@treeseed/sdk 0.4.13 → 0.5.1

package/dist/operations/services/github-automation.d.ts

@@ -1,7 +1,67 @@
+export interface GitHubRepositoryProvisionInput {
+    owner: string;
+    name: string;
+    description?: string | null;
+    visibility?: 'private' | 'public' | 'internal';
+    homepageUrl?: string | null;
+    topics?: string[];
+}
+export interface GitHubProvisionedRepository {
+    slug: string;
+    owner: string;
+    name: string;
+    url: string;
+    sshUrl: string;
+    httpsUrl: string;
+    visibility: 'private' | 'public' | 'internal';
+    defaultBranch: string;
+}
 export declare function getGitHubAutomationMode(): "stub" | "real";
 export declare function parseGitHubRepositoryFromRemote(remoteUrl: any): string | null;
 export declare function resolveGitHubRepositorySlug(tenantRoot: any): string;
 export declare function maybeResolveGitHubRepositorySlug(tenantRoot: any): string | null;
+export declare function resolveDefaultGitHubOwner(): string;
+export declare function createGitHubRepository(input: any): {
+    visibility: any;
+    defaultBranch: string;
+    mode: string;
+    slug: string;
+    owner: string;
+    name: string;
+    sshUrl: string;
+    httpsUrl: string;
+    url: string;
+} | {
+    owner: string;
+    name: string;
+    url: string;
+    visibility: string;
+    defaultBranch: string;
+    slug: string;
+    sshUrl: string;
+    httpsUrl: string;
+};
+export declare function initializeGitHubRepositoryWorkingTree(cwd: any, repository: any, { defaultBranch, createStaging, commitMessage, remoteName, push, }?: {
+    defaultBranch?: string | undefined;
+    createStaging?: boolean | undefined;
+    commitMessage?: string | undefined;
+    remoteName?: string | undefined;
+    push?: boolean | undefined;
+}): {
+    repository: any;
+    remoteName: string;
+    defaultBranch: string;
+    stagingBranch: string | null;
+    pushed: boolean;
+    mode: string;
+} | {
+    repository: any;
+    remoteName: string;
+    defaultBranch: string;
+    stagingBranch: string | null;
+    pushed: boolean;
+    mode?: undefined;
+};
 export declare function resolveGitRepositoryRoot(tenantRoot: any): any;
 export declare function requiredGitHubEnvironment(tenantRoot: any, { scope, purpose }?: {
     scope?: string | undefined;

package/dist/operations/services/github-automation.js

@@ -7,6 +7,9 @@ function envOrNull(key) {
   const value = process.env[key];
   return typeof value === "string" && value.length > 0 ? value : null;
 }
+function slugifySegment(value, fallback = "project") {
+  return String(value ?? "").trim().toLowerCase().replace(/[^a-z0-9-]+/g, "-").replace(/^-+|-+$/g, "").replace(/-{2,}/g, "-").slice(0, 96) || fallback;
+}
 function getGitHubAutomationMode() {
   return process.env.TREESEED_GITHUB_AUTOMATION_MODE === "stub" ? "stub" : "real";
 }
@@ -61,6 +64,28 @@ function sleepSeconds(seconds) {
     stdio: "ignore"
   });
 }
+function resolveGitHubRemoteUrls(owner, name) {
+  const normalizedOwner = slugifySegment(owner, "owner");
+  const normalizedName = slugifySegment(name, "repo");
+  return {
+    slug: `${normalizedOwner}/${normalizedName}`,
+    owner: normalizedOwner,
+    name: normalizedName,
+    sshUrl: `git@github.com:${normalizedOwner}/${normalizedName}.git`,
+    httpsUrl: `https://github.com/${normalizedOwner}/${normalizedName}.git`,
+    url: `https://github.com/${normalizedOwner}/${normalizedName}`
