@series-inc/stowkit-cli 0.6.34 → 0.6.35

package/dist/assets-package.d.ts

@@ -34,25 +34,11 @@ export interface RegistryVersion {
     totalSize: number;
     assets: RegistryAsset[];
 }
-export interface RegistryPackage {
-    description: string;
-    author: string;
-    tags: string[];
-    latest: string;
-    versions: Record<string, RegistryVersion>;
-    /** Pack-level thumbnail filename (e.g. "thumbnail.webp"), uploaded during publish */
-    thumbnail?: string;
-}
-export interface Registry {
-    schemaVersion: number;
-    packages: Record<string, RegistryPackage>;
-}
 export declare function readAssetsPackage(dir: string): Promise<AssetsPackage | null>;
 export declare function writeAssetsPackage(dir: string, pkg: AssetsPackage): Promise<void>;
 export declare function initAssetsPackage(dir: string, config: {
     name: string;
 }): Promise<AssetsPackage>;
-export declare function createEmptyRegistry(): Registry;
 /**
  * Given a set of requested stringIds and a version's asset list,
  * returns the full set of stringIds needed (transitive closure).

package/dist/assets-package.js

@@ -2,7 +2,7 @@ import * as fs from 'node:fs/promises';
 import * as path from 'node:path';
 // ─── Constants ───────────────────────────────────────────────────────────────
 const ASSETS_PACKAGE_FILE = 'assets-package.json';
-const DEFAULT_BUCKET = 'venus-shared-assets-test';
+const DEFAULT_BUCKET = 'rungame-shared-assets-test';
 // ─── Read / Write / Init ─────────────────────────────────────────────────────
 export async function readAssetsPackage(dir) {
     try {
@@ -30,9 +30,6 @@ export async function initAssetsPackage(dir, config) {
     await writeAssetsPackage(dir, pkg);
     return pkg;
 }
-export function createEmptyRegistry() {
-    return { schemaVersion: 1, packages: {} };
-}
 // ─── Dependency Resolution ───────────────────────────────────────────────────
 /**
  * Given a set of requested stringIds and a version's asset list,

package/dist/firestore.d.ts

@@ -0,0 +1,42 @@
+import type { RegistryAsset } from './assets-package.js';
+export interface FirestorePackageDoc {
+    description: string;
+    author: string;
+    tags: string[];
+    latest: string;
+    thumbnail: string | null;
+}
+export interface FirestoreVersionDoc {
+    publishedAt: string;
+    fileCount: number;
+    totalSize: number;
+    assets: RegistryAsset[];
+}
+/** Read-only client — uses public API key, no credentials needed */
+export interface FirestoreReader {
+    projectId: string;
+    getPackage(name: string): Promise<FirestorePackageDoc | null>;
+    listPackages(): Promise<Array<{
+        name: string;
+        data: FirestorePackageDoc;
+    }>>;
+    getVersion(packageName: string, version: string): Promise<FirestoreVersionDoc | null>;
+    listVersionKeys(packageName: string): Promise<string[]>;
+}
+/** Read-write client — uses service account, needed for publishing */
+export interface FirestoreClient extends FirestoreReader {
+    setPackage(name: string, data: FirestorePackageDoc): Promise<void>;
+    deletePackage(name: string): Promise<void>;
+    setVersion(packageName: string, version: string, data: FirestoreVersionDoc): Promise<void>;
+}
+/**
+ * Create a read-only Firestore client using the public API key.
+ * No service account or credentials needed — safe for CLI store commands,
+ * packer GUI browsing, and server read endpoints.
+ */
+export declare function createFirestoreReader(): FirestoreReader;
+/**
+ * Create a read-write Firestore client using a service account.
+ * Required for publishing — needs service_account.json in the project directory.
+ */
+export declare function createFirestoreClient(projectDir: string): Promise<FirestoreClient>;

