pepr 0.38.3 → 0.39.1

package/dist/lib.js

@@ -31,31 +31,32 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var lib_exports = {};
 __export(lib_exports, {
   Capability: () => Capability,
-  K8s: () => import_kubernetes_fluent_client8.K8s,
+  K8s: () => import_kubernetes_fluent_client9.K8s,
   Log: () => logger_default,
   PeprModule: () => PeprModule,
   PeprMutateRequest: () => PeprMutateRequest,
   PeprUtils: () => utils_exports,
   PeprValidateRequest: () => PeprValidateRequest,
   R: () => R,
-  RegisterKind: () => import_kubernetes_fluent_client8.RegisterKind,
-  a: () => import_kubernetes_fluent_client8.kind,
-  fetch: () => import_kubernetes_fluent_client8.fetch,
-  fetchStatus: () => import_kubernetes_fluent_client8.fetchStatus,
-  kind: () => import_kubernetes_fluent_client8.kind,
+  RegisterKind: () => import_kubernetes_fluent_client9.RegisterKind,
+  a: () => import_kubernetes_fluent_client9.kind,
+  fetch: () => import_kubernetes_fluent_client9.fetch,
+  fetchStatus: () => import_kubernetes_fluent_client9.fetchStatus,
+  kind: () => import_kubernetes_fluent_client9.kind,
   sdk: () => sdk_exports
 });
 module.exports = __toCommonJS(lib_exports);
-var import_kubernetes_fluent_client8 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client9 = require("kubernetes-fluent-client");
 var R = __toESM(require("ramda"));
 
 // src/lib/capability.ts
-var import_kubernetes_fluent_client7 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client8 = require("kubernetes-fluent-client");
 var import_ramda7 = require("ramda");
 
 // src/lib/logger.ts
 var import_pino = require("pino");
 var isPrettyLog = process.env.PEPR_PRETTY_LOGS === "true";
+var redactedValue = "**redacted**";
 var pretty = {
   target: "pino-pretty",
   options: {
@@ -71,6 +72,33 @@ var Log = (0, import_pino.pino)({
 if (process.env.LOG_LEVEL) {
   Log.level = process.env.LOG_LEVEL;
 }
+function redactedStore(store) {
+  const redacted = process.env.PEPR_STORE_REDACT_VALUES === "true";
+  return {
+    ...store,
+    data: Object.keys(store.data).reduce((acc, key) => {
+      acc[key] = redacted ? redactedValue : store.data[key];
+      return acc;
+    }, {})
+  };
+}
+function redactedPatch(patch = {}) {
+  const redacted = process.env.PEPR_STORE_REDACT_VALUES === "true";
+  if (!redacted) {
+    return patch;
+  }
+  const redactedCache = {};
+  Object.entries(patch).forEach(([key, operation]) => {
+    const isRedacted = key.includes(":");
+    const targetKey = isRedacted ? `${key.substring(0, key.lastIndexOf(":"))}:**redacted**` : key;
+    const redactedOperation = isRedacted ? {
+      ...operation,
+      ...Object.hasOwn(operation, "value") ? { value: redactedValue } : {}
+    } : operation;
+    redactedCache[targetKey] = redactedOperation;
+  });
+  return redactedCache;
+}
 var logger_default = Log;
 
 // src/lib/module.ts
@@ -201,7 +229,9 @@ var MetricsCollector = class {
     const maxCacheMissWindows = process.env.PEPR_MAX_CACHE_MISS_WINDOWS ? parseInt(process.env.PEPR_MAX_CACHE_MISS_WINDOWS, 10) : void 0;
     if (maxCacheMissWindows !== void 0 && this.#cacheMissWindows.size >= maxCacheMissWindows) {
       const firstKey = this.#cacheMissWindows.keys().next().value;
-      this.#cacheMissWindows.delete(firstKey);
+      if (firstKey !== void 0) {
+        this.#cacheMissWindows.delete(firstKey);
+      }
       this.#gauges.get(this.#getMetricName(this.#metricNames.cacheMiss))?.remove({ window: firstKey });
     }
   };
@@ -224,23 +254,40 @@ function ValidateError(error = "") {
   }
 }
 
