@pleri/olam-cli 0.1.175 → 0.1.182
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -0
- package/bin/olam.cjs +22 -0
- package/dist/commands/auth.d.ts.map +1 -1
- package/dist/commands/auth.js +67 -19
- package/dist/commands/auth.js.map +1 -1
- package/dist/commands/config.d.ts.map +1 -1
- package/dist/commands/config.js +93 -0
- package/dist/commands/config.js.map +1 -1
- package/dist/commands/destroy.d.ts +41 -0
- package/dist/commands/destroy.d.ts.map +1 -1
- package/dist/commands/destroy.js +81 -33
- package/dist/commands/destroy.js.map +1 -1
- package/dist/commands/dispatch-resolve.d.ts +54 -0
- package/dist/commands/dispatch-resolve.d.ts.map +1 -0
- package/dist/commands/dispatch-resolve.js +105 -0
- package/dist/commands/dispatch-resolve.js.map +1 -0
- package/dist/commands/dispatch.d.ts.map +1 -1
- package/dist/commands/dispatch.js +40 -9
- package/dist/commands/dispatch.js.map +1 -1
- package/dist/commands/flywheel/index.d.ts.map +1 -1
- package/dist/commands/flywheel/index.js +4 -0
- package/dist/commands/flywheel/index.js.map +1 -1
- package/dist/commands/flywheel/install-sessionstart-hook.d.ts +64 -0
- package/dist/commands/flywheel/install-sessionstart-hook.d.ts.map +1 -0
- package/dist/commands/flywheel/install-sessionstart-hook.js +197 -0
- package/dist/commands/flywheel/install-sessionstart-hook.js.map +1 -0
- package/dist/commands/flywheel/k5-validate.d.ts +31 -0
- package/dist/commands/flywheel/k5-validate.d.ts.map +1 -1
- package/dist/commands/flywheel/k5-validate.js +80 -19
- package/dist/commands/flywheel/k5-validate.js.map +1 -1
- package/dist/commands/flywheel/session-start.d.ts +26 -0
- package/dist/commands/flywheel/session-start.d.ts.map +1 -0
- package/dist/commands/flywheel/session-start.js +119 -0
- package/dist/commands/flywheel/session-start.js.map +1 -0
- package/dist/commands/host-cp.d.ts +0 -3
- package/dist/commands/host-cp.d.ts.map +1 -1
- package/dist/commands/host-cp.js +27 -2
- package/dist/commands/host-cp.js.map +1 -1
- package/dist/commands/kg-classify.d.ts.map +1 -1
- package/dist/commands/kg-classify.js +20 -0
- package/dist/commands/kg-classify.js.map +1 -1
- package/dist/commands/kg-doctor.d.ts +67 -6
- package/dist/commands/kg-doctor.d.ts.map +1 -1
- package/dist/commands/kg-doctor.js +126 -46
- package/dist/commands/kg-doctor.js.map +1 -1
- package/dist/commands/list.d.ts +27 -0
- package/dist/commands/list.d.ts.map +1 -1
- package/dist/commands/list.js +67 -19
- package/dist/commands/list.js.map +1 -1
- package/dist/commands/memory/status.d.ts +18 -0
- package/dist/commands/memory/status.d.ts.map +1 -1
- package/dist/commands/memory/status.js +38 -2
- package/dist/commands/memory/status.js.map +1 -1
- package/dist/commands/memory-service-container.d.ts +44 -0
- package/dist/commands/memory-service-container.d.ts.map +1 -1
- package/dist/commands/memory-service-container.js +49 -0
- package/dist/commands/memory-service-container.js.map +1 -1
- package/dist/commands/ps.d.ts +32 -0
- package/dist/commands/ps.d.ts.map +1 -1
- package/dist/commands/ps.js +34 -0
- package/dist/commands/ps.js.map +1 -1
- package/dist/commands/runbooks.d.ts +32 -0
- package/dist/commands/runbooks.d.ts.map +1 -1
- package/dist/commands/runbooks.js +79 -22
- package/dist/commands/runbooks.js.map +1 -1
- package/dist/commands/skills-source.d.ts.map +1 -1
- package/dist/commands/skills-source.js +77 -2
- package/dist/commands/skills-source.js.map +1 -1
- package/dist/commands/upgrade-history.d.ts +0 -2
- package/dist/commands/upgrade-history.d.ts.map +1 -1
- package/dist/commands/upgrade-history.js +0 -6
- package/dist/commands/upgrade-history.js.map +1 -1
- package/dist/commands/upgrade-lock.d.ts +0 -9
- package/dist/commands/upgrade-lock.d.ts.map +1 -1
- package/dist/commands/upgrade-lock.js +1 -1
- package/dist/commands/upgrade-lock.js.map +1 -1
- package/dist/commands/world-snapshot.d.ts +13 -0
- package/dist/commands/world-snapshot.d.ts.map +1 -1
- package/dist/commands/world-snapshot.js +81 -1
- package/dist/commands/world-snapshot.js.map +1 -1
- package/dist/commands/yolo.d.ts +95 -0
- package/dist/commands/yolo.d.ts.map +1 -0
- package/dist/commands/yolo.js +377 -0
- package/dist/commands/yolo.js.map +1 -0
- package/dist/image-digests.json +8 -8
- package/dist/index.js +3990 -2445
- package/dist/index.js.map +1 -1
- package/dist/lib/anthropic-base-url-file.d.ts +37 -0
- package/dist/lib/anthropic-base-url-file.d.ts.map +1 -0
- package/dist/lib/anthropic-base-url-file.js +46 -0
- package/dist/lib/anthropic-base-url-file.js.map +1 -0
- package/dist/lib/auth-remote.d.ts +9 -17
- package/dist/lib/auth-remote.d.ts.map +1 -1
- package/dist/lib/auth-remote.js +25 -20
- package/dist/lib/auth-remote.js.map +1 -1
- package/dist/lib/cf-access-token.d.ts +32 -0
- package/dist/lib/cf-access-token.d.ts.map +1 -0
- package/dist/lib/cf-access-token.js +52 -0
- package/dist/lib/cf-access-token.js.map +1 -0
- package/dist/lib/config.d.ts +17 -3
- package/dist/lib/config.d.ts.map +1 -1
- package/dist/lib/config.js +28 -4
- package/dist/lib/config.js.map +1 -1
- package/dist/lib/kubectl-context.d.ts +49 -0
- package/dist/lib/kubectl-context.d.ts.map +1 -1
- package/dist/lib/kubectl-context.js +64 -2
- package/dist/lib/kubectl-context.js.map +1 -1
- package/dist/lib/upgrade-kubernetes.d.ts +7 -0
- package/dist/lib/upgrade-kubernetes.d.ts.map +1 -1
