pepr 0.40.1 → 0.42.1

package/src/lib/assets/yaml.ts

@@ -6,13 +6,16 @@ import crypto from "crypto";
 import { promises as fs } from "fs";
 import { Assets } from ".";
 import { apiTokenSecret, service, tlsSecret, watcherService } from "./networking";
-import { deployment, moduleSecret, namespace, watcher } from "./pods";
+import { getDeployment, getModuleSecret, getNamespace, getWatcher } from "./pods";
 import { clusterRole, clusterRoleBinding, serviceAccount, storeRole, storeRoleBinding } from "./rbac";
 import { webhookConfig } from "./webhooks";
 import { genEnv } from "./pods";
 
 // Helm Chart overrides file (values.yaml) generated from assets
-export async function overridesFile({ hash, name, image, config, apiToken, capabilities }: Assets, path: string) {
+export async function overridesFile(
+  { hash, name, image, config, apiToken, capabilities }: Assets,
+  path: string,
+): Promise<void> {
   const rbacOverrides = clusterRole(name, capabilities, config.rbacMode, config.rbac).rules;
 
   const overrides = {
@@ -166,7 +169,7 @@ export async function overridesFile({ hash, name, image, config, apiToken, capab
 
   await fs.writeFile(path, dumpYaml(overrides, { noRefs: true, forceQuotes: true }));
 }
-export function zarfYaml({ name, image, config }: Assets, path: string) {
+export function zarfYaml({ name, image, config }: Assets, path: string): string {
   const zarfCfg = {
     kind: "ZarfPackageConfig",
     metadata: {
@@ -194,7 +197,7 @@ export function zarfYaml({ name, image, config }: Assets, path: string) {
   return dumpYaml(zarfCfg, { noRefs: true });
 }
 
-export function zarfYamlChart({ name, image, config }: Assets, path: string) {
+export function zarfYamlChart({ name, image, config }: Assets, path: string): string {
   const zarfCfg = {
     kind: "ZarfPackageConfig",
     metadata: {
@@ -223,7 +226,7 @@ export function zarfYamlChart({ name, image, config }: Assets, path: string) {
   return dumpYaml(zarfCfg, { noRefs: true });
 }
 
-export async function allYaml(assets: Assets, imagePullSecret?: string) {
+export async function allYaml(assets: Assets, imagePullSecret?: string): Promise<string> {
   const { name, tls, apiToken, path, config } = assets;
   const code = await fs.readFile(path);
 
@@ -232,19 +235,19 @@ export async function allYaml(assets: Assets, imagePullSecret?: string) {
 
   const mutateWebhook = await webhookConfig(assets, "mutate", assets.config.webhookTimeout);
   const validateWebhook = await webhookConfig(assets, "validate", assets.config.webhookTimeout);
-  const watchDeployment = watcher(assets, assets.hash, assets.buildTimestamp, imagePullSecret);
+  const watchDeployment = getWatcher(assets, assets.hash, assets.buildTimestamp, imagePullSecret);
 
   const resources = [
-    namespace(assets.config.customLabels?.namespace),
+    getNamespace(assets.config.customLabels?.namespace),
     clusterRole(name, assets.capabilities, config.rbacMode, config.rbac),
     clusterRoleBinding(name),
     serviceAccount(name),
     apiTokenSecret(name, apiToken),
     tlsSecret(name, tls),
-    deployment(assets, assets.hash, assets.buildTimestamp, imagePullSecret),
+    getDeployment(assets, assets.hash, assets.buildTimestamp, imagePullSecret),
     service(name),
     watcherService(name),
-    moduleSecret(name, code, assets.hash),
+    getModuleSecret(name, code, assets.hash),
     storeRole(name),
     storeRoleBinding(name),
   ];

package/src/lib/capability.ts

@@ -1,10 +1,9 @@
-/* eslint-disable max-statements */
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
 import { GenericClass, GroupVersionKind, modelToGroupVersionKind } from "kubernetes-fluent-client";
 import { pickBy } from "ramda";
-import Log from "./logger";
+import Log from "./telemetry/logger";
 import { isBuildMode, isDevMode, isWatchMode } from "./module";
 import { PeprStore, Storage } from "./storage";
 import { OnSchedule, Schedule } from "./schedule";
@@ -72,7 +71,7 @@ export class Capability implements CapabilityExport {
     }
   };
 
