@vltpkg/vsr 0.0.0-27 → 0.0.0-28

package/DEPLOY.md

@@ -0,0 +1,163 @@
+# VSR Deploy Command
+
+The VSR CLI now includes a `deploy` subcommand that allows you to
+deploy your VSR instance to Cloudflare Workers using configuration
+from your `vlt.json` file.
+
+## Usage
+
+```bash
+# Deploy to default environment (dev)
+vsr deploy
+
+# Deploy to specific environment
+vsr deploy --env=prod
+
+# Preview deployment without actually deploying
+vsr deploy --dry-run
+
+# Override specific resource names
+vsr deploy --env=staging --db-name=my-custom-db --bucket-name=my-custom-bucket
+```
+
+## Configuration
+
+Add a `deploy` section to your `vlt.json` file under the `registry`
+key:
+
+```json
+{
+  "registry": {
+    "deploy": {
+      "sentry": {
+        "dsn": "https://your-default-sentry-dsn@sentry.io/project-id",
+        "sampleRate": 1.0,
+        "tracesSampleRate": 0.1
+      },
+      "environments": {
+        "dev": {
+          "databaseName": "vsr-dev-database",
+          "bucketName": "vsr-dev-bucket",
+          "queueName": "vsr-dev-cache-refresh-queue",
+          "sentry": {
+            "environment": "development"
+          },
+          "vars": {
+            "CUSTOM_VAR": "dev-value"
+          }
+        },
+        "prod": {
+          "databaseName": "vsr-prod-database",
+          "bucketName": "vsr-prod-bucket",
+          "queueName": "vsr-prod-cache-refresh-queue",
+          "sentry": {
+            "environment": "production",
+            "dsn": "https://your-prod-sentry-dsn@sentry.io/project-id",
+            "sampleRate": 0.1,
+            "tracesSampleRate": 0.01
+          },
+          "vars": {
+            "API_BASE_URL": "https://api.example.com"
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+## Configuration Options
+
+### Global Deploy Settings
+
+- `sentry.dsn`: Default Sentry DSN for error reporting
+- `sentry.sampleRate`: Default error sample rate (0.0 to 1.0)
+- `sentry.tracesSampleRate`: Default performance traces sample rate
+  (0.0 to 1.0)
+
+### Environment-Specific Settings
+
+Each environment can override any global setting and specify:
+
+- `databaseName`: D1 database name for this environment
+- `bucketName`: R2 bucket name for this environment
+- `queueName`: Queue name for cache refresh operations
+- `sentry`: Environment-specific Sentry configuration
+- `vars`: Custom environment variables to pass to the Worker
+
+### CLI Options
+
+- `--env=<string>`: Environment to deploy to (defaults to "dev")
+- `--db-name=<string>`: Override D1 database name
+- `--bucket-name=<string>`: Override R2 bucket name
+- `--queue-name=<string>`: Override queue name
+- `--dry-run`: Show what would be deployed without actually deploying
+
+## Precedence
+
+Configuration values are resolved in the following order (highest
+precedence first):
+
+1. CLI arguments (`--db-name`, `--bucket-name`, etc.)
+2. Environment-specific config (`environments.prod.databaseName`)
+3. Default values
+
+## Examples
+
+### Basic Deployment
+
+```bash
+# Deploy to development environment
+vsr deploy --env=dev
+
+# Deploy to production
+vsr deploy --env=prod
+```
+
+### Custom Resource Names
+
+```bash
+# Override database and bucket names
+vsr deploy --env=staging --db-name=my-staging-db --bucket-name=my-staging-bucket
+```
+
+### Preview Deployment
+
+```bash
+# See what would be deployed without actually deploying
+vsr deploy --env=prod --dry-run
+```
+
+### Using Custom Config File
+
+```bash
+# Use a specific vlt.json file
+vsr deploy --config=/path/to/custom-vlt.json --env=prod
+```
+
+## Generated Wrangler Command
+
+The deploy command generates a `wrangler deploy` command with the
+appropriate bindings and variables. For example:
+
+```bash
+wrangler deploy dist/index.js \
+  --name vsr-prod \
+  --compatibility-date 2024-09-23 \
+  --var SENTRY_DSN:https://your-sentry-dsn@sentry.io/project-id \
+  --var SENTRY_ENVIRONMENT:production \
+  --var ARG_DEBUG:false \
+  --var ARG_TELEMETRY:true \
+  --var ARG_DAEMON:true \
+  --d1 DB=vsr-prod-database \
+  --r2 BUCKET=vsr-prod-bucket \
+  --queue-producer CACHE_REFRESH_QUEUE=vsr-prod-cache-refresh-queue \
+  --queue-consumer vsr-prod-cache-refresh-queue
+```
+
+## Prerequisites
+
+- Wrangler CLI must be installed and authenticated
+- Cloudflare Workers account with appropriate permissions
+- D1 databases, R2 buckets, and queues must exist (or be created by
+  Wrangler)

