@openparachute/hub 0.5.13-rc.14 → 0.5.13-rc.23

package/README.md

@@ -8,12 +8,30 @@ The hub coordinates the modules running on your machine: it installs them, runs
 
 ## Install
 
+### Local (Bun)
+
 ```sh
 bun add -g @openparachute/hub
 ```
 
 Prereqs: [Bun](https://bun.sh) 1.3.0 or later. `parachute expose` also requires [Tailscale](https://tailscale.com/download) **1.82 or newer** (installed + `tailscale up` run once); the `expose` path is under active polish for launch, so expect rough edges.
 
+### Hosted (Render)
+
+[![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy?repo=https://github.com/ParachuteComputer/parachute-hub)
+
+One-click Render deploy via the `render.yaml` Blueprint in this repo. Provisions a $7/mo Starter service + 1 GiB persistent disk + auto-deploys from `main`. Comes pre-configured with `PARACHUTE_INSTALL_CHANNEL=latest` so modules you install via the admin SPA (vault, app, scribe, runner) pull stable releases by default.
+
+**Want pre-release / rc modules?** Set `PARACHUTE_INSTALL_CHANNEL=rc` in your Render dashboard env vars (useful for dev/testing against the rc release line).
+
+After deploy:
+
+1. Open your Render service URL → wizard runs at `/admin/setup`
+2. Set custom domain (optional) → set `PARACHUTE_HUB_ORIGIN` env to match
+3. Install modules via the admin SPA at `/admin/modules` (or via the wizard)
+
+Render's docs on Blueprints: <https://render.com/docs/blueprint-spec>
+
 ## First 5 minutes
 
 ```sh

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openparachute/hub",
-  "version": "0.5.13-rc.14",
+  "version": "0.5.13-rc.23",
   "description": "parachute — the local hub for the Parachute ecosystem (discovery, ports, lifecycle, soon OAuth).",
   "license": "AGPL-3.0",
   "publishConfig": {

package/src/__tests__/api-hub.test.ts

@@ -0,0 +1,251 @@
+/**
+ * `GET /api/hub` — hub version + uptime + install-source surface for the
+ * admin SPA's version badge.
+ *
+ * Tests assert the contract:
+ *   - 405 on non-GET (matches the shape of other /api/* read endpoints).
+ *   - 401/403 on missing or under-scoped bearer (host:admin required).
+ *   - Happy path returns the expected shape + uptime increments between
+ *     calls.
+ *   - PARACHUTE_HOME=/parachute (the Render Blueprint pin) overrides
+ *     `source` to "container".
+ *   - PARACHUTE_BUILD_TIME passes through as `container_build_time`.
+ */
+import { describe, expect, test } from "bun:test";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { dirname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { type HubStatusResponse, handleApiHub } from "../api-hub.ts";
+import { hubDbPath, openHubDb } from "../hub-db.ts";
+import { signAccessToken } from "../jwt-sign.ts";
+import { mintOperatorToken } from "../operator-token.ts";
+import { rotateSigningKey } from "../signing-keys.ts";
+import { createUser } from "../users.ts";
+
+interface Harness {
+  dir: string;
+  cleanup: () => void;
+}
+
+function makeHarness(): Harness {
+  const dir = mkdtempSync(join(tmpdir(), "phub-api-hub-"));
+  return { dir, cleanup: () => rmSync(dir, { recursive: true, force: true }) };
+}
+
+const ISSUER = "http://127.0.0.1:1939";
+
+// `hubSrcDir` defaults to `dirname(import.meta.url)` of api-hub.ts — but in
+// tests we drive it explicitly so test-side test-double dirs don't accidentally
+// pick up the real package.json. Point it at this file's dir (under __tests__/)
+// so the climb-to-package.json loop walks up to the repo root and finds the
+// real hub package.json.
