@vibe-agent-toolkit/resources 0.1.39-rc.8 → 0.1.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/content-cache.d.ts +67 -0
- package/dist/content-cache.d.ts.map +1 -0
- package/dist/content-cache.js +160 -0
- package/dist/content-cache.js.map +1 -0
- package/dist/external-link-cache.d.ts +16 -2
- package/dist/external-link-cache.d.ts.map +1 -1
- package/dist/external-link-cache.js +43 -13
- package/dist/external-link-cache.js.map +1 -1
- package/dist/external-link-validator.d.ts +75 -2
- package/dist/external-link-validator.d.ts.map +1 -1
- package/dist/external-link-validator.js +184 -4
- package/dist/external-link-validator.js.map +1 -1
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +12 -0
- package/dist/index.js.map +1 -1
- package/dist/link-auth-classify.d.ts +34 -0
- package/dist/link-auth-classify.d.ts.map +1 -0
- package/dist/link-auth-classify.js +42 -0
- package/dist/link-auth-classify.js.map +1 -0
- package/dist/link-auth-config-build.d.ts +47 -0
- package/dist/link-auth-config-build.d.ts.map +1 -0
- package/dist/link-auth-config-build.js +86 -0
- package/dist/link-auth-config-build.js.map +1 -0
- package/dist/link-auth-content-fetch.d.ts +75 -0
- package/dist/link-auth-content-fetch.d.ts.map +1 -0
- package/dist/link-auth-content-fetch.js +101 -0
- package/dist/link-auth-content-fetch.js.map +1 -0
- package/dist/link-auth-deps-memo.d.ts +40 -0
- package/dist/link-auth-deps-memo.d.ts.map +1 -0
- package/dist/link-auth-deps-memo.js +47 -0
- package/dist/link-auth-deps-memo.js.map +1 -0
- package/dist/link-auth-transport.d.ts +44 -0
- package/dist/link-auth-transport.d.ts.map +1 -0
- package/dist/link-auth-transport.js +151 -0
- package/dist/link-auth-transport.js.map +1 -0
- package/dist/link-parser.d.ts.map +1 -1
- package/dist/link-parser.js +8 -1
- package/dist/link-parser.js.map +1 -1
- package/dist/link-validator.d.ts +8 -8
- package/dist/link-validator.d.ts.map +1 -1
- package/dist/link-validator.js +51 -18
- package/dist/link-validator.js.map +1 -1
- package/dist/resource-registry.d.ts +2 -0
- package/dist/resource-registry.d.ts.map +1 -1
- package/dist/resource-registry.js +19 -4
- package/dist/resource-registry.js.map +1 -1
- package/dist/schemas/link-auth.d.ts +1049 -303
- package/dist/schemas/link-auth.d.ts.map +1 -1
- package/dist/schemas/link-auth.js +39 -20
- package/dist/schemas/link-auth.js.map +1 -1
- package/dist/schemas/project-config.d.ts +2942 -759
- package/dist/schemas/project-config.d.ts.map +1 -1
- package/dist/schemas/project-config.js +27 -1
- package/dist/schemas/project-config.js.map +1 -1
- package/dist/schemas/resource-metadata.d.ts +10 -9
- package/dist/schemas/resource-metadata.d.ts.map +1 -1
- package/dist/schemas/resource-metadata.js +2 -0
- package/dist/schemas/resource-metadata.js.map +1 -1
- package/package.json +4 -4
- package/src/content-cache.ts +190 -0
- package/src/external-link-cache.ts +50 -13
- package/src/external-link-validator.ts +268 -5
- package/src/index.ts +23 -0
- package/src/link-auth-classify.ts +61 -0
- package/src/link-auth-config-build.ts +130 -0
- package/src/link-auth-content-fetch.ts +146 -0
- package/src/link-auth-deps-memo.ts +56 -0
- package/src/link-auth-transport.ts +179 -0
- package/src/link-parser.ts +8 -1
- package/src/link-validator.ts +65 -17
- package/src/resource-registry.ts +25 -5
- package/src/schemas/link-auth.ts +47 -21
- package/src/schemas/project-config.ts +31 -1
- package/src/schemas/resource-metadata.ts +2 -0
|
@@ -1,5 +1,81 @@
|
|
|
1
|
+
import { userInfo } from 'node:os';
|
|
2
|
+
import { resolveAuthenticatedUrl, safePath, } from '@vibe-agent-toolkit/utils';
|
|
1
3
|
import markdownLinkCheck from 'markdown-link-check';
|
|
2
4
|
import { ExternalLinkCache } from './external-link-cache.js';
|
|
5
|
+
import { classifyAuthenticatedResponse } from './link-auth-classify.js';
|
|
6
|
+
import { wrapLinkAuthDepsWithMemo } from './link-auth-deps-memo.js';
|
|
7
|
+
import { authTransport } from './link-auth-transport.js';
|
|
8
|
+
/**
|
|
9
|
+
* Resolve the OS user for cache scoping. Falls back through several layers
|
|
10
|
+
* because `os.userInfo()` throws when the running user has no /etc/passwd
|
|
11
|
+
* entry (common in container environments) — that's recoverable, not fatal.
|
|
12
|
+
*/
|
|
13
|
+
function resolveOsUser() {
|
|
14
|
+
try {
|
|
15
|
+
const u = userInfo().username;
|
|
16
|
+
if (u !== '')
|
|
17
|
+
return u;
|
|
18
|
+
}
|
|
19
|
+
catch {
|
|
20
|
+
// userInfo() throws when the running user has no /etc/passwd entry —
|
|
21
|
+
// recover via env vars below.
|
|
22
|
+
}
|
|
23
|
+
// Use `||` (not `??`) so an empty-string USER/USERNAME also falls through.
|
|
24
|
+
// eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
|
|
25
|
+
const fromEnv = process.env['USER'] || process.env['USERNAME'];
|
|
26
|
+
if (fromEnv)
|
|
27
|
+
return fromEnv;
|
|
28
|
+
// Last resort: two distinct OS users on the same host both end up here
|
|
29
|
+
// would share the auth cache (cross-user leak). Warn once so the
|
|
30
|
+
// collision is at least observable. Adopters whose container clears
|
|
31
|
+
// these env vars deliberately can set `USER=container-name` to scope.
|
|
32
|
+
warnDefaultUserFallbackOnce();
|
|
33
|
+
return 'default';
|
|
34
|
+
}
|
|
35
|
+
let defaultUserWarned = false;
|
|
36
|
+
function warnDefaultUserFallbackOnce() {
|
|
37
|
+
if (defaultUserWarned)
|
|
38
|
+
return;
|
|
39
|
+
defaultUserWarned = true;
|
|
40
|
+
console.warn("[vat] linkAuth: could not determine an OS user via os.userInfo() or USER/USERNAME env; " +
|
|
41
|
+
"scoping auth cache to 'default'. Two users on this host would share auth-cached results — " +
|
|
42
|
+
'set the USER env var explicitly to scope per-user.');
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Make an OS username safe for use as a directory component. Replaces path
|
|
46
|
+
* separators (`/`, `\`), the parent-directory shorthand (`..`), and other
|
|
47
|
+
* characters that could escape the cacheDir. Windows can produce
|
|
48
|
+
* `DOMAIN\user` forms; tests inject pathological values like `../escaped`.
|
|
49
|
+
*/
|
|
50
|
+
function sanitizeOsUser(user) {
|
|
51
|
+
// Replace any character outside `[A-Za-z0-9._-]` with `_`. Then collapse any
|
|
52
|
+
// remaining `..` so a name like `..foo` cannot recombine into a traversal.
