@penclipai/server 2026.508.2 → 2026.511.0-canary.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/builtin-adapter-types.d.ts.map +1 -1
- package/dist/adapters/builtin-adapter-types.js +1 -0
- package/dist/adapters/builtin-adapter-types.js.map +1 -1
- package/dist/adapters/registry.d.ts.map +1 -1
- package/dist/adapters/registry.js +17 -0
- package/dist/adapters/registry.js.map +1 -1
- package/dist/config.js +4 -4
- package/dist/config.js.map +1 -1
- package/dist/home-paths.d.ts +8 -11
- package/dist/home-paths.d.ts.map +1 -1
- package/dist/home-paths.js +14 -67
- package/dist/home-paths.js.map +1 -1
- package/dist/routes/agents.d.ts.map +1 -1
- package/dist/routes/agents.js +8 -0
- package/dist/routes/agents.js.map +1 -1
- package/dist/routes/environments.d.ts.map +1 -1
- package/dist/routes/environments.js +8 -1
- package/dist/routes/environments.js.map +1 -1
- package/dist/routes/plugins.d.ts.map +1 -1
- package/dist/routes/plugins.js +6 -0
- package/dist/routes/plugins.js.map +1 -1
- package/dist/routes/projects.d.ts.map +1 -1
- package/dist/routes/projects.js +6 -0
- package/dist/routes/projects.js.map +1 -1
- package/dist/routes/secrets.d.ts.map +1 -1
- package/dist/routes/secrets.js +269 -5
- package/dist/routes/secrets.js.map +1 -1
- package/dist/secrets/aws-secrets-manager-provider.d.ts +87 -0
- package/dist/secrets/aws-secrets-manager-provider.d.ts.map +1 -0
- package/dist/secrets/aws-secrets-manager-provider.js +748 -0
- package/dist/secrets/aws-secrets-manager-provider.js.map +1 -0
- package/dist/secrets/configured-provider.d.ts +3 -0
- package/dist/secrets/configured-provider.d.ts.map +1 -0
- package/dist/secrets/configured-provider.js +8 -0
- package/dist/secrets/configured-provider.js.map +1 -0
- package/dist/secrets/external-stub-providers.d.ts.map +1 -1
- package/dist/secrets/external-stub-providers.js +55 -5
- package/dist/secrets/external-stub-providers.js.map +1 -1
- package/dist/secrets/local-encrypted-provider.d.ts.map +1 -1
- package/dist/secrets/local-encrypted-provider.js +140 -12
- package/dist/secrets/local-encrypted-provider.js.map +1 -1
- package/dist/secrets/provider-registry.d.ts +2 -1
- package/dist/secrets/provider-registry.d.ts.map +1 -1
- package/dist/secrets/provider-registry.js +6 -2
- package/dist/secrets/provider-registry.js.map +1 -1
- package/dist/secrets/types.d.ts +117 -8
- package/dist/secrets/types.d.ts.map +1 -1
- package/dist/secrets/types.js +35 -1
- package/dist/secrets/types.js.map +1 -1
- package/dist/services/access.d.ts +27 -27
- package/dist/services/activity.d.ts +8 -8
- package/dist/services/agents.d.ts +9 -9
- package/dist/services/approvals.d.ts +10 -10
- package/dist/services/assets.d.ts +3 -3
- package/dist/services/board-auth.d.ts +24 -24
- package/dist/services/environment-config.d.ts +14 -2
- package/dist/services/environment-config.d.ts.map +1 -1
- package/dist/services/environment-config.js +57 -4
- package/dist/services/environment-config.js.map +1 -1
- package/dist/services/environment-execution-target.d.ts.map +1 -1
- package/dist/services/environment-execution-target.js +2 -0
- package/dist/services/environment-execution-target.js.map +1 -1
- package/dist/services/environment-runtime.d.ts.map +1 -1
- package/dist/services/environment-runtime.js +10 -2
- package/dist/services/environment-runtime.js.map +1 -1
- package/dist/services/feedback.d.ts +4 -4
- package/dist/services/finance.d.ts +8 -8
- package/dist/services/goals.d.ts +20 -20
- package/dist/services/heartbeat.d.ts +24 -19
- package/dist/services/heartbeat.d.ts.map +1 -1
- package/dist/services/heartbeat.js +82 -8
- package/dist/services/heartbeat.js.map +1 -1
- package/dist/services/inbox-dismissals.d.ts +2 -2
- package/dist/services/issue-approvals.d.ts +2 -2
- package/dist/services/issue-continuation-summary.d.ts +2 -0
- package/dist/services/issue-continuation-summary.d.ts.map +1 -1
- package/dist/services/issue-continuation-summary.js +10 -0
- package/dist/services/issue-continuation-summary.js.map +1 -1
- package/dist/services/issues.d.ts +18 -18
- package/dist/services/plugin-environment-driver.d.ts +6 -6
- package/dist/services/plugin-host-services.d.ts.map +1 -1
- package/dist/services/plugin-host-services.js +31 -4
- package/dist/services/plugin-host-services.js.map +1 -1
- package/dist/services/plugin-local-folders.d.ts +1 -0
- package/dist/services/plugin-local-folders.d.ts.map +1 -1
- package/dist/services/plugin-local-folders.js +45 -0
- package/dist/services/plugin-local-folders.js.map +1 -1
- package/dist/services/plugin-managed-agents.d.ts.map +1 -1
- package/dist/services/plugin-managed-agents.js +52 -9
- package/dist/services/plugin-managed-agents.js.map +1 -1
- package/dist/services/plugin-managed-skills.d.ts +14 -0
- package/dist/services/plugin-managed-skills.d.ts.map +1 -0
- package/dist/services/plugin-managed-skills.js +264 -0
- package/dist/services/plugin-managed-skills.js.map +1 -0
- package/dist/services/plugin-registry.d.ts +79 -79
- package/dist/services/plugin-secrets-handler.d.ts +2 -0
- package/dist/services/plugin-secrets-handler.d.ts.map +1 -1
- package/dist/services/plugin-secrets-handler.js +17 -80
- package/dist/services/plugin-secrets-handler.js.map +1 -1
