@pleri/olam-cli 0.1.145 → 0.1.147
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/skills-doctor.d.ts +14 -0
- package/dist/commands/skills-doctor.d.ts.map +1 -0
- package/dist/commands/skills-doctor.js +126 -0
- package/dist/commands/skills-doctor.js.map +1 -0
- package/dist/commands/skills-hook.d.ts +19 -0
- package/dist/commands/skills-hook.d.ts.map +1 -0
- package/dist/commands/skills-hook.js +99 -0
- package/dist/commands/skills-hook.js.map +1 -0
- package/dist/commands/skills-migrate-back.d.ts +21 -0
- package/dist/commands/skills-migrate-back.d.ts.map +1 -0
- package/dist/commands/skills-migrate-back.js +222 -0
- package/dist/commands/skills-migrate-back.js.map +1 -0
- package/dist/commands/skills-migrate-hooks-back.d.ts +19 -0
- package/dist/commands/skills-migrate-hooks-back.d.ts.map +1 -0
- package/dist/commands/skills-migrate-hooks-back.js +83 -0
- package/dist/commands/skills-migrate-hooks-back.js.map +1 -0
- package/dist/commands/skills-migrate-hooks.d.ts +40 -0
- package/dist/commands/skills-migrate-hooks.d.ts.map +1 -0
- package/dist/commands/skills-migrate-hooks.js +178 -0
- package/dist/commands/skills-migrate-hooks.js.map +1 -0
- package/dist/commands/skills-migrate.d.ts +33 -0
- package/dist/commands/skills-migrate.d.ts.map +1 -0
- package/dist/commands/skills-migrate.js +216 -0
- package/dist/commands/skills-migrate.js.map +1 -0
- package/dist/commands/skills-onboard.d.ts +26 -0
- package/dist/commands/skills-onboard.d.ts.map +1 -0
- package/dist/commands/skills-onboard.js +227 -0
- package/dist/commands/skills-onboard.js.map +1 -0
- package/dist/commands/skills-shadow-backups.d.ts +15 -0
- package/dist/commands/skills-shadow-backups.d.ts.map +1 -0
- package/dist/commands/skills-shadow-backups.js +132 -0
- package/dist/commands/skills-shadow-backups.js.map +1 -0
- package/dist/commands/skills-source.d.ts +25 -0
- package/dist/commands/skills-source.d.ts.map +1 -1
- package/dist/commands/skills-source.js +305 -7
- package/dist/commands/skills-source.js.map +1 -1
- package/dist/commands/skills.d.ts.map +1 -1
- package/dist/commands/skills.js +62 -7
- package/dist/commands/skills.js.map +1 -1
- package/dist/commands/substrate-audit-log.d.ts +49 -0
- package/dist/commands/substrate-audit-log.d.ts.map +1 -0
- package/dist/commands/substrate-audit-log.js +148 -0
- package/dist/commands/substrate-audit-log.js.map +1 -0
- package/dist/commands/substrate.d.ts +60 -0
- package/dist/commands/substrate.d.ts.map +1 -0
- package/dist/commands/substrate.js +175 -0
- package/dist/commands/substrate.js.map +1 -0
- package/dist/commands/upgrade.d.ts +10 -0
- package/dist/commands/upgrade.d.ts.map +1 -1
- package/dist/commands/upgrade.js +30 -0
- package/dist/commands/upgrade.js.map +1 -1
- package/dist/image-digests.json +7 -7
- package/dist/index.js +8687 -4713
- package/dist/index.js.map +1 -1
- package/dist/lib/config.d.ts +69 -0
- package/dist/lib/config.d.ts.map +1 -0
- package/dist/lib/config.js +146 -0
- package/dist/lib/config.js.map +1 -0
- package/dist/lib/instrumentation.d.ts +85 -0
- package/dist/lib/instrumentation.d.ts.map +1 -0
- package/dist/lib/instrumentation.js +104 -0
- package/dist/lib/instrumentation.js.map +1 -0
- package/dist/lib/kubectl-wrap.d.ts +59 -0
- package/dist/lib/kubectl-wrap.d.ts.map +1 -0
- package/dist/lib/kubectl-wrap.js +130 -0
- package/dist/lib/kubectl-wrap.js.map +1 -0
- package/dist/lib/manifest-refresh.d.ts +95 -0
- package/dist/lib/manifest-refresh.d.ts.map +1 -0
- package/dist/lib/manifest-refresh.js +222 -0
- package/dist/lib/manifest-refresh.js.map +1 -0
- package/dist/lib/port-forward.d.ts +101 -0
- package/dist/lib/port-forward.d.ts.map +1 -0
- package/dist/lib/port-forward.js +240 -0
- package/dist/lib/port-forward.js.map +1 -0
- package/dist/lib/upgrade-kubernetes.d.ts +77 -0
- package/dist/lib/upgrade-kubernetes.d.ts.map +1 -0
- package/dist/lib/upgrade-kubernetes.js +277 -0
- package/dist/lib/upgrade-kubernetes.js.map +1 -0
- package/dist/mcp-server.js +20262 -18211
- package/host-cp/k8s/manifests/00-namespace.yaml +7 -0
- package/host-cp/k8s/manifests/10-serviceaccount.yaml +8 -0
- package/host-cp/k8s/manifests/20-rbac.yaml +34 -0
- package/host-cp/k8s/manifests/30-configmap.yaml +30 -0
- package/host-cp/k8s/manifests/45-pvc.yaml +27 -0
- package/host-cp/k8s/manifests/50-deployment.yaml +148 -0
- package/host-cp/k8s/manifests/60-service.yaml +22 -0
- package/host-cp/k8s/templates/40-secret-template.yaml +32 -0
- package/host-cp/src/plan-chat-service.mjs +31 -7
- package/host-cp/src/server.mjs +32 -7
- package/package.json +3 -2
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* substrate-audit-log.ts — `olam substrate audit-log` subcommand.