|
|
53
|
+
const replaced = user.replaceAll(/[^A-Za-z0-9._-]/g, '_').replaceAll('..', '__');
|
|
54
|
+
return replaced.length > 0 ? replaced : 'default';
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Build a LinkValidationResult from a status code by re-classifying it under
|
|
58
|
+
* the current run's provider `check` block. Used by both the cache-hit and
|
|
59
|
+
* cache-miss paths so the two produce identical results for the same
|
|
60
|
+
* `(url, provider)` pair — the cache only persists `statusCode`, not the
|
|
61
|
+
* derived `code`, so the code must be re-derived on every read.
|
|
62
|
+
*/
|
|
63
|
+
function buildAuthResult(originalUrl, statusCode, plan, cached, cachedStatusMessage) {
|
|
64
|
+
const classified = classifyAuthenticatedResponse(statusCode, plan.check);
|
|
65
|
+
const result = {
|
|
66
|
+
url: originalUrl,
|
|
67
|
+
status: classified?.outcome === 'alive' ? 'ok' : 'error',
|
|
68
|
+
statusCode,
|
|
69
|
+
cached,
|
|
70
|
+
};
|
|
71
|
+
if (classified?.code != null) {
|
|
72
|
+
result.code = classified.code;
|
|
73
|
+
}
|
|
74
|
+
if (result.status === 'error') {
|
|
75
|
+
result.error = cachedStatusMessage ?? `HTTP ${statusCode}`;
|
|
76
|
+
}
|
|
77
|
+
return result;
|
|
78
|
+
}
|
|
3
79
|
/**
|
|
4
80
|
* Safely serialize an error to a string, preventing [object Object] issues.
|
|
5
81
|
* Handles Error objects, strings, objects, and edge cases.
|
|
@@ -55,7 +131,18 @@ function safeSerializeError(err) {
|
|
|
55
131
|
*/
|
|
56
132
|
export class ExternalLinkValidator {
|
|
57
133
|
cache;
|
|
134
|
+
/**
|
|
135
|
+
* Auth-branch cache — scoped to a per-OS-user subdirectory of `cacheDir`
|
|
136
|
+
* (#113 §6.3) so two users on a shared machine never read each other's
|
|
137
|
+
* authenticated results. Distinct from `cache` (the anonymous cache, which
|
|
138
|
+
* stays shared across users for the markdown-link-check path).
|
|
139
|
+
*/
|
|
140
|
+
authCache;
|
|
58
141
|
options;
|
|
142
|
+
linkAuthConfig;
|
|
143
|
+
fetchImpl;
|
|
144
|
+
linkAuthDeps;
|
|
145
|
+
sleep;
|
|
59
146
|
/**
|
|
60
147
|
* Create a new external link validator
|
|
61
148
|
*
|
|
@@ -70,7 +157,20 @@ export class ExternalLinkValidator {
|
|
|
70
157
|
userAgent: options.userAgent ??
|
|
71
158
|
'Mozilla/5.0 (compatible; VAT-LinkChecker/1.0; +https://github.com/jdutton/vibe-agent-toolkit)',
|
|
72
159
|
};
|
|
160
|
+
this.linkAuthConfig = options.linkAuthConfig;
|
|
161
|
+
this.fetchImpl = options.fetchImpl ?? globalThis.fetch;
|
|
162
|
+
// Wrap the configured runCommand (or the engine's default) with a memo
|
|
163
|
+
// keyed by stringified argv so each unique token-resolution command runs
|
|
164
|
+
// at most once per validator instance. Validating N links to the same
|
|
165
|
+
// host previously re-resolved the token N times — including subprocess
|
|
166
|
+
// spawns for `command` sources. Per #125 review: treat all token
|
|
167
|
+
// resolvers as expensive; the memo's lifetime equals one validate() run.
|
|
168
|
+
this.linkAuthDeps = wrapLinkAuthDepsWithMemo(options.linkAuthDeps);
|
|
169
|
+
this.sleep = options.sleep;
|
|
73
170
|
this.cache = new ExternalLinkCache(cacheDir, this.options.cacheTtlHours);
|
|
171
|
+
const osUser = sanitizeOsUser(options.osUser ?? resolveOsUser());
|
|
172
|
+
const authCacheDir = safePath.join(cacheDir, `auth-${osUser}`);
|
|
173
|
+
this.authCache = new ExternalLinkCache(authCacheDir, this.options.cacheTtlHours);
|
|
74
174
|
}
|
|
75
175
|
/**
|
|
76
176
|
* Validate a single external link
|
|
@@ -79,6 +179,28 @@ export class ExternalLinkValidator {
|
|
|
79
179
|
* @returns Validation result
|
|
80
180
|
*/
|
|
81
181
|
async validateLink(url) {
|
|
182
|
+
// Authenticated branch (issue #113): if a provider in linkAuthConfig
|
|
183
|
+
// claims this URL's host, bypass markdown-link-check and do a direct
|
|
184
|
+
// authenticated fetch + per-§7 classify.
|
|
185
|
+
if (this.linkAuthConfig) {
|
|
186
|
+
const plan = resolveAuthenticatedUrl(url, this.linkAuthConfig, this.linkAuthDeps);
|
|
187
|
+
if ('fetchUrl' in plan) {
|
|
188
|
+
return this.validateAuthenticatedLink(url, plan);
|
|
189
|
+
}
|
|
190
|
+
if (plan.outcome === 'unverified') {
|
|
191
|
+
// Per §6.3: never cache unverified outcomes — the result flips the
|
|
192
|
+
// moment a token appears, so caching a "no token" result is wrong.
|
|
193
|
+
return {
|
|
194
|
+
url,
|
|
195
|
+
status: 'error',
|
|
196
|
+
statusCode: 0,
|
|
197
|
+
error: plan.reason,
|
|
198
|
+
cached: false,
|
|
199
|
+
code: 'LINK_AUTH_UNVERIFIED',
|
|
200
|
+
};
|
|
201
|
+
}
|
|
202
|
+
// 'unsupported' → fall through to anonymous markdown-link-check path
|
|
203
|
+
}
|
|
82
204
|
// Check cache first
|
|
83
205
|
const cached = await this.cache.get(url);
|
|
84
206
|
if (cached) {
|
|
@@ -119,6 +241,59 @@ export class ExternalLinkValidator {
|
|
|
119
241
|
async validateLinks(urls) {
|
|
120
242
|
return Promise.all(urls.map((url) => this.validateLink(url)));
|
|
121
243
|
}
|
|
244
|
+
/**
|
|
245
|
+
* Issue an authenticated fetch for `originalUrl` using the engine's plan
|
|
246
|
+
* (rewritten URL + auth headers + provider's check config), classify the
|
|
247
|
+
* response per #113 §7, and write a status-cache entry. Cache is keyed by
|
|
248
|
+
* the *rewritten* URL (§6.3) — the original `blob/` URL 404s, so caching
|
|
249
|
+
* by original would poison results.
|
|
250
|
+
*/
|
|
251
|
+
async validateAuthenticatedLink(originalUrl, plan) {
|
|
252
|
+
// Cache check, keyed by rewritten URL. IMPORTANT: re-classify the cached
|
|
253
|
+
// statusCode under the *current* run's provider `check` block, rather
|
|
254
|
+
// than treating cache-hit as a status-only short-circuit. The cache
|
|
255
|
+
// only persists `statusCode` — without re-classifying we'd drop the
|
|
256
|
+
// LINK_AUTH_* `code`, and the consumer would fall back to
|
|
257
|
+
// `EXTERNAL_URL_DEAD` (error) instead of `LINK_AUTH_DEAD_OR_UNAUTHORIZED`
|
|
258
|
+
// (warning). Cache-hit semantics must match cache-miss semantics for
|
|
259
|
+
// the same (url, provider) pair.