- package/dist/services/recovery/service.d.ts +61 -0
- package/dist/services/recovery/service.d.ts.map +1 -1
- package/dist/services/recovery/service.js +63 -17
- package/dist/services/recovery/service.js.map +1 -1
- package/dist/services/routines.d.ts +18 -18
- package/dist/services/routines.d.ts.map +1 -1
- package/dist/services/routines.js +36 -4
- package/dist/services/routines.js.map +1 -1
- package/dist/services/secrets.d.ts +1566 -119
- package/dist/services/secrets.d.ts.map +1 -1
- package/dist/services/secrets.js +1465 -69
- package/dist/services/secrets.js.map +1 -1
- package/package.json +17 -16
- package/ui-dist/assets/{_basePickBy-5H35nb2M.js → _basePickBy-B0S0WJuO.js} +1 -1
- package/ui-dist/assets/{_baseUniq-BqsDtPj4.js → _baseUniq-DPfwHtaX.js} +1 -1
- package/ui-dist/assets/{arc-F3f4deZD.js → arc-dayO-_vQ.js} +1 -1
- package/ui-dist/assets/{architectureDiagram-VXUJARFQ-pBm1fRMv.js → architectureDiagram-VXUJARFQ-B7gjpAgc.js} +1 -1
- package/ui-dist/assets/{blockDiagram-VD42YOAC-CGtc9RP7.js → blockDiagram-VD42YOAC-e0_AbQkY.js} +1 -1
- package/ui-dist/assets/{browser-ponyfill-CkdJVj1i.js → browser-ponyfill-D5A0IJkC.js} +1 -1
- package/ui-dist/assets/{c4Diagram-YG6GDRKO-BXgVj8GH.js → c4Diagram-YG6GDRKO-D5OdXvo8.js} +1 -1
- package/ui-dist/assets/channel-BLi0LFH0.js +1 -0
- package/ui-dist/assets/{chunk-4BX2VUAB-Ds1Y5IYA.js → chunk-4BX2VUAB-uWBbpQP3.js} +1 -1
- package/ui-dist/assets/{chunk-55IACEB6-D8GwRmXK.js → chunk-55IACEB6-CFVDvwbd.js} +1 -1
- package/ui-dist/assets/{chunk-B4BG7PRW-R_v5U6_B.js → chunk-B4BG7PRW-Niy3z_vf.js} +1 -1
- package/ui-dist/assets/{chunk-DI55MBZ5-DO4X9EFt.js → chunk-DI55MBZ5-BSFdxpNJ.js} +1 -1
- package/ui-dist/assets/{chunk-FMBD7UC4-DUu61Scs.js → chunk-FMBD7UC4-Npjz_-5M.js} +1 -1
- package/ui-dist/assets/{chunk-QN33PNHL-Bw2VuHcK.js → chunk-QN33PNHL-C2BptvDe.js} +1 -1
- package/ui-dist/assets/{chunk-QZHKN3VN-BMGdo5T7.js → chunk-QZHKN3VN-B_lJernK.js} +1 -1
- package/ui-dist/assets/{chunk-TZMSLE5B-Cj_cdifl.js → chunk-TZMSLE5B-CNK1gBxt.js} +1 -1
- package/ui-dist/assets/classDiagram-2ON5EDUG-DGtCZCaT.js +1 -0
- package/ui-dist/assets/classDiagram-v2-WZHVMYZB-DGtCZCaT.js +1 -0
- package/ui-dist/assets/clone-_FFZ0Kkl.js +1 -0
- package/ui-dist/assets/{cose-bilkent-S5V4N54A-3YDaxa6o.js → cose-bilkent-S5V4N54A-P5AbZ8TB.js} +1 -1
- package/ui-dist/assets/{dagre-6UL2VRFP-CmLvQKQL.js → dagre-6UL2VRFP-Byky8_ia.js} +1 -1
- package/ui-dist/assets/{diagram-PSM6KHXK-vZK9KPBu.js → diagram-PSM6KHXK-fWgBJ_Sk.js} +1 -1
- package/ui-dist/assets/{diagram-QEK2KX5R-Bu9JBN1e.js → diagram-QEK2KX5R-Di6U-VgU.js} +1 -1
- package/ui-dist/assets/{diagram-S2PKOQOG-gPR1ps4Q.js → diagram-S2PKOQOG--ALJobJP.js} +1 -1
- package/ui-dist/assets/{erDiagram-Q2GNP2WA-BpqETGGN.js → erDiagram-Q2GNP2WA-BPLxxd-8.js} +1 -1
- package/ui-dist/assets/{flowDiagram-NV44I4VS-B0iV5Bcy.js → flowDiagram-NV44I4VS-DsKtnwgY.js} +1 -1
- package/ui-dist/assets/{ganttDiagram-JELNMOA3-BxQL_kP7.js → ganttDiagram-JELNMOA3-D-RgqRnI.js} +1 -1
- package/ui-dist/assets/{gitGraphDiagram-V2S2FVAM-CSsc-XDT.js → gitGraphDiagram-V2S2FVAM-B9hWxZno.js} +1 -1
- package/ui-dist/assets/{graph-DWnTQd3e.js → graph-BR5K_DHH.js} +1 -1
- package/ui-dist/assets/{index-BEfD-NrI.js → index--jhL8HjG.js} +1 -1
- package/ui-dist/assets/{index-C24lwrRh.js → index-3FxOnh1Q.js} +1 -1
- package/ui-dist/assets/{index-CqFa1_Kx.js → index-B5iG7mfQ.js} +1 -1
- package/ui-dist/assets/{index-DRqmQ4ym.js → index-BC-VyJRT.js} +1 -1
- package/ui-dist/assets/{index-mfdF2CPG.js → index-BKJKSfwf.js} +1 -1
- package/ui-dist/assets/{index-DNyOAFyR.js → index-BP2zDr7N.js} +1 -1
- package/ui-dist/assets/{index-CmZ6XLj-.js → index-BVZZDphv.js} +1 -1
- package/ui-dist/assets/{index-DbsPCpm_.js → index-Bi7Lez4i.js} +1 -1
- package/ui-dist/assets/{index-CpOa4tDv.js → index-C5zaTUz3.js} +1 -1
- package/ui-dist/assets/index-CJyKYByK.js +538 -0
- package/ui-dist/assets/index-COTa6xTk.css +1 -0
- package/ui-dist/assets/{index-Dt3jXp2D.js → index-CP1her1A.js} +1 -1
- package/ui-dist/assets/{index-h9lpZQKL.js → index-CPBqNjLU.js} +1 -1
- package/ui-dist/assets/{index-CxnOSxK9.js → index-CY4Sacam.js} +1 -1
- package/ui-dist/assets/{index-DgU-HHpm.js → index-CrCHtJt9.js} +1 -1
- package/ui-dist/assets/{index-C3xGHm3G.js → index-D-kP_TCS.js} +1 -1
- package/ui-dist/assets/{index-Bw88aPGu.js → index-D0b0bdp9.js} +1 -1
- package/ui-dist/assets/{index-CaFk2kgt.js → index-DDo7a1ad.js} +1 -1
- package/ui-dist/assets/{index-Ckh-TE03.js → index-F8dNHc7L.js} +1 -1
- package/ui-dist/assets/{index-DUerGXI8.js → index-GIT3T29G.js} +1 -1
- package/ui-dist/assets/{index-DiPyhXNL.js → index-Ii2Zu1VC.js} +1 -1
- package/ui-dist/assets/{index-DvOzQrgz.js → index-cAXY17Km.js} +1 -1
- package/ui-dist/assets/{index-CzxxXvnl.js → index-vL5R__U-.js} +1 -1
- package/ui-dist/assets/{index-DNgm4Hx7.js → index-xy3NppqB.js} +1 -1
- package/ui-dist/assets/{infoDiagram-HS3SLOUP-C9a-DRdF.js → infoDiagram-HS3SLOUP-Cw5FMQPy.js} +1 -1
- package/ui-dist/assets/{journeyDiagram-XKPGCS4Q-Cu752PhZ.js → journeyDiagram-XKPGCS4Q-qqubogM5.js} +1 -1
- package/ui-dist/assets/{kanban-definition-3W4ZIXB7-PXy7IffE.js → kanban-definition-3W4ZIXB7-BHKa2WJW.js} +1 -1
- package/ui-dist/assets/{layout-Ci-UJJNd.js → layout-n4Wr5yzd.js} +1 -1
