noodleseed-cli 0.1.4

package/node_modules/@noodle-borg/service/dist/service.js

@@ -0,0 +1,1163 @@
+import { randomUUID } from 'node:crypto';
+import { createServer } from 'node:http';
+import { createJwtVerifier, protectedResourceMetadata, } from '@noodle-borg/auth';
+import { compile, InMemoryCatalog } from '@noodle-borg/compiler';
+import { compileConnectors } from '@noodle-borg/connector-defs';
+import { InMemoryConnectorRegistry, MapServiceBroker, SecretBox, staticMasterKeyProvider, } from '@noodle-borg/runtime';
+import { applySecurityHeaders, createMcpRouter, effectiveProto, enforceHttps, mintCallerKey, noopLogger, verifyCallerKey, } from '@noodle-borg/transport-http';
+import { allowAllGate, GoogleControlPlaneGate, } from './auth/deploy-gate.js';
+import { isAuthServerPath } from './oauth/paths.js';
+import { InMemoryControlPlaneStore, JsonFileArtifactStore, validateOrgRole, validateSlug, validateTenantRef, } from './store.js';
+const DEFAULT_MAX_BODY = 1 << 20;
+/** Well-known prefix for OAuth 2.0 Protected Resource Metadata (RFC 9728); the resource path follows it. */
+const PRM_PREFIX = '/.well-known/oauth-protected-resource';
+/**
+ * Holds deployed servers in memory and serves them by id. Each deploy compiles an optional declarative
+ * connector catalog and the manifest (against that catalog) to a resolved artifact, then registers the
+ * resolved {@link ServedArtifact} (artifact + execution deps). The wire is stateless: the transport
+ * builds a fresh SDK server per request.
+ *
+ * With an {@link ArtifactStore} (Slice 25, ADR 0027), each deploy is also persisted as its **inputs**
+ * (the compiled artifact's deps are live closures and are not serializable) so deploys survive a process
+ * bounce. Recovery is **lazy by default** (ADR 0036): {@link get} recompiles a server from the store on its
+ * first request (a cache miss), which makes any instance able to serve any deploy on a multi-instance
+ * platform. {@link recover} eagerly recompiles **all** persisted servers and is used only for the opt-in
+ * warm-all path (`serveService({ warmAll })`). Without a store, behaviour is exactly as before (in-memory
+ * only; deploys are lost on restart).
+ */
+export class ServerRegistry {
+    #servers = new Map();
+    #records = new Map();
+    #activeTenants = new Map();
+    #store;
+    #secretBox;
+    /** Single-flight: concurrent first-hits for an uncached id share one in-flight lazy compile (ADR 0036). */
+    #inflight = new Map();
+    /**
+     * @param store optional durable store; when set, deploys are persisted and {@link recover} replays them.
+     * @param secretBox encrypts persisted secrets at rest (ADR 0028). **A file-backed `store` must be paired
+     *   with a `secretBox`** — without one, persisted secrets fall back to the interim cleartext `{enc:'none'}`
+     *   envelope. `serveService` enforces this (a `dataDir` fails closed without a master key); a caller that
+     *   constructs this directly is responsible for the same pairing.
+     */
+    constructor(store, secretBox) {
+        this.#store = store;
+        this.#secretBox = secretBox;
+    }
+    async deploy(tenant, manifest, connectors, secrets, actor, accessMode = 'caller-key', 
+    /**
+     * When true and a prior active deployment exists for this tenant, reuse its caller-key **hash** instead
+     * of minting a new key (the plaintext is unrecoverable, so none is returned). Used by `mrdn dev`
+     * to keep the local key stable across hot-reloads; the HTTP deploy route never sets it, so production
+     * redeploys keep rotating the key.
+     */
+    reuseCallerKey = false) {
+        const safeTenant = validateTenantRef(tenant);
+        // Identity-based access modes gate the data plane on verified identity, so the deploy must have an
+        // authenticated actor to establish ownership/audit provenance and avoid unauthored protected servers.
+        if (isIdentityAccessMode(accessMode) && actor === undefined) {
+            return {
+                ok: false,
+                errors: [
+                    {
+                        code: 'identity_access_requires_identity',
+                        path: 'accessMode',
+                        message: `${accessMode} deployments require an authenticated deployer`,
+                    },
+                ],
+            };
+        }
+        const built = this.#compileTarget(manifest, connectors, secrets ?? {});
+        if (!built.ok)
+            return { ok: false, errors: built.errors };
+        const deploymentId = mintDeploymentId(built.served.artifact.server.name);
+        // `caller-key`: mint a per-server caller key, store only its hash, return the key once — unless
+        // `reuseCallerKey` is set and a prior active deployment exists, in which case keep its hash (no plaintext
+        // to return). Identity modes: no shared key at all — callers authenticate with verified identity.
+        const reusedHash = accessMode === 'caller-key' && reuseCallerKey
+            ? await this.#activeCallerKeyHash(safeTenant)
+            : undefined;
+        const callerKey = accessMode === 'caller-key' && reusedHash === undefined ? mintCallerKey() : undefined;
+        const callerKeyHash = callerKey?.hash ?? reusedHash;
+        const version = Date.now();
+        const ownerSubject = accessMode === 'owner-only' ? actor?.subject : undefined;
+        // Persist before registering so a write failure fails the deploy closed (nothing is served that would
+        // silently vanish on restart). The plaintext caller key is never persisted — only its hash (ADR 0030).
