@treeseed/sdk 0.6.1 → 0.6.2

package/dist/operations/services/github-api.js

@@ -27,11 +27,23 @@ function parseGitHubRepositorySlug(value) {
     name: rest.join("/")
   };
 }
-function createGitHubSignal(timeoutMs = DEFAULT_GITHUB_API_TIMEOUT_MS) {
+function createGitHubRequestSignal(timeoutMs = DEFAULT_GITHUB_API_TIMEOUT_MS, upstreamSignal) {
   if (typeof AbortSignal !== "undefined" && typeof AbortSignal.timeout === "function") {
-    return AbortSignal.timeout(timeoutMs);
+    const timeoutSignal = AbortSignal.timeout(timeoutMs);
+    if (upstreamSignal) {
+      const abortSignalAny = AbortSignal.any;
+      return typeof abortSignalAny === "function" ? abortSignalAny([upstreamSignal, timeoutSignal]) : timeoutSignal;
+    }
+    return timeoutSignal;
   }
-  return void 0;
+  return upstreamSignal ?? void 0;
+}
+function createGitHubTimeoutFetch(timeoutMs = DEFAULT_GITHUB_API_TIMEOUT_MS) {
+  const baseFetch = globalThis.fetch.bind(globalThis);
+  return ((input, init) => {
+    const signal = createGitHubRequestSignal(timeoutMs, init?.signal ?? null);
+    return baseFetch(input, signal ? { ...init, signal } : init);
+  });
 }
 function normalizeGitHubApiError(error, context) {
   if (error && typeof error === "object") {
@@ -100,7 +112,7 @@ function createGitHubApiClient({
   return new Octokit({
     auth: token,
     request: {
-      signal: createGitHubSignal(timeoutMs)
+      fetch: createGitHubTimeoutFetch(timeoutMs)
     }
   });
 }
@@ -208,6 +220,50 @@ async function listGitHubRepositoryVariableNames(repository, { client = createGi
     throw normalizeGitHubApiError(error, `Unable to list GitHub variables for ${owner}/${name}`);
   }
 }
+async function ensureGitHubActionsEnvironment(repository, environmentName, { client = createGitHubApiClient() } = {}) {
+  const { owner, name: repo } = typeof repository === "string" ? parseGitHubRepositorySlug(repository) : repository;
+  try {
+    await withGitHubApiRetries(() => client.request("PUT /repos/{owner}/{repo}/environments/{environment_name}", {
+      owner,
+      repo,
+      environment_name: environmentName
+    }));
+    return { repository: `${owner}/${repo}`, environment: environmentName };
+  } catch (error) {
+    throw normalizeGitHubApiError(error, `Unable to ensure GitHub environment ${environmentName} for ${owner}/${repo}`);
+  }
+}
+async function paginateGitHubEnvironmentNames(client, route, params) {
+  const paginate = client.paginate;
+  return await paginateNames(() => paginate(route, {
+    ...params,
+    per_page: 100
+  }));
+}
+async function listGitHubEnvironmentSecretNames(repository, environmentName, { client = createGitHubApiClient() } = {}) {
+  const { owner, name } = typeof repository === "string" ? parseGitHubRepositorySlug(repository) : repository;
+  try {
+    return await paginateGitHubEnvironmentNames(
+      client,
+      "GET /repos/{owner}/{repo}/environments/{environment_name}/secrets",
+      { owner, repo: name, environment_name: environmentName }
+    );
+  } catch (error) {
+    throw normalizeGitHubApiError(error, `Unable to list GitHub environment secrets for ${owner}/${name}:${environmentName}`);
+  }
+}
+async function listGitHubEnvironmentVariableNames(repository, environmentName, { client = createGitHubApiClient() } = {}) {
+  const { owner, name } = typeof repository === "string" ? parseGitHubRepositorySlug(repository) : repository;
+  try {
+    return await paginateGitHubEnvironmentNames(
+      client,
+      "GET /repos/{owner}/{repo}/environments/{environment_name}/variables",
+      { owner, repo: name, environment_name: environmentName }
+    );
+  } catch (error) {