|
|
260
|
+
const cached = await this.authCache.get(plan.fetchUrl);
|
|
261
|
+
if (cached) {
|
|
262
|
+
return buildAuthResult(originalUrl, cached.statusCode, plan, true, cached.statusMessage);
|
|
263
|
+
}
|
|
264
|
+
// Fresh fetch via the auth-aware transport (handles cross-origin redirect
|
|
265
|
+
// Authorization stripping + 429/Retry-After per §5.2 §8). The conditional
|
|
266
|
+
// spread builds the object in one pass — AuthTransportOptions.sleep is
|
|
267
|
+
// readonly so post-construction assignment would be a TS error.
|
|
268
|
+
const transportOptions = {
|
|
269
|
+
signal: AbortSignal.timeout(this.options.timeout),
|
|
270
|
+
...(this.sleep === undefined ? {} : { sleep: this.sleep }),
|
|
271
|
+
};
|
|
272
|
+
let response;
|
|
273
|
+
try {
|
|
274
|
+
response = await authTransport(plan.fetchUrl, plan.headers, this.fetchImpl, transportOptions);
|
|
275
|
+
}
|
|
276
|
+
catch (err) {
|
|
277
|
+
// Network-level failure (DNS/connect/TLS/timeout) — return error with
|
|
278
|
+
// no code so the consumer's existing statusCode→IssueCode mapping
|
|
279
|
+
// (EXTERNAL_URL_ERROR / EXTERNAL_URL_TIMEOUT) applies.
|
|
280
|
+
const message = safeSerializeError(err) ?? 'Authenticated fetch failed';
|
|
281
|
+
return {
|
|
282
|
+
url: originalUrl,
|
|
283
|
+
status: 'error',
|
|
284
|
+
statusCode: 0,
|
|
285
|
+
error: message,
|
|
286
|
+
cached: false,
|
|
287
|
+
};
|
|
288
|
+
}
|
|
289
|
+
const result = buildAuthResult(originalUrl, response.status, plan, false);
|
|
290
|
+
// Persist by rewritten URL so subsequent runs hit the cache. The cache
|
|
291
|
+
// only stores statusCode + statusMessage; the `code` is re-derived on
|
|
292
|
+
// read by re-running classifyAuthenticatedResponse against the current
|
|
293
|
+
// provider (see the authCache.get branch above).
|
|
294
|
+
await this.authCache.set(plan.fetchUrl, result.statusCode, result.error ?? 'OK');
|
|
295
|
+
return result;
|
|
296
|
+
}
|
|
122
297
|
/**
|
|
123
298
|
* Check a link using markdown-link-check
|
|
124
299
|
*/
|
|
@@ -179,16 +354,21 @@ export class ExternalLinkValidator {
|
|
|
179
354
|
});
|
|
180
355
|
}
|
|
181
356
|
/**
|
|
182
|
-
* Clear
|
|
357
|
+
* Clear both validation caches (anonymous + authenticated).
|
|
358
|
+
*
|
|
359
|
+
* Adopters call this after rotating a token or invalidating link data —
|
|
360
|
+
* the operation must wipe both surfaces or stale auth results survive
|
|
361
|
+
* (a real bug: a 401 cached under the old token would haunt the new one).
|
|
183
362
|
*/
|
|
184
363
|
async clearCache() {
|
|
185
|
-
await this.cache.clear();
|
|
364
|
+
await Promise.all([this.cache.clear(), this.authCache.clear()]);
|
|
186
365
|
}
|
|
187
366
|
/**
|
|
188
|
-
* Get cache statistics
|
|
367
|
+
* Get combined cache statistics across both caches.
|
|
189
368
|
*/
|
|
190
369
|
async getCacheStats() {
|
|
191
|
-
|
|
370
|
+
const [anon, auth] = await Promise.all([this.cache.getStats(), this.authCache.getStats()]);
|
|
371
|
+
return { total: anon.total + auth.total, expired: anon.expired + auth.expired };
|
|
192
372
|
}
|
|
193
373
|
}
|
|
194
374
|
//# sourceMappingURL=external-link-validator.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external-link-validator.js","sourceRoot":"","sources":["../src/external-link-validator.ts"],"names":[],"mappings":"AAAA,OAAO,iBAAiB,MAAM,qBAAqB,CAAC;AAEpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"external-link-validator.js","sourceRoot":"","sources":["../src/external-link-validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC,OAAO,EACL,uBAAuB,EACvB,QAAQ,GAGT,MAAM,2BAA2B,CAAC;AACnC,OAAO,iBAAiB,MAAM,qBAAqB,CAAC;AAEpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,6BAA6B,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAqB,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACvF,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD;;;;GAIG;AACH,SAAS,aAAa;IACpB,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;QACrE,8BAA8B;IAChC,CAAC;IACD,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5B,uEAAuE;IACvE,iEAAiE;IACjE,oEAAoE;IACpE,sEAAsE;IACtE,2BAA2B,EAAE,CAAC;IAC9B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAC9B,SAAS,2BAA2B;IAClC,IAAI,iBAAiB;QAAE,OAAO;IAC9B,iBAAiB,GAAG,IAAI,CAAC;IACzB,OAAO,CAAC,IAAI,CACV,yFAAyF;QACvF,4FAA4F;QAC5F,oDAAoD,CACvD,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,6EAA6E;IAC7E,2EAA2E;IAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjF,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;AACpD,CAAC;AAID;;;;;;GAMG;AACH,SAAS,eAAe,CACvB,WAAmB,EACnB,UAAkB,EAClB,IAAkB,EAClB,MAAe,EACf,mBAA4B;IAE5B,MAAM,UAAU,GAAG,6BAA6B,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IACzE,MAAM,MAAM,GAAyB;QACpC,GAAG,EAAE,WAAW;QAChB,MAAM,EAAE,UAAU,EAAE,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO;QACxD,UAAU;QACV,MAAM;KACN,CAAC;IACF,IAAI,UAAU,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;IAC/B,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,KAAK,GAAG,mBAAmB,IAAI,QAAQ,UAAU,EAAE,CAAC;IAC5D,CAAC;IACD,OAAO,MAAM,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CAAC,GAAY;IACvC,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC7B,iEAAiE;QACjE,OAAO,GAAG,CAAC,IAAI,EAAE,IAAI,SAAS,CAAC;IAChC,CAAC;IAED,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;QAC1B,0DAA0D;QAC1D,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,SAAS,CAAC;IACxC,CAAC;IAED,gDAAgD;IAChD,IAAI,CAAC;QACJ,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACvC,mDAAmD;QACnD,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACzB,kDAAkD;YAClD,MAAM,GAAG,GAAI,GAA6B,CAAC,OAAO,CAAC;YACnD,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC;QACtE,CAAC;QACD,OAAO,UAAU,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACR,iDAAiD;QACjD,+CAA+C;QAC/C,MAAM,GAAG,GAAI,GAA6B,CAAC,OAAO,CAAC;QACnD,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAwB,CAAC;IAC/E,CAAC;AACF,CAAC;AA+ED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,OAAO,qBAAqB;IAChB,KAAK,CAAoB;IAC1C;;;;;OAKG;IACc,SAAS,CAAoB;IAC7B,OAAO,CAKtB;IACe,cAAc,CAA6B;IAC3C,SAAS,CAAe;IACxB,YAAY,CAAe;IAC3B,KAAK,CAA8C;IAEpE;;;;;OAKG;IACH,YAAY,QAAgB,EAAE,UAAwC,EAAE;QACvE,IAAI,CAAC,OAAO,GAAG;YACd,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE;YAC1C,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,IAAI;YAChC,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,CAAC;YAC7B,SAAS,EACR,OAAO,CAAC,SAAS;gBACjB,+FAA+F;SAChG,CAAC;QAEF,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QAC7C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,UAAU,CAAC,KAAK,CAAC;QACvD,uEAAuE;QACvE,yEAAyE;QACzE,sEAAsE;QACtE,uEAAuE;QACvE,iEAAiE;QACjE,yEAAyE;QACzE,IAAI,CAAC,YAAY,GAAG,wBAAwB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACnE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE3B,IAAI,CAAC,KAAK,GAAG,IAAI,iBAAiB,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAEzE,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,MAAM,EAAE,CAAC,CAAC;QAC/D,IAAI,CAAC,SAAS,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAClF,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,GAAW;QAC7B,qEAAqE;QACrE,qEAAqE;QACrE,yCAAyC;QACzC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,uBAAuB,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YAClF,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;gBACxB,OAAO,IAAI,CAAC,yBAAyB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAClD,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;gBACnC,mEAAmE;gBACnE,mEAAmE;gBACnE,OAAO;oBACN,GAAG;oBACH,MAAM,EAAE,OAAO;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE,IAAI,CAAC,MAAM;oBAClB,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,sBAAsB;iBAC5B,CAAC;YACH,CAAC;YACD,qEAAqE;QACtE,CAAC;QAED,oBAAoB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC;YAEjE,4EAA4E;YAC5E,IAAI,IAAI,EAAE,CAAC;gBACV,OAAO;oBACN,GAAG;oBACH,MAAM,EAAE,IAAa;oBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,MAAM,EAAE,IAAI;iBACZ,CAAC;YACH,CAAC;YAED,0CAA0C;YAC1C,OAAO;gBACN,GAAG;gBACH,MAAM,EAAE,OAAgB;gBACxB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,MAAM,CAAC,aAAa;aAC3B,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAEzC,iBAAiB;QACjB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC;QAEnE,OAAO;YACN,GAAG,MAAM;YACT,MAAM,EAAE,KAAK;SACb,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,IAAc;QACjC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,yBAAyB,CACtC,WAAmB,EACnB,IAAkB;QAElB,yEAAyE;QACzE,sEAAsE;QACtE,oEAAoE;QACpE,oEAAoE;QACpE,0DAA0D;QAC1D,0EAA0E;QAC1E,qEAAqE;QACrE,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,MAAM,EAAE,CAAC;YACZ,OAAO,eAAe,CAAC,WAAW,EAAE,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QAC1F,CAAC;QAED,0EAA0E;QAC1E,0EAA0E;QAC1E,uEAAuE;QACvE,gEAAgE;QAChE,MAAM,gBAAgB,GAAwC;YAC7D,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;SAC1D,CAAC;QAEF,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACJ,QAAQ,GAAG,MAAM,aAAa,CAC7B,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,SAAS,EACd,gBAAgB,CAChB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,sEAAsE;YACtE,kEAAkE;YAClE,uDAAuD;YACvD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,4BAA4B,CAAC;YACxE,OAAO;gBACN,GAAG,EAAE,WAAW;gBAChB,MAAM,EAAE,OAAO;gBACf,UAAU,EAAE,CAAC;gBACb,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,KAAK;aACb,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC1E,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,iDAAiD;QACjD,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC;QACjF,OAAO,MAAM,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CACtB,GAAW;QAEX,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC9B,MAAM,QAAQ,GAAG,UAAU,GAAG,GAAG,CAAC;YAElC,iBAAiB,CAChB,QAAQ,EACR;gBACC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI;gBACpC,UAAU,EAAE,IAAI;gBAChB,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;gBAChC,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;gBAChD,cAAc,EAAE,EAAE;gBAClB,WAAW,EAAE;oBACZ;wBACC,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE;4BACR,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;yBACpC;qBACD;iBACD;aACD,EACD,CAAC,KAAmB,EAAE,OAAmG,EAAE,EAAE;gBAC5H,IAAI,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC;wBACP,GAAG;wBACH,MAAM,EAAE,OAAO;wBACf,UAAU,EAAE,CAAC;wBACb,KAAK,EAAE,KAAK,CAAC,OAAO;qBACpB,CAAC,CAAC;oBACH,OAAO;gBACR,CAAC;gBAED,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACb,OAAO,CAAC;wBACP,GAAG;wBACH,MAAM,EAAE,OAAO;wBACf,UAAU,EAAE,CAAC;wBACb,KAAK,EAAE,oCAAoC;qBAC3C,CAAC,CAAC;oBACH,OAAO;gBACR,CAAC;gBAED,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;oBAC/B,OAAO,CAAC;wBACP,GAAG;wBACH,MAAM,EAAE,IAAI;wBACZ,UAAU,EAAE,MAAM,CAAC,UAAU;qBAC7B,CAAC,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACP,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAC;oBAEvF,OAAO,CAAC;wBACP,GAAG;wBACH,MAAM,EAAE,OAAO;wBACf,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,KAAK,EAAE,YAAY;qBACnB,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC,CACD,CAAC;QACH,CAAC,CAAC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,UAAU;QACf,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QAClB,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC3F,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IACjF,CAAC;CACD"}
|
package/dist/index.d.ts
CHANGED
|
@@ -44,4 +44,8 @@ export { openFrontmatter, FrontmatterParseError, type FrontmatterEditor, } from
|
|
|
44
44
|
export { rewriteFrontmatterUriReferencesFromSchema, rewriteFrontmatterFieldsAtPaths, rewriteBodyLinks, type RewriteHref, } from './rewriter-helpers.js';
|
|
45
45
|
export { parseConfigFile, loadConfig, } from './config-parser.js';
|
|
46
46
|
export { ProjectConfigSchema, SkillFileEntrySchema, SkillsConfigSchema, SkillPackagingConfigSchema, SkillSourceDescriptorSchema, TestConfigSchema, type SkillSourceDescriptor, type TestConfig, } from './schemas/project-config.js';
|
|
47
|
+
export { fetchAuthenticated, type ContentFetchResult, type FetchAuthenticatedOptions, } from './link-auth-content-fetch.js';
|
|
48
|
+
export { ContentCache, type ContentMetadata } from './content-cache.js';
|
|
49
|
+
export { wrapLinkAuthDepsWithMemo, type LinkAuthDeps, } from './link-auth-deps-memo.js';
|
|
50
|
+
export { buildLinkAuthEngineConfig } from './link-auth-config-build.js';
|
|
47
51
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,YAAY,EACjB,KAAK,uBAAuB,EAC5B,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,cAAc,GACpB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAG9D,YAAY,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AAGtF,YAAY,EACV,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAElG,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,YAAY,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,KAAK,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAKjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAG3D,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,GACpB,MAAM,wBAAwB,CAAC;AAMhC,OAAO,EAAE,gBAAgB,EAAE,KAAK,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAG3E,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,KAAK,iBAAiB,GACvB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,yCAAyC,EACzC,+BAA+B,EAC/B,gBAAgB,EAChB,KAAK,WAAW,GACjB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,eAAe,EACf,UAAU,GACX,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,gBAAgB,EAChB,KAAK,qBAAqB,EAC1B,KAAK,UAAU,GAChB,MAAM,6BAA6B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,YAAY,EACjB,KAAK,uBAAuB,EAC5B,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,cAAc,GACpB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAG9D,YAAY,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AAGtF,YAAY,EACV,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAElG,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,YAAY,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,KAAK,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAKjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAG3D,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,GACpB,MAAM,wBAAwB,CAAC;AAMhC,OAAO,EAAE,gBAAgB,EAAE,KAAK,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAG3E,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,KAAK,iBAAiB,GACvB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,yCAAyC,EACzC,+BAA+B,EAC/B,gBAAgB,EAChB,KAAK,WAAW,GACjB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,eAAe,EACf,UAAU,GACX,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,gBAAgB,EAChB,KAAK,qBAAqB,EAC1B,KAAK,UAAU,GAChB,MAAM,6BAA6B,CAAC;AAIrC,OAAO,EACL,kBAAkB,EAClB,KAAK,kBAAkB,EACvB,KAAK,yBAAyB,GAC/B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,KAAK,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAKxE,OAAO,EACL,wBAAwB,EACxB,KAAK,YAAY,GAClB,MAAM,0BAA0B,CAAC;AAKlC,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -57,4 +57,16 @@ export { rewriteFrontmatterUriReferencesFromSchema, rewriteFrontmatterFieldsAtPa
|
|
|
57
57
|
// Export project config parsing
|
|
58
58
|
export { parseConfigFile, loadConfig, } from './config-parser.js';
|
|
59
59
|
export { ProjectConfigSchema, SkillFileEntrySchema, SkillsConfigSchema, SkillPackagingConfigSchema, SkillSourceDescriptorSchema, TestConfigSchema, } from './schemas/project-config.js';
|
|
60
|
+
// linkAuth content-fetch primitive (issue #113 slice 3). Ships standalone;
|
|
61
|
+
// callers wire it into asset-reference / bundling consumers as they need.