+        if (this.#store) {
+            const record = {
+                schemaVersion: 1,
+                deploymentId,
+                orgSlug: safeTenant.org,
+                appSlug: safeTenant.app,
+                environment: safeTenant.env,
+                deploymentVersion: version,
+                active: true,
+                serverName: built.served.artifact.server.name,
+                createdAt: new Date().toISOString(),
+                ...(actor ? { createdBySubject: actor.subject, createdByEmail: actor.email } : {}),
+                accessMode,
+                ...(callerKeyHash ? { callerKeyHash } : {}),
+                manifest,
+                ...(connectors !== undefined ? { connectors } : {}),
+                secrets: await sealSecrets(secrets ?? {}, this.#secretBox),
+            };
+            await this.#store.append(record);
+            this.#records.set(record.deploymentId, record);
+        }
+        else {
+            for (const [id, existing] of this.#records) {
+                if (existing.active &&
+                    existing.orgSlug === safeTenant.org &&
+                    existing.appSlug === safeTenant.app &&
+                    existing.environment === safeTenant.env) {
+                    this.#records.set(id, { ...existing, active: false });
+                }
+            }
+            this.#records.set(deploymentId, {
+                schemaVersion: 1,
+                deploymentId,
+                orgSlug: safeTenant.org,
+                appSlug: safeTenant.app,
+                environment: safeTenant.env,
+                deploymentVersion: version,
+                active: true,
+                serverName: built.served.artifact.server.name,
+                createdAt: new Date().toISOString(),
+                ...(actor ? { createdBySubject: actor.subject, createdByEmail: actor.email } : {}),
+                accessMode,
+                ...(callerKeyHash ? { callerKeyHash } : {}),
+                manifest,
+                ...(connectors !== undefined ? { connectors } : {}),
+                secrets: { enc: 'none', values: secrets ?? {} },
+            });
+        }
+        this.#servers.set(deploymentId, {
+            served: built.served,
+            accessMode,
+            org: safeTenant.org,
+            ...(callerKeyHash ? { callerKeyHash } : {}),
+            ...(ownerSubject !== undefined ? { ownerSubject } : {}),
+        });
+        this.#activeTenants.set(tenantKey(safeTenant), deploymentId);
+        return {
+            ok: true,
+            deploymentId,
+            accessMode,
+            ...(callerKey ? { callerKey: callerKey.key } : {}),
+            ...(reusedHash !== undefined ? { callerKeyReused: true } : {}),
+        };
+    }
+    /**
+     * The caller-key **hash** of the tenant's current active deployment, or `undefined` if none. Checks the
+     * in-memory registry first (the `dev` hot-reload path), then the durable store. Used only by the
+     * `reuseCallerKey` deploy path to keep a key stable across redeploys without ever handling its plaintext.
+     */
+    async #activeCallerKeyHash(tenant) {
+        const cachedId = this.#activeTenants.get(tenantKey(tenant));
+        if (cachedId !== undefined) {
+            const hash = this.#servers.get(cachedId)?.callerKeyHash;
+            if (hash !== undefined)
+                return hash;
+        }
+        if (this.#store) {
+            const record = await this.#store.getActiveByTenant(tenant);
+            return record?.callerKeyHash;
+        }
+        return undefined;
+    }
+    /**
+     * Rebuild every persisted server into memory on startup. Each record is replayed through the same
+     * compile path as a fresh deploy, reusing its stored id and caller-key hash. A record that no longer
+     * compiles (e.g. source/catalog drift) is skipped and reported — the remaining servers still recover.
+     */
+    async recover() {
+        if (!this.#store)
+            return { recovered: 0, failed: [] };
+        const records = await this.#store.loadAll();
+        const failed = [];
+        let recovered = 0;
+        for (const record of records) {
+            // Decrypt the persisted secrets first; a wrong/missing master key (or tampered ciphertext) must be
+            // fail-soft (skip + report this server), not crash the whole recovery. The error message carries no
+            // secret material (SecretDecryptError is deliberately opaque).
+            let secrets;
+            try {
+                secrets = await secretsOf(record.secrets, this.#secretBox);
+            }
+            catch (error) {
+                failed.push({
+                    deploymentId: record.deploymentId,
+                    errors: [
+                        { code: 'secret_decrypt_failed', path: 'secrets', message: error.message },
+                    ],
+                });
+                continue;
+            }
+            const built = this.#compileTarget(record.manifest, record.connectors, secrets);
+            if (!built.ok) {
+                failed.push({ deploymentId: record.deploymentId, errors: built.errors });
+                continue;
+            }
+            this.#servers.set(record.deploymentId, servedTargetFor(record, built.served));
+            this.#records.set(record.deploymentId, record);
+            if (record.active) {
+                this.#activeTenants.set(tenantKey({ org: record.orgSlug, app: record.appSlug, env: record.environment }), record.deploymentId);
+            }
+            recovered++;
+        }
+        return { recovered, failed };
+    }
+    /**
+     * Compile inputs into a served artifact (artifact + execution deps) or deploy errors. Pure: no id
+     * minting, no `#servers` mutation, no persistence — the shared path for {@link deploy} and
+     * {@link recover}. Fails closed when a referenced secret has no value; the error names only the
+     * reference, never a value.
+     */
+    #compileTarget(manifest, connectors, secrets) {
+        let catalogConnectors = [];
+        let httpConnectors = [];
+        let secretBindings = [];
+        if (connectors !== undefined && connectors.trim() !== '') {
+            const cc = compileConnectors(connectors);
+            if (!cc.ok)
+                return { ok: false, errors: cc.errors };
+            catalogConnectors = cc.catalog;
+            httpConnectors = cc.connectors;
+            secretBindings = cc.secretBindings;
+        }
+        const broker = buildBroker(secretBindings, secrets);
+        if (!broker.ok)
+            return { ok: false, errors: broker.errors };
+        const compiled = compile(manifest, { catalog: new InMemoryCatalog(catalogConnectors) });
+        if (!compiled.ok)
+            return { ok: false, errors: compiled.errors };
+        return {
+            ok: true,
+            served: {
+                artifact: compiled.artifact,
+                deps: {
+                    connectors: new InMemoryConnectorRegistry(httpConnectors),
+                    broker: broker.broker,
+                },
+            },
+        };
+    }
+    /**
+     * Resolve a served server by id. A cache hit returns immediately. On a cache miss **with a durable
+     * store**, the record is point-read ({@link ArtifactStore.get}), recompiled through the shared
+     * {@link #compileTarget} path, cached, and returned — so **any instance can serve any deploy**, including
+     * one it never handled (multi-instance correctness, ADR 0036). A miss with no record resolves to
+     * `undefined` (→ `404`). A record that no longer compiles, or whose secret will not decrypt, **throws**
+     * (→ `500`) — failing only its own request, never the instance. Concurrent first-hits for the same id
+     * share one in-flight compile (single-flight).
