saastore-port 0.1.1

package/dist/generate_manifest.js

@@ -0,0 +1,109 @@
+/**
+ * generate_manifest — emit a saastore.yaml manifest the seller commits in
+ * their repo. Takes the output of analyze_repo + a few seller-supplied
+ * fields (port, memory, external_apis caps) and returns the YAML string.
+ *
+ * Schema mirrors backend/app/services/manifest.py::SaastoreManifest. The
+ * MCP tool layer SHOULD round-trip the result through the backend
+ * /api/projects/admin/.../releases POST endpoint to validate before
+ * shipping, since the backend is the source of truth.
+ */
+import { stringify as yamlStringify } from "yaml";
+// ----- Helpers -------------------------------------------------------------
+const ADAPTER_HINTS = {
+    nextauth: "saastore-nextauth",
+    "auth.js": "saastore-nextauth",
+    passport: "saastore-passport",
+    "django-auth": "saastore-django",
+    fastapi: "saastore-fastapi",
+    flask: "saastore-flask",
+};
+const FRAMEWORK_HINTS = {
+    "next.js": "next.js",
+    remix: "remix",
+    nuxt: "nuxt",
+    fastapi: "fastapi",
+    django: "django",
+    flask: "flask",
+    express: "express",
+};
+function inferAdapter(analysis) {
+    if (analysis.auth_library && ADAPTER_HINTS[analysis.auth_library]) {
+        return ADAPTER_HINTS[analysis.auth_library];
+    }
+    if (analysis.backend_framework && ADAPTER_HINTS[analysis.backend_framework]) {
+        return ADAPTER_HINTS[analysis.backend_framework];
+    }
+    // Last-resort fallback — seller will replace.
+    return "saastore-generic";
+}
+function inferFramework(analysis) {
+    // Prefer frontend if present (Next.js owns its own server),
+    // otherwise the detected backend.
+    return ((analysis.framework && FRAMEWORK_HINTS[analysis.framework]) ||
+        (analysis.backend_framework && FRAMEWORK_HINTS[analysis.backend_framework]) ||
+        "unknown");
+}
+function defaultPort(framework) {
+    if (framework === "next.js" || framework === "remix" || framework === "nuxt")
+        return 3000;
+    if (framework === "django" || framework === "fastapi" || framework === "flask")
+        return 8000;
+    return 8080;
+}
+// ----- Main entry ----------------------------------------------------------
+export function generateManifest(analysis, input) {
+    if (!input.app_name) {
+        throw new Error("generate_manifest: app_name is required");
+    }
+    const framework = input.framework_override ?? inferFramework(analysis);
+    const adapter = input.adapter_override ?? inferAdapter(analysis);
+    const port = input.port ?? defaultPort(framework);
+    const caps = input.external_api_caps_usd ?? {};
+    const externalApis = analysis.external_apis
+        .filter((name) => name !== "sentry") // observability isn't a paid LLM cap
+        .map((apiName) => {
+        const envName = apiName.toUpperCase().replace(/-/g, "_") + "_API_KEY";
+        return {
+            name: envName,
+            type: "platform",
+            monthly_cap_usd: caps[apiName] ?? 5,
+        };
+    });
+    const manifest = {
+        version: 1,
+        app: {
+            name: input.app_name,
+            framework,
+            port,
+        },
+        auth: {
+            adapter,
+            removed_routes: input.removed_routes ?? [],
+        },
+        database: {
+            postgres: analysis.database === "postgres",
+            schema_owner: input.schema_owner ?? "app",
+            ...(input.migrate_command ? { migrate_command: input.migrate_command } : {}),
+        },
+        storage: {
+            s3_bucket: input.s3_bucket ?? false,
+        },
+        external_apis: externalApis,
+        resources: {
+            memory_mb: input.memory_mb ?? 512,
+            cpus: 1,
+        },
+    };
+    const header = [
+        "# saastore.yaml — generated by saastore-port",
+        "# Safe to edit. The verification pipeline re-validates this on every push.",
+        "# Schema: docs/superpowers/specs/2026-05-22-hosted-apps-poc-design.md section 6.3",
+        "",
+    ].join("\n");
+    return {
+        yaml: header + yamlStringify(manifest),
+        manifest,
+    };
+}
