@openpalm/lib 0.11.0-beta.1 → 0.11.0-beta.2

package/src/control-plane/spec-to-env.ts

@@ -51,12 +51,18 @@ export function deriveSystemEnvFromSpec(
 export type VoiceVarsConfig = {
   tts?: {
     enabled?: boolean;
+    /** Engine name (e.g. "kokoro", "elevenlabs", "browser"). */
+    engine?: string;
+    /** Optional sub-provider qualifier when an engine fronts multiple providers. */
+    provider?: string;
     baseURL?: string;
     model?: string;
     voice?: string;
   };
   stt?: {
     enabled?: boolean;
+    engine?: string;
+    provider?: string;
     baseURL?: string;
     model?: string;
     language?: string;
@@ -65,7 +71,8 @@ export type VoiceVarsConfig = {
 
 /**
  * Write TTS/STT env vars to stack.env for the voice channel container.
- * Only vars with non-empty values are written; missing values are left unchanged.
+ * `engine` always writes (even if it's the only field) so picking an
+ * engine without filling in URL/model still persists.
  */
 export function writeVoiceVars(config: VoiceVarsConfig, stackDir: string): void {
   const stackEnvPath = `${stackDir}/stack.env`;
@@ -74,11 +81,15 @@ export function writeVoiceVars(config: VoiceVarsConfig, stackDir: string): void
 
   const { tts, stt } = config;
   if (tts?.enabled !== false) {
+    if (tts?.engine) vars["TTS_ENGINE"] = tts.engine;
+    if (tts?.provider) vars["TTS_PROVIDER"] = tts.provider;
     if (tts?.baseURL) vars["TTS_BASE_URL"] = tts.baseURL;
     if (tts?.model) vars["TTS_MODEL"] = tts.model;
     if (tts?.voice) vars["TTS_VOICE"] = tts.voice;
   }
   if (stt?.enabled !== false) {
+    if (stt?.engine) vars["STT_ENGINE"] = stt.engine;
+    if (stt?.provider) vars["STT_PROVIDER"] = stt.provider;
     if (stt?.baseURL) vars["STT_BASE_URL"] = stt.baseURL;
     if (stt?.model) vars["STT_MODEL"] = stt.model;
     if (stt?.language) vars["STT_LANGUAGE"] = stt.language;

package/src/control-plane/types.ts

@@ -12,11 +12,6 @@ export type OptionalServiceName = never;
 
 export type AccessScope = "host" | "lan";
 export type CallerType = "assistant" | "cli" | "ui" | "system" | "test" | "unknown";
-export type AuditContext = {
-  actor: string;
-  requestId?: string;
-  callerType?: CallerType;
-};
 
 /** Info about a discovered channel */
 export type ChannelInfo = {
@@ -24,16 +19,6 @@ export type ChannelInfo = {
   ymlPath: string;
 };
 
-export type AuditEntry = {
-  at: string;
-  requestId: string;
-  actor: string;
-  callerType: CallerType;
-  action: string;
-  args: Record<string, unknown>;
-  ok: boolean;
-};
-
 export type ArtifactMeta = {
   name: string;
   sha256: string;
@@ -42,8 +27,6 @@ export type ArtifactMeta = {
 };
 
 export type ControlPlaneState = {
-  adminToken: string;
-  assistantToken: string;
   homeDir: string;
   configDir: string;
   stashDir: string;      // homeDir/stash
@@ -56,7 +39,6 @@ export type ControlPlaneState = {
     compose: string;
   };
   artifactMeta: ArtifactMeta[];
-  audit: AuditEntry[];
 };
 
 // ── Constants ──────────────────────────────────────────────────────────

package/src/control-plane/validate.ts

@@ -15,7 +15,7 @@ import type { ControlPlaneState } from "./types.js";
 // Stack-scoped env keys that must always exist and carry a non-empty value
 // for the platform to boot. Keep this list small — anything optional
 // belongs in the warning bucket instead.
-const REQUIRED_STACK_KEYS = ["OP_UI_TOKEN", "OP_ASSISTANT_TOKEN"] as const;
+const REQUIRED_STACK_KEYS = ["OP_UI_LOGIN_PASSWORD"] as const;
 
