_schema: "json_schema";
309
310
  text: "text";
310
311
  json: "json";
311
312
  jsonl: "jsonl";
312
- json_schema: "json_schema";
313
313
  }>;
314
314
  repair: z.ZodOptional<z.ZodObject<{
315
315
  enabled: z.ZodOptional<z.ZodBoolean>;
@@ -385,10 +385,10 @@ declare const configSchema: z.ZodObject<{
385
385
  disabled: "disabled";
386
386
  }>>>;
387
387
  output_formats: z.ZodOptional<z.ZodArray<z.ZodEnum<{
388
+ json_schema: "json_schema";
388
389
  text: "text";
389
390
  json: "json";
390
391
  jsonl: "jsonl";
391
- json_schema: "json_schema";
392
392
  }>>>;
393
393
  rules: z.ZodOptional<z.ZodBoolean>;
394
394
  skills: z.ZodOptional<z.ZodBoolean>;
package/dist/gates.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import "./safe-json.js";
2
2
  import { existsSync } from "node:fs";
3
- import "execa";
4
3
  import { join } from "node:path";
4
+ import "execa";
5
5
  import "package-manager-detector/commands";
6
6
  import "package-manager-detector/detect";
7
7
  //#region src/gates.ts
package/dist/hooks.d.ts CHANGED
@@ -13,8 +13,8 @@ declare const hookResultSchema: z.ZodObject<{
13
13
  taskContext: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
14
14
  }, z.core.$strict>>;
15
15
  status: z.ZodEnum<{
16
- pass: "pass";
17
16
  fail: "fail";
17
+ pass: "pass";
18
18
  skip: "skip";
19
19
  }>;
20
20
  summary: z.ZodOptional<z.ZodString>;
@@ -1,5 +1,5 @@
1
- import { dirname, join } from "node:path";
2
1
  import { homedir } from "node:os";
2
+ import { dirname, join } from "node:path";
3
3
  //#region src/install-commands/shared.ts
4
4
  const GENERATED_MARKER = "<!-- Generated by @oisincoveney/pipeline. -->";
5
5
  const GENERATED_TS_MARKER = "// Generated by @oisincoveney/pipeline.";
@@ -1,9 +1,9 @@
1
1
  import { applyJsonEdit, ensureTrailingNewline, parseJsonRecord } from "./json-config-merge.js";
2
2
  import { resolveHarnessTarget } from "./install-commands/shared.js";
3
3
  import { existsSync, readFileSync, statSync } from "node:fs";
4
- import { execa } from "execa";
5
- import { dirname, join, relative } from "node:path";
6
4
  import { tmpdir } from "node:os";
5
+ import { dirname, join, relative } from "node:path";
6
+ import { execa } from "execa";
7
7
  import { createHash } from "node:crypto";
8
8
  import { mkdir, mkdtemp, readdir, rm, writeFile } from "node:fs/promises";
9
9
  //#region src/install-hooks.ts
@@ -1,6 +1,6 @@
1
- import { execa } from "execa";
2
- import { join } from "node:path";
3
1
  import { homedir, tmpdir } from "node:os";
2
+ import { join } from "node:path";
3
+ import { execa } from "execa";
4
4
  import { mkdir, mkdtemp, readFile, readdir, rm, writeFile } from "node:fs/promises";
5
5
  //#region src/install-rules.ts
6
6
  const DEFAULT_RULES_INSTALL_SOURCE = "oisin-ee/rules";
