@oisincoveney/pipeline 3.17.2 → 3.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -27,6 +27,10 @@ declare const submitRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
27
27
  }>>;
28
28
  imagePullSecretName: z.ZodOptional<z.ZodString>;
29
29
  kubeconfigPath: z.ZodOptional<z.ZodString>;
30
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
31
+ secretKey: z.ZodDefault<z.ZodString>;
32
+ secretName: z.ZodString;
33
+ }, z.core.$strict>>;
30
34
  name: z.ZodOptional<z.ZodString>;
31
35
  namespace: z.ZodString;
32
36
  payloadJson: z.ZodString;
@@ -1,5 +1,5 @@
1
1
  import { ArgoGraphCompilerError, compileArgoExecutionGraph } from "./argo-graph.js";
2
- import { dbAuthOptionSchema } from "./remote/argo/model.js";
2
+ import { dbAuthOptionSchema, mcpGatewayAuthOptionSchema } from "./remote/argo/model.js";
3
3
  import { brokerAuthOptionSchema } from "./credentials/broker.js";
4
4
  import { compileScheduleArtifact, parseScheduleArtifact } from "./planning/generate.js";
5
5
  import { parseRunnerCommandPayload, runnerCommandPayloadSchema } from "./runner-command-contract.js";
@@ -40,6 +40,7 @@ const submitRunnerArgoWorkflowOptionsSchema = z.object({
40
40
  ]).optional(),
41
41
  imagePullSecretName: z.string().min(1).optional(),
42
42
  kubeconfigPath: z.string().min(1).optional(),
43
+ mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
43
44
  name: z.string().min(1).optional(),
44
45
  namespace: z.string().min(1),
45
46
  payloadJson: z.string().min(1),
@@ -82,6 +83,7 @@ function submitRunnerArgoWorkflowEffect(rawOptions, dependencies) {
82
83
  } : {},
83
84
  brokerAuth: options.brokerAuth,
84
85
  dbAuth: options.dbAuth,
86
+ mcpGatewayAuth: options.mcpGatewayAuth,
85
87
  eventAuthSecretKey: options.eventAuthSecretKey,
86
88
  eventAuthSecretName: options.eventAuthSecretName,
87
89
  generateName: options.generateName,
@@ -37,6 +37,7 @@ function mokaCommonSubmitOptions(input) {
37
37
  brokerAuth: resolveMokaBrokerAuth(input.globalConfig),
38
38
  config: input.config,
39
39
  dbAuth: momokaya?.submit.dbAuth,
40
+ mcpGatewayAuth: momokaya?.submit.mcpGatewayAuth,
40
41
  delivery: { pullRequest: input.flags.openPr === true },
41
42
  eventUrl: input.eventUrl,
42
43
  eventAuthSecretKey: momokaya?.submit.eventAuthSecretKey,
@@ -22,6 +22,10 @@ declare const mokaGlobalConfigSchema: z.ZodObject<{
22
22
  secretKey: z.ZodDefault<z.ZodString>;
23
23
  secretName: z.ZodString;
24
24
  }, z.core.$strict>>;
25
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
26
+ secretKey: z.ZodDefault<z.ZodString>;
27
+ secretName: z.ZodString;
28
+ }, z.core.$strict>>;
25
29
  eventAuthSecretKey: z.ZodString;
26
30
  eventAuthSecretName: z.ZodString;
27
31
  eventUrl: z.ZodString;
@@ -1,4 +1,4 @@
1
- import { dbAuthOptionSchema } from "./remote/argo/model.js";
1
+ import { dbAuthOptionSchema, mcpGatewayAuthOptionSchema } from "./remote/argo/model.js";
2
2
  import { brokerAuthOptionSchema } from "./credentials/broker.js";
3
3
  import { PipelineConfigError, configIssuesFromZodError, validationError } from "./config/schemas.js";
4
4
  import { ConfigIoService, runConfigIoSync } from "./runtime/services/config-io-service.js";
@@ -19,6 +19,7 @@ const mokaDbGlobalConfigSchema = z.object({ url: z.string().url().refine((value)
19
19
  const mokaSubmitGlobalConfigSchema = z.object({
20
20
  brokerAuth: brokerAuthOptionSchema,
21
21
  dbAuth: dbAuthOptionSchema.optional(),
22
+ mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
22
23
  eventAuthSecretKey: z.string().min(1),
23
24
  eventAuthSecretName: z.string().min(1),
24
25
  eventUrl: z.string().url(),
@@ -110,6 +110,10 @@ declare const mokaSubmitBaseOptionsSchema: z.ZodObject<{
110
110
  secretKey: z.ZodDefault<z.ZodString>;
111
111
  secretName: z.ZodString;
112
112
  }, z.core.$strict>>;
113
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
114
+ secretKey: z.ZodDefault<z.ZodString>;
115
+ secretName: z.ZodString;
116
+ }, z.core.$strict>>;
113
117
  delivery: z.ZodDefault<z.ZodObject<{
114
118
  mode: z.ZodDefault<z.ZodEnum<{
115
119
  "create-new-pr": "create-new-pr";