- package/ui-dist/assets/{linear-D8Qy6J5I.js → linear-BeRJXNne.js} +1 -1
- package/ui-dist/assets/{mermaid.core-RTrr9erR.js → mermaid.core-DelVCbRr.js} +4 -4
- package/ui-dist/assets/{mindmap-definition-VGOIOE7T-Ad_ky9GS.js → mindmap-definition-VGOIOE7T-DR-YsecJ.js} +1 -1
- package/ui-dist/assets/{pieDiagram-ADFJNKIX-BPWjI8Sm.js → pieDiagram-ADFJNKIX-CZXfqZBG.js} +1 -1
- package/ui-dist/assets/{quadrantDiagram-AYHSOK5B-DxY-Cew9.js → quadrantDiagram-AYHSOK5B-BBl26L66.js} +1 -1
- package/ui-dist/assets/{requirementDiagram-UZGBJVZJ-BiUlKNuF.js → requirementDiagram-UZGBJVZJ-CvVYsxxA.js} +1 -1
- package/ui-dist/assets/{sankeyDiagram-TZEHDZUN-t3mfJhUj.js → sankeyDiagram-TZEHDZUN-BVw2uYFt.js} +1 -1
- package/ui-dist/assets/{sequenceDiagram-WL72ISMW-D90qw9a6.js → sequenceDiagram-WL72ISMW--kspLpct.js} +1 -1
- package/ui-dist/assets/{stateDiagram-FKZM4ZOC-DB70vjUm.js → stateDiagram-FKZM4ZOC-DPx02LV8.js} +1 -1
- package/ui-dist/assets/stateDiagram-v2-4FDKWEC3-S-NvEffl.js +1 -0
- package/ui-dist/assets/{timeline-definition-IT6M3QCI-CYSOqO3s.js → timeline-definition-IT6M3QCI-CyMnn5_z.js} +1 -1
- package/ui-dist/assets/{treemap-GDKQZRPO-QqfwsQzN.js → treemap-GDKQZRPO-DwLh53A5.js} +1 -1
- package/ui-dist/assets/{xychartDiagram-PRI3JC2R-DZuSZ892.js → xychartDiagram-PRI3JC2R-xX5JJ2_4.js} +1 -1
- package/ui-dist/index.html +2 -2
- package/ui-dist/locales/en/common.json +629 -0
- package/ui-dist/locales/zh-CN/common.json +551 -0
- package/ui-dist/assets/channel-BklDDvhc.js +0 -1
- package/ui-dist/assets/classDiagram-2ON5EDUG-gSWbQXsC.js +0 -1
- package/ui-dist/assets/classDiagram-v2-WZHVMYZB-gSWbQXsC.js +0 -1
- package/ui-dist/assets/clone-BhrAR33H.js +0 -1
- package/ui-dist/assets/index-GwA57FCP.js +0 -537
- package/ui-dist/assets/index-RH-ttKJp.css +0 -1
- package/ui-dist/assets/stateDiagram-v2-4FDKWEC3-WlT0xb9j.js +0 -1
|
@@ -19,13 +19,13 @@ export declare function accessService(db: Db): {
|
|
|
19
19
|
getMembership: (companyId: string, principalType: PrincipalType, principalId: string) => Promise<MembershipRow | null>;
|
|
20
20
|
getMemberById: (companyId: string, memberId: string) => Promise<{
|
|
21
21
|
id: string;
|
|
22
|
-
status: string;
|
|
23
|
-
createdAt: Date;
|
|
24
|
-
updatedAt: Date;
|
|
25
22
|
companyId: string;
|
|
26
23
|
principalType: string;
|
|
27
24
|
principalId: string;
|
|
25
|
+
status: string;
|
|
28
26
|
membershipRole: string | null;
|
|
27
|
+
createdAt: Date;
|
|
28
|
+
updatedAt: Date;
|
|
29
29
|
}>;
|
|
30
30
|
ensureMembership: (companyId: string, principalType: PrincipalType, principalId: string, membershipRole?: string | null, status?: "pending" | "active" | "suspended") => Promise<{
|
|
31
31
|
id: string;
|
|
@@ -39,56 +39,56 @@ export declare function accessService(db: Db): {
|
|
|
39
39
|
}>;
|
|
40
40
|
listMembers: (companyId: string) => Promise<{
|
|
41
41
|
id: string;
|
|
42
|
-
status: string;
|
|
43
|
-
createdAt: Date;
|
|
44
|
-
updatedAt: Date;
|
|
45
42
|
companyId: string;
|
|
46
43
|
principalType: string;
|
|
47
44
|
principalId: string;
|
|
45
|
+
status: string;
|
|
48
46
|
membershipRole: string | null;
|
|
47
|
+
createdAt: Date;
|
|
48
|
+
updatedAt: Date;
|
|
49
49
|
}[]>;
|
|
50
50
|
listActiveUserMemberships: (companyId: string) => Promise<{
|
|
51
51
|
id: string;
|
|
52
|
-
status: string;
|
|
53
|
-
createdAt: Date;
|
|
54
|
-
updatedAt: Date;
|
|
55
52
|
companyId: string;
|
|
56
53
|
principalType: string;
|
|
57
54
|
principalId: string;
|
|
55
|
+
status: string;
|
|
58
56
|
membershipRole: string | null;
|
|
57
|
+
createdAt: Date;
|
|
58
|
+
updatedAt: Date;
|
|
59
59
|
}[]>;
|
|
60
60
|
copyActiveUserMemberships: (sourceCompanyId: string, targetCompanyId: string) => Promise<{
|
|
61
61
|
id: string;
|
|
62
|
-
status: string;
|
|
63
|
-
createdAt: Date;
|
|
64
|
-
updatedAt: Date;
|
|
65
62
|
companyId: string;
|
|
66
63
|
principalType: string;
|
|
67
64
|
principalId: string;
|
|
65
|
+
status: string;
|
|
68
66
|
membershipRole: string | null;
|
|
67
|
+
createdAt: Date;
|
|
68
|
+
updatedAt: Date;
|
|
69
69
|
}[]>;
|
|
70
70
|
archiveMember: (companyId: string, memberId: string, input?: MemberArchiveInput) => Promise<{
|
|
71
71
|
member: {
|
|
72
72
|
id: string;
|
|
73
|
-
status: string;
|
|
74
|
-
createdAt: Date;
|
|
75
|
-
updatedAt: Date;
|
|
76
73
|
companyId: string;
|
|
77
74
|
principalType: string;
|
|
78
75
|
principalId: string;
|
|
76
|
+
status: string;
|
|
79
77
|
membershipRole: string | null;
|
|
78
|
+
createdAt: Date;
|
|
79
|
+
updatedAt: Date;
|
|
80
80
|
};
|
|
81
81
|
reassignedIssueCount: number;
|
|
82
82
|
} | null>;
|
|
83
83
|
setMemberPermissions: (companyId: string, memberId: string, grants: GrantInput[], grantedByUserId: string | null) => Promise<{
|
|
84
84
|
id: string;
|
|
85
|
-
status: string;
|
|
86
|
-
createdAt: Date;
|
|
87
|
-
updatedAt: Date;
|
|
88
85
|
companyId: string;
|
|
89
86
|
principalType: string;
|
|
90
87
|
principalId: string;
|
|
88
|
+
status: string;
|
|
91
89
|
membershipRole: string | null;
|
|
90
|
+
createdAt: Date;
|
|
91
|
+
updatedAt: Date;
|
|
92
92
|
} | null>;
|
|
93
93
|
updateMemberAndPermissions: (companyId: string, memberId: string, data: {
|
|
94
94
|
membershipRole?: string | null;
|
|
@@ -120,37 +120,37 @@ export declare function accessService(db: Db): {