+    throw normalizeGitHubApiError(error, `Unable to list GitHub environment variables for ${owner}/${name}:${environmentName}`);
+  }
+}
 async function encryptGitHubSecret(secret, key) {
   await sodium.ready;
   const messageBytes = Buffer.from(secret);
@@ -233,6 +289,27 @@ async function upsertGitHubRepositorySecret(repository, name, value, { client =
     throw normalizeGitHubApiError(error, `Unable to upsert GitHub secret ${name} for ${owner}/${repo}`);
   }
 }
+async function upsertGitHubEnvironmentSecret(repository, environmentName, name, value, { client = createGitHubApiClient() } = {}) {
+  const { owner, name: repo } = typeof repository === "string" ? parseGitHubRepositorySlug(repository) : repository;
+  try {
+    const key = await client.request("GET /repos/{owner}/{repo}/environments/{environment_name}/secrets/public-key", {
+      owner,
+      repo,
+      environment_name: environmentName
+    });
+    const encryptedValue = await encryptGitHubSecret(value, String(key.data.key ?? ""));
+    await withGitHubApiRetries(() => client.request("PUT /repos/{owner}/{repo}/environments/{environment_name}/secrets/{secret_name}", {
+      owner,
+      repo,
+      environment_name: environmentName,
+      secret_name: name,
+      encrypted_value: encryptedValue,
+      key_id: String(key.data.key_id ?? "")
+    }));
+  } catch (error) {
+    throw normalizeGitHubApiError(error, `Unable to upsert GitHub environment secret ${name} for ${owner}/${repo}:${environmentName}`);
+  }
+}
 async function upsertGitHubRepositoryVariable(repository, name, value, { client = createGitHubApiClient() } = {}) {
   const { owner, name: repo } = typeof repository === "string" ? parseGitHubRepositorySlug(repository) : repository;
   try {
@@ -273,6 +350,38 @@ async function upsertGitHubRepositoryVariable(repository, name, value, { client
     throw normalizeGitHubApiError(error, `Unable to upsert GitHub variable ${name} for ${owner}/${repo}`);
   }
 }
+async function upsertGitHubEnvironmentVariable(repository, environmentName, name, value, { client = createGitHubApiClient() } = {}) {
+  const { owner, name: repo } = typeof repository === "string" ? parseGitHubRepositorySlug(repository) : repository;
+  try {
+    await withGitHubApiRetries(async () => {
+      try {
+        await client.request("POST /repos/{owner}/{repo}/environments/{environment_name}/variables", {
+          owner,
+          repo,
+          environment_name: environmentName,
+          name,
+          value
+        });
+        return;
+      } catch (error) {
+        const status = typeof error?.status === "number" ? Number(error.status) : null;
+        const message = error instanceof Error ? error.message : String(error ?? "");
+        if (status !== 409 && status !== 422 && !/already exists/iu.test(message)) {
+          throw error;
+        }
+      }
+      await client.request("PATCH /repos/{owner}/{repo}/environments/{environment_name}/variables/{name}", {
+        owner,
+        repo,
+        environment_name: environmentName,
+        name,
+        value
+      });
+    });
+  } catch (error) {
+    throw normalizeGitHubApiError(error, `Unable to upsert GitHub environment variable ${name} for ${owner}/${repo}:${environmentName}`);
+  }
+}
 function upsertGitHubRepositoryVariableWithGhCli(repository, name, value, {
   env = process.env
 } = {}) {
@@ -440,14 +549,19 @@ async function ensureGitHubBranchFromBase(repository, branch, {
 }
 export {
   createGitHubApiClient,
+  ensureGitHubActionsEnvironment,
   ensureGitHubBranchFromBase,
   ensureGitHubRepository,
   getGitHubRepository,
+  listGitHubEnvironmentSecretNames,
+  listGitHubEnvironmentVariableNames,
   listGitHubRepositorySecretNames,
   listGitHubRepositoryVariableNames,
