pepr 0.40.1 → 0.42.1

package/dist/lib.js

@@ -6,8 +6,8 @@ var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
+  for (var name2 in all)
+    __defProp(target, name2, { get: all[name2], enumerable: true });
 };
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
@@ -31,29 +31,29 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var lib_exports = {};
 __export(lib_exports, {
   Capability: () => Capability,
-  K8s: () => import_kubernetes_fluent_client9.K8s,
+  K8s: () => import_kubernetes_fluent_client8.K8s,
   Log: () => logger_default,
   PeprModule: () => PeprModule,
   PeprMutateRequest: () => PeprMutateRequest,
   PeprUtils: () => utils_exports,
   PeprValidateRequest: () => PeprValidateRequest,
   R: () => R,
-  RegisterKind: () => import_kubernetes_fluent_client9.RegisterKind,
-  a: () => import_kubernetes_fluent_client9.kind,
-  fetch: () => import_kubernetes_fluent_client9.fetch,
-  fetchStatus: () => import_kubernetes_fluent_client9.fetchStatus,
-  kind: () => import_kubernetes_fluent_client9.kind,
+  RegisterKind: () => import_kubernetes_fluent_client8.RegisterKind,
+  a: () => import_kubernetes_fluent_client8.kind,
+  fetch: () => import_kubernetes_fluent_client8.fetch,
+  fetchStatus: () => import_kubernetes_fluent_client8.fetchStatus,
+  kind: () => import_kubernetes_fluent_client8.kind,
   sdk: () => sdk_exports
 });
 module.exports = __toCommonJS(lib_exports);
-var import_kubernetes_fluent_client9 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client8 = require("kubernetes-fluent-client");
 var R = __toESM(require("ramda"));
 
 // src/lib/capability.ts
-var import_kubernetes_fluent_client8 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client7 = require("kubernetes-fluent-client");
 var import_ramda7 = require("ramda");
 
-// src/lib/logger.ts
+// src/lib/telemetry/logger.ts
 var import_pino = require("pino");
 var isPrettyLog = process.env.PEPR_PRETTY_LOGS === "true";
 var redactedValue = "**redacted**";
@@ -109,7 +109,7 @@ var import_express = __toESM(require("express"));
 var import_fs = __toESM(require("fs"));
 var import_https = __toESM(require("https"));
 
-// src/lib/metrics.ts
+// src/lib/telemetry/metrics.ts
 var import_perf_hooks = require("perf_hooks");
 var import_prom_client = __toESM(require("prom-client"));
 var loggingPrefix = "MetricsCollector";
@@ -142,34 +142,34 @@ var MetricsCollector = class {
     this.addGauge(this.#metricNames.cacheMiss, "Number of cache misses per window", ["window"]);
     this.addGauge(this.#metricNames.resyncFailureCount, "Number of failures per resync operation", ["count"]);
   }
-  #getMetricName = (name) => `${this.#prefix}_${name}`;
-  #addMetric = (collection, MetricType, name, help, labelNames) => {
-    if (collection.has(this.#getMetricName(name))) {
-      logger_default.debug(`Metric for ${name} already exists`, loggingPrefix);
+  #getMetricName = (name2) => `${this.#prefix}_${name2}`;
+  #addMetric = (collection, MetricType, name2, help, labelNames) => {
+    if (collection.has(this.#getMetricName(name2))) {
+      logger_default.debug(`Metric for ${name2} already exists`, loggingPrefix);
       return;
     }
     const metric = new MetricType({
-      name: this.#getMetricName(name),
+      name: this.#getMetricName(name2),
       help,
       registers: [this.#registry],
       labelNames
     });
-    collection.set(this.#getMetricName(name), metric);
+    collection.set(this.#getMetricName(name2), metric);
   };
-  addCounter = (name, help) => {
-    this.#addMetric(this.#counters, import_prom_client.default.Counter, name, help, []);
+  addCounter = (name2, help) => {
+    this.#addMetric(this.#counters, import_prom_client.default.Counter, name2, help, []);
   };
-  addSummary = (name, help) => {
-    this.#addMetric(this.#summaries, import_prom_client.default.Summary, name, help, []);
+  addSummary = (name2, help) => {
+    this.#addMetric(this.#summaries, import_prom_client.default.Summary, name2, help, []);
   };
-  addGauge = (name, help, labelNames) => {
-    this.#addMetric(this.#gauges, import_prom_client.default.Gauge, name, help, labelNames);
+  addGauge = (name2, help, labelNames) => {
+    this.#addMetric(this.#gauges, import_prom_client.default.Gauge, name2, help, labelNames);
   };
-  incCounter = (name) => {
-    this.#counters.get(this.#getMetricName(name))?.inc();
+  incCounter = (name2) => {
+    this.#counters.get(this.#getMetricName(name2))?.inc();
   };
-  incGauge = (name, labels, value = 1) => {
-    this.#gauges.get(this.#getMetricName(name))?.inc(labels || {}, value);
+  incGauge = (name2, labels, value = 1) => {
+    this.#gauges.get(this.#getMetricName(name2))?.inc(labels || {}, value);
   };
   /**
    * Increments the error counter.
@@ -184,8 +184,8 @@ var MetricsCollector = class {
    * @param startTime - The start time.
    * @param name - The metrics summary to increment.
    */
-  observeEnd = (startTime, name = this.#metricNames.mutate) => {
-    this.#summaries.get(this.#getMetricName(name))?.observe(import_perf_hooks.performance.now() - startTime);
+  observeEnd = (startTime, name2 = this.#metricNames.mutate) => {
+    this.#summaries.get(this.#getMetricName(name2))?.observe(import_perf_hooks.performance.now() - startTime);
   };
   /**
    * Fetches the current metrics from the registry.
