pepr 0.45.0 → 0.45.1

package/dist/sdk/sdk.d.ts

@@ -19,7 +19,12 @@ export declare function containers(request: PeprValidateRequest<kind.Pod> | Pepr
  * @param reportingComponent The component that is reporting the event, for example "uds.dev/operator"
  * @param reportingInstance The instance of the component that is reporting the event, for example process.env.HOSTNAME
  */
-export declare function writeEvent(cr: GenericKind, event: Partial<kind.CoreEvent>, eventType: string, eventReason: string, reportingComponent: string, reportingInstance: string): Promise<void>;
+export declare function writeEvent(cr: GenericKind, event: Partial<kind.CoreEvent>, options: {
+    eventType: string;
+    eventReason: string;
+    reportingComponent: string;
+    reportingInstance: string;
+}): Promise<void>;
 /**
  * Get the owner reference for a custom resource
  * @param customResource the custom resource to get the owner reference for

package/dist/sdk/sdk.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sdk.d.ts","sourceRoot":"","sources":["../../src/sdk/sdk.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAO,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAElE;;;;;GAKG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EACpE,aAAa,CAAC,EAAE,YAAY,GAAG,gBAAgB,GAAG,qBAAqB,GACtE,WAAW,EAAE,CAef;AAED;;;;;;;;;GASG;AAEH,wBAAsB,UAAU,CAC9B,EAAE,EAAE,WAAW,EACf,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAC9B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,IAAI,CAAC,CAqBf;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,WAAW,EAC3B,kBAAkB,CAAC,EAAE,OAAO,EAC5B,UAAU,CAAC,EAAE,OAAO,GACnB,gBAAgB,EAAE,CAcpB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAYzD"}
+{"version":3,"file":"sdk.d.ts","sourceRoot":"","sources":["../../src/sdk/sdk.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAO,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAElE;;;;;GAKG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EACpE,aAAa,CAAC,EAAE,YAAY,GAAG,gBAAgB,GAAG,qBAAqB,GACtE,WAAW,EAAE,CAef;AAED;;;;;;;;;GASG;AAEH,wBAAsB,UAAU,CAC9B,EAAE,EAAE,WAAW,EACf,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAC9B,OAAO,EAAE;IACP,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;CAC3B,GACA,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,WAAW,EAC3B,kBAAkB,CAAC,EAAE,OAAO,EAC5B,UAAU,CAAC,EAAE,OAAO,GACnB,gBAAgB,EAAE,CAcpB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAYzD"}

package/package.json

@@ -15,7 +15,7 @@
     "!src/**/*.test.ts",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.45.0",
+  "version": "0.45.1",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -25,17 +25,16 @@
     "build": "tsc && node build.mjs && npm pack",
     "build:image": "npm run build && docker buildx build --output type=docker --tag pepr:dev .",
     "set:version": "node scripts/set-version.js",
-    "test": "npm run test:unit && npm run test:journey",
+    "test": "npm run test:unit && npm run test:journey && npm run test:journey-wasm",
     "test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage --testPathIgnorePatterns='cosign.e2e.test.ts'",
     "test:integration": "npm run test:integration:prep && npm run test:integration:run",
     "test:integration:prep": "./integration/prep.sh",
     "test:integration:run": "jest --maxWorkers=4 integration",
     "test:journey": "npm run test:journey:k3d && npm run build && npm run test:journey:image && npm run test:journey:run",
-    "test:journey:prep": "if [ ! -d ./pepr-upgrade-test ]; then git clone https://github.com/defenseunicorns/pepr-upgrade-test.git ; fi",
     "test:journey-wasm": "npm run test:journey:k3d && npm run build && npm run test:journey:image && npm run test:journey:run-wasm",
     "test:journey:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0' --wait && kubectl rollout status deployment -n kube-system",
     "test:journey:image": "docker buildx build --output type=docker --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev",
-    "test:journey:run": "jest --detectOpenHandles journey/entrypoint.test.ts && npm run test:journey:prep && npm run test:journey:upgrade",
+    "test:journey:run": "jest --detectOpenHandles journey/entrypoint.test.ts && npm run test:journey:upgrade",
     "test:journey:run-wasm": "jest --detectOpenHandles journey/entrypoint-wasm.test.ts",
     "test:journey:upgrade": "npm run test:journey:k3d && npm run test:journey:image && jest --detectOpenHandles journey/pepr-upgrade.test.ts",
     "format:check": "eslint src && prettier src --check",
@@ -49,12 +48,12 @@
     "follow-redirects": "1.15.9",
     "http-status-codes": "^2.3.0",
     "json-pointer": "^0.6.2",
-    "kubernetes-fluent-client": "3.3.8",
+    "kubernetes-fluent-client": "3.4.0",
     "pino": "9.6.0",
     "pino-pretty": "13.0.0",
     "prom-client": "15.1.3",
     "ramda": "0.30.1",
-    "sigstore": "3.0.0"
+    "sigstore": "3.1.0"
   },
   "devDependencies": {
     "@commitlint/cli": "19.7.1",
@@ -84,7 +83,7 @@
     "@typescript-eslint/eslint-plugin": "8.23.0",
     "@typescript-eslint/parser": "8.23.0",
     "commander": "13.1.0",
-    "esbuild": "0.24.2",
+    "esbuild": "0.25.0",
     "eslint": "8.57.0",
     "node-forge": "1.3.1",
     "prettier": "3.4.2",

