@pikku/core 0.12.14 → 0.12.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +30 -0
- package/dist/errors/errors.d.ts +4 -0
- package/dist/errors/errors.js +12 -0
- package/dist/function/function-runner.js +2 -1
- package/dist/function/functions.types.js +1 -0
- package/dist/function/index.d.ts +2 -1
- package/dist/function/index.js +1 -0
- package/dist/handle-error.d.ts +2 -2
- package/dist/handle-error.js +8 -8
- package/dist/index.d.ts +1 -2
- package/dist/index.js +1 -2
- package/dist/middleware/index.d.ts +2 -0
- package/dist/middleware/index.js +2 -0
- package/dist/middleware/remote-auth.js +5 -2
- package/dist/permissions.d.ts +13 -1
- package/dist/permissions.js +51 -0
- package/dist/pikku-state.d.ts +0 -1
- package/dist/pikku-state.js +1 -4
- package/dist/remote.d.ts +10 -0
- package/dist/remote.js +32 -0
- package/dist/schema.js +2 -0
- package/dist/services/deployment-service.d.ts +12 -1
- package/dist/services/in-memory-queue-service.d.ts +7 -0
- package/dist/services/in-memory-queue-service.js +28 -0
- package/dist/services/index.d.ts +4 -1
- package/dist/services/index.js +2 -1
- package/dist/services/logger-console.d.ts +26 -40
- package/dist/services/logger-console.js +102 -46
- package/dist/services/logger.d.ts +5 -0
- package/dist/services/meta-service.d.ts +175 -0
- package/dist/services/meta-service.js +310 -0
- package/dist/services/workflow-service.d.ts +6 -1
- package/dist/testing/service-tests.js +0 -8
- package/dist/types/core.types.d.ts +8 -0
- package/dist/types/state.types.d.ts +2 -2
- package/dist/wirings/ai-agent/ai-agent-prepare.js +42 -21
- package/dist/wirings/ai-agent/ai-agent-registry.js +2 -2
- package/dist/wirings/ai-agent/ai-agent-runner.js +18 -1
- package/dist/wirings/ai-agent/ai-agent-stream.js +1 -0
- package/dist/wirings/ai-agent/ai-agent.types.d.ts +5 -3
- package/dist/wirings/channel/channel-runner.js +3 -3
- package/dist/wirings/cli/cli-runner.js +3 -2
- package/dist/wirings/cli/command-parser.js +7 -3
- package/dist/wirings/http/http-runner.d.ts +1 -1
- package/dist/wirings/http/http-runner.js +23 -11
- package/dist/wirings/http/http.types.d.ts +2 -0
- package/dist/wirings/mcp/mcp-runner.js +5 -3
- package/dist/wirings/queue/queue-runner.d.ts +3 -1
- package/dist/wirings/queue/queue-runner.js +7 -3
- package/dist/wirings/rpc/rpc-runner.js +56 -90
- package/dist/wirings/scheduler/scheduler-runner.d.ts +3 -1
- package/dist/wirings/scheduler/scheduler-runner.js +9 -5
- package/dist/wirings/trigger/trigger-runner.js +4 -2
- package/dist/wirings/workflow/dsl/workflow-runner.d.ts +1 -1
- package/dist/wirings/workflow/dsl/workflow-runner.js +6 -9
- package/dist/wirings/workflow/graph/graph-runner.d.ts +1 -1
- package/dist/wirings/workflow/graph/graph-runner.js +18 -4
- package/dist/wirings/workflow/index.d.ts +4 -2
- package/dist/wirings/workflow/index.js +4 -2
- package/dist/wirings/workflow/pikku-workflow-service.d.ts +16 -4
- package/dist/wirings/workflow/pikku-workflow-service.js +216 -24
- package/dist/wirings/workflow/workflow-queue-workers.d.ts +40 -0
- package/dist/wirings/workflow/workflow-queue-workers.js +41 -0
- package/dist/wirings/workflow/workflow.types.d.ts +17 -1
- package/package.json +4 -1
- package/src/errors/errors.ts +12 -0
- package/src/function/function-runner.ts +5 -4
- package/src/function/functions.types.ts +1 -0
- package/src/function/index.ts +10 -0
- package/src/handle-error.test.ts +2 -2
- package/src/handle-error.ts +8 -8
- package/src/index.ts +1 -2
- package/src/middleware/index.ts +2 -0
- package/src/middleware/remote-auth.test.ts +4 -4
- package/src/middleware/remote-auth.ts +7 -2
- package/src/permissions.ts +70 -0
- package/src/pikku-state.test.ts +0 -26
- package/src/pikku-state.ts +1 -5
- package/src/remote.ts +46 -0
- package/src/schema.ts +1 -0
- package/src/services/deployment-service.ts +17 -1
- package/src/services/in-memory-queue-service.ts +46 -0
- package/src/services/index.ts +21 -1
- package/src/services/logger-console.ts +127 -47
- package/src/services/logger.ts +6 -0
- package/src/services/meta-service.ts +523 -0
- package/src/services/workflow-service.ts +8 -0
- package/src/testing/service-tests.ts +0 -10
- package/src/types/core.types.ts +8 -0
- package/src/types/state.types.ts +2 -2
- package/src/wirings/ai-agent/ai-agent-prepare.ts +51 -40
- package/src/wirings/ai-agent/ai-agent-registry.ts +3 -3
