pepr 0.53.1 → 0.54.0-nightly.1

package/package.json

@@ -16,7 +16,7 @@
     "!src/fixtures/**",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.53.1",
+  "version": "0.54.0-nightly.1",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -58,7 +58,7 @@
     "http-status-codes": "^2.3.0",
     "json-pointer": "^0.6.2",
     "kubernetes-fluent-client": "3.10.1",
-    "pino": "9.7.0",
+    "pino": "9.9.1",
     "pino-pretty": "13.1.1",
     "prom-client": "15.1.3",
     "quicktype-core": "^23.2.6",
@@ -95,14 +95,14 @@
   },
   "peerDependencies": {
     "@types/prompts": "2.4.9",
-    "@typescript-eslint/eslint-plugin": "8.38.0",
-    "@typescript-eslint/parser": "8.38.0",
-    "esbuild": "0.25.8",
-    "eslint": "9.32.0",
+    "@typescript-eslint/eslint-plugin": "8.42.0",
+    "@typescript-eslint/parser": "8.42.0",
+    "esbuild": "0.25.9",
+    "eslint": "9.34.0",
     "node-forge": "1.3.1",
     "prettier": "3.6.2",
     "prompts": "2.4.2",
     "typescript": "5.8.3",
     "uuid": "11.1.0"
   }
-}
+}

package/src/cli/build/build.helpers.ts

@@ -7,7 +7,7 @@ import { validateCapabilityNames } from "../../lib/helpers";
 import { BuildOptions, context, BuildContext } from "esbuild";
 import { Assets } from "../../lib/assets/assets";
 import { resolve } from "path";
-import { promises as fs } from "fs";
+import { promises as fs, accessSync, constants, statSync } from "fs";
 import { generateAllYaml } from "../../lib/assets/yaml/generateAllYaml";
 import { webhookConfigGenerator } from "../../lib/assets/webhooks";
 import { generateZarfYamlGeneric } from "../../lib/assets/yaml/generateZarfYaml";
@@ -19,6 +19,28 @@ import {
   watcherService,
 } from "../../lib/assets/k8sObjects";
 import { Reloader } from "../types";
+import Log from "../../lib/telemetry/logger";
+/**
+ * Check if a file exists at a given path.
+ *
+ * @param filePath - Path to the file (relative or absolute).
+ * @returns true if the file exists, false otherwise.
+ */
+export function fileExists(entryPoint: string = "pepr.ts"): string {
+  const fullPath = resolve(entryPoint);
+  try {
+    accessSync(resolve(entryPoint), constants.F_OK);
+    if (!statSync(fullPath).isFile()) {
+      throw new Error("Not a file");
+    }
+  } catch {
+    Log.error(
+      `The entry-point option requires a file (e.g., pepr.ts), ${entryPoint} is not a file`,
+    );
+    process.exit(1);
+  }
+  return entryPoint;
+}
 
 interface ImageOptions {
   customImage?: string;

package/src/cli/build/index.ts

@@ -13,6 +13,7 @@ import {
   handleCustomImageBuild,
   validImagePullSecret,
   generateYamlAndWriteToDisk,
+  fileExists,
 } from "./build.helpers";
 import { buildModule } from "./buildModule";
 import Log from "../../lib/telemetry/logger";
@@ -40,7 +41,11 @@ export default function (program: Command): void {
         "Set name for zarf component and service monitors in helm charts.",
       ),
     )
-    .option("-e, --entry-point <file>", "Specify the entry point file to build with.", "pepr.ts")
+    .option(
+      "-e, --entry-point <file>",
+      "Specify the entry point file to build with. (default: pepr.ts)",
+      fileExists,
+    )
     .addOption(
       new Option(
         "-i, --custom-image <image>",

package/src/cli/update/index.ts

@@ -23,8 +23,9 @@ export default function (program: Command): void {
     .command("update")
     .description("Update this Pepr module. Not recommended for prod as it may change files.")
     .option("-s, --skip-template-update", "Do not update template files")
+    .option("-y, --yes", "Skip confirmation prompt")
     .action(async opts => {
-      if (!opts.skipTemplateUpdate) {
+      if (!opts.skipTemplateUpdate && !opts.yes) {
         const { confirm } = await prompt({
           type: "confirm",
           name: "confirm",

