t44 0.4.0-rc.3

package/lib/schema-resolver.ts

@@ -0,0 +1,349 @@
+
+import { join, relative } from 'path'
+import { readdir, readFile } from 'fs/promises'
+import { RefResolver } from 'json-schema-ref-resolver'
+import Ajv from 'ajv'
+import addFormats from 'ajv-formats'
+
+export interface ResolvedEntity {
+    schemaId: string
+    name: string
+    data: any
+    filePath: string
+    relPath: string
+    line?: number
+    valid: boolean
+    errors: any[]
+}
+
+export interface ResolverContext {
+    workspaceRootDir: string
+    workspaceName: string
+    schemasDir: string
+    factsDir: string
+    metaCacheDir: string
+    homeRegistryConnectionsDir: string
+}
+
+export interface WorkspaceResolverResult {
+    schemas: Map<string, any>
+    entities: Map<string, ResolvedEntity[]>
+    configEntities: Map<string, any>
+    factEntities: Map<string, ResolvedEntity[]>
+    connectionEntities: Map<string, ResolvedEntity[]>
+    refResolver: RefResolver
+}
+
+function createAjvInstance(): Ajv {
+    const ajv = new Ajv({
+        allErrors: true,
+        strict: false,
+        validateFormats: true,
+        logger: false
+    })
+    addFormats(ajv)
+    return ajv
+}
+
+export function Resolver(context: ResolverContext) {
+    const refResolver = new RefResolver()
+    const ajv = createAjvInstance()
+    const schemas = new Map<string, any>()
+
+    return {
+        async loadSchemas(): Promise<Map<string, any>> {
+            await loadSchemasInternal(context.schemasDir, refResolver, schemas)
+            return schemas
+        },
+
+        async loadConfigEntities(): Promise<{ configEntities: Map<string, any>; entities: Map<string, ResolvedEntity[]> }> {
+            const configEntities = new Map<string, any>()
+            const entities = new Map<string, ResolvedEntity[]>()
+            await loadConfigFileEntities(context.metaCacheDir, ajv, schemas, configEntities, entities)
+            return { configEntities, entities }
+        },
+
+        async loadFactEntities(): Promise<{ factEntities: Map<string, ResolvedEntity[]>; entities: Map<string, ResolvedEntity[]> }> {
+            const factEntities = new Map<string, ResolvedEntity[]>()
+            const entities = new Map<string, ResolvedEntity[]>()
+            await loadEntityFiles({
+                entityDir: context.factsDir,
+                workspaceRootDir: context.workspaceRootDir,
+                ajv,
+                schemas,
+                entityMap: factEntities,
+                allEntities: entities
+            })
+            return { factEntities, entities }
+        },
+
+        async loadConnectionEntities(): Promise<{ connectionEntities: Map<string, ResolvedEntity[]>; entities: Map<string, ResolvedEntity[]> }> {
+            const connectionEntities = new Map<string, ResolvedEntity[]>()
+            const entities = new Map<string, ResolvedEntity[]>()
+            await loadEntityFiles({
+                entityDir: context.homeRegistryConnectionsDir,
+                workspaceRootDir: context.workspaceRootDir,
+                ajv,
+                schemas,
+                entityMap: connectionEntities,
+                allEntities: entities,
+                isFlat: true
+            })
+            return { connectionEntities, entities }
+        },
+
+        getRefResolver(): RefResolver {
+            return refResolver
+        },
+
+        getSchemas(): Map<string, any> {
+            return schemas
+        }
+    }
+}
+
+async function loadSchemasInternal(
+    schemasDir: string,
+    refResolver: RefResolver,
+    schemas: Map<string, any>
+): Promise<void> {
+    let files: string[]
+    try {
+        files = await readdir(schemasDir)
+    } catch {
+        return
+    }
+
+    for (const file of files) {
+        if (!file.endsWith('.json')) continue
+        const filePath = join(schemasDir, file)
+        try {
+            const content = await readFile(filePath, 'utf-8')
+            const schema = JSON.parse(content)
+            if (schema.$id) {
+                refResolver.addSchema(schema)
+                // Store by $id (with version)
+                schemas.set(schema.$id, schema)
+                // Also store by entity name (without version) for easier lookup
+                const entityName = schema.$id.replace(/\.v\d+$/, '')