+//# sourceMappingURL=generate_manifest.js.map

package/dist/generate_manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate_manifest.js","sourceRoot":"","sources":["../src/generate_manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,SAAS,IAAI,aAAa,EAAE,MAAM,MAAM,CAAA;AAmCjD,8EAA8E;AAE9E,MAAM,aAAa,GAA2B;IAC5C,QAAQ,EAAE,mBAAmB;IAC7B,SAAS,EAAE,mBAAmB;IAC9B,QAAQ,EAAE,mBAAmB;IAC7B,aAAa,EAAE,iBAAiB;IAChC,OAAO,EAAE,kBAAkB;IAC3B,KAAK,EAAE,gBAAgB;CACxB,CAAA;AAED,MAAM,eAAe,GAA2B;IAC9C,SAAS,EAAE,SAAS;IACpB,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,SAAS;IAClB,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,OAAO;IACd,OAAO,EAAE,SAAS;CACnB,CAAA;AAED,SAAS,YAAY,CAAC,QAAsB;IAC1C,IAAI,QAAQ,CAAC,YAAY,IAAI,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAClE,OAAO,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;IAC7C,CAAC;IACD,IAAI,QAAQ,CAAC,iBAAiB,IAAI,aAAa,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC5E,OAAO,aAAa,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;IAClD,CAAC;IACD,8CAA8C;IAC9C,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,SAAS,cAAc,CAAC,QAAsB;IAC5C,4DAA4D;IAC5D,kCAAkC;IAClC,OAAO,CACL,CAAC,QAAQ,CAAC,SAAS,IAAI,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC,QAAQ,CAAC,iBAAiB,IAAI,eAAe,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAC3E,SAAS,CACV,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB;IACpC,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IACzF,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,OAAO;QAAE,OAAO,IAAI,CAAA;IAC3F,OAAO,IAAI,CAAA;AACb,CAAC;AAED,8EAA8E;AAE9E,MAAM,UAAU,gBAAgB,CAC9B,QAAsB,EACtB,KAAoB;IAEpB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC5D,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,kBAAkB,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAA;IACtE,MAAM,OAAO,GAAG,KAAK,CAAC,gBAAgB,IAAI,YAAY,CAAC,QAAQ,CAAC,CAAA;IAChE,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,WAAW,CAAC,SAAS,CAAC,CAAA;IACjD,MAAM,IAAI,GAAG,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAA;IAE9C,MAAM,YAAY,GAAG,QAAQ,CAAC,aAAa;SACxC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,qCAAqC;SACzE,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,UAAU,CAAA;QACrE,OAAO;YACL,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,UAAU;YAChB,eAAe,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;SACpC,CAAA;IACH,CAAC,CAAC,CAAA;IAEJ,MAAM,QAAQ,GAA4B;QACxC,OAAO,EAAE,CAAC;QACV,GAAG,EAAE;YACH,IAAI,EAAE,KAAK,CAAC,QAAQ;YACpB,SAAS;YACT,IAAI;SACL;QACD,IAAI,EAAE;YACJ,OAAO;YACP,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,EAAE;SAC3C;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE,QAAQ,CAAC,QAAQ,KAAK,UAAU;YAC1C,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,KAAK;YACzC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,KAAK,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7E;QACD,OAAO,EAAE;YACP,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;SACpC;QACD,aAAa,EAAE,YAAY;QAC3B,SAAS,EAAE;YACT,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,GAAG;YACjC,IAAI,EAAE,CAAC;SACR;KACF,CAAA;IAED,MAAM,MAAM,GAAG;QACb,8CAA8C;QAC9C,4EAA4E;QAC5E,mFAAmF;QACnF,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEZ,OAAO;QACL,IAAI,EAAE,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC;QACtC,QAAQ;KACT,CAAA;AACH,CAAC"}

package/dist/package_and_push.js

@@ -0,0 +1,151 @@
+/**
+ * package_image + push_image — thin wrappers around `docker build` /
+ * `docker push` so the seller's agent can drive the final two steps of
+ * the port pipeline.
+ *
+ * package_image:
+ *   - Builds the seller's Dockerfile
+ *   - Stamps the manifest into an OCI label (org.saastore.manifest) so
+ *     the verification pipeline can read the contract without a separate
+ *     file download
+ *   - Returns the local tag + image digest (sha256:..) when available
+ *
+ * push_image:
+ *   - Tags + pushes to the saastore registry
+ *   - Accepts a saastore-issued OAuth token (not the seller's docker login)
+ *   - Returns the pushed reference + digest
+ *
+ * Both wrap child_process.spawn — Docker subprocesses are kept silent
+ * unless they fail, in which case the last 500 chars of stderr are
+ * surfaced in the result.
