githolon 0.34.1 → 0.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.mjs +45 -2
- package/package.json +3 -3
package/dist/cli.mjs
CHANGED
|
@@ -1540,11 +1540,35 @@ function author(eng, ws, domain, directiveId, payload, controllerHash, opts = {}
|
|
|
1540
1540
|
capPorts.principal_verified = !!opts.principalVerified;
|
|
1541
1541
|
}
|
|
1542
1542
|
const envelope = { payload: { domain, directiveId, payload }, captured_ports: capPorts, policy_version: 1, policy_domain: "Nomos", policy_gas: 0, policy_memory: 0 };
|
|
1543
|
+
if (opts.attestations !== void 0) envelope.attestations = opts.attestations;
|
|
1543
1544
|
writeWork(eng, `payload-${seq}.json`, enc3.encode(JSON.stringify(payload)));
|
|
1544
1545
|
writeWork(eng, `envelope-${seq}.json`, enc3.encode(stringifyBig(envelope)));
|
|
1545
1546
|
const genesis = !controllerHash;
|
|
1547
|
+
const attestorSecretFor = (from) => {
|
|
1548
|
+
const s = opts.attestorSecrets;
|
|
1549
|
+
if (!s) return null;
|
|
1550
|
+
if (typeof s === "string") return s;
|
|
1551
|
+
return typeof s[from] === "string" ? s[from] : null;
|
|
1552
|
+
};
|
|
1546
1553
|
const defer = opts.deferProjection !== false;
|
|
1547
|
-
const
|
|
1554
|
+
const offerOnce = () => JSON.parse(call(eng.ex, "offer", { repoArg: repoArgOf(ws), workspace: ws, domain, directiveId, payloadFile: `/work/payload-${seq}.json`, envelopeFile: `/work/envelope-${seq}.json`, seq, actor: opts.actor ?? "", ...opts.authToken ? { authToken: opts.authToken } : {}, domainFile: genesis ? "/work/domain.package.usda" : "", domainHash: genesis ? "" : controllerHash, branch: BRANCH, ...opts.authorSecret ? { authorSecret: opts.authorSecret } : {}, ...opts.dryRun ? { dryRun: true } : defer ? { deferProjection: true } : {} }, eng.STDERR));
|
|
1555
|
+
let v = offerOnce();
|
|
1556
|
+
for (let pass = 0; pass < 8 && v.outcome === "refused"; pass++) {
|
|
1557
|
+
const need = parseAttestedReadNeed(v.verdict?.reason ?? v.error);
|
|
1558
|
+
if (!need || !eng.mounted.has(need.from)) break;
|
|
1559
|
+
const secret = attestorSecretFor(need.from);
|
|
1560
|
+
if (!secret) break;
|
|
1561
|
+
const served = attestedRead(eng, need.from, {
|
|
1562
|
+
queryId: need.queryId,
|
|
1563
|
+
paramsJson: JSON.stringify(need.args),
|
|
1564
|
+
attestorSecret: secret,
|
|
1565
|
+
nowMs: opts.attestNowMs ?? Date.now()
|
|
1566
|
+
});
|
|
1567
|
+
if (!served || served.ok !== true) break;
|
|
1568
|
+
envelope.attestations = [...envelope.attestations ?? [], { queryId: need.queryId, result: served.rows, attestation: served.attestation }];
|
|
1569
|
+
writeWork(eng, `envelope-${seq}.json`, enc3.encode(stringifyBig(envelope)));
|
|
1570
|
+
v = offerOnce();
|
|
1571
|
+
}
|
|
1548
1572
|
const res = v.outcome === "admitted" ? { ok: true, head: v.head, intentOut: v.intentOut, ...v.born ? { born: v.born } : {} } : v.outcome === "refused" ? { ok: false, error: v.verdict?.reason ?? v.error } : v;
|
|
1549
1573
|
if (defer && res.ok) (eng.pendingProjection ??= /* @__PURE__ */ new Set()).add(ws);
|
|
1550
1574
|
return res;
|
|
@@ -1577,6 +1601,19 @@ async function custodyFetch(eng, ws, ledger, { remoteRef = "refs/heads/main", lo
|
|
|
1577
1601
|
kgit.writeRef(eng, gitdirOf(ws), fullRef(localRef || remoteRef), tip);
|
|
1578
1602
|
return tip;
|
|
1579
1603
|
}
|
|
1604
|
+
function parseAttestedReadNeed(error) {
|
|
1605
|
+
const m = /attested-read-unreachable: read\('([^']+)', \{from: '([^']+)'\}\) args=(.*?) has no injected attestation/.exec(String(error || ""));
|
|
1606
|
+
if (!m) return null;
|
|
1607
|
+
let blob = m[3];
|
|
1608
|
+
for (let i = 0; i < 4; i++) {