package/src/cli/build.ts

@@ -11,7 +11,7 @@ import { RootCmd } from "./root";
 import { Option } from "commander";
 import { parseTimeout } from "../lib/helpers";
 import { peprFormat } from "./format";
-import { ModuleConfig } from "../lib/core/module";
+import { ModuleConfig } from "../lib/types";
 import {
   watchForChanges,
   determineRbacMode,
@@ -95,7 +95,7 @@ export default function (program: RootCmd): void {
     .addOption(
       new Option(
         "-v, --version <version>",
-        "The version of the Pepr image to use in the deployment manifests. Example: '0.27.3'.",
+        "DEPRECATED: The version of the Pepr image to use in the deployment manifests. Example: '0.27.3'.",
       ).conflicts(["customImage", "registryInfo"]),
     )
     .option(
@@ -164,7 +164,7 @@ export default function (program: RootCmd): void {
         console.info(`✅ Module built successfully at ${path}`);
         return;
       }
-      // set the image version if provided
+      // set the image version if provided -- DEPRECATED
       if (opts.version) cfg.pepr.peprVersion = opts.version;
 
       // Generate a secret for the module

package/src/cli/init/templates.ts

@@ -11,7 +11,7 @@ import prettierJSON from "../../templates/.prettierrc.json";
 import samplesJSON from "../../templates/capabilities/hello-pepr.samples.json";
 import settingsJSON from "../../templates/settings.json";
 import tsConfigJSON from "../../templates/tsconfig.module.json";
-import { CustomLabels } from "../../lib/core/module";
+import { CustomLabels } from "../../lib/types";
 import { InitOptions } from "../types";
 import { OnError, RbacMode } from "./enums";
 import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";

package/src/lib/assets/assets.ts

@@ -1,6 +1,6 @@
 import crypto from "crypto";
 import { CapabilityExport } from "../types";
-import { ModuleConfig } from "../core/module";
+import { ModuleConfig } from "../types";
 import { TLSOut, genTLS } from "../tls";
 import { WebhookIgnore } from "../k8s";
 import {
@@ -81,7 +81,7 @@ export class Assets {
 
   allYaml = async (
     yamlGenerationFunction: (
-      assyts: Assets,
+      assets: Assets,
       deployments: { default: V1Deployment; watch: V1Deployment | null },
     ) => Promise<string>,
     imagePullSecret?: string,

package/src/lib/assets/index.ts

@@ -5,14 +5,13 @@ import { dumpYaml } from "@kubernetes/client-node";
 import { kind } from "kubernetes-fluent-client";
 import { replaceString } from "../helpers";
 import { resolve } from "path";
-import { ModuleConfig } from "../core/module";
+import { ModuleConfig } from "../types";
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export function toYaml(obj: any): string {
   return dumpYaml(obj, { noRefs: true });
 }
 
-// Unit Test Me!!
 export function createWebhookYaml(
   name: string,
   config: ModuleConfig,

package/src/lib/assets/pods.ts

@@ -6,7 +6,7 @@ import { kind } from "kubernetes-fluent-client";
 import { gzipSync } from "zlib";
 import { secretOverLimit } from "../helpers";
 import { Assets } from "./assets";
-import { ModuleConfig } from "../core/module";
+import { ModuleConfig } from "../types";
 import { Binding } from "../types";
 