|
|
3
|
+
*
|
|
4
|
+
* Phase 1b C3 of olam-host-suite-phase-1b-k3s-beta-flavour (plan
|
|
5
|
+
* ~/.claude/plans/olam-host-suite-phase-1b-k3s-beta-flavour.md).
|
|
6
|
+
*
|
|
7
|
+
* Decisions consumed:
|
|
8
|
+
* D19 — audit-log inspection subcommand ships in PR3 (not deferred).
|
|
9
|
+
*
|
|
10
|
+
* Reads `~/.olam/state/manifest-refresh-audit.jsonl` and renders entries.
|
|
11
|
+
*
|
|
12
|
+
* Subcommand: `olam substrate audit-log`
|
|
13
|
+
* (registered under the existing `substrate` parent command via registerSubstrate)
|
|
14
|
+
*
|
|
15
|
+
* Flags:
|
|
16
|
+
* --json Emit raw JSONL on stdout (one entry per line).
|
|
17
|
+
* --since <ISO-date> Filter entries with ts >= <ISO-date>.
|
|
18
|
+
* --limit <N> Max entries (default 50; applied AFTER --since filter).
|
|
19
|
+
*
|
|
20
|
+
* No force-overwrite power — read-only. Absent log file prints "no entries"
|
|
21
|
+
* without error (exit 0).
|
|
22
|
+
*/
|
|
23
|
+
import * as fs from 'node:fs';
|
|
24
|
+
import pc from 'picocolors';
|
|
25
|
+
import { MANIFEST_REFRESH_AUDIT_LOG } from '../lib/manifest-refresh.js';
|
|
26
|
+
const DEFAULT_LIMIT = 50;
|
|
27
|
+
/**
|
|
28
|
+
* Parse the JSONL audit log file into entries. Skips malformed lines.
|
|
29
|
+
*/
|
|
30
|
+
function parseAuditLog(raw) {
|
|
31
|
+
const lines = raw.split('\n').filter((l) => l.trim().length > 0);
|
|
32
|
+
const entries = [];
|
|
33
|
+
for (const line of lines) {
|
|
34
|
+
try {
|
|
35
|
+
const entry = JSON.parse(line);
|
|
36
|
+
entries.push(entry);
|
|
37
|
+
}
|
|
38
|
+
catch {
|
|
39
|
+
// Skip malformed lines silently.
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
return entries;
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Format a single entry as a pretty-printed table row.
|
|
46
|
+
*
|
|
47
|
+
* Table columns: ts | security_regression | accepted | changed_fields
|
|
48
|
+
*/
|
|
49
|
+
function formatEntryRow(entry, index) {
|
|
50
|
+
const ts = entry.ts ?? '(no timestamp)';
|
|
51
|
+
const regression = entry.security_regression ? pc.red('yes') : pc.green('no');
|
|
52
|
+
const accepted = entry.accepted ? pc.yellow('yes') : '—';
|
|
53
|
+
const fields = (entry.changed_fields ?? []).join(', ') || '—';
|
|
54
|
+
return ` ${String(index + 1).padStart(3)} ${ts} regression=${regression} accepted=${accepted} fields=[${fields}]`;
|
|
55
|
+
}
|
|
56
|
+
function formatHeader() {
|
|
57
|
+
return (` ${'#'.padStart(3)} ${'timestamp'.padEnd(27)} regression accepted fields\n` +
|
|
58
|
+
` ${'─'.repeat(3)} ${'─'.repeat(27)} ${'─'.repeat(10)} ${'─'.repeat(8)} ${'─'.repeat(20)}`);
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Implementation of `olam substrate audit-log`. Exported for testability.
|
|
62
|
+
*
|
|
63
|
+
* @returns process exit code (0 = success, 1 = error)
|
|
64
|
+
*/
|
|
65
|
+
export function handleAuditLog(opts, deps = {}) {
|
|
66
|
+
const auditLogPath = deps.auditLogPath ?? MANIFEST_REFRESH_AUDIT_LOG;
|
|
67
|
+
const stdout = deps.stdout ?? process.stdout;
|
|
68
|
+
const stderr = deps.stderr ?? process.stderr;
|
|
69
|
+
const readFileSyncImpl = deps.readFileSync ?? fs.readFileSync;
|
|
70
|
+
const existsSyncImpl = deps.existsSync ?? fs.existsSync;
|
|
71
|
+
const rawLimit = opts.limit;
|
|
72
|
+
const limit = typeof rawLimit === 'number'
|
|
73
|
+
? rawLimit
|
|
74
|
+
: typeof rawLimit === 'string'
|
|
75
|
+
? Number.parseInt(rawLimit, 10)
|
|
76
|
+
: DEFAULT_LIMIT;
|
|
77
|
+
const effectiveLimit = Number.isFinite(limit) && limit > 0 ? limit : DEFAULT_LIMIT;
|
|
78
|
+
if (!existsSyncImpl(auditLogPath)) {
|
|
79
|
+
stdout.write('no entries\n');
|
|
80
|
+
return 0;
|
|
81
|
+
}
|
|
82
|
+
let raw;
|
|
83
|
+
try {
|
|
84
|
+
raw = readFileSyncImpl(auditLogPath, 'utf8');
|
|
85
|
+
}
|
|
86
|
+
catch (err) {
|
|
87
|
+
stderr.write(`${pc.red('error:')} could not read audit log at ${auditLogPath}: ${err instanceof Error ? err.message : String(err)}\n`);
|
|
88
|
+
return 1;
|
|
89
|
+
}
|
|
90
|
+
let entries = parseAuditLog(raw);
|
|
91
|
+
// --since filter
|
|
92
|
+
if (opts.since) {
|
|
93
|
+
const sinceMs = Date.parse(opts.since);
|
|
94
|
+
if (Number.isNaN(sinceMs)) {
|
|
95
|
+
stderr.write(`${pc.red('error:')} invalid --since date "${opts.since}". Expected ISO-8601 (e.g. 2026-05-20T00:00:00Z).\n`);
|
|
96
|
+
return 1;
|
|
97
|
+
}
|
|
98
|
+
entries = entries.filter((e) => {
|
|
99
|
+
const ts = Date.parse(e.ts ?? '');
|
|
100
|
+
return !Number.isNaN(ts) && ts >= sinceMs;
|
|
101
|
+
});
|
|
102
|
+
}
|
|
103
|
+
// --limit (applied after filter, from the END of the list — most recent N)
|
|
104
|
+
if (entries.length > effectiveLimit) {
|
|
105
|
+
entries = entries.slice(-effectiveLimit);
|
|
106
|
+
}
|
|
107
|
+
if (entries.length === 0) {
|
|
108
|
+
stdout.write('no entries\n');
|
|
109
|
+
return 0;
|
|
110
|
+
}
|
|
111
|
+
if (opts.json) {
|
|
112
|
+
for (const entry of entries) {
|
|
113
|
+
stdout.write(JSON.stringify(entry) + '\n');
|
|
114
|
+
}
|
|
115
|
+
return 0;
|
|
116
|
+
}
|
|
117
|
+
// Pretty-printed table.
