@sanity/ailf 2.5.0 → 2.6.0

package/dist/_vendor/ailf-core/ports/context.d.ts

@@ -164,8 +164,25 @@ export interface ResolvedConfig {
     captureGcsBucket?: string;
     /** GCS object prefix for capture uploads (default: "captures/") */
     captureGcsPrefix?: string;
-    /** GCS bucket for report artifact uploads — enables ArtifactUploader (D0030) */
+    /**
+     * GCS bucket for report artifact uploads. Defaults to "ailf-artifacts"
+     * at the composition root — only set this to override (e.g., self-hosted
+     * deployment with a different bucket). Read access is governed by the
+     * gateway's signing credentials, so alternate bucket names require
+     * reconfiguring the gateway as well (D0030).
+     */
     artifactGcsBucket?: string;
+    /**
+     * Controls whether the ArtifactUploader is constructed.
+     *
+     * - `undefined` (default): auto — construct when credentials are available
+     *   (ADC for direct GCS, or AILF_API_KEY for gateway-signed URLs).
+     * - `true`: force-enable — still a no-op if no credentials are present (P5).
+     * - `false`: force-disable — skip artifact upload even when credentials exist.
+     *
+     * Sourced from AILF_ARTIFACT_UPLOAD env var or `artifactUpload` in ailf.config.ts.
+     */
+    artifactUpload?: boolean;
 }
 /**
  * Application context — the complete dependency carrier.

package/dist/commands/pipeline-action.js

@@ -16,7 +16,7 @@ import { fileURLToPath } from "url";
 import { classifyUrls } from "../pipeline/classify-url.js";
 import { normalizeMode } from "../pipeline/normalize-mode.js";
 import { assessImpact, buildReverseMapping, } from "../pipeline/reverse-mapping.js";
-import { buildAppContext } from "../orchestration/build-app-context.js";
+import { buildAppContext, parseArtifactUploadEnv, } from "../orchestration/build-app-context.js";
 import { buildStepSequence } from "../orchestration/build-step-sequence.js";
 import { orchestratePipeline } from "../orchestration/pipeline-orchestrator.js";
 import { load } from "js-yaml";
@@ -329,6 +329,7 @@ export async function executePipeline(cliOpts) {
         config.captureGcsBucket ??= process.env.AILF_CAPTURE_GCS_BUCKET;
         config.captureGcsPrefix ??= process.env.AILF_CAPTURE_GCS_PREFIX;
         config.artifactGcsBucket ??= process.env.AILF_GCS_ARTIFACT_BUCKET;
+        config.artifactUpload ??= parseArtifactUploadEnv(process.env.AILF_ARTIFACT_UPLOAD);
         // Create AppContext directly from the merged config so adapters
         // (especially taskSource) are wired from the file config's
         // taskSourceType — not from CLI defaults.

package/dist/composition-root.d.ts

@@ -26,8 +26,15 @@ export declare function createAppContext(config: ResolvedConfig): AppContext;
 /**
  * Selects an ArtifactUploader implementation based on available credentials.
  *
- * Returns undefined when artifact upload is not configured — the publish
- * step skips silently in that case (P5).
+ * Selection order:
+ *   1. config.artifactUpload === false → always skip (explicit opt-out)
+ *   2. GOOGLE_APPLICATION_CREDENTIALS or GCLOUD_PROJECT present → direct GCS
+ *   3. apiKey + apiUrl present → gateway-signed PUT URL
+ *   4. Neither → skip silently (P5)
+ *
+ * The bucket defaults to DEFAULT_ARTIFACT_BUCKET when not explicitly set —
+ * users only need to override for self-hosted deployments with a different
+ * bucket (and matching gateway signing credentials).
  *
  * Exported for unit-test access; not part of the public package API.
  */