-  public getScheduleStore() {
+  public getScheduleStore(): Storage {
     return this.#scheduleStore;
   }
 
@@ -112,19 +111,19 @@ export class Capability implements CapabilityExport {
     onReady: this.#scheduleStore.onReady,
   };
 
-  get bindings() {
+  get bindings(): Binding[] {
     return this.#bindings;
   }
 
-  get name() {
+  get name(): string {
     return this.#name;
   }
 
-  get description() {
+  get description(): string {
     return this.#description;
   }
 
-  get namespaces() {
+  get namespaces(): string[] {
     return this.#namespaces || [];
   }
 
@@ -193,7 +192,7 @@ export class Capability implements CapabilityExport {
       model,
       // If the kind is not specified, use the matched kind from the model
       kind: kind || matchedKind,
-      event: Event.Any,
+      event: Event.ANY,
       filters: {
         name: "",
         namespaces: [],
@@ -208,8 +207,19 @@ export class Capability implements CapabilityExport {
     const bindings = this.#bindings;
     const prefix = `${this.#name}: ${model.name}`;
     const commonChain = { WithLabel, WithAnnotation, WithDeletionTimestamp, Mutate, Validate, Watch, Reconcile, Alias };
-    const isNotEmpty = (value: object) => Object.keys(value).length > 0;
-    const log = (message: string, cbString: string) => {
+
+    type CommonChainType = typeof commonChain;
+    type ExtendedCommonChainType = CommonChainType & {
+      Alias: (alias: string) => CommonChainType;
+      InNamespace: (...namespaces: string[]) => BindingWithName<T>;
+      InNamespaceRegex: (...namespaces: RegExp[]) => BindingWithName<T>;
+      WithName: (name: string) => BindingFilter<T>;
+      WithNameRegex: (regexName: RegExp) => BindingFilter<T>;
+      WithDeletionTimestamp: () => BindingFilter<T>;
+    };
+
+    const isNotEmpty = (value: object): boolean => Object.keys(value).length > 0;
+    const log = (message: string, cbString: string): void => {
       const filteredObj = pickBy(isNotEmpty, binding.filters);
 
       Log.info(`${message} configured for ${binding.event}`, prefix);
@@ -317,7 +327,7 @@ export class Capability implements CapabilityExport {
           ...binding,
           isMutate: true,
           isFinalize: true,
-          event: Event.Any,
+          event: Event.ANY,
           mutateCallback: addFinalizer,
         };
         bindings.push(mutateBinding);
@@ -329,8 +339,8 @@ export class Capability implements CapabilityExport {
           ...binding,
           isWatch: true,
           isFinalize: true,
-          event: Event.Update,
-          finalizeCallback: async (update: InstanceType<T>, logger = aliasLogger) => {
+          event: Event.UPDATE,
+          finalizeCallback: async (update: InstanceType<T>, logger = aliasLogger): Promise<boolean | void> => {
             Log.info(`Executing finalize action with alias: ${binding.alias || "no alias provided"}`);
             return await finalizeCallback(update, logger);
           },
@@ -381,13 +391,13 @@ export class Capability implements CapabilityExport {
       return commonChain;
     }
 
-    function Alias(alias: string) {
+    function Alias(alias: string): CommonChainType {
       Log.debug(`Adding prefix alias ${alias}`, prefix);
       binding.alias = alias;
       return commonChain;
     }
 
-    function bindEvent(event: Event) {
+    function bindEvent(event: Event): ExtendedCommonChainType {
       binding.event = event;
       return {
         ...commonChain,
@@ -401,10 +411,10 @@ export class Capability implements CapabilityExport {
     }
 
     return {
-      IsCreatedOrUpdated: () => bindEvent(Event.CreateOrUpdate),
-      IsCreated: () => bindEvent(Event.Create),
-      IsUpdated: () => bindEvent(Event.Update),
-      IsDeleted: () => bindEvent(Event.Delete),
+      IsCreatedOrUpdated: () => bindEvent(Event.CREATE_OR_UPDATE),
+      IsCreated: () => bindEvent(Event.CREATE),
+      IsUpdated: () => bindEvent(Event.UPDATE),
+      IsDeleted: () => bindEvent(Event.DELETE),
     };
   };
 }

