@runfusion/fusion 0.26.0 → 0.27.1

package/dist/plugins/fusion-plugin-cli-printing-press/src/store/cli-press-store.ts

@@ -0,0 +1,427 @@
+import { randomUUID } from "node:crypto";
+import type { Database } from "@fusion/core";
+import {
+  InvalidCredentialPlacementError,
+  OAuthNotSupportedError,
+  type CliArtifact,
+  type CliArtifactCreateInput,
+  type CliArtifactUpdateInput,
+  type CliSpec,
+  type CliSpecCreateInput,
+  type CliSpecUpdateInput,
+  type Credential,
+  type CredentialCreateInput,
+  type CredentialUpdateInput,
+  type Service,
+  type ServiceCreateInput,
+  type ServiceSetting,
+  type ServiceSettingCreateInput,
+  type ServiceUpdateInput,
+} from "./cli-press-types.js";
+
+interface ServiceRow {
+  id: string;
+  slug: string;
+  displayName: string;
+  description: string | null;
+  baseUrl: string;
+  sourceKind: Service["sourceKind"];
+  sourceRef: string | null;
+  createdAt: string;
+  updatedAt: string;
+}
+
+interface CliSpecRow {
+  id: string;
+  serviceId: string;
+  name: string;
+  version: string;
+  generatorVersion: string;
+  specJson: string;
+  generatedAt: string | null;
+  status: CliSpec["status"];
+  lastGenerationError: string | null;
+  createdAt: string;
+  updatedAt: string;
+}
+
+interface CliArtifactRow {
+  id: string;
+  cliSpecId: string;
+  kind: CliArtifact["kind"];
+  path: string;
+  executable: number;
+  checksum: string | null;
+  sizeBytes: number | null;
+  createdAt: string;
+  updatedAt: string;
+}
+
+interface CredentialRow {
+  id: string;
+  serviceId: string;
+  name: string;
+  kind: Credential["kind"];
+  value: string;
+  placement: string;
+  createdAt: string;
+  updatedAt: string;
+}
+
+interface ServiceSettingRow {
+  id: string;
+  serviceId: string;
+  key: string;
+  value: string;
+  scope: ServiceSetting["scope"];
+  createdAt: string;
+  updatedAt: string;
+}
+
+const OAUTH_KINDS = new Set(["oauth", "oauth2"]);
+
+function parseJson<T>(value: string): T {
+  return JSON.parse(value) as T;
+}
+
+function nowIso(): string {
+  return new Date().toISOString();
+}
+
+function createId(prefix: "svc" | "cli" | "art" | "cred" | "set"): string {
+  return `${prefix}_${randomUUID()}`;
+}
+
+function assertCredentialSupported(kind: string): void {
+  if (OAUTH_KINDS.has(kind)) {
+    throw new OAuthNotSupportedError(kind);
+  }
+}
+
+function assertPlacementConsistency(
+  kind: Credential["kind"] | string,
+  placement: Credential["placement"] | { kind?: string; header?: string; queryParam?: string },
+): void {
+  const placementKind = (placement as { kind?: string }).kind;
+  if (placementKind !== kind) {
+    throw new InvalidCredentialPlacementError({ credentialKind: kind, placementKind: String(placementKind) });
+  }
+  if (kind === "api_key") {
+    const candidate = placement as { kind?: string; header?: string; queryParam?: string };
+    const hasHeader = typeof candidate.header === "string" && candidate.header.trim().length > 0;
+    const hasQuery = typeof candidate.queryParam === "string" && candidate.queryParam.trim().length > 0;
+    if ((hasHeader ? 1 : 0) + (hasQuery ? 1 : 0) !== 1) {
+      throw new InvalidCredentialPlacementError({ credentialKind: kind, placementKind: String(placementKind) });
+    }
+  }