+     */
+    async get(deploymentId) {
+        const cached = this.#servers.get(deploymentId);
+        if (cached)
+            return cached;
+        if (!this.#store)
+            return undefined;
+        const inflight = this.#inflight.get(deploymentId);
+        if (inflight)
+            return inflight;
+        const promise = this.#loadAndCompile(this.#store, deploymentId).finally(() => {
+            this.#inflight.delete(deploymentId);
+        });
+        this.#inflight.set(deploymentId, promise);
+        return promise;
+    }
+    async getActiveByTenant(ref) {
+        const safe = validateTenantRef(ref);
+        const cachedId = this.#activeTenants.get(tenantKey(safe));
+        if (cachedId !== undefined)
+            return this.get(cachedId);
+        if (!this.#store)
+            return undefined;
+        const record = await this.#store.getActiveByTenant(safe);
+        return record ? this.get(record.deploymentId) : undefined;
+    }
+    async listDeployments(filter) {
+        const org = validateSlug('org', filter.org);
+        const app = filter.app !== undefined ? validateSlug('app', filter.app) : undefined;
+        const env = filter.env !== undefined ? validateSlug('env', filter.env) : undefined;
+        if (this.#store) {
+            return this.#store.listDeployments({
+                org,
+                ...(app !== undefined ? { app } : {}),
+                ...(env !== undefined ? { env } : {}),
+            });
+        }
+        return [...this.#records.values()]
+            .filter((record) => record.orgSlug === org &&
+            (app === undefined || record.appSlug === app) &&
+            (env === undefined || record.environment === env))
+            .sort((a, b) => b.deploymentVersion - a.deploymentVersion)
+            .map(recordSummary);
+    }
+    async rotateCallerKey(tenant) {
+        const safe = validateTenantRef(tenant);
+        const active = this.#store
+            ? await this.#store.getActiveByTenant(safe)
+            : [...this.#records.values()]
+                .filter((record) => record.active &&
+                record.orgSlug === safe.org &&
+                record.appSlug === safe.app &&
+                record.environment === safe.env)
+                .sort((a, b) => b.deploymentVersion - a.deploymentVersion)[0];
+        if (!active || (active.accessMode ?? 'caller-key') !== 'caller-key')
+            return undefined;
+        const minted = mintCallerKey();
+        const updated = this.#store
+            ? await this.#store.updateActiveCallerKey(safe, minted.hash)
+            : { ...active, callerKeyHash: minted.hash };
+        if (!updated)
+            return undefined;
+        this.#records.set(updated.deploymentId, updated);
+        const cached = this.#servers.get(updated.deploymentId);
+        if (cached) {
+            this.#servers.set(updated.deploymentId, { ...cached, callerKeyHash: minted.hash });
+        }
+        return { key: minted.key, deployment: recordSummary(updated) };
+    }
+    async verifyActiveCallerKey(tenant, token) {
+        const safe = validateTenantRef(tenant);
+        const active = this.#store
+            ? await this.#store.getActiveByTenant(safe)
+            : [...this.#records.values()]
+                .filter((record) => record.active &&
+                record.orgSlug === safe.org &&
+                record.appSlug === safe.app &&
+                record.environment === safe.env)
+                .sort((a, b) => b.deploymentVersion - a.deploymentVersion)[0];
+        const hash = active?.callerKeyHash;
+        return hash !== undefined && verifyCallerKey(token, hash);
+    }
+    /**
+     * The lazy half of {@link get}: point-read one persisted record and recompile it on a cache miss. `store`
+     * is passed in (resolved by the caller) so this stays free of `#store`-narrowing. No record → `undefined`
+     * (a `404`); a decrypt or compile failure throws (a `500`) rather than masquerading as "not found".
+     */
+    async #loadAndCompile(store, deploymentId) {
+        const record = await store.get(deploymentId);
+        if (!record)
+            return undefined;
+        // A wrong/missing master key (or tampered ciphertext) throws here and propagates: the record exists but
+        // cannot be materialised (possibly transiently, e.g. KMS unavailable), so it is a `500`, not a `404`.
+        // `SecretDecryptError` is deliberately opaque — no secret material reaches the (swallowed) 500 body.
+        const secrets = await secretsOf(record.secrets, this.#secretBox);
+        const built = this.#compileTarget(record.manifest, record.connectors, secrets);
+        if (!built.ok) {
+            // The inputs compiled at deploy time; failing now is source/catalog drift — a server error. Codes
+            // only (never a secret name or value) in case this is ever logged; the client gets a generic 500.
+            throw new Error(`deployment ${deploymentId} failed to recompile (${built.errors.map((e) => e.code).join(',')})`);
+        }
+        const target = servedTargetFor(record, built.served);
+        this.#servers.set(deploymentId, target);
+        this.#records.set(deploymentId, record);
+        return target;
+    }
+    get size() {
+        return this.#servers.size;
+    }
+}
+/**
+ * Build the front-door {@link ServedTarget} for a persisted record: its access mode plus the credential the
+ * front-door checks — a caller-key hash (`caller-key`), the owner subject (`owner-only`), or the tenant org
+ * (`org-members`). A legacy record with no `accessMode` reads as `caller-key`.
+ */
+function servedTargetFor(record, served) {
+    const accessMode = record.accessMode ?? 'caller-key';
+    return {
+        served,
+        accessMode,
+        org: record.orgSlug,
+        ...(record.callerKeyHash !== undefined ? { callerKeyHash: record.callerKeyHash } : {}),
+        ...(accessMode === 'owner-only' && record.createdBySubject !== undefined
+            ? { ownerSubject: record.createdBySubject }
+            : {}),
+    };
+}
+function recordSummary(record) {
+    return {
+        deploymentId: record.deploymentId,
+        orgSlug: record.orgSlug,
+        appSlug: record.appSlug,
+        environment: record.environment,
+        active: record.active,
+        serverName: record.serverName,
+        createdAt: record.createdAt,
+        ...(record.createdByEmail !== undefined ? { createdByEmail: record.createdByEmail } : {}),
+        accessMode: record.accessMode ?? 'caller-key',
+        hasCallerKey: record.callerKeyHash !== undefined,
+    };
+}
+/**
+ * Encrypt deploy-supplied secret values into the at-rest envelope. With a {@link SecretBox} the whole
+ * map is AES-256-GCM-sealed (`aes-256-gcm`); without one — non-persistent / in-memory paths only — it
+ * falls back to the interim plaintext form (`none`). The live in-memory broker still holds plaintext;
+ * only the persisted projection is sealed.
+ */
+async function sealSecrets(values, box) {
+    if (!box)
+        return { enc: 'none', values: { ...values } };
+    return { enc: 'aes-256-gcm', sealed: await box.seal(JSON.stringify(values)) };
+}
+/**
+ * Recover plaintext secret values from a persisted envelope for replay. A `none` envelope is read
+ * directly (non-persistent/in-memory); an `aes-256-gcm` envelope is decrypted with the {@link SecretBox} —
+ * fail-closed if no box (no master key) is available, and a `SecretDecryptError` on a wrong key or
+ * tampered ciphertext.