@@ -219,6 +223,10 @@ declare const mokaGraphSubmitOptionsSchema: z.ZodObject<{
219
223
  secretKey: z.ZodDefault<z.ZodString>;
220
224
  secretName: z.ZodString;
221
225
  }, z.core.$strict>>;
226
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
227
+ secretKey: z.ZodDefault<z.ZodString>;
228
+ secretName: z.ZodString;
229
+ }, z.core.$strict>>;
222
230
  delivery: z.ZodDefault<z.ZodObject<{
223
231
  mode: z.ZodDefault<z.ZodEnum<{
224
232
  "create-new-pr": "create-new-pr";
@@ -345,6 +353,10 @@ declare const mokaCommandSubmitOptionsSchema: z.ZodObject<{
345
353
  secretKey: z.ZodDefault<z.ZodString>;
346
354
  secretName: z.ZodString;
347
355
  }, z.core.$strict>>;
356
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
357
+ secretKey: z.ZodDefault<z.ZodString>;
358
+ secretName: z.ZodString;
359
+ }, z.core.$strict>>;
348
360
  delivery: z.ZodDefault<z.ZodObject<{
349
361
  mode: z.ZodDefault<z.ZodEnum<{
350
362
  "create-new-pr": "create-new-pr";
@@ -466,6 +478,10 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
466
478
  secretKey: z.ZodDefault<z.ZodString>;
467
479
  secretName: z.ZodString;
468
480
  }, z.core.$strict>>;
481
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
482
+ secretKey: z.ZodDefault<z.ZodString>;
483
+ secretName: z.ZodString;
484
+ }, z.core.$strict>>;
469
485
  delivery: z.ZodDefault<z.ZodObject<{
470
486
  mode: z.ZodDefault<z.ZodEnum<{
471
487
  "create-new-pr": "create-new-pr";
@@ -591,6 +607,10 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
591
607
  secretKey: z.ZodDefault<z.ZodString>;
592
608
  secretName: z.ZodString;
593
609
  }, z.core.$strict>>;
610
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
611
+ secretKey: z.ZodDefault<z.ZodString>;
612
+ secretName: z.ZodString;
613
+ }, z.core.$strict>>;
594
614
  delivery: z.ZodDefault<z.ZodObject<{
595
615
  mode: z.ZodDefault<z.ZodEnum<{
596
616
  "create-new-pr": "create-new-pr";
@@ -1,4 +1,4 @@
1
- import { dbAuthOptionSchema } from "./remote/argo/model.js";
1
+ import { dbAuthOptionSchema, mcpGatewayAuthOptionSchema } from "./remote/argo/model.js";
2
2
  import { brokerAuthOptionSchema } from "./credentials/broker.js";
3
3
  import { runnerDeliverySchema, runnerHookPolicySchema, runnerRepositoryContextSchema, runnerRunIdentitySchema, runnerTaskSchema } from "./runner-command-contract.js";
4
4
  import { workflowSubmitResultSchema } from "./workflow-submit-contract.js";
@@ -48,6 +48,7 @@ const mokaSubmitResultSchema = workflowSubmitResultSchema;
48
48
  const mokaSubmitBaseOptionsSchema = z.object({
49
49
  brokerAuth: brokerAuthOptionSchema,
50
50
  dbAuth: dbAuthOptionSchema.optional(),
51
+ mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
51
52
  delivery: runnerDeliverySchema.default({
52
53
  mode: "create-new-pr",
53
54
  pullRequest: false
@@ -26,6 +26,10 @@ declare const buildRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
26
26
  }>>;
27
27
  imagePullSecretName: z.ZodOptional<z.ZodString>;
28
28
  labels: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>>;
29
+ mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
30
+ secretKey: z.ZodDefault<z.ZodString>;
31
+ secretName: z.ZodString;
32
+ }, z.core.$strict>>;
29
33
  name: z.ZodOptional<z.ZodString>;
30
34
  namespace: z.ZodString;
31
35
  payloadConfigMapKey: z.ZodDefault<z.ZodString>;
@@ -14,6 +14,20 @@ const dbAuthOptionSchema = z.object({
14
14
  secretKey: z.string().min(1).default("db-url"),
15
15
  secretName: kubernetesNameSchema
16
16
  }).strict();
17
+ /**
18
+ * Submit-time secret ref for PIPELINE_MCP_GATEWAY_AUTHORIZATION injection in
19
+ * runner pods. Lets runner-side agents reach the pipeline-gateway vMCP (the
20
+ * verify-bot-authed browser-automation tools) the same way Coder dev-workspaces
21
+ * do: the shared dotfiles opencode MCP config reads the gateway basic-auth
22
+ * header from this env. The single owner of the option shape — the
23
+ * runner-workflow model, argo-submit, and moka-submit all reference this rather
24
+ * than redeclaring it. `secretKey` defaults to "pipeline-mcp-gateway-authorization"
25
+ * (the ExternalSecret-projected key); absent mcpGatewayAuth → no env emitted.