+}
+
+export function ensureCliPressSchema(db: Database): void {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS cli_press_services (
+      id TEXT PRIMARY KEY,
+      slug TEXT NOT NULL UNIQUE,
+      displayName TEXT NOT NULL,
+      description TEXT,
+      baseUrl TEXT NOT NULL,
+      sourceKind TEXT NOT NULL,
+      sourceRef TEXT,
+      createdAt TEXT NOT NULL,
+      updatedAt TEXT NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS cli_press_cli_specs (
+      id TEXT PRIMARY KEY,
+      serviceId TEXT NOT NULL,
+      name TEXT NOT NULL,
+      version TEXT NOT NULL,
+      generatorVersion TEXT NOT NULL,
+      specJson TEXT NOT NULL,
+      generatedAt TEXT,
+      status TEXT NOT NULL,
+      lastGenerationError TEXT,
+      createdAt TEXT NOT NULL,
+      updatedAt TEXT NOT NULL,
+      FOREIGN KEY (serviceId) REFERENCES cli_press_services(id) ON DELETE CASCADE,
+      UNIQUE(serviceId, name)
+    );
+
+    CREATE TABLE IF NOT EXISTS cli_press_artifacts (
+      id TEXT PRIMARY KEY,
+      cliSpecId TEXT NOT NULL,
+      kind TEXT NOT NULL,
+      path TEXT NOT NULL,
+      executable INTEGER NOT NULL,
+      checksum TEXT,
+      sizeBytes INTEGER,
+      createdAt TEXT NOT NULL,
+      updatedAt TEXT NOT NULL,
+      FOREIGN KEY (cliSpecId) REFERENCES cli_press_cli_specs(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS cli_press_credentials (
+      id TEXT PRIMARY KEY,
+      serviceId TEXT NOT NULL,
+      name TEXT NOT NULL,
+      kind TEXT NOT NULL,
+      value TEXT NOT NULL,
+      placement TEXT NOT NULL,
+      createdAt TEXT NOT NULL,
+      updatedAt TEXT NOT NULL,
+      FOREIGN KEY (serviceId) REFERENCES cli_press_services(id) ON DELETE CASCADE,
+      UNIQUE(serviceId, name)
+    );
+
+    CREATE TABLE IF NOT EXISTS cli_press_service_settings (
+      id TEXT PRIMARY KEY,
+      serviceId TEXT NOT NULL,
+      key TEXT NOT NULL,
+      value TEXT NOT NULL,
+      scope TEXT NOT NULL,
+      createdAt TEXT NOT NULL,
+      updatedAt TEXT NOT NULL,
+      FOREIGN KEY (serviceId) REFERENCES cli_press_services(id) ON DELETE CASCADE,
+      UNIQUE(serviceId, key, scope)
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_cli_press_specs_service ON cli_press_cli_specs(serviceId);
+    CREATE INDEX IF NOT EXISTS idx_cli_press_artifacts_spec ON cli_press_artifacts(cliSpecId);
+    CREATE INDEX IF NOT EXISTS idx_cli_press_credentials_service ON cli_press_credentials(serviceId);
+    CREATE INDEX IF NOT EXISTS idx_cli_press_settings_service ON cli_press_service_settings(serviceId);
+  `);
+}
+
+export function createCliPressStore(db: Database) {
+  ensureCliPressSchema(db);
+
+  const mapService = (row: ServiceRow): Service => ({
+    id: row.id,
+    slug: row.slug,
+    displayName: row.displayName,
+    description: row.description ?? undefined,
+    baseUrl: row.baseUrl,
+    sourceKind: row.sourceKind,
+    sourceRef: row.sourceRef ?? undefined,
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  });
+
+  const mapSpec = (row: CliSpecRow): CliSpec => ({
+    id: row.id,
+    serviceId: row.serviceId,
+    name: row.name,
+    version: row.version,
+    generatorVersion: row.generatorVersion,
+    specJson: row.specJson,
+    generatedAt: row.generatedAt ?? undefined,