+ */
+async function secretsOf(envelope, box) {
+    if (envelope.enc === 'none')
+        return { ...envelope.values };
+    if (!box) {
+        throw new Error('cannot recover an encrypted secret envelope without a secret master key');
+    }
+    return JSON.parse(await box.open(envelope.sealed));
+}
+/**
+ * Resolve declared secret references against the deploy-supplied values into a per-server
+ * {@link MapServiceBroker}. Each binding keyed by `(connectorId, operation?)` gets a `{token}` credential;
+ * operations with no declared auth fall back to the broker's empty-token default (preserving public-API
+ * behavior). A reference with no supplied value fails closed — the server is not registered — and the
+ * error names only the reference (never a value), keeping secrets out of error bodies and logs.
+ */
+function buildBroker(bindings, secrets) {
+    const entries = new Map();
+    const errors = [];
+    for (const binding of bindings) {
+        const value = secrets[binding.secretRef];
+        if (value === undefined) {
+            errors.push({
+                code: 'missing_secret',
+                path: `secrets.${binding.secretRef}`,
+                message: `no value supplied for required secret "${binding.secretRef}"`,
+            });
+            continue;
+        }
+        entries.set(MapServiceBroker.key(binding.connectorId, binding.operation), { token: value });
+    }
+    if (errors.length > 0)
+        return { ok: false, errors };
+    return { ok: true, broker: new MapServiceBroker(entries) };
+}
+function tenantKey(ref) {
+    return `${ref.org}/${ref.app}/${ref.env}`;
+}
+/** Build a URL-safe, human-readable id from the manifest's server name plus a short random suffix. */
+function mintDeploymentId(name) {
+    const slug = name
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-+|-+$/g, '') || 'server';
+    return `${slug}-${randomUUID().slice(0, 8)}`;
+}
+/**
+ * The combined service listener: tenant-scoped deploy management plus the multi-tenant MCP router.
+ */
+export function createServiceHandler(registry, options = {}) {
+    const logger = options.logger ?? noopLogger;
+    const tls = options.tls ?? {};
+    const controlPlane = options.controlPlaneStore ?? new InMemoryControlPlaneStore();
+    const router = createMcpRouter(() => Promise.resolve(undefined), {
+        logger,
+        tls,
+        ...(options.verifyOwnerToken ? { verifyOwnerToken: options.verifyOwnerToken } : {}),
+        authorizeDataPlaneIdentity: (input) => {
+            if (input.accessMode !== 'org-members')
+                return Promise.resolve(false);
+            return controlPlane.isOrgMember({ org: input.org, subject: input.subject });
+        },
+        verifyCallerKeyForTenant: (input) => registry.verifyActiveCallerKey(input.tenant, input.token),
+        admissionGate: createAdmissionGate(logger),
+        tenantLookup: (ref) => registry.getActiveByTenant(ref),
+    });
+    const maxBody = options.maxBodyBytes ?? DEFAULT_MAX_BODY;
+    const gate = options.deployGate ?? allowAllGate();
+    return (req, res) => {
+        const url = new URL(req.url ?? '/', 'http://localhost');
+        // Liveness/readiness probes: un-gated and **not** HTTPS-enforced — Cloud Run's internal probe is plain
+        // HTTP, so enforcing HTTPS here would `426` the probe and the revision would never go healthy (ADR 0034).
+        // `/healthz` is a pure liveness 200 (no store touch); `/readyz` reflects the injected readiness probe.
+        if (req.method === 'GET' && (url.pathname === '/healthz' || url.pathname === '/readyz')) {
+            applySecurityHeaders(res, tls);
+            if (url.pathname === '/healthz')
+                return sendJson(res, 200, { status: 'ok' });
+            void Promise.resolve(options.readinessProbe ? options.readinessProbe() : true)
+                .then((ready) => sendJson(res, ready ? 200 : 503, { status: ready ? 'ready' : 'unready' }))
+                .catch(() => sendJson(res, 503, { status: 'unready' }));
+            return;
+        }
+        // Protected-resource metadata (RFC 9728 / MCP authorization): an MCP client fetches this after a `401`
+        // from an owner-only endpoint to discover the authorization server (OA-1). The resource path follows the
+        // well-known prefix, e.g. `/.well-known/oauth-protected-resource/o/{org}/{app}/mcp`.
+        if (req.method === 'GET' && url.pathname.startsWith(PRM_PREFIX)) {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            const base = options.publicBaseUrl ?? baseFromRequest(req, tls);
+            const doc = protectedResourceMetadata({
+                resource: `${base}${url.pathname.slice(PRM_PREFIX.length)}`,
+                ...(options.authServerIssuer ? { authorizationServers: [options.authServerIssuer] } : {}),
+            });
+            return sendJson(res, 200, doc);
+        }
+        // Authorization server (OA-2): delegate the AS paths to the Express sub-app. Same HTTPS posture +
+        // security headers as the rest of the control plane; the sub-app owns content negotiation and its own
+        // CORS/rate-limit/body parsing. Delegated before the body is read so the SDK handlers can stream it.
+        if (options.authServerApp !== undefined && isAuthServerPath(url.pathname)) {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            options.authServerApp(req, res);
+            return;
+        }
+        if (url.pathname === '/v1/auth/google' && req.method === 'GET') {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            const base = options.publicBaseUrl ?? baseFromRequest(req, tls);
+            return sendJson(res, 200, {
+                ok: true,
+                service: base,
+                googleClientId: options.controlPlaneGoogleClientId ?? null,
+                allowedEmailDomain: options.controlPlaneAllowedEmailDomain ?? '@noodleseed.com',
+                authType: options.controlPlaneGoogleClientId ? 'google-oauth-pkce' : 'open-dev',
+            });
+        }
+        const deployRef = parseTenantDeployPath(url.pathname);
+        if (req.method === 'POST' && deployRef !== undefined) {
+            // Same HTTPS posture + security headers as the data plane (the router applies them for /{id}/mcp).
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            // Admin boundary: authenticate the deployer before reading the body. The gate guards only
+            // management deploys — tenant MCP routes are governed separately (caller key, Slice 24).