package/dist/firestore.js

@@ -0,0 +1,240 @@
+import { loadServiceAccount, getAccessToken, FIRESTORE_SCOPE, GCS_SCOPE } from './gcp-auth.js';
+// ─── Constants ───────────────────────────────────────────────────────────────
+const FIRESTORE_PROJECT_ID = 'run-shared-assets';
+const FIRESTORE_API_KEY = 'AIzaSyCgat6uQgWI2_w2_5rK90RyuGbLs-Shp8Q';
+function toFirestore(value) {
+    if (value === null || value === undefined)
+        return { nullValue: null };
+    if (typeof value === 'string')
+        return { stringValue: value };
+    if (typeof value === 'boolean')
+        return { booleanValue: value };
+    if (typeof value === 'number') {
+        if (Number.isInteger(value))
+            return { integerValue: String(value) };
+        return { doubleValue: value };
+    }
+    if (Array.isArray(value)) {
+        if (value.length === 0)
+            return { arrayValue: {} };
+        return { arrayValue: { values: value.map(toFirestore) } };
+    }
+    if (typeof value === 'object') {
+        const fields = {};
+        for (const [k, v] of Object.entries(value)) {
+            fields[k] = toFirestore(v);
+        }
+        return { mapValue: { fields } };
+    }
+    return { stringValue: String(value) };
+}
+function fromFirestore(value) {
+    if ('stringValue' in value)
+        return value.stringValue;
+    if ('integerValue' in value)
+        return Number(value.integerValue);
+    if ('doubleValue' in value)
+        return value.doubleValue;
+    if ('booleanValue' in value)
+        return value.booleanValue;
+    if ('nullValue' in value)
+        return null;
+    if ('arrayValue' in value) {
+        return (value.arrayValue.values ?? []).map(fromFirestore);
+    }
+    if ('mapValue' in value) {
+        const fields = value.mapValue.fields;
+        if (!fields)
+            return {};
+        const result = {};
+        for (const [k, v] of Object.entries(fields)) {
+            result[k] = fromFirestore(v);
+        }
+        return result;
+    }
+    return null;
+}
+function docToObject(fields) {
+    if (!fields)
+        return null;
+    const result = {};
+    for (const [k, v] of Object.entries(fields)) {
+        result[k] = fromFirestore(v);
+    }
+    return result;
+}
+function objectToFields(data) {
+    const fields = {};
+    for (const [k, v] of Object.entries(data)) {
+        fields[k] = toFirestore(v);
+    }
+    return fields;
+}
+// ─── REST helpers ────────────────────────────────────────────────────────────
+const BASE = 'https://firestore.googleapis.com/v1';
+function docPath(projectId, ...segments) {
+    return `${BASE}/projects/${projectId}/databases/(default)/documents/${segments.join('/')}`;
+}
+// ─── Shared read operations ─────────────────────────────────────────────────
+function buildReadOps(projectId, fetchWithAuth) {
+    async function getPackage(name) {
+        const res = await fetchWithAuth(docPath(projectId, 'packages', name));
+        if (res.status === 404)
+            return null;
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Firestore GET packages/${name} failed (${res.status}): ${text}`);
+        }
+        const doc = (await res.json());
+        return docToObject(doc.fields);
+    }
+    async function listPackages() {
+        const results = [];
+        let pageToken;
+        do {
+            const params = new URLSearchParams({ pageSize: '300' });
+            if (pageToken)
+                params.set('pageToken', pageToken);
+            const res = await fetchWithAuth(`${docPath(projectId, 'packages')}?${params}`);
+            if (!res.ok) {
+                const text = await res.text();
+                throw new Error(`Firestore LIST packages failed (${res.status}): ${text}`);
+            }
+            const body = (await res.json());
+            if (body.documents) {
+                for (const doc of body.documents) {
+                    const docId = doc.name.split('/').pop();
+                    const data = docToObject(doc.fields);
+                    if (data)
+                        results.push({ name: docId, data });
+                }
+            }
+            pageToken = body.nextPageToken;
+        } while (pageToken);
+        return results;
+    }
+    async function getVersion(packageName, version) {
+        const res = await fetchWithAuth(docPath(projectId, 'packages', packageName, 'versions', version));
+        if (res.status === 404)
+            return null;
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Firestore GET packages/${packageName}/versions/${version} failed (${res.status}): ${text}`);
+        }
+        const doc = (await res.json());