|
|
118
|
+
stdout.write(formatHeader() + '\n');
|
|
119
|
+
entries.forEach((entry, i) => {
|
|
120
|
+
stdout.write(formatEntryRow(entry, i) + '\n');
|
|
121
|
+
});
|
|
122
|
+
stdout.write(`\n${entries.length} entr${entries.length === 1 ? 'y' : 'ies'} shown\n`);
|
|
123
|
+
return 0;
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Register `olam substrate audit-log` under the `substrate` parent command.
|
|
127
|
+
*
|
|
128
|
+
* Called from registerSubstrate() in substrate.ts.
|
|
129
|
+
*/
|
|
130
|
+
export function registerSubstrateAuditLog(substrateCmdRef) {
|
|
131
|
+
substrateCmdRef
|
|
132
|
+
.command('audit-log')
|
|
133
|
+
.description('Inspect the manifest-refresh audit log (~/.olam/state/manifest-refresh-audit.jsonl). ' +
|
|
134
|
+
'Read-only. No force-overwrite power.')
|
|
135
|
+
.option('--json', 'Emit raw JSONL on stdout instead of a pretty table')
|
|
136
|
+
.option('--since <ISO-date>', 'Filter entries with timestamp >= <ISO-date>')
|
|
137
|
+
.option('--limit <N>', `Max entries to show (default ${DEFAULT_LIMIT})`)
|
|
138
|
+
.action((opts) => {
|
|
139
|
+
const code = handleAuditLog({
|
|
140
|
+
json: opts.json,
|
|
141
|
+
since: opts.since,
|
|
142
|
+
limit: opts.limit,
|
|
143
|
+
});
|
|
144
|
+
if (code !== 0)
|
|
145
|
+
process.exitCode = code;
|
|
146
|
+
});
|
|
147
|
+
}
|
|
148
|
+
//# sourceMappingURL=substrate-audit-log.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"substrate-audit-log.js","sourceRoot":"","sources":["../../src/commands/substrate-audit-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAGH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,0BAA0B,EAAkC,MAAM,4BAA4B,CAAC;AAgBxG,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB;;GAEG;AACH,SAAS,aAAa,CACpB,GAAW;IAEX,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjE,MAAM,OAAO,GAAgC,EAAE,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA8B,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,KAAgC,EAAE,KAAa;IACrE,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,IAAI,gBAAgB,CAAC;IACxC,MAAM,UAAU,GAAG,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC9E,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACzD,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC;IAC9D,OAAO,KAAK,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,gBAAgB,UAAU,cAAc,QAAQ,aAAa,MAAM,GAAG,CAAC;AACzH,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,CACL,KAAK,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,kCAAkC;QACjF,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAChG,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,IAAkB,EAAE,OAAqB,EAAE;IACxE,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,0BAA0B,CAAC;IACrE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,gBAAgB,GAAG,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,YAAY,CAAC;IAC9D,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,UAAU,CAAC;IAExD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC;IAC5B,MAAM,KAAK,GACT,OAAO,QAAQ,KAAK,QAAQ;QAC1B,CAAC,CAAC,QAAQ;QACV,CAAC,CAAC,OAAO,QAAQ,KAAK,QAAQ;YAC5B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC;YAC/B,CAAC,CAAC,aAAa,CAAC;IACtB,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC;IAEnF,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAW,CAAC;IACzD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,gCAAgC,YAAY,KAC7D,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,IAAI,CACL,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAEjC,iBAAiB;IACjB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,0BAA0B,IAAI,CAAC,KAAK,qDAAqD,CAC7G,CAAC;YACF,OAAO,CAAC,CAAC;QACX,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,OAAO,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,IAAI,OAAO,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QACpC,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,wBAAwB;IACxB,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,CAAC;IACpC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3B,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,KAAK,OAAO,CAAC,MAAM,QAAQ,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC;IAEtF,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,eAAwB;IAChE,eAAe;SACZ,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CACV,uFAAuF;QACrF,sCAAsC,CACzC;SACA,MAAM,CAAC,QAAQ,EAAE,oDAAoD,CAAC;SACtE,MAAM,CAAC,oBAAoB,EAAE,6CAA6C,CAAC;SAC3E,MAAM,CAAC,aAAa,EAAE,gCAAgC,aAAa,GAAG,CAAC;SACvE,MAAM,CAAC,CAAC,IAAwD,EAAE,EAAE;QACnE,MAAM,IAAI,GAAG,cAAc,CAAC;YAC1B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QACH,IAAI,IAAI,KAAK,CAAC;YAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC1C,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* olam substrate — Manage the operator-facing deployment substrate.
|
|
3
|
+
*
|
|
4
|
+
* Phase 1b A2 of olam-host-suite-phase-1b-k3s-beta-flavour (plan
|
|
5
|
+
* ~/.claude/plans/olam-host-suite-phase-1b-k3s-beta-flavour.md).
