noodleseed-cli 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +176 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +625 -0
- package/dist/cli.js.map +1 -0
- package/dist/config.d.ts +52 -0
- package/dist/config.d.ts.map +1 -0
- package/dist/config.js +77 -0
- package/dist/config.js.map +1 -0
- package/dist/control-plane.d.ts +33 -0
- package/dist/control-plane.d.ts.map +1 -0
- package/dist/control-plane.js +223 -0
- package/dist/control-plane.js.map +1 -0
- package/dist/deploy.d.ts +62 -0
- package/dist/deploy.d.ts.map +1 -0
- package/dist/deploy.js +182 -0
- package/dist/deploy.js.map +1 -0
- package/dist/dev.d.ts +50 -0
- package/dist/dev.d.ts.map +1 -0
- package/dist/dev.js +223 -0
- package/dist/dev.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -0
- package/dist/validate.d.ts +37 -0
- package/dist/validate.d.ts.map +1 -0
- package/dist/validate.js +46 -0
- package/dist/validate.js.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/index.d.ts +14 -0
- package/node_modules/@noodle-borg/auth/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/index.js +14 -0
- package/node_modules/@noodle-borg/auth/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/jwt-issuer.d.ts +21 -0
- package/node_modules/@noodle-borg/auth/dist/jwt-issuer.d.ts.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/jwt-issuer.js +24 -0
- package/node_modules/@noodle-borg/auth/dist/jwt-issuer.js.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/metadata.d.ts +27 -0
- package/node_modules/@noodle-borg/auth/dist/metadata.d.ts.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/metadata.js +21 -0
- package/node_modules/@noodle-borg/auth/dist/metadata.js.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/signer.d.ts +45 -0
- package/node_modules/@noodle-borg/auth/dist/signer.d.ts.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/signer.js +47 -0
- package/node_modules/@noodle-borg/auth/dist/signer.js.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/verify.d.ts +42 -0
- package/node_modules/@noodle-borg/auth/dist/verify.d.ts.map +1 -0
- package/node_modules/@noodle-borg/auth/dist/verify.js +48 -0
- package/node_modules/@noodle-borg/auth/dist/verify.js.map +1 -0
- package/node_modules/@noodle-borg/auth/package.json +27 -0
- package/node_modules/@noodle-borg/authoring/dist/index.d.ts +200 -0
- package/node_modules/@noodle-borg/authoring/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/authoring/dist/index.js +504 -0
- package/node_modules/@noodle-borg/authoring/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/authoring/package.json +29 -0
- package/node_modules/@noodle-borg/compiler/dist/artifact/types.d.ts +203 -0
- package/node_modules/@noodle-borg/compiler/dist/artifact/types.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/artifact/types.js +20 -0
- package/node_modules/@noodle-borg/compiler/dist/artifact/types.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/in-memory.d.ts +13 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/in-memory.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/in-memory.js +19 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/in-memory.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/signature.d.ts +11 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/signature.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/signature.js +31 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/signature.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/types.d.ts +43 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/types.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/types.js +11 -0
- package/node_modules/@noodle-borg/compiler/dist/catalog/types.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/cli.d.ts +3 -0
- package/node_modules/@noodle-borg/compiler/dist/cli.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/cli.js +19 -0
- package/node_modules/@noodle-borg/compiler/dist/cli.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/compile.d.ts +50 -0
- package/node_modules/@noodle-borg/compiler/dist/compile.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/compile.js +719 -0
- package/node_modules/@noodle-borg/compiler/dist/compile.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/errors.d.ts +27 -0
- package/node_modules/@noodle-borg/compiler/dist/errors.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/errors.js +2 -0
- package/node_modules/@noodle-borg/compiler/dist/errors.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/index.d.ts +13 -0
- package/node_modules/@noodle-borg/compiler/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/index.js +11 -0
- package/node_modules/@noodle-borg/compiler/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/expression.d.ts +136 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/expression.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/expression.js +552 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/expression.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/naming.d.ts +14 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/naming.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/naming.js +18 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/naming.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema-refs.d.ts +24 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema-refs.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema-refs.js +149 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema-refs.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema.d.ts +97 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema.js +157 -0
- package/node_modules/@noodle-borg/compiler/dist/manifest/schema.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/schema-export.d.ts +6 -0
- package/node_modules/@noodle-borg/compiler/dist/schema-export.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/schema-export.js +28 -0
- package/node_modules/@noodle-borg/compiler/dist/schema-export.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/suggest.d.ts +41 -0
- package/node_modules/@noodle-borg/compiler/dist/suggest.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/suggest.js +105 -0
- package/node_modules/@noodle-borg/compiler/dist/suggest.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/uri-template.d.ts +33 -0
- package/node_modules/@noodle-borg/compiler/dist/uri-template.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compiler/dist/uri-template.js +83 -0
- package/node_modules/@noodle-borg/compiler/dist/uri-template.js.map +1 -0
- package/node_modules/@noodle-borg/compiler/package.json +32 -0
- package/node_modules/@noodle-borg/compute/dist/code-connector.d.ts +45 -0
- package/node_modules/@noodle-borg/compute/dist/code-connector.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compute/dist/code-connector.js +53 -0
- package/node_modules/@noodle-borg/compute/dist/code-connector.js.map +1 -0
- package/node_modules/@noodle-borg/compute/dist/engine.d.ts +73 -0
- package/node_modules/@noodle-borg/compute/dist/engine.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compute/dist/engine.js +31 -0
- package/node_modules/@noodle-borg/compute/dist/engine.js.map +1 -0
- package/node_modules/@noodle-borg/compute/dist/index.d.ts +4 -0
- package/node_modules/@noodle-borg/compute/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compute/dist/index.js +4 -0
- package/node_modules/@noodle-borg/compute/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/compute/dist/quickjs-engine.d.ts +31 -0
- package/node_modules/@noodle-borg/compute/dist/quickjs-engine.d.ts.map +1 -0
- package/node_modules/@noodle-borg/compute/dist/quickjs-engine.js +271 -0
- package/node_modules/@noodle-borg/compute/dist/quickjs-engine.js.map +1 -0
- package/node_modules/@noodle-borg/compute/package.json +29 -0
- package/node_modules/@noodle-borg/connector-defs/dist/compile.d.ts +46 -0
- package/node_modules/@noodle-borg/connector-defs/dist/compile.d.ts.map +1 -0
- package/node_modules/@noodle-borg/connector-defs/dist/compile.js +289 -0
- package/node_modules/@noodle-borg/connector-defs/dist/compile.js.map +1 -0
- package/node_modules/@noodle-borg/connector-defs/dist/index.d.ts +3 -0
- package/node_modules/@noodle-borg/connector-defs/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/connector-defs/dist/index.js +3 -0
- package/node_modules/@noodle-borg/connector-defs/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/connector-defs/dist/schema.d.ts +332 -0
- package/node_modules/@noodle-borg/connector-defs/dist/schema.d.ts.map +1 -0
- package/node_modules/@noodle-borg/connector-defs/dist/schema.js +105 -0
- package/node_modules/@noodle-borg/connector-defs/dist/schema.js.map +1 -0
- package/node_modules/@noodle-borg/connector-defs/package.json +32 -0
- package/node_modules/@noodle-borg/connector-http/dist/http-connector.d.ts +86 -0
- package/node_modules/@noodle-borg/connector-http/dist/http-connector.d.ts.map +1 -0
- package/node_modules/@noodle-borg/connector-http/dist/http-connector.js +138 -0
- package/node_modules/@noodle-borg/connector-http/dist/http-connector.js.map +1 -0
- package/node_modules/@noodle-borg/connector-http/dist/index.d.ts +3 -0
- package/node_modules/@noodle-borg/connector-http/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/connector-http/dist/index.js +3 -0