- package/src/wirings/ai-agent/ai-agent-runner.ts +16 -1
- package/src/wirings/ai-agent/ai-agent-stream.ts +8 -0
- package/src/wirings/ai-agent/ai-agent.types.ts +5 -3
- package/src/wirings/channel/channel-runner.ts +4 -5
- package/src/wirings/cli/cli-runner.test.ts +8 -7
- package/src/wirings/cli/cli-runner.ts +4 -3
- package/src/wirings/cli/command-parser.ts +8 -3
- package/src/wirings/http/http-runner.ts +27 -11
- package/src/wirings/http/http.types.ts +2 -0
- package/src/wirings/mcp/mcp-runner.ts +7 -9
- package/src/wirings/queue/queue-runner.test.ts +5 -11
- package/src/wirings/queue/queue-runner.ts +11 -3
- package/src/wirings/rpc/rpc-runner.ts +82 -115
- package/src/wirings/scheduler/scheduler-runner.test.ts +5 -11
- package/src/wirings/scheduler/scheduler-runner.ts +13 -5
- package/src/wirings/trigger/trigger-runner.test.ts +10 -11
- package/src/wirings/trigger/trigger-runner.ts +6 -4
- package/src/wirings/workflow/dsl/workflow-runner.ts +11 -10
- package/src/wirings/workflow/graph/graph-runner.ts +19 -4
- package/src/wirings/workflow/index.ts +17 -6
- package/src/wirings/workflow/pikku-workflow-service.ts +284 -24
- package/src/wirings/workflow/workflow-queue-workers.ts +85 -0
- package/src/wirings/workflow/workflow.types.ts +16 -1
- package/tsconfig.tsbuildinfo +1 -1
- package/dist/wirings/ai-agent/agent-dynamic-workflow.d.ts +0 -6
- package/dist/wirings/ai-agent/agent-dynamic-workflow.js +0 -468
- package/dist/wirings/workflow/workflow-helpers.d.ts +0 -36
- package/dist/wirings/workflow/workflow-helpers.js +0 -38
- package/src/wirings/ai-agent/agent-dynamic-workflow.ts +0 -610
- package/src/wirings/workflow/workflow-helpers.test.ts +0 -129
- package/src/wirings/workflow/workflow-helpers.ts +0 -79
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,35 @@
|
|
|
1
1
|
## 0.12.4
|
|
2
2
|
|
|
3
|
+
## 0.12.15
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 9e8605f: Add Workers for Platforms dispatch namespace support and AI agent fixes.
|
|
8
|
+
|
|
9
|
+
- deploy-cloudflare: Thread dispatchNamespace through deploy pipeline, reads CF_DISPATCH_NAMESPACE env var
|
|
10
|
+
- core: Fix auth-gated tools visible to unauthenticated sessions (null session now hides permission-gated items)
|
|
11
|
+
- core: Recursive null stripping in AI agent tool call resume path
|
|
12
|
+
- ai-vercel: Handle anyOf/oneOf/array types when making optional fields nullable for strict providers
|
|
13
|
+
|
|
14
|
+
- 624097e: Add deploy pipeline with provider-agnostic architecture
|
|
15
|
+
|
|
16
|
+
- Add MetaService with explicit typed API, absorb WiringService reads
|
|
17
|
+
- Add deployment service, traceId propagation, scoped logger
|
|
18
|
+
- Rewrite analyzer: one function = one worker, gateways dispatch via RPC
|
|
19
|
+
- Add Cloudflare deploy provider with plan/apply commands
|
|
20
|
+
- Add per-unit filtered codegen for deploy pipeline
|
|
21
|
+
- Skip missing metadata in wiring registration for deploy units
|
|
22
|
+
- Fix schema coercion crash when schema has no properties
|
|
23
|
+
- Fix E2E codegen: double-pass resolves cross-package Zod type imports
|
|
24
|
+
|
|
25
|
+
- 7ab3243: Add server-fallback deployment target for functions that can't run serverless.
|
|
26
|
+
|
|
27
|
+
Functions can declare `deploy: 'serverless' | 'server' | 'auto'`. With `serverlessIncompatible` config, the analyzer auto-routes functions using incompatible services to a container.
|
|
28
|
+
|
|
29
|
+
Server functions are merged into a single tree-shaken unit with a PikkuUWSServer entry, Dockerfile, and CF Container proxy Worker.
|
|
30
|
+
|
|
31
|
+
Also adds sub-path exports to @pikku/cloudflare for tree-shaking (greet bundle 1.6MB → 444KB) and deploy verifiers for cloudflare, serverless, and azure providers.
|
|
32
|
+
|
|
3
33
|
## 0.12.14
|
|
4
34
|
|
|
5
35
|
### Patch Changes
|
package/dist/errors/errors.d.ts
CHANGED
|
@@ -6,6 +6,10 @@ export declare class InvalidMiddlewareWireError extends PikkuError {
|
|
|
6
6
|
}
|
|
7
7
|
export declare class PikkuMissingMetaError extends PikkuError {
|
|
8
8
|
}
|
|
9
|
+
export declare class MissingServiceError extends PikkuError {
|
|
10
|
+
}
|
|
11
|
+
export declare class LocalEnvironmentOnlyError extends PikkuError {
|
|
12
|
+
}
|
|
9
13
|
/**
|
|
10
14
|
* The server cannot or will not process the request due to client error (e.g., malformed request syntax).