+        return docToObject(doc.fields);
+    }
+    async function listVersionKeys(packageName) {
+        const results = [];
+        let pageToken;
+        do {
+            const params = new URLSearchParams({ pageSize: '300' });
+            if (pageToken)
+                params.set('pageToken', pageToken);
+            const res = await fetchWithAuth(`${docPath(projectId, 'packages', packageName, 'versions')}?${params}`);
+            if (!res.ok) {
+                const text = await res.text();
+                throw new Error(`Firestore LIST versions for ${packageName} failed (${res.status}): ${text}`);
+            }
+            const body = (await res.json());
+            if (body.documents) {
+                for (const doc of body.documents) {
+                    results.push(doc.name.split('/').pop());
+                }
+            }
+            pageToken = body.nextPageToken;
+        } while (pageToken);
+        return results;
+    }
+    return { getPackage, listPackages, getVersion, listVersionKeys };
+}
+// ─── Public Reader (API key, no credentials) ────────────────────────────────
+/**
+ * Create a read-only Firestore client using the public API key.
+ * No service account or credentials needed — safe for CLI store commands,
+ * packer GUI browsing, and server read endpoints.
+ */
+export function createFirestoreReader() {
+    const projectId = FIRESTORE_PROJECT_ID;
+    const apiKey = FIRESTORE_API_KEY;
+    function fetchWithAuth(url) {
+        const sep = url.includes('?') ? '&' : '?';
+        return fetch(`${url}${sep}key=${apiKey}`);
+    }
+    return { projectId, ...buildReadOps(projectId, fetchWithAuth) };
+}
+// ─── Authenticated Writer (service account) ──────────────────────────────────
+/**
+ * Create a read-write Firestore client using a service account.
+ * Required for publishing — needs service_account.json in the project directory.
+ */
+export async function createFirestoreClient(projectDir) {
+    const sa = await loadServiceAccount(projectDir);
+    const projectId = sa.project_id;
+    let token = null;
+    let tokenExpiry = 0;
+    async function getToken() {
+        const now = Date.now();
+        if (token && now < tokenExpiry)
+            return token;
+        token = await getAccessToken(sa, [FIRESTORE_SCOPE, GCS_SCOPE]);
+        tokenExpiry = now + 55 * 60 * 1000;
+        return token;
+    }
+    function fetchWithAuth(url) {
+        return getToken().then(t => fetch(url, {
+            headers: { Authorization: `Bearer ${t}` },
+        }));
+    }
+    const readOps = buildReadOps(projectId, fetchWithAuth);
+    async function setPackage(name, data) {
+        const t = await getToken();
+        const url = docPath(projectId, 'packages', name);
+        const body = JSON.stringify({ fields: objectToFields(data) });
+        const res = await fetch(url, {
+            method: 'PATCH',
+            headers: { Authorization: `Bearer ${t}`, 'Content-Type': 'application/json' },
+            body,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Firestore PATCH packages/${name} failed (${res.status}): ${text}`);
+        }
+    }
+    async function deletePackage(name) {
+        const t = await getToken();
+        // Delete version subcollection docs first
+        const versions = await readOps.listVersionKeys(name);
+        for (const ver of versions) {
+            const url = docPath(projectId, 'packages', name, 'versions', ver);
+            await fetch(url, { method: 'DELETE', headers: { Authorization: `Bearer ${t}` } });
+        }
+        const url = docPath(projectId, 'packages', name);
+        const res = await fetch(url, { method: 'DELETE', headers: { Authorization: `Bearer ${t}` } });
+        if (!res.ok && res.status !== 404) {
+            const text = await res.text();
+            throw new Error(`Firestore DELETE packages/${name} failed (${res.status}): ${text}`);
+        }
+    }
+    async function setVersion(packageName, version, data) {
+        const t = await getToken();
+        const url = docPath(projectId, 'packages', packageName, 'versions', version);
+        const body = JSON.stringify({ fields: objectToFields(data) });
+        const res = await fetch(url, {
+            method: 'PATCH',
+            headers: { Authorization: `Bearer ${t}`, 'Content-Type': 'application/json' },
+            body,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Firestore PATCH packages/${packageName}/versions/${version} failed (${res.status}): ${text}`);
+        }
+    }
+    return {
+        projectId,
+        ...readOps,
+        setPackage,
+        deletePackage,
+        setVersion,
+    };
+}