- package/dist/lib/upgrade-kubernetes.js +35 -8
- package/dist/lib/upgrade-kubernetes.js.map +1 -1
- package/dist/mcp-server.js +1470 -991
- package/hermes-bundle/version.json +1 -1
- package/host-cp/k8s/manifests/45-pvc.yaml +6 -2
- package/host-cp/k8s/manifests/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/kg-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/memory-service/50-deployment.yaml +1 -1
- package/host-cp/observability/trace-summary.mjs +267 -0
- package/host-cp/src/bootstrap-selective.mjs +58 -0
- package/host-cp/src/host-stream.mjs +52 -0
- package/host-cp/src/plan-chat-service.mjs +51 -0
- package/host-cp/src/redirect.mjs +159 -0
- package/host-cp/src/resolver.mjs +121 -0
- package/host-cp/src/router.mjs +168 -0
- package/host-cp/src/serve-only-config.mjs +85 -0
- package/host-cp/src/server.mjs +375 -205
- package/host-cp/src/world-services.mjs +136 -0
- package/package.json +1 -1
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AAExB,0EAA0E;AAC1E,6EAA6E;AAC7E,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AAExB,0EAA0E;AAC1E,6EAA6E;AAC7E,yEAAyE;AACzE,wBAAwB;AAExB,wEAAwE;AACxE,0EAA0E;AAC1E,uEAAuE;AACvE,wEAAwE;AACxE,qEAAqE;AACrE,wEAAwE;AACxE,2EAA2E;AAC3E,+DAA+D;AAC/D,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;AAC3B,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Helpers for `olam auth issue-anthropic-token` (g4.1) cloud-mode UX.
|
|
3
|
+
*
|
|
4
|
+
* Extracted from auth.ts so the file-write + label-default logic is unit
|
|
5
|
+
* testable without driving the commander action (which blocks on a stdin
|
|
6
|
+
* cookie prompt). auth.ts delegates here; tests target this module directly
|
|
7
|
+
* — same pattern as `auth-refresh-kubernetes.ts`.
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Resolve the friendly token label. The label is just a handle for
|
|
11
|
+
* `list-anthropic-tokens` + revocation, so it is optional: when omitted we
|
|
12
|
+
* default to `<hostname>-<timestamp>`, unique per mint on a single laptop.
|
|
13
|
+
*/
|
|
14
|
+
export declare function resolveTokenLabel(label?: string): string;
|
|
15
|
+
export interface WriteBaseUrlResult {
|
|
16
|
+
/** True when the file was written; false when skipped via `write: false`. */
|
|
17
|
+
readonly wrote: boolean;
|
|
18
|
+
/** Absolute path the URL was (or would have been) written to. */
|
|
19
|
+
readonly path: string;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Persist the cloud-mode bearer URL where auth-client's `resolveCloudUrl()`
|
|
23
|
+
* expects it: `<home>/.olam/anthropic-base-url`, a single BARE trimmed URL
|
|
24
|
+
* plus a trailing newline, chmod 600.
|
|
25
|
+
*
|
|
26
|
+
* Bare URL only — NO `export X='...'` shell wrapper and no quotes. The
|
|
27
|
+
* resolver reads the file verbatim, `.trim()`s it, and parses one URL per
|
|
28
|
+
* file; a shell-assignment line would break that contract.
|
|
29
|
+
*
|
|
30
|
+
* Returns `{ wrote: false }` (no filesystem touch) when `opts.write === false`
|
|
31
|
+
* — the `--no-write-file` opt-out path.
|
|
32
|
+
*/
|
|
33
|
+
export declare function writeAnthropicBaseUrlFile(url: string, opts?: {
|
|
34
|
+
write?: boolean;
|
|
35
|
+
homeDir?: string;
|
|
36
|
+
}): WriteBaseUrlResult;
|
|
37
|
+
//# sourceMappingURL=anthropic-base-url-file.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anthropic-base-url-file.d.ts","sourceRoot":"","sources":["../../src/lib/anthropic-base-url-file.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAGxD;AAED,MAAM,WAAW,kBAAkB;IACjC,6EAA6E;IAC7E,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,iEAAiE;IACjE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,MAAM,EACX,IAAI,GAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAO,GAC/C,kBAAkB,CAcpB"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Helpers for `olam auth issue-anthropic-token` (g4.1) cloud-mode UX.
|
|
3
|
+
*
|
|
4
|
+
* Extracted from auth.ts so the file-write + label-default logic is unit
|
|
5
|
+
* testable without driving the commander action (which blocks on a stdin
|
|
6
|
+
* cookie prompt). auth.ts delegates here; tests target this module directly
|
|
7
|
+
* — same pattern as `auth-refresh-kubernetes.ts`.
|
|
8
|
+
*/
|
|
9
|
+
import * as fs from 'node:fs';
|
|
10
|
+
import * as os from 'node:os';
|
|
11
|
+
import * as path from 'node:path';
|
|
12
|
+
/**
|
|
13
|
+
* Resolve the friendly token label. The label is just a handle for
|
|
14
|
+
* `list-anthropic-tokens` + revocation, so it is optional: when omitted we
|
|
15
|
+
* default to `<hostname>-<timestamp>`, unique per mint on a single laptop.
|
|
16
|
+
*/
|
|
17
|
+
export function resolveTokenLabel(label) {
|
|
18
|
+
if (label && label.trim().length > 0)
|
|
19
|
+
return label;
|
|
20
|
+
return `${os.hostname()}-${Date.now()}`;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Persist the cloud-mode bearer URL where auth-client's `resolveCloudUrl()`
|
|
24
|
+
* expects it: `<home>/.olam/anthropic-base-url`, a single BARE trimmed URL
|
|
25
|
+
* plus a trailing newline, chmod 600.
|
|
26
|
+
*
|
|
27
|
+
* Bare URL only — NO `export X='...'` shell wrapper and no quotes. The
|
|
28
|
+
* resolver reads the file verbatim, `.trim()`s it, and parses one URL per
|
|
29
|
+
* file; a shell-assignment line would break that contract.