package/LICENSE

@@ -1,15 +1,119 @@
-Copyright (c) vlt technology, Inc.
+# Functional Source License, Version 1.1, MIT Future License
 
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+## Abbreviation
 
-1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-   Subject to the terms and conditions of this license, each copyright holder and contributor hereby grants to those receiving rights under this license a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except for failure to satisfy the conditions of this license) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer this software, where such license applies only to those patent claims, already acquired or hereafter acquired, licensable by such copyright holder or contributor that are necessarily infringed by:
+FSL-1.1-MIT
 
-(a) their Contribution(s) (the licensed copyrights of copyright holders and non-copyrightable additions of contributors, in source or binary form) alone; or
-(b) combination of their Contribution(s) with the work of authorship to which such Contribution(s) was added by such copyright holder or contributor, if, at the time the Contribution is added, such addition causes such combination to be necessarily infringed. The patent license shall not apply to any other combinations which include the Contribution.
-Except as expressly stated above, no rights or licenses from any copyright holder or contributor is granted under this license, whether expressly, by implication, estoppel or otherwise.
+## Notice
 
-DISCLAIMER
+Copyright 2025 vlt technology Inc.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+## Terms and Conditions
+
+### Licensor ("We")
+
+The party offering the Software under these Terms and Conditions.
+
+### The Software
+
+The "Software" is each version of the software that we make available
+under these Terms and Conditions, as indicated by our inclusion of
+these Terms and Conditions with the Software.
+
+### License Grant
+
+Subject to your compliance with this License Grant and the Patents,
+Redistribution and Trademark clauses below, we hereby grant you the
+right to use, copy, modify, create derivative works, publicly perform,
+publicly display and redistribute the Software for any Permitted
+Purpose identified below.
+
+### Permitted Purpose
+
+A Permitted Purpose is any purpose other than a Competing Use. A
+Competing Use means making the Software available to others in a
+commercial product or service that:
+
+1. substitutes for the Software;
+
+2. substitutes for any other product or service we offer using the
+   Software that exists as of the date we make the Software available;
+   or
+
+3. offers the same or substantially similar functionality as the
+   Software.
+
+Permitted Purposes specifically include using the Software:
+
+1. for your internal use and access;
+
+2. for non-commercial education;
+
+3. for non-commercial research; and
+
+4. in connection with professional services that you provide to a
+   licensee using the Software in accordance with these Terms and
+   Conditions.
+
+### Patents
+
+To the extent your use for a Permitted Purpose would necessarily
+infringe our patents, the license grant above includes a license under
+our patents. If you make a claim against any party that the Software
+infringes or contributes to the infringement of any patent, then your
+patent license to the Software ends immediately.
+
+### Redistribution
+
+The Terms and Conditions apply to all copies, modifications and
+derivatives of the Software.
+
+If you redistribute any copies, modifications or derivatives of the
+Software, you must include a copy of or a link to these Terms and
+Conditions and not remove any copyright notices provided in or with
+the Software.
+
+### Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS
+FOR A PARTICULAR PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
+
+IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR
+RELATED TO THE SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES, EVEN IF WE HAVE BEEN INFORMED OF THEIR
+POSSIBILITY IN ADVANCE.
+
+### Trademarks
+
+Except for displaying the License Details and identifying us as the
+origin of the Software, you have no right under these Terms and
+Conditions to use our trademarks, trade names, service marks or
+product names.
+
+## Grant of Future License
+
+We hereby irrevocably grant you an additional license to use the
+Software under the MIT license that is effective on the second
+anniversary of the date we make the Software available. On or after
+that date, you may use the Software under the MIT license, in which
+case the following will apply:
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/config.ts