|
|
11
15
|
* @group Error
|
package/dist/errors/errors.js
CHANGED
|
@@ -14,6 +14,18 @@ addError(PikkuMissingMetaError, {
|
|
|
14
14
|
status: 500,
|
|
15
15
|
message: 'Required metadata is missing',
|
|
16
16
|
});
|
|
17
|
+
export class MissingServiceError extends PikkuError {
|
|
18
|
+
}
|
|
19
|
+
addError(MissingServiceError, {
|
|
20
|
+
status: 500,
|
|
21
|
+
message: 'A required service is not configured',
|
|
22
|
+
});
|
|
23
|
+
export class LocalEnvironmentOnlyError extends PikkuError {
|
|
24
|
+
}
|
|
25
|
+
addError(LocalEnvironmentOnlyError, {
|
|
26
|
+
status: 403,
|
|
27
|
+
message: 'This operation is only available in local development mode',
|
|
28
|
+
});
|
|
17
29
|
/**
|
|
18
30
|
* The server cannot or will not process the request due to client error (e.g., malformed request syntax).
|
|
19
31
|
* @group Error
|
|
@@ -196,8 +196,9 @@ export const runPikkuFunc = async (wireType, wireId, funcName, { singletonServic
|
|
|
196
196
|
packageName,
|
|
197
197
|
});
|
|
198
198
|
}
|
|
199
|
-
|
|
199
|
+
let wireServices;
|
|
200
200
|
try {
|
|
201
|
+
wireServices = (await resolvedCreateWireServices?.(resolvedSingletonServices, resolvedWire));
|
|
201
202
|
const services = wireServices && Object.keys(wireServices).length > 0
|
|
202
203
|
? { ...resolvedSingletonServices, ...wireServices }
|
|
203
204
|
: resolvedSingletonServices;
|
package/dist/function/index.d.ts
CHANGED
|
@@ -1,2 +1,3 @@
|
|
|
1
1
|
export { addFunction, getAllFunctionNames } from './function-runner.js';
|
|
2
|
-
export
|
|
2
|
+
export { pikkuAuth, pikkuPermission, pikkuPermissionFactory, pikkuApprovalDescription, } from './functions.types.js';
|
|
3
|
+
export type { CorePikkuFunction, CorePikkuFunctionSessionless, CorePikkuFunctionConfig, CorePikkuAuth, CorePikkuAuthConfig, CorePikkuPermission, } from './functions.types.js';
|
package/dist/function/index.js
CHANGED
package/dist/handle-error.d.ts
CHANGED
|
@@ -5,10 +5,10 @@ import type { PikkuHTTP } from './wirings/http/http.types.js';
|
|
|
5
5
|
*
|
|
6
6
|
* @param {any} e - The error that occurred
|
|
7
7
|
* @param {PikkuHTTP | undefined} http - HTTP wire object
|
|
8
|
-
* @param {string}
|
|
8
|
+
* @param {string} traceId - Unique ID for tracking this error
|
|
9
9
|
* @param {Logger} logger - Logger service
|
|
10
10
|
* @param {number[]} logWarningsForStatusCodes - HTTP status codes to log as warnings
|
|
11
11
|
* @param {boolean} respondWith404 - Whether to respond with 404 for NotFoundError
|
|
12
12
|
* @param {boolean} bubbleError - Whether to throw the error after handling
|
|
13
13
|
*/
|
|
14
|
-
export declare const handleHTTPError: (e: any, http: PikkuHTTP | undefined,
|
|
14
|
+
export declare const handleHTTPError: (e: any, http: PikkuHTTP | undefined, traceId: string | undefined, logger: Logger, logWarningsForStatusCodes: number[], respondWith404: boolean, bubbleError: boolean, exposeErrors?: boolean) => void;
|
package/dist/handle-error.js
CHANGED
|
@@ -6,13 +6,13 @@ import { NotFoundError } from './errors/errors.js';
|
|
|
6
6
|
*
|
|
7
7
|
* @param {any} e - The error that occurred
|
|
8
8
|
* @param {PikkuHTTP | undefined} http - HTTP wire object
|
|
9
|
-
* @param {string}
|
|
9
|
+
* @param {string} traceId - Unique ID for tracking this error
|
|
10
10
|
* @param {Logger} logger - Logger service
|
|
11
11
|
* @param {number[]} logWarningsForStatusCodes - HTTP status codes to log as warnings
|
|
12
12
|
* @param {boolean} respondWith404 - Whether to respond with 404 for NotFoundError
|
|
13
13
|
* @param {boolean} bubbleError - Whether to throw the error after handling
|
|
14
14
|
*/
|
|
15
|
-
export const handleHTTPError = (e, http,
|
|
15
|
+
export const handleHTTPError = (e, http, traceId, logger, logWarningsForStatusCodes, respondWith404, bubbleError, exposeErrors = false) => {
|
|
16
16
|
// Skip 404 handling if configured to do so
|
|
17
17
|
if (e instanceof NotFoundError && !respondWith404) {
|
|
18
18
|
return;
|
|
@@ -25,12 +25,12 @@ export const handleHTTPError = (e, http, trackerId, logger, logWarningsForStatus
|
|
|
25
25
|
http?.response?.json({
|
|
26
26
|
message: errorResponse.message,
|
|
27
27
|
payload: e.payload,
|
|
28
|
-
|
|
28
|
+
errorId: traceId,
|
|
29
29
|
});
|
|
30
30
|
// Log certain status codes as warnings
|
|
31
31
|
if (logWarningsForStatusCodes.includes(errorResponse.status)) {
|
|
32
|
-
if (
|
|
