@oisincoveney/pipeline 3.11.16 → 3.11.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,5 @@
1
1
  import { compileArgoExecutionGraph } from "./argo-graph.js";
2
+ import { OPENCODE_AUTH_STAGING_DIR, OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR } from "./run-state/opencode-accounts.js";
2
3
  import { DEFAULT_RUNNER_TASK_DESCRIPTOR_PATH } from "./runner-command/task-descriptor.js";
3
4
  import { stringify } from "yaml";
4
5
  import { z } from "zod";
@@ -302,10 +303,9 @@ function runnerWorkflowStorage(options, tasks) {
302
303
  }
303
304
  });
304
305
  volumeMounts.push({
305
- mountPath: "/root/.local/share/opencode/auth.json",
306
+ mountPath: OPENCODE_AUTH_STAGING_DIR,
306
307
  name: "opencode-auth",
307
- readOnly: true,
308
- subPath: "auth.json"
308
+ readOnly: true
309
309
  });
310
310
  }
311
311
  if (options.opencodeOpenaiAccountsSecret) {
@@ -322,10 +322,9 @@ function runnerWorkflowStorage(options, tasks) {
322
322
  }
323
323
  });
324
324
  volumeMounts.push({
325
- mountPath: "/root/.opencode/oc-codex-multi-auth-accounts.json",
325
+ mountPath: OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR,
326
326
  name: "opencode-openai-accounts",
327
- readOnly: true,
328
- subPath: "accounts.json"
327
+ readOnly: true
329
328
  });
330
329
  }
331
330
  if (options.gitCredentialsSecretName) {
@@ -5,8 +5,8 @@ import { opencodeAgentName } from "../runtime/opencode-agent-name.js";
5
5
  import { loadMokaGlobalConfig } from "../moka-global-config.js";
6
6
  import { defaultClusterDoctorNamespace, runClusterDoctor } from "../cluster-doctor.js";
7
7
  import { existsSync, readFileSync, readdirSync, statSync } from "node:fs";
8
- import { execa } from "execa";
9
8
  import { join } from "node:path";
9
+ import { execa } from "execa";
10
10
  import matter from "gray-matter";
11
11
  //#region src/cli/doctor.ts
12
12
  const HEADLESS_AGENT_PERMISSION_VALUES = new Set(["ask"]);
@@ -1,7 +1,7 @@
1
1
  import { mergeOpenCodeProjectConfig } from "./opencode-project-config.js";
2
2
  import { existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
3
- import { dirname, join } from "node:path";
4
3
  import { homedir } from "node:os";
4
+ import { dirname, join } from "node:path";
5
5
  import { parse } from "jsonc-parser";
6
6
  //#region src/codex-auth-sync.ts
7
7
  const CODEX_MULTI_AUTH_PLUGIN = "oc-codex-multi-auth@6.3.2";
@@ -233,8 +233,8 @@ declare const configSchema: z.ZodObject<{
233
233
  policy: z.ZodOptional<z.ZodObject<{
234
234
  commands: z.ZodOptional<z.ZodEnum<{
235
235
  allow: "allow";
236
- "trusted-only": "trusted-only";
237
236
  deny: "deny";
237
+ "trusted-only": "trusted-only";
238
238
  }>>;
239
239
  modules: z.ZodOptional<z.ZodEnum<{
240
240
  allow: "allow";
@@ -262,8 +262,8 @@ declare const configSchema: z.ZodObject<{
262
262
  global: "global";
263
263
  }>>;
264
264
  mode: z.ZodEnum<{
265
- hosted: "hosted";
266
265
  local: "local";
266
+ hosted: "hosted";
267
267
  }>;
268
268
  provider: z.ZodLiteral<"toolhive">;
269
269
  authorization_env: z.ZodDefault<z.ZodString>;
@@ -306,10 +306,10 @@ declare const configSchema: z.ZodObject<{
306
306
  }, z.core.$strict>>;
307
307
  output: z.ZodOptional<z.ZodObject<{
308
308
  format: z.ZodEnum<{
309