@@ -0,0 +1,221 @@
+// get openapi schema
+import wranglerJson from './wrangler.json' with { type: 'json' }
+import packageJson from './package.json' with { type: 'json' }
+import { apiBody } from './src/utils/docs.ts'
+import type {
+  OriginConfig,
+  CookieOptions,
+  ApiDocsConfig,
+} from './types.ts'
+
+export const YEAR = new Date().getFullYear()
+
+export const WRANGLER_CONFIG = wranglerJson.dev
+
+export const PORT = WRANGLER_CONFIG.port || (1337 as number)
+
+export const TELEMETRY_ENABLED = true as boolean
+
+export const HELP_ENABLED = false as boolean
+
+// Sentry configuration for error reporting (when telemetry is enabled)
+export const SENTRY_CONFIG = {
+  dsn: 'https://909b085eb764c00250ad312660c2fdf1@o4506397716054016.ingest.us.sentry.io/4509492612300800',
+  sendDefaultPii: true,
+  environment: 'development', // Will be overridden by environment variable
+  sampleRate: 1.0,
+  tracesSampleRate: 0.1, // Lower sample rate for performance traces
+}
+
+export const DEBUG_ENABLED = false as boolean
+
+export const API_DOCS_ENABLED = true as boolean
+
+export const DAEMON_ENABLED = true as boolean
+
+export const DAEMON_PORT = 3000 as number
+
+// Runtime configuration is now handled by configMiddleware
+// which enriches c.env with computed values like DAEMON_ENABLED, TELEMETRY_ENABLED, etc.
+
+export const DAEMON_URL = `http://localhost:${DAEMON_PORT}`
+
+export const VERSION: string = packageJson.version
+
+export const URL = `http://localhost:${PORT}`
+
+export const REDIRECT_URI = `${URL}/-/auth/callback`
+
+// how to handle packages requests
+export const ORIGIN_CONFIG: OriginConfig = {
+  default: 'local',
+  upstreams: {
+    local: {
+      type: 'local',
+      url: URL,
+      allowPublish: true,
+    },
+    npm: {
+      type: 'npm',
+      url: 'https://registry.npmjs.org',
+    },
+  },
+}
+
+// Reserved route prefixes that cannot be used as upstream names
+export const RESERVED_ROUTES: string[] = [
+  '-',
+  'user',
+  'docs',
+  'search',
+  'tokens',
+  'auth',
+  'ping',
+  'package',
+  'v1',
+  'api',
+  'admin',
+  '*', // Reserved for hash-based routes
+]
+
+// Backward compatibility - maintain old PROXY behavior
+export const PROXY: boolean =
+  Object.keys(ORIGIN_CONFIG.upstreams).length > 1
+
+export const PROXY_URL: string | undefined =
+  ORIGIN_CONFIG.upstreams[ORIGIN_CONFIG.default]?.url
+
+// the time in seconds to cache the registry
+export const REQUEST_TIMEOUT: number = 60 * 1000
+
+// cookie options
+export const COOKIE_OPTIONS: CookieOptions = {
+  path: '/',
+  httpOnly: true,
+  secure: true,
+  sameSite: 'strict',
+}
+
+// OpenAPI Docs
+export const OPEN_API_CONFIG = {
+  openapi: '3.1.0',
+  info: {
+    title: 'vlt serverless registry',
+    version: VERSION,
+    description: 'The vlt serverless registry API',
