pepr 0.53.1 → 0.54.0

package/package.json

@@ -16,7 +16,7 @@
     "!src/fixtures/**",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.53.1",
+  "version": "0.54.0",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -95,10 +95,10 @@
   },
   "peerDependencies": {
     "@types/prompts": "2.4.9",
-    "@typescript-eslint/eslint-plugin": "8.38.0",
-    "@typescript-eslint/parser": "8.38.0",
-    "esbuild": "0.25.8",
-    "eslint": "9.32.0",
+    "@typescript-eslint/eslint-plugin": "8.42.0",
+    "@typescript-eslint/parser": "8.42.0",
+    "esbuild": "0.25.9",
+    "eslint": "9.34.0",
     "node-forge": "1.3.1",
     "prettier": "3.6.2",
     "prompts": "2.4.2",

package/src/cli/build/build.helpers.ts

@@ -7,7 +7,7 @@ import { validateCapabilityNames } from "../../lib/helpers";
 import { BuildOptions, context, BuildContext } from "esbuild";
 import { Assets } from "../../lib/assets/assets";
 import { resolve } from "path";
-import { promises as fs } from "fs";
+import { promises as fs, accessSync, constants, statSync } from "fs";
 import { generateAllYaml } from "../../lib/assets/yaml/generateAllYaml";
 import { webhookConfigGenerator } from "../../lib/assets/webhooks";
 import { generateZarfYamlGeneric } from "../../lib/assets/yaml/generateZarfYaml";
@@ -19,6 +19,28 @@ import {
   watcherService,
 } from "../../lib/assets/k8sObjects";
 import { Reloader } from "../types";
+import Log from "../../lib/telemetry/logger";
+/**
+ * Check if a file exists at a given path.
+ *
+ * @param filePath - Path to the file (relative or absolute).
+ * @returns true if the file exists, false otherwise.
+ */
+export function fileExists(entryPoint: string = "pepr.ts"): string {
+  const fullPath = resolve(entryPoint);
+  try {
+    accessSync(resolve(entryPoint), constants.F_OK);
+    if (!statSync(fullPath).isFile()) {
+      throw new Error("Not a file");
+    }
+  } catch {
+    Log.error(
+      `The entry-point option requires a file (e.g., pepr.ts), ${entryPoint} is not a file`,
+    );
+    process.exit(1);
+  }
+  return entryPoint;
+}
 
 interface ImageOptions {
   customImage?: string;

package/src/cli/build/index.ts

@@ -13,6 +13,7 @@ import {
   handleCustomImageBuild,
   validImagePullSecret,
   generateYamlAndWriteToDisk,
+  fileExists,
 } from "./build.helpers";
 import { buildModule } from "./buildModule";
 import Log from "../../lib/telemetry/logger";
@@ -40,7 +41,11 @@ export default function (program: Command): void {
         "Set name for zarf component and service monitors in helm charts.",
       ),
     )
-    .option("-e, --entry-point <file>", "Specify the entry point file to build with.", "pepr.ts")
+    .option(
+      "-e, --entry-point <file>",
+      "Specify the entry point file to build with. (default: pepr.ts)",
+      fileExists,
+    )
     .addOption(
       new Option(
         "-i, --custom-image <image>",

package/src/cli.ts

@@ -17,6 +17,8 @@ import update from "./cli/update";
 import kfc from "./cli/kfc";
 import crd from "./cli/crd";
 import Log from "./lib/telemetry/logger";
+import { featureFlagStore } from "./lib/features/store";
+
 if (process.env.npm_lifecycle_event !== "npx") {
   Log.info("Pepr should be run via `npx pepr <command>` instead of `pepr <command>`.");
 }
@@ -29,6 +31,16 @@ program
   .enablePositionalOptions()
   .version(version)
   .description(`Pepr (v${version}) - Type safe K8s middleware for humans`)
+  .option("--features <features>", "Comma-separated feature flags (feature=value,feature2=value2)")
+  .hook("preAction", thisCommand => {
+    try {
+      featureFlagStore.initialize(thisCommand.opts().features);
+      Log.debug(`Feature flag store initialized: ${JSON.stringify(featureFlagStore.getAll())}`);
+    } catch (error) {
+      Log.error(error, "Failed to initialize feature store:");
+      process.exit(1);
+    }
+  })
   .addCommand(crd())
   .addCommand(init())
   .action(() => {

package/src/lib/assets/webhooks.ts

@@ -142,6 +142,12 @@ export async function webhookConfigGenerator(
   return webhookConfig;
 }
 
+export function checkFailurePolicy(failurePolicy: string): void {
+  if (failurePolicy !== "Fail" && failurePolicy !== "Ignore") {
+    throw new Error(`Invalid failure policy: ${failurePolicy}. Must be either 'Fail' or 'Ignore'.`);
+  }
+}
+
 export function configureAdditionalWebhooks(
   webhookConfig: V1MutatingWebhookConfiguration | V1ValidatingWebhookConfiguration,
   additionalWebhooks: AdditionalWebhook[],
@@ -158,6 +164,7 @@ export function configureAdditionalWebhooks(
   expr.values!.push(...additionalWebhooks.map(w => w.namespace));
 
   additionalWebhooks.forEach(additionalWebhook => {
+    checkFailurePolicy(additionalWebhook.failurePolicy);
     webhooks.push({
       name: `${webhookConfig.metadata!.name}-${additionalWebhook.namespace}.pepr.dev`,
       admissionReviewVersions: ["v1", "v1beta1"],

package/src/lib/controller/index.ts

@@ -16,6 +16,7 @@ import { validateProcessor } from "../processors/validate-processor";
 import { StoreController } from "./store";
 import { karForMutate, karForValidate, KubeAdmissionReview } from "./index.util";
 import { AdmissionRequest } from "../common-types";
+import { featureFlagStore } from "../features/store";
 
 export interface ControllerHooks {
   beforeHook?: (req: AdmissionRequest) => void;
@@ -90,6 +91,13 @@ export class Controller {
       );
     }
 