+ */
+import { spawn } from "node:child_process";
+import { writeFile, mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { stringify as yamlStringify } from "yaml";
+function run(cmd, args, opts = {}) {
+    return new Promise((resolve) => {
+        const proc = spawn(cmd, args, { cwd: opts.cwd, shell: false });
+        let stdout = "";
+        let stderr = "";
+        proc.stdout?.on("data", (d) => (stdout += d.toString()));
+        proc.stderr?.on("data", (d) => (stderr += d.toString()));
+        let timer;
+        if (opts.timeout_ms) {
+            timer = setTimeout(() => proc.kill("SIGKILL"), opts.timeout_ms);
+        }
+        proc.on("close", (code) => {
+            if (timer)
+                clearTimeout(timer);
+            resolve({ code: code ?? -1, stdout, stderr });
+        });
+        if (opts.stdin) {
+            proc.stdin?.write(opts.stdin);
+            proc.stdin?.end();
+        }
+    });
+}
+async function inspectDigest(dockerBin, ref) {
+    const res = await run(dockerBin, ["inspect", "--format", "{{ .Id }}", ref], {
+        timeout_ms: 15_000,
+    });
+    if (res.code !== 0)
+        return null;
+    const id = res.stdout.trim();
+    return id.startsWith("sha256:") ? id : null;
+}
+// ----- package_image -------------------------------------------------------
+export async function packageImage(opts) {
+    const dockerBin = opts.docker_bin ?? "docker";
+    const context = opts.context ?? process.cwd();
+    const dockerfile = opts.dockerfile ?? "Dockerfile";
+    // Write the manifest into a workspace file we can COPY/LABEL from a
+    // small wrapper Dockerfile. The wrapper FROMs the seller's image and
+    // adds a single LABEL — keeps the seller's build process untouched.
+    const workspace = await mkdtemp(join(tmpdir(), "saastore-package-"));
+    try {
+        const manifestYaml = yamlStringify(opts.manifest);
+        await writeFile(join(workspace, "saastore.yaml"), manifestYaml, "utf8");
+        // First: build the seller's image to a base tag.
+        const baseTag = `${opts.tag}-base`;
+        const build = await run(dockerBin, ["build", "-f", dockerfile, "-t", baseTag, "."], { cwd: context, timeout_ms: 10 * 60_000 });
+        if (build.code !== 0) {
+            return {
+                ok: false,
+                tag: opts.tag,
+                digest: null,
+                error: `docker build failed: ${build.stderr.slice(-500)}`,
+            };
+        }
+        // Second: wrap with manifest LABEL via a small derived Dockerfile.
+        // Escape any control characters in the JSON-encoded manifest so docker
+        // LABEL parses it as a single value.
+        const manifestJsonEscaped = JSON.stringify(opts.manifest).replace(/"/g, '\\"');
+        const wrapDockerfile = [
+            `FROM ${baseTag}`,
+            `LABEL org.saastore.manifest="${manifestJsonEscaped}"`,
+            "",
+        ].join("\n");
+        await writeFile(join(workspace, "Dockerfile.wrap"), wrapDockerfile, "utf8");
+        const wrap = await run(dockerBin, ["build", "-f", "Dockerfile.wrap", "-t", opts.tag, "."], { cwd: workspace, timeout_ms: 60_000 });
+        if (wrap.code !== 0) {
+            return {
+                ok: false,
+                tag: opts.tag,
+                digest: null,
+                error: `manifest label build failed: ${wrap.stderr.slice(-500)}`,
+            };
+        }
+        const digest = await inspectDigest(dockerBin, opts.tag);
+        return { ok: true, tag: opts.tag, digest, error: null };
+    }
+    finally {
+        await rm(workspace, { recursive: true, force: true }).catch(() => { });
+    }
+}
+// ----- push_image ----------------------------------------------------------
+export async function pushImage(opts) {
+    const dockerBin = opts.docker_bin ?? "docker";
+    const username = opts.username ?? "x";
+    // Resolve the registry host from the remote (e.g. registry.fly.io/foo -> registry.fly.io)
+    const registryHost = opts.remote.split("/")[0];
+    // 1. docker login. Use --password-stdin to avoid leaking the token via argv
+    //    (and to handle tokens containing comma / shell-meta chars).