|
|
30
|
+
*
|
|
31
|
+
* Returns `{ wrote: false }` (no filesystem touch) when `opts.write === false`
|
|
32
|
+
* — the `--no-write-file` opt-out path.
|
|
33
|
+
*/
|
|
34
|
+
export function writeAnthropicBaseUrlFile(url, opts = {}) {
|
|
35
|
+
const homeDir = opts.homeDir ?? os.homedir();
|
|
36
|
+
const filePath = path.join(homeDir, '.olam', 'anthropic-base-url');
|
|
37
|
+
if (opts.write === false) {
|
|
38
|
+
return { wrote: false, path: filePath };
|
|
39
|
+
}
|
|
40
|
+
fs.mkdirSync(path.dirname(filePath), { recursive: true });
|
|
41
|
+
// mode on writeFileSync is masked by umask; chmod after to guarantee 600.
|
|
42
|
+
fs.writeFileSync(filePath, `${url}\n`, { mode: 0o600 });
|
|
43
|
+
fs.chmodSync(filePath, 0o600);
|
|
44
|
+
return { wrote: true, path: filePath };
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=anthropic-base-url-file.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anthropic-base-url-file.js","sourceRoot":"","sources":["../../src/lib/anthropic-base-url-file.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,GAAG,EAAE,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;AAC1C,CAAC;AASD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAW,EACX,OAA8C,EAAE;IAEhD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAC;IAEnE,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;QACzB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC1C,CAAC;IAED,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,0EAA0E;IAC1E,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,GAAG,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAE9B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACzC,CAAC"}
|
|
@@ -13,6 +13,15 @@ export interface RemoteClientOptions {
|
|
|
13
13
|
baseUrl: string;
|
|
14
14
|
/** CF_Authorization cookie value, obtained manually from browser DevTools. */
|
|
15
15
|
cfAuthCookie?: string;
|
|
16
|
+
/**
|
|
17
|
+
* CF Access service-token client id (Phase H h2). When both this and
|
|
18
|
+
* cfAccessClientSecret are present, the request authenticates machine-to-
|
|
19
|
+
* machine via CF-Access-Client-Id / CF-Access-Client-Secret headers — no
|
|
20
|
+
* cookie-paste needed. The Cloudflare edge mints the SSO JWT.
|
|
21
|
+
*/
|
|
22
|
+
cfAccessClientId?: string;
|
|
23
|
+
/** CF Access service-token client secret (paired with cfAccessClientId). */
|
|
24
|
+
cfAccessClientSecret?: string;
|
|
16
25
|
/** Injected fetch for testing. Defaults to global fetch. */
|
|
17
26
|
fetchFn?: FetchFn;
|
|
18
27
|
}
|
|
@@ -86,23 +95,6 @@ export declare function remoteBindServiceToken(opts: RemoteClientOptions, payloa
|
|
|
86
95
|
export declare function remoteDeleteServiceToken(opts: RemoteClientOptions, clientId: string): Promise<{
|
|
87
96
|
ok: boolean;
|
|
88
97
|
}>;
|
|
89
|
-
/**
|
|
90
|
-
// ── g4: Anthropic proxy token helpers ────────────────────────────────────────
|
|
91
|
-
|
|
92
|
-
export interface AnthropicTokenIssueResponse {
|
|
93
|
-
secret: string;
|
|
94
|
-
token_hash: string;
|
|
95
|
-
label: string;
|
|
96
|
-
anthropic_base_url_hint: string;
|
|
97
|
-
}
|
|
98
|
-
|
|
99
|
-
export interface AnthropicTokenEntry {
|
|
100
|
-
label: string;
|
|
101
|
-
token_hash: string;
|
|
102
|
-
issued_at?: string;
|
|
103
|
-
last_used_at?: string;
|
|
104
|
-
}
|
|
105
|
-
|
|
106
98
|
/**
|
|
107
99
|
* POST /v1/anthropic-tokens/issue — mint a new Anthropic proxy token.
|
|
108
100
|
* Returns { secret, token_hash, label, anthropic_base_url_hint }.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-remote.d.ts","sourceRoot":"","sources":["../../src/lib/auth-remote.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC;AAEnC,MAAM,WAAW,mBAAmB;IAClC,kEAAkE;IAClE,OAAO,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"auth-remote.d.ts","sourceRoot":"","sources":["../../src/lib/auth-remote.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC;AAEnC,MAAM,WAAW,mBAAmB;IAClC,kEAAkE;IAClE,OAAO,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,4EAA4E;IAC5E,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAOD,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,2BAA2B;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAsCD;;GAEG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,cAAc,CAAC,CAWzB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,kBAAkB,CAAC,CAa7B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,YAAY,EAAE,CAAC,CAWzB;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,YAAY,EAAE,CAAC,CAWzB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,mBAAmB,EACzB,OAAO,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAC5C,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC,CAa1B;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,mBAAmB,EACzB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC,CAW1B;AAUD;;;GAGG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,mBAAmB,EACzB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,2BAA2B,CAAC,CAatC;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAYhC;AAED;;;GAGG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,mBAAmB,EACzB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAYlB;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,iBAAiB,EAAE,CAAC,CA2G9B"}
|
package/dist/lib/auth-remote.js
CHANGED
|
@@ -15,16 +15,31 @@ function normalizeBase(url) {
|
|
|
15
15
|
* When cfAuthCookie is provided, forwards it so the worker's CF Access
|
|
16
16
|
* middleware can authenticate the request server-side.
|
|
17
17
|
*/
|
|
18
|
-
function buildHeaders(cookie) {
|
|
18
|
+
function buildHeaders(cookie, cfAccess) {
|
|
19
19
|
const headers = {
|
|
20
20
|
'Content-Type': 'application/json',
|
|
21
21
|
Accept: 'application/json',
|
|
22
22
|
};
|
|
23
|
+
// Phase H h2: prefer machine-to-machine service-token headers when present.
|
|
24
|
+
// The CF Access edge validates these and injects the SSO JWT the worker's
|
|
25
|
+
// resolveIdentity expects. Cookie + service token are not mutually
|
|
26
|
+
// exclusive — both may be sent; the edge honours the service token.