+                schemas.set(entityName, schema)
+            }
+        } catch {
+            // Skip files that can't be parsed
+        }
+    }
+}
+
+async function loadConfigFileEntities(
+    metaCacheDir: string,
+    ajv: Ajv,
+    schemas: Map<string, any>,
+    configEntities: Map<string, any>,
+    entities: Map<string, ResolvedEntity[]>
+): Promise<void> {
+
+    let metaFiles: string[]
+    try {
+        metaFiles = await readdir(metaCacheDir)
+    } catch {
+        return
+    }
+
+    for (const metaFile of metaFiles) {
+        if (!metaFile.endsWith('.json')) continue
+
+        try {
+            const metaPath = join(metaCacheDir, metaFile)
+            const metaContent = await readFile(metaPath, 'utf-8')
+            const metadata = JSON.parse(metaContent)
+
+            if (!metadata.entities || typeof metadata.entities !== 'object') continue
+
+            for (const [entityKey, entityMeta] of Object.entries(metadata.entities as Record<string, any>)) {
+                if (!entityKey.startsWith('#')) continue
+                const entityName = entityKey.substring(1)
+
+                configEntities.set(entityKey, entityMeta.data)
+
+                // Try to validate against schema
+                const schemaId = entityName + '.v0'
+                const schema = schemas.get(schemaId)
+
+                const resolved: ResolvedEntity = {
+                    schemaId,
+                    name: entityName,
+                    data: entityMeta.data,
+                    filePath: metadata.filePath,
+                    relPath: metadata.relPath,
+                    line: entityMeta.line,
+                    valid: true,
+                    errors: []
+                }
+
+                if (schema) {
+                    try {
+                        const validate = ajv.compile(schema)
+                        if (!validate(entityMeta.data)) {
+                            resolved.valid = false
+                            resolved.errors = validate.errors?.map(e => ({
+                                path: e.instancePath || '/',
+                                message: e.message,
+                                keyword: e.keyword
+                            })) || []
+                        }
+                    } catch {
+                        // Schema compilation failed
+                    }
+                }
+
+                if (!entities.has(entityKey)) entities.set(entityKey, [])
+                entities.get(entityKey)!.push(resolved)
+            }
+        } catch {
+            // Skip unparseable metadata files
+        }
+    }
+}
+
+interface LoadEntityFilesOptions {
+    entityDir: string
+    workspaceRootDir: string
+    ajv: Ajv
+    schemas: Map<string, any>
+    entityMap: Map<string, ResolvedEntity[]>
+    allEntities: Map<string, ResolvedEntity[]>
+    isFlat?: boolean // true for connections (flat .json files), false for facts (subdirectories)
+}
+
+async function loadEntityFiles(options: LoadEntityFilesOptions): Promise<void> {
+    const { entityDir, workspaceRootDir, ajv, schemas, entityMap, allEntities, isFlat = false } = options
+
+    let items: string[]
+    try {
+        items = await readdir(entityDir)
+    } catch {
+        return
+    }
+
+    if (isFlat) {
+        // Flat structure: files are directly in entityDir (e.g., connections)
+        for (const file of items) {
+            if (!file.startsWith('@') || !file.endsWith('.json')) continue
+
+            const entityTypeDir = file.replace(/\.json$/, '')
+            const entityName = entityTypeDir.replace(/~/g, '/')
+            const schema = schemas.get(entityName)
+            const filePath = join(entityDir, file)
+            const fileName = file.replace(/\.json$/, '')
+
+            try {
+                const content = await readFile(filePath, 'utf-8')
+                const data = JSON.parse(content)
+                const cleanData = { ...data }
+                delete cleanData.$schema
+                delete cleanData.$defs
+                delete cleanData.$id
+
+                const resolved: ResolvedEntity = {
+                    schemaId: entityName,
+                    name: fileName,
+                    data: cleanData,
+                    filePath,