- package/node_modules/@noodle-borg/connector-http/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/connector-http/dist/ssrf.d.ts +45 -0
- package/node_modules/@noodle-borg/connector-http/dist/ssrf.d.ts.map +1 -0
- package/node_modules/@noodle-borg/connector-http/dist/ssrf.js +57 -0
- package/node_modules/@noodle-borg/connector-http/dist/ssrf.js.map +1 -0
- package/node_modules/@noodle-borg/connector-http/package.json +30 -0
- package/node_modules/@noodle-borg/protocol/dist/adapter.d.ts +73 -0
- package/node_modules/@noodle-borg/protocol/dist/adapter.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/adapter.js +2 -0
- package/node_modules/@noodle-borg/protocol/dist/adapter.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/adapters/mcp-2025-11-25.d.ts +19 -0
- package/node_modules/@noodle-borg/protocol/dist/adapters/mcp-2025-11-25.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/adapters/mcp-2025-11-25.js +34 -0
- package/node_modules/@noodle-borg/protocol/dist/adapters/mcp-2025-11-25.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/index.d.ts +5 -0
- package/node_modules/@noodle-borg/protocol/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/index.js +5 -0
- package/node_modules/@noodle-borg/protocol/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/jsonrpc.d.ts +19 -0
- package/node_modules/@noodle-borg/protocol/dist/jsonrpc.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/jsonrpc.js +14 -0
- package/node_modules/@noodle-borg/protocol/dist/jsonrpc.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/mapping.d.ts +133 -0
- package/node_modules/@noodle-borg/protocol/dist/mapping.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/mapping.js +181 -0
- package/node_modules/@noodle-borg/protocol/dist/mapping.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/negotiate.d.ts +13 -0
- package/node_modules/@noodle-borg/protocol/dist/negotiate.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/negotiate.js +18 -0
- package/node_modules/@noodle-borg/protocol/dist/negotiate.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/registry.d.ts +17 -0
- package/node_modules/@noodle-borg/protocol/dist/registry.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/registry.js +33 -0
- package/node_modules/@noodle-borg/protocol/dist/registry.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/sdk-server.d.ts +22 -0
- package/node_modules/@noodle-borg/protocol/dist/sdk-server.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/sdk-server.js +91 -0
- package/node_modules/@noodle-borg/protocol/dist/sdk-server.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/server.d.ts +38 -0
- package/node_modules/@noodle-borg/protocol/dist/server.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/server.js +89 -0
- package/node_modules/@noodle-borg/protocol/dist/server.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/stateless.d.ts +14 -0
- package/node_modules/@noodle-borg/protocol/dist/stateless.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/stateless.js +28 -0
- package/node_modules/@noodle-borg/protocol/dist/stateless.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/bootstrap.d.ts +24 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/bootstrap.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/bootstrap.js +165 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/bootstrap.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/ext-apps-bundle.d.ts +4 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/ext-apps-bundle.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/ext-apps-bundle.js +10 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/ext-apps-bundle.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/inject.d.ts +8 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/inject.d.ts.map +1 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/inject.js +36 -0
- package/node_modules/@noodle-borg/protocol/dist/widget/inject.js.map +1 -0
- package/node_modules/@noodle-borg/protocol/package.json +29 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/map.d.ts +29 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/map.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/map.js +38 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/map.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.d.ts +103 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.js +118 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/static.d.ts +12 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/static.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/static.js +15 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/static.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/types.d.ts +28 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/types.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/types.js +2 -0
- package/node_modules/@noodle-borg/runtime/dist/broker/types.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.d.ts +29 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.js +37 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/types.d.ts +41 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/types.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/types.js +2 -0
- package/node_modules/@noodle-borg/runtime/dist/connector/types.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/eval/evaluate.d.ts +39 -0
- package/node_modules/@noodle-borg/runtime/dist/eval/evaluate.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/eval/evaluate.js +117 -0
- package/node_modules/@noodle-borg/runtime/dist/eval/evaluate.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/execute.d.ts +47 -0
- package/node_modules/@noodle-borg/runtime/dist/execute.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/execute.js +297 -0
- package/node_modules/@noodle-borg/runtime/dist/execute.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/index.d.ts +12 -0
- package/node_modules/@noodle-borg/runtime/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/index.js +8 -0
- package/node_modules/@noodle-borg/runtime/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/allow-all.d.ts +10 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/allow-all.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/allow-all.js +13 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/allow-all.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/types.d.ts +25 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/types.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/types.js +2 -0
- package/node_modules/@noodle-borg/runtime/dist/policy/types.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/result.d.ts +19 -0
- package/node_modules/@noodle-borg/runtime/dist/result.d.ts.map +1 -0
- package/node_modules/@noodle-borg/runtime/dist/result.js +2 -0
- package/node_modules/@noodle-borg/runtime/dist/result.js.map +1 -0
- package/node_modules/@noodle-borg/runtime/package.json +27 -0
- package/node_modules/@noodle-borg/service/dist/auth/deploy-gate.d.ts +48 -0
- package/node_modules/@noodle-borg/service/dist/auth/deploy-gate.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/auth/deploy-gate.js +79 -0
- package/node_modules/@noodle-borg/service/dist/auth/deploy-gate.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/index.d.ts +7 -0
- package/node_modules/@noodle-borg/service/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/index.js +7 -0
- package/node_modules/@noodle-borg/service/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/main.d.ts +3 -0
- package/node_modules/@noodle-borg/service/dist/main.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/main.js +171 -0
- package/node_modules/@noodle-borg/service/dist/main.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/app.d.ts +14 -0
- package/node_modules/@noodle-borg/service/dist/oauth/app.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/app.js +48 -0
- package/node_modules/@noodle-borg/service/dist/oauth/app.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/consent.d.ts +18 -0
- package/node_modules/@noodle-borg/service/dist/oauth/consent.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/consent.js +55 -0
- package/node_modules/@noodle-borg/service/dist/oauth/consent.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/google.d.ts +31 -0
- package/node_modules/@noodle-borg/service/dist/oauth/google.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/google.js +39 -0
- package/node_modules/@noodle-borg/service/dist/oauth/google.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/paths.d.ts +3 -0
- package/node_modules/@noodle-borg/service/dist/oauth/paths.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/paths.js +19 -0
- package/node_modules/@noodle-borg/service/dist/oauth/paths.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/provider.d.ts +61 -0
- package/node_modules/@noodle-borg/service/dist/oauth/provider.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/provider.js +313 -0
- package/node_modules/@noodle-borg/service/dist/oauth/provider.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store-postgres.d.ts +29 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store-postgres.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store-postgres.js +176 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store-postgres.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store.d.ts +85 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store.js +57 -0