|
|
|
120
120
|
}>;
|
|
121
121
|
listUserCompanyAccess: (userId: string) => Promise<{
|
|
122
122
|
id: string;
|
|
123
|
-
status: string;
|
|
124
|
-
createdAt: Date;
|
|
125
|
-
updatedAt: Date;
|
|
126
123
|
companyId: string;
|
|
127
124
|
principalType: string;
|
|
128
125
|
principalId: string;
|
|
126
|
+
status: string;
|
|
129
127
|
membershipRole: string | null;
|
|
128
|
+
createdAt: Date;
|
|
129
|
+
updatedAt: Date;
|
|
130
130
|
}[]>;
|
|
131
131
|
setUserCompanyAccess: (userId: string, companyIds: string[], options?: {
|
|
132
132
|
actorUserId?: string | null;
|
|
133
133
|
}) => Promise<{
|
|
134
134
|
id: string;
|
|
135
|
-
status: string;
|
|
136
|
-
createdAt: Date;
|
|
137
|
-
updatedAt: Date;
|
|
138
135
|
companyId: string;
|
|
139
136
|
principalType: string;
|
|
140
137
|
principalId: string;
|
|
138
|
+
status: string;
|
|
141
139
|
membershipRole: string | null;
|
|
140
|
+
createdAt: Date;
|
|
141
|
+
updatedAt: Date;
|
|
142
142
|
}[]>;
|
|
143
143
|
setPrincipalGrants: (companyId: string, principalType: PrincipalType, principalId: string, grants: GrantInput[], grantedByUserId: string | null) => Promise<void>;
|
|
144
144
|
listPrincipalGrants: (companyId: string, principalType: PrincipalType, principalId: string) => Promise<{
|
|
145
145
|
id: string;
|
|
146
|
-
createdAt: Date;
|
|
147
|
-
updatedAt: Date;
|
|
148
146
|
companyId: string;
|
|
149
|
-
scope: Record<string, unknown> | null;
|
|
150
147
|
principalType: string;
|
|
151
148
|
principalId: string;
|
|
152
149
|
permissionKey: string;
|
|
150
|
+
scope: Record<string, unknown> | null;
|
|
153
151
|
grantedByUserId: string | null;
|
|
152
|
+
createdAt: Date;
|
|
153
|
+
updatedAt: Date;
|
|
154
154
|
}[]>;
|
|
155
155
|
setPrincipalPermission: (companyId: string, principalType: PrincipalType, principalId: string, permissionKey: PermissionKey, enabled: boolean, grantedByUserId: string | null, scope?: Record<string, unknown> | null) => Promise<void>;
|
|
156
156
|
updateMember: (companyId: string, memberId: string, data: {
|
|
@@ -11,16 +11,16 @@ export declare function normalizeActivityLimit(limit: number | undefined): numbe
|
|
|
11
11
|
export declare function activityService(db: Db): {
|
|
12
12
|
list: (filters: ActivityFilters) => Promise<{
|
|
13
13
|
id: string;
|
|
14
|
-
createdAt: Date;
|
|
15
14
|
companyId: string;
|
|
16
|
-
agentId: string | null;
|
|
17
|
-
runId: string | null;
|
|
18
|
-
action: string;
|
|
19
15
|
actorType: string;
|
|
20
16
|
actorId: string;
|
|
17
|
+
action: string;
|
|
21
18
|
entityType: string;
|
|
22
19
|
entityId: string;
|
|
20
|
+
agentId: string | null;
|
|
21
|
+
runId: string | null;
|
|
23
22
|
details: Record<string, unknown> | null;
|
|
23
|
+
createdAt: Date;
|
|
24
24
|
}[]>;
|
|
25
25
|
forIssue: (issueId: string) => Omit<import("drizzle-orm/pg-core").PgSelectBase<"activity_log", {
|
|
26
26
|
id: import("drizzle-orm/pg-core").PgColumn<{
|
|
@@ -214,16 +214,16 @@ export declare function activityService(db: Db): {
|
|
|
214
214
|
}, {}, {}>;
|
|
215
215
|
}, "single", Record<"activity_log", "not-null">, false, "where" | "orderBy", {
|
|
216
216
|
id: string;
|
|
217
|
-
createdAt: Date;
|
|
218
217
|
companyId: string;
|
|
219
|
-
agentId: string | null;
|
|
220
|
-
runId: string | null;
|
|
221
|
-
action: string;
|
|
222
218
|
actorType: string;
|
|
223
219
|
actorId: string;
|
|
220
|
+
action: string;
|
|
224
221
|
entityType: string;
|
|
225
222
|
entityId: string;
|
|
223
|
+
agentId: string | null;
|
|
224
|
+
runId: string | null;
|
|
226
225
|
details: Record<string, unknown> | null;
|
|
226
|
+
createdAt: Date;
|
|
227
227
|
}[], {
|
|
228
228
|
id: import("drizzle-orm/pg-core").PgColumn<{
|
|
229
229
|
name: "id";
|
|
@@ -289,29 +289,29 @@ export declare function agentService(db: Db): {
|
|
|
289
289
|
}) | null>;
|
|
290
290
|
listConfigRevisions: (id: string) => Promise<{
|
|
291
291
|
id: string;
|
|
292
|
-
createdAt: Date;
|
|
293
292
|
companyId: string;
|
|
293
|
+
agentId: string;
|
|
294
294
|
createdByAgentId: string | null;
|
|
295
295
|
createdByUserId: string | null;
|
|
296
|
-
agentId: string;
|
|
297
296
|
source: string;
|
|
298
297
|
rolledBackFromRevisionId: string | null;
|
|
299
298
|
changedKeys: string[];
|
|
300
299
|
beforeConfig: Record<string, unknown>;
|
|
301
300
|
afterConfig: Record<string, unknown>;
|
|
301
|
+
createdAt: Date;
|
|
302
302
|
}[]>;
|
|
303
303
|
getConfigRevision: (id: string, revisionId: string) => Promise<{
|
|
304
304
|
id: string;
|
|
305
|
-
createdAt: Date;
|
|
306
305
|
companyId: string;
|
|
306
|
+
agentId: string;
|
|
307
307
|
createdByAgentId: string | null;
|
|
308
308
|
createdByUserId: string | null;
|
|
309
|
-
agentId: string;
|
|
310
309
|
source: string;
|
|
311
310
|
rolledBackFromRevisionId: string | null;
|
|
312
311
|
changedKeys: string[];
|
|
313
312
|
beforeConfig: Record<string, unknown>;
|
|
314
313
|
afterConfig: Record<string, unknown>;
|
|
314
|
+
createdAt: Date;
|
|
315
315
|
}>;
|
|
316
316
|
rollbackConfigRevision: (id: string, revisionId: string, actor: {
|
|
317
317
|
agentId?: string | null;
|
|
@@ -1342,16 +1342,14 @@ export declare function agentService(db: Db): {