 /**
  * Validate the live configuration files.

package/src/index.ts

@@ -29,7 +29,6 @@ export type {
   ChannelInfo,
   CallerType,
   ArtifactMeta,
-  AuditEntry,
 } from "./control-plane/types.js";
 export {
   CORE_SERVICES,
@@ -96,9 +95,6 @@ export {
   RELEASE_TAG_REGEX,
 } from "./control-plane/env.js";
 
-// ── Audit ───────────────────────────────────────────────────────────────
-export { appendAudit } from "./control-plane/audit.js";
-
 // ── OpenCode Client ─────────────────────────────────────────────────────
 export { createOpenCodeClient } from "./control-plane/opencode-client.js";
 export type { ProxyResult, OpenCodeProvider } from "./control-plane/opencode-client.js";
@@ -114,6 +110,8 @@ export {
   maskSecretValue,
   ensureOpenCodeConfig,
 } from "./control-plane/secrets.js";
+export { migrateAuth0110 } from "./control-plane/migrate-0110.js";
+export type { MigrateAuth0110Result } from "./control-plane/migrate-0110.js";
 export {
   detectSecretBackend,
   validatePassEntryName,
@@ -234,6 +232,13 @@ export {
   buildComposeCliArgs,
 } from "./control-plane/compose-args.js";
 
+// ── Compose Error Parsing ────────────────────────────────────────────────
+export type { ComposeServiceFailure } from "./control-plane/compose-errors.js";
+export {
+  parseComposeStderr,
+  summarizeComposeStderr,
+} from "./control-plane/compose-errors.js";
+
 // ── Stack Spec (v2) ──────────────────────────────────────────────────────
 export type {
   StackSpec,

package/src/logger.ts

@@ -13,7 +13,7 @@ export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
  * with un-anchored alternations was sloppy enough to invite future bugs).
  *
  * Examples:
- *   OP_UI_TOKEN     → sensitive (suffix _TOKEN)
+ *   OP_UI_LOGIN_PASSWORD → sensitive (suffix _PASSWORD)
  *   CHANNEL_API_KEY    → sensitive (suffix _KEY)
  *   CHANNEL_FOO_HMAC   → sensitive (suffix _HMAC)
  *   HMAC_KEY           → sensitive (prefix HMAC_, suffix _KEY)

package/src/control-plane/audit.ts

@@ -1,41 +0,0 @@
-/**
- * Audit logging for the OpenPalm control plane.
- */
-import { mkdirSync, appendFileSync } from "node:fs";
-import type { ControlPlaneState, AuditEntry, CallerType } from "./types.js";
-
-const MAX_AUDIT_MEMORY = 1000;
-
-export function appendAudit(
-  state: ControlPlaneState,
-  actor: string,
-  action: string,
-  args: Record<string, unknown>,
-  ok: boolean,
-  requestId = "",
-  callerType: CallerType = "unknown"
-): void {
-  const entry: AuditEntry = {
-    at: new Date().toISOString(),
-    requestId,
-    actor,
-    callerType,
-    action,
-    args,
-    ok
-  };
-  state.audit.push(entry);
-  if (state.audit.length > MAX_AUDIT_MEMORY) {
-    state.audit = state.audit.slice(-MAX_AUDIT_MEMORY);
-  }
-  try {
-    const logsDir = `${state.stateDir}/logs`;
-    mkdirSync(logsDir, { recursive: true });
-    appendFileSync(
-      `${logsDir}/admin-audit.jsonl`,
-      JSON.stringify(entry) + "\n"
-    );
-  } catch {
-    // best-effort persistence
-  }
-}