-// src/lib/adjudicators.ts
+// src/lib/filter/adjudicators.ts
 var import_ramda = require("ramda");
-var declaredOperation = (0, import_ramda.pipe)((request) => request?.operation, (0, import_ramda.defaultTo)(""));
-var declaredGroup = (0, import_ramda.pipe)((request) => request?.kind?.group, (0, import_ramda.defaultTo)(""));
-var declaredVersion = (0, import_ramda.pipe)((request) => request?.kind?.version, (0, import_ramda.defaultTo)(""));
-var declaredKind = (0, import_ramda.pipe)((request) => request?.kind?.kind, (0, import_ramda.defaultTo)(""));
+var declaredOperation = (0, import_ramda.pipe)(
+  (request) => request?.operation,
+  (0, import_ramda.defaultTo)("")
+);
+var declaredGroup = (0, import_ramda.pipe)(
+  (request) => request?.kind?.group,
+  (0, import_ramda.defaultTo)("")
+);
+var declaredVersion = (0, import_ramda.pipe)(
+  (request) => request?.kind?.version,
+  (0, import_ramda.defaultTo)("")
+);
+var declaredKind = (0, import_ramda.pipe)(
+  (request) => request?.kind?.kind,
+  (0, import_ramda.defaultTo)("")
+);
 var declaredUid = (0, import_ramda.pipe)((request) => request?.uid, (0, import_ramda.defaultTo)(""));
-var carriesDeletionTimestamp = (0, import_ramda.pipe)((obj) => !!obj.metadata?.deletionTimestamp, (0, import_ramda.defaultTo)(false));
+var carriesDeletionTimestamp = (0, import_ramda.pipe)(
+  (kubernetesObject) => !!kubernetesObject.metadata?.deletionTimestamp,
+  (0, import_ramda.defaultTo)(false)
+);
 var missingDeletionTimestamp = (0, import_ramda.complement)(carriesDeletionTimestamp);
-var carriedName = (0, import_ramda.pipe)((obj) => obj?.metadata?.name, (0, import_ramda.defaultTo)(""));
+var carriedKind = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.kind, (0, import_ramda.defaultTo)("not set"));
+var carriedVersion = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.version, (0, import_ramda.defaultTo)("not set"));
+var carriedName = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.name, (0, import_ramda.defaultTo)(""));
 var carriesName = (0, import_ramda.pipe)(carriedName, (0, import_ramda.equals)(""), import_ramda.not);
 var missingName = (0, import_ramda.complement)(carriesName);
-var carriedNamespace = (0, import_ramda.pipe)((obj) => obj?.metadata?.namespace, (0, import_ramda.defaultTo)(""));
+var carriedNamespace = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.namespace, (0, import_ramda.defaultTo)(""));
 var carriesNamespace = (0, import_ramda.pipe)(carriedNamespace, (0, import_ramda.equals)(""), import_ramda.not);
-var carriedAnnotations = (0, import_ramda.pipe)((obj) => obj?.metadata?.annotations, (0, import_ramda.defaultTo)({}));
+var carriedAnnotations = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.annotations, (0, import_ramda.defaultTo)({}));
 var carriesAnnotations = (0, import_ramda.pipe)(carriedAnnotations, (0, import_ramda.equals)({}), import_ramda.not);
-var carriedLabels = (0, import_ramda.pipe)((obj) => obj?.metadata?.labels, (0, import_ramda.defaultTo)({}));
+var carriedLabels = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.labels, (0, import_ramda.defaultTo)({}));
 var carriesLabels = (0, import_ramda.pipe)(carriedLabels, (0, import_ramda.equals)({}), import_ramda.not);
 var definesDeletionTimestamp = (0, import_ramda.pipe)((binding) => binding?.filters?.deletionTimestamp, (0, import_ramda.defaultTo)(false));
 var ignoresDeletionTimestamp = (0, import_ramda.complement)(definesDeletionTimestamp);
@@ -271,46 +318,46 @@ var definedCategory = (0, import_ramda.pipe)((binding) => {
 var definedCallback = (0, import_ramda.pipe)((binding) => {
   return binding.isFinalize ? binding.finalizeCallback : binding.isWatch ? binding.watchCallback : binding.isMutate ? binding.mutateCallback : binding.isValidate ? binding.validateCallback : null;
 });
-var definedCallbackName = (0, import_ramda.pipe)(definedCallback, (0, import_ramda.defaultTo)({ name: "" }), (cb) => cb.name);
+var definedCallbackName = (0, import_ramda.pipe)(definedCallback, (0, import_ramda.defaultTo)({ name: "" }), (callback) => callback.name);
 var mismatchedDeletionTimestamp = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesDeletionTimestamp),
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(1), missingDeletionTimestamp)
 ]);
 var mismatchedName = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesName),
-  (0, import_ramda.pipe)((bnd, obj) => definedName(bnd) !== carriedName(obj))
+  (0, import_ramda.pipe)((binding, kubernetesObject) => definedName(binding) !== carriedName(kubernetesObject))
 ]);
 var mismatchedNameRegex = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesNameRegex),
-  (0, import_ramda.pipe)((bnd, obj) => new RegExp(definedNameRegex(bnd)).test(carriedName(obj)), import_ramda.not)
+  (0, import_ramda.pipe)((binding, kubernetesObject) => new RegExp(definedNameRegex(binding)).test(carriedName(kubernetesObject)), import_ramda.not)
 ]);
 var bindsToKind = (0, import_ramda.curry)(
-  (0, import_ramda.allPass)([(0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definedKind, (0, import_ramda.equals)(""), import_ramda.not), (0, import_ramda.pipe)((bnd, knd) => definedKind(bnd) === knd)])
+  (0, import_ramda.allPass)([(0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definedKind, (0, import_ramda.equals)(""), import_ramda.not), (0, import_ramda.pipe)((binding, kind4) => definedKind(binding) === kind4)])
 );
 var bindsToNamespace = (0, import_ramda.curry)((0, import_ramda.pipe)(bindsToKind(import_ramda.__, "Namespace")));
 var misboundNamespace = (0, import_ramda.allPass)([bindsToNamespace, definesNamespaces]);
 var mismatchedNamespace = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesNamespaces),
-  (0, import_ramda.pipe)((bnd, obj) => definedNamespaces(bnd).includes(carriedNamespace(obj)), import_ramda.not)
+  (0, import_ramda.pipe)((binding, kubernetesObject) => definedNamespaces(binding).includes(carriedNamespace(kubernetesObject)), import_ramda.not)
 ]);
 var mismatchedNamespaceRegex = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesNamespaceRegexes),
   (0, import_ramda.pipe)(
-    (bnd, obj) => (0, import_ramda.pipe)(
-      (0, import_ramda.any)((rex) => new RegExp(rex).test(carriedNamespace(obj))),
+    (binding, kubernetesObject) => (0, import_ramda.pipe)(
+      (0, import_ramda.any)((regEx) => new RegExp(regEx).test(carriedNamespace(kubernetesObject))),
       import_ramda.not
-    )(definedNamespaceRegexes(bnd))
+    )(definedNamespaceRegexes(binding))
   )
 ]);
 var metasMismatch = (0, import_ramda.pipe)(
   (defined, carried) => {
     const result = { defined, carried, unalike: {} };
-    result.unalike = Object.entries(result.defined).map(([key, val]) => {
+    result.unalike = Object.entries(result.defined).map(([key, value]) => {
       const keyMissing = !Object.hasOwn(result.carried, key);
-      const noValue = !val;
+      const noValue = !value;
       const valMissing = !result.carried[key];
       const valDiffers = result.carried[key] !== result.defined[key];
-      return keyMissing ? { [key]: val } : noValue ? {} : valMissing ? { [key]: val } : valDiffers ? { [key]: val } : {};
+      return keyMissing ? { [key]: value } : noValue ? {} : valMissing ? { [key]: value } : valDiffers ? { [key]: value } : {};
     }).reduce((acc, cur) => ({ ...acc, ...cur }), {});
     return result.unalike;
   },
@@ -318,32 +365,37 @@ var metasMismatch = (0, import_ramda.pipe)(
 );
 var mismatchedAnnotations = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesAnnotations),
-  (0, import_ramda.pipe)((bnd, obj) => metasMismatch(definedAnnotations(bnd), carriedAnnotations(obj)))
+  (0, import_ramda.pipe)((binding, kubernetesObject) => metasMismatch(definedAnnotations(binding), carriedAnnotations(kubernetesObject)))
 ]);
 var mismatchedLabels = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesLabels),
-  (0, import_ramda.pipe)((bnd, obj) => metasMismatch(definedLabels(bnd), carriedLabels(obj)))
+  (0, import_ramda.pipe)((binding, kubernetesObject) => metasMismatch(definedLabels(binding), carriedLabels(kubernetesObject)))
 ]);
 var uncarryableNamespace = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), import_ramda.length, (0, import_ramda.gt)(import_ramda.__, 0)),
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(1), carriesNamespace),
-  (0, import_ramda.pipe)((nss, obj) => nss.includes(carriedNamespace(obj)), import_ramda.not)
+  (0, import_ramda.pipe)((namespaceSelector, kubernetesObject) => namespaceSelector.includes(carriedNamespace(kubernetesObject)), import_ramda.not)
 ]);
 var carriesIgnoredNamespace = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), import_ramda.length, (0, import_ramda.gt)(import_ramda.__, 0)),
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(1), carriesNamespace),
-  (0, import_ramda.pipe)((nss, obj) => nss.includes(carriedNamespace(obj)))
+  (0, import_ramda.pipe)((namespaceSelector, kubernetesObject) => namespaceSelector.includes(carriedNamespace(kubernetesObject)))
 ]);
 var unbindableNamespaces = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), import_ramda.length, (0, import_ramda.gt)(import_ramda.__, 0)),
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(1), definesNamespaces),
-  (0, import_ramda.pipe)((nss, bnd) => (0, import_ramda.difference)(definedNamespaces(bnd), nss), import_ramda.length, (0, import_ramda.equals)(0), import_ramda.not)
+  (0, import_ramda.pipe)(
+    (namespaceSelector, binding) => (0, import_ramda.difference)(definedNamespaces(binding), namespaceSelector),
+    import_ramda.length,
+    (0, import_ramda.equals)(0),
+    import_ramda.not
+  )
 ]);
 var misboundDeleteWithDeletionTimestamp = (0, import_ramda.allPass)([definesDelete, definesDeletionTimestamp]);
 var operationMatchesEvent = (0, import_ramda.anyPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(1), (0, import_ramda.equals)("*" /* Any */)),
-  (0, import_ramda.pipe)((op, evt) => op === evt),
-  (0, import_ramda.pipe)((op, evt) => op ? evt.includes(op) : false)
+  (0, import_ramda.pipe)((operation, event) => operation === event),
+  (0, import_ramda.pipe)((operation, event) => operation ? event.includes(operation) : false)
 ]);
 var mismatchedEvent = (0, import_ramda.pipe)(
   (binding, request) => operationMatchesEvent(declaredOperation(request), definedEvent(binding)),
@@ -362,7 +414,7 @@ var mismatchedKind = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((binding, request) => definedKind(binding) !== declaredKind(request))
 ]);
 