 /** Generate the pepr-system namespace */

package/src/lib/assets/yaml/overridesFile.ts

@@ -1,5 +1,5 @@
 import { genEnv } from "../pods";
-import { ModuleConfig } from "../../core/module";
+import { ModuleConfig } from "../../types";
 import { CapabilityExport } from "../../types";
 import { dumpYaml } from "@kubernetes/client-node";
 import { clusterRole } from "../rbac";

package/src/lib/controller/index.ts

@@ -9,7 +9,8 @@ import { Capability } from "../core/capability";
 import { MutateResponse, ValidateResponse } from "../k8s";
 import Log from "../telemetry/logger";
 import { metricsCollector, MetricsCollector } from "../telemetry/metrics";
-import { ModuleConfig, isWatchMode } from "../core/module";
+import { isWatchMode } from "../core/envChecks";
+import { ModuleConfig } from "../types";
 import { mutateProcessor } from "../processors/mutate-processor";
 import { validateProcessor } from "../processors/validate-processor";
 import { StoreController } from "./store";

package/src/lib/core/capability.ts

@@ -4,7 +4,7 @@
 import { GenericClass, GroupVersionKind, modelToGroupVersionKind } from "kubernetes-fluent-client";
 import { pickBy } from "ramda";
 import Log from "../telemetry/logger";
-import { isBuildMode, isDevMode, isWatchMode } from "./module";
+import { isBuildMode, isDevMode, isWatchMode } from "./envChecks";
 import { PeprStore, Storage } from "./storage";
 import { OnSchedule, Schedule } from "./schedule";
 import { Event } from "../enums";

package/src/lib/core/envChecks.ts

@@ -0,0 +1,6 @@
+export const isWatchMode = (): boolean => process.env.PEPR_WATCH_MODE === "true";
+// Track if Pepr is running in build mode
+
+export const isBuildMode = (): boolean => process.env.PEPR_MODE === "build";
+
+export const isDevMode = (): boolean => process.env.PEPR_MODE === "dev";

package/src/lib/core/module.ts

@@ -4,71 +4,12 @@ import { clone } from "ramda";
 import { Capability } from "./capability";
 import { Controller, ControllerHooks } from "../controller";
 import { ValidateError } from "../errors";
-import { MutateResponse, ValidateResponse, WebhookIgnore } from "../k8s";
-import { CapabilityExport, AdmissionRequest } from "../types";
+import { CapabilityExport } from "../types";
 import { setupWatch } from "../processors/watch-processor";
 import { Log } from "../../lib";
-import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";
 import { resolveIgnoreNamespaces } from "../assets/webhooks";
-
-/** Custom Labels Type for package.json */
-
-export type CustomLabels = { namespace: Record<string, string> } | Record<string, never>;
-
-/** Configuration that MAY be set a Pepr module's package.json. */
-export type ModuleConfigOptions = {
-  /** The Pepr version this module uses */
-  peprVersion: string;
-  /** The user-defined version of the module */
-  appVersion: string;
-  /** A description of the Pepr module and what it does. */
-  description: string;
-  /** The webhookTimeout */
-  webhookTimeout: number;
-  /** Reject K8s resource AdmissionRequests on error. */
-  onError: string;
-  /** Define the log level for the in-cluster controllers */
-  logLevel: string;
-  /** Propagate env variables to in-cluster controllers */
-  env: Record<string, string>;
-  /** Custom RBAC rules */
-  rbac: PolicyRule[];
-  /** The RBAC mode; if "scoped", generates scoped rules, otherwise uses wildcard rules. */
-  rbacMode: string;
-  /** Custom Labels for Kubernetes Objects */
-  customLabels: CustomLabels;
-};
-
-/** Global configuration for the Pepr runtime. */
-export type ModuleConfig = {
-  /** A unique identifier for this Pepr module. This is automatically generated by Pepr. */
-  uuid: string;
-  /** Configure global exclusions that will never be processed by Pepr. */
-  alwaysIgnore: WebhookIgnore;
-} & Partial<ModuleConfigOptions>;
-
-export type PackageJSON = {
-  description: string;
-  pepr: ModuleConfig;
-};
-
-export type PeprModuleOptions = {
-  deferStart?: boolean;
-
-  /** A user-defined callback to pre-process or intercept a Pepr request from K8s immediately before it is processed */
-  beforeHook?: (req: AdmissionRequest) => void;
-
-  /** A user-defined callback to post-process or intercept a Pepr response just before it is returned to K8s */
-  afterHook?: (res: MutateResponse | ValidateResponse) => void;
-};
-
-// Track if this is a watch mode controller
-export const isWatchMode = (): boolean => process.env.PEPR_WATCH_MODE === "true";
-
-// Track if Pepr is running in build mode
-export const isBuildMode = (): boolean => process.env.PEPR_MODE === "build";
-
-export const isDevMode = (): boolean => process.env.PEPR_MODE === "dev";
+import { isBuildMode, isDevMode, isWatchMode } from "./envChecks";
+import { PackageJSON, PeprModuleOptions, ModuleConfig } from "../types";
 