+const HUB_SRC_DIR = resolve(dirname(fileURLToPath(import.meta.url)), "..");
+
+async function bootstrap(
+  dir: string,
+): Promise<{ db: ReturnType<typeof openHubDb>; userId: string }> {
+  const db = openHubDb(hubDbPath(dir));
+  rotateSigningKey(db);
+  const u = await createUser(db, "owner", "pw");
+  return { db, userId: u.id };
+}
+
+function getRequest(headers: Record<string, string> = {}): Request {
+  return new Request("http://localhost/api/hub", {
+    method: "GET",
+    headers,
+  });
+}
+
+describe("GET /api/hub (hub version + uptime badge surface)", () => {
+  test("405 on non-GET", async () => {
+    const h = makeHarness();
+    try {
+      const { db } = await bootstrap(h.dir);
+      try {
+        const req = new Request("http://localhost/api/hub", { method: "POST" });
+        const resp = await handleApiHub(req, { db, issuer: ISSUER });
+        expect(resp.status).toBe(405);
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("401 when no Authorization header", async () => {
+    const h = makeHarness();
+    try {
+      const { db } = await bootstrap(h.dir);
+      try {
+        const resp = await handleApiHub(getRequest(), { db, issuer: ISSUER });
+        expect(resp.status).toBe(401);
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("403 when bearer scope lacks parachute:host:admin", async () => {
+    const h = makeHarness();
+    try {
+      const { db, userId } = await bootstrap(h.dir);
+      try {
+        const narrow = await signAccessToken(db, {
+          sub: userId,
+          // Adjacent host scope but NOT host:admin — host:auth is the
+          // tokens-registry scope, not the admin one. Confirms the gate
+          // checks the exact scope, not any host:* membership.
+          scopes: ["parachute:host:auth"],
+          audience: "hub",
+          clientId: "parachute-hub",
+          issuer: ISSUER,
+          ttlSeconds: 3600,
+        });
+        const resp = await handleApiHub(getRequest({ authorization: `Bearer ${narrow.token}` }), {
+          db,
+          issuer: ISSUER,
+        });
+        expect(resp.status).toBe(403);
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("happy path: returns version + started_at + uptime_ms + source", async () => {
+    const h = makeHarness();
+    try {
+      const { db, userId } = await bootstrap(h.dir);
+      try {
+        const op = await mintOperatorToken(db, userId, { issuer: ISSUER });
+        const startedAt = new Date(Date.now() - 5000); // started 5s ago
+        const resp = await handleApiHub(getRequest({ authorization: `Bearer ${op.token}` }), {
+          db,
+          issuer: ISSUER,
+          hubSrcDir: HUB_SRC_DIR,
+          startedAt,
+          // Override env so we're not at the mercy of the host's
+          // PARACHUTE_HOME (or PARACHUTE_BUILD_TIME) when the test runs.
+          env: {},
+        });
+        expect(resp.status).toBe(200);
+        const body = (await resp.json()) as HubStatusResponse;
+        // Version pulled from the real hub package.json — assert SemVer
+        // shape rather than pinning a specific number (otherwise this test
+        // breaks on every rc bump).
+        expect(body.version).toMatch(/^\d+\.\d+\.\d+/);
+        expect(body.started_at).toBe(startedAt.toISOString());
+        expect(body.uptime_ms).toBeGreaterThanOrEqual(5000);
+        // hubSrcDir points at the real repo's src/, so install-source
+        // classification will report bun-linked OR npm OR unknown — never
+        // "container" because we cleared PARACHUTE_HOME.
+        expect(body.source).not.toBe("container");
+        expect(body.container_build_time).toBeUndefined();
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("uptime_ms increments between calls", async () => {
+    const h = makeHarness();
+    try {
+      const { db, userId } = await bootstrap(h.dir);
+      try {
+        const op = await mintOperatorToken(db, userId, { issuer: ISSUER });
+        const startedAt = new Date("2026-05-23T14:00:00.000Z");
+        // Drive "now" so the assertion isn't a flaky timing test.
+        const first = await handleApiHub(getRequest({ authorization: `Bearer ${op.token}` }), {
+          db,
+          issuer: ISSUER,
+          hubSrcDir: HUB_SRC_DIR,
+          startedAt,
+          now: () => new Date("2026-05-23T14:00:05.000Z"),
+          env: {},
+        });
+        const second = await handleApiHub(getRequest({ authorization: `Bearer ${op.token}` }), {
+          db,
+          issuer: ISSUER,
+          hubSrcDir: HUB_SRC_DIR,
+          startedAt,
+          now: () => new Date("2026-05-23T14:00:08.000Z"),
+          env: {},
+        });
+        const firstBody = (await first.json()) as HubStatusResponse;
+        const secondBody = (await second.json()) as HubStatusResponse;
+        expect(firstBody.uptime_ms).toBe(5000);
+        expect(secondBody.uptime_ms).toBe(8000);
+        expect(secondBody.uptime_ms).toBeGreaterThan(firstBody.uptime_ms);
+        // started_at stays stable across calls (captured once at process
+        // start, not per-request).