|
|
|
1342
1342
|
}, {}, {}>;
|
|
1343
1343
|
}, "single", Record<"heartbeat_runs", "not-null">, false, "where", {
|
|
1344
1344
|
id: string;
|
|
1345
|
-
status: string;
|
|
1346
|
-
createdAt: Date;
|
|
1347
|
-
updatedAt: Date;
|
|
1348
1345
|
companyId: string;
|
|
1349
1346
|
agentId: string;
|
|
1347
|
+
invocationSource: string;
|
|
1350
1348
|
triggerDetail: string | null;
|
|
1349
|
+
status: string;
|
|
1350
|
+
startedAt: Date | null;
|
|
1351
1351
|
finishedAt: Date | null;
|
|
1352
1352
|
error: string | null;
|
|
1353
|
-
invocationSource: string;
|
|
1354
|
-
startedAt: Date | null;
|
|
1355
1353
|
wakeupRequestId: string | null;
|
|
1356
1354
|
exitCode: number | null;
|
|
1357
1355
|
signal: string | null;
|
|
@@ -1389,6 +1387,8 @@ export declare function agentService(db: Db): {
|
|
|
1389
1387
|
lastUsefulActionAt: Date | null;
|
|
1390
1388
|
nextAction: string | null;
|
|
1391
1389
|
contextSnapshot: Record<string, unknown> | null;
|
|
1390
|
+
createdAt: Date;
|
|
1391
|
+
updatedAt: Date;
|
|
1392
1392
|
}[], {
|
|
1393
1393
|
id: import("drizzle-orm/pg-core").PgColumn<{
|
|
1394
1394
|
name: "id";
|
|
@@ -210,17 +210,17 @@ export declare function approvalService(db: Db): {
|
|
|
210
210
|
}, {}, {}>;
|
|
211
211
|
}, "single", Record<"approvals", "not-null">, false, "where", {
|
|
212
212
|
id: string;
|
|
213
|
-
status: string;
|
|
214
|
-
createdAt: Date;
|
|
215
|
-
updatedAt: Date;
|
|
216
213
|
companyId: string;
|
|
217
214
|
type: string;
|
|
218
215
|
requestedByAgentId: string | null;
|
|
219
216
|
requestedByUserId: string | null;
|
|
217
|
+
status: string;
|
|
220
218
|
payload: Record<string, unknown>;
|
|
221
219
|
decisionNote: string | null;
|
|
222
220
|
decidedByUserId: string | null;
|
|
223
221
|
decidedAt: Date | null;
|
|
222
|
+
createdAt: Date;
|
|
223
|
+
updatedAt: Date;
|
|
224
224
|
}[], {
|
|
225
225
|
id: import("drizzle-orm/pg-core").PgColumn<{
|
|
226
226
|
name: "id";
|
|
@@ -431,17 +431,17 @@ export declare function approvalService(db: Db): {
|
|
|
431
431
|
}>, "where">;
|
|
432
432
|
getById: (id: string) => Promise<{
|
|
433
433
|
id: string;
|
|
434
|
-
status: string;
|
|
435
|
-
createdAt: Date;
|
|
436
|
-
updatedAt: Date;
|
|
437
434
|
companyId: string;
|
|
438
435
|
type: string;
|
|
439
436
|
requestedByAgentId: string | null;
|
|
440
437
|
requestedByUserId: string | null;
|
|
438
|
+
status: string;
|
|
441
439
|
payload: Record<string, unknown>;
|
|
442
440
|
decisionNote: string | null;
|
|
443
441
|
decidedByUserId: string | null;
|
|
444
442
|
decidedAt: Date | null;
|
|
443
|
+
createdAt: Date;
|
|
444
|
+
updatedAt: Date;
|
|
445
445
|
}>;
|
|
446
446
|
create: (companyId: string, data: Omit<typeof approvals.$inferInsert, "companyId">) => Promise<{
|
|
447
447
|
id: string;
|
|
@@ -521,13 +521,13 @@ export declare function approvalService(db: Db): {
|
|
|
521
521
|
}>;
|
|
522
522
|
listComments: (approvalId: string) => Promise<{
|
|
523
523
|
id: string;
|
|
524
|
-
createdAt: Date;
|
|
525
|
-
updatedAt: Date;
|
|
526
524
|
companyId: string;
|
|
527
525
|
approvalId: string;
|
|
528
|
-
body: string;
|
|
529
|
-
authorUserId: string | null;
|
|
530
526
|
authorAgentId: string | null;
|
|
527
|
+
authorUserId: string | null;
|
|
528
|
+
body: string;
|
|
529
|
+
createdAt: Date;
|
|
530
|
+
updatedAt: Date;
|
|
531
531
|
}[]>;
|
|
532
532
|
addComment: (approvalId: string, body: string, actor: {
|
|
533
533
|
agentId?: string;
|
|
@@ -16,18 +16,18 @@ export declare function assetService(db: Db): {
|
|
|
16
16
|
createdByUserId: string | null;
|
|
17
17
|
}>;
|
|
18
18
|
getById: (id: string) => Promise<{
|
|
19
|
-
sha256: string;
|
|
20
19
|
id: string;
|
|
21
|
-
createdAt: Date;
|
|
22
|
-
updatedAt: Date;
|
|
23
20
|
companyId: string;
|
|
24
21
|
provider: string;
|
|
25
22
|
objectKey: string;
|
|
26
23
|
contentType: string;
|
|
27
24
|
byteSize: number;
|
|
25
|
+
sha256: string;
|
|
28
26
|
originalFilename: string | null;
|
|
29
27
|
createdByAgentId: string | null;
|
|
30
28
|
createdByUserId: string | null;
|
|
29
|
+
createdAt: Date;
|
|
30
|
+
updatedAt: Date;
|
|
31
31
|
}>;
|
|
32
32
|
};
|
|
33
33
|
//# sourceMappingURL=assets.d.ts.map
|
|
@@ -25,13 +25,13 @@ export declare function boardAuthService(db: Db): {
|
|
|
25
25
|
}>;
|
|
26
26
|
findBoardApiKeyByToken: (token: string) => Promise<{
|
|
27
27
|
id: string;
|
|
28
|
-
name: string;
|
|
29
|
-
createdAt: Date;
|
|
30
|
-
expiresAt: Date | null;
|
|
31
28
|
userId: string;
|
|
29
|
+
name: string;
|
|
32
30
|
keyHash: string;
|
|
33
31
|
lastUsedAt: Date | null;
|
|
34
32
|
revokedAt: Date | null;
|
|
33
|
+
expiresAt: Date | null;
|
|
34
|
+
createdAt: Date;
|
|
35
35
|
} | null>;
|
|
36
36
|
touchBoardApiKey: (id: string) => Promise<void>;
|
|
37
37
|
revokeBoardApiKey: (id: string) => Promise<{
|
|
@@ -72,9 +72,6 @@ export declare function boardAuthService(db: Db): {
|
|
|
72
72
|
}>;
|
|
73
73
|
getCliAuthChallengeBySecret: (id: string, token: string) => Promise<{
|
|
74
74
|
id: string;
|
|
75
|
-
createdAt: Date;
|
|
76
|
-
updatedAt: Date;
|
|
77
|
-
expiresAt: Date;
|
|
78
75
|
secretHash: string;
|
|
79
76
|
command: string;
|
|
80
77
|
clientName: string | null;