 export class PeprModule {
   #controller!: Controller;

package/src/lib/processors/mutate-processor.ts

@@ -10,7 +10,7 @@ import { shouldSkipRequest } from "../filter/filter";
 import { MutateResponse } from "../k8s";
 import { AdmissionRequest, Binding } from "../types";
 import Log from "../telemetry/logger";
-import { ModuleConfig } from "../core/module";
+import { ModuleConfig } from "../types";
 import { PeprMutateRequest } from "../mutate-request";
 import { base64Encode, convertFromBase64Map, convertToBase64Map } from "../utils";
 import { OnError } from "../../cli/init/enums";

package/src/lib/processors/validate-processor.ts

@@ -9,7 +9,7 @@ import { AdmissionRequest, Binding } from "../types";
 import Log from "../telemetry/logger";
 import { convertFromBase64Map } from "../utils";
 import { PeprValidateRequest } from "../validate-request";
-import { ModuleConfig } from "../core/module";
+import { ModuleConfig } from "../types";
 import { resolveIgnoreNamespaces } from "../assets/webhooks";
 import { MeasureWebhookTimeout } from "../telemetry/webhookTimeouts";
 import { WebhookType } from "../enums";

package/src/lib/processors/watch-processor.ts

@@ -4,11 +4,12 @@ import Log from "../telemetry/logger";
 import { Binding } from "../types";
 import { Capability } from "../core/capability";
 import { Event } from "../enums";
-import { K8s, KubernetesObject, WatchCfg, WatchEvent } from "kubernetes-fluent-client";
+import { K8s, KubernetesObject, WatchCfg, WatchEvent, GenericClass } from "kubernetes-fluent-client";
 import { Queue } from "../core/queue";
-import { WatchPhase } from "kubernetes-fluent-client/dist/fluent/types";
+import { WatchPhase, WatcherType } from "kubernetes-fluent-client/dist/fluent/types";
+import { KubernetesListObject } from "kubernetes-fluent-client/dist/types";
 import { filterNoMatchReason } from "../filter/filter";
-import { metricsCollector } from "../telemetry/metrics";
+import { metricsCollector, MetricsCollectorInstance } from "../telemetry/metrics";
 import { removeFinalizer } from "../finalizer";
 
 // stores Queue instances
@@ -157,36 +158,8 @@ async function runBinding(
     }
   }, watchCfg);
 