package/src/lib/controller/index.ts

@@ -7,17 +7,19 @@ import https from "https";
 
 import { Capability } from "../capability";
 import { MutateResponse, ValidateResponse } from "../k8s";
-import Log from "../logger";
-import { metricsCollector, MetricsCollector } from "../metrics";
+import Log from "../telemetry/logger";
+import { metricsCollector, MetricsCollector } from "../telemetry/metrics";
 import { ModuleConfig, isWatchMode } from "../module";
 import { mutateProcessor } from "../mutate-processor";
 import { validateProcessor } from "../validate-processor";
 import { StoreController } from "./store";
-import { ResponseItem, AdmissionRequest } from "../types";
+import { AdmissionRequest } from "../types";
+import { karForMutate, karForValidate, KubeAdmissionReview } from "./index.util";
 
 if (!process.env.PEPR_NODE_WARNINGS) {
   process.removeAllListeners("warning");
 }
+
 export class Controller {
   // Track whether the server is running
   #running = false;
@@ -76,7 +78,7 @@ export class Controller {
   }
 
   /** Start the webhook server */
-  startServer = (port: number) => {
+  startServer = (port: number): void => {
     if (this.#running) {
       throw new Error("Cannot start Pepr module: Pepr module was not instantiated with deferStart=true");
     }
@@ -131,7 +133,7 @@ export class Controller {
     });
   };
 
-  #bindEndpoints = () => {
+  #bindEndpoints = (): void => {
     // Health check endpoint
     this.#app.get("/healthz", Controller.#healthz);
 
@@ -160,7 +162,7 @@ export class Controller {
    * @param next The next middleware function
    * @returns
    */
-  #validateToken = (req: express.Request, res: express.Response, next: NextFunction) => {
+  #validateToken = (req: express.Request, res: express.Response, next: NextFunction): void => {
     // Validate the token
     const { token } = req.params;
     if (token !== this.#token) {
@@ -181,8 +183,10 @@ export class Controller {
    * @param req the incoming request
    * @param res the outgoing response
    */
-  #metrics = async (req: express.Request, res: express.Response) => {
+  #metrics = async (req: express.Request, res: express.Response): Promise<void> => {
     try {
+      // https://github.com/prometheus/docs/blob/main/content/docs/instrumenting/exposition_formats.md#basic-info
+      res.set("Content-Type", "text/plain; version=0.0.4");
       res.send(await this.#metricsCollector.getMetrics());
     } catch (err) {
       Log.error(err, `Error getting metrics`);
@@ -196,7 +200,9 @@ export class Controller {
    * @param admissionKind the type of admission request
    * @returns the request handler
    */
-  #admissionReq = (admissionKind: "Mutate" | "Validate") => {
+  #admissionReq = (
+    admissionKind: "Mutate" | "Validate",
+  ): ((req: express.Request, res: express.Response) => Promise<void>) => {
     // Create the admission request handler
     return async (req: express.Request, res: express.Response) => {
       // Start the metrics timer
@@ -206,77 +212,38 @@ export class Controller {
         // Get the request from the body or create an empty request
         const request: AdmissionRequest = req.body?.request || ({} as AdmissionRequest);
 
-        // Run the before hook if it exists
-        this.#beforeHook && this.#beforeHook(request || {});
-
-        // Setup identifiers for logging
-        const name = request?.name ? `/${request.name}` : "";
-        const namespace = request?.namespace || "";
-        const gvk = request?.kind || { group: "", version: "", kind: "" };
-
-        const reqMetadata = {
-          uid: request.uid,
-          namespace,
-          name,
+        const { name, namespace, gvk } = {
+          name: request?.name ? `/${request.name}` : "",
+          namespace: request?.namespace || "",
+          gvk: request?.kind || { group: "", version: "", kind: "" },
         };
 
+        const reqMetadata = { uid: request.uid, namespace, name };
         Log.info({ ...reqMetadata, gvk, operation: request.operation, admissionKind }, "Incoming request");
         Log.debug({ ...reqMetadata, request }, "Incoming request body");
 
-        // Process the request
-        let response: MutateResponse | ValidateResponse[];
+        // Run the before hook if it exists
+        this.#beforeHook && this.#beforeHook(request || {});
 