33
|
-
logger.warn(`Warning id: ${
|
|
32
|
+
if (traceId) {
|
|
33
|
+
logger.warn(`Warning id: ${traceId}`);
|
|
34
34
|
}
|
|
35
35
|
logger.warn(e instanceof Error ? e.message : e);
|
|
36
36
|
}
|
|
@@ -39,9 +39,9 @@ export const handleHTTPError = (e, http, trackerId, logger, logWarningsForStatus
|
|
|
39
39
|
// Handle unexpected errors
|
|
40
40
|
logger.error(e instanceof Error ? e.message : e);
|
|
41
41
|
http?.response?.status(500);
|
|
42
|
-
if (
|
|
43
|
-
logger.warn(`Error id: ${
|
|
44
|
-
const errorBody = { errorId:
|
|
42
|
+
if (traceId) {
|
|
43
|
+
logger.warn(`Error id: ${traceId}`);
|
|
44
|
+
const errorBody = { errorId: traceId };
|
|
45
45
|
if (exposeErrors && !isProduction() && e instanceof Error) {
|
|
46
46
|
errorBody.message = e.message;
|
|
47
47
|
errorBody.stack = e.stack;
|
package/dist/index.d.ts
CHANGED
|
@@ -36,12 +36,11 @@ export type { AIStorageService } from './services/ai-storage-service.js';
|
|
|
36
36
|
export type { HTTPMethod } from './wirings/http/http.types.js';
|
|
37
37
|
export type { GraphNodeConfig } from './wirings/workflow/graph/workflow-graph.types.js';
|
|
38
38
|
export { createGraph } from './wirings/workflow/graph/graph-node.js';
|
|
39
|
-
export { workflow as wireWorkflow } from './wirings/workflow/workflow-helpers.js';
|
|
40
39
|
export { wireAddon } from './wirings/rpc/wire-addon.js';
|
|
41
40
|
export type { WireAddonConfig } from './wirings/rpc/wire-addon.js';
|
|
42
41
|
export type { PikkuPackageState } from './types/state.types.js';
|
|
43
42
|
export { runMiddleware, addMiddleware } from './middleware-runner.js';
|
|
44
|
-
export { addPermission } from './permissions.js';
|
|
43
|
+
export { addPermission, checkAuthPermissions } from './permissions.js';
|
|
45
44
|
export { isSerializable, stopSingletonServices } from './utils.js';
|
|
46
45
|
export { getSingletonServices, getCreateWireServices } from './pikku-state.js';
|
|
47
46
|
export { type ScheduledTaskInfo, type ScheduledTaskSummary, } from './services/scheduler-service.js';
|
package/dist/index.js
CHANGED
|
@@ -12,10 +12,9 @@ export { runQueueJob } from './wirings/queue/queue-runner.js';
|
|
|
12
12
|
export { runScheduledTask } from './wirings/scheduler/scheduler-runner.js';
|
|
13
13
|
export { NotFoundError } from './errors/errors.js';
|
|
14
14
|
export { createGraph } from './wirings/workflow/graph/graph-node.js';
|
|
15
|
-
export { workflow as wireWorkflow } from './wirings/workflow/workflow-helpers.js';
|
|
16
15
|
export { wireAddon } from './wirings/rpc/wire-addon.js';
|
|
17
16
|
export { runMiddleware, addMiddleware } from './middleware-runner.js';
|
|
18
|
-
export { addPermission } from './permissions.js';
|
|
17
|
+
export { addPermission, checkAuthPermissions } from './permissions.js';
|
|
19
18
|
export { isSerializable, stopSingletonServices } from './utils.js';
|
|
20
19
|
export { getSingletonServices, getCreateWireServices } from './pikku-state.js';
|
|
21
20
|
export { SchedulerService } from './services/scheduler-service.js';
|
|
@@ -3,3 +3,5 @@ export { authCookie } from './auth-cookie.js';
|
|
|
3
3
|
export { authBearer } from './auth-bearer.js';
|
|
4
4
|
export { pikkuRemoteAuthMiddleware } from './remote-auth.js';
|
|
5
5
|
export { cors } from './cors.js';
|
|
6
|
+
export { addMiddleware, runMiddleware } from '../middleware-runner.js';
|
|
7
|
+
export { addPermission } from '../permissions.js';
|
package/dist/middleware/index.js
CHANGED
|
@@ -3,3 +3,5 @@ export { authCookie } from './auth-cookie.js';
|
|
|
3
3
|
export { authBearer } from './auth-bearer.js';
|
|
4
4
|
export { pikkuRemoteAuthMiddleware } from './remote-auth.js';
|
|
5
5
|
export { cors } from './cors.js';
|
|
6
|
+
export { addMiddleware, runMiddleware } from '../middleware-runner.js';
|
|
7
|
+
export { addPermission } from '../permissions.js';
|
|
@@ -10,6 +10,9 @@ export const pikkuRemoteAuthMiddleware = pikkuMiddleware(async ({ secrets, jwt }
|
|
|
10
10
|
secret = await secrets.getSecret('PIKKU_REMOTE_SECRET');
|
|
11
11
|
}
|
|
12
12
|
catch {
|
|
13
|
+
if (http.request.path().startsWith('/remote/rpc/')) {
|
|
14
|
+
throw new UnauthorizedError();
|
|
15
|
+
}
|
|
13
16
|
return next();
|
|
14
17
|
}
|
|
15
18
|
if (!jwt) {
|
|
@@ -34,8 +37,8 @@ export const pikkuRemoteAuthMiddleware = pikkuMiddleware(async ({ secrets, jwt }
|
|
|
34
37
|
if (payload?.aud !== 'pikku-remote') {