-  // If failure continues, log and exit
-  watcher.events.on(WatchEvent.GIVE_UP, err => {
-    Log.error(err, "Watch failed after 5 attempts, giving up");
-    process.exit(1);
-  });
-
-  watcher.events.on(WatchEvent.CONNECT, url => logEvent(WatchEvent.CONNECT, url));
-
-  watcher.events.on(WatchEvent.DATA_ERROR, err => logEvent(WatchEvent.DATA_ERROR, err.message));
-  watcher.events.on(WatchEvent.RECONNECT, retryCount =>
-    logEvent(WatchEvent.RECONNECT, `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`),
-  );
-  watcher.events.on(WatchEvent.RECONNECT_PENDING, () => logEvent(WatchEvent.RECONNECT_PENDING));
-  watcher.events.on(WatchEvent.GIVE_UP, err => logEvent(WatchEvent.GIVE_UP, err.message));
-  watcher.events.on(WatchEvent.ABORT, err => logEvent(WatchEvent.ABORT, err.message));
-  watcher.events.on(WatchEvent.OLD_RESOURCE_VERSION, err => logEvent(WatchEvent.OLD_RESOURCE_VERSION, err));
-  watcher.events.on(WatchEvent.NETWORK_ERROR, err => logEvent(WatchEvent.NETWORK_ERROR, err.message));
-  watcher.events.on(WatchEvent.LIST_ERROR, err => logEvent(WatchEvent.LIST_ERROR, err.message));
-  watcher.events.on(WatchEvent.LIST, list => logEvent(WatchEvent.LIST, JSON.stringify(list, undefined, 2)));
-  watcher.events.on(WatchEvent.CACHE_MISS, windowName => {
-    metricsCollector.incCacheMiss(windowName);
-  });
-
-  watcher.events.on(WatchEvent.INIT_CACHE_MISS, windowName => {
-    metricsCollector.initCacheMissWindow(windowName);
-  });
-
-  watcher.events.on(WatchEvent.INC_RESYNC_FAILURE_COUNT, retryCount => {
-    metricsCollector.incRetryCount(retryCount);
-  });
+  // Register event handlers
+  registerWatchEventHandlers(watcher, logEvent, metricsCollector);
 
   // Start the watch
   try {
@@ -205,3 +178,55 @@ export function logEvent(event: WatchEvent, message: string = "", obj?: Kubernet
     Log.debug(logMessage);
   }
 }
+
+export type WatchEventArgs<K extends WatchEvent, T extends GenericClass> = {
+  [WatchEvent.LIST]: KubernetesListObject<InstanceType<T>>;
+  [WatchEvent.RECONNECT]: number;
+  [WatchEvent.CACHE_MISS]: string;
+  [WatchEvent.INIT_CACHE_MISS]: string;
+  [WatchEvent.GIVE_UP]: Error;
+  [WatchEvent.ABORT]: Error;
+  [WatchEvent.OLD_RESOURCE_VERSION]: string;
+  [WatchEvent.NETWORK_ERROR]: Error;
+  [WatchEvent.LIST_ERROR]: Error;
+  [WatchEvent.DATA_ERROR]: Error;
+  [WatchEvent.CONNECT]: string;
+  [WatchEvent.RECONNECT_PENDING]: undefined;
+  [WatchEvent.DATA]: undefined;
+  [WatchEvent.INC_RESYNC_FAILURE_COUNT]: number;
+}[K];
+
+export type LogEventFunction = (event: WatchEvent, message?: string) => void;
+export function registerWatchEventHandlers(
+  watcher: WatcherType<GenericClass>,
+  logEvent: LogEventFunction,
+  metricsCollector: MetricsCollectorInstance,
+): void {
+  const eventHandlers: {
+    [K in WatchEvent]?: (arg: WatchEventArgs<K, GenericClass>) => void;
+  } = {
+    [WatchEvent.DATA]: () => null,
+    [WatchEvent.GIVE_UP]: err => {
+      // If failure continues, log and exit
+      logEvent(WatchEvent.GIVE_UP, err.message);
+      process.exit(1);
+    },
+    [WatchEvent.CONNECT]: url => logEvent(WatchEvent.CONNECT, url),
+    [WatchEvent.DATA_ERROR]: err => logEvent(WatchEvent.DATA_ERROR, err.message),
+    [WatchEvent.RECONNECT]: retryCount =>
+      logEvent(WatchEvent.RECONNECT, `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`),
+    [WatchEvent.RECONNECT_PENDING]: () => logEvent(WatchEvent.RECONNECT_PENDING),
+    [WatchEvent.ABORT]: err => logEvent(WatchEvent.ABORT, err.message),
+    [WatchEvent.OLD_RESOURCE_VERSION]: errMessage => logEvent(WatchEvent.OLD_RESOURCE_VERSION, errMessage),
+    [WatchEvent.NETWORK_ERROR]: err => logEvent(WatchEvent.NETWORK_ERROR, err.message),
+    [WatchEvent.LIST_ERROR]: err => logEvent(WatchEvent.LIST_ERROR, err.message),
+    [WatchEvent.LIST]: list => logEvent(WatchEvent.LIST, JSON.stringify(list, undefined, 2)),
+    [WatchEvent.CACHE_MISS]: windowName => metricsCollector.incCacheMiss(windowName),
+    [WatchEvent.INIT_CACHE_MISS]: windowName => metricsCollector.initCacheMissWindow(windowName),
+    [WatchEvent.INC_RESYNC_FAILURE_COUNT]: retryCount => metricsCollector.incRetryCount(retryCount),
+  };
+
+  Object.entries(eventHandlers).forEach(([event, handler]) => {
+    watcher.events.on(event, handler);
+  });
+}

package/src/lib/telemetry/metrics.ts

@@ -9,7 +9,7 @@ import Log from "./logger";
 
 const loggingPrefix = "MetricsCollector";
 