- package/node_modules/@noodle-borg/service/dist/oauth/store.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/tokens.d.ts +8 -0
- package/node_modules/@noodle-borg/service/dist/oauth/tokens.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/oauth/tokens.js +13 -0
- package/node_modules/@noodle-borg/service/dist/oauth/tokens.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/secret/kms-master-key.d.ts +36 -0
- package/node_modules/@noodle-borg/service/dist/secret/kms-master-key.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/secret/kms-master-key.js +51 -0
- package/node_modules/@noodle-borg/service/dist/secret/kms-master-key.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/service.d.ts +221 -0
- package/node_modules/@noodle-borg/service/dist/service.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/service.js +1163 -0
- package/node_modules/@noodle-borg/service/dist/service.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/store/cloudsql-pool.d.ts +34 -0
- package/node_modules/@noodle-borg/service/dist/store/cloudsql-pool.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/store/cloudsql-pool.js +38 -0
- package/node_modules/@noodle-borg/service/dist/store/cloudsql-pool.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/store/postgres.d.ts +56 -0
- package/node_modules/@noodle-borg/service/dist/store/postgres.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/store/postgres.js +372 -0
- package/node_modules/@noodle-borg/service/dist/store/postgres.js.map +1 -0
- package/node_modules/@noodle-borg/service/dist/store.d.ts +192 -0
- package/node_modules/@noodle-borg/service/dist/store.d.ts.map +1 -0
- package/node_modules/@noodle-borg/service/dist/store.js +230 -0
- package/node_modules/@noodle-borg/service/dist/store.js.map +1 -0
- package/node_modules/@noodle-borg/service/package.json +44 -0
- package/node_modules/@noodle-borg/transport-http/dist/caller-auth.d.ts +15 -0
- package/node_modules/@noodle-borg/transport-http/dist/caller-auth.d.ts.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/caller-auth.js +38 -0
- package/node_modules/@noodle-borg/transport-http/dist/caller-auth.js.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/examples/serve-demo.d.ts +2 -0
- package/node_modules/@noodle-borg/transport-http/dist/examples/serve-demo.d.ts.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/examples/serve-demo.js +129 -0
- package/node_modules/@noodle-borg/transport-http/dist/examples/serve-demo.js.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/front-door.d.ts +46 -0
- package/node_modules/@noodle-borg/transport-http/dist/front-door.d.ts.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/front-door.js +75 -0
- package/node_modules/@noodle-borg/transport-http/dist/front-door.js.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/handler.d.ts +142 -0
- package/node_modules/@noodle-borg/transport-http/dist/handler.d.ts.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/handler.js +387 -0
- package/node_modules/@noodle-borg/transport-http/dist/handler.js.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/index.d.ts +6 -0
- package/node_modules/@noodle-borg/transport-http/dist/index.d.ts.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/index.js +6 -0
- package/node_modules/@noodle-borg/transport-http/dist/index.js.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/logging.d.ts +41 -0
- package/node_modules/@noodle-borg/transport-http/dist/logging.d.ts.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/logging.js +71 -0
- package/node_modules/@noodle-borg/transport-http/dist/logging.js.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/serve.d.ts +22 -0
- package/node_modules/@noodle-borg/transport-http/dist/serve.d.ts.map +1 -0
- package/node_modules/@noodle-borg/transport-http/dist/serve.js +25 -0
- package/node_modules/@noodle-borg/transport-http/dist/serve.js.map +1 -0
- package/node_modules/@noodle-borg/transport-http/package.json +30 -0
- package/package.json +78 -0
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
import type { SealedSecret } from '@noodle-borg/runtime';
|
|
2
|
+
import type { AccessMode } from '@noodle-borg/transport-http';
|
|
3
|
+
/**
|
|
4
|
+
* Secret values at rest. The compiled runtime keeps plaintext tokens in memory (the broker), but the
|
|
5
|
+
* *persisted* form is a tagged envelope. `aes-256-gcm` (Slice 26, ADR 0028) holds an AES-256-GCM
|
|
6
|
+
* {@link SealedSecret} — the production form whenever persistence is enabled. `none` is the interim
|
|
7
|
+
* plaintext form (Slice 25): still read for backward compatibility and used by non-persistent in-memory
|
|
8
|
+
* stores, but a file-backed data dir always encrypts (the service fails closed without a master key).
|
|
9
|
+
*/
|
|
10
|
+
export type SecretEnvelope = {
|
|
11
|
+
readonly enc: 'none';
|
|
12
|
+
readonly values: Readonly<Record<string, string>>;
|
|
13
|
+
} | {
|
|
14
|
+
readonly enc: 'aes-256-gcm';
|
|
15
|
+
readonly sealed: SealedSecret;
|
|
16
|
+
};
|
|
17
|
+
/**
|
|
18
|
+
* The durable record for one deployed server. The compiled artifact is **not** stored — its execution
|
|
19
|
+
* deps (connector registry, broker) are live JS closures and are not serializable — so restart recovery
|
|
20
|
+
* **replays** {@link ServerRegistry.deploy} from these inputs. `deploy` is a pure, deterministic compile
|
|
21
|
+
* of the source strings, so the inputs + identity are a faithful, reproducible record.
|
|
22
|
+
*/
|
|
23
|
+
export interface DeployRecord {
|
|
24
|
+
/** Record format version, for forward migration of the persisted shape. Current writers emit `1`. */
|
|
25
|
+
readonly schemaVersion: number;
|
|
26
|
+
readonly deploymentId: string;
|
|
27
|
+
readonly orgSlug: string;
|
|
28
|
+
readonly appSlug: string;
|
|
29
|
+
readonly environment: string;
|
|
30
|
+
readonly deploymentVersion: number;
|
|
31
|
+
readonly active: boolean;
|
|
32
|
+
readonly serverName: string;
|
|
33
|
+
/** ISO-8601 deploy timestamp. */
|
|
34
|
+
readonly createdAt: string;
|
|
35
|
+
readonly createdBySubject?: string;
|
|
36
|
+
readonly createdByEmail?: string;
|
|
37
|
+
/**
|
|
38
|
+
* How callers authenticate to this deployment's MCP endpoint. `caller-key` (default) uses the shared
|
|
39
|
+
* per-server bearer (ADR 0030); identity modes (`owner-only`, `org-members`) require verified end-user
|
|
40
|
+
* identity and mint no caller key. Absent on legacy records, read as `caller-key`.
|
|
41
|
+
*/
|
|
42
|
+
readonly accessMode?: AccessMode;
|
|
43
|
+
/**
|
|
44
|
+
* Per-server caller-key **hash** only (ADR 0030); the plaintext key is shown once and never stored.
|
|
45
|
+
* Absent for identity-based deployments, which gate on verified identity instead.
|
|
46
|
+
*/
|
|
47
|
+
readonly callerKeyHash?: string;
|
|
48
|
+
readonly manifest: string;
|
|
49
|
+
readonly connectors?: string;
|
|
50
|
+
readonly secrets: SecretEnvelope;
|
|
51
|
+
}
|
|
52
|
+
export interface TenantRef {
|
|
53
|
+
readonly org: string;
|
|
54
|
+
readonly app: string;
|
|
55
|
+
readonly env: string;
|
|
56
|
+
}
|
|
57
|
+
export interface DeploymentSummary {
|
|
58
|
+
readonly deploymentId: string;
|
|
59
|
+
readonly orgSlug: string;
|
|
60
|
+
readonly appSlug: string;
|
|
61
|
+
readonly environment: string;
|
|
62
|
+
readonly active: boolean;
|
|
63
|
+
readonly serverName: string;
|
|
64
|
+
readonly createdAt: string;
|
|
65
|
+
readonly createdByEmail?: string;
|
|
66
|
+
readonly accessMode: AccessMode;
|
|
67
|
+
readonly hasCallerKey: boolean;
|
|
68
|
+
}
|
|
69
|
+
export type OrgRole = 'owner' | 'developer';
|
|
70
|
+
export interface OrgRecord {
|
|
71
|
+
readonly slug: string;
|
|
72
|
+
readonly displayName?: string;
|
|
73
|
+
readonly createdAt: string;
|
|
74
|
+
}
|
|
75
|
+
export interface OrgMemberRecord {
|
|
76
|
+
readonly orgSlug: string;
|
|
77
|
+
readonly subject: string;
|
|
78
|
+
readonly email: string;
|
|
79
|
+
readonly role: OrgRole;
|
|
80
|
+
readonly createdAt: string;
|
|
81
|
+
}
|
|
82
|
+
export interface ControlPlaneStore {
|
|
83
|
+
createOrg(input: {
|
|
84
|
+
slug: string;
|
|
85
|
+
displayName?: string;
|
|
86
|
+
}): Promise<OrgRecord>;
|
|
87
|
+
listOrgs(): Promise<readonly OrgRecord[]>;
|
|
88
|
+
listOrgsForSubject(subject: string): Promise<readonly OrgRecord[]>;
|
|
89
|
+
addOrgMember(input: {
|
|
90
|
+
org: string;
|
|
91
|
+
subject: string;
|
|
92
|
+
email: string;
|
|
93
|
+
role: OrgRole;
|
|
94
|
+
}): Promise<OrgMemberRecord>;
|
|
95
|
+
removeOrgMember(input: {
|
|
96
|
+
org: string;
|
|
97
|
+
subject: string;
|
|
98
|
+
}): Promise<boolean>;
|
|
99
|
+
listOrgMembers(org: string): Promise<readonly OrgMemberRecord[]>;
|
|
100
|
+
isOrgMember(input: {
|
|
101
|
+
org: string;
|
|
102
|
+
subject: string;
|
|
103
|
+
}): Promise<boolean>;
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Durable storage for deployed-server records. `append` writes (or replaces) one server's record;
|
|
107
|
+
* `loadAll` returns every current record for restart recovery. Versioning/rollback is a reserved
|
|
108
|
+
* extension over this surface (ADR 0027), not yet built.