|
|
35
38
|
throw new UnauthorizedError();
|
|
36
39
|
}
|
|
37
|
-
if (payload?.fn && http.request.path().startsWith('/rpc/')) {
|
|
38
|
-
const fn = decodeURIComponent(http.request.path().slice('/rpc/'.length));
|
|
40
|
+
if (payload?.fn && http.request.path().startsWith('/remote/rpc/')) {
|
|
41
|
+
const fn = decodeURIComponent(http.request.path().slice('/remote/rpc/'.length));
|
|
39
42
|
if (fn && payload.fn !== fn) {
|
|
40
43
|
throw new UnauthorizedError();
|
|
41
44
|
}
|
package/dist/permissions.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { CoreServices, PikkuWiringTypes, PermissionMetadata, PikkuWire } from './types/core.types.js';
|
|
1
|
+
import type { CoreServices, CoreUserSession, PikkuWiringTypes, PermissionMetadata, PikkuWire } from './types/core.types.js';
|
|
2
2
|
import type { CorePermissionGroup, CorePikkuPermission } from './function/functions.types.js';
|
|
3
3
|
/**
|
|
4
4
|
* Adds global permissions for a specific tag.
|
|
@@ -44,3 +44,15 @@ export declare const runPermissions: (wireType: PikkuWiringTypes, uid: string, {
|
|
|
44
44
|
data: any;
|
|
45
45
|
packageName?: string | null;
|
|
46
46
|
}) => Promise<void>;
|
|
47
|
+
/**
|
|
48
|
+
* Checks whether a session passes the auth checks (pikkuAuth only) for a
|
|
49
|
+
* given function/agent. Skips pikkuPermission checks since those require
|
|
50
|
+
* request data which isn't available at filter time.
|
|
51
|
+
*
|
|
52
|
+
* @param funcPermissions - The PermissionMetadata[] from function or agent metadata
|
|
53
|
+
* @param session - The user's session
|
|
54
|
+
* @param services - Singleton services
|
|
55
|
+
* @param packageName - Optional package namespace
|
|
56
|
+
* @returns true if the session passes all auth checks (or no auth checks exist)
|
|
57
|
+
*/
|
|
58
|
+
export declare const checkAuthPermissions: (funcPermissions: PermissionMetadata[] | undefined, session: CoreUserSession, services: CoreServices, packageName?: string | null) => Promise<boolean>;
|
package/dist/permissions.js
CHANGED
|
@@ -234,3 +234,54 @@ export const runPermissions = async (wireType, uid, { wireInheritedPermissions,
|
|
|
234
234
|
throw new ForbiddenError('Permission denied');
|
|
235
235
|
}
|
|
236
236
|
};
|
|
237
|
+
/**
|
|
238
|
+
* Checks whether a session passes the auth checks (pikkuAuth only) for a
|
|
239
|
+
* given function/agent. Skips pikkuPermission checks since those require
|
|
240
|
+
* request data which isn't available at filter time.
|
|
241
|
+
*
|
|
242
|
+
* @param funcPermissions - The PermissionMetadata[] from function or agent metadata
|
|
243
|
+
* @param session - The user's session
|
|
244
|
+
* @param services - Singleton services
|
|
245
|
+
* @param packageName - Optional package namespace
|
|
246
|
+
* @returns true if the session passes all auth checks (or no auth checks exist)
|
|
247
|
+
*/
|
|
248
|
+
export const checkAuthPermissions = async (funcPermissions, session, services, packageName = null) => {
|
|
249
|
+
if (!funcPermissions?.length)
|
|
250
|
+
return true;
|
|
251
|
+
const allPermissions = combinePermissions('agent', `authcheck:${Math.random()}`, {
|
|
252
|
+
funcInheritedPermissions: funcPermissions,
|
|
253
|
+
packageName,
|
|
254
|
+
});
|
|
255
|
+
if (allPermissions.length === 0)
|
|
256
|
+
return true;
|
|
257
|
+
const wire = { session };
|
|
258
|
+
// Extract only pikkuAuth permissions (marked with __pikkuAuth)
|
|
259
|
+
const authPerms = [];
|
|
260
|
+
for (const permission of allPermissions) {
|
|
261
|
+
if (typeof permission === 'function') {
|
|
262
|
+
if (permission.__pikkuAuth) {
|
|
263
|
+
authPerms.push(permission);
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
else if (permission && typeof permission === 'object') {
|
|
267
|
+
for (const funcs of Object.values(permission)) {
|
|
268
|
+
const arr = Array.isArray(funcs) ? funcs : [funcs];
|
|
269
|
+
for (const fn of arr) {
|
|
270
|
+
if (typeof fn === 'function' && fn.__pikkuAuth) {
|
|
271
|
+
authPerms.push(fn);
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
// No auth permissions = allowed (only data-dependent permissions exist)
|
|
278
|
+
if (authPerms.length === 0)
|
|
279
|
+
return true;
|
|
280
|
+
// All auth permissions must pass
|
|
281
|
+
for (const perm of authPerms) {
|
|
282
|
+
const result = await perm(services, null, wire);
|
|
283
|
+
if (result)
|
|
284
|
+