+    // Initialize feature store
+    try {
+      featureFlagStore.initialize();
+      Log.info(`Feature flag store initialized: ${JSON.stringify(featureFlagStore.getAll())}`);
+    } catch (error) {
+      Log.warn(error, "Could not initialize feature flags");
+    }
     // Load SSL certificate and key
     const options = {
       key: fs.readFileSync(process.env.SSL_KEY_PATH || "/etc/certs/tls.key"),

package/src/lib/features/FeatureFlags.ts

@@ -0,0 +1,23 @@
+export interface FeatureMetadata {
+  name: string;
+  description: string;
+  defaultValue: FeatureValue;
+}
+
+export interface FeatureInfo {
+  key: string;
+  metadata: FeatureMetadata;
+}
+// All known feature flags with their metadata
+export const FeatureFlags: Record<string, FeatureInfo> = {
+  REFERENCE_FLAG: {
+    key: "reference_flag",
+    metadata: {
+      name: "Reference Flag",
+      description: "A feature flag to show intended usage.",
+      defaultValue: false,
+    },
+  },
+};
+
+export type FeatureValue = string | boolean | number;

package/src/lib/features/store.ts

@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { FeatureFlags, FeatureValue } from "./FeatureFlags";
+
+export class FeatureStore {
+  private featureFlagLimit: number = 4;
+  private features: Record<string, FeatureValue> = {};
+
+  private addFeature(key: string, value: string): void {
+    if (!key || value === undefined || value === "") return;
+
+    const validKeys = Object.values(FeatureFlags)
+      .filter(f => f?.key)
+      .map(f => f.key);
+    if (!validKeys.includes(key)) {
+      throw new Error(`Unknown feature flag: ${key}`);
+    }
+
+    const lowerValue = value.toLowerCase();
+    if (lowerValue === "true") {
+      this.features[key] = true;
+    } else if (lowerValue === "false") {
+      this.features[key] = false;
+    } else if (!isNaN(Number(value))) {
+      this.features[key] = Number(value);
+    } else {
+      this.features[key] = value;
+    }
+  }
+
+  get<T extends FeatureValue>(key: string): T {
+    if (!Object.values(FeatureFlags).some(f => f?.key === key)) {
+      throw new Error(`Unknown feature flag: ${key}`);
+    }
+
+    if (!(key in this.features)) {
+      throw new Error(`Feature flag '${key}' exists but has not been set`);
+    }
+
+    return this.features[key] as T;
+  }
+
+  getAll(): Record<string, FeatureValue> {
+    return { ...this.features };
+  }
+
+  initialize(featuresStr?: string, env: Record<string, string | undefined> = process.env): void {
+    Object.keys(env)
+      .filter(key => key.startsWith("PEPR_FEATURE_"))
+      .forEach(key => {
+        this.addFeature(key.replace("PEPR_FEATURE_", "").toLowerCase(), env[key] || "");
+      });
+
+    if (featuresStr) {
+      featuresStr
+        .split(",")
+        .map(feature => feature.split("="))
+        .filter(parts => parts.length === 2)
+        .forEach(([key, value]) => {
+          this.addFeature(key.trim(), value.trim());
+        });
+    }
+
+    this.applyDefaultValues();
+    this.validateFeatureCount();
+  }
+
+  private applyDefaultValues(): void {
+    Object.values(FeatureFlags)
+      .filter(
+        feature =>
+          feature?.key &&
+          feature?.metadata?.defaultValue !== undefined &&
+          !(feature.key in this.features),
+      )
+      .forEach(feature => {
+        this.features[feature.key] = feature.metadata.defaultValue;
+      });
+  }
+
+  validateFeatureCount(): void {
+    const featureCount = Object.keys(this.features).length;
+    if (featureCount > this.featureFlagLimit) {
+      throw new Error(
+        `Too many feature flags active: ${featureCount} (maximum: ${this.featureFlagLimit}). Use of more than ${this.featureFlagLimit} feature flags is not supported.`,
+      );
+    }
+  }
+}
+
+export const featureFlagStore = new FeatureStore();

package/src/lib/helpers.ts

@@ -227,16 +227,17 @@ export function secretOverLimit(str: string): boolean {
 }
 
 export const parseTimeout = (value: string): number => {
-  const parsedValue = parseInt(value, 10);
-  const floatValue = parseFloat(value);
-  if (isNaN(parsedValue)) {
-    throw new Error("Not a number.");
-  } else if (parsedValue !== floatValue) {
+  const num = Number(value);
+
+  if (!Number.isInteger(num) || value.includes(".")) {
     throw new Error("Value must be an integer.");
-  } else if (parsedValue < 1 || parsedValue > 30) {
+  }
+
+  if (num < 1 || num > 30) {
     throw new Error("Number must be between 1 and 30.");
   }
-  return parsedValue;
+
+  return num;
 };
 
 // Remove leading whitespace while keeping format of file