+        expect(secondBody.started_at).toBe(firstBody.started_at);
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("PARACHUTE_HOME=/parachute overrides source to 'container'", async () => {
+    const h = makeHarness();
+    try {
+      const { db, userId } = await bootstrap(h.dir);
+      try {
+        const op = await mintOperatorToken(db, userId, { issuer: ISSUER });
+        const resp = await handleApiHub(getRequest({ authorization: `Bearer ${op.token}` }), {
+          db,
+          issuer: ISSUER,
+          hubSrcDir: HUB_SRC_DIR,
+          env: { PARACHUTE_HOME: "/parachute" },
+        });
+        expect(resp.status).toBe(200);
+        const body = (await resp.json()) as HubStatusResponse;
+        expect(body.source).toBe("container");
+        // bun_linked_path is suppressed under container source — operators
+        // on Render don't have a meaningful "checkout path" to surface.
+        expect(body.bun_linked_path).toBeUndefined();
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+
+  test("PARACHUTE_BUILD_TIME passes through as container_build_time", async () => {
+    const h = makeHarness();
+    try {
+      const { db, userId } = await bootstrap(h.dir);
+      try {
+        const op = await mintOperatorToken(db, userId, { issuer: ISSUER });
+        const resp = await handleApiHub(getRequest({ authorization: `Bearer ${op.token}` }), {
+          db,
+          issuer: ISSUER,
+          hubSrcDir: HUB_SRC_DIR,
+          env: {
+            PARACHUTE_HOME: "/parachute",
+            PARACHUTE_BUILD_TIME: "2026-05-23T14:21:00.000Z",
+          },
+        });
+        expect(resp.status).toBe(200);
+        const body = (await resp.json()) as HubStatusResponse;
+        expect(body.container_build_time).toBe("2026-05-23T14:21:00.000Z");
+        expect(body.source).toBe("container");
+      } finally {
+        db.close();
+      }
+    } finally {
+      h.cleanup();
+    }
+  });
+});

package/src/__tests__/api-modules-ops.test.ts

@@ -70,6 +70,14 @@ function postReq(path: string, headers: Record<string, string>): Request {
   return new Request(`http://localhost${path}`, { method: "POST", headers });
 }
 
+function postReqJson(path: string, headers: Record<string, string>, body: unknown): Request {
+  return new Request(`http://localhost${path}`, {
+    method: "POST",
+    headers: { ...headers, "content-type": "application/json" },
+    body: JSON.stringify(body),
+  });
+}
+
 function getReq(path: string, headers: Record<string, string>): Request {
   return new Request(`http://localhost${path}`, { method: "GET", headers });
 }
@@ -347,6 +355,222 @@ describe("POST /api/modules/:short/install", () => {
     expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
   });
 
+  // hub#337 — per-request channel in body + PARACHUTE_INSTALL_CHANNEL env var.
+  // Precedence: body.channel > PARACHUTE_INSTALL_CHANNEL env > hub_settings row > "latest".
+
+  test("body { channel: 'rc' } overrides the hub_settings row (hub#337)", async () => {
+    // SPA-driven "install X at rc" affordance: per-call override that
+    // doesn't flip the cluster-wide toggle.
+    setModuleInstallChannel(h.db, "latest");
+    const { supervisor } = makeIdleSupervisor();
+    const { run, calls } = alwaysOkRun();
+    const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+    const res = await handleInstall(
+      postReqJson(
+        "/api/modules/vault/install",
+        { authorization: `Bearer ${bearer}` },
+        { channel: "rc" },
+      ),
+      "vault",
+      {
+        db: h.db,
+        issuer: ISSUER,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        supervisor,
+        run,
+      },
+    );
+    expect(res.status).toBe(202);
+    await new Promise((r) => setTimeout(r, 10));
+    expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
+    expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
+  });
+
+  test("body { channel: 'latest' } overrides hub_settings.module_install_channel = rc (hub#337)", async () => {
+    setModuleInstallChannel(h.db, "rc");
+    const { supervisor } = makeIdleSupervisor();
+    const { run, calls } = alwaysOkRun();
+    const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+    await handleInstall(
+      postReqJson(
+        "/api/modules/vault/install",
+        { authorization: `Bearer ${bearer}` },
+        { channel: "latest" },
+      ),
+      "vault",
+      {
+        db: h.db,
+        issuer: ISSUER,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        supervisor,
+        run,
+      },
+    );
+    await new Promise((r) => setTimeout(r, 10));
+    expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
+    expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
+  });
+
+  test("body { channel: 'banana' } returns 400 invalid_channel (hub#337)", async () => {
+    // Operator-typed garbage in the SPA → don't silently fall through to
+    // the default; surface the typo immediately.