+                    relPath: relative(workspaceRootDir, filePath),
+                    valid: true,
+                    errors: []
+                }
+
+                if (schema) {
+                    try {
+                        const validate = ajv.compile(schema)
+                        if (!validate(cleanData)) {
+                            resolved.valid = false
+                            resolved.errors = validate.errors?.map(e => ({
+                                path: e.instancePath || '/',
+                                message: e.message,
+                                keyword: e.keyword
+                            })) || []
+                        }
+                    } catch {
+                        // Schema compilation failed
+                    }
+                }
+
+                if (!entityMap.has(entityName)) entityMap.set(entityName, [])
+                entityMap.get(entityName)!.push(resolved)
+
+                const entityKey = `#${entityName}`
+                if (!allEntities.has(entityKey)) allEntities.set(entityKey, [])
+                allEntities.get(entityKey)!.push(resolved)
+            } catch {
+                // Skip unparseable files
+            }
+        }
+    } else {
+        // Nested structure: subdirectories contain entity files (e.g., facts)
+        for (const entityTypeDir of items) {
+            if (!entityTypeDir.startsWith('@')) continue
+            const entityTypePath = join(entityDir, entityTypeDir)
+            const entityName = entityTypeDir.replace(/~/g, '/')
+            const schema = schemas.get(entityName)
+
+            let entityFiles: string[]
+            try {
+                entityFiles = await readdir(entityTypePath)
+            } catch {
+                continue
+            }
+
+            for (const entityFile of entityFiles) {
+                if (!entityFile.endsWith('.json')) continue
+                const entityFilePath = join(entityTypePath, entityFile)
+                const entityFileName = entityFile.slice(0, -5) // strip .json
+
+                try {
+                    const content = await readFile(entityFilePath, 'utf-8')
+                    const data = JSON.parse(content)
+                    const cleanData = { ...data }
+                    delete cleanData.$schema
+                    delete cleanData.$defs
+                    delete cleanData.$id
+
+                    const resolved: ResolvedEntity = {
+                        schemaId: entityName,
+                        name: entityFileName,
+                        data: cleanData,
+                        filePath: entityFilePath,
+                        relPath: relative(workspaceRootDir, entityFilePath),
+                        valid: true,
+                        errors: []
+                    }
+
+                    if (schema) {
+                        try {
+                            const validate = ajv.compile(schema)
+                            if (!validate(cleanData)) {
+                                resolved.valid = false
+                                resolved.errors = validate.errors?.map(e => ({
+                                    path: e.instancePath || '/',
+                                    message: e.message,
+                                    keyword: e.keyword
+                                })) || []
+                            }
+                        } catch {
+                            // Schema compilation failed
+                        }
+                    }
+
+                    if (!entityMap.has(entityName)) entityMap.set(entityName, [])
+                    entityMap.get(entityName)!.push(resolved)
+
+                    const entityKey = `#${entityName}`
+                    if (!allEntities.has(entityKey)) allEntities.set(entityKey, [])
+                    allEntities.get(entityKey)!.push(resolved)
+                } catch {
+                    // Skip unparseable files
+                }
+            }
+        }
+    }
+}

package/lib/ucan.ts

@@ -0,0 +1,137 @@
+
+import { ed25519 } from '@ucanto/principal';
+import * as Server from '@ucanto/server';
+
+
+export async function generateKeypair(): Promise<{ did: string; privateKey: string }> {
+    const principal = await ed25519.generate();
