@schoolai/shipyard 3.7.0 → 3.8.0-rc.20260529.1

package/dist/chunk-4T2OQAVL.js

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+import {
+  createOneShotPool
+} from "./chunk-ZFKJAYAN.js";
+
+// src/shared/capabilities/git-pool.ts
+var GIT_POOL_TTL_MS = 5e3;
+var GIT_POOL_MAX_CONCURRENT = 4;
+var poolsByCwd = /* @__PURE__ */ new Map();
+function getGitPool(cwd, deps) {
+  const existing = poolsByCwd.get(cwd);
+  if (existing !== void 0) return existing;
+  const pool = createOneShotPool(
+    { ttlMs: GIT_POOL_TTL_MS, maxConcurrent: GIT_POOL_MAX_CONCURRENT },
+    deps ?? {}
+  );
+  poolsByCwd.set(cwd, pool);
+  return pool;
+}
+async function gitExec(cwd, args) {
+  const result = await getGitPool(cwd).exec(["git", ...args], { cwd });
+  return result.value.trim();
+}
+async function gitExecSafe(cwd, args) {
+  try {
+    return await gitExec(cwd, args);
+  } catch {
+    return null;
+  }
+}
+function invalidateGitPool(cwd) {
+  poolsByCwd.get(cwd)?.invalidate();
+}
+var _testing = {
+  /** Dispose all pools and clear the registry. Used in test beforeEach to prevent cross-test cache pollution. */
+  clearAllPools: () => {
+    for (const pool of poolsByCwd.values()) {
+      pool.dispose();
+    }
+    poolsByCwd.clear();
+  }
+};
+
+export {
+  getGitPool,
+  gitExec,
+  gitExecSafe,
+  invalidateGitPool,
+  _testing
+};
+//# sourceMappingURL=chunk-4T2OQAVL.js.map