@@ -6,8 +6,8 @@ import { resolveRepoLocalBackendSpecs } from "./repo-local-backends.js";
6
6
  import { renderToolHiveVmcpInventory } from "./toolhive-vmcp.js";
7
7
  import { Effect } from "effect";
8
8
  import { copyFileSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
9
- import { dirname, join } from "node:path";
10
9
  import { homedir } from "node:os";
10
+ import { dirname, join } from "node:path";
11
11
  //#region src/mcp/gateway.ts
12
12
  const PIPELINE_GATEWAY_SERVER_ID = "pipeline-gateway";
13
13
  const DEFAULT_LOCAL_GATEWAY_URL = "http://127.0.0.1:4483/mcp";
@@ -3,8 +3,8 @@ import { ConfigIoService, runConfigIoSync } from "./runtime/services/config-io-s
3
3
  import "./config.js";
4
4
  import { z } from "zod";
5
5
  import { Effect } from "effect";
6
- import { join } from "node:path";
7
6
  import { homedir } from "node:os";
7
+ import { join } from "node:path";
8
8
  //#region src/moka-global-config.ts
9
9
  const MOKA_GLOBAL_CONFIG_PATH = ".config/moka/config.yaml";
10
10
  const mokaSubmitGlobalConfigSchema = z.object({
package/dist/path-refs.js CHANGED
@@ -1,5 +1,5 @@
1
- import { isAbsolute, join } from "node:path";
2
1
  import { homedir } from "node:os";
2
+ import { isAbsolute, join } from "node:path";
3
3
  //#region src/path-refs.ts
4
4
  function resolveFileReference(basePath, pathRef) {
5
5
  if (pathRef === "~") return homedir();
@@ -1,8 +1,8 @@
1
1
  import { GitPorcelainService, GitPorcelainServiceLive } from "../runtime/services/git-porcelain-service.js";
2
2
  import { Effect } from "effect";
3
3
  import { chmodSync, existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
4
- import { dirname, resolve } from "node:path";
5
4
  import { tmpdir } from "node:os";
5
+ import { dirname, resolve } from "node:path";
6
6
  //#region src/run-state/git-refs.ts
7
7
  const DEFAULT_WORKSPACE_PATH = "/workspace";
8
8
  const DEFAULT_GIT_CREDENTIALS_DIR = "/etc/pipeline/git-credentials";
@@ -0,0 +1,24 @@
1
+ import { chmodSync, copyFileSync, existsSync, mkdirSync } from "node:fs";
2
+ import { homedir } from "node:os";
3
+ import { dirname, join } from "node:path";
4
+ //#region src/run-state/opencode-accounts.ts
5
+ const OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR = "/etc/pipeline/opencode-openai-accounts";
6
+ const STAGED_ACCOUNTS_FILE = join(OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR, "accounts.json");
7
+ const ACCOUNTS_FILE_NAME = "oc-codex-multi-auth-accounts.json";
8
+ /**
9
+ * Copy the staged codex-multi-auth accounts secret to the writable plugin path
10
+ * so the plugin can persist rotated tokens. A no-op (copied: false) when no
11
+ * staged secret is mounted — local dev, tests, and configs without the accounts
12
+ * secret keep whatever account store already exists.