-        // Call mutate or validate based on the admission kind
-        if (admissionKind === "Mutate") {
-          response = await mutateProcessor(this.#config, this.#capabilities, request, reqMetadata);
-        } else {
-          response = await validateProcessor(this.#config, this.#capabilities, request, reqMetadata);
-        }
+        // Process the request
+        const response: MutateResponse | ValidateResponse[] =
+          admissionKind === "Mutate"
+            ? await mutateProcessor(this.#config, this.#capabilities, request, reqMetadata)
+            : await validateProcessor(this.#config, this.#capabilities, request, reqMetadata);
 
         // Run the after hook if it exists
-        const responseList: ValidateResponse[] | MutateResponse[] = Array.isArray(response) ? response : [response];
-        responseList.map(res => {
+        [response].flat().map(res => {
           this.#afterHook && this.#afterHook(res);
-          // Log the response
           Log.info({ ...reqMetadata, res }, "Check response");
         });
 
-        let kubeAdmissionResponse: ValidateResponse[] | MutateResponse | ResponseItem;
-
-        if (admissionKind === "Mutate") {
-          kubeAdmissionResponse = response;
-          Log.debug({ ...reqMetadata, response }, "Outgoing response");
-          res.send({
-            apiVersion: "admission.k8s.io/v1",
-            kind: "AdmissionReview",
-            response: kubeAdmissionResponse,
-          });
-        } else {
-          kubeAdmissionResponse =
-            responseList.length === 0
-              ? {
-                  uid: request.uid,
-                  allowed: true,
-                  status: { message: "no in-scope validations -- allowed!" },
-                }
-              : {
-                  uid: responseList[0].uid,
-                  allowed: responseList.filter(r => !r.allowed).length === 0,
-                  status: {
-                    message: (responseList as ValidateResponse[])
-                      .filter(rl => !rl.allowed)
-                      .map(curr => curr.status?.message)
-                      .join("; "),
-                  },
-                };
-          res.send({
-            apiVersion: "admission.k8s.io/v1",
-            kind: "AdmissionReview",
-            response: kubeAdmissionResponse,
-          });
-        }
-
-        Log.debug({ ...reqMetadata, kubeAdmissionResponse }, "Outgoing response");
+        const kar: KubeAdmissionReview =
+          admissionKind === "Mutate"
+            ? karForMutate(response as MutateResponse)
+            : karForValidate(request, response as ValidateResponse[]);
+
+        Log.debug({ ...reqMetadata, kubeAdmissionResponse: kar.response }, "Outgoing response");
+        res.send(kar);
 
         this.#metricsCollector.observeEnd(startTime, admissionKind);
       } catch (err) {
@@ -294,10 +261,15 @@ export class Controller {
    * @param res the outgoing response
    * @param next the next middleware function
    */
-  static #logger(req: express.Request, res: express.Response, next: express.NextFunction) {
+  static #logger(req: express.Request, res: express.Response, next: express.NextFunction): void {
     const startTime = Date.now();
 
     res.on("finish", () => {
+      const excludedRoutes = ["/healthz", "/metrics"];
+      if (excludedRoutes.includes(req.originalUrl)) {
+        return;
+      }
+
       const elapsedTime = Date.now() - startTime;
       const message = {
         uid: req.body?.request?.uid,
@@ -318,7 +290,7 @@ export class Controller {
    * @param req the incoming request
    * @param res the outgoing response
    */
-  static #healthz(req: express.Request, res: express.Response) {
+  static #healthz(req: express.Request, res: express.Response): void {
     try {
       res.send("OK");
     } catch (err) {