|
|
62
|
+
export { fetchAuthenticated, } from './link-auth-content-fetch.js';
|
|
63
|
+
export { ContentCache } from './content-cache.js';
|
|
64
|
+
// Token-resolution memo wrapper. High-volume callers iterating many URLs
|
|
65
|
+
// from the same provider wrap their deps once and reuse the result, so
|
|
66
|
+
// expensive token sources (`gh auth token` etc.) run at most once.
|
|
67
|
+
export { wrapLinkAuthDepsWithMemo, } from './link-auth-deps-memo.js';
|
|
68
|
+
// Bridge from adopter `resources.linkAuth` (Zod-validated) to the engine's
|
|
69
|
+
// `LinkAuthConfig` (fully-expanded providers). Adopters carrying a parsed
|
|
70
|
+
// config can hand it directly to `fetchAuthenticated` via this bridge.
|
|
71
|
+
export { buildLinkAuthEngineConfig } from './link-auth-config-build.js';
|
|
60
72
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,+DAA+D;AAC/D,OAAO,EACL,gBAAgB,EAChB,kBAAkB,GAMnB,MAAM,wBAAwB,CAAC;AAEhC,yDAAyD;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,oFAAoF;AACpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AA2B9D,qFAAqF;AACrF,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAExC,iDAAiD;AACjD,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAoB,MAAM,kBAAkB,CAAC;AAElG,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAGlD,OAAO,EAAE,gBAAgB,EAAyB,MAAM,qBAAqB,CAAC;AAE9E,gCAAgC;AAChC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,6EAA6E;AAC7E,yEAAyE;AACzE,8EAA8E;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAE3D,qDAAqD;AACrD,OAAO,EACL,gBAAgB,GAKjB,MAAM,wBAAwB,CAAC;AAEhC,kEAAkE;AAClE,0EAA0E;AAE1E,2EAA2E;AAC3E,OAAO,EAAE,gBAAgB,EAA+B,MAAM,YAAY,CAAC;AAE3E,sEAAsE;AACtE,OAAO,EACL,eAAe,EACf,qBAAqB,GAEtB,MAAM,yBAAyB,CAAC;AAEjC,+EAA+E;AAC/E,OAAO,EACL,yCAAyC,EACzC,+BAA+B,EAC/B,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAE/B,gCAAgC;AAChC,OAAO,EACL,eAAe,EACf,UAAU,GACX,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,gBAAgB,GAGjB,MAAM,6BAA6B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,+DAA+D;AAC/D,OAAO,EACL,gBAAgB,EAChB,kBAAkB,GAMnB,MAAM,wBAAwB,CAAC;AAEhC,yDAAyD;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,oFAAoF;AACpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AA2B9D,qFAAqF;AACrF,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,gCAAgC,CAAC;AAExC,iDAAiD;AACjD,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAoB,MAAM,kBAAkB,CAAC;AAElG,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAGlD,OAAO,EAAE,gBAAgB,EAAyB,MAAM,qBAAqB,CAAC;AAE9E,gCAAgC;AAChC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,6EAA6E;AAC7E,yEAAyE;AACzE,8EAA8E;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAE3D,qDAAqD;AACrD,OAAO,EACL,gBAAgB,GAKjB,MAAM,wBAAwB,CAAC;AAEhC,kEAAkE;AAClE,0EAA0E;AAE1E,2EAA2E;AAC3E,OAAO,EAAE,gBAAgB,EAA+B,MAAM,YAAY,CAAC;AAE3E,sEAAsE;AACtE,OAAO,EACL,eAAe,EACf,qBAAqB,GAEtB,MAAM,yBAAyB,CAAC;AAEjC,+EAA+E;AAC/E,OAAO,EACL,yCAAyC,EACzC,+BAA+B,EAC/B,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAE/B,gCAAgC;AAChC,OAAO,EACL,eAAe,EACf,UAAU,GACX,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,gBAAgB,GAGjB,MAAM,6BAA6B,CAAC;AAErC,2EAA2E;AAC3E,0EAA0E;AAC1E,OAAO,EACL,kBAAkB,GAGnB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAwB,MAAM,oBAAoB,CAAC;AAExE,yEAAyE;AACzE,uEAAuE;AACvE,mEAAmE;AACnE,OAAO,EACL,wBAAwB,GAEzB,MAAM,0BAA0B,CAAC;AAElC,2EAA2E;AAC3E,0EAA0E;AAC1E,uEAAuE;AACvE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Classify a response from an authenticated external-link fetch into one of
|
|
3
|
+
* the outcomes defined in design issue #113 §7.
|
|
4
|
+
*
|
|
5
|
+
* Pure function: takes the HTTP status from a completed fetch plus the
|
|
6
|
+
* matched provider's `check` block, returns the outcome name and the matching
|
|
7
|
+
* `LINK_AUTH_*` code from `CODE_REGISTRY`. Pre-fetch outcomes (`unsupported`,
|
|
8
|
+
* `unverified`) are produced upstream by `resolveAuthenticatedUrl` and never
|
|
9
|
+
* reach this classifier.
|
|
10
|
+
*
|
|
11
|
+
* Status codes that don't match any classified outcome return `null` — the
|
|
12
|
+
* caller falls through to the existing anonymous `EXTERNAL_URL_DEAD` path
|
|
13
|
+
* (per §7 "unsupported"), since the authenticated fetch produced no signal
|
|
14
|
+
* the per-provider table can speak to.
|
|
15
|
+
*/
|
|
16
|
+
import type { ProviderCheck } from '@vibe-agent-toolkit/utils';
|
|
17
|
+
export type LinkAuthOutcome = {
|
|
18
|
+
readonly outcome: 'alive';
|
|
19
|
+
readonly code: null;
|
|
20
|
+
} | {
|
|
21
|
+
readonly outcome: 'dead';
|
|
22
|
+
readonly code: 'LINK_AUTH_DEAD';
|
|
23
|
+
} | {
|
|
24
|
+
readonly outcome: 'dead_or_unauthorized';
|
|
25
|
+
readonly code: 'LINK_AUTH_DEAD_OR_UNAUTHORIZED';
|
|
26
|
+
} | {
|
|
27
|
+
readonly outcome: 'forbidden';
|
|
28
|
+
readonly code: 'LINK_AUTH_FORBIDDEN';
|
|
29
|
+
} | {
|
|
30
|
+
readonly outcome: 'unauthorized';
|
|
31
|
+
readonly code: 'LINK_AUTH_UNAUTHORIZED';
|
|
32
|
+
};
|
|
33
|
+
export declare function classifyAuthenticatedResponse(status: number, check: ProviderCheck): LinkAuthOutcome | null;
|
|
34
|
+
//# sourceMappingURL=link-auth-classify.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"link-auth-classify.d.ts","sourceRoot":"","sources":["../src/link-auth-classify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE/D,MAAM,MAAM,eAAe,GACvB;IAAE,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAA;CAAE,GAClD;IAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAA;CAAE,GAC7D;IACE,QAAQ,CAAC,OAAO,EAAE,sBAAsB,CAAC;IACzC,QAAQ,CAAC,IAAI,EAAE,gCAAgC,CAAC;CACjD,GACD;IAAE,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,CAAA;CAAE,GACvE;IAAE,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAA;CAAE,CAAC;AAElF,wBAAgB,6BAA6B,CAC3C,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,aAAa,GACnB,eAAe,GAAG,IAAI,CA6BxB"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Classify a response from an authenticated external-link fetch into one of
|
|
3
|
+
* the outcomes defined in design issue #113 §7.