|
|
27
|
+
if (cfAccess) {
|
|
28
|
+
headers['CF-Access-Client-Id'] = cfAccess.clientId;
|
|
29
|
+
headers['CF-Access-Client-Secret'] = cfAccess.clientSecret;
|
|
30
|
+
}
|
|
23
31
|
if (cookie) {
|
|
24
32
|
headers['Cookie'] = `CF_Authorization=${cookie}`;
|
|
25
33
|
}
|
|
26
34
|
return headers;
|
|
27
35
|
}
|
|
36
|
+
/** Extract the CF Access service-token pair from options, or undefined. */
|
|
37
|
+
function cfAccessFromOpts(opts) {
|
|
38
|
+
if (opts.cfAccessClientId && opts.cfAccessClientSecret) {
|
|
39
|
+
return { clientId: opts.cfAccessClientId, clientSecret: opts.cfAccessClientSecret };
|
|
40
|
+
}
|
|
41
|
+
return undefined;
|
|
42
|
+
}
|
|
28
43
|
/**
|
|
29
44
|
* GET /v1/health — worker liveness probe.
|
|
30
45
|
*/
|
|
@@ -120,23 +135,13 @@ export async function remoteDeleteServiceToken(opts, clientId) {
|
|
|
120
135
|
}
|
|
121
136
|
return { ok: true };
|
|
122
137
|
}
|
|
123
|
-
/**
|
|
124
138
|
// ── g4: Anthropic proxy token helpers ────────────────────────────────────────
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
}
|
|
132
|
-
|
|
133
|
-
export interface AnthropicTokenEntry {
|
|
134
|
-
label: string;
|
|
135
|
-
token_hash: string;
|
|
136
|
-
issued_at?: string;
|
|
137
|
-
last_used_at?: string;
|
|
138
|
-
}
|
|
139
|
-
|
|
139
|
+
// Types AnthropicTokenIssueResponse + AnthropicTokenEntry are declared at the
|
|
140
|
+
// top of this file (lines 35-48) — added by PR #972 which independently fixed
|
|
141
|
+
// the JSDoc-eating-types bug while this branch was in flight. The cherry-pick
|
|
142
|
+
// of commit 19512c47 (which removed the stray /** that was hiding the
|
|
143
|
+
// duplicate declarations below) exposed both copies; the duplicate block is
|
|
144
|
+
// removed here to fix the resulting TS2300 "Duplicate identifier" error.
|
|
140
145
|
/**
|
|
141
146
|
* POST /v1/anthropic-tokens/issue — mint a new Anthropic proxy token.
|
|
142
147
|
* Returns { secret, token_hash, label, anthropic_base_url_hint }.
|
|
@@ -146,7 +151,7 @@ export async function remoteIssueAnthropicToken(opts, label) {
|
|
|
146
151
|
const url = `${normalizeBase(baseUrl)}/v1/anthropic-tokens/issue`;
|
|
147
152
|
const res = await fetchFn(url, {
|
|
148
153
|
method: 'POST',
|
|
149
|
-
headers: buildHeaders(cfAuthCookie),
|
|
154
|
+
headers: buildHeaders(cfAuthCookie, cfAccessFromOpts(opts)),
|
|
150
155
|
body: JSON.stringify({ label }),
|
|
151
156
|
});
|
|
152
157
|
if (!res.ok) {
|
|
@@ -163,7 +168,7 @@ export async function remoteListAnthropicTokens(opts) {
|
|
|
163
168
|
const url = `${normalizeBase(baseUrl)}/v1/anthropic-tokens`;
|
|
164
169
|
const res = await fetchFn(url, {
|
|
165
170
|
method: 'GET',
|
|
166
|
-
headers: buildHeaders(cfAuthCookie),
|
|
171
|
+
headers: buildHeaders(cfAuthCookie, cfAccessFromOpts(opts)),
|
|
167
172
|
});
|
|
168
173
|
if (!res.ok) {
|
|
169
174
|
const body = await res.text().catch(() => '');
|
|
@@ -180,7 +185,7 @@ export async function remoteRevokeAnthropicToken(opts, tokenHash) {
|
|
|
180
185
|
const url = `${normalizeBase(baseUrl)}/v1/anthropic-tokens/${encodeURIComponent(tokenHash)}`;
|
|
181
186
|
const res = await fetchFn(url, {
|
|
182
187
|
method: 'DELETE',
|
|
183
|
-
headers: buildHeaders(cfAuthCookie),
|
|
188
|
+
headers: buildHeaders(cfAuthCookie, cfAccessFromOpts(opts)),
|
|
184
189
|
});
|
|
185
190
|
if (res.status === 404)
|
|
186
191
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-remote.js","sourceRoot":"","sources":["../../src/lib/auth-remote.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"auth-remote.js","sourceRoot":"","sources":["../../src/lib/auth-remote.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAwEH,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CAAC,MAAe,EAAE,QAAuB;IAC5D,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,MAAM,EAAE,kBAAkB;KAC3B,CAAC;IACF,4EAA4E;IAC5E,0EAA0E;IAC1E,mEAAmE;IACnE,oEAAoE;IACpE,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,CAAC,qBAAqB,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC;QACnD,OAAO,CAAC,yBAAyB,CAAC,GAAG,QAAQ,CAAC,YAAY,CAAC;IAC7D,CAAC;IACD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,QAAQ,CAAC,GAAG,oBAAoB,MAAM,EAAE,CAAC;IACnD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2EAA2E;AAC3E,SAAS,gBAAgB,CAAC,IAAyB;IACjD,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACvD,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,gBAAgB,EAAE,YAAY,EAAE,IAAI,CAAC,oBAAoB,EAAE,CAAC;IACtF,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAyB;IAEzB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC;IAClD,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,EAA6B,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAyB;IAEzB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,iBAAiB,CAAC;IACvD,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC;QACnC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,EAAiC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAyB;IAEzB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,oBAAoB,CAAC;IAC1D,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,EAA6B,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAyB;IAEzB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,cAAc,CAAC;IACpD,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,EAA6B,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAyB,EACzB,OAA6C;IAE7C,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,yBAAyB,CAAC;IAC/D,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC;QACnC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;KAC9B,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC9F,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,IAAyB,EACzB,QAAgB;IAEhB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,sBAAsB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC1F,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,gFAAgF;AAChF,8EAA8E;AAC9E,8EAA8E;AAC9E,8EAA8E;AAC9E,sEAAsE;AACtE,4EAA4E;AAC5E,yEAAyE;AAEzE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAyB,EACzB,KAAa;IAEb,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,4BAA4B,CAAC;IAClE,