+            handleDeploy(req, res, registry, options, maxBody, deployRef, gate, controlPlane).catch((error) => {
+                // A thrown deploy failure (compile/seal/persist) must be observable, not a silent 500. The message
+                // is operational detail (a DB/KMS/connector fault), not a secret — values/keys are never included.
+                logger.error('deploy.error', {
+                    name: error instanceof Error ? error.name : 'unknown',
+                    message: error instanceof Error ? error.message : String(error),
+                    stack: error instanceof Error ? (error.stack ?? '').split('\n').slice(0, 4).join(' | ') : '',
+                });
+                if (!res.headersSent)
+                    sendJson(res, 500, { error: 'internal error' });
+            });
+            return;
+        }
+        if (url.pathname === '/v1/whoami' && req.method === 'GET') {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            handleWhoami(req, res, gate, controlPlane).catch(() => {
+                if (!res.headersSent)
+                    sendJson(res, 500, { error: 'internal error' });
+            });
+            return;
+        }
+        if (url.pathname === '/v1/orgs' && (req.method === 'GET' || req.method === 'POST')) {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            handleOrgs(req, res, gate, controlPlane, maxBody).catch(() => {
+                if (!res.headersSent)
+                    sendJson(res, 500, { error: 'internal error' });
+            });
+            return;
+        }
+        const membersRef = parseMembersPath(url.pathname);
+        if (membersRef !== undefined) {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            handleMembers(req, res, gate, controlPlane, maxBody, membersRef).catch(() => {
+                if (!res.headersSent)
+                    sendJson(res, 500, { error: 'internal error' });
+            });
+            return;
+        }
+        const deploymentsRef = parseDeploymentsPath(url.pathname);
+        if (deploymentsRef !== undefined && req.method === 'GET') {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            handleDeployments(req, res, registry, gate, controlPlane, deploymentsRef, url).catch(() => {
+                if (!res.headersSent)
+                    sendJson(res, 500, { error: 'internal error' });
+            });
+            return;
+        }
+        const keysRef = parseKeysPath(url.pathname);
+        if (keysRef !== undefined && (req.method === 'GET' || req.method === 'POST')) {
+            applySecurityHeaders(res, tls);
+            if (enforceHttps(req, res, tls))
+                return;
+            handleKeys(req, res, registry, gate, controlPlane, keysRef).catch(() => {
+                if (!res.headersSent)
+                    sendJson(res, 500, { error: 'internal error' });
+            });
+            return;
+        }
+        router(req, res);
+    };
+}
+async function handleDeploy(req, res, registry, options, maxBody, tenant, gate, controlPlane) {
+    const identity = await authorizeControlPlane(req, res, gate, { requireIdentity: false });
+    if (identity === false)
+        return;
+    if (identity && !identity.superAdmin) {
+        const member = await controlPlane.isOrgMember({ org: tenant.org, subject: identity.subject });
+        if (!member)
+            return sendForbidden(res, 'forbidden');
+    }
+    const body = await readBody(req, maxBody);
+    if (!body.ok)
+        return sendJson(res, 413, { error: 'request body too large' });
+    let manifest;
+    let connectors;
+    let secrets;
+    let accessMode = 'caller-key';
+    try {
+        const parsed = JSON.parse(body.text);
+        if (typeof parsed.manifest !== 'string')
+            throw new Error('body must be {"manifest": "<yaml>"}');
+        manifest = parsed.manifest;
+        if (parsed.connectors !== undefined) {
+            if (typeof parsed.connectors !== 'string')
+                throw new Error('"connectors" must be a string');
+            connectors = parsed.connectors;
+        }
+        if (parsed.secrets !== undefined) {
+            secrets = parseSecrets(parsed.secrets);
+        }
+        if (parsed.accessMode !== undefined) {
+            if (!isAccessMode(parsed.accessMode)) {
+                throw new Error('"accessMode" must be "caller-key", "owner-only", or "org-members"');
+            }
+            accessMode = parsed.accessMode;
+        }
+    }
+    catch (error) {
+        return sendJson(res, 400, { error: `invalid deploy request: ${error.message}` });
+    }
+    // Identity access modes bind the data plane to verified identity, so the deployer must be authenticated.
+    // (Localhost dev runs the gate open; such deploys are rejected for lack of an owner/audit actor.)
+    if (isIdentityAccessMode(accessMode) && !identity) {
+        return sendJson(res, 401, {
+            error: `${accessMode} deployments require an authenticated deployer`,
+        });
+    }
+    const logger = options.logger ?? noopLogger;
+    const result = await registry.deploy(tenant, manifest, connectors, secrets, identity || undefined, accessMode);
+    if (!result.ok) {
+        // Codes are safe enum strings; never a path-with-value. No secret name or value is logged.
+        logger.warn('deploy.rejected', {
+            status: 400,
+            errorCount: result.errors.length,
+            codes: result.errors.map((error) => error.code).join(','),
+        });
+        return sendJson(res, 400, { ok: false, errors: result.errors });
+    }
+    // Counts only — never secret names or values, never the minted caller key or its hash.
+    logger.info('deploy.ok', {
+        deploymentId: result.deploymentId,
+        org: tenant.org,
+        app: tenant.app,
+        env: tenant.env,
+        hasConnectors: connectors !== undefined,
+        secretCount: secrets ? Object.keys(secrets).length : 0,
+    });
+    const base = options.publicBaseUrl ?? baseFromRequest(req, options.tls ?? {});
+    return sendJson(res, 201, {
+        ok: true,
+        org: tenant.org,
+        app: tenant.app,
+        env: tenant.env,
+        deploymentId: result.deploymentId,
+        accessMode: result.accessMode,
+        url: tenant.env === 'prod'
+            ? `${base}/o/${tenant.org}/${tenant.app}/mcp`
+            : `${base}/o/${tenant.org}/${tenant.app}/${tenant.env}/mcp`,
+        // Caller-key deploys only: shown once, callers send `Authorization: Bearer <callerKey>` (only the hash
+        // is stored). Identity-based deploys mint no key — callers authenticate with their own identity.