+    const { supervisor } = makeIdleSupervisor();
+    const { run } = alwaysOkRun();
+    const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+    const res = await handleInstall(
+      postReqJson(
+        "/api/modules/vault/install",
+        { authorization: `Bearer ${bearer}` },
+        { channel: "banana" },
+      ),
+      "vault",
+      {
+        db: h.db,
+        issuer: ISSUER,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        supervisor,
+        run,
+      },
+    );
+    expect(res.status).toBe(400);
+    const body = (await res.json()) as { error: string; error_description: string };
+    expect(body.error).toBe("invalid_channel");
+    expect(body.error_description).toMatch(/banana/);
+  });
+
+  test("missing body / empty body falls through to hub_settings channel (back-compat)", async () => {
+    // Pre-hub#337 callers don't send a JSON body. The existing SPA paths
+    // (and the first-boot wizard) keep working unchanged.
+    setModuleInstallChannel(h.db, "rc");
+    const { supervisor } = makeIdleSupervisor();
+    const { run, calls } = alwaysOkRun();
+    const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+    await handleInstall(
+      postReq("/api/modules/vault/install", { authorization: `Bearer ${bearer}` }),
+      "vault",
+      {
+        db: h.db,
+        issuer: ISSUER,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        supervisor,
+        run,
+      },
+    );
+    await new Promise((r) => setTimeout(r, 10));
+    expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
+  });
+
+  test("PARACHUTE_INSTALL_CHANNEL env overrides hub_settings.module_install_channel (hub#337)", async () => {
+    // The Render-deploy cascade shape: the platform sets the env var to
+    // `rc`, hub's API path picks it up over the DB-stored default. Lets
+    // an operator-toggle override that the platform-team hasn't pinned
+    // still work via the SPA toggle below it — but with the env in
+    // play, the env wins.
+    setModuleInstallChannel(h.db, "latest");
+    const prior = process.env.PARACHUTE_INSTALL_CHANNEL;
+    process.env.PARACHUTE_INSTALL_CHANNEL = "rc";
+    try {
+      const { supervisor } = makeIdleSupervisor();
+      const { run, calls } = alwaysOkRun();
+      const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+      await handleInstall(
+        postReq("/api/modules/vault/install", { authorization: `Bearer ${bearer}` }),
+        "vault",
+        {
+          db: h.db,
+          issuer: ISSUER,
+          manifestPath: h.manifestPath,
+          configDir: h.dir,
+          supervisor,
+          run,
+        },
+      );
+      await new Promise((r) => setTimeout(r, 10));
+      expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
+      expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
+    } finally {
+      // Bun's process.env supports the `[key]: undefined` shape
+      // (biome's noDelete rule preferred this over `delete`).
+      if (prior === undefined) process.env.PARACHUTE_INSTALL_CHANNEL = undefined;
+      else process.env.PARACHUTE_INSTALL_CHANNEL = prior;
+    }
+  });
+
+  test("body channel wins over PARACHUTE_INSTALL_CHANNEL env (hub#337)", async () => {
+    // Per-request override beats the platform default — the SPA's
+    // "install this one at latest even though the cluster's on rc" path.
+    setModuleInstallChannel(h.db, "latest");
+    const prior = process.env.PARACHUTE_INSTALL_CHANNEL;
+    process.env.PARACHUTE_INSTALL_CHANNEL = "rc";
+    try {
+      const { supervisor } = makeIdleSupervisor();
+      const { run, calls } = alwaysOkRun();
+      const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+      await handleInstall(
+        postReqJson(
+          "/api/modules/vault/install",
+          { authorization: `Bearer ${bearer}` },
+          { channel: "latest" },
+        ),
+        "vault",
+        {
+          db: h.db,
+          issuer: ISSUER,
+          manifestPath: h.manifestPath,
+          configDir: h.dir,
+          supervisor,
+          run,
+        },
+      );
+      await new Promise((r) => setTimeout(r, 10));
+      expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
+      expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
+    } finally {
+      // Bun's process.env supports the `[key]: undefined` shape
+      // (biome's noDelete rule preferred this over `delete`).
+      if (prior === undefined) process.env.PARACHUTE_INSTALL_CHANNEL = undefined;
+      else process.env.PARACHUTE_INSTALL_CHANNEL = prior;
+    }
+  });
+
+  test("garbage PARACHUTE_INSTALL_CHANNEL env falls back to hub_settings (no crash)", async () => {
+    // Operator typo at the platform layer shouldn't crash installs.
+    // Warns + falls through to the DB-stored channel.