package/src/lib/controller/index.util.ts

@@ -0,0 +1,47 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { MutateResponse, ValidateResponse } from "../k8s";
+import { ResponseItem, AdmissionRequest } from "../types";
+
+export interface KubeAdmissionReview {
+  apiVersion: string;
+  kind: string;
+  response: ValidateResponse[] | MutateResponse | ResponseItem;
+}
+
+export function karForMutate(mr: MutateResponse): KubeAdmissionReview {
+  return {
+    apiVersion: "admission.k8s.io/v1",
+    kind: "AdmissionReview",
+    response: mr,
+  };
+}
+
+export function karForValidate(ar: AdmissionRequest, vr: ValidateResponse[]): KubeAdmissionReview {
+  const isAllowed = vr.filter(r => !r.allowed).length === 0;
+
+  const resp: ValidateResponse =
+    vr.length === 0
+      ? {
+          uid: ar.uid,
+          allowed: true,
+          status: { code: 200, message: "no in-scope validations -- allowed!" },
+        }
+      : {
+          uid: vr[0].uid,
+          allowed: isAllowed,
+          status: {
+            code: isAllowed ? 200 : 422,
+            message: vr
+              .filter(rl => !rl.allowed)
+              .map(curr => curr.status?.message)
+              .join("; "),
+          },
+        };
+  return {
+    apiVersion: "admission.k8s.io/v1",
+    kind: "AdmissionReview",
+    response: resp,
+  };
+}

package/src/lib/controller/store.ts

@@ -7,12 +7,13 @@ import { startsWith } from "ramda";
 
 import { Capability } from "../capability";
 import { Store } from "../k8s";
-import Log, { redactedPatch, redactedStore } from "../logger";
+import Log, { redactedPatch, redactedStore } from "../telemetry/logger";
 import { DataOp, DataSender, DataStore, Storage } from "../storage";
 import { fillStoreCache, sendUpdatesAndFlushCache } from "./storeCache";
 
 const namespace = "pepr-system";
-export const debounceBackoff = 5000;
+const debounceBackoffReceive = 1000;
+const debounceBackoffSend = 4000;
 
 export class StoreController {
   #name: string;
@@ -25,7 +26,7 @@ export class StoreController {
 
     this.#name = name;
 
-    const setStorageInstance = (registrationFunction: () => Storage, name: string) => {
+    const setStorageInstance = (registrationFunction: () => Storage, name: string): void => {
       const scheduleStore = registrationFunction();
 
       // Bind the store sender to the capability
@@ -61,13 +62,22 @@ export class StoreController {
     );
   }
 
-  #setupWatch = () => {
+  #setupWatch = (): void => {
     const watcher = K8s(Store, { name: this.#name, namespace }).Watch(this.#receive);
     watcher.start().catch(e => Log.error(e, "Error starting Pepr store watch"));
   };
 
-  #migrateAndSetupWatch = async (store: Store) => {
+  #migrateAndSetupWatch = async (store: Store): Promise<void> => {
     Log.debug(redactedStore(store), "Pepr Store migration");
+    // Add cacheID label to store
+    await K8s(Store, { namespace, name: this.#name }).Patch([
+      {
+        op: "add",
+        path: "/metadata/labels/pepr.dev-cacheID",
+        value: `${Date.now()}`,
+      },
+    ]);
+
     const data: DataStore = store.data || {};
     let storeCache: Record<string, Operation> = {};
 
@@ -96,11 +106,11 @@ export class StoreController {
     this.#setupWatch();
   };
 
-  #receive = (store: Store) => {
+  #receive = (store: Store): void => {
     Log.debug(redactedStore(store), "Pepr Store update");
 
     // Wrap the update in a debounced function
-    const debounced = () => {
+    const debounced = (): void => {
       // Base64 decode the data
       const data: DataStore = store.data || {};
 
@@ -134,10 +144,10 @@ export class StoreController {
 
     // Debounce the update to 1 second to avoid multiple rapid calls
     clearTimeout(this.#sendDebounce);
-    this.#sendDebounce = setTimeout(debounced, this.#onReady ? 0 : debounceBackoff);
+    this.#sendDebounce = setTimeout(debounced, this.#onReady ? 0 : debounceBackoffReceive);
   };
 
-  #send = (capabilityName: string) => {
+  #send = (capabilityName: string): DataSender => {
     let storeCache: Record<string, Operation> = {};
 
     // Create a sender function for the capability to add/remove data from the store
@@ -151,12 +161,12 @@ export class StoreController {
         Log.debug(redactedPatch(storeCache), "Sending updates to Pepr store");
         void sendUpdatesAndFlushCache(storeCache, namespace, this.#name);
       }
-    }, debounceBackoff);
+    }, debounceBackoffSend);
 
     return sender;
   };
 