package/dist/chunk-4T2OQAVL.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/shared/capabilities/git-pool.ts"],"sourcesContent":["import { createOneShotPool, type OneShotPool, type OneShotPoolDeps } from '@shipyard/local-runtime';\n\n/**\n * Per-cwd OneShotPool instances for caching high-frequency git reads.\n *\n * Each unique working directory gets its own pool so cache entries are scoped\n * to a repo — a `git rev-parse HEAD` for /home/user/repo-a is never mistaken\n * for /home/user/repo-b. The pool handles TTL expiry and in-flight coalescing,\n * eliminating repeated subprocess spawns within the same 5-second window.\n *\n * Write operations (add, commit, push, reset, checkout) are never routed here.\n * Only reads whose staleness within a 5-second window is tolerable belong in\n * this pool: HEAD resolution, branch detection, remote URL, default-branch ref.\n */\n\nconst GIT_POOL_TTL_MS = 5_000;\nconst GIT_POOL_MAX_CONCURRENT = 4;\n\nconst poolsByCwd = new Map<string, OneShotPool>();\n\n/**\n * Return the per-cwd OneShotPool, creating it on first access.\n *\n * Exposed as a named export so callers that need DI (tests, mocks) can\n * bypass the module-level map and inject a fake pool directly.\n */\nexport function getGitPool(cwd: string, deps?: OneShotPoolDeps): OneShotPool {\n  const existing = poolsByCwd.get(cwd);\n  if (existing !== undefined) return existing;\n  const pool = createOneShotPool(\n    { ttlMs: GIT_POOL_TTL_MS, maxConcurrent: GIT_POOL_MAX_CONCURRENT },\n    deps ?? {}\n  );\n  poolsByCwd.set(cwd, pool);\n  return pool;\n}\n\n/**\n * Run a git read command in the given cwd, returning trimmed stdout.\n * Throws on non-zero exit (same semantics as `runWithTimeout`).\n *\n * Results are cached for 5 seconds; concurrent calls with the same\n * command string coalesce to a single subprocess.\n */\nexport async function gitExec(cwd: string, args: readonly string[]): Promise<string> {\n  const result = await getGitPool(cwd).exec(['git', ...args], { cwd });\n  return result.value.trim();\n}\n\n/**\n * Like `gitExec` but returns null on any error instead of throwing.\n * Mirrors the try/catch-returning-null pattern common in git helpers.\n */\nexport async function gitExecSafe(cwd: string, args: readonly string[]): Promise<string | null> {\n  try {\n    return await gitExec(cwd, args);\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Invalidate all cached results for a cwd — e.g. after a commit or branch\n * switch. Callers that write to the repo should invoke this so the next\n * read reflects the updated state rather than the stale 5s cache.\n */\nexport function invalidateGitPool(cwd: string): void {\n  poolsByCwd.get(cwd)?.invalidate();\n}\n\nexport const _testing = {\n  /** Dispose all pools and clear the registry. Used in test beforeEach to prevent cross-test cache pollution. */\n  clearAllPools: () => {\n    for (const pool of poolsByCwd.values()) {\n      pool.dispose();\n    }\n    poolsByCwd.clear();\n  },\n};\n"],"mappings":";;;;;;AAeA,IAAM,kBAAkB;AACxB,IAAM,0BAA0B;AAEhC,IAAM,aAAa,oBAAI,IAAyB;AAQzC,SAAS,WAAW,KAAa,MAAqC;AAC3E,QAAM,WAAW,WAAW,IAAI,GAAG;AACnC,MAAI,aAAa,OAAW,QAAO;AACnC,QAAM,OAAO;AAAA,IACX,EAAE,OAAO,iBAAiB,eAAe,wBAAwB;AAAA,IACjE,QAAQ,CAAC;AAAA,EACX;AACA,aAAW,IAAI,KAAK,IAAI;AACxB,SAAO;AACT;AASA,eAAsB,QAAQ,KAAa,MAA0C;AACnF,QAAM,SAAS,MAAM,WAAW,GAAG,EAAE,KAAK,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,IAAI,CAAC;AACnE,SAAO,OAAO,MAAM,KAAK;AAC3B;AAMA,eAAsB,YAAY,KAAa,MAAiD;AAC9F,MAAI;AACF,WAAO,MAAM,QAAQ,KAAK,IAAI;AAAA,EAChC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAOO,SAAS,kBAAkB,KAAmB;AACnD,aAAW,IAAI,GAAG,GAAG,WAAW;AAClC;AAEO,IAAM,WAAW;AAAA;AAAA,EAEtB,eAAe,MAAM;AACnB,eAAW,QAAQ,WAAW,OAAO,GAAG;AACtC,WAAK,QAAQ;AAAA,IACf;AACA,eAAW,MAAM;AAAA,EACnB;AACF;","names":[]}

package/dist/chunk-5ER6ZHA2.js

@@ -0,0 +1,46 @@
+#!/usr/bin/env node
+
+// src/services/credentials/vault-crypto.ts
+async function generateVaultKey() {
+  const key = new Uint8Array(32);
+  globalThis.crypto.getRandomValues(key);
+  return Buffer.from(key).toString("hex");
+}
+async function importKey(hexKey) {
+  const keyBytes = Buffer.from(hexKey, "hex");
+  if (keyBytes.length !== 32)
+    throw new Error(`Invalid vault key length: expected 32 bytes, got ${keyBytes.length}`);
+  return globalThis.crypto.subtle.importKey("raw", keyBytes, { name: "AES-GCM" }, false, [
+    "encrypt",
+    "decrypt"
+  ]);
+}
+async function encryptCredential(plaintext, hexKey) {
+  const key = await importKey(hexKey);
+  const iv = new Uint8Array(12);
+  globalThis.crypto.getRandomValues(iv);
+  const encoded = new TextEncoder().encode(plaintext);
+  const encrypted = await globalThis.crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, encoded);
+  return {
+    ciphertext: Buffer.from(encrypted).toString("base64"),
+    iv: Buffer.from(iv).toString("base64")
+  };
+}
+async function decryptCredential(ciphertext, iv, hexKey) {
+  const key = await importKey(hexKey);
+  const ivBytes = Buffer.from(iv, "base64");
+  const encrypted = Buffer.from(ciphertext, "base64");
+  const decrypted = await globalThis.crypto.subtle.decrypt(
+    { name: "AES-GCM", iv: ivBytes },
+    key,
+    encrypted
+  );
+  return new TextDecoder().decode(decrypted);
+}
+
+export {
+  generateVaultKey,
+  encryptCredential,
+  decryptCredential
+};
+//# sourceMappingURL=chunk-5ER6ZHA2.js.map