+    setModuleInstallChannel(h.db, "rc");
+    const prior = process.env.PARACHUTE_INSTALL_CHANNEL;
+    process.env.PARACHUTE_INSTALL_CHANNEL = "banana";
+    try {
+      const { supervisor } = makeIdleSupervisor();
+      const { run, calls } = alwaysOkRun();
+      const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+      const res = await handleInstall(
+        postReq("/api/modules/vault/install", { authorization: `Bearer ${bearer}` }),
+        "vault",
+        {
+          db: h.db,
+          issuer: ISSUER,
+          manifestPath: h.manifestPath,
+          configDir: h.dir,
+          supervisor,
+          run,
+        },
+      );
+      expect(res.status).toBe(202);
+      await new Promise((r) => setTimeout(r, 10));
+      // Falls back to the DB-stored rc, not "@latest".
+      expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
+    } finally {
+      // Bun's process.env supports the `[key]: undefined` shape
+      // (biome's noDelete rule preferred this over `delete`).
+      if (prior === undefined) process.env.PARACHUTE_INSTALL_CHANNEL = undefined;
+      else process.env.PARACHUTE_INSTALL_CHANNEL = prior;
+    }
+  });
+
   test("failed bun-add surfaces failed status on the operation", async () => {
     const { supervisor } = makeIdleSupervisor();
     // Run returns 1 + findGlobalInstall returns null = real failure.
@@ -490,6 +714,39 @@ describe("POST /api/modules/:short/upgrade", () => {
     expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
   });
 
+  test("PARACHUTE_INSTALL_CHANNEL env cascades to upgrade too (hub#339 symmetry)", async () => {
+    // The Render-deploy operator sets PARACHUTE_INSTALL_CHANNEL=rc cluster-
+    // wide expecting BOTH install and upgrade through the admin SPA to
+    // honor it. Asymmetry between the two paths would surprise them.
+    setModuleInstallChannel(h.db, "latest"); // DB says latest
+    const prior = process.env.PARACHUTE_INSTALL_CHANNEL;
+    process.env.PARACHUTE_INSTALL_CHANNEL = "rc"; // env says rc — should win
+    try {
+      const { supervisor } = makeIdleSupervisor();
+      await supervisor.start({ short: "vault", cmd: ["parachute-vault", "serve"] });
+      const { run, calls } = alwaysOkRun();
+      const bearer = await mintBearer(h, [API_MODULES_OPS_REQUIRED_SCOPE]);
+      await handleUpgrade(
+        postReq("/api/modules/vault/upgrade", { authorization: `Bearer ${bearer}` }),
+        "vault",
+        {
+          db: h.db,
+          issuer: ISSUER,
+          manifestPath: h.manifestPath,
+          configDir: h.dir,
+          supervisor,
+          run,
+        },
+      );
+      await new Promise((r) => setTimeout(r, 10));
+      expect(calls).toContainEqual(["bun", "add", "-g", "@openparachute/vault@rc"]);
+      expect(calls).not.toContainEqual(["bun", "add", "-g", "@openparachute/vault@latest"]);
+    } finally {
+      if (prior === undefined) process.env.PARACHUTE_INSTALL_CHANNEL = undefined;
+      else process.env.PARACHUTE_INSTALL_CHANNEL = prior;
+    }
+  });
+
   test("fails with 'try install first' when module is installed but never supervised", async () => {
     // Module has a services.json row (e.g. seeded by `parachute install`
     // pre-supervisor era) but the supervisor never spawned it.
@@ -680,7 +937,6 @@ describe("well-known regen after module ops", () => {
     manifest: {
       name: string;
       manifestName: string;
-      kind: "api" | "frontend" | "tool";
       port: number;
       paths: string[];
       health: string;
@@ -708,7 +964,6 @@ describe("well-known regen after module ops", () => {
     const install = fakeInstall("@openparachute/vault", {
       name: "vault",
       manifestName: "parachute-vault",
-      kind: "api",
       port: 1940,
       paths: ["/vault/default"],
       health: "/vault/default/health",
@@ -812,7 +1067,6 @@ describe("well-known regen after module ops", () => {
     const install = fakeInstall("@openparachute/vault", {
       name: "vault",
       manifestName: "parachute-vault",
-      kind: "api",
       port: 1940,
       paths: ["/vault/default"],
       health: "/vault/default/health",
@@ -902,7 +1156,6 @@ describe("well-known regen after module ops", () => {
     const install = fakeInstall("@openparachute/vault", {
       name: "vault",
       manifestName: "parachute-vault",
-      kind: "api",
       port: 1940,
       paths: ["/vault/default"],
       health: "/vault/default/health",