package/dist/composition-root.js

@@ -83,13 +83,9 @@ export function createAppContext(config) {
             : fsCollector;
     }
     // Report artifact uploader — uploads structured files to GCS at known
-    // paths for Studio to fetch via signed URLs (D0030).
-    //
-    // Selection (W0042):
-    //   1. Direct GCS upload when ADC env vars are present (CI / GCP runtime)
-    //   2. API Gateway signed-URL upload when only an AILF API key is present
-    //      (local dev — no GCS credentials needed)
-    //   3. Skipped silently when neither is configured
+    // paths for Studio to fetch via signed URLs (D0030). Auto-detects the
+    // right adapter from available credentials; defaults bucket to
+    // "ailf-artifacts". Set artifactUpload: false to opt out entirely.
     const artifactUploader = createArtifactUploader(config, logger);
     return {
         artifactUploader,
@@ -120,34 +116,51 @@ function createLogger() {
             process.env.AILF_VERBOSE === "1",
     });
 }
+/**
+ * Shared GCS bucket for report artifacts. Matches the gateway default at
+ * packages/api/src/routes/artifacts.ts — both sides assume ailf-artifacts
+ * unless explicitly overridden. The gateway's signing credentials are scoped
+ * to this bucket, so alternate names require reconfiguring the gateway.
+ */
+const DEFAULT_ARTIFACT_BUCKET = "ailf-artifacts";
 /**
  * Selects an ArtifactUploader implementation based on available credentials.
  *
- * Returns undefined when artifact upload is not configured — the publish
- * step skips silently in that case (P5).
+ * Selection order:
+ *   1. config.artifactUpload === false → always skip (explicit opt-out)
+ *   2. GOOGLE_APPLICATION_CREDENTIALS or GCLOUD_PROJECT present → direct GCS
+ *   3. apiKey + apiUrl present → gateway-signed PUT URL
+ *   4. Neither → skip silently (P5)
+ *
+ * The bucket defaults to DEFAULT_ARTIFACT_BUCKET when not explicitly set —
+ * users only need to override for self-hosted deployments with a different
+ * bucket (and matching gateway signing credentials).
  *
  * Exported for unit-test access; not part of the public package API.
  */
 export function createArtifactUploader(config, logger) {
-    if (!config.artifactGcsBucket)
+    if (config.artifactUpload === false) {
+        logger.debug("Artifact upload explicitly disabled via artifactUpload=false");
         return undefined;
+    }
+    const bucket = config.artifactGcsBucket ?? DEFAULT_ARTIFACT_BUCKET;
     // CI / GCP runtime — direct GCS upload (fastest, no extra hop).
     // We treat the presence of either env var as the user opting in to ADC.
     const hasGcsCredentials = Boolean(process.env.GOOGLE_APPLICATION_CREDENTIALS || process.env.GCLOUD_PROJECT);
     if (hasGcsCredentials) {
-        logger.debug("Artifact uploader: GcsReportArtifactUploader (direct GCS via ADC)");
-        return new GcsReportArtifactUploader({ bucket: config.artifactGcsBucket });
+        logger.debug(`Artifact uploader: GcsReportArtifactUploader (direct GCS via ADC, bucket=${bucket})`);
+        return new GcsReportArtifactUploader({ bucket });
     }
     // Local dev — request signed PUT URLs from the API gateway, no GCS creds needed.
     if (config.apiKey && config.apiUrl) {
-        logger.debug(`Artifact uploader: ApiGatewayArtifactUploader (signed URL via ${config.apiUrl})`);
+        logger.debug(`Artifact uploader: ApiGatewayArtifactUploader (signed URL via ${config.apiUrl}, bucket=${bucket})`);
         return new ApiGatewayArtifactUploader({
             apiBaseUrl: config.apiUrl,
             apiKey: config.apiKey,
-            bucket: config.artifactGcsBucket,
+            bucket,
         });
     }
-    logger.debug("Artifact upload skipped: AILF_GCS_ARTIFACT_BUCKET set but no GCS credentials or AILF_API_KEY available");
+    logger.debug("Artifact upload skipped: no GCS credentials or AILF_API_KEY available");
     return undefined;
 }
 function createCache(config) {

package/dist/orchestration/build-app-context.d.ts

@@ -18,6 +18,14 @@ import type { ResolvedOptions } from "../commands/pipeline-action.js";
  * are derived (e.g., areas from areaOption).
  */
 export declare function mapToResolvedConfig(opts: ResolvedOptions, rootDir: string): ResolvedConfig;
+/**
+ * Parse the AILF_ARTIFACT_UPLOAD env var into a tri-state.
+ *
+ * - "0" | "false" → false (force-disable)
+ * - "1" | "true"  → true  (force-enable; still a no-op without credentials)
+ * - unset | other → undefined (auto-detect from credentials)
+ */
+export declare function parseArtifactUploadEnv(value: string | undefined): boolean | undefined;
 /**
  * Build an AppContext from legacy ResolvedOptions.
  *

package/dist/orchestration/build-app-context.js

@@ -85,8 +85,26 @@ export function mapToResolvedConfig(opts, rootDir) {
         captureGcsBucket: process.env.AILF_CAPTURE_GCS_BUCKET,
         captureGcsPrefix: process.env.AILF_CAPTURE_GCS_PREFIX,
         artifactGcsBucket: process.env.AILF_GCS_ARTIFACT_BUCKET,
+        artifactUpload: parseArtifactUploadEnv(process.env.AILF_ARTIFACT_UPLOAD),
     };
 }
+/**
+ * Parse the AILF_ARTIFACT_UPLOAD env var into a tri-state.
+ *
+ * - "0" | "false" → false (force-disable)
+ * - "1" | "true"  → true  (force-enable; still a no-op without credentials)
+ * - unset | other → undefined (auto-detect from credentials)
+ */
+export function parseArtifactUploadEnv(value) {
+    if (value === undefined)
+        return undefined;
+    const normalized = value.trim().toLowerCase();
+    if (normalized === "0" || normalized === "false")
+        return false;
+    if (normalized === "1" || normalized === "true")
+        return true;
+    return undefined;
+}
 /**
  * Build an AppContext from legacy ResolvedOptions.
  *

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sanity/ailf",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "private": false,
   "publishConfig": {
     "access": "public"