|
|
6
|
+
*
|
|
7
|
+
* Subcommands:
|
|
8
|
+
* olam substrate get — print active substrate (+ flavor + beta-expiry)
|
|
9
|
+
* olam substrate set <substrate> — switch to compose | kubernetes
|
|
10
|
+
*
|
|
11
|
+
* Decisions consumed:
|
|
12
|
+
* D1 — `~/.olam/config.json` schema-versioned seam (host.substrate)
|
|
13
|
+
* D2 — user-facing vocab is `compose | kubernetes` (NOT docker | k3s)
|
|
14
|
+
* D7 — telemetry is opt-in stdout-emission (stderr `OLAM_INSTR`)
|
|
15
|
+
* D21 — canonical instrumentation event schema (olam.instr.v1)
|
|
16
|
+
*
|
|
17
|
+
* Risk mitigations:
|
|
18
|
+
* T2 — pre-flight via `runDoctor` programmatically with `engine: <target>` override.
|
|
19
|
+
* Refuses with actionable remediation if prereqs fail.
|
|
20
|
+
* T3 — refuses if worlds exist on current substrate (operator must `olam destroy --all`).
|
|
21
|
+
*
|
|
22
|
+
* Beta-expiry date: 2026-11-16 (Phase 1b ship-date + 6 months per Falsifiable
|
|
23
|
+
* signal section; surfaced in `get` output so operators see the commitment).
|
|
24
|
+
*/
|
|
25
|
+
import type { Command } from 'commander';
|
|
26
|
+
import { readConfig, writeConfig } from '../lib/config.js';
|
|
27
|
+
import { emitSubstrateSet } from '../lib/instrumentation.js';
|
|
28
|
+
import { type RunDoctorDeps } from './doctor.js';
|
|
29
|
+
export declare const BETA_EXPIRY_DATE: "2026-11-16";
|
|
30
|
+
type DoctorRunner = (opts: {
|
|
31
|
+
json?: boolean;
|
|
32
|
+
}, deps?: RunDoctorDeps) => Promise<{
|
|
33
|
+
exitCode: number;
|
|
34
|
+
}>;
|
|
35
|
+
type WorldsCounter = () => Promise<number>;
|
|
36
|
+
export type SubstrateDeps = {
|
|
37
|
+
readonly readConfig?: typeof readConfig;
|
|
38
|
+
readonly writeConfig?: typeof writeConfig;
|
|
39
|
+
readonly emit?: typeof emitSubstrateSet;
|
|
40
|
+
readonly runDoctor?: DoctorRunner;
|
|
41
|
+
readonly countWorlds?: WorldsCounter;
|
|
42
|
+
readonly stdout?: NodeJS.WritableStream;
|
|
43
|
+
readonly stderr?: NodeJS.WritableStream;
|
|
44
|
+
};
|
|
45
|
+
/**
|
|
46
|
+
* Implementation of `olam substrate get`. Reads the config + prints a single
|
|
47
|
+
* human-readable line. Exported for testability.
|
|
48
|
+
*/
|
|
49
|
+
export declare function handleGet(deps?: SubstrateDeps): Promise<number>;
|
|
50
|
+
/**
|
|
51
|
+
* Implementation of `olam substrate set <substrate>`. Validates target, runs
|
|
52
|
+
* pre-flight via doctor with the target engine, refuses on worlds-exist OR
|
|
53
|
+
* doctor-fail, persists config, emits instrumentation. Exported for testability.
|
|
54
|
+
*
|
|
55
|
+
* Returns the desired process exit code (0 = success, 1 = refused/fail).
|
|
56
|
+
*/
|
|
57
|
+
export declare function handleSet(target: string, deps?: SubstrateDeps): Promise<number>;
|
|
58
|
+
export declare function registerSubstrate(program: Command): void;
|
|
59
|
+
export {};
|
|
60
|
+
//# sourceMappingURL=substrate.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"substrate.d.ts","sourceRoot":"","sources":["../../src/commands/substrate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGzC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAkB,MAAM,kBAAkB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAa,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAK5D,eAAO,MAAM,gBAAgB,EAAG,YAAqB,CAAC;AAEtD,KAAK,YAAY,GAAG,CAClB,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,EACxB,IAAI,CAAC,EAAE,aAAa,KACjB,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAEnC,KAAK,aAAa,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;AAE3C,MAAM,MAAM,aAAa,GAAG;IAC1B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,UAAU,CAAC;IACxC,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,WAAW,CAAC;IAC1C,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,gBAAgB,CAAC;IACxC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC;IAClC,QAAQ,CAAC,WAAW,CAAC,EAAE,aAAa,CAAC;IACrC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;CACzC,CAAC;AAiBF;;;GAGG;AACH,wBAAsB,SAAS,CAAC,IAAI,GAAE,aAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAMzE;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,GAAE,aAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAmGzF;AAED,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAiCxD"}
|
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* olam substrate — Manage the operator-facing deployment substrate.
|
|
3
|
+
*
|
|
4
|
+
* Phase 1b A2 of olam-host-suite-phase-1b-k3s-beta-flavour (plan
|
|
5
|
+
* ~/.claude/plans/olam-host-suite-phase-1b-k3s-beta-flavour.md).
|
|
6
|
+
*
|
|
7
|
+
* Subcommands:
|
|
8
|
+
* olam substrate get — print active substrate (+ flavor + beta-expiry)
|
|
9
|
+
* olam substrate set <substrate> — switch to compose | kubernetes
|
|
10
|
+
*
|
|
11
|
+
* Decisions consumed:
|
|
12
|
+
* D1 — `~/.olam/config.json` schema-versioned seam (host.substrate)
|
|
13
|
+
* D2 — user-facing vocab is `compose | kubernetes` (NOT docker | k3s)
|
|
14
|
+
* D7 — telemetry is opt-in stdout-emission (stderr `OLAM_INSTR`)
|
|
15
|
+
* D21 — canonical instrumentation event schema (olam.instr.v1)
|
|
16
|
+
*
|
|
17
|
+
* Risk mitigations:
|
|
18
|
+
* T2 — pre-flight via `runDoctor` programmatically with `engine: <target>` override.
|
|
19
|
+
* Refuses with actionable remediation if prereqs fail.