|
|
109
|
+
*/
|
|
110
|
+
export interface ArtifactStore {
|
|
111
|
+
append(record: DeployRecord): Promise<void>;
|
|
112
|
+
loadAll(): Promise<readonly DeployRecord[]>;
|
|
113
|
+
/**
|
|
114
|
+
* Fetch one server's record by id, or `undefined` if absent. A point read used by lazy
|
|
115
|
+
* recompile-on-cache-miss ([ADR 0036](../../../docs/decisions/0036-stateless-registry-lazy-recompile.md)),
|
|
116
|
+
* so any instance can serve a server it never deployed. Fail-soft: a corrupt/unreadable record reads as
|
|
117
|
+
* `undefined`, never throws.
|
|
118
|
+
*/
|
|
119
|
+
get(deploymentId: string): Promise<DeployRecord | undefined>;
|
|
120
|
+
getActiveByTenant(ref: TenantRef): Promise<DeployRecord | undefined>;
|
|
121
|
+
listDeployments(filter: {
|
|
122
|
+
org: string;
|
|
123
|
+
app?: string;
|
|
124
|
+
env?: string;
|
|
125
|
+
}): Promise<readonly DeploymentSummary[]>;
|
|
126
|
+
updateActiveCallerKey(ref: TenantRef, keyHash: string): Promise<DeployRecord | undefined>;
|
|
127
|
+
}
|
|
128
|
+
/** In-memory store: keeps records in a Map. Used by tests and as an explicit, non-persistent option. */
|
|
129
|
+
export declare class InMemoryArtifactStore implements ArtifactStore {
|
|
130
|
+
#private;
|
|
131
|
+
append(record: DeployRecord): Promise<void>;
|
|
132
|
+
loadAll(): Promise<readonly DeployRecord[]>;
|
|
133
|
+
get(deploymentId: string): Promise<DeployRecord | undefined>;
|
|
134
|
+
getActiveByTenant(ref: TenantRef): Promise<DeployRecord | undefined>;
|
|
135
|
+
listDeployments(filter: {
|
|
136
|
+
org: string;
|
|
137
|
+
app?: string;
|
|
138
|
+
env?: string;
|
|
139
|
+
}): Promise<readonly DeploymentSummary[]>;
|
|
140
|
+
updateActiveCallerKey(ref: TenantRef, keyHash: string): Promise<DeployRecord | undefined>;
|
|
141
|
+
}
|
|
142
|
+
export declare class InMemoryControlPlaneStore implements ControlPlaneStore {
|
|
143
|
+
#private;
|
|
144
|
+
createOrg(input: {
|
|
145
|
+
slug: string;
|
|
146
|
+
displayName?: string;
|
|
147
|
+
}): Promise<OrgRecord>;
|
|
148
|
+
listOrgs(): Promise<readonly OrgRecord[]>;
|
|
149
|
+
listOrgsForSubject(subject: string): Promise<readonly OrgRecord[]>;
|
|
150
|
+
addOrgMember(input: {
|
|
151
|
+
org: string;
|
|
152
|
+
subject: string;
|
|
153
|
+
email: string;
|
|
154
|
+
role: OrgRole;
|
|
155
|
+
}): Promise<OrgMemberRecord>;
|
|
156
|
+
removeOrgMember(input: {
|
|
157
|
+
org: string;
|
|
158
|
+
subject: string;
|
|
159
|
+
}): Promise<boolean>;
|
|
160
|
+
listOrgMembers(org: string): Promise<readonly OrgMemberRecord[]>;
|
|
161
|
+
isOrgMember(input: {
|
|
162
|
+
org: string;
|
|
163
|
+
subject: string;
|
|
164
|
+
}): Promise<boolean>;
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* JSON-file store: one file per deployment at `<dataDir>/deployments/<deploymentId>.json`, written atomically
|
|
168
|
+
* (write a temp file, then `rename` over the target — no partial file is ever read). `deploymentId` is a
|
|
169
|
+
* slug + random hex suffix (`mintDeploymentId`), so it is a safe, collision-free filename. No new
|
|
170
|
+
* dependency — `node:fs/promises` only.