+  };
+}
+function ensureGitIdentity(cwd) {
+  const currentName = runGit(["config", "--get", "user.name"], { cwd, allowFailure: true }).stdout?.trim() ?? "";
+  const currentEmail = runGit(["config", "--get", "user.email"], { cwd, allowFailure: true }).stdout?.trim() ?? "";
+  if (!currentName) {
+    runGit(["config", "user.name", envOrNull("TREESEED_GITHUB_COMMITTER_NAME") ?? "Treeseed Launch"], { cwd });
+  }
+  if (!currentEmail) {
+    runGit(["config", "user.email", envOrNull("TREESEED_GITHUB_COMMITTER_EMAIL") ?? "launch@knowledge.coop"], { cwd });
+  }
+}
 function resolveGitHubRepositorySlug(tenantRoot) {
   const remoteResult = runGit(["remote", "get-url", "origin"], { cwd: tenantRoot });
   const remoteUrl = remoteResult.stdout?.trim() ?? "";
@@ -77,6 +102,116 @@ function maybeResolveGitHubRepositorySlug(tenantRoot) {
     return null;
   }
 }
+function resolveDefaultGitHubOwner() {
+  const explicit = envOrNull("TREESEED_KNOWLEDGE_COOP_GITHUB_OWNER");
+  if (explicit) {
+    return explicit;
+  }
+  try {
+    const repository = maybeResolveGitHubRepositorySlug(process.cwd());
+    if (repository?.includes("/")) {
+      return repository.split("/")[0];
+    }
+  } catch {
+  }
+  return "treeseed-ai";
+}
+function createGitHubRepository(input) {
+  const visibility = input.visibility ?? "private";
+  const remotes = resolveGitHubRemoteUrls(input.owner, input.name);
+  if (isGitHubAutomationStubbed()) {
+    return {
+      ...remotes,
+      visibility,
+      defaultBranch: "main",
+      mode: "stub"
+    };
+  }
+  const existing = runGh(["repo", "view", remotes.slug, "--json", "name,owner,url,isPrivate,defaultBranchRef,visibility"], {
+    allowFailure: true
+  });
+  if (existing.status !== 0) {
+    const args = ["repo", "create", remotes.slug, "--disable-wiki", "--confirm"];
+    if (visibility === "public") {
+      args.push("--public");
+    } else if (visibility === "internal") {
+      args.push("--internal");
+    } else {
+      args.push("--private");
+    }
+    if (input.description) {
+      args.push("--description", input.description);
+    }
+    if (input.homepageUrl) {
+      args.push("--homepage", input.homepageUrl);
+    }
+    runGh(args, { capture: false });
+  }
+  if (Array.isArray(input.topics) && input.topics.length > 0) {
+    runGh(
+      ["repo", "edit", remotes.slug, ...input.topics.flatMap((topic) => ["--add-topic", slugifySegment(topic, "treeseed")])],
+      { capture: false }
+    );
+  }
+  const viewed = runGh(["repo", "view", remotes.slug, "--json", "name,owner,url,isPrivate,defaultBranchRef,visibility"], {});
+  const payload = JSON.parse(viewed.stdout || "{}");
+  return {
+    ...remotes,
+    owner: String(payload.owner?.login ?? remotes.owner),
+    name: String(payload.name ?? remotes.name),
+    url: String(payload.url ?? remotes.url),
+    visibility: String(payload.visibility ?? (payload.isPrivate === true ? "private" : visibility)),
+    defaultBranch: String(payload.defaultBranchRef?.name ?? "main")
+  };
+}
+function initializeGitHubRepositoryWorkingTree(cwd, repository, {
+  defaultBranch = "main",
+  createStaging = true,
+  commitMessage = "Initialize Knowledge Coop hub",
+  remoteName = "origin",
+  push = true
+} = {}) {
+  if (isGitHubAutomationStubbed()) {
+    return {
+      repository,
+      remoteName,
+      defaultBranch,