|
|
4
|
+
*
|
|
5
|
+
* Pure function: takes the HTTP status from a completed fetch plus the
|
|
6
|
+
* matched provider's `check` block, returns the outcome name and the matching
|
|
7
|
+
* `LINK_AUTH_*` code from `CODE_REGISTRY`. Pre-fetch outcomes (`unsupported`,
|
|
8
|
+
* `unverified`) are produced upstream by `resolveAuthenticatedUrl` and never
|
|
9
|
+
* reach this classifier.
|
|
10
|
+
*
|
|
11
|
+
* Status codes that don't match any classified outcome return `null` — the
|
|
12
|
+
* caller falls through to the existing anonymous `EXTERNAL_URL_DEAD` path
|
|
13
|
+
* (per §7 "unsupported"), since the authenticated fetch produced no signal
|
|
14
|
+
* the per-provider table can speak to.
|
|
15
|
+
*/
|
|
16
|
+
export function classifyAuthenticatedResponse(status, check) {
|
|
17
|
+
// aliveStatus wins first: a provider can in principle declare any code as
|
|
18
|
+
// alive (e.g. a future host where 204 means alive), so the membership test
|
|
19
|
+
// runs before the well-known-status branches.
|
|
20
|
+
if (check.aliveStatus.includes(status)) {
|
|
21
|
+
return { outcome: 'alive', code: null };
|
|
22
|
+
}
|
|
23
|
+
if (status === 401) {
|
|
24
|
+
return { outcome: 'unauthorized', code: 'LINK_AUTH_UNAUTHORIZED' };
|
|
25
|
+
}
|
|
26
|
+
if (status === 403) {
|
|
27
|
+
return { outcome: 'forbidden', code: 'LINK_AUTH_FORBIDDEN' };
|
|
28
|
+
}
|
|
29
|
+
if (status === 404 || status === 410) {
|
|
30
|
+
if (check.notFoundMeaning === 'dead') {
|
|
31
|
+
return { outcome: 'dead', code: 'LINK_AUTH_DEAD' };
|
|
32
|
+
}
|
|
33
|
+
return {
|
|
34
|
+
outcome: 'dead_or_unauthorized',
|
|
35
|
+
code: 'LINK_AUTH_DEAD_OR_UNAUTHORIZED',
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
// 2xx not in aliveStatus, 3xx redirects, 429 rate-limit, 5xx server errors
|
|
39
|
+
// — none of these are classified per §7. Caller decides what to do.
|
|
40
|
+
return null;
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=link-auth-classify.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"link-auth-classify.js","sourceRoot":"","sources":["../src/link-auth-classify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAcH,MAAM,UAAU,6BAA6B,CAC3C,MAAc,EACd,KAAoB;IAEpB,0EAA0E;IAC1E,2EAA2E;IAC3E,8CAA8C;IAC9C,IAAI,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,wBAAwB,EAAE,CAAC;IACrE,CAAC;IAED,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC;IAC/D,CAAC;IAED,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACrC,IAAI,KAAK,CAAC,eAAe,KAAK,MAAM,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;QACrD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,sBAAsB;YAC/B,IAAI,EAAE,gCAAgC;SACvC,CAAC;IACJ,CAAC;IAED,2EAA2E;IAC3E,oEAAoE;IACpE,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bridge between the adopter-facing linkAuth config (Zod-validated, with
|
|
3
|
+
* macro references) and the engine-facing config (fully-expanded providers).
|
|
4
|
+
*
|
|
5
|
+
* Adopter config providers can be either:
|
|
6
|
+
* - `{ use: <macro>, ...overrides }` — reference a shipped macro; deep-merge
|
|
7
|
+
* `overrides` on top of the macro's defaults
|
|
8
|
+
* - A full inline `{ match, rewrite, auth, token, check }` — used as-is
|
|
9
|
+
*
|
|
10
|
+
* This function walks each provider entry, runs macro expansion when needed,
|
|
11
|
+
* and re-validates each fully-expanded provider against `InlineProviderSchema`.
|
|
12
|
+
* Since the schemas are passthrough (per the repo Postel's Law rule for
|
|
13
|
+
* adopter input), unknown extra keys survive expansion silently — the engine
|
|
14
|
+
* ignores them at runtime, and a separate lint/warn pass is the right home
|
|
15
|
+
* for typo-catching DX. Post-expansion validation still catches the cases
|
|
16
|
+
* passthrough doesn't relax: missing required fields, and wrong types on
|
|
17
|
+
* declared fields (e.g. `notFoundMeaning: 'totally-invalid'`).
|
|
18
|
+
*
|
|
19
|
+
* Per design issue #113 §5 (macros are config, not a privileged code path)
|
|
20
|
+
* and §4 (engine vocabulary).
|
|
21
|
+
*/
|
|
22
|
+
import { type LinkAuthConfig, type Provider } from '@vibe-agent-toolkit/utils';
|
|
23
|
+
import { InlineProviderSchema, type LinkAuthProjectConfig } from './schemas/link-auth.js';
|
|
24
|
+
/**
|
|
25
|
+
* Compile-time drift defense: top-level field sets must match between the
|
|
26
|
+
* Zod schema and the engine's `Provider` interface. A strict structural
|
|
27
|
+
* check would also catch sub-type drift, but TS variance (readonly arrays in
|
|
28
|
+
* engine vs mutable in Zod inference) makes that noisy — the realistic
|
|
29
|
+
* drift mode is adding/renaming a top-level field on one side and forgetting
|
|
30
|
+
* the other, which this top-level key comparison catches at `tsc` time.
|
|
31
|
+
*
|
|
32
|
+
* The schema and engine type are kept in sync by review (per slice 1 design
|
|
33
|
+
* decision); this guard makes that review easier.
|
|
34
|
+
*/
|
|
35
|
+
type _SchemaKeys = keyof typeof InlineProviderSchema.shape;
|
|
36
|
+
type _EngineKeys = keyof Provider;
|
|
37
|
+
type _KeysAgree = [_SchemaKeys] extends [_EngineKeys] ? [_EngineKeys] extends [_SchemaKeys] ? true : {
|
|
38
|
+
error: 'engine Provider has a field that InlineProviderSchema lacks';
|
|
39
|
+
missing: Exclude<_EngineKeys, _SchemaKeys>;
|
|
40
|
+
} : {
|
|
41
|
+
error: 'InlineProviderSchema has a field that engine Provider lacks';
|
|
42
|
+
missing: Exclude<_SchemaKeys, _EngineKeys>;
|
|
43
|
+
};
|
|
44
|
+
export declare const _assertSchemaKeysAgreeWithEngine: _KeysAgree;
|
|
45
|
+
export declare function buildLinkAuthEngineConfig(adopter: LinkAuthProjectConfig): LinkAuthConfig;
|
|
46
|
+
export {};
|
|
47
|
+
//# sourceMappingURL=link-auth-config-build.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"link-auth-config-build.d.ts","sourceRoot":"","sources":["../src/link-auth-config-build.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,QAAQ,EACd,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,oBAAoB,EAAE,KAAK,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAE1F;;;;;;;;;;GAUG;AAKH,KAAK,WAAW,GAAG,MAAM,OAAO,oBAAoB,CAAC,KAAK,CAAC;AAC3D,KAAK,WAAW,GAAG,MAAM,QAAQ,CAAC;AAClC,KAAK,UAAU,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,GACjD,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,GACjC,IAAI,GACJ;IAAE,KAAK,EAAE,6DAA6D,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;CAAE,GACtH;IAAE,KAAK,EAAE,6DAA6D,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;CAAE,CAAC;AAIzH,eAAO,MAAM,gCAAgC,EAAE,UAAiB,CAAC;AAEjE,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,qBAAqB,GAAG,cAAc,CAaxF"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bridge between the adopter-facing linkAuth config (Zod-validated, with
|
|
3
|
+
* macro references) and the engine-facing config (fully-expanded providers).