|
|
171
|
+
*/
|
|
172
|
+
export declare class JsonFileArtifactStore implements ArtifactStore {
|
|
173
|
+
#private;
|
|
174
|
+
constructor(dataDir: string);
|
|
175
|
+
append(record: DeployRecord): Promise<void>;
|
|
176
|
+
get(deploymentId: string): Promise<DeployRecord | undefined>;
|
|
177
|
+
getActiveByTenant(ref: TenantRef): Promise<DeployRecord | undefined>;
|
|
178
|
+
loadAll(): Promise<readonly DeployRecord[]>;
|
|
179
|
+
listDeployments(filter: {
|
|
180
|
+
org: string;
|
|
181
|
+
app?: string;
|
|
182
|
+
env?: string;
|
|
183
|
+
}): Promise<readonly DeploymentSummary[]>;
|
|
184
|
+
updateActiveCallerKey(ref: TenantRef, keyHash: string): Promise<DeployRecord | undefined>;
|
|
185
|
+
}
|
|
186
|
+
/** Minted deployment id shape (`mintDeploymentId`): a slug plus a short hex suffix; safe as a filename. */
|
|
187
|
+
export declare const DEPLOYMENT_ID_PATTERN: RegExp;
|
|
188
|
+
export declare const SLUG_PATTERN: RegExp;
|
|
189
|
+
export declare function validateSlug(kind: 'org' | 'app' | 'env', value: string): string;
|
|
190
|
+
export declare function validateTenantRef(ref: TenantRef): TenantRef;
|
|
191
|
+
export declare function validateOrgRole(role: string): OrgRole;
|
|
192
|
+
//# sourceMappingURL=store.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,MAAM,cAAc,GACtB;IAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAAE,GAC3E;IAAE,QAAQ,CAAC,GAAG,EAAE,aAAa,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAA;CAAE,CAAC;AAEnE;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,qGAAqG;IACrG,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,iCAAiC;IACjC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;;;OAIG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC;IACjC;;;OAGG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;CAClC;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;CAChC;AAED,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,WAAW,CAAC;AAE5C,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC7E,QAAQ,IAAI,OAAO,CAAC,SAAS,SAAS,EAAE,CAAC,CAAC;IAC1C,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,SAAS,EAAE,CAAC,CAAC;IACnE,YAAY,CAAC,KAAK,EAAE;QAClB,GAAG,EAAE,MAAM,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,OAAO,CAAC;KACf,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC7B,eAAe,CAAC,KAAK,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3E,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,eAAe,EAAE,CAAC,CAAC;IACjE,WAAW,CAAC,KAAK,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACxE;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,OAAO,IAAI,OAAO,CAAC,SAAS,YAAY,EAAE,CAAC,CAAC;IAC5C;;;;;OAKG;IACH,GAAG,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;IAC7D,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;IACrE,eAAe,CAAC,MAAM,EAAE;QACtB,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,GAAG,OAAO,CAAC,SAAS,iBAAiB,EAAE,CAAC,CAAC;IAC1C,qBAAqB,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;CAC3F;AAED,wGAAwG;AACxG,qBAAa,qBAAsB,YAAW,aAAa;;IAGzD,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAK3C,OAAO,IAAI,OAAO,CAAC,SAAS,YAAY,EAAE,CAAC;IAI3C,GAAG,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAI5D,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAcpE,eAAe,CAAC,MAAM,EAAE;QACtB,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,GAAG,OAAO,CAAC,SAAS,iBAAiB,EAAE,CAAC;IAiBnC,qBAAqB,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;CAOhG;AAED,qBAAa,yBAA0B,YAAW,iBAAiB;;IAIjE,SAAS,CAAC,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC;IAa5E,QAAQ,IAAI,OAAO,CAAC,SAAS,SAAS,EAAE,CAAC;IAIzC,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,SAAS,EAAE,CAAC;IAa5D,YAAY,CAAC,KAAK,EAAE;QACxB,GAAG,EAAE,MAAM,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,OAAO,CAAC;KACf,GAAG,OAAO,CAAC,eAAe,CAAC;IAc5B,eAAe,CAAC,KAAK,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAM1E,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,eAAe,EAAE,CAAC;IAShE,WAAW,CAAC,KAAK,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;CAKvE;AAED;;;;;GAKG;AACH,qBAAa,qBAAsB,YAAW,aAAa;;gBAG7C,OAAO,EAAE,MAAM;IAIrB,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAe3C,GAAG,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAY5D,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAapE,OAAO,IAAI,OAAO,CAAC,SAAS,YAAY,EAAE,CAAC;IAsBjD,eAAe,CAAC,MAAM,EAAE;QACtB,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,GAAG,OAAO,CAAC,SAAS,iBAAiB,EAAE,CAAC;IAiBnC,qBAAqB,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;CAOhG;AAED,2GAA2G;AAC3G,eAAO,MAAM,qBAAqB,QAAiB,CAAC;AACpD,eAAO,MAAM,YAAY,QAA2C,CAAC;AAIrE,wBAAgB,YAAY,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAO/E;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,SAAS,CAM3D;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAKrD"}
|
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+
import { randomUUID } from 'node:crypto';
|
|
2
|
+
import { mkdir, readdir, readFile, rename, writeFile } from 'node:fs/promises';
|
|
3
|
+
import { join } from 'node:path';
|
|
4
|
+
/** In-memory store: keeps records in a Map. Used by tests and as an explicit, non-persistent option. */
|
|
5
|
+
export class InMemoryArtifactStore {
|
|
6
|
+
#records = new Map();
|
|
7
|
+
append(record) {
|
|
8
|
+
this.#records.set(record.deploymentId, record);
|
|
9
|
+
return Promise.resolve();
|
|
10
|
+
}
|
|
11
|
+
loadAll() {
|
|
12
|
+
return Promise.resolve([...this.#records.values()]);
|
|
13
|
+
}
|
|
14
|
+
get(deploymentId) {
|
|
15
|
+
return Promise.resolve(this.#records.get(deploymentId));
|
|
16
|
+
}
|
|
17
|
+
getActiveByTenant(ref) {
|
|
18
|
+
return Promise.resolve([...this.#records.values()]
|
|
19
|
+
.filter((record) => record.active &&
|
|
20
|
+
record.orgSlug === ref.org &&
|
|
21
|
+
record.appSlug === ref.app &&
|
|
22
|
+
record.environment === ref.env)
|
|
23
|
+
.sort((a, b) => b.deploymentVersion - a.deploymentVersion)[0]);
|
|
24
|
+
}
|
|
25
|
+
listDeployments(filter) {
|
|
26
|
+
const org = validateSlug('org', filter.org);
|
|
27
|
+
const app = filter.app !== undefined ? validateSlug('app', filter.app) : undefined;
|
|
28
|
+
const env = filter.env !== undefined ? validateSlug('env', filter.env) : undefined;
|
|
29
|
+
return Promise.resolve([...this.#records.values()]
|
|
30
|
+
.filter((record) => record.orgSlug === org &&
|
|
31
|
+
(app === undefined || record.appSlug === app) &&
|
|
32
|
+
(env === undefined || record.environment === env))
|
|
33
|
+
.sort((a, b) => b.deploymentVersion - a.deploymentVersion)
|
|
34
|
+
.map(deploymentSummary));
|
|
35
|
+
}
|
|
36
|
+
async updateActiveCallerKey(ref, keyHash) {
|
|
37
|
+
const active = await this.getActiveByTenant(validateTenantRef(ref));
|
|
38
|
+
if (!active)
|
|
39
|
+
return undefined;
|
|
40
|
+
const next = { ...active, callerKeyHash: keyHash };
|
|
41
|
+
this.#records.set(next.deploymentId, next);
|
|
42
|
+
return next;
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
export class InMemoryControlPlaneStore {
|
|
46
|
+
#orgs = new Map();
|
|
47
|
+
#members = new Map();
|
|
48
|
+
createOrg(input) {
|
|
49
|
+
const slug = validateSlug('org', input.slug);
|
|
50
|
+
const existing = this.#orgs.get(slug);
|
|
51
|
+
if (existing)
|
|
52
|
+
return Promise.resolve(existing);
|
|
53
|
+
const org = {
|
|
54
|
+
slug,
|
|
55
|
+
...(input.displayName !== undefined ? { displayName: input.displayName } : {}),
|
|
56
|
+
createdAt: new Date().toISOString(),
|
|
57
|
+
};
|
|
58
|
+
this.#orgs.set(slug, org);
|
|
59
|
+
return Promise.resolve(org);
|
|
60
|
+
}
|
|
61
|
+
listOrgs() {
|
|
62
|
+
return Promise.resolve([...this.#orgs.values()].sort((a, b) => a.slug.localeCompare(b.slug)));
|
|
63
|
+
}
|
|
64
|
+
listOrgsForSubject(subject) {
|
|
65
|
+
const slugs = new Set([...this.#members.values()]
|
|
66
|
+
.filter((member) => member.subject === subject)
|
|
67
|
+
.map((member) => member.orgSlug));
|
|
68
|
+
return Promise.resolve([...this.#orgs.values()]
|
|
69
|
+
.filter((org) => slugs.has(org.slug))
|
|
70
|
+
.sort((a, b) => a.slug.localeCompare(b.slug)));
|
|
71
|
+
}
|
|
72
|
+
async addOrgMember(input) {
|
|
73
|
+
const org = validateSlug('org', input.org);
|
|
74
|
+
await this.createOrg({ slug: org });
|
|
75
|
+
const member = {
|
|
76
|
+
orgSlug: org,
|
|
77
|
+
subject: input.subject,
|
|
78
|
+
email: input.email.toLowerCase(),
|
|
79
|
+
role: validateOrgRole(input.role),
|
|
80
|
+
createdAt: new Date().toISOString(),
|
|
81
|
+
};
|
|
82
|
+
this.#members.set(memberKey(org, input.subject), member);
|
|
83
|
+
return member;
|
|
84
|
+
}
|
|
85
|
+
removeOrgMember(input) {
|
|
86
|
+
return Promise.resolve(this.#members.delete(memberKey(validateSlug('org', input.org), input.subject)));
|
|
87
|
+
}
|
|
88
|
+
listOrgMembers(org) {
|
|
89
|
+
const safe = validateSlug('org', org);
|
|
90
|
+
return Promise.resolve([...this.#members.values()]
|
|
91
|
+
.filter((member) => member.orgSlug === safe)
|
|
92
|
+
.sort((a, b) => a.email.localeCompare(b.email)));
|
|
93
|
+
}
|
|
94
|
+
isOrgMember(input) {
|
|
95
|
+
return Promise.resolve(this.#members.has(memberKey(validateSlug('org', input.org), input.subject)));
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* JSON-file store: one file per deployment at `<dataDir>/deployments/<deploymentId>.json`, written atomically
|
|
100
|
+
* (write a temp file, then `rename` over the target — no partial file is ever read). `deploymentId` is a
|
|
101
|
+
* slug + random hex suffix (`mintDeploymentId`), so it is a safe, collision-free filename. No new
|
|
102
|
+
* dependency — `node:fs/promises` only.