   maybeGetGitHubRepository,
   parseGitHubRepositorySlug,
   resolveGitHubApiToken,
+  upsertGitHubEnvironmentSecret,
+  upsertGitHubEnvironmentVariable,
   upsertGitHubRepositorySecret,
   upsertGitHubRepositoryVariable,
   upsertGitHubRepositoryVariableWithGhCli,

package/dist/operations/services/github-automation.d.ts

@@ -16,11 +16,41 @@ export interface GitHubProvisionedRepository {
     visibility: 'private' | 'public' | 'internal';
     defaultBranch: string;
 }
+export interface TreeseedGitHubRepositoryTarget {
+    owner: string;
+    name: string;
+    visibility: 'private' | 'public' | 'internal';
+    source: 'config' | 'origin' | 'default';
+}
 export declare function getGitHubAutomationMode(): "stub" | "real";
 export declare function parseGitHubRepositoryFromRemote(remoteUrl: any): string | null;
 export declare function resolveGitHubRepositorySlug(tenantRoot: any): string;
 export declare function maybeResolveGitHubRepositorySlug(tenantRoot: any): string | null;
 export declare function resolveDefaultGitHubOwner(): string;
+export declare function resolveGitHubRepositoryTarget(tenantRoot: string, { values, defaultName, }?: {
+    values?: Record<string, string | undefined>;
+    defaultName?: string;
+}): TreeseedGitHubRepositoryTarget;
+export declare function ensureGitHubBootstrapRepository(tenantRoot: string, { values, defaultName, onProgress, }?: {
+    values?: Record<string, string | undefined>;
+    defaultName?: string;
+    onProgress?: (message: string) => void;
+}): Promise<{
+    repository: string;
+    target: TreeseedGitHubRepositoryTarget;
+    created: boolean;
+    remote: {
+        changed: boolean;
+        previous: null;
+        next: string;
+    } | {
+        changed: boolean;
+        previous: string;
+        next: string;
+    };
+    pushed: boolean;
+    mode: string;
+}>;
 export declare function createGitHubRepository(input: any): Promise<import("./github-api.ts").GitHubRepositorySummary | {
     visibility: any;
     defaultBranch: string;

package/dist/operations/services/github-automation.js

@@ -6,6 +6,8 @@ import { packageRoot, loadCliDeployConfig } from "./runtime-tools.js";
 import {
   createGitHubApiClient,
   ensureGitHubRepository,
+  maybeGetGitHubRepository,
+  parseGitHubRepositorySlug,
   listGitHubRepositorySecretNames,
   listGitHubRepositoryVariableNames,
   upsertGitHubRepositorySecret,
@@ -97,7 +99,7 @@ function maybeResolveGitHubRepositorySlug(tenantRoot) {
   }
 }
 function resolveDefaultGitHubOwner() {
-  const explicit = envOrNull("TREESEED_KNOWLEDGE_COOP_GITHUB_OWNER");
+  const explicit = envOrNull("TREESEED_GITHUB_OWNER");
   if (explicit) {
     return explicit;
   }
@@ -110,6 +112,108 @@ function resolveDefaultGitHubOwner() {
   }
   return "treeseed-ai";
 }
+function normalizeGitHubVisibility(value) {
+  const normalized = String(value ?? "").trim().toLowerCase();
+  return normalized === "public" || normalized === "internal" || normalized === "private" ? normalized : "private";
+}
+function configuredValue(values, key) {
+  const value = values?.[key] ?? process.env[key];
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : "";
+}
+function resolveGitHubRepositoryTarget(tenantRoot, {
+  values = {},
+  defaultName
+} = {}) {
+  const origin = maybeResolveGitHubRepositorySlug(tenantRoot);
+  const parsedOrigin = origin ? parseGitHubRepositorySlug(origin) : null;
+  const owner = configuredValue(values, "TREESEED_GITHUB_OWNER") || parsedOrigin?.owner || "";
+  const name = configuredValue(values, "TREESEED_GITHUB_REPOSITORY_NAME") || parsedOrigin?.name || defaultName || "project";
+  if (!owner) {
+    throw new Error("Configure TREESEED_GITHUB_OWNER before GitHub repository bootstrap.");