+    status: row.status,
+    lastGenerationError: row.lastGenerationError ?? undefined,
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  });
+
+  const mapArtifact = (row: CliArtifactRow): CliArtifact => ({
+    id: row.id,
+    cliSpecId: row.cliSpecId,
+    kind: row.kind,
+    path: row.path,
+    executable: Boolean(row.executable),
+    checksum: row.checksum ?? undefined,
+    sizeBytes: row.sizeBytes ?? undefined,
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  });
+
+  const mapCredential = (row: CredentialRow): Credential => ({
+    id: row.id,
+    serviceId: row.serviceId,
+    name: row.name,
+    kind: row.kind,
+    value: parseJson(row.value),
+    placement: parseJson(row.placement),
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  });
+
+  const mapSetting = (row: ServiceSettingRow): ServiceSetting => ({
+    id: row.id,
+    serviceId: row.serviceId,
+    key: row.key,
+    value: row.value,
+    scope: row.scope,
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  });
+
+  return {
+    listServices(): Service[] {
+      const rows = db.prepare("SELECT * FROM cli_press_services ORDER BY createdAt DESC").all() as unknown as ServiceRow[];
+      return rows.map(mapService);
+    },
+
+    getService(id: string): Service | undefined {
+      const row = db.prepare("SELECT * FROM cli_press_services WHERE id = ?").get(id) as unknown as ServiceRow | undefined;
+      return row ? mapService(row) : undefined;
+    },
+
+    createService(input: ServiceCreateInput): Service {
+      const service: Service = { id: createId("svc"), ...input, createdAt: nowIso(), updatedAt: nowIso() };
+      db.prepare(`INSERT INTO cli_press_services (id, slug, displayName, description, baseUrl, sourceKind, sourceRef, createdAt, updatedAt)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+        .run(service.id, service.slug, service.displayName, service.description ?? null, service.baseUrl, service.sourceKind, service.sourceRef ?? null, service.createdAt, service.updatedAt);
+      db.bumpLastModified();
+      return service;
+    },
+
+    updateService(id: string, updates: ServiceUpdateInput): Service {
+      const existing = this.getService(id);
+      if (!existing) throw new Error(`Service ${id} not found`);
+      const updated: Service = { ...existing, ...updates, id: existing.id, slug: existing.slug, createdAt: existing.createdAt, updatedAt: nowIso() };
+      db.prepare(`UPDATE cli_press_services SET displayName = ?, description = ?, baseUrl = ?, sourceKind = ?, sourceRef = ?, updatedAt = ? WHERE id = ?`)
+        .run(updated.displayName, updated.description ?? null, updated.baseUrl, updated.sourceKind, updated.sourceRef ?? null, updated.updatedAt, id);
+      db.bumpLastModified();
+      return updated;
+    },
+
+    deleteService(id: string): void {
+      db.transaction(() => {
+        db.prepare("DELETE FROM cli_press_services WHERE id = ?").run(id);
+      });
+      db.bumpLastModified();
+    },
+
+    listSpecs(serviceId: string): CliSpec[] {
+      const rows = db.prepare("SELECT * FROM cli_press_cli_specs WHERE serviceId = ? ORDER BY createdAt DESC").all(serviceId) as unknown as CliSpecRow[];
+      return rows.map(mapSpec);
+    },
+