@@ -254,7 +254,7 @@ function ValidateError(error = "") {
   }
 }
 
-// src/lib/filter/adjudicators.ts
+// src/lib/filter/adjudicators/adjudicators.ts
 var import_ramda = require("ramda");
 var declaredOperation = (0, import_ramda.pipe)(
   (request) => request?.operation,
@@ -278,23 +278,49 @@ var carriesDeletionTimestamp = (0, import_ramda.pipe)(
   (0, import_ramda.defaultTo)(false)
 );
 var missingDeletionTimestamp = (0, import_ramda.complement)(carriesDeletionTimestamp);
-var carriedKind = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.kind, (0, import_ramda.defaultTo)("not set"));
-var carriedVersion = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.version, (0, import_ramda.defaultTo)("not set"));
-var carriedName = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.name, (0, import_ramda.defaultTo)(""));
+var carriedKind = (0, import_ramda.pipe)(
+  (kubernetesObject) => kubernetesObject?.kind,
+  (0, import_ramda.defaultTo)("not set")
+);
+var carriedVersion = (0, import_ramda.pipe)(
+  (kubernetesObject) => kubernetesObject?.metadata?.resourceVersion,
+  (0, import_ramda.defaultTo)("not set")
+);
+var carriedName = (0, import_ramda.pipe)(
+  (kubernetesObject) => kubernetesObject?.metadata?.name,
+  (0, import_ramda.defaultTo)("")
+);
 var carriesName = (0, import_ramda.pipe)(carriedName, (0, import_ramda.equals)(""), import_ramda.not);
 var missingName = (0, import_ramda.complement)(carriesName);
-var carriedNamespace = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.namespace, (0, import_ramda.defaultTo)(""));
+var carriedNamespace = (0, import_ramda.pipe)(
+  (kubernetesObject) => kubernetesObject?.metadata?.namespace,
+  (0, import_ramda.defaultTo)("")
+);
 var carriesNamespace = (0, import_ramda.pipe)(carriedNamespace, (0, import_ramda.equals)(""), import_ramda.not);
-var carriedAnnotations = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.annotations, (0, import_ramda.defaultTo)({}));
+var carriedAnnotations = (0, import_ramda.pipe)(
+  (kubernetesObject) => kubernetesObject?.metadata?.annotations,
+  (0, import_ramda.defaultTo)({})
+);
 var carriesAnnotations = (0, import_ramda.pipe)(carriedAnnotations, (0, import_ramda.equals)({}), import_ramda.not);
-var carriedLabels = (0, import_ramda.pipe)((kubernetesObject) => kubernetesObject?.metadata?.labels, (0, import_ramda.defaultTo)({}));
+var carriedLabels = (0, import_ramda.pipe)(
+  (kubernetesObject) => kubernetesObject?.metadata?.labels,
+  (0, import_ramda.defaultTo)({})
+);
 var carriesLabels = (0, import_ramda.pipe)(carriedLabels, (0, import_ramda.equals)({}), import_ramda.not);
-var definesDeletionTimestamp = (0, import_ramda.pipe)((binding) => binding?.filters?.deletionTimestamp, (0, import_ramda.defaultTo)(false));
+var definesDeletionTimestamp = (0, import_ramda.pipe)(
+  (binding) => binding?.filters?.deletionTimestamp ?? false,
+  (0, import_ramda.defaultTo)(false)
+);
 var ignoresDeletionTimestamp = (0, import_ramda.complement)(definesDeletionTimestamp);
-var definedName = (0, import_ramda.pipe)((binding) => binding?.filters?.name, (0, import_ramda.defaultTo)(""));
+var definedName = (0, import_ramda.pipe)((binding) => {
+  return binding.filters.name;
+}, (0, import_ramda.defaultTo)(""));
 var definesName = (0, import_ramda.pipe)(definedName, (0, import_ramda.equals)(""), import_ramda.not);
 var ignoresName = (0, import_ramda.complement)(definesName);
-var definedNameRegex = (0, import_ramda.pipe)((binding) => binding?.filters?.regexName, (0, import_ramda.defaultTo)(""));
+var definedNameRegex = (0, import_ramda.pipe)(
+  (binding) => binding.filters?.regexName,
+  (0, import_ramda.defaultTo)("")
+);
 var definesNameRegex = (0, import_ramda.pipe)(definedNameRegex, (0, import_ramda.equals)(""), import_ramda.not);
 var definedNamespaces = (0, import_ramda.pipe)((binding) => binding?.filters?.namespaces, (0, import_ramda.defaultTo)([]));
 var definesNamespaces = (0, import_ramda.pipe)(definedNamespaces, (0, import_ramda.equals)([]), import_ramda.not);
@@ -304,20 +330,22 @@ var definedAnnotations = (0, import_ramda.pipe)((binding) => binding?.filters?.a
 var definesAnnotations = (0, import_ramda.pipe)(definedAnnotations, (0, import_ramda.equals)({}), import_ramda.not);
 var definedLabels = (0, import_ramda.pipe)((binding) => binding?.filters?.labels, (0, import_ramda.defaultTo)({}));
 var definesLabels = (0, import_ramda.pipe)(definedLabels, (0, import_ramda.equals)({}), import_ramda.not);
-var definedEvent = (0, import_ramda.pipe)((binding) => binding?.event, (0, import_ramda.defaultTo)(""));
+var definedEvent = (binding) => {
+  return binding.event;
+};
 var definesDelete = (0, import_ramda.pipe)(definedEvent, (0, import_ramda.equals)("DELETE" /* DELETE */));
 var definedGroup = (0, import_ramda.pipe)((binding) => binding?.kind?.group, (0, import_ramda.defaultTo)(""));
 var definesGroup = (0, import_ramda.pipe)(definedGroup, (0, import_ramda.equals)(""), import_ramda.not);
-var definedVersion = (0, import_ramda.pipe)((binding) => binding?.kind?.version, (0, import_ramda.defaultTo)(""));
+var definedVersion = (0, import_ramda.pipe)(
+  (binding) => binding?.kind?.version,
+  (0, import_ramda.defaultTo)("")
+);
 var definesVersion = (0, import_ramda.pipe)(definedVersion, (0, import_ramda.equals)(""), import_ramda.not);
 var definedKind = (0, import_ramda.pipe)((binding) => binding?.kind?.kind, (0, import_ramda.defaultTo)(""));
 var definesKind = (0, import_ramda.pipe)(definedKind, (0, import_ramda.equals)(""), import_ramda.not);
-var definedCategory = (0, import_ramda.pipe)((binding) => {
-  return binding.isFinalize ? "Finalize" : binding.isWatch ? "Watch" : binding.isMutate ? "Mutate" : binding.isValidate ? "Validate" : "";
-});
-var definedCallback = (0, import_ramda.pipe)((binding) => {
+var definedCallback = (binding) => {
   return binding.isFinalize ? binding.finalizeCallback : binding.isWatch ? binding.watchCallback : binding.isMutate ? binding.mutateCallback : binding.isValidate ? binding.validateCallback : null;
-});
+};
 var definedCallbackName = (0, import_ramda.pipe)(definedCallback, (0, import_ramda.defaultTo)({ name: "" }), (callback) => callback.name);