-// src/lib/filter.ts
+// src/lib/filter/filter.ts
 function shouldSkipRequest(binding, req, capabilityNamespaces, ignoredNamespaces) {
   const prefix = "Ignoring Admission Callback:";
   const obj = req.operation === "DELETE" /* DELETE */ ? req.oldObject : req.object;
@@ -377,31 +429,15 @@ var PeprMutateRequest = class {
   get PermitSideEffects() {
     return !this.#input.dryRun;
   }
-  /**
-   * Indicates whether the request is a dry run.
-   * @returns true if the request is a dry run, false otherwise.
-   */
   get IsDryRun() {
     return this.#input.dryRun;
   }
-  /**
-   * Provides access to the old resource in the request if available.
-   * @returns The old Kubernetes resource object or null if not available.
-   */
   get OldResource() {
     return this.#input.oldObject;
   }
-  /**
-   * Provides access to the request object.
-   * @returns The request object containing the Kubernetes resource.
-   */
   get Request() {
     return this.#input;
   }
-  /**
-   * Creates a new instance of the action class.
-   * @param input - The request object containing the Kubernetes resource to modify.
-   */
   constructor(input) {
     this.#input = input;
     if (input.operation.toUpperCase() === "DELETE" /* DELETE */) {
@@ -410,23 +446,12 @@ var PeprMutateRequest = class {
       this.Raw = (0, import_ramda2.clone)(input.object);
     }
     if (!this.Raw) {
-      throw new Error("unable to load the request object into PeprRequest.RawP");
+      throw new Error("Unable to load the request object into PeprRequest.Raw");
     }
   }
-  /**
-   * Deep merges the provided object with the current resource.
-   *
-   * @param obj - The object to merge with the current resource.
-   */
   Merge = (obj) => {
     this.Raw = (0, import_ramda2.mergeDeepRight)(this.Raw, obj);
   };
-  /**
-   * Updates a label on the Kubernetes resource.
-   * @param key - The key of the label to update.
-   * @param value - The value of the label.
-   * @returns The current action instance for method chaining.
-   */
   SetLabel = (key, value) => {
     const ref = this.Raw;
     ref.metadata = ref.metadata ?? {};
@@ -434,12 +459,6 @@ var PeprMutateRequest = class {
     ref.metadata.labels[key] = value;
     return this;
   };
-  /**
-   * Updates an annotation on the Kubernetes resource.
-   * @param key - The key of the annotation to update.
-   * @param value - The value of the annotation.
-   * @returns The current action instance for method chaining.
-   */
   SetAnnotation = (key, value) => {
     const ref = this.Raw;
     ref.metadata = ref.metadata ?? {};
@@ -447,43 +466,21 @@ var PeprMutateRequest = class {
     ref.metadata.annotations[key] = value;
     return this;
   };
-  /**
-   * Removes a label from the Kubernetes resource.
-   * @param key - The key of the label to remove.
-   * @returns The current Action instance for method chaining.
-   */
   RemoveLabel = (key) => {
     if (this.Raw.metadata?.labels?.[key]) {
       delete this.Raw.metadata.labels[key];
     }
     return this;
   };
-  /**
-   * Removes an annotation from the Kubernetes resource.
-   * @param key - The key of the annotation to remove.
-   * @returns The current Action instance for method chaining.
-   */
   RemoveAnnotation = (key) => {
     if (this.Raw.metadata?.annotations?.[key]) {
       delete this.Raw.metadata.annotations[key];
     }
     return this;
   };
-  /**
-   * Check if a label exists on the Kubernetes resource.
-   *
-   * @param key the label key to check
-   * @returns
-   */
   HasLabel = (key) => {
     return this.Raw.metadata?.labels?.[key] !== void 0;
   };
-  /**
-   * Check if an annotation exists on the Kubernetes resource.
-   *
-   * @param key the annotation key to check
-   * @returns
-   */
   HasAnnotation = (key) => {
     return this.Raw.metadata?.annotations?.[key] !== void 0;
   };
@@ -577,16 +574,7 @@ async function mutateProcessor(config, capabilities, req, reqMetadata) {
       } catch (e) {
         updateStatus("warning");
         response.warnings = response.warnings || [];
-        let errorMessage = "";
-        try {
-          if (e.message && e.message !== "[object Object]") {
-            errorMessage = e.message;
-          } else {
-            throw new Error("An error occurred in the mutate action.");
-          }
-        } catch (e2) {
-          errorMessage = "An error occurred with the mutate action.";
-        }
+        const errorMessage = logMutateErrorMessage(e);
         logger_default.error(actionMetadata, `Action failed: ${errorMessage}`);
         response.warnings.push(`Action failed: ${errorMessage}`);
         switch (config.onError) {
@@ -625,6 +613,17 @@ async function mutateProcessor(config, capabilities, req, reqMetadata) {
   logger_default.debug({ ...reqMetadata, patches }, `Patches generated`);
   return response;
 }
+var logMutateErrorMessage = (e) => {
+  try {
+    if (e.message && e.message !== "[object Object]") {
+      return e.message;
+    } else {
+      throw new Error("An error occurred in the mutate action.");
+    }
+  } catch (e2) {
+    return "An error occurred with the mutate action.";
+  }
+};
 