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,YAAY,CAAC,YAAY,EAAE,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjG,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,EAA0C,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAyB;IAEzB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,sBAAsB,CAAC;IAC5D,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,YAAY,CAAC,YAAY,EAAE,gBAAgB,CAAC,IAAI,CAAC,CAAC;KAC5D,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjG,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,EAAoC,CAAC;AACtD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,IAAyB,EACzB,SAAiB;IAEjB,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,wBAAwB,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;IAC7F,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;QAC7B,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,YAAY,CAAC,YAAY,EAAE,gBAAgB,CAAC,IAAI,CAAC,CAAC;KAC5D,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAyB;IAEzB,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAEpC,sBAAsB;IACtB,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,YAAY,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC;YACX,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;SACrE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC;YACX,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;YACnE,MAAM,EAAE,kDAAkD,IAAI,EAAE;SACjE,CAAC,CAAC;IACL,CAAC;IAED,0BAA0B;IAC1B,wDAAwD;IACxD,2DAA2D;IAC3D,wEAAwE;IACxE,mFAAmF;IACnF,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAChC,0EAA0E;QAC1E,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACpE,OAAO,GAAG,WAAW,IAAI,4CAA4C,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,GAAG,IAAI,wBAAwB,CAAC;IAC5C,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC;gBACX,KAAK,EAAE,gBAAgB;gBACvB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,+BAA+B,OAAO,EAAE;aAClD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC;gBACX,KAAK,EAAE,gBAAgB;gBACvB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,gCAAgC,GAAG,CAAC,MAAM,EAAE;gBACrD,MAAM,EAAE,uEAAuE,OAAO,EAAE;aACzF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC;YACX,KAAK,EAAE,gBAAgB;YACvB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC1F,MAAM,EAAE,2BAA2B,OAAO,kDAAkD;SAC7F,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,IAAI,CAAC;QACH,MAAM,gBAAgB,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC;YACX,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,gFAAgF;QAChF,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC;YACX,KAAK,EAAE,aAAa;YACpB,MAAM;YACN,OAAO,EAAE,gBAAgB,GAAG,EAAE;YAC9B,MAAM,EACJ,MAAM,KAAK,MAAM;gBACf,CAAC,CAAC,wFAAwF;gBAC1F,CAAC,CAAC,6CAA6C,IAAI,EAAE;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,yCAAyC;IACzC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAC1D,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC;YACX,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,4CAA4C,QAAQ,CAAC,MAAM,GAAG;SACxE,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,CAAC;YACX,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,yDAAyD;YAClE,MAAM,EACJ,0FAA0F;SAC7F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CF Access service-token resolver (CLI mirror — Phase H h2).
|
|
3
|
+
*
|
|
4
|
+
* Mirrors packages/auth-client/src/cf-access-service-token.ts so the CLI
|
|
5
|
+
* stays a self-contained published bundle (no new workspace dependency in
|
|
6
|
+
* the publish path). The auth-client copy is the canonical one consumed by
|
|
7
|
+
* host-cp; this copy backs `olam auth issue/list-anthropic-tokens`.
|
|
8
|
+
*
|
|
9
|
+
* A CF Access *service token* is a non-interactive (client-id + client-secret)
|
|
10
|
+
* credential the Cloudflare edge validates and converts into a
|
|
11
|
+
* `Cf-Access-Jwt-Assertion` JWT before the request reaches the auth-worker —
|
|
12
|
+
* replacing the manual "paste your CF_Authorization cookie" step.
|
|
13
|
+
*
|
|
14
|
+
* Resolution priority (first hit wins):
|
|
15
|
+
* 1. env CF_ACCESS_CLIENT_ID + CF_ACCESS_CLIENT_SECRET
|
|
16
|
+
* 2. ~/.olam/cf-access-service-token.json ({clientId, clientSecret}, chmod 600)
|
|
17
|
+
*
|
|
18
|
+
* See docs/runbooks/cf-access-service-token.md for provisioning.
|
|
19
|
+
*/
|
|
20
|
+
export interface CfAccessServiceToken {
|
|
21
|
+
clientId: string;
|
|
22
|
+
clientSecret: string;
|
|
23
|
+
}
|
|
24
|
+
/** Default on-disk location for the service-token credential file. */
|
|
25
|
+
export declare function defaultServiceTokenPath(): string;
|
|
26
|
+
/**
|
|
27
|
+
* Resolve a CF Access service token from env, then from disk.
|
|
28
|
+
* Returns null when neither source supplies BOTH a non-empty clientId and
|
|
29
|
+
* clientSecret.
|
|
30
|
+
*/
|
|
31
|
+
export declare function resolveCfAccessServiceToken(env?: NodeJS.ProcessEnv, filePath?: string): CfAccessServiceToken | null;
|
|
32
|
+
//# sourceMappingURL=cf-access-token.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cf-access-token.d.ts","sourceRoot":"","sources":["../../src/lib/cf-access-token.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAMH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,sEAAsE;AACtE,wBAAgB,uBAAuB,IAAI,MAAM,CAEhD;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CACzC,GAAG,GAAE,MAAM,CAAC,UAAwB,EACpC,QAAQ,GAAE,MAAkC,GAC3C,oBAAoB,GAAG,IAAI,CAqB7B"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CF Access service-token resolver (CLI mirror — Phase H h2).
|
|
3
|
+
*
|
|
4
|
+
* Mirrors packages/auth-client/src/cf-access-service-token.ts so the CLI
|
|
5
|
+
* stays a self-contained published bundle (no new workspace dependency in
|
|
6
|
+
* the publish path). The auth-client copy is the canonical one consumed by
|
|
7
|
+
* host-cp; this copy backs `olam auth issue/list-anthropic-tokens`.
|
|
8
|
+
*
|
|
9
|
+
* A CF Access *service token* is a non-interactive (client-id + client-secret)
|
|
10
|
+
* credential the Cloudflare edge validates and converts into a
|
|
11
|
+
* `Cf-Access-Jwt-Assertion` JWT before the request reaches the auth-worker —
|
|
12
|
+
* replacing the manual "paste your CF_Authorization cookie" step.