26
+ */
27
+ const mcpGatewayAuthOptionSchema = z.object({
28
+ secretKey: z.string().min(1).default("pipeline-mcp-gateway-authorization"),
29
+ secretName: kubernetesNameSchema
30
+ }).strict();
17
31
  const labelValueSchema = z.string().min(1);
18
32
  const stringMapSchema = z.record(z.string().min(1), z.string().min(1));
19
33
  const configMapVolumeSchema = z.object({
@@ -152,6 +166,7 @@ const buildRunnerArgoWorkflowOptionsSchema = z.object({
152
166
  ]).default("Always"),
153
167
  imagePullSecretName: kubernetesNameSchema.optional(),
154
168
  labels: z.record(z.string().min(1), z.string().min(1).optional()).default({}),
169
+ mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
155
170
  name: z.string().min(1).optional(),
156
171
  namespace: kubernetesNameSchema,
157
172
  payloadConfigMapKey: z.string().min(1).default("payload.json"),
@@ -168,4 +183,4 @@ const buildRunnerArgoWorkflowOptionsSchema = z.object({
168
183
  }).strict().optional()
169
184
  }).strict().refine((options) => options.name !== void 0 || options.generateName !== void 0, { message: "Runner Workflow options must declare name or generateName" });
170
185
  //#endregion
171
- export { argoWorkflowVolumeMountSchema, argoWorkflowVolumeSchema, buildRunnerArgoWorkflowOptionsSchema, createRunnerArgoWorkflowManifestSchema, dbAuthOptionSchema };
186
+ export { argoWorkflowVolumeMountSchema, argoWorkflowVolumeSchema, buildRunnerArgoWorkflowOptionsSchema, createRunnerArgoWorkflowManifestSchema, dbAuthOptionSchema, mcpGatewayAuthOptionSchema };
@@ -68,6 +68,13 @@ function runnerContainerEnv(options) {
68
68
  key: options.dbAuth.secretKey,
69
69
  name: options.dbAuth.secretName
70
70
  } }
71
+ }],
72
+ ...options.mcpGatewayAuth === void 0 ? [] : [{
73
+ name: "PIPELINE_MCP_GATEWAY_AUTHORIZATION",
74
+ valueFrom: { secretKeyRef: {
75
+ key: options.mcpGatewayAuth.secretKey,
76
+ name: options.mcpGatewayAuth.secretName
77
+ } }
71
78
  }]
72
79
  ];
73
80
  }
@@ -19,6 +19,10 @@ interface MokaWorkflowSubmitOptions {
19
19
  imagePullPolicy?: "Always" | "IfNotPresent" | "Never";
20
20
  imagePullSecretName?: string;
21
21
  kubeconfigPath?: string;
22
+ mcpGatewayAuth?: {
23
+ secretKey?: string;
24
+ secretName: string;
25
+ };
22
26
  name?: string;
23
27
  namespace: string;
24
28
  payloadJson: string;
@@ -21,6 +21,7 @@ function workflowSubmitOptions(options) {
21
21
  return {
22
22
  brokerAuth: options.brokerAuth,
23
23
  dbAuth: options.dbAuth,
24
+ mcpGatewayAuth: options.mcpGatewayAuth,
24
25
  eventAuthSecretKey: options.eventAuthSecretKey,
25
26
  eventAuthSecretName: options.eventAuthSecretName,
26
27
  generateName: options.generateName,
package/package.json CHANGED
@@ -132,7 +132,7 @@
132
132
  "prepack": "nub run build:cli"
133
133
  },
134
134
  "type": "module",
135
- "version": "3.17.2",
135
+ "version": "3.18.0",
136
136
  "description": "Config-driven multi-agent pipeline runner for repository work",
137
137
  "main": "./dist/index.js",
138
138
  "types": "./dist/index.d.ts",