 var mismatchedDeletionTimestamp = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesDeletionTimestamp),
@@ -332,7 +360,7 @@ var mismatchedNameRegex = (0, import_ramda.allPass)([
   (0, import_ramda.pipe)((binding, kubernetesObject) => new RegExp(definedNameRegex(binding)).test(carriedName(kubernetesObject)), import_ramda.not)
 ]);
 var bindsToKind = (0, import_ramda.curry)(
-  (0, import_ramda.allPass)([(0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definedKind, (0, import_ramda.equals)(""), import_ramda.not), (0, import_ramda.pipe)((binding, kind4) => definedKind(binding) === kind4)])
+  (0, import_ramda.allPass)([(0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definedKind, (0, import_ramda.equals)(""), import_ramda.not), (0, import_ramda.pipe)((binding, kind3) => definedKind(binding) === kind3)])
 );
 var bindsToNamespace = (0, import_ramda.curry)((0, import_ramda.pipe)(bindsToKind(import_ramda.__, "Namespace")));
 var misboundNamespace = (0, import_ramda.allPass)([bindsToNamespace, definesNamespaces]);
@@ -399,8 +427,8 @@ var unbindableNamespaces = (0, import_ramda.allPass)([
 ]);
 var misboundDeleteWithDeletionTimestamp = (0, import_ramda.allPass)([definesDelete, definesDeletionTimestamp]);
 var operationMatchesEvent = (0, import_ramda.anyPass)([
-  (0, import_ramda.pipe)((0, import_ramda.nthArg)(1), (0, import_ramda.equals)("*" /* Any */)),
-  (0, import_ramda.pipe)((operation, event) => operation === event),
+  (0, import_ramda.pipe)((0, import_ramda.nthArg)(1), (0, import_ramda.equals)("*" /* ANY */)),
+  (0, import_ramda.pipe)((operation, event) => operation.valueOf() === event.valueOf()),
   (0, import_ramda.pipe)((operation, event) => operation ? event.includes(operation) : false)
 ]);
 var mismatchedEvent = (0, import_ramda.pipe)(
@@ -549,8 +577,8 @@ async function mutateProcessor(config, capabilities, req, reqMetadata) {
     skipDecode = convertFromBase64Map(wrapped.Raw);
   }
   logger_default.info(reqMetadata, `Processing request`);
-  for (const { name, bindings, namespaces } of capabilities) {
-    const actionMetadata = { ...reqMetadata, name };
+  for (const { name: name2, bindings, namespaces } of capabilities) {
+    const actionMetadata = { ...reqMetadata, name: name2 };
     for (const action of bindings) {
       if (!action.mutateCallback) {
         continue;
@@ -567,7 +595,7 @@ async function mutateProcessor(config, capabilities, req, reqMetadata) {
         if (req.operation === "DELETE") {
           return;
         }
-        const identifier = `${config.uuid}.pepr.dev/${name}`;
+        const identifier = `${config.uuid}.pepr.dev/${name2}`;
         wrapped.Raw.metadata = wrapped.Raw.metadata || {};
         wrapped.Raw.metadata.annotations = wrapped.Raw.metadata.annotations || {};
         wrapped.Raw.metadata.annotations[identifier] = status;
@@ -710,6 +738,35 @@ var PeprValidateRequest = class {
 };
 
 // src/lib/validate-processor.ts
+async function processRequest(binding, actionMetadata, peprValidateRequest) {
+  const label = binding.validateCallback.name;
+  logger_default.info(actionMetadata, `Processing validation action (${label})`);
+  const valResp = {
+    uid: peprValidateRequest.Request.uid,
+    allowed: true
+    // Assume it's allowed until a validation check fails
+  };
+  try {
+    const callbackResp = await binding.validateCallback(peprValidateRequest);
+    valResp.allowed = callbackResp.allowed;
+    if (callbackResp.statusCode || callbackResp.statusMessage) {
+      valResp.status = {
+        code: callbackResp.statusCode || 400,
+        message: callbackResp.statusMessage || `Validation failed for ${name}`
+      };
+    }
+    logger_default.info(actionMetadata, `Validation action complete (${label}): ${callbackResp.allowed ? "allowed" : "denied"}`);
+    return valResp;
+  } catch (e) {
+    logger_default.error(actionMetadata, `Action failed: ${JSON.stringify(e)}`);
+    valResp.allowed = false;
+    valResp.status = {
+      code: 500,
+      message: `Action failed with error: ${JSON.stringify(e)}`
+    };
+    return valResp;
+  }
+}
 async function validateProcessor(config, capabilities, req, reqMetadata) {
   const wrapped = new PeprValidateRequest(req);
   const response = [];
@@ -718,44 +775,19 @@ async function validateProcessor(config, capabilities, req, reqMetadata) {
     convertFromBase64Map(wrapped.Raw);
   }
   logger_default.info(reqMetadata, `Processing validation request`);
-  for (const { name, bindings, namespaces } of capabilities) {
-    const actionMetadata = { ...reqMetadata, name };
-    for (const action of bindings) {
-      if (!action.validateCallback) {
+  for (const { name: name2, bindings, namespaces } of capabilities) {
+    const actionMetadata = { ...reqMetadata, name: name2 };
+    for (const binding of bindings) {
+      if (!binding.validateCallback) {
         continue;
       }
-      const localResponse = {
-        uid: req.uid,
-        allowed: true
-        // Assume it's allowed until a validation check fails
-      };
-      const shouldSkip = shouldSkipRequest(action, req, namespaces, config?.alwaysIgnore?.namespaces);
+      const shouldSkip = shouldSkipRequest(binding, req, namespaces, config?.alwaysIgnore?.namespaces);
       if (shouldSkip !== "") {
         logger_default.debug(shouldSkip);
         continue;
       }
-      const label = action.validateCallback.name;
-      logger_default.info(actionMetadata, `Processing validation action (${label})`);
-      try {
-        const resp = await action.validateCallback(wrapped);
-        localResponse.allowed = resp.allowed;
-        if (resp.statusCode || resp.statusMessage) {
-          localResponse.status = {
-            code: resp.statusCode || 400,
-            message: resp.statusMessage || `Validation failed for ${name}`
-          };
-        }
-        logger_default.info(actionMetadata, `Validation action complete (${label}): ${resp.allowed ? "allowed" : "denied"}`);
-      } catch (e) {
-        logger_default.error(actionMetadata, `Action failed: ${JSON.stringify(e)}`);
-        localResponse.allowed = false;
-        localResponse.status = {
-          code: 500,