|
|
13
|
+
*
|
|
14
|
+
* Resolution priority (first hit wins):
|
|
15
|
+
* 1. env CF_ACCESS_CLIENT_ID + CF_ACCESS_CLIENT_SECRET
|
|
16
|
+
* 2. ~/.olam/cf-access-service-token.json ({clientId, clientSecret}, chmod 600)
|
|
17
|
+
*
|
|
18
|
+
* See docs/runbooks/cf-access-service-token.md for provisioning.
|
|
19
|
+
*/
|
|
20
|
+
import * as fs from 'node:fs';
|
|
21
|
+
import * as os from 'node:os';
|
|
22
|
+
import * as path from 'node:path';
|
|
23
|
+
/** Default on-disk location for the service-token credential file. */
|
|
24
|
+
export function defaultServiceTokenPath() {
|
|
25
|
+
return path.join(os.homedir(), '.olam', 'cf-access-service-token.json');
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Resolve a CF Access service token from env, then from disk.
|
|
29
|
+
* Returns null when neither source supplies BOTH a non-empty clientId and
|
|
30
|
+
* clientSecret.
|
|
31
|
+
*/
|
|
32
|
+
export function resolveCfAccessServiceToken(env = process.env, filePath = defaultServiceTokenPath()) {
|
|
33
|
+
const envId = env['CF_ACCESS_CLIENT_ID'];
|
|
34
|
+
const envSecret = env['CF_ACCESS_CLIENT_SECRET'];
|
|
35
|
+
if (envId && envId.trim().length > 0 && envSecret && envSecret.trim().length > 0) {
|
|
36
|
+
return { clientId: envId.trim(), clientSecret: envSecret.trim() };
|
|
37
|
+
}
|
|
38
|
+
try {
|
|
39
|
+
const raw = fs.readFileSync(filePath, 'utf-8');
|
|
40
|
+
const parsed = JSON.parse(raw);
|
|
41
|
+
const clientId = typeof parsed.clientId === 'string' ? parsed.clientId.trim() : '';
|
|
42
|
+
const clientSecret = typeof parsed.clientSecret === 'string' ? parsed.clientSecret.trim() : '';
|
|
43
|
+
if (clientId.length > 0 && clientSecret.length > 0) {
|
|
44
|
+
return { clientId, clientSecret };
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
catch {
|
|
48
|
+
// File absent / unreadable / malformed JSON → no token.
|
|
49
|
+
}
|
|
50
|
+
return null;
|
|
51
|
+
}
|
|
52
|
+
//# sourceMappingURL=cf-access-token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cf-access-token.js","sourceRoot":"","sources":["../../src/lib/cf-access-token.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAOlC,sEAAsE;AACtE,MAAM,UAAU,uBAAuB;IACrC,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,8BAA8B,CAAC,CAAC;AAC1E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAyB,OAAO,CAAC,GAAG,EACpC,WAAmB,uBAAuB,EAAE;IAE5C,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACjD,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjF,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmD,CAAC;QACjF,MAAM,QAAQ,GAAG,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnF,MAAM,YAAY,GAChB,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wDAAwD;IAC1D,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/lib/config.d.ts
CHANGED
|
@@ -24,13 +24,27 @@ export declare const OLAM_HOME: string;
|
|
|
24
24
|
export declare const OLAM_STATE_DIR: string;
|
|
25
25
|
export declare const OLAM_CONFIG_PATH: string;
|
|
26
26
|
export type Substrate = 'compose' | 'kubernetes';
|
|
27
|
+
export type OlamHost = {
|
|
28
|
+
substrate: Substrate;
|
|
29
|
+
/**
|
|
30
|
+
* Pinned kubectl context name for the kubernetes substrate. Read by
|
|
31
|
+
* `resolveKubectlContext` (lib/kubectl-context.ts). Optional: absent on
|
|
32
|
+
* fresh installs until `olam upgrade`/`olam setup` auto-pins it or the
|
|
33
|
+
* operator sets it via `olam config set host.kubectl_context_pinned <name>`.
|
|
34
|
+
*/
|
|
35
|
+
kubectl_context_pinned?: string;
|
|
36
|
+
/**
|
|
37
|
+
* Optional GitHub token for authenticated ghcr.io image pulls. Read by the
|
|
38
|
+
* kubernetes upgrade flow when creating the ghcr-pull imagePullSecret.
|
|
39
|
+
*/
|
|
40
|
+
gh_token?: string;
|
|
41
|
+
};
|
|
27
42
|
export type OlamConfig = {
|
|
28
43
|
'config.schema': 1;
|
|
29
|
-
host:
|
|
30
|
-
substrate: Substrate;
|
|
31
|
-
};
|
|
44
|
+
host: OlamHost;
|
|
32
45
|
install_id: string;
|
|
33
46
|
};
|
|
47
|
+
export declare function isValidConfig(value: unknown): value is OlamConfig;
|
|
34
48
|
/**
|
|
35
49
|
* Read `~/.olam/config.json` (or `configPath` override). Returns a valid
|
|
36
50
|
* OlamConfig regardless of file state:
|
package/dist/lib/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAcH,eAAO,MAAM,SAAS,QAA2B,CAAC;AAClD,eAAO,MAAM,cAAc,QAA2B,CAAC;AACvD,eAAO,MAAM,gBAAgB,QAAiC,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAcH,eAAO,MAAM,SAAS,QAA2B,CAAC;AAClD,eAAO,MAAM,cAAc,QAA2B,CAAC;AACvD,eAAO,MAAM,gBAAgB,QAAiC,CAAC;AAoB/D,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG,YAAY,CAAC;AAEjD,MAAM,MAAM,QAAQ,GAAG;IACrB,SAAS,EAAE,SAAS,CAAC;IACrB;;;;;OAKG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,eAAe,EAAE,CAAC,CAAC;IACnB,IAAI,EAAE,QAAQ,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAuBF,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,UAAU,CASjE;AA+BD;;;;;;;;;;;;GAYG;AACH,wBAAgB,UAAU,CACxB,IAAI,GAAE;IACJ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;CAC3B,GACL,UAAU,CAsCZ;AAED;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CACzB,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;CAAE,EAC/C,IAAI,GAAE;IACJ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;CAC3B,GACL,UAAU,CAoBZ"}
|
package/dist/lib/config.js
CHANGED
|
@@ -21,12 +21,29 @@
|
|
|
21
21
|
* from pass-3 review).