+    // The principal itself is a Uint8Array containing the private key
+    const privateKeyBytes = new Uint8Array(principal as any);
+    return {
+        did: principal.did(),
+        privateKey: Buffer.from(privateKeyBytes).toString('base64'),
+    };
+}
+
+/**
+ * Extract DID from a base64-encoded private key
+ * @param privateKeyBase64 - Base64-encoded private key
+ * @returns The DID string
+ */
+export function didForPrivateKey(privateKeyBase64: string): string {
+    const keyBytes = Buffer.from(privateKeyBase64, 'base64');
+    const principal = ed25519.decode(new Uint8Array(keyBytes));
+    return principal.did();
+}
+
+/**
+ * Issue a UCAN capability delegation
+ * @param options.issuerPrivateKey - Base64-encoded private key of the issuer
+ * @param options.audienceDID - DID of the audience (recipient)
+ * @param options.capabilities - Array of capabilities to delegate
+ * @param options.expiresIn - Expiration time in seconds from now (default: 1 year)
+ * @returns Base64-encoded UCAN token
+ */
+export async function issueCapability(options: {
+    issuerPrivateKey: string;
+    audienceDID: string;
+    capabilities: Array<{ with: string; can: string }>;
+    expiresIn?: number;
+}): Promise<string> {
+    // Decode the issuer's private key
+    const keyBytes = Buffer.from(options.issuerPrivateKey, 'base64');
+    const issuer = ed25519.decode(new Uint8Array(keyBytes));
+
+    // Parse the audience DID
+    const audience = ed25519.Verifier.parse(options.audienceDID);
+
+    const expiresIn = options.expiresIn || 365 * 24 * 60 * 60; // 1 year
+    const expiration = Math.floor(Date.now() / 1000) + expiresIn;
+
+    const delegation = await Server.delegate({
+        issuer,
+        audience,
+        capabilities: options.capabilities,
+        expiration,
+    });
+
+    const archive = await delegation.archive();
+    if (!archive.ok) {
+        throw new Error('Failed to archive delegation');
+    }
+    return Buffer.from(archive.ok).toString('base64');
+};
+
+/**
+ * Validate a UCAN capability delegation
+ * @param options.ucanToken - Base64-encoded UCAN token
+ * @param options.issuerDID - Expected DID of the issuer
+ * @param options.expectedCapability - Expected capability (optional)
+ * @returns Validation result with delegation details
+ */
+export async function validateCapability(options: {
+    ucanToken: string;
+    issuerDID: string;
+    expectedCapability?: { can: string };
+}): Promise<{
+    valid: boolean;
+    error?: string;
+    issuer?: string;
+    audience?: string;
+    capabilities?: Array<{ with: string; can: string }>;
+    expiration?: number;
+}> {
+    try {
+        // Parse the UCAN from the token
+        const carBytes = Buffer.from(options.ucanToken, 'base64');
+        const result: any = await Server.Delegation.extract(carBytes);
+        if (!result.ok) {
+            return {
+                valid: false,
+                error: `Failed to parse UCAN: ${result.error.message}`,
+            };
+        }
+        const delegation: any = result.ok;
+
+        // Basic validation: check expiration
+        const now = Math.floor(Date.now() / 1000);
+        if (delegation.expiration && delegation.expiration < now) {
+            return {
+                valid: false,
+                error: 'UCAN has expired',
+            };
+        }
+
+        // Verify issuer matches expected
+        if (delegation.issuer.did() !== options.issuerDID) {
+            return {
+                valid: false,
+                error: `UCAN not issued by expected issuer. Expected: ${options.issuerDID}, Got: ${delegation.issuer.did()}`,
+            };
+        }
+
+        // Validate capability if specified
+        if (options.expectedCapability) {
+            const capability = delegation.capabilities[0];
+            if (capability.can !== options.expectedCapability.can) {
+                return {
+                    valid: false,
+                    error: `Invalid capability: expected '${options.expectedCapability.can}', got '${capability.can}'`,
+                };
+            }
+        }
+
+        return {
+            valid: true,
+            issuer: delegation.issuer.did(),
+            audience: delegation.audience.did(),
+            capabilities: delegation.capabilities,