-          message: `Action failed with error: ${JSON.stringify(e)}`
-        };
-        return [localResponse];
-      }
-      response.push(localResponse);
+      const resp = await processRequest(binding, actionMetadata, wrapped);
+      response.push(resp);
     }
   }
   return response;
@@ -779,12 +811,12 @@ var peprStoreGVK = {
 // src/lib/controller/storeCache.ts
 var import_kubernetes_fluent_client2 = require("kubernetes-fluent-client");
 var import_http_status_codes = require("http-status-codes");
-var sendUpdatesAndFlushCache = async (cache, namespace2, name) => {
+var sendUpdatesAndFlushCache = async (cache, namespace2, name2) => {
   const indexes = Object.keys(cache);
   const payload = Object.values(cache);
   try {
     if (payload.length > 0) {
-      await (0, import_kubernetes_fluent_client2.K8s)(Store, { namespace: namespace2, name }).Patch(payload);
+      await (0, import_kubernetes_fluent_client2.K8s)(Store, { namespace: namespace2, name: name2 }).Patch(updateCacheID(payload));
       Object.keys(cache).forEach((key) => delete cache[key]);
     }
   } catch (err) {
@@ -816,32 +848,41 @@ var fillStoreCache = (cache, capabilityName, op, cacheItem) => {
   }
   return cache;
 };
+function updateCacheID(payload) {
+  payload.push({
+    op: "replace",
+    path: "/metadata/labels/pepr.dev-cacheID",
+    value: `${Date.now()}`
+  });
+  return payload;
+}
 
 // src/lib/controller/store.ts
 var namespace = "pepr-system";
-var debounceBackoff = 5e3;
+var debounceBackoffReceive = 1e3;
+var debounceBackoffSend = 4e3;
 var StoreController = class {
   #name;
   #stores = {};
   #sendDebounce;
   #onReady;
-  constructor(capabilities, name, onReady) {
+  constructor(capabilities, name2, onReady) {
     this.#onReady = onReady;
-    this.#name = name;
-    const setStorageInstance = (registrationFunction, name2) => {
+    this.#name = name2;
+    const setStorageInstance = (registrationFunction, name3) => {
       const scheduleStore = registrationFunction();
-      scheduleStore.registerSender(this.#send(name2));
-      this.#stores[name2] = scheduleStore;
+      scheduleStore.registerSender(this.#send(name3));
+      this.#stores[name3] = scheduleStore;
     };
-    if (name.includes("schedule")) {
-      for (const { name: name2, registerScheduleStore, hasSchedule } of capabilities) {
+    if (name2.includes("schedule")) {
+      for (const { name: name3, registerScheduleStore, hasSchedule } of capabilities) {
         if (hasSchedule === true) {
-          setStorageInstance(registerScheduleStore, name2);
+          setStorageInstance(registerScheduleStore, name3);
         }
       }
     } else {
-      for (const { name: name2, registerStore } of capabilities) {
-        setStorageInstance(registerStore, name2);
+      for (const { name: name3, registerStore } of capabilities) {
+        setStorageInstance(registerStore, name3);
       }
     }
     setTimeout(
@@ -856,17 +897,24 @@ var StoreController = class {
   };
   #migrateAndSetupWatch = async (store) => {
     logger_default.debug(redactedStore(store), "Pepr Store migration");
+    await (0, import_kubernetes_fluent_client3.K8s)(Store, { namespace, name: this.#name }).Patch([
+      {
+        op: "add",
+        path: "/metadata/labels/pepr.dev-cacheID",
+        value: `${Date.now()}`
+      }
+    ]);
     const data = store.data || {};
     let storeCache = {};
-    for (const name of Object.keys(this.#stores)) {
-      const offset = `${name}-`.length;
+    for (const name2 of Object.keys(this.#stores)) {
+      const offset = `${name2}-`.length;
       for (const key of Object.keys(data)) {
-        if ((0, import_ramda4.startsWith)(name, key) && !(0, import_ramda4.startsWith)(`${name}-v2`, key)) {
-          storeCache = fillStoreCache(storeCache, name, "remove", {
+        if ((0, import_ramda4.startsWith)(name2, key) && !(0, import_ramda4.startsWith)(`${name2}-v2`, key)) {
+          storeCache = fillStoreCache(storeCache, name2, "remove", {
             key: [key.slice(offset)],
             value: data[key]
           });
-          storeCache = fillStoreCache(storeCache, name, "add", {
+          storeCache = fillStoreCache(storeCache, name2, "add", {
             key: [key.slice(offset)],
             value: data[key],
             version: "v2"
@@ -881,15 +929,15 @@ var StoreController = class {
     logger_default.debug(redactedStore(store), "Pepr Store update");
     const debounced = () => {
       const data = store.data || {};
-      for (const name of Object.keys(this.#stores)) {
-        const offset = `${name}-`.length;
+      for (const name2 of Object.keys(this.#stores)) {
+        const offset = `${name2}-`.length;
         const filtered = {};
         for (const key of Object.keys(data)) {
-          if ((0, import_ramda4.startsWith)(name, key)) {
+          if ((0, import_ramda4.startsWith)(name2, key)) {
             filtered[key.slice(offset)] = data[key];
           }
         }
-        this.#stores[name].receive(filtered);
+        this.#stores[name2].receive(filtered);
       }
       if (this.#onReady) {
         this.#onReady();
@@ -897,7 +945,7 @@ var StoreController = class {
       }
     };
     clearTimeout(this.#sendDebounce);
-    this.#sendDebounce = setTimeout(debounced, this.#onReady ? 0 : debounceBackoff);
+    this.#sendDebounce = setTimeout(debounced, this.#onReady ? 0 : debounceBackoffReceive);
   };
   #send = (capabilityName) => {
     let storeCache = {};
@@ -909,7 +957,7 @@ var StoreController = class {
         logger_default.debug(redactedPatch(storeCache), "Sending updates to Pepr store");
         void sendUpdatesAndFlushCache(storeCache, namespace, this.#name);
       }
-    }, debounceBackoff);
+    }, debounceBackoffSend);
     return sender;
   };
   #createStoreResource = async (e) => {
@@ -919,7 +967,10 @@ var StoreController = class {
       await (0, import_kubernetes_fluent_client3.K8s)(Store).Apply({
         metadata: {
           name: this.#name,
-          namespace
+          namespace,
+          labels: {
+            "pepr.dev-cacheID": `${Date.now()}`
+          }
         },
         data: {