|
|
22
22
|
*/
|
|
23
23
|
import { existsSync, mkdirSync, readFileSync, renameSync, unlinkSync, writeFileSync, } from 'node:fs';
|
|
24
|
-
import { homedir } from 'node:os';
|
|
24
|
+
import { homedir, tmpdir } from 'node:os';
|
|
25
25
|
import { join, dirname } from 'node:path';
|
|
26
26
|
import { randomUUID } from 'node:crypto';
|
|
27
27
|
export const OLAM_HOME = join(homedir(), '.olam');
|
|
28
28
|
export const OLAM_STATE_DIR = join(OLAM_HOME, 'state');
|
|
29
29
|
export const OLAM_CONFIG_PATH = join(OLAM_HOME, 'config.json');
|
|
30
|
+
/**
|
|
31
|
+
* Resolve the default config path for callers that don't inject one.
|
|
32
|
+
*
|
|
33
|
+
* Under Vitest (`process.env.VITEST` is set by the runner), redirect the
|
|
34
|
+
* default to a per-process tmp file so a test that calls `readConfig()` /
|
|
35
|
+
* `writeConfig()` WITHOUT an explicit `configPath` cannot read or clobber the
|
|
36
|
+
* operator's real `~/.olam/config.json`. This closes a real test-pollution
|
|
37
|
+
* bug: a full `npm test` was observed to overwrite the operator's live config
|
|
38
|
+
* (dropping `host.kubectl_context_pinned`) because non-hermetic tests hit the
|
|
39
|
+
* default path. Tests that pass an explicit `configPath` are unaffected.
|
|
40
|
+
*/
|
|
41
|
+
function defaultConfigPath() {
|
|
42
|
+
if (process.env['VITEST']) {
|
|
43
|
+
return join(tmpdir(), `olam-vitest-config-${process.pid}.json`);
|
|
44
|
+
}
|
|
45
|
+
return OLAM_CONFIG_PATH;
|
|
46
|
+
}
|
|
30
47
|
// k3s mode is the canonical olam substrate as of feat/cli-bootstrap-k3s-default
|
|
31
48
|
// (2026-05-22). Fresh installs default to `kubernetes`; existing installs whose
|
|
32
49
|
// ~/.olam/config.json explicitly carries `host.substrate: 'compose'` keep their
|
|
@@ -45,7 +62,7 @@ function ensureStateDir(stateDir = OLAM_STATE_DIR) {
|
|
|
45
62
|
mkdirSync(stateDir, { recursive: true });
|
|
46
63
|
}
|
|
47
64
|
}
|
|
48
|
-
function isValidConfig(value) {
|
|
65
|
+
export function isValidConfig(value) {
|
|
49
66
|
if (typeof value !== 'object' || value === null)
|
|
50
67
|
return false;
|
|
51
68
|
const v = value;
|
|
@@ -98,7 +115,7 @@ function atomicWriteJSON(path, value, stderr = process.stderr) {
|
|
|
98
115
|
* @param opts.stderr — override for tests (default: `process.stderr`)
|
|
99
116
|
*/
|
|
100
117
|
export function readConfig(opts = {}) {
|
|
101
|
-
const configPath = opts.configPath ??
|
|
118
|
+
const configPath = opts.configPath ?? defaultConfigPath();
|
|
102
119
|
const stateDir = opts.stateDir ?? OLAM_STATE_DIR;
|
|
103
120
|
const stderr = opts.stderr ?? process.stderr;
|
|
104
121
|
ensureStateDir(stateDir);
|
|
@@ -137,10 +154,17 @@ export function readConfig(opts = {}) {
|
|
|
137
154
|
* @returns the new OlamConfig that was persisted
|
|
138
155
|
*/
|
|
139
156
|
export function writeConfig(updates, opts = {}) {
|
|
140
|
-
const configPath = opts.configPath ??
|
|
157
|
+
const configPath = opts.configPath ?? defaultConfigPath();
|
|
141
158
|
const stderr = opts.stderr ?? process.stderr;
|
|
142
159
|
const current = readConfig(opts);
|
|
160
|
+
// Spread `...current` first so unknown top-level keys (e.g. the `repos` /
|
|
161
|
+
// `runbooks` / `schemaVersion` slices owned by @olam/core's global-config
|
|
162
|
+
// reader, which shares this same file) survive a host-only update. Without
|
|
163
|
+
// this, writing any host.* field would silently drop the operator's repo and
|
|
164
|
+
// runbook configuration. The canonical cli/lib keys are then re-asserted on
|
|
165
|
+
// top so this writer's invariants (config.schema, preserved install_id) hold.
|
|
143
166
|
const next = {
|
|
167
|
+
...current,
|
|
144
168
|
'config.schema': 1,
|
|
145
169
|
host: { ...current.host, ...(updates.host ?? {}) },
|
|
146
170
|
install_id: current.install_id,
|
package/dist/lib/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,UAAU,EACV,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,UAAU,EACV,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AAClD,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;AACvD,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;AAE/D;;;;;;;;;;GAUG;AACH,SAAS,iBAAiB;IACxB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,MAAM,EAAE,EAAE,sBAAsB,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA0BD,gFAAgF;AAChF,gFAAgF;AAChF,gFAAgF;AAChF,yEAAyE;AACzE,yFAAyF;AACzF,MAAM,iBAAiB,GAAc,YAAY,CAAC;AAElD,SAAS,iBAAiB;IACxB,OAAO;QACL,eAAe,EAAE,CAAC;QAClB,IAAI,EAAE,EAAE,SAAS,EAAE,iBAAiB,EAAE;QACtC,UAAU,EAAE,UAAU,EAAE;KACzB,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,WAAmB,cAAc;IACvD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9D,MAAM,CAAC,GAAG,KAAgC,CAAC;IAC3C,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAChE,MAAM,IAAI,GAAG,CAAC,CAAC,IAA+B,CAAC;IAC/C,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,SAAS,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAClF,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAChF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,KAAiB,EACjB,SAAgC,OAAO,CAAC,MAAM;IAE9C,cAAc,EAAE,CAAC;IACjB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,IAAI,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;IACzC,IAAI,CAAC;QACH,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QAChF,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC;gBACH,UAAU,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC;gBACP,wDAAwD;YAC1D,CAAC;QACH,CAAC;QACD,MAAM,CAAC,KAAK,CACV,oCAAoC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CACzF,CAAC;QACF,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,UAAU,CACxB,OAII,EAAE;IAEN,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,EAAE,CAAC;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,cAAc,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAE7C,cAAc,CAAC,QAAQ,CAAC,CAAC;IAEzB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;QAClC,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,mCAAmC,UAAU,KAC3C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,8BAA8B,CAC/B,CAAC;QACF,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;QAClC,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,KAAK,CACV,wCAAwC,UAAU,8BAA8B,CACjF,CAAC;QACF,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;QAClC,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CACzB,OAA+C,EAC/C,OAII,EAAE;IAEN,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,EAAE,CAAC;IAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAEjC,0EAA0E;IAC1E,0EAA0E;IAC1E,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,8EAA8E;IAC9E,MAAM,IAAI,GAAe;QACvB,GAAG,OAAO;QACV,eAAe,EAAE,CAAC;QAClB,IAAI,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE;QAClD,UAAU,EAAE,OAAO,CAAC,UAAU;KAC/B,CAAC;IAEF,eAAe,CAAC,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
* No `fs` reads in this module beyond what `readConfig` does; no kubectl
|
|
19
19
|
* invocations. Pure resolution. Safe to call from any layer.