+    getSpec(id: string): CliSpec | undefined {
+      const row = db.prepare("SELECT * FROM cli_press_cli_specs WHERE id = ?").get(id) as unknown as CliSpecRow | undefined;
+      return row ? mapSpec(row) : undefined;
+    },
+
+    createSpec(input: CliSpecCreateInput): CliSpec {
+      const spec: CliSpec = { id: createId("cli"), ...input, createdAt: nowIso(), updatedAt: nowIso() };
+      db.prepare(`INSERT INTO cli_press_cli_specs (id, serviceId, name, version, generatorVersion, specJson, generatedAt, status, lastGenerationError, createdAt, updatedAt)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+        .run(spec.id, spec.serviceId, spec.name, spec.version, spec.generatorVersion, spec.specJson, spec.generatedAt ?? null, spec.status, spec.lastGenerationError ?? null, spec.createdAt, spec.updatedAt);
+      db.bumpLastModified();
+      return spec;
+    },
+
+    updateSpec(id: string, updates: CliSpecUpdateInput): CliSpec {
+      const existing = this.getSpec(id);
+      if (!existing) throw new Error(`Spec ${id} not found`);
+      const updated: CliSpec = { ...existing, ...updates, id: existing.id, serviceId: existing.serviceId, createdAt: existing.createdAt, updatedAt: nowIso() };
+      db.prepare(`UPDATE cli_press_cli_specs SET name=?, version=?, generatorVersion=?, specJson=?, generatedAt=?, status=?, lastGenerationError=?, updatedAt=? WHERE id=?`)
+        .run(updated.name, updated.version, updated.generatorVersion, updated.specJson, updated.generatedAt ?? null, updated.status, updated.lastGenerationError ?? null, updated.updatedAt, id);
+      db.bumpLastModified();
+      return updated;
+    },
+
+    deleteSpec(id: string): void {
+      db.prepare("DELETE FROM cli_press_cli_specs WHERE id = ?").run(id);
+      db.bumpLastModified();
+    },
+
+    listArtifacts(specId: string): CliArtifact[] {
+      const rows = db.prepare("SELECT * FROM cli_press_artifacts WHERE cliSpecId = ? ORDER BY createdAt DESC").all(specId) as unknown as CliArtifactRow[];
+      return rows.map(mapArtifact);
+    },
+
+    createArtifact(input: CliArtifactCreateInput): CliArtifact {
+      const artifact: CliArtifact = { id: createId("art"), ...input, createdAt: nowIso(), updatedAt: nowIso() };
+      db.prepare(`INSERT INTO cli_press_artifacts (id, cliSpecId, kind, path, executable, checksum, sizeBytes, createdAt, updatedAt)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+        .run(artifact.id, artifact.cliSpecId, artifact.kind, artifact.path, artifact.executable ? 1 : 0, artifact.checksum ?? null, artifact.sizeBytes ?? null, artifact.createdAt, artifact.updatedAt);
+      db.bumpLastModified();
+      return artifact;
+    },
+
+    updateArtifact(id: string, updates: CliArtifactUpdateInput): CliArtifact {
+      const existing = db.prepare("SELECT * FROM cli_press_artifacts WHERE id = ?").get(id) as unknown as CliArtifactRow | undefined;
+      if (!existing) throw new Error(`Artifact ${id} not found`);
+      const updated = { ...mapArtifact(existing), ...updates, id: existing.id, cliSpecId: existing.cliSpecId, createdAt: existing.createdAt, updatedAt: nowIso() };
+      db.prepare("UPDATE cli_press_artifacts SET path=?, executable=?, checksum=?, sizeBytes=?, updatedAt=? WHERE id=?")