 // src/lib/validate-request.ts
 var import_ramda3 = require("ramda");
@@ -757,25 +756,65 @@ async function validateProcessor(config, capabilities, req, reqMetadata) {
 }
 
 // src/lib/controller/store.ts
-var import_kubernetes_fluent_client2 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client3 = require("kubernetes-fluent-client");
 var import_ramda4 = require("ramda");
 
 // src/lib/k8s.ts
 var import_kubernetes_fluent_client = require("kubernetes-fluent-client");
-var PeprStore = class extends import_kubernetes_fluent_client.GenericKind {
+var Store = class extends import_kubernetes_fluent_client.GenericKind {
 };
 var peprStoreGVK = {
   kind: "PeprStore",
   version: "v1",
   group: "pepr.dev"
 };
-(0, import_kubernetes_fluent_client.RegisterKind)(PeprStore, peprStoreGVK);
+(0, import_kubernetes_fluent_client.RegisterKind)(Store, peprStoreGVK);
+
+// src/lib/controller/storeCache.ts
+var import_kubernetes_fluent_client2 = require("kubernetes-fluent-client");
+var import_http_status_codes = require("http-status-codes");
+var sendUpdatesAndFlushCache = async (cache, namespace2, name) => {
+  const indexes = Object.keys(cache);
+  const payload = Object.values(cache);
+  try {
+    if (payload.length > 0) {
+      await (0, import_kubernetes_fluent_client2.K8s)(Store, { namespace: namespace2, name }).Patch(payload);
+      Object.keys(cache).forEach((key) => delete cache[key]);
+    }
+  } catch (err) {
+    logger_default.error(err, "Pepr store update failure");
+    if (err.status === import_http_status_codes.StatusCodes.UNPROCESSABLE_ENTITY) {
+      Object.keys(cache).forEach((key) => delete cache[key]);
+    } else {
+      indexes.forEach((index) => {
+        cache[index] = payload[Number(index)];
+      });
+    }
+  }
+  return cache;
+};
+var fillStoreCache = (cache, capabilityName, op, cacheItem) => {
+  const path = [`/data/${capabilityName}`, cacheItem.version, cacheItem.key].filter((str) => str !== "" && str !== void 0).join("-");
+  if (op === "add") {
+    const value = cacheItem.value || "";
+    const cacheIdx = [op, path, value].join(":");
+    cache[cacheIdx] = { op, path, value };
+  } else if (op === "remove") {
+    if (cacheItem.key.length < 1) {
+      throw new Error(`Key is required for REMOVE operation`);
+    }
+    const cacheIndex = [op, path].join(":");
+    cache[cacheIndex] = { op, path };
+  } else {
+    throw new Error(`Unsupported operation: ${op}`);
+  }
+  return cache;
+};
 