+    const login = await run(dockerBin, ["login", registryHost, "--username", username, "--password-stdin"], { timeout_ms: 30_000, stdin: opts.token });
+    if (login.code !== 0) {
+        return {
+            ok: false,
+            ref: opts.remote,
+            digest: null,
+            error: `docker login failed: ${login.stderr.slice(-500)}`,
+        };
+    }
+    // 2. Re-tag locally so docker push sends to the right remote
+    const retag = await run(dockerBin, ["tag", opts.tag, opts.remote], {
+        timeout_ms: 15_000,
+    });
+    if (retag.code !== 0) {
+        return {
+            ok: false,
+            ref: opts.remote,
+            digest: null,
+            error: `docker tag failed: ${retag.stderr.slice(-500)}`,
+        };
+    }
+    // 3. Push.
+    const push = await run(dockerBin, ["push", opts.remote], {
+        timeout_ms: 10 * 60_000,
+    });
+    if (push.code !== 0) {
+        return {
+            ok: false,
+            ref: opts.remote,
+            digest: null,
+            error: `docker push failed: ${push.stderr.slice(-500)}`,
+        };
+    }
+    const digest = await inspectDigest(dockerBin, opts.remote);
+    return { ok: true, ref: opts.remote, digest, error: null };
+}
+//# sourceMappingURL=package_and_push.js.map

package/dist/package_and_push.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"package_and_push.js","sourceRoot":"","sources":["../src/package_and_push.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAA;AAC1C,OAAO,EAAY,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAA;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAChC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAEhC,OAAO,EAAE,SAAS,IAAI,aAAa,EAAE,MAAM,MAAM,CAAA;AAqDjD,SAAS,GAAG,CACV,GAAW,EACX,IAAc,EACd,OAA8D,EAAE;IAEhE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;QAC9D,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;QACxD,IAAI,KAAiC,CAAA;QACrC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;QACjE,CAAC;QACD,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,KAAK;gBAAE,YAAY,CAAC,KAAK,CAAC,CAAA;YAC9B,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC/C,CAAC,CAAC,CAAA;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAC7B,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,CAAA;QACnB,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,SAAiB,EACjB,GAAW;IAEX,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,CAAC,EAAE;QAC1E,UAAU,EAAE,MAAM;KACnB,CAAC,CAAA;IACF,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC/B,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;IAC5B,OAAO,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;AAC7C,CAAC;AAED,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAyB;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,QAAQ,CAAA;IAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;IAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,YAAY,CAAA;IAElD,oEAAoE;IACpE,qEAAqE;IACrE,oEAAoE;IACpE,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,CAAA;IACpE,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjD,MAAM,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,YAAY,EAAE,MAAM,CAAC,CAAA;QAEvE,iDAAiD;QACjD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,GAAG,OAAO,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,GAAG,CACrB,SAAS,EACT,CAAC,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,EAC/C,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,GAAG,MAAM,EAAE,CAC1C,CAAA;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,wBAAwB,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE;aAC1D,CAAA;QACH,CAAC;QAED,mEAAmE;QACnE,uEAAuE;QACvE,qCAAqC;QACrC,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC9E,MAAM,cAAc,GAAG;YACrB,QAAQ,OAAO,EAAE;YACjB,gCAAgC,mBAAmB,GAAG;YACtD,EAAE;SACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACZ,MAAM,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,CAAA;QAC3E,MAAM,IAAI,GAAG,MAAM,GAAG,CACpB,SAAS,EACT,CAAC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,EACvD,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,CACvC,CAAA;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,gCAAgC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE;aACjE,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;QACvD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;IACzD,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;IACvE,CAAC;AACH,CAAC;AAED,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAsB;IACpD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,QAAQ,CAAA;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAA;IAErC,0FAA0F;IAC1F,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IAE9C,4EAA4E;IAC5E,iEAAiE;IACjE,MAAM,KAAK,GAAG,MAAM,GAAG,CACrB,SAAS,EACT,CAAC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,kBAAkB,CAAC,EACnE,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAC1C,CAAA;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,GAAG,EAAE,IAAI,CAAC,MAAM;YAChB,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,wBAAwB,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE;SAC1D,CAAA;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;QACjE,UAAU,EAAE,MAAM;KACnB,CAAC,CAAA;IACF,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,GAAG,EAAE,IAAI,CAAC,MAAM;YAChB,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,sBAAsB,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE;SACxD,CAAA;IACH,CAAC;IAED,WAAW;IACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;QACvD,UAAU,EAAE,EAAE,GAAG,MAAM;KACxB,CAAC,CAAA;IACF,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACpB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,GAAG,EAAE,IAAI,CAAC,MAAM;YAChB,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,uBAAuB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE;SACxD,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;IAC1D,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AAC5D,CAAC"}

package/dist/propose_auth_rewire.js

@@ -0,0 +1,113 @@
+/**
+ * propose_auth_rewire — emit a structured set of changes the seller's agent
+ * can review + apply (via apply_auth_rewire — future tool) to wire the
+ * saastore SDK adapter into their app and remove the now-dead auth UI.