+ json_schema: "json_schema";
309
310
  text: "text";
310
311
  json: "json";
311
312
  jsonl: "jsonl";
312
- json_schema: "json_schema";
313
313
  }>;
314
314
  repair: z.ZodOptional<z.ZodObject<{
315
315
  enabled: z.ZodOptional<z.ZodBoolean>;
@@ -385,10 +385,10 @@ declare const configSchema: z.ZodObject<{
385
385
  disabled: "disabled";
386
386
  }>>>;
387
387
  output_formats: z.ZodOptional<z.ZodArray<z.ZodEnum<{
388
+ json_schema: "json_schema";
388
389
  text: "text";
389
390
  json: "json";
390
391
  jsonl: "jsonl";
391
- json_schema: "json_schema";
392
392
  }>>>;
393
393
  rules: z.ZodOptional<z.ZodBoolean>;
394
394
  skills: z.ZodOptional<z.ZodBoolean>;
package/dist/gates.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import "./safe-json.js";
2
2
  import { existsSync } from "node:fs";
3
- import "execa";
4
3
  import { join } from "node:path";
4
+ import "execa";
5
5
  import "package-manager-detector/commands";
6
6
  import "package-manager-detector/detect";
7
7
  //#region src/gates.ts
@@ -1,5 +1,5 @@
1
- import { dirname, join } from "node:path";
2
1
  import { homedir } from "node:os";
2
+ import { dirname, join } from "node:path";
3
3
  //#region src/install-commands/shared.ts
4
4
  const GENERATED_MARKER = "<!-- Generated by @oisincoveney/pipeline. -->";
5
5
  const GENERATED_TS_MARKER = "// Generated by @oisincoveney/pipeline.";
@@ -1,9 +1,9 @@
1
1
  import { applyJsonEdit, ensureTrailingNewline, parseJsonRecord } from "./json-config-merge.js";
2
2
  import { resolveHarnessTarget } from "./install-commands/shared.js";
3
3
  import { existsSync, readFileSync, statSync } from "node:fs";
4
- import { execa } from "execa";
5
- import { dirname, join, relative } from "node:path";
6
4
  import { tmpdir } from "node:os";
5
+ import { dirname, join, relative } from "node:path";
6
+ import { execa } from "execa";
7
7
  import { createHash } from "node:crypto";
8
8
  import { mkdir, mkdtemp, readdir, rm, writeFile } from "node:fs/promises";
9
9
  //#region src/install-hooks.ts
@@ -1,6 +1,6 @@
1
- import { execa } from "execa";
2
- import { join } from "node:path";
3
1
  import { homedir, tmpdir } from "node:os";
2
+ import { join } from "node:path";
3
+ import { execa } from "execa";
4
4
  import { mkdir, mkdtemp, readFile, readdir, rm, writeFile } from "node:fs/promises";
5
5
  //#region src/install-rules.ts
6
6
  const DEFAULT_RULES_INSTALL_SOURCE = "oisin-ee/rules";
@@ -6,8 +6,8 @@ import { resolveRepoLocalBackendSpecs } from "./repo-local-backends.js";
6
6
  import { renderToolHiveVmcpInventory } from "./toolhive-vmcp.js";
7
7
  import { Effect } from "effect";
8
8
  import { copyFileSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
9
- import { dirname, join } from "node:path";
10
9
  import { homedir } from "node:os";
10
+ import { dirname, join } from "node:path";
11
11
  //#region src/mcp/gateway.ts
12
12
  const PIPELINE_GATEWAY_SERVER_ID = "pipeline-gateway";
13
13
  const DEFAULT_LOCAL_GATEWAY_URL = "http://127.0.0.1:4483/mcp";
@@ -3,8 +3,8 @@ import { ConfigIoService, runConfigIoSync } from "./runtime/services/config-io-s
3
3
  import "./config.js";
4
4
  import { z } from "zod";
5
5
  import { Effect } from "effect";
6
- import { join } from "node:path";
7
6
  import { homedir } from "node:os";