|
|
20
|
+
* T3 — refuses if worlds exist on current substrate (operator must `olam destroy --all`).
|
|
21
|
+
*
|
|
22
|
+
* Beta-expiry date: 2026-11-16 (Phase 1b ship-date + 6 months per Falsifiable
|
|
23
|
+
* signal section; surfaced in `get` output so operators see the commitment).
|
|
24
|
+
*/
|
|
25
|
+
import pc from 'picocolors';
|
|
26
|
+
import { readConfig, writeConfig } from '../lib/config.js';
|
|
27
|
+
import { emitSubstrateSet } from '../lib/instrumentation.js';
|
|
28
|
+
import { runDoctor } from './doctor.js';
|
|
29
|
+
import { loadContext } from '../context.js';
|
|
30
|
+
import { printError, printInfo, printSuccess, printWarning } from '../output.js';
|
|
31
|
+
import { registerSubstrateAuditLog } from './substrate-audit-log.js';
|
|
32
|
+
export const BETA_EXPIRY_DATE = '2026-11-16';
|
|
33
|
+
async function defaultCountWorlds() {
|
|
34
|
+
const { ctx } = await loadContext();
|
|
35
|
+
if (!ctx)
|
|
36
|
+
return 0;
|
|
37
|
+
return ctx.worldManager.listWorlds().length;
|
|
38
|
+
}
|
|
39
|
+
function formatBetaLine(cfg) {
|
|
40
|
+
if (cfg.host.substrate === 'compose') {
|
|
41
|
+
return `Substrate: ${pc.bold('compose')}`;
|
|
42
|
+
}
|
|
43
|
+
// flavor is informational only; left to D11 doctor probe to detect at runtime.
|
|
44
|
+
// Static get-time output names `k3s` as the first-supported flavor per the plan.
|
|
45
|
+
return `Substrate: ${pc.bold('kubernetes')} (beta until ${BETA_EXPIRY_DATE}, flavor=k3s)`;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Implementation of `olam substrate get`. Reads the config + prints a single
|
|
49
|
+
* human-readable line. Exported for testability.
|
|
50
|
+
*/
|
|
51
|
+
export async function handleGet(deps = {}) {
|
|
52
|
+
const read = deps.readConfig ?? readConfig;
|
|
53
|
+
const stdout = deps.stdout ?? process.stdout;
|
|
54
|
+
const cfg = read();
|
|
55
|
+
stdout.write(formatBetaLine(cfg) + '\n');
|
|
56
|
+
return 0;
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Implementation of `olam substrate set <substrate>`. Validates target, runs
|
|
60
|
+
* pre-flight via doctor with the target engine, refuses on worlds-exist OR
|
|
61
|
+
* doctor-fail, persists config, emits instrumentation. Exported for testability.
|
|
62
|
+
*
|
|
63
|
+
* Returns the desired process exit code (0 = success, 1 = refused/fail).
|
|
64
|
+
*/
|
|
65
|
+
export async function handleSet(target, deps = {}) {
|
|
66
|
+
const stderr = deps.stderr ?? process.stderr;
|
|
67
|
+
const stdout = deps.stdout ?? process.stdout;
|
|
68
|
+
const read = deps.readConfig ?? readConfig;
|
|
69
|
+
const write = deps.writeConfig ?? writeConfig;
|
|
70
|
+
const emit = deps.emit ?? emitSubstrateSet;
|
|
71
|
+
const runDoctorFn = deps.runDoctor ?? runDoctor;
|
|
72
|
+
const countWorlds = deps.countWorlds ?? defaultCountWorlds;
|
|
73
|
+
if (target !== 'compose' && target !== 'kubernetes') {
|
|
74
|
+
stderr.write(`${pc.red('error:')} unsupported substrate "${target}". Expected: compose | kubernetes.\n`);
|
|
75
|
+
return 1;
|
|
76
|
+
}
|
|
77
|
+
const targetSubstrate = target;
|
|
78
|
+
const current = read();
|
|
79
|
+
if (current.host.substrate === targetSubstrate) {
|
|
80
|
+
stdout.write(`Substrate already set to ${pc.bold(targetSubstrate)}. No change.\n`);
|
|
81
|
+
return 0;
|
|
82
|
+
}
|
|
83
|
+
// T3: refuse if worlds exist on the current substrate. Operator must
|
|
84
|
+
// explicitly `olam destroy --all` to avoid bisected worlds.db state.
|
|
85
|
+
let worldsCount;
|
|
86
|
+
try {
|
|
87
|
+
worldsCount = await countWorlds();
|
|
88
|
+
}
|
|
89
|
+
catch (err) {
|
|
90
|
+
stderr.write(`${pc.yellow('warn:')} could not list worlds (${err instanceof Error ? err.message : String(err)}); assuming none exist and proceeding.\n`);
|
|
91
|
+
worldsCount = 0;
|
|
92
|
+
}
|
|
93
|
+
if (worldsCount > 0) {
|
|
94
|
+
stderr.write(`${pc.red('error:')} ${worldsCount} world(s) exist on the current substrate (${pc.bold(current.host.substrate)}). Switching substrates abandons their state.\n`);
|
|
95
|
+
stderr.write(` Run ${pc.bold('olam destroy --all')} first, then re-run this command.\n`);
|
|
96
|
+
return 1;
|
|
97
|
+
}
|
|
98
|
+
// T2: pre-flight via doctor with the target engine. The kubernetes engine
|
|
99
|
+
// arg matches the substrate value 1:1 in PR1 — Phase 1b's substrate→engine
|
|
100
|
+
// mapping is identity (compose→docker; kubernetes→kubernetes).
|
|
101
|
+
// PR4 ships an `--substrate=<target>` CLI flag for doctor; PR1 routes
|
|
102
|
+
// through the existing `engine` programmatic dep.