package/src/cli.ts

@@ -17,6 +17,8 @@ import update from "./cli/update";
 import kfc from "./cli/kfc";
 import crd from "./cli/crd";
 import Log from "./lib/telemetry/logger";
+import { featureFlagStore } from "./lib/features/store";
+
 if (process.env.npm_lifecycle_event !== "npx") {
   Log.info("Pepr should be run via `npx pepr <command>` instead of `pepr <command>`.");
 }
@@ -29,6 +31,16 @@ program
   .enablePositionalOptions()
   .version(version)
   .description(`Pepr (v${version}) - Type safe K8s middleware for humans`)
+  .option("--features <features>", "Comma-separated feature flags (feature=value,feature2=value2)")
+  .hook("preAction", thisCommand => {
+    try {
+      featureFlagStore.initialize(thisCommand.opts().features);
+      Log.debug(`Feature flag store initialized: ${JSON.stringify(featureFlagStore.getAll())}`);
+    } catch (error) {
+      Log.error(error, "Failed to initialize feature store:");
+      process.exit(1);
+    }
+  })
   .addCommand(crd())
   .addCommand(init())
   .action(() => {

package/src/lib/assets/webhooks.ts

@@ -142,6 +142,12 @@ export async function webhookConfigGenerator(
   return webhookConfig;
 }
 
+export function checkFailurePolicy(failurePolicy: string): void {
+  if (failurePolicy !== "Fail" && failurePolicy !== "Ignore") {
+    throw new Error(`Invalid failure policy: ${failurePolicy}. Must be either 'Fail' or 'Ignore'.`);
+  }
+}
+
 export function configureAdditionalWebhooks(
   webhookConfig: V1MutatingWebhookConfiguration | V1ValidatingWebhookConfiguration,
   additionalWebhooks: AdditionalWebhook[],
@@ -158,6 +164,7 @@ export function configureAdditionalWebhooks(
   expr.values!.push(...additionalWebhooks.map(w => w.namespace));
 
   additionalWebhooks.forEach(additionalWebhook => {
+    checkFailurePolicy(additionalWebhook.failurePolicy);
     webhooks.push({
       name: `${webhookConfig.metadata!.name}-${additionalWebhook.namespace}.pepr.dev`,
       admissionReviewVersions: ["v1", "v1beta1"],

package/src/lib/controller/index.ts

@@ -16,6 +16,7 @@ import { validateProcessor } from "../processors/validate-processor";
 import { StoreController } from "./store";
 import { karForMutate, karForValidate, KubeAdmissionReview } from "./index.util";
 import { AdmissionRequest } from "../common-types";
+import { featureFlagStore } from "../features/store";
 
 export interface ControllerHooks {
   beforeHook?: (req: AdmissionRequest) => void;
@@ -90,6 +91,13 @@ export class Controller {
       );
     }
 
+    // Initialize feature store
+    try {
+      featureFlagStore.initialize();
+      Log.info(`Feature flag store initialized: ${JSON.stringify(featureFlagStore.getAll())}`);
+    } catch (error) {
+      Log.warn(error, "Could not initialize feature flags");
+    }
     // Load SSL certificate and key
     const options = {
       key: fs.readFileSync(process.env.SSL_KEY_PATH || "/etc/certs/tls.key"),

package/src/lib/core/capability.ts

@@ -231,9 +231,9 @@ export class Capability implements CapabilityExport {
     const log = (message: string, cbString: string): void => {
       const filteredObj = pickBy(isNotEmpty, binding.filters);
 
-      Log.info(`${message} configured for ${binding.event}`, prefix);
-      Log.info(filteredObj, prefix);
-      Log.debug(cbString, prefix);
+      Log.info({ prefix }, `${message} configured for ${binding.event}`);
+      Log.info({ prefix }, JSON.stringify(filteredObj));
+      Log.debug({ prefix }, cbString);
     };
 
     function Validate(validateCallback: ValidateAction<T>): ValidateActionChain<T> {
@@ -376,49 +376,49 @@ export class Capability implements CapabilityExport {
     }
 
     function InNamespace(...namespaces: string[]): BindingWithName<T> {
-      Log.debug(`Add namespaces filter ${namespaces}`, prefix);
+      Log.debug({ prefix }, `Add namespaces filter ${namespaces}`);
       binding.filters.namespaces.push(...namespaces);
       return { ...commonChain, WithName, WithNameRegex };
     }
 