|
|
103
|
+
*/
|
|
104
|
+
export class JsonFileArtifactStore {
|
|
105
|
+
#dir;
|
|
106
|
+
constructor(dataDir) {
|
|
107
|
+
this.#dir = join(dataDir, 'deployments');
|
|
108
|
+
}
|
|
109
|
+
async append(record) {
|
|
110
|
+
// Defence in depth: `deploymentId` becomes a filename, so reject anything outside the minted shape
|
|
111
|
+
// (`mintDeploymentId` only ever produces `[a-z0-9-]`). Guards this public class against a caller that
|
|
112
|
+
// passes an untrusted id (no path traversal, no escaping the data dir).
|
|
113
|
+
validateTenantRef({ org: record.orgSlug, app: record.appSlug, env: record.environment });
|
|
114
|
+
if (!DEPLOYMENT_ID_PATTERN.test(record.deploymentId)) {
|
|
115
|
+
throw new Error(`invalid deploymentId for persistence: "${record.deploymentId}"`);
|
|
116
|
+
}
|
|
117
|
+
await mkdir(this.#dir, { recursive: true });
|
|
118
|
+
const target = join(this.#dir, `${record.deploymentId}.json`);
|
|
119
|
+
const tmp = `${target}.${randomUUID()}.tmp`;
|
|
120
|
+
await writeFile(tmp, `${JSON.stringify(record, null, 2)}\n`, 'utf8');
|
|
121
|
+
await rename(tmp, target);
|
|
122
|
+
}
|
|
123
|
+
async get(deploymentId) {
|
|
124
|
+
// An invalid id can never be a file we wrote; treat as absent (also closes off any traversal).
|
|
125
|
+
if (!DEPLOYMENT_ID_PATTERN.test(deploymentId))
|
|
126
|
+
return undefined;
|
|
127
|
+
try {
|
|
128
|
+
const text = await readFile(join(this.#dir, `${deploymentId}.json`), 'utf8');
|
|
129
|
+
return JSON.parse(text);
|
|
130
|
+
}
|
|
131
|
+
catch {
|
|
132
|
+
// Fail-soft: ENOENT (no such server) or a corrupt/unreadable file both read as `undefined`.
|
|
133
|
+
return undefined;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
async getActiveByTenant(ref) {
|
|
137
|
+
validateTenantRef(ref);
|
|
138
|
+
return (await this.loadAll())
|
|
139
|
+
.filter((record) => record.active &&
|
|
140
|
+
record.orgSlug === ref.org &&
|
|
141
|
+
record.appSlug === ref.app &&
|
|
142
|
+
record.environment === ref.env)
|
|
143
|
+
.sort((a, b) => b.deploymentVersion - a.deploymentVersion)[0];
|
|
144
|
+
}
|
|
145
|
+
async loadAll() {
|
|
146
|
+
let names;
|
|
147
|
+
try {
|
|
148
|
+
names = await readdir(this.#dir);
|
|
149
|
+
}
|
|
150
|
+
catch (error) {
|
|
151
|
+
if (error.code === 'ENOENT')
|
|
152
|
+
return [];
|
|
153
|
+
throw error;
|
|
154
|
+
}
|
|
155
|
+
const records = [];
|
|
156
|
+
for (const name of names) {
|
|
157
|
+
if (!name.endsWith('.json'))
|
|
158
|
+
continue; // skip in-flight *.tmp files
|
|
159
|
+
try {
|
|
160
|
+
const text = await readFile(join(this.#dir, name), 'utf8');
|
|
161
|
+
records.push(JSON.parse(text));
|
|
162
|
+
}
|
|
163
|
+
catch {
|
|
164
|
+
// Fail-soft: a corrupt/unreadable record file must NOT crash startup — skip it and let the
|
|
165
|
+
// other servers recover. (Visibility of skipped files lands with structured logging, Slice 27.)