 // src/lib/controller/store.ts
-var redactedValue = "**redacted**";
 var namespace = "pepr-system";
 var debounceBackoff = 5e3;
-var PeprControllerStore = class {
+var StoreController = class {
   #name;
   #stores = {};
   #sendDebounce;
@@ -783,87 +822,53 @@ var PeprControllerStore = class {
   constructor(capabilities, name, onReady) {
     this.#onReady = onReady;
     this.#name = name;
+    const setStorageInstance = (registrationFunction, name2) => {
+      const scheduleStore = registrationFunction();
+      scheduleStore.registerSender(this.#send(name2));
+      this.#stores[name2] = scheduleStore;
+    };
     if (name.includes("schedule")) {
       for (const { name: name2, registerScheduleStore, hasSchedule } of capabilities) {
-        if (hasSchedule !== true) {
-          continue;
+        if (hasSchedule === true) {
+          setStorageInstance(registerScheduleStore, name2);
         }
-        const { scheduleStore } = registerScheduleStore();
-        scheduleStore.registerSender(this.#send(name2));
-        this.#stores[name2] = scheduleStore;
       }
     } else {
       for (const { name: name2, registerStore } of capabilities) {
-        const { store } = registerStore();
-        store.registerSender(this.#send(name2));
-        this.#stores[name2] = store;
+        setStorageInstance(registerStore, name2);
       }
     }
     setTimeout(
-      () => (0, import_kubernetes_fluent_client2.K8s)(PeprStore).InNamespace(namespace).Get(this.#name).then(async (store) => await this.#migrateAndSetupWatch(store)).catch(this.#createStoreResource),
+      () => (0, import_kubernetes_fluent_client3.K8s)(Store).InNamespace(namespace).Get(this.#name).then(async (store) => await this.#migrateAndSetupWatch(store)).catch(this.#createStoreResource),
       Math.random() * 3e3
+      // Add a jitter to the Store creation to avoid collisions
     );
   }
   #setupWatch = () => {
-    const watcher = (0, import_kubernetes_fluent_client2.K8s)(PeprStore, { name: this.#name, namespace }).Watch(this.#receive);
+    const watcher = (0, import_kubernetes_fluent_client3.K8s)(Store, { name: this.#name, namespace }).Watch(this.#receive);
     watcher.start().catch((e) => logger_default.error(e, "Error starting Pepr store watch"));
   };
   #migrateAndSetupWatch = async (store) => {
     logger_default.debug(redactedStore(store), "Pepr Store migration");
     const data = store.data || {};
-    const migrateCache = {};
-    const flushCache = async () => {
-      const indexes = Object.keys(migrateCache);
-      const payload = Object.values(migrateCache);
-      for (const idx of indexes) {
-        delete migrateCache[idx];
-      }
-      try {
-        if (payload.length > 0) {
-          await (0, import_kubernetes_fluent_client2.K8s)(PeprStore, { namespace, name: this.#name }).Patch(payload);
-        }
-      } catch (err) {
-        logger_default.error(err, "Pepr store update failure");
-        if (err.status === 422) {
-          Object.keys(migrateCache).forEach((key) => delete migrateCache[key]);
-        } else {
-          for (const idx of indexes) {
-            migrateCache[idx] = payload[Number(idx)];
-          }
-        }
-      }
-    };
-    const fillCache = (name, op, key, val) => {
-      if (op === "add") {
-        const path = `/data/${name}-v2-${key}`;
-        const value = val || "";
-        const cacheIdx = [op, path, value].join(":");
-        migrateCache[cacheIdx] = { op, path, value };
-        return;
-      }
-      if (op === "remove") {
-        if (key.length < 1) {
-          throw new Error(`Key is required for REMOVE operation`);
-        }
-        for (const k of key) {
-          const path = `/data/${name}-${k}`;
-          const cacheIdx = [op, path].join(":");
-          migrateCache[cacheIdx] = { op, path };
-        }
-        return;
-      }
-      throw new Error(`Unsupported operation: ${op}`);
-    };
+    let storeCache = {};
     for (const name of Object.keys(this.#stores)) {
       const offset = `${name}-`.length;
       for (const key of Object.keys(data)) {
         if ((0, import_ramda4.startsWith)(name, key) && !(0, import_ramda4.startsWith)(`${name}-v2`, key)) {
-          fillCache(name, "remove", [key.slice(offset)], data[key]);
-          fillCache(name, "add", [key.slice(offset)], data[key]);
+          storeCache = fillStoreCache(storeCache, name, "remove", {
+            key: [key.slice(offset)],
+            value: data[key]
+          });
+          storeCache = fillStoreCache(storeCache, name, "add", {
+            key: [key.slice(offset)],
+            value: data[key],
+            version: "v2"
+          });
         }
       }
     }
-    await flushCache();
+    storeCache = await sendUpdatesAndFlushCache(storeCache, namespace, this.#name);
     this.#setupWatch();
   };
   #receive = (store) => {
@@ -889,56 +894,14 @@ var PeprControllerStore = class {
     this.#sendDebounce = setTimeout(debounced, this.#onReady ? 0 : debounceBackoff);
   };
   #send = (capabilityName) => {
-    const sendCache = {};
-    const fillCache = (op, key, val) => {
-      if (op === "add") {
-        const path = `/data/${capabilityName}-${key}`;
-        const value = val || "";
-        const cacheIdx = [op, path, value].join(":");
-        sendCache[cacheIdx] = { op, path, value };
-        return;
-      }
-      if (op === "remove") {
-        if (key.length < 1) {
-          throw new Error(`Key is required for REMOVE operation`);
-        }
-        for (const k of key) {
-          const path = `/data/${capabilityName}-${k}`;
-          const cacheIdx = [op, path].join(":");
-          sendCache[cacheIdx] = { op, path };
-        }
-        return;
-      }
-      throw new Error(`Unsupported operation: ${op}`);
-    };
-    const flushCache = async () => {
-      const indexes = Object.keys(sendCache);
-      const payload = Object.values(sendCache);
-      for (const idx of indexes) {
-        delete sendCache[idx];
-      }
-      try {
-        if (payload.length > 0) {
-          await (0, import_kubernetes_fluent_client2.K8s)(PeprStore, { namespace, name: this.#name }).Patch(payload);
-        }
-      } catch (err) {
-        logger_default.error(err, "Pepr store update failure");
-        if (err.status === 422) {
-          Object.keys(sendCache).forEach((key) => delete sendCache[key]);
-        } else {
-          for (const idx of indexes) {
-            sendCache[idx] = payload[Number(idx)];
-          }
-        }
-      }
-    };
-    const sender = async (op, key, val) => {
-      fillCache(op, key, val);
+    let storeCache = {};
+    const sender = async (op, key, value) => {
+      storeCache = fillStoreCache(storeCache, capabilityName, op, { key, value });
     };
     setInterval(() => {
-      if (Object.keys(sendCache).length > 0) {
-        logger_default.debug(redactedPatch(sendCache), "Sending updates to Pepr store");
-        void flushCache();
+      if (Object.keys(storeCache).length > 0) {
+        logger_default.debug(redactedPatch(storeCache), "Sending updates to Pepr store");
+        void sendUpdatesAndFlushCache(storeCache, namespace, this.#name);
       }
     }, debounceBackoff);
     return sender;
@@ -947,7 +910,7 @@ var PeprControllerStore = class {
     logger_default.info(`Pepr store not found, creating...`);
     logger_default.debug(e);
     try {
-      await (0, import_kubernetes_fluent_client2.K8s)(PeprStore).Apply({
+      await (0, import_kubernetes_fluent_client3.K8s)(Store).Apply({
         metadata: {
           name: this.#name,
           namespace
@@ -963,33 +926,6 @@ var PeprControllerStore = class {
     }
   };
 };
-function redactedStore(store) {
-  const redacted = process.env.PEPR_STORE_REDACT_VALUES === "true";
-  return {
-    ...store,
-    data: Object.keys(store.data).reduce((acc, key) => {
-      acc[key] = redacted ? redactedValue : store.data[key];
-      return acc;
-    }, {})
-  };
-}
-function redactedPatch(patch = {}) {
-  const redacted = process.env.PEPR_STORE_REDACT_VALUES === "true";
-  if (!redacted) {
-    return patch;
-  }
-  const redactedCache = {};
-  Object.keys(patch).forEach((key) => {
-    const operation = patch[key];
-    const redactedKey = key.includes(":") ? key.substring(0, key.lastIndexOf(":")) + ":**redacted**" : key;
-    const redactedOperation = {
-      ...operation,
-      ..."value" in operation ? { value: "**redacted**" } : {}
-    };
-    redactedCache[redactedKey] = redactedOperation;
-  });
-  return redactedCache;
-}
 