|
|
@@ -86,6 +83,9 @@ export declare function boardAuthService(db: Db): {
|
|
|
86
83
|
boardApiKeyId: string | null;
|
|
87
84
|
approvedAt: Date | null;
|
|
88
85
|
cancelledAt: Date | null;
|
|
86
|
+
expiresAt: Date;
|
|
87
|
+
createdAt: Date;
|
|
88
|
+
updatedAt: Date;
|
|
89
89
|
} | null>;
|
|
90
90
|
describeCliAuthChallenge: (id: string, token: string) => Promise<{
|
|
91
91
|
id: string;
|
|
@@ -108,9 +108,6 @@ export declare function boardAuthService(db: Db): {
|
|
|
108
108
|
status: "expired";
|
|
109
109
|
challenge: {
|
|
110
110
|
id: string;
|
|
111
|
-
createdAt: Date;
|
|
112
|
-
updatedAt: Date;
|
|
113
|
-
expiresAt: Date;
|
|
114
111
|
secretHash: string;
|
|
115
112
|
command: string;
|
|
116
113
|
clientName: string | null;
|
|
@@ -122,14 +119,14 @@ export declare function boardAuthService(db: Db): {
|
|
|
122
119
|
boardApiKeyId: string | null;
|
|
123
120
|
approvedAt: Date | null;
|
|
124
121
|
cancelledAt: Date | null;
|
|
122
|
+
expiresAt: Date;
|
|
123
|
+
createdAt: Date;
|
|
124
|
+
updatedAt: Date;
|
|
125
125
|
};
|
|
126
126
|
} | {
|
|
127
127
|
status: "cancelled";
|
|
128
128
|
challenge: {
|
|
129
129
|
id: string;
|
|
130
|
-
createdAt: Date;
|
|
131
|
-
updatedAt: Date;
|
|
132
|
-
expiresAt: Date;
|
|
133
130
|
secretHash: string;
|
|
134
131
|
command: string;
|
|
135
132
|
clientName: string | null;
|
|
@@ -141,6 +138,9 @@ export declare function boardAuthService(db: Db): {
|
|
|
141
138
|
boardApiKeyId: string | null;
|
|
142
139
|
approvedAt: Date | null;
|
|
143
140
|
cancelledAt: Date | null;
|
|
141
|
+
expiresAt: Date;
|
|
142
|
+
createdAt: Date;
|
|
143
|
+
updatedAt: Date;
|
|
144
144
|
};
|
|
145
145
|
} | {
|
|
146
146
|
status: "approved";
|
|
@@ -166,9 +166,6 @@ export declare function boardAuthService(db: Db): {
|
|
|
166
166
|
status: "approved";
|
|
167
167
|
challenge: {
|
|
168
168
|
id: string;
|
|
169
|
-
createdAt: Date;
|
|
170
|
-
updatedAt: Date;
|
|
171
|
-
expiresAt: Date;
|
|
172
169
|
secretHash: string;
|
|
173
170
|
command: string;
|
|
174
171
|
clientName: string | null;
|
|
@@ -180,14 +177,14 @@ export declare function boardAuthService(db: Db): {
|
|
|
180
177
|
boardApiKeyId: string | null;
|
|
181
178
|
approvedAt: Date | null;
|
|
182
179
|
cancelledAt: Date | null;
|
|
180
|
+
expiresAt: Date;
|
|
181
|
+
createdAt: Date;
|
|
182
|
+
updatedAt: Date;
|
|
183
183
|
};
|
|
184
184
|
} | {
|
|
185
185
|
status: "expired";
|
|
186
186
|
challenge: {
|
|
187
187
|
id: string;
|
|
188
|
-
createdAt: Date;
|
|
189
|
-
updatedAt: Date;
|
|
190
|
-
expiresAt: Date;
|
|
191
188
|
secretHash: string;
|
|
192
189
|
command: string;
|
|
193
190
|
clientName: string | null;
|
|
@@ -199,14 +196,14 @@ export declare function boardAuthService(db: Db): {
|
|
|
199
196
|
boardApiKeyId: string | null;
|
|
200
197
|
approvedAt: Date | null;
|
|
201
198
|
cancelledAt: Date | null;
|
|
199
|
+
expiresAt: Date;
|
|
200
|
+
createdAt: Date;
|
|
201
|
+
updatedAt: Date;
|
|
202
202
|
};
|
|
203
203
|
} | {
|
|
204
204
|
status: "cancelled";
|
|
205
205
|
challenge: {
|
|
206
206
|
id: string;
|
|
207
|
-
createdAt: Date;
|
|
208
|
-
updatedAt: Date;
|
|
209
|
-
expiresAt: Date;
|
|
210
207
|
secretHash: string;
|
|
211
208
|
command: string;
|
|
212
209
|
clientName: string | null;
|
|
@@ -218,17 +215,20 @@ export declare function boardAuthService(db: Db): {
|
|
|
218
215
|
boardApiKeyId: string | null;
|
|
219
216
|
approvedAt: Date | null;
|
|
220
217
|
cancelledAt: Date | null;
|
|
218
|
+
expiresAt: Date;
|
|
219
|
+
createdAt: Date;
|
|
220
|
+
updatedAt: Date;
|
|
221
221
|
};
|
|
222
222
|
}>;
|
|
223
223
|
assertCurrentBoardKey: (keyId: string | undefined, userId: string | undefined) => Promise<{
|
|
224
224
|
id: string;
|
|
225
|
-
name: string;
|
|
226
|
-
createdAt: Date;
|
|
227
|
-
expiresAt: Date | null;
|
|
228
225
|
userId: string;
|
|
226
|
+
name: string;
|
|
229
227
|
keyHash: string;
|
|
230
228
|
lastUsedAt: Date | null;
|
|
231
229
|
revokedAt: Date | null;
|
|
230
|
+
expiresAt: Date | null;
|
|
231
|
+
createdAt: Date;
|
|
232
232
|
}>;
|
|
233
233
|
resolveBoardActivityCompanyIds: (input: {
|
|
234
234
|
userId: string;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { Db } from "@penclipai/db";
|
|
2
|
-
import type { Environment, EnvironmentDriver, LocalEnvironmentConfig, PluginEnvironmentConfig, SandboxEnvironmentConfig, SshEnvironmentConfig } from "@penclipai/shared";
|
|
2
|
+
import type { Environment, EnvironmentDriver, LocalEnvironmentConfig, PluginEnvironmentConfig, SandboxEnvironmentConfig, SecretProvider, SecretVersionSelector, SshEnvironmentConfig } from "@penclipai/shared";
|
|
3
3
|
import type { PluginWorkerManager } from "./plugin-worker-manager.js";
|
|
4
4
|
export type ParsedEnvironmentConfig = {
|
|
5
5
|
driver: "local";
|
|
@@ -14,6 +14,14 @@ export type ParsedEnvironmentConfig = {
|
|
|
14
14
|
driver: "plugin";
|
|
15
15
|
config: PluginEnvironmentConfig;
|
|
16
16
|
};
|
|
17
|
+
export declare function collectEnvironmentSecretRefs(input: {
|
|
18
|
+
db: Db;
|
|
19
|
+
environment: Pick<Environment, "id" | "driver" | "config">;
|
|
20
|
+
}): Promise<Array<{
|
|
21
|
+
secretId: string;
|
|
22
|
+
configPath: string;
|