|
|
1609
|
+
try {
|
|
1610
|
+
return { queryId: m[1], from: m[2], args: JSON.parse(blob) };
|
|
1611
|
+
} catch {
|
|
1612
|
+
blob = blob.replace(/\\(["\\])/g, "$1");
|
|
1613
|
+
}
|
|
1614
|
+
}
|
|
1615
|
+
return null;
|
|
1616
|
+
}
|
|
1580
1617
|
function offerIntent(eng, ws, bytes, opts) {
|
|
1581
1618
|
const name = `offer-in-${eng.seq++}.json`;
|
|
1582
1619
|
writeWork(eng, name, bytes);
|
|
@@ -1594,7 +1631,7 @@ function applyIntentBytes(eng, ws, bytes, opts) {
|
|
|
1594
1631
|
function verifyChainLocal(eng, ws) {
|
|
1595
1632
|
return JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "verifyChain" }), branch: BRANCH }, eng.STDERR));
|
|
1596
1633
|
}
|
|
1597
|
-
var enc3, dec3, BRANCH, RESULT_PACK_INLINE_MAX, repoArgOf, gitdirOf, unpack, repoArgOfGitdir, bytesFromB64, kgit, installPayload, fullRef, applyPackInto, custodyLsRefs, qById, query, cryptoUnwrapKey, count, sum;
|
|
1634
|
+
var enc3, dec3, BRANCH, RESULT_PACK_INLINE_MAX, repoArgOf, gitdirOf, unpack, repoArgOfGitdir, bytesFromB64, kgit, installPayload, fullRef, applyPackInto, custodyLsRefs, qById, query, attestedRead, cryptoUnwrapKey, count, sum;
|
|
1598
1635
|
var init_engine = __esm({
|
|
1599
1636
|
"vendor/engine/engine.mjs"() {
|
|
1600
1637
|
"use strict";
|
|
@@ -1651,6 +1688,12 @@ var init_engine = __esm({
|
|
|
1651
1688
|
custodyLsRefs = (ledger, prefix = null) => lsRefs(ledger.remote, ledger.headers || {}, { service: "git-upload-pack", prefix });
|
|
1652
1689
|
qById = (eng, ws, id, principal = "", keys = []) => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "byId", aggregateId: id }), principal, keys, branch: BRANCH }, eng.STDERR));
|
|
1653
1690
|
query = (eng, ws, queryId, paramsJson, principal = "", keys = []) => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ kind: "query", queryId, paramsJson }), principal, keys, branch: BRANCH }, eng.STDERR));
|
|
1691
|
+
attestedRead = (eng, ws, { queryId, paramsJson, attestorSecret, nowMs }) => JSON.parse(call(eng.ex, "query", {
|
|
1692
|
+
repoArg: repoArgOf(ws),
|
|
1693
|
+
workspace: ws,
|
|
1694
|
+
branch: BRANCH,
|
|
1695
|
+
queryBytes: b64Json({ op: "attestedRead", queryId, paramsJson: paramsJson || "{}", attestorSecret, nowMs: nowMs ?? Date.now(), sourceWorkspace: ws })
|
|
1696
|
+
}, eng.STDERR));
|
|
1654
1697
|
cryptoUnwrapKey = (eng, { secret, hpkeEpk, ct }) => JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "cryptoUnwrapKey", secret, hpkeEpk, ct }) }, eng.STDERR)).scopeKey;
|
|
1655
1698
|
count = (eng, ws, countId, groupKey, principal = "") => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "count", countId, groupKey }), principal, branch: BRANCH }, eng.STDERR));
|
|
1656
1699
|
sum = (eng, ws, sumId, groupKey, principal = "") => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "sum", sumId, groupKey }), principal, branch: BRANCH }, eng.STDERR));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "githolon",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.35.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "githolon — the Nomos developer CLI: Rails-style generators for @githolon/dsl domains + the package compiler. Kernel-independent.",
|
|
6
6
|
"license": "SEE LICENSE IN LICENSE.md",
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
},
|
|
30
30
|
"dependencies": {
|
|
31
31
|
"@bjorn3/browser_wasi_shim": "0.4.2",
|
|
32
|
-
"@githolon/client": "^0.
|
|
33
|
-
"@githolon/dsl": "^0.
|
|
32
|
+
"@githolon/client": "^0.35.0",
|
|
33
|
+
"@githolon/dsl": "^0.35.0",
|
|
34
34
|
"isomorphic-git": "^1.38.4"
|
|
35
35
|
},
|
|
36
36
|
"devDependencies": {
|