|
|
4
|
+
*
|
|
5
|
+
* Adopter config providers can be either:
|
|
6
|
+
* - `{ use: <macro>, ...overrides }` — reference a shipped macro; deep-merge
|
|
7
|
+
* `overrides` on top of the macro's defaults
|
|
8
|
+
* - A full inline `{ match, rewrite, auth, token, check }` — used as-is
|
|
9
|
+
*
|
|
10
|
+
* This function walks each provider entry, runs macro expansion when needed,
|
|
11
|
+
* and re-validates each fully-expanded provider against `InlineProviderSchema`.
|
|
12
|
+
* Since the schemas are passthrough (per the repo Postel's Law rule for
|
|
13
|
+
* adopter input), unknown extra keys survive expansion silently — the engine
|
|
14
|
+
* ignores them at runtime, and a separate lint/warn pass is the right home
|
|
15
|
+
* for typo-catching DX. Post-expansion validation still catches the cases
|
|
16
|
+
* passthrough doesn't relax: missing required fields, and wrong types on
|
|
17
|
+
* declared fields (e.g. `notFoundMeaning: 'totally-invalid'`).
|
|
18
|
+
*
|
|
19
|
+
* Per design issue #113 §5 (macros are config, not a privileged code path)
|
|
20
|
+
* and §4 (engine vocabulary).
|
|
21
|
+
*/
|
|
22
|
+
import { expandMacro, } from '@vibe-agent-toolkit/utils';
|
|
23
|
+
import { InlineProviderSchema } from './schemas/link-auth.js';
|
|
24
|
+
// Type-level assert: the declaration must compile to `true` (i.e. both
|
|
25
|
+
// directions of the key-set check pass). The exported function holds a
|
|
26
|
+
// reference to the type so noUnusedLocals doesn't fire.
|
|
27
|
+
export const _assertSchemaKeysAgreeWithEngine = true;
|
|
28
|
+
export function buildLinkAuthEngineConfig(adopter) {
|
|
29
|
+
const providers = adopter.providers.map((entry, index) => expandProviderEntry(entry, index));
|
|
30
|
+
// Pass the cache block through to the engine config so the slice-3
|
|
31
|
+
// content-fetch primitive can read `ttlMinutes` from the same source of
|
|
32
|
+
// truth as the rest of the engine config. The engine itself doesn't consume
|
|
33
|
+
// this field — it stays stateless — but riding along on the config keeps
|
|
34
|
+
// callers from having to pass two objects to the primitive.
|
|
35
|
+
if (adopter.cache !== undefined) {
|
|
36
|
+
return { providers, cache: buildEngineCache(adopter.cache) };
|
|
37
|
+
}
|
|
38
|
+
return { providers };
|
|
39
|
+
}
|
|
40
|
+
function buildEngineCache(adopterCache) {
|
|
41
|
+
// Schema is passthrough so adopterCache may carry forward-compatible extras
|
|
42
|
+
// we don't know about — copy only the fields the engine type declares.
|
|
43
|
+
return adopterCache.ttlMinutes === undefined ? {} : { ttlMinutes: adopterCache.ttlMinutes };
|
|
44
|
+
}
|
|
45
|
+
function expandProviderEntry(entry, index) {
|
|
46
|
+
// Discriminate via Object.hasOwn (not `'use' in entry`) so a prototype-
|
|
47
|
+
// injected `use` cannot reroute an inline entry into macro expansion. The
|
|
48
|
+
// Zod parser already produces plain JSON-shaped objects, but defending in
|
|
49
|
+
// depth costs nothing.
|
|
50
|
+
const isMacroRef = typeof entry === 'object' &&
|
|
51
|
+
entry !== null &&
|
|
52
|
+
Object.hasOwn(entry, 'use');
|
|
53
|
+
if (!isMacroRef) {
|
|
54
|
+
return entry;
|
|
55
|
+
}
|
|
56
|
+
const { use, overrides } = splitMacroEntry(entry);
|
|
57
|
+
const expanded = expandMacro(use, overrides);
|
|
58
|
+
// Re-validate the fully-expanded shape. Unknown extra keys pass through
|
|
59
|
+
// (the engine ignores them); what we still catch are missing required
|
|
60
|
+
// fields and wrong types on declared fields — e.g. a macro override that
|
|
61
|
+
// sets `check.notFoundMeaning: 'bogus'` is rejected here even though the
|
|
62
|
+
// upstream macro schema's passthrough accepted it.
|
|
63
|
+
const parsed = InlineProviderSchema.safeParse(expanded);
|
|
64
|
+
if (!parsed.success) {
|
|
65
|
+
throw new Error(`linkAuth providers[${index}] (use: ${JSON.stringify(use)}) ` +
|
|
66
|
+
`produced an invalid provider after macro expansion: ${parsed.error.message}`);
|
|
67
|
+
}
|
|
68
|
+
return parsed.data;
|
|
69
|
+
}
|
|
70
|
+
function splitMacroEntry(entry) {
|
|
71
|
+
// `use` value comes from a Zod-validated source so the type is string at
|
|
72
|
+
// this point — but defensively-check it anyway: `Object.hasOwn` upstream
|
|
73
|
+
// tells us the key exists, not what its value's type is.
|
|
74
|
+
const useValue = entry['use'];
|
|
75
|
+
if (typeof useValue !== 'string') {
|
|
76
|
+
throw new TypeError(`linkAuth provider \`use\` must be a string, got ${typeof useValue}`);
|
|
77
|
+
}
|
|
78
|
+
const overrides = {};
|
|
79
|
+
for (const [key, value] of Object.entries(entry)) {
|
|
80
|
+
if (key === 'use')
|
|
81
|
+
continue;
|
|
82
|
+
overrides[key] = value;
|
|
83
|
+
}
|
|
84
|
+
return { use: useValue, overrides };
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=link-auth-config-build.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"link-auth-config-build.js","sourceRoot":"","sources":["../src/link-auth-config-build.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EACL,WAAW,GAGZ,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,oBAAoB,EAA8B,MAAM,wBAAwB,CAAC;AAwB1F,uEAAuE;AACvE,uEAAuE;AACvE,wDAAwD;AACxD,MAAM,CAAC,MAAM,gCAAgC,GAAe,IAAI,CAAC;AAEjE,MAAM,UAAU,yBAAyB,CAAC,OAA8B;IACtE,MAAM,SAAS,GAAe,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACnE,mBAAmB,CAAC,KAAK,EAAE,KAAK,CAAC,CAClC,CAAC;IACF,mEAAmE;IACnE,wEAAwE;IACxE,4EAA4E;IAC5E,yEAAyE;IACzE,4DAA4D;IAC5D,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;IAC/D,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,CAAC;AACvB,CAAC;AAED,SAAS,gBAAgB,CACvB,YAAyD;IAEzD,4EAA4E;IAC5E,uEAAuE;IACvE,OAAO,YAAY,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,UAAU,EAAE,CAAC;AAC9F,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc,EAAE,KAAa;IACxD,wEAAwE;IACxE,0EAA0E;IAC1E,0EAA0E;IAC1E,uBAAuB;IACvB,MAAM,UAAU,GACd,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAE9B,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,KAAiB,CAAC;IAC3B,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,KAAgC,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAE7C,wEAAwE;IACxE,sEAAsE;IACtE,yEAAyE;IACzE,yEAAyE;IACzE,mDAAmD;IACnD,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,sBAAsB,KAAK,WAAW,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI;YAC3D,uDAAuD,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAChF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAgB,CAAC;AACjC,CAAC;AAED,SAAS,eAAe,CAAC,KAA8B;IAIrD,yEAAyE;IACzE,yEAAyE;IACzE,yDAAyD;IACzD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC9B,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,mDAAmD,OAAO,QAAQ,EAAE,CAAC,CAAC;IAC5F,CAAC;IACD,MAAM,SAAS,GAA4B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,IAAI,GAAG,KAAK,KAAK;YAAE,SAAS;QAC5B,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACzB,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACtC,CAAC"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Public content-fetch primitive for the linkAuth feature (design issue #113 §6.2).