|
23
|
+
versionSelector?: SecretVersionSelector;
|
|
24
|
+
}>>;
|
|
17
25
|
export declare function stripSandboxProviderEnvelope(config: SandboxEnvironmentConfig): Record<string, unknown>;
|
|
18
26
|
export declare function normalizeEnvironmentConfig(input: {
|
|
19
27
|
driver: EnvironmentDriver;
|
|
@@ -30,6 +38,7 @@ export declare function normalizeEnvironmentConfigForPersistence(input: {
|
|
|
30
38
|
companyId: string;
|
|
31
39
|
environmentName: string;
|
|
32
40
|
driver: EnvironmentDriver;
|
|
41
|
+
secretProvider: SecretProvider;
|
|
33
42
|
config: Record<string, unknown> | null | undefined;
|
|
34
43
|
actor?: {
|
|
35
44
|
userId?: string | null;
|
|
@@ -37,7 +46,10 @@ export declare function normalizeEnvironmentConfigForPersistence(input: {
|
|
|
37
46
|
};
|
|
38
47
|
pluginWorkerManager?: PluginWorkerManager;
|
|
39
48
|
}): Promise<Record<string, unknown>>;
|
|
40
|
-
export declare function resolveEnvironmentDriverConfigForRuntime(db: Db, companyId: string, environment: Pick<Environment, "driver" | "config">
|
|
49
|
+
export declare function resolveEnvironmentDriverConfigForRuntime(db: Db, companyId: string, environment: Pick<Environment, "driver" | "config"> & Partial<Pick<Environment, "id">>, context?: {
|
|
50
|
+
issueId?: string | null;
|
|
51
|
+
heartbeatRunId?: string | null;
|
|
52
|
+
}): Promise<ParsedEnvironmentConfig>;
|
|
41
53
|
export declare function readSshEnvironmentPrivateKeySecretId(environment: Pick<Environment, "driver" | "config">): string | null;
|
|
42
54
|
export declare function parseEnvironmentDriverConfig(environment: Pick<Environment, "driver" | "config">): ParsedEnvironmentConfig;
|
|
43
55
|
//# sourceMappingURL=environment-config.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"environment-config.d.ts","sourceRoot":"","sources":["../../src/services/environment-config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,KAAK,EACV,WAAW,EACX,iBAAiB,EAEjB,sBAAsB,EACtB,uBAAuB,EAEvB,wBAAwB,EACxB,oBAAoB,EACrB,MAAM,mBAAmB,CAAC;AAS3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AA8EtE,MAAM,MAAM,uBAAuB,GAC/B;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,sBAAsB,CAAA;CAAE,GACnD;IAAE,MAAM,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,oBAAoB,CAAA;CAAE,GAC/C;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,wBAAwB,CAAA;CAAE,GACvD;IAAE,MAAM,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"environment-config.d.ts","sourceRoot":"","sources":["../../src/services/environment-config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,KAAK,EACV,WAAW,EACX,iBAAiB,EAEjB,sBAAsB,EACtB,uBAAuB,EAEvB,wBAAwB,EACxB,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACrB,MAAM,mBAAmB,CAAC;AAS3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AA8EtE,MAAM,MAAM,uBAAuB,GAC/B;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,sBAAsB,CAAA;CAAE,GACnD;IAAE,MAAM,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,oBAAoB,CAAA;CAAE,GAC/C;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,wBAAwB,CAAA;CAAE,GACvD;IAAE,MAAM,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,CAAC;AAiK1D,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,EAAE,EAAE,EAAE,CAAC;IACP,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,GAAG,QAAQ,GAAG,QAAQ,CAAC,CAAC;CAC5D,GAAG,OAAO,CAAC,KAAK,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,qBAAqB,CAAA;CAAE,CAAC,CAAC,CAqBpG;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,wBAAwB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAGtG;AAED,wBAAgB,0BAA0B,CAAC,KAAK,EAAE;IAChD,MAAM,EAAE,iBAAiB,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC;CACpD,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAoC1B;AAED,wBAAgB,kCAAkC,CAAC,KAAK,EAAE;IACxD,EAAE,EAAE,EAAE,CAAC;IACP,MAAM,EAAE,iBAAiB,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC;IACnD,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAuC7D;AAED,wBAAsB,wCAAwC,CAAC,KAAK,EAAE;IACpE,EAAE,EAAE,EAAE,CAAC;IACP,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;IAC/B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC;IACnD,KAAK,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IAC5D,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAgGnC;AAED,wBAAsB,wCAAwC,CAC5D,EAAE,EAAE,EAAE,EACN,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,EACtF,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GACpE,OAAO,CAAC,uBAAuB,CAAC,CAiDlC;AAED,wBAAgB,oCAAoC,CAClD,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC,GAClD,MAAM,GAAG,IAAI,CAKf;AAED,wBAAgB,4BAA4B,CAC1C,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC,GAClD,uBAAuB,CAoCzB"}
|
|
@@ -105,7 +105,7 @@ function secretName(input) {
|
|
|
105
105
|
async function createEnvironmentSecret(input) {
|
|
106
106
|
const created = await secretService(input.db).create(input.companyId, {
|
|
107
107
|
name: secretName(input),
|
|
108
|
-
provider:
|
|
108
|
+
provider: input.provider,
|
|
109
109
|
value: input.value,
|
|
110
110
|
description: `Secret for ${input.environmentName} ${input.field}.`,
|
|
111
111
|
}, input.actor);
|
|
@@ -136,6 +136,7 @@ async function persistConfigSecretRefs(input) {
|
|
|
136
136
|
environmentName: input.environmentName,
|
|
137
137
|
driver: input.driver,
|
|
138
138
|