|
|
103
|
+
const engine = targetSubstrate === 'compose' ? 'docker' : 'kubernetes';
|
|
104
|
+
stdout.write(`Running pre-flight for ${pc.bold(targetSubstrate)} substrate…\n`);
|
|
105
|
+
let doctorResult;
|
|
106
|
+
try {
|
|
107
|
+
doctorResult = await runDoctorFn({ json: true }, { engine });
|
|
108
|
+
}
|
|
109
|
+
catch (err) {
|
|
110
|
+
stderr.write(`${pc.red('error:')} pre-flight crashed: ${err instanceof Error ? err.message : String(err)}\n`);
|
|
111
|
+
return 1;
|
|
112
|
+
}
|
|
113
|
+
if (doctorResult.exitCode !== 0) {
|
|
114
|
+
stderr.write(`${pc.red('error:')} pre-flight failed for ${pc.bold(targetSubstrate)} substrate.\n`);
|
|
115
|
+
stderr.write(` Run ${pc.bold(`olam doctor${targetSubstrate === 'kubernetes' ? ' --substrate=kubernetes' : ''}`)} to see what's missing, fix the named prereqs, then re-run.\n`);
|
|
116
|
+
return 1;
|
|
117
|
+
}
|
|
118
|
+
// Persist + emit only after the gates pass.
|
|
119
|
+
const next = write({ host: { substrate: targetSubstrate } });
|
|
120
|
+
emit({
|
|
121
|
+
substrate: targetSubstrate,
|
|
122
|
+
flavor: targetSubstrate === 'kubernetes' ? 'k3s' : undefined,
|
|
123
|
+
});
|
|
124
|
+
stdout.write(formatBetaLine(next) + '\n');
|
|
125
|
+
if (targetSubstrate === 'kubernetes') {
|
|
126
|
+
stdout.write(`\nKubernetes substrate is in beta until ${BETA_EXPIRY_DATE}.\n` +
|
|
127
|
+
`Rollback: ${pc.bold('olam substrate set compose')} (preserves compose worlds you create after this).\n` +
|
|
128
|
+
`Next: ${pc.bold('olam upgrade')} to deploy host-cp to your kubectl context.\n`);
|
|
129
|
+
}
|
|
130
|
+
else {
|
|
131
|
+
stdout.write(`\nNext: ${pc.bold('olam upgrade')} to redeploy host-cp on the compose substrate.\n`);
|
|
132
|
+
}
|
|
133
|
+
return 0;
|
|
134
|
+
}
|
|
135
|
+
export function registerSubstrate(program) {
|
|
136
|
+
const sub = program.command('substrate').description('Manage deployment substrate (beta)');
|
|
137
|
+
sub
|
|
138
|
+
.command('get')
|
|
139
|
+
.description('Print the active substrate')
|
|
140
|
+
.action(async () => {
|
|
141
|
+
try {
|
|
142
|
+
const code = await handleGet();
|
|
143
|
+
if (code !== 0)
|
|
144
|
+
process.exitCode = code;
|
|
145
|
+
}
|
|
146
|
+
catch (err) {
|
|
147
|
+
printError(`olam substrate get failed: ${err instanceof Error ? err.message : String(err)}`);
|
|
148
|
+
process.exitCode = 1;
|
|
149
|
+
}
|
|
150
|
+
});
|
|
151
|
+
sub
|
|
152
|
+
.command('set <substrate>')
|
|
153
|
+
.description('Switch substrate (compose | kubernetes)')
|
|
154
|
+
.action(async (target) => {
|
|
155
|
+
try {
|
|
156
|
+
const code = await handleSet(target);
|
|
157
|
+
if (code !== 0)
|
|
158
|
+
process.exitCode = code;
|
|
159
|
+
}
|
|
160
|
+
catch (err) {
|
|
161
|
+
printError(`olam substrate set failed: ${err instanceof Error ? err.message : String(err)}`);
|
|
162
|
+
process.exitCode = 1;
|
|
163
|
+
}
|
|
164
|
+
});
|
|
165
|
+
// Phase 1b C3 — D19: manifest-refresh audit log inspection.
|
|
166
|
+
registerSubstrateAuditLog(sub);
|
|
167
|
+
}
|
|
168
|
+
// Silence unused-import lints when these helpers are referenced only via
|
|
169
|
+
// indirect calls (printInfo/printWarning/printSuccess are imported for parity
|
|
170
|
+
// with sibling commands' patterns even though substrate uses stdout/stderr
|
|
171
|
+
// directly for clean test injection).