     function InNamespaceRegex(...namespaces: RegExp[]): BindingWithName<T> {
-      Log.debug(`Add regex namespaces filter ${namespaces}`, prefix);
+      Log.debug({ prefix }, `Add regex namespaces filter ${namespaces}`);
       binding.filters.regexNamespaces.push(...namespaces.map(regex => regex.source));
       return { ...commonChain, WithName, WithNameRegex };
     }
 
     function WithDeletionTimestamp(): BindingFilter<T> {
-      Log.debug("Add deletionTimestamp filter");
+      Log.debug({ prefix }, "Add deletionTimestamp filter");
       binding.filters.deletionTimestamp = true;
       return commonChain;
     }
 
     function WithNameRegex(regexName: RegExp): BindingFilter<T> {
-      Log.debug(`Add regex name filter ${regexName}`, prefix);
+      Log.debug({ prefix }, `Add regex name filter ${regexName}`);
       binding.filters.regexName = regexName.source;
       return commonChain;
     }
 
     function WithName(name: string): BindingFilter<T> {
-      Log.debug(`Add name filter ${name}`, prefix);
+      Log.debug({ prefix }, `Add name filter ${name}`);
       binding.filters.name = name;
       return commonChain;
     }
 
     function WithLabel(key: string, value = ""): BindingFilter<T> {
-      Log.debug(`Add label filter ${key}=${value}`, prefix);
+      Log.debug({ prefix }, `Add label filter ${key}=${value}`);
       binding.filters.labels[key] = value;
       return commonChain;
     }
 
     function WithAnnotation(key: string, value = ""): BindingFilter<T> {
-      Log.debug(`Add annotation filter ${key}=${value}`, prefix);
+      Log.debug({ prefix }, `Add annotation filter ${key}=${value}`);
       binding.filters.annotations[key] = value;
       return commonChain;
     }
 
     function Alias(alias: string): CommonChainType {
-      Log.debug(`Adding prefix alias ${alias}`, prefix);
+      Log.debug({ prefix }, `Adding prefix alias ${alias}`);
       binding.alias = alias;
       return commonChain;
     }

package/src/lib/core/queue.ts

@@ -116,7 +116,7 @@ export class Queue<K extends KubernetesObject> {
 
       element.resolve();
     } catch (e) {
-      Log.debug(`Error reconciling ${element.item.metadata!.name}`, { error: e });
+      Log.debug({ error: e }, `Error reconciling ${element.item.metadata!.name}`);
       element.reject(e);
     } finally {
       Log.debug(this.stats(), "Queue stats - shift");

package/src/lib/features/FeatureFlags.ts

@@ -0,0 +1,23 @@
+export interface FeatureMetadata {
+  name: string;
+  description: string;
+  defaultValue: FeatureValue;
+}
+
+export interface FeatureInfo {
+  key: string;
+  metadata: FeatureMetadata;
+}
+// All known feature flags with their metadata
+export const FeatureFlags: Record<string, FeatureInfo> = {
+  REFERENCE_FLAG: {
+    key: "reference_flag",
+    metadata: {
+      name: "Reference Flag",
+      description: "A feature flag to show intended usage.",
+      defaultValue: false,
+    },
+  },
+};
+
+export type FeatureValue = string | boolean | number;