+            expiration: delegation.expiration,
+        };
+    } catch (error: any) {
+        return {
+            valid: false,
+            error: `Failed to validate UCAN: ${error.message}`,
+        };
+    }
+}

package/package.json

@@ -0,0 +1,101 @@
+{
+    "name": "t44",
+    "version": "0.4.0-rc.3",
+    "license": "Apache-2.0",
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/Stream44/t44.git"
+    },
+    "type": "module",
+    "bin": {
+        "t44": "./bin/t44"
+    },
+    "exports": {
+        "./workspace-rt": "./workspace-rt.ts",
+        "./caps/Home": "./caps/Home.ts",
+        "./caps/HomeRegistry": "./caps/HomeRegistry.ts",
+        "./caps/OpenApiSchema": "./caps/OpenApiSchema.ts",
+        "./caps/JsonSchemas": "./caps/JsonSchemas.ts",
+        "./caps/ProjectDeployment": "./caps/ProjectDeployment.ts",
+        "./caps/ProjectDevelopment": "./caps/ProjectDevelopment.ts",
+        "./caps/ProjectPublishing": "./caps/ProjectPublishing.ts",
+        "./caps/ProjectRack": "./caps/ProjectRack.ts",
+        "./caps/WorkspaceCli": "./caps/WorkspaceCli.ts",
+        "./caps/WorkspaceConfig": "./caps/WorkspaceConfig.ts",
+        "./caps/WorkspaceConnection": "./caps/WorkspaceConnection.ts",
+        "./caps/WorkspaceEntityConfig": "./caps/WorkspaceEntityConfig.ts",
+        "./caps/WorkspaceEntityFact": "./caps/WorkspaceEntityFact.ts",
+        "./caps/WorkspaceInfo": "./caps/WorkspaceInfo.ts",
+        "./caps/WorkspaceInit": "./caps/WorkspaceInit.ts",
+        "./caps/RootKey": "./caps/RootKey.ts",
+        "./caps/WorkspaceKey": "./caps/WorkspaceKey.ts",
+        "./caps/WorkspaceProjects": "./caps/WorkspaceProjects.ts",
+        "./caps/WorkspacePrompt": "./caps/WorkspacePrompt.ts",
+        "./caps/WorkspaceShell": "./caps/WorkspaceShell.ts",
+        "./caps/WorkspaceShellCli": "./caps/WorkspaceShellCli.ts",
+        "./caps/WorkspaceTest": "./caps/WorkspaceTest.ts",
+        "./caps/providers/bunny.net/ProjectDeployment": "./caps/providers/bunny.net/ProjectDeployment.ts",
+        "./caps/providers/dynadot.com/ProjectDeployment": "./caps/providers/dynadot.com/ProjectDeployment.ts",
+        "./caps/providers/git-scm.com/ProjectPublishing": "./caps/providers/git-scm.com/ProjectPublishing.ts",
+        "./caps/providers/github.com/ProjectPublishing": "./caps/providers/github.com/ProjectPublishing.ts",
+        "./caps/providers/npmjs.com/ProjectPublishing": "./caps/providers/npmjs.com/ProjectPublishing.ts",
+        "./caps/providers/semver.org/ProjectPublishing": "./caps/providers/semver.org/ProjectPublishing.ts",
+        "./caps/providers/vercel.com/ProjectDeployment": "./caps/providers/vercel.com/ProjectDeployment.ts",
+        "./structs/HomeRegistryConfig": "./structs/HomeRegistryConfig.ts",
+        "./structs/RootKeyConfig": "./structs/RootKeyConfig.ts",
+        "./structs/ProjectDeploymentConfig": "./structs/ProjectDeploymentConfig.ts",
+        "./structs/ProjectDeploymentFact": "./structs/ProjectDeploymentFact.ts",
+        "./structs/ProjectPublishingFact": "./structs/ProjectPublishingFact.ts",
+        "./structs/ProjectRackConfig": "./structs/ProjectRackConfig.ts",
+        "./structs/WorkspaceCliConfig": "./structs/WorkspaceCliConfig.ts",
+        "./structs/WorkspaceConfig": "./structs/WorkspaceConfig.ts",
+        "./structs/WorkspaceKeyConfig": "./structs/WorkspaceKeyConfig.ts",
+        "./structs/WorkspaceMappingsConfig": "./structs/WorkspaceMappingsConfig.ts",
+        "./structs/WorkspaceProjectsConfig": "./structs/WorkspaceProjectsConfig.ts",
+        "./structs/WorkspacePublishingConfig": "./structs/WorkspacePublishingConfig.ts",
+        "./structs/WorkspaceShellConfig": "./structs/WorkspaceShellConfig.ts",
+        "./structs/providers/bunny.net/PullZoneFact": "./structs/providers/bunny.net/PullZoneFact.ts",
+        "./structs/providers/bunny.net/PullZoneListFact": "./structs/providers/bunny.net/PullZoneListFact.ts",
+        "./structs/providers/bunny.net/StorageZoneFact": "./structs/providers/bunny.net/StorageZoneFact.ts",
+        "./structs/providers/bunny.net/StorageZoneListFact": "./structs/providers/bunny.net/StorageZoneListFact.ts",
+        "./structs/providers/bunny.net/WorkspaceConnectionConfig": "./structs/providers/bunny.net/WorkspaceConnectionConfig.ts",