field: path.replace(/[^a-z0-9]+/gi, "-").toLowerCase(),
|
|
139
|
+
provider: input.secretProvider,
|
|
139
140
|
value: trimmed,
|
|
140
141
|
actor: input.actor,
|
|
141
142
|
});
|
|
@@ -153,10 +154,43 @@ async function resolveConfigSecretRefsForRuntime(input) {
|
|
|
153
154
|
const trimmed = current.trim();
|
|
154
155
|
if (!isUuidSecretRef(trimmed))
|
|
155
156
|
continue;
|
|
156
|
-
|
|
157
|
+
if (!input.context.consumerId) {
|
|
158
|
+
throw unprocessable("Runtime secret resolution requires an environment id");
|
|
159
|
+
}
|
|
160
|
+
nextConfig = writeConfigValueAtPath(nextConfig, path, await secrets.resolveSecretValue(input.companyId, trimmed, "latest", {
|
|
161
|
+
consumerType: "environment",
|
|
162
|
+
consumerId: input.context.consumerId,
|
|
163
|
+
actorType: "system",
|
|
164
|
+
actorId: null,
|
|
165
|
+
issueId: input.context.issueId ?? null,
|
|
166
|
+
heartbeatRunId: input.context.heartbeatRunId ?? null,
|
|
167
|
+
configPath: path,
|
|
168
|
+
}));
|
|
157
169
|
}
|
|
158
170
|
return nextConfig;
|
|
159
171
|
}
|
|
172
|
+
export async function collectEnvironmentSecretRefs(input) {
|
|
173
|
+
const parsed = parseEnvironmentDriverConfig(input.environment);
|
|
174
|
+
if (parsed.driver === "ssh" && parsed.config.privateKeySecretRef) {
|
|
175
|
+
return [{
|
|
176
|
+
secretId: parsed.config.privateKeySecretRef.secretId,
|
|
177
|
+
configPath: "privateKeySecretRef",
|
|
178
|
+
versionSelector: parsed.config.privateKeySecretRef.version ?? "latest",
|
|
179
|
+
}];
|
|
180
|
+
}
|
|
181
|
+
if (parsed.driver === "sandbox" && parsed.config.provider !== "fake") {
|
|
182
|
+
const schema = await getSandboxProviderConfigSchema(input.db, parsed.config.provider);
|
|
183
|
+
const refs = [];
|
|
184
|
+
for (const path of collectSecretRefPaths(schema)) {
|
|
185
|
+
const current = readConfigValueAtPath(parsed.config, path);
|
|
186
|
+
if (typeof current === "string" && isUuidSecretRef(current.trim())) {
|
|
187
|
+
refs.push({ secretId: current.trim(), configPath: path, versionSelector: "latest" });
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
return refs;
|
|
191
|
+
}
|
|
192
|
+
return [];
|
|
193
|
+
}
|
|
160
194
|
export function stripSandboxProviderEnvelope(config) {
|
|
161
195
|
const { provider: _provider, ...driverConfig } = config;
|
|
162
196
|
return driverConfig;
|
|
@@ -250,6 +284,7 @@ export async function normalizeEnvironmentConfigForPersistence(input) {
|
|
|
250
284
|
environmentName: input.environmentName,
|
|
251
285
|
driver: input.driver,
|
|
252
286
|
field: "private-key",
|
|
287
|
+
provider: input.secretProvider,
|
|
253
288
|
value: privateKey,
|
|
254
289
|
actor: input.actor,
|
|
255
290
|
});
|
|
@@ -288,6 +323,7 @@ export async function normalizeEnvironmentConfigForPersistence(input) {
|
|
|
288
323
|
companyId: input.companyId,
|
|
289
324
|
environmentName: input.environmentName,
|
|
290
325
|
driver: input.driver,
|
|
326
|
+
secretProvider: input.secretProvider,
|
|
291
327
|
config: {
|
|
292
328
|
provider: parsed.data.provider,
|
|
293
329
|
...validated.normalizedConfig,
|
|
@@ -319,15 +355,27 @@ export async function normalizeEnvironmentConfigForPersistence(input) {
|
|
|
319
355
|
config: input.config,
|
|
320
356
|
});
|
|
321
357
|
}
|
|
322
|
-
export async function resolveEnvironmentDriverConfigForRuntime(db, companyId, environment) {
|
|
358
|
+
export async function resolveEnvironmentDriverConfigForRuntime(db, companyId, environment, context) {
|
|
323
359
|
const parsed = parseEnvironmentDriverConfig(environment);
|
|
324
360
|
const secrets = secretService(db);
|
|
361
|
+
const environmentId = environment.id;
|
|
362
|
+
if (parsed.driver === "ssh" && parsed.config.privateKeySecretRef && !environmentId) {
|
|
363
|
+
throw unprocessable("Runtime secret resolution requires an environment id");
|
|
364
|
+
}
|
|
325
365
|
if (parsed.driver === "ssh" && parsed.config.privateKeySecretRef) {
|
|
326
366
|
return {
|
|
327
367
|
driver: "ssh",
|
|
328
368
|
config: {
|
|
329
369
|
...parsed.config,
|
|
330
|
-
privateKey: await secrets.resolveSecretValue(companyId, parsed.config.privateKeySecretRef.secretId, parsed.config.privateKeySecretRef.version ?? "latest"
|
|
370
|
+
privateKey: await secrets.resolveSecretValue(companyId, parsed.config.privateKeySecretRef.secretId, parsed.config.privateKeySecretRef.version ?? "latest", {
|
|
371
|
+
consumerType: "environment",
|
|
372
|
+
consumerId: environmentId,
|
|
373
|
+
actorType: "system",
|
|
374
|
+
actorId: null,
|
|
375
|
+
issueId: context?.issueId ?? null,
|
|
376
|
+
heartbeatRunId: context?.heartbeatRunId ?? null,
|
|
377
|
+
configPath: "privateKeySecretRef",
|
|
378
|
+
}),
|
|
331
379
|
},
|
|
332
380
|
};
|
|
333
381
|
}
|
|
@@ -339,6 +387,11 @@ export async function resolveEnvironmentDriverConfigForRuntime(db, companyId, en
|
|
|
339
387
|
companyId,
|
|
340
388
|
config: parsed.config,
|
|
341
389
|
schema: await getSandboxProviderConfigSchema(db, parsed.config.provider),
|
|
390
|
+
context: {
|
|
391
|
+
consumerId: environmentId,
|
|
392
|
+
issueId: context?.issueId ?? null,
|
|
393
|
+
heartbeatRunId: context?.heartbeatRunId ?? null,
|
|
394
|
+
},
|
|
342
395
|
}),
|
|
343
396
|
};
|
|
344
397
|
}
|