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
return records;
|
|
169
|
+
}
|
|
170
|
+
listDeployments(filter) {
|
|
171
|
+
const org = validateSlug('org', filter.org);
|
|
172
|
+
const app = filter.app !== undefined ? validateSlug('app', filter.app) : undefined;
|
|
173
|
+
const env = filter.env !== undefined ? validateSlug('env', filter.env) : undefined;
|
|
174
|
+
return this.loadAll().then((records) => records
|
|
175
|
+
.filter((record) => record.orgSlug === org &&
|
|
176
|
+
(app === undefined || record.appSlug === app) &&
|
|
177
|
+
(env === undefined || record.environment === env))
|
|
178
|
+
.sort((a, b) => b.deploymentVersion - a.deploymentVersion)
|
|
179
|
+
.map(deploymentSummary));
|
|
180
|
+
}
|
|
181
|
+
async updateActiveCallerKey(ref, keyHash) {
|
|
182
|
+
const active = await this.getActiveByTenant(validateTenantRef(ref));
|
|
183
|
+
if (!active)
|
|
184
|
+
return undefined;
|
|
185
|
+
const next = { ...active, callerKeyHash: keyHash };
|
|
186
|
+
await this.append(next);
|
|
187
|
+
return next;
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
/** Minted deployment id shape (`mintDeploymentId`): a slug plus a short hex suffix; safe as a filename. */
|
|
191
|
+
export const DEPLOYMENT_ID_PATTERN = /^[a-z0-9-]+$/;
|
|
192
|
+
export const SLUG_PATTERN = /^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$/;
|
|
193
|
+
const RESERVED_SLUGS = new Set(['deploy', 'healthz', 'readyz', 'v1', 'o', 'mcp']);
|
|
194
|
+
export function validateSlug(kind, value) {
|
|
195
|
+
if (!SLUG_PATTERN.test(value) || RESERVED_SLUGS.has(value)) {
|
|
196
|
+
throw new Error(`invalid ${kind} slug "${value}"; use lowercase letters, numbers, and hyphens only`);
|
|
197
|
+
}
|
|
198
|
+
return value;
|
|
199
|
+
}
|
|
200
|
+
export function validateTenantRef(ref) {
|
|
201
|
+
return {
|
|
202
|
+
org: validateSlug('org', ref.org),
|
|
203
|
+
app: validateSlug('app', ref.app),
|
|
204
|
+
env: validateSlug('env', ref.env),
|
|
205
|
+
};
|
|
206
|
+
}
|
|
207
|
+
export function validateOrgRole(role) {
|
|
208
|
+
if (role !== 'owner' && role !== 'developer') {
|
|
209
|
+
throw new Error(`invalid org role "${role}"`);
|
|
210
|
+
}
|
|
211
|
+
return role;
|
|
212
|
+
}
|
|
213
|
+
function deploymentSummary(record) {
|
|
214
|
+
return {
|
|
215
|
+
deploymentId: record.deploymentId,
|
|
216
|
+
orgSlug: record.orgSlug,
|
|
217
|
+
appSlug: record.appSlug,
|
|
218
|
+
environment: record.environment,
|
|
219
|
+
active: record.active,
|
|
220
|
+
serverName: record.serverName,
|
|
221
|
+
createdAt: record.createdAt,
|
|
222
|
+
...(record.createdByEmail !== undefined ? { createdByEmail: record.createdByEmail } : {}),
|
|
223
|
+
accessMode: record.accessMode ?? 'caller-key',
|
|
224
|
+
hasCallerKey: record.callerKeyHash !== undefined,
|
|
225
|
+
};
|
|
226
|
+
}
|
|
227
|
+
function memberKey(org, subject) {
|
|
228
|
+
return `${org}/${subject}`;
|
|
229
|
+
}
|
|
230
|
+
//# sourceMappingURL=store.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AA6HjC,wGAAwG;AACxG,MAAM,OAAO,qBAAqB;IACvB,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAEpD,MAAM,CAAC,MAAoB;QACzB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,OAAO;QACL,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,GAAG,CAAC,YAAoB;QACtB,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,iBAAiB,CAAC,GAAc;QAC9B,OAAO,OAAO,CAAC,OAAO,CACpB,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;aACxB,MAAM,CACL,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,MAAM;YACb,MAAM,CAAC,OAAO,KAAK,GAAG,CAAC,GAAG;YAC1B,MAAM,CAAC,OAAO,KAAK,GAAG,CAAC,GAAG;YAC1B,MAAM,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CACjC;aACA,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,GAAG,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAChE,CAAC;IACJ,CAAC;IAED,eAAe,CAAC,MAIf;QACC,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACnF,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACnF,OAAO,OAAO,CAAC,OAAO,CACpB,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;aACxB,MAAM,CACL,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,OAAO,KAAK,GAAG;YACtB,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,GAAG,CAAC;YAC7C,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,KAAK,GAAG,CAAC,CACpD;aACA,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,GAAG,CAAC,CAAC,iBAAiB,CAAC;aACzD,GAAG,CAAC,iBAAiB,CAAC,CAC1B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAc,EAAE,OAAe;QACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAC9B,MAAM,IAAI,GAAiB,EAAE,GAAG,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;QACjE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,OAAO,yBAAyB;IAC3B,KAAK,GAAG,IAAI,GAAG,EAAqB,CAAC;IACrC,QAAQ,GAAG,IAAI,GAAG,EAA2B,CAAC;IAEvD,SAAS,CAAC,KAA6C;QACrD,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,QAAQ;YAAE,OAAO,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAc;YACrB,IAAI;YACJ,GAAG,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC1B,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,QAAQ;QACN,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAChG,CAAC;IAED,kBAAkB,CAAC,OAAe;QAChC,MAAM,KAAK,GAAG,IAAI,GAAG,CACnB,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;aACxB,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC;aAC9C,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CACnC,CAAC;QACF,OAAO,OAAO,CAAC,OAAO,CACpB,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;aACrB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;aACpC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAKlB;QACC,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACpC,MAAM,MAAM,GAAoB;YAC9B,OAAO,EAAE,GAAG;YACZ,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;YAChC,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC;YACjC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QACzD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,eAAe,CAAC,KAAuC;QACrD,OAAO,OAAO,CAAC,OAAO,CACpB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAC/E,CAAC;IACJ,CAAC;IAED,cAAc,CAAC,GAAW;QACxB,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACtC,OAAO,OAAO,CAAC,OAAO,CACpB,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;aACxB,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,KAAK,IAAI,CAAC;aAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAClD,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,KAAuC;QACjD,OAAO,OAAO,CAAC,OAAO,CACpB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAC5E,CAAC;IACJ,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,qBAAqB;IACvB,IAAI,CAAS;IAEtB,YAAY,OAAe;QACzB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAoB;QAC/B,mGAAmG;QACnG,sGAAsG;QACtG,wEAAwE;QACxE,iBAAiB,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACzF,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,0CAA0C,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,MAAM,CAAC,YAAY,OAAO,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,UAAU,EAAE,MAAM,CAAC;QAC5C,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,YAAoB;QAC5B,+FAA+F;QAC/F,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC;YAAE,OAAO,SAAS,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,YAAY,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;YAC7E,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,4FAA4F;YAC5F,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc;QACpC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;aAC1B,MAAM,CACL,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,MAAM;YACb,MAAM,CAAC,OAAO,KAAK,GAAG,CAAC,GAAG;YAC1B,MAAM,CAAC,OAAO,KAAK,GAAG,CAAC,GAAG;YAC1B,MAAM,CAAC,WAAW,KAAK,GAAG,CAAC,GAAG,CACjC;aACA,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,GAAG,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,KAAe,CAAC;QACpB,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO,EAAE,CAAC;YAClE,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,SAAS,CAAC,6BAA6B;YACpE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;gBAC3D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC,CAAC;YACjD,CAAC;YAAC,MAAM,CAAC;gBACP,2FAA2F;gBAC3F,gGAAgG;YAClG,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,eAAe,CAAC,MAIf;QACC,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACnF,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACnF,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACrC,OAAO;aACJ,MAAM,CACL,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,OAAO,KAAK,GAAG;YACtB,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,GAAG,CAAC;YAC7C,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,KAAK,GAAG,CAAC,CACpD;aACA,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iBAAiB,GAAG,CAAC,CAAC,iBAAiB,CAAC;aACzD,GAAG,CAAC,iBAAiB,CAAC,CAC1B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAc,EAAE,OAAe;QACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAC9B,MAAM,IAAI,GAAiB,EAAE,GAAG,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;QACjE,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,2GAA2G;AAC3G,MAAM,CAAC,MAAM,qBAAqB,GAAG,cAAc,CAAC;AACpD,MAAM,CAAC,MAAM,YAAY,GAAG,wCAAwC,CAAC;AAErE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAElF,MAAM,UAAU,YAAY,CAAC,IAA2B,EAAE,KAAa;IACrE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CACb,WAAW,IAAI,UAAU,KAAK,qDAAqD,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAc;IAC9C,OAAO;QACL,GAAG,EAAE,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC;QACjC,GAAG,EAAE,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC;QACjC,GAAG,EAAE,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,GAAG,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAoB;IAC7C,OAAO;QACL,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,GAAG,CAAC,MAAM,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzF,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,YAAY;QAC7C,YAAY,EAAE,MAAM,CAAC,aAAa,KAAK,SAAS;KACjD,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,OAAe;IAC7C,OAAO,GAAG,GAAG,IAAI,OAAO,EAAE,CAAC;AAC7B,CAAC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@noodle-borg/service",
|
|
3
|
+
"version": "0.0.0",
|
|
4
|
+
"private": true,
|
|
5
|
+
"type": "module",
|
|
6
|
+
"main": "./dist/index.js",
|
|
7
|
+
"types": "./dist/index.d.ts",
|
|
8
|
+
"exports": {
|
|
9
|
+
".": {
|
|
10
|
+
"types": "./dist/index.d.ts",
|
|
11
|
+
"import": "./dist/index.js"
|
|
12
|
+
}
|
|
13
|
+
},
|
|
14
|
+
"bin": {
|
|
15
|
+
"noodle-service": "./dist/main.js"
|
|
16
|
+
},
|
|
17
|
+
"files": [
|
|
18
|
+
"dist"
|
|
19
|
+
],
|
|
20
|
+
"scripts": {
|
|
21
|
+
"build": "tsc -p tsconfig.json",
|
|
22
|
+
"typecheck": "tsc -p tsconfig.json --noEmit"
|
|
23
|
+
},
|
|
24
|
+
"dependencies": {
|
|
25
|
+
"@google-cloud/cloud-sql-connector": "^1.11.1",
|
|
26
|
+
"@google-cloud/kms": "^5.5.0",
|
|
27
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
28
|
+
"@noodle-borg/auth": "0.0.0",
|
|
29
|
+
"@noodle-borg/compiler": "0.0.0",
|
|
30
|
+
"@noodle-borg/connector-defs": "0.0.0",
|
|
31
|
+
"@noodle-borg/protocol": "0.0.0",
|
|
32
|
+
"@noodle-borg/runtime": "0.0.0",
|
|
33
|
+
"@noodle-borg/transport-http": "0.0.0",
|
|
34
|
+
"express": "^5.2.1",
|
|
35
|
+
"google-auth-library": "^10.6.2",
|
|
36
|
+
"jose": "^6.2.3",
|
|
37
|
+
"pg": "^8.21.0"
|
|
38
|
+
},
|
|
39
|
+
"devDependencies": {
|
|
40
|
+
"@types/express": "^5.0.0",
|
|
41
|
+
"@types/node": "^24.0.0",
|
|
42
|
+
"@types/pg": "^8.20.0"
|
|
43
|
+
}
|
|
44
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { IncomingMessage } from 'node:http';
|
|
2
|
+
/** The `WWW-Authenticate` challenge sent with a `401` from the MCP front-door. */
|
|
3
|
+
export declare const CALLER_REALM = "Bearer realm=\"mrdn\"";
|
|
4
|
+
/** Mint a fresh 256-bit caller key and its at-rest hash. The plaintext key is shown once, never stored. */
|
|
5
|
+
export declare function mintCallerKey(): {
|
|
6
|
+
readonly key: string;
|
|
7
|
+
readonly hash: string;
|
|
8
|
+
};
|
|
9
|
+
/** SHA-256 hex of a caller key — what is persisted at rest (the plaintext is never persisted). */
|
|
10
|
+
export declare function hashCallerKey(key: string): string;
|
|
11
|
+
/** Extract a bearer token from the `Authorization` header (scheme case-insensitive), or `null`. */
|
|
12
|
+
export declare function bearerToken(req: IncomingMessage): string | null;
|
|
13
|
+
/** Constant-time check that a presented key hashes to the expected stored hash. */
|
|
14
|
+
export declare function verifyCallerKey(presented: string | null, expectedHash: string): boolean;
|
|
15
|
+
//# sourceMappingURL=caller-auth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"caller-auth.d.ts","sourceRoot":"","sources":["../src/caller-auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAajD,kFAAkF;AAClF,eAAO,MAAM,YAAY,0BAAwB,CAAC;AAElD,2GAA2G;AAC3G,wBAAgB,aAAa,IAAI;IAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAG/E;AAED,kGAAkG;AAClG,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED,mGAAmG;AACnG,wBAAgB,WAAW,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,GAAG,IAAI,CAK/D;AAED,mFAAmF;AACnF,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAKvF"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { createHash, randomBytes, timingSafeEqual } from 'node:crypto';
|
|
2
|
+
/**
|
|
3
|
+
* Caller authentication for tenant MCP routes
|
|
4
|
+
* ([ADR 0030](../../../docs/decisions/0030-per-server-caller-key.md)). A deploy mints a high-entropy
|
|
5
|
+
* key, returns it **once**, and stores only its hash; every MCP request must then present
|
|
6
|
+
* `Authorization: Bearer <key>`. This is a simple shared per-server secret — NOT end-user OAuth, which
|
|
7
|
+
* remains Phase 3 ([ADR 0018](../../../docs/decisions/0018-thread-verified-end-user-identity.md)) and
|
|
8
|
+
* composes on top of (does not conflict with) this gate.
|
|
9
|
+
*/
|
|
10
|
+
const KEY_PREFIX = 'nbk_';
|
|
11
|
+
/** The `WWW-Authenticate` challenge sent with a `401` from the MCP front-door. */
|
|
12
|
+
export const CALLER_REALM = 'Bearer realm="mrdn"';
|
|
13
|
+
/** Mint a fresh 256-bit caller key and its at-rest hash. The plaintext key is shown once, never stored. */
|
|
14
|
+
export function mintCallerKey() {
|
|
15
|
+
const key = `${KEY_PREFIX}${randomBytes(32).toString('base64url')}`;
|
|
16
|
+
return { key, hash: hashCallerKey(key) };
|
|
17
|
+
}
|
|
18
|
+
/** SHA-256 hex of a caller key — what is persisted at rest (the plaintext is never persisted). */
|
|
19
|
+
export function hashCallerKey(key) {
|
|
20
|
+
return createHash('sha256').update(key).digest('hex');
|
|
21
|
+
}
|
|
22
|
+
/** Extract a bearer token from the `Authorization` header (scheme case-insensitive), or `null`. */
|
|
23
|
+
export function bearerToken(req) {
|
|
24
|
+
const header = req.headers.authorization;
|
|
25
|
+
if (typeof header !== 'string')
|
|
26
|
+
return null;
|
|
27
|
+
const match = /^Bearer[ \t]+(.+)$/i.exec(header.trim());
|
|
28
|
+
return match?.[1]?.trim() ?? null;
|
|
29
|
+
}
|
|
30
|
+
/** Constant-time check that a presented key hashes to the expected stored hash. */
|
|
31
|
+
export function verifyCallerKey(presented, expectedHash) {
|
|
32
|
+
if (presented === null)
|
|
33
|
+
return false;
|
|
34
|
+
const a = createHash('sha256').update(presented).digest();
|
|
35
|
+
const b = Buffer.from(expectedHash, 'hex');
|
|
36
|
+
return a.length === b.length && timingSafeEqual(a, b);
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=caller-auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"caller-auth.js","sourceRoot":"","sources":["../src/caller-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGvE;;;;;;;GAOG;AAEH,MAAM,UAAU,GAAG,MAAM,CAAC;AAE1B,kFAAkF;AAClF,MAAM,CAAC,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAElD,2GAA2G;AAC3G,MAAM,UAAU,aAAa;IAC3B,MAAM,GAAG,GAAG,GAAG,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;IACpE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED,kGAAkG;AAClG,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC;AAED,mGAAmG;AACnG,MAAM,UAAU,WAAW,CAAC,GAAoB;IAC9C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IACzC,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC5C,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACxD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;AACpC,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,eAAe,CAAC,SAAwB,EAAE,YAAoB;IAC5E,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;IAC1D,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IAC3C,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACxD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"serve-demo.d.ts","sourceRoot":"","sources":["../../src/examples/serve-demo.ts"],"names":[],"mappings":""}
|