+      stagingBranch: createStaging ? "staging" : null,
+      pushed: false,
+      mode: "stub"
+    };
+  }
+  runGit(["init", "-b", defaultBranch], { cwd, allowFailure: true });
+  ensureGitIdentity(cwd);
+  const currentRemote = runGit(["remote", "get-url", remoteName], { cwd, allowFailure: true }).stdout?.trim() ?? "";
+  if (!currentRemote) {
+    runGit(["remote", "add", remoteName, repository.sshUrl], { cwd });
+  } else if (currentRemote !== repository.sshUrl && currentRemote !== repository.httpsUrl) {
+    runGit(["remote", "set-url", remoteName, repository.sshUrl], { cwd });
+  }
+  runGit(["add", "-A"], { cwd });
+  const hasChanges = runGit(["status", "--porcelain"], { cwd }).stdout?.trim().length > 0;
+  if (hasChanges) {
+    runGit(["commit", "-m", commitMessage], { cwd });
+  }
+  if (push) {
+    runGit(["push", "-u", remoteName, defaultBranch], { cwd, capture: false });
+  }
+  if (createStaging) {
+    runGit(["checkout", "-B", "staging"], { cwd });
+    if (push) {
+      runGit(["push", "-u", remoteName, "staging"], { cwd, capture: false });
+    }
+    runGit(["checkout", defaultBranch], { cwd });
+  }
+  return {
+    repository,
+    remoteName,
+    defaultBranch,
+    stagingBranch: createStaging ? "staging" : null,
+    pushed: push
+  };
+}
 function resolveGitRepositoryRoot(tenantRoot) {
   const result = runGit(["rev-parse", "--show-toplevel"], { cwd: tenantRoot, allowFailure: true });
   return result.status === 0 ? result.stdout.trim() : tenantRoot;
@@ -372,6 +507,7 @@ function waitForGitHubWorkflowCompletion(tenantRoot, {
   throw new Error(`Timed out waiting for GitHub workflow ${workflow} in ${repo}.`);
 }
 export {
+  createGitHubRepository,
   ensureDeployWorkflow,
   ensureGitHubDeployAutomation,
   ensureGitHubEnvironment,
@@ -380,6 +516,7 @@ export {
   ensureStandardizedGitHubWorkflows,
   formatMissingSecretsReport,
   getGitHubAutomationMode,
+  initializeGitHubRepositoryWorkingTree,
   listGitHubSecretNames,
   listGitHubVariableNames,
   maybeResolveGitHubRepositorySlug,
@@ -388,6 +525,7 @@ export {
   renderHostedProjectWorkflow,
   requiredGitHubEnvironment,
   requiredGitHubSecrets,
+  resolveDefaultGitHubOwner,
   resolveGitHubRepositorySlug,
   resolveGitRepositoryRoot,
   waitForGitHubWorkflowCompletion

package/dist/operations/services/key-agent.d.ts

@@ -0,0 +1,118 @@
+export declare const TRESEED_MACHINE_KEY_PASSPHRASE_ENV = "TREESEED_KEY_PASSPHRASE";
+export declare const TRESEED_KEY_AGENT_IDLE_TIMEOUT_MS: number;
+export declare const TREESEED_KEY_AGENT_IDLE_TIMEOUT_MS: number;
+export declare const TRESEED_WRAPPED_MACHINE_KEY_VERSION = 2;
+export declare const TRESEED_WRAPPED_MACHINE_KEY_KIND = "treeseed-wrapped-machine-key";
+export declare const TREESEED_MACHINE_KEY_PASSPHRASE_ENV = "TREESEED_KEY_PASSPHRASE";
+export type TreeseedWrappedMachineKey = {
+    version: 2;
+    kind: typeof TRESEED_WRAPPED_MACHINE_KEY_KIND;
+    createdAt: string;
+    updatedAt: string;
+    kdf: {
+        algorithm: 'scrypt';
+        salt: string;
+        N: number;
+        r: number;
+        p: number;
+        keyLength: number;
+    };
+    wrappedKey: {
+        algorithm: 'aes-256-gcm';
+        iv: string;
+        tag: string;
+        ciphertext: string;
+    };
+    fingerprint: string;
+};
+export type TreeseedKeyAgentStatus = {
+    running: boolean;
+    unlocked: boolean;