           // JSON Patch will die if the data is empty, so we need to add a placeholder
@@ -933,6 +984,35 @@ var StoreController = class {
   };
 };
 
+// src/lib/controller/index.util.ts
+function karForMutate(mr) {
+  return {
+    apiVersion: "admission.k8s.io/v1",
+    kind: "AdmissionReview",
+    response: mr
+  };
+}
+function karForValidate(ar, vr) {
+  const isAllowed = vr.filter((r) => !r.allowed).length === 0;
+  const resp = vr.length === 0 ? {
+    uid: ar.uid,
+    allowed: true,
+    status: { code: 200, message: "no in-scope validations -- allowed!" }
+  } : {
+    uid: vr[0].uid,
+    allowed: isAllowed,
+    status: {
+      code: isAllowed ? 200 : 422,
+      message: vr.filter((rl) => !rl.allowed).map((curr) => curr.status?.message).join("; ")
+    }
+  };
+  return {
+    apiVersion: "admission.k8s.io/v1",
+    kind: "AdmissionReview",
+    response: resp
+  };
+}
+
 // src/lib/controller/index.ts
 if (!process.env.PEPR_NODE_WARNINGS) {
   process.removeAllListeners("warning");
@@ -1050,6 +1130,7 @@ var Controller = class _Controller {
    */
   #metrics = async (req, res) => {
     try {
+      res.set("Content-Type", "text/plain; version=0.0.4");
       res.send(await this.#metricsCollector.getMetrics());
     } catch (err) {
       logger_default.error(err, `Error getting metrics`);
@@ -1067,56 +1148,23 @@ var Controller = class _Controller {
       const startTime = MetricsCollector.observeStart();
       try {
         const request = req.body?.request || {};
-        this.#beforeHook && this.#beforeHook(request || {});
-        const name = request?.name ? `/${request.name}` : "";
-        const namespace2 = request?.namespace || "";
-        const gvk = request?.kind || { group: "", version: "", kind: "" };
-        const reqMetadata = {
-          uid: request.uid,
-          namespace: namespace2,
-          name
+        const { name: name2, namespace: namespace2, gvk } = {
+          name: request?.name ? `/${request.name}` : "",
+          namespace: request?.namespace || "",
+          gvk: request?.kind || { group: "", version: "", kind: "" }
         };
+        const reqMetadata = { uid: request.uid, namespace: namespace2, name: name2 };
         logger_default.info({ ...reqMetadata, gvk, operation: request.operation, admissionKind }, "Incoming request");
         logger_default.debug({ ...reqMetadata, request }, "Incoming request body");
-        let response;
-        if (admissionKind === "Mutate") {
-          response = await mutateProcessor(this.#config, this.#capabilities, request, reqMetadata);
-        } else {
-          response = await validateProcessor(this.#config, this.#capabilities, request, reqMetadata);
-        }
-        const responseList = Array.isArray(response) ? response : [response];
-        responseList.map((res2) => {
+        this.#beforeHook && this.#beforeHook(request || {});
+        const response = admissionKind === "Mutate" ? await mutateProcessor(this.#config, this.#capabilities, request, reqMetadata) : await validateProcessor(this.#config, this.#capabilities, request, reqMetadata);
+        [response].flat().map((res2) => {
           this.#afterHook && this.#afterHook(res2);
           logger_default.info({ ...reqMetadata, res: res2 }, "Check response");
         });
-        let kubeAdmissionResponse;
-        if (admissionKind === "Mutate") {
-          kubeAdmissionResponse = response;
-          logger_default.debug({ ...reqMetadata, response }, "Outgoing response");
-          res.send({
-            apiVersion: "admission.k8s.io/v1",
-            kind: "AdmissionReview",
-            response: kubeAdmissionResponse
-          });
-        } else {
-          kubeAdmissionResponse = responseList.length === 0 ? {
-            uid: request.uid,
-            allowed: true,
-            status: { message: "no in-scope validations -- allowed!" }
-          } : {
-            uid: responseList[0].uid,
-            allowed: responseList.filter((r) => !r.allowed).length === 0,
-            status: {
-              message: responseList.filter((rl) => !rl.allowed).map((curr) => curr.status?.message).join("; ")
-            }
-          };
-          res.send({
-            apiVersion: "admission.k8s.io/v1",
-            kind: "AdmissionReview",
-            response: kubeAdmissionResponse
-          });
-        }
-        logger_default.debug({ ...reqMetadata, kubeAdmissionResponse }, "Outgoing response");
+        const kar = admissionKind === "Mutate" ? karForMutate(response) : karForValidate(request, response);
+        logger_default.debug({ ...reqMetadata, kubeAdmissionResponse: kar.response }, "Outgoing response");
+        res.send(kar);
         this.#metricsCollector.observeEnd(startTime, admissionKind);
       } catch (err) {
         logger_default.error(err, `Error processing ${admissionKind} request`);
@@ -1135,6 +1183,10 @@ var Controller = class _Controller {
   static #logger(req, res, next) {
     const startTime = Date.now();
     res.on("finish", () => {
+      const excludedRoutes = ["/healthz", "/metrics"];
+      if (excludedRoutes.includes(req.originalUrl)) {
+        return;
+      }
       const elapsedTime = Date.now() - startTime;
       const message = {
         uid: req.body?.request?.uid,
@@ -1164,12 +1216,9 @@ var Controller = class _Controller {
 };
 
 // src/lib/watch-processor.ts
-var import_kubernetes_fluent_client7 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client6 = require("kubernetes-fluent-client");
 var import_types = require("kubernetes-fluent-client/dist/fluent/types");
 
-// src/lib/helpers.ts
-var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
-
 // src/sdk/sdk.ts
 var sdk_exports = {};
 __export(sdk_exports, {
@@ -1195,7 +1244,6 @@ function containers(request, containerType) {
   return [...containers2, ...initContainers, ...ephemeralContainers];
 }
 async function writeEvent(cr, event, eventType, eventReason, reportingComponent, reportingInstance) {
-  logger_default.debug(cr.metadata, `Writing event: ${event.message}`);
   await (0, import_kubernetes_fluent_client4.K8s)(import_kubernetes_fluent_client4.kind.CoreEvent).Create({