 // src/lib/controller/index.ts
 if (!process.env.PEPR_NODE_WARNINGS) {
@@ -1012,11 +948,11 @@ var Controller = class _Controller {
   constructor(config, capabilities, beforeHook, afterHook, onReady) {
     this.#config = config;
     this.#capabilities = capabilities;
-    new PeprControllerStore(capabilities, `pepr-${config.uuid}-store`, () => {
+    new StoreController(capabilities, `pepr-${config.uuid}-store`, () => {
       this.#bindEndpoints();
       onReady && onReady();
       logger_default.info("\u2705 Controller startup complete");
-      new PeprControllerStore(capabilities, `pepr-${config.uuid}-schedule`, () => {
+      new StoreController(capabilities, `pepr-${config.uuid}-schedule`, () => {
         logger_default.info("\u2705 Scheduling processed");
       });
     });
@@ -1222,11 +1158,11 @@ var Controller = class _Controller {
 };
 
 // src/lib/watch-processor.ts
-var import_kubernetes_fluent_client6 = require("kubernetes-fluent-client");
-var import_types6 = require("kubernetes-fluent-client/dist/fluent/types");
+var import_kubernetes_fluent_client7 = require("kubernetes-fluent-client");
+var import_types = require("kubernetes-fluent-client/dist/fluent/types");
 
 // src/lib/helpers.ts
-var import_kubernetes_fluent_client4 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
 