+        ...(result.callerKey !== undefined ? { callerKey: result.callerKey } : {}),
+    });
+}
+function isAccessMode(value) {
+    return value === 'caller-key' || value === 'owner-only' || value === 'org-members';
+}
+function isIdentityAccessMode(accessMode) {
+    return accessMode === 'owner-only' || accessMode === 'org-members';
+}
+async function handleWhoami(req, res, gate, controlPlane) {
+    const identity = await authorizeControlPlane(req, res, gate, { requireIdentity: true });
+    if (identity === false)
+        return;
+    const orgs = identity.superAdmin
+        ? await controlPlane.listOrgs()
+        : await controlPlane.listOrgsForSubject(identity.subject);
+    return sendJson(res, 200, { ok: true, identity, orgs });
+}
+async function handleOrgs(req, res, gate, controlPlane, maxBody) {
+    const identity = await authorizeControlPlane(req, res, gate, { requireIdentity: true });
+    if (identity === false)
+        return;
+    if (req.method === 'GET') {
+        const orgs = identity.superAdmin
+            ? await controlPlane.listOrgs()
+            : await controlPlane.listOrgsForSubject(identity.subject);
+        return sendJson(res, 200, { ok: true, orgs });
+    }
+    if (!identity.superAdmin)
+        return sendForbidden(res, 'super-admin required');
+    const body = await readJsonBody(req, maxBody);
+    if (!body.ok)
+        return sendJson(res, body.status, { error: body.error });
+    const parsed = body.value;
+    if (typeof parsed.slug !== 'string')
+        return sendJson(res, 400, { error: '"slug" must be a string' });
+    if (parsed.displayName !== undefined && typeof parsed.displayName !== 'string') {
+        return sendJson(res, 400, { error: '"displayName" must be a string' });
+    }
+    try {
+        const org = await controlPlane.createOrg({
+            slug: parsed.slug,
+            ...(typeof parsed.displayName === 'string' ? { displayName: parsed.displayName } : {}),
+        });
+        return sendJson(res, 201, { ok: true, org });
+    }
+    catch (error) {
+        return sendJson(res, 400, { error: error.message });
+    }
+}
+async function handleMembers(req, res, gate, controlPlane, maxBody, ref) {
+    const identity = await authorizeControlPlane(req, res, gate, { requireIdentity: true });
+    if (identity === false)
+        return;
+    if (!identity.superAdmin)
+        return sendForbidden(res, 'super-admin required');
+    if (req.method === 'GET' && ref.subject === undefined) {
+        try {
+            return sendJson(res, 200, { ok: true, members: await controlPlane.listOrgMembers(ref.org) });
+        }
+        catch (error) {
+            return sendJson(res, 400, { error: error.message });
+        }
+    }
+    if (req.method === 'POST' && ref.subject === undefined) {
+        const body = await readJsonBody(req, maxBody);
+        if (!body.ok)
+            return sendJson(res, body.status, { error: body.error });
+        const parsed = body.value;
+        if (typeof parsed.subject !== 'string') {
+            return sendJson(res, 400, { error: '"subject" must be a string' });
+        }
+        if (typeof parsed.email !== 'string') {
+            return sendJson(res, 400, { error: '"email" must be a string' });
+        }
+        let role;
+        try {
+            role = validateOrgRole(typeof parsed.role === 'string' ? parsed.role : 'developer');
+        }
+        catch (error) {
+            return sendJson(res, 400, { error: error.message });
+        }
+        try {
+            const member = await controlPlane.addOrgMember({
+                org: ref.org,
+                subject: parsed.subject,
+                email: parsed.email,
+                role,
+            });
+            return sendJson(res, 201, { ok: true, member });
+        }
+        catch (error) {
+            return sendJson(res, 400, { error: error.message });
+        }
+    }
+    if (req.method === 'DELETE' && ref.subject !== undefined) {
+        await controlPlane.removeOrgMember({ org: ref.org, subject: ref.subject });
+        res.writeHead(204);
+        res.end();
+        return;
+    }
+    return sendJson(res, 404, { error: 'not found' });
+}
+async function handleDeployments(req, res, registry, gate, controlPlane, ref, url) {
+    const identity = await authorizeControlPlane(req, res, gate, { requireIdentity: true });
+    if (identity === false)
+        return;
+    if (!identity.superAdmin) {
+        const member = await controlPlane.isOrgMember({ org: ref.org, subject: identity.subject });
+        if (!member)
+            return sendForbidden(res, 'forbidden');
+    }
+    const app = url.searchParams.get('app') ?? undefined;
+    const env = url.searchParams.get('env') ?? undefined;
+    try {
+        const deployments = await registry.listDeployments({
+            org: ref.org,
+            ...(app !== undefined ? { app } : {}),
+            ...(env !== undefined ? { env } : {}),
+        });
+        return sendJson(res, 200, { ok: true, deployments });
+    }
+    catch (error) {
+        return sendJson(res, 400, { error: error.message });
+    }
+}
+async function handleKeys(req, res, registry, gate, controlPlane, ref) {
+    const identity = await authorizeControlPlane(req, res, gate, { requireIdentity: true });
+    if (identity === false)
+        return;
+    if (!identity.superAdmin) {
+        const member = await controlPlane.isOrgMember({ org: ref.org, subject: identity.subject });
+        if (!member)
+            return sendForbidden(res, 'forbidden');
+    }
+    if (req.method === 'GET' && ref.action === undefined) {
+        const deployments = await registry.listDeployments({
+            org: ref.org,
+            app: ref.app,
+            env: ref.env,
+        });
+        return sendJson(res, 200, {
+            ok: true,
+            keys: deployments
+                .filter((deployment) => deployment.active && deployment.hasCallerKey)
+                .map((deployment) => ({
+                org: deployment.orgSlug,
+                app: deployment.appSlug,
+                env: deployment.environment,
+                deploymentId: deployment.deploymentId,
+                active: deployment.active,
+                createdAt: deployment.createdAt,
+            })),
+        });
+    }
+    if (req.method === 'POST' && ref.action === 'rotate') {
+        const rotated = await registry.rotateCallerKey(ref);
+        if (!rotated) {
+            return sendJson(res, 404, {
+                error: 'no active caller-key deployment found for this app environment',
+            });