     type: eventType,
     reason: eventReason,
@@ -1218,31 +1266,31 @@ async function writeEvent(cr, event, eventType, eventReason, reportingComponent,
   });
 }
 function getOwnerRefFrom(customResource, blockOwnerDeletion, controller) {
-  const { apiVersion, kind: kind4, metadata } = customResource;
-  const { name, uid } = metadata;
+  const { apiVersion, kind: kind3, metadata } = customResource;
+  const { name: name2, uid } = metadata;
   return [
     {
       apiVersion,
-      kind: kind4,
+      kind: kind3,
       uid,
-      name,
+      name: name2,
       ...blockOwnerDeletion !== void 0 && { blockOwnerDeletion },
       ...controller !== void 0 && { controller }
     }
   ];
 }
-function sanitizeResourceName(name) {
-  return name.toLowerCase().replace(/[^a-z0-9]+/g, "-").slice(0, 250).replace(/^[^a-z]+|[^a-z]+$/g, "");
+function sanitizeResourceName(name2) {
+  return name2.toLowerCase().replace(/[^a-z0-9]+/g, "-").slice(0, 250).replace(/^[^a-z]+|[^a-z]+$/g, "");
 }
 
 // src/lib/helpers.ts
-function filterNoMatchReason(binding, obj, capabilityNamespaces, ignoredNamespaces) {
+function filterNoMatchReason(binding, kubernetesObject, capabilityNamespaces, ignoredNamespaces) {
   const prefix = "Ignoring Watch Callback:";
-  return mismatchedDeletionTimestamp(binding, obj) ? `${prefix} Binding defines deletionTimestamp but Object does not carry it.` : mismatchedName(binding, obj) ? `${prefix} Binding defines name '${definedName(binding)}' but Object carries '${carriedName(obj)}'.` : misboundNamespace(binding) ? `${prefix} Cannot use namespace filter on a namespace object.` : mismatchedLabels(binding, obj) ? `${prefix} Binding defines labels '${JSON.stringify(definedLabels(binding))}' but Object carries '${JSON.stringify(carriedLabels(obj))}'.` : mismatchedAnnotations(binding, obj) ? `${prefix} Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' but Object carries '${JSON.stringify(carriedAnnotations(obj))}'.` : uncarryableNamespace(capabilityNamespaces, obj) ? `${prefix} Object carries namespace '${carriedNamespace(obj)}' but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : unbindableNamespaces(capabilityNamespaces, binding) ? `${prefix} Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : mismatchedNamespace(binding, obj) ? `${prefix} Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' but Object carries '${carriedNamespace(obj)}'.` : mismatchedNamespaceRegex(binding, obj) ? `${prefix} Binding defines namespace regexes '${JSON.stringify(definedNamespaceRegexes(binding))}' but Object carries '${carriedNamespace(obj)}'.` : mismatchedNameRegex(binding, obj) ? `${prefix} Binding defines name regex '${definedNameRegex(binding)}' but Object carries '${carriedName(obj)}'.` : carriesIgnoredNamespace(ignoredNamespaces, obj) ? `${prefix} Object carries namespace '${carriedNamespace(obj)}' but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.` : missingCarriableNamespace(capabilityNamespaces, obj) ? `${prefix} Object does not carry a namespace but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : "";
+  return mismatchedDeletionTimestamp(binding, kubernetesObject) ? `${prefix} Binding defines deletionTimestamp but Object does not carry it.` : mismatchedName(binding, kubernetesObject) ? `${prefix} Binding defines name '${definedName(binding)}' but Object carries '${carriedName(kubernetesObject)}'.` : misboundNamespace(binding) ? `${prefix} Cannot use namespace filter on a namespace object.` : mismatchedLabels(binding, kubernetesObject) ? `${prefix} Binding defines labels '${JSON.stringify(definedLabels(binding))}' but Object carries '${JSON.stringify(carriedLabels(kubernetesObject))}'.` : mismatchedAnnotations(binding, kubernetesObject) ? `${prefix} Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' but Object carries '${JSON.stringify(carriedAnnotations(kubernetesObject))}'.` : uncarryableNamespace(capabilityNamespaces, kubernetesObject) ? `${prefix} Object carries namespace '${carriedNamespace(kubernetesObject)}' but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : unbindableNamespaces(capabilityNamespaces, binding) ? `${prefix} Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : mismatchedNamespace(binding, kubernetesObject) ? `${prefix} Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' but Object carries '${carriedNamespace(kubernetesObject)}'.` : mismatchedNamespaceRegex(binding, kubernetesObject) ? `${prefix} Binding defines namespace regexes '${JSON.stringify(definedNamespaceRegexes(binding))}' but Object carries '${carriedNamespace(kubernetesObject)}'.` : mismatchedNameRegex(binding, kubernetesObject) ? `${prefix} Binding defines name regex '${definedNameRegex(binding)}' but Object carries '${carriedName(kubernetesObject)}'.` : carriesIgnoredNamespace(ignoredNamespaces, kubernetesObject) ? `${prefix} Object carries namespace '${carriedNamespace(kubernetesObject)}' but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.` : missingCarriableNamespace(capabilityNamespaces, kubernetesObject) ? `${prefix} Object does not carry a namespace but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : "";
 }
 
 // src/lib/finalizer.ts
-var import_kubernetes_fluent_client6 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
 function addFinalizer(request) {
   if (request.Request.operation === "DELETE" /* DELETE */) {
     return;
@@ -1262,18 +1310,18 @@ async function removeFinalizer(binding, obj) {
   const meta = obj.metadata;
   const resource = `${meta.namespace || "ClusterScoped"}/${meta.name}`;
   logger_default.debug({ obj }, `Removing finalizer '${peprFinal}' from '${resource}'`);
-  const { model, kind: kind4 } = binding;
+  const { model, kind: kind3 } = binding;
   try {
-    (0, import_kubernetes_fluent_client6.RegisterKind)(model, kind4);
+    (0, import_kubernetes_fluent_client5.RegisterKind)(model, kind3);
   } catch (e) {
     const expected = e.message === `GVK ${model.name} already registered`;
     if (!expected) {
-      logger_default.error({ model, kind: kind4, error: e }, `Error registering "${kind4}" during finalization.`);
+      logger_default.error({ model, kind: kind3, error: e }, `Error registering "${kind3}" during finalization.`);