-  #createStoreResource = async (e: unknown) => {
+  #createStoreResource = async (e: unknown): Promise<void> => {
     Log.info(`Pepr store not found, creating...`);
     Log.debug(e);
 
@@ -165,6 +175,9 @@ export class StoreController {
         metadata: {
           name: this.#name,
           namespace,
+          labels: {
+            "pepr.dev-cacheID": `${Date.now()}`,
+          },
         },
         data: {
           // JSON Patch will die if the data is empty, so we need to add a placeholder

package/src/lib/controller/storeCache.ts

@@ -1,5 +1,5 @@
 import { DataOp } from "../storage";
-import Log from "../logger";
+import Log from "../telemetry/logger";
 import { K8s } from "kubernetes-fluent-client";
 import { Store } from "../k8s";
 import { StatusCodes } from "http-status-codes";
@@ -11,7 +11,7 @@ export const sendUpdatesAndFlushCache = async (cache: Record<string, Operation>,
 
   try {
     if (payload.length > 0) {
-      await K8s(Store, { namespace, name }).Patch(payload); // Send patch to cluster
+      await K8s(Store, { namespace, name }).Patch(updateCacheID(payload)); // Send patch to cluster
       Object.keys(cache).forEach(key => delete cache[key]);
     }
   } catch (err) {
@@ -61,3 +61,12 @@ export const fillStoreCache = (
   }
   return cache;
 };
+
+export function updateCacheID(payload: Operation[]): Operation[] {
+  payload.push({
+    op: "replace",
+    path: "/metadata/labels/pepr.dev-cacheID",
+    value: `${Date.now()}`,
+  });
+  return payload;
+}

package/src/lib/deploymentChecks.ts

@@ -0,0 +1,43 @@
+// check to see if all replicas are ready for all deployments in the pepr-system namespace
+
+import { K8s, kind } from "kubernetes-fluent-client";
+import Log from "./telemetry/logger";
+
+// returns true if all deployments are ready, false otherwise
+export async function checkDeploymentStatus(namespace: string) {
+  const deployments = await K8s(kind.Deployment).InNamespace(namespace).Get();
+  let status = false;
+  let readyCount = 0;
+
+  for (const deployment of deployments.items) {
+    const readyReplicas = deployment.status?.readyReplicas ? deployment.status?.readyReplicas : 0;
+    if (deployment.status?.readyReplicas !== deployment.spec?.replicas) {
+      Log.info(
+        `Waiting for deployment ${deployment.metadata?.name} rollout to finish: ${readyReplicas} of ${deployment.spec?.replicas} replicas are available`,
+      );
+    } else {
+      Log.info(
+        `Deployment ${deployment.metadata?.name} rolled out: ${readyReplicas} of ${deployment.spec?.replicas} replicas are available`,
+      );
+      readyCount++;
+    }
+  }
+  if (readyCount === deployments.items.length) {
+    status = true;
+  }
+  return status;
+}
+
+// wait for all deployments in the pepr-system namespace to be ready
+export async function namespaceDeploymentsReady(namespace: string = "pepr-system") {
+  Log.info(`Checking ${namespace} deployments status...`);
+  let ready = false;
+  while (!ready) {
+    ready = await checkDeploymentStatus(namespace);
+    if (ready) {
+      return ready;
+    }
+    await new Promise(resolve => setTimeout(resolve, 1000));
+  }
+  Log.info(`All ${namespace} deployments are ready`);
+}

package/src/lib/enums.ts

@@ -13,9 +13,9 @@ export enum Operation {
  * The type of Kubernetes mutating webhook event that the action is registered for.
  */
 export enum Event {
-  Create = "CREATE",
-  Update = "UPDATE",
-  Delete = "DELETE",
-  CreateOrUpdate = "CREATEORUPDATE",
-  Any = "*",
+  CREATE = "CREATE",
+  UPDATE = "UPDATE",
+  DELETE = "DELETE",
+  CREATE_OR_UPDATE = "CREATEORUPDATE",
+  ANY = "*",
 }

package/src/lib/filesystemService.ts

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { promises } from "fs";
+
+export async function createDirectoryIfNotExists(path: string) {
+  try {
+    await promises.access(path);
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      await promises.mkdir(path, { recursive: true });
+    } else {
+      throw error;
+    }
+  }
+}