 // src/sdk/sdk.ts
 var sdk_exports = {};
@@ -1236,7 +1172,7 @@ __export(sdk_exports, {
   sanitizeResourceName: () => sanitizeResourceName,
   writeEvent: () => writeEvent
 });
-var import_kubernetes_fluent_client3 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client4 = require("kubernetes-fluent-client");
 function containers(request, containerType) {
   const containers2 = request.Raw.spec?.containers || [];
   const initContainers = request.Raw.spec?.initContainers || [];
@@ -1254,7 +1190,7 @@ function containers(request, containerType) {
 }
 async function writeEvent(cr, event, eventType, eventReason, reportingComponent, reportingInstance) {
   logger_default.debug(cr.metadata, `Writing event: ${event.message}`);
-  await (0, import_kubernetes_fluent_client3.K8s)(import_kubernetes_fluent_client3.kind.CoreEvent).Create({
+  await (0, import_kubernetes_fluent_client4.K8s)(import_kubernetes_fluent_client4.kind.CoreEvent).Create({
     type: eventType,
     reason: eventReason,
     ...event,
@@ -1300,7 +1236,7 @@ function filterNoMatchReason(binding, obj, capabilityNamespaces, ignoredNamespac
 }
 
 // src/lib/finalizer.ts
-var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client6 = require("kubernetes-fluent-client");
 function addFinalizer(request) {
   if (request.Request.operation === "DELETE" /* DELETE */) {
     return;
@@ -1322,7 +1258,7 @@ async function removeFinalizer(binding, obj) {
   logger_default.debug({ obj }, `Removing finalizer '${peprFinal}' from '${resource}'`);
   const { model, kind: kind4 } = binding;
   try {
-    (0, import_kubernetes_fluent_client5.RegisterKind)(model, kind4);
+    (0, import_kubernetes_fluent_client6.RegisterKind)(model, kind4);
   } catch (e) {
     const expected = e.message === `GVK ${model.name} already registered`;
     if (!expected) {
@@ -1331,7 +1267,7 @@ async function removeFinalizer(binding, obj) {
     }
   }
   const finalizers = meta.finalizers?.filter((f) => f !== peprFinal) || [];
-  obj = await (0, import_kubernetes_fluent_client5.K8s)(model, meta).Patch([
+  obj = await (0, import_kubernetes_fluent_client6.K8s)(model, meta).Patch([
     {
       op: "replace",
       path: `/metadata/finalizers`,
@@ -1455,18 +1391,18 @@ function getOrCreateQueue(obj) {
   return queues[key];
 }
 var watchCfg = {
-  useHTTP2: process.env.PEPR_HTTP2_WATCH === "true",
+  useLegacyWatch: process.env.PEPR_USE_LEGACY_WATCH === "true",
   resyncFailureMax: process.env.PEPR_RESYNC_FAILURE_MAX ? parseInt(process.env.PEPR_RESYNC_FAILURE_MAX, 10) : 5,
   resyncDelaySec: process.env.PEPR_RESYNC_DELAY_SECONDS ? parseInt(process.env.PEPR_RESYNC_DELAY_SECONDS, 10) : 5,
   lastSeenLimitSeconds: process.env.PEPR_LAST_SEEN_LIMIT_SECONDS ? parseInt(process.env.PEPR_LAST_SEEN_LIMIT_SECONDS, 10) : 300,
   relistIntervalSec: process.env.PEPR_RELIST_INTERVAL_SECONDS ? parseInt(process.env.PEPR_RELIST_INTERVAL_SECONDS, 10) : 600
 };
 var eventToPhaseMap = {
-  ["CREATE" /* Create */]: [import_types6.WatchPhase.Added],
-  ["UPDATE" /* Update */]: [import_types6.WatchPhase.Modified],
-  ["CREATEORUPDATE" /* CreateOrUpdate */]: [import_types6.WatchPhase.Added, import_types6.WatchPhase.Modified],
-  ["DELETE" /* Delete */]: [import_types6.WatchPhase.Deleted],
-  ["*" /* Any */]: [import_types6.WatchPhase.Added, import_types6.WatchPhase.Modified, import_types6.WatchPhase.Deleted]
+  ["CREATE" /* Create */]: [import_types.WatchPhase.Added],
+  ["UPDATE" /* Update */]: [import_types.WatchPhase.Modified],
+  ["CREATEORUPDATE" /* CreateOrUpdate */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified],
+  ["DELETE" /* Delete */]: [import_types.WatchPhase.Deleted],
+  ["*" /* Any */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified, import_types.WatchPhase.Deleted]
 };
 function setupWatch(capabilities, ignoredNamespaces) {
   capabilities.map(
@@ -1476,32 +1412,39 @@ function setupWatch(capabilities, ignoredNamespaces) {
 async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
   const phaseMatch = eventToPhaseMap[binding.event] || eventToPhaseMap["*" /* Any */];
   logger_default.debug({ watchCfg }, "Effective WatchConfig");
-  const watchCallback = async (obj, phase) => {
+  const watchCallback = async (kubernetesObject, phase) => {
     if (phaseMatch.includes(phase)) {
       try {
-        const filterMatch = filterNoMatchReason(binding, obj, capabilityNamespaces, ignoredNamespaces);
-        if (filterMatch === "") {
-          if (binding.isFinalize) {
-            if (!obj.metadata?.deletionTimestamp) {
-              return;
-            }
-            try {
-              await binding.finalizeCallback?.(obj);
-            } finally {
-              await removeFinalizer(binding, obj);
-            }
-          } else {
-            await binding.watchCallback?.(obj, phase);
-          }
-        } else {
+        const filterMatch = filterNoMatchReason(binding, kubernetesObject, capabilityNamespaces, ignoredNamespaces);
+        if (filterMatch !== "") {
           logger_default.debug(filterMatch);
+          return;
+        }
+        if (binding.isFinalize) {
+          await handleFinalizerRemoval(kubernetesObject);
+        } else {
+          await binding.watchCallback?.(kubernetesObject, phase);
         }
       } catch (e) {
         logger_default.error(e, "Error executing watch callback");
       }
     }
   };
-  const watcher = (0, import_kubernetes_fluent_client6.K8s)(binding.model, binding.filters).Watch(async (obj, phase) => {
+  const handleFinalizerRemoval = async (kubernetesObject) => {
+    if (!kubernetesObject.metadata?.deletionTimestamp) {
+      return;
+    }
+    let shouldRemoveFinalizer = true;
+    try {
+      shouldRemoveFinalizer = await binding.finalizeCallback?.(kubernetesObject);
+    } finally {
+      const peprFinal = "pepr.dev/finalizer";
+      const meta = kubernetesObject.metadata;
+      const resource = `${meta.namespace || "ClusterScoped"}/${meta.name}`;