+        .run(updated.path, updated.executable ? 1 : 0, updated.checksum ?? null, updated.sizeBytes ?? null, updated.updatedAt, id);
+      db.bumpLastModified();
+      return updated;
+    },
+
+    deleteArtifact(id: string): void {
+      db.prepare("DELETE FROM cli_press_artifacts WHERE id = ?").run(id);
+      db.bumpLastModified();
+    },
+
+    listCredentials(serviceId: string): Credential[] {
+      const rows = db.prepare("SELECT * FROM cli_press_credentials WHERE serviceId = ? ORDER BY createdAt DESC").all(serviceId) as unknown as CredentialRow[];
+      return rows.map(mapCredential);
+    },
+
+    createCredential(input: CredentialCreateInput): Credential {
+      assertCredentialSupported(input.kind);
+      assertPlacementConsistency(input.kind, input.placement);
+      const cred: Credential = { id: createId("cred"), ...input, createdAt: nowIso(), updatedAt: nowIso() };
+      db.prepare(`INSERT INTO cli_press_credentials (id, serviceId, name, kind, value, placement, createdAt, updatedAt)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)`)
+        .run(cred.id, cred.serviceId, cred.name, cred.kind, JSON.stringify(cred.value), JSON.stringify(cred.placement), cred.createdAt, cred.updatedAt);
+      db.bumpLastModified();
+      return cred;
+    },
+
+    updateCredential(id: string, updates: CredentialUpdateInput): Credential {
+      const existing = db.prepare("SELECT * FROM cli_press_credentials WHERE id = ?").get(id) as unknown as CredentialRow | undefined;
+      if (!existing) throw new Error(`Credential ${id} not found`);
+      const mapped = mapCredential(existing);
+      const updated: Credential = {
+        ...mapped,
+        ...updates,
+        id: mapped.id,
+        serviceId: mapped.serviceId,
+        kind: mapped.kind,
+        createdAt: mapped.createdAt,
+        updatedAt: nowIso(),
+      };
+      assertCredentialSupported(updated.kind);
+      assertPlacementConsistency(updated.kind, updated.placement);
+      db.prepare("UPDATE cli_press_credentials SET name=?, value=?, placement=?, updatedAt=? WHERE id=?")
+        .run(updated.name, JSON.stringify(updated.value), JSON.stringify(updated.placement), updated.updatedAt, id);
+      db.bumpLastModified();
+      return updated;
+    },
+
+    deleteCredential(id: string): void {
+      db.prepare("DELETE FROM cli_press_credentials WHERE id = ?").run(id);
+      db.bumpLastModified();
+    },
+
+    listSettings(serviceId: string): ServiceSetting[] {
+      const rows = db.prepare("SELECT * FROM cli_press_service_settings WHERE serviceId = ? ORDER BY createdAt DESC").all(serviceId) as unknown as ServiceSettingRow[];
+      return rows.map(mapSetting);
+    },
+
+    setSetting(input: ServiceSettingCreateInput): ServiceSetting {
+      const existing = db.prepare("SELECT * FROM cli_press_service_settings WHERE serviceId = ? AND key = ? AND scope = ?")
+        .get(input.serviceId, input.key, input.scope) as unknown as ServiceSettingRow | undefined;
+      const now = nowIso();
+      if (existing) {
+        db.prepare("UPDATE cli_press_service_settings SET value = ?, updatedAt = ? WHERE id = ?").run(input.value, now, existing.id);
+        db.bumpLastModified();
+        return mapSetting({ ...existing, value: input.value, updatedAt: now });
+      }
+      const setting: ServiceSetting = { id: createId("set"), ...input, createdAt: now, updatedAt: now };
+      db.prepare(`INSERT INTO cli_press_service_settings (id, serviceId, key, value, scope, createdAt, updatedAt)
+        VALUES (?, ?, ?, ?, ?, ?, ?)`)
+        .run(setting.id, setting.serviceId, setting.key, setting.value, setting.scope, setting.createdAt, setting.updatedAt);
+      db.bumpLastModified();
+      return setting;
+    },
+
+    deleteSetting(id: string): void {
+      db.prepare("DELETE FROM cli_press_service_settings WHERE id = ?").run(id);
+      db.bumpLastModified();
+    },
+  };
+}
+
+export type CliPressStore = ReturnType<typeof createCliPressStore>;