+        }
+        return sendJson(res, 201, {
+            ok: true,
+            key: {
+                org: rotated.deployment.orgSlug,
+                app: rotated.deployment.appSlug,
+                env: rotated.deployment.environment,
+                deploymentId: rotated.deployment.deploymentId,
+                active: rotated.deployment.active,
+                createdAt: new Date().toISOString(),
+            },
+            callerKey: rotated.key,
+        });
+    }
+    return sendJson(res, 404, { error: 'not found' });
+}
+async function authorizeControlPlane(req, res, gate, options) {
+    const auth = await gate.authorize(req);
+    if (!auth.ok) {
+        if (auth.status === 401)
+            sendUnauthorized(res, auth.message);
+        else
+            sendForbidden(res, auth.message);
+        return false;
+    }
+    if (options.requireIdentity && !auth.identity) {
+        sendUnauthorized(res, 'identity required');
+        return false;
+    }
+    return auth.identity;
+}
+function parseTenantDeployPath(pathname) {
+    const match = /^\/v1\/orgs\/([^/]+)\/apps\/([^/]+)\/envs\/([^/]+)\/deploy$/.exec(pathname);
+    if (!match)
+        return undefined;
+    try {
+        return validateTenantRef({
+            org: decodeURIComponent(match[1]),
+            app: decodeURIComponent(match[2]),
+            env: decodeURIComponent(match[3]),
+        });
+    }
+    catch {
+        return undefined;
+    }
+}
+function parseMembersPath(pathname) {
+    const collection = /^\/v1\/orgs\/([^/]+)\/members$/.exec(pathname);
+    if (collection) {
+        try {
+            return { org: validateSlug('org', decodeURIComponent(collection[1])) };
+        }
+        catch {
+            return undefined;
+        }
+    }
+    const item = /^\/v1\/orgs\/([^/]+)\/members\/([^/]+)$/.exec(pathname);
+    if (!item)
+        return undefined;
+    try {
+        return {
+            org: validateSlug('org', decodeURIComponent(item[1])),
+            subject: decodeURIComponent(item[2]),
+        };
+    }
+    catch {
+        return undefined;
+    }
+}
+function parseDeploymentsPath(pathname) {
+    const match = /^\/v1\/orgs\/([^/]+)\/deployments$/.exec(pathname);
+    if (!match)
+        return undefined;
+    try {
+        return { org: validateSlug('org', decodeURIComponent(match[1])) };
+    }
+    catch {
+        return undefined;
+    }
+}
+function parseKeysPath(pathname) {
+    const match = /^\/v1\/orgs\/([^/]+)\/apps\/([^/]+)\/envs\/([^/]+)\/keys(?:\/(rotate))?$/.exec(pathname);
+    if (!match)
+        return undefined;
+    try {
+        const ref = validateTenantRef({
+            org: decodeURIComponent(match[1]),
+            app: decodeURIComponent(match[2]),
+            env: decodeURIComponent(match[3]),
+        });
+        return { ...ref, ...(match[4] === 'rotate' ? { action: 'rotate' } : {}) };
+    }
+    catch {
+        return undefined;
+    }
+}
+function createAdmissionGate(_logger) {
+    return async () => ({ allow: true });
+}
+/**
+ * Validate the deploy request's `secrets` field into a `name -> value` map. Rejects a non-object or a
+ * non-string value, naming only the offending key (never a value) so secrets never reach an error body.
+ */
+function parseSecrets(raw) {
+    if (typeof raw !== 'object' || raw === null || Array.isArray(raw)) {
+        throw new Error('"secrets" must be an object of string values');
+    }
+    const out = {};
+    for (const [name, value] of Object.entries(raw)) {
+        if (typeof value !== 'string')
+            throw new Error(`secret "${name}" must be a string`);
+        out[name] = value;
+    }
+    return out;
+}
+function baseFromRequest(req, tls) {
+    const host = req.headers.host ?? 'localhost';
+    return `${effectiveProto(req, tls.trustProxy ?? false)}://${host}`;
+}
+/** Start the deploy service on its own `node:http` server (used by the `noodle-service` bin). */
+export async function serveService(options = {}) {
+    const host = options.host ?? '127.0.0.1';
+    const gate = options.deployGate ??
+        (options.googleClientId !== undefined
+            ? new GoogleControlPlaneGate({
+                audience: options.googleClientId,
+                admins: options.controlPlaneAdmins ?? [],
+                ...(options.controlPlaneAllowedEmailDomain !== undefined
+                    ? { allowedEmailDomain: options.controlPlaneAllowedEmailDomain }
+                    : {}),
+                ...(options.googleVerifier ? { verifier: options.googleVerifier } : {}),
+            })
+            : undefined);
+    // Fail closed: never expose an unauthenticated deploy endpoint on a non-loopback bind.
+    if (gate === undefined && !isLoopbackHost(host)) {
+        throw new Error(`refusing to bind a non-loopback host (${host}) without deploy authentication; ` +
+            'set NOODLE_GOOGLE_CLIENT_ID (or pass a deployGate)');
+    }
+    // Select exactly one durable backend: Postgres (cloud, ADR 0035) > file (local) > in-memory. The
+    // Postgres modules are loaded lazily so `pg` / the Cloud SQL connector are never pulled in on the
+    // file/in-memory paths (keeping the default startup light and dependency-free).
+    let store;
+    let controlPlaneStore = options.controlPlaneStore;
+    let pgPool;
+    if (options.databaseUrl !== undefined || options.cloudSql !== undefined) {
+        const [{ createPostgresPool }, { PostgresArtifactStore }] = await Promise.all([
+            import('./store/cloudsql-pool.js'),
+            import('./store/postgres.js'),
+        ]);
+        pgPool = await createPostgresPool({
+            ...(options.databaseUrl !== undefined ? { databaseUrl: options.databaseUrl } : {}),
+            ...(options.cloudSql !== undefined ? { cloudSql: options.cloudSql } : {}),
+        });
+        const postgres = new PostgresArtifactStore(pgPool.pool);
+        await postgres.ensureSchema();
+        store = postgres;
+        controlPlaneStore = controlPlaneStore ?? postgres;
+    }
+    else if (options.dataDir !== undefined) {
+        store = new JsonFileArtifactStore(options.dataDir);
+    }
+    controlPlaneStore = controlPlaneStore ?? new InMemoryControlPlaneStore();
+    // Fail closed: any durable store must encrypt secrets at rest, so it requires a master-key custodian. A
+    // KMS key (the KEK never enters the process — ADR 0037) takes precedence over a static key; an
+    // absent/invalid key throws here, before any traffic is served. The KMS adapter + its `@google-cloud/kms`
+    // SDK load lazily, so a static/file deployment never pulls them in.