+ *
+ * The PoC ships per-framework "rewire kits" — template files + a list of
+ * removals — rather than AST-aware diffs. The seller's agent has the
+ * authoritative source-code context to fill in any seller-specific glue;
+ * we provide the canonical scaffolding that mirrors the SDK adapter's
+ * expected wire format.
+ *
+ * Supported frameworks today: fastapi. Add nextjs, express, django, etc.
+ * as we work through the concierge first-seller pipeline.
+ */
+// ----- Per-framework kits --------------------------------------------------
+function fastapiKit() {
+    return {
+        package: "saastore-fastapi",
+        install: "pip install saastore-fastapi",
+        fileContents: `"""saastore identity helper.
+
+Drop-in replacement for whatever you used to get the current user.
+Wire any route that needs the buyer's identity as:
+
+    from fastapi import Depends
+    from app.saastore_identity import current_user, SaastoreUser
+
+    @app.get("/dashboard")
+    def dashboard(user: SaastoreUser = Depends(current_user)):
+        return {"email": user.email}
+
+The SDK reads SAASTORE_HMAC_SECRET from env (saastore sets this at
+container provision time) and verifies the signed identity headers.
+"""
+
+from saastore_fastapi import SaastoreUser, saastore_user
+
+# Re-export so seller code imports from one project-local module.
+__all__ = ["SaastoreUser", "current_user"]
+
+
+def current_user(
+    user: SaastoreUser = saastore_user,  # type: ignore[assignment]
+) -> SaastoreUser:
+    """FastAPI dependency returning the saastore-verified buyer identity."""
+    return user
+`,
+    };
+}
+// ----- Main entry ----------------------------------------------------------
+export function proposeAuthRewire(analysis) {
+    const warnings = [];
+    const changes = [];
+    const framework = analysis.backend_framework ?? analysis.framework ?? "unknown";
+    if (framework === "fastapi") {
+        const kit = fastapiKit();
+        changes.push({
+            path: "app/saastore_identity.py",
+            intent: "create",
+            reason: "Project-local helper that re-exports the saastore-fastapi dependency. Imports anywhere in the seller's code that previously used their own get_current_user dependency should be replaced with this module.",
+            contents: kit.fileContents,
+        });
+        changes.push({
+            path: "requirements.txt or pyproject.toml",
+            intent: "modify",
+            reason: `Add the SDK dependency. After install, ${kit.install}.`,
+            hints: [
+                `Add 'saastore-fastapi==0.1.0' to your dependency list.`,
+                "Pin to a specific version — the wire contract may evolve before V1.",
+            ],
+        });
+        changes.push({
+            path: "<any file with auth route handlers>",
+            intent: "delete",
+            reason: "Saastore handles authentication. Routes like /login, /signup, /logout, /forgot-password must be removed; the seller's app never sees them. Run `validate_compliance` after editing to confirm none remain.",
+            hints: [
+                "Search for @app.post('/login'), @app.get('/auth/...'), router.include_router(auth.router), etc.",
+                "If your login endpoint set cookies/sessions, you can delete the session middleware too — saastore signs identity per-request.",
+            ],
+        });
+        changes.push({
+            path: "<your dependency call sites>",
+            intent: "modify",
+            reason: `Replace your existing 'Depends(get_current_user)' (or equivalent) with 'Depends(current_user)' imported from app.saastore_identity. The user object is now a SaastoreUser dataclass — adapt downstream code as needed.`,
+            hints: [
+                "Grep for 'Depends(' in your routers; the auth dependency is usually the only one that needs to change.",
+                "If your routes accessed user.id or user.email — those fields exist on SaastoreUser as user.user_id and user.email respectively.",
+            ],
+        });
+        return {
+            framework: "fastapi",
+            adapter_npm_or_pypi_package: kit.package,
+            install_command: kit.install,
+            changes,
+            warnings,
+        };
+    }
+    // Unsupported framework — emit a generic stub + warning so the seller's
+    // agent at least knows what's needed even without a kit.