package/dist/plugins/fusion-plugin-cli-printing-press/src/store/cli-press-types.ts

@@ -0,0 +1,110 @@
+export type ServiceSourceKind = "openapi" | "manual" | "other";
+
+export type CredentialKind = "api_key" | "bearer_token" | "basic_auth" | "header" | "query_param" | "env_var";
+
+export type CredentialPlacement =
+  | { kind: "header"; header: string }
+  | { kind: "query_param"; queryParam: string }
+  | { kind: "env_var"; envVar: string }
+  | { kind: "bearer_token"; header: string }
+  | { kind: "api_key"; header?: string; queryParam?: string }
+  | { kind: "basic_auth"; header: string };
+
+export type ServiceSettingScope = "runtime" | "wizard" | "metadata";
+
+export interface Service {
+  id: string;
+  slug: string;
+  displayName: string;
+  description?: string;
+  baseUrl: string;
+  sourceKind: ServiceSourceKind;
+  sourceRef?: string;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface CliSpec {
+  id: string;
+  serviceId: string;
+  name: string;
+  version: string;
+  generatorVersion: string;
+  specJson: string;
+  generatedAt?: string;
+  status: "draft" | "generated" | "failed";
+  lastGenerationError?: string;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface CliArtifact {
+  id: string;
+  cliSpecId: string;
+  kind: "binary" | "script" | "package";
+  path: string;
+  executable: boolean;
+  checksum?: string;
+  sizeBytes?: number;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface EncodedCredentialValue {
+  encoding: "base64";
+  value: string;
+}
+
+export interface Credential {
+  id: string;
+  serviceId: string;
+  name: string;
+  kind: CredentialKind;
+  value: EncodedCredentialValue;
+  placement: CredentialPlacement;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface ServiceSetting {
+  id: string;
+  serviceId: string;
+  key: string;
+  value: string;
+  scope: ServiceSettingScope;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export class OAuthNotSupportedError extends Error {
+  constructor(kind: string) {
+    super(`Credential kind \"${kind}\" is not supported. OAuth/OAuth2 are deferred.`);
+    this.name = "OAuthNotSupportedError";
+  }
+}
+
+export class InvalidCredentialPlacementError extends Error {
+  constructor(input: { credentialKind: string; placementKind: string }) {
+    super(
+      `Invalid credential placement: credential kind \"${input.credentialKind}\" does not match placement kind \"${input.placementKind}\".`,
+    );
+    this.name = "InvalidCredentialPlacementError";
+  }
+}
+
+export type ServiceCreateInput = Omit<Service, "id" | "createdAt" | "updatedAt">;
+export type ServiceUpdateInput = Partial<Pick<Service, "displayName" | "description" | "baseUrl" | "sourceKind" | "sourceRef">>;
+
+export type CliSpecCreateInput = Omit<CliSpec, "id" | "createdAt" | "updatedAt">;
+export type CliSpecUpdateInput = Partial<
+  Pick<CliSpec, "name" | "version" | "generatorVersion" | "specJson" | "status" | "lastGenerationError" | "generatedAt">
+>;
+
+export type CliArtifactCreateInput = Omit<CliArtifact, "id" | "createdAt" | "updatedAt">;
+export type CliArtifactUpdateInput = Partial<Pick<CliArtifact, "path" | "executable" | "checksum" | "sizeBytes">>;
+
+export type CredentialCreateInput = Omit<Credential, "id" | "createdAt" | "updatedAt">;
+export type CredentialUpdateInput = Partial<Pick<Credential, "name" | "value" | "placement">>;
+
+export type ServiceSettingCreateInput = Omit<ServiceSetting, "id" | "createdAt" | "updatedAt">;
+export type ServiceSettingUpdateInput = Pick<ServiceSetting, "value">;

package/dist/plugins/fusion-plugin-cli-printing-press/src/store/credentials.ts

@@ -0,0 +1,95 @@
+import { Buffer } from "node:buffer";
+import type { Credential, EncodedCredentialValue } from "./cli-press-types.js";
+import { InvalidCredentialPlacementError, OAuthNotSupportedError } from "./cli-press-types.js";
+
+export type RequestShape = {
+  headers: Record<string, string>;
+  query: Record<string, string>;
+  env: Record<string, string>;
+};
+