package/dist/gcp-auth.d.ts

@@ -0,0 +1,9 @@
+export interface ServiceAccount {
+    client_email: string;
+    private_key: string;
+    project_id: string;
+}
+export declare const GCS_SCOPE = "https://www.googleapis.com/auth/devstorage.read_write";
+export declare const FIRESTORE_SCOPE = "https://www.googleapis.com/auth/datastore";
+export declare function getAccessToken(sa: ServiceAccount, scopes: string[]): Promise<string>;
+export declare function loadServiceAccount(projectDir: string): Promise<ServiceAccount>;

package/dist/gcp-auth.js

@@ -0,0 +1,69 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as crypto from 'node:crypto';
+// ─── Scopes ──────────────────────────────────────────────────────────────────
+export const GCS_SCOPE = 'https://www.googleapis.com/auth/devstorage.read_write';
+export const FIRESTORE_SCOPE = 'https://www.googleapis.com/auth/datastore';
+// ─── JWT Auth ────────────────────────────────────────────────────────────────
+function base64url(data) {
+    const buf = typeof data === 'string' ? Buffer.from(data) : data;
+    return buf.toString('base64url');
+}
+function createJWT(sa, scopes) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = { alg: 'RS256', typ: 'JWT' };
+    const payload = {
+        iss: sa.client_email,
+        scope: scopes.join(' '),
+        aud: 'https://oauth2.googleapis.com/token',
+        iat: now,
+        exp: now + 3600,
+    };
+    const segments = `${base64url(JSON.stringify(header))}.${base64url(JSON.stringify(payload))}`;
+    const sign = crypto.createSign('RSA-SHA256');
+    sign.update(segments);
+    const signature = sign.sign(sa.private_key);
+    return `${segments}.${base64url(signature)}`;
+}
+export async function getAccessToken(sa, scopes) {
+    const jwt = createJWT(sa, scopes);
+    const res = await fetch('https://oauth2.googleapis.com/token', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: `grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${jwt}`,
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`GCP auth failed (${res.status}): ${text}`);
+    }
+    const data = await res.json();
+    return data.access_token;
+}
+// ─── Credential Resolution ───────────────────────────────────────────────────
+export async function loadServiceAccount(projectDir) {
+    // Search order: project dir, cwd, GOOGLE_APPLICATION_CREDENTIALS env
+    const candidates = [
+        path.join(projectDir, 'service_account.json'),
+        path.join(process.cwd(), 'service_account.json'),
+    ];
+    for (const candidate of candidates) {
+        try {
+            const text = await fs.readFile(candidate, 'utf-8');
+            return JSON.parse(text);
+        }
+        catch { /* not found */ }
+    }
+    // Fall back to GOOGLE_APPLICATION_CREDENTIALS
+    const envPath = process.env.GOOGLE_APPLICATION_CREDENTIALS;
+    if (envPath) {
+        try {
+            const text = await fs.readFile(envPath, 'utf-8');
+            return JSON.parse(text);
+        }
+        catch {
+            throw new Error(`Could not read service account from GOOGLE_APPLICATION_CREDENTIALS: ${envPath}`);
+        }
+    }
+    throw new Error('No GCS credentials found. Place service_account.json in project root, ' +
+        'current directory, or set GOOGLE_APPLICATION_CREDENTIALS environment variable.');
+}

package/dist/gcs.d.ts

@@ -1,10 +1,5 @@
 export interface GCSClient {
     upload(objectPath: string, data: Uint8Array | string, contentType?: string): Promise<void>;
     download(objectPath: string): Promise<string | null>;
-    downloadWithGeneration(objectPath: string): Promise<{
-        data: string;
-        generation: string;
-    } | null>;
-    uploadWithGeneration(objectPath: string, data: string, generation: string | null, contentType?: string): Promise<void>;
 }
 export declare function createGCSClient(projectDir: string, bucketUri: string): Promise<GCSClient>;