|
|
3
|
+
*
|
|
4
|
+
* Ships as a standalone primitive — no consumer wiring (asset-references,
|
|
5
|
+
* bundling) lands in this slice. The shape and security disciplines are
|
|
6
|
+
* designed so future callers can adopt it without reworking the contract.
|
|
7
|
+
*
|
|
8
|
+
* Responsibility split:
|
|
9
|
+
* - `resolveAuthenticatedUrl` (engine): pick provider, rewrite URL, resolve
|
|
10
|
+
* token, expand auth.headers AND fetch.headers against the same context.
|
|
11
|
+
* - `ContentCache`: persist `(bytes, metadata)` keyed by rewritten URL with
|
|
12
|
+
* 30-min default TTL; whitelists fields so tokens cannot be persisted.
|
|
13
|
+
* - `authTransport`: cross-origin auth strip, 429/Retry-After handling.
|
|
14
|
+
* - **This primitive**: wire them together, decide cache vs fetch, build
|
|
15
|
+
* metadata, return a typed result.
|
|
16
|
+
*
|
|
17
|
+
* Behavior matrix:
|
|
18
|
+
* - Engine returns `unsupported` → return as-is, no fetch, no cache touch.
|
|
19
|
+
* - Engine returns `unverified` → return as-is, no fetch, **no cache touch**
|
|
20
|
+
* even if a cache was supplied (§6.3: result flips when a token appears,
|
|
21
|
+
* so caching the no-token answer would poison future runs).
|
|
22
|
+
* - Engine returns success + cache present + not forceRefresh + cache hit →
|
|
23
|
+
* return `{ bytes, metadata, cached: true }`, no fetch.
|
|
24
|
+
* - Engine returns success otherwise → fetch via `authTransport` (using
|
|
25
|
+
* `fetch.headers` merged over `auth.headers` when present), write to
|
|
26
|
+
* cache if supplied, return `{ bytes, metadata, cached: false }`.
|
|
27
|
+
*
|
|
28
|
+
* **Throws** on network-level failures from the transport: DNS resolution
|
|
29
|
+
* failure, TLS handshake failure, connection refused, `AbortError` from the
|
|
30
|
+
* caller's `signal`, or any underlying `fetchImpl` rejection. The cache is
|
|
31
|
+
* only touched after the response body is fully read, so a transport failure
|
|
32
|
+
* cannot land a partial entry on disk. Consumers that need degradation
|
|
33
|
+
* semantics (validators, batch tools) should wrap calls in a try/catch.
|
|
34
|
+
*
|
|
35
|
+
* **Token never persisted.** Tokens are interpolated into headers in-memory;
|
|
36
|
+
* the metadata interface excludes header fields. The cache additionally
|
|
37
|
+
* whitelists the metadata fields it accepts. See cycle-6 token-persistence
|
|
38
|
+
* test for the on-disk assertion.
|
|
39
|
+
*
|
|
40
|
+
* **High-volume callers**: token resolution can be expensive (`gh auth token`
|
|
41
|
+
* spawns a subprocess). Callers iterating many URLs should wrap their `deps`
|
|
42
|
+
* once with `wrapLinkAuthDepsWithMemo` from `./link-auth-deps-memo.js` and
|
|
43
|
+
* pass the wrapped object to every invocation, so the same argv resolves at
|
|
44
|
+
* most once across the iteration.
|
|
45
|
+
*/
|
|
46
|
+
import { type LinkAuthConfig } from '@vibe-agent-toolkit/utils';
|
|
47
|
+
import { type ContentCache, type ContentMetadata } from './content-cache.js';
|
|
48
|
+
import { type LinkAuthDeps } from './link-auth-deps-memo.js';
|
|
49
|
+
import { type AuthTransportOptions } from './link-auth-transport.js';
|
|
50
|
+
export interface FetchAuthenticatedOptions {
|
|
51
|
+
/** Content cache to read from and write to. Omit to skip caching entirely. */
|
|
52
|
+
readonly cache?: ContentCache;
|
|
53
|
+
/** Bypass cache reads (still writes through on success). Default: false. */
|
|
54
|
+
readonly forceRefresh?: boolean;
|
|
55
|
+
/** Test/DI hook. Default: `globalThis.fetch`. */
|
|
56
|
+
readonly fetchImpl?: typeof fetch;
|
|
57
|
+
/** Token-resolution dependencies (env map, runCommand). Default: engine defaults. */
|
|
58
|
+
readonly deps?: LinkAuthDeps;
|
|
59
|
+
/** Propagated to the transport — caller's per-request timeout budget. */
|
|
60
|
+
readonly signal?: AbortSignal;
|
|
61
|
+
/** Per-call overrides for the transport's redirect / retry caps. */
|
|
62
|
+
readonly transportOptions?: AuthTransportOptions;
|
|
63
|
+
}
|
|
64
|
+
export type ContentFetchResult = {
|
|
65
|
+
readonly bytes: Uint8Array;
|
|
66
|
+
readonly metadata: ContentMetadata;
|
|
67
|
+
readonly cached: boolean;
|
|
68
|
+
} | {
|
|
69
|
+
readonly outcome: 'unsupported';
|
|
70
|
+
} | {
|
|
71
|
+
readonly outcome: 'unverified';
|
|
72
|
+
readonly reason: string;
|
|
73
|
+
};
|
|
74
|
+
export declare function fetchAuthenticated(url: string, config: LinkAuthConfig, options?: FetchAuthenticatedOptions): Promise<ContentFetchResult>;
|
|
75
|
+
//# sourceMappingURL=link-auth-content-fetch.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"link-auth-content-fetch.d.ts","sourceRoot":"","sources":["../src/link-auth-content-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAA2B,KAAK,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAEzF,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAiB,KAAK,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEpF,MAAM,WAAW,yBAAyB;IACxC,8EAA8E;IAC9E,QAAQ,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;IAC9B,4EAA4E;IAC5E,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;IAChC,iDAAiD;IACjD,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IAClC,qFAAqF;IACrF,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC;IAC7B,yEAAyE;IACzE,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAC9B,oEAAoE;IACpE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,oBAAoB,CAAC;CAClD;AAED,MAAM,MAAM,kBAAkB,GAC1B;IACE,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,GACD;IAAE,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAA;CAAE,GACnC;IAAE,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAEhE,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,cAAc,EACtB,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,kBAAkB,CAAC,CAiE7B"}
|