+export function encodeCredentialValue(raw: string): EncodedCredentialValue {
+  return {
+    encoding: "base64",
+    value: Buffer.from(raw, "utf8").toString("base64"),
+  };
+}
+
+export function decodeCredentialValue(encoded: EncodedCredentialValue): string {
+  if (encoded.encoding !== "base64") {
+    throw new Error(`Unsupported credential encoding: ${String((encoded as { encoding?: string }).encoding)}`);
+  }
+  return Buffer.from(encoded.value, "base64").toString("utf8");
+}
+
+function assertNoOAuth(kind: string): void {
+  if (kind === "oauth" || kind === "oauth2") {
+    throw new OAuthNotSupportedError(kind);
+  }
+}
+
+function assertPlacement(credential: Credential): void {
+  const credentialKind = credential.kind;
+  const placementKind = credential.placement.kind;
+  if (placementKind !== credentialKind) {
+    throw new InvalidCredentialPlacementError({ credentialKind, placementKind });
+  }
+  if (credential.kind === "api_key") {
+    const placement = credential.placement;
+    if (placement.kind !== "api_key") {
+      throw new InvalidCredentialPlacementError({ credentialKind, placementKind });
+    }
+    const hasHeader = typeof placement.header === "string" && placement.header.trim().length > 0;
+    const hasQuery = typeof placement.queryParam === "string" && placement.queryParam.trim().length > 0;
+    if ((hasHeader ? 1 : 0) + (hasQuery ? 1 : 0) !== 1) {
+      throw new InvalidCredentialPlacementError({ credentialKind, placementKind });
+    }
+  }
+}
+
+export function applyCredentialToRequest(credential: Credential, request: RequestShape): RequestShape {
+  assertNoOAuth((credential as { kind: string }).kind);
+  assertPlacement(credential);
+
+  const value = decodeCredentialValue(credential.value);
+
+  switch (credential.kind) {
+    case "header": {
+      const placement = credential.placement as { kind: "header"; header: string };
+      request.headers[placement.header] = value;
+      break;
+    }
+    case "query_param": {
+      const placement = credential.placement as { kind: "query_param"; queryParam: string };
+      request.query[placement.queryParam] = value;
+      break;
+    }
+    case "env_var": {
+      const placement = credential.placement as { kind: "env_var"; envVar: string };
+      request.env[placement.envVar] = value;
+      break;
+    }
+    case "bearer_token": {
+      const placement = credential.placement as { kind: "bearer_token"; header: string };
+      request.headers[placement.header] = `Bearer ${value}`;
+      break;
+    }
+    case "api_key": {
+      const placement = credential.placement as { kind: "api_key"; header?: string; queryParam?: string };
+      if (placement.header) {
+        request.headers[placement.header] = value;
+      } else if (placement.queryParam) {
+        request.query[placement.queryParam] = value;
+      }
+      break;
+    }
+    case "basic_auth": {
+      const placement = credential.placement as { kind: "basic_auth"; header: string };
+      const basicAuth = Buffer.from(value, "utf8").toString("base64");
+      request.headers[placement.header] = `Basic ${basicAuth}`;
+      break;
+    }
+  }
+
+  return request;
+}

package/dist/plugins/fusion-plugin-cli-printing-press/src/wizard/steps.tsx

@@ -0,0 +1,55 @@
+import type { ServiceDraft } from "./types.js";
+
+export function BasicsStep({ draft, onChange }: { draft: ServiceDraft; onChange: (patch: Partial<ServiceDraft>) => void }) {
+  return (
+    <div className="form-group">
+      <label>Name</label>
+      <input aria-label="Name" className="input" value={draft.name} onChange={(e) => onChange({ name: e.target.value })} />
+      <label>Slug</label>
+      <input aria-label="Slug" className="input" value={draft.slug} onChange={(e) => onChange({ slug: e.target.value })} />
+      <label>Description</label>
+      <input aria-label="Description" className="input" value={draft.description} onChange={(e) => onChange({ description: e.target.value })} />
+      <label>Base URL</label>