package/dist/gcs.js

@@ -1,69 +1,4 @@
-import * as fs from 'node:fs/promises';
-import * as path from 'node:path';
-import * as crypto from 'node:crypto';
-// ─── JWT Auth ────────────────────────────────────────────────────────────────
-function base64url(data) {
-    const buf = typeof data === 'string' ? Buffer.from(data) : data;
-    return buf.toString('base64url');
-}
-function createJWT(sa) {
-    const now = Math.floor(Date.now() / 1000);
-    const header = { alg: 'RS256', typ: 'JWT' };
-    const payload = {
-        iss: sa.client_email,
-        scope: 'https://www.googleapis.com/auth/devstorage.read_write',
-        aud: 'https://oauth2.googleapis.com/token',
-        iat: now,
-        exp: now + 3600,
-    };
-    const segments = `${base64url(JSON.stringify(header))}.${base64url(JSON.stringify(payload))}`;
-    const sign = crypto.createSign('RSA-SHA256');
-    sign.update(segments);
-    const signature = sign.sign(sa.private_key);
-    return `${segments}.${base64url(signature)}`;
-}
-async function getAccessToken(sa) {
-    const jwt = createJWT(sa);
-    const res = await fetch('https://oauth2.googleapis.com/token', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-        body: `grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${jwt}`,
-    });
-    if (!res.ok) {
-        const text = await res.text();
-        throw new Error(`GCS auth failed (${res.status}): ${text}`);
-    }
-    const data = await res.json();
-    return data.access_token;
-}
-// ─── Credential Resolution ───────────────────────────────────────────────────
-async function loadServiceAccount(projectDir) {
-    // Search order: project dir, cwd, GOOGLE_APPLICATION_CREDENTIALS env
-    const candidates = [
-        path.join(projectDir, 'service_account.json'),
-        path.join(process.cwd(), 'service_account.json'),
-    ];
-    for (const candidate of candidates) {
-        try {
-            const text = await fs.readFile(candidate, 'utf-8');
-            return JSON.parse(text);
-        }
-        catch { /* not found */ }
-    }
-    // Fall back to GOOGLE_APPLICATION_CREDENTIALS
-    const envPath = process.env.GOOGLE_APPLICATION_CREDENTIALS;
-    if (envPath) {
-        try {
-            const text = await fs.readFile(envPath, 'utf-8');
-            return JSON.parse(text);
-        }
-        catch {
-            throw new Error(`Could not read service account from GOOGLE_APPLICATION_CREDENTIALS: ${envPath}`);
-        }
-    }
-    throw new Error('No GCS credentials found. Place service_account.json in project root, ' +
-        'current directory, or set GOOGLE_APPLICATION_CREDENTIALS environment variable.');
-}
+import { loadServiceAccount, getAccessToken, GCS_SCOPE } from './gcp-auth.js';
 // ─── Bucket Name Parsing ─────────────────────────────────────────────────────
 function parseBucket(bucketUri) {
     // Accept "gs://bucket-name" or just "bucket-name"
@@ -74,7 +9,7 @@ function parseBucket(bucketUri) {
 // ─── GCS Client Factory ─────────────────────────────────────────────────────
 export async function createGCSClient(projectDir, bucketUri) {
     const sa = await loadServiceAccount(projectDir);
-    const token = await getAccessToken(sa);
+    const token = await getAccessToken(sa, [GCS_SCOPE]);
     const bucket = parseBucket(bucketUri);
     const apiBase = `https://storage.googleapis.com`;
     return {
@@ -109,50 +44,5 @@ export async function createGCSClient(projectDir, bucketUri) {
             }
             return res.text();
         },
-        async downloadWithGeneration(objectPath) {
-            const encoded = encodeURIComponent(objectPath);
-            const url = `${apiBase}/storage/v1/b/${bucket}/o/${encoded}?alt=media`;
-            const res = await fetch(url, {
-                headers: { Authorization: `Bearer ${token}` },
-            });
-            if (res.status === 404)
-                return null;
-            if (!res.ok) {
-                const text = await res.text();
-                throw new Error(`GCS download failed for ${objectPath} (${res.status}): ${text}`);
-            }
-            const data = await res.text();
-            const generation = res.headers.get('x-goog-generation') ?? '0';
-            return { data, generation };
-        },
-        async uploadWithGeneration(objectPath, data, generation, contentType = 'application/json') {
-            const encoded = encodeURIComponent(objectPath);
-            let url = `${apiBase}/upload/storage/v1/b/${bucket}/o?uploadType=media&name=${encoded}`;
-            const headers = {
-                Authorization: `Bearer ${token}`,
-                'Content-Type': contentType,
-            };
-            // Optimistic concurrency: if we have a generation, require it to match
-            if (generation) {
-                headers['x-goog-if-generation-match'] = generation;
-            }
-            else {
-                // Object should not exist yet
-                headers['x-goog-if-generation-match'] = '0';
-            }
-            const res = await fetch(url, {
-                method: 'POST',
-                headers,
-                body: data,
-            });
-            if (res.status === 412) {
-                throw new Error(`Registry was modified by another publish while uploading. ` +
-                    `Please retry the publish command.`);
-            }
-            if (!res.ok) {
-                const text = await res.text();
-                throw new Error(`GCS upload failed for ${objectPath} (${res.status}): ${text}`);
-            }
-        },
     };
 }

package/dist/index.d.ts

@@ -30,5 +30,7 @@ export { syncRuntimeAssets } from './sync-runtime-assets.js';
 export { publishPackage } from './publish.js';
 export type { PublishOptions, PublishResult } from './publish.js';
 export * from './assets-package.js';
-export { fetchRegistry, searchAssets, listPackages, resolveAssetDeps } from './store.js';
+export { searchAssets, listStorePackages, resolveAssetDeps } from './store.js';
 export type { SearchResult, PackageInfo } from './store.js';
+export { createFirestoreReader, createFirestoreClient } from './firestore.js';
+export type { FirestoreReader, FirestoreClient, FirestorePackageDoc, FirestoreVersionDoc } from './firestore.js';

package/dist/index.js

@@ -39,4 +39,6 @@ export { syncRuntimeAssets } from './sync-runtime-assets.js';
 export { publishPackage } from './publish.js';
 export * from './assets-package.js';
 // Store
-export { fetchRegistry, searchAssets, listPackages, resolveAssetDeps } from './store.js';
+export { searchAssets, listStorePackages, resolveAssetDeps } from './store.js';
+// Firestore
+export { createFirestoreReader, createFirestoreClient } from './firestore.js';