|
|
172
|
+
void printInfo;
|
|
173
|
+
void printWarning;
|
|
174
|
+
void printSuccess;
|
|
175
|
+
//# sourceMappingURL=substrate.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"substrate.js","sourceRoot":"","sources":["../../src/commands/substrate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EAAE,MAAM,YAAY,CAAC;AAE5B,OAAO,EAAE,UAAU,EAAE,WAAW,EAAkB,MAAM,kBAAkB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAsB,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AAErE,MAAM,CAAC,MAAM,gBAAgB,GAAG,YAAqB,CAAC;AAmBtD,KAAK,UAAU,kBAAkB;IAC/B,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,WAAW,EAAE,CAAC;IACpC,IAAI,CAAC,GAAG;QAAE,OAAO,CAAC,CAAC;IACnB,OAAO,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,GAAuC;IAC7D,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACrC,OAAO,cAAc,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;IAC5C,CAAC;IACD,+EAA+E;IAC/E,iFAAiF;IACjF,OAAO,cAAc,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,gBAAgB,gBAAgB,eAAe,CAAC;AAC5F,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAsB,EAAE;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,EAAE,CAAC;IACnB,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAc,EAAE,OAAsB,EAAE;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC;IAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,gBAAgB,CAAC;IAC3C,MAAM,WAAW,GAAiB,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC;IAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,kBAAkB,CAAC;IAE3D,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QACpD,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,2BAA2B,MAAM,sCAAsC,CAC3F,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IACD,MAAM,eAAe,GAAc,MAAM,CAAC;IAE1C,MAAM,OAAO,GAAG,IAAI,EAAE,CAAC;IACvB,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;QAC/C,MAAM,CAAC,KAAK,CACV,4BAA4B,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,gBAAgB,CACrE,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,qEAAqE;IACrE,qEAAqE;IACrE,IAAI,WAAmB,CAAC;IACxB,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,WAAW,EAAE,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,2BACnB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,0CAA0C,CAC3C,CAAC;QACF,WAAW,GAAG,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,WAAW,6CAA6C,EAAE,CAAC,IAAI,CACpF,OAAO,CAAC,IAAI,CAAC,SAAS,CACvB,iDAAiD,CACnD,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,qCAAqC,CAAC,CAAC;QAC/F,OAAO,CAAC,CAAC;IACX,CAAC;IAED,0EAA0E;IAC1E,2EAA2E;IAC3E,+DAA+D;IAC/D,sEAAsE;IACtE,kDAAkD;IAClD,MAAM,MAAM,GAA4B,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC;IAChG,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC;IAChF,IAAI,YAAkC,CAAC;IACvC,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,WAAW,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,wBACjB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,IAAI,CACL,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IACD,IAAI,YAAY,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,KAAK,CACV,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,0BAA0B,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,eAAe,CACrF,CAAC;QACF,MAAM,CAAC,KAAK,CACV,cAAc,EAAE,CAAC,IAAI,CACnB,cAAc,eAAe,KAAK,YAAY,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,EAAE,CAClF,+DAA+D,CACjE,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,4CAA4C;IAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,eAAe,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KAC7D,CAAC,CAAC;IAEH,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,eAAe,KAAK,YAAY,EAAE,CAAC;QACrC,MAAM,CAAC,KAAK,CACV,2CAA2C,gBAAgB,KAAK;YAC9D,aAAa,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,sDAAsD;YACxG,SAAS,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,+CAA+C,CAClF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,KAAK,CACV,WAAW,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,kDAAkD,CACrF,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAgB;IAChD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC,oCAAoC,CAAC,CAAC;IAE3F,GAAG;SACA,OAAO,CAAC,KAAK,CAAC;SACd,WAAW,CAAC,4BAA4B,CAAC;SACzC,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,SAAS,EAAE,CAAC;YAC/B,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,CAAC,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,GAAG;SACA,OAAO,CAAC,iBAAiB,CAAC;SAC1B,WAAW,CAAC,yCAAyC,CAAC;SACtD,MAAM,CAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,CACR,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACjF,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,4DAA4D;IAC5D,yBAAyB,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,yEAAyE;AACzE,8EAA8E;AAC9E,2EAA2E;AAC3E,sCAAsC;AACtC,KAAK,SAAS,CAAC;AACf,KAAK,YAAY,CAAC;AAClB,KAAK,YAAY,CAAC"}
|
|
@@ -35,6 +35,14 @@ export interface UpgradeOpts {
|
|
|
35
35
|
* pull-by-digest path that operators on installed CLIs need.
|
|
36
36
|
*/
|
|
37
37
|
readonly fromSource: boolean;
|
|
38
|
+
/**
|
|
39
|
+
* Phase 1b — C2/D14: refresh manifests in ~/.olam/k8s/manifests/ during
|
|
40
|
+
* a kubernetes-substrate upgrade. Requires --accept-security-regression
|
|
41
|
+
* when security-sensitive fields (securityContext, capabilities, etc.) differ.
|
|
42
|
+
*/
|
|
43
|
+
readonly forceRefreshManifests: boolean;
|
|
44
|
+
/** Phase 1b — C2/D14: accept security-sensitive field regressions in manifests. */
|
|
45
|
+
readonly acceptSecurityRegression: boolean;
|
|
38
46
|
}
|
|
39
47
|
/**
|
|
40
48
|
* Check whether node_modules is in sync with package-lock.json.
|
|
@@ -83,6 +91,8 @@ export declare function parseUpgradeOpts(raw: {
|
|
|
83
91
|
n?: string | number;
|
|
84
92
|
json?: boolean;
|
|
85
93
|
fromSource?: boolean;
|
|
94
|
+
forceRefreshManifests?: boolean;
|
|
95
|
+
acceptSecurityRegression?: boolean;
|
|
86
96
|
}): UpgradeOpts;
|
|
87
97
|
/**
|
|
88
98
|