-type MetricsCollectorInstance = InstanceType<typeof MetricsCollector>;
+export type MetricsCollectorInstance = InstanceType<typeof MetricsCollector>;
 interface MetricNames {
   errors: string;
   alerts: string;
@@ -148,8 +148,8 @@ export class MetricsCollector {
    * Increments the retry count gauge.
    * @param count - The count to increment by.
    */
-  incRetryCount = (count: string): void => {
-    this.incGauge(this.#metricNames.resyncFailureCount, { count });
+  incRetryCount = (count: number): void => {
+    this.incGauge(this.#metricNames.resyncFailureCount, { count: count.toString() });
   };
 
   /**

package/src/lib/types.ts

@@ -8,6 +8,7 @@ import { Logger } from "pino";
 import { PeprMutateRequest } from "./mutate-request";
 import { PeprValidateRequest } from "./validate-request";
 import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";
+import { WebhookIgnore, MutateResponse, ValidateResponse } from "./k8s";
 
 /**
  * Specifically for deploying images with a private registry
@@ -356,4 +357,51 @@ export interface GroupVersionResource {
 // DeepPartial utility type for deep optional properties
 export type DeepPartial<T> = {
   [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
+}; /** Custom Labels Type for package.json */
+
+export type CustomLabels = { namespace: Record<string, string> } | Record<string, never>;
+/** Configuration that MAY be set a Pepr module's package.json. */
+export type ModuleConfigOptions = {
+  /** The Pepr version this module uses */
+  peprVersion: string;
+  /** The user-defined version of the module */
+  appVersion: string;
+  /** A description of the Pepr module and what it does. */
+  description: string;
+  /** The webhookTimeout */
+  webhookTimeout: number;
+  /** Reject K8s resource AdmissionRequests on error. */
+  onError: string;
+  /** Define the log level for the in-cluster controllers */
+  logLevel: string;
+  /** Propagate env variables to in-cluster controllers */
+  env: Record<string, string>;
+  /** Custom RBAC rules */
+  rbac: PolicyRule[];
+  /** The RBAC mode; if "scoped", generates scoped rules, otherwise uses wildcard rules. */
+  rbacMode: string;
+  /** Custom Labels for Kubernetes Objects */
+  customLabels: CustomLabels;
+};
+/** Global configuration for the Pepr runtime. */
+export type ModuleConfig = {
+  /** A unique identifier for this Pepr module. This is automatically generated by Pepr. */
+  uuid: string;
+  /** Configure global exclusions that will never be processed by Pepr. */
+  alwaysIgnore: WebhookIgnore;
+} & Partial<ModuleConfigOptions>;
+
+export type PackageJSON = {
+  description: string;
+  pepr: ModuleConfig;
 };
+
+export type PeprModuleOptions = {
+  deferStart?: boolean;
+
+  /** A user-defined callback to pre-process or intercept a Pepr request from K8s immediately before it is processed */
+  beforeHook?: (req: AdmissionRequest) => void;
+
+  /** A user-defined callback to post-process or intercept a Pepr response just before it is returned to K8s */
+  afterHook?: (res: MutateResponse | ValidateResponse) => void;
+}; // Track if this is a watch mode controller

package/src/sdk/sdk.ts

@@ -46,11 +46,15 @@ export function containers(
 export async function writeEvent(
   cr: GenericKind,
   event: Partial<kind.CoreEvent>,
-  eventType: string,
-  eventReason: string,
-  reportingComponent: string,
-  reportingInstance: string,
+  options: {
+    eventType: string;
+    eventReason: string;
+    reportingComponent: string;
+    reportingInstance: string;
+  },
 ): Promise<void> {
+  const { eventType, eventReason, reportingComponent, reportingInstance } = options;
+
   await K8s(kind.CoreEvent).Create({
     type: eventType,
     reason: eventReason,