       return;
     }
   }
   const finalizers = meta.finalizers?.filter((f) => f !== peprFinal) || [];
-  obj = await (0, import_kubernetes_fluent_client6.K8s)(model, meta).Patch([
+  obj = await (0, import_kubernetes_fluent_client5.K8s)(model, meta).Patch([
     {
       op: "replace",
       path: `/metadata/finalizers`,
@@ -1290,8 +1338,8 @@ var Queue = class {
   #uid;
   #queue = [];
   #pendingPromise = false;
-  constructor(name) {
-    this.#name = name;
+  constructor(name2) {
+    this.#name = name2;
     this.#uid = `${Date.now()}-${(0, import_node_crypto.randomBytes)(2).toString("hex")}`;
   }
   label() {
@@ -1379,12 +1427,12 @@ function queueKey(obj) {
   let strat = process.env.PEPR_RECONCILE_STRATEGY || d3fault;
   strat = options.includes(strat) ? strat : d3fault;
   const ns = obj.metadata?.namespace ?? "cluster-scoped";
-  const kind4 = obj.kind ?? "UnknownKind";
-  const name = obj.metadata?.name ?? "Unnamed";
+  const kind3 = obj.kind ?? "UnknownKind";
+  const name2 = obj.metadata?.name ?? "Unnamed";
   const lookup = {
-    kind: `${kind4}`,
-    kindNs: `${kind4}/${ns}`,
-    kindNsName: `${kind4}/${ns}/${name}`,
+    kind: `${kind3}`,
+    kindNs: `${kind3}/${ns}`,
+    kindNsName: `${kind3}/${ns}/${name2}`,
     global: "global"
   };
   return lookup[strat];
@@ -1403,11 +1451,11 @@ var watchCfg = {
   relistIntervalSec: process.env.PEPR_RELIST_INTERVAL_SECONDS ? parseInt(process.env.PEPR_RELIST_INTERVAL_SECONDS, 10) : 600
 };
 var eventToPhaseMap = {
-  ["CREATE" /* Create */]: [import_types.WatchPhase.Added],
-  ["UPDATE" /* Update */]: [import_types.WatchPhase.Modified],
-  ["CREATEORUPDATE" /* CreateOrUpdate */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified],
-  ["DELETE" /* Delete */]: [import_types.WatchPhase.Deleted],
-  ["*" /* Any */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified, import_types.WatchPhase.Deleted]
+  ["CREATE" /* CREATE */]: [import_types.WatchPhase.Added],
+  ["UPDATE" /* UPDATE */]: [import_types.WatchPhase.Modified],
+  ["CREATEORUPDATE" /* CREATE_OR_UPDATE */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified],
+  ["DELETE" /* DELETE */]: [import_types.WatchPhase.Deleted],
+  ["*" /* ANY */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified, import_types.WatchPhase.Deleted]
 };
 function setupWatch(capabilities, ignoredNamespaces) {
   capabilities.map(
@@ -1415,7 +1463,7 @@ function setupWatch(capabilities, ignoredNamespaces) {
   );
 }
 async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
-  const phaseMatch = eventToPhaseMap[binding.event] || eventToPhaseMap["*" /* Any */];
+  const phaseMatch = eventToPhaseMap[binding.event] || eventToPhaseMap["*" /* ANY */];
   logger_default.debug({ watchCfg }, "Effective WatchConfig");
   const watchCallback = async (kubernetesObject, phase) => {
     if (phaseMatch.includes(phase)) {
@@ -1449,7 +1497,7 @@ async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
       shouldRemoveFinalizer === false ? logger_default.debug({ obj: kubernetesObject }, `Skipping removal of finalizer '${peprFinal}' from '${resource}'`) : await removeFinalizer(binding, kubernetesObject);
     }
   };
-  const watcher = (0, import_kubernetes_fluent_client7.K8s)(binding.model, binding.filters).Watch(async (obj, phase) => {
+  const watcher = (0, import_kubernetes_fluent_client6.K8s)(binding.model, binding.filters).Watch(async (obj, phase) => {
     logger_default.debug(obj, `Watch event ${phase} received`);
     if (binding.isQueue) {
       const queue = getOrCreateQueue(obj);
@@ -1458,30 +1506,30 @@ async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
       await watchCallback(obj, phase);
     }
   }, watchCfg);
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.GIVE_UP, (err) => {
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, (err) => {
     logger_default.error(err, "Watch failed after 5 attempts, giving up");
     process.exit(1);
   });
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.CONNECT, (url) => logEvent(import_kubernetes_fluent_client7.WatchEvent.CONNECT, url));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.DATA_ERROR, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.DATA_ERROR, err.message));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.CONNECT, (url) => logEvent(import_kubernetes_fluent_client6.WatchEvent.CONNECT, url));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR, err.message));
   watcher.events.on(
-    import_kubernetes_fluent_client7.WatchEvent.RECONNECT,
-    (retryCount) => logEvent(import_kubernetes_fluent_client7.WatchEvent.RECONNECT, `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`)
+    import_kubernetes_fluent_client6.WatchEvent.RECONNECT,
+    (retryCount) => logEvent(import_kubernetes_fluent_client6.WatchEvent.RECONNECT, `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`)
   );
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.RECONNECT_PENDING, () => logEvent(import_kubernetes_fluent_client7.WatchEvent.RECONNECT_PENDING));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.GIVE_UP, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.GIVE_UP, err.message));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.ABORT, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.ABORT, err.message));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.OLD_RESOURCE_VERSION, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.OLD_RESOURCE_VERSION, err));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.NETWORK_ERROR, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.NETWORK_ERROR, err.message));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.LIST_ERROR, (err) => logEvent(import_kubernetes_fluent_client7.WatchEvent.LIST_ERROR, err.message));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.LIST, (list) => logEvent(import_kubernetes_fluent_client7.WatchEvent.LIST, JSON.stringify(list, void 0, 2)));
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.CACHE_MISS, (windowName) => {