return true;
|
|
285
|
+
}
|
|
286
|
+
return false;
|
|
287
|
+
};
|
package/dist/pikku-state.d.ts
CHANGED
|
@@ -23,7 +23,6 @@ export declare const pikkuState: <Type extends keyof PikkuPackageState, Content
|
|
|
23
23
|
*/
|
|
24
24
|
export declare const initializePikkuState: (packageName: string) => void;
|
|
25
25
|
export declare const resetPikkuState: () => void;
|
|
26
|
-
export declare const getPikkuMetaDir: (packageName?: string | null) => string | null;
|
|
27
26
|
export declare const getSingletonServices: () => CoreSingletonServices;
|
|
28
27
|
export declare const getCreateWireServices: () => CreateWireServices | undefined;
|
|
29
28
|
/**
|
package/dist/pikku-state.js
CHANGED
|
@@ -126,8 +126,8 @@ const createEmptyPackageState = () => ({
|
|
|
126
126
|
package: {
|
|
127
127
|
factories: null,
|
|
128
128
|
singletonServices: null,
|
|
129
|
-
metaDir: null,
|
|
130
129
|
credentialsMeta: null,
|
|
130
|
+
requiredParentServices: null,
|
|
131
131
|
},
|
|
132
132
|
});
|
|
133
133
|
/**
|
|
@@ -152,9 +152,6 @@ export const resetPikkuState = () => {
|
|
|
152
152
|
if (!getAllPackageStates().has('__main__')) {
|
|
153
153
|
resetPikkuState();
|
|
154
154
|
}
|
|
155
|
-
export const getPikkuMetaDir = (packageName) => {
|
|
156
|
-
return pikkuState(packageName ?? null, 'package', 'metaDir');
|
|
157
|
-
};
|
|
158
155
|
export const getSingletonServices = () => {
|
|
159
156
|
const services = pikkuState(null, 'package', 'singletonServices');
|
|
160
157
|
if (!services)
|
package/dist/remote.d.ts
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { JWTService } from './services/jwt-service.js';
|
|
2
|
+
import type { SecretService } from './services/secret-service.js';
|
|
3
|
+
/**
|
|
4
|
+
* Build Authorization headers with JWT-signed session and traceId for
|
|
5
|
+
* pikkuRemoteAuthMiddleware on the receiving end.
|
|
6
|
+
*
|
|
7
|
+
* Used by all deployment services (Kysely, Redis, MongoDB, Lambda, CF, Azure)
|
|
8
|
+
* regardless of transport (HTTP, Lambda Invoke, service bindings).
|
|
9
|
+
*/
|
|
10
|
+
export declare function buildRemoteHeaders(jwt: JWTService | undefined, secrets: SecretService | undefined, funcName: string, session?: unknown, traceId?: string): Promise<Record<string, string>>;
|
package/dist/remote.js
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { encryptJSON } from './crypto-utils.js';
|
|
2
|
+
/**
|
|
3
|
+
* Build Authorization headers with JWT-signed session and traceId for
|
|
4
|
+
* pikkuRemoteAuthMiddleware on the receiving end.
|
|
5
|
+
*
|
|
6
|
+
* Used by all deployment services (Kysely, Redis, MongoDB, Lambda, CF, Azure)
|
|
7
|
+
* regardless of transport (HTTP, Lambda Invoke, service bindings).
|
|
8
|
+
*/
|
|
9
|
+
export async function buildRemoteHeaders(jwt, secrets, funcName, session, traceId) {
|
|
10
|
+
const headers = {
|
|
11
|
+
'content-type': 'application/json',
|
|
12
|
+
...(traceId && { 'x-request-id': traceId }),
|
|
13
|
+
};
|
|
14
|
+
let secret;
|
|
15
|
+
try {
|
|
16
|
+
secret = await secrets?.getSecret('PIKKU_REMOTE_SECRET');
|
|
17
|
+
}
|
|
18
|
+
catch { }
|
|
19
|
+
if (secret && jwt) {
|
|
20
|
+
const sessionEnc = session
|
|
21
|
+
? await encryptJSON(secret, { session })
|
|
22
|
+
: undefined;
|
|
23
|
+
const token = await jwt.encode({ value: 5, unit: 'minute' }, {
|
|
24
|
+
aud: 'pikku-remote',
|
|
25
|
+
fn: funcName,
|
|
26
|
+
iat: Math.floor(Date.now() / 1000),
|
|
27
|
+
session: sessionEnc,
|
|
28
|
+
});
|
|
29
|
+
headers.authorization = `Bearer ${token}`;
|
|
30
|
+
}
|
|
31
|
+
return headers;
|
|
32
|
+
}
|
package/dist/schema.js
CHANGED
|
@@ -67,6 +67,8 @@ const validateAllSchemasLoaded = (logger, schemaService) => {
|
|
|
67
67
|
};
|
|
68
68
|
export const coerceTopLevelDataFromSchema = (schemaName, data, packageName = null) => {
|
|
69
69
|
const schema = pikkuState(packageName, 'misc', 'schemas').get(schemaName);
|
|
70
|
+
if (!schema?.properties)
|
|
71
|
+
return;
|
|
70
72
|
for (const key in schema.properties) {
|
|
71
73
|
const property = schema.properties[key];
|
|
72
74
|
if (typeof property === 'boolean') {
|
|
@@ -15,5 +15,16 @@ export interface DeploymentService {
|
|
|
15
15
|
init(): Promise<void>;
|
|
16
16
|
start(config: DeploymentConfig): Promise<void>;
|
|
17
17
|
stop(): Promise<void>;
|
|
18
|
-
|
|
18
|
+
/**
|
|
19
|
+
* Dispatch a remote RPC call to a function.
|
|
20
|
+
* The deployment service owns the full transport:
|
|
21
|
+
* - Resolving the target (endpoint, service binding, etc.)
|
|
22
|
+
* - Session propagation (JWT signing, headers)
|
|
23
|
+
* - The actual network call
|
|
24
|
+
*
|
|
25
|
+
* @param funcName - The function to invoke
|
|
26
|
+
* @param data - Input data for the function
|
|
27
|
+
* @param session - User session to propagate (optional)
|
|
28
|
+
*/
|
|
29
|
+
invoke(funcName: string, data: unknown, session?: unknown, traceId?: string): Promise<unknown>;
|
|
19
30
|
}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { QueueService, JobOptions } from '../wirings/queue/queue.types.js';
|
|
2
|
+
export declare class InMemoryQueueService implements QueueService {
|
|
3
|
+
readonly supportsResults = false;
|
|
4
|
+
private jobCounter;
|
|
5
|
+
add<T>(queueName: string, data: T, options?: JobOptions): Promise<string>;
|
|
6
|
+
getJob(): Promise<null>;
|
|
7
|
+
}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { runQueueJob } from '../wirings/queue/queue-runner.js';
|
|
2
|
+
export class InMemoryQueueService {
|
|
3
|
+
supportsResults = false;
|
|
4
|
+
jobCounter = 0;
|
|
5
|
+
async add(queueName, data, options) {
|
|
6
|
+
const jobId = `inmem-${++this.jobCounter}`;
|
|
7
|
+
const job = {
|
|
8
|
+
id: jobId,
|
|
9
|
+
queueName,
|
|
10
|
+
data,
|
|
11
|
+
status: () => 'active',
|
|
12
|
+
pikkuUserId: options?.pikkuUserId,
|
|
13
|
+
};
|
|
14
|
+
const delay = options?.delay ?? 0;
|
|
15
|
+
setTimeout(async () => {
|
|
16
|
+
try {
|
|
17
|
+
await runQueueJob({ job });
|
|
18
|
+
}
|
|
19
|
+
catch (e) {
|
|
20
|
+
console.error(`[InMemoryQueue] Job ${jobId} on ${queueName} failed:`, e.message);
|
|
21
|
+
}
|
|
22
|
+
}, delay);
|
|
23
|
+
return jobId;
|
|
24
|
+
}
|
|
25
|
+
async getJob() {
|
|
26
|
+
return null;
|
|
27
|
+
}
|
|
28
|
+
}
|
package/dist/services/index.d.ts
CHANGED
|
@@ -10,8 +10,9 @@ export { TypedVariablesService } from './typed-variables-service.js';
|
|
|
10
10
|
export { LocalSecretService } from './local-secrets.js';
|
|
11
11
|
export { LocalCredentialService } from './local-credential-service.js';
|
|
12
12
|
export { LocalVariablesService } from './local-variables.js';
|
|
13
|
-
export { ConsoleLogger } from './logger-console.js';
|
|
13
|
+
export { ConsoleLogger, JsonConsoleLogger } from './logger-console.js';
|
|
14
14
|
export { InMemoryWorkflowService } from './in-memory-workflow-service.js';
|
|
15
|
+
export { InMemoryQueueService } from './in-memory-queue-service.js';
|
|
15
16
|
export { InMemoryTriggerService } from './in-memory-trigger-service.js';
|
|
16
17
|
export { InMemoryAIRunStateService } from './in-memory-ai-run-state-service.js';
|
|
17
18
|
export { LocalGatewayService } from './local-gateway-service.js';
|
|
@@ -34,3 +35,5 @@ export type { CredentialService } from './credential-service.js';
|
|
|
34
35
|
export { TypedCredentialService } from './typed-credential-service.js';
|
|
35
36
|
export type { CredentialStatusInfo, CredentialMetaInfo, } from './typed-credential-service.js';
|
|
36
37
|
export type { VariableStatus, VariableMeta } from './typed-variables-service.js';
|
|
38
|
+
export type { MetaService } from './meta-service.js';
|
|
39
|
+
export type { MCPMeta, RPCMetaRecord, ServiceMeta, ServicesMetaRecord, MiddlewareDefinitionMeta, MiddlewareInstanceMeta, GroupMeta, MiddlewareGroupsMeta, PermissionDefinitionMeta, PermissionsGroupsMeta, FunctionsMeta, FunctionMeta, MiddlewareMeta, PermissionMeta, AgentsMeta, AgentMeta, } from './meta-service.js';
|
package/dist/services/index.js
CHANGED
|
@@ -10,8 +10,9 @@ export { TypedVariablesService } from './typed-variables-service.js';
|
|
|
10
10
|
export { LocalSecretService } from './local-secrets.js';
|
|
11
11
|
export { LocalCredentialService } from './local-credential-service.js';
|
|
12
12
|
export { LocalVariablesService } from './local-variables.js';
|
|
13
|
-
export { ConsoleLogger } from './logger-console.js';
|
|
13
|
+
export { ConsoleLogger, JsonConsoleLogger } from './logger-console.js';
|
|
14
14
|
export { InMemoryWorkflowService } from './in-memory-workflow-service.js';
|
|
15
|
+
export { InMemoryQueueService } from './in-memory-queue-service.js';
|
|
15
16
|
export { InMemoryTriggerService } from './in-memory-trigger-service.js';
|
|
16
17
|
export { InMemoryAIRunStateService } from './in-memory-ai-run-state-service.js';
|
|
17
18
|
export { LocalGatewayService } from './local-gateway-service.js';
|
|
@@ -1,53 +1,39 @@
|
|
|
1
1
|
import type { Logger } from './logger.js';
|
|
2
2
|
import { LogLevel } from './logger.js';
|
|
3
3
|
/**
|
|
4
|
-
*
|
|
4
|
+
* Text-mode console logger.