package/src/lib/features/store.ts

@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { FeatureFlags, FeatureValue } from "./FeatureFlags";
+
+export class FeatureStore {
+  private featureFlagLimit: number = 4;
+  private features: Record<string, FeatureValue> = {};
+
+  private addFeature(key: string, value: string): void {
+    if (!key || value === undefined || value === "") return;
+
+    const validKeys = Object.values(FeatureFlags)
+      .filter(f => f?.key)
+      .map(f => f.key);
+    if (!validKeys.includes(key)) {
+      throw new Error(`Unknown feature flag: ${key}`);
+    }
+
+    const lowerValue = value.toLowerCase();
+    if (lowerValue === "true") {
+      this.features[key] = true;
+    } else if (lowerValue === "false") {
+      this.features[key] = false;
+    } else if (!isNaN(Number(value))) {
+      this.features[key] = Number(value);
+    } else {
+      this.features[key] = value;
+    }
+  }
+
+  get<T extends FeatureValue>(key: string): T {
+    if (!Object.values(FeatureFlags).some(f => f?.key === key)) {
+      throw new Error(`Unknown feature flag: ${key}`);
+    }
+
+    if (!(key in this.features)) {
+      throw new Error(`Feature flag '${key}' exists but has not been set`);
+    }
+
+    return this.features[key] as T;
+  }
+
+  getAll(): Record<string, FeatureValue> {
+    return { ...this.features };
+  }
+
+  initialize(featuresStr?: string, env: Record<string, string | undefined> = process.env): void {
+    Object.keys(env)
+      .filter(key => key.startsWith("PEPR_FEATURE_"))
+      .forEach(key => {
+        this.addFeature(key.replace("PEPR_FEATURE_", "").toLowerCase(), env[key] || "");
+      });
+
+    if (featuresStr) {
+      featuresStr
+        .split(",")
+        .map(feature => feature.split("="))
+        .filter(parts => parts.length === 2)
+        .forEach(([key, value]) => {
+          this.addFeature(key.trim(), value.trim());
+        });
+    }
+
+    this.applyDefaultValues();
+    this.validateFeatureCount();
+  }
+
+  private applyDefaultValues(): void {
+    Object.values(FeatureFlags)
+      .filter(
+        feature =>
+          feature?.key &&
+          feature?.metadata?.defaultValue !== undefined &&
+          !(feature.key in this.features),
+      )
+      .forEach(feature => {
+        this.features[feature.key] = feature.metadata.defaultValue;
+      });
+  }
+
+  validateFeatureCount(): void {
+    const featureCount = Object.keys(this.features).length;
+    if (featureCount > this.featureFlagLimit) {
+      throw new Error(
+        `Too many feature flags active: ${featureCount} (maximum: ${this.featureFlagLimit}). Use of more than ${this.featureFlagLimit} feature flags is not supported.`,
+      );
+    }
+  }
+}
+
+export const featureFlagStore = new FeatureStore();

package/src/lib/helpers.ts

@@ -227,16 +227,17 @@ export function secretOverLimit(str: string): boolean {
 }
 
 export const parseTimeout = (value: string): number => {
-  const parsedValue = parseInt(value, 10);
-  const floatValue = parseFloat(value);
-  if (isNaN(parsedValue)) {
-    throw new Error("Not a number.");
-  } else if (parsedValue !== floatValue) {
+  const num = Number(value);
+
+  if (!Number.isInteger(num) || value.includes(".")) {
     throw new Error("Value must be an integer.");
-  } else if (parsedValue < 1 || parsedValue > 30) {
+  }
+
+  if (num < 1 || num > 30) {
     throw new Error("Number must be between 1 and 30.");
   }
-  return parsedValue;
+
+  return num;
 };
 
 // Remove leading whitespace while keeping format of file

package/src/lib/telemetry/metrics.ts

@@ -69,7 +69,7 @@ export class MetricsCollector {
     { name, help, labelNames }: Omit<MetricArgs, "registers">,
   ): void => {
     if (collection.has(this.#getMetricName(name))) {
-      Log.debug(`Metric for ${name} already exists`, loggingPrefix);
+      Log.debug({ loggingPrefix }, `Metric for ${name} already exists`);
       return;
     }
 

package/src/templates/capabilities/hello-pepr.ts

@@ -66,7 +66,7 @@ When(a.Namespace)
       });
     } catch (error) {
       // You can use the Log object to log messages to the Pepr controller pod
-      Log.error(error, "Failed to apply ConfigMap using server-side apply.");
+      Log.error({ error }, "Failed to apply ConfigMap using server-side apply.");
     }
 
     // You can share data between actions using the Store, including between different types of actions
@@ -139,7 +139,7 @@ When(a.ConfigMap)
   })
   .Watch((cm, phase) => {
     // This Watch Action will watch the ConfigMap after it has been persisted to the cluster
-    Log.info(cm, `ConfigMap was ${phase} with the name example-2`);
+    Log.info({ cm }, `ConfigMap was ${phase} with the name example-2`);
   });
 
 /**
@@ -310,9 +310,7 @@ When(a.ConfigMap)
           },
         });
       } catch (error) {
-        Log.error(error, "Failed to apply ConfigMap using server-side apply.", {
-          cm,
-        });
+        Log.error({ error, cm }, "Failed to apply ConfigMap using server-side apply.");
       }
     }
 
@@ -454,5 +452,5 @@ When(UnicornKind)
  * A callback function that is called once the Pepr Store is fully loaded.
  */
 Store.onReady(data => {
-  Log.info(data, "Pepr Store Ready");
+  Log.info({ data }, "Pepr Store Ready");
 });