+  },
+  tags: [
+    {
+      name: 'Health Check',
+      description: 'Registry health and status endpoints',
+    },
+    {
+      name: 'Authentication',
+      description: 'User authentication and token management',
+    },
+    {
+      name: 'Packages',
+      description: 'Package publishing, downloading, and management',
+    },
+    {
+      name: 'Dist-Tags',
+      description: 'Package version tagging and lifecycle management',
+    },
+    {
+      name: 'Access Control',
+      description:
+        'Package access permissions and collaborator management',
+    },
+    {
+      name: 'Search',
+      description: 'Package discovery and search functionality',
+    },
+    {
+      name: 'Security',
+      description: 'Security auditing and vulnerability scanning',
+    },
+    {
+      name: 'Dashboard',
+      description: 'Registry dashboard and administration',
+    },
+    {
+      name: 'Static Assets',
+      description: 'Static file serving and web assets',
+    },
+    {
+      name: 'NPM Compatibility',
+      description: 'Legacy npm client compatibility redirects',
+    },
+  ],
+}
+
+// the docs configuration for the API reference
+export const SCALAR_API_CONFIG: ApiDocsConfig = {
+  metaData: {
+    title: 'vlt serverless registry',
+  },
+  hideModels: false,
+  hideDownloadButton: false,
+  darkMode: false,
+  favicon: '/public/images/favicon/favicon.svg',
+  defaultHttpClient: {
+    targetKey: 'curl',
+    clientKey: 'fetch',
+  },
+  authentication: {
+    http: {
+      bearer: {
+        token: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
+      },
+      basic: {
+        username: 'user',
+        password: 'pass',
+      },
+    },
+  },
+  hiddenClients: {
+    python: true,
+    c: true,
+    go: true,
+    java: true,
+    ruby: true,
+    shell: ['httpie', 'wget', 'fetch'],
+    clojure: true,
+    csharp: true,
+    kotlin: true,
+    objc: true,
+    swift: true,
+    r: true,
+    powershell: false,
+    ocaml: true,
+    curl: false,
+    http: true,
+    php: true,
+    node: ['request', 'unirest'],
+    javascript: ['xhr', 'jquery'],
+  },
+  spec: {
+    content: {
+      openapi: OPEN_API_CONFIG.openapi,
+      servers: [
+        {
+          url: URL,
+          description: 'localhost',
+        },
+      ],
+      info: {
+        title: 'vlt serverless registry',
+        version: VERSION,
+        license: {
+          identifier: 'FSL-1.1-MIT',
+          name: 'Functional Source License, Version 1.1, MIT Future License',
+          url: 'https://fsl.software/FSL-1.1-MIT.template.md',
+        },
+        description: apiBody({ YEAR }),
+      },
+      // Include tag ordering and descriptions
+      tags: OPEN_API_CONFIG.tags,
+    },
+  },
+  customCss: `@import '${URL}/public/styles/styles.css';`,
+}