+  }
+  return {
+    owner: slugifySegment(owner, "owner"),
+    name: slugifySegment(name, "project"),
+    visibility: normalizeGitHubVisibility(configuredValue(values, "TREESEED_GITHUB_REPOSITORY_VISIBILITY")),
+    source: configuredValue(values, "TREESEED_GITHUB_OWNER") || configuredValue(values, "TREESEED_GITHUB_REPOSITORY_NAME") ? "config" : parsedOrigin ? "origin" : "default"
+  };
+}
+function ensureGitRepositoryInitialized(cwd, defaultBranch) {
+  const insideWorkTree = runGit(["rev-parse", "--is-inside-work-tree"], { cwd, allowFailure: true }).stdout?.trim() === "true";
+  if (!insideWorkTree) {
+    runGit(["init", "-b", defaultBranch], { cwd });
+  }
+  ensureGitIdentity(cwd);
+}
+function ensureOriginRemote(cwd, repository, remoteName = "origin") {
+  const currentRemote = runGit(["remote", "get-url", remoteName], { cwd, allowFailure: true }).stdout?.trim() ?? "";
+  if (!currentRemote) {
+    runGit(["remote", "add", remoteName, repository.sshUrl], { cwd });
+    return { changed: true, previous: null, next: repository.sshUrl };
+  }
+  if (currentRemote !== repository.sshUrl && currentRemote !== repository.httpsUrl) {
+    runGit(["remote", "set-url", remoteName, repository.sshUrl], { cwd });
+    return { changed: true, previous: currentRemote, next: repository.sshUrl };
+  }
+  return { changed: false, previous: currentRemote, next: currentRemote };
+}
+function pushAllGitHubRefs(cwd, remoteName = "origin") {
+  runGit(["push", "-u", remoteName, "--all"], { cwd, capture: false });
+  runGit(["push", remoteName, "--tags"], { cwd, capture: false });
+}
+async function ensureGitHubBootstrapRepository(tenantRoot, {
+  values = {},
+  defaultName,
+  onProgress
+} = {}) {
+  const target = resolveGitHubRepositoryTarget(tenantRoot, { values, defaultName });
+  const remotes = resolveGitHubRemoteUrls(target.owner, target.name);
+  const slug = remotes.slug;
+  onProgress?.(`[local][github][repo] Preparing ${slug} from ${target.source}...`);
+  if (isGitHubAutomationStubbed()) {
+    onProgress?.(`[local][github][repo] Stubbed GitHub automation; repository ${slug} not changed.`);
+    return {
+      repository: slug,
+      target,
+      created: false,
+      remote: { changed: false, previous: null, next: remotes.sshUrl },
+      pushed: false,
+      mode: "stub"
+    };
+  }
+  const client = createGitHubApiClient({
+    env: {
+      GH_TOKEN: configuredValue(values, "GH_TOKEN") || configuredValue(values, "GITHUB_TOKEN"),
+      GITHUB_TOKEN: configuredValue(values, "GH_TOKEN") || configuredValue(values, "GITHUB_TOKEN")
+    }
+  });
+  const existing = await maybeGetGitHubRepository({ owner: target.owner, name: target.name }, { client });
+  const repository = existing ?? await ensureGitHubRepository({
+    owner: target.owner,
+    name: target.name,
+    visibility: target.visibility
+  }, { client });
+  const created = !existing;
+  onProgress?.(`[local][github][repo] ${created ? "Created" : "Verified"} ${repository.slug}.`);
+  ensureGitRepositoryInitialized(tenantRoot, repository.defaultBranch || "main");
+  const remote = ensureOriginRemote(tenantRoot, repository);
+  if (remote.changed) {
+    onProgress?.(`[local][github][repo] Updated origin remote to ${repository.slug}.`);
+  }
+  if (created) {
+    onProgress?.(`[local][github][repo] Pushing all local branches and tags to ${repository.slug}...`);
+    pushAllGitHubRefs(tenantRoot);
+    onProgress?.(`[local][github][repo] Pushed all local branches and tags to ${repository.slug}.`);
+  }
+  return {
+    repository: repository.slug,
+    target,
+    created,
+    remote,
+    pushed: created,
+    mode: "real"
+  };
+}