+      shouldRemoveFinalizer === false ? logger_default.debug({ obj: kubernetesObject }, `Skipping removal of finalizer '${peprFinal}' from '${resource}'`) : await removeFinalizer(binding, kubernetesObject);
+    }
+  };
+  const watcher = (0, import_kubernetes_fluent_client7.K8s)(binding.model, binding.filters).Watch(async (obj, phase) => {
     logger_default.debug(obj, `Watch event ${phase} received`);
     if (binding.isQueue) {
       const queue = getOrCreateQueue(obj);
@@ -1510,30 +1453,30 @@ async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
       await watchCallback(obj, phase);
     }
   }, watchCfg);
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, (err) => {
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.GIVE_UP, (err) => {
     logger_default.error(err, "Watch failed after 5 attempts, giving up");
     process.exit(1);
   });
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.CONNECT, (url) => logEvent(import_kubernetes_fluent_client6.WatchEvent.CONNECT, url));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR, err.message));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.CONNECT, (url) => logEvent(import_kubernetes_fluent_client7.WatchEvent.CONNECT, url));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.DATA_ERROR, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.DATA_ERROR, err.message));
   watcher.events.on(
-    import_kubernetes_fluent_client6.WatchEvent.RECONNECT,
-    (retryCount) => logEvent(import_kubernetes_fluent_client6.WatchEvent.RECONNECT, `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`)
+    import_kubernetes_fluent_client7.WatchEvent.RECONNECT,
+    (retryCount) => logEvent(import_kubernetes_fluent_client7.WatchEvent.RECONNECT, `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`)
   );
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING, () => logEvent(import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, err.message));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.ABORT, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.ABORT, err.message));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION, err));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR, err.message));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR, err.message));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.LIST, (list) => logEvent(import_kubernetes_fluent_client6.WatchEvent.LIST, JSON.stringify(list, void 0, 2)));
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.CACHE_MISS, (windowName) => {
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.RECONNECT_PENDING, () => logEvent(import_kubernetes_fluent_client7.WatchEvent.RECONNECT_PENDING));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.GIVE_UP, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.GIVE_UP, err.message));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.ABORT, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.ABORT, err.message));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.OLD_RESOURCE_VERSION, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.OLD_RESOURCE_VERSION, err));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.NETWORK_ERROR, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.NETWORK_ERROR, err.message));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.LIST_ERROR, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.LIST_ERROR, err.message));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.LIST, (list) => logEvent(import_kubernetes_fluent_client7.WatchEvent.LIST, JSON.stringify(list, void 0, 2)));
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.CACHE_MISS, (windowName) => {
     metricsCollector.incCacheMiss(windowName);
   });
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.INIT_CACHE_MISS, (windowName) => {
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.INIT_CACHE_MISS, (windowName) => {
     metricsCollector.initCacheMissWindow(windowName);
   });
-  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.INC_RESYNC_FAILURE_COUNT, (retryCount) => {
+  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.INC_RESYNC_FAILURE_COUNT, (retryCount) => {
     metricsCollector.incRetryCount(retryCount);
   });
   try {
@@ -1959,8 +1902,6 @@ var Capability = class {
   }
   /**
    * Register the store with the capability. This is called automatically by the Pepr controller.
-   *
-   * @param store
    */
   registerScheduleStore = () => {
     logger_default.info(`Registering schedule store for ${this.#name}`);
@@ -1968,9 +1909,7 @@ var Capability = class {
       throw new Error(`Schedule store already registered for ${this.#name}`);
     }
     this.#scheduleRegistered = true;
-    return {
-      scheduleStore: this.#scheduleStore
-    };
+    return this.#scheduleStore;
   };
   /**
    * Register the store with the capability. This is called automatically by the Pepr controller.
@@ -1983,9 +1922,7 @@ var Capability = class {
       throw new Error(`Store already registered for ${this.#name}`);
     }
     this.#registered = true;
-    return {
-      store: this.#store
-    };
+    return this.#store;
   };
   /**
    * The When method is used to register a action to be executed when a Kubernetes resource is
@@ -1997,7 +1934,7 @@ var Capability = class {
    * @returns
    */
   When = (model, kind4) => {
-    const matchedKind = (0, import_kubernetes_fluent_client7.modelToGroupVersionKind)(model.name);
+    const matchedKind = (0, import_kubernetes_fluent_client8.modelToGroupVersionKind)(model.name);
     if (!matchedKind && !kind4) {
       throw new Error(`Kind not specified for ${model.name}`);
     }
@@ -2108,7 +2045,7 @@ var Capability = class {
           event: "UPDATE" /* Update */,
           finalizeCallback: async (update, logger = aliasLogger) => {
             logger_default.info(`Executing finalize action with alias: ${binding.alias || "no alias provided"}`);
-            await finalizeCallback(update, logger);
+            return await finalizeCallback(update, logger);
           }
         };
         bindings.push(watchBinding);