package/dist/README.md

@@ -1 +1 @@
-This folder contains the built output assets for the worker "vsr" generated at 2025-09-04T01:54:21.292Z.
+This folder contains the built output assets for the worker "vsr" generated at 2025-09-04T03:09:25.736Z.

package/dist/bin/vsr.js

@@ -80,7 +80,7 @@ var wrangler_default = {
 // package.json
 var package_default = {
   name: "@vltpkg/vsr",
-  version: "0.0.0-27",
+  version: "0.0.0-28",
   repository: {
     type: "git",
     url: "git+https://github.com/vltpkg/vltpkg.git",
@@ -142,7 +142,7 @@ var package_default = {
     "format:check": "prettier --check . --ignore-path ../../.prettierignore --cache",
     lint: "eslint . --fix",
     "lint:check": "eslint .",
-    prepack: "pnpm build && node scripts/prepack.js",
+    prepack: "pnpm build",
     "serve:build": "pnpm --silent build && node ./dist/bin/vsr.js --debug --daemon=false",
     "serve:build:daemon": "pnpm --silent build && node ./dist/bin/vsr.js --debug --daemon=true",
     "serve:death": `echo "Killing wrangler dev processes..." && (pkill -f 'wrangler.*dev' || true) && sleep 1 && (pids=$(lsof -ti :1337 2>/dev/null; lsof -ti :3000 2>/dev/null) && [ -n "$pids" ] && echo "Force killing remaining processes: $pids" && kill -9 $pids || echo "No remaining processes found") && echo "Done."`,
@@ -154,10 +154,7 @@ var package_default = {
     typecheck: "tsc --noEmit",
     "typecheck:worker": "tsc -p tsconfig.worker.json --noEmit"
   },
-  type: "module",
-  publishConfig: {
-    directory: "./.build-publish"
-  }
+  type: "module"
 };
 
 // src/utils/docs.ts
@@ -617,6 +614,8 @@ async function deployToCloudflare() {
   const wranglerArgs = [
     "deploy",
     indexPath,
+    "--config",
+    wranglerConfigPath,
     "--name",
     `vsr-${ENV}`,
     "--compatibility-date",
@@ -696,6 +695,7 @@ var demo = path.resolve(__dirname, "./demo");
 var require2 = createRequire(import.meta.url);
 var registryRoot = path.resolve(__dirname, "../../");
 var indexPath = path.resolve(registryRoot, "dist/index.js");
+var wranglerConfigPath = path.resolve(registryRoot, "wrangler.json");
 var wranglerPkgPath = require2.resolve("wrangler/package.json");
 var wranglerRelBinPath = JSON.parse(readFileSync(wranglerPkgPath, "utf8")).bin.wrangler;
 var wranglerBinPath = require2.resolve(
@@ -743,6 +743,8 @@ void (async () => {
       [
         "dev",
         indexPath,
+        "--config",
+        wranglerConfigPath,
         "--local",
         "--persist-to=local-store",
         "--no-remote",

package/dist/index.js

@@ -1156,7 +1156,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "@vltpkg/vsr",
-      version: "0.0.0-27",
+      version: "0.0.0-28",
       repository: {
         type: "git",
         url: "git+https://github.com/vltpkg/vltpkg.git",
@@ -1218,7 +1218,7 @@ var init_package = __esm({
         "format:check": "prettier --check . --ignore-path ../../.prettierignore --cache",
         lint: "eslint . --fix",
         "lint:check": "eslint .",
-        prepack: "pnpm build && node scripts/prepack.js",
+        prepack: "pnpm build",
         "serve:build": "pnpm --silent build && node ./dist/bin/vsr.js --debug --daemon=false",
         "serve:build:daemon": "pnpm --silent build && node ./dist/bin/vsr.js --debug --daemon=true",
         "serve:death": `echo "Killing wrangler dev processes..." && (pkill -f 'wrangler.*dev' || true) && sleep 1 && (pids=$(lsof -ti :1337 2>/dev/null; lsof -ti :3000 2>/dev/null) && [ -n "$pids" ] && echo "Force killing remaining processes: $pids" && kill -9 $pids || echo "No remaining processes found") && echo "Done."`,
@@ -1230,10 +1230,7 @@ var init_package = __esm({
         typecheck: "tsc --noEmit",
         "typecheck:worker": "tsc -p tsconfig.worker.json --noEmit"
       },
-      type: "module",
-      publishConfig: {
-        directory: "./.build-publish"
-      }
+      type: "module"
     };
   }
 });