7
+ import { join } from "node:path";
8
8
  //#region src/moka-global-config.ts
9
9
  const MOKA_GLOBAL_CONFIG_PATH = ".config/moka/config.yaml";
10
10
  const mokaSubmitGlobalConfigSchema = z.object({
@@ -5,13 +5,13 @@ import { z } from "zod";
5
5
  //#region src/moka-submit.d.ts
6
6
  declare const mokaSubmitDirectHooksSchema: z.ZodRecord<z.ZodEnum<{
7
7
  "workflow.start": "workflow.start";
8
- "node.finish": "node.finish";
9
- "node.start": "node.start";
10
8
  "workflow.success": "workflow.success";
11
9
  "workflow.failure": "workflow.failure";
12
10
  "workflow.complete": "workflow.complete";
11
+ "node.start": "node.start";
13
12
  "node.success": "node.success";
14
13
  "node.error": "node.error";
14
+ "node.finish": "node.finish";
15
15
  "gate.failure": "gate.failure";
16
16
  }> & z.core.$partial, z.ZodDiscriminatedUnion<[z.ZodObject<{
17
17
  failure: z.ZodDefault<z.ZodEnum<{
@@ -94,13 +94,13 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
94
94
  }, z.core.$strict>>;
95
95
  hooks: z.ZodOptional<z.ZodRecord<z.ZodEnum<{
96
96
  "workflow.start": "workflow.start";
97
- "node.finish": "node.finish";
98
- "node.start": "node.start";
99
97
  "workflow.success": "workflow.success";
100
98
  "workflow.failure": "workflow.failure";
101
99
  "workflow.complete": "workflow.complete";
100
+ "node.start": "node.start";
102
101
  "node.success": "node.success";
103
102
  "node.error": "node.error";
103
+ "node.finish": "node.finish";
104
104
  "gate.failure": "gate.failure";
105
105
  }> & z.core.$partial, z.ZodDiscriminatedUnion<[z.ZodObject<{
106
106
  failure: z.ZodDefault<z.ZodEnum<{
@@ -207,13 +207,13 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
207
207
  }, z.core.$strict>>;
208
208
  hooks: z.ZodOptional<z.ZodRecord<z.ZodEnum<{
209
209
  "workflow.start": "workflow.start";
210
- "node.finish": "node.finish";
211
- "node.start": "node.start";
212
210
  "workflow.success": "workflow.success";
213
211
  "workflow.failure": "workflow.failure";
214
212
  "workflow.complete": "workflow.complete";
213
+ "node.start": "node.start";
215
214
  "node.success": "node.success";
216
215
  "node.error": "node.error";
216
+ "node.finish": "node.finish";
217
217
  "gate.failure": "gate.failure";
218
218
  }> & z.core.$partial, z.ZodDiscriminatedUnion<[z.ZodObject<{
219
219
  failure: z.ZodDefault<z.ZodEnum<{
package/dist/path-refs.js CHANGED
@@ -1,5 +1,5 @@
1
- import { isAbsolute, join } from "node:path";
2
1
  import { homedir } from "node:os";
2
+ import { isAbsolute, join } from "node:path";
3
3
  //#region src/path-refs.ts
4
4
  function resolveFileReference(basePath, pathRef) {
5
5
  if (pathRef === "~") return homedir();
@@ -1,8 +1,8 @@
1
1
  import { GitPorcelainService, GitPorcelainServiceLive } from "../runtime/services/git-porcelain-service.js";
2
2
  import { Effect } from "effect";
3
3
  import { chmodSync, existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
4
- import { dirname, resolve } from "node:path";
5
4
  import { tmpdir } from "node:os";
5
+ import { dirname, resolve } from "node:path";
6
6
  //#region src/run-state/git-refs.ts
7
7
  const DEFAULT_WORKSPACE_PATH = "/workspace";
8
8
  const DEFAULT_GIT_CREDENTIALS_DIR = "/etc/pipeline/git-credentials";
@@ -0,0 +1,42 @@