+        "./structs/providers/dynadot.com/DomainFact": "./structs/providers/dynadot.com/DomainFact.ts",
+        "./structs/providers/dynadot.com/WorkspaceConnectionConfig": "./structs/providers/dynadot.com/WorkspaceConnectionConfig.ts",
+        "./structs/providers/git-scm.com/ProjectPublishingFact": "./structs/providers/git-scm.com/ProjectPublishingFact.ts",
+        "./structs/providers/github.com/ProjectPublishingFact": "./structs/providers/github.com/ProjectPublishingFact.ts",
+        "./structs/providers/github.com/WorkspaceConnectionConfig": "./structs/providers/github.com/WorkspaceConnectionConfig.ts",
+        "./structs/providers/npmjs.com/ProjectPublishingFact": "./structs/providers/npmjs.com/ProjectPublishingFact.ts",
+        "./structs/providers/vercel.com/ProjectDeploymentFact": "./structs/providers/vercel.com/ProjectDeploymentFact.ts",
+        "./structs/providers/vercel.com/WorkspaceConnectionConfig": "./structs/providers/vercel.com/WorkspaceConnectionConfig.ts"
+    },
+    "dependencies": {
+        "ajv": "^8.17.1",
+        "ajv-formats": "^3.0.1",
+        "js-yaml": "^4.1.0",
+        "commander": "^14.0.0",
+        "chalk": "^5.6.2",
+        "dotenv": "^17.2.3",
+        "fast-glob": "^3.3.3",
+        "inquirer": "^12.4.0",
+        "upload-to-bunny": "^2.1.0",
+        "axios": "^1.13.4",
+        "vercel": "^50.4.9",
+        "turbo": "^2.7.5",
+        "@ucanto/principal": "^9.0.3",
+        "@ucanto/server": "^11.0.3",
+        "json-schema-ref-resolver": "^3.0.0",
+        "@stream44.studio/encapsulate": "^0.4.0-rc.3",
+        "@stream44.studio/dco": "^0.3.0-rc.3",
+        "@stream44.studio/t44-blockchaincommons.com": "^0.1.0-rc.3"
+    },
+    "devDependencies": {
+        "@types/bun": "^1.3.4",
+        "@types/node": "^25.0.3",
+        "@types/js-yaml": "^4.0.9",
+        "bun-types": "^1.3.4"
+    },
+    "workspaces": [
+        "caps/providers/vercel.com"
+    ],
+    "private": false
+}

package/structs/HomeRegistry.ts

@@ -0,0 +1,55 @@
+
+export async function capsule({
+    encapsulate,
+    CapsulePropertyTypes,
+    makeImportStack
+}: any) {
+    return encapsulate({
+        '#@stream44.studio/encapsulate/spine-contracts/CapsuleSpineContract.v0': {
+            '#t44/caps/ConfigSchemaStruct': {
+                as: 'schema',
+                options: {
+                    '#': {
+                        schema: {
+                            type: 'object',
+                            properties: {
+                                did: {
+                                    type: 'string',
+                                    description: 'The DID (Decentralized Identifier) of the home registry.'
+                                },
+                                privateKey: {
+                                    type: 'string',
+                                    description: 'The private key associated with the home registry DID.'
+                                },
+                                createdAt: {
+                                    type: 'string',
+                                    format: 'date-time',
+                                    description: 'ISO 8601 timestamp of when the registry was created.'
+                                },
+                                rootDir: {
+                                    type: 'string',
+                                    description: 'Absolute path to the home registry root directory.'
+                                }
+                            },
+                            required: ['did', 'privateKey', 'createdAt', 'rootDir'],
+                            additionalProperties: false,
+                            description: 'Home registry identity containing the root DID and private key.'
+                        }
+                    }
+                }
+            },
+            '#': {
+                capsuleName: {
+                    type: CapsulePropertyTypes.Literal,
+                    value: capsule['#']
+                },
+            }
+        }
+    }, {
+        extendsCapsule: 't44/caps/HomeRegistryFile',
+        importMeta: import.meta,
+        importStack: makeImportStack(),
+        capsuleName: capsule['#'],
+    })
+}
+capsule['#'] = 't44/structs/HomeRegistry'