+    warnings.push(`framework '${framework}' has no rewire kit yet. The PoC ships kits as the concierge first-seller pipeline surfaces them. Manual port:\n` +
+        ` 1. install a saastore SDK adapter for your framework (see spec section 5.3 for the matrix)\n` +
+        ` 2. configure it to trust saastore as an external identity source\n` +
+        ` 3. remove all auth UI / route handlers (saastore handles login)\n` +
+        ` 4. run validate_compliance to confirm.`);
+    return {
+        framework,
+        adapter_npm_or_pypi_package: "(none yet)",
+        install_command: "(see saastore docs for your framework)",
+        changes: [],
+        warnings,
+    };
+}
+//# sourceMappingURL=propose_auth_rewire.js.map

package/dist/propose_auth_rewire.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"propose_auth_rewire.js","sourceRoot":"","sources":["../src/propose_auth_rewire.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AA4BH,8EAA8E;AAE9E,SAAS,UAAU;IACjB,OAAO;QACL,OAAO,EAAE,kBAAkB;QAC3B,OAAO,EAAE,8BAA8B;QACvC,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BjB;KACE,CAAA;AACH,CAAC;AAED,8EAA8E;AAE9E,MAAM,UAAU,iBAAiB,CAAC,QAAsB;IACtD,MAAM,QAAQ,GAAa,EAAE,CAAA;IAC7B,MAAM,OAAO,GAAqB,EAAE,CAAA;IAEpC,MAAM,SAAS,GACb,QAAQ,CAAC,iBAAiB,IAAI,QAAQ,CAAC,SAAS,IAAI,SAAS,CAAA;IAE/D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,UAAU,EAAE,CAAA;QACxB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,0BAA0B;YAChC,MAAM,EAAE,QAAQ;YAChB,MAAM,EACJ,6MAA6M;YAC/M,QAAQ,EAAE,GAAG,CAAC,YAAY;SAC3B,CAAC,CAAA;QACF,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,oCAAoC;YAC1C,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,0CAA0C,GAAG,CAAC,OAAO,GAAG;YAChE,KAAK,EAAE;gBACL,wDAAwD;gBACxD,qEAAqE;aACtE;SACF,CAAC,CAAA;QACF,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,qCAAqC;YAC3C,MAAM,EAAE,QAAQ;YAChB,MAAM,EACJ,4MAA4M;YAC9M,KAAK,EAAE;gBACL,iGAAiG;gBACjG,+HAA+H;aAChI;SACF,CAAC,CAAA;QACF,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,8BAA8B;YACpC,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,wNAAwN;YAChO,KAAK,EAAE;gBACL,wGAAwG;gBACxG,iIAAiI;aAClI;SACF,CAAC,CAAA;QACF,OAAO;YACL,SAAS,EAAE,SAAS;YACpB,2BAA2B,EAAE,GAAG,CAAC,OAAO;YACxC,eAAe,EAAE,GAAG,CAAC,OAAO;YAC5B,OAAO;YACP,QAAQ;SACT,CAAA;IACH,CAAC;IAED,wEAAwE;IACxE,yDAAyD;IACzD,QAAQ,CAAC,IAAI,CACX,cAAc,SAAS,kHAAkH;QACvI,+FAA+F;QAC/F,qEAAqE;QACrE,oEAAoE;QACpE,yCAAyC,CAC5C,CAAA;IACD,OAAO;QACL,SAAS;QACT,2BAA2B,EAAE,YAAY;QACzC,eAAe,EAAE,wCAAwC;QACzD,OAAO,EAAE,EAAE;QACX,QAAQ;KACT,CAAA;AACH,CAAC"}