+    wrappedKeyPresent: boolean;
+    migrationRequired: boolean;
+    keyPath: string;
+    socketPath: string;
+    idleTimeoutMs: number;
+    idleRemainingMs: number;
+};
+export type TreeseedKeyAgentCommand = {
+    command: 'status';
+    keyPath: string;
+    socketPath: string;
+    idleTimeoutMs: number;
+} | {
+    command: 'unlock';
+    keyPath: string;
+    socketPath: string;
+    idleTimeoutMs: number;
+    passphrase: string;
+    createIfMissing?: boolean;
+    allowMigration?: boolean;
+} | {
+    command: 'lock';
+    keyPath: string;
+    socketPath: string;
+    idleTimeoutMs: number;
+} | {
+    command: 'touch';
+    keyPath: string;
+    socketPath: string;
+    idleTimeoutMs: number;
+} | {
+    command: 'get-machine-key';
+    keyPath: string;
+    socketPath: string;
+    idleTimeoutMs: number;
+};
+export type TreeseedKeyAgentResponse = {
+    ok: boolean;
+    code?: string;
+    message?: string;
+    status?: TreeseedKeyAgentStatus;
+    machineKey?: string;
+};
+export declare class TreeseedKeyAgentError extends Error {
+    code: 'locked' | 'unlock_required' | 'unlock_failed' | 'wrapped_key_missing' | 'wrapped_key_migration_required' | 'interactive_required' | 'daemon_unavailable' | 'corrupt_wrapped_key';
+    details?: Record<string, unknown>;
+    constructor(code: TreeseedKeyAgentError['code'], message: string, details?: Record<string, unknown>);
+}
+type TreeseedKeyAgentSessionState = {
+    machineKey: Buffer | null;
+    lastTouchedAt: number;
+    idleTimeoutMs: number;
+};
+export declare function unwrapMachineKey(payload: TreeseedWrappedMachineKey, passphrase: string): Buffer<ArrayBuffer>;
+export declare function readWrappedMachineKeyFile(keyPath: string): {
+    exists: boolean;
+    wrapped: null;
+    plaintextLegacy: null;
+    migrationRequired: boolean;
+} | {
+    exists: boolean;
+    wrapped: TreeseedWrappedMachineKey;
+    plaintextLegacy: null;
+    migrationRequired: boolean;
+} | {
+    exists: boolean;
+    wrapped: null;
+    plaintextLegacy: Buffer<ArrayBuffer>;
+    migrationRequired: boolean;
+};
+export declare function writeWrappedMachineKeyFile(keyPath: string, payload: TreeseedWrappedMachineKey): void;
+export declare function replaceWrappedMachineKey(keyPath: string, machineKey: Buffer, passphrase: string): TreeseedWrappedMachineKey;
+export declare function getTreeseedKeyAgentPaths(): {
+    homeRoot: string;
+    socketPath: string;
+};
+export declare function handleTreeseedKeyAgentCommand(command: TreeseedKeyAgentCommand, session: TreeseedKeyAgentSessionState): TreeseedKeyAgentResponse;
+export declare function requestTreeseedKeyAgent(command: TreeseedKeyAgentCommand): Promise<TreeseedKeyAgentResponse>;
+export declare function startTreeseedKeyAgentServer(options: {
+    keyPath: string;
+    socketPath?: string;
+    idleTimeoutMs?: number;
+}): Promise<void>;
+export declare function assertTreeseedKeyAgentResponse(response: TreeseedKeyAgentResponse, fallback?: string): TreeseedKeyAgentResponse;
+export declare function rotateWrappedMachineKeyPassphrase(keyPath: string, machineKey: Buffer, passphrase: string): TreeseedWrappedMachineKey;
+export declare function migrateLegacyProjectMachineKeyToWrapped(keyPath: string, legacyKeyPath: string, passphrase: string): TreeseedWrappedMachineKey;
+export declare function machineKeysEqual(left: Buffer, right: Buffer): boolean;
+export {};