|
|
20
20
|
*/
|
|
21
|
+
import { writeConfig } from './config.js';
|
|
21
22
|
/**
|
|
22
23
|
* Result shape mirrors `auth-refresh-kubernetes.ts`'s pre-existing public
|
|
23
24
|
* `resolveKubectlContext` so callers there can be migrated without source
|
|
@@ -28,6 +29,14 @@ export interface KubectlContextResolution {
|
|
|
28
29
|
readonly deprecationWarning?: string;
|
|
29
30
|
readonly error?: string;
|
|
30
31
|
}
|
|
32
|
+
/**
|
|
33
|
+
* Canonical kubectl context provisioned by `olam setup` / `olam up` — the
|
|
34
|
+
* k3d cluster named by `DEFAULT_K3S_CLUSTER` (`olam-host`) surfaces as the
|
|
35
|
+
* context `k3d-olam-host`. Defined locally (rather than imported from
|
|
36
|
+
* bootstrap-kubernetes.ts) to avoid a module cycle; kept in sync via this
|
|
37
|
+
* comment. When present among the operator's contexts, auto-pin prefers it.
|
|
38
|
+
*/
|
|
39
|
+
export declare const CANONICAL_K3S_CONTEXT = "k3d-olam-host";
|
|
31
40
|
/**
|
|
32
41
|
* Resolve the operator's kubectl context name. See module docstring for policy.
|
|
33
42
|
*
|
|
@@ -35,4 +44,44 @@ export interface KubectlContextResolution {
|
|
|
35
44
|
* Returns a `KubectlContextResolution` — callers branch on `error` vs `context`.
|
|
36
45
|
*/
|
|
37
46
|
export declare function resolveKubectlContext(configPath?: string): KubectlContextResolution;
|
|
47
|
+
/**
|
|
48
|
+
* Injection seam for `autoPinKubectlContext`. Production callers use the
|
|
49
|
+
* defaults (shell out to `kubectl`, write `~/.olam/config.json`); tests inject
|
|
50
|
+
* pure functions.
|
|
51
|
+
*/
|
|
52
|
+
export interface AutoPinDeps {
|
|
53
|
+
/** Enumerate kubeconfig context names. Default: `kubectl config get-contexts -o name`. */
|
|
54
|
+
readonly getContexts?: () => string[];
|
|
55
|
+
/** Persist the chosen pin. Default: `writeConfig` (lib/config.ts). */
|
|
56
|
+
readonly writeConfigFn?: typeof writeConfig;
|
|
57
|
+
/** Override config path (tests). Default: `~/.olam/config.json`. */
|
|
58
|
+
readonly configPath?: string;
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Result of an auto-pin attempt. Exactly one of `context` (resolved — either
|
|
62
|
+
* pre-existing or freshly auto-pinned) or `error` (could not resolve
|
|
63
|
+
* unambiguously) is set. `autoPinnedMessage` is present only when this call
|
|
64
|
+
* wrote a new pin, so the caller can surface what it did.
|
|
65
|
+
*/
|
|
66
|
+
export interface AutoPinResult {
|
|
67
|
+
readonly context?: string;
|
|
68
|
+
readonly autoPinnedMessage?: string;
|
|
69
|
+
readonly error?: string;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Resolve the kubectl context, auto-pinning when it can be done unambiguously.
|
|
73
|
+
*
|
|
74
|
+
* Unlike the pure `resolveKubectlContext`, this helper is allowed to (a) shell
|
|
75
|
+
* out to `kubectl` to enumerate contexts and (b) persist a pin to
|
|
76
|
+
* `~/.olam/config.json`. It exists so the onboarding flow (`olam upgrade`)
|
|
77
|
+
* helps the operator resolve a missing pin instead of dead-ending.
|
|
78
|
+
*
|
|
79
|
+
* Policy:
|
|
80
|
+
* - Already pinned / `OLAM_K8S_CONTEXT_ACK` set → return it, write nothing.
|
|
81
|
+
* - Exactly the canonical `k3d-olam-host` present → pin it.
|
|
82
|
+
* - Exactly one `k3d-olam-*` context present → pin it.
|
|
83
|
+
* - Zero or multiple non-canonical `k3d-olam-*` → return an actionable error
|
|
84
|
+
* listing the candidates and the exact `olam config set` command.
|
|
85
|
+
*/
|
|
86
|
+
export declare function autoPinKubectlContext(deps?: AutoPinDeps): AutoPinResult;
|
|
38
87
|
//# sourceMappingURL=kubectl-context.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kubectl-context.d.ts","sourceRoot":"","sources":["../../src/lib/kubectl-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;
|
|
1
|
+
{"version":3,"file":"kubectl-context.d.ts","sourceRoot":"","sources":["../../src/lib/kubectl-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAc,WAAW,EAAE,MAAM,aAAa,CAAC;AAGtD;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAUD;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,kBAAkB,CAAC;AAErD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,wBAAwB,CAcnF;AAED;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,0FAA0F;IAC1F,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,MAAM,EAAE,CAAC;IACtC,sEAAsE;IACtE,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,WAAW,CAAC;IAC5C,oEAAoE;IACpE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAoBD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,GAAE,WAAgB,GAAG,aAAa,CA2B3E"}
|