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING, () => logEvent(import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, err.message));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.ABORT, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.ABORT, err.message));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION, err));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR, err.message));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR, err.message));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.LIST, (list) => logEvent(import_kubernetes_fluent_client6.WatchEvent.LIST, JSON.stringify(list, void 0, 2)));
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.CACHE_MISS, (windowName) => {
     metricsCollector.incCacheMiss(windowName);
   });
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.INIT_CACHE_MISS, (windowName) => {
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.INIT_CACHE_MISS, (windowName) => {
     metricsCollector.initCacheMissWindow(windowName);
   });
-  watcher.events.on(import_kubernetes_fluent_client7.WatchEvent.INC_RESYNC_FAILURE_COUNT, (retryCount) => {
+  watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.INC_RESYNC_FAILURE_COUNT, (retryCount) => {
     metricsCollector.incRetryCount(retryCount);
   });
   try {
@@ -1616,17 +1664,19 @@ var Storage = class {
    */
   setItemAndWait = (key, value) => {
     this.#dispatchUpdate("add", [v2StoreKey(key)], value);
+    const record = {};
     return new Promise((resolve, reject) => {
-      const unsubscribe = this.subscribe((data) => {
+      record.timeout = setTimeout(() => {
+        record.unsubscribe();
+        return reject(`MAX_WAIT_TIME elapsed: Key ${key} not seen in ${MAX_WAIT_TIME / 1e3}s`);
+      }, MAX_WAIT_TIME);
+      record.unsubscribe = this.subscribe((data) => {
         if (data[`${v2UnescapedStoreKey(key)}`] === value) {
-          unsubscribe();
-          resolve();
+          record.unsubscribe();
+          clearTimeout(record.timeout);
+          resolve("ok");
         }
       });
-      setTimeout(() => {
-        unsubscribe();
-        return reject();
-      }, MAX_WAIT_TIME);
     });
   };
   /**
@@ -1638,17 +1688,19 @@ var Storage = class {
    */
   removeItemAndWait = (key) => {
     this.#dispatchUpdate("remove", [v2StoreKey(key)]);
+    const record = {};
     return new Promise((resolve, reject) => {
-      const unsubscribe = this.subscribe((data) => {
+      record.timeout = setTimeout(() => {
+        record.unsubscribe();
+        return reject(`MAX_WAIT_TIME elapsed: Key ${key} still seen after ${MAX_WAIT_TIME / 1e3}s`);
+      }, MAX_WAIT_TIME);
+      record.unsubscribe = this.subscribe((data) => {
         if (!Object.hasOwn(data, `${v2UnescapedStoreKey(key)}`)) {
-          unsubscribe();
-          resolve();
+          record.unsubscribe();
+          clearTimeout(record.timeout);
+          resolve("ok");
         }
       });
-      setTimeout(() => {
-        unsubscribe();
-        return reject();
-      }, MAX_WAIT_TIME);
     });
   };
   subscribe = (subscriber) => {
@@ -1832,11 +1884,11 @@ var Capability = class {
    * @returns
    */
   OnSchedule = (schedule) => {
-    const { name, every, unit, run, startTime, completions } = schedule;
+    const { name: name2, every, unit, run, startTime, completions } = schedule;
     this.hasSchedule = true;
     if (process.env.PEPR_WATCH_MODE === "true" || process.env.PEPR_MODE === "dev") {
       const newSchedule = {
-        name,
+        name: name2,
         every,
         unit,
         run,
@@ -1938,16 +1990,16 @@ var Capability = class {
    * @param kind if using a custom KubernetesObject not available in `a.*`, specify the GroupVersionKind
    * @returns
    */
-  When = (model, kind4) => {
-    const matchedKind = (0, import_kubernetes_fluent_client8.modelToGroupVersionKind)(model.name);
-    if (!matchedKind && !kind4) {
+  When = (model, kind3) => {
+    const matchedKind = (0, import_kubernetes_fluent_client7.modelToGroupVersionKind)(model.name);
+    if (!matchedKind && !kind3) {
       throw new Error(`Kind not specified for ${model.name}`);
     }
     const binding = {
       model,
       // If the kind is not specified, use the matched kind from the model
-      kind: kind4 || matchedKind,
-      event: "*" /* Any */,
+      kind: kind3 || matchedKind,
+      event: "*" /* ANY */,
       filters: {
         name: "",
         namespaces: [],
@@ -2037,7 +2089,7 @@ var Capability = class {
           ...binding,
           isMutate: true,
           isFinalize: true,
-          event: "*" /* Any */,
+          event: "*" /* ANY */,
           mutateCallback: addFinalizer
         };
         bindings.push(mutateBinding);
@@ -2047,7 +2099,7 @@ var Capability = class {
           ...binding,
           isWatch: true,
           isFinalize: true,
-          event: "UPDATE" /* Update */,
+          event: "UPDATE" /* UPDATE */,
           finalizeCallback: async (update, logger = aliasLogger) => {
             logger_default.info(`Executing finalize action with alias: ${binding.alias || "no alias provided"}`);
             return await finalizeCallback(update, logger);
@@ -2076,9 +2128,9 @@ var Capability = class {
       binding.filters.regexName = regexName.source;
       return commonChain;
     }
-    function WithName(name) {
-      logger_default.debug(`Add name filter ${name}`, prefix);
-      binding.filters.name = name;
+    function WithName(name2) {
+      logger_default.debug(`Add name filter ${name2}`, prefix);
+      binding.filters.name = name2;
       return commonChain;
     }
     function WithLabel(key, value = "") {
@@ -2109,10 +2161,10 @@ var Capability = class {
       };
     }
     return {
-      IsCreatedOrUpdated: () => bindEvent("CREATEORUPDATE" /* CreateOrUpdate */),
-      IsCreated: () => bindEvent("CREATE" /* Create */),
-      IsUpdated: () => bindEvent("UPDATE" /* Update */),
-      IsDeleted: () => bindEvent("DELETE" /* Delete */)
+      IsCreatedOrUpdated: () => bindEvent("CREATEORUPDATE" /* CREATE_OR_UPDATE */),
+      IsCreated: () => bindEvent("CREATE" /* CREATE */),
+      IsUpdated: () => bindEvent("UPDATE" /* UPDATE */),
+      IsDeleted: () => bindEvent("DELETE" /* DELETE */)
     };
   };
 };