1
+ import { chmodSync, copyFileSync, existsSync, mkdirSync } from "node:fs";
2
+ import { homedir } from "node:os";
3
+ import { basename, dirname, join } from "node:path";
4
+ //#region src/run-state/opencode-accounts.ts
5
+ const OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR = "/etc/pipeline/opencode-openai-accounts";
6
+ const OPENCODE_AUTH_STAGING_DIR = "/etc/pipeline/opencode-auth";
7
+ const WRITABLE_OPENCODE_CREDENTIAL_FILES = [{
8
+ destFromHome: [".opencode", "oc-codex-multi-auth-accounts.json"],
9
+ stagedPath: join(OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR, "accounts.json")
10
+ }, {
11
+ destFromHome: [
12
+ ".local",
13
+ "share",
14
+ "opencode",
15
+ "auth.json"
16
+ ],
17
+ stagedPath: join(OPENCODE_AUTH_STAGING_DIR, "auth.json")
18
+ }];
19
+ /**
20
+ * Copy each staged opencode credential secret to its writable live path so the
21
+ * plugin can rewrite tokens. Only files whose staged source exists are copied
22
+ * (local dev / tests / configs without a given secret keep whatever store is
23
+ * already present). Returns the basenames copied, for run-log evidence.
24
+ */
25
+ function prepareOpencodeCredentials(options = {}) {
26
+ const home = homedir();
27
+ const files = options.files ?? WRITABLE_OPENCODE_CREDENTIAL_FILES.map((file) => ({
28
+ destPath: join(home, ...file.destFromHome),
29
+ stagedPath: file.stagedPath
30
+ }));
31
+ const copied = [];
32
+ for (const { stagedPath, destPath } of files) {
33
+ if (!existsSync(stagedPath)) continue;
34
+ mkdirSync(dirname(destPath), { recursive: true });
35
+ copyFileSync(stagedPath, destPath);
36
+ chmodSync(destPath, 384);
37
+ copied.push(basename(destPath));
38
+ }
39
+ return { copied };
40
+ }
41
+ //#endregion
42
+ export { OPENCODE_AUTH_STAGING_DIR, OPENCODE_OPENAI_ACCOUNTS_STAGING_DIR, prepareOpencodeCredentials };
@@ -100,6 +100,16 @@ function runRunnerCommandEffect(options, runtime) {
100
100
  phase: "git.workspace.prepare",
101
101
  status: "finish"
102
102
  }, "git.workspace.prepare finish");
103
+ logger.info({
104
+ phase: "opencode.credentials.prepare",
105
+ status: "start"
106
+ }, "opencode.credentials.prepare start");
107
+ const credentialsPrep = yield* io.prepareOpencodeCredentials();
108
+ logger.info({
109
+ copied: credentialsPrep.copied,
110
+ phase: "opencode.credentials.prepare",
111
+ status: "finish"
112
+ }, "opencode.credentials.prepare finish");
103
113
  logger.info({
104
114
  phase: "config.load",
105
115
  status: "start"
@@ -11,8 +11,8 @@ declare const runnerEventRecordSchema: z.ZodUnion<readonly [z.ZodObject<{
11
11
  runId: z.ZodString;
12
12
  sequence: z.ZodNumber;
13
13
  type: z.ZodEnum<{
14
- "workflow.planned": "workflow.planned";
15
14
  "workflow.start": "workflow.start";
15
+ "workflow.planned": "workflow.planned";
16
16
  }>;
17
17
  workflowPlan: z.ZodObject<{
18
18
  edges: z.ZodOptional<z.ZodArray<z.ZodObject<{
@@ -58,10 +58,10 @@ declare const runnerEventRecordSchema: z.ZodUnion<readonly [z.ZodObject<{
58
58
  }>;
59
59
  }, z.core.$strip>;
60
60
  type: z.ZodEnum<{
61
+ "node.start": "node.start";
62
+ "node.finish": "node.finish";
61
63
  "agent.finish": "agent.finish";
62
64
  "agent.start": "agent.start";
63
- "node.finish": "node.finish";
64