* Extract the JS bundle hash from index.html.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upgrade.d.ts","sourceRoot":"","sources":["../../src/commands/upgrade.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAYzC,OAAO,EAIL,KAAK,UAAU,EACf,KAAK,YAAY,EAClB,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"upgrade.d.ts","sourceRoot":"","sources":["../../src/commands/upgrade.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAYzC,OAAO,EAIL,KAAK,UAAU,EACf,KAAK,YAAY,EAClB,MAAM,gBAAgB,CAAC;AAexB,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,2EAA2E;IAC3E,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,iEAAiE;IACjE,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,yEAAyE;IACzE,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,yEAAyE;IACzE,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,yDAAyD;IACzD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,mFAAmF;IACnF,QAAQ,CAAC,wBAAwB,EAAE,OAAO,CAAC;CAC5C;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAaxD;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE;IAAE,WAAW,EAAE,OAAO,CAAA;CAAE,EAC9B,GAAG,EAAE,MAAM,GACV;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,IAAI,EAAE,KAAK,CAAA;CAAE,CAQlD;AAED,+CAA+C;AAC/C,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,EAAE,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAWzF;AAED,6DAA6D;AAC7D,wBAAgB,gBAAgB,CAAC,GAAG,EAAE;IACpC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC,GAAG,WAAW,CAuBd;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAGlE;AAuDD;;;;;;;;;;;GAWG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWzD;AAED,qEAAqE;AACrE,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAUhD;AAED;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,aAAa,CAAC,QAAQ,CAAC,GAAG,MAAM,GAAG,IAAI,CAInF;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAuBD,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,WAAW,CAmExE;AAED;;;;;;GAMG;AACH,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED,eAAO,MAAM,oBAAoB,EAAE,aAAa,CAAC,QAAQ,CAMxD,CAAC;AAEF,0CAA0C;AAC1C,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;GASG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe,CAiBvE;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,kGAAkG;IAClG,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,8EAA8E;IAC9E,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;CAClC;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC;;;;;;;;;;;OAWG;IACH,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,aAAa,CAAC,QAAQ,CAAC,GAAG,UAAU,CA2E3E;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,aAAa,CAAC,QAAQ,CAAC,GAAG;IAClE,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,aAAa,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvE,OAAO,EAAE,MAAM,CAAC;CACjB,CAeA;AA8BD;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3G,QAAQ,CAAC,WAAW,EAAE;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAA;KAAE,CAAC;IAChH,QAAQ,CAAC,MAAM,EAAE;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3G,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,mBAAmB,CACvC,SAAS,EAAE,MAAM,EACjB,SAAS,SAAS,EAClB,cAAc,SAAQ,GACrB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,eAAe,GAAG,IAAI,CAAA;CAAE,CAAC,CAyBjE;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,eAAe,GAAG,IAAI,GAC/B,MAAM,CAYR;AAoGD;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;OAGG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,CACxB,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAC7B;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACrD;;;OAGG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvE;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC1E;;;;OAIG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,6DAA6D;IAC7D,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,KAAK;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACjF;;;;;;;OAOG;IACH,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAC9B,aAAa,EAAE,MAAM,KAClB;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACxF;;;;OAIG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAC7B,aAAa,EAAE,MAAM,KAClB;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;CACtC;AAED,wBAAsB,sBAAsB,CAC1C,IAAI,GAAE,eAAoB,GACzB,OAAO,CAAC,iBAAiB,CAAC,CAsU5B;AA4wBD,wBAAgB,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA0HtD"}
|
package/dist/commands/upgrade.js
CHANGED
|
@@ -25,6 +25,8 @@ import { loadImageDigests, pullImageWithRetry, realDocker, } from './bootstrap.j
|
|
|
25
25
|
import { EXIT_BOOTSTRAP_PULL_FAILED, EXIT_GENERIC_ERROR, EXIT_PROTOCOL_MISMATCH, } from '../exit-codes.js';
|
|
26
26
|
import { checkProtocolOverlap, parseProtocolVersionsLabel } from '../protocol-version.js';
|
|
27
27
|
import { isDevMode, MissingBuildScriptError } from '../install-root.js';
|
|
28
|
+
import { readConfig } from '../lib/config.js';
|
|
29
|
+
import { runUpgradeKubernetes } from '../lib/upgrade-kubernetes.js';
|
|
28
30
|
const AUTH_HEALTH_URL = 'http://127.0.0.1:9999/health';
|
|
29
31
|
/**
|
|
30
32
|
* Check whether node_modules is in sync with package-lock.json.
|
|
@@ -99,6 +101,8 @@ export function parseUpgradeOpts(raw) {
|
|
|
99
101
|
historyN: Number.isFinite(historyN) && historyN > 0 ? historyN : 10,
|
|
100
102
|
historyJson: raw.json === true,
|
|
101
103
|
fromSource: raw.fromSource === true,
|
|
104
|
+
forceRefreshManifests: raw.forceRefreshManifests === true,
|
|
105
|
+
acceptSecurityRegression: raw.acceptSecurityRegression === true,
|
|
102
106
|
};
|
|
103
107
|
}
|
|
104
108
|
/**
|
|
@@ -1623,8 +1627,34 @@ export function registerUpgrade(program) {
|
|
|
1623
1627
|
.option('--from-source', 'Build host-cp + auth + devbox from monorepo source (legacy path).\n' +
|
|
1624
1628
|
' Requires OLAM_DEV=1 + a `packages/` sibling at the install root.\n' +
|
|
1625
1629
|
' Default (no flag): pull pre-built images from ghcr.io by digest.')
|
|
1630
|
+
.option('--force-refresh-manifests', '[kubernetes substrate only] Re-apply manifests from ~/.olam/k8s/manifests/ before\n' +
|
|
1631
|
+
' the rollout. Security-sensitive field diffs require\n' +
|
|
1632
|
+
' --accept-security-regression to proceed.')
|
|
1633
|
+
.option('--accept-security-regression', '[kubernetes substrate only] Accept security-sensitive field changes in manifests\n' +
|
|
1634
|
+
' when using --force-refresh-manifests. Writes an audit\n' +
|
|
1635
|
+
' entry to ~/.olam/state/manifest-refresh-audit.jsonl.')
|
|
1626
1636
|
.action(async (opts) => {
|
|
1627
1637
|
const parsed = parseUpgradeOpts(opts);
|
|
1638
|
+
// Phase 1b — C2: substrate-aware routing.
|
|
1639
|
+
// Read host.substrate from ~/.olam/config.json BEFORE any other branching.
|
|
1640
|
+
// Compose path: unchanged (byte-identical to prior behaviour).
|
|
1641
|
+
// Kubernetes path: 8-step flow in upgrade-kubernetes.ts.
|
|
1642
|
+
const cfg = readConfig();
|
|
1643
|
+
if (cfg.host.substrate === 'kubernetes') {
|
|
1644
|
+
try {
|
|
1645
|
+
const result = await runUpgradeKubernetes({
|
|
1646
|
+
forceRefreshManifests: parsed.forceRefreshManifests,
|
|
1647
|
+
acceptSecurityRegression: parsed.acceptSecurityRegression,
|
|
1648
|
+
});
|
|
1649
|
+
process.exitCode = result.exitCode;
|
|
1650
|
+
}
|
|
1651
|
+
catch (err) {
|
|
1652
|
+
printError(err instanceof Error ? err.message : String(err));
|
|
1653
|
+
process.exitCode = EXIT_GENERIC_ERROR;
|
|
1654
|
+
}
|
|
1655
|
+
return;
|
|
1656
|
+
}
|
|
1657
|
+
// compose path — unchanged below this line ────────────────────
|
|
1628
1658
|
// Phase C — C6: --from-source gates the legacy build path. Default
|
|
1629
1659
|
// pull-by-digest path lands installed-CLI operators on a fresh
|
|
1630
1660
|
// image set without a monorepo clone.
|