|
|
5
|
+
* Output: `INFO: message` or `[traceId] INFO: message`
|
|
5
6
|
*/
|
|
6
7
|
export declare class ConsoleLogger implements Logger {
|
|
7
|
-
/**
|
|
8
|
-
* The current logging level.
|
|
9
|
-
*/
|
|
10
8
|
private level;
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
* @param level - The logging level to set.
|
|
14
|
-
*/
|
|
9
|
+
private prefix;
|
|
10
|
+
constructor(traceId?: string);
|
|
15
11
|
setLevel(level: LogLevel): void;
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
* @param meta - Additional metadata to log.
|
|
20
|
-
*/
|
|
21
|
-
trace?(message: string, ...meta: any[]): void;
|
|
22
|
-
/**
|
|
23
|
-
* Logs a debug message.
|
|
24
|
-
* @param message - The message to log.
|
|
25
|
-
* @param meta - Additional metadata to log.
|
|
26
|
-
*/
|
|
12
|
+
scope(traceId: string): Logger;
|
|
13
|
+
private log_;
|
|
14
|
+
trace(message: string, ...meta: any[]): void;
|
|
27
15
|
debug(message: string, ...meta: any[]): void;
|
|
28
|
-
/**
|
|
29
|
-
* Logs an informational message.
|
|
30
|
-
* @param messageOrObj - The message or object to log.
|
|
31
|
-
* @param meta - Additional metadata to log.
|
|
32
|
-
*/
|
|
33
16
|
info(messageOrObj: string | Record<string, any>, ...meta: any[]): void;
|
|
34
|
-
/**
|
|
35
|
-
* Logs a warning message.
|
|
36
|
-
* @param messageOrObj - The message or object to log.
|
|
37
|
-
* @param meta - Additional metadata to log.
|
|
38
|
-
*/
|
|
39
17
|
warn(messageOrObj: string | Record<string, any>, ...meta: any[]): void;
|
|
40
|
-
/**
|
|
41
|
-
* Logs an error message.
|
|
42
|
-
* @param messageOrObj - The message, object, or error to log.
|
|
43
|
-
* @param meta - Additional metadata to log.
|
|
44
|
-
*/
|
|
45
18
|
error(messageOrObj: string | Record<string, any> | Error, ...meta: any[]): void;
|
|
46
|
-
/**
|
|
47
|
-
* Logs a message at a specified level.
|
|
48
|
-
* @param level - The logging level.
|
|
49
|
-
* @param message - The message to log.
|
|
50
|
-
* @param meta - Additional metadata to log.
|
|
51
|
-
*/
|
|
52
19
|
log(level: string, message: string, ...meta: any[]): void;
|
|
53
20
|
}
|
|
21
|
+
/**
|
|
22
|
+
* JSON-mode console logger.
|
|
23
|
+
* Output: `{"level":"info","message":"...","traceId":"..."}`
|
|
24
|
+
* CF Workers Logs auto-indexes JSON keys for filtering.
|
|
25
|
+
*/
|
|
26
|
+
export declare class JsonConsoleLogger implements Logger {
|
|
27
|
+
private level;
|
|
28
|
+
private traceId;
|
|
29
|
+
constructor(traceId?: string);
|
|
30
|
+
setLevel(level: LogLevel): void;
|
|
31
|
+
scope(traceId: string): Logger;
|
|
32
|
+
trace(message: string, ...meta: any[]): void;
|
|
33
|
+
debug(message: string, ...meta: any[]): void;
|
|
34
|
+
info(messageOrObj: string | Record<string, any>, ...meta: any[]): void;
|
|
35
|
+
warn(messageOrObj: string | Record<string, any>, ...meta: any[]): void;
|
|
36
|
+
error(messageOrObj: string | Record<string, any> | Error, ...meta: any[]): void;
|
|
37
|
+
log(level: string, message: string, ...meta: any[]): void;
|
|
38
|
+
private emit;
|
|
39
|
+
}
|