- "node.start": "node.start";
65
65
  }>;
66
66
  }, z.core.$strip>, z.ZodObject<{
67
67
  at: z.ZodOptional<z.ZodString>;
@@ -189,8 +189,8 @@ declare const runnerEventBatchSchema: z.ZodObject<{
189
189
  runId: z.ZodString;
190
190
  sequence: z.ZodNumber;
191
191
  type: z.ZodEnum<{
192
- "workflow.planned": "workflow.planned";
193
192
  "workflow.start": "workflow.start";
193
+ "workflow.planned": "workflow.planned";
194
194
  }>;
195
195
  workflowPlan: z.ZodObject<{
196
196
  edges: z.ZodOptional<z.ZodArray<z.ZodObject<{
@@ -236,10 +236,10 @@ declare const runnerEventBatchSchema: z.ZodObject<{
236
236
  }>;
237
237
  }, z.core.$strip>;
238
238
  type: z.ZodEnum<{
239
+ "node.start": "node.start";
240
+ "node.finish": "node.finish";
239
241
  "agent.finish": "agent.finish";
240
242
  "agent.start": "agent.start";
241
- "node.finish": "node.finish";
242
- "node.start": "node.start";
243
243
  }>;
244
244
  }, z.core.$strip>, z.ZodObject<{
245
245
  at: z.ZodOptional<z.ZodString>;
package/dist/runner.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { Data } from "effect";
2
2
  import { appendFileSync, existsSync, mkdirSync, readFileSync, rmSync } from "node:fs";
3
- import { execa } from "execa";
4
3
  import { join } from "node:path";
4
+ import { execa } from "execa";
5
5
  //#region src/runner.ts
6
6
  var RunnerCapabilityError = class extends Data.TaggedError("RunnerCapabilityError") {
7
7
  constructor(message) {
@@ -8,8 +8,8 @@ import { CommandExecutor, CommandExecutorLive } from "../services/command-execut
8
8
  import { parseHookResult } from "../../hooks.js";
9
9
  import { Effect } from "effect";
10
10
  import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
11
- import { join, resolve } from "node:path";
12
11
  import { tmpdir } from "node:os";
12
+ import { join, resolve } from "node:path";
13
13
  import { pathToFileURL } from "node:url";
14
14
  //#region src/runtime/hooks/hooks.ts
15
15
  async function dispatchHooks(context, event, failure, node, gateId) {
@@ -1,3 +1,4 @@
1
+ import { prepareOpencodeCredentials } from "../../run-state/opencode-accounts.js";
1
2
  import { commitAndPushNodeRef, mergeDependencyRefs, prepareRunnerGitWorkspace, promoteFinalRef } from "../../run-state/git-refs.js";
2
3
  import { runScheduledWorkflowTask } from "../../pipeline-runtime.js";
3
4
  import { resolveRunnerEventSinkAuthToken } from "../../runner-command-contract.js";
@@ -45,6 +46,10 @@ const RunnerCommandIoServiceLive = Layer.succeed(RunnerCommandIoService, {
45
46
  try: () => mergeDependencyRefs(options),
46
47
  catch: (error) => error
47
48
  }),
49
+ prepareOpencodeCredentials: () => Effect.try({
50
+ try: () => prepareOpencodeCredentials(),
51
+ catch: (error) => error
52
+ }),
48
53
  prepareRunnerGitWorkspace: (payload, options) => Effect.tryPromise({
49
54
  try: () => prepareRunnerGitWorkspace(payload, options),
50
55
  catch: (error) => error
package/package.json CHANGED
@@ -128,7 +128,7 @@
128
128
  "prepack": "bun run build:cli"
129
129
  },
130
130
  "type": "module",
131
- "version": "3.11.16",
131
+ "version": "3.11.18",
132
132
  "description": "Config-driven multi-agent pipeline runner for repository work",
133
133
  "main": "./dist/index.js",
134
134
  "types": "./dist/index.d.ts",