+    let secretBox;
+    if (store) {
+        if (options.kmsKeyName !== undefined) {
+            const { gcpKmsMasterKeyProvider } = await import('./secret/kms-master-key.js');
+            secretBox = new SecretBox(gcpKmsMasterKeyProvider({ keyName: options.kmsKeyName }));
+        }
+        else if (options.secretMasterKey !== undefined) {
+            secretBox = new SecretBox(staticMasterKeyProvider(options.secretMasterKey));
+        }
+        else {
+            throw new Error('persistence requires a secret master-key custodian; set NOODLE_KMS_KEY or NOODLE_SECRET_MASTER_KEY');
+        }
+    }
+    // Self-hosted authorization server (OA-2): build the AS Express app + its state store (the shared Postgres
+    // store when persistence is on, else in-memory). Express + the SDK auth handlers load lazily, only here, so
+    // an AS-less deployment never pulls them in. Owner-only token verification is wired to the same signing key
+    // in-process (no JWKS round-trip), which is correct because every instance shares the static key via env.
+    let authServerApp;
+    let resolvedVerifyOwnerToken = options.verifyOwnerToken;
+    let resolvedAuthServerIssuer = options.authServerIssuer;
+    if (options.oauth) {
+        let oauthStore;
+        if (pgPool) {
+            const { PostgresOAuthStore } = await import('./oauth/store-postgres.js');
+            const postgresOAuth = new PostgresOAuthStore(pgPool.pool);
+            await postgresOAuth.ensureSchema();
+            oauthStore = postgresOAuth;
+        }
+        else {
+            const { InMemoryOAuthStore } = await import('./oauth/store.js');
+            oauthStore = new InMemoryOAuthStore();
+        }
+        const [{ NoodleOAuthProvider }, { createOAuthApp }] = await Promise.all([
+            import('./oauth/provider.js'),
+            import('./oauth/app.js'),
+        ]);
+        // Normalize once so the token `iss`, the verifier's expected issuer, and the PRM `authorization_servers`
+        // entry are byte-identical (a trailing-slash `PUBLIC_BASE_URL` would otherwise desync them).
+        const oauthIssuer = options.oauth.issuer.replace(/\/+$/, '');
+        const provider = new NoodleOAuthProvider({
+            issuer: oauthIssuer,
+            store: oauthStore,
+            signer: options.oauth.signer,
+            google: options.oauth.google,
+            ...(options.oauth.allowedEmailDomain !== undefined
+                ? { allowedEmailDomain: options.oauth.allowedEmailDomain }
+                : {}),
+        });
+        authServerApp = createOAuthApp(provider);
+        resolvedAuthServerIssuer = resolvedAuthServerIssuer ?? oauthIssuer;
+        // Resource-server verification uses the AS signing key directly (co-hosted, same process), so an
+        // owner-only endpoint validates tokens without an HTTP JWKS fetch. Multi-instance-safe because the key is
+        // shared via env.
+        resolvedVerifyOwnerToken =
+            resolvedVerifyOwnerToken ??
+                createJwtVerifier({
+                    issuer: oauthIssuer,
+                    keyResolver: await options.oauth.signer.verifierKey(),
+                });
+    }
+    const registry = new ServerRegistry(store, secretBox);
+    // Recovery is lazy by default (ADR 0036): each server recompiles on its first request, which is correct
+    // on a multi-instance platform (any instance serves any deploy) and a cheaper cold start. `warmAll` opts
+    // into eager recompile-all-on-boot (boot-time validation of every server, for a pinned/on-prem instance).
+    const recovered = store && options.warmAll ? await registry.recover() : undefined;
+    // Readiness reflects durable-store reachability. Built here so the handler never imports `pg`; a
+    // file/in-memory deployment is always ready.
+    const readinessProbe = pgPool
+        ? async () => {
+            try {
+                await pgPool.pool.query('SELECT 1');
+                return true;
+            }
+            catch {
+                return false;
+            }
+        }
+        : async () => true;
+    const handlerOptions = {
+        ...options,
+        readinessProbe,
+        controlPlaneStore,
+        ...(options.googleClientId !== undefined
+            ? { controlPlaneGoogleClientId: options.googleClientId }
+            : {}),
+        ...(gate ? { deployGate: gate } : {}),
+        ...(resolvedVerifyOwnerToken ? { verifyOwnerToken: resolvedVerifyOwnerToken } : {}),
+        ...(resolvedAuthServerIssuer ? { authServerIssuer: resolvedAuthServerIssuer } : {}),
+        ...(authServerApp ? { authServerApp } : {}),
+    };
+    const http = createServer(createServiceHandler(registry, handlerOptions));
+    return new Promise((resolve) => {
+        http.listen(options.port ?? 8787, host, () => {
+            const { port } = http.address();
+            resolve({
+                http,
+                url: `http://${host}:${port}`,
+                port,
+                registry,
+                ...(recovered ? { recovered } : {}),
+                close: async () => {
+                    await new Promise((res, rej) => http.close((e) => (e ? rej(e) : res())));
+                    if (pgPool)
+                        await pgPool.close();
+                },
+            });
+        });
+    });
+}
+async function readBody(req, max) {
+    const chunks = [];
+    let size = 0;
+    for await (const chunk of req) {
+        const buf = chunk;
+        size += buf.length;
+        if (size > max)
+            return { ok: false };
+        chunks.push(buf);
+    }
+    return { ok: true, text: Buffer.concat(chunks).toString('utf8') };
+}
+async function readJsonBody(req, max) {
+    const body = await readBody(req, max);
+    if (!body.ok)
+        return { ok: false, status: 413, error: 'request body too large' };
+    try {
+        return { ok: true, value: JSON.parse(body.text) };
+    }
+    catch (error) {
+        return { ok: false, status: 400, error: `invalid JSON: ${error.message}` };
+    }
+}
+function sendJson(res, status, body) {
+    res.writeHead(status, { 'content-type': 'application/json; charset=utf-8' });
+    res.end(JSON.stringify(body));
+}
+function sendUnauthorized(res, message = 'unauthorized') {
+    res.writeHead(401, {
+        'content-type': 'application/json; charset=utf-8',
+        'www-authenticate': 'Bearer realm="noodle-deploy"',
+    });
+    res.end(JSON.stringify({ error: message }));
+}
+function sendForbidden(res, message) {
+    res.writeHead(403, { 'content-type': 'application/json; charset=utf-8' });
+    res.end(JSON.stringify({ error: message }));
+}
+/** Loopback hosts may run the control plane without auth; any other bind must configure auth. */
+function isLoopbackHost(host) {
+    return host === '127.0.0.1' || host === '::1' || host === 'localhost';
+}
+//# sourceMappingURL=service.js.map