+      <input aria-label="Base URL" className="input" value={draft.baseUrl} onChange={(e) => onChange({ baseUrl: e.target.value })} />
+    </div>
+  );
+}
+
+export function TransportStep() {
+  return <div className="card"><p>Transport</p><input className="input" value="HTTP" readOnly disabled /><p>Other transports land in follow-up tasks.</p></div>;
+}
+
+export function EndpointsStep({ draft, onChange }: { draft: ServiceDraft; onChange: (endpoints: ServiceDraft["endpoints"]) => void }) {
+  return <div className="cli-press-endpoint-list">{draft.endpoints.map((endpoint) => <div className="card cli-press-endpoint-row" key={endpoint.id}><input className="input" value={endpoint.name} placeholder="Name" onChange={(e) => onChange(draft.endpoints.map((item) => item.id === endpoint.id ? { ...item, name: e.target.value } : item))} /><select className="input" value={endpoint.method} onChange={(e) => onChange(draft.endpoints.map((item) => item.id === endpoint.id ? { ...item, method: e.target.value as typeof endpoint.method } : item))}><option>GET</option><option>POST</option><option>PUT</option><option>PATCH</option><option>DELETE</option></select><input className="input" value={endpoint.path} placeholder="/path" onChange={(e) => onChange(draft.endpoints.map((item) => item.id === endpoint.id ? { ...item, path: e.target.value } : item))} /><button className="btn btn-danger" onClick={() => onChange(draft.endpoints.filter((item) => item.id !== endpoint.id))}>Remove</button></div>) }<button className="btn" onClick={() => onChange([...draft.endpoints, { id: crypto.randomUUID(), name: "", method: "GET", path: "" }])}>Add endpoint</button></div>;
+}
+
+export function CredentialsStep({ draft, onChange }: { draft: ServiceDraft; onChange: (credential: ServiceDraft["credential"]) => void }) {
+  const credential = draft.credential;
+  return (
+    <div className="form-group">
+      <p className="card">OAuth support is deferred to FN-3762 / FN-3766.</p>
+      <label><input type="radio" checked={credential.kind === "none"} onChange={() => onChange({ kind: "none" })} />None</label>
+      <label><input type="radio" checked={credential.kind === "apiKey"} onChange={() => onChange({ kind: "apiKey", header: "", envVar: "" })} />API Key</label>
+      <label><input type="radio" checked={credential.kind === "bearerToken"} onChange={() => onChange({ kind: "bearerToken", envVar: "" })} />Bearer Token</label>
+      <label><input type="radio" checked={credential.kind === "basicAuth"} onChange={() => onChange({ kind: "basicAuth", usernameEnvVar: "", passwordEnvVar: "" })} />Basic Auth</label>
+
+      {credential.kind === "apiKey" ? (
+        <>
+          <input className="input" value={credential.header} placeholder="X-Api-Key" onChange={(e) => onChange({ kind: "apiKey", header: e.target.value, envVar: credential.envVar })} />
+          <input className="input" value={credential.envVar} placeholder="SERVICE_API_KEY" onChange={(e) => onChange({ kind: "apiKey", header: credential.header, envVar: e.target.value })} />
+        </>
+      ) : null}
+      {credential.kind === "bearerToken" ? <input className="input" value={credential.envVar} placeholder="SERVICE_TOKEN" onChange={(e) => onChange({ kind: "bearerToken", envVar: e.target.value })} /> : null}
+      {credential.kind === "basicAuth" ? (
+        <>
+          <input className="input" value={credential.usernameEnvVar} placeholder="SERVICE_USER" onChange={(e) => onChange({ kind: "basicAuth", usernameEnvVar: e.target.value, passwordEnvVar: credential.passwordEnvVar })} />
+          <input className="input" value={credential.passwordEnvVar} placeholder="SERVICE_PASS" onChange={(e) => onChange({ kind: "basicAuth", usernameEnvVar: credential.usernameEnvVar, passwordEnvVar: e.target.value })} />
+        </>
+      ) : null}
+    </div>
+  );
+}
+
+export function ReviewStep({ draft }: { draft: ServiceDraft }) {
+  return <pre className="card">{JSON.stringify(draft, null, 2)}</pre>;
+}