13
+ */
14
+ function prepareOpencodeAccounts(options = {}) {
15
+ const stagedPath = options.stagedPath ?? STAGED_ACCOUNTS_FILE;
16
+ if (!existsSync(stagedPath)) return { copied: false };
17
+ const destPath = options.destPath ?? join(homedir(), ".opencode", ACCOUNTS_FILE_NAME);
18
+ mkdirSync(dirname(destPath), { recursive: true });
19
+ copyFileSync(stagedPath, destPath);
20
+ chmodSync(destPath, 384);
21
+ return { copied: true };
22
+ }
23
+ //#endregion
24
+ export { OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR, prepareOpencodeAccounts };
@@ -100,6 +100,16 @@ function runRunnerCommandEffect(options, runtime) {
100
100
  phase: "git.workspace.prepare",
101
101
  status: "finish"
102
102
  }, "git.workspace.prepare finish");
103
+ logger.info({
104
+ phase: "opencode.accounts.prepare",
105
+ status: "start"
106
+ }, "opencode.accounts.prepare start");
107
+ const accountsPrep = yield* io.prepareOpencodeAccounts();
108
+ logger.info({
109
+ copied: accountsPrep.copied,
110
+ phase: "opencode.accounts.prepare",
111
+ status: "finish"
112
+ }, "opencode.accounts.prepare finish");
103
113
  logger.info({
104
114
  phase: "config.load",
105
115
  status: "start"
@@ -108,8 +108,8 @@ declare const runnerEventRecordSchema: z.ZodUnion<readonly [z.ZodObject<{
108
108
  nodeId: z.ZodOptional<z.ZodString>;
109
109
  outputs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
110
110
  status: z.ZodEnum<{
111
- pass: "pass";
112
111
  fail: "fail";
112
+ pass: "pass";
113
113
  skip: "skip";
114
114
  }>;
115
115
  summary: z.ZodOptional<z.ZodString>;
@@ -286,8 +286,8 @@ declare const runnerEventBatchSchema: z.ZodObject<{
286
286
  nodeId: z.ZodOptional<z.ZodString>;
287
287
  outputs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
288
288
  status: z.ZodEnum<{
289
- pass: "pass";
290
289
  fail: "fail";
290
+ pass: "pass";
291
291
  skip: "skip";
292
292
  }>;
293
293
  summary: z.ZodOptional<z.ZodString>;
package/dist/runner.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { Data } from "effect";
2
2
  import { appendFileSync, existsSync, mkdirSync, readFileSync, rmSync } from "node:fs";
3
- import { execa } from "execa";
4
3
  import { join } from "node:path";
4
+ import { execa } from "execa";
5
5
  //#region src/runner.ts
6
6
  var RunnerCapabilityError = class extends Data.TaggedError("RunnerCapabilityError") {
7
7
  constructor(message) {
@@ -8,8 +8,8 @@ import { CommandExecutor, CommandExecutorLive } from "../services/command-execut
8
8
  import { parseHookResult } from "../../hooks.js";
9
9
  import { Effect } from "effect";
10
10
  import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
11
- import { join, resolve } from "node:path";
12
11
  import { tmpdir } from "node:os";
12
+ import { join, resolve } from "node:path";
13
13
  import { pathToFileURL } from "node:url";
14
14
  //#region src/runtime/hooks/hooks.ts
15
15
  async function dispatchHooks(context, event, failure, node, gateId) {
@@ -1,3 +1,4 @@
1
+ import { prepareOpencodeAccounts } from "../../run-state/opencode-accounts.js";
1
2
  import { commitAndPushNodeRef, mergeDependencyRefs, prepareRunnerGitWorkspace, promoteFinalRef } from "../../run-state/git-refs.js";
2
3
  import { runScheduledWorkflowTask } from "../../pipeline-runtime.js";
3
4
  import { resolveRunnerEventSinkAuthToken } from "../../runner-command-contract.js";
@@ -45,6 +46,10 @@ const RunnerCommandIoServiceLive = Layer.succeed(RunnerCommandIoService, {
45
46
  try: () => mergeDependencyRefs(options),
46
47
  catch: (error) => error
47
48
  }),
49
+ prepareOpencodeAccounts: () => Effect.try({
50
+ try: () => prepareOpencodeAccounts(),
51
+ catch: (error) => error
52
+ }),
48
53
  prepareRunnerGitWorkspace: (payload, options) => Effect.tryPromise({
49
54
  try: () => prepareRunnerGitWorkspace(payload, options),
50
55
  catch: (error) => error
package/package.json CHANGED
@@ -128,7 +128,7 @@
128
128
  "prepack": "bun run build:cli"
129
129
  },
130
130
  "type": "module",
131
- "version": "3.11.16",
131
+ "version": "3.11.17",
132
132
  "description": "Config-driven multi-agent pipeline runner for repository work",
133
133
  "main": "./dist/index.js",
134
134
  "types": "./dist/index.d.ts",