package/dist/chunk-5ER6ZHA2.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/services/credentials/vault-crypto.ts"],"sourcesContent":["export { encryptCredential, decryptCredential, generateVaultKey };\n\nasync function generateVaultKey(): Promise<string> {\n  const key = new Uint8Array(32);\n  globalThis.crypto.getRandomValues(key);\n  return Buffer.from(key).toString('hex');\n}\n\nasync function importKey(hexKey: string): Promise<CryptoKey> {\n  const keyBytes = Buffer.from(hexKey, 'hex');\n  if (keyBytes.length !== 32)\n    throw new Error(`Invalid vault key length: expected 32 bytes, got ${keyBytes.length}`);\n  return globalThis.crypto.subtle.importKey('raw', keyBytes, { name: 'AES-GCM' }, false, [\n    'encrypt',\n    'decrypt',\n  ]);\n}\n\nasync function encryptCredential(\n  plaintext: string,\n  hexKey: string\n): Promise<{ ciphertext: string; iv: string }> {\n  const key = await importKey(hexKey);\n  const iv = new Uint8Array(12);\n  globalThis.crypto.getRandomValues(iv);\n  const encoded = new TextEncoder().encode(plaintext);\n  const encrypted = await globalThis.crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded);\n  return {\n    ciphertext: Buffer.from(encrypted).toString('base64'),\n    iv: Buffer.from(iv).toString('base64'),\n  };\n}\n\nasync function decryptCredential(ciphertext: string, iv: string, hexKey: string): Promise<string> {\n  const key = await importKey(hexKey);\n  const ivBytes = Buffer.from(iv, 'base64');\n  const encrypted = Buffer.from(ciphertext, 'base64');\n  const decrypted = await globalThis.crypto.subtle.decrypt(\n    { name: 'AES-GCM', iv: ivBytes },\n    key,\n    encrypted\n  );\n  return new TextDecoder().decode(decrypted);\n}\n"],"mappings":";;;AAEA,eAAe,mBAAoC;AACjD,QAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,aAAW,OAAO,gBAAgB,GAAG;AACrC,SAAO,OAAO,KAAK,GAAG,EAAE,SAAS,KAAK;AACxC;AAEA,eAAe,UAAU,QAAoC;AAC3D,QAAM,WAAW,OAAO,KAAK,QAAQ,KAAK;AAC1C,MAAI,SAAS,WAAW;AACtB,UAAM,IAAI,MAAM,oDAAoD,SAAS,MAAM,EAAE;AACvF,SAAO,WAAW,OAAO,OAAO,UAAU,OAAO,UAAU,EAAE,MAAM,UAAU,GAAG,OAAO;AAAA,IACrF;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAe,kBACb,WACA,QAC6C;AAC7C,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,QAAM,KAAK,IAAI,WAAW,EAAE;AAC5B,aAAW,OAAO,gBAAgB,EAAE;AACpC,QAAM,UAAU,IAAI,YAAY,EAAE,OAAO,SAAS;AAClD,QAAM,YAAY,MAAM,WAAW,OAAO,OAAO,QAAQ,EAAE,MAAM,WAAW,GAAG,GAAG,KAAK,OAAO;AAC9F,SAAO;AAAA,IACL,YAAY,OAAO,KAAK,SAAS,EAAE,SAAS,QAAQ;AAAA,IACpD,IAAI,OAAO,KAAK,EAAE,EAAE,SAAS,QAAQ;AAAA,EACvC;AACF;AAEA,eAAe,kBAAkB,YAAoB,IAAY,QAAiC;AAChG,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,QAAM,UAAU,OAAO,KAAK,IAAI,QAAQ;AACxC,QAAM,YAAY,OAAO,KAAK,YAAY,QAAQ;AAClD,QAAM,YAAY,MAAM,WAAW,OAAO,OAAO;AAAA,IAC/C,EAAE,MAAM,WAAW,IAAI,QAAQ;AAAA,IAC/B;AAAA,IACA;AAAA,EACF;AACA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;","names":[]}