 async function createGitHubRepository(input) {
   const visibility = input.visibility ?? "private";
   const remotes = resolveGitHubRemoteUrls(input.owner, input.name);
@@ -422,6 +526,7 @@ async function waitForGitHubWorkflowCompletion(tenantRoot, {
 export {
   createGitHubRepository,
   ensureDeployWorkflow,
+  ensureGitHubBootstrapRepository,
   ensureGitHubDeployAutomation,
   ensureGitHubEnvironment,
   ensureGitHubSecrets,
@@ -440,6 +545,7 @@ export {
   requiredGitHubSecrets,
   resolveDefaultGitHubOwner,
   resolveGitHubRepositorySlug,
+  resolveGitHubRepositoryTarget,
   resolveGitRepositoryRoot,
   waitForGitHubWorkflowCompletion
 };

package/dist/operations/services/project-platform.d.ts

@@ -1,4 +1,6 @@
 import { type ControlPlaneReporter } from '../../control-plane.ts';
+import type { TreeseedRunnableBootstrapSystem } from '../../reconcile/index.ts';
+import { type TreeseedBootstrapExecution, type TreeseedBootstrapWriter } from './bootstrap-runner.ts';
 export type ProjectPlatformScope = 'local' | 'staging' | 'prod';
 export type ProjectPlatformAction = 'provision' | 'deploy_code' | 'publish_content' | 'monitor';
 export interface ProjectPlatformActionOptions {
@@ -9,9 +11,43 @@ export interface ProjectPlatformActionOptions {
     dryRun?: boolean;
     reporter?: ControlPlaneReporter;
     skipProvision?: boolean;
+    bootstrapSystems?: TreeseedRunnableBootstrapSystem[];
+    bootstrapExecution?: TreeseedBootstrapExecution;
+    write?: TreeseedBootstrapWriter;
+    env?: NodeJS.ProcessEnv | Record<string, string | undefined>;
 }
 export declare function inferEnvironmentFromBranch(tenantRoot: string): "staging" | "prod";
 export declare function resolveScope(environment: string | null): ProjectPlatformScope;
+export type TenantCloudflareDeployContext = {
+    tenantRoot: string;
+    scope: ProjectPlatformScope;
+    target: any;
+    dryRun?: boolean;
+    wranglerPath: string;
+    databaseName: string;
+    pagesProjectName: string | null;
+    pagesBranchName: string | null;
+    env: NodeJS.ProcessEnv | Record<string, string | undefined>;
+    write?: TreeseedBootstrapWriter;
+};
+export declare function prepareTenantCloudflareDeploy({ tenantRoot, scope, target: explicitTarget, dryRun, write, env, }: {
+    tenantRoot: string;
+    scope: ProjectPlatformScope;
+    target?: any;
+    dryRun?: boolean;
+    write?: TreeseedBootstrapWriter;
+    env?: NodeJS.ProcessEnv | Record<string, string | undefined>;
+}): TenantCloudflareDeployContext;
+export declare function runTenantDataMigration(context: TenantCloudflareDeployContext): Promise<{
+    databaseName: string;
+    dryRun: boolean;
+}>;
+export declare function runTenantWebBuild(context: Pick<TenantCloudflareDeployContext, 'tenantRoot' | 'scope' | 'dryRun' | 'env' | 'write'>): Promise<{
+    dryRun: boolean;
+}>;
+export declare function runTenantWebPublish(context: TenantCloudflareDeployContext): Promise<{
+    dryRun: boolean;
+}>;
 export declare function provisionProjectPlatform(options: ProjectPlatformActionOptions): Promise<{
     ok: boolean;
     scope: ProjectPlatformScope;
@@ -209,7 +245,7 @@ export declare function deployProjectPlatform(options: ProjectPlatformActionOpti
             healthcheckTimeoutSeconds: number | null;
             runtimeMode: string | null;
         } | null;
-    })[];
+    } | undefined)[];
 }>;
 export declare function publishProjectContent(options: ProjectPlatformActionOptions): Promise<{
     ok: boolean;
@@ -698,5 +734,5 @@ export declare function runProjectPlatformAction(action: ProjectPlatformAction,
             healthcheckTimeoutSeconds: number | null;
             runtimeMode: string | null;
         } | null;
-    })[];
+    } | undefined)[];
 }>;